Changeset 5703
- Timestamp:
- 11/12/07 14:01:48 (1 year ago)
- Files:
-
- trunk/Config.kmk (modified) (1 diff)
- trunk/src/VBox/Devices/Makefile.kmk (modified) (2 diffs)
- trunk/src/VBox/Devices/Storage/DrvHostBase.cpp (modified) (2 diffs)
- trunk/src/VBox/Devices/Storage/DrvHostDVD.cpp (modified) (8 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/Config.kmk
r5689 r5703 245 245 # Enable Crossbow support for Solaris. 246 246 #VBOX_WITH_CROSSBOW = 1 247 # Enable setuid wrapper for Solaris. 248 #VBOX_WITH_SUID_WRAPPER = 1 247 249 248 250 trunk/src/VBox/Devices/Makefile.kmk
r5698 r5703 139 139 ifdef VBOX_WITH_CROSSBOW 140 140 VBoxDD_LIBS += dladm # or maybe try libdladm.so.1 ? 141 endif 142 ifdef VBOX_WITH_SUID_WRAPPER 143 VBoxDD_LIBS += secdb 141 144 endif 142 145 endif … … 527 530 Network/solaris 528 531 endif 532 ifdef VBOX_WITH_SUID_WRAPPER 533 Drivers_DEFS += VBOX_WITH_SUID_WRAPPER 534 endif 529 535 endif 530 536 trunk/src/VBox/Devices/Storage/DrvHostBase.cpp
r5215 r5703 948 948 static int drvHostBaseOpen(PDRVHOSTBASE pThis, PRTFILE pFileBlockDevice, PRTFILE pFileRawDevice, bool fReadOnly) 949 949 { 950 unsigned fFlags = ( pThis->fReadOnlyConfig? RTFILE_O_READ : RTFILE_O_READWRITE) | RTFILE_O_NON_BLOCK;950 unsigned fFlags = (fReadOnly ? RTFILE_O_READ : RTFILE_O_READWRITE) | RTFILE_O_NON_BLOCK; 951 951 int rc = RTFileOpen(pFileBlockDevice, pThis->pszDeviceOpen, fFlags); 952 952 if (RT_SUCCESS(rc)) … … 954 954 rc = RTFileOpen(pFileRawDevice, pThis->pszRawDeviceOpen, fFlags); 955 955 if (RT_FAILURE(rc)) 956 { 957 LogRel(("DVD: failed to open device %s\n", pThis->pszRawDeviceOpen)); 956 958 RTFileClose(*pFileBlockDevice); 957 } 959 } 960 } 961 else 962 LogRel(("DVD: failed to open device %s\n", pThis->pszRawDeviceOpen)); 958 963 return rc; 959 964 } trunk/src/VBox/Devices/Storage/DrvHostDVD.cpp
r5212 r5703 58 58 # include <pwd.h> 59 59 # include <unistd.h> 60 # include <auth_attr.h> 60 # include <syslog.h> 61 # ifdef VBOX_WITH_SUID_WRAPPER 62 # include <auth_attr.h> 63 # endif 61 64 # include <sys/dkio.h> 62 65 # include <sys/sockio.h> … … 89 92 90 93 static DECLCALLBACK(int) drvHostDvdDoLock(PDRVHOSTBASE pThis, bool fLock); 94 #ifdef VBOX_WITH_SUID_WRAPPER 95 static int solarisCheckUserAuth(); 96 static int solarisEnterRootMode(uid_t *pEffUserID); 97 static int solarisExitRootMode(uid_t *pEffUserID); 98 #endif 91 99 92 100 … … 508 516 509 517 /* We need root privileges for user-SCSI under Solaris. */ 518 #ifdef VBOX_WITH_SUID_WRAPPER 519 uid_t effUserID = geteuid(); 520 solarisEnterRootMode(&effUserID); /** @todo check return code when this really works. */ 521 #endif 510 522 rc = ioctl(pThis->FileRawDevice, USCSICMD, &usc); 523 #ifdef VBOX_WITH_SUID_WRAPPER 524 solarisExitRootMode(&effUserID); 525 #endif 511 526 if (rc < 0) 512 527 { … … 589 604 } 590 605 591 #if 0606 #ifdef VBOX_WITH_SUID_WRAPPER 592 607 /* These functions would have to go into a seperate solaris binary with 593 608 * the setuid permission set, which would run the user-SCSI ioctl and … … 616 631 * 617 632 * @returns VBox error code. 618 * @param pUserID Pointer to user ID.619 633 * @param pEffUserID Pointer to effective user ID. 620 634 */ 621 static int solarisEnterRootMode(uid_t *p UserID, uid_t *pEffUserID)635 static int solarisEnterRootMode(uid_t *pEffUserID) 622 636 { 623 637 /* Increase privilege if required */ 624 if (*pEffUserID == 0) 625 return VINF_SUCCESS; 626 else 638 if (*pEffUserID != 0) 627 639 { 628 640 if (seteuid(0) == 0) … … 631 643 return VINF_SUCCESS; 632 644 } 633 else634 return VERR_PERMISSION_DENIED;635 }645 return VERR_PERMISSION_DENIED; 646 } 647 return VINF_SUCCESS; 636 648 } 637 649 … … 640 652 * 641 653 * @returns VBox error code. 642 * @param pUserID Pointer to user ID.643 654 * @param pEffUserID Pointer to effective user ID. 644 655 */ 645 static int solarisExitRootMode(uid_t *p UserID, uid_t *pEffUserID)656 static int solarisExitRootMode(uid_t *pEffUserID) 646 657 { 647 658 /* Get back to user mode. */ 648 659 if (*pEffUserID == 0) 649 660 { 650 if (seteuid(*pUserID) == 0) 661 uid_t realID = getuid(); 662 if (seteuid(realID) == 0) 651 663 { 652 *pEffUserID = *pUserID; 653 return VINF_SUCCESS; 654 } 655 else 656 return VERR_PERMISSION_DENIED; 657 } 658 return VINF_SUCCESS; 659 } 660 661 /** 662 * Setuid wrapper to gain root access. 663 * 664 * @returns VBox error code. 665 * @param pUserID Pointer to user ID. 666 * @param pEffUserID Pointer to effective user ID. 667 */ 668 static int solarisEnterRootMode(uid_t *pUserID, uid_t *pEffUserID) 669 { 670 /* Increase privilege if required */ 671 if (*pEffUserID == 0) 672 return VINF_SUCCESS; 673 if (seteuid(0) == 0) 674 { 675 *pEffUserID = 0; 676 return VINF_SUCCESS; 677 } 678 return VERR_PERMISSION_DENIED; 679 } 680 681 /** 682 * Setuid wrapper to relinquish root access. 683 * 684 * @returns VBox error code. 685 * @param pUserID Pointer to user ID. 686 * @param pEffUserID Pointer to effective user ID. 687 */ 688 static int solarisExitRootMode(uid_t *pUserID, uid_t *pEffUserID) 689 { 690 /* Get back to user mode. */ 691 if (*pEffUserID == 0) 692 { 693 if (seteuid(*pUserID) == 0) 694 { 695 *pEffUserID = *pUserID; 664 *pEffUserID = realID; 696 665 return VINF_SUCCESS; 697 666 } … … 746 715 /* Passthrough requires opening the device in R/W mode. */ 747 716 pThis->fReadOnlyConfig = false; 717 # ifdef VBOX_WITH_SUID_WRAPPER /* Solaris setuid for Passthrough mode. */ 718 rc = solarisCheckUserAuth(); 719 if (VBOX_FAILURE(rc)) 720 { 721 Log(("DVD: solarisCheckUserAuth failed. Permission denied!\n")); 722 return rc; 723 } 724 # endif /* VBOX_WITH_SUID_WRAPPER */ 748 725 } 749 726 #endif /* !RT_OS_L4 */
