1f48205beScasper /* 2f48205beScasper * CDDL HEADER START 3f48205beScasper * 4f48205beScasper * The contents of this file are subject to the terms of the 5f48205beScasper * Common Development and Distribution License (the "License"). 6f48205beScasper * You may not use this file except in compliance with the License. 7f48205beScasper * 8f48205beScasper * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9f48205beScasper * or http://www.opensolaris.org/os/licensing. 10f48205beScasper * See the License for the specific language governing permissions 11f48205beScasper * and limitations under the License. 12f48205beScasper * 13f48205beScasper * When distributing Covered Code, include this CDDL HEADER in each 14f48205beScasper * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15f48205beScasper * If applicable, add the following below this CDDL HEADER, with the 16f48205beScasper * fields enclosed by brackets "[]" replaced with your own identifying 17f48205beScasper * information: Portions Copyright [yyyy] [name of copyright owner] 18f48205beScasper * 19f48205beScasper * CDDL HEADER END 20f48205beScasper */ 21f48205beScasper 22f48205beScasper /* 23f48205beScasper * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 24f48205beScasper * Use is subject to license terms. 25f48205beScasper */ 26f48205beScasper 27f48205beScasper #pragma ident "%Z%%M% %I% %E% SMI" 28f48205beScasper 29f48205beScasper /* 30f48205beScasper * SID system call. 31f48205beScasper */ 32f48205beScasper 33f48205beScasper #include <sys/sid.h> 34f48205beScasper #include <sys/cred.h> 35f48205beScasper #include <sys/errno.h> 36f48205beScasper #include <sys/systm.h> 37f48205beScasper #include <sys/policy.h> 38f48205beScasper #include <sys/door.h> 39*c5c4113dSnw141292 #include <sys/kidmap.h> 40*c5c4113dSnw141292 #include <sys/proc.h> 41f48205beScasper 42*c5c4113dSnw141292 static uint64_t 43*c5c4113dSnw141292 allocids(int flag, int nuids, int ngids) 44f48205beScasper { 45*c5c4113dSnw141292 rval_t r; 46*c5c4113dSnw141292 uid_t su = 0; 47*c5c4113dSnw141292 gid_t sg = 0; 48*c5c4113dSnw141292 struct door_info di; 49*c5c4113dSnw141292 door_handle_t dh; 50*c5c4113dSnw141292 idmap_reg_t *reg; 51*c5c4113dSnw141292 int err; 52f48205beScasper 53*c5c4113dSnw141292 idmap_get_door(®, &dh); 54f48205beScasper 55*c5c4113dSnw141292 if (reg == NULL || dh == NULL) 56*c5c4113dSnw141292 return (set_errno(EPERM)); 57f48205beScasper 58*c5c4113dSnw141292 if ((err = door_ki_info(dh, &di)) != 0) 59*c5c4113dSnw141292 return (set_errno(err)); 60f48205beScasper 61*c5c4113dSnw141292 if (curproc->p_pid != di.di_target) 62*c5c4113dSnw141292 return (set_errno(EPERM)); 63f48205beScasper 64*c5c4113dSnw141292 idmap_release_door(reg); 65f48205beScasper 66*c5c4113dSnw141292 if (nuids < 0 || ngids < 0) 67*c5c4113dSnw141292 return (set_errno(EINVAL)); 68f48205beScasper 69*c5c4113dSnw141292 if (flag != 0 || nuids > 0) 70*c5c4113dSnw141292 err = eph_uid_alloc(flag, &su, nuids); 71*c5c4113dSnw141292 if (err == 0 && (flag != 0 || ngids > 0)) 72*c5c4113dSnw141292 err = eph_gid_alloc(flag, &sg, ngids); 73f48205beScasper 74*c5c4113dSnw141292 if (err != 0) 75*c5c4113dSnw141292 return (set_errno(EOVERFLOW)); 76f48205beScasper 77*c5c4113dSnw141292 r.r_val1 = su; 78*c5c4113dSnw141292 r.r_val2 = sg; 79*c5c4113dSnw141292 return (r.r_vals); 80f48205beScasper } 81f48205beScasper 82f48205beScasper static int 83f48205beScasper idmap_reg(int did) 84f48205beScasper { 85f48205beScasper door_handle_t dh; 86f48205beScasper int err; 87f48205beScasper 88f48205beScasper if ((err = secpolicy_idmap(CRED())) != 0) 89f48205beScasper return (set_errno(err)); 90f48205beScasper 91f48205beScasper dh = door_ki_lookup(did); 92f48205beScasper 93f48205beScasper if (dh == NULL) 94f48205beScasper return (set_errno(EBADF)); 95f48205beScasper 96*c5c4113dSnw141292 err = idmap_reg_dh(dh); 97f48205beScasper 98*c5c4113dSnw141292 return (err); 99f48205beScasper } 100f48205beScasper 101f48205beScasper static int 102f48205beScasper idmap_unreg(int did) 103f48205beScasper { 104f48205beScasper door_handle_t dh = door_ki_lookup(did); 105f48205beScasper int res; 106f48205beScasper 107f48205beScasper if (dh == NULL) 108f48205beScasper return (set_errno(EINVAL)); 109f48205beScasper 110f48205beScasper res = idmap_unreg_dh(dh); 111f48205beScasper door_ki_rele(dh); 112f48205beScasper 113f48205beScasper if (res != 0) 114f48205beScasper return (set_errno(res)); 115f48205beScasper return (0); 116f48205beScasper } 117f48205beScasper 118f48205beScasper uint64_t 119f48205beScasper sidsys(int op, int flag, int nuids, int ngids) 120f48205beScasper { 121f48205beScasper switch (op) { 122f48205beScasper case SIDSYS_ALLOC_IDS: 123f48205beScasper return (allocids(flag, nuids, ngids)); 124f48205beScasper case SIDSYS_IDMAP_REG: 125f48205beScasper return (idmap_reg(flag)); 126f48205beScasper case SIDSYS_IDMAP_UNREG: 127f48205beScasper return (idmap_unreg(flag)); 128f48205beScasper default: 129f48205beScasper return (set_errno(EINVAL)); 130f48205beScasper } 131f48205beScasper } 132