GCOV - Varnish Cache


/*-
 * Copyright 2018 UPLEX - Nils Goroll Systemoptimierung
 * All rights reserved.
 *
 * Authors: Geoffrey Simmons <geoffrey.simmons@uplex.de>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 *    this list of conditions and the following disclaimer in the documentation
 *    and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include <sys/types.h>
#include <sys/socket.h>

#if defined(HAVE_GETPEEREID)
#include <unistd.h>
#endif

#if defined(HAVE_GETPEERUCRED)
#include <ucred.h>
# if defined(HAVE_SETPPRIV)
# include <priv.h>
static priv_set_t *priv_proc_info = NULL;
# endif
#endif

#define CREDS_FAIL -1
#define NOT_SUPPORTED -2

#if defined(HAVE_GETPEERUCRED) && defined(HAVE_SETPPRIV)
static void __attribute__((constructor))
cred_compat_init(void)
{
        AZ(priv_proc_info);
        priv_proc_info = priv_allocset();
        AN(priv_proc_info);
        AZ(priv_addset(priv_proc_info, PRIV_PROC_INFO));
}

static void __attribute__((destructor))
cred_compat_fini(void)
{
        if (priv_proc_info == NULL)
                return;
        priv_freeset(priv_proc_info);
        priv_proc_info = NULL;
}
#endif

static int
get_ids(int fd, uid_t *uid, gid_t *gid)
{

#if defined(SO_PEERCRED)
#if defined(__OpenBSD__)
        typedef struct sockpeercred ucred_t;
#else
        typedef struct ucred ucred_t;
#endif

        ucred_t ucred;
        socklen_t l = sizeof(ucred);

        errno = 0;
        if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, (void *) &ucred, &l) != 0)
                return (CREDS_FAIL);
        *uid = ucred.uid;
        *gid = ucred.gid;
        return (0);

#elif defined(HAVE_GETPEEREID)

        errno = 0;
        if (getpeereid(fd, uid, gid) != 0)
                return (CREDS_FAIL);
        return (0);

#elif defined(HAVE_GETPEERUCRED)
        char buf[ucred_size()];
        ucred_t *ucredp = (ucred_t *)buf;

# if defined(HAVE_SETPPRIV)
        priv_set_t *priv = NULL;

        errno = 0;
        if (!priv_ineffect(PRIV_PROC_INFO)) {
                priv = priv_proc_info;
                if (setppriv(PRIV_ON, PRIV_EFFECTIVE, priv))
                        return (CREDS_FAIL);
        }
# endif

        errno = 0;
        if (getpeerucred(fd, &ucredp))
                return (CREDS_FAIL);
        *uid = ucred_geteuid(ucredp);
        *gid = ucred_getegid(ucredp);

# if defined(HAVE_SETPPRIV)
        if (priv != NULL)
                AZ(setppriv(PRIV_OFF, PRIV_EFFECTIVE, priv)); // waive
# endif

        return (0);
#else
        (void) fd;
        (void) uid;
        (void) gid;
        return (NOT_SUPPORTED);
#endif

}

		varnish-cache/vmod/vmod_unix_cred_compat.h
0		/*-
1		* Copyright 2018 UPLEX - Nils Goroll Systemoptimierung
2		* All rights reserved.
3		*
4		* Authors: Geoffrey Simmons <geoffrey.simmons@uplex.de>
5		*
6		* SPDX-License-Identifier: BSD-2-Clause
7		*
8		* Redistribution and use in source and binary forms, with or without
9		* modification, are permitted provided that the following conditions are met:
10		* 1. Redistributions of source code must retain the above copyright notice,
11		* this list of conditions and the following disclaimer.
12		* 2. Redistributions in binary form must reproduce the above copyright notice,
13		* this list of conditions and the following disclaimer in the documentation
14		* and/or other materials provided with the distribution.
15		*
16		* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
17		* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18		* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
19		* DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
20		* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
21		* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
22		* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
23		* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24		* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
25		* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26		*
27		*/
28
29		#include <sys/types.h>
30		#include <sys/socket.h>
31
32		#if defined(HAVE_GETPEEREID)
33		#include <unistd.h>
34		#endif
35
36		#if defined(HAVE_GETPEERUCRED)
37		#include <ucred.h>
38		# if defined(HAVE_SETPPRIV)
39		# include <priv.h>
40		static priv_set_t *priv_proc_info = NULL;
41		# endif
42		#endif
43
44		#define CREDS_FAIL -1
45		#define NOT_SUPPORTED -2
46
47		#if defined(HAVE_GETPEERUCRED) && defined(HAVE_SETPPRIV)
48		static void __attribute__((constructor))
49		cred_compat_init(void)
50		{
51		AZ(priv_proc_info);
52		priv_proc_info = priv_allocset();
53		AN(priv_proc_info);
54		AZ(priv_addset(priv_proc_info, PRIV_PROC_INFO));
55		}
56
57		static void __attribute__((destructor))
58		cred_compat_fini(void)
59		{
60		if (priv_proc_info == NULL)
61		return;
62		priv_freeset(priv_proc_info);
63		priv_proc_info = NULL;
64		}
65		#endif
66
67		static int
68	120	get_ids(int fd, uid_t uid, gid_t gid)
69		{
70
71		#if defined(SO_PEERCRED)
72		#if defined(__OpenBSD__)
73		typedef struct sockpeercred ucred_t;
74		#else
75		typedef struct ucred ucred_t;
76		#endif
77
78		ucred_t ucred;
79		socklen_t l = sizeof(ucred);
80
81		errno = 0;
82		if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, (void *) &ucred, &l) != 0)
83		return (CREDS_FAIL);
84		*uid = ucred.uid;
85		*gid = ucred.gid;
86		return (0);
87
88		#elif defined(HAVE_GETPEEREID)
89
90	120	errno = 0;
91	120	if (getpeereid(fd, uid, gid) != 0)
92	0	return (CREDS_FAIL);
93	120	return (0);
94
95		#elif defined(HAVE_GETPEERUCRED)
96		char buf[ucred_size()];
97		ucred_t ucredp = (ucred_t )buf;
98
99		# if defined(HAVE_SETPPRIV)
100		priv_set_t *priv = NULL;
101
102		errno = 0;
103		if (!priv_ineffect(PRIV_PROC_INFO)) {
104		priv = priv_proc_info;
105		if (setppriv(PRIV_ON, PRIV_EFFECTIVE, priv))
106		return (CREDS_FAIL);
107		}
108		# endif
109
110		errno = 0;
111		if (getpeerucred(fd, &ucredp))
112		return (CREDS_FAIL);
113		*uid = ucred_geteuid(ucredp);
114		*gid = ucred_getegid(ucredp);
115
116		# if defined(HAVE_SETPPRIV)
117		if (priv != NULL)
118		AZ(setppriv(PRIV_OFF, PRIV_EFFECTIVE, priv)); // waive
119		# endif
120
121		return (0);
122		#else
123		(void) fd;
124		(void) uid;
125		(void) gid;
126		return (NOT_SUPPORTED);
127		#endif
128
129	120	}