common/syscall/sidsys.c

	sidsys.c revision bda89588bd7667394a834e8a9a34612cce2ae9c3
f48205be61a214698b763ff550ab9e657525104ccasper/*
f48205be61a214698b763ff550ab9e657525104ccasper * CDDL HEADER START
f48205be61a214698b763ff550ab9e657525104ccasper *
f48205be61a214698b763ff550ab9e657525104ccasper * The contents of this file are subject to the terms of the
f48205be61a214698b763ff550ab9e657525104ccasper * Common Development and Distribution License (the "License").
f48205be61a214698b763ff550ab9e657525104ccasper * You may not use this file except in compliance with the License.
f48205be61a214698b763ff550ab9e657525104ccasper *
f48205be61a214698b763ff550ab9e657525104ccasper * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
f48205be61a214698b763ff550ab9e657525104ccasper * or http://www.opensolaris.org/os/licensing.
f48205be61a214698b763ff550ab9e657525104ccasper * See the License for the specific language governing permissions
f48205be61a214698b763ff550ab9e657525104ccasper * and limitations under the License.
f48205be61a214698b763ff550ab9e657525104ccasper *
f48205be61a214698b763ff550ab9e657525104ccasper * When distributing Covered Code, include this CDDL HEADER in each
f48205be61a214698b763ff550ab9e657525104ccasper * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
f48205be61a214698b763ff550ab9e657525104ccasper * If applicable, add the following below this CDDL HEADER, with the
f48205be61a214698b763ff550ab9e657525104ccasper * fields enclosed by brackets "[]" replaced with your own identifying
f48205be61a214698b763ff550ab9e657525104ccasper * information: Portions Copyright [yyyy] [name of copyright owner]
f48205be61a214698b763ff550ab9e657525104ccasper *
f48205be61a214698b763ff550ab9e657525104ccasper * CDDL HEADER END
f48205be61a214698b763ff550ab9e657525104ccasper */
f48205be61a214698b763ff550ab9e657525104ccasper
f48205be61a214698b763ff550ab9e657525104ccasper/*
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
f48205be61a214698b763ff550ab9e657525104ccasper * Use is subject to license terms.
f48205be61a214698b763ff550ab9e657525104ccasper */
f48205be61a214698b763ff550ab9e657525104ccasper
f48205be61a214698b763ff550ab9e657525104ccasper#pragma ident   "%Z%%M% %I% %E% SMI"
f48205be61a214698b763ff550ab9e657525104ccasper
f48205be61a214698b763ff550ab9e657525104ccasper/*
f48205be61a214698b763ff550ab9e657525104ccasper * SID system call.
f48205be61a214698b763ff550ab9e657525104ccasper */
f48205be61a214698b763ff550ab9e657525104ccasper
f48205be61a214698b763ff550ab9e657525104ccasper#include <sys/sid.h>
f48205be61a214698b763ff550ab9e657525104ccasper#include <sys/cred.h>
f48205be61a214698b763ff550ab9e657525104ccasper#include <sys/errno.h>
f48205be61a214698b763ff550ab9e657525104ccasper#include <sys/systm.h>
f48205be61a214698b763ff550ab9e657525104ccasper#include <sys/policy.h>
f48205be61a214698b763ff550ab9e657525104ccasper#include <sys/door.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <sys/kidmap.h>
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#include <sys/proc.h>
f48205be61a214698b763ff550ab9e657525104ccasper
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwstatic uint64_t
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwallocids(int flag, int nuids, int ngids)
f48205be61a214698b763ff550ab9e657525104ccasper{
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    rval_t r;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    uid_t su = 0;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    gid_t sg = 0;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    struct door_info di;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    door_handle_t dh;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    int err;
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    zone_t *zone = crgetzone(CRED());
f48205be61a214698b763ff550ab9e657525104ccasper
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    dh = idmap_get_door(zone);
f48205be61a214698b763ff550ab9e657525104ccasper
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    if (dh == NULL)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        return (set_errno(EPERM));
f48205be61a214698b763ff550ab9e657525104ccasper
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    if ((err = door_ki_info(dh, &di)) != 0) {
bda89588bd7667394a834e8a9a34612cce2ae9c3jp        door_ki_rele(dh);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        return (set_errno(err));
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    }
bda89588bd7667394a834e8a9a34612cce2ae9c3jp
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    door_ki_rele(dh);
f48205be61a214698b763ff550ab9e657525104ccasper
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    if (curproc->p_pid != di.di_target)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        return (set_errno(EPERM));
f48205be61a214698b763ff550ab9e657525104ccasper
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    if (flag)
bda89588bd7667394a834e8a9a34612cce2ae9c3jp        idmap_purge_cache(zone);
f48205be61a214698b763ff550ab9e657525104ccasper
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    if (nuids < 0 || ngids < 0)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        return (set_errno(EINVAL));
f48205be61a214698b763ff550ab9e657525104ccasper
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    if (flag != 0 || nuids > 0)
bda89588bd7667394a834e8a9a34612cce2ae9c3jp        err = eph_uid_alloc(zone, flag, &su, nuids);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    if (err == 0 && (flag != 0 || ngids > 0))
bda89588bd7667394a834e8a9a34612cce2ae9c3jp        err = eph_gid_alloc(zone, flag, &sg, ngids);
f48205be61a214698b763ff550ab9e657525104ccasper
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    if (err != 0)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw        return (set_errno(EOVERFLOW));
f48205be61a214698b763ff550ab9e657525104ccasper
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    r.r_val1 = su;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    r.r_val2 = sg;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw    return (r.r_vals);
f48205be61a214698b763ff550ab9e657525104ccasper}
f48205be61a214698b763ff550ab9e657525104ccasper
f48205be61a214698b763ff550ab9e657525104ccasperstatic int
f48205be61a214698b763ff550ab9e657525104ccasperidmap_reg(int did)
f48205be61a214698b763ff550ab9e657525104ccasper{
f48205be61a214698b763ff550ab9e657525104ccasper    door_handle_t dh;
f48205be61a214698b763ff550ab9e657525104ccasper    int err;
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    cred_t *cr = CRED();
f48205be61a214698b763ff550ab9e657525104ccasper
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    if ((err = secpolicy_idmap(cr)) != 0)
f48205be61a214698b763ff550ab9e657525104ccasper        return (set_errno(err));
f48205be61a214698b763ff550ab9e657525104ccasper
f48205be61a214698b763ff550ab9e657525104ccasper    dh = door_ki_lookup(did);
f48205be61a214698b763ff550ab9e657525104ccasper
f48205be61a214698b763ff550ab9e657525104ccasper    if (dh == NULL)
f48205be61a214698b763ff550ab9e657525104ccasper        return (set_errno(EBADF));
f48205be61a214698b763ff550ab9e657525104ccasper
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    if ((err = idmap_reg_dh(crgetzone(cr), dh)) != 0)
bda89588bd7667394a834e8a9a34612cce2ae9c3jp        return (set_errno(err));
f48205be61a214698b763ff550ab9e657525104ccasper
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    return (0);
f48205be61a214698b763ff550ab9e657525104ccasper}
f48205be61a214698b763ff550ab9e657525104ccasper
f48205be61a214698b763ff550ab9e657525104ccasperstatic int
f48205be61a214698b763ff550ab9e657525104ccasperidmap_unreg(int did)
f48205be61a214698b763ff550ab9e657525104ccasper{
f48205be61a214698b763ff550ab9e657525104ccasper    door_handle_t dh = door_ki_lookup(did);
f48205be61a214698b763ff550ab9e657525104ccasper    int res;
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    zone_t *zone;
f48205be61a214698b763ff550ab9e657525104ccasper
f48205be61a214698b763ff550ab9e657525104ccasper    if (dh == NULL)
f48205be61a214698b763ff550ab9e657525104ccasper        return (set_errno(EINVAL));
f48205be61a214698b763ff550ab9e657525104ccasper
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    zone = crgetzone(CRED());
bda89588bd7667394a834e8a9a34612cce2ae9c3jp    res = idmap_unreg_dh(zone, dh);
f48205be61a214698b763ff550ab9e657525104ccasper    door_ki_rele(dh);
f48205be61a214698b763ff550ab9e657525104ccasper
f48205be61a214698b763ff550ab9e657525104ccasper    if (res != 0)
f48205be61a214698b763ff550ab9e657525104ccasper        return (set_errno(res));
f48205be61a214698b763ff550ab9e657525104ccasper    return (0);
f48205be61a214698b763ff550ab9e657525104ccasper}
f48205be61a214698b763ff550ab9e657525104ccasper
f48205be61a214698b763ff550ab9e657525104ccasperuint64_t
f48205be61a214698b763ff550ab9e657525104ccaspersidsys(int op, int flag, int nuids, int ngids)
f48205be61a214698b763ff550ab9e657525104ccasper{
f48205be61a214698b763ff550ab9e657525104ccasper    switch (op) {
f48205be61a214698b763ff550ab9e657525104ccasper    case SIDSYS_ALLOC_IDS:
f48205be61a214698b763ff550ab9e657525104ccasper        return (allocids(flag, nuids, ngids));
f48205be61a214698b763ff550ab9e657525104ccasper    case SIDSYS_IDMAP_REG:
f48205be61a214698b763ff550ab9e657525104ccasper        return (idmap_reg(flag));
f48205be61a214698b763ff550ab9e657525104ccasper    case SIDSYS_IDMAP_UNREG:
f48205be61a214698b763ff550ab9e657525104ccasper        return (idmap_unreg(flag));
f48205be61a214698b763ff550ab9e657525104ccasper    default:
f48205be61a214698b763ff550ab9e657525104ccasper        return (set_errno(EINVAL));
f48205be61a214698b763ff550ab9e657525104ccasper    }
f48205be61a214698b763ff550ab9e657525104ccasper}