xref: /illumos-gate/usr/src/uts/common/os/sid.c (revision f37b3cbb) 
1f48205beScasper /*
2f48205beScasper  * CDDL HEADER START
3f48205beScasper  *
4f48205beScasper  * The contents of this file are subject to the terms of the
5f48205beScasper  * Common Development and Distribution License (the "License").
6f48205beScasper  * You may not use this file except in compliance with the License.
7f48205beScasper  *
8f48205beScasper  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9f48205beScasper  * or http://www.opensolaris.org/os/licensing.
10f48205beScasper  * See the License for the specific language governing permissions
11f48205beScasper  * and limitations under the License.
12f48205beScasper  *
13f48205beScasper  * When distributing Covered Code, include this CDDL HEADER in each
14f48205beScasper  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15f48205beScasper  * If applicable, add the following below this CDDL HEADER, with the
16f48205beScasper  * fields enclosed by brackets "[]" replaced with your own identifying
17f48205beScasper  * information: Portions Copyright [yyyy] [name of copyright owner]
18f48205beScasper  *
19f48205beScasper  * CDDL HEADER END
20f48205beScasper  */
21f48205beScasper 
22f48205beScasper /*
23bda89588Sjp  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24f48205beScasper  * Use is subject to license terms.
25f48205beScasper  */
26f48205beScasper 
27*f37b3cbbSMatt Barden /*
28*f37b3cbbSMatt Barden  * Copyright 2020 Tintri by DDN, Inc. All rights reserved.
29*f37b3cbbSMatt Barden  */
30*f37b3cbbSMatt Barden 
31f48205beScasper /*
32f48205beScasper  * Sid manipulation (stubs).
33f48205beScasper  */
34f48205beScasper 
35f48205beScasper #include <sys/atomic.h>
36f48205beScasper #include <sys/avl.h>
37f48205beScasper #include <sys/cmn_err.h>
38f48205beScasper #include <sys/kmem.h>
39f48205beScasper #include <sys/mutex.h>
40f48205beScasper #include <sys/sid.h>
41f48205beScasper #include <sys/sysmacros.h>
42f48205beScasper #include <sys/systm.h>
43*f37b3cbbSMatt Barden 
44*f37b3cbbSMatt Barden #ifdef _KERNEL
45c5c4113dSnw #include <sys/kidmap.h>
46*f37b3cbbSMatt Barden #endif
47*f37b3cbbSMatt Barden 
48c5c4113dSnw #include <sys/idmap.h>
49*f37b3cbbSMatt Barden #include <util/qsort.h>
50c5c4113dSnw 
51f48205beScasper static kmutex_t sid_lock;
52f48205beScasper static avl_tree_t sid_tree;
53f48205beScasper static boolean_t sid_inited = B_FALSE;
54f48205beScasper 
55f48205beScasper static ksiddomain_t
ksid_enterdomain(const char * dom)56f48205beScasper *ksid_enterdomain(const char *dom)
57f48205beScasper {
58f48205beScasper 	size_t len = strlen(dom) + 1;
59f48205beScasper 	ksiddomain_t *res;
60f48205beScasper 
61f48205beScasper 	ASSERT(MUTEX_HELD(&sid_lock));
62f48205beScasper 	res = kmem_alloc(sizeof (ksiddomain_t), KM_SLEEP);
63f48205beScasper 	res->kd_len = (uint_t)len;
64f48205beScasper 	res->kd_name = kmem_alloc(len, KM_SLEEP);
65f48205beScasper 	bcopy(dom, res->kd_name, len);
66f48205beScasper 
67f48205beScasper 	res->kd_ref = 1;
68f48205beScasper 
69f48205beScasper 	avl_add(&sid_tree, res);
70f48205beScasper 
71f48205beScasper 	return (res);
72f48205beScasper }
73f48205beScasper 
74f48205beScasper void
ksid_hold(ksid_t * ks)75f48205beScasper ksid_hold(ksid_t *ks)
76f48205beScasper {
77f48205beScasper 	if (ks->ks_domain != NULL)
78f48205beScasper 		ksiddomain_hold(ks->ks_domain);
79f48205beScasper }
80f48205beScasper 
81f48205beScasper void
ksid_rele(ksid_t * ks)82f48205beScasper ksid_rele(ksid_t *ks)
83f48205beScasper {
84f48205beScasper 	if (ks->ks_domain != NULL)
85f48205beScasper 		ksiddomain_rele(ks->ks_domain);
86f48205beScasper }
87f48205beScasper 
88f48205beScasper void
ksiddomain_hold(ksiddomain_t * kd)89f48205beScasper ksiddomain_hold(ksiddomain_t *kd)
90f48205beScasper {
911a5e258fSJosef 'Jeff' Sipek 	atomic_inc_32(&kd->kd_ref);
92f48205beScasper }
93f48205beScasper 
94f48205beScasper void
ksiddomain_rele(ksiddomain_t * kd)95f48205beScasper ksiddomain_rele(ksiddomain_t *kd)
96f48205beScasper {
971a5e258fSJosef 'Jeff' Sipek 	if (atomic_dec_32_nv(&kd->kd_ref) == 0) {
98f48205beScasper 		/*
99f48205beScasper 		 * The kd reference can only be incremented from 0 when
100f48205beScasper 		 * the sid_lock is held; so we lock and then check need to
101f48205beScasper 		 * check for 0 again.
102f48205beScasper 		 */
103f48205beScasper 		mutex_enter(&sid_lock);
104f48205beScasper 		if (kd->kd_ref == 0) {
105f48205beScasper 			avl_remove(&sid_tree, kd);
106f48205beScasper 			kmem_free(kd->kd_name, kd->kd_len);
107f48205beScasper 			kmem_free(kd, sizeof (*kd));
108f48205beScasper 		}
109f48205beScasper 		mutex_exit(&sid_lock);
110f48205beScasper 	}
111f48205beScasper }
112f48205beScasper 
113f48205beScasper void
ksidlist_hold(ksidlist_t * ksl)114f48205beScasper ksidlist_hold(ksidlist_t *ksl)
115f48205beScasper {
1161a5e258fSJosef 'Jeff' Sipek 	atomic_inc_32(&ksl->ksl_ref);
117f48205beScasper }
118f48205beScasper 
119f48205beScasper void
ksidlist_rele(ksidlist_t * ksl)120f48205beScasper ksidlist_rele(ksidlist_t *ksl)
121f48205beScasper {
1221a5e258fSJosef 'Jeff' Sipek 	if (atomic_dec_32_nv(&ksl->ksl_ref) == 0) {
123f48205beScasper 		int i;
124f48205beScasper 
125*f37b3cbbSMatt Barden 		if (ksl->ksl_sorted != NULL)
126*f37b3cbbSMatt Barden 			kmem_free(ksl->ksl_sorted,
127*f37b3cbbSMatt Barden 			    ksl->ksl_nsid * sizeof (ksid_t *));
128f48205beScasper 		for (i = 0; i < ksl->ksl_nsid; i++)
129f48205beScasper 			ksid_rele(&ksl->ksl_sids[i]);
130f48205beScasper 
131f48205beScasper 		kmem_free(ksl, KSIDLIST_MEM(ksl->ksl_nsid));
132f48205beScasper 	}
133f48205beScasper }
134f48205beScasper 
135*f37b3cbbSMatt Barden /*
136*f37b3cbbSMatt Barden  * Linear search is more efficient for 'small' arrays.
137*f37b3cbbSMatt Barden  * What's considered 'small' varies by system.
138*f37b3cbbSMatt Barden  * supgroupmember() uses 16; we make ours a variable for testing.
139*f37b3cbbSMatt Barden  */
140*f37b3cbbSMatt Barden int ksl_bin_search_cutoff = 16;
141*f37b3cbbSMatt Barden 
142*f37b3cbbSMatt Barden boolean_t
ksidlist_has_sid(ksidlist_t * ksl,const char * domain,uint32_t rid)143*f37b3cbbSMatt Barden ksidlist_has_sid(ksidlist_t *ksl, const char *domain, uint32_t rid)
144*f37b3cbbSMatt Barden {
145*f37b3cbbSMatt Barden 	int64_t hi, lo, m;
146*f37b3cbbSMatt Barden 	int cmp;
147*f37b3cbbSMatt Barden 	ksid_t *sids = ksl->ksl_sids; /* sorted by SID */
148*f37b3cbbSMatt Barden 
149*f37b3cbbSMatt Barden 	lo = 0;
150*f37b3cbbSMatt Barden 	hi = ksl->ksl_nsid - 1;
151*f37b3cbbSMatt Barden 
152*f37b3cbbSMatt Barden 	if (hi < ksl_bin_search_cutoff) {
153*f37b3cbbSMatt Barden 		for (; lo <= hi; lo++) {
154*f37b3cbbSMatt Barden 			if (rid == sids[lo].ks_rid &&
155*f37b3cbbSMatt Barden 			    strcmp(domain, ksid_getdomain(&sids[lo])) == 0)
156*f37b3cbbSMatt Barden 				return (B_TRUE);
157*f37b3cbbSMatt Barden 		}
158*f37b3cbbSMatt Barden 		return (B_FALSE);
159*f37b3cbbSMatt Barden 	}
160*f37b3cbbSMatt Barden 
161*f37b3cbbSMatt Barden 	do {
162*f37b3cbbSMatt Barden 		/* This is an overflow-safe version of m = (lo + hi) / 2 */
163*f37b3cbbSMatt Barden 		m = (int64_t)((uint64_t)(lo + hi) >> 1);
164*f37b3cbbSMatt Barden 
165*f37b3cbbSMatt Barden 		cmp = AVL_CMP(rid, sids[m].ks_rid);
166*f37b3cbbSMatt Barden 		if (cmp == 0)
167*f37b3cbbSMatt Barden 			cmp = strcmp(domain, ksid_getdomain(&sids[m]));
168*f37b3cbbSMatt Barden 
169*f37b3cbbSMatt Barden 		if (cmp > 0)
170*f37b3cbbSMatt Barden 			lo = m + 1;
171*f37b3cbbSMatt Barden 		else if (cmp < 0)
172*f37b3cbbSMatt Barden 			hi = m - 1;
173*f37b3cbbSMatt Barden 		else
174*f37b3cbbSMatt Barden 			return (B_TRUE);
175*f37b3cbbSMatt Barden 
176*f37b3cbbSMatt Barden 	} while (lo <= hi);
177*f37b3cbbSMatt Barden 
178*f37b3cbbSMatt Barden 	return (B_FALSE);
179*f37b3cbbSMatt Barden }
180*f37b3cbbSMatt Barden 
181*f37b3cbbSMatt Barden boolean_t
ksidlist_has_pid(ksidlist_t * ksl,uint32_t pid)182*f37b3cbbSMatt Barden ksidlist_has_pid(ksidlist_t *ksl, uint32_t pid)
183*f37b3cbbSMatt Barden {
184*f37b3cbbSMatt Barden 	int64_t hi, lo, m;
185*f37b3cbbSMatt Barden 	int cmp;
186*f37b3cbbSMatt Barden 	ksid_t **sidsp = ksl->ksl_sorted; /* sorted by posix ID */
187*f37b3cbbSMatt Barden 
188*f37b3cbbSMatt Barden 	lo = 0;
189*f37b3cbbSMatt Barden 	hi = ksl->ksl_nsid - 1;
190*f37b3cbbSMatt Barden 
191*f37b3cbbSMatt Barden 	if (hi < ksl_bin_search_cutoff) {
192*f37b3cbbSMatt Barden 		for (; lo <= hi; lo++) {
193*f37b3cbbSMatt Barden 			if (pid == ksl->ksl_sids[lo].ks_id)
194*f37b3cbbSMatt Barden 				return (B_TRUE);
195*f37b3cbbSMatt Barden 		}
196*f37b3cbbSMatt Barden 		return (B_FALSE);
197*f37b3cbbSMatt Barden 	}
198*f37b3cbbSMatt Barden 
199*f37b3cbbSMatt Barden 	do {
200*f37b3cbbSMatt Barden 		/* This is an overflow-safe version of m = (lo + hi) / 2 */
201*f37b3cbbSMatt Barden 		m = (int64_t)((uint64_t)(lo + hi) >> 1);
202*f37b3cbbSMatt Barden 
203*f37b3cbbSMatt Barden 		cmp = AVL_CMP(pid, sidsp[m]->ks_id);
204*f37b3cbbSMatt Barden 
205*f37b3cbbSMatt Barden 		if (cmp > 0)
206*f37b3cbbSMatt Barden 			lo = m + 1;
207*f37b3cbbSMatt Barden 		else if (cmp < 0)
208*f37b3cbbSMatt Barden 			hi = m - 1;
209*f37b3cbbSMatt Barden 		else
210*f37b3cbbSMatt Barden 			return (B_TRUE);
211*f37b3cbbSMatt Barden 
212*f37b3cbbSMatt Barden 	} while (lo <= hi);
213*f37b3cbbSMatt Barden 
214*f37b3cbbSMatt Barden 	return (B_FALSE);
215*f37b3cbbSMatt Barden }
216*f37b3cbbSMatt Barden 
217f48205beScasper static int
ksid_cmp(const void * a,const void * b)218f48205beScasper ksid_cmp(const void *a, const void *b)
219f48205beScasper {
220f48205beScasper 	const ksiddomain_t *ap = a;
221f48205beScasper 	const ksiddomain_t *bp = b;
222f48205beScasper 	int res;
223f48205beScasper 
224f48205beScasper 	res = strcmp(ap->kd_name, bp->kd_name);
225*f37b3cbbSMatt Barden 
226*f37b3cbbSMatt Barden 	return (AVL_ISIGN(res));
227f48205beScasper }
228f48205beScasper 
229f48205beScasper /*
230f48205beScasper  * Lookup the named domain in the AVL tree.
231f48205beScasper  * If no entry is found, add the domain to the AVL tree.
232f48205beScasper  * The domain is returned held and needs to be released
233f48205beScasper  * when done.
234f48205beScasper  */
235f48205beScasper ksiddomain_t
ksid_lookupdomain(const char * dom)236f48205beScasper *ksid_lookupdomain(const char *dom)
237f48205beScasper {
238f48205beScasper 	ksiddomain_t *res;
239f48205beScasper 	ksiddomain_t tmpl;
240f48205beScasper 
241f48205beScasper 	mutex_enter(&sid_lock);
242f48205beScasper 
243f48205beScasper 	if (!sid_inited) {
244f48205beScasper 		avl_create(&sid_tree, ksid_cmp, sizeof (ksiddomain_t),
245f48205beScasper 		    offsetof(ksiddomain_t, kd_link));
246f48205beScasper 
247f48205beScasper 		res = ksid_enterdomain(dom);
248f48205beScasper 		sid_inited = B_TRUE;
249f48205beScasper 		mutex_exit(&sid_lock);
250f48205beScasper 		return (res);
251f48205beScasper 	}
252f48205beScasper 
253f48205beScasper 	tmpl.kd_name = (char *)dom;
254f48205beScasper 
255f48205beScasper 	res = avl_find(&sid_tree, &tmpl, NULL);
256f48205beScasper 	if (res == NULL) {
257f48205beScasper 		res = ksid_enterdomain(dom);
258f48205beScasper 	} else {
259f48205beScasper 		ksiddomain_hold(res);
260f48205beScasper 	}
261f48205beScasper 
262f48205beScasper 	mutex_exit(&sid_lock);
263f48205beScasper 	return (res);
264f48205beScasper }
265f48205beScasper 
266f48205beScasper const char *
ksid_getdomain(ksid_t * ks)267f48205beScasper ksid_getdomain(ksid_t *ks)
268f48205beScasper {
269f48205beScasper 	return (ks->ks_domain->kd_name);
270f48205beScasper }
271f48205beScasper 
272f48205beScasper uint_t
ksid_getrid(ksid_t * ks)273f48205beScasper ksid_getrid(ksid_t *ks)
274f48205beScasper {
275f48205beScasper 	return (ks->ks_rid);
276f48205beScasper }
277f48205beScasper 
278c1ce5987SMark Shellenbaum uid_t
ksid_getid(ksid_t * ks)279c1ce5987SMark Shellenbaum ksid_getid(ksid_t *ks)
280c1ce5987SMark Shellenbaum {
281c1ce5987SMark Shellenbaum 	return (ks->ks_id);
282c1ce5987SMark Shellenbaum }
283c1ce5987SMark Shellenbaum 
284*f37b3cbbSMatt Barden #ifdef _KERNEL
285f48205beScasper int
ksid_lookupbyuid(zone_t * zone,uid_t id,ksid_t * res)286bda89588Sjp ksid_lookupbyuid(zone_t *zone, uid_t id, ksid_t *res)
287f48205beScasper {
288c5c4113dSnw 	const char *sid_prefix;
289f48205beScasper 
290bda89588Sjp 	if (kidmap_getsidbyuid(zone, id, &sid_prefix, &res->ks_rid)
291bda89588Sjp 	    != IDMAP_SUCCESS)
292f48205beScasper 		return (-1);
293f48205beScasper 
294c5c4113dSnw 	res->ks_domain = ksid_lookupdomain(sid_prefix);
295c5c4113dSnw 
296c5c4113dSnw 	res->ks_id = id;
297c5c4113dSnw 
298c5c4113dSnw 	return (0);
299c5c4113dSnw }
300c5c4113dSnw 
301c5c4113dSnw int
ksid_lookupbygid(zone_t * zone,gid_t id,ksid_t * res)302bda89588Sjp ksid_lookupbygid(zone_t *zone, gid_t id, ksid_t *res)
303c5c4113dSnw {
304c5c4113dSnw 	const char *sid_prefix;
305c5c4113dSnw 
306bda89588Sjp 	if (kidmap_getsidbygid(zone, id, &sid_prefix, &res->ks_rid)
307bda89588Sjp 	    != IDMAP_SUCCESS)
308c5c4113dSnw 		return (-1);
309c5c4113dSnw 
310c5c4113dSnw 	res->ks_domain = ksid_lookupdomain(sid_prefix);
311c5c4113dSnw 
312f48205beScasper 	res->ks_id = id;
313f48205beScasper 
314f48205beScasper 	return (0);
315f48205beScasper }
316*f37b3cbbSMatt Barden #endif
317f48205beScasper 
318f48205beScasper credsid_t *
kcrsid_alloc(void)319f48205beScasper kcrsid_alloc(void)
320f48205beScasper {
321f48205beScasper 	credsid_t *kcr = kmem_zalloc(sizeof (*kcr), KM_SLEEP);
322f48205beScasper 	kcr->kr_ref = 1;
323f48205beScasper 	return (kcr);
324f48205beScasper }
325f48205beScasper 
326f48205beScasper /*
327f48205beScasper  * Returns a credsid_t with a refcount of 1.
328f48205beScasper  */
329f48205beScasper static credsid_t *
kcrsid_dup(credsid_t * org)330f48205beScasper kcrsid_dup(credsid_t *org)
331f48205beScasper {
332f48205beScasper 	credsid_t *new;
333f48205beScasper 	ksid_index_t ki;
334f48205beScasper 
335f48205beScasper 	if (org == NULL)
336f48205beScasper 		return (kcrsid_alloc());
337f48205beScasper 	if (org->kr_ref == 1)
338f48205beScasper 		return (org);
339f48205beScasper 	new = kcrsid_alloc();
340f48205beScasper 
341f48205beScasper 	/* Copy, then update reference counts */
342f48205beScasper 	*new = *org;
343f48205beScasper 	new->kr_ref = 1;
344f48205beScasper 	for (ki = 0; ki < KSID_COUNT; ki++)
345f48205beScasper 		ksid_hold(&new->kr_sidx[ki]);
346f48205beScasper 
347f48205beScasper 	if (new->kr_sidlist != NULL)
348f48205beScasper 		ksidlist_hold(new->kr_sidlist);
349f48205beScasper 
350f48205beScasper 	kcrsid_rele(org);
351f48205beScasper 	return (new);
352f48205beScasper }
353f48205beScasper 
354f48205beScasper void
kcrsid_hold(credsid_t * kcr)355f48205beScasper kcrsid_hold(credsid_t *kcr)
356f48205beScasper {
3571a5e258fSJosef 'Jeff' Sipek 	atomic_inc_32(&kcr->kr_ref);
358f48205beScasper }
359f48205beScasper 
360f48205beScasper void
kcrsid_rele(credsid_t * kcr)361f48205beScasper kcrsid_rele(credsid_t *kcr)
362f48205beScasper {
3631a5e258fSJosef 'Jeff' Sipek 	if (atomic_dec_32_nv(&kcr->kr_ref) == 0) {
364f48205beScasper 		ksid_index_t i;
365f48205beScasper 
366f48205beScasper 		for (i = 0; i < KSID_COUNT; i++)
367f48205beScasper 			ksid_rele(&kcr->kr_sidx[i]);
368f48205beScasper 
369f48205beScasper 		if (kcr->kr_sidlist != NULL)
370f48205beScasper 			ksidlist_rele(kcr->kr_sidlist);
371f48205beScasper 
372f48205beScasper 		kmem_free(kcr, sizeof (*kcr));
373f48205beScasper 	}
374f48205beScasper }
375f48205beScasper 
376f48205beScasper /*
377f48205beScasper  * Copy the SID credential into a previously allocated piece of memory.
378f48205beScasper  */
379f48205beScasper void
kcrsidcopy_to(const credsid_t * okcr,credsid_t * nkcr)380f48205beScasper kcrsidcopy_to(const credsid_t *okcr, credsid_t *nkcr)
381f48205beScasper {
382f48205beScasper 	int i;
383f48205beScasper 
384f48205beScasper 	ASSERT(nkcr->kr_ref == 1);
385f48205beScasper 
386f48205beScasper 	if (okcr == NULL)
387f48205beScasper 		return;
388f48205beScasper 	*nkcr = *okcr;
389f48205beScasper 	for (i = 0; i < KSID_COUNT; i++)
390f48205beScasper 		ksid_hold(&nkcr->kr_sidx[i]);
391f48205beScasper 	if (nkcr->kr_sidlist != NULL)
392f48205beScasper 		ksidlist_hold(nkcr->kr_sidlist);
393f48205beScasper 	nkcr->kr_ref = 1;
394f48205beScasper }
395f48205beScasper 
396f48205beScasper static int
kcrsid_sidcount(const credsid_t * kcr)397f48205beScasper kcrsid_sidcount(const credsid_t *kcr)
398f48205beScasper {
399f48205beScasper 	int cnt = 0;
400f48205beScasper 	int i;
401f48205beScasper 
402f48205beScasper 	if (kcr == NULL)
403f48205beScasper 		return (0);
404f48205beScasper 
405f48205beScasper 	for (i = 0; i < KSID_COUNT; i++)
406f48205beScasper 		if (kcr->kr_sidx[i].ks_domain != NULL)
407f48205beScasper 			cnt++;
408f48205beScasper 
409f48205beScasper 	if (kcr->kr_sidlist != NULL)
410f48205beScasper 		cnt += kcr->kr_sidlist->ksl_nsid;
411f48205beScasper 	return (cnt);
412f48205beScasper }
413f48205beScasper 
414f48205beScasper /*
415f48205beScasper  * Argument needs to be a ksid_t with a properly held ks_domain reference.
416f48205beScasper  */
417f48205beScasper credsid_t *
kcrsid_setsid(credsid_t * okcr,ksid_t * ksp,ksid_index_t i)418f48205beScasper kcrsid_setsid(credsid_t *okcr, ksid_t *ksp, ksid_index_t i)
419f48205beScasper {
420f48205beScasper 	int ocnt = kcrsid_sidcount(okcr);
421f48205beScasper 	credsid_t *nkcr;
422f48205beScasper 
423f48205beScasper 	/*
424f48205beScasper 	 * Unset the particular ksid; if there are no other SIDs or if this
425f48205beScasper 	 * is the last SID, remove the auxilary data structure.
426f48205beScasper 	 */
427f48205beScasper 	if (ksp == NULL) {
428f48205beScasper 		if (ocnt == 0 ||
429f48205beScasper 		    (ocnt == 1 && okcr->kr_sidx[i].ks_domain != NULL)) {
430f48205beScasper 			if (okcr != NULL)
431f48205beScasper 				kcrsid_rele(okcr);
432f48205beScasper 			return (NULL);
433f48205beScasper 		}
434f48205beScasper 	}
435f48205beScasper 	nkcr = kcrsid_dup(okcr);
436f48205beScasper 	ksid_rele(&nkcr->kr_sidx[i]);
437f48205beScasper 	if (ksp == NULL)
438f48205beScasper 		bzero(&nkcr->kr_sidx[i], sizeof (ksid_t));
439f48205beScasper 	else
440f48205beScasper 		nkcr->kr_sidx[i] = *ksp;
441f48205beScasper 
442f48205beScasper 	return (nkcr);
443f48205beScasper }
444f48205beScasper 
445*f37b3cbbSMatt Barden static int
ksid_sid_cmp(const void * arg1,const void * arg2)446*f37b3cbbSMatt Barden ksid_sid_cmp(const void *arg1, const void *arg2)
447*f37b3cbbSMatt Barden {
448*f37b3cbbSMatt Barden 	ksid_t *sid1 = (ksid_t *)arg1;
449*f37b3cbbSMatt Barden 	ksid_t *sid2 = (ksid_t *)arg2;
450*f37b3cbbSMatt Barden 	int cmp = AVL_CMP(sid1->ks_rid, sid2->ks_rid);
451*f37b3cbbSMatt Barden 
452*f37b3cbbSMatt Barden 	if (cmp == 0)
453*f37b3cbbSMatt Barden 		cmp = AVL_ISIGN(strcmp(ksid_getdomain(sid1),
454*f37b3cbbSMatt Barden 		    ksid_getdomain(sid2)));
455*f37b3cbbSMatt Barden 
456*f37b3cbbSMatt Barden 	return (cmp);
457*f37b3cbbSMatt Barden }
458*f37b3cbbSMatt Barden 
459*f37b3cbbSMatt Barden static int
ksid_id_cmp(const void * arg1,const void * arg2)460*f37b3cbbSMatt Barden ksid_id_cmp(const void *arg1, const void *arg2)
461*f37b3cbbSMatt Barden {
462*f37b3cbbSMatt Barden 	ksid_t *sid1 = *(ksid_t **)arg1;
463*f37b3cbbSMatt Barden 	ksid_t *sid2 = *(ksid_t **)arg2;
464*f37b3cbbSMatt Barden 
465*f37b3cbbSMatt Barden 	return (AVL_CMP(sid1->ks_id, sid2->ks_id));
466*f37b3cbbSMatt Barden }
467*f37b3cbbSMatt Barden 
468f48205beScasper /*
469f48205beScasper  * Argument needs to be a ksidlist_t with properly held ks_domain references
470f48205beScasper  * and a reference count taking the new reference into account.
471f48205beScasper  */
472f48205beScasper credsid_t *
kcrsid_setsidlist(credsid_t * okcr,ksidlist_t * ksl)473f48205beScasper kcrsid_setsidlist(credsid_t *okcr, ksidlist_t *ksl)
474f48205beScasper {
475f48205beScasper 	int ocnt = kcrsid_sidcount(okcr);
476f48205beScasper 	credsid_t *nkcr;
477*f37b3cbbSMatt Barden 	int i;
478f48205beScasper 
479f48205beScasper 	/*
480f48205beScasper 	 * Unset the sidlist; if there are no further SIDs, remove the
481f48205beScasper 	 * auxilary data structure.
482f48205beScasper 	 */
483f48205beScasper 	if (ksl == NULL) {
484f48205beScasper 		if (ocnt == 0 || (okcr->kr_sidlist != NULL &&
485f48205beScasper 		    ocnt == okcr->kr_sidlist->ksl_nsid)) {
486f48205beScasper 			if (okcr != NULL)
487f48205beScasper 				kcrsid_rele(okcr);
488f48205beScasper 			return (NULL);
489f48205beScasper 		}
490f48205beScasper 	}
491f48205beScasper 	nkcr = kcrsid_dup(okcr);
492f48205beScasper 	if (nkcr->kr_sidlist != NULL)
493f48205beScasper 		ksidlist_rele(nkcr->kr_sidlist);
494f48205beScasper 
495*f37b3cbbSMatt Barden 	/* sort the lists so that we can do binary search */
496f48205beScasper 	nkcr->kr_sidlist = ksl;
497*f37b3cbbSMatt Barden 
498*f37b3cbbSMatt Barden 	if (ksl->ksl_sorted == NULL) {
499*f37b3cbbSMatt Barden 		qsort(ksl->ksl_sids, ksl->ksl_nsid, sizeof (ksid_t),
500*f37b3cbbSMatt Barden 		    ksid_sid_cmp);
501*f37b3cbbSMatt Barden 
502*f37b3cbbSMatt Barden 		ksl->ksl_sorted = kmem_alloc(ksl->ksl_nsid * sizeof (ksid_t *),
503*f37b3cbbSMatt Barden 		    KM_SLEEP);
504*f37b3cbbSMatt Barden 		for (i = 0; i < ksl->ksl_nsid; i++)
505*f37b3cbbSMatt Barden 			ksl->ksl_sorted[i] = &ksl->ksl_sids[i];
506*f37b3cbbSMatt Barden 		qsort(ksl->ksl_sorted, ksl->ksl_nsid, sizeof (ksid_t *),
507*f37b3cbbSMatt Barden 		    ksid_id_cmp);
508*f37b3cbbSMatt Barden 	}
509*f37b3cbbSMatt Barden 
510f48205beScasper 	return (nkcr);
511f48205beScasper }
512f48205beScasper 
513f48205beScasper ksidlist_t *
kcrsid_gidstosids(zone_t * zone,int ngrp,gid_t * grp)514bda89588Sjp kcrsid_gidstosids(zone_t *zone, int ngrp, gid_t *grp)
515f48205beScasper {
516f48205beScasper 	int i;
517f48205beScasper 	ksidlist_t *list;
518f48205beScasper 	int cnt;
519f48205beScasper 
520f48205beScasper 	if (ngrp == 0)
521f48205beScasper 		return (NULL);
522f48205beScasper 
523f48205beScasper 	cnt = 0;
524f48205beScasper 	list = kmem_zalloc(KSIDLIST_MEM(ngrp), KM_SLEEP);
525f48205beScasper 
526f48205beScasper 	list->ksl_nsid = ngrp;
527f48205beScasper 	list->ksl_ref = 1;
528f48205beScasper 
529f48205beScasper 	for (i = 0; i < ngrp; i++) {
530f48205beScasper 		if (grp[i] > MAXUID) {
531f48205beScasper 			list->ksl_neid++;
532*f37b3cbbSMatt Barden #ifdef _KERNEL
533bda89588Sjp 			if (ksid_lookupbygid(zone,
534bda89588Sjp 			    grp[i], &list->ksl_sids[i]) != 0) {
535f48205beScasper 				while (--i >= 0)
536f48205beScasper 					ksid_rele(&list->ksl_sids[i]);
537f48205beScasper 				cnt = 0;
538f48205beScasper 				break;
539f48205beScasper 			}
540*f37b3cbbSMatt Barden #endif
541f48205beScasper 			cnt++;
542f48205beScasper 		} else {
543f48205beScasper 			list->ksl_sids[i].ks_id = grp[i];
544f48205beScasper 		}
545f48205beScasper 	}
546f48205beScasper 	if (cnt == 0) {
547f48205beScasper 		kmem_free(list, KSIDLIST_MEM(ngrp));
548f48205beScasper 		return (NULL);
549f48205beScasper 	}
550f48205beScasper 	return (list);
551f48205beScasper }
552