/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2013, Ira Cooper. All rights reserved.
*/
/*
*/
/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
/* All Rights Reserved */
/*
* University Copyright- Copyright (c) 1982, 1986, 1988
* The Regents of the University of California
* All Rights Reserved
*
* University Acknowledgment- Portions of this document are derived from
* software developed by the University of California, Berkeley, and its
* contributors.
*/
#include <sys/sysmacros.h>
#include <sys/cred_impl.h>
/* Ephemeral IDs Zones specific data */
typedef struct ephemeral_zsd {
static int audoff = 0;
static int get_c2audit_load(void);
((char *)(c)) + audoff)
static ephemeral_zsd_t *
{
return (eph_zsd);
}
/*
* nobody is used to map SID containing CRs.
*/
}
return (eph_zsd);
}
static cred_t *cralloc_flags(int);
/*
* This function is called when a zone is destroyed
*/
static void
/* ARGSUSED */
{
}
}
/*
* Initialize credentials data structures.
*/
void
cred_init(void)
{
priv_init();
if (get_c2audit_load() > 0) {
#ifdef _LP64
/* assure audit context is 64-bit aligned */
#else /* _LP64 */
#endif /* _LP64 */
}
/*
* dummycr is used to copy initial state for creds.
*/
/*
* kcred is used by anything that needs all privileges; it's
* also the template used for crget as it has all the compatible
* sets filled in.
*/
/* kcred is never freed, so we don't need zone_cred_hold here */
/* Not a basic privilege, if chown is not restricted add it to I0 */
if (!rstchown)
/* Basic privilege, if link is restricted remove it from I0 */
if (rstlink)
/*
* Set up credentials of p0.
*/
}
/*
* Allocate (nearly) uninitialized cred_t.
*/
static cred_t *
{
return (NULL);
return (cr);
}
cred_t *
cralloc(void)
{
return (cralloc_flags(KM_SLEEP));
}
/*
* As cralloc but prepared for ksid change (if appropriate).
*/
cred_t *
cralloc_ksid(void)
{
if (hasephids)
return (cr);
}
/*
* Allocate a initialized cred structure and crhold() it.
* Initialized means: all ids 0, group count 0, L=Full, E=P=I=I0
*/
cred_t *
crget(void)
{
return (cr);
}
/*
* Broadcast the cred to all the threads in the process.
* The current thread's credentials can be set right away, but other
* threads must wait until the start of the next system call or trap.
* This avoids changing the cred in the middle of a system call.
*
* The cred has already been held for the process and the thread (2 holds),
* and p->p_cred set.
*
* p->p_crlock shouldn't be held here, since p_lock must be acquired.
*/
void
{
kthread_id_t t;
/*
* DTrace accesses t_cred in probe context. t_cred must always be
* either NULL, or point to a valid, allocated cred structure.
*/
t = curthread;
/*
* Broadcast to other threads, if any.
*/
if (p->p_lwpcnt > 1) {
mutex_exit(&p->p_lock);
}
}
/*
* Put a hold on a cred structure.
*/
void
{
}
/*
* Release previous hold on a cred structure. Free it if refcnt == 0.
* If cred uses label different from zone label, free it.
*/
void
{
}
}
/*
* Copy a cred structure to a new one and free the old one.
* The new cred will have two references. One for the calling process,
* and one for the thread.
*/
cred_t *
{
return (newcr);
}
/*
* Copy a cred structure to a new one and free the old one.
* The new cred will have two references. One for the calling process,
* and one for the thread.
* This variation on crcopy uses a pre-allocated structure for the
* "new" cred.
*/
void
{
if (nkcr) {
}
/*
* Dup a cred struct to a new held one.
* The old cred is not freed.
*/
static cred_t *
{
return (NULL);
return (newcr);
}
cred_t *
{
}
/*
* Dup a cred struct to a new held one.
* The old cred is not freed.
* This variation on crdup uses a pre-allocated structure for the
* "new" cred.
*/
void
{
if (nkcr) {
}
/*
* Return the (held) credentials for the current running process.
*/
cred_t *
crgetcred(void)
{
proc_t *p;
mutex_enter(&p->p_crlock);
mutex_exit(&p->p_crlock);
return (cr);
}
/*
* Backward compatibility check for suser().
* Accounting flag is now set in the policy functions; auditing is
* done through use of privilege in the audit trail.
*/
int
{
== 0);
}
/*
* Determine whether the supplied group id is a member of the group
* described by the supplied credentials.
*/
int
{
return (1);
}
/*
* As groupmember but only check against the supplemental groups.
*/
int
{
return (0);
/* For a small number of groups, use sequentials search. */
return (1);
return (0);
}
/* We use binary search when we have many groups. */
lo = 0;
do {
lo = m + 1;
hi = m - 1;
else
return (1);
return (0);
}
/*
* This function is called to check whether the credentials set
* "scrp" has permission to act on credentials set "tcrp". It enforces the
* permission requirements needed to send a signal to a process.
* The same requirements are imposed by other system calls, however.
*
* The rules are:
* (1) if the credentials are the same, the check succeeds
* (2) if the zone ids don't match, and scrp is not in the global zone or
* does not have the PRIV_PROC_ZONE privilege, the check fails
* (3) if the real or effective user id of scrp matches the real or saved
* user id of tcrp or scrp has the PRIV_PROC_OWNER privilege, the check
* succeeds
* (4) otherwise, the check fails
*/
int
{
return (1);
secpolicy_proc_zone(scrp) != 0))
return (0);
return (1);
return (0);
}
/*
* This interface replaces hasprocperm; it works like hasprocperm but
* additionally returns success if the proc_t's match
* It is the preferred interface for most uses.
* And it will acquire p_crlock itself, so it assert's that it shouldn't
* be held.
*/
int
{
int rets;
return (1);
return (0);
return (rets);
}
/*
* This routine is used to compare two credentials to determine if
* they refer to the same "user". If the pointers are equal, then
* they must refer to the same user. Otherwise, the contents of
* the credentials are compared to see whether they are equivalent.
*
* This routine returns 0 if the credentials refer to the same user,
* 1 if they do not.
*/
int
{
return (0);
}
return (1);
}
/*
* Read access functions to cred_t.
*/
{
}
{
}
{
}
{
}
{
}
{
}
const auditinfo_addr_t *
{
}
{
}
{
}
{
}
zone_t *
{
}
struct ts_label_s *
{
}
{
return (REMOTE_PEER_CRED(cr));
}
int
{
return (-1);
if (r != -1)
if (e != -1)
if (s != -1)
return (0);
}
int
{
return (-1);
if (r != -1)
if (e != -1)
if (s != -1)
return (0);
}
int
{
return (-1);
return (0);
}
static int
{
return (-1);
return (1);
else
return (0);
}
int
{
if (n > ngroups_max || n < 0)
return (-1);
if (n > 0) {
} else {
}
return (0);
}
void
{
}
/*
* This routine returns the pointer to the first element of the crg_groups
* array. It can move around in an implementation defined way.
* Note that when we have no grouplist, we return one element but the
* caller should never reference it.
*/
const gid_t *
{
}
int
{
}
void
{
if (pcrp->pr_ngroups != 0)
}
static int
{
return (-1);
return (0);
}
void
{
}
/*
* Convert a credential into a "ucred". Allow the caller to specify
* and aligned buffer, e.g., in an mblk, so we don't have to allocate
* memory and copy it twice.
*
* This function may call cred2ucaud(), which calls CRED(). Since this
* can be called from an interrupt thread, receiver's cred (rcr) is needed
* to determine whether audit info should be included.
*/
struct ucred_s *
{
/* The structure isn't always completely filled in, so zero it */
} else {
}
if (REMOTE_PEER_CRED(cr)) {
/*
* Other than label, the rest of cred info about a
* remote peer isn't available. Copy the label directly
* after the header where we generally copy the prcred.
* That's why we use sizeof (struct ucred_s). The other
* offset fields are initialized to 0.
*/
} else {
}
return (uc);
}
/*
* Don't allocate the non-needed group entries. Note: this function
* must match the code in cred2ucred; they must agree about the
* minimal size of the ucred.
*/
{
int ndiff;
return (ucredsize);
if (REMOTE_PEER_CRED(cr)) {
if (is_system_labeled())
else
return (sizeof (struct ucred_s));
}
else
}
/*
* Get the "ucred" of a process.
*/
struct ucred_s *
{
mutex_enter(&p->p_crlock);
mutex_exit(&p->p_crlock);
return (uc);
}
/*
* If the reply status is NFSERR_EACCES, it may be because we are
* root (no root net access). Check the real uid, if it isn't root
* make that the uid instead and retry the call.
* Private interface for NFS.
*/
cred_t *
{
return (cr);
}
return (NULL);
}
/*
* The reference count is of interest when you want to check
* whether it is ok to modify the credential in place.
*/
{
}
static int
get_c2audit_load(void)
{
static int gotit = 0;
static int c2audit_load;
if (gotit)
return (c2audit_load);
c2audit_load = 0;
gotit++;
return (c2audit_load);
}
int
get_audit_ucrsize(void)
{
return (get_c2audit_load() ? sizeof (auditinfo64_addr_t) : 0);
}
/*
* Set zone pointer in credential to indicated value. First adds a
* hold for the new zone, then drops the hold on previous zone (if any).
* This is done in this order in case the old and new zones are the
* same.
*/
void
{
if (oldzptr)
}
/*
* Create a new cred based on the supplied label
*/
cred_t *
{
} else {
}
}
return (cr);
}
/*
* Derive a new cred from the existing cred, but with a different label.
* To be used when a cred is being shared, but the label needs to be changed
* by a caller without affecting other users
*/
cred_t *
{
}
return (newcr);
}
/*
* Derive a new cred from the existing cred, but with a different label.
*/
cred_t *
{
}
return (newcr);
}
/*
* This function returns a pointer to the kcred-equivalent in the current zone.
*/
cred_t *
zone_kcred(void)
{
return (zone->zone_kcred);
else
return (kcred);
}
{
if (id <= IDMAP_WK__MAX_UID)
return (B_TRUE);
}
{
if (id <= IDMAP_WK__MAX_GID)
return (B_TRUE);
}
int
{
/* Test for unsigned integer wrap around */
return (-1);
}
/* first call or idmap crashed and state corrupted */
if (flags != 0)
return (0);
}
int
{
/* Test for unsigned integer wrap around */
return (-1);
}
/* first call or idmap crashed and state corrupted */
if (flags != 0)
return (0);
}
/*
* IMPORTANT.The two functions get_ephemeral_data() and set_ephemeral_data()
* are project private functions that are for use of the test system only and
* are not to be used for other purposes.
*/
void
{
}
void
{
if (min_uid != 0)
if (last_uid != 0)
if (min_gid != 0)
if (last_gid != 0)
}
/*
* If the credential user SID or group SID is mapped to an ephemeral
* ID, map the credential to nobody.
*/
cred_t *
{
/*
* Someone incorrectly passed a NULL cred to a vnode operation
* either on purpose or by calling CRED() in interrupt context.
*/
return (NULL);
return (eph_zsd->eph_nobody);
}
return (eph_zsd->eph_nobody);
}
}
}
/* index should be in range for a ksidindex_t */
void
{
return;
}
void
{
return;
}
ksid_t *
{
ASSERT(i >= 0 && i < KSID_COUNT);
return (NULL);
}
{
return (NULL);
}
/*
* Interface to set the effective and permitted privileges for
* a credential; this interface does no security checks and is
* intended for kernel (file)servers creating credentials with
* specific privileges.
*/
int
{
const char *privnm;
if (priv < 0)
return (-1);
}
return (0);
}
/*
* Interface to effectively set the PRIV_ALL for
* a credential; this interface does no security checks and is
* intended for kernel (file)servers to extend the user credentials
* to be ALL, like either kcred or zcred.
*/
void
{
}
struct credklpd *
{
}
void
{
}
{
ASSERT(n > 0);
return (NULL);
}
mem->crg_ngroups = n;
return (mem);
}
const gid_t *
{
return (grps->crg_groups);
}
void
{
}
void
{
}
static void
{
}