Add experimental AIX support.

This includes a WIP failsafe issetugid for now, while research continues on the proper way to do this in a race-free fashion in AIX.
author: Brent Cook <busterb@gmail.com> 2015-02-10 23:49:31 -0600
committer: Brent Cook <bcook@openbsd.org> 2015-03-31 09:25:21 -0500
commit: fe3f7fc6365bfaac3418a72256b8c11603e80cbf (patch)
tree: ac6ee47f5ecb73a5645bb4bdbe2dc97ff8aa02fd
parent: 20101fd6b33d712e45f74c5297f79ea4225c183c (diff)
download: portable-fe3f7fc6365bfaac3418a72256b8c11603e80cbf.tar.gz
portable-fe3f7fc6365bfaac3418a72256b8c11603e80cbf.tar.bz2
portable-fe3f7fc6365bfaac3418a72256b8c11603e80cbf.zip
4 files changed, 123 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac
index 67266cb..75a1ec2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -18,6 +18,10 @@ LT_INIT
 CFLAGS="$CFLAGS -Wall -std=gnu99"
 case $host_os in
+        *aix*)
+                HOST_OS=aix
+                AC_SUBST([PLATFORM_LDADD], ['-lperfstat -lpthread'])
+                ;;
        *cygwin*)
                HOST_OS=cygwin
                ;;
@@ -68,6 +72,7 @@ case $host_os in
        *) ;;
 esac
+AM_CONDITIONAL([HOST_AIX],     [test x$HOST_OS = xaix])
 AM_CONDITIONAL([HOST_CYGWIN],  [test x$HOST_OS = xcygwin])
 AM_CONDITIONAL([HOST_DARWIN],  [test x$HOST_OS = xdarwin])
 AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
diff --git a/crypto/Makefile.am b/crypto/Makefile.am
index e350cda..83bf0c6 100644
--- a/crypto/Makefile.am
+++ b/crypto/Makefile.am
@@ -69,6 +69,9 @@ if !HAVE_ARC4RANDOM_BUF
 libcompat_la_SOURCES += compat/arc4random.c
 if !HAVE_GETENTROPY
+if HOST_AIX
+libcompat_la_SOURCES += compat/getentropy_aix.c
+endif
 if HOST_FREEBSD
 libcompat_la_SOURCES += compat/getentropy_freebsd.c
 endif
@@ -95,6 +98,9 @@ endif
 endif
 if !HAVE_ISSETUGID
+if HOST_AIX
+libcompat_la_SOURCES += compat/issetugid_aix.c
+endif
 if HOST_LINUX
 libcompat_la_SOURCES += compat/issetugid_linux.c
 endif
@@ -111,6 +117,7 @@ endif
 noinst_HEADERS =
 noinst_HEADERS += compat/arc4random.h
+noinst_HEADERS += compat/arc4random_aix.h
 noinst_HEADERS += compat/arc4random_freebsd.h
 noinst_HEADERS += compat/arc4random_hpux.h
 noinst_HEADERS += compat/arc4random_linux.h
diff --git a/crypto/compat/arc4random.h b/crypto/compat/arc4random.h
index ce1bbea..762aec2 100644
--- a/crypto/compat/arc4random.h
+++ b/crypto/compat/arc4random.h
@@ -3,7 +3,10 @@
 #include <sys/param.h>
-#if defined(__FreeBSD__)
+#if defined(_AIX)
+#include "arc4random_aix.h"
+#elif defined(__FreeBSD__)
 #include "arc4random_freebsd.h"
 #elif defined(__hpux)
diff --git a/crypto/compat/issetugid_aix.c b/crypto/compat/issetugid_aix.c
new file mode 100644
index 0000000..16f0a6d
--- /dev/null
+++ b/crypto/compat/issetugid_aix.c
@@ -0,0 +1,107 @@
+/*        $OpenBSD: $    */
+/*
+ * Copyright (c) 2015 Michael Felt <aixtools@gmail.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ */
+#include <sys/id.h>
+#include <sys/priv.h>
+#include <stdio.h>
+#include <unistd.h>
+/*
+ * AIX does not have issetugid().
+ * This experimental implementation uses getpriv() and get*id().
+ * First, try getpriv() and check equality of pv_priv values
+ * When these values are equal, using get*id() including login uid.
+ *
+ */
+int issetugid(void)
+{
+        /*
+         * Return fail-safe while we evaluate primitives in AIX. There does
+         * not yet appear to be a single atomic test to tell if privileges of
+         * the process changed from that of the user who is in control of the
+         * environment.
+         */
+        return (1);
+#define PEPRIV(a,b) a.pv_priv[b]
+        /*
+         * effective priv is what I can do now
+         * inherited priv is what the caller gave or could have given
+         * basically when inherited == 0 and effective != 0 then
+         * some kind of priv escalation has occurred
+         * when 'demoted' -- inherited != 0 but effective == 0
+         * there is also a change, so, will report 1 as well - to be safe
+         * PROBABLY there needs more study re: how RBAC subtley affects
+         * the priv_t values - for now, they are either zero - nothing added
+         * or non-zero - something added
+         */
+        priv_t effective,inherited;
+        int luid;
+        int euid, ruid;
+        getpriv(PRIV_EFFECTIVE, &effective, sizeof(priv_t));
+        getpriv(PRIV_INHERITED, &inherited, sizeof(priv_t));
+        if (PEPRIV(effective,0) | PEPRIV(effective,1)) { /* have something */
+                if ((PEPRIV(inherited,0) | PEPRIV(inherited,1)) == 0) /* had nothing - classic u+s  bit */
+                        return (1);
+        } else {
+                /*
+                 * effective priv elevation is NULL/NONE
+                 * was there something and removed via setuid()?
+                 */
+                if (PEPRIV(inherited,0) | PEPRIV(inherited,1))
+                        return (1);
+        }
+        /*
+         * if we get this far, then "no" differences in process priv noted
+         * compare the different uid
+         * the comparision of login id with effective says "TRUE" when different.
+         * this may not work as expected when using sudo for elevation
+         * again, looking at RBAC affects on priv may be more truthful
+         *
+         * ruid - real uid
+         * euid - effictive uid
+         * luid - login uid
+         */
+        /*
+         * if these differ (not common on AIX), return changed
+         */
+        ruid = getuid();
+        euid = geteuid();
+        if (euid != ruid)
+                return (1);
+        if (getgid() != getegid())
+                return (1);
+        /*
+         * luid == login id, su/sudo do not/cannot change this afaik
+         * perhaps this is "too strict", but same as in
+         * issetugid_win.c - err on the safe side for now
+         */
+        luid = getuidx(ID_LOGIN);
+        if (euid != luid)
+                return (1);
+        return (0);
+}
author	Brent Cook <busterb@gmail.com>	2015-02-10 23:49:31 -0600
committer	Brent Cook <bcook@openbsd.org>	2015-03-31 09:25:21 -0500
commit	fe3f7fc6365bfaac3418a72256b8c11603e80cbf (patch)
tree	ac6ee47f5ecb73a5645bb4bdbe2dc97ff8aa02fd
parent	20101fd6b33d712e45f74c5297f79ea4225c183c (diff)
download	portable-fe3f7fc6365bfaac3418a72256b8c11603e80cbf.tar.gz portable-fe3f7fc6365bfaac3418a72256b8c11603e80cbf.tar.bz2 portable-fe3f7fc6365bfaac3418a72256b8c11603e80cbf.zip

diff --git a/configure.ac b/configure.ac index 67266cb..75a1ec2 100644 --- a/configure.ac +++ b/configure.ac
@@ -18,6 +18,10 @@ LT_INIT
18	CFLAGS="$CFLAGS -Wall -std=gnu99"	18	CFLAGS="$CFLAGS -Wall -std=gnu99"
19		19
20	case $host_os in	20	case $host_os in
		21	aix)
		22	HOST_OS=aix
		23	AC_SUBST([PLATFORM_LDADD], ['-lperfstat -lpthread'])
		24	;;
21	cygwin)	25	cygwin)
22	HOST_OS=cygwin	26	HOST_OS=cygwin
23	;;	27	;;
@@ -68,6 +72,7 @@ case $host_os in
68	*) ;;	72	*) ;;
69	esac	73	esac
70		74
		75	AM_CONDITIONAL([HOST_AIX], [test x$HOST_OS = xaix])
71	AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin])	76	AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin])
72	AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin])	77	AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin])
73	AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])	78	AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])


diff --git a/crypto/Makefile.am b/crypto/Makefile.am index e350cda..83bf0c6 100644 --- a/crypto/Makefile.am +++ b/crypto/Makefile.am
@@ -69,6 +69,9 @@ if !HAVE_ARC4RANDOM_BUF
69	libcompat_la_SOURCES += compat/arc4random.c	69	libcompat_la_SOURCES += compat/arc4random.c
70		70
71	if !HAVE_GETENTROPY	71	if !HAVE_GETENTROPY
		72	if HOST_AIX
		73	libcompat_la_SOURCES += compat/getentropy_aix.c
		74	endif
72	if HOST_FREEBSD	75	if HOST_FREEBSD
73	libcompat_la_SOURCES += compat/getentropy_freebsd.c	76	libcompat_la_SOURCES += compat/getentropy_freebsd.c
74	endif	77	endif
@@ -95,6 +98,9 @@ endif
95	endif	98	endif
96		99
97	if !HAVE_ISSETUGID	100	if !HAVE_ISSETUGID
		101	if HOST_AIX
		102	libcompat_la_SOURCES += compat/issetugid_aix.c
		103	endif
98	if HOST_LINUX	104	if HOST_LINUX
99	libcompat_la_SOURCES += compat/issetugid_linux.c	105	libcompat_la_SOURCES += compat/issetugid_linux.c
100	endif	106	endif
@@ -111,6 +117,7 @@ endif
111		117
112	noinst_HEADERS =	118	noinst_HEADERS =
113	noinst_HEADERS += compat/arc4random.h	119	noinst_HEADERS += compat/arc4random.h
		120	noinst_HEADERS += compat/arc4random_aix.h
114	noinst_HEADERS += compat/arc4random_freebsd.h	121	noinst_HEADERS += compat/arc4random_freebsd.h
115	noinst_HEADERS += compat/arc4random_hpux.h	122	noinst_HEADERS += compat/arc4random_hpux.h
116	noinst_HEADERS += compat/arc4random_linux.h	123	noinst_HEADERS += compat/arc4random_linux.h


diff --git a/crypto/compat/arc4random.h b/crypto/compat/arc4random.h index ce1bbea..762aec2 100644 --- a/crypto/compat/arc4random.h +++ b/crypto/compat/arc4random.h
@@ -3,7 +3,10 @@
3		3
4	#include <sys/param.h>	4	#include <sys/param.h>
5		5
6	#if defined(__FreeBSD__)	6	#if defined(_AIX)
		7	#include "arc4random_aix.h"
		8
		9	#elif defined(__FreeBSD__)
7	#include "arc4random_freebsd.h"	10	#include "arc4random_freebsd.h"
8		11
9	#elif defined(__hpux)	12	#elif defined(__hpux)


diff --git a/crypto/compat/issetugid_aix.c b/crypto/compat/issetugid_aix.c new file mode 100644 index 0000000..16f0a6d --- /dev/null +++ b/crypto/compat/issetugid_aix.c
@@ -0,0 +1,107 @@
		1	/* $OpenBSD: $ */
		2
		3	/*
		4	* Copyright (c) 2015 Michael Felt <aixtools@gmail.com>
		5	*
		6	* Permission to use, copy, modify, and distribute this software for any
		7	* purpose with or without fee is hereby granted, provided that the above
		8	* copyright notice and this permission notice appear in all copies.
		9	*
		10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		14	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		15	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		16	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		17	*
		18	*/
		19
		20	#include <sys/id.h>
		21	#include <sys/priv.h>
		22
		23	#include <stdio.h>
		24	#include <unistd.h>
		25
		26	/*
		27	* AIX does not have issetugid().
		28	* This experimental implementation uses getpriv() and get*id().
		29	* First, try getpriv() and check equality of pv_priv values
		30	* When these values are equal, using get*id() including login uid.
		31	*
		32	*/
		33	int issetugid(void)
		34	{
		35	/*
		36	* Return fail-safe while we evaluate primitives in AIX. There does
		37	* not yet appear to be a single atomic test to tell if privileges of
		38	* the process changed from that of the user who is in control of the
		39	* environment.
		40	*/
		41	return (1);
		42
		43	#define PEPRIV(a,b) a.pv_priv[b]
		44	/*
		45	* effective priv is what I can do now
		46	* inherited priv is what the caller gave or could have given
		47	* basically when inherited == 0 and effective != 0 then
		48	* some kind of priv escalation has occurred
		49	* when 'demoted' -- inherited != 0 but effective == 0
		50	* there is also a change, so, will report 1 as well - to be safe
		51	* PROBABLY there needs more study re: how RBAC subtley affects
		52	* the priv_t values - for now, they are either zero - nothing added
		53	* or non-zero - something added
		54	*/
		55	priv_t effective,inherited;
		56	int luid;
		57	int euid, ruid;
		58
		59	getpriv(PRIV_EFFECTIVE, &effective, sizeof(priv_t));
		60	getpriv(PRIV_INHERITED, &inherited, sizeof(priv_t));
		61
		62	if (PEPRIV(effective,0) \| PEPRIV(effective,1)) { /* have something */
		63	if ((PEPRIV(inherited,0) \| PEPRIV(inherited,1)) == 0) /* had nothing - classic u+s bit */
		64	return (1);
		65	} else {
		66	/*
		67	* effective priv elevation is NULL/NONE
		68	* was there something and removed via setuid()?
		69	*/
		70	if (PEPRIV(inherited,0) \| PEPRIV(inherited,1))
		71	return (1);
		72	}
		73
		74	/*
		75	* if we get this far, then "no" differences in process priv noted
		76	* compare the different uid
		77	* the comparision of login id with effective says "TRUE" when different.
		78	* this may not work as expected when using sudo for elevation
		79	* again, looking at RBAC affects on priv may be more truthful
		80	*
		81	* ruid - real uid
		82	* euid - effictive uid
		83	* luid - login uid
		84	*/
		85
		86	/*
		87	* if these differ (not common on AIX), return changed
		88	*/
		89	ruid = getuid();
		90	euid = geteuid();
		91	if (euid != ruid)
		92	return (1);
		93
		94	if (getgid() != getegid())
		95	return (1);
		96
		97	/*
		98	* luid == login id, su/sudo do not/cannot change this afaik
		99	* perhaps this is "too strict", but same as in
		100	* issetugid_win.c - err on the safe side for now
		101	*/
		102	luid = getuidx(ID_LOGIN);
		103	if (euid != luid)
		104	return (1);
		105
		106	return (0);
		107	}