upstream/illumos/illumos-gate: usr/src/lib/libc/port/gen/privlib.c@6357a59054f7 (annotated)

0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2	* CDDL HEADER START
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	3	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	4	* The contents of this file are subject to the terms of the
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	5	* Common Development and Distribution License (the "License").
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	6	* You may not use this file except in compliance with the License.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	7	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	8	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	9	* or http://www.opensolaris.org/os/licensing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	10	* See the License for the specific language governing permissions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	11	* and limitations under the License.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	12	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	13	* When distributing Covered Code, include this CDDL HEADER in each
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	14	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	15	* If applicable, add the following below this CDDL HEADER, with the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	16	* fields enclosed by brackets "[]" replaced with your own identifying
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	17	* information: Portions Copyright [yyyy] [name of copyright owner]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	18	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	19	* CDDL HEADER END
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	20	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	21	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	22	* Copyright 2005 Sun Microsystems, Inc. All rights reserved.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	23	* Use is subject to license terms.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	24	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	25
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	26	#pragma ident "%Z%%M% %I% %E% SMI" /* TSOL 8 */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	27
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	28	#pragma weak getprivimplinfo = _getprivimplinfo
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	29	#pragma weak priv_addset = _priv_addset
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	30	#pragma weak priv_allocset = _priv_allocset
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	31	#pragma weak priv_copyset = _priv_copyset
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	32	#pragma weak priv_delset = _priv_delset
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	33	#pragma weak priv_emptyset = _priv_emptyset
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	34	#pragma weak priv_fillset = _priv_fillset
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	35	#pragma weak priv_freeset = _priv_freeset
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	36	#pragma weak priv_getbyname = _priv_getbyname
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	37	#pragma weak priv_getbynum = _priv_getbynum
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	38	#pragma weak priv_getsetbyname = _priv_getsetbyname
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	39	#pragma weak priv_getsetbynum = _priv_getsetbynum
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	40	#pragma weak priv_ineffect = _priv_ineffect
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	41	#pragma weak priv_intersect = _priv_intersect
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	42	#pragma weak priv_inverse = _priv_inverse
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	43	#pragma weak priv_isemptyset = _priv_isemptyset
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	44	#pragma weak priv_isequalset = _priv_isequalset
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	45	#pragma weak priv_isfullset = _priv_isfullset
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	46	#pragma weak priv_ismember = _priv_ismember
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	47	#pragma weak priv_issubset = _priv_issubset
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	48	#pragma weak priv_set = _priv_set
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	49	#pragma weak priv_union = _priv_union
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	50
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	51	#include "synonyms.h"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	52
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	53	#define _STRUCTURED_PROC 1
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	54
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	55	#include "priv_private.h"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	56	#include "mtlib.h"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	57	#include "libc.h"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	58	#include <errno.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	59	#include <stdarg.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	60	#include <stdlib.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	61	#include <unistd.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	62	#include <strings.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	63	#include <synch.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	64	#include <alloca.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	65	#include <sys/ucred.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	66	#include <sys/procfs.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	67	#include <sys/param.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	68	#include <sys/corectl.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	69	#include <priv_utils.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	70	#include <zone.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	71
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	72	/* Include each string only once - until the compiler/linker are fixed */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	73	static const char *permitted = PRIV_PERMITTED;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	74	static const char *effective = PRIV_EFFECTIVE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	75	static const char *limit = PRIV_LIMIT;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	76	static const char *inheritable = PRIV_INHERITABLE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	77	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	78	* Data independent privilege set operations.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	79	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	80	* Only a few functions are provided that do not default to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	81	* the system implementation of privileges. A limited set of
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	82	* interfaces is provided that accepts a priv_data_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	83	* argument; this set of interfaces is a private interface between libc
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	84	* and libproc. It is delivered in order to interpret privilege sets
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	85	* in debuggers in a implementation independent way. As such, we
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	86	* don't need to provide the bulk of the interfaces, only a few
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	87	* boolean tests (isfull, isempty) the name<->num mappings and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	88	* set pretty print functions. The boolean tests are only needed for
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	89	* the latter, so those aren't provided externally.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	90	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	91	* Additionally, we provide the function that maps the kernel implementation
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	92	* structure into a libc private data structure.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	93	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	94
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	95	priv_data_t *privdata;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	96
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	97	static mutex_t pd_lock = DEFAULTMUTEX;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	98
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	99	static int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	100	parseninfo(priv_info_names_t na, char *buf, int cp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	101	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	102	char *q;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	103	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	104
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	105	buf = libc_malloc(sizeof (char ) * na->cnt);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	106
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	107	if (*buf == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	108	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	109
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	110	q = na->names;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	111
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	112	for (i = 0; i < na->cnt; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	113	int l = strlen(q);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	114
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	115	(*buf)[i] = q;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	116	q += l + 1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	117	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	118	*cp = na->cnt;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	119	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	120	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	121
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	122	struct strint {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	123	char *name;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	124	int rank;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	125	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	126
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	127	static int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	128	strintcmp(const void a, const void b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	129	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	130	const struct strint *ap = a;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	131	const struct strint *bp = b;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	132
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	133	return (strcasecmp(ap->name, bp->name));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	134	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	135
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	136	priv_data_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	137	__priv_parse_info(priv_impl_info_t *ip)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	138	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	139	priv_data_t *tmp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	140	char *x;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	141	size_t size = PRIV_IMPL_INFO_SIZE(ip);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	142	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	143
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	144	tmp = libc_malloc(sizeof (*tmp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	145
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	146	if (tmp == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	147	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	148
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	149	(void) memset(tmp, 0, sizeof (*tmp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	150
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	151	tmp->pd_pinfo = ip;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	152	tmp->pd_setsize = sizeof (priv_chunk_t) * ip->priv_setsize;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	153	tmp->pd_ucredsize = UCRED_SIZE(ip);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	154
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	155	x = (char *)ip;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	156	x += ip->priv_headersize;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	157
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	158	while (x < ((char *)ip) + size) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	159	/* LINTED: alignment */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	160	priv_info_names_t na = (priv_info_names_t )x;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	161	/* LINTED: alignment */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	162	priv_info_set_t st = (priv_info_set_t )x;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	163	struct strint *tmparr;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	164
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	165	switch (na->info.priv_info_type) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	166	case PRIV_INFO_SETNAMES:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	167	if (parseninfo(na, &tmp->pd_setnames, &tmp->pd_nsets))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	168	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	169	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	170	case PRIV_INFO_PRIVNAMES:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	171	if (parseninfo(na, &tmp->pd_privnames, &tmp->pd_nprivs))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	172	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	173	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	174	* We compute a sorted index which allows us
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	175	* to present a sorted list of privileges
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	176	* without actually having to sort it each time.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	177	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	178	tmp->pd_setsort = libc_malloc(tmp->pd_nprivs *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	179	sizeof (int));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	180	if (tmp->pd_setsort == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	181	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	182
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	183	tmparr = libc_malloc(tmp->pd_nprivs *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	184	sizeof (struct strint));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	185
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	186	if (tmparr == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	187	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	188
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	189	for (i = 0; i < tmp->pd_nprivs; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	190	tmparr[i].rank = i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	191	tmparr[i].name = tmp->pd_privnames[i];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	192	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	193	qsort(tmparr, tmp->pd_nprivs, sizeof (struct strint),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	194	strintcmp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	195	for (i = 0; i < tmp->pd_nprivs; i++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	196	tmp->pd_setsort[i] = tmparr[i].rank;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	197	libc_free(tmparr);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	198	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	199	case PRIV_INFO_BASICPRIVS:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	200	tmp->pd_basicset = (priv_set_t *)&st->set[0];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	201	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	202	default:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	203	/* unknown, ignore */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	204	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	205	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	206	x += na->info.priv_info_size;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	207	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	208	return (tmp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	209	out:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	210	libc_free(tmp->pd_setnames);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	211	libc_free(tmp->pd_privnames);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	212	libc_free(tmp->pd_setsort);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	213	libc_free(tmp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	214	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	215	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	216
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	217	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	218	* Caller must have allocated d->pd_pinfo and should free it,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	219	* if necessary.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	220	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	221	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	222	__priv_free_info(priv_data_t *d)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	223	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	224	libc_free(d->pd_setnames);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	225	libc_free(d->pd_privnames);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	226	libc_free(d->pd_setsort);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	227	libc_free(d);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	228	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	229
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	230	/*
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	231	* Return with the pd_lock held and data loaded or indicate failure.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	232	*/
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	233	int
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	234	lock_data(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	235	{
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	236	if (privdata == NULL && __priv_getdata() == NULL)
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	237	return (-1);
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	238
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	239	lmutex_lock(&pd_lock);
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	240	return (0);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	241	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	242
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	243	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	244	refresh_data(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	245	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	246	priv_impl_info_t *ip, ii;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	247	priv_data_t *tmp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	248	char p0, q0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	249	int oldn, newn;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	250	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	251
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	252	if (getprivinfo(&ii, sizeof (ii)) != 0 \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	253	ii.priv_max == privdata->pd_nprivs)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	254	return (B_FALSE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	255
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	256	ip = alloca(PRIV_IMPL_INFO_SIZE(&ii));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	257
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	258	(void) getprivinfo(ip, PRIV_IMPL_INFO_SIZE(&ii));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	259
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	260	/* Parse the info; then copy the additional bits */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	261	tmp = __priv_parse_info(ip);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	262	if (tmp == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	263	return (B_FALSE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	264
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	265	oldn = privdata->pd_nprivs;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	266	p0 = privdata->pd_privnames[0];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	267
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	268	newn = tmp->pd_nprivs;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	269	q0 = tmp->pd_privnames[0];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	270
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	271	/* copy the extra information to the old datastructure */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	272	(void) memcpy((char *)privdata->pd_pinfo + sizeof (priv_impl_info_t),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	273	(char *)ip + sizeof (priv_impl_info_t),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	274	PRIV_IMPL_INFO_SIZE(ip) - sizeof (priv_impl_info_t));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	275
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	276	/* Copy the first oldn pointers */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	277	(void) memcpy(tmp->pd_privnames, privdata->pd_privnames,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	278	oldn * sizeof (char *));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	279
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	280	/* Adjust the rest */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	281	for (i = oldn; i < newn; i++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	282	tmp->pd_privnames[i] += p0 - q0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	283
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	284	/* Install the larger arrays */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	285	libc_free(privdata->pd_privnames);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	286	privdata->pd_privnames = tmp->pd_privnames;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	287	tmp->pd_privnames = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	288
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	289	libc_free(privdata->pd_setsort);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	290	privdata->pd_setsort = tmp->pd_setsort;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	291	tmp->pd_setsort = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	292
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	293	/* Copy the rest of the data */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	294	privdata->pd_pinfo = ip;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	295
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	296	privdata->pd_nprivs = newn;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	297
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	298	__priv_free_info(tmp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	299	return (B_TRUE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	300	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	301
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	302	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	303	unlock_data(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	304	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	305	lmutex_unlock(&pd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	306	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	307
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	308	static priv_set_t __priv_allocset(priv_data_t );
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	309
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	310	priv_data_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	311	__priv_getdata(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	312	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	313	lmutex_lock(&pd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	314	if (privdata == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	315	priv_data_t *tmp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	316	priv_impl_info_t *ip;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	317	size_t size = sizeof (priv_impl_info_t) + 2048;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	318	size_t realsize;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	319	priv_impl_info_t *aip = alloca(size);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	320
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	321	if (getprivinfo(aip, size) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	322	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	323
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	324	realsize = PRIV_IMPL_INFO_SIZE(aip);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	325
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	326	ip = libc_malloc(realsize);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	327
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	328	if (ip == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	329	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	330
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	331	if (realsize <= size) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	332	(void) memcpy(ip, aip, realsize);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	333	} else if (getprivinfo(ip, realsize) != 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	334	libc_free(ip);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	335	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	336	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	337
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	338	if ((tmp = __priv_parse_info(ip)) == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	339	libc_free(ip);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	340	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	341	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	342
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	343	/* Allocate the zoneset just once, here */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	344	tmp->pd_zoneset = __priv_allocset(tmp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	345	if (tmp->pd_zoneset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	346	goto clean;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	347
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	348	if (zone_getattr(getzoneid(), ZONE_ATTR_PRIVSET,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	349	tmp->pd_zoneset, tmp->pd_setsize) == tmp->pd_setsize) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	350	privdata = tmp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	351	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	352	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	353
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	354	priv_freeset(tmp->pd_zoneset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	355	clean:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	356	__priv_free_info(tmp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	357	libc_free(ip);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	358	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	359	out:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	360	lmutex_unlock(&pd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	361	return (privdata);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	362	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	363
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	364	const priv_impl_info_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	365	_getprivimplinfo(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	366	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	367	priv_data_t *d;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	368
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	369	LOADPRIVDATA(d);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	370
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	371	return (d->pd_pinfo);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	372	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	373
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	374	static priv_set_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	375	priv_vlist(va_list ap)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	376	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	377	priv_set_t *pset = priv_allocset();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	378	const char *priv;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	379
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	380	if (pset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	381	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	382
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	383	priv_emptyset(pset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	384
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	385	while ((priv = va_arg(ap, const char *)) != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	386	if (priv_addset(pset, priv) < 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	387	priv_freeset(pset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	388	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	389	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	390	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	391	return (pset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	392	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	393
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	394	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	395	* priv_set(op, set, priv_id1, priv_id2, ..., NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	396	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	397	* Library routine to enable a user process to set a specific
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	398	* privilege set appropriately using a single call. User is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	399	* required to terminate the list of privileges with NULL.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	400	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	401	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	402	priv_set(priv_op_t op, priv_ptype_t setname, ...)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	403	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	404	va_list ap;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	405	priv_set_t *pset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	406	int ret;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	407
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	408	va_start(ap, setname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	409
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	410	pset = priv_vlist(ap);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	411
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	412	va_end(ap);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	413
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	414	if (pset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	415	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	416
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	417	/* All sets */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	418	if (setname == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	419	priv_data_t *d;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	420	int set;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	421
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	422	LOADPRIVDATA(d);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	423
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	424	for (set = 0; set < d->pd_nsets; set++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	425	if ((ret = syscall(SYS_privsys, PRIVSYS_SETPPRIV, op,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	426	set, (void *)pset, d->pd_setsize)) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	427	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	428	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	429	ret = setppriv(op, setname, pset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	430	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	431
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	432	priv_freeset(pset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	433	return (ret);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	434	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	435
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	436	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	437	* priv_ineffect(privilege).
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	438	* tests the existance of a privilege against the effective set.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	439	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	440	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	441	priv_ineffect(const char *priv)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	442	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	443	priv_set_t *curset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	444	boolean_t res;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	445
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	446	curset = priv_allocset();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	447
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	448	if (curset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	449	return (B_FALSE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	450
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	451	if (getppriv(effective, curset) != 0 \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	452	!priv_ismember(curset, priv))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	453	res = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	454	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	455	res = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	456
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	457	priv_freeset(curset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	458
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	459	return (res);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	460	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	461
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	462	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	463	* The routine __init_daemon_priv() is private to Solaris and is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	464	* used by daemons to limit the privileges they can use and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	465	* to set the uid they run under.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	466	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	467
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	468	static const char root_cp[] = "/core.%f.%t";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	469	static const char daemon_cp[] = "/var/tmp/core.%f.%t";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	470
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	471	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	472	__init_daemon_priv(int flags, uid_t uid, gid_t gid, ...)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	473	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	474	priv_set_t *nset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	475	priv_set_t *perm = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	476	va_list pa;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	477	priv_data_t *d;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	478	int ret = -1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	479	char buf[1024];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	480
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	481	LOADPRIVDATA(d);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	482
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	483	va_start(pa, gid);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	484
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	485	nset = priv_vlist(pa);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	486
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	487	va_end(pa);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	488
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	489	if (nset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	490	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	491
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	492	/* Always add the basic set */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	493	if (d->pd_basicset != NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	494	priv_union(d->pd_basicset, nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	495
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	496	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	497	* This is not a significant failure: it allows us to start programs
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	498	* with sufficient privileges and with the proper uid. We don't
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	499	* care enough about the extra groups in that case.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	500	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	501	if (flags & PU_RESETGROUPS)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	502	(void) setgroups(0, NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	503
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	504	if (gid != -1 && setgid(gid) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	505	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	506
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	507	perm = priv_allocset();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	508	if (perm == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	509	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	510
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	511	/* E = P */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	512	(void) getppriv(permitted, perm);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	513	(void) setppriv(PRIV_SET, effective, perm);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	514
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	515	/* Now reset suid and euid */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	516	if (uid != -1 && setreuid(uid, uid) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	517	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	518
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	519	/* Check for the limit privs */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	520	if ((flags & PU_LIMITPRIVS) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	521	setppriv(PRIV_SET, limit, nset) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	522	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	523
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	524	if (flags & PU_CLEARLIMITSET) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	525	priv_emptyset(perm);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	526	if (setppriv(PRIV_SET, limit, perm) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	527	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	528	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	529
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	530	/* Remove the privileges from all the other sets */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	531	if (setppriv(PRIV_SET, permitted, nset) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	532	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	533
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	534	if (!(flags & PU_INHERITPRIVS))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	535	priv_emptyset(nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	536
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	537	ret = setppriv(PRIV_SET, inheritable, nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	538	end:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	539	priv_freeset(nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	540	priv_freeset(perm);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	541
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	542	if (core_get_process_path(buf, sizeof (buf), getpid()) == 0 &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	543	strcmp(buf, "core") == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	544
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	545	if ((uid == -1 ? geteuid() : uid) == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	546	(void) core_set_process_path(root_cp, sizeof (root_cp),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	547	getpid());
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	548	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	549	(void) core_set_process_path(daemon_cp,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	550	sizeof (daemon_cp), getpid());
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	551	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	552	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	553	(void) setpflags(__PROC_PROTECT, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	554
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	555	return (ret);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	556	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	557
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	558	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	559	* The routine __fini_daemon_priv() is private to Solaris and is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	560	* used by daemons to clear remaining unwanted privileges and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	561	* reenable core dumps.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	562	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	563	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	564	__fini_daemon_priv(const char *priv, ...)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	565	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	566	priv_set_t *nset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	567	va_list pa;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	568
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	569	va_start(pa, priv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	570
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	571	if (priv != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	572	nset = priv_vlist(pa);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	573	if (nset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	574	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	575
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	576	(void) priv_addset(nset, priv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	577	(void) setppriv(PRIV_OFF, permitted, nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	578	priv_freeset(nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	579	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	580
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	581	va_end(pa);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	582
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	583	(void) setpflags(__PROC_PROTECT, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	584	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	585
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	586	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	587	* The routine __init_suid_priv() is private to Solaris and is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	588	* used by set-uid root programs to limit the privileges acquired
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	589	* to those actually needed.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	590	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	591
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	592	static priv_set_t *bracketpriv;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	593
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	594	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	595	__init_suid_priv(int flags, ...)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	596	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	597	priv_set_t *nset = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	598	priv_set_t *tmpset = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	599	va_list pa;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	600	int r = -1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	601	uid_t ruid, euid;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	602
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	603	euid = geteuid();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	604
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	605	/* If we're not set-uid root, don't reset the uid */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	606	if (euid == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	607	ruid = getuid();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	608	/* If we're running as root, keep everything */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	609	if (ruid == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	610	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	611	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	612
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	613	/* Can call this only once */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	614	if (bracketpriv != NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	615	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	616
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	617	va_start(pa, flags);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	618
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	619	nset = priv_vlist(pa);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	620
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	621	va_end(pa);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	622
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	623	if (nset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	624	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	625
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	626	tmpset = priv_allocset();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	627
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	628	if (tmpset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	629	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	630
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	631	/* We cannot grow our privileges beyond P, so start there */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	632	(void) getppriv(permitted, tmpset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	633
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	634	/* Is the privilege we need even in P? */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	635	if (!priv_issubset(nset, tmpset))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	636	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	637
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	638	bracketpriv = priv_allocset();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	639	if (bracketpriv == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	640	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	641
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	642	priv_copyset(nset, bracketpriv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	643
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	644	/* Always add the basic set */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	645	priv_union(priv_basic(), nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	646
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	647	/* But don't add what we don't have */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	648	priv_intersect(tmpset, nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	649
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	650	(void) getppriv(inheritable, tmpset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	651
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	652	/* And stir in the inheritable privileges */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	653	priv_union(tmpset, nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	654
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	655	if ((r = setppriv(PRIV_SET, effective, tmpset)) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	656	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	657
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	658	if ((r = setppriv(PRIV_SET, permitted, nset)) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	659	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	660
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	661	if (flags & PU_CLEARLIMITSET)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	662	priv_emptyset(nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	663
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	664	if ((flags & (PU_LIMITPRIVS\|PU_CLEARLIMITSET)) != 0 &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	665	(r = setppriv(PRIV_SET, limit, nset)) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	666	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	667
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	668	if (euid == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	669	r = setreuid(ruid, ruid);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	670
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	671	end:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	672	priv_freeset(tmpset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	673	priv_freeset(nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	674	if (r != 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	675	/* Fail without leaving uid 0 around */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	676	if (euid == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	677	(void) setreuid(ruid, ruid);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	678	priv_freeset(bracketpriv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	679	bracketpriv = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	680	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	681
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	682	return (r);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	683	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	684
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	685	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	686	* Toggle privileges on/off in the effective set.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	687	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	688	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	689	__priv_bracket(priv_op_t op)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	690	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	691	/* We're running fully privileged or didn't check errors first time */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	692	if (bracketpriv == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	693	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	694
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	695	/* Only PRIV_ON and PRIV_OFF are valid */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	696	if (op == PRIV_SET)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	697	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	698
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	699	return (setppriv(op, effective, bracketpriv));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	700	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	701
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	702	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	703	* Remove privileges from E & P.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	704	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	705	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	706	__priv_relinquish(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	707	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	708	if (bracketpriv != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	709	(void) setppriv(PRIV_OFF, permitted, bracketpriv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	710	priv_freeset(bracketpriv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	711	bracketpriv = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	712	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	713	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	714
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	715	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	716	* Use binary search on the ordered list.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	717	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	718	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	719	__priv_getbyname(const priv_data_t d, const char name)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	720	{
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	721	char const list;
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	722	const int *order;
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	723	int lo = 0;
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	724	int hi;
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	725
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	726	if (d == NULL)
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	727	return (-1);
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	728
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	729	list = d->pd_privnames;
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	730	order = d->pd_setsort;
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	731	hi = d->pd_nprivs - 1;
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	732
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	733	if (strncasecmp(name, "priv_", 5) == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	734	name += 5;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	735
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	736	do {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	737	int mid = (lo + hi) / 2;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	738	int res = strcasecmp(name, list[order[mid]]);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	739
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	740	if (res == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	741	return (order[mid]);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	742	else if (res < 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	743	hi = mid - 1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	744	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	745	lo = mid + 1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	746	} while (lo <= hi);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	747
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	748	errno = EINVAL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	749	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	750	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	751
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	752	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	753	priv_getbyname(const char *name)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	754	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	755	WITHPRIVLOCKED(int, -1, __priv_getbyname(GETPRIVDATA(), name));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	756	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	757
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	758	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	759	__priv_getsetbyname(const priv_data_t d, const char name)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	760	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	761	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	762	int n = d->pd_nsets;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	763	char const list = d->pd_setnames;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	764
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	765	if (strncasecmp(name, "priv_", 5) == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	766	name += 5;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	767
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	768	for (i = 0; i < n; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	769	if (strcasecmp(list[i], name) == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	770	return (i);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	771	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	772
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	773	errno = EINVAL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	774	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	775	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	776
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	777	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	778	priv_getsetbyname(const char *name)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	779	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	780	/* Not locked: sets don't change */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	781	return (__priv_getsetbyname(GETPRIVDATA(), name));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	782	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	783
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	784	static const char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	785	priv_bynum(int i, int n, char **list)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	786	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	787	if (i < 0 \|\| i >= n)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	788	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	789
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	790	return (list[i]);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	791	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	792
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	793	const char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	794	__priv_getbynum(const priv_data_t *d, int num)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	795	{
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	796	if (d == NULL)
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	797	return (NULL);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	798	return (priv_bynum(num, d->pd_nprivs, d->pd_privnames));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	799	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	800
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	801	const char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	802	priv_getbynum(int num)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	803	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	804	WITHPRIVLOCKED(const char *, NULL, __priv_getbynum(GETPRIVDATA(), num));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	805	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	806
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	807	const char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	808	__priv_getsetbynum(const priv_data_t *d, int num)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	809	{
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	810	if (d == NULL)
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	811	return (NULL);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	812	return (priv_bynum(num, d->pd_nsets, d->pd_setnames));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	813	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	814
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	815	const char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	816	priv_getsetbynum(int num)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	817	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	818	return (__priv_getsetbynum(GETPRIVDATA(), num));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	819	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	820
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	821
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	822	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	823	* Privilege manipulation functions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	824	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	825	* Without knowing the details of the privilege set implementation,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	826	* opaque pointers can be used to manipulate sets at will.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	827	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	828
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	829	static priv_set_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	830	__priv_allocset(priv_data_t *d)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	831	{
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	832	if (d == NULL)
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	833	return (NULL);
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	834
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	835	return (libc_malloc(d->pd_setsize));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	836	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	837
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	838	priv_set_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	839	priv_allocset(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	840	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	841	return (__priv_allocset(GETPRIVDATA()));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	842	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	843
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	844	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	845	priv_freeset(priv_set_t *p)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	846	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	847	int er = errno;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	848
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	849	libc_free(p);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	850	errno = er;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	851	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	852
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	853	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	854	__priv_emptyset(priv_data_t d, priv_set_t set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	855	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	856	(void) memset(set, 0, d->pd_setsize);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	857	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	858
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	859	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	860	priv_emptyset(priv_set_t *set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	861	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	862	__priv_emptyset(GETPRIVDATA(), set);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	863	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	864
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	865	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	866	__priv_fillset(priv_data_t d, priv_set_t set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	867	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	868	(void) memset(set, ~0, d->pd_setsize);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	869	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	870
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	871	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	872	priv_fillset(priv_set_t *set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	873	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	874	__priv_fillset(GETPRIVDATA(), set);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	875	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	876
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	877
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	878	#define PRIV_TEST_BODY_D(d, test) \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	879	int i; \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	880	\
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	881	for (i = d->pd_pinfo->priv_setsize; i-- > 0; ) \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	882	if (!(test)) \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	883	return (B_FALSE); \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	884	\
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	885	return (B_TRUE)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	886
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	887	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	888	priv_isequalset(const priv_set_t a, const priv_set_t b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	889	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	890	priv_data_t *d;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	891
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	892	LOADPRIVDATA(d);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	893
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	894	return ((boolean_t)(memcmp(a, b, d->pd_setsize) == 0));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	895	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	896
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	897	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	898	__priv_isemptyset(priv_data_t d, const priv_set_t set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	899	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	900	PRIV_TEST_BODY_D(d, ((priv_chunk_t *)set)[i] == 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	901	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	902
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	903	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	904	priv_isemptyset(const priv_set_t *set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	905	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	906	return (__priv_isemptyset(GETPRIVDATA(), set));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	907	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	908
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	909	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	910	__priv_isfullset(priv_data_t d, const priv_set_t set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	911	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	912	PRIV_TEST_BODY_D(d, ((priv_chunk_t *)set)[i] == ~(priv_chunk_t)0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	913	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	914
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	915	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	916	priv_isfullset(const priv_set_t *set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	917	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	918	return (__priv_isfullset(GETPRIVDATA(), set));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	919	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	920
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	921	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	922	* Return true if a is a subset of b
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	923	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	924	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	925	__priv_issubset(priv_data_t d, const priv_set_t a, const priv_set_t *b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	926	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	927	PRIV_TEST_BODY_D(d, (((priv_chunk_t )a)[i] \| ((priv_chunk_t )b)[i]) ==
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	928	((priv_chunk_t *)b)[i]);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	929	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	930
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	931	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	932	priv_issubset(const priv_set_t a, const priv_set_t b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	933	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	934	return (__priv_issubset(GETPRIVDATA(), a, b));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	935	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	936
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	937	#define PRIV_CHANGE_BODY(a, op, b) \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	938	int i; \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	939	priv_data_t *d; \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	940	\
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	941	LOADPRIVDATA(d); \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	942	\
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	943	for (i = 0; i < d->pd_pinfo->priv_setsize; i++) \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	944	((priv_chunk_t *)a)[i] op \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	945	((priv_chunk_t *)b)[i]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	946
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	947	/* B = A ^ B */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	948	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	949	priv_intersect(const priv_set_t a, priv_set_t b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	950	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	951	/* CSTYLED */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	952	PRIV_CHANGE_BODY(b, &=, a);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	953	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	954
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	955	/* B = A */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	956	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	957	priv_copyset(const priv_set_t a, priv_set_t b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	958	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	959	/* CSTYLED */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	960	PRIV_CHANGE_BODY(b, =, a);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	961	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	962
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	963	/* B = A v B */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	964	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	965	priv_union(const priv_set_t a, priv_set_t b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	966	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	967	/* CSTYLED */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	968	PRIV_CHANGE_BODY(b, \|=, a);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	969	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	970
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	971	/* A = ! A */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	972	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	973	priv_inverse(priv_set_t *a)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	974	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	975	PRIV_CHANGE_BODY(a, = ~, a);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	976	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	977
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	978	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	979	* Manipulating single privileges.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	980	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	981
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	982	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	983	priv_addset(priv_set_t a, const char p)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	984	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	985	int priv = priv_getbyname(p);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	986
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	987	if (priv < 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	988	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	989
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	990	PRIV_ADDSET(a, priv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	991
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	992	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	993	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	994
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	995	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	996	priv_delset(priv_set_t a, const char p)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	997	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	998	int priv = priv_getbyname(p);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	999
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1000	if (priv < 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1001	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1002
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1003	PRIV_DELSET(a, priv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1004	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1005	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1006
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1007	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1008	priv_ismember(const priv_set_t a, const char p)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1009	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1010	int priv = priv_getbyname(p);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1011
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1012	if (priv < 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1013	return (B_FALSE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1014
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1015	return ((boolean_t)PRIV_ISMEMBER(a, priv));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1016	}

author	raf
	Mon, 10 Apr 2006 12:27:38 -0700
changeset 1778	6357a59054f7
parent 1059	11ef9d4a0acc
child 3864	2ae506652d11
permissions	-rw-r--r--