xref: /titanic_50/usr/src/uts/common/syscall/sidsys.c (revision bda89588bd7667394a834e8a9a34612cce2ae9c3) 
1f48205beScasper /*
2f48205beScasper  * CDDL HEADER START
3f48205beScasper  *
4f48205beScasper  * The contents of this file are subject to the terms of the
5f48205beScasper  * Common Development and Distribution License (the "License").
6f48205beScasper  * You may not use this file except in compliance with the License.
7f48205beScasper  *
8f48205beScasper  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9f48205beScasper  * or http://www.opensolaris.org/os/licensing.
10f48205beScasper  * See the License for the specific language governing permissions
11f48205beScasper  * and limitations under the License.
12f48205beScasper  *
13f48205beScasper  * When distributing Covered Code, include this CDDL HEADER in each
14f48205beScasper  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15f48205beScasper  * If applicable, add the following below this CDDL HEADER, with the
16f48205beScasper  * fields enclosed by brackets "[]" replaced with your own identifying
17f48205beScasper  * information: Portions Copyright [yyyy] [name of copyright owner]
18f48205beScasper  *
19f48205beScasper  * CDDL HEADER END
20f48205beScasper  */
21f48205beScasper 
22f48205beScasper /*
23*bda89588Sjp151216  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24f48205beScasper  * Use is subject to license terms.
25f48205beScasper  */
26f48205beScasper 
27f48205beScasper #pragma ident	"%Z%%M%	%I%	%E% SMI"
28f48205beScasper 
29f48205beScasper /*
30f48205beScasper  * SID system call.
31f48205beScasper  */
32f48205beScasper 
33f48205beScasper #include <sys/sid.h>
34f48205beScasper #include <sys/cred.h>
35f48205beScasper #include <sys/errno.h>
36f48205beScasper #include <sys/systm.h>
37f48205beScasper #include <sys/policy.h>
38f48205beScasper #include <sys/door.h>
39c5c4113dSnw141292 #include <sys/kidmap.h>
40c5c4113dSnw141292 #include <sys/proc.h>
41f48205beScasper 
42c5c4113dSnw141292 static uint64_t
43c5c4113dSnw141292 allocids(int flag, int nuids, int ngids)
44f48205beScasper {
45c5c4113dSnw141292 	rval_t r;
46c5c4113dSnw141292 	uid_t su = 0;
47c5c4113dSnw141292 	gid_t sg = 0;
48c5c4113dSnw141292 	struct door_info di;
49c5c4113dSnw141292 	door_handle_t dh;
50c5c4113dSnw141292 	int err;
51*bda89588Sjp151216 	zone_t *zone = crgetzone(CRED());
52f48205beScasper 
53*bda89588Sjp151216 	dh = idmap_get_door(zone);
54f48205beScasper 
55*bda89588Sjp151216 	if (dh == NULL)
56c5c4113dSnw141292 		return (set_errno(EPERM));
57f48205beScasper 
58*bda89588Sjp151216 	if ((err = door_ki_info(dh, &di)) != 0) {
59*bda89588Sjp151216 		door_ki_rele(dh);
60c5c4113dSnw141292 		return (set_errno(err));
61*bda89588Sjp151216 	}
62*bda89588Sjp151216 
63*bda89588Sjp151216 	door_ki_rele(dh);
64f48205beScasper 
65c5c4113dSnw141292 	if (curproc->p_pid != di.di_target)
66c5c4113dSnw141292 		return (set_errno(EPERM));
67f48205beScasper 
68*bda89588Sjp151216 	if (flag)
69*bda89588Sjp151216 		idmap_purge_cache(zone);
70f48205beScasper 
71c5c4113dSnw141292 	if (nuids < 0 || ngids < 0)
72c5c4113dSnw141292 		return (set_errno(EINVAL));
73f48205beScasper 
74c5c4113dSnw141292 	if (flag != 0 || nuids > 0)
75*bda89588Sjp151216 		err = eph_uid_alloc(zone, flag, &su, nuids);
76c5c4113dSnw141292 	if (err == 0 && (flag != 0 || ngids > 0))
77*bda89588Sjp151216 		err = eph_gid_alloc(zone, flag, &sg, ngids);
78f48205beScasper 
79c5c4113dSnw141292 	if (err != 0)
80c5c4113dSnw141292 		return (set_errno(EOVERFLOW));
81f48205beScasper 
82c5c4113dSnw141292 	r.r_val1 = su;
83c5c4113dSnw141292 	r.r_val2 = sg;
84c5c4113dSnw141292 	return (r.r_vals);
85f48205beScasper }
86f48205beScasper 
87f48205beScasper static int
88f48205beScasper idmap_reg(int did)
89f48205beScasper {
90f48205beScasper 	door_handle_t dh;
91f48205beScasper 	int err;
92*bda89588Sjp151216 	cred_t *cr = CRED();
93f48205beScasper 
94*bda89588Sjp151216 	if ((err = secpolicy_idmap(cr)) != 0)
95f48205beScasper 		return (set_errno(err));
96f48205beScasper 
97f48205beScasper 	dh = door_ki_lookup(did);
98f48205beScasper 
99f48205beScasper 	if (dh == NULL)
100f48205beScasper 		return (set_errno(EBADF));
101f48205beScasper 
102*bda89588Sjp151216 	if ((err = idmap_reg_dh(crgetzone(cr), dh)) != 0)
103*bda89588Sjp151216 		return (set_errno(err));
104f48205beScasper 
105*bda89588Sjp151216 	return (0);
106f48205beScasper }
107f48205beScasper 
108f48205beScasper static int
109f48205beScasper idmap_unreg(int did)
110f48205beScasper {
111f48205beScasper 	door_handle_t dh = door_ki_lookup(did);
112f48205beScasper 	int res;
113*bda89588Sjp151216 	zone_t *zone;
114f48205beScasper 
115f48205beScasper 	if (dh == NULL)
116f48205beScasper 		return (set_errno(EINVAL));
117f48205beScasper 
118*bda89588Sjp151216 	zone = crgetzone(CRED());
119*bda89588Sjp151216 	res = idmap_unreg_dh(zone, dh);
120f48205beScasper 	door_ki_rele(dh);
121f48205beScasper 
122f48205beScasper 	if (res != 0)
123f48205beScasper 		return (set_errno(res));
124f48205beScasper 	return (0);
125f48205beScasper }
126f48205beScasper 
127f48205beScasper uint64_t
128f48205beScasper sidsys(int op, int flag, int nuids, int ngids)
129f48205beScasper {
130f48205beScasper 	switch (op) {
131f48205beScasper 	case SIDSYS_ALLOC_IDS:
132f48205beScasper 		return (allocids(flag, nuids, ngids));
133f48205beScasper 	case SIDSYS_IDMAP_REG:
134f48205beScasper 		return (idmap_reg(flag));
135f48205beScasper 	case SIDSYS_IDMAP_UNREG:
136f48205beScasper 		return (idmap_unreg(flag));
137f48205beScasper 	default:
138f48205beScasper 		return (set_errno(EINVAL));
139f48205beScasper 	}
140f48205beScasper }
141