17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate * CDDL HEADER START
37c478bd9Sstevel@tonic-gate *
47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the
5f48205beScasper * Common Development and Distribution License (the "License").
6f48205beScasper * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate *
87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate * and limitations under the License.
127c478bd9Sstevel@tonic-gate *
137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate *
197c478bd9Sstevel@tonic-gate * CDDL HEADER END
207c478bd9Sstevel@tonic-gate */
217c478bd9Sstevel@tonic-gate /*
22*134a1f4eSCasper H.S. Dik * Copyright (c) 1994, 2010, Oracle and/or its affiliates. All rights reserved.
237c478bd9Sstevel@tonic-gate */
247c478bd9Sstevel@tonic-gate
257c478bd9Sstevel@tonic-gate /*
267c478bd9Sstevel@tonic-gate * Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T
277c478bd9Sstevel@tonic-gate */
287c478bd9Sstevel@tonic-gate
297c478bd9Sstevel@tonic-gate #include <sys/param.h>
307c478bd9Sstevel@tonic-gate #include <sys/types.h>
317c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h>
327c478bd9Sstevel@tonic-gate #include <sys/systm.h>
337c478bd9Sstevel@tonic-gate #include <sys/tuneable.h>
347c478bd9Sstevel@tonic-gate #include <sys/cred_impl.h>
357c478bd9Sstevel@tonic-gate #include <sys/errno.h>
367c478bd9Sstevel@tonic-gate #include <sys/proc.h>
377c478bd9Sstevel@tonic-gate #include <sys/signal.h>
387c478bd9Sstevel@tonic-gate #include <sys/debug.h>
397c478bd9Sstevel@tonic-gate #include <sys/policy.h>
407c478bd9Sstevel@tonic-gate #include <sys/zone.h>
41f48205beScasper #include <sys/sid.h>
427c478bd9Sstevel@tonic-gate
437c478bd9Sstevel@tonic-gate int
setuid(uid_t uid)447c478bd9Sstevel@tonic-gate setuid(uid_t uid)
457c478bd9Sstevel@tonic-gate {
46f48205beScasper proc_t *p;
477c478bd9Sstevel@tonic-gate int error;
487c478bd9Sstevel@tonic-gate int do_nocd = 0;
497c478bd9Sstevel@tonic-gate int uidchge = 0;
507c478bd9Sstevel@tonic-gate cred_t *cr, *newcr;
517c478bd9Sstevel@tonic-gate uid_t oldruid = uid;
527c478bd9Sstevel@tonic-gate zoneid_t zoneid = getzoneid();
53f48205beScasper ksid_t ksid, *ksp;
54bda89588Sjp151216 zone_t *zone = crgetzone(CRED());
557c478bd9Sstevel@tonic-gate
56bda89588Sjp151216 if (!VALID_UID(uid, zone))
577c478bd9Sstevel@tonic-gate return (set_errno(EINVAL));
587c478bd9Sstevel@tonic-gate
59f48205beScasper if (uid > MAXUID) {
60bda89588Sjp151216 if (ksid_lookupbyuid(zone, uid, &ksid) != 0)
61f48205beScasper return (set_errno(EINVAL));
62f48205beScasper ksp = &ksid;
63f48205beScasper } else {
64f48205beScasper ksp = NULL;
65f48205beScasper }
667c478bd9Sstevel@tonic-gate /*
677c478bd9Sstevel@tonic-gate * Need to pre-allocate the new cred structure before grabbing
68ddf7fe95Scasper * the p_crlock mutex. We can't hold on to the p_crlock for most
69ddf7fe95Scasper * if this though, now that we allow kernel upcalls from the
70ddf7fe95Scasper * policy routines.
717c478bd9Sstevel@tonic-gate */
72f48205beScasper newcr = cralloc_ksid();
737c478bd9Sstevel@tonic-gate
747c478bd9Sstevel@tonic-gate p = ttoproc(curthread);
757c478bd9Sstevel@tonic-gate
767c478bd9Sstevel@tonic-gate retry:
777c478bd9Sstevel@tonic-gate mutex_enter(&p->p_crlock);
78ddf7fe95Scasper retry_locked:
797c478bd9Sstevel@tonic-gate cr = p->p_cred;
80ddf7fe95Scasper crhold(cr);
81ddf7fe95Scasper mutex_exit(&p->p_crlock);
827c478bd9Sstevel@tonic-gate
837c478bd9Sstevel@tonic-gate if ((uid == cr->cr_ruid || uid == cr->cr_suid) &&
847c478bd9Sstevel@tonic-gate secpolicy_allow_setid(cr, uid, B_TRUE) != 0) {
85ddf7fe95Scasper mutex_enter(&p->p_crlock);
86ddf7fe95Scasper crfree(cr);
87ddf7fe95Scasper if (cr != p->p_cred)
88ddf7fe95Scasper goto retry_locked;
897c478bd9Sstevel@tonic-gate error = 0;
907c478bd9Sstevel@tonic-gate crcopy_to(cr, newcr);
917c478bd9Sstevel@tonic-gate p->p_cred = newcr;
927c478bd9Sstevel@tonic-gate newcr->cr_uid = uid;
93f48205beScasper crsetsid(newcr, ksp, KSID_USER);
94ddf7fe95Scasper mutex_exit(&p->p_crlock);
957c478bd9Sstevel@tonic-gate } else if ((error = secpolicy_allow_setid(cr, uid, B_FALSE)) == 0) {
96ddf7fe95Scasper mutex_enter(&p->p_crlock);
97ddf7fe95Scasper crfree(cr);
98ddf7fe95Scasper if (cr != p->p_cred)
99ddf7fe95Scasper goto retry_locked;
1007c478bd9Sstevel@tonic-gate if (!uidchge && uid != cr->cr_ruid) {
1017c478bd9Sstevel@tonic-gate /*
1027c478bd9Sstevel@tonic-gate * The ruid of the process is going to change. In order
1037c478bd9Sstevel@tonic-gate * to avoid a race condition involving the
1047c478bd9Sstevel@tonic-gate * process-count associated with the newly given ruid,
1057c478bd9Sstevel@tonic-gate * we increment the count before assigning the
1067c478bd9Sstevel@tonic-gate * credential to the process.
1077c478bd9Sstevel@tonic-gate * To do that, we'll have to take pidlock, so we first
1087c478bd9Sstevel@tonic-gate * release p_crlock.
1097c478bd9Sstevel@tonic-gate */
1107c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock);
1117c478bd9Sstevel@tonic-gate uidchge = 1;
1127c478bd9Sstevel@tonic-gate mutex_enter(&pidlock);
1137c478bd9Sstevel@tonic-gate upcount_inc(uid, zoneid);
1147c478bd9Sstevel@tonic-gate mutex_exit(&pidlock);
1157c478bd9Sstevel@tonic-gate /*
1167c478bd9Sstevel@tonic-gate * As we released p_crlock we can't rely on the cr
1177c478bd9Sstevel@tonic-gate * we read. So retry the whole thing.
1187c478bd9Sstevel@tonic-gate */
1197c478bd9Sstevel@tonic-gate goto retry;
1207c478bd9Sstevel@tonic-gate }
1217c478bd9Sstevel@tonic-gate /*
1227c478bd9Sstevel@tonic-gate * A privileged process that gives up its privilege
1237c478bd9Sstevel@tonic-gate * must be marked to produce no core dump.
1247c478bd9Sstevel@tonic-gate */
1257c478bd9Sstevel@tonic-gate if (cr->cr_uid != uid ||
1267c478bd9Sstevel@tonic-gate cr->cr_ruid != uid ||
1277c478bd9Sstevel@tonic-gate cr->cr_suid != uid)
1287c478bd9Sstevel@tonic-gate do_nocd = 1;
1297c478bd9Sstevel@tonic-gate oldruid = cr->cr_ruid;
1307c478bd9Sstevel@tonic-gate crcopy_to(cr, newcr);
1317c478bd9Sstevel@tonic-gate p->p_cred = newcr;
1327c478bd9Sstevel@tonic-gate newcr->cr_ruid = uid;
1337c478bd9Sstevel@tonic-gate newcr->cr_suid = uid;
1347c478bd9Sstevel@tonic-gate newcr->cr_uid = uid;
135*134a1f4eSCasper H.S. Dik
136*134a1f4eSCasper H.S. Dik /* Remove the PRIV_PFEXEC, we changed the real uid. */
137*134a1f4eSCasper H.S. Dik if (uidchge)
138*134a1f4eSCasper H.S. Dik CR_FLAGS(newcr) &= ~PRIV_PFEXEC;
139*134a1f4eSCasper H.S. Dik
140f48205beScasper crsetsid(newcr, ksp, KSID_USER);
141982b4ad2SCasper H.S. Dik
142982b4ad2SCasper H.S. Dik priv_reset_PA(newcr, B_TRUE);
143982b4ad2SCasper H.S. Dik
1447c478bd9Sstevel@tonic-gate ASSERT(uid != oldruid ? uidchge : 1);
145ddf7fe95Scasper mutex_exit(&p->p_crlock);
146f48205beScasper } else {
1477c478bd9Sstevel@tonic-gate crfree(newcr);
148ddf7fe95Scasper crfree(cr);
149f48205beScasper if (ksp != NULL)
150f48205beScasper ksid_rele(ksp);
151f48205beScasper }
1527c478bd9Sstevel@tonic-gate
1537c478bd9Sstevel@tonic-gate /*
1547c478bd9Sstevel@tonic-gate * We decrement the number of processes associated with the oldruid
1557c478bd9Sstevel@tonic-gate * to match the increment above, even if the ruid of the process
1567c478bd9Sstevel@tonic-gate * did not change or an error occurred (oldruid == uid).
1577c478bd9Sstevel@tonic-gate */
1587c478bd9Sstevel@tonic-gate if (uidchge) {
1597c478bd9Sstevel@tonic-gate mutex_enter(&pidlock);
1607c478bd9Sstevel@tonic-gate upcount_dec(oldruid, zoneid);
1617c478bd9Sstevel@tonic-gate mutex_exit(&pidlock);
1627c478bd9Sstevel@tonic-gate }
1637c478bd9Sstevel@tonic-gate
1647c478bd9Sstevel@tonic-gate if (error == 0) {
1657c478bd9Sstevel@tonic-gate if (do_nocd) {
1667c478bd9Sstevel@tonic-gate mutex_enter(&p->p_lock);
1677c478bd9Sstevel@tonic-gate p->p_flag |= SNOCD;
1687c478bd9Sstevel@tonic-gate mutex_exit(&p->p_lock);
1697c478bd9Sstevel@tonic-gate }
1707c478bd9Sstevel@tonic-gate crset(p, newcr); /* broadcast to process threads */
1717c478bd9Sstevel@tonic-gate return (0);
1727c478bd9Sstevel@tonic-gate }
1737c478bd9Sstevel@tonic-gate return (set_errno(error));
1747c478bd9Sstevel@tonic-gate }
1757c478bd9Sstevel@tonic-gate
1767c478bd9Sstevel@tonic-gate int64_t
getuid(void)1777c478bd9Sstevel@tonic-gate getuid(void)
1787c478bd9Sstevel@tonic-gate {
1797c478bd9Sstevel@tonic-gate rval_t r;
1807c478bd9Sstevel@tonic-gate cred_t *cr;
1817c478bd9Sstevel@tonic-gate
1827c478bd9Sstevel@tonic-gate cr = curthread->t_cred;
1837c478bd9Sstevel@tonic-gate r.r_val1 = cr->cr_ruid;
1847c478bd9Sstevel@tonic-gate r.r_val2 = cr->cr_uid;
1857c478bd9Sstevel@tonic-gate return (r.r_vals);
1867c478bd9Sstevel@tonic-gate }
1877c478bd9Sstevel@tonic-gate
1887c478bd9Sstevel@tonic-gate int
seteuid(uid_t uid)1897c478bd9Sstevel@tonic-gate seteuid(uid_t uid)
1907c478bd9Sstevel@tonic-gate {
191f48205beScasper proc_t *p;
1927c478bd9Sstevel@tonic-gate int error = EPERM;
1937c478bd9Sstevel@tonic-gate int do_nocd = 0;
1947c478bd9Sstevel@tonic-gate cred_t *cr, *newcr;
195f48205beScasper ksid_t ksid, *ksp;
196bda89588Sjp151216 zone_t *zone = crgetzone(CRED());
1977c478bd9Sstevel@tonic-gate
198bda89588Sjp151216 if (!VALID_UID(uid, zone))
1997c478bd9Sstevel@tonic-gate return (set_errno(EINVAL));
2007c478bd9Sstevel@tonic-gate
201f48205beScasper if (uid > MAXUID) {
202bda89588Sjp151216 if (ksid_lookupbyuid(zone, uid, &ksid) != 0)
203f48205beScasper return (set_errno(EINVAL));
204f48205beScasper ksp = &ksid;
205f48205beScasper } else {
206f48205beScasper ksp = NULL;
207f48205beScasper }
208f48205beScasper
2097c478bd9Sstevel@tonic-gate /*
2107c478bd9Sstevel@tonic-gate * Need to pre-allocate the new cred structure before grabbing
2117c478bd9Sstevel@tonic-gate * the p_crlock mutex.
2127c478bd9Sstevel@tonic-gate */
213f48205beScasper newcr = cralloc_ksid();
2147c478bd9Sstevel@tonic-gate p = ttoproc(curthread);
2157c478bd9Sstevel@tonic-gate mutex_enter(&p->p_crlock);
216ddf7fe95Scasper retry:
217ddf7fe95Scasper crhold(cr = p->p_cred);
218ddf7fe95Scasper mutex_exit(&p->p_crlock);
2197c478bd9Sstevel@tonic-gate
2207c478bd9Sstevel@tonic-gate if (uid == cr->cr_ruid || uid == cr->cr_uid || uid == cr->cr_suid ||
2217c478bd9Sstevel@tonic-gate (error = secpolicy_allow_setid(cr, uid, B_FALSE)) == 0) {
2227c478bd9Sstevel@tonic-gate /*
2237c478bd9Sstevel@tonic-gate * A privileged process that makes itself look like a
2247c478bd9Sstevel@tonic-gate * set-uid process must be marked to produce no core dump,
2257c478bd9Sstevel@tonic-gate * if the effective uid did changed.
2267c478bd9Sstevel@tonic-gate */
227ddf7fe95Scasper mutex_enter(&p->p_crlock);
228ddf7fe95Scasper crfree(cr);
229ddf7fe95Scasper if (cr != p->p_cred)
230ddf7fe95Scasper goto retry;
2317c478bd9Sstevel@tonic-gate if (cr->cr_uid != uid && error == 0)
2327c478bd9Sstevel@tonic-gate do_nocd = 1;
2337c478bd9Sstevel@tonic-gate error = 0;
2347c478bd9Sstevel@tonic-gate crcopy_to(cr, newcr);
2357c478bd9Sstevel@tonic-gate p->p_cred = newcr;
2367c478bd9Sstevel@tonic-gate newcr->cr_uid = uid;
237f48205beScasper crsetsid(newcr, ksp, KSID_USER);
238982b4ad2SCasper H.S. Dik priv_reset_PA(newcr, B_FALSE);
2397c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock);
2407c478bd9Sstevel@tonic-gate if (do_nocd) {
2417c478bd9Sstevel@tonic-gate mutex_enter(&p->p_lock);
2427c478bd9Sstevel@tonic-gate p->p_flag |= SNOCD;
2437c478bd9Sstevel@tonic-gate mutex_exit(&p->p_lock);
2447c478bd9Sstevel@tonic-gate }
2457c478bd9Sstevel@tonic-gate crset(p, newcr); /* broadcast to process threads */
2467c478bd9Sstevel@tonic-gate return (0);
2477c478bd9Sstevel@tonic-gate }
248ddf7fe95Scasper
249ddf7fe95Scasper crfree(newcr);
250ddf7fe95Scasper crfree(cr);
251ddf7fe95Scasper if (ksp != NULL)
252ddf7fe95Scasper ksid_rele(ksp);
2537c478bd9Sstevel@tonic-gate return (set_errno(error));
2547c478bd9Sstevel@tonic-gate }
2557c478bd9Sstevel@tonic-gate
2567c478bd9Sstevel@tonic-gate /*
2577c478bd9Sstevel@tonic-gate * Buy-back from SunOS 4.x
2587c478bd9Sstevel@tonic-gate *
2597c478bd9Sstevel@tonic-gate * Like setuid() and seteuid() combined -except- that non-root users
2607c478bd9Sstevel@tonic-gate * can change cr_ruid to cr_uid, and the semantics of cr_suid are
2617c478bd9Sstevel@tonic-gate * subtly different.
2627c478bd9Sstevel@tonic-gate */
2637c478bd9Sstevel@tonic-gate int
setreuid(uid_t ruid,uid_t euid)2647c478bd9Sstevel@tonic-gate setreuid(uid_t ruid, uid_t euid)
2657c478bd9Sstevel@tonic-gate {
2667c478bd9Sstevel@tonic-gate proc_t *p;
2677c478bd9Sstevel@tonic-gate int error = 0;
2687c478bd9Sstevel@tonic-gate int do_nocd = 0;
2697c478bd9Sstevel@tonic-gate int uidchge = 0;
2707c478bd9Sstevel@tonic-gate uid_t oldruid = ruid;
2717c478bd9Sstevel@tonic-gate cred_t *cr, *newcr;
2727c478bd9Sstevel@tonic-gate zoneid_t zoneid = getzoneid();
273f48205beScasper ksid_t ksid, *ksp;
274bda89588Sjp151216 zone_t *zone = crgetzone(CRED());
2757c478bd9Sstevel@tonic-gate
276bda89588Sjp151216 if ((ruid != -1 && !VALID_UID(ruid, zone)) ||
277bda89588Sjp151216 (euid != -1 && !VALID_UID(euid, zone)))
2787c478bd9Sstevel@tonic-gate return (set_errno(EINVAL));
2797c478bd9Sstevel@tonic-gate
280f48205beScasper if (euid != -1 && euid > MAXUID) {
281bda89588Sjp151216 if (ksid_lookupbyuid(zone, euid, &ksid) != 0)
282f48205beScasper return (set_errno(EINVAL));
283f48205beScasper ksp = &ksid;
284f48205beScasper } else {
285f48205beScasper ksp = NULL;
286f48205beScasper }
287f48205beScasper
2887c478bd9Sstevel@tonic-gate /*
2897c478bd9Sstevel@tonic-gate * Need to pre-allocate the new cred structure before grabbing
2907c478bd9Sstevel@tonic-gate * the p_crlock mutex.
2917c478bd9Sstevel@tonic-gate */
292f48205beScasper newcr = cralloc_ksid();
2937c478bd9Sstevel@tonic-gate
2947c478bd9Sstevel@tonic-gate p = ttoproc(curthread);
2957c478bd9Sstevel@tonic-gate
2967c478bd9Sstevel@tonic-gate retry:
2977c478bd9Sstevel@tonic-gate mutex_enter(&p->p_crlock);
298ddf7fe95Scasper retry_locked:
299ddf7fe95Scasper crhold(cr = p->p_cred);
300ddf7fe95Scasper mutex_exit(&p->p_crlock);
3017c478bd9Sstevel@tonic-gate
3027c478bd9Sstevel@tonic-gate if (ruid != -1 && ruid != cr->cr_ruid && ruid != cr->cr_uid &&
3037c478bd9Sstevel@tonic-gate secpolicy_allow_setid(cr, ruid, B_FALSE) != 0) {
304ddf7fe95Scasper mutex_enter(&p->p_crlock);
305ddf7fe95Scasper crfree(cr);
306ddf7fe95Scasper if (cr != p->p_cred)
307ddf7fe95Scasper goto retry_locked;
3087c478bd9Sstevel@tonic-gate error = EPERM;
3097c478bd9Sstevel@tonic-gate } else if (euid != -1 &&
3107c478bd9Sstevel@tonic-gate euid != cr->cr_ruid && euid != cr->cr_uid &&
3117c478bd9Sstevel@tonic-gate euid != cr->cr_suid && secpolicy_allow_setid(cr, euid, B_FALSE)) {
312ddf7fe95Scasper mutex_enter(&p->p_crlock);
313ddf7fe95Scasper crfree(cr);
314ddf7fe95Scasper if (cr != p->p_cred)
315ddf7fe95Scasper goto retry_locked;
3167c478bd9Sstevel@tonic-gate error = EPERM;
3177c478bd9Sstevel@tonic-gate } else {
318ddf7fe95Scasper mutex_enter(&p->p_crlock);
319ddf7fe95Scasper crfree(cr);
320ddf7fe95Scasper if (cr != p->p_cred)
321ddf7fe95Scasper goto retry_locked;
3227c478bd9Sstevel@tonic-gate if (!uidchge && ruid != -1 && cr->cr_ruid != ruid) {
3237c478bd9Sstevel@tonic-gate /*
3247c478bd9Sstevel@tonic-gate * The ruid of the process is going to change. In order
3257c478bd9Sstevel@tonic-gate * to avoid a race condition involving the
3267c478bd9Sstevel@tonic-gate * process-count associated with the newly given ruid,
3277c478bd9Sstevel@tonic-gate * we increment the count before assigning the
3287c478bd9Sstevel@tonic-gate * credential to the process.
3297c478bd9Sstevel@tonic-gate * To do that, we'll have to take pidlock, so we first
3307c478bd9Sstevel@tonic-gate * release p_crlock.
3317c478bd9Sstevel@tonic-gate */
3327c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock);
3337c478bd9Sstevel@tonic-gate uidchge = 1;
3347c478bd9Sstevel@tonic-gate mutex_enter(&pidlock);
3357c478bd9Sstevel@tonic-gate upcount_inc(ruid, zoneid);
3367c478bd9Sstevel@tonic-gate mutex_exit(&pidlock);
3377c478bd9Sstevel@tonic-gate /*
3387c478bd9Sstevel@tonic-gate * As we released p_crlock we can't rely on the cr
3397c478bd9Sstevel@tonic-gate * we read. So retry the whole thing.
3407c478bd9Sstevel@tonic-gate */
3417c478bd9Sstevel@tonic-gate goto retry;
3427c478bd9Sstevel@tonic-gate }
3437c478bd9Sstevel@tonic-gate crhold(cr);
3447c478bd9Sstevel@tonic-gate crcopy_to(cr, newcr);
3457c478bd9Sstevel@tonic-gate p->p_cred = newcr;
3467c478bd9Sstevel@tonic-gate
347f48205beScasper if (euid != -1) {
3487c478bd9Sstevel@tonic-gate newcr->cr_uid = euid;
349f48205beScasper crsetsid(newcr, ksp, KSID_USER);
350f48205beScasper }
3517c478bd9Sstevel@tonic-gate if (ruid != -1) {
352*134a1f4eSCasper H.S. Dik /* Remove the PRIV_PFEXEC, we changed the real uid. */
353*134a1f4eSCasper H.S. Dik if (uidchge)
354*134a1f4eSCasper H.S. Dik CR_FLAGS(newcr) &= ~PRIV_PFEXEC;
355*134a1f4eSCasper H.S. Dik
3567c478bd9Sstevel@tonic-gate oldruid = newcr->cr_ruid;
3577c478bd9Sstevel@tonic-gate newcr->cr_ruid = ruid;
3587c478bd9Sstevel@tonic-gate ASSERT(ruid != oldruid ? uidchge : 1);
3597c478bd9Sstevel@tonic-gate }
3607c478bd9Sstevel@tonic-gate /*
3617c478bd9Sstevel@tonic-gate * "If the real uid is being changed, or the effective uid is
3627c478bd9Sstevel@tonic-gate * being changed to a value not equal to the real uid, the
3637c478bd9Sstevel@tonic-gate * saved uid is set to the new effective uid."
3647c478bd9Sstevel@tonic-gate */
3657c478bd9Sstevel@tonic-gate if (ruid != -1 ||
3667c478bd9Sstevel@tonic-gate (euid != -1 && newcr->cr_uid != newcr->cr_ruid))
3677c478bd9Sstevel@tonic-gate newcr->cr_suid = newcr->cr_uid;
3687c478bd9Sstevel@tonic-gate /*
3697c478bd9Sstevel@tonic-gate * A process that gives up its privilege
3707c478bd9Sstevel@tonic-gate * must be marked to produce no core dump.
3717c478bd9Sstevel@tonic-gate */
3727c478bd9Sstevel@tonic-gate if ((cr->cr_uid != newcr->cr_uid ||
3737c478bd9Sstevel@tonic-gate cr->cr_ruid != newcr->cr_ruid ||
3747c478bd9Sstevel@tonic-gate cr->cr_suid != newcr->cr_suid))
3757c478bd9Sstevel@tonic-gate do_nocd = 1;
3767c478bd9Sstevel@tonic-gate
377982b4ad2SCasper H.S. Dik priv_reset_PA(newcr, ruid != -1 && euid != -1 && ruid == euid);
3787c478bd9Sstevel@tonic-gate crfree(cr);
3797c478bd9Sstevel@tonic-gate }
3807c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock);
3817c478bd9Sstevel@tonic-gate
3827c478bd9Sstevel@tonic-gate /*
3837c478bd9Sstevel@tonic-gate * We decrement the number of processes associated with the oldruid
3847c478bd9Sstevel@tonic-gate * to match the increment above, even if the ruid of the process
3857c478bd9Sstevel@tonic-gate * did not change or an error occurred (oldruid == uid).
3867c478bd9Sstevel@tonic-gate */
3877c478bd9Sstevel@tonic-gate if (uidchge) {
3887c478bd9Sstevel@tonic-gate ASSERT(oldruid != -1 && ruid != -1);
3897c478bd9Sstevel@tonic-gate mutex_enter(&pidlock);
3907c478bd9Sstevel@tonic-gate upcount_dec(oldruid, zoneid);
3917c478bd9Sstevel@tonic-gate mutex_exit(&pidlock);
3927c478bd9Sstevel@tonic-gate }
3937c478bd9Sstevel@tonic-gate
3947c478bd9Sstevel@tonic-gate if (error == 0) {
3957c478bd9Sstevel@tonic-gate if (do_nocd) {
3967c478bd9Sstevel@tonic-gate mutex_enter(&p->p_lock);
3977c478bd9Sstevel@tonic-gate p->p_flag |= SNOCD;
3987c478bd9Sstevel@tonic-gate mutex_exit(&p->p_lock);
3997c478bd9Sstevel@tonic-gate }
4007c478bd9Sstevel@tonic-gate crset(p, newcr); /* broadcast to process threads */
4017c478bd9Sstevel@tonic-gate return (0);
4027c478bd9Sstevel@tonic-gate }
4037c478bd9Sstevel@tonic-gate crfree(newcr);
404f48205beScasper if (ksp != NULL)
405f48205beScasper ksid_rele(ksp);
4067c478bd9Sstevel@tonic-gate return (set_errno(error));
4077c478bd9Sstevel@tonic-gate }
408