}
#endif /* HAVE_MKDTEMP */
+
+#ifndef HAVE_GETAUXVAL
+
+unsigned long
+getauxval (unsigned long type)
+{
+ static unsigned long secure = 0UL;
+ static bool check_secure_initialized = false;
+
+ /*
+ * This is the only one our stand-in impl supports and is
+ * also the only type we define in compat.h header
+ */
+ assert (type == AT_SECURE);
+
+ if (!check_secure_initialized) {
+#if defined(HAVE___LIBC_ENABLE_SECURE)
+ extern int __libc_enable_secure;
+ secure = __libc_enable_secure;
+
+#elif defined(HAVE_ISSETUGID)
+ secure = issetugid ();
+
+#elif defined(OS_UNIX)
+ uid_t ruid, euid, suid; /* Real, effective and saved user ID's */
+ gid_t rgid, egid, sgid; /* Real, effective and saved group ID's */
+
+#ifdef HAVE_GETRESUID
+ if (getresuid (&ruid, &euid, &suid) != 0 ||
+ getresgid (&rgid, &egid, &sgid) != 0)
+#endif /* HAVE_GETRESUID */
+ {
+ suid = ruid = getuid ();
+ sgid = rgid = getgid ();
+ euid = geteuid ();
+ egid = getegid ();
+ }
+
+ secure = (ruid != euid || ruid != suid ||
+ rgid != egid || rgid != sgid);
+#endif /* OS_UNIX */
+ check_secure_initialized = true;
+ }
+
+ return secure;
+}
+
+#endif /* HAVE_GETAUXVAL */
#endif /* HAVE_TIMEGM */
+#ifdef HAVE_GETAUXVAL
+
+#include <sys/auxv.h>
+
+#else /* !HAVE_GETAUXVAL */
+
+unsigned long getauxval (unsigned long type);
+
+#define AT_SECURE 23
+
+#endif /* !HAVE_GETAUXVAL */
+
#endif /* __COMPAT_H__ */
if (remainder[0] == '\0')
remainder = NULL;
+ if (getauxval (AT_SECURE)) {
+ errno = EPERM;
+ return NULL;
+ }
+
env = getenv ("HOME");
if (env && env[0]) {
return p11_path_build (env, remainder, NULL);
#include <stdlib.h>
#include <string.h>
+#ifdef OS_UNIX
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#endif
+
enum {
FIXTURE,
TEST,
free (templ);
return directory;
}
+
+#ifdef OS_UNIX
+
+static void
+copy_file (const char *input,
+ int fd)
+{
+ p11_mmap *mmap;
+ const char *data;
+ ssize_t written;
+ size_t size;
+
+ mmap = p11_mmap_open (input, (void **)&data, &size);
+ assert (mmap != NULL);
+
+ while (size > 0) {
+ written = write (fd, data, size);
+ assert (written >= 0);
+
+ data += written;
+ size -= written;
+ }
+
+ p11_mmap_close (mmap);
+}
+
+char *
+p11_test_copy_setgid (const char *input)
+{
+ gid_t groups[128];
+ char *path;
+ gid_t group = 0;
+ int ret;
+ int fd;
+ int i;
+
+ ret = getgroups (128, groups);
+ for (i = 0; i < ret; ++i) {
+ if (groups[i] != getgid ()) {
+ group = groups[i];
+ break;
+ }
+ }
+ if (i == ret) {
+ fprintf (stderr, "# no suitable group, skipping test");
+ return NULL;
+ }
+
+ path = strdup ("/tmp/test-setgid.XXXXXX");
+ assert (path != NULL);
+
+ fd = mkstemp (path);
+ assert (fd >= 0);
+
+ copy_file (input, fd);
+ if (fchown (fd, getuid (), group) < 0)
+ assert_not_reached ();
+ if (fchmod (fd, 02750) < 0)
+ assert_not_reached ();
+ if (close (fd) < 0)
+ assert_not_reached ();
+
+ return path;
+}
+
+int
+p11_test_run_child (const char **argv,
+ bool quiet_out)
+{
+ pid_t child;
+ int status;
+
+ child = fork ();
+ assert (child >= 0);
+
+ /* In the child process? */
+ if (child == 0) {
+ if (quiet_out)
+ close (1); /* stdout */
+ execve (argv[0], (char **)argv, NULL);
+ assert_not_reached ();
+ }
+
+ if (waitpid (child, &status, 0) < 0)
+ assert_not_reached ();
+
+ assert (!WIFSIGNALED (status));
+ assert (WIFEXITED (status));
+
+ return WEXITSTATUS (status);
+}
+
+#endif /* OS_UNIX */
char * p11_test_directory (const char *prefix);
+#ifdef OS_UNIX
+
+char * p11_test_copy_setgid (const char *path);
+
+int p11_test_run_child (const char **argv,
+ bool quiet_out);
+
+#endif
+
#endif /* P11_TEST_H_ */
-I$(top_srcdir) \
-I$(srcdir)/.. \
-I$(COMMON) \
- $(TEST_CFLAGS)
+ -DBUILDDIR=\"$(abs_builddir)\" \
+ $(TEST_CFLAGS) \
+ $(CUTEST_CFLAGS)
LDADD = \
$(NULL)
$(NULL)
noinst_PROGRAMS = \
+ frob-getauxval \
$(CHECK_PROGS)
TESTS = $(CHECK_PROGS)
--- /dev/null
+/*
+ * Copyright (c) 2013 Red Hat Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@gnome.org>
+ */
+
+#include "config.h"
+#include "compat.h"
+
+#include <libtasn1.h>
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int
+main (int argc,
+ char *argv[])
+{
+ unsigned long type = 0;
+ unsigned long ret;
+
+ if (argc == 2)
+ type = atoi (argv[1]);
+
+ if (type == 0) {
+ fprintf (stderr, "usage: frob-getauxval 23");
+ abort ();
+ }
+
+ ret = getauxval (type);
+ printf ("getauxval(%lu) == %lu\n", type, ret);
+ return (int)ret;
+}
#include "config.h"
#include "test.h"
+#include <errno.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
free (res);
}
+#ifdef OS_UNIX
+
+static void
+test_getauxval (void)
+{
+ /* 23 is AT_SECURE */
+ const char *args[] = { BUILDDIR "/frob-getauxval", "23", NULL };
+ char *path;
+ int ret;
+
+ ret = p11_test_run_child (args, true);
+ assert_num_eq (ret, 0);
+
+ path = p11_test_copy_setgid (args[0]);
+ if (path == NULL)
+ return;
+
+ args[0] = path;
+ ret = p11_test_run_child (args, true);
+ assert_num_cmp (ret, !=, 0);
+
+ if (unlink (path) < 0)
+ assert_fail ("unlink failed", strerror (errno));
+ free (path);
+}
+
+#endif /* OS_UNIX */
+
int
main (int argc,
char *argv[])
{
p11_test (test_strndup, "/test/strndup");
+ p11_test (test_getauxval, "/test/getauxval");
return p11_test_run (argc, argv);
}
# These are thngs we can work around
AC_CHECK_MEMBERS([struct dirent.d_type],,,[#include <dirent.h>])
AC_CHECK_FUNCS([getprogname getexecname basename mkstemp mkdtemp])
+ AC_CHECK_FUNCS([getauxval issetugid getresuid])
AC_CHECK_FUNCS([strnstr memdup strndup])
AC_CHECK_FUNCS([asprintf vasprintf vsnprintf])
AC_CHECK_FUNCS([timegm])
AC_CHECK_DECLS([__progname])
AC_LINK_IFELSE([AC_LANG_SOURCE([extern char *__progname; void main() { }])],
[AC_DEFINE(HAVE___PROGNAME, [1], [Whether __progname available])])
+ AC_LINK_IFELSE([AC_LANG_SOURCE([extern int __libc_enable_secure; void main() { }])],
+ [AC_DEFINE(HAVE___LIBC_ENABLE_SECURE, [1], [Whether __libc_enable_secure available])])
fi
AC_CHECK_LIB(intl, dgettext)
<para><link linkend="pkcs11.conf">See the manual page</link> for more details
on the format and available options.</para>
+
+ <para>Note that user configuration files are not loaded from the home
+ directory if running inside a setuid or setgid program.</para>
</section>
</chapter>
file per module. In addition the <literal>~/.pkcs11/modules</literal> directory
can be used for modules installed by the user.</para>
+ <para>Note that user configuration files are not loaded from the home
+ directory if running inside a setuid or setgid program.</para>
+
<para>The default system config file and module directory can be changed
when building p11-kit. Always
<link linkend="devel-paths">lookup these paths</link> using
goto finished;
}
+ if (mode != CONF_USER_NONE && getauxval (AT_SECURE)) {
+ p11_debug ("skipping user config in setuid or setgid program");
+ mode = CONF_USER_NONE;
+ }
+
if (mode != CONF_USER_NONE) {
path = p11_path_expand (user_conf);
if (!path) {
noinst_PROGRAMS = \
print-messages \
+ frob-setuid \
$(CHECK_PROGS)
TESTS = $(CHECK_PROGS)
module: mock-one.so
setting: system1
-trust-policy: yes
\ No newline at end of file
+trust-policy: yes
+number: 18
setting: user1
-managed: yes
\ No newline at end of file
+managed: yes
+number: 33
--- /dev/null
+/*
+ * Copyright (c) 2012 Red Hat Inc
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above
+ * copyright notice, this list of conditions and the
+ * following disclaimer.
+ * * Redistributions in binary form must reproduce the
+ * above copyright notice, this list of conditions and
+ * the following disclaimer in the documentation and/or
+ * other materials provided with the distribution.
+ * * The names of contributors to this software may not be
+ * used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
+ * THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
+ * DAMAGE.
+ *
+ * Author: Stef Walter <stefw@redhat.com>
+ */
+
+#include "config.h"
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "compat.h"
+#include "p11-kit.h"
+
+int
+main (void)
+{
+ CK_FUNCTION_LIST **modules;
+ CK_FUNCTION_LIST *module;
+ char *field;
+ char *name;
+ int ret;
+ int i;
+
+ /*
+ * Use 'chmod ug+s frob-setuid' to change this program
+ * and test the output with/without setuid or setgid.
+ */
+
+ putenv ("P11_KIT_STRICT=1");
+
+ modules = p11_kit_modules_load_and_initialize (0);
+ assert (modules != NULL);
+
+ /* This is a system configured module */
+ module = p11_kit_module_for_name (modules, "one");
+ assert (module != NULL);
+
+ field = p11_kit_config_option (module, "setting");
+ printf ("'setting' on module 'one': %s\n", field ? field : "(null)");
+
+ assert (field != NULL);
+ if (getauxval (AT_SECURE))
+ assert (strcmp (field, "system1") == 0);
+ else
+ assert (strcmp (field, "user1") == 0);
+
+ free (field);
+
+ for (i = 0; modules[i] != NULL; i++) {
+ name = p11_kit_module_get_name (modules[i]);
+ printf ("%s\n", name);
+ free (name);
+ }
+
+ field = p11_kit_config_option (module, "number");
+ printf ("'number' on module 'one': %s\n", field ? field : "(null)");
+
+ ret = atoi (field ? field : "0");
+ assert (ret != 0);
+ free (field);
+
+ p11_kit_modules_finalize_and_release (modules);
+ return ret;
+}
#include "p11-kit.h"
#include "private.h"
+#ifdef OS_UNIX
+#include <sys/stat.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#endif
+
static void
test_parse_conf_1 (void)
{
assert_num_eq (true, _p11_conf_parse_boolean ("!!!", true));
}
+#ifdef OS_UNIX
+
+static void
+test_setuid (void)
+{
+ const char *args[] = { BUILDDIR "/frob-setuid", NULL, };
+ char *path;
+ int ret;
+
+ /* This is the 'number' setting set in one.module user configuration. */
+ ret = p11_test_run_child (args, true);
+ assert_num_eq (ret, 33);
+
+ path = p11_test_copy_setgid (args[0]);
+ if (path == NULL)
+ return;
+
+ args[0] = path;
+
+ /* This is the 'number' setting set in one.module system configuration. */
+ ret = p11_test_run_child (args, true);
+ assert_num_eq (ret, 18);
+
+ if (unlink (path) < 0)
+ assert_fail ("unlink failed", strerror (errno));
+ free (path);
+}
+
+#endif /* OS_UNIX */
+
int
main (int argc,
char *argv[])
p11_test (test_load_modules_user_only, "/conf/test_load_modules_user_only");
p11_test (test_load_modules_user_none, "/conf/test_load_modules_user_none");
p11_test (test_parse_boolean, "/conf/test_parse_boolean");
+#ifdef OS_UNIX
+ p11_test (test_setuid, "/conf/setuid");
+#endif
return p11_test_run (argc, argv);
}
projects / p11-kit / commitdiff