1f48205beScasper /* 2f48205beScasper * CDDL HEADER START 3f48205beScasper * 4f48205beScasper * The contents of this file are subject to the terms of the 5f48205beScasper * Common Development and Distribution License (the "License"). 6f48205beScasper * You may not use this file except in compliance with the License. 7f48205beScasper * 8f48205beScasper * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9f48205beScasper * or http://www.opensolaris.org/os/licensing. 10f48205beScasper * See the License for the specific language governing permissions 11f48205beScasper * and limitations under the License. 12f48205beScasper * 13f48205beScasper * When distributing Covered Code, include this CDDL HEADER in each 14f48205beScasper * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15f48205beScasper * If applicable, add the following below this CDDL HEADER, with the 16f48205beScasper * fields enclosed by brackets "[]" replaced with your own identifying 17f48205beScasper * information: Portions Copyright [yyyy] [name of copyright owner] 18f48205beScasper * 19f48205beScasper * CDDL HEADER END 20f48205beScasper */ 21f48205beScasper 22f48205beScasper /* 23*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Copyright 2010 Sun Microsystems, Inc. All rights reserved. 24f48205beScasper * Use is subject to license terms. 25f48205beScasper */ 26f48205beScasper 27f48205beScasper /* 28f48205beScasper * SID system call. 29f48205beScasper */ 30f48205beScasper 31f48205beScasper #include <sys/sid.h> 32f48205beScasper #include <sys/cred.h> 33f48205beScasper #include <sys/errno.h> 34f48205beScasper #include <sys/systm.h> 35f48205beScasper #include <sys/policy.h> 36f48205beScasper #include <sys/door.h> 37c5c4113dSnw141292 #include <sys/kidmap.h> 38c5c4113dSnw141292 #include <sys/proc.h> 39f48205beScasper 40c5c4113dSnw141292 static uint64_t 41c5c4113dSnw141292 allocids(int flag, int nuids, int ngids) 42f48205beScasper { 43c5c4113dSnw141292 rval_t r; 44c5c4113dSnw141292 uid_t su = 0; 45c5c4113dSnw141292 gid_t sg = 0; 46c5c4113dSnw141292 struct door_info di; 47c5c4113dSnw141292 door_handle_t dh; 48c5c4113dSnw141292 int err; 49bda89588Sjp151216 zone_t *zone = crgetzone(CRED()); 50f48205beScasper 51bda89588Sjp151216 dh = idmap_get_door(zone); 52f48205beScasper 53bda89588Sjp151216 if (dh == NULL) 54c5c4113dSnw141292 return (set_errno(EPERM)); 55f48205beScasper 56bda89588Sjp151216 if ((err = door_ki_info(dh, &di)) != 0) { 57bda89588Sjp151216 door_ki_rele(dh); 58c5c4113dSnw141292 return (set_errno(err)); 59bda89588Sjp151216 } 60bda89588Sjp151216 61bda89588Sjp151216 door_ki_rele(dh); 62f48205beScasper 63c5c4113dSnw141292 if (curproc->p_pid != di.di_target) 64c5c4113dSnw141292 return (set_errno(EPERM)); 65f48205beScasper 66bda89588Sjp151216 if (flag) 67bda89588Sjp151216 idmap_purge_cache(zone); 68f48205beScasper 69c5c4113dSnw141292 if (nuids < 0 || ngids < 0) 70c5c4113dSnw141292 return (set_errno(EINVAL)); 71f48205beScasper 72c5c4113dSnw141292 if (flag != 0 || nuids > 0) 73bda89588Sjp151216 err = eph_uid_alloc(zone, flag, &su, nuids); 74c5c4113dSnw141292 if (err == 0 && (flag != 0 || ngids > 0)) 75bda89588Sjp151216 err = eph_gid_alloc(zone, flag, &sg, ngids); 76f48205beScasper 77c5c4113dSnw141292 if (err != 0) 78c5c4113dSnw141292 return (set_errno(EOVERFLOW)); 79f48205beScasper 80c5c4113dSnw141292 r.r_val1 = su; 81c5c4113dSnw141292 r.r_val2 = sg; 82c5c4113dSnw141292 return (r.r_vals); 83f48205beScasper } 84f48205beScasper 85f48205beScasper static int 86f48205beScasper idmap_reg(int did) 87f48205beScasper { 88f48205beScasper door_handle_t dh; 89f48205beScasper int err; 90bda89588Sjp151216 cred_t *cr = CRED(); 91f48205beScasper 92bda89588Sjp151216 if ((err = secpolicy_idmap(cr)) != 0) 93f48205beScasper return (set_errno(err)); 94f48205beScasper 95f48205beScasper dh = door_ki_lookup(did); 96f48205beScasper 97f48205beScasper if (dh == NULL) 98f48205beScasper return (set_errno(EBADF)); 99f48205beScasper 100bda89588Sjp151216 if ((err = idmap_reg_dh(crgetzone(cr), dh)) != 0) 101bda89588Sjp151216 return (set_errno(err)); 102f48205beScasper 103bda89588Sjp151216 return (0); 104f48205beScasper } 105f48205beScasper 106f48205beScasper static int 107f48205beScasper idmap_unreg(int did) 108f48205beScasper { 109f48205beScasper door_handle_t dh = door_ki_lookup(did); 110f48205beScasper int res; 111bda89588Sjp151216 zone_t *zone; 112f48205beScasper 113f48205beScasper if (dh == NULL) 114f48205beScasper return (set_errno(EINVAL)); 115f48205beScasper 116bda89588Sjp151216 zone = crgetzone(CRED()); 117bda89588Sjp151216 res = idmap_unreg_dh(zone, dh); 118f48205beScasper door_ki_rele(dh); 119f48205beScasper 120f48205beScasper if (res != 0) 121f48205beScasper return (set_errno(res)); 122f48205beScasper return (0); 123f48205beScasper } 124f48205beScasper 125*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States static uint64_t 126*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_flush_kcache(void) 127*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States { 128*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States struct door_info di; 129*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States door_handle_t dh; 130*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States int err; 131*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States zone_t *zone = crgetzone(CRED()); 132*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 133*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States dh = idmap_get_door(zone); 134*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 135*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (dh == NULL) 136*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (set_errno(EPERM)); 137*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 138*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if ((err = door_ki_info(dh, &di)) != 0) { 139*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States door_ki_rele(dh); 140*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (set_errno(err)); 141*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } 142*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 143*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States door_ki_rele(dh); 144*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 145*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (curproc->p_pid != di.di_target) 146*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (set_errno(EPERM)); 147*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 148*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_purge_cache(zone); 149*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 150*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (0); 151*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States } 152*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States 153f48205beScasper uint64_t 154f48205beScasper sidsys(int op, int flag, int nuids, int ngids) 155f48205beScasper { 156f48205beScasper switch (op) { 157f48205beScasper case SIDSYS_ALLOC_IDS: 158f48205beScasper return (allocids(flag, nuids, ngids)); 159f48205beScasper case SIDSYS_IDMAP_REG: 160f48205beScasper return (idmap_reg(flag)); 161f48205beScasper case SIDSYS_IDMAP_UNREG: 162f48205beScasper return (idmap_unreg(flag)); 163*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States case SIDSYS_IDMAP_FLUSH_KCACHE: 164*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (idmap_flush_kcache()); 165f48205beScasper default: 166f48205beScasper return (set_errno(EINVAL)); 167f48205beScasper } 168f48205beScasper } 169