1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 1992, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 #include <auth_attr.h>
27 #include <auth_list.h>
28 #include <dirent.h>
29 #include <errno.h>
30 #include <fcntl.h>
31 #include <libintl.h>
32 #include <locale.h>
33 #include <pwd.h>
34 #include <signal.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <strings.h>
39 #include <unistd.h>
40 #include <bsm/devices.h>
41 #include <sys/acl.h>
42 #include <tsol/label.h>
43 #include <syslog.h>
44 #include <limits.h>
45 #include <user_attr.h>
46 #include <secdb.h>
47 #include <sys/mkdev.h>
48 #include <sys/acl.h>
49 #include <sys/file.h>
50 #include <sys/procfs.h>
51 #include <sys/param.h>
52 #include <sys/resource.h>
53 #include <sys/stat.h>
54 #include <sys/time.h>
55 #include <sys/types.h>
56 #include <sys/wait.h>
57 #include <utime.h>
58 #include <libgen.h>
59 #include <zone.h>
60 #include <nss_dbdefs.h>
61 #include <bsm/devalloc.h>
62 #include <libdevinfo.h>
63 #include "allocate.h"
64
65 extern void print_error(int, char *);
66
67 #if defined(DEBUG) || defined(lint)
68 #define dprintf(s, a) (void) fprintf(stderr, s, a)
69 #define dperror(s) perror(s)
70 #else /* !DEBUG */
71 #define dprintf(s, a) 0
72 #define dperror(s) 0
73 #endif /* DEBUG */
74
75 #define DEV_ERRORED(sbuf) (((sbuf).st_mode & ~S_IFMT) == ALLOC_ERR_MODE)
76 #define DEV_ALLOCATED(sbuf) ((sbuf).st_uid != DA_UID || \
77 !(((sbuf).st_mode & ~S_IFMT) == DEALLOC_MODE || \
78 DEV_ERRORED(sbuf)))
79
80 #define ALLOC_CLEAN "-A"
81 #define DEALLOC_CLEAN "-D"
82 #define DAC_DIR "/etc/security/dev"
83 #define DEVICE_AUTH_SEPARATOR ","
84 #define LOCALDEVICE "/dev/console"
85 #define PROCFS "/proc/"
86 #define SFF_NO_ERROR 0x1
87
88 #define ALLOC_BY_NONE -1
89 #define CHECK_DRANGE 1
90 #define CHECK_URANGE 2
91 #define CHECK_ZLABEL 3
92
93 extern void audit_allocate_list(char *);
94 extern void audit_allocate_device(char *);
95
96 extern int system_labeled;
97 extern char *newenv[];
98
99 struct state_file {
100 int sf_flags;
101 char sf_path[MAXPATHLEN];
102 };
103
104 struct file_info {
105 struct stat fi_stat;
106 char *fi_message;
107 };
108
109 struct zone_path {
110 int count;
111 char **path;
112 };
113
114 struct dev_names {
115 char **dnames;
116 };
117
118 static int _dev_file_name(struct state_file *, devmap_t *);
119 static int lock_dev(char *, struct stat *);
120 static int _check_label(devalloc_t *, char *, uid_t, int);
121 static int create_znode(char *, struct zone_path *, devmap_t *);
122 static int remove_znode(char *, devmap_t *);
123 static int update_device(char **, char *, int);
124
125 /*
126 * checks if the invoking user is local to the device
127 */
128 /*ARGSUSED*/
129 int
_is_local(uid_t uid)130 _is_local(uid_t uid)
131 {
132 struct stat statbuf;
133
134 if (stat(LOCALDEVICE, &statbuf) == 0 &&
135 statbuf.st_uid == uid)
136 return (1);
137
138 return (0);
139 }
140
141 /*
142 * Checks if the user with the specified uid has the specified authorization
143 */
144 int
_is_authorized(char * auths,uid_t uid)145 _is_authorized(char *auths, uid_t uid)
146 {
147 char *dcp, *authlist, *lasts;
148 char pw_buf[NSS_BUFLEN_PASSWD];
149 struct passwd pw_ent;
150
151 /*
152 * first, the easy cases
153 */
154 if (strcmp(auths, "@") == 0)
155 return (1);
156 if (strcmp(auths, "*") == 0)
157 return (ALLOC_BY_NONE);
158 if (getpwuid_r(uid, &pw_ent, pw_buf, sizeof (pw_buf)) == NULL)
159 return (0);
160 if (strpbrk(auths, DEVICE_AUTH_SEPARATOR) == NULL)
161 return (chkauthattr(auths, pw_ent.pw_name));
162 authlist = strdup(auths);
163 if (authlist == NULL)
164 return (0);
165 for (dcp = authlist;
166 (dcp = strtok_r(dcp, DEVICE_AUTH_SEPARATOR, &lasts)) != NULL;
167 dcp = NULL) {
168 if (chkauthattr(dcp, pw_ent.pw_name))
169 break;
170 }
171 free(authlist);
172
173 return (dcp != NULL);
174 }
175
176 /*
177 * Checks if the specified user has authorization for the device
178 */
179 int
_is_dev_authorized(devalloc_t * da,uid_t uid)180 _is_dev_authorized(devalloc_t *da, uid_t uid)
181 {
182 int ares;
183 char *auth_list, *dcp, *subauth = NULL;
184
185 auth_list = da->da_devauth;
186 if (auth_list == NULL)
187 return (0);
188 dcp = strpbrk(auth_list, KV_TOKEN_DELIMIT);
189 if (dcp == NULL)
190 return (_is_authorized(auth_list, uid));
191 if (_is_local(uid)) {
192 /* the local authorization is before the separator */
193 ares = dcp - auth_list;
194 subauth = malloc(ares + 1);
195 if (subauth == NULL)
196 return (0);
197 (void) strlcpy(subauth, auth_list, (ares + 1));
198 auth_list = subauth;
199 } else
200 auth_list = dcp + 1;
201 ares = _is_authorized(auth_list, uid);
202 if (subauth != NULL)
203 free(subauth);
204
205 return (ares);
206 }
207
208 int
check_devs(devmap_t * dm)209 check_devs(devmap_t *dm)
210 {
211 int status = 0;
212 char **file;
213
214 if (dm->dmap_devarray == NULL)
215 return (NODMAPERR);
216 for (file = dm->dmap_devarray; *file != NULL; file++) {
217 if ((status = access(*file, F_OK)) == -1) {
218 dprintf("Unable to access file %s\n", *file);
219 break;
220 }
221 }
222
223 return (status);
224 }
225
226 int
print_da_defs(da_defs_t * da_defs)227 print_da_defs(da_defs_t *da_defs)
228 {
229 char optbuf[BUFSIZ];
230 char *p = NULL;
231
232 if (da_defs->devopts == NULL) {
233 dprintf("No default attributes for %s\n", da_defs->devtype);
234 return (DEFATTRSERR);
235 }
236 (void) printf("dev_type=%s\n", da_defs->devtype);
237 if (_kva2str(da_defs->devopts, optbuf, sizeof (optbuf), KV_ASSIGN,
238 KV_TOKEN_DELIMIT) == 0) {
239 if (p = rindex(optbuf, ':'))
240 *p = '\0';
241 (void) printf("\t%s\n", optbuf);
242 }
243
244 return (0);
245 }
246
247 void
print_dev_attrs(int optflag,devalloc_t * da,devmap_t * dm,struct file_info * fip)248 print_dev_attrs(int optflag, devalloc_t *da, devmap_t *dm,
249 struct file_info *fip)
250 {
251 char *p = NULL;
252 char optbuf[BUFSIZ];
253
254 (void) printf("device=%s%s", dm->dmap_devname, KV_DELIMITER);
255 (void) printf("type=%s%s", dm->dmap_devtype, KV_DELIMITER);
256 (void) printf("auths=%s%s",
257 (da->da_devauth ? da->da_devauth : ""), KV_DELIMITER);
258 (void) printf("clean=%s%s",
259 (da->da_devexec ? da->da_devexec : ""), KV_DELIMITER);
260 if (da->da_devopts != NULL) {
261 if (_kva2str(da->da_devopts, optbuf, sizeof (optbuf),
262 KV_ASSIGN, KV_TOKEN_DELIMIT) == 0) {
263 if (p = rindex(optbuf, ':'))
264 *p = '\0';
265 (void) printf("%s", optbuf);
266 }
267 }
268 (void) printf("%s", KV_DELIMITER);
269 if (optflag & WINDOWING) {
270 if ((fip->fi_message != NULL) &&
271 (strcmp(fip->fi_message, DAOPT_CLASS) == 0))
272 (void) printf("owner=/FREE%s", KV_DELIMITER);
273 else if (DEV_ERRORED(fip->fi_stat))
274 (void) printf("owner=/ERROR%s", KV_DELIMITER);
275 else if (!DEV_ALLOCATED(fip->fi_stat))
276 (void) printf("owner=/FREE%s", KV_DELIMITER);
277 else
278 (void) printf("owner=%u%s", fip->fi_stat.st_uid,
279 KV_DELIMITER);
280 }
281 (void) printf("files=%s", dm->dmap_devlist);
282 (void) printf("\n");
283 }
284
285 void
print_dev(devmap_t * dm)286 print_dev(devmap_t *dm)
287 {
288 char **file;
289
290 (void) printf(gettext("device: %s "), dm->dmap_devname);
291 (void) printf(gettext("type: %s "), dm->dmap_devtype);
292 (void) printf(gettext("files:"));
293 file = dm->dmap_devarray;
294 if (file != NULL) {
295 for (; *file != NULL; file++)
296 (void) printf(" %s", *file);
297 }
298 (void) printf("\n");
299 }
300
301 /* ARGSUSED */
302 int
_list_device(int optflag,uid_t uid,devalloc_t * da,char * zonename)303 _list_device(int optflag, uid_t uid, devalloc_t *da, char *zonename)
304 {
305 int bytes = 0;
306 int error = 0;
307 int is_authorized = 0;
308 char *fname = NULL;
309 char file_name[MAXPATHLEN];
310 devmap_t *dm;
311 struct file_info fi;
312 struct state_file sf;
313
314 fi.fi_message = NULL;
315 setdmapent();
316 if ((dm = getdmapnam(da->da_devname)) == NULL) {
317 enddmapent();
318 dprintf("Unable to find %s in the maps database\n",
319 da->da_devname);
320 return (NODMAPERR);
321 }
322 enddmapent();
323
324 if ((optflag & CLASS) &&
325 (!(optflag & (LISTALL | LISTFREE | LISTALLOC)))) {
326 fi.fi_message = DAOPT_CLASS;
327 if (optflag & LISTATTRS)
328 print_dev_attrs(optflag, da, dm, &fi);
329 else
330 print_dev(dm);
331 goto out;
332 }
333
334 if (system_labeled) {
335 if ((error = _dev_file_name(&sf, dm)) != 0) {
336 freedmapent(dm);
337 dprintf("Unable to find %s device files\n",
338 da->da_devname);
339 error = NODMAPERR;
340 goto out;
341 }
342 fname = sf.sf_path;
343 } else {
344 bytes = snprintf(file_name, MAXPATHLEN, "%s/%s", DAC_DIR,
345 da->da_devname);
346 if (bytes <= 0) {
347 error = DEVNAMEERR;
348 goto out;
349 } else if (bytes >= MAXPATHLEN) {
350 dprintf("device name %s is too long.\n",
351 da->da_devname);
352 error = DEVLONGERR;
353 goto out;
354 }
355 fname = file_name;
356 }
357 if (stat(fname, &fi.fi_stat) != 0) {
358 dprintf("Unable to stat %s\n", fname);
359 dperror("Error:");
360 error = DACACCERR;
361 goto out;
362 }
363 is_authorized = _is_dev_authorized(da, uid);
364 if (optflag & LISTFREE) { /* list_devices -n */
365 /*
366 * list all free devices
367 */
368 if (DEV_ALLOCATED(fi.fi_stat)) {
369 error = PREALLOCERR;
370 goto out;
371 }
372 if (system_labeled) {
373 /*
374 * for this free device, check if -
375 * 1. user has authorization to allocate
376 * 2. the zone label is within the label range of the
377 * device
378 */
379 if (is_authorized == ALLOC_BY_NONE) {
380 error = DAUTHERR;
381 goto out;
382 } else if (is_authorized == 0) {
383 error = UAUTHERR;
384 goto out;
385 }
386 if (_check_label(da, zonename, uid,
387 CHECK_DRANGE) != 0) {
388 error = LABELRNGERR;
389 goto out;
390 }
391 }
392 } else if (optflag & LISTALLOC) { /* list_devices -u */
393 /*
394 * list all allocated devices
395 */
396 if (!DEV_ALLOCATED(fi.fi_stat)) {
397 error = DEVNALLOCERR;
398 goto out;
399 }
400 if (fi.fi_stat.st_uid != uid) {
401 error = DEVSTATEERR;
402 goto out;
403 }
404 if (system_labeled) {
405 /*
406 * check if the zone label equals the label at which
407 * the device is allocated.
408 */
409 if (_check_label(da, zonename, uid,
410 CHECK_ZLABEL) != 0) {
411 error = LABELRNGERR;
412 goto out;
413 }
414 }
415 } else if (optflag & LISTALL) { /* list_devices -l */
416 /*
417 * list all devices - free and allocated - available
418 */
419 if (DEV_ALLOCATED(fi.fi_stat)) {
420 if (optflag & WINDOWING &&
421 (is_authorized == ALLOC_BY_NONE)) {
422 /*
423 * don't complain if we're here for the GUI.
424 */
425 error = 0;
426 } else if (fi.fi_stat.st_uid != uid) {
427 if (!(optflag & WINDOWING)) {
428 error = ALLOCUERR;
429 goto out;
430 }
431 }
432 if (system_labeled && !(optflag & WINDOWING)) {
433 /*
434 * if we're not displaying in the GUI,
435 * check if the zone label equals the label
436 * at which the device is allocated.
437 */
438 if (_check_label(da, zonename, uid,
439 CHECK_ZLABEL) != 0) {
440 error = LABELRNGERR;
441 goto out;
442 }
443 }
444 } else if (system_labeled && !(optflag & WINDOWING)) {
445 /*
446 * if we're not displaying in the GUI,
447 * for this free device, check if -
448 * 1. user has authorization to allocate
449 * 2. the zone label is within the label range of the
450 * device
451 */
452 if (is_authorized == ALLOC_BY_NONE) {
453 error = DAUTHERR;
454 goto out;
455 } else if (is_authorized == 0) {
456 error = UAUTHERR;
457 goto out;
458 }
459 if (_check_label(da, zonename, uid,
460 CHECK_DRANGE) != 0) {
461 error = LABELRNGERR;
462 goto out;
463 }
464 }
465 }
466 if (system_labeled && DEV_ERRORED(fi.fi_stat) && !(optflag & LISTALL)) {
467 error = DEVSTATEERR;
468 goto out;
469 }
470 if (check_devs(dm) == -1) {
471 error = DSPMISSERR;
472 goto out;
473 }
474 if (optflag & LISTATTRS)
475 print_dev_attrs(optflag, da, dm, &fi);
476 else
477 print_dev(dm);
478
479 error = 0;
480
481 out:
482 freedmapent(dm);
483 return (error);
484 }
485
486 /* ARGSUSED */
487 int
list_devices(int optflag,uid_t uid,char * device,char * zonename)488 list_devices(int optflag, uid_t uid, char *device, char *zonename)
489 {
490 int error = 0;
491 char *class = NULL;
492 da_defs_t *da_defs;
493 devalloc_t *da;
494
495 if (system_labeled && optflag & WINDOWING && !(optflag & LISTATTRS)) {
496 /*
497 * Private interface for GUI.
498 */
499 (void) puts(DA_DB_LOCK);
500 return (0);
501 }
502 if (optflag & USERID) {
503 /*
504 * we need device.revoke to list someone else's devices
505 */
506 if (!_is_authorized(DEVICE_REVOKE_AUTH, getuid()))
507 return (UAUTHERR);
508 }
509 if (system_labeled) {
510 if (!(optflag & USERID) &&
511 !_is_authorized(DEFAULT_DEV_ALLOC_AUTH, uid))
512 /*
513 * we need device.allocate to list our devices
514 */
515 return (UAUTHERR);
516 if (optflag & LISTDEFS) {
517 /*
518 * list default attrs from devalloc_defaults
519 */
520 setdadefent();
521 if (device) {
522 /*
523 * list default attrs for this device type
524 */
525 da_defs = getdadeftype(device);
526 if (da_defs == NULL) {
527 enddadefent();
528 dprintf("No default attributes for "
529 "%s\n", device);
530 return (DEFATTRSERR);
531 }
532 error = print_da_defs(da_defs);
533 freedadefent(da_defs);
534 } else {
535 /*
536 * list everything in devalloc_defaults
537 */
538 while ((da_defs = getdadefent()) != NULL) {
539 (void) print_da_defs(da_defs);
540 freedadefent(da_defs);
541 }
542 }
543 enddadefent();
544 return (error);
545 }
546 }
547 /*
548 * Lock the database to make sure no body writes to it while we are
549 * reading.
550 */
551 (void) lock_dev(NULL, NULL);
552 setdaent();
553 if (device) {
554 if (optflag & CLASS) {
555 /*
556 * list all devices of this class.
557 */
558 while ((da = getdaent()) != NULL) {
559 class = kva_match(da->da_devopts, DAOPT_CLASS);
560 if (class && (strcmp(class, device) == 0)) {
561 (void) _list_device(optflag, uid, da,
562 zonename);
563 }
564 freedaent(da);
565 }
566 } else {
567 /*
568 * list this device
569 */
570 if ((da = getdanam(device)) == NULL) {
571 enddaent();
572 return (NODAERR);
573 }
574 error = _list_device(optflag, uid, da, zonename);
575 freedaent(da);
576 }
577 } else {
578 /*
579 * list all devices
580 */
581 while ((da = getdaent()) != NULL) {
582 (void) _list_device(optflag, uid, da, zonename);
583 freedaent(da);
584 }
585 }
586 enddaent();
587
588 return (error);
589 }
590
591 /*
592 * Set the DAC characteristics of the file.
593 * This uses a fancy chmod() by setting a minimal ACL which sets the mode
594 * and discards any existing ACL.
595 */
596 int
_newdac(char * file,uid_t owner,gid_t group,o_mode_t mode)597 _newdac(char *file, uid_t owner, gid_t group, o_mode_t mode)
598 {
599 int err = 0;
600
601 if (mode == ALLOC_MODE) {
602 if (chown(file, owner, group) == -1) {
603 dperror("newdac: unable to chown");
604 err = CHOWNERR;
605 }
606 } else do {
607 if (chown(file, owner, group) == -1) {
608 dperror("newdac: unable to chown");
609 err = CHOWNERR;
610 }
611 } while (fdetach(file) == 0);
612
613 if (err)
614 return (err);
615
616 if (strncmp(file, "/dev/", strlen("/dev/")) != 0) {
617 /*
618 * This could be a SunRay device that is in /tmp.
619 */
620 if (chmod(file, mode) == -1) {
621 dperror("newdac: unable to chmod");
622 err = SETACLERR;
623 }
624 } else {
625 err = acl_strip(file, owner, group, (mode_t)mode);
626 }
627
628 if (err != 0) {
629 dperror("newdac: unable to setacl");
630 err = SETACLERR;
631 }
632
633 return (err);
634 }
635
636 /*
637 * lock_dev -
638 * locks a section of DA_DB_LOCK.
639 * returns lock fd if successful, else -1 on error.
640 */
641 static int
lock_dev(char * file,struct stat * statbuf)642 lock_dev(char *file, struct stat *statbuf)
643 {
644 static int lockfd = -1;
645 int ret;
646 int count = 0;
647 int retry = 10;
648 off_t size = 0;
649 off_t offset;
650 char *lockfile;
651
652 if (system_labeled)
653 lockfile = DA_DB_LOCK;
654 else
655 lockfile = file;
656
657 if (statbuf) {
658 offset = statbuf->st_rdev;
659 dprintf("locking %s\n", file);
660 } else {
661 offset = 0;
662 dprintf("locking %s\n", lockfile);
663 }
664 if ((lockfd == -1) &&
665 (lockfd = open(lockfile, O_RDWR | O_CREAT, 0600)) == -1) {
666 dperror("lock_dev: cannot open lock file");
667 return (-1);
668 }
669 if (system_labeled) {
670 (void) _newdac(lockfile, DA_UID, DA_GID, 0600);
671 if (lseek(lockfd, offset, SEEK_SET) == -1) {
672 dperror("lock_dev: cannot position lock file");
673 return (-1);
674 }
675 size = 1;
676 }
677 errno = 0;
678 while (retry) {
679 count++;
680 ret = lockf(lockfd, F_TLOCK, size);
681 if (ret == 0)
682 return (lockfd);
683 if ((errno != EACCES) && (errno != EAGAIN)) {
684 dperror("lock_dev: cannot set lock");
685 return (-1);
686 }
687 retry--;
688 (void) sleep(count);
689 errno = 0;
690 }
691
692 return (-1);
693 }
694
695 int
mk_alloc(devmap_t * list,uid_t uid,struct zone_path * zpath)696 mk_alloc(devmap_t *list, uid_t uid, struct zone_path *zpath)
697 {
698 int i;
699 int error = 0;
700 char **file;
701 gid_t gid = getgid();
702 mode_t mode = ALLOC_MODE;
703
704 file = list->dmap_devarray;
705 if (file == NULL)
706 return (NODMAPERR);
707 for (; *file != NULL; file++) {
708 dprintf("Allocating %s\n", *file);
709 if ((error = _newdac(*file, uid, gid, mode)) != 0) {
710 (void) _newdac(*file, ALLOC_ERRID, DA_GID,
711 ALLOC_ERR_MODE);
712 break;
713 }
714 }
715 if (system_labeled && zpath->count && (error == 0)) {
716 /*
717 * mark as allocated any new device nodes that we
718 * created in local zone
719 */
720 for (i = 0; i < zpath->count; i++) {
721 dprintf("Allocating %s\n", zpath->path[i]);
722 if ((error = _newdac(zpath->path[i], uid, gid,
723 mode)) != 0) {
724 (void) _newdac(zpath->path[i], ALLOC_ERRID,
725 DA_GID, ALLOC_ERR_MODE);
726 break;
727 }
728 }
729 }
730
731 return (error);
732 }
733
734 /*
735 * mk_revoke() is used instead of system("/usr/sbin/fuser -k file")
736 * because "/usr/sbin/fuser -k file" kills all processes
737 * working with the file, even "vold" (bug #4095152).
738 */
739 int
mk_revoke(int optflag,char * file)740 mk_revoke(int optflag, char *file)
741 {
742 int r = 0, p[2], fp, lock;
743 int fuserpid;
744 char buf[MAXPATHLEN];
745 FILE *ptr;
746 pid_t c_pid;
747 prpsinfo_t info;
748
749 (void) strcpy(buf, PROCFS);
750 /*
751 * vfork() and execl() just to make the same output
752 * as before fixing of bug #4095152.
753 * The problem is that the "fuser" command prints
754 * one part of output into stderr and another into stdout,
755 * but user sees them mixed. Of course, better to change "fuser"
756 * or to intercept and not to print its output.
757 */
758 if (!(optflag & SILENT)) {
759 c_pid = vfork();
760 if (c_pid == -1)
761 return (-1);
762 if (c_pid == 0) {
763 dprintf("first exec fuser %s\n", file);
764 (void) execl("/usr/sbin/fuser", "fuser", file, NULL);
765 dperror("first exec fuser");
766 _exit(1);
767 }
768
769 (void) waitpid(c_pid, &lock, 0);
770 dprintf("exit status %x\n", lock);
771 if (WEXITSTATUS(lock) != 0)
772 return (-1);
773 }
774 dprintf("first continuing c_pid=%d\n", (int)c_pid);
775 if (pipe(p)) {
776 dperror("pipe");
777 return (-1);
778 }
779 /* vfork() and execl() to catch output and to process it */
780 c_pid = vfork();
781 if (c_pid == -1) {
782 dperror("second vfork");
783 return (-1);
784 }
785 dprintf("second continuing c_pid=%d\n", (int)c_pid);
786 if (c_pid == 0) {
787 (void) close(p[0]);
788 (void) close(1);
789 (void) fcntl(p[1], F_DUPFD, 1);
790 (void) close(p[1]);
791 (void) close(2);
792 dprintf("second exec fuser %s\n", file);
793 (void) execl("/usr/sbin/fuser", "fuser", file, NULL);
794 dperror("second exec fuser");
795 _exit(1);
796 }
797 (void) close(p[1]);
798 if ((ptr = fdopen(p[0], "r")) != NULL) {
799 while (!feof(ptr)) {
800 if (fscanf(ptr, "%d", &fuserpid) > 0) {
801 (void) sprintf(buf + strlen(PROCFS), "%d",
802 fuserpid);
803 if ((fp = open(buf, O_RDONLY)) == -1) {
804 dperror(buf);
805 continue;
806 }
807 if (ioctl(fp, PIOCPSINFO,
808 (char *)&info) == -1) {
809 dprintf("%d psinfo failed", fuserpid);
810 dperror("");
811 (void) close(fp);
812 continue;
813 }
814 (void) close(fp);
815 if (strcmp(info.pr_fname, "vold") == NULL) {
816 dprintf("%d matched vold name\n",
817 fuserpid);
818 continue;
819 }
820 if (strcmp(info.pr_fname, "deallocate")
821 == NULL) {
822 dprintf("%d matched deallocate name\n",
823 fuserpid);
824 continue;
825 }
826 dprintf("killing %s", info.pr_fname);
827 dprintf("(%d)\n", fuserpid);
828 if ((r =
829 kill((pid_t)fuserpid, SIGKILL)) == -1) {
830 dprintf("kill %d", fuserpid);
831 dperror("");
832 break;
833 }
834 }
835 }
836 } else {
837 dperror("fdopen(p[0], r)");
838 r = -1;
839 }
840 (void) fclose(ptr);
841
842 return (r);
843 }
844
845 int
mk_unalloc(int optflag,devmap_t * list)846 mk_unalloc(int optflag, devmap_t *list)
847 {
848 int error = 0;
849 int status;
850 char **file;
851
852 audit_allocate_list(list->dmap_devlist);
853 file = list->dmap_devarray;
854 if (file == NULL)
855 return (NODMAPERR);
856 for (; *file != NULL; file++) {
857 dprintf("Deallocating %s\n", *file);
858 if (mk_revoke(optflag, *file) < 0) {
859 dprintf("mk_unalloc: unable to revoke %s\n", *file);
860 dperror("");
861 error = CNTFRCERR;
862 }
863 status = _newdac(*file, DA_UID, DA_GID, DEALLOC_MODE);
864 if (error == 0)
865 error = status;
866
867 }
868
869 return (error);
870 }
871
872 int
mk_error(devmap_t * list)873 mk_error(devmap_t *list)
874 {
875 int status = 0;
876 char **file;
877
878 audit_allocate_list(list->dmap_devlist);
879 file = list->dmap_devarray;
880 if (file == NULL)
881 return (NODMAPERR);
882 for (; *file != NULL; file++) {
883 dprintf("Putting %s in error state\n", *file);
884 status = _newdac(*file, ALLOC_ERRID, DA_GID, ALLOC_ERR_MODE);
885 }
886
887 return (status);
888 }
889
890 int
exec_clean(int optflag,char * devname,char * path,uid_t uid,char * zonename,char * clean_arg)891 exec_clean(int optflag, char *devname, char *path, uid_t uid, char *zonename,
892 char *clean_arg)
893 {
894 int c;
895 int status = 0, exit_status;
896 char *mode, *cmd, *wdwcmd, *zoneroot;
897 char *devzone = zonename;
898 char wdwpath[PATH_MAX];
899 char zonepath[MAXPATHLEN];
900 char title[100];
901 char pw_buf[NSS_BUFLEN_PASSWD];
902 struct passwd pw_ent;
903
904 zonepath[0] = '\0';
905 if (system_labeled) {
906 if ((zoneroot = getzonerootbyname(zonename)) == NULL) {
907 if (strcmp(clean_arg, ALLOC_CLEAN) == 0) {
908 return (-1);
909 } else if (optflag & FORCE) {
910 (void) strcpy(zonepath, "/");
911 devzone = GLOBAL_ZONENAME;
912 } else {
913 dprintf("unable to get label for %s zone\n",
914 zonename);
915 return (-1);
916 }
917 } else {
918 (void) strcpy(zonepath, zoneroot);
919 free(zoneroot);
920 }
921 }
922 if (getpwuid_r(uid, &pw_ent, pw_buf, sizeof (pw_buf)) == NULL)
923 return (-1);
924 if (optflag & FORCE_ALL)
925 mode = "-I";
926 else if (optflag & FORCE)
927 mode = "-f";
928 else
929 mode = "-s";
930 if (path == NULL)
931 return (0);
932 if ((cmd = strrchr(path, '/')) == NULL)
933 cmd = path;
934 else
935 cmd++; /* skip leading '/' */
936 c = vfork();
937 switch (c) {
938 case -1:
939 return (-1);
940 case 0:
941 (void) setuid(0);
942 if (system_labeled && (optflag & WINDOWING)) {
943 /* First try .windowing version of script */
944 (void) strncpy(wdwpath, path, PATH_MAX);
945 (void) strncat(wdwpath, ".windowing", PATH_MAX);
946 if ((wdwcmd = strrchr(wdwpath, '/')) == NULL)
947 wdwcmd = wdwpath;
948 (void) execl(wdwpath, wdwcmd, mode, devname, clean_arg,
949 pw_ent.pw_name, devzone, zonepath, NULL);
950 /* If that failed, run regular version via dtterm */
951 (void) snprintf(title, sizeof (title),
952 "Device %s for %s",
953 strcmp(clean_arg, ALLOC_CLEAN) == 0 ?
954 "allocation" : "deallocation", devname);
955 (void) execl("/usr/dt/bin/dtterm", "dtterm",
956 "-title", title, "-geometry", "x10+100+400",
957 "-e", "/etc/security/lib/wdwwrapper",
958 path, mode, devname, clean_arg, pw_ent.pw_name,
959 devzone, zonepath, NULL);
960 /*
961 * And if that failed, continue on to try
962 * running regular version directly.
963 */
964 }
965 dprintf("clean script: %s, ", path);
966 dprintf("cmd=%s, ", cmd);
967 dprintf("mode=%s, ", mode);
968 if (system_labeled) {
969 dprintf("devname=%s ", devname);
970 dprintf("zonename=%s ", devzone);
971 dprintf("zonepath=%s ", zonepath);
972 dprintf("username=%s\n", pw_ent.pw_name);
973 (void) execl(path, cmd, mode, devname, clean_arg,
974 pw_ent.pw_name, devzone, zonepath, NULL);
975 } else {
976 dprintf("devname=%s\n", devname);
977 (void) execle(path, cmd, mode, devname, NULL, newenv);
978 }
979 dprintf("Unable to execute clean up script %s\n", path);
980 dperror("");
981 exit(CNTDEXECERR);
982 default:
983 (void) waitpid(c, &status, 0);
984 dprintf("Child %d", c);
985 if (WIFEXITED(status)) {
986 exit_status = WEXITSTATUS(status);
987 dprintf(" exited, status: %d\n", exit_status);
988 return (exit_status);
989 } else if (WIFSIGNALED(status)) {
990 dprintf(" killed, signal %d\n", WTERMSIG(status));
991 } else {
992 dprintf(": exit status %d\n", status);
993 }
994 return (-1);
995 }
996 }
997
998 int
_deallocate_dev(int optflag,devalloc_t * da,devmap_t * dm_in,uid_t uid,char * zonename,int * lock_fd)999 _deallocate_dev(int optflag, devalloc_t *da, devmap_t *dm_in, uid_t uid,
1000 char *zonename, int *lock_fd)
1001 {
1002 int bytes = 0;
1003 int error = 0;
1004 int is_authorized = 0;
1005 uid_t nuid;
1006 char *fname = NULL;
1007 char file_name[MAXPATHLEN];
1008 char *devzone = NULL;
1009 devmap_t *dm = NULL, *dm_new = NULL;
1010 struct stat stat_buf;
1011 struct state_file sf;
1012
1013 if (dm_in == NULL) {
1014 setdmapent();
1015 if ((dm_new = getdmapnam(da->da_devname)) == NULL) {
1016 enddmapent();
1017 dprintf("Unable to find %s in device map database\n",
1018 da->da_devname);
1019 return (NODMAPERR);
1020 }
1021 enddmapent();
1022 dm = dm_new;
1023 } else {
1024 dm = dm_in;
1025 }
1026 if (system_labeled) {
1027 if (_dev_file_name(&sf, dm) != 0) {
1028 if (dm_new)
1029 freedmapent(dm_new);
1030 dprintf("Unable to find %s device files\n",
1031 da->da_devname);
1032 error = NODMAPERR;
1033 goto out;
1034 }
1035 fname = sf.sf_path;
1036 } else {
1037 bytes = snprintf(file_name, MAXPATHLEN, "%s/%s", DAC_DIR,
1038 da->da_devname);
1039 if (bytes <= 0) {
1040 error = DEVNAMEERR;
1041 goto out;
1042 } else if (bytes >= MAXPATHLEN) {
1043 dprintf("device name %s is too long.\n",
1044 da->da_devname);
1045 error = DEVLONGERR;
1046 goto out;
1047 }
1048 fname = file_name;
1049 }
1050
1051 audit_allocate_device(fname);
1052
1053 if (stat(fname, &stat_buf) != 0) {
1054 dprintf("Unable to stat %s\n", fname);
1055 error = DACACCERR;
1056 goto out;
1057 }
1058 is_authorized = _is_dev_authorized(da, uid);
1059 if (is_authorized == ALLOC_BY_NONE) {
1060 dprintf("Not deallocating %s, not allocatable\n",
1061 da->da_devname);
1062 goto out;
1063 }
1064 if (!(optflag & (FORCE | FORCE_ALL)) && !is_authorized) {
1065 dprintf("User %d is unauthorized to deallocate\n", (int)uid);
1066 error = UAUTHERR;
1067 goto out;
1068 }
1069 if (system_labeled) {
1070 /*
1071 * unless we're here to deallocate by force, check if the
1072 * label at which the device is currently allocated is
1073 * within the user label range.
1074 */
1075 if (!(optflag & FORCE) &&
1076 _check_label(da, zonename, uid, CHECK_URANGE) != 0) {
1077 error = LABELRNGERR;
1078 goto out;
1079 }
1080 }
1081 if (!(optflag & FORCE) && stat_buf.st_uid != uid &&
1082 DEV_ALLOCATED(stat_buf)) {
1083 error = ALLOCUERR;
1084 goto out;
1085 }
1086 if (!DEV_ALLOCATED(stat_buf)) {
1087 if (DEV_ERRORED(stat_buf)) {
1088 if (!(optflag & FORCE)) {
1089 error = DEVSTATEERR;
1090 goto out;
1091 }
1092 } else {
1093 error = DEVNALLOCERR;
1094 goto out;
1095 }
1096 }
1097 /* All checks passed, time to lock and deallocate */
1098 if ((*lock_fd = lock_dev(fname, &stat_buf)) == -1) {
1099 error = DEVLKERR;
1100 goto out;
1101 }
1102 if (system_labeled) {
1103 devzone = kva_match(da->da_devopts, DAOPT_ZONE);
1104 if (devzone == NULL) {
1105 devzone = GLOBAL_ZONENAME;
1106 } else if (strcmp(devzone, GLOBAL_ZONENAME) != 0) {
1107 if ((remove_znode(devzone, dm) != 0) &&
1108 !(optflag & FORCE)) {
1109 error = ZONEERR;
1110 goto out;
1111 }
1112 }
1113 }
1114 if ((error = mk_unalloc(optflag, dm)) != 0) {
1115 if (!(optflag & FORCE))
1116 goto out;
1117 }
1118 if (system_labeled == 0) {
1119 if ((error = _newdac(fname, DA_UID, DA_GID,
1120 DEALLOC_MODE)) != 0) {
1121 (void) _newdac(file_name, DA_UID, DA_GID,
1122 ALLOC_ERR_MODE);
1123 goto out;
1124 }
1125 }
1126 /*
1127 * if we are deallocating device owned by someone else,
1128 * pass the owner's uid to the cleaning script.
1129 */
1130 nuid = (stat_buf.st_uid == uid) ? uid : stat_buf.st_uid;
1131 error = exec_clean(optflag, da->da_devname, da->da_devexec, nuid,
1132 devzone, DEALLOC_CLEAN);
1133 if (error != 0) {
1134 if (!(optflag & (FORCE | FORCE_ALL))) {
1135 error = CLEANERR;
1136 (void) mk_error(dm);
1137 } else {
1138 error = 0;
1139 }
1140 }
1141
1142 out:
1143 if (dm_new)
1144 freedmapent(dm_new);
1145 return (error);
1146 }
1147
1148 int
_allocate_dev(int optflag,uid_t uid,devalloc_t * da,char * zonename,int * lock_fd)1149 _allocate_dev(int optflag, uid_t uid, devalloc_t *da, char *zonename,
1150 int *lock_fd)
1151 {
1152 int i;
1153 int bytes = 0;
1154 int error = 0;
1155 int is_authorized = 0;
1156 int dealloc_optflag = 0;
1157 char *fname = NULL;
1158 char file_name[MAXPATHLEN];
1159 devmap_t *dm;
1160 struct stat stat_buf;
1161 struct state_file sf;
1162 struct zone_path zpath;
1163
1164 zpath.count = 0;
1165 zpath.path = NULL;
1166 setdmapent();
1167 if ((dm = getdmapnam(da->da_devname)) == NULL) {
1168 enddmapent();
1169 dprintf("Unable to find %s in device map database\n",
1170 da->da_devname);
1171 return (NODMAPERR);
1172 }
1173 enddmapent();
1174 if (system_labeled) {
1175 if (_dev_file_name(&sf, dm) != 0) {
1176 freedmapent(dm);
1177 dprintf("Unable to find %s device files\n",
1178 da->da_devname);
1179 error = NODMAPERR;
1180 goto out;
1181 }
1182 fname = sf.sf_path;
1183 } else {
1184 bytes = snprintf(file_name, MAXPATHLEN, "%s/%s", DAC_DIR,
1185 da->da_devname);
1186 if (bytes <= 0) {
1187 error = DEVNAMEERR;
1188 goto out;
1189 } else if (bytes >= MAXPATHLEN) {
1190 dprintf("device name %s is too long.\n",
1191 da->da_devname);
1192 error = DEVLONGERR;
1193 goto out;
1194 }
1195 fname = file_name;
1196 }
1197
1198 (void) audit_allocate_device(fname);
1199
1200 if (stat(fname, &stat_buf) != 0) {
1201 dprintf("Unable to stat %s\n", fname);
1202 dperror("Error:");
1203 error = DACACCERR;
1204 goto out;
1205 }
1206 if (DEV_ERRORED(stat_buf)) {
1207 error = DEVSTATEERR;
1208 goto out;
1209 }
1210 is_authorized = _is_dev_authorized(da, uid);
1211 if (is_authorized == ALLOC_BY_NONE) {
1212 dprintf("Device %s is not allocatable\n", da->da_devname);
1213 error = UAUTHERR;
1214 goto out;
1215 } else if (!is_authorized && !(optflag & USERNAME)) {
1216 dprintf("User %d is unauthorized to allocate\n", (int)uid);
1217 error = UAUTHERR;
1218 goto out;
1219 }
1220 if (system_labeled) {
1221 /*
1222 * check if label of the zone to which the device is being
1223 * allocated is within the device label range.
1224 */
1225 if (_check_label(da, zonename, uid, CHECK_DRANGE) != 0) {
1226 error = LABELRNGERR;
1227 goto out;
1228 }
1229 }
1230 if (check_devs(dm) == -1) {
1231 error = DSPMISSERR;
1232 goto out;
1233 }
1234 if (DEV_ALLOCATED(stat_buf)) {
1235 if (optflag & FORCE) {
1236 if (optflag & SILENT)
1237 dealloc_optflag = FORCE|SILENT;
1238 else
1239 dealloc_optflag = FORCE;
1240 if (_deallocate_dev(dealloc_optflag, da, dm, uid,
1241 zonename, lock_fd)) {
1242 dprintf("Couldn't force deallocate device %s\n",
1243 da->da_devname);
1244 error = CNTFRCERR;
1245 goto out;
1246 }
1247 } else if (stat_buf.st_uid == uid) {
1248 error = PREALLOCERR;
1249 goto out;
1250 } else {
1251 error = ALLOCUERR;
1252 goto out;
1253 }
1254 }
1255 /* All checks passed, time to lock and allocate */
1256 if ((*lock_fd = lock_dev(fname, &stat_buf)) == -1) {
1257 error = DEVLKERR;
1258 goto out;
1259 }
1260 if (system_labeled) {
1261 /*
1262 * Run the cleaning program; it also mounts allocated
1263 * device if required.
1264 */
1265 error = exec_clean(optflag, da->da_devname, da->da_devexec, uid,
1266 zonename, ALLOC_CLEAN);
1267 if (error != DEVCLEAN_OK) {
1268 switch (error) {
1269 case DEVCLEAN_ERROR:
1270 case DEVCLEAN_SYSERR:
1271 dprintf("allocate: "
1272 "Error in device clean program %s\n",
1273 da->da_devexec);
1274 error = CLEANERR;
1275 (void) mk_error(dm);
1276 goto out;
1277 case DEVCLEAN_BADMOUNT:
1278 dprintf("allocate: Failed to mount device %s\n",
1279 da->da_devexec);
1280 goto out;
1281 case DEVCLEAN_MOUNTOK:
1282 break;
1283 default:
1284 error = 0;
1285 goto out;
1286 }
1287 }
1288 /*
1289 * If not mounted, create zonelinks, if this is not the
1290 * global zone.
1291 */
1292 if ((strcmp(zonename, GLOBAL_ZONENAME) != 0) &&
1293 (error != DEVCLEAN_MOUNTOK)) {
1294 if (create_znode(zonename, &zpath, dm) != 0) {
1295 error = ZONEERR;
1296 goto out;
1297 }
1298 }
1299 }
1300
1301 (void) audit_allocate_list(dm->dmap_devlist);
1302
1303 if ((error = mk_alloc(dm, uid, &zpath)) != 0) {
1304 (void) mk_unalloc(optflag, dm);
1305 goto out;
1306 }
1307
1308 if (system_labeled == 0) {
1309 if ((error = _newdac(file_name, uid, getgid(),
1310 ALLOC_MODE)) != 0) {
1311 (void) _newdac(file_name, DA_UID, DA_GID,
1312 ALLOC_ERR_MODE);
1313 goto out;
1314 }
1315 }
1316 error = 0;
1317 out:
1318 if (zpath.count) {
1319 for (i = 0; i < zpath.count; i++)
1320 free(zpath.path[i]);
1321 free(zpath.path);
1322 }
1323 freedmapent(dm);
1324 return (error);
1325 }
1326
1327 void
_store_devnames(int * count,struct dev_names * dnms,char * zonename,devalloc_t * da,int flag)1328 _store_devnames(int *count, struct dev_names *dnms, char *zonename,
1329 devalloc_t *da, int flag)
1330 {
1331 int i;
1332
1333 dnms->dnames = (char **)realloc(dnms->dnames,
1334 (*count + 1) * sizeof (char *));
1335 if (da) {
1336 dnms->dnames[*count] = strdup(da->da_devname);
1337 (*count)++;
1338 } else {
1339 dnms->dnames[*count] = NULL;
1340 if (flag == DA_ADD_ZONE)
1341 (void) update_device(dnms->dnames, zonename,
1342 DA_ADD_ZONE);
1343 else if (flag == DA_REMOVE_ZONE)
1344 (void) update_device(dnms->dnames, NULL,
1345 DA_REMOVE_ZONE);
1346 for (i = 0; i < *count; i++)
1347 free(dnms->dnames[i]);
1348 free(dnms->dnames);
1349 }
1350 }
1351
1352 int
allocate(int optflag,uid_t uid,char * device,char * zonename)1353 allocate(int optflag, uid_t uid, char *device, char *zonename)
1354 {
1355 int count = 0;
1356 int error = 0;
1357 int lock_fd = -1;
1358 devalloc_t *da;
1359 struct dev_names dnms;
1360
1361 if (optflag & (FORCE | USERID | USERNAME)) {
1362 if (!_is_authorized(DEVICE_REVOKE_AUTH, getuid()))
1363 return (UAUTHERR);
1364 }
1365 dnms.dnames = NULL;
1366 setdaent();
1367 if (optflag & TYPE) {
1368 /*
1369 * allocate devices of this type
1370 */
1371 while ((da = getdatype(device)) != NULL) {
1372 if (system_labeled &&
1373 da_check_logindevperm(da->da_devname)) {
1374 freedaent(da);
1375 continue;
1376 }
1377 dprintf("trying to allocate %s\n", da->da_devname);
1378 error = _allocate_dev(optflag, uid, da, zonename,
1379 &lock_fd);
1380 if (system_labeled && (error == 0)) {
1381 /*
1382 * we need to record in device_allocate the
1383 * label (zone name) at which this device is
1384 * being allocated. store this device entry.
1385 */
1386 _store_devnames(&count, &dnms, zonename, da, 0);
1387 }
1388 freedaent(da);
1389 error = 0;
1390 }
1391 } else {
1392 /*
1393 * allocate this device
1394 */
1395 if ((da = getdanam(device)) == NULL) {
1396 enddaent();
1397 return (NODAERR);
1398 }
1399 if (system_labeled && da_check_logindevperm(device)) {
1400 freedaent(da);
1401 return (LOGINDEVPERMERR);
1402 }
1403 dprintf("trying to allocate %s\n", da->da_devname);
1404 error = _allocate_dev(optflag, uid, da, zonename, &lock_fd);
1405 /*
1406 * we need to record in device_allocate the label (zone name)
1407 * at which this device is being allocated. store this device
1408 * entry.
1409 */
1410 if (system_labeled && (error == 0))
1411 _store_devnames(&count, &dnms, zonename, da, 0);
1412 freedaent(da);
1413 if (error == DEVCLEAN_BADMOUNT)
1414 error = 0;
1415 }
1416 enddaent();
1417 if (lock_fd != -1)
1418 (void) close(lock_fd);
1419 /*
1420 * add to device_allocate labels (zone names) for the devices we
1421 * allocated.
1422 */
1423 if (dnms.dnames)
1424 _store_devnames(&count, &dnms, zonename, NULL, DA_ADD_ZONE);
1425
1426 return (error);
1427 }
1428
1429 /* ARGSUSED */
1430 int
deallocate(int optflag,uid_t uid,char * device,char * zonename)1431 deallocate(int optflag, uid_t uid, char *device, char *zonename)
1432 {
1433 int count = 0;
1434 int error = 0;
1435 int lock_fd = -1;
1436 char *class = NULL;
1437 devalloc_t *da;
1438 struct dev_names dnms;
1439
1440 if (optflag & (FORCE | FORCE_ALL)) {
1441 if (!_is_authorized(DEVICE_REVOKE_AUTH, getuid()))
1442 return (UAUTHERR);
1443 }
1444 if (optflag & FORCE_ALL)
1445 optflag |= FORCE;
1446 dnms.dnames = NULL;
1447 setdaent();
1448 if (optflag & FORCE_ALL) {
1449 /*
1450 * deallocate all devices
1451 */
1452 while ((da = getdaent()) != NULL) {
1453 if (system_labeled &&
1454 da_check_logindevperm(da->da_devname)) {
1455 freedaent(da);
1456 continue;
1457 }
1458 dprintf("trying to deallocate %s\n", da->da_devname);
1459 error = _deallocate_dev(optflag, da, NULL, uid,
1460 zonename, &lock_fd);
1461 if (system_labeled && (error == 0)) {
1462 /*
1463 * we need to remove this device's allocation
1464 * label (zone name) from device_allocate.
1465 * store this device name.
1466 */
1467 _store_devnames(&count, &dnms, zonename, da, 0);
1468 }
1469 freedaent(da);
1470 error = 0;
1471 }
1472 } else if (system_labeled && (optflag & TYPE)) {
1473 /*
1474 * deallocate all devices of this type
1475 */
1476 while ((da = getdatype(device)) != NULL) {
1477 if (da_check_logindevperm(da->da_devname)) {
1478 freedaent(da);
1479 continue;
1480 }
1481 dprintf("trying to deallocate %s\n", da->da_devname);
1482 error = _deallocate_dev(optflag, da, NULL, uid,
1483 zonename, &lock_fd);
1484 if (error == 0) {
1485 /*
1486 * we need to remove this device's allocation
1487 * label (zone name) from device_allocate.
1488 * store this device name.
1489 */
1490 _store_devnames(&count, &dnms, zonename, da, 0);
1491 }
1492 freedaent(da);
1493 error = 0;
1494 }
1495 } else if (system_labeled && (optflag & CLASS)) {
1496 /*
1497 * deallocate all devices of this class (for sunray)
1498 */
1499 while ((da = getdaent()) != NULL) {
1500 class = kva_match(da->da_devopts, DAOPT_CLASS);
1501 if (class && (strcmp(class, device) == 0)) {
1502 dprintf("trying to deallocate %s\n",
1503 da->da_devname);
1504 error = _deallocate_dev(optflag, da, NULL, uid,
1505 zonename, &lock_fd);
1506 if (error == 0) {
1507 /*
1508 * we need to remove this device's
1509 * allocation label (zone name) from
1510 * device_allocate. store this device
1511 * name.
1512 */
1513 _store_devnames(&count, &dnms, zonename,
1514 da, 0);
1515 }
1516 error = 0;
1517 }
1518 freedaent(da);
1519 }
1520 } else if (!(optflag & TYPE)) {
1521 /*
1522 * deallocate this device
1523 */
1524 if ((da = getdanam(device)) == NULL) {
1525 enddaent();
1526 return (NODAERR);
1527 }
1528 if (system_labeled && da_check_logindevperm(da->da_devname)) {
1529 freedaent(da);
1530 return (LOGINDEVPERMERR);
1531 }
1532 dprintf("trying to deallocate %s\n", da->da_devname);
1533 error = _deallocate_dev(optflag, da, NULL, uid, zonename,
1534 &lock_fd);
1535 if (system_labeled && (error == 0)) {
1536 /*
1537 * we need to remove this device's allocation label
1538 * (zone name) from device_allocate. store this
1539 * device name.
1540 */
1541 _store_devnames(&count, &dnms, zonename, da, 0);
1542 }
1543 freedaent(da);
1544 if (error == DEVCLEAN_BADMOUNT)
1545 error = 0;
1546 }
1547 enddaent();
1548 if (lock_fd != -1)
1549 (void) close(lock_fd);
1550 /*
1551 * remove from device_allocate labels (zone names) for the devices we
1552 * deallocated.
1553 */
1554 if (dnms.dnames)
1555 _store_devnames(&count, &dnms, zonename, NULL, DA_REMOVE_ZONE);
1556
1557 return (error);
1558 }
1559
1560 static int
_dev_file_name(struct state_file * sfp,devmap_t * dm)1561 _dev_file_name(struct state_file *sfp, devmap_t *dm)
1562 {
1563 sfp->sf_flags = 0;
1564 /* if devlist is generated, never leave device in error state */
1565 if (dm->dmap_devlist[0] == '`')
1566 sfp->sf_flags |= SFF_NO_ERROR;
1567 if (dm->dmap_devarray == NULL ||
1568 dm->dmap_devarray[0] == NULL)
1569 return (NODMAPERR);
1570 (void) strncpy(sfp->sf_path, dm->dmap_devarray[0],
1571 sizeof (sfp->sf_path));
1572 sfp->sf_path[sizeof (sfp->sf_path) - 1] = '\0';
1573 if (sfp->sf_path[0] == '\0') {
1574 dprintf("dev_file_name: no device list for %s\n",
1575 dm->dmap_devname);
1576 return (NODMAPERR);
1577 }
1578
1579 return (0);
1580 }
1581
1582 /*
1583 * _check_label -
1584 * checks the device label range against zone label, which is also
1585 * user's current label.
1586 * returns 0 if in range, -1 for all other conditions.
1587 *
1588 */
1589
1590 static int
_check_label(devalloc_t * da,char * zonename,uid_t uid,int flag)1591 _check_label(devalloc_t *da, char *zonename, uid_t uid, int flag)
1592 {
1593 int err;
1594 int in_range = 0;
1595 char *alloczone, *lstr;
1596 char pw_buf[NSS_BUFLEN_PASSWD];
1597 blrange_t *range;
1598 m_label_t *zlabel;
1599 struct passwd pw_ent;
1600
1601 if ((da == NULL) || (zonename == NULL))
1602 return (-1);
1603
1604 if ((zlabel = getzonelabelbyname(zonename)) == NULL) {
1605 dprintf("unable to get label for %s zone\n", zonename);
1606 return (-1);
1607 }
1608 if (flag == CHECK_DRANGE) {
1609 blrange_t drange;
1610
1611 drange.lower_bound = blabel_alloc();
1612 lstr = kva_match(da->da_devopts, DAOPT_MINLABEL);
1613 if (lstr == NULL) {
1614 bsllow(drange.lower_bound);
1615 } else if (stobsl(lstr, drange.lower_bound, NO_CORRECTION,
1616 &err) == 0) {
1617 dprintf("bad min_label for device %s\n",
1618 da->da_devname);
1619 free(zlabel);
1620 blabel_free(drange.lower_bound);
1621 return (-1);
1622 }
1623 drange.upper_bound = blabel_alloc();
1624 lstr = kva_match(da->da_devopts, DAOPT_MAXLABEL);
1625 if (lstr == NULL) {
1626 bslhigh(drange.upper_bound);
1627 } else if (stobsl(lstr, drange.upper_bound, NO_CORRECTION,
1628 &err) == 0) {
1629 dprintf("bad max_label for device %s\n",
1630 da->da_devname);
1631 free(zlabel);
1632 blabel_free(drange.lower_bound);
1633 blabel_free(drange.upper_bound);
1634 return (-1);
1635 }
1636 if (blinrange(zlabel, &drange) == 0) {
1637 char *zlbl = NULL, *min = NULL, *max = NULL;
1638
1639 (void) bsltos(zlabel, &zlbl, 0, 0);
1640 (void) bsltos(drange.lower_bound, &min, 0, 0);
1641 (void) bsltos(drange.upper_bound, &max, 0, 0);
1642 dprintf("%s zone label ", zonename);
1643 dprintf("%s outside device label range: ", zlbl);
1644 dprintf("min - %s, ", min);
1645 dprintf("max - %s\n", max);
1646 free(zlabel);
1647 blabel_free(drange.lower_bound);
1648 blabel_free(drange.upper_bound);
1649 return (-1);
1650 }
1651 } else if (flag == CHECK_URANGE) {
1652 if (getpwuid_r(uid, &pw_ent, pw_buf, sizeof (pw_buf)) == NULL) {
1653 dprintf("Unable to get passwd entry for userid %d\n",
1654 (int)uid);
1655 free(zlabel);
1656 return (-1);
1657 }
1658 if ((range = getuserrange(pw_ent.pw_name)) == NULL) {
1659 dprintf("Unable to get label range for userid %d\n",
1660 (int)uid);
1661 free(zlabel);
1662 return (-1);
1663 }
1664 in_range = blinrange(zlabel, range);
1665 free(zlabel);
1666 blabel_free(range->lower_bound);
1667 blabel_free(range->upper_bound);
1668 free(range);
1669 if (in_range == 0) {
1670 dprintf("%s device label ", da->da_devname);
1671 dprintf("out of user %d label range\n", (int)uid);
1672 return (-1);
1673 }
1674 } else if (flag == CHECK_ZLABEL) {
1675 alloczone = kva_match(da->da_devopts, DAOPT_ZONE);
1676 if (alloczone == NULL) {
1677 free(zlabel);
1678 return (-1);
1679 }
1680 if (strcmp(zonename, alloczone) != 0) {
1681 dprintf("%s zone is different than ", zonename);
1682 dprintf("%s zone to which the device ", alloczone);
1683 dprintf("%s is allocated\n", da->da_devname);
1684 free(zlabel);
1685 return (-1);
1686 }
1687 }
1688 free(zlabel);
1689
1690 return (0);
1691 }
1692
1693 int
create_znode(char * zonename,struct zone_path * zpath,devmap_t * list)1694 create_znode(char *zonename, struct zone_path *zpath, devmap_t *list)
1695 {
1696 int size;
1697 int len = 0;
1698 int fcount = 0;
1699 char *p, *tmpfile, *zoneroot;
1700 char **file;
1701 char zonepath[MAXPATHLEN];
1702 di_prof_t prof = NULL;
1703
1704 file = list->dmap_devarray;
1705 if (file == NULL)
1706 return (NODMAPERR);
1707 if ((zoneroot = getzonerootbyname(zonename)) == NULL) {
1708 dprintf("unable to get label for %s zone\n", zonename);
1709 return (1);
1710 }
1711 (void) strcpy(zonepath, zoneroot);
1712 free(zoneroot);
1713 len = strlen(zonepath);
1714 size = sizeof (zonepath);
1715 (void) strlcat(zonepath, "/dev", size);
1716 if (di_prof_init(zonepath, &prof)) {
1717 dprintf("failed to initialize dev profile at %s\n", zonepath);
1718 return (1);
1719 }
1720 zonepath[len] = '\0';
1721 for (; *file != NULL; file++) {
1722 /*
1723 * First time initialization
1724 */
1725 tmpfile = strdup(*file);
1726
1727 /*
1728 * Most devices have pathnames starting in /dev
1729 * but SunRay devices do not. In SRRS 3.1 they use /tmp.
1730 *
1731 * If the device pathname is not in /dev then create
1732 * a symbolic link to it and put the device in /dev
1733 */
1734 if (strncmp(tmpfile, "/dev/", strlen("/dev/")) != 0) {
1735 char *linkdir;
1736 char srclinkdir[MAXPATHLEN];
1737 char dstlinkdir[MAXPATHLEN];
1738
1739 linkdir = strchr(tmpfile + 1, '/');
1740 p = strchr(linkdir + 1, '/');
1741 *p = '\0';
1742 (void) strcpy(dstlinkdir, "/dev");
1743 (void) strncat(dstlinkdir, linkdir, MAXPATHLEN);
1744 (void) snprintf(srclinkdir, MAXPATHLEN, "%s/root%s",
1745 zonepath, tmpfile);
1746 (void) symlink(dstlinkdir, srclinkdir);
1747 *p = '/';
1748 (void) strncat(dstlinkdir, p, MAXPATHLEN);
1749 free(tmpfile);
1750 tmpfile = strdup(dstlinkdir);
1751 }
1752 if (di_prof_add_dev(prof, tmpfile)) {
1753 dprintf("failed to add %s to profile\n", tmpfile);
1754 di_prof_fini(prof);
1755 return (1);
1756 }
1757 if (strlcat(zonepath, tmpfile, size) >= size) {
1758 dprintf("Buffer overflow in create_znode for %s\n",
1759 *file);
1760 free(tmpfile);
1761 di_prof_fini(prof);
1762 return (1);
1763 }
1764 free(tmpfile);
1765 fcount++;
1766 if ((zpath->path = (char **)realloc(zpath->path,
1767 (fcount * sizeof (char *)))) == NULL) {
1768 di_prof_fini(prof);
1769 return (1);
1770 }
1771 zpath->path[zpath->count] = strdup(zonepath);
1772 zpath->count = fcount;
1773 zonepath[len] = '\0';
1774 }
1775
1776 if (di_prof_commit(prof))
1777 dprintf("failed to add devices to zone %s\n", zonename);
1778 di_prof_fini(prof);
1779
1780 return (0);
1781 }
1782
1783 int
remove_znode(char * zonename,devmap_t * dm)1784 remove_znode(char *zonename, devmap_t *dm)
1785 {
1786 int len = 0;
1787 char *zoneroot;
1788 char **file;
1789 char zonepath[MAXPATHLEN];
1790 di_prof_t prof = NULL;
1791
1792 file = dm->dmap_devarray;
1793 if (file == NULL)
1794 return (NODMAPERR);
1795 if ((zoneroot = getzonerootbyname(zonename)) == NULL) {
1796 (void) snprintf(zonepath, MAXPATHLEN, "/zone/%s", zonename);
1797 } else {
1798 (void) strcpy(zonepath, zoneroot);
1799 free(zoneroot);
1800 }
1801 /*
1802 * To support SunRay we will just deal with the
1803 * file in /dev, not the symlinks.
1804 */
1805 (void) strncat(zonepath, "/dev", MAXPATHLEN);
1806 len = strlen(zonepath);
1807 if (di_prof_init(zonepath, &prof)) {
1808 dprintf("failed to initialize dev profile at %s\n", zonepath);
1809 return (1);
1810 }
1811 for (; *file != NULL; file++) {
1812 char *devrelpath;
1813
1814 /*
1815 * remove device node from zone.
1816 *
1817 * SunRay devices don't start with /dev
1818 * so skip over first directory to make
1819 * sure it is /dev. SunRay devices in zones
1820 * will have a symlink into /dev but
1821 * we don't ever delete it.
1822 */
1823 devrelpath = strchr(*file + 1, '/');
1824
1825 if (di_prof_add_exclude(prof, devrelpath + 1)) {
1826 dprintf("Failed exclude %s in dev profile\n", *file);
1827 di_prof_fini(prof);
1828 return (1);
1829 }
1830 zonepath[len] = '\0';
1831 }
1832
1833 if (di_prof_commit(prof))
1834 dprintf("failed to remove devices from zone %s\n", zonename);
1835 di_prof_fini(prof);
1836 return (0);
1837 }
1838
1839 int
update_device(char ** devnames,char * zonename,int flag)1840 update_device(char **devnames, char *zonename, int flag)
1841 {
1842 int len, rc;
1843 char *optstr = NULL;
1844 da_args dargs;
1845 devinfo_t devinfo;
1846
1847 dargs.optflag = flag;
1848 dargs.optflag |= DA_UPDATE|DA_ALLOC_ONLY;
1849 dargs.rootdir = NULL;
1850 dargs.devnames = devnames;
1851 devinfo.devname = devinfo.devtype = devinfo.devauths = devinfo.devexec =
1852 devinfo.devlist = NULL;
1853 if (dargs.optflag & DA_ADD_ZONE) {
1854 len = strlen(DAOPT_ZONE) + strlen(zonename) + 3;
1855 if ((optstr = (char *)malloc(len)) == NULL)
1856 return (-1);
1857 (void) snprintf(optstr, len, "%s%s%s", DAOPT_ZONE, KV_ASSIGN,
1858 zonename);
1859 devinfo.devopts = optstr;
1860 }
1861 dargs.devinfo = &devinfo;
1862
1863 rc = da_update_device(&dargs);
1864
1865 if (optstr)
1866 free(optstr);
1867
1868 return (rc);
1869 }
1870