1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright (c) 2013, Ira Cooper.  All rights reserved.
  23  */
  24 /*
  25  * Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
  26  */
  27 
  28 /*      Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T     */
  29 /*        All Rights Reserved   */
  30 
  31 /*
  32  * University Copyright- Copyright (c) 1982, 1986, 1988
  33  * The Regents of the University of California
  34  * All Rights Reserved
  35  *
  36  * University Acknowledgment- Portions of this document are derived from
  37  * software developed by the University of California, Berkeley, and its
  38  * contributors.
  39  */
  40 
  41 #include <sys/types.h>
  42 #include <sys/sysmacros.h>
  43 #include <sys/param.h>
  44 #include <sys/systm.h>
  45 #include <sys/cred_impl.h>
  46 #include <sys/policy.h>
  47 #include <sys/vnode.h>
  48 #include <sys/errno.h>
  49 #include <sys/kmem.h>
  50 #include <sys/user.h>
  51 #include <sys/proc.h>
  52 #include <sys/syscall.h>
  53 #include <sys/debug.h>
  54 #include <sys/atomic.h>
  55 #include <sys/ucred.h>
  56 #include <sys/prsystm.h>
  57 #include <sys/modctl.h>
  58 #include <sys/avl.h>
  59 #include <sys/door.h>
  60 #include <c2/audit.h>
  61 #include <sys/zone.h>
  62 #include <sys/tsol/label.h>
  63 #include <sys/sid.h>
  64 #include <sys/idmap.h>
  65 #include <sys/klpd.h>
  66 #include <sys/varargs.h>
  67 #include <sys/sysconf.h>
  68 #include <util/qsort.h>
  69 
  70 
  71 /* Ephemeral IDs Zones specific data */
  72 typedef struct ephemeral_zsd {
  73         uid_t           min_uid;
  74         uid_t           last_uid;
  75         gid_t           min_gid;
  76         gid_t           last_gid;
  77         kmutex_t        eph_lock;
  78         cred_t          *eph_nobody;
  79 } ephemeral_zsd_t;
  80 
  81 static void crgrphold(credgrp_t *);
  82 
  83 #define CREDGRPSZ(ngrp) (sizeof (credgrp_t) + ((ngrp - 1) * sizeof (gid_t)))
  84 
  85 static kmutex_t         ephemeral_zone_mutex;
  86 static zone_key_t       ephemeral_zone_key;
  87 
  88 static struct kmem_cache *cred_cache;
  89 static size_t           crsize = 0;
  90 static int              audoff = 0;
  91 uint32_t                ucredsize;
  92 cred_t                  *kcred;
  93 static cred_t           *dummycr;
  94 
  95 int rstlink;            /* link(2) restricted to files owned by user? */
  96 
  97 static int get_c2audit_load(void);
  98 
  99 #define CR_AUINFO(c)    (auditinfo_addr_t *)((audoff == 0) ? NULL : \
 100                             ((char *)(c)) + audoff)
 101 
 102 #define REMOTE_PEER_CRED(c)     ((c)->cr_gid == -1)
 103 
 104 #define BIN_GROUP_SEARCH_CUTOFF 16
 105 
 106 static boolean_t hasephids = B_FALSE;
 107 
 108 static ephemeral_zsd_t *
 109 get_ephemeral_zsd(zone_t *zone)
 110 {
 111         ephemeral_zsd_t *eph_zsd;
 112 
 113         eph_zsd = zone_getspecific(ephemeral_zone_key, zone);
 114         if (eph_zsd != NULL) {
 115                 return (eph_zsd);
 116         }
 117 
 118         mutex_enter(&ephemeral_zone_mutex);
 119         eph_zsd = zone_getspecific(ephemeral_zone_key, zone);
 120         if (eph_zsd == NULL) {
 121                 eph_zsd = kmem_zalloc(sizeof (ephemeral_zsd_t), KM_SLEEP);
 122                 eph_zsd->min_uid = MAXUID;
 123                 eph_zsd->last_uid = IDMAP_WK__MAX_UID;
 124                 eph_zsd->min_gid = MAXUID;
 125                 eph_zsd->last_gid = IDMAP_WK__MAX_GID;
 126                 mutex_init(&eph_zsd->eph_lock, NULL, MUTEX_DEFAULT, NULL);
 127 
 128                 /*
 129                  * nobody is used to map SID containing CRs.
 130                  */
 131                 eph_zsd->eph_nobody = crdup(zone->zone_kcred);
 132                 (void) crsetugid(eph_zsd->eph_nobody, UID_NOBODY, GID_NOBODY);
 133                 CR_FLAGS(eph_zsd->eph_nobody) = 0;
 134                 eph_zsd->eph_nobody->cr_zone = zone;
 135 
 136                 (void) zone_setspecific(ephemeral_zone_key, zone, eph_zsd);
 137         }
 138         mutex_exit(&ephemeral_zone_mutex);
 139         return (eph_zsd);
 140 }
 141 
 142 static cred_t *crdup_flags(const cred_t *, int);
 143 static cred_t *cralloc_flags(int);
 144 
 145 /*
 146  * This function is called when a zone is destroyed
 147  */
 148 static void
 149 /* ARGSUSED */
 150 destroy_ephemeral_zsd(zoneid_t zone_id, void *arg)
 151 {
 152         ephemeral_zsd_t *eph_zsd = arg;
 153         if (eph_zsd != NULL) {
 154                 mutex_destroy(&eph_zsd->eph_lock);
 155                 crfree(eph_zsd->eph_nobody);
 156                 kmem_free(eph_zsd, sizeof (ephemeral_zsd_t));
 157         }
 158 }
 159 
 160 
 161 
 162 /*
 163  * Initialize credentials data structures.
 164  */
 165 
 166 void
 167 cred_init(void)
 168 {
 169         priv_init();
 170 
 171         crsize = sizeof (cred_t);
 172 
 173         if (get_c2audit_load() > 0) {
 174 #ifdef _LP64
 175                 /* assure audit context is 64-bit aligned */
 176                 audoff = (crsize +
 177                     sizeof (int64_t) - 1) & ~(sizeof (int64_t) - 1);
 178 #else   /* _LP64 */
 179                 audoff = crsize;
 180 #endif  /* _LP64 */
 181                 crsize = audoff + sizeof (auditinfo_addr_t);
 182                 crsize = (crsize + sizeof (int) - 1) & ~(sizeof (int) - 1);
 183         }
 184 
 185         cred_cache = kmem_cache_create("cred_cache", crsize, 0,
 186             NULL, NULL, NULL, NULL, NULL, 0);
 187 
 188         /*
 189          * dummycr is used to copy initial state for creds.
 190          */
 191         dummycr = cralloc();
 192         bzero(dummycr, crsize);
 193         dummycr->cr_ref = 1;
 194         dummycr->cr_uid = (uid_t)-1;
 195         dummycr->cr_gid = (gid_t)-1;
 196         dummycr->cr_ruid = (uid_t)-1;
 197         dummycr->cr_rgid = (gid_t)-1;
 198         dummycr->cr_suid = (uid_t)-1;
 199         dummycr->cr_sgid = (gid_t)-1;
 200 
 201 
 202         /*
 203          * kcred is used by anything that needs all privileges; it's
 204          * also the template used for crget as it has all the compatible
 205          * sets filled in.
 206          */
 207         kcred = cralloc();
 208 
 209         bzero(kcred, crsize);
 210         kcred->cr_ref = 1;
 211 
 212         /* kcred is never freed, so we don't need zone_cred_hold here */
 213         kcred->cr_zone = &zone0;
 214 
 215         priv_fillset(&CR_LPRIV(kcred));
 216         CR_IPRIV(kcred) = *priv_basic;
 217 
 218         /* Not a basic privilege, if chown is not restricted add it to I0 */
 219         if (!rstchown)
 220                 priv_addset(&CR_IPRIV(kcred), PRIV_FILE_CHOWN_SELF);
 221 
 222         /* Basic privilege, if link is restricted remove it from I0 */
 223         if (rstlink)
 224                 priv_delset(&CR_IPRIV(kcred), PRIV_FILE_LINK_ANY);
 225 
 226         CR_EPRIV(kcred) = CR_PPRIV(kcred) = CR_IPRIV(kcred);
 227 
 228         CR_FLAGS(kcred) = NET_MAC_AWARE;
 229 
 230         /*
 231          * Set up credentials of p0.
 232          */
 233         ttoproc(curthread)->p_cred = kcred;
 234         curthread->t_cred = kcred;
 235 
 236         ucredsize = UCRED_SIZE;
 237 
 238         mutex_init(&ephemeral_zone_mutex, NULL, MUTEX_DEFAULT, NULL);
 239         zone_key_create(&ephemeral_zone_key, NULL, NULL, destroy_ephemeral_zsd);
 240 }
 241 
 242 /*
 243  * Allocate (nearly) uninitialized cred_t.
 244  */
 245 static cred_t *
 246 cralloc_flags(int flgs)
 247 {
 248         cred_t *cr = kmem_cache_alloc(cred_cache, flgs);
 249 
 250         if (cr == NULL)
 251                 return (NULL);
 252 
 253         cr->cr_ref = 1;              /* So we can crfree() */
 254         cr->cr_zone = NULL;
 255         cr->cr_label = NULL;
 256         cr->cr_ksid = NULL;
 257         cr->cr_klpd = NULL;
 258         cr->cr_grps = NULL;
 259         return (cr);
 260 }
 261 
 262 cred_t *
 263 cralloc(void)
 264 {
 265         return (cralloc_flags(KM_SLEEP));
 266 }
 267 
 268 /*
 269  * As cralloc but prepared for ksid change (if appropriate).
 270  */
 271 cred_t *
 272 cralloc_ksid(void)
 273 {
 274         cred_t *cr = cralloc();
 275         if (hasephids)
 276                 cr->cr_ksid = kcrsid_alloc();
 277         return (cr);
 278 }
 279 
 280 /*
 281  * Allocate a initialized cred structure and crhold() it.
 282  * Initialized means: all ids 0, group count 0, L=Full, E=P=I=I0
 283  */
 284 cred_t *
 285 crget(void)
 286 {
 287         cred_t *cr = kmem_cache_alloc(cred_cache, KM_SLEEP);
 288 
 289         bcopy(kcred, cr, crsize);
 290         cr->cr_ref = 1;
 291         zone_cred_hold(cr->cr_zone);
 292         if (cr->cr_label)
 293                 label_hold(cr->cr_label);
 294         ASSERT(cr->cr_klpd == NULL);
 295         ASSERT(cr->cr_grps == NULL);
 296         return (cr);
 297 }
 298 
 299 /*
 300  * Broadcast the cred to all the threads in the process.
 301  * The current thread's credentials can be set right away, but other
 302  * threads must wait until the start of the next system call or trap.
 303  * This avoids changing the cred in the middle of a system call.
 304  *
 305  * The cred has already been held for the process and the thread (2 holds),
 306  * and p->p_cred set.
 307  *
 308  * p->p_crlock shouldn't be held here, since p_lock must be acquired.
 309  */
 310 void
 311 crset(proc_t *p, cred_t *cr)
 312 {
 313         kthread_id_t    t;
 314         kthread_id_t    first;
 315         cred_t *oldcr;
 316 
 317         ASSERT(p == curproc);   /* assumes p_lwpcnt can't change */
 318 
 319         /*
 320          * DTrace accesses t_cred in probe context.  t_cred must always be
 321          * either NULL, or point to a valid, allocated cred structure.
 322          */
 323         t = curthread;
 324         oldcr = t->t_cred;
 325         t->t_cred = cr;              /* the cred is held by caller for this thread */
 326         crfree(oldcr);          /* free the old cred for the thread */
 327 
 328         /*
 329          * Broadcast to other threads, if any.
 330          */
 331         if (p->p_lwpcnt > 1) {
 332                 mutex_enter(&p->p_lock); /* to keep thread list safe */
 333                 first = curthread;
 334                 for (t = first->t_forw; t != first; t = t->t_forw)
 335                         t->t_pre_sys = 1; /* so syscall will get new cred */
 336                 mutex_exit(&p->p_lock);
 337         }
 338 }
 339 
 340 /*
 341  * Put a hold on a cred structure.
 342  */
 343 void
 344 crhold(cred_t *cr)
 345 {
 346         ASSERT(cr->cr_ref != 0xdeadbeef && cr->cr_ref != 0);
 347         atomic_inc_32(&cr->cr_ref);
 348 }
 349 
 350 /*
 351  * Release previous hold on a cred structure.  Free it if refcnt == 0.
 352  * If cred uses label different from zone label, free it.
 353  */
 354 void
 355 crfree(cred_t *cr)
 356 {
 357         ASSERT(cr->cr_ref != 0xdeadbeef && cr->cr_ref != 0);
 358         if (atomic_dec_32_nv(&cr->cr_ref) == 0) {
 359                 ASSERT(cr != kcred);
 360                 if (cr->cr_label)
 361                         label_rele(cr->cr_label);
 362                 if (cr->cr_klpd)
 363                         crklpd_rele(cr->cr_klpd);
 364                 if (cr->cr_zone)
 365                         zone_cred_rele(cr->cr_zone);
 366                 if (cr->cr_ksid)
 367                         kcrsid_rele(cr->cr_ksid);
 368                 if (cr->cr_grps)
 369                         crgrprele(cr->cr_grps);
 370 
 371                 kmem_cache_free(cred_cache, cr);
 372         }
 373 }
 374 
 375 /*
 376  * Copy a cred structure to a new one and free the old one.
 377  *      The new cred will have two references.  One for the calling process,
 378  *      and one for the thread.
 379  */
 380 cred_t *
 381 crcopy(cred_t *cr)
 382 {
 383         cred_t *newcr;
 384 
 385         newcr = cralloc();
 386         bcopy(cr, newcr, crsize);
 387         if (newcr->cr_zone)
 388                 zone_cred_hold(newcr->cr_zone);
 389         if (newcr->cr_label)
 390                 label_hold(newcr->cr_label);
 391         if (newcr->cr_ksid)
 392                 kcrsid_hold(newcr->cr_ksid);
 393         if (newcr->cr_klpd)
 394                 crklpd_hold(newcr->cr_klpd);
 395         if (newcr->cr_grps)
 396                 crgrphold(newcr->cr_grps);
 397         crfree(cr);
 398         newcr->cr_ref = 2;           /* caller gets two references */
 399         return (newcr);
 400 }
 401 
 402 /*
 403  * Copy a cred structure to a new one and free the old one.
 404  *      The new cred will have two references.  One for the calling process,
 405  *      and one for the thread.
 406  * This variation on crcopy uses a pre-allocated structure for the
 407  * "new" cred.
 408  */
 409 void
 410 crcopy_to(cred_t *oldcr, cred_t *newcr)
 411 {
 412         credsid_t *nkcr = newcr->cr_ksid;
 413 
 414         bcopy(oldcr, newcr, crsize);
 415         if (newcr->cr_zone)
 416                 zone_cred_hold(newcr->cr_zone);
 417         if (newcr->cr_label)
 418                 label_hold(newcr->cr_label);
 419         if (newcr->cr_klpd)
 420                 crklpd_hold(newcr->cr_klpd);
 421         if (newcr->cr_grps)
 422                 crgrphold(newcr->cr_grps);
 423         if (nkcr) {
 424                 newcr->cr_ksid = nkcr;
 425                 kcrsidcopy_to(oldcr->cr_ksid, newcr->cr_ksid);
 426         } else if (newcr->cr_ksid)
 427                 kcrsid_hold(newcr->cr_ksid);
 428         crfree(oldcr);
 429         newcr->cr_ref = 2;           /* caller gets two references */
 430 }
 431 
 432 /*
 433  * Dup a cred struct to a new held one.
 434  *      The old cred is not freed.
 435  */
 436 static cred_t *
 437 crdup_flags(const cred_t *cr, int flgs)
 438 {
 439         cred_t *newcr;
 440 
 441         newcr = cralloc_flags(flgs);
 442 
 443         if (newcr == NULL)
 444                 return (NULL);
 445 
 446         bcopy(cr, newcr, crsize);
 447         if (newcr->cr_zone)
 448                 zone_cred_hold(newcr->cr_zone);
 449         if (newcr->cr_label)
 450                 label_hold(newcr->cr_label);
 451         if (newcr->cr_klpd)
 452                 crklpd_hold(newcr->cr_klpd);
 453         if (newcr->cr_ksid)
 454                 kcrsid_hold(newcr->cr_ksid);
 455         if (newcr->cr_grps)
 456                 crgrphold(newcr->cr_grps);
 457         newcr->cr_ref = 1;
 458         return (newcr);
 459 }
 460 
 461 cred_t *
 462 crdup(cred_t *cr)
 463 {
 464         return (crdup_flags(cr, KM_SLEEP));
 465 }
 466 
 467 /*
 468  * Dup a cred struct to a new held one.
 469  *      The old cred is not freed.
 470  * This variation on crdup uses a pre-allocated structure for the
 471  * "new" cred.
 472  */
 473 void
 474 crdup_to(cred_t *oldcr, cred_t *newcr)
 475 {
 476         credsid_t *nkcr = newcr->cr_ksid;
 477 
 478         bcopy(oldcr, newcr, crsize);
 479         if (newcr->cr_zone)
 480                 zone_cred_hold(newcr->cr_zone);
 481         if (newcr->cr_label)
 482                 label_hold(newcr->cr_label);
 483         if (newcr->cr_klpd)
 484                 crklpd_hold(newcr->cr_klpd);
 485         if (newcr->cr_grps)
 486                 crgrphold(newcr->cr_grps);
 487         if (nkcr) {
 488                 newcr->cr_ksid = nkcr;
 489                 kcrsidcopy_to(oldcr->cr_ksid, newcr->cr_ksid);
 490         } else if (newcr->cr_ksid)
 491                 kcrsid_hold(newcr->cr_ksid);
 492         newcr->cr_ref = 1;
 493 }
 494 
 495 /*
 496  * Return the (held) credentials for the current running process.
 497  */
 498 cred_t *
 499 crgetcred(void)
 500 {
 501         cred_t *cr;
 502         proc_t *p;
 503 
 504         p = ttoproc(curthread);
 505         mutex_enter(&p->p_crlock);
 506         crhold(cr = p->p_cred);
 507         mutex_exit(&p->p_crlock);
 508         return (cr);
 509 }
 510 
 511 /*
 512  * Backward compatibility check for suser().
 513  * Accounting flag is now set in the policy functions; auditing is
 514  * done through use of privilege in the audit trail.
 515  */
 516 int
 517 suser(cred_t *cr)
 518 {
 519         return (PRIV_POLICY(cr, PRIV_SYS_SUSER_COMPAT, B_FALSE, EPERM, NULL)
 520             == 0);
 521 }
 522 
 523 /*
 524  * Determine whether the supplied group id is a member of the group
 525  * described by the supplied credentials.
 526  */
 527 int
 528 groupmember(gid_t gid, const cred_t *cr)
 529 {
 530         if (gid == cr->cr_gid)
 531                 return (1);
 532         return (supgroupmember(gid, cr));
 533 }
 534 
 535 /*
 536  * As groupmember but only check against the supplemental groups.
 537  */
 538 int
 539 supgroupmember(gid_t gid, const cred_t *cr)
 540 {
 541         int hi, lo;
 542         credgrp_t *grps = cr->cr_grps;
 543         const gid_t *gp, *endgp;
 544 
 545         if (grps == NULL)
 546                 return (0);
 547 
 548         /* For a small number of groups, use sequentials search. */
 549         if (grps->crg_ngroups <= BIN_GROUP_SEARCH_CUTOFF) {
 550                 endgp = &grps->crg_groups[grps->crg_ngroups];
 551                 for (gp = grps->crg_groups; gp < endgp; gp++)
 552                         if (*gp == gid)
 553                                 return (1);
 554                 return (0);
 555         }
 556 
 557         /* We use binary search when we have many groups. */
 558         lo = 0;
 559         hi = grps->crg_ngroups - 1;
 560         gp = grps->crg_groups;
 561 
 562         do {
 563                 int m = (lo + hi) / 2;
 564 
 565                 if (gid > gp[m])
 566                         lo = m + 1;
 567                 else if (gid < gp[m])
 568                         hi = m - 1;
 569                 else
 570                         return (1);
 571         } while (lo <= hi);
 572 
 573         return (0);
 574 }
 575 
 576 /*
 577  * This function is called to check whether the credentials set
 578  * "scrp" has permission to act on credentials set "tcrp".  It enforces the
 579  * permission requirements needed to send a signal to a process.
 580  * The same requirements are imposed by other system calls, however.
 581  *
 582  * The rules are:
 583  * (1) if the credentials are the same, the check succeeds
 584  * (2) if the zone ids don't match, and scrp is not in the global zone or
 585  *     does not have the PRIV_PROC_ZONE privilege, the check fails
 586  * (3) if the real or effective user id of scrp matches the real or saved
 587  *     user id of tcrp or scrp has the PRIV_PROC_OWNER privilege, the check
 588  *     succeeds
 589  * (4) otherwise, the check fails
 590  */
 591 int
 592 hasprocperm(const cred_t *tcrp, const cred_t *scrp)
 593 {
 594         if (scrp == tcrp)
 595                 return (1);
 596         if (scrp->cr_zone != tcrp->cr_zone &&
 597             (scrp->cr_zone != global_zone ||
 598             secpolicy_proc_zone(scrp) != 0))
 599                 return (0);
 600         if (scrp->cr_uid == tcrp->cr_ruid ||
 601             scrp->cr_ruid == tcrp->cr_ruid ||
 602             scrp->cr_uid  == tcrp->cr_suid ||
 603             scrp->cr_ruid == tcrp->cr_suid ||
 604             !PRIV_POLICY(scrp, PRIV_PROC_OWNER, B_FALSE, EPERM, "hasprocperm"))
 605                 return (1);
 606         return (0);
 607 }
 608 
 609 /*
 610  * This interface replaces hasprocperm; it works like hasprocperm but
 611  * additionally returns success if the proc_t's match
 612  * It is the preferred interface for most uses.
 613  * And it will acquire p_crlock itself, so it assert's that it shouldn't
 614  * be held.
 615  */
 616 int
 617 prochasprocperm(proc_t *tp, proc_t *sp, const cred_t *scrp)
 618 {
 619         int rets;
 620         cred_t *tcrp;
 621 
 622         ASSERT(MUTEX_NOT_HELD(&tp->p_crlock));
 623 
 624         if (tp == sp)
 625                 return (1);
 626 
 627         if (tp->p_sessp != sp->p_sessp && secpolicy_basic_proc(scrp) != 0)
 628                 return (0);
 629 
 630         mutex_enter(&tp->p_crlock);
 631         crhold(tcrp = tp->p_cred);
 632         mutex_exit(&tp->p_crlock);
 633         rets = hasprocperm(tcrp, scrp);
 634         crfree(tcrp);
 635 
 636         return (rets);
 637 }
 638 
 639 /*
 640  * This routine is used to compare two credentials to determine if
 641  * they refer to the same "user".  If the pointers are equal, then
 642  * they must refer to the same user.  Otherwise, the contents of
 643  * the credentials are compared to see whether they are equivalent.
 644  *
 645  * This routine returns 0 if the credentials refer to the same user,
 646  * 1 if they do not.
 647  */
 648 int
 649 crcmp(const cred_t *cr1, const cred_t *cr2)
 650 {
 651         credgrp_t *grp1, *grp2;
 652 
 653         if (cr1 == cr2)
 654                 return (0);
 655 
 656         if (cr1->cr_uid == cr2->cr_uid &&
 657             cr1->cr_gid == cr2->cr_gid &&
 658             cr1->cr_ruid == cr2->cr_ruid &&
 659             cr1->cr_rgid == cr2->cr_rgid &&
 660             cr1->cr_zone == cr2->cr_zone &&
 661             ((grp1 = cr1->cr_grps) == (grp2 = cr2->cr_grps) ||
 662             (grp1 != NULL && grp2 != NULL &&
 663             grp1->crg_ngroups == grp2->crg_ngroups &&
 664             bcmp(grp1->crg_groups, grp2->crg_groups,
 665             grp1->crg_ngroups * sizeof (gid_t)) == 0))) {
 666                 return (!priv_isequalset(&CR_OEPRIV(cr1), &CR_OEPRIV(cr2)));
 667         }
 668         return (1);
 669 }
 670 
 671 /*
 672  * Read access functions to cred_t.
 673  */
 674 uid_t
 675 crgetuid(const cred_t *cr)
 676 {
 677         return (cr->cr_uid);
 678 }
 679 
 680 uid_t
 681 crgetruid(const cred_t *cr)
 682 {
 683         return (cr->cr_ruid);
 684 }
 685 
 686 uid_t
 687 crgetsuid(const cred_t *cr)
 688 {
 689         return (cr->cr_suid);
 690 }
 691 
 692 gid_t
 693 crgetgid(const cred_t *cr)
 694 {
 695         return (cr->cr_gid);
 696 }
 697 
 698 gid_t
 699 crgetrgid(const cred_t *cr)
 700 {
 701         return (cr->cr_rgid);
 702 }
 703 
 704 gid_t
 705 crgetsgid(const cred_t *cr)
 706 {
 707         return (cr->cr_sgid);
 708 }
 709 
 710 const auditinfo_addr_t *
 711 crgetauinfo(const cred_t *cr)
 712 {
 713         return ((const auditinfo_addr_t *)CR_AUINFO(cr));
 714 }
 715 
 716 auditinfo_addr_t *
 717 crgetauinfo_modifiable(cred_t *cr)
 718 {
 719         return (CR_AUINFO(cr));
 720 }
 721 
 722 zoneid_t
 723 crgetzoneid(const cred_t *cr)
 724 {
 725         return (cr->cr_zone == NULL ?
 726             (cr->cr_uid == -1 ? (zoneid_t)-1 : GLOBAL_ZONEID) :
 727             cr->cr_zone->zone_id);
 728 }
 729 
 730 projid_t
 731 crgetprojid(const cred_t *cr)
 732 {
 733         return (cr->cr_projid);
 734 }
 735 
 736 zone_t *
 737 crgetzone(const cred_t *cr)
 738 {
 739         return (cr->cr_zone);
 740 }
 741 
 742 struct ts_label_s *
 743 crgetlabel(const cred_t *cr)
 744 {
 745         return (cr->cr_label ?
 746             cr->cr_label :
 747             (cr->cr_zone ? cr->cr_zone->zone_slabel : NULL));
 748 }
 749 
 750 boolean_t
 751 crisremote(const cred_t *cr)
 752 {
 753         return (REMOTE_PEER_CRED(cr));
 754 }
 755 
 756 #define BADUID(x, zn)   ((x) != -1 && !VALID_UID((x), (zn)))
 757 #define BADGID(x, zn)   ((x) != -1 && !VALID_GID((x), (zn)))
 758 
 759 int
 760 crsetresuid(cred_t *cr, uid_t r, uid_t e, uid_t s)
 761 {
 762         zone_t  *zone = crgetzone(cr);
 763 
 764         ASSERT(cr->cr_ref <= 2);
 765 
 766         if (BADUID(r, zone) || BADUID(e, zone) || BADUID(s, zone))
 767                 return (-1);
 768 
 769         if (r != -1)
 770                 cr->cr_ruid = r;
 771         if (e != -1)
 772                 cr->cr_uid = e;
 773         if (s != -1)
 774                 cr->cr_suid = s;
 775 
 776         return (0);
 777 }
 778 
 779 int
 780 crsetresgid(cred_t *cr, gid_t r, gid_t e, gid_t s)
 781 {
 782         zone_t  *zone = crgetzone(cr);
 783 
 784         ASSERT(cr->cr_ref <= 2);
 785 
 786         if (BADGID(r, zone) || BADGID(e, zone) || BADGID(s, zone))
 787                 return (-1);
 788 
 789         if (r != -1)
 790                 cr->cr_rgid = r;
 791         if (e != -1)
 792                 cr->cr_gid = e;
 793         if (s != -1)
 794                 cr->cr_sgid = s;
 795 
 796         return (0);
 797 }
 798 
 799 int
 800 crsetugid(cred_t *cr, uid_t uid, gid_t gid)
 801 {
 802         zone_t  *zone = crgetzone(cr);
 803 
 804         ASSERT(cr->cr_ref <= 2);
 805 
 806         if (!VALID_UID(uid, zone) || !VALID_GID(gid, zone))
 807                 return (-1);
 808 
 809         cr->cr_uid = cr->cr_ruid = cr->cr_suid = uid;
 810         cr->cr_gid = cr->cr_rgid = cr->cr_sgid = gid;
 811 
 812         return (0);
 813 }
 814 
 815 static int
 816 gidcmp(const void *v1, const void *v2)
 817 {
 818         gid_t g1 = *(gid_t *)v1;
 819         gid_t g2 = *(gid_t *)v2;
 820 
 821         if (g1 < g2)
 822                 return (-1);
 823         else if (g1 > g2)
 824                 return (1);
 825         else
 826                 return (0);
 827 }
 828 
 829 int
 830 crsetgroups(cred_t *cr, int n, gid_t *grp)
 831 {
 832         ASSERT(cr->cr_ref <= 2);
 833 
 834         if (n > ngroups_max || n < 0)
 835                 return (-1);
 836 
 837         if (cr->cr_grps != NULL)
 838                 crgrprele(cr->cr_grps);
 839 
 840         if (n > 0) {
 841                 cr->cr_grps = kmem_alloc(CREDGRPSZ(n), KM_SLEEP);
 842                 bcopy(grp, cr->cr_grps->crg_groups, n * sizeof (gid_t));
 843                 cr->cr_grps->crg_ref = 1;
 844                 cr->cr_grps->crg_ngroups = n;
 845                 qsort(cr->cr_grps->crg_groups, n, sizeof (gid_t), gidcmp);
 846         } else {
 847                 cr->cr_grps = NULL;
 848         }
 849 
 850         return (0);
 851 }
 852 
 853 void
 854 crsetprojid(cred_t *cr, projid_t projid)
 855 {
 856         ASSERT(projid >= 0 && projid <= MAXPROJID);
 857         cr->cr_projid = projid;
 858 }
 859 
 860 /*
 861  * This routine returns the pointer to the first element of the crg_groups
 862  * array.  It can move around in an implementation defined way.
 863  * Note that when we have no grouplist, we return one element but the
 864  * caller should never reference it.
 865  */
 866 const gid_t *
 867 crgetgroups(const cred_t *cr)
 868 {
 869         return (cr->cr_grps == NULL ? &cr->cr_gid : cr->cr_grps->crg_groups);
 870 }
 871 
 872 int
 873 crgetngroups(const cred_t *cr)
 874 {
 875         return (cr->cr_grps == NULL ? 0 : cr->cr_grps->crg_ngroups);
 876 }
 877 
 878 void
 879 cred2prcred(const cred_t *cr, prcred_t *pcrp)
 880 {
 881         pcrp->pr_euid = cr->cr_uid;
 882         pcrp->pr_ruid = cr->cr_ruid;
 883         pcrp->pr_suid = cr->cr_suid;
 884         pcrp->pr_egid = cr->cr_gid;
 885         pcrp->pr_rgid = cr->cr_rgid;
 886         pcrp->pr_sgid = cr->cr_sgid;
 887         pcrp->pr_groups[0] = 0; /* in case ngroups == 0 */
 888         pcrp->pr_ngroups = cr->cr_grps == NULL ? 0 : cr->cr_grps->crg_ngroups;
 889 
 890         if (pcrp->pr_ngroups != 0)
 891                 bcopy(cr->cr_grps->crg_groups, pcrp->pr_groups,
 892                     sizeof (gid_t) * pcrp->pr_ngroups);
 893 }
 894 
 895 static int
 896 cred2ucaud(const cred_t *cr, auditinfo64_addr_t *ainfo, const cred_t *rcr)
 897 {
 898         auditinfo_addr_t        *ai;
 899         au_tid_addr_t   tid;
 900 
 901         if (secpolicy_audit_getattr(rcr, B_TRUE) != 0)
 902                 return (-1);
 903 
 904         ai = CR_AUINFO(cr);     /* caller makes sure this is non-NULL */
 905         tid = ai->ai_termid;
 906 
 907         ainfo->ai_auid = ai->ai_auid;
 908         ainfo->ai_mask = ai->ai_mask;
 909         ainfo->ai_asid = ai->ai_asid;
 910 
 911         ainfo->ai_termid.at_type = tid.at_type;
 912         bcopy(&tid.at_addr, &ainfo->ai_termid.at_addr, 4 * sizeof (uint_t));
 913 
 914         ainfo->ai_termid.at_port.at_major = (uint32_t)getmajor(tid.at_port);
 915         ainfo->ai_termid.at_port.at_minor = (uint32_t)getminor(tid.at_port);
 916 
 917         return (0);
 918 }
 919 
 920 void
 921 cred2uclabel(const cred_t *cr, bslabel_t *labelp)
 922 {
 923         ts_label_t      *tslp;
 924 
 925         if ((tslp = crgetlabel(cr)) != NULL)
 926                 bcopy(&tslp->tsl_label, labelp, sizeof (bslabel_t));
 927 }
 928 
 929 /*
 930  * Convert a credential into a "ucred".  Allow the caller to specify
 931  * and aligned buffer, e.g., in an mblk, so we don't have to allocate
 932  * memory and copy it twice.
 933  *
 934  * This function may call cred2ucaud(), which calls CRED(). Since this
 935  * can be called from an interrupt thread, receiver's cred (rcr) is needed
 936  * to determine whether audit info should be included.
 937  */
 938 struct ucred_s *
 939 cred2ucred(const cred_t *cr, pid_t pid, void *buf, const cred_t *rcr)
 940 {
 941         struct ucred_s *uc;
 942         uint32_t realsz = ucredminsize(cr);
 943         ts_label_t *tslp = is_system_labeled() ? crgetlabel(cr) : NULL;
 944 
 945         /* The structure isn't always completely filled in, so zero it */
 946         if (buf == NULL) {
 947                 uc = kmem_zalloc(realsz, KM_SLEEP);
 948         } else {
 949                 bzero(buf, realsz);
 950                 uc = buf;
 951         }
 952         uc->uc_size = realsz;
 953         uc->uc_pid = pid;
 954         uc->uc_projid = cr->cr_projid;
 955         uc->uc_zoneid = crgetzoneid(cr);
 956 
 957         if (REMOTE_PEER_CRED(cr)) {
 958                 /*
 959                  * Other than label, the rest of cred info about a
 960                  * remote peer isn't available. Copy the label directly
 961                  * after the header where we generally copy the prcred.
 962                  * That's why we use sizeof (struct ucred_s).  The other
 963                  * offset fields are initialized to 0.
 964                  */
 965                 uc->uc_labeloff = tslp == NULL ? 0 : sizeof (struct ucred_s);
 966         } else {
 967                 uc->uc_credoff = UCRED_CRED_OFF;
 968                 uc->uc_privoff = UCRED_PRIV_OFF;
 969                 uc->uc_audoff = UCRED_AUD_OFF;
 970                 uc->uc_labeloff = tslp == NULL ? 0 : UCRED_LABEL_OFF;
 971 
 972                 cred2prcred(cr, UCCRED(uc));
 973                 cred2prpriv(cr, UCPRIV(uc));
 974 
 975                 if (audoff == 0 || cred2ucaud(cr, UCAUD(uc), rcr) != 0)
 976                         uc->uc_audoff = 0;
 977         }
 978         if (tslp != NULL)
 979                 bcopy(&tslp->tsl_label, UCLABEL(uc), sizeof (bslabel_t));
 980 
 981         return (uc);
 982 }
 983 
 984 /*
 985  * Don't allocate the non-needed group entries.  Note: this function
 986  * must match the code in cred2ucred; they must agree about the
 987  * minimal size of the ucred.
 988  */
 989 uint32_t
 990 ucredminsize(const cred_t *cr)
 991 {
 992         int ndiff;
 993 
 994         if (cr == NULL)
 995                 return (ucredsize);
 996 
 997         if (REMOTE_PEER_CRED(cr)) {
 998                 if (is_system_labeled())
 999                         return (sizeof (struct ucred_s) + sizeof (bslabel_t));
1000                 else
1001                         return (sizeof (struct ucred_s));
1002         }
1003 
1004         if (cr->cr_grps == NULL)
1005                 ndiff = ngroups_max - 1;        /* Needs one for prcred_t */
1006         else
1007                 ndiff = ngroups_max - cr->cr_grps->crg_ngroups;
1008 
1009         return (ucredsize - ndiff * sizeof (gid_t));
1010 }
1011 
1012 /*
1013  * Get the "ucred" of a process.
1014  */
1015 struct ucred_s *
1016 pgetucred(proc_t *p)
1017 {
1018         cred_t *cr;
1019         struct ucred_s *uc;
1020 
1021         mutex_enter(&p->p_crlock);
1022         cr = p->p_cred;
1023         crhold(cr);
1024         mutex_exit(&p->p_crlock);
1025 
1026         uc = cred2ucred(cr, p->p_pid, NULL, CRED());
1027         crfree(cr);
1028 
1029         return (uc);
1030 }
1031 
1032 /*
1033  * If the reply status is NFSERR_EACCES, it may be because we are
1034  * root (no root net access).  Check the real uid, if it isn't root
1035  * make that the uid instead and retry the call.
1036  * Private interface for NFS.
1037  */
1038 cred_t *
1039 crnetadjust(cred_t *cr)
1040 {
1041         if (cr->cr_uid == 0 && cr->cr_ruid != 0) {
1042                 cr = crdup(cr);
1043                 cr->cr_uid = cr->cr_ruid;
1044                 return (cr);
1045         }
1046         return (NULL);
1047 }
1048 
1049 /*
1050  * The reference count is of interest when you want to check
1051  * whether it is ok to modify the credential in place.
1052  */
1053 uint_t
1054 crgetref(const cred_t *cr)
1055 {
1056         return (cr->cr_ref);
1057 }
1058 
1059 static int
1060 get_c2audit_load(void)
1061 {
1062         static int      gotit = 0;
1063         static int      c2audit_load;
1064 
1065         if (gotit)
1066                 return (c2audit_load);
1067         c2audit_load = 1;               /* set default value once */
1068         if (mod_sysctl(SYS_CHECK_EXCLUDE, "c2audit") != 0)
1069                 c2audit_load = 0;
1070         gotit++;
1071 
1072         return (c2audit_load);
1073 }
1074 
1075 int
1076 get_audit_ucrsize(void)
1077 {
1078         return (get_c2audit_load() ? sizeof (auditinfo64_addr_t) : 0);
1079 }
1080 
1081 /*
1082  * Set zone pointer in credential to indicated value.  First adds a
1083  * hold for the new zone, then drops the hold on previous zone (if any).
1084  * This is done in this order in case the old and new zones are the
1085  * same.
1086  */
1087 void
1088 crsetzone(cred_t *cr, zone_t *zptr)
1089 {
1090         zone_t *oldzptr = cr->cr_zone;
1091 
1092         ASSERT(cr != kcred);
1093         ASSERT(cr->cr_ref <= 2);
1094         cr->cr_zone = zptr;
1095         zone_cred_hold(zptr);
1096         if (oldzptr)
1097                 zone_cred_rele(oldzptr);
1098 }
1099 
1100 /*
1101  * Create a new cred based on the supplied label
1102  */
1103 cred_t *
1104 newcred_from_bslabel(bslabel_t *blabel, uint32_t doi, int flags)
1105 {
1106         ts_label_t *lbl = labelalloc(blabel, doi, flags);
1107         cred_t *cr = NULL;
1108 
1109         if (lbl != NULL) {
1110                 if ((cr = crdup_flags(dummycr, flags)) != NULL) {
1111                         cr->cr_label = lbl;
1112                 } else {
1113                         label_rele(lbl);
1114                 }
1115         }
1116 
1117         return (cr);
1118 }
1119 
1120 /*
1121  * Derive a new cred from the existing cred, but with a different label.
1122  * To be used when a cred is being shared, but the label needs to be changed
1123  * by a caller without affecting other users
1124  */
1125 cred_t *
1126 copycred_from_tslabel(const cred_t *cr, ts_label_t *label, int flags)
1127 {
1128         cred_t *newcr = NULL;
1129 
1130         if ((newcr = crdup_flags(cr, flags)) != NULL) {
1131                 if (newcr->cr_label != NULL)
1132                         label_rele(newcr->cr_label);
1133                 label_hold(label);
1134                 newcr->cr_label = label;
1135         }
1136 
1137         return (newcr);
1138 }
1139 
1140 /*
1141  * Derive a new cred from the existing cred, but with a different label.
1142  */
1143 cred_t *
1144 copycred_from_bslabel(const cred_t *cr, bslabel_t *blabel,
1145     uint32_t doi, int flags)
1146 {
1147         ts_label_t *lbl = labelalloc(blabel, doi, flags);
1148         cred_t  *newcr = NULL;
1149 
1150         if (lbl != NULL) {
1151                 newcr = copycred_from_tslabel(cr, lbl, flags);
1152                 label_rele(lbl);
1153         }
1154 
1155         return (newcr);
1156 }
1157 
1158 /*
1159  * This function returns a pointer to the kcred-equivalent in the current zone.
1160  */
1161 cred_t *
1162 zone_kcred(void)
1163 {
1164         zone_t *zone;
1165 
1166         if ((zone = CRED()->cr_zone) != NULL)
1167                 return (zone->zone_kcred);
1168         else
1169                 return (kcred);
1170 }
1171 
1172 boolean_t
1173 valid_ephemeral_uid(zone_t *zone, uid_t id)
1174 {
1175         ephemeral_zsd_t *eph_zsd;
1176         if (id <= IDMAP_WK__MAX_UID)
1177                 return (B_TRUE);
1178 
1179         eph_zsd = get_ephemeral_zsd(zone);
1180         ASSERT(eph_zsd != NULL);
1181         membar_consumer();
1182         return (id > eph_zsd->min_uid && id <= eph_zsd->last_uid);
1183 }
1184 
1185 boolean_t
1186 valid_ephemeral_gid(zone_t *zone, gid_t id)
1187 {
1188         ephemeral_zsd_t *eph_zsd;
1189         if (id <= IDMAP_WK__MAX_GID)
1190                 return (B_TRUE);
1191 
1192         eph_zsd = get_ephemeral_zsd(zone);
1193         ASSERT(eph_zsd != NULL);
1194         membar_consumer();
1195         return (id > eph_zsd->min_gid && id <= eph_zsd->last_gid);
1196 }
1197 
1198 int
1199 eph_uid_alloc(zone_t *zone, int flags, uid_t *start, int count)
1200 {
1201         ephemeral_zsd_t *eph_zsd = get_ephemeral_zsd(zone);
1202 
1203         ASSERT(eph_zsd != NULL);
1204 
1205         mutex_enter(&eph_zsd->eph_lock);
1206 
1207         /* Test for unsigned integer wrap around */
1208         if (eph_zsd->last_uid + count < eph_zsd->last_uid) {
1209                 mutex_exit(&eph_zsd->eph_lock);
1210                 return (-1);
1211         }
1212 
1213         /* first call or idmap crashed and state corrupted */
1214         if (flags != 0)
1215                 eph_zsd->min_uid = eph_zsd->last_uid;
1216 
1217         hasephids = B_TRUE;
1218         *start = eph_zsd->last_uid + 1;
1219         atomic_add_32(&eph_zsd->last_uid, count);
1220         mutex_exit(&eph_zsd->eph_lock);
1221         return (0);
1222 }
1223 
1224 int
1225 eph_gid_alloc(zone_t *zone, int flags, gid_t *start, int count)
1226 {
1227         ephemeral_zsd_t *eph_zsd = get_ephemeral_zsd(zone);
1228 
1229         ASSERT(eph_zsd != NULL);
1230 
1231         mutex_enter(&eph_zsd->eph_lock);
1232 
1233         /* Test for unsigned integer wrap around */
1234         if (eph_zsd->last_gid + count < eph_zsd->last_gid) {
1235                 mutex_exit(&eph_zsd->eph_lock);
1236                 return (-1);
1237         }
1238 
1239         /* first call or idmap crashed and state corrupted */
1240         if (flags != 0)
1241                 eph_zsd->min_gid = eph_zsd->last_gid;
1242 
1243         hasephids = B_TRUE;
1244         *start = eph_zsd->last_gid + 1;
1245         atomic_add_32(&eph_zsd->last_gid, count);
1246         mutex_exit(&eph_zsd->eph_lock);
1247         return (0);
1248 }
1249 
1250 /*
1251  * IMPORTANT.The two functions get_ephemeral_data() and set_ephemeral_data()
1252  * are project private functions that are for use of the test system only and
1253  * are not to be used for other purposes.
1254  */
1255 
1256 void
1257 get_ephemeral_data(zone_t *zone, uid_t *min_uid, uid_t *last_uid,
1258         gid_t *min_gid, gid_t *last_gid)
1259 {
1260         ephemeral_zsd_t *eph_zsd = get_ephemeral_zsd(zone);
1261 
1262         ASSERT(eph_zsd != NULL);
1263 
1264         mutex_enter(&eph_zsd->eph_lock);
1265 
1266         *min_uid = eph_zsd->min_uid;
1267         *last_uid = eph_zsd->last_uid;
1268         *min_gid = eph_zsd->min_gid;
1269         *last_gid = eph_zsd->last_gid;
1270 
1271         mutex_exit(&eph_zsd->eph_lock);
1272 }
1273 
1274 
1275 void
1276 set_ephemeral_data(zone_t *zone, uid_t min_uid, uid_t last_uid,
1277         gid_t min_gid, gid_t last_gid)
1278 {
1279         ephemeral_zsd_t *eph_zsd = get_ephemeral_zsd(zone);
1280 
1281         ASSERT(eph_zsd != NULL);
1282 
1283         mutex_enter(&eph_zsd->eph_lock);
1284 
1285         if (min_uid != 0)
1286                 eph_zsd->min_uid = min_uid;
1287         if (last_uid != 0)
1288                 eph_zsd->last_uid = last_uid;
1289         if (min_gid != 0)
1290                 eph_zsd->min_gid = min_gid;
1291         if (last_gid != 0)
1292                 eph_zsd->last_gid = last_gid;
1293 
1294         mutex_exit(&eph_zsd->eph_lock);
1295 }
1296 
1297 /*
1298  * If the credential user SID or group SID is mapped to an ephemeral
1299  * ID, map the credential to nobody.
1300  */
1301 cred_t *
1302 crgetmapped(const cred_t *cr)
1303 {
1304         ephemeral_zsd_t *eph_zsd;
1305         /*
1306          * Someone incorrectly passed a NULL cred to a vnode operation
1307          * either on purpose or by calling CRED() in interrupt context.
1308          */
1309         if (cr == NULL)
1310                 return (NULL);
1311 
1312         if (cr->cr_ksid != NULL) {
1313                 if (cr->cr_ksid->kr_sidx[KSID_USER].ks_id > MAXUID) {
1314                         eph_zsd = get_ephemeral_zsd(crgetzone(cr));
1315                         return (eph_zsd->eph_nobody);
1316                 }
1317 
1318                 if (cr->cr_ksid->kr_sidx[KSID_GROUP].ks_id > MAXUID) {
1319                         eph_zsd = get_ephemeral_zsd(crgetzone(cr));
1320                         return (eph_zsd->eph_nobody);
1321                 }
1322         }
1323 
1324         return ((cred_t *)cr);
1325 }
1326 
1327 /* index should be in range for a ksidindex_t */
1328 void
1329 crsetsid(cred_t *cr, ksid_t *ksp, int index)
1330 {
1331         ASSERT(cr->cr_ref <= 2);
1332         ASSERT(index >= 0 && index < KSID_COUNT);
1333         if (cr->cr_ksid == NULL && ksp == NULL)
1334                 return;
1335         cr->cr_ksid = kcrsid_setsid(cr->cr_ksid, ksp, index);
1336 }
1337 
1338 void
1339 crsetsidlist(cred_t *cr, ksidlist_t *ksl)
1340 {
1341         ASSERT(cr->cr_ref <= 2);
1342         if (cr->cr_ksid == NULL && ksl == NULL)
1343                 return;
1344         cr->cr_ksid = kcrsid_setsidlist(cr->cr_ksid, ksl);
1345 }
1346 
1347 ksid_t *
1348 crgetsid(const cred_t *cr, int i)
1349 {
1350         ASSERT(i >= 0 && i < KSID_COUNT);
1351         if (cr->cr_ksid != NULL && cr->cr_ksid->kr_sidx[i].ks_domain)
1352                 return ((ksid_t *)&cr->cr_ksid->kr_sidx[i]);
1353         return (NULL);
1354 }
1355 
1356 ksidlist_t *
1357 crgetsidlist(const cred_t *cr)
1358 {
1359         if (cr->cr_ksid != NULL)
1360                 return (cr->cr_ksid->kr_sidlist);
1361         return (NULL);
1362 }
1363 
1364 /*
1365  * Interface to set the effective and permitted privileges for
1366  * a credential; this interface does no security checks and is
1367  * intended for kernel (file)servers creating credentials with
1368  * specific privileges.
1369  */
1370 int
1371 crsetpriv(cred_t *cr, ...)
1372 {
1373         va_list ap;
1374         const char *privnm;
1375 
1376         ASSERT(cr->cr_ref <= 2);
1377 
1378         priv_set_PA(cr);
1379 
1380         va_start(ap, cr);
1381 
1382         while ((privnm = va_arg(ap, const char *)) != NULL) {
1383                 int priv = priv_getbyname(privnm, 0);
1384                 if (priv < 0)
1385                         return (-1);
1386 
1387                 priv_addset(&CR_PPRIV(cr), priv);
1388                 priv_addset(&CR_EPRIV(cr), priv);
1389         }
1390         priv_adjust_PA(cr);
1391         va_end(ap);
1392         return (0);
1393 }
1394 
1395 /*
1396  * Interface to effectively set the PRIV_ALL for
1397  * a credential; this interface does no security checks and is
1398  * intended for kernel (file)servers to extend the user credentials
1399  * to be ALL, like either kcred or zcred.
1400  */
1401 void
1402 crset_zone_privall(cred_t *cr)
1403 {
1404         zone_t  *zone = crgetzone(cr);
1405 
1406         priv_fillset(&CR_LPRIV(cr));
1407         CR_EPRIV(cr) = CR_PPRIV(cr) = CR_IPRIV(cr) = CR_LPRIV(cr);
1408         priv_intersect(zone->zone_privset, &CR_LPRIV(cr));
1409         priv_intersect(zone->zone_privset, &CR_EPRIV(cr));
1410         priv_intersect(zone->zone_privset, &CR_IPRIV(cr));
1411         priv_intersect(zone->zone_privset, &CR_PPRIV(cr));
1412 }
1413 
1414 struct credklpd *
1415 crgetcrklpd(const cred_t *cr)
1416 {
1417         return (cr->cr_klpd);
1418 }
1419 
1420 void
1421 crsetcrklpd(cred_t *cr, struct credklpd *crklpd)
1422 {
1423         ASSERT(cr->cr_ref <= 2);
1424 
1425         if (cr->cr_klpd != NULL)
1426                 crklpd_rele(cr->cr_klpd);
1427         cr->cr_klpd = crklpd;
1428 }
1429 
1430 credgrp_t *
1431 crgrpcopyin(int n, gid_t *gidset)
1432 {
1433         credgrp_t *mem;
1434         size_t sz = CREDGRPSZ(n);
1435 
1436         ASSERT(n > 0);
1437 
1438         mem = kmem_alloc(sz, KM_SLEEP);
1439 
1440         if (copyin(gidset, mem->crg_groups, sizeof (gid_t) * n)) {
1441                 kmem_free(mem, sz);
1442                 return (NULL);
1443         }
1444         mem->crg_ref = 1;
1445         mem->crg_ngroups = n;
1446         qsort(mem->crg_groups, n, sizeof (gid_t), gidcmp);
1447         return (mem);
1448 }
1449 
1450 const gid_t *
1451 crgetggroups(const credgrp_t *grps)
1452 {
1453         return (grps->crg_groups);
1454 }
1455 
1456 void
1457 crsetcredgrp(cred_t *cr, credgrp_t *grps)
1458 {
1459         ASSERT(cr->cr_ref <= 2);
1460 
1461         if (cr->cr_grps != NULL)
1462                 crgrprele(cr->cr_grps);
1463 
1464         cr->cr_grps = grps;
1465 }
1466 
1467 void
1468 crgrprele(credgrp_t *grps)
1469 {
1470         if (atomic_dec_32_nv(&grps->crg_ref) == 0)
1471                 kmem_free(grps, CREDGRPSZ(grps->crg_ngroups));
1472 }
1473 
1474 static void
1475 crgrphold(credgrp_t *grps)
1476 {
1477         atomic_inc_32(&grps->crg_ref);
1478 }