1 /*- 2 * SPDX-License-Identifier: BSD-4-Clause 3 * 4 * Copyright (c) 1994 Herb Peyerl <hpeyerl@novatel.ca> 5 * Copyright (c) 2006 nCircle Network Security, Inc. 6 * All rights reserved. 7 * 8 * This software was developed by Robert N. M. Watson for the TrustedBSD 9 * Project under contract to nCircle Network Security, Inc. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 3. All advertising materials mentioning features or use of this software 20 * must display the following acknowledgement: 21 * This product includes software developed by Herb Peyerl. 22 * 4. The name of Herb Peyerl may not be used to endorse or promote products 23 * derived from this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35 * 36 * $NetBSD: sysv_ipc.c,v 1.9 1995/06/02 19:04:22 mycroft Exp $ 37 */ 38 39 #include "opt_sysvipc.h" 40 41 #include <sys/param.h> 42 #include <sys/systm.h> 43 #include <sys/sem.h> 44 #include <sys/shm.h> 45 #include <sys/ipc.h> 46 #include <sys/priv.h> 47 #include <sys/proc.h> 48 #include <sys/ucred.h> 49 50 #ifndef SYSVSHM 51 void (*shmfork_hook)(struct proc *, struct proc *) = NULL; 52 void (*shmexit_hook)(struct vmspace *) = NULL; 53 void (*shmobjinfo_hook)(struct vm_object *, key_t *key, 54 unsigned short *seq) = NULL; 55 56 /* called from kern_fork.c */ 57 void 58 shmfork(struct proc *p1, struct proc *p2) 59 { 60 if (shmfork_hook != NULL) 61 shmfork_hook(p1, p2); 62 } 63 64 /* called from kern_exit.c */ 65 void 66 shmexit(struct vmspace *vm) 67 { 68 if (shmexit_hook != NULL) 69 shmexit_hook(vm); 70 } 71 72 void 73 shmobjinfo(struct vm_object *obj, key_t *key, unsigned short *seq) 74 { 75 *key = 0; /* For non-present sysvshm.ko */ 76 *seq = 0; 77 if (shmobjinfo_hook != NULL) 78 shmobjinfo_hook(obj, key, seq); 79 } 80 #endif 81 82 /* 83 * Check for IPC permission. 84 * 85 * Note: The MAC Framework does not require any modifications to the 86 * ipcperm() function, as access control checks are performed throughout the 87 * implementation of each primitive. Those entry point calls complement the 88 * ipcperm() discertionary checks. Unlike file system discretionary access 89 * control, the original create of an object is given the same rights as the 90 * current owner. 91 */ 92 int 93 ipcperm(struct thread *td, struct ipc_perm *perm, int acc_mode) 94 { 95 struct ucred *cred = td->td_ucred; 96 int error, obj_mode, dac_granted, priv_granted; 97 98 dac_granted = 0; 99 if (cred->cr_uid == perm->cuid || cred->cr_uid == perm->uid) { 100 obj_mode = perm->mode; 101 dac_granted |= IPC_M; 102 } else if (groupmember(perm->gid, cred) || 103 groupmember(perm->cgid, cred)) { 104 obj_mode = perm->mode; 105 obj_mode <<= 3; 106 } else { 107 obj_mode = perm->mode; 108 obj_mode <<= 6; 109 } 110 111 /* 112 * While the System V IPC permission model allows IPC_M to be 113 * granted, as part of the mode, our implementation requires 114 * privilege to adminster the object if not the owner or creator. 115 */ 116 #if 0 117 if (obj_mode & IPC_M) 118 dac_granted |= IPC_M; 119 #endif 120 if (obj_mode & IPC_R) 121 dac_granted |= IPC_R; 122 if (obj_mode & IPC_W) 123 dac_granted |= IPC_W; 124 125 /* 126 * Simple case: all required rights are granted by DAC. 127 */ 128 if ((dac_granted & acc_mode) == acc_mode) 129 return (0); 130 131 /* 132 * Privilege is required to satisfy the request. 133 */ 134 priv_granted = 0; 135 if ((acc_mode & IPC_M) && !(dac_granted & IPC_M)) { 136 error = priv_check(td, PRIV_IPC_ADMIN); 137 if (error == 0) 138 priv_granted |= IPC_M; 139 } 140 141 if ((acc_mode & IPC_R) && !(dac_granted & IPC_R)) { 142 error = priv_check(td, PRIV_IPC_READ); 143 if (error == 0) 144 priv_granted |= IPC_R; 145 } 146 147 if ((acc_mode & IPC_W) && !(dac_granted & IPC_W)) { 148 error = priv_check(td, PRIV_IPC_WRITE); 149 if (error == 0) 150 priv_granted |= IPC_W; 151 } 152 153 if (((dac_granted | priv_granted) & acc_mode) == acc_mode) 154 return (0); 155 else 156 return (EACCES); 157 } 158 159 #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ 160 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) 161 void 162 ipcperm_old2new(struct ipc_perm_old *old, struct ipc_perm *new) 163 { 164 165 new->cuid = old->cuid; 166 new->cgid = old->cgid; 167 new->uid = old->uid; 168 new->gid = old->gid; 169 new->mode = old->mode; 170 new->seq = old->seq; 171 new->key = old->key; 172 } 173 174 void 175 ipcperm_new2old(struct ipc_perm *new, struct ipc_perm_old *old) 176 { 177 178 /* XXX: How to handle ID's > USHORT_MAX? */ 179 old->cuid = new->cuid; 180 old->cgid = new->cgid; 181 old->uid = new->uid; 182 old->gid = new->gid; 183 old->mode = new->mode; 184 old->seq = new->seq; 185 old->key = new->key; 186 } 187 #endif 188 189 #ifdef COMPAT_FREEBSD32 190 #include <sys/mount.h> 191 #include <sys/socket.h> 192 #include <compat/freebsd32/freebsd32.h> 193 #include <compat/freebsd32/freebsd32_ipc.h> 194 #include <compat/freebsd32/freebsd32_proto.h> 195 #include <compat/freebsd32/freebsd32_signal.h> 196 #include <compat/freebsd32/freebsd32_syscall.h> 197 #include <compat/freebsd32/freebsd32_util.h> 198 199 #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \ 200 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7) 201 void 202 freebsd32_ipcperm_old_in(struct ipc_perm_old32 *ip32, struct ipc_perm *ip) 203 { 204 205 CP(*ip32, *ip, cuid); 206 CP(*ip32, *ip, cgid); 207 CP(*ip32, *ip, uid); 208 CP(*ip32, *ip, gid); 209 CP(*ip32, *ip, mode); 210 CP(*ip32, *ip, seq); 211 CP(*ip32, *ip, key); 212 } 213 214 void 215 freebsd32_ipcperm_old_out(struct ipc_perm *ip, struct ipc_perm_old32 *ip32) 216 { 217 218 CP(*ip, *ip32, cuid); 219 CP(*ip, *ip32, cgid); 220 CP(*ip, *ip32, uid); 221 CP(*ip, *ip32, gid); 222 CP(*ip, *ip32, mode); 223 CP(*ip, *ip32, seq); 224 CP(*ip, *ip32, key); 225 } 226 #endif 227 228 void 229 freebsd32_ipcperm_in(struct ipc_perm32 *ip32, struct ipc_perm *ip) 230 { 231 232 CP(*ip32, *ip, cuid); 233 CP(*ip32, *ip, cgid); 234 CP(*ip32, *ip, uid); 235 CP(*ip32, *ip, gid); 236 CP(*ip32, *ip, mode); 237 CP(*ip32, *ip, seq); 238 CP(*ip32, *ip, key); 239 } 240 241 void 242 freebsd32_ipcperm_out(struct ipc_perm *ip, struct ipc_perm32 *ip32) 243 { 244 245 CP(*ip, *ip32, cuid); 246 CP(*ip, *ip32, cgid); 247 CP(*ip, *ip32, uid); 248 CP(*ip, *ip32, gid); 249 CP(*ip, *ip32, mode); 250 CP(*ip, *ip32, seq); 251 CP(*ip, *ip32, key); 252 } 253 #endif 254