1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* activation-helper.c Setuid helper for launching programs as a custom
3 * user. This file is security sensitive.
5 * Copyright (C) 2007 Red Hat, Inc.
7 * Licensed under the Academic Free License version 2.1
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
30 #include "desktop-file.h"
31 #include "config-parser-trivial.h"
32 #include "activation-helper.h"
33 #include "activation-exit-codes.h"
39 #include <sys/types.h>
43 #include <dbus/dbus-shell.h>
44 #include <dbus/dbus-marshal-validate.h>
46 static BusDesktopFile *
47 desktop_file_for_name (BusConfigParser *parser,
51 BusDesktopFile *desktop_file;
52 DBusList **service_dirs;
59 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
63 if (!_dbus_string_init (&filename))
69 if (!_dbus_string_init (&full_path))
75 if (!_dbus_string_append (&filename, name) ||
76 !_dbus_string_append (&filename, ".service"))
82 service_dirs = bus_config_parser_get_service_dirs (parser);
83 for (link = _dbus_list_get_first_link (service_dirs);
85 link = _dbus_list_get_next_link (service_dirs, link))
88 _dbus_verbose ("Looking at '%s'\n", dir);
90 dbus_error_init (&tmp_error);
92 /* clear the path from last time */
93 _dbus_string_set_length (&full_path, 0);
95 /* build the full path */
96 if (!_dbus_string_append (&full_path, dir) ||
97 !_dbus_concat_dir_and_file (&full_path, &filename))
103 _dbus_verbose ("Trying to load file '%s'\n", _dbus_string_get_data (&full_path));
104 desktop_file = bus_desktop_file_load (&full_path, &tmp_error);
105 if (desktop_file == NULL)
107 _DBUS_ASSERT_ERROR_IS_SET (&tmp_error);
108 _dbus_verbose ("Could not load %s: %s: %s\n",
109 _dbus_string_get_const_data (&full_path),
110 tmp_error.name, tmp_error.message);
112 /* we may have failed if the file is not found; this is not fatal */
113 if (dbus_error_has_name (&tmp_error, DBUS_ERROR_NO_MEMORY))
115 dbus_move_error (&tmp_error, error);
116 /* we only bail out on OOM */
119 dbus_error_free (&tmp_error);
122 /* did we find the desktop file we want? */
123 if (desktop_file != NULL)
127 /* Didn't find desktop file; set error */
128 if (desktop_file == NULL)
130 dbus_set_error (error, DBUS_ERROR_SPAWN_SERVICE_NOT_FOUND,
131 "The name %s was not provided by any .service files",
136 _dbus_string_free (&full_path);
138 _dbus_string_free (&filename);
143 /* Cleares the environment, except for DBUS_VERBOSE and DBUS_STARTER_x */
145 clear_environment (DBusError *error)
147 const char *starter_env = NULL;
148 #ifdef DBUS_ENABLE_VERBOSE_MODE
149 const char *debug_env = NULL;
151 /* are we debugging */
152 debug_env = _dbus_getenv ("DBUS_VERBOSE");
155 /* we save the starter */
156 starter_env = _dbus_getenv ("DBUS_STARTER_ADDRESS");
158 #ifndef ACTIVATION_LAUNCHER_TEST
159 /* totally clear the environment */
160 if (!_dbus_clearenv ())
162 dbus_set_error (error, DBUS_ERROR_SPAWN_SETUP_FAILED,
163 "could not clear environment\n");
168 #ifdef DBUS_ENABLE_VERBOSE_MODE
169 /* restore the debugging environment setting if set */
171 _dbus_setenv ("DBUS_VERBOSE", debug_env);
174 /* restore the starter */
176 _dbus_setenv ("DBUS_STARTER_ADDRESS", starter_env);
178 /* set the type, which must be system if we got this far */
179 _dbus_setenv ("DBUS_STARTER_BUS_TYPE", "system");
185 check_permissions (const char *dbus_user, DBusError *error)
187 #ifndef ACTIVATION_LAUNCHER_TEST
195 /* bail out unless the dbus user is invoking the helper */
196 pw = getpwnam(dbus_user);
199 dbus_set_error (error, DBUS_ERROR_SPAWN_PERMISSIONS_INVALID,
200 "cannot find user '%s'", dbus_user);
204 if (pw->pw_uid != uid)
206 dbus_set_error (error, DBUS_ERROR_SPAWN_PERMISSIONS_INVALID,
207 "not invoked from user '%s'", dbus_user);
211 /* bail out unless we are setuid to user root */
215 dbus_set_error (error, DBUS_ERROR_SPAWN_PERMISSIONS_INVALID,
225 check_service_name (BusDesktopFile *desktop_file,
226 const char *service_name,
234 /* try to get Name */
235 if (!bus_desktop_file_get_string (desktop_file,
236 DBUS_SERVICE_SECTION,
242 /* verify that the name is the same as the file service name */
243 if (strcmp (service_name, name_tmp) != 0)
245 dbus_set_error (error, DBUS_ERROR_SPAWN_FILE_INVALID,
246 "Service '%s' does not match expected value", name_tmp);
253 /* we don't return the name, so free it here */
254 dbus_free (name_tmp);
260 get_parameters_for_service (BusDesktopFile *desktop_file,
261 const char *service_name,
272 /* check the name of the service */
273 if (!check_service_name (desktop_file, service_name, error))
276 /* get the complete path of the executable */
277 if (!bus_desktop_file_get_string (desktop_file,
278 DBUS_SERVICE_SECTION,
283 _DBUS_ASSERT_ERROR_IS_SET (error);
287 /* get the user that should run this service - user is compulsary for system activation */
288 if (!bus_desktop_file_get_string (desktop_file,
289 DBUS_SERVICE_SECTION,
294 _DBUS_ASSERT_ERROR_IS_SET (error);
298 /* only assign if all the checks passed */
304 dbus_free (exec_tmp);
305 dbus_free (user_tmp);
310 switch_user (char *user, DBusError *error)
312 #ifndef ACTIVATION_LAUNCHER_TEST
316 pw = getpwnam (user);
319 dbus_set_error (error, DBUS_ERROR_SPAWN_SETUP_FAILED,
320 "cannot find user '%s'\n", user);
324 /* initialize the group access list */
325 if (initgroups (user, pw->pw_gid))
327 dbus_set_error (error, DBUS_ERROR_SPAWN_SETUP_FAILED,
328 "could not initialize groups");
332 /* change to the primary group for the user */
333 if (setgid (pw->pw_gid))
335 dbus_set_error (error, DBUS_ERROR_SPAWN_SETUP_FAILED,
336 "cannot setgid group %i", pw->pw_gid);
340 /* change to the user specified */
341 if (setuid (pw->pw_uid) < 0)
343 dbus_set_error (error, DBUS_ERROR_SPAWN_SETUP_FAILED,
344 "cannot setuid user %i", pw->pw_uid);
352 exec_for_correct_user (char *exec, char *user, DBusError *error)
362 if (!switch_user (user, error))
365 /* convert command into arguments */
366 if (!_dbus_shell_parse_argv (exec, &argc, &argv, error))
369 #ifndef ACTIVATION_LAUNCHER_DO_OOM
370 /* replace with new binary, with no environment */
371 if (execv (argv[0], argv) < 0)
373 dbus_set_error (error, DBUS_ERROR_SPAWN_EXEC_FAILED,
374 "Failed to exec: %s", argv[0]);
379 dbus_free_string_array (argv);
384 check_bus_name (const char *bus_name,
389 _dbus_string_init_const (&str, bus_name);
390 if (!_dbus_validate_bus_name (&str, 0, _dbus_string_get_length (&str)))
392 dbus_set_error (error, DBUS_ERROR_SPAWN_SERVICE_NOT_FOUND,
393 "bus name '%s' is not a valid bus name\n",
402 get_correct_parser (BusConfigParser **parser, DBusError *error)
404 DBusString config_file;
406 #ifdef ACTIVATION_LAUNCHER_TEST
407 const char *test_config_file;
412 #ifdef ACTIVATION_LAUNCHER_TEST
413 test_config_file = NULL;
415 /* there is no _way_ we should be setuid if this define is set.
416 * but we should be doubly paranoid and check... */
417 if (getuid() != geteuid())
418 _dbus_assert_not_reached ("dbus-daemon-launch-helper-test binary is setuid!");
420 /* this is not a security hole. The environment variable is only passed in the
421 * dbus-daemon-lauch-helper-test NON-SETUID launcher */
422 test_config_file = _dbus_getenv ("TEST_LAUNCH_HELPER_CONFIG");
423 if (test_config_file == NULL)
425 dbus_set_error (error, DBUS_ERROR_SPAWN_SETUP_FAILED,
426 "the TEST_LAUNCH_HELPER_CONFIG env variable is not set");
431 /* we _only_ use the predefined system config file */
432 if (!_dbus_string_init (&config_file))
437 #ifndef ACTIVATION_LAUNCHER_TEST
438 if (!_dbus_string_append (&config_file, DBUS_SYSTEM_CONFIG_FILE))
441 goto out_free_config;
444 if (!_dbus_string_append (&config_file, test_config_file))
447 goto out_free_config;
451 /* where are we pointing.... */
452 _dbus_verbose ("dbus-daemon-activation-helper: using config file: %s\n",
453 _dbus_string_get_const_data (&config_file));
455 /* get the dbus user */
456 *parser = bus_config_load (&config_file, TRUE, NULL, error);
459 goto out_free_config;
466 _dbus_string_free (&config_file);
472 launch_bus_name (const char *bus_name, BusConfigParser *parser, DBusError *error)
474 BusDesktopFile *desktop_file;
482 /* get the correct service file for the name we are trying to activate */
483 desktop_file = desktop_file_for_name (parser, bus_name, error);
484 if (desktop_file == NULL)
487 /* get exec and user for service name */
488 if (!get_parameters_for_service (desktop_file, bus_name, &exec, &user, error))
491 _dbus_verbose ("dbus-daemon-activation-helper: Name='%s'\n", bus_name);
492 _dbus_verbose ("dbus-daemon-activation-helper: Exec='%s'\n", exec);
493 _dbus_verbose ("dbus-daemon-activation-helper: User='%s'\n", user);
495 /* actually execute */
496 if (!exec_for_correct_user (exec, user, error))
504 bus_desktop_file_free (desktop_file);
509 check_dbus_user (BusConfigParser *parser, DBusError *error)
511 const char *dbus_user;
513 dbus_user = bus_config_parser_get_user (parser);
514 if (dbus_user == NULL)
516 dbus_set_error (error, DBUS_ERROR_SPAWN_CONFIG_INVALID,
517 "could not get user from config file\n");
521 /* check to see if permissions are correct */
522 if (!check_permissions (dbus_user, error))
529 run_launch_helper (const char *bus_name,
532 BusConfigParser *parser;
538 /* clear the environment, apart from a few select settings */
539 if (!clear_environment (error))
542 /* check to see if we have a valid bus name */
543 if (!check_bus_name (bus_name, error))
546 /* get the correct parser, either the test or default parser */
547 if (!get_correct_parser (&parser, error))
550 /* check we are being invoked by the correct dbus user */
551 if (!check_dbus_user (parser, error))
552 goto error_free_parser;
554 /* launch the bus with the service defined user */
555 if (!launch_bus_name (bus_name, parser, error))
556 goto error_free_parser;
562 bus_config_parser_unref (parser);