mirror of https://github.com/BOINC/boinc.git
307 lines
11 KiB
C
307 lines
11 KiB
C
// Berkeley Open Infrastructure for Network Computing
|
|
// http://boinc.berkeley.edu
|
|
// Copyright (C) 2006 University of California
|
|
//
|
|
// This is free software; you can redistribute it and/or
|
|
// modify it under the terms of the GNU Lesser General Public
|
|
// License as published by the Free Software Foundation;
|
|
// either version 2.1 of the License, or (at your option) any later version.
|
|
//
|
|
// This software is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
// See the GNU Lesser General Public License for more details.
|
|
//
|
|
// To view the GNU Lesser General Public License visit
|
|
// http://www.gnu.org/copyleft/lesser.html
|
|
// or write to the Free Software Foundation, Inc.,
|
|
// 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
// check_security.C
|
|
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <unistd.h>
|
|
#include <pwd.h> // getpwnam
|
|
#include <grp.h>
|
|
#include <sys/param.h> // for MAXPATHLEN
|
|
#include "util.h"
|
|
#include "error_numbers.h"
|
|
#include "file_names.h"
|
|
#include "SetupSecurity.h"
|
|
|
|
|
|
#define REAL_BOINC_MASTER_NAME "boinc_master"
|
|
#define REAL_BOINC_PROJECT_NAME "boinc_project"
|
|
|
|
static char boinc_master_user_name[64];
|
|
static char boinc_master_group_name[64];
|
|
static char boinc_project_user_name[64];
|
|
static char boinc_project_group_name[64];
|
|
|
|
// Returns FALSE (0) if owners and permissions are OK, else TRUE (1)
|
|
int check_security() {
|
|
passwd *pw;
|
|
group *grp;
|
|
gid_t egid, boinc_master_gid;
|
|
uid_t euid, boinc_master_uid;
|
|
gid_t boinc_project_gid;
|
|
uid_t boinc_project_uid;
|
|
char dir_path[MAXPATHLEN], full_path[MAXPATHLEN];
|
|
struct stat sbuf;
|
|
int retval;
|
|
#ifdef __WXMAC__ // If Mac BOINC Manager
|
|
ProcessSerialNumber ourPSN;
|
|
ProcessInfoRec pInfo;
|
|
FSRef ourFSRef;
|
|
char *p;
|
|
#endif
|
|
|
|
// GDB can't attach to applications which are running as a diferent user or group so
|
|
// it ignores the S_ISUID and S_ISGID permisison bits when launching an application.
|
|
// To work around this, and to allow testing the uninstalled Deployment version, we
|
|
// assume that the BOINC Client has the correct user and group.
|
|
// We must get the BOINC Client's user and group differently depending on whether we
|
|
// were called from the Manager or from the Client
|
|
|
|
#ifdef __WXMAC__ // If Mac BOINC Manager
|
|
// Get the full path to BOINC Manager application's bundle
|
|
retval = GetCurrentProcess (&ourPSN);
|
|
if (retval)
|
|
return retval; // Should never happen
|
|
|
|
memset(&pInfo, 0, sizeof(pInfo));
|
|
pInfo.processInfoLength = sizeof( ProcessInfoRec );
|
|
retval = GetProcessInformation(&ourPSN, &pInfo);
|
|
if (retval)
|
|
return retval; // Should never happen
|
|
|
|
retval = GetProcessBundleLocation(&ourPSN, &ourFSRef);
|
|
if (retval)
|
|
return retval; // Should never happen
|
|
|
|
retval = FSRefMakePath (&ourFSRef, (UInt8*)dir_path, sizeof(dir_path));
|
|
if (retval)
|
|
return retval; // Should never happen
|
|
|
|
// Get the full path to BOINC Clients inside this application's bundle
|
|
strlcpy(full_path, dir_path, sizeof(full_path));
|
|
strlcat(full_path, "/Contents/Resources/boinc", sizeof(full_path));
|
|
|
|
retval = stat(full_path, &sbuf);
|
|
if (retval)
|
|
return retval; // Should never happen
|
|
|
|
if ((sbuf.st_mode & (S_ISUID | S_ISGID)) != (S_ISUID | S_ISGID))
|
|
return ERR_USER_PERMISSION;
|
|
|
|
boinc_master_uid = sbuf.st_gid;
|
|
boinc_master_gid = sbuf.st_uid;
|
|
#else
|
|
boinc_master_uid = geteuid();
|
|
boinc_master_gid = getegid();
|
|
|
|
#endif
|
|
|
|
#if 1 // (was: #if _DEBUG) See comment above
|
|
|
|
pw = getpwuid(boinc_master_uid);
|
|
if (pw == NULL)
|
|
return ERR_USER_REJECTED; // Should never happen
|
|
strlcpy(boinc_master_user_name, pw->pw_name, sizeof(boinc_master_user_name));
|
|
|
|
grp = getgrgid(boinc_master_gid);
|
|
if (grp == NULL)
|
|
return ERR_GETGRNAM;
|
|
strlcpy(boinc_master_group_name, grp->gr_name, sizeof(boinc_master_group_name));
|
|
|
|
#else // Require absolute owner and group boinc_master:boinc_master
|
|
strlcpy(boinc_master_user_name, REAL_BOINC_MASTER_NAME, sizeof(boinc_master_user_name));
|
|
pw = getpwnam(boinc_master_user_name);
|
|
if (pw == NULL)
|
|
return ERR_USER_REJECTED; // User boinc_master does not exist
|
|
boinc_master_uid = pw->pw_uid;
|
|
|
|
strlcpy(boinc_master_group_name, REAL_BOINC_MASTER_NAME, sizeof(boinc_master_group_name));
|
|
grp = getgrnam(boinc_master_group_name);
|
|
if (grp == NULL)
|
|
return ERR_GETGRNAM; // Group boinc_master does not exist
|
|
boinc_master_gid = grp->gr_gid;
|
|
#endif
|
|
|
|
#if (defined(_DEBUG) && defined(DEBUG_WITH_FAKE_PROJECT_USER_AND_GROUP))
|
|
// For easier debugging of project applications
|
|
strlcpy(boinc_project_user_name, boinc_master_user_name, sizeof(boinc_project_user_name));
|
|
strlcpy(boinc_project_group_name, boinc_master_group_name, sizeof(boinc_project_group_name));
|
|
boinc_project_uid = boinc_master_uid;
|
|
boinc_project_gid = boinc_master_gid;
|
|
#else
|
|
strlcpy(boinc_project_user_name, REAL_BOINC_PROJECT_NAME, sizeof(boinc_project_user_name));
|
|
pw = getpwnam(boinc_project_user_name);
|
|
if (pw == NULL)
|
|
return ERR_USER_REJECTED; // User boinc_project does not exist
|
|
boinc_project_uid = pw->pw_uid;
|
|
|
|
strlcpy(boinc_project_group_name, REAL_BOINC_PROJECT_NAME, sizeof(boinc_project_group_name));
|
|
grp = getgrnam(boinc_project_group_name);
|
|
if (grp == NULL)
|
|
return ERR_GETGRNAM; // Group boinc_project does not exist
|
|
boinc_project_gid = grp->gr_gid;
|
|
|
|
for (int i=0; ; i++) { // Step through all users in group boinc_project
|
|
char *p = grp->gr_mem[i];
|
|
if (p == NULL)
|
|
return ERR_GETGRNAM; // User boinc_master is not a member of group boinc_project
|
|
if (strcmp(p, boinc_master_user_name) == 0)
|
|
break;
|
|
}
|
|
#endif
|
|
|
|
#ifdef __WXMAC__ // If Mac BOINC Manager
|
|
// Get the full path to BOINC Manager executable inside this application's bundle
|
|
strlcpy(full_path, dir_path, sizeof(full_path));
|
|
strlcat(full_path, "/Contents/MacOS/", sizeof(full_path));
|
|
// To allow for branding, assume name of executable inside bundle is same as name of bundle
|
|
p = strrchr(dir_path, '/'); // Assume name of executable inside bundle is same as name of bundle
|
|
if (p == NULL)
|
|
p = dir_path - 1;
|
|
strlcat(full_path, p+1, sizeof(full_path));
|
|
p = strrchr(full_path, '.'); // Strip off bundle extension (".app")
|
|
if (p)
|
|
*p = '\0';
|
|
|
|
retval = stat(full_path, &sbuf);
|
|
if (retval)
|
|
return retval; // Should never happen
|
|
|
|
if (sbuf.st_gid != boinc_master_gid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
if ((sbuf.st_mode & S_ISGID) != S_ISGID)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
#if 0
|
|
// Require absolute owner and group boinc_master:boinc_master
|
|
// Get the full path to BOINC Clients inside this application's bundle
|
|
strlcpy(full_path, dir_path, sizeof(full_path));
|
|
strlcat(full_path, "/Contents/Resources/boinc", sizeof(full_path));
|
|
|
|
retval = stat(full_path, &sbuf);
|
|
if (retval)
|
|
return retval; // Should never happen
|
|
|
|
if (sbuf.st_gid != boinc_master_gid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
if (sbuf.st_uid != boinc_master_uid)
|
|
return ERR_USER_PERMISSION;
|
|
#endif
|
|
#endif // Mac BOINC Manager
|
|
|
|
// rgid = getgid();
|
|
// ruid = getuid();
|
|
egid = getegid();
|
|
euid = geteuid();
|
|
|
|
if (egid != boinc_master_gid)
|
|
return ERR_USER_PERMISSION; // We should be running setgid boinc_master
|
|
|
|
#ifndef __WXMAC__ // If NOT Mac BOINC Manager
|
|
if (euid != boinc_master_uid)
|
|
return ERR_USER_PERMISSION; // BOINC Client should be running setuid boinc_master
|
|
#endif
|
|
|
|
getcwd(dir_path, sizeof(dir_path));
|
|
retval = stat(dir_path, &sbuf);
|
|
if (retval)
|
|
return retval; // Should never happen
|
|
|
|
// The top-level BOINC Data directory can have a different user if created by the Manager,
|
|
// but it should always have group boinc_master.
|
|
if (sbuf.st_gid != boinc_master_gid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
// The top-level BOINC Data directory should have permission 775 or 575
|
|
if ((sbuf.st_mode & 0577) != 0575)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
strlcpy(full_path, dir_path, sizeof(full_path));
|
|
strlcat(full_path, "/", sizeof(full_path));
|
|
strlcat(full_path, PROJECTS_DIR, sizeof(full_path));
|
|
retval = stat(full_path, &sbuf);
|
|
if (! retval) { // Client can create projects directory if it does not yet exist.
|
|
if (sbuf.st_gid != boinc_master_gid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
if (sbuf.st_uid != boinc_master_uid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
if ((sbuf.st_mode & 0777) != 0775)
|
|
return ERR_USER_PERMISSION;
|
|
}
|
|
|
|
strlcpy(full_path, dir_path, sizeof(dir_path));
|
|
strlcat(full_path, "/", sizeof(full_path));
|
|
strlcat(full_path, SLOTS_DIR, sizeof(full_path));
|
|
retval = stat(full_path, &sbuf);
|
|
if (! retval) { // Client can create slots directory if it does not yet exist.
|
|
if (sbuf.st_gid != boinc_master_gid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
if (sbuf.st_uid != boinc_master_uid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
if ((sbuf.st_mode & 0777) != 0775)
|
|
return ERR_USER_PERMISSION;
|
|
}
|
|
|
|
strlcpy(full_path, dir_path, sizeof(full_path));
|
|
strlcat(full_path, "/", sizeof(full_path));
|
|
strlcat(full_path, GUI_RPC_PASSWD_FILE, sizeof(full_path));
|
|
retval = stat(full_path, &sbuf);
|
|
if (! retval) { // Client can create RPC password file if it does not yet exist.
|
|
if (sbuf.st_gid != boinc_master_gid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
if (sbuf.st_uid != boinc_master_uid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
if ((sbuf.st_mode & 0777) != 0660)
|
|
return ERR_USER_PERMISSION;
|
|
}
|
|
|
|
strlcpy(full_path, dir_path, sizeof(dir_path));
|
|
strlcat(full_path, "/", sizeof(full_path));
|
|
strlcat(full_path, SWITCHER_DIR, sizeof(full_path));
|
|
retval = stat(full_path, &sbuf);
|
|
if (retval)
|
|
return ERR_FILE_MISSING;
|
|
|
|
if (sbuf.st_gid != boinc_master_gid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
if (sbuf.st_uid != boinc_master_uid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
if ((sbuf.st_mode & 0777) != 0770)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
strlcat(full_path, "/", sizeof(full_path));
|
|
strlcat(full_path, SWITCHER_FILE_NAME, sizeof(full_path));
|
|
retval = stat(full_path, &sbuf);
|
|
if (retval)
|
|
return ERR_FILE_MISSING;
|
|
|
|
if (sbuf.st_gid != boinc_project_gid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
if (sbuf.st_uid != boinc_project_uid)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
if ((sbuf.st_mode & 07777) != 06550)
|
|
return ERR_USER_PERMISSION;
|
|
|
|
return 0;
|
|
}
|