Home | History | Annotate | Line # | Download | only in kern
kern_auth.c revision 1.8 
      1  1.8  dyoung /* $NetBSD: kern_auth.c,v 1.8 2006/06/13 22:56:46 dyoung Exp $ */
      2  1.2    elad 
      3  1.2    elad /*-
      4  1.2    elad  * Copyright (c) 2005, 2006 Elad Efrat <elad (at) NetBSD.org>
      5  1.2    elad  * All rights reserved.
      6  1.2    elad  *
      7  1.2    elad  * Redistribution and use in source and binary forms, with or without
      8  1.2    elad  * modification, are permitted provided that the following conditions
      9  1.2    elad  * are met:
     10  1.2    elad  * 1. Redistributions of source code must retain the above copyright
     11  1.2    elad  *    notice, this list of conditions and the following disclaimer.
     12  1.2    elad  * 2. Redistributions in binary form must reproduce the above copyright
     13  1.2    elad  *    notice, this list of conditions and the following disclaimer in the
     14  1.2    elad  *    documentation and/or other materials provided with the distribution.
     15  1.2    elad  * 3. All advertising materials mentioning features or use of this software
     16  1.2    elad  *    must display the following acknowledgement:
     17  1.2    elad  *      This product includes software developed by Elad Efrat.
     18  1.2    elad  * 4. The name of the author may not be used to endorse or promote products
     19  1.2    elad  *    derived from this software without specific prior written permission.
     20  1.2    elad  *
     21  1.2    elad  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     22  1.2    elad  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     23  1.2    elad  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     24  1.2    elad  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     25  1.2    elad  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     26  1.2    elad  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     27  1.2    elad  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     28  1.2    elad  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     29  1.2    elad  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     30  1.2    elad  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     31  1.2    elad  */
     32  1.2    elad 
     33  1.2    elad /*
     34  1.2    elad  * Todo:
     35  1.2    elad  *   - Garbage collection to pool_put() unused scopes/listeners.
     36  1.2    elad  */
     37  1.2    elad 
     38  1.2    elad #include <sys/types.h>
     39  1.2    elad #include <sys/param.h>
     40  1.2    elad #include <sys/queue.h>
     41  1.2    elad #include <sys/time.h>
     42  1.2    elad #include <sys/proc.h>
     43  1.2    elad #include <sys/ucred.h>
     44  1.2    elad #include <sys/pool.h>
     45  1.2    elad #include <sys/kauth.h>
     46  1.2    elad #include <sys/acct.h>
     47  1.2    elad #include <sys/sysctl.h>
     48  1.2    elad 
     49  1.2    elad /*
     50  1.2    elad  * Credentials.
     51  1.2    elad  */
     52  1.2    elad struct kauth_cred {
     53  1.2    elad 	struct simplelock cr_lock;	/* lock */
     54  1.2    elad 	uint32_t cr_refcnt;		/* reference count */
     55  1.2    elad 	uid_t cr_uid;			/* user id */
     56  1.2    elad 	uid_t cr_euid;			/* effective user id */
     57  1.2    elad 	uid_t cr_svuid;			/* saved effective user id */
     58  1.2    elad 	gid_t cr_gid;			/* group id */
     59  1.2    elad 	gid_t cr_egid;			/* effective group id */
     60  1.2    elad 	gid_t cr_svgid;			/* saved effective group id */
     61  1.2    elad 	uint16_t cr_ngroups;		/* number of groups */
     62  1.2    elad 	gid_t cr_groups[NGROUPS];	/* group memberships */
     63  1.2    elad };
     64  1.2    elad 
     65  1.2    elad /*
     66  1.2    elad  * Listener.
     67  1.2    elad  */
     68  1.2    elad struct kauth_listener {
     69  1.2    elad 	kauth_scope_callback_t		func;		/* callback */
     70  1.2    elad 	kauth_scope_t			scope;		/* scope backpointer */
     71  1.2    elad 	uint32_t			refcnt;		/* reference count */
     72  1.2    elad 	SIMPLEQ_ENTRY(kauth_listener)	listener_next;	/* listener list */
     73  1.2    elad };
     74  1.2    elad 
     75  1.2    elad /*
     76  1.2    elad  * Scope.
     77  1.2    elad  */
     78  1.2    elad struct kauth_scope {
     79  1.2    elad 	const char		       *id;		/* scope name */
     80  1.2    elad 	void			       *cookie;		/* user cookie */
     81  1.2    elad 	uint32_t			nlisteners;	/* # of listeners */
     82  1.2    elad 	SIMPLEQ_HEAD(, kauth_listener)	listenq;	/* listener list */
     83  1.2    elad 	SIMPLEQ_ENTRY(kauth_scope)	next_scope;	/* scope list */
     84  1.2    elad };
     85  1.2    elad 
     86  1.6    yamt static POOL_INIT(kauth_scope_pool, sizeof(struct kauth_scope), 0, 0, 0,
     87  1.2    elad 	  "kauth_scopepl", &pool_allocator_nointr);
     88  1.6    yamt static POOL_INIT(kauth_listener_pool, sizeof(struct kauth_listener), 0, 0, 0,
     89  1.2    elad 	  "kauth_listenerpl", &pool_allocator_nointr);
     90  1.6    yamt static POOL_INIT(kauth_cred_pool, sizeof(struct kauth_cred), 0, 0, 0,
     91  1.2    elad 	  "kauth_credpl", &pool_allocator_nointr);
     92  1.2    elad 
     93  1.2    elad /* List of scopes and its lock. */
     94  1.6    yamt static SIMPLEQ_HEAD(, kauth_scope) scope_list;
     95  1.6    yamt static struct simplelock scopes_lock;
     96  1.2    elad 
     97  1.2    elad /* Built-in scopes: generic, process. */
     98  1.2    elad static kauth_scope_t kauth_builtin_scope_generic;
     99  1.2    elad static kauth_scope_t kauth_builtin_scope_process;
    100  1.2    elad 
    101  1.2    elad /* Allocate new, empty kauth credentials. */
    102  1.2    elad kauth_cred_t
    103  1.3    yamt kauth_cred_alloc(void)
    104  1.3    yamt {
    105  1.2    elad 	kauth_cred_t cred;
    106  1.2    elad 
    107  1.2    elad 	cred = pool_get(&kauth_cred_pool, PR_WAITOK);
    108  1.2    elad 	memset(cred, 0, sizeof(*cred));
    109  1.2    elad 	simple_lock_init(&cred->cr_lock);
    110  1.2    elad 	cred->cr_refcnt = 1;
    111  1.2    elad 
    112  1.2    elad 	return (cred);
    113  1.2    elad }
    114  1.2    elad 
    115  1.2    elad /* Increment reference count to cred. */
    116  1.2    elad void
    117  1.2    elad kauth_cred_hold(kauth_cred_t cred)
    118  1.2    elad {
    119  1.2    elad 	KASSERT(cred != NULL);
    120  1.2    elad 
    121  1.2    elad         simple_lock(&cred->cr_lock);
    122  1.2    elad         cred->cr_refcnt++;
    123  1.2    elad         simple_unlock(&cred->cr_lock);
    124  1.2    elad }
    125  1.2    elad 
    126  1.2    elad /* Decrease reference count to cred. If reached zero, free it. */
    127  1.2    elad void
    128  1.3    yamt kauth_cred_free(kauth_cred_t cred)
    129  1.3    yamt {
    130  1.2    elad 	KASSERT(cred != NULL);
    131  1.2    elad 
    132  1.2    elad 	simple_lock(&cred->cr_lock);
    133  1.2    elad 	cred->cr_refcnt--;
    134  1.2    elad 	simple_unlock(&cred->cr_lock);
    135  1.2    elad 
    136  1.2    elad 	if (cred->cr_refcnt == 0)
    137  1.5    yamt 		pool_put(&kauth_cred_pool, cred);
    138  1.2    elad }
    139  1.2    elad 
    140  1.2    elad void
    141  1.2    elad kauth_cred_clone(kauth_cred_t from, kauth_cred_t to)
    142  1.2    elad {
    143  1.2    elad 	KASSERT(from != NULL);
    144  1.2    elad 	KASSERT(to != NULL);
    145  1.2    elad 
    146  1.2    elad 	to->cr_uid = from->cr_uid;
    147  1.2    elad 	to->cr_euid = from->cr_euid;
    148  1.2    elad 	to->cr_svuid = from->cr_svuid;
    149  1.2    elad 	to->cr_gid = from->cr_gid;
    150  1.2    elad 	to->cr_egid = from->cr_egid;
    151  1.2    elad 	to->cr_svgid = from->cr_svgid;
    152  1.2    elad 	to->cr_ngroups = from->cr_ngroups;
    153  1.2    elad 	memcpy(to->cr_groups, from->cr_groups,
    154  1.2    elad 	       sizeof(to->cr_groups));
    155  1.2    elad }
    156  1.2    elad 
    157  1.2    elad /*
    158  1.2    elad  * Duplicate cred and return a new kauth_cred_t.
    159  1.2    elad  */
    160  1.2    elad kauth_cred_t
    161  1.2    elad kauth_cred_dup(kauth_cred_t cred)
    162  1.2    elad {
    163  1.2    elad 	kauth_cred_t new_cred;
    164  1.2    elad 
    165  1.2    elad 	KASSERT(cred != NULL);
    166  1.2    elad 
    167  1.2    elad 	new_cred = kauth_cred_alloc();
    168  1.2    elad 
    169  1.2    elad 	kauth_cred_clone(cred, new_cred);
    170  1.2    elad 
    171  1.2    elad 	return (new_cred);
    172  1.2    elad }
    173  1.2    elad 
    174  1.2    elad /*
    175  1.2    elad  * Similar to crcopy(), only on a kauth_cred_t.
    176  1.2    elad  * XXX: Is this even needed? [kauth_cred_copy]
    177  1.2    elad  */
    178  1.2    elad kauth_cred_t
    179  1.2    elad kauth_cred_copy(kauth_cred_t cred)
    180  1.2    elad {
    181  1.2    elad 	kauth_cred_t new_cred;
    182  1.2    elad 
    183  1.2    elad 	KASSERT(cred != NULL);
    184  1.2    elad 
    185  1.2    elad 	/* If the provided credentials already have one reference, use them. */
    186  1.2    elad 	if (cred->cr_refcnt == 1)
    187  1.2    elad 		return (cred);
    188  1.2    elad 
    189  1.2    elad 	new_cred = kauth_cred_alloc();
    190  1.2    elad 
    191  1.2    elad 	kauth_cred_clone(cred, new_cred);
    192  1.2    elad 
    193  1.2    elad 	kauth_cred_free(cred);
    194  1.2    elad 
    195  1.2    elad 	return (new_cred);
    196  1.2    elad }
    197  1.2    elad 
    198  1.2    elad uid_t
    199  1.2    elad kauth_cred_getuid(kauth_cred_t cred)
    200  1.2    elad {
    201  1.2    elad 	KASSERT(cred != NULL);
    202  1.2    elad 
    203  1.2    elad 	return (cred->cr_uid);
    204  1.2    elad }
    205  1.2    elad 
    206  1.2    elad uid_t
    207  1.2    elad kauth_cred_geteuid(kauth_cred_t cred)
    208  1.2    elad {
    209  1.2    elad 	KASSERT(cred != NULL);
    210  1.2    elad 
    211  1.2    elad 	return (cred->cr_euid);
    212  1.2    elad }
    213  1.2    elad 
    214  1.2    elad uid_t
    215  1.2    elad kauth_cred_getsvuid(kauth_cred_t cred)
    216  1.2    elad {
    217  1.2    elad 	KASSERT(cred != NULL);
    218  1.2    elad 
    219  1.2    elad 	return (cred->cr_svuid);
    220  1.2    elad }
    221  1.2    elad 
    222  1.2    elad gid_t
    223  1.2    elad kauth_cred_getgid(kauth_cred_t cred)
    224  1.2    elad {
    225  1.2    elad 	KASSERT(cred != NULL);
    226  1.2    elad 
    227  1.2    elad 	return (cred->cr_gid);
    228  1.2    elad }
    229  1.2    elad 
    230  1.2    elad gid_t
    231  1.2    elad kauth_cred_getegid(kauth_cred_t cred)
    232  1.2    elad {
    233  1.2    elad 	KASSERT(cred != NULL);
    234  1.2    elad 
    235  1.2    elad 	return (cred->cr_egid);
    236  1.2    elad }
    237  1.2    elad 
    238  1.2    elad gid_t
    239  1.2    elad kauth_cred_getsvgid(kauth_cred_t cred)
    240  1.2    elad {
    241  1.2    elad 	KASSERT(cred != NULL);
    242  1.2    elad 
    243  1.2    elad 	return (cred->cr_svgid);
    244  1.2    elad }
    245  1.2    elad 
    246  1.2    elad void
    247  1.2    elad kauth_cred_setuid(kauth_cred_t cred, uid_t uid)
    248  1.2    elad {
    249  1.2    elad 	KASSERT(cred != NULL);
    250  1.2    elad 
    251  1.2    elad 	cred->cr_uid = uid;
    252  1.2    elad }
    253  1.2    elad 
    254  1.2    elad void
    255  1.2    elad kauth_cred_seteuid(kauth_cred_t cred, uid_t uid)
    256  1.2    elad {
    257  1.2    elad 	KASSERT(cred != NULL);
    258  1.2    elad 
    259  1.2    elad 	cred->cr_euid = uid;
    260  1.2    elad }
    261  1.2    elad 
    262  1.2    elad void
    263  1.2    elad kauth_cred_setsvuid(kauth_cred_t cred, uid_t uid)
    264  1.2    elad {
    265  1.2    elad 	KASSERT(cred != NULL);
    266  1.2    elad 
    267  1.2    elad 	cred->cr_svuid = uid;
    268  1.2    elad }
    269  1.2    elad 
    270  1.2    elad void
    271  1.2    elad kauth_cred_setgid(kauth_cred_t cred, gid_t gid)
    272  1.2    elad {
    273  1.2    elad 	KASSERT(cred != NULL);
    274  1.2    elad 
    275  1.2    elad 	cred->cr_gid = gid;
    276  1.2    elad }
    277  1.2    elad 
    278  1.2    elad void
    279  1.2    elad kauth_cred_setegid(kauth_cred_t cred, gid_t gid)
    280  1.2    elad {
    281  1.2    elad 	KASSERT(cred != NULL);
    282  1.2    elad 
    283  1.2    elad 	cred->cr_egid = gid;
    284  1.2    elad }
    285  1.2    elad 
    286  1.2    elad void
    287  1.2    elad kauth_cred_setsvgid(kauth_cred_t cred, gid_t gid)
    288  1.2    elad {
    289  1.2    elad 	KASSERT(cred != NULL);
    290  1.2    elad 
    291  1.2    elad 	cred->cr_svgid = gid;
    292  1.2    elad }
    293  1.2    elad 
    294  1.2    elad /* Checks if gid is a member of the groups in cred. */
    295  1.2    elad int
    296  1.2    elad kauth_cred_ismember_gid(kauth_cred_t cred, gid_t gid, int *resultp)
    297  1.2    elad {
    298  1.2    elad 	int i;
    299  1.2    elad 
    300  1.2    elad 	KASSERT(cred != NULL);
    301  1.2    elad 	KASSERT(resultp != NULL);
    302  1.2    elad 
    303  1.2    elad 	*resultp = 0;
    304  1.2    elad 
    305  1.2    elad 	for (i = 0; i < cred->cr_ngroups; i++)
    306  1.2    elad 		if (cred->cr_groups[i] == gid) {
    307  1.2    elad 			*resultp = 1;
    308  1.2    elad 			break;
    309  1.2    elad 		}
    310  1.2    elad 
    311  1.2    elad 	return (0);
    312  1.2    elad }
    313  1.2    elad 
    314  1.2    elad uint16_t
    315  1.2    elad kauth_cred_ngroups(kauth_cred_t cred)
    316  1.2    elad {
    317  1.2    elad 	KASSERT(cred != NULL);
    318  1.2    elad 
    319  1.2    elad 	return (cred->cr_ngroups);
    320  1.2    elad }
    321  1.2    elad 
    322  1.2    elad /*
    323  1.2    elad  * Return the group at index idx from the groups in cred.
    324  1.2    elad  */
    325  1.2    elad gid_t
    326  1.2    elad kauth_cred_group(kauth_cred_t cred, uint16_t idx)
    327  1.2    elad {
    328  1.2    elad 	KASSERT(cred != NULL);
    329  1.2    elad 	KASSERT(idx < cred->cr_ngroups);
    330  1.2    elad 
    331  1.2    elad 	return (cred->cr_groups[idx]);
    332  1.2    elad }
    333  1.2    elad 
    334  1.2    elad /* XXX elad: gmuid is unused for now. */
    335  1.2    elad int
    336  1.2    elad kauth_cred_setgroups(kauth_cred_t cred, gid_t *grbuf, size_t len, uid_t gmuid)
    337  1.2    elad {
    338  1.2    elad 	KASSERT(cred != NULL);
    339  1.2    elad 	KASSERT(len < sizeof(cred->cr_groups) / sizeof(cred->cr_groups[0]));
    340  1.2    elad 
    341  1.2    elad 	simple_lock(&cred->cr_lock);
    342  1.2    elad 
    343  1.2    elad 	if (len)
    344  1.2    elad 		memcpy(cred->cr_groups, grbuf, len * sizeof(cred->cr_groups[0]));
    345  1.2    elad 	memset(cred->cr_groups + len, 0xff,
    346  1.2    elad 	    sizeof(cred->cr_groups) - (len * sizeof(cred->cr_groups[0])));
    347  1.2    elad 
    348  1.2    elad 	cred->cr_ngroups = len;
    349  1.2    elad 
    350  1.2    elad 	simple_unlock(&cred->cr_lock);
    351  1.2    elad 
    352  1.2    elad 	return (0);
    353  1.2    elad }
    354  1.2    elad 
    355  1.2    elad int
    356  1.2    elad kauth_cred_getgroups(kauth_cred_t cred, gid_t *grbuf, size_t len)
    357  1.2    elad {
    358  1.2    elad 	KASSERT(cred != NULL);
    359  1.2    elad 	KASSERT(len <= cred->cr_ngroups);
    360  1.2    elad 
    361  1.2    elad 	memset(grbuf, 0xff, sizeof(*grbuf) * len);
    362  1.2    elad 	simple_lock(&cred->cr_lock);
    363  1.2    elad 	memcpy(grbuf, cred->cr_groups, sizeof(*grbuf) * len);
    364  1.2    elad 	simple_unlock(&cred->cr_lock);
    365  1.2    elad 
    366  1.2    elad 	return (0);
    367  1.2    elad }
    368  1.2    elad 
    369  1.2    elad /*
    370  1.2    elad  * Match uids in two credentials. Checks if cred1 can access stuff owned by
    371  1.2    elad  * cred2.
    372  1.2    elad  * XXX: root bypasses this!
    373  1.2    elad  */
    374  1.2    elad static int
    375  1.2    elad kauth_cred_uidmatch(kauth_cred_t cred1, kauth_cred_t cred2)
    376  1.2    elad {
    377  1.2    elad 	KASSERT(cred1 != NULL);
    378  1.2    elad 	KASSERT(cred2 != NULL);
    379  1.2    elad 
    380  1.2    elad 	/* Are we root? */
    381  1.2    elad 	if (cred1->cr_euid == 0)
    382  1.2    elad 		return (1);
    383  1.2    elad 
    384  1.2    elad 	if (cred1->cr_uid == cred2->cr_uid ||
    385  1.2    elad 	    cred1->cr_euid == cred2->cr_uid ||
    386  1.2    elad 	    cred1->cr_uid == cred2->cr_euid ||
    387  1.2    elad 	    cred1->cr_euid == cred2->cr_euid)
    388  1.2    elad 		return (1);
    389  1.2    elad 
    390  1.2    elad 	return (0);
    391  1.2    elad }
    392  1.2    elad 
    393  1.2    elad uint32_t
    394  1.2    elad kauth_cred_getrefcnt(kauth_cred_t cred)
    395  1.2    elad {
    396  1.2    elad 	KASSERT(cred != NULL);
    397  1.2    elad 
    398  1.2    elad 	return (cred->cr_refcnt);
    399  1.2    elad }
    400  1.2    elad 
    401  1.2    elad /*
    402  1.2    elad  * Convert userland credentials (struct uucred) to kauth_cred_t.
    403  1.2    elad  * XXX: For NFS code.
    404  1.2    elad  */
    405  1.2    elad void
    406  1.2    elad kauth_cred_uucvt(kauth_cred_t cred, const struct uucred *uuc)
    407  1.2    elad {
    408  1.2    elad 	KASSERT(cred != NULL);
    409  1.2    elad 	KASSERT(uuc != NULL);
    410  1.2    elad 
    411  1.2    elad 	cred->cr_refcnt = 1;
    412  1.2    elad 	cred->cr_uid = uuc->cr_uid;
    413  1.2    elad 	cred->cr_euid = uuc->cr_uid;
    414  1.2    elad 	cred->cr_svuid = uuc->cr_uid;
    415  1.2    elad 	cred->cr_gid = uuc->cr_gid;
    416  1.2    elad 	cred->cr_egid = uuc->cr_gid;
    417  1.2    elad 	cred->cr_svgid = uuc->cr_gid;
    418  1.2    elad 	cred->cr_ngroups = min(uuc->cr_ngroups, NGROUPS);
    419  1.2    elad 	kauth_cred_setgroups(cred, __UNCONST(uuc->cr_groups),
    420  1.2    elad 	    cred->cr_ngroups, -1);
    421  1.2    elad }
    422  1.2    elad 
    423  1.2    elad /*
    424  1.2    elad  * Compare kauth_cred_t and uucred credentials.
    425  1.2    elad  * XXX: Modelled after crcmp() for NFS.
    426  1.2    elad  */
    427  1.2    elad int
    428  1.2    elad kauth_cred_uucmp(kauth_cred_t cred, const struct uucred *uuc)
    429  1.2    elad {
    430  1.2    elad 	KASSERT(cred != NULL);
    431  1.2    elad 	KASSERT(uuc != NULL);
    432  1.2    elad 
    433  1.2    elad 	if (cred->cr_euid == uuc->cr_uid &&
    434  1.2    elad 	    cred->cr_egid == uuc->cr_gid &&
    435  1.2    elad 	    cred->cr_ngroups == uuc->cr_ngroups) {
    436  1.2    elad 		int i;
    437  1.2    elad 
    438  1.2    elad 		/* Check if all groups from uuc appear in cred. */
    439  1.2    elad 		for (i = 0; i < uuc->cr_ngroups; i++) {
    440  1.2    elad 			int ismember;
    441  1.2    elad 
    442  1.2    elad 			ismember = 0;
    443  1.2    elad 			if (kauth_cred_ismember_gid(cred, uuc->cr_groups[i],
    444  1.2    elad 			    &ismember) != 0 || !ismember)
    445  1.4    yamt 				return (1);
    446  1.2    elad 		}
    447  1.2    elad 
    448  1.4    yamt 		return (0);
    449  1.2    elad 	}
    450  1.2    elad 
    451  1.4    yamt 	return (1);
    452  1.2    elad }
    453  1.2    elad 
    454  1.2    elad /*
    455  1.2    elad  * Make a struct ucred out of a kauth_cred_t.
    456  1.2    elad  * XXX: For sysctl.
    457  1.2    elad  */
    458  1.2    elad void
    459  1.2    elad kauth_cred_toucred(kauth_cred_t cred, struct ucred *uc)
    460  1.2    elad {
    461  1.2    elad 	KASSERT(cred != NULL);
    462  1.2    elad 	KASSERT(uc != NULL);
    463  1.2    elad 
    464  1.2    elad 	uc->cr_uid = cred->cr_euid;
    465  1.2    elad 	uc->cr_gid = cred->cr_egid;
    466  1.2    elad 	uc->cr_ngroups = min(cred->cr_ngroups,
    467  1.2    elad 			     sizeof(uc->cr_groups) / sizeof(uc->cr_groups[0]));
    468  1.2    elad 	memcpy(uc->cr_groups, cred->cr_groups,
    469  1.2    elad 	       uc->cr_ngroups * sizeof(uc->cr_groups[0]));
    470  1.2    elad }
    471  1.2    elad 
    472  1.2    elad /*
    473  1.2    elad  * Make a struct pcred out of a kauth_cred_t.
    474  1.2    elad  * XXX: For sysctl.
    475  1.2    elad  */
    476  1.2    elad void
    477  1.2    elad kauth_cred_topcred(kauth_cred_t cred, struct pcred *pc)
    478  1.2    elad {
    479  1.2    elad 	KASSERT(cred != NULL);
    480  1.2    elad 	KASSERT(pc != NULL);
    481  1.2    elad 
    482  1.2    elad 	pc->pc_ucred = (struct ucred *)cred; /* XXX this is just wrong */
    483  1.2    elad 	pc->p_ruid = cred->cr_uid;
    484  1.2    elad 	pc->p_svuid = cred->cr_svuid;
    485  1.2    elad 	pc->p_rgid = cred->cr_gid;
    486  1.2    elad 	pc->p_svgid = cred->cr_svgid;
    487  1.2    elad 	pc->p_refcnt = cred->cr_refcnt;
    488  1.2    elad }
    489  1.2    elad 
    490  1.2    elad /*
    491  1.2    elad  * Return kauth_cred_t for the current process.
    492  1.2    elad  */
    493  1.2    elad kauth_cred_t
    494  1.2    elad kauth_cred_get(void)
    495  1.2    elad {
    496  1.2    elad 	return (curproc->p_cred);
    497  1.2    elad }
    498  1.2    elad 
    499  1.2    elad /*
    500  1.2    elad  * Returns a scope matching the provided id.
    501  1.2    elad  * Requires the scope list lock to be held by the caller.
    502  1.2    elad  */
    503  1.2    elad static kauth_scope_t
    504  1.3    yamt kauth_ifindscope(const char *id)
    505  1.3    yamt {
    506  1.2    elad 	kauth_scope_t scope;
    507  1.2    elad 
    508  1.2    elad 	/* XXX: assert lock on scope list? */
    509  1.2    elad 
    510  1.2    elad 	scope = NULL;
    511  1.2    elad 	SIMPLEQ_FOREACH(scope, &scope_list, next_scope) {
    512  1.2    elad 		if (strcmp(scope->id, id) == 0)
    513  1.2    elad 			break;
    514  1.2    elad 	}
    515  1.2    elad 
    516  1.2    elad 	return (scope);
    517  1.2    elad }
    518  1.2    elad 
    519  1.2    elad /*
    520  1.2    elad  * Register a new scope.
    521  1.2    elad  *
    522  1.2    elad  * id - identifier for the scope
    523  1.2    elad  * callback - the scope's default listener
    524  1.2    elad  * cookie - cookie to be passed to the listener(s)
    525  1.2    elad  */
    526  1.2    elad kauth_scope_t
    527  1.2    elad kauth_register_scope(const char *id, kauth_scope_callback_t callback,
    528  1.2    elad 		     void *cookie)
    529  1.2    elad {
    530  1.2    elad 	kauth_scope_t scope;
    531  1.2    elad 	kauth_listener_t listener;
    532  1.2    elad 
    533  1.2    elad 	/* Sanitize input */
    534  1.2    elad 	if (id == NULL || callback == NULL)
    535  1.2    elad 		return (NULL);
    536  1.2    elad 
    537  1.2    elad 	/* Allocate space for a new scope and listener. */
    538  1.2    elad 	scope = pool_get(&kauth_scope_pool, PR_WAITOK);
    539  1.2    elad 	listener = pool_get(&kauth_listener_pool, PR_WAITOK);
    540  1.2    elad 
    541  1.2    elad 	/* Acquire scope list lock. */
    542  1.2    elad 	simple_lock(&scopes_lock);
    543  1.2    elad 
    544  1.2    elad 	/* Check we don't already have a scope with the same id */
    545  1.2    elad 	if (kauth_ifindscope(id) != NULL) {
    546  1.2    elad 		simple_unlock(&scopes_lock);
    547  1.2    elad 
    548  1.2    elad 		pool_put(&kauth_scope_pool, scope);
    549  1.2    elad 		pool_put(&kauth_listener_pool, listener);
    550  1.2    elad 
    551  1.2    elad 		return (NULL);
    552  1.2    elad 	}
    553  1.2    elad 
    554  1.2    elad 	/* Initialize new scope with parameters */
    555  1.2    elad 	scope->id = id;
    556  1.2    elad 	scope->cookie = cookie;
    557  1.2    elad 	scope->nlisteners = 1;
    558  1.2    elad 
    559  1.2    elad 	/* Add default listener */
    560  1.2    elad 	listener->func = callback;
    561  1.2    elad 	listener->scope = scope;
    562  1.2    elad 	listener->refcnt = 0;
    563  1.2    elad 	SIMPLEQ_INIT(&scope->listenq);
    564  1.2    elad 	SIMPLEQ_INSERT_HEAD(&scope->listenq, listener, listener_next);
    565  1.2    elad 
    566  1.2    elad 	/* Insert scope to scopes list */
    567  1.2    elad 	if (SIMPLEQ_EMPTY(&scope_list))
    568  1.2    elad 		SIMPLEQ_INSERT_HEAD(&scope_list, scope, next_scope);
    569  1.2    elad 	else
    570  1.2    elad 		SIMPLEQ_INSERT_TAIL(&scope_list, scope, next_scope);
    571  1.2    elad 
    572  1.2    elad 	simple_unlock(&scopes_lock);
    573  1.2    elad 
    574  1.2    elad 	return (scope);
    575  1.2    elad }
    576  1.2    elad 
    577  1.2    elad /*
    578  1.2    elad  * Initialize the kernel authorization subsystem.
    579  1.2    elad  *
    580  1.2    elad  * Initialize the scopes list lock.
    581  1.2    elad  * Register built-in scopes: generic, process.
    582  1.2    elad  */
    583  1.2    elad void
    584  1.2    elad kauth_init(void)
    585  1.2    elad {
    586  1.2    elad 	simple_lock_init(&scopes_lock);
    587  1.2    elad 
    588  1.2    elad 	/* Register generic scope. */
    589  1.2    elad 	kauth_builtin_scope_generic = kauth_register_scope(KAUTH_SCOPE_GENERIC,
    590  1.2    elad 	    kauth_authorize_cb_generic, NULL);
    591  1.2    elad 
    592  1.2    elad 	/* Register process scope. */
    593  1.2    elad 	kauth_builtin_scope_process = kauth_register_scope(KAUTH_SCOPE_PROCESS,
    594  1.2    elad 	    kauth_authorize_cb_process, NULL);
    595  1.2    elad }
    596  1.2    elad 
    597  1.2    elad /*
    598  1.2    elad  * Deregister a scope.
    599  1.2    elad  * Requires scope list lock to be held by the caller.
    600  1.2    elad  *
    601  1.2    elad  * scope - the scope to deregister
    602  1.2    elad  */
    603  1.2    elad void
    604  1.2    elad kauth_deregister_scope(kauth_scope_t scope)
    605  1.2    elad {
    606  1.2    elad 	if (scope != NULL) {
    607  1.2    elad 		/* Remove scope from list */
    608  1.2    elad 		SIMPLEQ_REMOVE(&scope_list, scope, kauth_scope, next_scope);
    609  1.2    elad 	}
    610  1.2    elad }
    611  1.2    elad 
    612  1.2    elad /*
    613  1.2    elad  * Register a listener.
    614  1.2    elad  *
    615  1.2    elad  * id - scope identifier.
    616  1.2    elad  * callback - the callback routine for the listener.
    617  1.2    elad  * cookie - cookie to pass unmoidfied to the callback.
    618  1.2    elad  */
    619  1.2    elad kauth_listener_t
    620  1.2    elad kauth_listen_scope(const char *id, kauth_scope_callback_t callback,
    621  1.2    elad 		   void *cookie)
    622  1.2    elad {
    623  1.2    elad 	kauth_scope_t scope;
    624  1.2    elad 	kauth_listener_t listener;
    625  1.2    elad 
    626  1.2    elad 	/* Find scope struct */
    627  1.2    elad 	simple_lock(&scopes_lock);
    628  1.2    elad 	scope = kauth_ifindscope(id);
    629  1.2    elad 	simple_unlock(&scopes_lock);
    630  1.2    elad 	if (scope == NULL)
    631  1.2    elad 		return (NULL);
    632  1.2    elad 
    633  1.2    elad 	/* Allocate listener */
    634  1.2    elad 	listener = pool_get(&kauth_listener_pool, PR_WAITOK);
    635  1.2    elad 
    636  1.2    elad 	/* Initialize listener with parameters */
    637  1.2    elad 	listener->func = callback;
    638  1.2    elad 	listener->refcnt = 0;
    639  1.2    elad 
    640  1.2    elad 	/* Add listener to scope */
    641  1.2    elad 	SIMPLEQ_INSERT_TAIL(&scope->listenq, listener, listener_next);
    642  1.2    elad 
    643  1.2    elad 	/* Raise number of listeners on scope. */
    644  1.2    elad 	scope->nlisteners++;
    645  1.2    elad 	listener->scope = scope;
    646  1.2    elad 
    647  1.2    elad 	return (listener);
    648  1.2    elad }
    649  1.2    elad 
    650  1.2    elad /*
    651  1.2    elad  * Deregister a listener.
    652  1.2    elad  *
    653  1.2    elad  * listener - listener reference as returned from kauth_listen_scope().
    654  1.2    elad  */
    655  1.2    elad void
    656  1.2    elad kauth_unlisten_scope(kauth_listener_t listener)
    657  1.2    elad {
    658  1.2    elad 	if (listener != NULL) {
    659  1.3    yamt 		SIMPLEQ_REMOVE(&listener->scope->listenq, listener,
    660  1.3    yamt 		    kauth_listener, listener_next);
    661  1.2    elad 		listener->scope->nlisteners--;
    662  1.2    elad 	}
    663  1.2    elad }
    664  1.2    elad 
    665  1.2    elad /*
    666  1.2    elad  * Authorize a request.
    667  1.2    elad  *
    668  1.2    elad  * scope - the scope of the request as defined by KAUTH_SCOPE_* or as
    669  1.2    elad  *	   returned from kauth_register_scope().
    670  1.2    elad  * credential - credentials of the user ("actor") making the request.
    671  1.2    elad  * action - request identifier.
    672  1.2    elad  * arg[0-3] - passed unmodified to listener(s).
    673  1.2    elad  */
    674  1.2    elad int
    675  1.2    elad kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred,
    676  1.2    elad 		       kauth_action_t action, void *arg0, void *arg1,
    677  1.2    elad 		       void *arg2, void *arg3)
    678  1.2    elad {
    679  1.2    elad 	kauth_listener_t listener;
    680  1.2    elad 	int error, allow, fail;
    681  1.2    elad 
    682  1.2    elad 	/* Sanitize input */
    683  1.2    elad 	if (scope == NULL || cred == NULL)
    684  1.2    elad 		return (EFAULT);
    685  1.2    elad 	if (!action)
    686  1.2    elad 		return (EINVAL);
    687  1.2    elad 
    688  1.2    elad 	/*
    689  1.2    elad 	 * Each scope is associated with at least one listener. We need to
    690  1.2    elad 	 * traverse that list of listeners, as long as they return either
    691  1.2    elad 	 * KAUTH_REQUEST_DEFER or KAUTH_REQUEST_ALLOW.
    692  1.2    elad 	 */
    693  1.2    elad 	fail = 0;
    694  1.2    elad 	allow = 0;
    695  1.2    elad 	SIMPLEQ_FOREACH(listener, &scope->listenq, listener_next) {
    696  1.2    elad 		error = listener->func(cred, action, scope->cookie, arg0,
    697  1.2    elad 				       arg1, arg2, arg3);
    698  1.2    elad 
    699  1.2    elad 		if (error == KAUTH_RESULT_ALLOW)
    700  1.2    elad 			allow = 1;
    701  1.2    elad 		else if (error == KAUTH_RESULT_DENY)
    702  1.2    elad 			fail = 1;
    703  1.2    elad 	}
    704  1.2    elad 
    705  1.2    elad 	return ((allow && !fail) ? 0 : EPERM);
    706  1.2    elad };
    707  1.2    elad 
    708  1.2    elad /*
    709  1.2    elad  * Generic scope default callback.
    710  1.2    elad  */
    711  1.2    elad int
    712  1.2    elad kauth_authorize_cb_generic(kauth_cred_t cred, kauth_action_t action,
    713  1.2    elad 			   void *cookie, void *arg0, void *arg1, void *arg2,
    714  1.2    elad 			   void *arg3)
    715  1.2    elad {
    716  1.2    elad 	int error;
    717  1.2    elad 
    718  1.2    elad 	error = KAUTH_RESULT_DEFER;
    719  1.2    elad 
    720  1.2    elad 	switch (action) {
    721  1.2    elad 	case KAUTH_GENERIC_ISSUSER:
    722  1.2    elad 		/* Check if credential belongs to superuser. */
    723  1.2    elad 		if (cred->cr_euid == 0) {
    724  1.2    elad 			u_short *acflag = (u_short *)arg0;
    725  1.2    elad 
    726  1.2    elad 			if (acflag != NULL)
    727  1.2    elad 				*acflag |= ASU;
    728  1.2    elad 
    729  1.2    elad 			error = KAUTH_RESULT_ALLOW;
    730  1.2    elad 		} else
    731  1.2    elad 			error = KAUTH_RESULT_DENY;
    732  1.2    elad 		break;
    733  1.2    elad 	}
    734  1.2    elad 
    735  1.2    elad 	return (error);
    736  1.2    elad }
    737  1.2    elad 
    738  1.2    elad /*
    739  1.2    elad  * Generic scope authorization wrapper.
    740  1.2    elad  */
    741  1.2    elad int
    742  1.2    elad kauth_authorize_generic(kauth_cred_t cred, kauth_action_t action, void *arg0)
    743  1.2    elad {
    744  1.2    elad 	return (kauth_authorize_action(kauth_builtin_scope_generic, cred,
    745  1.2    elad 	    action, arg0, NULL, NULL, NULL));
    746  1.2    elad }
    747  1.2    elad 
    748  1.2    elad /*
    749  1.2    elad  * Process scope default callback.
    750  1.2    elad  */
    751  1.2    elad int
    752  1.2    elad kauth_authorize_cb_process(kauth_cred_t cred, kauth_action_t action,
    753  1.2    elad 			   void *cookie, void *arg0, void *arg1, void *arg2,
    754  1.2    elad 			   void *arg3)
    755  1.2    elad {
    756  1.2    elad 	struct proc *p;
    757  1.2    elad 	int error;
    758  1.2    elad 
    759  1.2    elad 	error = KAUTH_RESULT_DEFER;
    760  1.2    elad 
    761  1.2    elad 	p = arg0;
    762  1.2    elad 
    763  1.2    elad 	switch (action) {
    764  1.2    elad 	case KAUTH_PROCESS_CANSIGNAL: {
    765  1.2    elad 		int signum;
    766  1.2    elad 
    767  1.7    yamt 		signum = (int)(unsigned long)arg1;
    768  1.2    elad 
    769  1.7    yamt 		if (kauth_cred_uidmatch(cred, p->p_cred) ||
    770  1.7    yamt 		    (signum == SIGCONT && (curproc->p_session == p->p_session)))
    771  1.2    elad 			error = KAUTH_RESULT_ALLOW;
    772  1.2    elad 		else
    773  1.2    elad 			error = KAUTH_RESULT_DEFER;
    774  1.2    elad 
    775  1.2    elad 		break;
    776  1.2    elad 		}
    777  1.2    elad 
    778  1.2    elad 	case KAUTH_PROCESS_CANPTRACE:
    779  1.7    yamt 		if (kauth_cred_uidmatch(cred, p->p_cred))
    780  1.2    elad 			error = KAUTH_RESULT_ALLOW;
    781  1.2    elad 		else
    782  1.2    elad 			error = KAUTH_RESULT_DENY;
    783  1.2    elad 		break;
    784  1.2    elad 
    785  1.2    elad 	case KAUTH_PROCESS_CANSEE:
    786  1.2    elad 		if (!security_curtain) {
    787  1.2    elad 			error = KAUTH_RESULT_ALLOW;
    788  1.2    elad 		} else {
    789  1.7    yamt 			if (kauth_cred_uidmatch(cred, p->p_cred))
    790  1.2    elad 				error = KAUTH_RESULT_ALLOW;
    791  1.2    elad 			else
    792  1.2    elad 				error = KAUTH_RESULT_DENY;
    793  1.2    elad 				/* arg2 - type of information [XXX NOTIMPL] */
    794  1.2    elad 		}
    795  1.2    elad 		break;
    796  1.2    elad 	}
    797  1.2    elad 
    798  1.2    elad 	return (error);
    799  1.2    elad }
    800  1.2    elad 
    801  1.2    elad /*
    802  1.2    elad  * Process scope authorization wrapper.
    803  1.2    elad  */
    804  1.2    elad int
    805  1.2    elad kauth_authorize_process(kauth_cred_t cred, kauth_action_t action,
    806  1.2    elad     struct proc *p, void *arg1, void *arg2, void *arg3)
    807  1.2    elad {
    808  1.2    elad 	return (kauth_authorize_action(kauth_builtin_scope_process, cred,
    809  1.2    elad 	    action, p, arg1, arg2, arg3));
    810  1.2    elad }
    811