1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 */
26
27 /*
28 * Sid manipulation (stubs).
29 */
30
31 #include <sys/atomic.h>
32 #include <sys/avl.h>
33 #include <sys/cmn_err.h>
34 #include <sys/kmem.h>
35 #include <sys/mutex.h>
36 #include <sys/sid.h>
37 #include <sys/sysmacros.h>
38 #include <sys/systm.h>
39 #include <sys/kidmap.h>
40 #include <sys/idmap.h>
41
42 static kmutex_t sid_lock;
43 static avl_tree_t sid_tree;
44 static boolean_t sid_inited = B_FALSE;
45
46 static ksiddomain_t
ksid_enterdomain(const char * dom)47 *ksid_enterdomain(const char *dom)
48 {
49 size_t len = strlen(dom) + 1;
50 ksiddomain_t *res;
51
52 ASSERT(MUTEX_HELD(&sid_lock));
53 res = kmem_alloc(sizeof (ksiddomain_t), KM_SLEEP);
54 res->kd_len = (uint_t)len;
55 res->kd_name = kmem_alloc(len, KM_SLEEP);
56 bcopy(dom, res->kd_name, len);
57
58 res->kd_ref = 1;
59
60 avl_add(&sid_tree, res);
61
62 return (res);
63 }
64
65 void
ksid_hold(ksid_t * ks)66 ksid_hold(ksid_t *ks)
67 {
68 if (ks->ks_domain != NULL)
69 ksiddomain_hold(ks->ks_domain);
70 }
71
72 void
ksid_rele(ksid_t * ks)73 ksid_rele(ksid_t *ks)
74 {
75 if (ks->ks_domain != NULL)
76 ksiddomain_rele(ks->ks_domain);
77 }
78
79 void
ksiddomain_hold(ksiddomain_t * kd)80 ksiddomain_hold(ksiddomain_t *kd)
81 {
82 atomic_inc_32(&kd->kd_ref);
83 }
84
85 void
ksiddomain_rele(ksiddomain_t * kd)86 ksiddomain_rele(ksiddomain_t *kd)
87 {
88 if (atomic_dec_32_nv(&kd->kd_ref) == 0) {
89 /*
90 * The kd reference can only be incremented from 0 when
91 * the sid_lock is held; so we lock and then check need to
92 * check for 0 again.
93 */
94 mutex_enter(&sid_lock);
95 if (kd->kd_ref == 0) {
96 avl_remove(&sid_tree, kd);
97 kmem_free(kd->kd_name, kd->kd_len);
98 kmem_free(kd, sizeof (*kd));
99 }
100 mutex_exit(&sid_lock);
101 }
102 }
103
104 void
ksidlist_hold(ksidlist_t * ksl)105 ksidlist_hold(ksidlist_t *ksl)
106 {
107 atomic_inc_32(&ksl->ksl_ref);
108 }
109
110 void
ksidlist_rele(ksidlist_t * ksl)111 ksidlist_rele(ksidlist_t *ksl)
112 {
113 if (atomic_dec_32_nv(&ksl->ksl_ref) == 0) {
114 int i;
115
116 for (i = 0; i < ksl->ksl_nsid; i++)
117 ksid_rele(&ksl->ksl_sids[i]);
118
119 kmem_free(ksl, KSIDLIST_MEM(ksl->ksl_nsid));
120 }
121 }
122
123 static int
ksid_cmp(const void * a,const void * b)124 ksid_cmp(const void *a, const void *b)
125 {
126 const ksiddomain_t *ap = a;
127 const ksiddomain_t *bp = b;
128 int res;
129
130 res = strcmp(ap->kd_name, bp->kd_name);
131 if (res > 0)
132 return (1);
133 if (res != 0)
134 return (-1);
135 return (0);
136 }
137
138 /*
139 * Lookup the named domain in the AVL tree.
140 * If no entry is found, add the domain to the AVL tree.
141 * The domain is returned held and needs to be released
142 * when done.
143 */
144 ksiddomain_t
ksid_lookupdomain(const char * dom)145 *ksid_lookupdomain(const char *dom)
146 {
147 ksiddomain_t *res;
148 ksiddomain_t tmpl;
149
150 mutex_enter(&sid_lock);
151
152 if (!sid_inited) {
153 avl_create(&sid_tree, ksid_cmp, sizeof (ksiddomain_t),
154 offsetof(ksiddomain_t, kd_link));
155
156 res = ksid_enterdomain(dom);
157 sid_inited = B_TRUE;
158 mutex_exit(&sid_lock);
159 return (res);
160 }
161
162 tmpl.kd_name = (char *)dom;
163
164 res = avl_find(&sid_tree, &tmpl, NULL);
165 if (res == NULL) {
166 res = ksid_enterdomain(dom);
167 } else {
168 ksiddomain_hold(res);
169 }
170
171 mutex_exit(&sid_lock);
172 return (res);
173 }
174
175 const char *
ksid_getdomain(ksid_t * ks)176 ksid_getdomain(ksid_t *ks)
177 {
178 return (ks->ks_domain->kd_name);
179 }
180
181 uint_t
ksid_getrid(ksid_t * ks)182 ksid_getrid(ksid_t *ks)
183 {
184 return (ks->ks_rid);
185 }
186
187 uid_t
ksid_getid(ksid_t * ks)188 ksid_getid(ksid_t *ks)
189 {
190 return (ks->ks_id);
191 }
192
193 int
ksid_lookupbyuid(zone_t * zone,uid_t id,ksid_t * res)194 ksid_lookupbyuid(zone_t *zone, uid_t id, ksid_t *res)
195 {
196 const char *sid_prefix;
197
198 if (kidmap_getsidbyuid(zone, id, &sid_prefix, &res->ks_rid)
199 != IDMAP_SUCCESS)
200 return (-1);
201
202 res->ks_domain = ksid_lookupdomain(sid_prefix);
203
204 res->ks_id = id;
205
206 return (0);
207 }
208
209 int
ksid_lookupbygid(zone_t * zone,gid_t id,ksid_t * res)210 ksid_lookupbygid(zone_t *zone, gid_t id, ksid_t *res)
211 {
212 const char *sid_prefix;
213
214 if (kidmap_getsidbygid(zone, id, &sid_prefix, &res->ks_rid)
215 != IDMAP_SUCCESS)
216 return (-1);
217
218 res->ks_domain = ksid_lookupdomain(sid_prefix);
219
220 res->ks_id = id;
221
222 return (0);
223 }
224
225 credsid_t *
kcrsid_alloc(void)226 kcrsid_alloc(void)
227 {
228 credsid_t *kcr = kmem_zalloc(sizeof (*kcr), KM_SLEEP);
229 kcr->kr_ref = 1;
230 return (kcr);
231 }
232
233 /*
234 * Returns a credsid_t with a refcount of 1.
235 */
236 static credsid_t *
kcrsid_dup(credsid_t * org)237 kcrsid_dup(credsid_t *org)
238 {
239 credsid_t *new;
240 ksid_index_t ki;
241
242 if (org == NULL)
243 return (kcrsid_alloc());
244 if (org->kr_ref == 1)
245 return (org);
246 new = kcrsid_alloc();
247
248 /* Copy, then update reference counts */
249 *new = *org;
250 new->kr_ref = 1;
251 for (ki = 0; ki < KSID_COUNT; ki++)
252 ksid_hold(&new->kr_sidx[ki]);
253
254 if (new->kr_sidlist != NULL)
255 ksidlist_hold(new->kr_sidlist);
256
257 kcrsid_rele(org);
258 return (new);
259 }
260
261 void
kcrsid_hold(credsid_t * kcr)262 kcrsid_hold(credsid_t *kcr)
263 {
264 atomic_inc_32(&kcr->kr_ref);
265 }
266
267 void
kcrsid_rele(credsid_t * kcr)268 kcrsid_rele(credsid_t *kcr)
269 {
270 if (atomic_dec_32_nv(&kcr->kr_ref) == 0) {
271 ksid_index_t i;
272
273 for (i = 0; i < KSID_COUNT; i++)
274 ksid_rele(&kcr->kr_sidx[i]);
275
276 if (kcr->kr_sidlist != NULL)
277 ksidlist_rele(kcr->kr_sidlist);
278
279 kmem_free(kcr, sizeof (*kcr));
280 }
281 }
282
283 /*
284 * Copy the SID credential into a previously allocated piece of memory.
285 */
286 void
kcrsidcopy_to(const credsid_t * okcr,credsid_t * nkcr)287 kcrsidcopy_to(const credsid_t *okcr, credsid_t *nkcr)
288 {
289 int i;
290
291 ASSERT(nkcr->kr_ref == 1);
292
293 if (okcr == NULL)
294 return;
295 *nkcr = *okcr;
296 for (i = 0; i < KSID_COUNT; i++)
297 ksid_hold(&nkcr->kr_sidx[i]);
298 if (nkcr->kr_sidlist != NULL)
299 ksidlist_hold(nkcr->kr_sidlist);
300 nkcr->kr_ref = 1;
301 }
302
303 static int
kcrsid_sidcount(const credsid_t * kcr)304 kcrsid_sidcount(const credsid_t *kcr)
305 {
306 int cnt = 0;
307 int i;
308
309 if (kcr == NULL)
310 return (0);
311
312 for (i = 0; i < KSID_COUNT; i++)
313 if (kcr->kr_sidx[i].ks_domain != NULL)
314 cnt++;
315
316 if (kcr->kr_sidlist != NULL)
317 cnt += kcr->kr_sidlist->ksl_nsid;
318 return (cnt);
319 }
320
321 /*
322 * Argument needs to be a ksid_t with a properly held ks_domain reference.
323 */
324 credsid_t *
kcrsid_setsid(credsid_t * okcr,ksid_t * ksp,ksid_index_t i)325 kcrsid_setsid(credsid_t *okcr, ksid_t *ksp, ksid_index_t i)
326 {
327 int ocnt = kcrsid_sidcount(okcr);
328 credsid_t *nkcr;
329
330 /*
331 * Unset the particular ksid; if there are no other SIDs or if this
332 * is the last SID, remove the auxilary data structure.
333 */
334 if (ksp == NULL) {
335 if (ocnt == 0 ||
336 (ocnt == 1 && okcr->kr_sidx[i].ks_domain != NULL)) {
337 if (okcr != NULL)
338 kcrsid_rele(okcr);
339 return (NULL);
340 }
341 }
342 nkcr = kcrsid_dup(okcr);
343 ksid_rele(&nkcr->kr_sidx[i]);
344 if (ksp == NULL)
345 bzero(&nkcr->kr_sidx[i], sizeof (ksid_t));
346 else
347 nkcr->kr_sidx[i] = *ksp;
348
349 return (nkcr);
350 }
351
352 /*
353 * Argument needs to be a ksidlist_t with properly held ks_domain references
354 * and a reference count taking the new reference into account.
355 */
356 credsid_t *
kcrsid_setsidlist(credsid_t * okcr,ksidlist_t * ksl)357 kcrsid_setsidlist(credsid_t *okcr, ksidlist_t *ksl)
358 {
359 int ocnt = kcrsid_sidcount(okcr);
360 credsid_t *nkcr;
361
362 /*
363 * Unset the sidlist; if there are no further SIDs, remove the
364 * auxilary data structure.
365 */
366 if (ksl == NULL) {
367 if (ocnt == 0 || (okcr->kr_sidlist != NULL &&
368 ocnt == okcr->kr_sidlist->ksl_nsid)) {
369 if (okcr != NULL)
370 kcrsid_rele(okcr);
371 return (NULL);
372 }
373 }
374 nkcr = kcrsid_dup(okcr);
375 if (nkcr->kr_sidlist != NULL)
376 ksidlist_rele(nkcr->kr_sidlist);
377
378 nkcr->kr_sidlist = ksl;
379 return (nkcr);
380 }
381
382 ksidlist_t *
kcrsid_gidstosids(zone_t * zone,int ngrp,gid_t * grp)383 kcrsid_gidstosids(zone_t *zone, int ngrp, gid_t *grp)
384 {
385 int i;
386 ksidlist_t *list;
387 int cnt;
388
389 if (ngrp == 0)
390 return (NULL);
391
392 cnt = 0;
393 list = kmem_zalloc(KSIDLIST_MEM(ngrp), KM_SLEEP);
394
395 list->ksl_nsid = ngrp;
396 list->ksl_ref = 1;
397
398 for (i = 0; i < ngrp; i++) {
399 if (grp[i] > MAXUID) {
400 list->ksl_neid++;
401 if (ksid_lookupbygid(zone,
402 grp[i], &list->ksl_sids[i]) != 0) {
403 while (--i >= 0)
404 ksid_rele(&list->ksl_sids[i]);
405 cnt = 0;
406 break;
407 }
408 cnt++;
409 } else {
410 list->ksl_sids[i].ks_id = grp[i];
411 }
412 }
413 if (cnt == 0) {
414 kmem_free(list, KSIDLIST_MEM(ngrp));
415 return (NULL);
416 }
417 return (list);
418 }
419