Branch data Line data Source code
1 : : // Copyright (C) 2011-2012 Red Hat Inc.
2 : : //
3 : : // This program is free software; you can redistribute it and/or
4 : : // modify it under the terms of the GNU General Public License as
5 : : // published by the Free Software Foundation; either version 2 of the
6 : : // License, or (at your option) any later version.
7 : : //
8 : : // This program is distributed in the hope that it will be useful, but
9 : : // WITHOUT ANY WARRANTY; without even the implied warranty of
10 : : // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.See the GNU
11 : : // General Public License for more details.
12 : : //
13 : : // You should have received a copy of the GNU General Public License
14 : : // along with this program. If not, see <http://www.gnu.org/licenses/>.
15 : : #include <iostream>
16 : : #include <climits>
17 : :
18 : : extern "C" {
19 : : #include <unistd.h>
20 : : #include <sys/types.h>
21 : : }
22 : :
23 : : #include "util.h"
24 : : #include "privilege.h"
25 : :
26 : : using namespace std;
27 : :
28 : 40 : const char *pr_name (privilege_t p)
29 : : {
30 : : /* Test the given privilege credentials in descending order. */
31 [ - + ]: 40 : if (pr_contains (p, pr_stapdev))
32 : 0 : return "stapdev";
33 [ + + ]: 40 : if (pr_contains (p, pr_stapsys))
34 : 11 : return "stapsys";
35 [ + - ]: 29 : if (pr_contains (p, pr_stapusr))
36 : 29 : return "stapusr";
37 [ # # ]: 0 : if (p == pr_none)
38 : 0 : return "none";
39 : 40 : return "unknown";
40 : : }
41 : :
42 : 2533749 : int pr_contains (privilege_t actual, privilege_t required)
43 : : {
44 : 2533749 : return (actual & required) == required;
45 : : }
46 : :
47 : : /* Determine the privilege credentials of the current user. If the user is not root, this
48 : : is determined by the user's group memberships. */
49 : 502 : privilege_t get_privilege_credentials (void)
50 : : {
51 : : static privilege_t stp_privilege = pr_unknown;
52 : :
53 : : /* Have we already computed this? */
54 [ - + ]: 502 : if (stp_privilege != pr_unknown)
55 : 0 : return stp_privilege;
56 : :
57 : : /* If the real uid of the user is root, then this user has all privileges. */
58 [ + - ]: 502 : if (getuid() == 0)
59 : : {
60 : 502 : stp_privilege = pr_all;
61 : 502 : return stp_privilege;
62 : : }
63 : :
64 : : /* The privilege credentials will be represented by a bit mask of the user's group memberships.
65 : : Start with an empty mask. */
66 : 0 : stp_privilege = pr_none;
67 : :
68 : : /* These are the gids of the groups we are interested in. */
69 [ # # ]: 0 : gid_t stapdev_gid = get_gid("stapdev");
70 [ # # ]: 0 : gid_t stapsys_gid = get_gid("stapsys");
71 [ # # ]: 0 : gid_t stapusr_gid = get_gid("stapusr");
72 : :
73 : : /* If none of the groups was found, then the group memberships are irrelevant. */
74 [ # # ][ # # ]: 0 : if (stapdev_gid == (gid_t)-1 && stapsys_gid == (gid_t)-1 && stapusr_gid == (gid_t)-1)
[ # # ]
75 : 0 : return stp_privilege;
76 : :
77 : : /* Obtain a list of the user's groups. */
78 : : gid_t gidlist[NGROUPS_MAX];
79 : 0 : int ngids = getgroups(NGROUPS_MAX, gidlist);
80 [ # # ]: 0 : if (ngids < 0)
81 : : {
82 [ # # ][ # # ]: 0 : cerr << _("Unable to retrieve group list") << endl;
83 : 0 : return stp_privilege;
84 : : }
85 : :
86 : 0 : stp_privilege = pr_none;
87 : :
88 : : /* According to the getgroups() man page, getgroups() may not
89 : : * return the effective gid, so examine the effective gid first first followed by the group
90 : : * gids obtained by getgroups. */
91 : : int i;
92 : : gid_t gid;
93 [ # # ]: 0 : for (i = -1, gid = getegid(); i < ngids; ++i, gid = gidlist[i])
94 : : {
95 [ # # ]: 0 : if (gid == stapdev_gid)
96 : 0 : stp_privilege = privilege_t (stp_privilege | pr_stapdev | pr_stapsys | pr_stapusr);
97 [ # # ]: 0 : else if (gid == stapsys_gid)
98 : 0 : stp_privilege = privilege_t (stp_privilege | pr_stapsys | pr_stapusr);
99 [ # # ]: 0 : else if (gid == stapusr_gid)
100 : 0 : stp_privilege = privilege_t (stp_privilege | pr_stapusr);
101 : :
102 [ # # ]: 0 : if (stp_privilege == pr_all)
103 : 0 : break;
104 : : }
105 : :
106 : 502 : return stp_privilege;
107 [ + - ][ + - ]: 8814 : }
|