xref: /titanic_44/usr/src/uts/common/syscall/groups.c (revision ddf7fe95b8ad67aa16deb427a0b78f4dd4ff22b1) 
17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
5f48205beScasper  * Common Development and Distribution License (the "License").
6f48205beScasper  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate /*
227c478bd9Sstevel@tonic-gate  * Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T
23bda89588Sjp151216  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
247c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
257c478bd9Sstevel@tonic-gate  */
267c478bd9Sstevel@tonic-gate 
277c478bd9Sstevel@tonic-gate 
287c478bd9Sstevel@tonic-gate #pragma ident	"%Z%%M%	%I%	%E% SMI"	/* from SVr4.0 1.78 */
297c478bd9Sstevel@tonic-gate 
307c478bd9Sstevel@tonic-gate #include <sys/param.h>
317c478bd9Sstevel@tonic-gate #include <sys/types.h>
327c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h>
337c478bd9Sstevel@tonic-gate #include <sys/systm.h>
347c478bd9Sstevel@tonic-gate #include <sys/cred_impl.h>
357c478bd9Sstevel@tonic-gate #include <sys/errno.h>
367c478bd9Sstevel@tonic-gate #include <sys/proc.h>
377c478bd9Sstevel@tonic-gate #include <sys/debug.h>
387c478bd9Sstevel@tonic-gate #include <sys/kmem.h>
397c478bd9Sstevel@tonic-gate #include <sys/policy.h>
407c478bd9Sstevel@tonic-gate 
417c478bd9Sstevel@tonic-gate int
427c478bd9Sstevel@tonic-gate setgroups(int gidsetsize, gid_t *gidset)
437c478bd9Sstevel@tonic-gate {
447c478bd9Sstevel@tonic-gate 	proc_t	*p;
457c478bd9Sstevel@tonic-gate 	cred_t	*cr, *newcr;
467c478bd9Sstevel@tonic-gate 	int	i;
477c478bd9Sstevel@tonic-gate 	int	n = gidsetsize;
487c478bd9Sstevel@tonic-gate 	gid_t	*groups = NULL;
497c478bd9Sstevel@tonic-gate 	int	error;
50f48205beScasper 	int	scnt = 0;
51f48205beScasper 	ksidlist_t *ksl = NULL;
52bda89588Sjp151216 	zone_t	*zone;
537c478bd9Sstevel@tonic-gate 
547c478bd9Sstevel@tonic-gate 	/* Perform the cheapest tests before grabbing p_crlock  */
557c478bd9Sstevel@tonic-gate 	if (n > ngroups_max || n < 0)
567c478bd9Sstevel@tonic-gate 		return (set_errno(EINVAL));
577c478bd9Sstevel@tonic-gate 
58bda89588Sjp151216 	zone = crgetzone(CRED());
597c478bd9Sstevel@tonic-gate 	if (n != 0) {
607c478bd9Sstevel@tonic-gate 		groups = kmem_alloc(n * sizeof (gid_t), KM_SLEEP);
617c478bd9Sstevel@tonic-gate 
627c478bd9Sstevel@tonic-gate 		if (copyin(gidset, groups, n * sizeof (gid_t)) != 0) {
637c478bd9Sstevel@tonic-gate 			kmem_free(groups, n * sizeof (gid_t));
647c478bd9Sstevel@tonic-gate 			return (set_errno(EFAULT));
657c478bd9Sstevel@tonic-gate 		}
667c478bd9Sstevel@tonic-gate 
677c478bd9Sstevel@tonic-gate 		for (i = 0; i < n; i++) {
68bda89588Sjp151216 			if (!VALID_GID(groups[i], zone)) {
69f48205beScasper 				kmem_free(groups, n * sizeof (gid_t));
70f48205beScasper 				return (set_errno(EINVAL));
71f48205beScasper 			}
72f48205beScasper 			if (groups[i] > MAXUID)
73f48205beScasper 				scnt++;
74f48205beScasper 		}
75f48205beScasper 		if (scnt > 0) {
76bda89588Sjp151216 			ksl = kcrsid_gidstosids(zone, n, groups);
77f48205beScasper 			if (ksl == NULL) {
787c478bd9Sstevel@tonic-gate 				kmem_free(groups, n * sizeof (gid_t));
797c478bd9Sstevel@tonic-gate 				return (set_errno(EINVAL));
807c478bd9Sstevel@tonic-gate 			}
817c478bd9Sstevel@tonic-gate 		}
827c478bd9Sstevel@tonic-gate 	}
837c478bd9Sstevel@tonic-gate 
84f48205beScasper 
857c478bd9Sstevel@tonic-gate 	/*
867c478bd9Sstevel@tonic-gate 	 * Need to pre-allocate the new cred structure before acquiring
877c478bd9Sstevel@tonic-gate 	 * the p_crlock mutex.
887c478bd9Sstevel@tonic-gate 	 */
89f48205beScasper 	newcr = cralloc_ksid();
907c478bd9Sstevel@tonic-gate 	p = ttoproc(curthread);
917c478bd9Sstevel@tonic-gate 	mutex_enter(&p->p_crlock);
92*ddf7fe95Scasper retry:
937c478bd9Sstevel@tonic-gate 	cr = p->p_cred;
94*ddf7fe95Scasper 	crhold(cr);
95*ddf7fe95Scasper 	mutex_exit(&p->p_crlock);
967c478bd9Sstevel@tonic-gate 
977c478bd9Sstevel@tonic-gate 	if ((error = secpolicy_allow_setid(cr, -1, B_FALSE)) != 0) {
987c478bd9Sstevel@tonic-gate 		if (groups != NULL)
997c478bd9Sstevel@tonic-gate 			kmem_free(groups, n * sizeof (gid_t));
100f48205beScasper 		if (ksl != NULL)
101f48205beScasper 			ksidlist_rele(ksl);
1027c478bd9Sstevel@tonic-gate 		crfree(newcr);
103*ddf7fe95Scasper 		crfree(cr);
1047c478bd9Sstevel@tonic-gate 		return (set_errno(error));
1057c478bd9Sstevel@tonic-gate 	}
106*ddf7fe95Scasper 	mutex_enter(&p->p_crlock);
107*ddf7fe95Scasper 	crfree(cr);
108*ddf7fe95Scasper 	if (cr != p->p_cred)
109*ddf7fe95Scasper 		goto retry;
1107c478bd9Sstevel@tonic-gate 
1117c478bd9Sstevel@tonic-gate 	crdup_to(cr, newcr);
112f48205beScasper 	crsetsidlist(newcr, ksl);
1137c478bd9Sstevel@tonic-gate 
1147c478bd9Sstevel@tonic-gate 	if (n != 0) {
1157c478bd9Sstevel@tonic-gate 		bcopy(groups, newcr->cr_groups, n * sizeof (gid_t));
1167c478bd9Sstevel@tonic-gate 		kmem_free(groups, n * sizeof (gid_t));
1177c478bd9Sstevel@tonic-gate 	}
1187c478bd9Sstevel@tonic-gate 
1197c478bd9Sstevel@tonic-gate 	newcr->cr_ngroups = n;
1207c478bd9Sstevel@tonic-gate 
1217c478bd9Sstevel@tonic-gate 	p->p_cred = newcr;
1227c478bd9Sstevel@tonic-gate 	crhold(newcr);			/* hold for the current thread */
1237c478bd9Sstevel@tonic-gate 	crfree(cr);			/* free the old one */
1247c478bd9Sstevel@tonic-gate 	mutex_exit(&p->p_crlock);
1257c478bd9Sstevel@tonic-gate 
1267c478bd9Sstevel@tonic-gate 	/*
1277c478bd9Sstevel@tonic-gate 	 * Broadcast new cred to process threads (including the current one).
1287c478bd9Sstevel@tonic-gate 	 */
1297c478bd9Sstevel@tonic-gate 	crset(p, newcr);
1307c478bd9Sstevel@tonic-gate 
1317c478bd9Sstevel@tonic-gate 	return (0);
1327c478bd9Sstevel@tonic-gate }
1337c478bd9Sstevel@tonic-gate 
1347c478bd9Sstevel@tonic-gate int
1357c478bd9Sstevel@tonic-gate getgroups(int gidsetsize, gid_t *gidset)
1367c478bd9Sstevel@tonic-gate {
1377c478bd9Sstevel@tonic-gate 	struct cred *cr;
1387c478bd9Sstevel@tonic-gate 	int n;
1397c478bd9Sstevel@tonic-gate 
1407c478bd9Sstevel@tonic-gate 	cr = curthread->t_cred;
1417c478bd9Sstevel@tonic-gate 	n = (int)cr->cr_ngroups;
1427c478bd9Sstevel@tonic-gate 
1437c478bd9Sstevel@tonic-gate 	if (gidsetsize != 0) {
1447c478bd9Sstevel@tonic-gate 		if (gidsetsize < n)
1457c478bd9Sstevel@tonic-gate 			return (set_errno(EINVAL));
1467c478bd9Sstevel@tonic-gate 		if (copyout(cr->cr_groups, gidset, n * sizeof (gid_t)))
1477c478bd9Sstevel@tonic-gate 			return (set_errno(EFAULT));
1487c478bd9Sstevel@tonic-gate 	}
1497c478bd9Sstevel@tonic-gate 
1507c478bd9Sstevel@tonic-gate 	return (n);
1517c478bd9Sstevel@tonic-gate }
152