1f48205beScasper /*
2f48205beScasper * CDDL HEADER START
3f48205beScasper *
4f48205beScasper * The contents of this file are subject to the terms of the
5f48205beScasper * Common Development and Distribution License (the "License").
6f48205beScasper * You may not use this file except in compliance with the License.
7f48205beScasper *
8f48205beScasper * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9f48205beScasper * or http://www.opensolaris.org/os/licensing.
10f48205beScasper * See the License for the specific language governing permissions
11f48205beScasper * and limitations under the License.
12f48205beScasper *
13f48205beScasper * When distributing Covered Code, include this CDDL HEADER in each
14f48205beScasper * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15f48205beScasper * If applicable, add the following below this CDDL HEADER, with the
16f48205beScasper * fields enclosed by brackets "[]" replaced with your own identifying
17f48205beScasper * information: Portions Copyright [yyyy] [name of copyright owner]
18f48205beScasper *
19f48205beScasper * CDDL HEADER END
20f48205beScasper */
21f48205beScasper
22f48205beScasper /*
23*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24f48205beScasper * Use is subject to license terms.
25f48205beScasper */
26f48205beScasper
27f48205beScasper /*
28f48205beScasper * SID system call.
29f48205beScasper */
30f48205beScasper
31f48205beScasper #include <sys/sid.h>
32f48205beScasper #include <sys/cred.h>
33f48205beScasper #include <sys/errno.h>
34f48205beScasper #include <sys/systm.h>
35f48205beScasper #include <sys/policy.h>
36f48205beScasper #include <sys/door.h>
37c5c4113dSnw #include <sys/kidmap.h>
38c5c4113dSnw #include <sys/proc.h>
39f48205beScasper
40c5c4113dSnw static uint64_t
allocids(int flag,int nuids,int ngids)41c5c4113dSnw allocids(int flag, int nuids, int ngids)
42f48205beScasper {
43c5c4113dSnw rval_t r;
44c5c4113dSnw uid_t su = 0;
45c5c4113dSnw gid_t sg = 0;
46c5c4113dSnw struct door_info di;
47c5c4113dSnw door_handle_t dh;
48c5c4113dSnw int err;
49bda89588Sjp zone_t *zone = crgetzone(CRED());
50f48205beScasper
51bda89588Sjp dh = idmap_get_door(zone);
52f48205beScasper
53bda89588Sjp if (dh == NULL)
54c5c4113dSnw return (set_errno(EPERM));
55f48205beScasper
56bda89588Sjp if ((err = door_ki_info(dh, &di)) != 0) {
57bda89588Sjp door_ki_rele(dh);
58c5c4113dSnw return (set_errno(err));
59bda89588Sjp }
60bda89588Sjp
61bda89588Sjp door_ki_rele(dh);
62f48205beScasper
63c5c4113dSnw if (curproc->p_pid != di.di_target)
64c5c4113dSnw return (set_errno(EPERM));
65f48205beScasper
66bda89588Sjp if (flag)
67bda89588Sjp idmap_purge_cache(zone);
68f48205beScasper
69c5c4113dSnw if (nuids < 0 || ngids < 0)
70c5c4113dSnw return (set_errno(EINVAL));
71f48205beScasper
72c5c4113dSnw if (flag != 0 || nuids > 0)
73bda89588Sjp err = eph_uid_alloc(zone, flag, &su, nuids);
74c5c4113dSnw if (err == 0 && (flag != 0 || ngids > 0))
75bda89588Sjp err = eph_gid_alloc(zone, flag, &sg, ngids);
76f48205beScasper
77c5c4113dSnw if (err != 0)
78c5c4113dSnw return (set_errno(EOVERFLOW));
79f48205beScasper
80c5c4113dSnw r.r_val1 = su;
81c5c4113dSnw r.r_val2 = sg;
82c5c4113dSnw return (r.r_vals);
83f48205beScasper }
84f48205beScasper
85f48205beScasper static int
idmap_reg(int did)86f48205beScasper idmap_reg(int did)
87f48205beScasper {
88f48205beScasper door_handle_t dh;
89f48205beScasper int err;
90bda89588Sjp cred_t *cr = CRED();
91f48205beScasper
92bda89588Sjp if ((err = secpolicy_idmap(cr)) != 0)
93f48205beScasper return (set_errno(err));
94f48205beScasper
95f48205beScasper dh = door_ki_lookup(did);
96f48205beScasper
97f48205beScasper if (dh == NULL)
98f48205beScasper return (set_errno(EBADF));
99f48205beScasper
100bda89588Sjp if ((err = idmap_reg_dh(crgetzone(cr), dh)) != 0)
101bda89588Sjp return (set_errno(err));
102f48205beScasper
103bda89588Sjp return (0);
104f48205beScasper }
105f48205beScasper
106f48205beScasper static int
idmap_unreg(int did)107f48205beScasper idmap_unreg(int did)
108f48205beScasper {
109f48205beScasper door_handle_t dh = door_ki_lookup(did);
110f48205beScasper int res;
111bda89588Sjp zone_t *zone;
112f48205beScasper
113f48205beScasper if (dh == NULL)
114f48205beScasper return (set_errno(EINVAL));
115f48205beScasper
116bda89588Sjp zone = crgetzone(CRED());
117bda89588Sjp res = idmap_unreg_dh(zone, dh);
118f48205beScasper door_ki_rele(dh);
119f48205beScasper
120f48205beScasper if (res != 0)
121f48205beScasper return (set_errno(res));
122f48205beScasper return (0);
123f48205beScasper }
124f48205beScasper
125*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States static uint64_t
idmap_flush_kcache(void)126*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_flush_kcache(void)
127*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States {
128*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States struct door_info di;
129*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States door_handle_t dh;
130*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States int err;
131*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States zone_t *zone = crgetzone(CRED());
132*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
133*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States dh = idmap_get_door(zone);
134*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
135*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (dh == NULL)
136*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (set_errno(EPERM));
137*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
138*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if ((err = door_ki_info(dh, &di)) != 0) {
139*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States door_ki_rele(dh);
140*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (set_errno(err));
141*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
142*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
143*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States door_ki_rele(dh);
144*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
145*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States if (curproc->p_pid != di.di_target)
146*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (set_errno(EPERM));
147*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
148*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States idmap_purge_cache(zone);
149*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
150*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (0);
151*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States }
152*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States
153f48205beScasper uint64_t
sidsys(int op,int flag,int nuids,int ngids)154f48205beScasper sidsys(int op, int flag, int nuids, int ngids)
155f48205beScasper {
156f48205beScasper switch (op) {
157f48205beScasper case SIDSYS_ALLOC_IDS:
158f48205beScasper return (allocids(flag, nuids, ngids));
159f48205beScasper case SIDSYS_IDMAP_REG:
160f48205beScasper return (idmap_reg(flag));
161f48205beScasper case SIDSYS_IDMAP_UNREG:
162f48205beScasper return (idmap_unreg(flag));
163*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States case SIDSYS_IDMAP_FLUSH_KCACHE:
164*9fb67ea3Safshin salek ardakani - Sun Microsystems - Irvine United States return (idmap_flush_kcache());
165f48205beScasper default:
166f48205beScasper return (set_errno(EINVAL));
167f48205beScasper }
168f48205beScasper }
169