17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 545916cd2Sjpk * Common Development and Distribution License (the "License"). 645916cd2Sjpk * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22f48205beScasper * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 277c478bd9Sstevel@tonic-gate /* All Rights Reserved */ 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate /* 307c478bd9Sstevel@tonic-gate * University Copyright- Copyright (c) 1982, 1986, 1988 317c478bd9Sstevel@tonic-gate * The Regents of the University of California 327c478bd9Sstevel@tonic-gate * All Rights Reserved 337c478bd9Sstevel@tonic-gate * 347c478bd9Sstevel@tonic-gate * University Acknowledgment- Portions of this document are derived from 357c478bd9Sstevel@tonic-gate * software developed by the University of California, Berkeley, and its 367c478bd9Sstevel@tonic-gate * contributors. 377c478bd9Sstevel@tonic-gate */ 387c478bd9Sstevel@tonic-gate 397c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 407c478bd9Sstevel@tonic-gate 417c478bd9Sstevel@tonic-gate #include <sys/types.h> 427c478bd9Sstevel@tonic-gate #include <sys/sysmacros.h> 437c478bd9Sstevel@tonic-gate #include <sys/param.h> 447c478bd9Sstevel@tonic-gate #include <sys/systm.h> 457c478bd9Sstevel@tonic-gate #include <sys/cred_impl.h> 467c478bd9Sstevel@tonic-gate #include <sys/policy.h> 477c478bd9Sstevel@tonic-gate #include <sys/vnode.h> 487c478bd9Sstevel@tonic-gate #include <sys/errno.h> 497c478bd9Sstevel@tonic-gate #include <sys/kmem.h> 507c478bd9Sstevel@tonic-gate #include <sys/user.h> 517c478bd9Sstevel@tonic-gate #include <sys/proc.h> 527c478bd9Sstevel@tonic-gate #include <sys/syscall.h> 537c478bd9Sstevel@tonic-gate #include <sys/debug.h> 547c478bd9Sstevel@tonic-gate #include <sys/atomic.h> 557c478bd9Sstevel@tonic-gate #include <sys/ucred.h> 567c478bd9Sstevel@tonic-gate #include <sys/prsystm.h> 577c478bd9Sstevel@tonic-gate #include <sys/modctl.h> 58f48205beScasper #include <sys/avl.h> 597c478bd9Sstevel@tonic-gate #include <c2/audit.h> 607c478bd9Sstevel@tonic-gate #include <sys/zone.h> 6145916cd2Sjpk #include <sys/tsol/label.h> 62f48205beScasper #include <sys/sid.h> 63f48205beScasper 64f48205beScasper typedef struct ephidmap_data { 65f48205beScasper uid_t min_uid, last_uid; 66f48205beScasper gid_t min_gid, last_gid; 67f48205beScasper cred_t *nobody; 68f48205beScasper kmutex_t eph_lock; 69f48205beScasper } ephidmap_data_t; 707c478bd9Sstevel@tonic-gate 717c478bd9Sstevel@tonic-gate static struct kmem_cache *cred_cache; 727c478bd9Sstevel@tonic-gate static size_t crsize = 0; 737c478bd9Sstevel@tonic-gate static int audoff = 0; 747c478bd9Sstevel@tonic-gate uint32_t ucredsize; 757c478bd9Sstevel@tonic-gate cred_t *kcred; 7645916cd2Sjpk static cred_t *dummycr; 777c478bd9Sstevel@tonic-gate 787c478bd9Sstevel@tonic-gate int rstlink; /* link(2) restricted to files owned by user? */ 797c478bd9Sstevel@tonic-gate 807c478bd9Sstevel@tonic-gate static int get_c2audit_load(void); 817c478bd9Sstevel@tonic-gate 827c478bd9Sstevel@tonic-gate #define CR_AUINFO(c) (auditinfo_addr_t *)((audoff == 0) ? NULL : \ 837c478bd9Sstevel@tonic-gate ((char *)(c)) + audoff) 847c478bd9Sstevel@tonic-gate 8545916cd2Sjpk #define REMOTE_PEER_CRED(c) ((c)->cr_gid == -1) 867c478bd9Sstevel@tonic-gate 877c478bd9Sstevel@tonic-gate /* 88f48205beScasper * XXX: should be per-zone. 89f48205beScasper * Start with an invalid value for atomic increments. 90f48205beScasper */ 91f48205beScasper static ephidmap_data_t ephemeral_data = { 92f48205beScasper MAXUID, MAXUID, MAXUID, MAXUID 93f48205beScasper }; 94f48205beScasper 95f48205beScasper static boolean_t hasephids = B_FALSE; 96f48205beScasper 97f48205beScasper /* 987c478bd9Sstevel@tonic-gate * Initialize credentials data structures. 997c478bd9Sstevel@tonic-gate */ 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate void 1027c478bd9Sstevel@tonic-gate cred_init(void) 1037c478bd9Sstevel@tonic-gate { 1047c478bd9Sstevel@tonic-gate priv_init(); 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate crsize = sizeof (cred_t) + sizeof (gid_t) * (ngroups_max - 1); 1077c478bd9Sstevel@tonic-gate /* 1087c478bd9Sstevel@tonic-gate * Make sure it's word-aligned. 1097c478bd9Sstevel@tonic-gate */ 1107c478bd9Sstevel@tonic-gate crsize = (crsize + sizeof (int) - 1) & ~(sizeof (int) - 1); 1117c478bd9Sstevel@tonic-gate 1127c478bd9Sstevel@tonic-gate if (get_c2audit_load() > 0) { 1137c478bd9Sstevel@tonic-gate #ifdef _LP64 1147c478bd9Sstevel@tonic-gate /* assure audit context is 64-bit aligned */ 1157c478bd9Sstevel@tonic-gate audoff = (crsize + 1167c478bd9Sstevel@tonic-gate sizeof (int64_t) - 1) & ~(sizeof (int64_t) - 1); 1177c478bd9Sstevel@tonic-gate #else /* _LP64 */ 1187c478bd9Sstevel@tonic-gate audoff = crsize; 1197c478bd9Sstevel@tonic-gate #endif /* _LP64 */ 1207c478bd9Sstevel@tonic-gate crsize = audoff + sizeof (auditinfo_addr_t); 1217c478bd9Sstevel@tonic-gate crsize = (crsize + sizeof (int) - 1) & ~(sizeof (int) - 1); 1227c478bd9Sstevel@tonic-gate } 1237c478bd9Sstevel@tonic-gate 1247c478bd9Sstevel@tonic-gate cred_cache = kmem_cache_create("cred_cache", crsize, 0, 1257c478bd9Sstevel@tonic-gate NULL, NULL, NULL, NULL, NULL, 0); 1267c478bd9Sstevel@tonic-gate 1277c478bd9Sstevel@tonic-gate /* 12845916cd2Sjpk * dummycr is used to copy initial state for creds. 12945916cd2Sjpk */ 13045916cd2Sjpk dummycr = cralloc(); 13145916cd2Sjpk bzero(dummycr, crsize); 13245916cd2Sjpk dummycr->cr_ref = 1; 133f48205beScasper dummycr->cr_uid = (uid_t)-1; 134f48205beScasper dummycr->cr_gid = (gid_t)-1; 135f48205beScasper dummycr->cr_ruid = (uid_t)-1; 136f48205beScasper dummycr->cr_rgid = (gid_t)-1; 137f48205beScasper dummycr->cr_suid = (uid_t)-1; 138f48205beScasper dummycr->cr_sgid = (gid_t)-1; 139f48205beScasper 14045916cd2Sjpk 14145916cd2Sjpk /* 1427c478bd9Sstevel@tonic-gate * kcred is used by anything that needs all privileges; it's 1437c478bd9Sstevel@tonic-gate * also the template used for crget as it has all the compatible 1447c478bd9Sstevel@tonic-gate * sets filled in. 1457c478bd9Sstevel@tonic-gate */ 1467c478bd9Sstevel@tonic-gate kcred = cralloc(); 1477c478bd9Sstevel@tonic-gate 1487c478bd9Sstevel@tonic-gate bzero(kcred, crsize); 1497c478bd9Sstevel@tonic-gate kcred->cr_ref = 1; 1507c478bd9Sstevel@tonic-gate 1517c478bd9Sstevel@tonic-gate /* kcred is never freed, so we don't need zone_cred_hold here */ 1527c478bd9Sstevel@tonic-gate kcred->cr_zone = &zone0; 1537c478bd9Sstevel@tonic-gate 1547c478bd9Sstevel@tonic-gate priv_fillset(&CR_LPRIV(kcred)); 1557c478bd9Sstevel@tonic-gate CR_IPRIV(kcred) = *priv_basic; 1567c478bd9Sstevel@tonic-gate 1577c478bd9Sstevel@tonic-gate /* Not a basic privilege, if chown is not restricted add it to I0 */ 1587c478bd9Sstevel@tonic-gate if (!rstchown) 1597c478bd9Sstevel@tonic-gate priv_addset(&CR_IPRIV(kcred), PRIV_FILE_CHOWN_SELF); 1607c478bd9Sstevel@tonic-gate 1617c478bd9Sstevel@tonic-gate /* Basic privilege, if link is restricted remove it from I0 */ 1627c478bd9Sstevel@tonic-gate if (rstlink) 1637c478bd9Sstevel@tonic-gate priv_delset(&CR_IPRIV(kcred), PRIV_FILE_LINK_ANY); 1647c478bd9Sstevel@tonic-gate 1657c478bd9Sstevel@tonic-gate CR_EPRIV(kcred) = CR_PPRIV(kcred) = CR_IPRIV(kcred); 16645916cd2Sjpk 16745916cd2Sjpk CR_FLAGS(kcred) = NET_MAC_AWARE; 1687c478bd9Sstevel@tonic-gate 1697c478bd9Sstevel@tonic-gate /* 1707c478bd9Sstevel@tonic-gate * Set up credentials of p0. 1717c478bd9Sstevel@tonic-gate */ 1727c478bd9Sstevel@tonic-gate ttoproc(curthread)->p_cred = kcred; 1737c478bd9Sstevel@tonic-gate curthread->t_cred = kcred; 1747c478bd9Sstevel@tonic-gate 175f48205beScasper /* 176f48205beScasper * nobody is used to map SID containing CRs. 177f48205beScasper */ 178f48205beScasper ephemeral_data.nobody = crdup(kcred); 179f48205beScasper (void) crsetugid(ephemeral_data.nobody, UID_NOBODY, GID_NOBODY); 180f48205beScasper CR_FLAGS(kcred) = 0; 181f48205beScasper 1827c478bd9Sstevel@tonic-gate ucredsize = UCRED_SIZE; 1837c478bd9Sstevel@tonic-gate } 1847c478bd9Sstevel@tonic-gate 1857c478bd9Sstevel@tonic-gate /* 1867c478bd9Sstevel@tonic-gate * Allocate (nearly) uninitialized cred_t. 1877c478bd9Sstevel@tonic-gate */ 1887c478bd9Sstevel@tonic-gate cred_t * 1897c478bd9Sstevel@tonic-gate cralloc(void) 1907c478bd9Sstevel@tonic-gate { 1917c478bd9Sstevel@tonic-gate cred_t *cr = kmem_cache_alloc(cred_cache, KM_SLEEP); 1927c478bd9Sstevel@tonic-gate cr->cr_ref = 1; /* So we can crfree() */ 1937c478bd9Sstevel@tonic-gate cr->cr_zone = NULL; 19445916cd2Sjpk cr->cr_label = NULL; 195f48205beScasper cr->cr_ksid = NULL; 196f48205beScasper return (cr); 197f48205beScasper } 198f48205beScasper 199f48205beScasper /* 200f48205beScasper * As cralloc but prepared for ksid change (if appropriate). 201f48205beScasper */ 202f48205beScasper cred_t * 203f48205beScasper cralloc_ksid(void) 204f48205beScasper { 205f48205beScasper cred_t *cr = cralloc(); 206f48205beScasper if (hasephids) 207f48205beScasper cr->cr_ksid = kcrsid_alloc(); 2087c478bd9Sstevel@tonic-gate return (cr); 2097c478bd9Sstevel@tonic-gate } 2107c478bd9Sstevel@tonic-gate 2117c478bd9Sstevel@tonic-gate /* 2127c478bd9Sstevel@tonic-gate * Allocate a initialized cred structure and crhold() it. 2137c478bd9Sstevel@tonic-gate * Initialized means: all ids 0, group count 0, L=Full, E=P=I=I0 2147c478bd9Sstevel@tonic-gate */ 2157c478bd9Sstevel@tonic-gate cred_t * 2167c478bd9Sstevel@tonic-gate crget(void) 2177c478bd9Sstevel@tonic-gate { 2187c478bd9Sstevel@tonic-gate cred_t *cr = kmem_cache_alloc(cred_cache, KM_SLEEP); 2197c478bd9Sstevel@tonic-gate 2207c478bd9Sstevel@tonic-gate bcopy(kcred, cr, crsize); 2217c478bd9Sstevel@tonic-gate cr->cr_ref = 1; 2227c478bd9Sstevel@tonic-gate zone_cred_hold(cr->cr_zone); 22345916cd2Sjpk if (cr->cr_label) 22445916cd2Sjpk label_hold(cr->cr_label); 2257c478bd9Sstevel@tonic-gate return (cr); 2267c478bd9Sstevel@tonic-gate } 2277c478bd9Sstevel@tonic-gate 2287c478bd9Sstevel@tonic-gate /* 2297c478bd9Sstevel@tonic-gate * Broadcast the cred to all the threads in the process. 2307c478bd9Sstevel@tonic-gate * The current thread's credentials can be set right away, but other 2317c478bd9Sstevel@tonic-gate * threads must wait until the start of the next system call or trap. 2327c478bd9Sstevel@tonic-gate * This avoids changing the cred in the middle of a system call. 2337c478bd9Sstevel@tonic-gate * 2347c478bd9Sstevel@tonic-gate * The cred has already been held for the process and the thread (2 holds), 2357c478bd9Sstevel@tonic-gate * and p->p_cred set. 2367c478bd9Sstevel@tonic-gate * 2377c478bd9Sstevel@tonic-gate * p->p_crlock shouldn't be held here, since p_lock must be acquired. 2387c478bd9Sstevel@tonic-gate */ 2397c478bd9Sstevel@tonic-gate void 2407c478bd9Sstevel@tonic-gate crset(proc_t *p, cred_t *cr) 2417c478bd9Sstevel@tonic-gate { 2427c478bd9Sstevel@tonic-gate kthread_id_t t; 2437c478bd9Sstevel@tonic-gate kthread_id_t first; 2447c478bd9Sstevel@tonic-gate cred_t *oldcr; 2457c478bd9Sstevel@tonic-gate 2467c478bd9Sstevel@tonic-gate ASSERT(p == curproc); /* assumes p_lwpcnt can't change */ 2477c478bd9Sstevel@tonic-gate 2487c478bd9Sstevel@tonic-gate /* 2497c478bd9Sstevel@tonic-gate * DTrace accesses t_cred in probe context. t_cred must always be 2507c478bd9Sstevel@tonic-gate * either NULL, or point to a valid, allocated cred structure. 2517c478bd9Sstevel@tonic-gate */ 2527c478bd9Sstevel@tonic-gate t = curthread; 2537c478bd9Sstevel@tonic-gate oldcr = t->t_cred; 2547c478bd9Sstevel@tonic-gate t->t_cred = cr; /* the cred is held by caller for this thread */ 2557c478bd9Sstevel@tonic-gate crfree(oldcr); /* free the old cred for the thread */ 2567c478bd9Sstevel@tonic-gate 2577c478bd9Sstevel@tonic-gate /* 2587c478bd9Sstevel@tonic-gate * Broadcast to other threads, if any. 2597c478bd9Sstevel@tonic-gate */ 2607c478bd9Sstevel@tonic-gate if (p->p_lwpcnt > 1) { 2617c478bd9Sstevel@tonic-gate mutex_enter(&p->p_lock); /* to keep thread list safe */ 2627c478bd9Sstevel@tonic-gate first = curthread; 2637c478bd9Sstevel@tonic-gate for (t = first->t_forw; t != first; t = t->t_forw) 2647c478bd9Sstevel@tonic-gate t->t_pre_sys = 1; /* so syscall will get new cred */ 2657c478bd9Sstevel@tonic-gate mutex_exit(&p->p_lock); 2667c478bd9Sstevel@tonic-gate } 2677c478bd9Sstevel@tonic-gate } 2687c478bd9Sstevel@tonic-gate 2697c478bd9Sstevel@tonic-gate /* 2707c478bd9Sstevel@tonic-gate * Put a hold on a cred structure. 2717c478bd9Sstevel@tonic-gate */ 2727c478bd9Sstevel@tonic-gate void 2737c478bd9Sstevel@tonic-gate crhold(cred_t *cr) 2747c478bd9Sstevel@tonic-gate { 2757c478bd9Sstevel@tonic-gate atomic_add_32(&cr->cr_ref, 1); 2767c478bd9Sstevel@tonic-gate } 2777c478bd9Sstevel@tonic-gate 2787c478bd9Sstevel@tonic-gate /* 2797c478bd9Sstevel@tonic-gate * Release previous hold on a cred structure. Free it if refcnt == 0. 28045916cd2Sjpk * If cred uses label different from zone label, free it. 2817c478bd9Sstevel@tonic-gate */ 2827c478bd9Sstevel@tonic-gate void 2837c478bd9Sstevel@tonic-gate crfree(cred_t *cr) 2847c478bd9Sstevel@tonic-gate { 2857c478bd9Sstevel@tonic-gate if (atomic_add_32_nv(&cr->cr_ref, -1) == 0) { 2867c478bd9Sstevel@tonic-gate ASSERT(cr != kcred); 28745916cd2Sjpk if (cr->cr_label) 28845916cd2Sjpk label_rele(cr->cr_label); 2897c478bd9Sstevel@tonic-gate if (cr->cr_zone) 2907c478bd9Sstevel@tonic-gate zone_cred_rele(cr->cr_zone); 291f48205beScasper if (cr->cr_ksid) 292f48205beScasper kcrsid_rele(cr->cr_ksid); 2937c478bd9Sstevel@tonic-gate kmem_cache_free(cred_cache, cr); 2947c478bd9Sstevel@tonic-gate } 2957c478bd9Sstevel@tonic-gate } 2967c478bd9Sstevel@tonic-gate 2977c478bd9Sstevel@tonic-gate /* 2987c478bd9Sstevel@tonic-gate * Copy a cred structure to a new one and free the old one. 2997c478bd9Sstevel@tonic-gate * The new cred will have two references. One for the calling process, 3007c478bd9Sstevel@tonic-gate * and one for the thread. 3017c478bd9Sstevel@tonic-gate */ 3027c478bd9Sstevel@tonic-gate cred_t * 3037c478bd9Sstevel@tonic-gate crcopy(cred_t *cr) 3047c478bd9Sstevel@tonic-gate { 3057c478bd9Sstevel@tonic-gate cred_t *newcr; 3067c478bd9Sstevel@tonic-gate 3077c478bd9Sstevel@tonic-gate newcr = cralloc(); 3087c478bd9Sstevel@tonic-gate bcopy(cr, newcr, crsize); 3097c478bd9Sstevel@tonic-gate if (newcr->cr_zone) 3107c478bd9Sstevel@tonic-gate zone_cred_hold(newcr->cr_zone); 31145916cd2Sjpk if (newcr->cr_label) 31245916cd2Sjpk label_hold(cr->cr_label); 313f48205beScasper if (newcr->cr_ksid) 314f48205beScasper kcrsid_hold(cr->cr_ksid); 3157c478bd9Sstevel@tonic-gate crfree(cr); 3167c478bd9Sstevel@tonic-gate newcr->cr_ref = 2; /* caller gets two references */ 3177c478bd9Sstevel@tonic-gate return (newcr); 3187c478bd9Sstevel@tonic-gate } 3197c478bd9Sstevel@tonic-gate 3207c478bd9Sstevel@tonic-gate /* 3217c478bd9Sstevel@tonic-gate * Copy a cred structure to a new one and free the old one. 3227c478bd9Sstevel@tonic-gate * The new cred will have two references. One for the calling process, 3237c478bd9Sstevel@tonic-gate * and one for the thread. 3247c478bd9Sstevel@tonic-gate * This variation on crcopy uses a pre-allocated structure for the 3257c478bd9Sstevel@tonic-gate * "new" cred. 3267c478bd9Sstevel@tonic-gate */ 3277c478bd9Sstevel@tonic-gate void 3287c478bd9Sstevel@tonic-gate crcopy_to(cred_t *oldcr, cred_t *newcr) 3297c478bd9Sstevel@tonic-gate { 330f48205beScasper credsid_t *nkcr = newcr->cr_ksid; 331f48205beScasper 3327c478bd9Sstevel@tonic-gate bcopy(oldcr, newcr, crsize); 3337c478bd9Sstevel@tonic-gate if (newcr->cr_zone) 3347c478bd9Sstevel@tonic-gate zone_cred_hold(newcr->cr_zone); 33545916cd2Sjpk if (newcr->cr_label) 33645916cd2Sjpk label_hold(newcr->cr_label); 337f48205beScasper if (nkcr) { 338f48205beScasper newcr->cr_ksid = nkcr; 339f48205beScasper kcrsidcopy_to(oldcr->cr_ksid, newcr->cr_ksid); 340f48205beScasper } else if (newcr->cr_ksid) 341f48205beScasper kcrsid_hold(newcr->cr_ksid); 3427c478bd9Sstevel@tonic-gate crfree(oldcr); 3437c478bd9Sstevel@tonic-gate newcr->cr_ref = 2; /* caller gets two references */ 3447c478bd9Sstevel@tonic-gate } 3457c478bd9Sstevel@tonic-gate 3467c478bd9Sstevel@tonic-gate /* 3477c478bd9Sstevel@tonic-gate * Dup a cred struct to a new held one. 3487c478bd9Sstevel@tonic-gate * The old cred is not freed. 3497c478bd9Sstevel@tonic-gate */ 3507c478bd9Sstevel@tonic-gate cred_t * 3517c478bd9Sstevel@tonic-gate crdup(cred_t *cr) 3527c478bd9Sstevel@tonic-gate { 3537c478bd9Sstevel@tonic-gate cred_t *newcr; 3547c478bd9Sstevel@tonic-gate 3557c478bd9Sstevel@tonic-gate newcr = cralloc(); 3567c478bd9Sstevel@tonic-gate bcopy(cr, newcr, crsize); 3577c478bd9Sstevel@tonic-gate if (newcr->cr_zone) 3587c478bd9Sstevel@tonic-gate zone_cred_hold(newcr->cr_zone); 35945916cd2Sjpk if (newcr->cr_label) 36045916cd2Sjpk label_hold(newcr->cr_label); 361f48205beScasper if (newcr->cr_ksid) 362f48205beScasper kcrsid_hold(newcr->cr_ksid); 3637c478bd9Sstevel@tonic-gate newcr->cr_ref = 1; 3647c478bd9Sstevel@tonic-gate return (newcr); 3657c478bd9Sstevel@tonic-gate } 3667c478bd9Sstevel@tonic-gate 3677c478bd9Sstevel@tonic-gate /* 3687c478bd9Sstevel@tonic-gate * Dup a cred struct to a new held one. 3697c478bd9Sstevel@tonic-gate * The old cred is not freed. 3707c478bd9Sstevel@tonic-gate * This variation on crdup uses a pre-allocated structure for the 3717c478bd9Sstevel@tonic-gate * "new" cred. 3727c478bd9Sstevel@tonic-gate */ 3737c478bd9Sstevel@tonic-gate void 3747c478bd9Sstevel@tonic-gate crdup_to(cred_t *oldcr, cred_t *newcr) 3757c478bd9Sstevel@tonic-gate { 376f48205beScasper credsid_t *nkcr = newcr->cr_ksid; 377f48205beScasper 3787c478bd9Sstevel@tonic-gate bcopy(oldcr, newcr, crsize); 3797c478bd9Sstevel@tonic-gate if (newcr->cr_zone) 3807c478bd9Sstevel@tonic-gate zone_cred_hold(newcr->cr_zone); 38145916cd2Sjpk if (newcr->cr_label) 38245916cd2Sjpk label_hold(newcr->cr_label); 383f48205beScasper if (nkcr) { 384f48205beScasper newcr->cr_ksid = nkcr; 385f48205beScasper kcrsidcopy_to(oldcr->cr_ksid, newcr->cr_ksid); 386f48205beScasper } else if (newcr->cr_ksid) 387f48205beScasper kcrsid_hold(newcr->cr_ksid); 3887c478bd9Sstevel@tonic-gate newcr->cr_ref = 1; 3897c478bd9Sstevel@tonic-gate } 3907c478bd9Sstevel@tonic-gate 3917c478bd9Sstevel@tonic-gate /* 3927c478bd9Sstevel@tonic-gate * Return the (held) credentials for the current running process. 3937c478bd9Sstevel@tonic-gate */ 3947c478bd9Sstevel@tonic-gate cred_t * 39545916cd2Sjpk crgetcred(void) 3967c478bd9Sstevel@tonic-gate { 3977c478bd9Sstevel@tonic-gate cred_t *cr; 3987c478bd9Sstevel@tonic-gate proc_t *p; 3997c478bd9Sstevel@tonic-gate 4007c478bd9Sstevel@tonic-gate p = ttoproc(curthread); 4017c478bd9Sstevel@tonic-gate mutex_enter(&p->p_crlock); 4027c478bd9Sstevel@tonic-gate crhold(cr = p->p_cred); 4037c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock); 4047c478bd9Sstevel@tonic-gate return (cr); 4057c478bd9Sstevel@tonic-gate } 4067c478bd9Sstevel@tonic-gate 4077c478bd9Sstevel@tonic-gate /* 4087c478bd9Sstevel@tonic-gate * Backward compatibility check for suser(). 4097c478bd9Sstevel@tonic-gate * Accounting flag is now set in the policy functions; auditing is 4107c478bd9Sstevel@tonic-gate * done through use of privilege in the audit trail. 4117c478bd9Sstevel@tonic-gate */ 4127c478bd9Sstevel@tonic-gate int 4137c478bd9Sstevel@tonic-gate suser(cred_t *cr) 4147c478bd9Sstevel@tonic-gate { 4157c478bd9Sstevel@tonic-gate return (PRIV_POLICY(cr, PRIV_SYS_SUSER_COMPAT, B_FALSE, EPERM, NULL) 4167c478bd9Sstevel@tonic-gate == 0); 4177c478bd9Sstevel@tonic-gate } 4187c478bd9Sstevel@tonic-gate 4197c478bd9Sstevel@tonic-gate /* 4207c478bd9Sstevel@tonic-gate * Determine whether the supplied group id is a member of the group 4217c478bd9Sstevel@tonic-gate * described by the supplied credentials. 4227c478bd9Sstevel@tonic-gate */ 4237c478bd9Sstevel@tonic-gate int 4247c478bd9Sstevel@tonic-gate groupmember(gid_t gid, const cred_t *cr) 4257c478bd9Sstevel@tonic-gate { 4267c478bd9Sstevel@tonic-gate if (gid == cr->cr_gid) 4277c478bd9Sstevel@tonic-gate return (1); 4287c478bd9Sstevel@tonic-gate return (supgroupmember(gid, cr)); 4297c478bd9Sstevel@tonic-gate } 4307c478bd9Sstevel@tonic-gate 4317c478bd9Sstevel@tonic-gate /* 4327c478bd9Sstevel@tonic-gate * As groupmember but only check against the supplemental groups. 4337c478bd9Sstevel@tonic-gate */ 4347c478bd9Sstevel@tonic-gate int 4357c478bd9Sstevel@tonic-gate supgroupmember(gid_t gid, const cred_t *cr) 4367c478bd9Sstevel@tonic-gate { 4377c478bd9Sstevel@tonic-gate const gid_t *gp, *endgp; 4387c478bd9Sstevel@tonic-gate 4397c478bd9Sstevel@tonic-gate endgp = &cr->cr_groups[cr->cr_ngroups]; 4407c478bd9Sstevel@tonic-gate for (gp = cr->cr_groups; gp < endgp; gp++) 4417c478bd9Sstevel@tonic-gate if (*gp == gid) 4427c478bd9Sstevel@tonic-gate return (1); 4437c478bd9Sstevel@tonic-gate return (0); 4447c478bd9Sstevel@tonic-gate } 4457c478bd9Sstevel@tonic-gate 4467c478bd9Sstevel@tonic-gate /* 4477c478bd9Sstevel@tonic-gate * This function is called to check whether the credentials set 4487c478bd9Sstevel@tonic-gate * "scrp" has permission to act on credentials set "tcrp". It enforces the 4497c478bd9Sstevel@tonic-gate * permission requirements needed to send a signal to a process. 4507c478bd9Sstevel@tonic-gate * The same requirements are imposed by other system calls, however. 4517c478bd9Sstevel@tonic-gate * 4527c478bd9Sstevel@tonic-gate * The rules are: 4537c478bd9Sstevel@tonic-gate * (1) if the credentials are the same, the check succeeds 4547c478bd9Sstevel@tonic-gate * (2) if the zone ids don't match, and scrp is not in the global zone or 4557c478bd9Sstevel@tonic-gate * does not have the PRIV_PROC_ZONE privilege, the check fails 4567c478bd9Sstevel@tonic-gate * (3) if the real or effective user id of scrp matches the real or saved 4577c478bd9Sstevel@tonic-gate * user id of tcrp or scrp has the PRIV_PROC_OWNER privilege, the check 4587c478bd9Sstevel@tonic-gate * succeeds 4597c478bd9Sstevel@tonic-gate * (4) otherwise, the check fails 4607c478bd9Sstevel@tonic-gate */ 4617c478bd9Sstevel@tonic-gate int 4627c478bd9Sstevel@tonic-gate hasprocperm(const cred_t *tcrp, const cred_t *scrp) 4637c478bd9Sstevel@tonic-gate { 4647c478bd9Sstevel@tonic-gate if (scrp == tcrp) 4657c478bd9Sstevel@tonic-gate return (1); 4667c478bd9Sstevel@tonic-gate if (scrp->cr_zone != tcrp->cr_zone && 4677c478bd9Sstevel@tonic-gate (scrp->cr_zone != global_zone || 4687c478bd9Sstevel@tonic-gate secpolicy_proc_zone(scrp) != 0)) 4697c478bd9Sstevel@tonic-gate return (0); 4707c478bd9Sstevel@tonic-gate if (scrp->cr_uid == tcrp->cr_ruid || 4717c478bd9Sstevel@tonic-gate scrp->cr_ruid == tcrp->cr_ruid || 4727c478bd9Sstevel@tonic-gate scrp->cr_uid == tcrp->cr_suid || 4737c478bd9Sstevel@tonic-gate scrp->cr_ruid == tcrp->cr_suid || 4747c478bd9Sstevel@tonic-gate !PRIV_POLICY(scrp, PRIV_PROC_OWNER, B_FALSE, EPERM, "hasprocperm")) 4757c478bd9Sstevel@tonic-gate return (1); 4767c478bd9Sstevel@tonic-gate return (0); 4777c478bd9Sstevel@tonic-gate } 4787c478bd9Sstevel@tonic-gate 4797c478bd9Sstevel@tonic-gate /* 4807c478bd9Sstevel@tonic-gate * This interface replaces hasprocperm; it works like hasprocperm but 4817c478bd9Sstevel@tonic-gate * additionally returns success if the proc_t's match 4827c478bd9Sstevel@tonic-gate * It is the preferred interface for most uses. 4837c478bd9Sstevel@tonic-gate * And it will acquire pcrlock itself, so it assert's that it shouldn't 4847c478bd9Sstevel@tonic-gate * be held. 4857c478bd9Sstevel@tonic-gate */ 4867c478bd9Sstevel@tonic-gate int 4877c478bd9Sstevel@tonic-gate prochasprocperm(proc_t *tp, proc_t *sp, const cred_t *scrp) 4887c478bd9Sstevel@tonic-gate { 4897c478bd9Sstevel@tonic-gate int rets; 4907c478bd9Sstevel@tonic-gate cred_t *tcrp; 4917c478bd9Sstevel@tonic-gate 4927c478bd9Sstevel@tonic-gate ASSERT(MUTEX_NOT_HELD(&tp->p_crlock)); 4937c478bd9Sstevel@tonic-gate 4947c478bd9Sstevel@tonic-gate if (tp == sp) 4957c478bd9Sstevel@tonic-gate return (1); 4967c478bd9Sstevel@tonic-gate 4977c478bd9Sstevel@tonic-gate if (tp->p_sessp != sp->p_sessp && secpolicy_basic_proc(scrp) != 0) 4987c478bd9Sstevel@tonic-gate return (0); 4997c478bd9Sstevel@tonic-gate 5007c478bd9Sstevel@tonic-gate mutex_enter(&tp->p_crlock); 5017c478bd9Sstevel@tonic-gate tcrp = tp->p_cred; 5027c478bd9Sstevel@tonic-gate rets = hasprocperm(tcrp, scrp); 5037c478bd9Sstevel@tonic-gate mutex_exit(&tp->p_crlock); 5047c478bd9Sstevel@tonic-gate 5057c478bd9Sstevel@tonic-gate return (rets); 5067c478bd9Sstevel@tonic-gate } 5077c478bd9Sstevel@tonic-gate 5087c478bd9Sstevel@tonic-gate /* 5097c478bd9Sstevel@tonic-gate * This routine is used to compare two credentials to determine if 5107c478bd9Sstevel@tonic-gate * they refer to the same "user". If the pointers are equal, then 5117c478bd9Sstevel@tonic-gate * they must refer to the same user. Otherwise, the contents of 5127c478bd9Sstevel@tonic-gate * the credentials are compared to see whether they are equivalent. 5137c478bd9Sstevel@tonic-gate * 5147c478bd9Sstevel@tonic-gate * This routine returns 0 if the credentials refer to the same user, 5157c478bd9Sstevel@tonic-gate * 1 if they do not. 5167c478bd9Sstevel@tonic-gate */ 5177c478bd9Sstevel@tonic-gate int 5187c478bd9Sstevel@tonic-gate crcmp(const cred_t *cr1, const cred_t *cr2) 5197c478bd9Sstevel@tonic-gate { 5207c478bd9Sstevel@tonic-gate 5217c478bd9Sstevel@tonic-gate if (cr1 == cr2) 5227c478bd9Sstevel@tonic-gate return (0); 5237c478bd9Sstevel@tonic-gate 5247c478bd9Sstevel@tonic-gate if (cr1->cr_uid == cr2->cr_uid && 5257c478bd9Sstevel@tonic-gate cr1->cr_gid == cr2->cr_gid && 5267c478bd9Sstevel@tonic-gate cr1->cr_ruid == cr2->cr_ruid && 5277c478bd9Sstevel@tonic-gate cr1->cr_rgid == cr2->cr_rgid && 5287c478bd9Sstevel@tonic-gate cr1->cr_ngroups == cr2->cr_ngroups && 5297c478bd9Sstevel@tonic-gate cr1->cr_zone == cr2->cr_zone && 5307c478bd9Sstevel@tonic-gate bcmp(cr1->cr_groups, cr2->cr_groups, 5317c478bd9Sstevel@tonic-gate cr1->cr_ngroups * sizeof (gid_t)) == 0) { 5327c478bd9Sstevel@tonic-gate return (!priv_isequalset(&CR_OEPRIV(cr1), &CR_OEPRIV(cr2))); 5337c478bd9Sstevel@tonic-gate } 5347c478bd9Sstevel@tonic-gate return (1); 5357c478bd9Sstevel@tonic-gate } 5367c478bd9Sstevel@tonic-gate 5377c478bd9Sstevel@tonic-gate /* 5387c478bd9Sstevel@tonic-gate * Read access functions to cred_t. 5397c478bd9Sstevel@tonic-gate */ 5407c478bd9Sstevel@tonic-gate uid_t 5417c478bd9Sstevel@tonic-gate crgetuid(const cred_t *cr) 5427c478bd9Sstevel@tonic-gate { 5437c478bd9Sstevel@tonic-gate return (cr->cr_uid); 5447c478bd9Sstevel@tonic-gate } 5457c478bd9Sstevel@tonic-gate 5467c478bd9Sstevel@tonic-gate uid_t 5477c478bd9Sstevel@tonic-gate crgetruid(const cred_t *cr) 5487c478bd9Sstevel@tonic-gate { 5497c478bd9Sstevel@tonic-gate return (cr->cr_ruid); 5507c478bd9Sstevel@tonic-gate } 5517c478bd9Sstevel@tonic-gate 5527c478bd9Sstevel@tonic-gate uid_t 5537c478bd9Sstevel@tonic-gate crgetsuid(const cred_t *cr) 5547c478bd9Sstevel@tonic-gate { 5557c478bd9Sstevel@tonic-gate return (cr->cr_suid); 5567c478bd9Sstevel@tonic-gate } 5577c478bd9Sstevel@tonic-gate 5587c478bd9Sstevel@tonic-gate gid_t 5597c478bd9Sstevel@tonic-gate crgetgid(const cred_t *cr) 5607c478bd9Sstevel@tonic-gate { 5617c478bd9Sstevel@tonic-gate return (cr->cr_gid); 5627c478bd9Sstevel@tonic-gate } 5637c478bd9Sstevel@tonic-gate 5647c478bd9Sstevel@tonic-gate gid_t 5657c478bd9Sstevel@tonic-gate crgetrgid(const cred_t *cr) 5667c478bd9Sstevel@tonic-gate { 5677c478bd9Sstevel@tonic-gate return (cr->cr_rgid); 5687c478bd9Sstevel@tonic-gate } 5697c478bd9Sstevel@tonic-gate 5707c478bd9Sstevel@tonic-gate gid_t 5717c478bd9Sstevel@tonic-gate crgetsgid(const cred_t *cr) 5727c478bd9Sstevel@tonic-gate { 5737c478bd9Sstevel@tonic-gate return (cr->cr_sgid); 5747c478bd9Sstevel@tonic-gate } 5757c478bd9Sstevel@tonic-gate 5767c478bd9Sstevel@tonic-gate const auditinfo_addr_t * 5777c478bd9Sstevel@tonic-gate crgetauinfo(const cred_t *cr) 5787c478bd9Sstevel@tonic-gate { 5797c478bd9Sstevel@tonic-gate return ((const auditinfo_addr_t *)CR_AUINFO(cr)); 5807c478bd9Sstevel@tonic-gate } 5817c478bd9Sstevel@tonic-gate 5827c478bd9Sstevel@tonic-gate auditinfo_addr_t * 5837c478bd9Sstevel@tonic-gate crgetauinfo_modifiable(cred_t *cr) 5847c478bd9Sstevel@tonic-gate { 5857c478bd9Sstevel@tonic-gate return (CR_AUINFO(cr)); 5867c478bd9Sstevel@tonic-gate } 5877c478bd9Sstevel@tonic-gate 5887c478bd9Sstevel@tonic-gate zoneid_t 5897c478bd9Sstevel@tonic-gate crgetzoneid(const cred_t *cr) 5907c478bd9Sstevel@tonic-gate { 59145916cd2Sjpk return (cr->cr_zone == NULL ? 59245916cd2Sjpk (cr->cr_uid == -1 ? (zoneid_t)-1 : GLOBAL_ZONEID) : 59345916cd2Sjpk cr->cr_zone->zone_id); 5947c478bd9Sstevel@tonic-gate } 5957c478bd9Sstevel@tonic-gate 5967c478bd9Sstevel@tonic-gate projid_t 5977c478bd9Sstevel@tonic-gate crgetprojid(const cred_t *cr) 5987c478bd9Sstevel@tonic-gate { 5997c478bd9Sstevel@tonic-gate return (cr->cr_projid); 6007c478bd9Sstevel@tonic-gate } 6017c478bd9Sstevel@tonic-gate 60245916cd2Sjpk zone_t * 60345916cd2Sjpk crgetzone(const cred_t *cr) 60445916cd2Sjpk { 60545916cd2Sjpk return (cr->cr_zone); 60645916cd2Sjpk } 60745916cd2Sjpk 60845916cd2Sjpk struct ts_label_s * 60945916cd2Sjpk crgetlabel(const cred_t *cr) 61045916cd2Sjpk { 61145916cd2Sjpk return (cr->cr_label ? 61245916cd2Sjpk cr->cr_label : 61345916cd2Sjpk (cr->cr_zone ? cr->cr_zone->zone_slabel : NULL)); 61445916cd2Sjpk } 61545916cd2Sjpk 61645916cd2Sjpk boolean_t 61745916cd2Sjpk crisremote(const cred_t *cr) 61845916cd2Sjpk { 61945916cd2Sjpk return (REMOTE_PEER_CRED(cr)); 62045916cd2Sjpk } 62145916cd2Sjpk 622f48205beScasper #define BADUID(x) ((x) != -1 && !VALID_UID(x)) 623f48205beScasper #define BADGID(x) ((x) != -1 && !VALID_GID(x)) 6247c478bd9Sstevel@tonic-gate 6257c478bd9Sstevel@tonic-gate int 6267c478bd9Sstevel@tonic-gate crsetresuid(cred_t *cr, uid_t r, uid_t e, uid_t s) 6277c478bd9Sstevel@tonic-gate { 6287c478bd9Sstevel@tonic-gate ASSERT(cr->cr_ref <= 2); 6297c478bd9Sstevel@tonic-gate 630f48205beScasper if (BADUID(r) || BADUID(e) || BADUID(s)) 6317c478bd9Sstevel@tonic-gate return (-1); 6327c478bd9Sstevel@tonic-gate 6337c478bd9Sstevel@tonic-gate if (r != -1) 6347c478bd9Sstevel@tonic-gate cr->cr_ruid = r; 6357c478bd9Sstevel@tonic-gate if (e != -1) 6367c478bd9Sstevel@tonic-gate cr->cr_uid = e; 6377c478bd9Sstevel@tonic-gate if (s != -1) 6387c478bd9Sstevel@tonic-gate cr->cr_suid = s; 6397c478bd9Sstevel@tonic-gate 6407c478bd9Sstevel@tonic-gate return (0); 6417c478bd9Sstevel@tonic-gate } 6427c478bd9Sstevel@tonic-gate 6437c478bd9Sstevel@tonic-gate int 6447c478bd9Sstevel@tonic-gate crsetresgid(cred_t *cr, gid_t r, gid_t e, gid_t s) 6457c478bd9Sstevel@tonic-gate { 6467c478bd9Sstevel@tonic-gate ASSERT(cr->cr_ref <= 2); 6477c478bd9Sstevel@tonic-gate 648f48205beScasper if (BADGID(r) || BADGID(e) || BADGID(s)) 6497c478bd9Sstevel@tonic-gate return (-1); 6507c478bd9Sstevel@tonic-gate 6517c478bd9Sstevel@tonic-gate if (r != -1) 6527c478bd9Sstevel@tonic-gate cr->cr_rgid = r; 6537c478bd9Sstevel@tonic-gate if (e != -1) 6547c478bd9Sstevel@tonic-gate cr->cr_gid = e; 6557c478bd9Sstevel@tonic-gate if (s != -1) 6567c478bd9Sstevel@tonic-gate cr->cr_sgid = s; 6577c478bd9Sstevel@tonic-gate 6587c478bd9Sstevel@tonic-gate return (0); 6597c478bd9Sstevel@tonic-gate } 6607c478bd9Sstevel@tonic-gate 6617c478bd9Sstevel@tonic-gate int 6627c478bd9Sstevel@tonic-gate crsetugid(cred_t *cr, uid_t uid, gid_t gid) 6637c478bd9Sstevel@tonic-gate { 6647c478bd9Sstevel@tonic-gate ASSERT(cr->cr_ref <= 2); 6657c478bd9Sstevel@tonic-gate 666f48205beScasper if (!VALID_UID(uid) || !VALID_GID(gid)) 6677c478bd9Sstevel@tonic-gate return (-1); 6687c478bd9Sstevel@tonic-gate 6697c478bd9Sstevel@tonic-gate cr->cr_uid = cr->cr_ruid = cr->cr_suid = uid; 6707c478bd9Sstevel@tonic-gate cr->cr_gid = cr->cr_rgid = cr->cr_sgid = gid; 6717c478bd9Sstevel@tonic-gate 6727c478bd9Sstevel@tonic-gate return (0); 6737c478bd9Sstevel@tonic-gate } 6747c478bd9Sstevel@tonic-gate 6757c478bd9Sstevel@tonic-gate int 6767c478bd9Sstevel@tonic-gate crsetgroups(cred_t *cr, int n, gid_t *grp) 6777c478bd9Sstevel@tonic-gate { 6787c478bd9Sstevel@tonic-gate ASSERT(cr->cr_ref <= 2); 6797c478bd9Sstevel@tonic-gate 6807c478bd9Sstevel@tonic-gate if (n > ngroups_max || n < 0) 6817c478bd9Sstevel@tonic-gate return (-1); 6827c478bd9Sstevel@tonic-gate 6837c478bd9Sstevel@tonic-gate cr->cr_ngroups = n; 6847c478bd9Sstevel@tonic-gate 6857c478bd9Sstevel@tonic-gate if (n > 0) 6867c478bd9Sstevel@tonic-gate bcopy(grp, cr->cr_groups, n * sizeof (gid_t)); 6877c478bd9Sstevel@tonic-gate 6887c478bd9Sstevel@tonic-gate return (0); 6897c478bd9Sstevel@tonic-gate } 6907c478bd9Sstevel@tonic-gate 6917c478bd9Sstevel@tonic-gate void 6927c478bd9Sstevel@tonic-gate crsetprojid(cred_t *cr, projid_t projid) 6937c478bd9Sstevel@tonic-gate { 6947c478bd9Sstevel@tonic-gate ASSERT(projid >= 0 && projid <= MAXPROJID); 6957c478bd9Sstevel@tonic-gate cr->cr_projid = projid; 6967c478bd9Sstevel@tonic-gate } 6977c478bd9Sstevel@tonic-gate 6987c478bd9Sstevel@tonic-gate /* 6997c478bd9Sstevel@tonic-gate * This routine returns the pointer to the first element of the cr_groups 7007c478bd9Sstevel@tonic-gate * array. It can move around in an implementation defined way. 7017c478bd9Sstevel@tonic-gate */ 7027c478bd9Sstevel@tonic-gate const gid_t * 7037c478bd9Sstevel@tonic-gate crgetgroups(const cred_t *cr) 7047c478bd9Sstevel@tonic-gate { 7057c478bd9Sstevel@tonic-gate return (cr->cr_groups); 7067c478bd9Sstevel@tonic-gate } 7077c478bd9Sstevel@tonic-gate 7087c478bd9Sstevel@tonic-gate int 7097c478bd9Sstevel@tonic-gate crgetngroups(const cred_t *cr) 7107c478bd9Sstevel@tonic-gate { 7117c478bd9Sstevel@tonic-gate return (cr->cr_ngroups); 7127c478bd9Sstevel@tonic-gate } 7137c478bd9Sstevel@tonic-gate 7147c478bd9Sstevel@tonic-gate void 7157c478bd9Sstevel@tonic-gate cred2prcred(const cred_t *cr, prcred_t *pcrp) 7167c478bd9Sstevel@tonic-gate { 7177c478bd9Sstevel@tonic-gate pcrp->pr_euid = cr->cr_uid; 7187c478bd9Sstevel@tonic-gate pcrp->pr_ruid = cr->cr_ruid; 7197c478bd9Sstevel@tonic-gate pcrp->pr_suid = cr->cr_suid; 7207c478bd9Sstevel@tonic-gate pcrp->pr_egid = cr->cr_gid; 7217c478bd9Sstevel@tonic-gate pcrp->pr_rgid = cr->cr_rgid; 7227c478bd9Sstevel@tonic-gate pcrp->pr_sgid = cr->cr_sgid; 7237c478bd9Sstevel@tonic-gate pcrp->pr_ngroups = MIN(cr->cr_ngroups, (uint_t)ngroups_max); 7247c478bd9Sstevel@tonic-gate pcrp->pr_groups[0] = 0; /* in case ngroups == 0 */ 7257c478bd9Sstevel@tonic-gate 7267c478bd9Sstevel@tonic-gate if (pcrp->pr_ngroups != 0) 7277c478bd9Sstevel@tonic-gate bcopy(cr->cr_groups, pcrp->pr_groups, 7287c478bd9Sstevel@tonic-gate sizeof (gid_t) * cr->cr_ngroups); 7297c478bd9Sstevel@tonic-gate } 7307c478bd9Sstevel@tonic-gate 7317c478bd9Sstevel@tonic-gate static int 73245916cd2Sjpk cred2ucaud(const cred_t *cr, auditinfo64_addr_t *ainfo, const cred_t *rcr) 7337c478bd9Sstevel@tonic-gate { 7347c478bd9Sstevel@tonic-gate auditinfo_addr_t *ai; 7357c478bd9Sstevel@tonic-gate au_tid_addr_t tid; 7367c478bd9Sstevel@tonic-gate 73745916cd2Sjpk if (secpolicy_audit_getattr(rcr) != 0) 7387c478bd9Sstevel@tonic-gate return (-1); 7397c478bd9Sstevel@tonic-gate 7407c478bd9Sstevel@tonic-gate ai = CR_AUINFO(cr); /* caller makes sure this is non-NULL */ 7417c478bd9Sstevel@tonic-gate tid = ai->ai_termid; 7427c478bd9Sstevel@tonic-gate 7437c478bd9Sstevel@tonic-gate ainfo->ai_auid = ai->ai_auid; 7447c478bd9Sstevel@tonic-gate ainfo->ai_mask = ai->ai_mask; 7457c478bd9Sstevel@tonic-gate ainfo->ai_asid = ai->ai_asid; 7467c478bd9Sstevel@tonic-gate 7477c478bd9Sstevel@tonic-gate ainfo->ai_termid.at_type = tid.at_type; 7487c478bd9Sstevel@tonic-gate bcopy(&tid.at_addr, &ainfo->ai_termid.at_addr, 4 * sizeof (uint_t)); 7497c478bd9Sstevel@tonic-gate 7507c478bd9Sstevel@tonic-gate ainfo->ai_termid.at_port.at_major = (uint32_t)getmajor(tid.at_port); 7517c478bd9Sstevel@tonic-gate ainfo->ai_termid.at_port.at_minor = (uint32_t)getminor(tid.at_port); 7527c478bd9Sstevel@tonic-gate 7537c478bd9Sstevel@tonic-gate return (0); 7547c478bd9Sstevel@tonic-gate } 7557c478bd9Sstevel@tonic-gate 75645916cd2Sjpk void 75745916cd2Sjpk cred2uclabel(const cred_t *cr, bslabel_t *labelp) 75845916cd2Sjpk { 75945916cd2Sjpk ts_label_t *tslp; 76045916cd2Sjpk 76145916cd2Sjpk if ((tslp = crgetlabel(cr)) != NULL) 76245916cd2Sjpk bcopy(&tslp->tsl_label, labelp, sizeof (bslabel_t)); 76345916cd2Sjpk } 76445916cd2Sjpk 7657c478bd9Sstevel@tonic-gate /* 7667c478bd9Sstevel@tonic-gate * Convert a credential into a "ucred". Allow the caller to specify 7677c478bd9Sstevel@tonic-gate * and aligned buffer, e.g., in an mblk, so we don't have to allocate 7687c478bd9Sstevel@tonic-gate * memory and copy it twice. 76945916cd2Sjpk * 77045916cd2Sjpk * This function may call cred2ucaud(), which calls CRED(). Since this 77145916cd2Sjpk * can be called from an interrupt thread, receiver's cred (rcr) is needed 77245916cd2Sjpk * to determine whether audit info should be included. 7737c478bd9Sstevel@tonic-gate */ 7747c478bd9Sstevel@tonic-gate struct ucred_s * 77545916cd2Sjpk cred2ucred(const cred_t *cr, pid_t pid, void *buf, const cred_t *rcr) 7767c478bd9Sstevel@tonic-gate { 7777c478bd9Sstevel@tonic-gate struct ucred_s *uc; 7787c478bd9Sstevel@tonic-gate 7797c478bd9Sstevel@tonic-gate /* The structure isn't always completely filled in, so zero it */ 7807c478bd9Sstevel@tonic-gate if (buf == NULL) { 7817c478bd9Sstevel@tonic-gate uc = kmem_zalloc(ucredsize, KM_SLEEP); 7827c478bd9Sstevel@tonic-gate } else { 7837c478bd9Sstevel@tonic-gate bzero(buf, ucredsize); 7847c478bd9Sstevel@tonic-gate uc = buf; 7857c478bd9Sstevel@tonic-gate } 7867c478bd9Sstevel@tonic-gate uc->uc_size = ucredsize; 7877c478bd9Sstevel@tonic-gate uc->uc_credoff = UCRED_CRED_OFF; 7887c478bd9Sstevel@tonic-gate uc->uc_privoff = UCRED_PRIV_OFF; 7897c478bd9Sstevel@tonic-gate uc->uc_audoff = UCRED_AUD_OFF; 79045916cd2Sjpk uc->uc_labeloff = UCRED_LABEL_OFF; 7917c478bd9Sstevel@tonic-gate uc->uc_pid = pid; 7927c478bd9Sstevel@tonic-gate uc->uc_projid = cr->cr_projid; 7937c478bd9Sstevel@tonic-gate uc->uc_zoneid = crgetzoneid(cr); 7947c478bd9Sstevel@tonic-gate 79545916cd2Sjpk /* 79645916cd2Sjpk * Note that cred2uclabel() call should not be factored out 79745916cd2Sjpk * to the bottom of the if-else. UCXXX() macros depend on 79845916cd2Sjpk * uc_xxxoff values to work correctly. 79945916cd2Sjpk */ 80045916cd2Sjpk if (REMOTE_PEER_CRED(cr)) { 80145916cd2Sjpk /* 80245916cd2Sjpk * other than label, the rest of cred info about a 80345916cd2Sjpk * remote peer isn't available. 80445916cd2Sjpk */ 80545916cd2Sjpk cred2uclabel(cr, UCLABEL(uc)); 80645916cd2Sjpk uc->uc_credoff = 0; 80745916cd2Sjpk uc->uc_privoff = 0; 80845916cd2Sjpk uc->uc_audoff = 0; 80945916cd2Sjpk } else { 8107c478bd9Sstevel@tonic-gate cred2prcred(cr, UCCRED(uc)); 8117c478bd9Sstevel@tonic-gate cred2prpriv(cr, UCPRIV(uc)); 81245916cd2Sjpk if (audoff == 0 || cred2ucaud(cr, UCAUD(uc), rcr) != 0) 8137c478bd9Sstevel@tonic-gate uc->uc_audoff = 0; 81445916cd2Sjpk cred2uclabel(cr, UCLABEL(uc)); 81545916cd2Sjpk } 8167c478bd9Sstevel@tonic-gate 8177c478bd9Sstevel@tonic-gate return (uc); 8187c478bd9Sstevel@tonic-gate } 8197c478bd9Sstevel@tonic-gate 8207c478bd9Sstevel@tonic-gate /* 8217c478bd9Sstevel@tonic-gate * Get the "ucred" of a process. 8227c478bd9Sstevel@tonic-gate */ 8237c478bd9Sstevel@tonic-gate struct ucred_s * 8247c478bd9Sstevel@tonic-gate pgetucred(proc_t *p) 8257c478bd9Sstevel@tonic-gate { 8267c478bd9Sstevel@tonic-gate cred_t *cr; 8277c478bd9Sstevel@tonic-gate struct ucred_s *uc; 8287c478bd9Sstevel@tonic-gate 8297c478bd9Sstevel@tonic-gate mutex_enter(&p->p_crlock); 8307c478bd9Sstevel@tonic-gate cr = p->p_cred; 8317c478bd9Sstevel@tonic-gate crhold(cr); 8327c478bd9Sstevel@tonic-gate mutex_exit(&p->p_crlock); 8337c478bd9Sstevel@tonic-gate 83445916cd2Sjpk uc = cred2ucred(cr, p->p_pid, NULL, CRED()); 8357c478bd9Sstevel@tonic-gate crfree(cr); 8367c478bd9Sstevel@tonic-gate 8377c478bd9Sstevel@tonic-gate return (uc); 8387c478bd9Sstevel@tonic-gate } 8397c478bd9Sstevel@tonic-gate 8407c478bd9Sstevel@tonic-gate /* 8417c478bd9Sstevel@tonic-gate * If the reply status is NFSERR_EACCES, it may be because we are 8427c478bd9Sstevel@tonic-gate * root (no root net access). Check the real uid, if it isn't root 8437c478bd9Sstevel@tonic-gate * make that the uid instead and retry the call. 8447c478bd9Sstevel@tonic-gate * Private interface for NFS. 8457c478bd9Sstevel@tonic-gate */ 8467c478bd9Sstevel@tonic-gate cred_t * 8477c478bd9Sstevel@tonic-gate crnetadjust(cred_t *cr) 8487c478bd9Sstevel@tonic-gate { 8497c478bd9Sstevel@tonic-gate if (cr->cr_uid == 0 && cr->cr_ruid != 0) { 8507c478bd9Sstevel@tonic-gate cr = crdup(cr); 8517c478bd9Sstevel@tonic-gate cr->cr_uid = cr->cr_ruid; 8527c478bd9Sstevel@tonic-gate return (cr); 8537c478bd9Sstevel@tonic-gate } 8547c478bd9Sstevel@tonic-gate return (NULL); 8557c478bd9Sstevel@tonic-gate } 8567c478bd9Sstevel@tonic-gate 8577c478bd9Sstevel@tonic-gate /* 8587c478bd9Sstevel@tonic-gate * The reference count is of interest when you want to check 8597c478bd9Sstevel@tonic-gate * whether it is ok to modify the credential in place. 8607c478bd9Sstevel@tonic-gate */ 8617c478bd9Sstevel@tonic-gate uint_t 8627c478bd9Sstevel@tonic-gate crgetref(const cred_t *cr) 8637c478bd9Sstevel@tonic-gate { 8647c478bd9Sstevel@tonic-gate return (cr->cr_ref); 8657c478bd9Sstevel@tonic-gate } 8667c478bd9Sstevel@tonic-gate 8677c478bd9Sstevel@tonic-gate static int 8687c478bd9Sstevel@tonic-gate get_c2audit_load(void) 8697c478bd9Sstevel@tonic-gate { 8707c478bd9Sstevel@tonic-gate static int gotit = 0; 8717c478bd9Sstevel@tonic-gate static int c2audit_load; 8727c478bd9Sstevel@tonic-gate u_longlong_t audit_load_val; 8737c478bd9Sstevel@tonic-gate 8747c478bd9Sstevel@tonic-gate if (gotit) 8757c478bd9Sstevel@tonic-gate return (c2audit_load); 8767c478bd9Sstevel@tonic-gate audit_load_val = 0; /* set default value once */ 8777c478bd9Sstevel@tonic-gate (void) mod_sysvar("c2audit", "audit_load", &audit_load_val); 8787c478bd9Sstevel@tonic-gate c2audit_load = (int)audit_load_val; 8797c478bd9Sstevel@tonic-gate gotit++; 8807c478bd9Sstevel@tonic-gate return (c2audit_load); 8817c478bd9Sstevel@tonic-gate } 8827c478bd9Sstevel@tonic-gate 8837c478bd9Sstevel@tonic-gate int 8847c478bd9Sstevel@tonic-gate get_audit_ucrsize(void) 8857c478bd9Sstevel@tonic-gate { 8867c478bd9Sstevel@tonic-gate return (get_c2audit_load() ? sizeof (auditinfo64_addr_t) : 0); 8877c478bd9Sstevel@tonic-gate } 8887c478bd9Sstevel@tonic-gate 8897c478bd9Sstevel@tonic-gate /* 8907c478bd9Sstevel@tonic-gate * Set zone pointer in credential to indicated value. First adds a 8917c478bd9Sstevel@tonic-gate * hold for the new zone, then drops the hold on previous zone (if any). 8927c478bd9Sstevel@tonic-gate * This is done in this order in case the old and new zones are the 8937c478bd9Sstevel@tonic-gate * same. 8947c478bd9Sstevel@tonic-gate */ 8957c478bd9Sstevel@tonic-gate void 8967c478bd9Sstevel@tonic-gate crsetzone(cred_t *cr, zone_t *zptr) 8977c478bd9Sstevel@tonic-gate { 8987c478bd9Sstevel@tonic-gate zone_t *oldzptr = cr->cr_zone; 8997c478bd9Sstevel@tonic-gate 9007c478bd9Sstevel@tonic-gate ASSERT(cr != kcred); 9017c478bd9Sstevel@tonic-gate ASSERT(cr->cr_ref <= 2); 9027c478bd9Sstevel@tonic-gate cr->cr_zone = zptr; 9037c478bd9Sstevel@tonic-gate zone_cred_hold(zptr); 9047c478bd9Sstevel@tonic-gate if (oldzptr) 9057c478bd9Sstevel@tonic-gate zone_cred_rele(oldzptr); 9067c478bd9Sstevel@tonic-gate } 90745916cd2Sjpk 90845916cd2Sjpk /* 90945916cd2Sjpk * Create a new cred based on the supplied label 91045916cd2Sjpk */ 91145916cd2Sjpk cred_t * 91245916cd2Sjpk newcred_from_bslabel(bslabel_t *blabel, uint32_t doi, int flags) 91345916cd2Sjpk { 91445916cd2Sjpk ts_label_t *lbl = labelalloc(blabel, doi, flags); 91545916cd2Sjpk cred_t *cr = NULL; 91645916cd2Sjpk 91745916cd2Sjpk if (lbl != NULL) { 91845916cd2Sjpk if ((cr = kmem_cache_alloc(cred_cache, flags)) != NULL) { 91945916cd2Sjpk bcopy(dummycr, cr, crsize); 92045916cd2Sjpk cr->cr_label = lbl; 92145916cd2Sjpk } else { 92245916cd2Sjpk label_rele(lbl); 92345916cd2Sjpk } 92445916cd2Sjpk } 92545916cd2Sjpk 92645916cd2Sjpk return (cr); 92745916cd2Sjpk } 92845916cd2Sjpk 92945916cd2Sjpk /* 93045916cd2Sjpk * Derive a new cred from the existing cred, but with a different label. 93145916cd2Sjpk * To be used when a cred is being shared, but the label needs to be changed 93245916cd2Sjpk * by a caller without affecting other users 93345916cd2Sjpk */ 93445916cd2Sjpk cred_t * 93545916cd2Sjpk copycred_from_bslabel(cred_t *cr, bslabel_t *blabel, uint32_t doi, int flags) 93645916cd2Sjpk { 93745916cd2Sjpk ts_label_t *lbl = labelalloc(blabel, doi, flags); 93845916cd2Sjpk cred_t *newcr = NULL; 93945916cd2Sjpk 94045916cd2Sjpk if (lbl != NULL) { 94145916cd2Sjpk if ((newcr = kmem_cache_alloc(cred_cache, flags)) != NULL) { 94245916cd2Sjpk bcopy(cr, newcr, crsize); 94345916cd2Sjpk if (newcr->cr_zone) 94445916cd2Sjpk zone_cred_hold(newcr->cr_zone); 94545916cd2Sjpk newcr->cr_label = lbl; 94645916cd2Sjpk newcr->cr_ref = 1; 94745916cd2Sjpk } else { 94845916cd2Sjpk label_rele(lbl); 94945916cd2Sjpk } 95045916cd2Sjpk } 95145916cd2Sjpk 95245916cd2Sjpk return (newcr); 95345916cd2Sjpk } 95445916cd2Sjpk 95545916cd2Sjpk /* 95645916cd2Sjpk * This function returns a pointer to the kcred-equivalent in the current zone. 95745916cd2Sjpk */ 95845916cd2Sjpk cred_t * 95945916cd2Sjpk zone_kcred(void) 96045916cd2Sjpk { 96145916cd2Sjpk zone_t *zone; 96245916cd2Sjpk 96345916cd2Sjpk if ((zone = CRED()->cr_zone) != NULL) 96445916cd2Sjpk return (zone->zone_kcred); 96545916cd2Sjpk else 96645916cd2Sjpk return (kcred); 96745916cd2Sjpk } 968f48205beScasper 969f48205beScasper boolean_t 970f48205beScasper valid_ephemeral_uid(uid_t id) 971f48205beScasper { 972f48205beScasper membar_consumer(); 973f48205beScasper return (id > ephemeral_data.min_uid && id <= ephemeral_data.last_uid); 974f48205beScasper } 975f48205beScasper 976f48205beScasper boolean_t 977f48205beScasper valid_ephemeral_gid(gid_t id) 978f48205beScasper { 979f48205beScasper membar_consumer(); 980f48205beScasper return (id > ephemeral_data.min_gid && id <= ephemeral_data.last_gid); 981f48205beScasper } 982f48205beScasper 983f48205beScasper int 984f48205beScasper eph_uid_alloc(int flags, uid_t *start, int count) 985f48205beScasper { 986f48205beScasper mutex_enter(&ephemeral_data.eph_lock); 987f48205beScasper 988f48205beScasper /* Test for unsigned integer wrap around */ 989f48205beScasper if (ephemeral_data.last_uid + count < ephemeral_data.last_uid) { 990f48205beScasper mutex_exit(&ephemeral_data.eph_lock); 991f48205beScasper return (-1); 992f48205beScasper } 993f48205beScasper 994f48205beScasper /* first call or idmap crashed and state corrupted */ 995f48205beScasper if (flags != 0) 996f48205beScasper ephemeral_data.min_uid = ephemeral_data.last_uid; 997f48205beScasper 998f48205beScasper hasephids = B_TRUE; 999f48205beScasper *start = ephemeral_data.last_uid + 1; 1000f48205beScasper atomic_add_32(&ephemeral_data.last_uid, count); 1001f48205beScasper mutex_exit(&ephemeral_data.eph_lock); 1002f48205beScasper return (0); 1003f48205beScasper } 1004f48205beScasper 1005f48205beScasper int 1006f48205beScasper eph_gid_alloc(int flags, gid_t *start, int count) 1007f48205beScasper { 1008f48205beScasper mutex_enter(&ephemeral_data.eph_lock); 1009f48205beScasper 1010f48205beScasper /* Test for unsigned integer wrap around */ 1011f48205beScasper if (ephemeral_data.last_gid + count < ephemeral_data.last_gid) { 1012f48205beScasper mutex_exit(&ephemeral_data.eph_lock); 1013f48205beScasper return (-1); 1014f48205beScasper } 1015f48205beScasper 1016f48205beScasper /* first call or idmap crashed and state corrupted */ 1017f48205beScasper if (flags != 0) 1018f48205beScasper ephemeral_data.min_gid = ephemeral_data.last_gid; 1019f48205beScasper 1020f48205beScasper hasephids = B_TRUE; 1021f48205beScasper *start = ephemeral_data.last_gid + 1; 1022f48205beScasper atomic_add_32(&ephemeral_data.last_gid, count); 1023f48205beScasper mutex_exit(&ephemeral_data.eph_lock); 1024f48205beScasper return (0); 1025f48205beScasper } 1026f48205beScasper 1027f48205beScasper /* 1028f48205beScasper * If the credential contains any ephemeral IDs, map the credential 1029f48205beScasper * to nobody. 1030f48205beScasper */ 1031f48205beScasper cred_t * 1032f48205beScasper crgetmapped(const cred_t *cr) 1033f48205beScasper { 1034*90c3d472Scasper /* 1035*90c3d472Scasper * Someone incorrectly passed a NULL cred to a vnode operation 1036*90c3d472Scasper * either on purpose or by calling CRED() in interrupt context. 1037*90c3d472Scasper */ 1038*90c3d472Scasper if (cr == NULL) 1039*90c3d472Scasper return (NULL); 1040*90c3d472Scasper 1041f48205beScasper if (cr->cr_ksid != NULL) { 1042f48205beScasper int i; 1043f48205beScasper 1044f48205beScasper for (i = 0; i < KSID_COUNT; i++) 1045f48205beScasper if (cr->cr_ksid->kr_sidx[i].ks_id > MAXUID) 1046f48205beScasper return (ephemeral_data.nobody); 1047f48205beScasper if (cr->cr_ksid->kr_sidlist != NULL && 1048f48205beScasper cr->cr_ksid->kr_sidlist->ksl_neid > 0) { 1049f48205beScasper return (ephemeral_data.nobody); 1050f48205beScasper } 1051f48205beScasper } 1052f48205beScasper 1053f48205beScasper return ((cred_t *)cr); 1054f48205beScasper } 1055f48205beScasper 1056f48205beScasper /* index should be in range for a ksidindex_t */ 1057f48205beScasper void 1058f48205beScasper crsetsid(cred_t *cr, ksid_t *ksp, int index) 1059f48205beScasper { 1060f48205beScasper ASSERT(cr->cr_ref <= 2); 1061f48205beScasper ASSERT(index >= 0 && index < KSID_COUNT); 1062f48205beScasper if (cr->cr_ksid == NULL && ksp == NULL) 1063f48205beScasper return; 1064f48205beScasper cr->cr_ksid = kcrsid_setsid(cr->cr_ksid, ksp, index); 1065f48205beScasper } 1066f48205beScasper 1067f48205beScasper void 1068f48205beScasper crsetsidlist(cred_t *cr, ksidlist_t *ksl) 1069f48205beScasper { 1070f48205beScasper ASSERT(cr->cr_ref <= 2); 1071f48205beScasper if (cr->cr_ksid == NULL && ksl == NULL) 1072f48205beScasper return; 1073f48205beScasper cr->cr_ksid = kcrsid_setsidlist(cr->cr_ksid, ksl); 1074f48205beScasper } 1075f48205beScasper 1076f48205beScasper ksid_t * 1077f48205beScasper crgetsid(const cred_t *cr, int i) 1078f48205beScasper { 1079f48205beScasper ASSERT(i >= 0 && i < KSID_COUNT); 1080f48205beScasper if (cr->cr_ksid != NULL && cr->cr_ksid->kr_sidx[i].ks_domain) 1081f48205beScasper return ((ksid_t *)&cr->cr_ksid->kr_sidx[i]); 1082f48205beScasper return (NULL); 1083f48205beScasper } 1084f48205beScasper 1085f48205beScasper ksidlist_t * 1086f48205beScasper crgetsidlist(const cred_t *cr) 1087f48205beScasper { 1088f48205beScasper if (cr->cr_ksid != NULL && cr->cr_ksid->kr_sidlist != NULL) 1089f48205beScasper return ((ksidlist_t *)&cr->cr_ksid->kr_sidlist); 1090f48205beScasper return (NULL); 1091f48205beScasper } 1092