common/os/sid.c

*f48205beScasper/*
*f48205beScasper * CDDL HEADER START
*f48205beScasper *
*f48205beScasper * The contents of this file are subject to the terms of the
*f48205beScasper * Common Development and Distribution License (the "License").
*f48205beScasper * You may not use this file except in compliance with the License.
*f48205beScasper *
*f48205beScasper * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
*f48205beScasper * or http://www.opensolaris.org/os/licensing.
*f48205beScasper * See the License for the specific language governing permissions
*f48205beScasper * and limitations under the License.
*f48205beScasper *
*f48205beScasper * When distributing Covered Code, include this CDDL HEADER in each
*f48205beScasper * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
*f48205beScasper * If applicable, add the following below this CDDL HEADER, with the
*f48205beScasper * fields enclosed by brackets "[]" replaced with your own identifying
*f48205beScasper * information: Portions Copyright [yyyy] [name of copyright owner]
*f48205beScasper *
*f48205beScasper * CDDL HEADER END
*f48205beScasper */
*f48205beScasper
*f48205beScasper/*
*f48205beScasper * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
*f48205beScasper * Use is subject to license terms.
*f48205beScasper */
*f48205beScasper
*f48205beScasper#pragma ident	"%Z%%M%	%I%	%E% SMI"
*f48205beScasper
*f48205beScasper/*
*f48205beScasper * Sid manipulation (stubs).
*f48205beScasper */
*f48205beScasper
*f48205beScasper#include <sys/atomic.h>
*f48205beScasper#include <sys/avl.h>
*f48205beScasper#include <sys/cmn_err.h>
*f48205beScasper#include <sys/kmem.h>
*f48205beScasper#include <sys/mutex.h>
*f48205beScasper#include <sys/sid.h>
*f48205beScasper#include <sys/sysmacros.h>
*f48205beScasper#include <sys/systm.h>
*f48205beScasper
*f48205beScasperstatic kmutex_t sid_lock;
*f48205beScasperstatic avl_tree_t sid_tree;
*f48205beScasperstatic boolean_t sid_inited = B_FALSE;
*f48205beScasper
*f48205beScasperstatic ksiddomain_t
*f48205beScasper*ksid_enterdomain(const char *dom)
*f48205beScasper{
*f48205beScasper	size_t len = strlen(dom) + 1;
*f48205beScasper	ksiddomain_t *res;
*f48205beScasper
*f48205beScasper	ASSERT(MUTEX_HELD(&sid_lock));
*f48205beScasper	res = kmem_alloc(sizeof (ksiddomain_t), KM_SLEEP);
*f48205beScasper	res->kd_len = (uint_t)len;
*f48205beScasper	res->kd_name = kmem_alloc(len, KM_SLEEP);
*f48205beScasper	bcopy(dom, res->kd_name, len);
*f48205beScasper
*f48205beScasper	res->kd_ref = 1;
*f48205beScasper
*f48205beScasper	avl_add(&sid_tree, res);
*f48205beScasper
*f48205beScasper	return (res);
*f48205beScasper}
*f48205beScasper
*f48205beScaspervoid
*f48205beScasperksid_hold(ksid_t *ks)
*f48205beScasper{
*f48205beScasper	if (ks->ks_domain != NULL)
*f48205beScasper		ksiddomain_hold(ks->ks_domain);
*f48205beScasper}
*f48205beScasper
*f48205beScaspervoid
*f48205beScasperksid_rele(ksid_t *ks)
*f48205beScasper{
*f48205beScasper	if (ks->ks_domain != NULL)
*f48205beScasper		ksiddomain_rele(ks->ks_domain);
*f48205beScasper}
*f48205beScasper
*f48205beScaspervoid
*f48205beScasperksiddomain_hold(ksiddomain_t *kd)
*f48205beScasper{
*f48205beScasper	atomic_add_32(&kd->kd_ref, 1);
*f48205beScasper}
*f48205beScasper
*f48205beScaspervoid
*f48205beScasperksiddomain_rele(ksiddomain_t *kd)
*f48205beScasper{
*f48205beScasper	if (atomic_add_32_nv(&kd->kd_ref, -1) == 0) {
*f48205beScasper		/*
*f48205beScasper		 * The kd reference can only be incremented from 0 when
*f48205beScasper		 * the sid_lock is held; so we lock and then check need to
*f48205beScasper		 * check for 0 again.
*f48205beScasper		 */
*f48205beScasper		mutex_enter(&sid_lock);
*f48205beScasper		if (kd->kd_ref == 0) {
*f48205beScasper			avl_remove(&sid_tree, kd);
*f48205beScasper			kmem_free(kd->kd_name, kd->kd_len);
*f48205beScasper			kmem_free(kd, sizeof (*kd));
*f48205beScasper		}
*f48205beScasper		mutex_exit(&sid_lock);
*f48205beScasper	}
*f48205beScasper}
*f48205beScasper
*f48205beScaspervoid
*f48205beScasperksidlist_hold(ksidlist_t *ksl)
*f48205beScasper{
*f48205beScasper	atomic_add_32(&ksl->ksl_ref, 1);
*f48205beScasper}
*f48205beScasper
*f48205beScaspervoid
*f48205beScasperksidlist_rele(ksidlist_t *ksl)
*f48205beScasper{
*f48205beScasper	if (atomic_add_32_nv(&ksl->ksl_ref, -1) == 0) {
*f48205beScasper		int i;
*f48205beScasper
*f48205beScasper		for (i = 0; i < ksl->ksl_nsid; i++)
*f48205beScasper			ksid_rele(&ksl->ksl_sids[i]);
*f48205beScasper
*f48205beScasper		kmem_free(ksl, KSIDLIST_MEM(ksl->ksl_nsid));
*f48205beScasper	}
*f48205beScasper}
*f48205beScasper
*f48205beScasperstatic int
*f48205beScasperksid_cmp(const void *a, const void *b)
*f48205beScasper{
*f48205beScasper	const ksiddomain_t *ap = a;
*f48205beScasper	const ksiddomain_t *bp = b;
*f48205beScasper	int res;
*f48205beScasper
*f48205beScasper	res = strcmp(ap->kd_name, bp->kd_name);
*f48205beScasper	if (res > 0)
*f48205beScasper		return (1);
*f48205beScasper	if (res != 0)
*f48205beScasper		return (-1);
*f48205beScasper	return (0);
*f48205beScasper}
*f48205beScasper
*f48205beScasper/*
*f48205beScasper * Lookup the named domain in the AVL tree.
*f48205beScasper * If no entry is found, add the domain to the AVL tree.
*f48205beScasper * The domain is returned held and needs to be released
*f48205beScasper * when done.
*f48205beScasper */
*f48205beScasperksiddomain_t
*f48205beScasper*ksid_lookupdomain(const char *dom)
*f48205beScasper{
*f48205beScasper	ksiddomain_t *res;
*f48205beScasper	ksiddomain_t tmpl;
*f48205beScasper
*f48205beScasper	mutex_enter(&sid_lock);
*f48205beScasper
*f48205beScasper	if (!sid_inited) {
*f48205beScasper		avl_create(&sid_tree, ksid_cmp, sizeof (ksiddomain_t),
*f48205beScasper		    offsetof(ksiddomain_t, kd_link));
*f48205beScasper
*f48205beScasper		res = ksid_enterdomain(dom);
*f48205beScasper		sid_inited = B_TRUE;
*f48205beScasper		mutex_exit(&sid_lock);
*f48205beScasper		return (res);
*f48205beScasper	}
*f48205beScasper
*f48205beScasper	tmpl.kd_name = (char *)dom;
*f48205beScasper
*f48205beScasper	res = avl_find(&sid_tree, &tmpl, NULL);
*f48205beScasper	if (res == NULL) {
*f48205beScasper		res = ksid_enterdomain(dom);
*f48205beScasper	} else {
*f48205beScasper		ksiddomain_hold(res);
*f48205beScasper	}
*f48205beScasper
*f48205beScasper	mutex_exit(&sid_lock);
*f48205beScasper	return (res);
*f48205beScasper}
*f48205beScasper
*f48205beScasperconst char *
*f48205beScasperksid_getdomain(ksid_t *ks)
*f48205beScasper{
*f48205beScasper	return (ks->ks_domain->kd_name);
*f48205beScasper}
*f48205beScasper
*f48205beScasperuint_t
*f48205beScasperksid_getrid(ksid_t *ks)
*f48205beScasper{
*f48205beScasper	return (ks->ks_rid);
*f48205beScasper}
*f48205beScasper
*f48205beScasperint
*f48205beScasperksid_lookup(uid_t id, ksid_t *res)
*f48205beScasper{
*f48205beScasper	uid_t tmp;
*f48205beScasper
*f48205beScasper	if (idmap_call_byid(id, res) == -1)
*f48205beScasper		return (-1);
*f48205beScasper
*f48205beScasper	tmp = idmap_call_bysid(res);
*f48205beScasper	if (tmp != id)
*f48205beScasper		cmn_err(CE_WARN, "The idmapper has gone bonkers");
*f48205beScasper	res->ks_id = id;
*f48205beScasper
*f48205beScasper	return (0);
*f48205beScasper}
*f48205beScasper
*f48205beScaspercredsid_t *
*f48205beScasperkcrsid_alloc(void)
*f48205beScasper{
*f48205beScasper	credsid_t *kcr = kmem_zalloc(sizeof (*kcr), KM_SLEEP);
*f48205beScasper	kcr->kr_ref = 1;
*f48205beScasper	return (kcr);
*f48205beScasper}
*f48205beScasper
*f48205beScasper/*
*f48205beScasper * Returns a credsid_t with a refcount of 1.
*f48205beScasper */
*f48205beScasperstatic credsid_t *
*f48205beScasperkcrsid_dup(credsid_t *org)
*f48205beScasper{
*f48205beScasper	credsid_t *new;
*f48205beScasper	ksid_index_t ki;
*f48205beScasper
*f48205beScasper	if (org == NULL)
*f48205beScasper		return (kcrsid_alloc());
*f48205beScasper	if (org->kr_ref == 1)
*f48205beScasper		return (org);
*f48205beScasper	new = kcrsid_alloc();
*f48205beScasper
*f48205beScasper	/* Copy, then update reference counts */
*f48205beScasper	*new = *org;
*f48205beScasper	new->kr_ref = 1;
*f48205beScasper	for (ki = 0; ki < KSID_COUNT; ki++)
*f48205beScasper		ksid_hold(&new->kr_sidx[ki]);
*f48205beScasper
*f48205beScasper	if (new->kr_sidlist != NULL)
*f48205beScasper		ksidlist_hold(new->kr_sidlist);
*f48205beScasper
*f48205beScasper	kcrsid_rele(org);
*f48205beScasper	return (new);
*f48205beScasper}
*f48205beScasper
*f48205beScaspervoid
*f48205beScasperkcrsid_hold(credsid_t *kcr)
*f48205beScasper{
*f48205beScasper	atomic_add_32(&kcr->kr_ref, 1);
*f48205beScasper}
*f48205beScasper
*f48205beScaspervoid
*f48205beScasperkcrsid_rele(credsid_t *kcr)
*f48205beScasper{
*f48205beScasper	if (atomic_add_32_nv(&kcr->kr_ref, -1) == 0) {
*f48205beScasper		ksid_index_t i;
*f48205beScasper
*f48205beScasper		for (i = 0; i < KSID_COUNT; i++)
*f48205beScasper			ksid_rele(&kcr->kr_sidx[i]);
*f48205beScasper
*f48205beScasper		if (kcr->kr_sidlist != NULL)
*f48205beScasper			ksidlist_rele(kcr->kr_sidlist);
*f48205beScasper
*f48205beScasper		kmem_free(kcr, sizeof (*kcr));
*f48205beScasper	}
*f48205beScasper}
*f48205beScasper
*f48205beScasper/*
*f48205beScasper * Copy the SID credential into a previously allocated piece of memory.
*f48205beScasper */
*f48205beScaspervoid
*f48205beScasperkcrsidcopy_to(const credsid_t *okcr, credsid_t *nkcr)
*f48205beScasper{
*f48205beScasper	int i;
*f48205beScasper
*f48205beScasper	ASSERT(nkcr->kr_ref == 1);
*f48205beScasper
*f48205beScasper	if (okcr == NULL)
*f48205beScasper		return;
*f48205beScasper	*nkcr = *okcr;
*f48205beScasper	for (i = 0; i < KSID_COUNT; i++)
*f48205beScasper		ksid_hold(&nkcr->kr_sidx[i]);
*f48205beScasper	if (nkcr->kr_sidlist != NULL)
*f48205beScasper		ksidlist_hold(nkcr->kr_sidlist);
*f48205beScasper	nkcr->kr_ref = 1;
*f48205beScasper}
*f48205beScasper
*f48205beScasperstatic int
*f48205beScasperkcrsid_sidcount(const credsid_t *kcr)
*f48205beScasper{
*f48205beScasper	int cnt = 0;
*f48205beScasper	int i;
*f48205beScasper
*f48205beScasper	if (kcr == NULL)
*f48205beScasper		return (0);
*f48205beScasper
*f48205beScasper	for (i = 0; i < KSID_COUNT; i++)
*f48205beScasper		if (kcr->kr_sidx[i].ks_domain != NULL)
*f48205beScasper			cnt++;
*f48205beScasper
*f48205beScasper	if (kcr->kr_sidlist != NULL)
*f48205beScasper		cnt += kcr->kr_sidlist->ksl_nsid;
*f48205beScasper	return (cnt);
*f48205beScasper}
*f48205beScasper
*f48205beScasper/*
*f48205beScasper * Argument needs to be a ksid_t with a properly held ks_domain reference.
*f48205beScasper */
*f48205beScaspercredsid_t *
*f48205beScasperkcrsid_setsid(credsid_t *okcr, ksid_t *ksp, ksid_index_t i)
*f48205beScasper{
*f48205beScasper	int ocnt = kcrsid_sidcount(okcr);
*f48205beScasper	credsid_t *nkcr;
*f48205beScasper
*f48205beScasper	/*
*f48205beScasper	 * Unset the particular ksid; if there are no other SIDs or if this
*f48205beScasper	 * is the last SID, remove the auxilary data structure.
*f48205beScasper	 */
*f48205beScasper	if (ksp == NULL) {
*f48205beScasper		if (ocnt == 0 ||
*f48205beScasper		    (ocnt == 1 && okcr->kr_sidx[i].ks_domain != NULL)) {
*f48205beScasper			if (okcr != NULL)
*f48205beScasper				kcrsid_rele(okcr);
*f48205beScasper			return (NULL);
*f48205beScasper		}
*f48205beScasper	}
*f48205beScasper	nkcr = kcrsid_dup(okcr);
*f48205beScasper	ksid_rele(&nkcr->kr_sidx[i]);
*f48205beScasper	if (ksp == NULL)
*f48205beScasper		bzero(&nkcr->kr_sidx[i], sizeof (ksid_t));
*f48205beScasper	else
*f48205beScasper		nkcr->kr_sidx[i] = *ksp;
*f48205beScasper
*f48205beScasper	return (nkcr);
*f48205beScasper}
*f48205beScasper
*f48205beScasper/*
*f48205beScasper * Argument needs to be a ksidlist_t with properly held ks_domain references
*f48205beScasper * and a reference count taking the new reference into account.
*f48205beScasper */
*f48205beScaspercredsid_t *
*f48205beScasperkcrsid_setsidlist(credsid_t *okcr, ksidlist_t *ksl)
*f48205beScasper{
*f48205beScasper	int ocnt = kcrsid_sidcount(okcr);
*f48205beScasper	credsid_t *nkcr;
*f48205beScasper
*f48205beScasper	/*
*f48205beScasper	 * Unset the sidlist; if there are no further SIDs, remove the
*f48205beScasper	 * auxilary data structure.
*f48205beScasper	 */
*f48205beScasper	if (ksl == NULL) {
*f48205beScasper		if (ocnt == 0 || (okcr->kr_sidlist != NULL &&
*f48205beScasper		    ocnt == okcr->kr_sidlist->ksl_nsid)) {
*f48205beScasper			if (okcr != NULL)
*f48205beScasper				kcrsid_rele(okcr);
*f48205beScasper			return (NULL);
*f48205beScasper		}
*f48205beScasper	}
*f48205beScasper	nkcr = kcrsid_dup(okcr);
*f48205beScasper	if (nkcr->kr_sidlist != NULL)
*f48205beScasper		ksidlist_rele(nkcr->kr_sidlist);
*f48205beScasper
*f48205beScasper	nkcr->kr_sidlist = ksl;
*f48205beScasper	return (nkcr);
*f48205beScasper}
*f48205beScasper
*f48205beScasperksidlist_t *
*f48205beScasperkcrsid_gidstosids(int ngrp, gid_t *grp)
*f48205beScasper{
*f48205beScasper	int i;
*f48205beScasper	ksidlist_t *list;
*f48205beScasper	int cnt;
*f48205beScasper
*f48205beScasper	if (ngrp == 0)
*f48205beScasper		return (NULL);
*f48205beScasper
*f48205beScasper	cnt = 0;
*f48205beScasper	list = kmem_zalloc(KSIDLIST_MEM(ngrp), KM_SLEEP);
*f48205beScasper
*f48205beScasper	list->ksl_nsid = ngrp;
*f48205beScasper	list->ksl_ref = 1;
*f48205beScasper
*f48205beScasper	for (i = 0; i < ngrp; i++) {
*f48205beScasper		if (grp[i] > MAXUID) {
*f48205beScasper			list->ksl_neid++;
*f48205beScasper			if (ksid_lookup(grp[i], &list->ksl_sids[i]) != 0) {
*f48205beScasper				while (--i >= 0)
*f48205beScasper					ksid_rele(&list->ksl_sids[i]);
*f48205beScasper				cnt = 0;
*f48205beScasper				break;
*f48205beScasper			}
*f48205beScasper			cnt++;
*f48205beScasper		} else {
*f48205beScasper			list->ksl_sids[i].ks_id = grp[i];
*f48205beScasper		}
*f48205beScasper	}
*f48205beScasper	if (cnt == 0) {
*f48205beScasper		kmem_free(list, KSIDLIST_MEM(ngrp));
*f48205beScasper		return (NULL);
*f48205beScasper	}
*f48205beScasper	return (list);
*f48205beScasper}