upstream/illumos/illumos-gate: usr/src/lib/libc/port/gen/privlib.c@63678502e95e (annotated)

0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	2	* CDDL HEADER START
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	3	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	4	* The contents of this file are subject to the terms of the
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	5	* Common Development and Distribution License (the "License").
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	6	* You may not use this file except in compliance with the License.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	7	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	8	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	9	* or http://www.opensolaris.org/os/licensing.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	10	* See the License for the specific language governing permissions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	11	* and limitations under the License.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	12	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	13	* When distributing Covered Code, include this CDDL HEADER in each
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	14	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	15	* If applicable, add the following below this CDDL HEADER, with the
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	16	* fields enclosed by brackets "[]" replaced with your own identifying
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	17	* information: Portions Copyright [yyyy] [name of copyright owner]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	18	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	19	* CDDL HEADER END
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	20	*/
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	21
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	22	/*
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11537 diff changeset	23	* Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	24	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	25
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	26	#pragma weak _getprivimplinfo = getprivimplinfo
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	27	#pragma weak _priv_addset = priv_addset
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	28	#pragma weak _priv_allocset = priv_allocset
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	29	#pragma weak _priv_copyset = priv_copyset
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	30	#pragma weak _priv_delset = priv_delset
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	31	#pragma weak _priv_emptyset = priv_emptyset
11537 8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 6812 diff changeset	32	#pragma weak _priv_basicset = priv_basicset
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	33	#pragma weak _priv_fillset = priv_fillset
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	34	#pragma weak _priv_freeset = priv_freeset
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	35	#pragma weak _priv_getbyname = priv_getbyname
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	36	#pragma weak _priv_getbynum = priv_getbynum
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	37	#pragma weak _priv_getsetbyname = priv_getsetbyname
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	38	#pragma weak _priv_getsetbynum = priv_getsetbynum
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	39	#pragma weak _priv_ineffect = priv_ineffect
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	40	#pragma weak _priv_intersect = priv_intersect
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	41	#pragma weak _priv_inverse = priv_inverse
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	42	#pragma weak _priv_isemptyset = priv_isemptyset
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	43	#pragma weak _priv_isequalset = priv_isequalset
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	44	#pragma weak _priv_isfullset = priv_isfullset
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	45	#pragma weak _priv_ismember = priv_ismember
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	46	#pragma weak _priv_issubset = priv_issubset
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	47	#pragma weak _priv_set = priv_set
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	48	#pragma weak _priv_union = priv_union
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	49
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	50	#include "lint.h"
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	51
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	52	#define _STRUCTURED_PROC 1
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	53
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	54	#include "priv_private.h"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	55	#include "mtlib.h"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	56	#include "libc.h"
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	57	#include <errno.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	58	#include <stdarg.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	59	#include <stdlib.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	60	#include <unistd.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	61	#include <strings.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	62	#include <synch.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	63	#include <alloca.h>
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	64	#include <atomic.h>
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	65	#include <sys/ucred.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	66	#include <sys/procfs.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	67	#include <sys/param.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	68	#include <sys/corectl.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	69	#include <priv_utils.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	70	#include <zone.h>
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	71
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	72	/* Include each string only once - until the compiler/linker are fixed */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	73	static const char *permitted = PRIV_PERMITTED;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	74	static const char *effective = PRIV_EFFECTIVE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	75	static const char *limit = PRIV_LIMIT;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	76	static const char *inheritable = PRIV_INHERITABLE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	77	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	78	* Data independent privilege set operations.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	79	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	80	* Only a few functions are provided that do not default to
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	81	* the system implementation of privileges. A limited set of
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	82	* interfaces is provided that accepts a priv_data_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	83	* argument; this set of interfaces is a private interface between libc
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	84	* and libproc. It is delivered in order to interpret privilege sets
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	85	* in debuggers in a implementation independent way. As such, we
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	86	* don't need to provide the bulk of the interfaces, only a few
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	87	* boolean tests (isfull, isempty) the name<->num mappings and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	88	* set pretty print functions. The boolean tests are only needed for
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	89	* the latter, so those aren't provided externally.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	90	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	91	* Additionally, we provide the function that maps the kernel implementation
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	92	* structure into a libc private data structure.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	93	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	94
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	95	priv_data_t *privdata;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	96
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	97	static mutex_t pd_lock = DEFAULTMUTEX;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	98
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	99	static int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	100	parseninfo(priv_info_names_t na, char *buf, int cp)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	101	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	102	char *q;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	103	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	104
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	105	buf = libc_malloc(sizeof (char ) * na->cnt);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	106
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	107	if (*buf == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	108	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	109
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	110	q = na->names;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	111
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	112	for (i = 0; i < na->cnt; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	113	int l = strlen(q);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	114
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	115	(*buf)[i] = q;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	116	q += l + 1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	117	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	118	*cp = na->cnt;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	119	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	120	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	121
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	122	struct strint {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	123	char *name;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	124	int rank;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	125	};
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	126
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	127	static int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	128	strintcmp(const void a, const void b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	129	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	130	const struct strint *ap = a;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	131	const struct strint *bp = b;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	132
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	133	return (strcasecmp(ap->name, bp->name));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	134	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	135
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	136	priv_data_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	137	__priv_parse_info(priv_impl_info_t *ip)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	138	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	139	priv_data_t *tmp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	140	char *x;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	141	size_t size = PRIV_IMPL_INFO_SIZE(ip);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	142	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	143
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	144	tmp = libc_malloc(sizeof (*tmp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	145
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	146	if (tmp == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	147	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	148
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	149	(void) memset(tmp, 0, sizeof (*tmp));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	150
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	151	tmp->pd_pinfo = ip;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	152	tmp->pd_setsize = sizeof (priv_chunk_t) * ip->priv_setsize;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	153	tmp->pd_ucredsize = UCRED_SIZE(ip);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	154
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	155	x = (char *)ip;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	156	x += ip->priv_headersize;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	157
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	158	while (x < ((char *)ip) + size) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	159	/* LINTED: alignment */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	160	priv_info_names_t na = (priv_info_names_t )x;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	161	/* LINTED: alignment */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	162	priv_info_set_t st = (priv_info_set_t )x;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	163	struct strint *tmparr;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	164
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	165	switch (na->info.priv_info_type) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	166	case PRIV_INFO_SETNAMES:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	167	if (parseninfo(na, &tmp->pd_setnames, &tmp->pd_nsets))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	168	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	169	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	170	case PRIV_INFO_PRIVNAMES:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	171	if (parseninfo(na, &tmp->pd_privnames, &tmp->pd_nprivs))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	172	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	173	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	174	* We compute a sorted index which allows us
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	175	* to present a sorted list of privileges
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	176	* without actually having to sort it each time.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	177	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	178	tmp->pd_setsort = libc_malloc(tmp->pd_nprivs *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	179	sizeof (int));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	180	if (tmp->pd_setsort == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	181	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	182
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	183	tmparr = libc_malloc(tmp->pd_nprivs *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	184	sizeof (struct strint));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	185
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	186	if (tmparr == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	187	goto out;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	188
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	189	for (i = 0; i < tmp->pd_nprivs; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	190	tmparr[i].rank = i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	191	tmparr[i].name = tmp->pd_privnames[i];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	192	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	193	qsort(tmparr, tmp->pd_nprivs, sizeof (struct strint),
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	194	strintcmp);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	195	for (i = 0; i < tmp->pd_nprivs; i++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	196	tmp->pd_setsort[i] = tmparr[i].rank;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	197	libc_free(tmparr);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	198	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	199	case PRIV_INFO_BASICPRIVS:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	200	tmp->pd_basicset = (priv_set_t *)&st->set[0];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	201	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	202	default:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	203	/* unknown, ignore */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	204	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	205	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	206	x += na->info.priv_info_size;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	207	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	208	return (tmp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	209	out:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	210	libc_free(tmp->pd_setnames);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	211	libc_free(tmp->pd_privnames);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	212	libc_free(tmp->pd_setsort);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	213	libc_free(tmp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	214	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	215	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	216
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	217	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	218	* Caller must have allocated d->pd_pinfo and should free it,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	219	* if necessary.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	220	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	221	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	222	__priv_free_info(priv_data_t *d)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	223	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	224	libc_free(d->pd_setnames);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	225	libc_free(d->pd_privnames);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	226	libc_free(d->pd_setsort);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	227	libc_free(d);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	228	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	229
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	230	/*
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	231	* Return with the pd_lock held and data loaded or indicate failure.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	232	*/
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	233	int
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	234	lock_data(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	235	{
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	236	if (__priv_getdata() == NULL)
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	237	return (-1);
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	238
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	239	lmutex_lock(&pd_lock);
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	240	return (0);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	241	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	242
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	243	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	244	refresh_data(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	245	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	246	priv_impl_info_t *ip, ii;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	247	priv_data_t *tmp;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	248	char p0, q0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	249	int oldn, newn;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	250	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	251
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	252	if (getprivinfo(&ii, sizeof (ii)) != 0 \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	253	ii.priv_max == privdata->pd_nprivs)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	254	return (B_FALSE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	255
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	256	ip = alloca(PRIV_IMPL_INFO_SIZE(&ii));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	257
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	258	(void) getprivinfo(ip, PRIV_IMPL_INFO_SIZE(&ii));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	259
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	260	/* Parse the info; then copy the additional bits */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	261	tmp = __priv_parse_info(ip);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	262	if (tmp == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	263	return (B_FALSE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	264
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	265	oldn = privdata->pd_nprivs;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	266	p0 = privdata->pd_privnames[0];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	267
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	268	newn = tmp->pd_nprivs;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	269	q0 = tmp->pd_privnames[0];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	270
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	271	/* copy the extra information to the old datastructure */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	272	(void) memcpy((char *)privdata->pd_pinfo + sizeof (priv_impl_info_t),
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	273	(char *)ip + sizeof (priv_impl_info_t),
febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	274	PRIV_IMPL_INFO_SIZE(ip) - sizeof (priv_impl_info_t));
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	275
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	276	/* Copy the first oldn pointers */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	277	(void) memcpy(tmp->pd_privnames, privdata->pd_privnames,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	278	oldn * sizeof (char *));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	279
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	280	/* Adjust the rest */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	281	for (i = oldn; i < newn; i++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	282	tmp->pd_privnames[i] += p0 - q0;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	283
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	284	/* Install the larger arrays */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	285	libc_free(privdata->pd_privnames);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	286	privdata->pd_privnames = tmp->pd_privnames;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	287	tmp->pd_privnames = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	288
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	289	libc_free(privdata->pd_setsort);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	290	privdata->pd_setsort = tmp->pd_setsort;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	291	tmp->pd_setsort = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	292
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	293	/* Copy the rest of the data */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	294	privdata->pd_pinfo = ip;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	295
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	296	privdata->pd_nprivs = newn;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	297
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	298	__priv_free_info(tmp);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	299	return (B_TRUE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	300	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	301
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	302	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	303	unlock_data(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	304	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	305	lmutex_unlock(&pd_lock);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	306	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	307
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	308	static priv_set_t __priv_allocset(priv_data_t );
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	309
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	310	priv_data_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	311	__priv_getdata(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	312	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	313	if (privdata == NULL) {
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	314	lmutex_lock(&pd_lock);
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	315	if (privdata == NULL) {
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	316	priv_data_t *tmp;
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	317	priv_impl_info_t *ip;
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	318	size_t size = sizeof (priv_impl_info_t) + 2048;
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	319	size_t realsize;
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	320	priv_impl_info_t *aip = alloca(size);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	321
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	322	if (getprivinfo(aip, size) != 0)
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	323	goto out;
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	324
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	325	realsize = PRIV_IMPL_INFO_SIZE(aip);
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	326
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	327	ip = libc_malloc(realsize);
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	328
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	329	if (ip == NULL)
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	330	goto out;
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	331
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	332	if (realsize <= size) {
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	333	(void) memcpy(ip, aip, realsize);
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	334	} else if (getprivinfo(ip, realsize) != 0) {
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	335	libc_free(ip);
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	336	goto out;
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	337	}
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	338
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	339	if ((tmp = __priv_parse_info(ip)) == NULL) {
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	340	libc_free(ip);
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	341	goto out;
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	342	}
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	343
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	344	/* Allocate the zoneset just once, here */
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	345	tmp->pd_zoneset = __priv_allocset(tmp);
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	346	if (tmp->pd_zoneset == NULL)
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	347	goto clean;
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	348
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	349	if (zone_getattr(getzoneid(), ZONE_ATTR_PRIVSET,
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	350	tmp->pd_zoneset, tmp->pd_setsize)
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	351	== tmp->pd_setsize) {
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	352	membar_producer();
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	353	privdata = tmp;
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	354	goto out;
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	355	}
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	356
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	357	priv_freeset(tmp->pd_zoneset);
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	358	clean:
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	359	__priv_free_info(tmp);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	360	libc_free(ip);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	361	}
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	362	out:
2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	363	lmutex_unlock(&pd_lock);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	364	}
3864 2ae506652d11 PSARC 2007/129 thr_keycreate_once raf parents: 1059 diff changeset	365	membar_consumer();
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	366	return (privdata);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	367	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	368
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	369	const priv_impl_info_t *
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	370	getprivimplinfo(void)
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	371	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	372	priv_data_t *d;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	373
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	374	LOADPRIVDATA(d);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	375
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	376	return (d->pd_pinfo);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	377	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	378
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	379	static priv_set_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	380	priv_vlist(va_list ap)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	381	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	382	priv_set_t *pset = priv_allocset();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	383	const char *priv;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	384
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	385	if (pset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	386	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	387
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	388	priv_emptyset(pset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	389
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	390	while ((priv = va_arg(ap, const char *)) != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	391	if (priv_addset(pset, priv) < 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	392	priv_freeset(pset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	393	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	394	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	395	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	396	return (pset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	397	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	398
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	399	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	400	* priv_set(op, set, priv_id1, priv_id2, ..., NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	401	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	402	* Library routine to enable a user process to set a specific
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	403	* privilege set appropriately using a single call. User is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	404	* required to terminate the list of privileges with NULL.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	405	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	406	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	407	priv_set(priv_op_t op, priv_ptype_t setname, ...)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	408	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	409	va_list ap;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	410	priv_set_t *pset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	411	int ret;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	412
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	413	va_start(ap, setname);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	414
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	415	pset = priv_vlist(ap);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	416
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	417	va_end(ap);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	418
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	419	if (pset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	420	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	421
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	422	/* All sets */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	423	if (setname == NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	424	priv_data_t *d;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	425	int set;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	426
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	427	LOADPRIVDATA(d);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	428
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	429	for (set = 0; set < d->pd_nsets; set++)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	430	if ((ret = syscall(SYS_privsys, PRIVSYS_SETPPRIV, op,
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	431	set, (void *)pset, d->pd_setsize)) != 0)
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	432	break;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	433	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	434	ret = setppriv(op, setname, pset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	435	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	436
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	437	priv_freeset(pset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	438	return (ret);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	439	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	440
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	441	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	442	* priv_ineffect(privilege).
5331 3047ad28a67b PSARC/2007/218 caller_context_t in all VOPs amw parents: 4321 diff changeset	443	* tests the existence of a privilege against the effective set.
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	444	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	445	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	446	priv_ineffect(const char *priv)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	447	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	448	priv_set_t *curset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	449	boolean_t res;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	450
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	451	curset = priv_allocset();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	452
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	453	if (curset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	454	return (B_FALSE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	455
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	456	if (getppriv(effective, curset) != 0 \|\|
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	457	!priv_ismember(curset, priv))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	458	res = B_FALSE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	459	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	460	res = B_TRUE;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	461
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	462	priv_freeset(curset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	463
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	464	return (res);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	465	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	466
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	467	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	468	* The routine __init_daemon_priv() is private to Solaris and is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	469	* used by daemons to limit the privileges they can use and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	470	* to set the uid they run under.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	471	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	472
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	473	static const char root_cp[] = "/core.%f.%t";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	474	static const char daemon_cp[] = "/var/tmp/core.%f.%t";
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	475
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	476	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	477	__init_daemon_priv(int flags, uid_t uid, gid_t gid, ...)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	478	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	479	priv_set_t *nset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	480	priv_set_t *perm = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	481	va_list pa;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	482	priv_data_t *d;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	483	int ret = -1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	484	char buf[1024];
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	485
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	486	LOADPRIVDATA(d);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	487
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	488	va_start(pa, gid);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	489
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	490	nset = priv_vlist(pa);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	491
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	492	va_end(pa);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	493
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	494	if (nset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	495	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	496
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	497	/* Always add the basic set */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	498	if (d->pd_basicset != NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	499	priv_union(d->pd_basicset, nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	500
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	501	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	502	* This is not a significant failure: it allows us to start programs
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	503	* with sufficient privileges and with the proper uid. We don't
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	504	* care enough about the extra groups in that case.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	505	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	506	if (flags & PU_RESETGROUPS)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	507	(void) setgroups(0, NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	508
4321 a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3864 diff changeset	509	if (gid != (gid_t)-1 && setgid(gid) != 0)
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	510	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	511
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	512	perm = priv_allocset();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	513	if (perm == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	514	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	515
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	516	/* E = P */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	517	(void) getppriv(permitted, perm);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	518	(void) setppriv(PRIV_SET, effective, perm);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	519
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	520	/* Now reset suid and euid */
4321 a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3864 diff changeset	521	if (uid != (uid_t)-1 && setreuid(uid, uid) != 0)
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	522	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	523
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	524	/* Check for the limit privs */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	525	if ((flags & PU_LIMITPRIVS) &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	526	setppriv(PRIV_SET, limit, nset) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	527	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	528
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	529	if (flags & PU_CLEARLIMITSET) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	530	priv_emptyset(perm);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	531	if (setppriv(PRIV_SET, limit, perm) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	532	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	533	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	534
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	535	/* Remove the privileges from all the other sets */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	536	if (setppriv(PRIV_SET, permitted, nset) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	537	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	538
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	539	if (!(flags & PU_INHERITPRIVS))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	540	priv_emptyset(nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	541
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	542	ret = setppriv(PRIV_SET, inheritable, nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	543	end:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	544	priv_freeset(nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	545	priv_freeset(perm);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	546
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	547	if (core_get_process_path(buf, sizeof (buf), getpid()) == 0 &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	548	strcmp(buf, "core") == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	549
4321 a8930ec16e52 PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris casper parents: 3864 diff changeset	550	if ((uid == (uid_t)-1 ? geteuid() : uid) == 0) {
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	551	(void) core_set_process_path(root_cp, sizeof (root_cp),
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	552	getpid());
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	553	} else {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	554	(void) core_set_process_path(daemon_cp,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	555	sizeof (daemon_cp), getpid());
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	556	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	557	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	558	(void) setpflags(__PROC_PROTECT, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	559
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	560	return (ret);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	561	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	562
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	563	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	564	* The routine __fini_daemon_priv() is private to Solaris and is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	565	* used by daemons to clear remaining unwanted privileges and
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	566	* reenable core dumps.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	567	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	568	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	569	__fini_daemon_priv(const char *priv, ...)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	570	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	571	priv_set_t *nset;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	572	va_list pa;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	573
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	574	va_start(pa, priv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	575
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	576	if (priv != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	577	nset = priv_vlist(pa);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	578	if (nset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	579	return;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	580
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	581	(void) priv_addset(nset, priv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	582	(void) setppriv(PRIV_OFF, permitted, nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	583	priv_freeset(nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	584	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	585
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	586	va_end(pa);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	587
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	588	(void) setpflags(__PROC_PROTECT, 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	589	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	590
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	591	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	592	* The routine __init_suid_priv() is private to Solaris and is
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	593	* used by set-uid root programs to limit the privileges acquired
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	594	* to those actually needed.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	595	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	596
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	597	static priv_set_t *bracketpriv;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	598
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	599	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	600	__init_suid_priv(int flags, ...)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	601	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	602	priv_set_t *nset = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	603	priv_set_t *tmpset = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	604	va_list pa;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	605	int r = -1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	606	uid_t ruid, euid;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	607
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	608	euid = geteuid();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	609
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	610	/* If we're not set-uid root, don't reset the uid */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	611	if (euid == 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	612	ruid = getuid();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	613	/* If we're running as root, keep everything */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	614	if (ruid == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	615	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	616	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	617
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	618	/* Can call this only once */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	619	if (bracketpriv != NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	620	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	621
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	622	va_start(pa, flags);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	623
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	624	nset = priv_vlist(pa);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	625
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	626	va_end(pa);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	627
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	628	if (nset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	629	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	630
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	631	tmpset = priv_allocset();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	632
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	633	if (tmpset == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	634	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	635
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	636	/* We cannot grow our privileges beyond P, so start there */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	637	(void) getppriv(permitted, tmpset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	638
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	639	/* Is the privilege we need even in P? */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	640	if (!priv_issubset(nset, tmpset))
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	641	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	642
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	643	bracketpriv = priv_allocset();
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	644	if (bracketpriv == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	645	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	646
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	647	priv_copyset(nset, bracketpriv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	648
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	649	/* Always add the basic set */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	650	priv_union(priv_basic(), nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	651
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	652	/* But don't add what we don't have */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	653	priv_intersect(tmpset, nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	654
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	655	(void) getppriv(inheritable, tmpset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	656
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	657	/* And stir in the inheritable privileges */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	658	priv_union(tmpset, nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	659
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	660	if ((r = setppriv(PRIV_SET, effective, tmpset)) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	661	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	662
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	663	if ((r = setppriv(PRIV_SET, permitted, nset)) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	664	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	665
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	666	if (flags & PU_CLEARLIMITSET)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	667	priv_emptyset(nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	668
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	669	if ((flags & (PU_LIMITPRIVS\|PU_CLEARLIMITSET)) != 0 &&
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	670	(r = setppriv(PRIV_SET, limit, nset)) != 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	671	goto end;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	672
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	673	if (euid == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	674	r = setreuid(ruid, ruid);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	675
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	676	end:
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	677	priv_freeset(tmpset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	678	priv_freeset(nset);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	679	if (r != 0) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	680	/* Fail without leaving uid 0 around */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	681	if (euid == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	682	(void) setreuid(ruid, ruid);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	683	priv_freeset(bracketpriv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	684	bracketpriv = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	685	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	686
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	687	return (r);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	688	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	689
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	690	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	691	* Toggle privileges on/off in the effective set.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	692	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	693	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	694	__priv_bracket(priv_op_t op)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	695	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	696	/* We're running fully privileged or didn't check errors first time */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	697	if (bracketpriv == NULL)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	698	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	699
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	700	/* Only PRIV_ON and PRIV_OFF are valid */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	701	if (op == PRIV_SET)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	702	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	703
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	704	return (setppriv(op, effective, bracketpriv));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	705	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	706
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	707	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	708	* Remove privileges from E & P.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	709	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	710	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	711	__priv_relinquish(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	712	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	713	if (bracketpriv != NULL) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	714	(void) setppriv(PRIV_OFF, permitted, bracketpriv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	715	priv_freeset(bracketpriv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	716	bracketpriv = NULL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	717	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	718	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	719
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	720	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	721	* Use binary search on the ordered list.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	722	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	723	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	724	__priv_getbyname(const priv_data_t d, const char name)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	725	{
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	726	char const list;
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	727	const int *order;
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	728	int lo = 0;
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	729	int hi;
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	730
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	731	if (d == NULL)
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	732	return (-1);
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	733
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	734	list = d->pd_privnames;
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	735	order = d->pd_setsort;
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	736	hi = d->pd_nprivs - 1;
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	737
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	738	if (strncasecmp(name, "priv_", 5) == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	739	name += 5;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	740
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	741	do {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	742	int mid = (lo + hi) / 2;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	743	int res = strcasecmp(name, list[order[mid]]);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	744
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	745	if (res == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	746	return (order[mid]);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	747	else if (res < 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	748	hi = mid - 1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	749	else
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	750	lo = mid + 1;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	751	} while (lo <= hi);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	752
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	753	errno = EINVAL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	754	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	755	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	756
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	757	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	758	priv_getbyname(const char *name)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	759	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	760	WITHPRIVLOCKED(int, -1, __priv_getbyname(GETPRIVDATA(), name));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	761	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	762
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	763	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	764	__priv_getsetbyname(const priv_data_t d, const char name)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	765	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	766	int i;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	767	int n = d->pd_nsets;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	768	char const list = d->pd_setnames;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	769
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	770	if (strncasecmp(name, "priv_", 5) == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	771	name += 5;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	772
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	773	for (i = 0; i < n; i++) {
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	774	if (strcasecmp(list[i], name) == 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	775	return (i);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	776	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	777
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	778	errno = EINVAL;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	779	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	780	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	781
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	782	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	783	priv_getsetbyname(const char *name)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	784	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	785	/* Not locked: sets don't change */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	786	return (__priv_getsetbyname(GETPRIVDATA(), name));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	787	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	788
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	789	static const char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	790	priv_bynum(int i, int n, char **list)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	791	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	792	if (i < 0 \|\| i >= n)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	793	return (NULL);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	794
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	795	return (list[i]);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	796	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	797
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	798	const char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	799	__priv_getbynum(const priv_data_t *d, int num)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	800	{
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	801	if (d == NULL)
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	802	return (NULL);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	803	return (priv_bynum(num, d->pd_nprivs, d->pd_privnames));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	804	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	805
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	806	const char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	807	priv_getbynum(int num)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	808	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	809	WITHPRIVLOCKED(const char *, NULL, __priv_getbynum(GETPRIVDATA(), num));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	810	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	811
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	812	const char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	813	__priv_getsetbynum(const priv_data_t *d, int num)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	814	{
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	815	if (d == NULL)
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	816	return (NULL);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	817	return (priv_bynum(num, d->pd_nsets, d->pd_setnames));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	818	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	819
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	820	const char *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	821	priv_getsetbynum(int num)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	822	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	823	return (__priv_getsetbynum(GETPRIVDATA(), num));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	824	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	825
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	826
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	827	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	828	* Privilege manipulation functions
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	829	*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	830	* Without knowing the details of the privilege set implementation,
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	831	* opaque pointers can be used to manipulate sets at will.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	832	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	833
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	834	static priv_set_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	835	__priv_allocset(priv_data_t *d)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	836	{
1059 11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	837	if (d == NULL)
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	838	return (NULL);
11ef9d4a0acc 6255958 priv_* functions don't deal with resource problems, can deadlock casper parents: 0 diff changeset	839
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	840	return (libc_malloc(d->pd_setsize));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	841	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	842
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	843	priv_set_t *
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	844	priv_allocset(void)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	845	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	846	return (__priv_allocset(GETPRIVDATA()));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	847	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	848
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	849	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	850	priv_freeset(priv_set_t *p)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	851	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	852	int er = errno;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	853
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	854	libc_free(p);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	855	errno = er;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	856	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	857
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	858	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	859	__priv_emptyset(priv_data_t d, priv_set_t set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	860	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	861	(void) memset(set, 0, d->pd_setsize);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	862	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	863
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	864	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	865	priv_emptyset(priv_set_t *set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	866	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	867	__priv_emptyset(GETPRIVDATA(), set);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	868	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	869
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	870	void
11537 8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 6812 diff changeset	871	priv_basicset(priv_set_t *set)
8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 6812 diff changeset	872	{
12273 63678502e95e PSARC 2009/377 In-kernel pfexec implementation. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 11537 diff changeset	873	priv_copyset(priv_basic(), set);
11537 8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 6812 diff changeset	874	}
8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 6812 diff changeset	875
8eca52188202 PSARC 2009/686 Improving the use and debugging of the basic privilege set. Casper H.S. Dik <Casper.Dik@Sun.COM> parents: 6812 diff changeset	876	void
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	877	__priv_fillset(priv_data_t d, priv_set_t set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	878	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	879	(void) memset(set, ~0, d->pd_setsize);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	880	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	881
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	882	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	883	priv_fillset(priv_set_t *set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	884	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	885	__priv_fillset(GETPRIVDATA(), set);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	886	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	887
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	888
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	889	#define PRIV_TEST_BODY_D(d, test) \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	890	int i; \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	891	\
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	892	for (i = d->pd_pinfo->priv_setsize; i-- > 0; ) \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	893	if (!(test)) \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	894	return (B_FALSE); \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	895	\
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	896	return (B_TRUE)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	897
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	898	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	899	priv_isequalset(const priv_set_t a, const priv_set_t b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	900	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	901	priv_data_t *d;
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	902
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	903	LOADPRIVDATA(d);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	904
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	905	return ((boolean_t)(memcmp(a, b, d->pd_setsize) == 0));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	906	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	907
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	908	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	909	__priv_isemptyset(priv_data_t d, const priv_set_t set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	910	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	911	PRIV_TEST_BODY_D(d, ((priv_chunk_t *)set)[i] == 0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	912	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	913
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	914	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	915	priv_isemptyset(const priv_set_t *set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	916	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	917	return (__priv_isemptyset(GETPRIVDATA(), set));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	918	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	919
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	920	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	921	__priv_isfullset(priv_data_t d, const priv_set_t set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	922	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	923	PRIV_TEST_BODY_D(d, ((priv_chunk_t *)set)[i] == ~(priv_chunk_t)0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	924	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	925
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	926	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	927	priv_isfullset(const priv_set_t *set)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	928	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	929	return (__priv_isfullset(GETPRIVDATA(), set));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	930	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	931
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	932	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	933	* Return true if a is a subset of b
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	934	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	935	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	936	__priv_issubset(priv_data_t d, const priv_set_t a, const priv_set_t *b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	937	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	938	PRIV_TEST_BODY_D(d, (((priv_chunk_t )a)[i] \| ((priv_chunk_t )b)[i]) ==
6812 febeba71273d PSARC 2008/309 expunge synonyms.h raf parents: 5331 diff changeset	939	((priv_chunk_t *)b)[i]);
0 68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	940	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	941
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	942	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	943	priv_issubset(const priv_set_t a, const priv_set_t b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	944	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	945	return (__priv_issubset(GETPRIVDATA(), a, b));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	946	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	947
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	948	#define PRIV_CHANGE_BODY(a, op, b) \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	949	int i; \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	950	priv_data_t *d; \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	951	\
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	952	LOADPRIVDATA(d); \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	953	\
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	954	for (i = 0; i < d->pd_pinfo->priv_setsize; i++) \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	955	((priv_chunk_t *)a)[i] op \
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	956	((priv_chunk_t *)b)[i]
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	957
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	958	/* B = A ^ B */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	959	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	960	priv_intersect(const priv_set_t a, priv_set_t b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	961	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	962	/* CSTYLED */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	963	PRIV_CHANGE_BODY(b, &=, a);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	964	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	965
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	966	/* B = A */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	967	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	968	priv_copyset(const priv_set_t a, priv_set_t b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	969	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	970	/* CSTYLED */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	971	PRIV_CHANGE_BODY(b, =, a);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	972	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	973
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	974	/* B = A v B */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	975	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	976	priv_union(const priv_set_t a, priv_set_t b)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	977	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	978	/* CSTYLED */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	979	PRIV_CHANGE_BODY(b, \|=, a);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	980	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	981
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	982	/* A = ! A */
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	983	void
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	984	priv_inverse(priv_set_t *a)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	985	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	986	PRIV_CHANGE_BODY(a, = ~, a);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	987	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	988
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	989	/*
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	990	* Manipulating single privileges.
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	991	*/
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	992
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	993	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	994	priv_addset(priv_set_t a, const char p)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	995	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	996	int priv = priv_getbyname(p);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	997
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	998	if (priv < 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	999	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1000
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1001	PRIV_ADDSET(a, priv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1002
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1003	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1004	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1005
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1006	int
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1007	priv_delset(priv_set_t a, const char p)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1008	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1009	int priv = priv_getbyname(p);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1010
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1011	if (priv < 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1012	return (-1);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1013
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1014	PRIV_DELSET(a, priv);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1015	return (0);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1016	}
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1017
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1018	boolean_t
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1019	priv_ismember(const priv_set_t a, const char p)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1020	{
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1021	int priv = priv_getbyname(p);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1022
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1023	if (priv < 0)
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1024	return (B_FALSE);
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1025
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1026	return ((boolean_t)PRIV_ISMEMBER(a, priv));
68f95e015346 OpenSolaris Launch stevel@tonic-gate parents: diff changeset	1027	}

author	Casper H.S. Dik <Casper.Dik@Sun.COM>
	Wed, 28 Apr 2010 10:01:37 +0200
changeset 12273	63678502e95e
parent 11537	8eca52188202
child 13687	72ce76fa37fb
permissions	-rw-r--r--