1 /* |
1 /* |
2 * ProFTPD - FTP server daemon |
2 * ProFTPD - FTP server daemon |
3 * Copyright (c) 1997, 1998 Public Flood Software |
3 * Copyright (c) 1997, 1998 Public Flood Software |
4 * Copyright (c) 2003-2010 The ProFTPD Project team |
4 * Copyright (c) 2003-2010 The ProFTPD Project team |
5 * Copyright (c) 2011, 2013, Oracle and/or its affiliates. All rights reserved. |
5 * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved. |
6 * |
6 * |
7 * This program is free software; you can redistribute it and/or modify |
7 * This program is free software; you can redistribute it and/or modify |
8 * it under the terms of the GNU General Public License as published by |
8 * it under the terms of the GNU General Public License as published by |
9 * the Free Software Foundation; either version 2 of the License, or |
9 * the Free Software Foundation; either version 2 of the License, or |
10 * (at your option) any later version. |
10 * (at your option) any later version. |
240 } |
240 } |
241 |
241 |
242 return PR_DECLINED(cmd); |
242 return PR_DECLINED(cmd); |
243 } |
243 } |
244 |
244 |
245 static void log_err_permitted(const char* fn) { |
|
246 pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": %s(%s): %s", |
|
247 fn, "permitted", strerror(errno)); |
|
248 } |
|
249 |
|
250 static void log_err_effective(const char* fn) { |
245 static void log_err_effective(const char* fn) { |
251 pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": %s(%s): %s", |
246 pr_log_pri(PR_LOG_ERR, MOD_SOLARIS_PRIV_VERSION ": %s(%s): %s", |
252 fn, "effective", strerror(errno)); |
247 fn, "effective", strerror(errno)); |
253 } |
248 } |
254 |
249 |
255 MODRET solaris_priv_post_fail(cmd_rec *cmd) { |
250 MODRET solaris_priv_post_fail(cmd_rec *cmd) { |
256 priv_set_t* permitted_set = NULL; |
|
257 priv_set_t* effective_set = NULL; |
251 priv_set_t* effective_set = NULL; |
258 |
252 |
259 if ((permitted_set = priv_allocset()) == NULL) { |
|
260 log_err_permitted("priv_allocset"); |
|
261 goto out; |
|
262 } |
|
263 if ((effective_set = priv_allocset()) == NULL) { |
253 if ((effective_set = priv_allocset()) == NULL) { |
264 log_err_effective("priv_allocset"); |
254 log_err_effective("priv_allocset"); |
265 goto out; |
255 goto out; |
266 } |
256 } |
267 |
257 |
268 if (getppriv(PRIV_PERMITTED, permitted_set) != 0) { |
|
269 log_err_permitted("getppriv"); |
|
270 goto out; |
|
271 } |
|
272 if (getppriv(PRIV_EFFECTIVE, effective_set) != 0) { |
258 if (getppriv(PRIV_EFFECTIVE, effective_set) != 0) { |
273 log_err_effective("getppriv"); |
259 log_err_effective("getppriv"); |
274 goto out; |
260 goto out; |
275 } |
261 } |
276 |
262 |
277 if (priv_addset(permitted_set, PRIV_PROC_AUDIT) != 0) { |
|
278 log_err_permitted("priv_addset"); |
|
279 goto out; |
|
280 } |
|
281 if (priv_addset(effective_set, PRIV_PROC_AUDIT) != 0) { |
263 if (priv_addset(effective_set, PRIV_PROC_AUDIT) != 0) { |
282 log_err_effective("priv_addset"); |
264 log_err_effective("priv_addset"); |
283 goto out; |
265 goto out; |
284 } |
266 } |
285 |
267 |
286 if (setppriv(PRIV_SET, PRIV_PERMITTED, permitted_set) != 0) { |
268 if (priv_addset(effective_set, PRIV_SYS_AUDIT) != 0) { |
287 log_err_permitted("setppriv"); |
269 log_err_effective("priv_addset"); |
288 goto out; |
270 goto out; |
289 } |
271 } |
|
272 |
|
273 if (priv_addset(effective_set, PRIV_PROC_SETID) != 0) { |
|
274 log_err_effective("priv_addset"); |
|
275 goto out; |
|
276 } |
|
277 |
|
278 if (priv_addset(effective_set, PRIV_PROC_TASKID) != 0) { |
|
279 log_err_effective("priv_addset"); |
|
280 goto out; |
|
281 } |
|
282 |
290 if (setppriv(PRIV_SET, PRIV_EFFECTIVE, effective_set) != 0) { |
283 if (setppriv(PRIV_SET, PRIV_EFFECTIVE, effective_set) != 0) { |
291 log_err_effective("setppriv"); |
284 log_err_effective("setppriv"); |
292 goto out; |
285 goto out; |
293 } |
286 } |
294 |
287 |
295 out: |
288 out: |
296 if (permitted_set != NULL) |
|
297 priv_freeset(permitted_set); |
|
298 if (effective_set != NULL) |
289 if (effective_set != NULL) |
299 priv_freeset(effective_set); |
290 priv_freeset(effective_set); |
300 |
291 |
301 return PR_DECLINED(cmd); |
292 return PR_DECLINED(cmd); |
302 } |
293 } |