Print this page
OS-208 DTrace needs to use zone_did to match zone-limited enablings
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/uts/common/os/cred.c
+++ new/usr/src/uts/common/os/cred.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright (c) 2013, Ira Cooper. All rights reserved.
23 23 */
24 24 /*
25 25 * Copyright (c) 1989, 2010, Oracle and/or its affiliates. All rights reserved.
26 26 */
27 27
28 28 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
29 29 /* All Rights Reserved */
30 30
31 31 /*
32 32 * University Copyright- Copyright (c) 1982, 1986, 1988
33 33 * The Regents of the University of California
34 34 * All Rights Reserved
35 35 *
36 36 * University Acknowledgment- Portions of this document are derived from
37 37 * software developed by the University of California, Berkeley, and its
38 38 * contributors.
39 39 */
40 40
41 41 #include <sys/types.h>
42 42 #include <sys/sysmacros.h>
43 43 #include <sys/param.h>
44 44 #include <sys/systm.h>
45 45 #include <sys/cred_impl.h>
46 46 #include <sys/policy.h>
47 47 #include <sys/vnode.h>
48 48 #include <sys/errno.h>
49 49 #include <sys/kmem.h>
50 50 #include <sys/user.h>
51 51 #include <sys/proc.h>
52 52 #include <sys/syscall.h>
53 53 #include <sys/debug.h>
54 54 #include <sys/atomic.h>
55 55 #include <sys/ucred.h>
56 56 #include <sys/prsystm.h>
57 57 #include <sys/modctl.h>
58 58 #include <sys/avl.h>
59 59 #include <sys/door.h>
60 60 #include <c2/audit.h>
61 61 #include <sys/zone.h>
62 62 #include <sys/tsol/label.h>
63 63 #include <sys/sid.h>
64 64 #include <sys/idmap.h>
65 65 #include <sys/klpd.h>
66 66 #include <sys/varargs.h>
67 67 #include <sys/sysconf.h>
68 68 #include <util/qsort.h>
69 69
70 70
71 71 /* Ephemeral IDs Zones specific data */
72 72 typedef struct ephemeral_zsd {
73 73 uid_t min_uid;
74 74 uid_t last_uid;
75 75 gid_t min_gid;
76 76 gid_t last_gid;
77 77 kmutex_t eph_lock;
78 78 cred_t *eph_nobody;
79 79 } ephemeral_zsd_t;
80 80
81 81 static void crgrphold(credgrp_t *);
82 82
83 83 #define CREDGRPSZ(ngrp) (sizeof (credgrp_t) + ((ngrp - 1) * sizeof (gid_t)))
84 84
85 85 static kmutex_t ephemeral_zone_mutex;
86 86 static zone_key_t ephemeral_zone_key;
87 87
88 88 static struct kmem_cache *cred_cache;
89 89 static size_t crsize = 0;
90 90 static int audoff = 0;
91 91 uint32_t ucredsize;
92 92 cred_t *kcred;
93 93 static cred_t *dummycr;
94 94
95 95 int rstlink; /* link(2) restricted to files owned by user? */
96 96
97 97 static int get_c2audit_load(void);
98 98
99 99 #define CR_AUINFO(c) (auditinfo_addr_t *)((audoff == 0) ? NULL : \
100 100 ((char *)(c)) + audoff)
101 101
102 102 #define REMOTE_PEER_CRED(c) ((c)->cr_gid == -1)
103 103
104 104 #define BIN_GROUP_SEARCH_CUTOFF 16
105 105
106 106 static boolean_t hasephids = B_FALSE;
107 107
108 108 static ephemeral_zsd_t *
109 109 get_ephemeral_zsd(zone_t *zone)
110 110 {
111 111 ephemeral_zsd_t *eph_zsd;
112 112
113 113 eph_zsd = zone_getspecific(ephemeral_zone_key, zone);
114 114 if (eph_zsd != NULL) {
115 115 return (eph_zsd);
116 116 }
117 117
118 118 mutex_enter(&ephemeral_zone_mutex);
119 119 eph_zsd = zone_getspecific(ephemeral_zone_key, zone);
120 120 if (eph_zsd == NULL) {
121 121 eph_zsd = kmem_zalloc(sizeof (ephemeral_zsd_t), KM_SLEEP);
122 122 eph_zsd->min_uid = MAXUID;
123 123 eph_zsd->last_uid = IDMAP_WK__MAX_UID;
124 124 eph_zsd->min_gid = MAXUID;
125 125 eph_zsd->last_gid = IDMAP_WK__MAX_GID;
126 126 mutex_init(&eph_zsd->eph_lock, NULL, MUTEX_DEFAULT, NULL);
127 127
128 128 /*
129 129 * nobody is used to map SID containing CRs.
130 130 */
131 131 eph_zsd->eph_nobody = crdup(zone->zone_kcred);
132 132 (void) crsetugid(eph_zsd->eph_nobody, UID_NOBODY, GID_NOBODY);
133 133 CR_FLAGS(eph_zsd->eph_nobody) = 0;
134 134 eph_zsd->eph_nobody->cr_zone = zone;
135 135
136 136 (void) zone_setspecific(ephemeral_zone_key, zone, eph_zsd);
137 137 }
138 138 mutex_exit(&ephemeral_zone_mutex);
139 139 return (eph_zsd);
140 140 }
141 141
142 142 static cred_t *crdup_flags(const cred_t *, int);
143 143 static cred_t *cralloc_flags(int);
144 144
145 145 /*
146 146 * This function is called when a zone is destroyed
147 147 */
148 148 static void
149 149 /* ARGSUSED */
150 150 destroy_ephemeral_zsd(zoneid_t zone_id, void *arg)
151 151 {
152 152 ephemeral_zsd_t *eph_zsd = arg;
153 153 if (eph_zsd != NULL) {
154 154 mutex_destroy(&eph_zsd->eph_lock);
155 155 crfree(eph_zsd->eph_nobody);
156 156 kmem_free(eph_zsd, sizeof (ephemeral_zsd_t));
157 157 }
158 158 }
159 159
160 160
161 161
162 162 /*
163 163 * Initialize credentials data structures.
164 164 */
165 165
166 166 void
167 167 cred_init(void)
168 168 {
169 169 priv_init();
170 170
171 171 crsize = sizeof (cred_t);
172 172
173 173 if (get_c2audit_load() > 0) {
174 174 #ifdef _LP64
175 175 /* assure audit context is 64-bit aligned */
176 176 audoff = (crsize +
177 177 sizeof (int64_t) - 1) & ~(sizeof (int64_t) - 1);
178 178 #else /* _LP64 */
179 179 audoff = crsize;
180 180 #endif /* _LP64 */
181 181 crsize = audoff + sizeof (auditinfo_addr_t);
182 182 crsize = (crsize + sizeof (int) - 1) & ~(sizeof (int) - 1);
183 183 }
184 184
185 185 cred_cache = kmem_cache_create("cred_cache", crsize, 0,
186 186 NULL, NULL, NULL, NULL, NULL, 0);
187 187
188 188 /*
189 189 * dummycr is used to copy initial state for creds.
190 190 */
191 191 dummycr = cralloc();
192 192 bzero(dummycr, crsize);
193 193 dummycr->cr_ref = 1;
194 194 dummycr->cr_uid = (uid_t)-1;
195 195 dummycr->cr_gid = (gid_t)-1;
196 196 dummycr->cr_ruid = (uid_t)-1;
197 197 dummycr->cr_rgid = (gid_t)-1;
198 198 dummycr->cr_suid = (uid_t)-1;
199 199 dummycr->cr_sgid = (gid_t)-1;
200 200
201 201
202 202 /*
203 203 * kcred is used by anything that needs all privileges; it's
204 204 * also the template used for crget as it has all the compatible
205 205 * sets filled in.
206 206 */
207 207 kcred = cralloc();
208 208
209 209 bzero(kcred, crsize);
210 210 kcred->cr_ref = 1;
211 211
212 212 /* kcred is never freed, so we don't need zone_cred_hold here */
213 213 kcred->cr_zone = &zone0;
214 214
215 215 priv_fillset(&CR_LPRIV(kcred));
216 216 CR_IPRIV(kcred) = *priv_basic;
217 217
218 218 priv_addset(&CR_IPRIV(kcred), PRIV_PROC_SECFLAGS);
219 219
220 220 /* Not a basic privilege, if chown is not restricted add it to I0 */
221 221 if (!rstchown)
222 222 priv_addset(&CR_IPRIV(kcred), PRIV_FILE_CHOWN_SELF);
223 223
224 224 /* Basic privilege, if link is restricted remove it from I0 */
225 225 if (rstlink)
226 226 priv_delset(&CR_IPRIV(kcred), PRIV_FILE_LINK_ANY);
227 227
228 228 CR_EPRIV(kcred) = CR_PPRIV(kcred) = CR_IPRIV(kcred);
229 229
230 230 CR_FLAGS(kcred) = NET_MAC_AWARE;
231 231
232 232 /*
233 233 * Set up credentials of p0.
234 234 */
235 235 ttoproc(curthread)->p_cred = kcred;
236 236 curthread->t_cred = kcred;
237 237
238 238 ucredsize = UCRED_SIZE;
239 239
240 240 mutex_init(&ephemeral_zone_mutex, NULL, MUTEX_DEFAULT, NULL);
241 241 zone_key_create(&ephemeral_zone_key, NULL, NULL, destroy_ephemeral_zsd);
242 242 }
243 243
244 244 /*
245 245 * Allocate (nearly) uninitialized cred_t.
246 246 */
247 247 static cred_t *
248 248 cralloc_flags(int flgs)
249 249 {
250 250 cred_t *cr = kmem_cache_alloc(cred_cache, flgs);
251 251
252 252 if (cr == NULL)
253 253 return (NULL);
254 254
255 255 cr->cr_ref = 1; /* So we can crfree() */
256 256 cr->cr_zone = NULL;
257 257 cr->cr_label = NULL;
258 258 cr->cr_ksid = NULL;
259 259 cr->cr_klpd = NULL;
260 260 cr->cr_grps = NULL;
261 261 return (cr);
262 262 }
263 263
264 264 cred_t *
265 265 cralloc(void)
266 266 {
267 267 return (cralloc_flags(KM_SLEEP));
268 268 }
269 269
270 270 /*
271 271 * As cralloc but prepared for ksid change (if appropriate).
272 272 */
273 273 cred_t *
274 274 cralloc_ksid(void)
275 275 {
276 276 cred_t *cr = cralloc();
277 277 if (hasephids)
278 278 cr->cr_ksid = kcrsid_alloc();
279 279 return (cr);
280 280 }
281 281
282 282 /*
283 283 * Allocate a initialized cred structure and crhold() it.
284 284 * Initialized means: all ids 0, group count 0, L=Full, E=P=I=I0
285 285 */
286 286 cred_t *
287 287 crget(void)
288 288 {
289 289 cred_t *cr = kmem_cache_alloc(cred_cache, KM_SLEEP);
290 290
291 291 bcopy(kcred, cr, crsize);
292 292 cr->cr_ref = 1;
293 293 zone_cred_hold(cr->cr_zone);
294 294 if (cr->cr_label)
295 295 label_hold(cr->cr_label);
296 296 ASSERT(cr->cr_klpd == NULL);
297 297 ASSERT(cr->cr_grps == NULL);
298 298 return (cr);
299 299 }
300 300
301 301 /*
302 302 * Broadcast the cred to all the threads in the process.
303 303 * The current thread's credentials can be set right away, but other
304 304 * threads must wait until the start of the next system call or trap.
305 305 * This avoids changing the cred in the middle of a system call.
306 306 *
307 307 * The cred has already been held for the process and the thread (2 holds),
308 308 * and p->p_cred set.
309 309 *
310 310 * p->p_crlock shouldn't be held here, since p_lock must be acquired.
311 311 */
312 312 void
313 313 crset(proc_t *p, cred_t *cr)
314 314 {
315 315 kthread_id_t t;
316 316 kthread_id_t first;
317 317 cred_t *oldcr;
318 318
319 319 ASSERT(p == curproc); /* assumes p_lwpcnt can't change */
320 320
321 321 /*
322 322 * DTrace accesses t_cred in probe context. t_cred must always be
323 323 * either NULL, or point to a valid, allocated cred structure.
324 324 */
325 325 t = curthread;
326 326 oldcr = t->t_cred;
327 327 t->t_cred = cr; /* the cred is held by caller for this thread */
328 328 crfree(oldcr); /* free the old cred for the thread */
329 329
330 330 /*
331 331 * Broadcast to other threads, if any.
332 332 */
333 333 if (p->p_lwpcnt > 1) {
334 334 mutex_enter(&p->p_lock); /* to keep thread list safe */
335 335 first = curthread;
336 336 for (t = first->t_forw; t != first; t = t->t_forw)
337 337 t->t_pre_sys = 1; /* so syscall will get new cred */
338 338 mutex_exit(&p->p_lock);
339 339 }
340 340 }
341 341
342 342 /*
343 343 * Put a hold on a cred structure.
344 344 */
345 345 void
346 346 crhold(cred_t *cr)
347 347 {
348 348 ASSERT(cr->cr_ref != 0xdeadbeef && cr->cr_ref != 0);
349 349 atomic_inc_32(&cr->cr_ref);
350 350 }
351 351
352 352 /*
353 353 * Release previous hold on a cred structure. Free it if refcnt == 0.
354 354 * If cred uses label different from zone label, free it.
355 355 */
356 356 void
357 357 crfree(cred_t *cr)
358 358 {
359 359 ASSERT(cr->cr_ref != 0xdeadbeef && cr->cr_ref != 0);
360 360 if (atomic_dec_32_nv(&cr->cr_ref) == 0) {
361 361 ASSERT(cr != kcred);
362 362 if (cr->cr_label)
363 363 label_rele(cr->cr_label);
364 364 if (cr->cr_klpd)
365 365 crklpd_rele(cr->cr_klpd);
366 366 if (cr->cr_zone)
367 367 zone_cred_rele(cr->cr_zone);
368 368 if (cr->cr_ksid)
369 369 kcrsid_rele(cr->cr_ksid);
370 370 if (cr->cr_grps)
371 371 crgrprele(cr->cr_grps);
372 372
373 373 kmem_cache_free(cred_cache, cr);
374 374 }
375 375 }
376 376
377 377 /*
378 378 * Copy a cred structure to a new one and free the old one.
379 379 * The new cred will have two references. One for the calling process,
380 380 * and one for the thread.
381 381 */
382 382 cred_t *
383 383 crcopy(cred_t *cr)
384 384 {
385 385 cred_t *newcr;
386 386
387 387 newcr = cralloc();
388 388 bcopy(cr, newcr, crsize);
389 389 if (newcr->cr_zone)
390 390 zone_cred_hold(newcr->cr_zone);
391 391 if (newcr->cr_label)
392 392 label_hold(newcr->cr_label);
393 393 if (newcr->cr_ksid)
394 394 kcrsid_hold(newcr->cr_ksid);
395 395 if (newcr->cr_klpd)
396 396 crklpd_hold(newcr->cr_klpd);
397 397 if (newcr->cr_grps)
398 398 crgrphold(newcr->cr_grps);
399 399 crfree(cr);
400 400 newcr->cr_ref = 2; /* caller gets two references */
401 401 return (newcr);
402 402 }
403 403
404 404 /*
405 405 * Copy a cred structure to a new one and free the old one.
406 406 * The new cred will have two references. One for the calling process,
407 407 * and one for the thread.
408 408 * This variation on crcopy uses a pre-allocated structure for the
409 409 * "new" cred.
410 410 */
411 411 void
412 412 crcopy_to(cred_t *oldcr, cred_t *newcr)
413 413 {
414 414 credsid_t *nkcr = newcr->cr_ksid;
415 415
416 416 bcopy(oldcr, newcr, crsize);
417 417 if (newcr->cr_zone)
418 418 zone_cred_hold(newcr->cr_zone);
419 419 if (newcr->cr_label)
420 420 label_hold(newcr->cr_label);
421 421 if (newcr->cr_klpd)
422 422 crklpd_hold(newcr->cr_klpd);
423 423 if (newcr->cr_grps)
424 424 crgrphold(newcr->cr_grps);
425 425 if (nkcr) {
426 426 newcr->cr_ksid = nkcr;
427 427 kcrsidcopy_to(oldcr->cr_ksid, newcr->cr_ksid);
428 428 } else if (newcr->cr_ksid)
429 429 kcrsid_hold(newcr->cr_ksid);
430 430 crfree(oldcr);
431 431 newcr->cr_ref = 2; /* caller gets two references */
432 432 }
433 433
434 434 /*
435 435 * Dup a cred struct to a new held one.
436 436 * The old cred is not freed.
437 437 */
438 438 static cred_t *
439 439 crdup_flags(const cred_t *cr, int flgs)
440 440 {
441 441 cred_t *newcr;
442 442
443 443 newcr = cralloc_flags(flgs);
444 444
445 445 if (newcr == NULL)
446 446 return (NULL);
447 447
448 448 bcopy(cr, newcr, crsize);
449 449 if (newcr->cr_zone)
450 450 zone_cred_hold(newcr->cr_zone);
451 451 if (newcr->cr_label)
452 452 label_hold(newcr->cr_label);
453 453 if (newcr->cr_klpd)
454 454 crklpd_hold(newcr->cr_klpd);
455 455 if (newcr->cr_ksid)
456 456 kcrsid_hold(newcr->cr_ksid);
457 457 if (newcr->cr_grps)
458 458 crgrphold(newcr->cr_grps);
459 459 newcr->cr_ref = 1;
460 460 return (newcr);
461 461 }
462 462
463 463 cred_t *
464 464 crdup(cred_t *cr)
465 465 {
466 466 return (crdup_flags(cr, KM_SLEEP));
467 467 }
468 468
469 469 /*
470 470 * Dup a cred struct to a new held one.
471 471 * The old cred is not freed.
472 472 * This variation on crdup uses a pre-allocated structure for the
473 473 * "new" cred.
474 474 */
475 475 void
476 476 crdup_to(cred_t *oldcr, cred_t *newcr)
477 477 {
478 478 credsid_t *nkcr = newcr->cr_ksid;
479 479
480 480 bcopy(oldcr, newcr, crsize);
481 481 if (newcr->cr_zone)
482 482 zone_cred_hold(newcr->cr_zone);
483 483 if (newcr->cr_label)
484 484 label_hold(newcr->cr_label);
485 485 if (newcr->cr_klpd)
486 486 crklpd_hold(newcr->cr_klpd);
487 487 if (newcr->cr_grps)
488 488 crgrphold(newcr->cr_grps);
489 489 if (nkcr) {
490 490 newcr->cr_ksid = nkcr;
491 491 kcrsidcopy_to(oldcr->cr_ksid, newcr->cr_ksid);
492 492 } else if (newcr->cr_ksid)
493 493 kcrsid_hold(newcr->cr_ksid);
494 494 newcr->cr_ref = 1;
495 495 }
496 496
497 497 /*
498 498 * Return the (held) credentials for the current running process.
499 499 */
500 500 cred_t *
501 501 crgetcred(void)
502 502 {
503 503 cred_t *cr;
504 504 proc_t *p;
505 505
506 506 p = ttoproc(curthread);
507 507 mutex_enter(&p->p_crlock);
508 508 crhold(cr = p->p_cred);
509 509 mutex_exit(&p->p_crlock);
510 510 return (cr);
511 511 }
512 512
513 513 /*
514 514 * Backward compatibility check for suser().
515 515 * Accounting flag is now set in the policy functions; auditing is
516 516 * done through use of privilege in the audit trail.
517 517 */
518 518 int
519 519 suser(cred_t *cr)
520 520 {
521 521 return (PRIV_POLICY(cr, PRIV_SYS_SUSER_COMPAT, B_FALSE, EPERM, NULL)
522 522 == 0);
523 523 }
524 524
525 525 /*
526 526 * Determine whether the supplied group id is a member of the group
527 527 * described by the supplied credentials.
528 528 */
529 529 int
530 530 groupmember(gid_t gid, const cred_t *cr)
531 531 {
532 532 if (gid == cr->cr_gid)
533 533 return (1);
534 534 return (supgroupmember(gid, cr));
535 535 }
536 536
537 537 /*
538 538 * As groupmember but only check against the supplemental groups.
539 539 */
540 540 int
541 541 supgroupmember(gid_t gid, const cred_t *cr)
542 542 {
543 543 int hi, lo;
544 544 credgrp_t *grps = cr->cr_grps;
545 545 const gid_t *gp, *endgp;
546 546
547 547 if (grps == NULL)
548 548 return (0);
549 549
550 550 /* For a small number of groups, use sequentials search. */
551 551 if (grps->crg_ngroups <= BIN_GROUP_SEARCH_CUTOFF) {
552 552 endgp = &grps->crg_groups[grps->crg_ngroups];
553 553 for (gp = grps->crg_groups; gp < endgp; gp++)
554 554 if (*gp == gid)
555 555 return (1);
556 556 return (0);
557 557 }
558 558
559 559 /* We use binary search when we have many groups. */
560 560 lo = 0;
561 561 hi = grps->crg_ngroups - 1;
562 562 gp = grps->crg_groups;
563 563
564 564 do {
565 565 int m = (lo + hi) / 2;
566 566
567 567 if (gid > gp[m])
568 568 lo = m + 1;
569 569 else if (gid < gp[m])
570 570 hi = m - 1;
571 571 else
572 572 return (1);
573 573 } while (lo <= hi);
574 574
575 575 return (0);
576 576 }
577 577
578 578 /*
579 579 * This function is called to check whether the credentials set
580 580 * "scrp" has permission to act on credentials set "tcrp". It enforces the
581 581 * permission requirements needed to send a signal to a process.
582 582 * The same requirements are imposed by other system calls, however.
583 583 *
584 584 * The rules are:
585 585 * (1) if the credentials are the same, the check succeeds
586 586 * (2) if the zone ids don't match, and scrp is not in the global zone or
587 587 * does not have the PRIV_PROC_ZONE privilege, the check fails
588 588 * (3) if the real or effective user id of scrp matches the real or saved
589 589 * user id of tcrp or scrp has the PRIV_PROC_OWNER privilege, the check
590 590 * succeeds
591 591 * (4) otherwise, the check fails
592 592 */
593 593 int
594 594 hasprocperm(const cred_t *tcrp, const cred_t *scrp)
595 595 {
596 596 if (scrp == tcrp)
597 597 return (1);
598 598 if (scrp->cr_zone != tcrp->cr_zone &&
599 599 (scrp->cr_zone != global_zone ||
600 600 secpolicy_proc_zone(scrp) != 0))
601 601 return (0);
602 602 if (scrp->cr_uid == tcrp->cr_ruid ||
603 603 scrp->cr_ruid == tcrp->cr_ruid ||
604 604 scrp->cr_uid == tcrp->cr_suid ||
605 605 scrp->cr_ruid == tcrp->cr_suid ||
606 606 !PRIV_POLICY(scrp, PRIV_PROC_OWNER, B_FALSE, EPERM, "hasprocperm"))
607 607 return (1);
608 608 return (0);
609 609 }
610 610
611 611 /*
612 612 * This interface replaces hasprocperm; it works like hasprocperm but
613 613 * additionally returns success if the proc_t's match
614 614 * It is the preferred interface for most uses.
615 615 * And it will acquire p_crlock itself, so it assert's that it shouldn't
616 616 * be held.
617 617 */
618 618 int
619 619 prochasprocperm(proc_t *tp, proc_t *sp, const cred_t *scrp)
620 620 {
621 621 int rets;
622 622 cred_t *tcrp;
623 623
624 624 ASSERT(MUTEX_NOT_HELD(&tp->p_crlock));
625 625
626 626 if (tp == sp)
627 627 return (1);
628 628
629 629 if (tp->p_sessp != sp->p_sessp && secpolicy_basic_proc(scrp) != 0)
630 630 return (0);
631 631
632 632 mutex_enter(&tp->p_crlock);
633 633 crhold(tcrp = tp->p_cred);
634 634 mutex_exit(&tp->p_crlock);
635 635 rets = hasprocperm(tcrp, scrp);
636 636 crfree(tcrp);
637 637
638 638 return (rets);
639 639 }
640 640
641 641 /*
642 642 * This routine is used to compare two credentials to determine if
643 643 * they refer to the same "user". If the pointers are equal, then
644 644 * they must refer to the same user. Otherwise, the contents of
645 645 * the credentials are compared to see whether they are equivalent.
646 646 *
647 647 * This routine returns 0 if the credentials refer to the same user,
648 648 * 1 if they do not.
649 649 */
650 650 int
651 651 crcmp(const cred_t *cr1, const cred_t *cr2)
652 652 {
653 653 credgrp_t *grp1, *grp2;
654 654
655 655 if (cr1 == cr2)
656 656 return (0);
657 657
658 658 if (cr1->cr_uid == cr2->cr_uid &&
659 659 cr1->cr_gid == cr2->cr_gid &&
660 660 cr1->cr_ruid == cr2->cr_ruid &&
661 661 cr1->cr_rgid == cr2->cr_rgid &&
662 662 cr1->cr_zone == cr2->cr_zone &&
663 663 ((grp1 = cr1->cr_grps) == (grp2 = cr2->cr_grps) ||
664 664 (grp1 != NULL && grp2 != NULL &&
665 665 grp1->crg_ngroups == grp2->crg_ngroups &&
666 666 bcmp(grp1->crg_groups, grp2->crg_groups,
667 667 grp1->crg_ngroups * sizeof (gid_t)) == 0))) {
668 668 return (!priv_isequalset(&CR_OEPRIV(cr1), &CR_OEPRIV(cr2)));
669 669 }
670 670 return (1);
671 671 }
672 672
673 673 /*
674 674 * Read access functions to cred_t.
675 675 */
676 676 uid_t
677 677 crgetuid(const cred_t *cr)
678 678 {
679 679 return (cr->cr_uid);
680 680 }
681 681
682 682 uid_t
683 683 crgetruid(const cred_t *cr)
684 684 {
685 685 return (cr->cr_ruid);
686 686 }
687 687
688 688 uid_t
689 689 crgetsuid(const cred_t *cr)
690 690 {
691 691 return (cr->cr_suid);
692 692 }
693 693
694 694 gid_t
695 695 crgetgid(const cred_t *cr)
696 696 {
697 697 return (cr->cr_gid);
698 698 }
699 699
700 700 gid_t
701 701 crgetrgid(const cred_t *cr)
702 702 {
703 703 return (cr->cr_rgid);
704 704 }
705 705
706 706 gid_t
707 707 crgetsgid(const cred_t *cr)
708 708 {
709 709 return (cr->cr_sgid);
710 710 }
711 711
712 712 const auditinfo_addr_t *
713 713 crgetauinfo(const cred_t *cr)
714 714 {
715 715 return ((const auditinfo_addr_t *)CR_AUINFO(cr));
716 716 }
717 717
718 718 auditinfo_addr_t *
719 719 crgetauinfo_modifiable(cred_t *cr)
720 720 {
721 721 return (CR_AUINFO(cr));
|
↓ open down ↓ |
721 lines elided |
↑ open up ↑ |
722 722 }
723 723
724 724 zoneid_t
725 725 crgetzoneid(const cred_t *cr)
726 726 {
727 727 return (cr->cr_zone == NULL ?
728 728 (cr->cr_uid == -1 ? (zoneid_t)-1 : GLOBAL_ZONEID) :
729 729 cr->cr_zone->zone_id);
730 730 }
731 731
732 +zoneid_t
733 +crgetzonedid(const cred_t *cr)
734 +{
735 + return (cr->cr_zone == NULL ?
736 + (cr->cr_uid == -1 ? (zoneid_t)-1 : GLOBAL_ZONEID) :
737 + cr->cr_zone->zone_did);
738 +}
739 +
732 740 projid_t
733 741 crgetprojid(const cred_t *cr)
734 742 {
735 743 return (cr->cr_projid);
736 744 }
737 745
738 746 zone_t *
739 747 crgetzone(const cred_t *cr)
740 748 {
741 749 return (cr->cr_zone);
742 750 }
743 751
744 752 struct ts_label_s *
745 753 crgetlabel(const cred_t *cr)
746 754 {
747 755 return (cr->cr_label ?
748 756 cr->cr_label :
749 757 (cr->cr_zone ? cr->cr_zone->zone_slabel : NULL));
750 758 }
751 759
752 760 boolean_t
753 761 crisremote(const cred_t *cr)
754 762 {
755 763 return (REMOTE_PEER_CRED(cr));
756 764 }
757 765
758 766 #define BADUID(x, zn) ((x) != -1 && !VALID_UID((x), (zn)))
759 767 #define BADGID(x, zn) ((x) != -1 && !VALID_GID((x), (zn)))
760 768
761 769 int
762 770 crsetresuid(cred_t *cr, uid_t r, uid_t e, uid_t s)
763 771 {
764 772 zone_t *zone = crgetzone(cr);
765 773
766 774 ASSERT(cr->cr_ref <= 2);
767 775
768 776 if (BADUID(r, zone) || BADUID(e, zone) || BADUID(s, zone))
769 777 return (-1);
770 778
771 779 if (r != -1)
772 780 cr->cr_ruid = r;
773 781 if (e != -1)
774 782 cr->cr_uid = e;
775 783 if (s != -1)
776 784 cr->cr_suid = s;
777 785
778 786 return (0);
779 787 }
780 788
781 789 int
782 790 crsetresgid(cred_t *cr, gid_t r, gid_t e, gid_t s)
783 791 {
784 792 zone_t *zone = crgetzone(cr);
785 793
786 794 ASSERT(cr->cr_ref <= 2);
787 795
788 796 if (BADGID(r, zone) || BADGID(e, zone) || BADGID(s, zone))
789 797 return (-1);
790 798
791 799 if (r != -1)
792 800 cr->cr_rgid = r;
793 801 if (e != -1)
794 802 cr->cr_gid = e;
795 803 if (s != -1)
796 804 cr->cr_sgid = s;
797 805
798 806 return (0);
799 807 }
800 808
801 809 int
802 810 crsetugid(cred_t *cr, uid_t uid, gid_t gid)
803 811 {
804 812 zone_t *zone = crgetzone(cr);
805 813
806 814 ASSERT(cr->cr_ref <= 2);
807 815
808 816 if (!VALID_UID(uid, zone) || !VALID_GID(gid, zone))
809 817 return (-1);
810 818
811 819 cr->cr_uid = cr->cr_ruid = cr->cr_suid = uid;
812 820 cr->cr_gid = cr->cr_rgid = cr->cr_sgid = gid;
813 821
814 822 return (0);
815 823 }
816 824
817 825 static int
818 826 gidcmp(const void *v1, const void *v2)
819 827 {
820 828 gid_t g1 = *(gid_t *)v1;
821 829 gid_t g2 = *(gid_t *)v2;
822 830
823 831 if (g1 < g2)
824 832 return (-1);
825 833 else if (g1 > g2)
826 834 return (1);
827 835 else
828 836 return (0);
829 837 }
830 838
831 839 int
832 840 crsetgroups(cred_t *cr, int n, gid_t *grp)
833 841 {
834 842 ASSERT(cr->cr_ref <= 2);
835 843
836 844 if (n > ngroups_max || n < 0)
837 845 return (-1);
838 846
839 847 if (cr->cr_grps != NULL)
840 848 crgrprele(cr->cr_grps);
841 849
842 850 if (n > 0) {
843 851 cr->cr_grps = kmem_alloc(CREDGRPSZ(n), KM_SLEEP);
844 852 bcopy(grp, cr->cr_grps->crg_groups, n * sizeof (gid_t));
845 853 cr->cr_grps->crg_ref = 1;
846 854 cr->cr_grps->crg_ngroups = n;
847 855 qsort(cr->cr_grps->crg_groups, n, sizeof (gid_t), gidcmp);
848 856 } else {
849 857 cr->cr_grps = NULL;
850 858 }
851 859
852 860 return (0);
853 861 }
854 862
855 863 void
856 864 crsetprojid(cred_t *cr, projid_t projid)
857 865 {
858 866 ASSERT(projid >= 0 && projid <= MAXPROJID);
859 867 cr->cr_projid = projid;
860 868 }
861 869
862 870 /*
863 871 * This routine returns the pointer to the first element of the crg_groups
864 872 * array. It can move around in an implementation defined way.
865 873 * Note that when we have no grouplist, we return one element but the
866 874 * caller should never reference it.
867 875 */
868 876 const gid_t *
869 877 crgetgroups(const cred_t *cr)
870 878 {
871 879 return (cr->cr_grps == NULL ? &cr->cr_gid : cr->cr_grps->crg_groups);
872 880 }
873 881
874 882 int
875 883 crgetngroups(const cred_t *cr)
876 884 {
877 885 return (cr->cr_grps == NULL ? 0 : cr->cr_grps->crg_ngroups);
878 886 }
879 887
880 888 void
881 889 cred2prcred(const cred_t *cr, prcred_t *pcrp)
882 890 {
883 891 pcrp->pr_euid = cr->cr_uid;
884 892 pcrp->pr_ruid = cr->cr_ruid;
885 893 pcrp->pr_suid = cr->cr_suid;
886 894 pcrp->pr_egid = cr->cr_gid;
887 895 pcrp->pr_rgid = cr->cr_rgid;
888 896 pcrp->pr_sgid = cr->cr_sgid;
889 897 pcrp->pr_groups[0] = 0; /* in case ngroups == 0 */
890 898 pcrp->pr_ngroups = cr->cr_grps == NULL ? 0 : cr->cr_grps->crg_ngroups;
891 899
892 900 if (pcrp->pr_ngroups != 0)
893 901 bcopy(cr->cr_grps->crg_groups, pcrp->pr_groups,
894 902 sizeof (gid_t) * pcrp->pr_ngroups);
895 903 }
896 904
897 905 static int
898 906 cred2ucaud(const cred_t *cr, auditinfo64_addr_t *ainfo, const cred_t *rcr)
899 907 {
900 908 auditinfo_addr_t *ai;
901 909 au_tid_addr_t tid;
902 910
903 911 if (secpolicy_audit_getattr(rcr, B_TRUE) != 0)
904 912 return (-1);
905 913
906 914 ai = CR_AUINFO(cr); /* caller makes sure this is non-NULL */
907 915 tid = ai->ai_termid;
908 916
909 917 ainfo->ai_auid = ai->ai_auid;
910 918 ainfo->ai_mask = ai->ai_mask;
911 919 ainfo->ai_asid = ai->ai_asid;
912 920
913 921 ainfo->ai_termid.at_type = tid.at_type;
914 922 bcopy(&tid.at_addr, &ainfo->ai_termid.at_addr, 4 * sizeof (uint_t));
915 923
916 924 ainfo->ai_termid.at_port.at_major = (uint32_t)getmajor(tid.at_port);
917 925 ainfo->ai_termid.at_port.at_minor = (uint32_t)getminor(tid.at_port);
918 926
919 927 return (0);
920 928 }
921 929
922 930 void
923 931 cred2uclabel(const cred_t *cr, bslabel_t *labelp)
924 932 {
925 933 ts_label_t *tslp;
926 934
927 935 if ((tslp = crgetlabel(cr)) != NULL)
928 936 bcopy(&tslp->tsl_label, labelp, sizeof (bslabel_t));
929 937 }
930 938
931 939 /*
932 940 * Convert a credential into a "ucred". Allow the caller to specify
933 941 * and aligned buffer, e.g., in an mblk, so we don't have to allocate
934 942 * memory and copy it twice.
935 943 *
936 944 * This function may call cred2ucaud(), which calls CRED(). Since this
937 945 * can be called from an interrupt thread, receiver's cred (rcr) is needed
938 946 * to determine whether audit info should be included.
939 947 */
940 948 struct ucred_s *
941 949 cred2ucred(const cred_t *cr, pid_t pid, void *buf, const cred_t *rcr)
942 950 {
943 951 struct ucred_s *uc;
944 952 uint32_t realsz = ucredminsize(cr);
945 953 ts_label_t *tslp = is_system_labeled() ? crgetlabel(cr) : NULL;
946 954
947 955 /* The structure isn't always completely filled in, so zero it */
948 956 if (buf == NULL) {
949 957 uc = kmem_zalloc(realsz, KM_SLEEP);
950 958 } else {
951 959 bzero(buf, realsz);
952 960 uc = buf;
953 961 }
954 962 uc->uc_size = realsz;
955 963 uc->uc_pid = pid;
956 964 uc->uc_projid = cr->cr_projid;
957 965 uc->uc_zoneid = crgetzoneid(cr);
958 966
959 967 if (REMOTE_PEER_CRED(cr)) {
960 968 /*
961 969 * Other than label, the rest of cred info about a
962 970 * remote peer isn't available. Copy the label directly
963 971 * after the header where we generally copy the prcred.
964 972 * That's why we use sizeof (struct ucred_s). The other
965 973 * offset fields are initialized to 0.
966 974 */
967 975 uc->uc_labeloff = tslp == NULL ? 0 : sizeof (struct ucred_s);
968 976 } else {
969 977 uc->uc_credoff = UCRED_CRED_OFF;
970 978 uc->uc_privoff = UCRED_PRIV_OFF;
971 979 uc->uc_audoff = UCRED_AUD_OFF;
972 980 uc->uc_labeloff = tslp == NULL ? 0 : UCRED_LABEL_OFF;
973 981
974 982 cred2prcred(cr, UCCRED(uc));
975 983 cred2prpriv(cr, UCPRIV(uc));
976 984
977 985 if (audoff == 0 || cred2ucaud(cr, UCAUD(uc), rcr) != 0)
978 986 uc->uc_audoff = 0;
979 987 }
980 988 if (tslp != NULL)
981 989 bcopy(&tslp->tsl_label, UCLABEL(uc), sizeof (bslabel_t));
982 990
983 991 return (uc);
984 992 }
985 993
986 994 /*
987 995 * Don't allocate the non-needed group entries. Note: this function
988 996 * must match the code in cred2ucred; they must agree about the
989 997 * minimal size of the ucred.
990 998 */
991 999 uint32_t
992 1000 ucredminsize(const cred_t *cr)
993 1001 {
994 1002 int ndiff;
995 1003
996 1004 if (cr == NULL)
997 1005 return (ucredsize);
998 1006
999 1007 if (REMOTE_PEER_CRED(cr)) {
1000 1008 if (is_system_labeled())
1001 1009 return (sizeof (struct ucred_s) + sizeof (bslabel_t));
1002 1010 else
1003 1011 return (sizeof (struct ucred_s));
1004 1012 }
1005 1013
1006 1014 if (cr->cr_grps == NULL)
1007 1015 ndiff = ngroups_max - 1; /* Needs one for prcred_t */
1008 1016 else
1009 1017 ndiff = ngroups_max - cr->cr_grps->crg_ngroups;
1010 1018
1011 1019 return (ucredsize - ndiff * sizeof (gid_t));
1012 1020 }
1013 1021
1014 1022 /*
1015 1023 * Get the "ucred" of a process.
1016 1024 */
1017 1025 struct ucred_s *
1018 1026 pgetucred(proc_t *p)
1019 1027 {
1020 1028 cred_t *cr;
1021 1029 struct ucred_s *uc;
1022 1030
1023 1031 mutex_enter(&p->p_crlock);
1024 1032 cr = p->p_cred;
1025 1033 crhold(cr);
1026 1034 mutex_exit(&p->p_crlock);
1027 1035
1028 1036 uc = cred2ucred(cr, p->p_pid, NULL, CRED());
1029 1037 crfree(cr);
1030 1038
1031 1039 return (uc);
1032 1040 }
1033 1041
1034 1042 /*
1035 1043 * If the reply status is NFSERR_EACCES, it may be because we are
1036 1044 * root (no root net access). Check the real uid, if it isn't root
1037 1045 * make that the uid instead and retry the call.
1038 1046 * Private interface for NFS.
1039 1047 */
1040 1048 cred_t *
1041 1049 crnetadjust(cred_t *cr)
1042 1050 {
1043 1051 if (cr->cr_uid == 0 && cr->cr_ruid != 0) {
1044 1052 cr = crdup(cr);
1045 1053 cr->cr_uid = cr->cr_ruid;
1046 1054 return (cr);
1047 1055 }
1048 1056 return (NULL);
1049 1057 }
1050 1058
1051 1059 /*
1052 1060 * The reference count is of interest when you want to check
1053 1061 * whether it is ok to modify the credential in place.
1054 1062 */
1055 1063 uint_t
1056 1064 crgetref(const cred_t *cr)
1057 1065 {
1058 1066 return (cr->cr_ref);
1059 1067 }
1060 1068
1061 1069 static int
1062 1070 get_c2audit_load(void)
1063 1071 {
1064 1072 static int gotit = 0;
1065 1073 static int c2audit_load;
1066 1074
1067 1075 if (gotit)
1068 1076 return (c2audit_load);
1069 1077 c2audit_load = 1; /* set default value once */
1070 1078 if (mod_sysctl(SYS_CHECK_EXCLUDE, "c2audit") != 0)
1071 1079 c2audit_load = 0;
1072 1080 gotit++;
1073 1081
1074 1082 return (c2audit_load);
1075 1083 }
1076 1084
1077 1085 int
1078 1086 get_audit_ucrsize(void)
1079 1087 {
1080 1088 return (get_c2audit_load() ? sizeof (auditinfo64_addr_t) : 0);
1081 1089 }
1082 1090
1083 1091 /*
1084 1092 * Set zone pointer in credential to indicated value. First adds a
1085 1093 * hold for the new zone, then drops the hold on previous zone (if any).
1086 1094 * This is done in this order in case the old and new zones are the
1087 1095 * same.
1088 1096 */
1089 1097 void
1090 1098 crsetzone(cred_t *cr, zone_t *zptr)
1091 1099 {
1092 1100 zone_t *oldzptr = cr->cr_zone;
1093 1101
1094 1102 ASSERT(cr != kcred);
1095 1103 ASSERT(cr->cr_ref <= 2);
1096 1104 cr->cr_zone = zptr;
1097 1105 zone_cred_hold(zptr);
1098 1106 if (oldzptr)
1099 1107 zone_cred_rele(oldzptr);
1100 1108 }
1101 1109
1102 1110 /*
1103 1111 * Create a new cred based on the supplied label
1104 1112 */
1105 1113 cred_t *
1106 1114 newcred_from_bslabel(bslabel_t *blabel, uint32_t doi, int flags)
1107 1115 {
1108 1116 ts_label_t *lbl = labelalloc(blabel, doi, flags);
1109 1117 cred_t *cr = NULL;
1110 1118
1111 1119 if (lbl != NULL) {
1112 1120 if ((cr = crdup_flags(dummycr, flags)) != NULL) {
1113 1121 cr->cr_label = lbl;
1114 1122 } else {
1115 1123 label_rele(lbl);
1116 1124 }
1117 1125 }
1118 1126
1119 1127 return (cr);
1120 1128 }
1121 1129
1122 1130 /*
1123 1131 * Derive a new cred from the existing cred, but with a different label.
1124 1132 * To be used when a cred is being shared, but the label needs to be changed
1125 1133 * by a caller without affecting other users
1126 1134 */
1127 1135 cred_t *
1128 1136 copycred_from_tslabel(const cred_t *cr, ts_label_t *label, int flags)
1129 1137 {
1130 1138 cred_t *newcr = NULL;
1131 1139
1132 1140 if ((newcr = crdup_flags(cr, flags)) != NULL) {
1133 1141 if (newcr->cr_label != NULL)
1134 1142 label_rele(newcr->cr_label);
1135 1143 label_hold(label);
1136 1144 newcr->cr_label = label;
1137 1145 }
1138 1146
1139 1147 return (newcr);
1140 1148 }
1141 1149
1142 1150 /*
1143 1151 * Derive a new cred from the existing cred, but with a different label.
1144 1152 */
1145 1153 cred_t *
1146 1154 copycred_from_bslabel(const cred_t *cr, bslabel_t *blabel,
1147 1155 uint32_t doi, int flags)
1148 1156 {
1149 1157 ts_label_t *lbl = labelalloc(blabel, doi, flags);
1150 1158 cred_t *newcr = NULL;
1151 1159
1152 1160 if (lbl != NULL) {
1153 1161 newcr = copycred_from_tslabel(cr, lbl, flags);
1154 1162 label_rele(lbl);
1155 1163 }
1156 1164
1157 1165 return (newcr);
1158 1166 }
1159 1167
1160 1168 /*
1161 1169 * This function returns a pointer to the kcred-equivalent in the current zone.
1162 1170 */
1163 1171 cred_t *
1164 1172 zone_kcred(void)
1165 1173 {
1166 1174 zone_t *zone;
1167 1175
1168 1176 if ((zone = CRED()->cr_zone) != NULL)
1169 1177 return (zone->zone_kcred);
1170 1178 else
1171 1179 return (kcred);
1172 1180 }
1173 1181
1174 1182 boolean_t
1175 1183 valid_ephemeral_uid(zone_t *zone, uid_t id)
1176 1184 {
1177 1185 ephemeral_zsd_t *eph_zsd;
1178 1186 if (id <= IDMAP_WK__MAX_UID)
1179 1187 return (B_TRUE);
1180 1188
1181 1189 eph_zsd = get_ephemeral_zsd(zone);
1182 1190 ASSERT(eph_zsd != NULL);
1183 1191 membar_consumer();
1184 1192 return (id > eph_zsd->min_uid && id <= eph_zsd->last_uid);
1185 1193 }
1186 1194
1187 1195 boolean_t
1188 1196 valid_ephemeral_gid(zone_t *zone, gid_t id)
1189 1197 {
1190 1198 ephemeral_zsd_t *eph_zsd;
1191 1199 if (id <= IDMAP_WK__MAX_GID)
1192 1200 return (B_TRUE);
1193 1201
1194 1202 eph_zsd = get_ephemeral_zsd(zone);
1195 1203 ASSERT(eph_zsd != NULL);
1196 1204 membar_consumer();
1197 1205 return (id > eph_zsd->min_gid && id <= eph_zsd->last_gid);
1198 1206 }
1199 1207
1200 1208 int
1201 1209 eph_uid_alloc(zone_t *zone, int flags, uid_t *start, int count)
1202 1210 {
1203 1211 ephemeral_zsd_t *eph_zsd = get_ephemeral_zsd(zone);
1204 1212
1205 1213 ASSERT(eph_zsd != NULL);
1206 1214
1207 1215 mutex_enter(&eph_zsd->eph_lock);
1208 1216
1209 1217 /* Test for unsigned integer wrap around */
1210 1218 if (eph_zsd->last_uid + count < eph_zsd->last_uid) {
1211 1219 mutex_exit(&eph_zsd->eph_lock);
1212 1220 return (-1);
1213 1221 }
1214 1222
1215 1223 /* first call or idmap crashed and state corrupted */
1216 1224 if (flags != 0)
1217 1225 eph_zsd->min_uid = eph_zsd->last_uid;
1218 1226
1219 1227 hasephids = B_TRUE;
1220 1228 *start = eph_zsd->last_uid + 1;
1221 1229 atomic_add_32(&eph_zsd->last_uid, count);
1222 1230 mutex_exit(&eph_zsd->eph_lock);
1223 1231 return (0);
1224 1232 }
1225 1233
1226 1234 int
1227 1235 eph_gid_alloc(zone_t *zone, int flags, gid_t *start, int count)
1228 1236 {
1229 1237 ephemeral_zsd_t *eph_zsd = get_ephemeral_zsd(zone);
1230 1238
1231 1239 ASSERT(eph_zsd != NULL);
1232 1240
1233 1241 mutex_enter(&eph_zsd->eph_lock);
1234 1242
1235 1243 /* Test for unsigned integer wrap around */
1236 1244 if (eph_zsd->last_gid + count < eph_zsd->last_gid) {
1237 1245 mutex_exit(&eph_zsd->eph_lock);
1238 1246 return (-1);
1239 1247 }
1240 1248
1241 1249 /* first call or idmap crashed and state corrupted */
1242 1250 if (flags != 0)
1243 1251 eph_zsd->min_gid = eph_zsd->last_gid;
1244 1252
1245 1253 hasephids = B_TRUE;
1246 1254 *start = eph_zsd->last_gid + 1;
1247 1255 atomic_add_32(&eph_zsd->last_gid, count);
1248 1256 mutex_exit(&eph_zsd->eph_lock);
1249 1257 return (0);
1250 1258 }
1251 1259
1252 1260 /*
1253 1261 * IMPORTANT.The two functions get_ephemeral_data() and set_ephemeral_data()
1254 1262 * are project private functions that are for use of the test system only and
1255 1263 * are not to be used for other purposes.
1256 1264 */
1257 1265
1258 1266 void
1259 1267 get_ephemeral_data(zone_t *zone, uid_t *min_uid, uid_t *last_uid,
1260 1268 gid_t *min_gid, gid_t *last_gid)
1261 1269 {
1262 1270 ephemeral_zsd_t *eph_zsd = get_ephemeral_zsd(zone);
1263 1271
1264 1272 ASSERT(eph_zsd != NULL);
1265 1273
1266 1274 mutex_enter(&eph_zsd->eph_lock);
1267 1275
1268 1276 *min_uid = eph_zsd->min_uid;
1269 1277 *last_uid = eph_zsd->last_uid;
1270 1278 *min_gid = eph_zsd->min_gid;
1271 1279 *last_gid = eph_zsd->last_gid;
1272 1280
1273 1281 mutex_exit(&eph_zsd->eph_lock);
1274 1282 }
1275 1283
1276 1284
1277 1285 void
1278 1286 set_ephemeral_data(zone_t *zone, uid_t min_uid, uid_t last_uid,
1279 1287 gid_t min_gid, gid_t last_gid)
1280 1288 {
1281 1289 ephemeral_zsd_t *eph_zsd = get_ephemeral_zsd(zone);
1282 1290
1283 1291 ASSERT(eph_zsd != NULL);
1284 1292
1285 1293 mutex_enter(&eph_zsd->eph_lock);
1286 1294
1287 1295 if (min_uid != 0)
1288 1296 eph_zsd->min_uid = min_uid;
1289 1297 if (last_uid != 0)
1290 1298 eph_zsd->last_uid = last_uid;
1291 1299 if (min_gid != 0)
1292 1300 eph_zsd->min_gid = min_gid;
1293 1301 if (last_gid != 0)
1294 1302 eph_zsd->last_gid = last_gid;
1295 1303
1296 1304 mutex_exit(&eph_zsd->eph_lock);
1297 1305 }
1298 1306
1299 1307 /*
1300 1308 * If the credential user SID or group SID is mapped to an ephemeral
1301 1309 * ID, map the credential to nobody.
1302 1310 */
1303 1311 cred_t *
1304 1312 crgetmapped(const cred_t *cr)
1305 1313 {
1306 1314 ephemeral_zsd_t *eph_zsd;
1307 1315 /*
1308 1316 * Someone incorrectly passed a NULL cred to a vnode operation
1309 1317 * either on purpose or by calling CRED() in interrupt context.
1310 1318 */
1311 1319 if (cr == NULL)
1312 1320 return (NULL);
1313 1321
1314 1322 if (cr->cr_ksid != NULL) {
1315 1323 if (cr->cr_ksid->kr_sidx[KSID_USER].ks_id > MAXUID) {
1316 1324 eph_zsd = get_ephemeral_zsd(crgetzone(cr));
1317 1325 return (eph_zsd->eph_nobody);
1318 1326 }
1319 1327
1320 1328 if (cr->cr_ksid->kr_sidx[KSID_GROUP].ks_id > MAXUID) {
1321 1329 eph_zsd = get_ephemeral_zsd(crgetzone(cr));
1322 1330 return (eph_zsd->eph_nobody);
1323 1331 }
1324 1332 }
1325 1333
1326 1334 return ((cred_t *)cr);
1327 1335 }
1328 1336
1329 1337 /* index should be in range for a ksidindex_t */
1330 1338 void
1331 1339 crsetsid(cred_t *cr, ksid_t *ksp, int index)
1332 1340 {
1333 1341 ASSERT(cr->cr_ref <= 2);
1334 1342 ASSERT(index >= 0 && index < KSID_COUNT);
1335 1343 if (cr->cr_ksid == NULL && ksp == NULL)
1336 1344 return;
1337 1345 cr->cr_ksid = kcrsid_setsid(cr->cr_ksid, ksp, index);
1338 1346 }
1339 1347
1340 1348 void
1341 1349 crsetsidlist(cred_t *cr, ksidlist_t *ksl)
1342 1350 {
1343 1351 ASSERT(cr->cr_ref <= 2);
1344 1352 if (cr->cr_ksid == NULL && ksl == NULL)
1345 1353 return;
1346 1354 cr->cr_ksid = kcrsid_setsidlist(cr->cr_ksid, ksl);
1347 1355 }
1348 1356
1349 1357 ksid_t *
1350 1358 crgetsid(const cred_t *cr, int i)
1351 1359 {
1352 1360 ASSERT(i >= 0 && i < KSID_COUNT);
1353 1361 if (cr->cr_ksid != NULL && cr->cr_ksid->kr_sidx[i].ks_domain)
1354 1362 return ((ksid_t *)&cr->cr_ksid->kr_sidx[i]);
1355 1363 return (NULL);
1356 1364 }
1357 1365
1358 1366 ksidlist_t *
1359 1367 crgetsidlist(const cred_t *cr)
1360 1368 {
1361 1369 if (cr->cr_ksid != NULL)
1362 1370 return (cr->cr_ksid->kr_sidlist);
1363 1371 return (NULL);
1364 1372 }
1365 1373
1366 1374 /*
1367 1375 * Interface to set the effective and permitted privileges for
1368 1376 * a credential; this interface does no security checks and is
1369 1377 * intended for kernel (file)servers creating credentials with
1370 1378 * specific privileges.
1371 1379 */
1372 1380 int
1373 1381 crsetpriv(cred_t *cr, ...)
1374 1382 {
1375 1383 va_list ap;
1376 1384 const char *privnm;
1377 1385
1378 1386 ASSERT(cr->cr_ref <= 2);
1379 1387
1380 1388 priv_set_PA(cr);
1381 1389
1382 1390 va_start(ap, cr);
1383 1391
1384 1392 while ((privnm = va_arg(ap, const char *)) != NULL) {
1385 1393 int priv = priv_getbyname(privnm, 0);
1386 1394 if (priv < 0)
1387 1395 return (-1);
1388 1396
1389 1397 priv_addset(&CR_PPRIV(cr), priv);
1390 1398 priv_addset(&CR_EPRIV(cr), priv);
1391 1399 }
1392 1400 priv_adjust_PA(cr);
1393 1401 va_end(ap);
1394 1402 return (0);
1395 1403 }
1396 1404
1397 1405 /*
1398 1406 * Interface to effectively set the PRIV_ALL for
1399 1407 * a credential; this interface does no security checks and is
1400 1408 * intended for kernel (file)servers to extend the user credentials
1401 1409 * to be ALL, like either kcred or zcred.
1402 1410 */
1403 1411 void
1404 1412 crset_zone_privall(cred_t *cr)
1405 1413 {
1406 1414 zone_t *zone = crgetzone(cr);
1407 1415
1408 1416 priv_fillset(&CR_LPRIV(cr));
1409 1417 CR_EPRIV(cr) = CR_PPRIV(cr) = CR_IPRIV(cr) = CR_LPRIV(cr);
1410 1418 priv_intersect(zone->zone_privset, &CR_LPRIV(cr));
1411 1419 priv_intersect(zone->zone_privset, &CR_EPRIV(cr));
1412 1420 priv_intersect(zone->zone_privset, &CR_IPRIV(cr));
1413 1421 priv_intersect(zone->zone_privset, &CR_PPRIV(cr));
1414 1422 }
1415 1423
1416 1424 struct credklpd *
1417 1425 crgetcrklpd(const cred_t *cr)
1418 1426 {
1419 1427 return (cr->cr_klpd);
1420 1428 }
1421 1429
1422 1430 void
1423 1431 crsetcrklpd(cred_t *cr, struct credklpd *crklpd)
1424 1432 {
1425 1433 ASSERT(cr->cr_ref <= 2);
1426 1434
1427 1435 if (cr->cr_klpd != NULL)
1428 1436 crklpd_rele(cr->cr_klpd);
1429 1437 cr->cr_klpd = crklpd;
1430 1438 }
1431 1439
1432 1440 credgrp_t *
1433 1441 crgrpcopyin(int n, gid_t *gidset)
1434 1442 {
1435 1443 credgrp_t *mem;
1436 1444 size_t sz = CREDGRPSZ(n);
1437 1445
1438 1446 ASSERT(n > 0);
1439 1447
1440 1448 mem = kmem_alloc(sz, KM_SLEEP);
1441 1449
1442 1450 if (copyin(gidset, mem->crg_groups, sizeof (gid_t) * n)) {
1443 1451 kmem_free(mem, sz);
1444 1452 return (NULL);
1445 1453 }
1446 1454 mem->crg_ref = 1;
1447 1455 mem->crg_ngroups = n;
1448 1456 qsort(mem->crg_groups, n, sizeof (gid_t), gidcmp);
1449 1457 return (mem);
1450 1458 }
1451 1459
1452 1460 const gid_t *
1453 1461 crgetggroups(const credgrp_t *grps)
1454 1462 {
1455 1463 return (grps->crg_groups);
1456 1464 }
1457 1465
1458 1466 void
1459 1467 crsetcredgrp(cred_t *cr, credgrp_t *grps)
1460 1468 {
1461 1469 ASSERT(cr->cr_ref <= 2);
1462 1470
1463 1471 if (cr->cr_grps != NULL)
1464 1472 crgrprele(cr->cr_grps);
1465 1473
1466 1474 cr->cr_grps = grps;
1467 1475 }
1468 1476
1469 1477 void
1470 1478 crgrprele(credgrp_t *grps)
1471 1479 {
1472 1480 if (atomic_dec_32_nv(&grps->crg_ref) == 0)
1473 1481 kmem_free(grps, CREDGRPSZ(grps->crg_ngroups));
1474 1482 }
1475 1483
1476 1484 static void
1477 1485 crgrphold(credgrp_t *grps)
1478 1486 {
1479 1487 atomic_inc_32(&grps->crg_ref);
1480 1488 }
|
↓ open down ↓ |
739 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX