Home | History | Annotate | Line # | Download | only in kern
kern_auth.c revision 1.1.2.24
      1 /* $NetBSD: kern_auth.c,v 1.1.2.24 2006/03/14 02:49:15 elad Exp $ */
      2 
      3 /*-
      4  * Copyright (c) 2005, 2006 Elad Efrat <elad (at) NetBSD.org>
      5  * All rights reserved.
      6  *
      7  * Redistribution and use in source and binary forms, with or without
      8  * modification, are permitted provided that the following conditions
      9  * are met:
     10  * 1. Redistributions of source code must retain the above copyright
     11  *    notice, this list of conditions and the following disclaimer.
     12  * 2. Redistributions in binary form must reproduce the above copyright
     13  *    notice, this list of conditions and the following disclaimer in the
     14  *    documentation and/or other materials provided with the distribution.
     15  * 3. All advertising materials mentioning features or use of this software
     16  *    must display the following acknowledgement:
     17  *      This product includes software developed by Elad Efrat.
     18  * 4. The name of the author may not be used to endorse or promote products
     19  *    derived from this software without specific prior written permission.
     20  *
     21  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     22  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     23  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     24  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     25  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     26  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     30  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     31  */
     32 
     33 /*
     34  * Todo:
     35  *   - Garbage collection to pool_put() unused scopes/listeners.
     36  */
     37 
     38 #include <sys/types.h>
     39 #include <sys/param.h>
     40 #include <sys/queue.h>
     41 #include <sys/time.h>
     42 #include <sys/proc.h>
     43 #include <sys/ucred.h>
     44 #include <sys/pool.h>
     45 #include <sys/kauth.h>
     46 #include <sys/acct.h>
     47 
     48 /*
     49  * Credentials.
     50  */
     51 struct kauth_cred {
     52 	struct simplelock cr_lock;	/* lock */
     53 	uint32_t cr_refcnt;		/* reference count */
     54 	uid_t cr_uid;			/* user id */
     55 	uid_t cr_euid;			/* effective user id */
     56 	uid_t cr_svuid;			/* saved effective user id */
     57 	gid_t cr_gid;			/* group id */
     58 	gid_t cr_egid;			/* effective group id */
     59 	gid_t cr_svgid;			/* saved effective group id */
     60 	uint16_t cr_ngroups;		/* number of groups */
     61 	gid_t cr_groups[NGROUPS];	/* group memberships */
     62 };
     63 
     64 /*
     65  * Listener.
     66  */
     67 struct kauth_listener {
     68 	kauth_scope_callback_t		func;		/* callback */
     69 	kauth_scope_t			scope;		/* scope backpointer */
     70 	uint32_t			refcnt;		/* reference count */
     71 	SIMPLEQ_ENTRY(kauth_listener)	listener_next;	/* listener list */
     72 };
     73 
     74 /*
     75  * Scope.
     76  */
     77 struct kauth_scope {
     78 	const char		       *id;		/* scope name */
     79 	void			       *cookie;		/* user cookie */
     80 	uint32_t			nlisteners;	/* # of listeners */
     81 	SIMPLEQ_HEAD(, kauth_listener)	listenq;	/* listener list */
     82 	SIMPLEQ_ENTRY(kauth_scope)	next_scope;	/* scope list */
     83 };
     84 
     85 POOL_INIT(kauth_scope_pool, sizeof(struct kauth_scope), 0, 0, 0,
     86 	  "kauth_scopepl", &pool_allocator_nointr);
     87 POOL_INIT(kauth_listener_pool, sizeof(struct kauth_listener), 0, 0, 0,
     88 	  "kauth_listenerpl", &pool_allocator_nointr);
     89 POOL_INIT(kauth_cred_pool, sizeof(struct kauth_cred), 0, 0, 0,
     90 	  "kauth_credpl", &pool_allocator_nointr);
     91 
     92 /* List of scopes and its lock. */
     93 SIMPLEQ_HEAD(, kauth_scope) scope_list;
     94 struct simplelock scopes_lock;
     95 
     96 /* Built-in scopes: generic, process. */
     97 static kauth_scope_t kauth_builtin_scope_generic;
     98 static kauth_scope_t kauth_builtin_scope_process;
     99 
    100 /* Allocate new, empty kauth credentials. */
    101 kauth_cred_t
    102 kauth_cred_alloc(void) {
    103 	kauth_cred_t cred;
    104 
    105 	cred = pool_get(&kauth_cred_pool, PR_WAITOK);
    106 	memset(cred, 0, sizeof(*cred));
    107 	simple_lock_init(&cred->cr_lock);
    108 	cred->cr_refcnt = 1;
    109 
    110 	return (cred);
    111 }
    112 
    113 /* Increment reference count to cred. */
    114 void
    115 kauth_cred_hold(kauth_cred_t cred)
    116 {
    117 	KASSERT(cred != NULL);
    118 
    119         simple_lock(&cred->cr_lock);
    120         cred->cr_refcnt++;
    121         simple_unlock(&cred->cr_lock);
    122 }
    123 
    124 void
    125 kauth_cred_destroy(kauth_cred_t cred)
    126 {
    127 	KASSERT(cred != NULL);
    128 
    129 	pool_put(&kauth_cred_pool, cred);
    130 }
    131 
    132 /* Decrease reference count to cred. If reached zero, free it. */
    133 void
    134 kauth_cred_free(kauth_cred_t cred) {
    135 	KASSERT(cred != NULL);
    136 
    137 	simple_lock(&cred->cr_lock);
    138 	cred->cr_refcnt--;
    139 	simple_unlock(&cred->cr_lock);
    140 
    141 	if (cred->cr_refcnt == 0)
    142 		kauth_cred_destroy(cred);
    143 }
    144 
    145 void
    146 kauth_cred_clone(kauth_cred_t from, kauth_cred_t to)
    147 {
    148 	KASSERT(from != NULL);
    149 	KASSERT(to != NULL);
    150 
    151 	to->cr_uid = from->cr_uid;
    152 	to->cr_euid = from->cr_euid;
    153 	to->cr_svuid = from->cr_svuid;
    154 	to->cr_gid = from->cr_gid;
    155 	to->cr_egid = from->cr_egid;
    156 	to->cr_svgid = from->cr_svgid;
    157 	to->cr_ngroups = from->cr_ngroups;
    158 	memcpy(to->cr_groups, from->cr_groups,
    159 	       sizeof(to->cr_groups));
    160 }
    161 
    162 /*
    163  * Duplicate cred and return a new kauth_cred_t.
    164  */
    165 kauth_cred_t
    166 kauth_cred_dup(kauth_cred_t cred)
    167 {
    168 	kauth_cred_t new_cred;
    169 
    170 	KASSERT(cred != NULL);
    171 
    172 	new_cred = kauth_cred_alloc();
    173 
    174 	kauth_cred_clone(cred, new_cred);
    175 
    176 	return (new_cred);
    177 }
    178 
    179 /*
    180  * Similar to crcopy(), only on a kauth_cred_t.
    181  * XXX: Is this even needed? [kauth_cred_copy]
    182  */
    183 kauth_cred_t
    184 kauth_cred_copy(kauth_cred_t cred)
    185 {
    186 	kauth_cred_t new_cred;
    187 
    188 	KASSERT(cred != NULL);
    189 
    190 	/* If the provided credentials already have one reference, use them. */
    191 	if (cred->cr_refcnt == 1)
    192 		return (cred);
    193 
    194 	new_cred = kauth_cred_alloc();
    195 
    196 	kauth_cred_clone(cred, new_cred);
    197 
    198 	kauth_cred_free(cred);
    199 
    200 	return (new_cred);
    201 }
    202 
    203 uid_t
    204 kauth_cred_getuid(kauth_cred_t cred)
    205 {
    206 	KASSERT(cred != NULL);
    207 
    208 	return (cred->cr_uid);
    209 }
    210 
    211 uid_t
    212 kauth_cred_geteuid(kauth_cred_t cred)
    213 {
    214 	KASSERT(cred != NULL);
    215 
    216 	return (cred->cr_euid);
    217 }
    218 
    219 uid_t
    220 kauth_cred_getsvuid(kauth_cred_t cred)
    221 {
    222 	KASSERT(cred != NULL);
    223 
    224 	return (cred->cr_svuid);
    225 }
    226 
    227 gid_t
    228 kauth_cred_getgid(kauth_cred_t cred)
    229 {
    230 	KASSERT(cred != NULL);
    231 
    232 	return (cred->cr_gid);
    233 }
    234 
    235 gid_t
    236 kauth_cred_getegid(kauth_cred_t cred)
    237 {
    238 	KASSERT(cred != NULL);
    239 
    240 	return (cred->cr_egid);
    241 }
    242 
    243 gid_t
    244 kauth_cred_getsvgid(kauth_cred_t cred)
    245 {
    246 	KASSERT(cred != NULL);
    247 
    248 	return (cred->cr_svgid);
    249 }
    250 
    251 void
    252 kauth_cred_setuid(kauth_cred_t cred, uid_t uid)
    253 {
    254 	KASSERT(cred != NULL);
    255 	KASSERT(uid >= 0 && uid <= UID_MAX);
    256 
    257 	cred->cr_uid = uid;
    258 }
    259 
    260 void
    261 kauth_cred_seteuid(kauth_cred_t cred, uid_t uid)
    262 {
    263 	KASSERT(cred != NULL);
    264 	KASSERT(uid >= 0 && uid <= UID_MAX);
    265 
    266 	cred->cr_euid = uid;
    267 }
    268 
    269 void
    270 kauth_cred_setsvuid(kauth_cred_t cred, uid_t uid)
    271 {
    272 	KASSERT(cred != NULL);
    273 	KASSERT(uid >= 0 && uid <= UID_MAX);
    274 
    275 	cred->cr_svuid = uid;
    276 }
    277 
    278 void
    279 kauth_cred_setgid(kauth_cred_t cred, gid_t gid)
    280 {
    281 	KASSERT(cred != NULL);
    282 	KASSERT(gid >= 0 && gid <= GID_MAX);
    283 
    284 	cred->cr_gid = gid;
    285 }
    286 
    287 void
    288 kauth_cred_setegid(kauth_cred_t cred, gid_t gid)
    289 {
    290 	KASSERT(cred != NULL);
    291 	KASSERT(gid >= 0 && gid <= GID_MAX);
    292 
    293 	cred->cr_egid = gid;
    294 }
    295 
    296 void
    297 kauth_cred_setsvgid(kauth_cred_t cred, gid_t gid)
    298 {
    299 	KASSERT(cred != NULL);
    300 	KASSERT(gid >= 0 && gid <= GID_MAX);
    301 
    302 	cred->cr_svgid = gid;
    303 }
    304 
    305 /* Checks if gid is a member of the groups in cred. */
    306 int
    307 kauth_cred_ismember_gid(kauth_cred_t cred, gid_t gid, int *resultp)
    308 {
    309 	int i;
    310 
    311 	KASSERT(cred != NULL);
    312 	KASSERT(gid >= 0 && gid <= GID_MAX);
    313 	KASSERT(resultp != NULL);
    314 
    315 	*resultp = 0;
    316 
    317 	for (i = 0; i < cred->cr_ngroups; i++)
    318 		if (cred->cr_groups[i] == gid) {
    319 			*resultp = 1;
    320 			break;
    321 		}
    322 
    323 	return (0);
    324 }
    325 
    326 uint16_t
    327 kauth_cred_ngroups(kauth_cred_t cred)
    328 {
    329 	KASSERT(cred != NULL);
    330 
    331 	return (cred->cr_ngroups);
    332 }
    333 
    334 /*
    335  * Return the group at index idx from the groups in cred.
    336  */
    337 gid_t
    338 kauth_cred_group(kauth_cred_t cred, uint16_t idx)
    339 {
    340 	KASSERT(cred != NULL);
    341 	KASSERT(idx < cred->cr_ngroups);
    342 
    343 	return (cred->cr_groups[idx]);
    344 }
    345 
    346 /* XXX elad: gmuid is unused for now. */
    347 int
    348 kauth_cred_setgroups(kauth_cred_t cred, gid_t *grbuf, size_t len, uid_t gmuid)
    349 {
    350 	KASSERT(cred != NULL);
    351 	KASSERT(len < sizeof(cred->cr_groups) / sizeof(cred->cr_groups[0]));
    352 
    353 	simple_lock(&cred->cr_lock);
    354 
    355 	if (len)
    356 		memcpy(cred->cr_groups, grbuf, len * sizeof(cred->cr_groups[0]));
    357 	memset(cred->cr_groups + len, 0xff,
    358 	    sizeof(cred->cr_groups) - (len * sizeof(cred->cr_groups[0])));
    359 
    360 	cred->cr_ngroups = len;
    361 
    362 	simple_unlock(&cred->cr_lock);
    363 
    364 	return (0);
    365 }
    366 
    367 int
    368 kauth_cred_getgroups(kauth_cred_t cred, gid_t *grbuf, size_t len)
    369 {
    370 	KASSERT(cred != NULL);
    371 	KASSERT(len <= cred->cr_ngroups);
    372 
    373 	memset(grbuf, 0xff, sizeof(*grbuf) * len);
    374 	simple_lock(&cred->cr_lock);
    375 	memcpy(grbuf, cred->cr_groups, sizeof(*grbuf) * len);
    376 	simple_unlock(&cred->cr_lock);
    377 
    378 	return (0);
    379 }
    380 
    381 /*
    382  * Match uids in two credentials. Checks if cred1 can access stuff owned by
    383  * cred2.
    384  * XXX: root bypasses this!
    385  */
    386 static int
    387 kauth_cred_uidmatch(kauth_cred_t cred1, kauth_cred_t cred2)
    388 {
    389 	KASSERT(cred1 != NULL);
    390 	KASSERT(cred2 != NULL);
    391 
    392 	/* Are we root? */
    393 	if (cred1->cr_euid == 0)
    394 		return (1);
    395 
    396 	if (cred1->cr_uid == cred2->cr_uid ||
    397 	    cred1->cr_euid == cred2->cr_uid ||
    398 	    cred1->cr_uid == cred2->cr_euid ||
    399 	    cred1->cr_euid == cred2->cr_euid)
    400 		return (1);
    401 
    402 	return (0);
    403 }
    404 
    405 uint32_t
    406 kauth_cred_getrefcnt(kauth_cred_t cred)
    407 {
    408 	KASSERT(cred != NULL);
    409 
    410 	return (cred->cr_refcnt);
    411 }
    412 
    413 /*
    414  * Convert userland credentials (struct uucred) to kauth_cred_t.
    415  * XXX: For NFS code.
    416  */
    417 void
    418 kauth_cred_uucvt(kauth_cred_t cred, const struct uucred *uuc)
    419 {
    420 	KASSERT(cred != NULL);
    421 	KASSERT(uuc != NULL);
    422 
    423 	cred->cr_refcnt = 1;
    424 	cred->cr_uid = uuc->cr_uid;
    425 	cred->cr_euid = uuc->cr_uid;
    426 	cred->cr_svuid = uuc->cr_uid;
    427 	cred->cr_gid = uuc->cr_gid;
    428 	cred->cr_egid = uuc->cr_gid;
    429 	cred->cr_svgid = uuc->cr_gid;
    430 	cred->cr_ngroups = min(uuc->cr_ngroups, NGROUPS);
    431 	kauth_cred_setgroups(cred, __UNCONST(uuc->cr_groups),
    432 	    cred->cr_ngroups, -1);
    433 }
    434 
    435 /*
    436  * Compare kauth_cred_t and uucred credentials.
    437  * XXX: Modelled after crcmp() for NFS.
    438  */
    439 int
    440 kauth_cred_uucmp(kauth_cred_t cred, const struct uucred *uuc)
    441 {
    442 	KASSERT(cred != NULL);
    443 	KASSERT(uuc != NULL);
    444 
    445 	if (cred->cr_euid == uuc->cr_uid &&
    446 	    cred->cr_egid == uuc->cr_gid &&
    447 	    cred->cr_ngroups == uuc->cr_ngroups) {
    448 		int i;
    449 
    450 		/* Check if all groups from uuc appear in cred. */
    451 		for (i = 0; i < uuc->cr_ngroups; i++) {
    452 			int ismember;
    453 
    454 			ismember = 0;
    455 			if (kauth_cred_ismember_gid(cred, uuc->cr_groups[i],
    456 			    &ismember) != 0 || !ismember)
    457 				return (0);
    458 		}
    459 
    460 		return (1);
    461 	}
    462 
    463 	return (0);
    464 }
    465 
    466 /*
    467  * Make a struct ucred out of a kauth_cred_t.
    468  * XXX: For sysctl.
    469  */
    470 void
    471 kauth_cred_toucred(kauth_cred_t cred, struct ucred *uc)
    472 {
    473 	KASSERT(cred != NULL);
    474 	KASSERT(uc != NULL);
    475 
    476 	uc->cr_uid = cred->cr_euid;
    477 	uc->cr_gid = cred->cr_egid;
    478 	uc->cr_ngroups = min(cred->cr_ngroups,
    479 			     sizeof(uc->cr_groups) / sizeof(uc->cr_groups[0]));
    480 	memcpy(uc->cr_groups, cred->cr_groups,
    481 	       uc->cr_ngroups * sizeof(uc->cr_groups[0]));
    482 }
    483 
    484 /*
    485  * Make a struct pcred out of a kauth_cred_t.
    486  * XXX: For sysctl.
    487  */
    488 void
    489 kauth_cred_topcred(kauth_cred_t cred, struct pcred *pc)
    490 {
    491 	KASSERT(cred != NULL);
    492 	KASSERT(pc != NULL);
    493 
    494 	pc->pc_ucred = (struct ucred *)cred; /* XXX this is just wrong */
    495 	pc->p_ruid = cred->cr_uid;
    496 	pc->p_svuid = cred->cr_svuid;
    497 	pc->p_rgid = cred->cr_gid;
    498 	pc->p_svgid = cred->cr_svgid;
    499 	pc->p_refcnt = cred->cr_refcnt;
    500 }
    501 
    502 /*
    503  * Return kauth_cred_t for the current process.
    504  */
    505 kauth_cred_t
    506 kauth_cred_get(void)
    507 {
    508 	return (curproc->p_cred);
    509 }
    510 
    511 /*
    512  * Returns a scope matching the provided id.
    513  * Requires the scope list lock to be held by the caller.
    514  */
    515 static kauth_scope_t
    516 kauth_ifindscope(const char *id) {
    517 	kauth_scope_t scope;
    518 
    519 	/* XXX: assert lock on scope list? */
    520 
    521 	scope = NULL;
    522 	SIMPLEQ_FOREACH(scope, &scope_list, next_scope) {
    523 		if (strcmp(scope->id, id) == 0)
    524 			break;
    525 	}
    526 
    527 	return (scope);
    528 }
    529 
    530 /*
    531  * Register a new scope.
    532  *
    533  * id - identifier for the scope
    534  * callback - the scope's default listener
    535  * cookie - cookie to be passed to the listener(s)
    536  */
    537 kauth_scope_t
    538 kauth_register_scope(const char *id, kauth_scope_callback_t callback,
    539 		     void *cookie)
    540 {
    541 	kauth_scope_t scope;
    542 	kauth_listener_t listener;
    543 
    544 	/* Sanitize input */
    545 	if (id == NULL || callback == NULL)
    546 		return (NULL);
    547 
    548 	/* Allocate space for a new scope and listener. */
    549 	scope = pool_get(&kauth_scope_pool, PR_WAITOK);
    550 	listener = pool_get(&kauth_listener_pool, PR_WAITOK);
    551 
    552 	/* Acquire scope list lock. */
    553 	simple_lock(&scopes_lock);
    554 
    555 	/* Check we don't already have a scope with the same id */
    556 	if (kauth_ifindscope(id) != NULL) {
    557 		simple_unlock(&scopes_lock);
    558 
    559 		pool_put(&kauth_scope_pool, scope);
    560 		pool_put(&kauth_listener_pool, listener);
    561 
    562 		return (NULL);
    563 	}
    564 
    565 	/* Initialize new scope with parameters */
    566 	scope->id = id;
    567 	scope->cookie = cookie;
    568 	scope->nlisteners = 1;
    569 
    570 	/* Add default listener */
    571 	listener->func = callback;
    572 	listener->scope = scope;
    573 	listener->refcnt = 0;
    574 	SIMPLEQ_INIT(&scope->listenq);
    575 	SIMPLEQ_INSERT_HEAD(&scope->listenq, listener, listener_next);
    576 
    577 	/* Insert scope to scopes list */
    578 	if (SIMPLEQ_EMPTY(&scope_list))
    579 		SIMPLEQ_INSERT_HEAD(&scope_list, scope, next_scope);
    580 	else
    581 		SIMPLEQ_INSERT_TAIL(&scope_list, scope, next_scope);
    582 
    583 	simple_unlock(&scopes_lock);
    584 
    585 	return (scope);
    586 }
    587 
    588 /*
    589  * Initialize the kernel authorization subsystem.
    590  *
    591  * Initialize the scopes list lock.
    592  * Register built-in scopes: generic, process.
    593  */
    594 void
    595 kauth_init(void)
    596 {
    597 	simple_lock_init(&scopes_lock);
    598 
    599 	/* Register generic scope. */
    600 	kauth_builtin_scope_generic = kauth_register_scope(KAUTH_SCOPE_GENERIC,
    601 	    kauth_authorize_cb_generic, NULL);
    602 
    603 	/* Register process scope. */
    604 	kauth_builtin_scope_process = kauth_register_scope(KAUTH_SCOPE_PROCESS,
    605 	    kauth_authorize_cb_process, NULL);
    606 }
    607 
    608 /*
    609  * Deregister a scope.
    610  * Requires scope list lock to be held by the caller.
    611  *
    612  * scope - the scope to deregister
    613  */
    614 void
    615 kauth_deregister_scope(kauth_scope_t scope)
    616 {
    617 	if (scope != NULL) {
    618 		/* Remove scope from list */
    619 		SIMPLEQ_REMOVE(&scope_list, scope, kauth_scope, next_scope);
    620 	}
    621 }
    622 
    623 /*
    624  * Register a listener.
    625  *
    626  * id - scope identifier.
    627  * callback - the callback routine for the listener.
    628  * cookie - cookie to pass unmoidfied to the callback.
    629  */
    630 kauth_listener_t
    631 kauth_listen_scope(const char *id, kauth_scope_callback_t callback,
    632 		   void *cookie)
    633 {
    634 	kauth_scope_t scope;
    635 	kauth_listener_t listener;
    636 
    637 	/* Find scope struct */
    638 	simple_lock(&scopes_lock);
    639 	scope = kauth_ifindscope(id);
    640 	simple_unlock(&scopes_lock);
    641 	if (scope == NULL)
    642 		return (NULL);
    643 
    644 	/* Allocate listener */
    645 	listener = pool_get(&kauth_listener_pool, PR_WAITOK);
    646 
    647 	/* Initialize listener with parameters */
    648 	listener->func = callback;
    649 	listener->refcnt = 0;
    650 
    651 	/* Add listener to scope */
    652 	SIMPLEQ_INSERT_TAIL(&scope->listenq, listener, listener_next);
    653 
    654 	/* Raise number of listeners on scope. */
    655 	scope->nlisteners++;
    656 	listener->scope = scope;
    657 
    658 	return (listener);
    659 }
    660 
    661 /*
    662  * Deregister a listener.
    663  *
    664  * listener - listener reference as returned from kauth_listen_scope().
    665  */
    666 void
    667 kauth_unlisten_scope(kauth_listener_t listener)
    668 {
    669 	if (listener != NULL) {
    670 		SIMPLEQ_REMOVE(&listener->scope->listenq, listener, kauth_listener,
    671 			       listener_next);
    672 		listener->scope->nlisteners--;
    673 	}
    674 }
    675 
    676 /*
    677  * Authorize a request.
    678  *
    679  * scope - the scope of the request as defined by KAUTH_SCOPE_* or as
    680  *	   returned from kauth_register_scope().
    681  * credential - credentials of the user ("actor") making the request.
    682  * action - request identifier.
    683  * arg[0-3] - passed unmodified to listener(s).
    684  */
    685 int
    686 kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred,
    687 		       kauth_action_t action, void *arg0, void *arg1,
    688 		       void *arg2, void *arg3)
    689 {
    690 	kauth_listener_t listener;
    691 	int error, allow, fail;
    692 
    693 	/* Sanitize input */
    694 	if (scope == NULL || cred == NULL)
    695 		return (EFAULT);
    696 	if (!action)
    697 		return (EINVAL);
    698 
    699 	/*
    700 	 * Each scope is associated with at least one listener. We need to
    701 	 * traverse that list of listeners, as long as they return either
    702 	 * KAUTH_REQUEST_DEFER or KAUTH_REQUEST_ALLOW.
    703 	 */
    704 	fail = 0;
    705 	allow = 0;
    706 	SIMPLEQ_FOREACH(listener, &scope->listenq, listener_next) {
    707 		error = listener->func(cred, action, scope->cookie, arg0,
    708 				       arg1, arg2, arg3);
    709 
    710 		if (error == KAUTH_RESULT_ALLOW)
    711 			allow = 1;
    712 		else if (error == KAUTH_RESULT_DENY)
    713 			fail = 1;
    714 	}
    715 
    716 	return ((allow && !fail) ? 0 : EPERM);
    717 };
    718 
    719 /*
    720  * Generic scope default callback.
    721  */
    722 int
    723 kauth_authorize_cb_generic(kauth_cred_t cred, kauth_action_t action,
    724 			   void *cookie, void *arg0, void *arg1, void *arg2,
    725 			   void *arg3)
    726 {
    727 	int error;
    728 
    729 	error = KAUTH_RESULT_DEFER;
    730 
    731 	switch (action) {
    732 	case KAUTH_GENERIC_ISSUSER:
    733 		/* Check if credential belongs to superuser. */
    734 		if (cred->cr_euid == 0) {
    735 			u_short *acflag = (u_short *)arg0;
    736 
    737 			if (acflag != NULL)
    738 				*acflag |= ASU;
    739 
    740 			error = KAUTH_RESULT_ALLOW;
    741 		} else
    742 			error = KAUTH_RESULT_DENY;
    743 		break;
    744 	}
    745 
    746 	return (error);
    747 }
    748 
    749 /*
    750  * Generic scope authorization wrapper.
    751  */
    752 int
    753 kauth_authorize_generic(kauth_cred_t cred, kauth_action_t action, void *arg0)
    754 {
    755 	return (kauth_authorize_action(kauth_builtin_scope_generic, cred,
    756 	    action, arg0, NULL, NULL, NULL));
    757 }
    758 
    759 /*
    760  * Process scope default callback.
    761  */
    762 int
    763 kauth_authorize_cb_process(kauth_cred_t cred, kauth_action_t action,
    764 			   void *cookie, void *arg0, void *arg1, void *arg2,
    765 			   void *arg3)
    766 {
    767 	struct proc *p;
    768 	kauth_cred_t cred2;
    769 	int error;
    770 
    771 	error = KAUTH_RESULT_DEFER;
    772 
    773 	p = arg0;
    774 	cred2 = arg1;
    775 
    776 	switch (action) {
    777 	case KAUTH_PROCESS_CANSIGNAL: {
    778 		struct proc *to;
    779 		int signum;
    780 
    781 		to = arg2;
    782 		signum = (int)(unsigned long)arg3;
    783 
    784 		if (kauth_cred_uidmatch(cred, cred2)  ||
    785 		    (signum == SIGCONT && (p->p_session == to->p_session)))
    786 			error = KAUTH_RESULT_ALLOW;
    787 		else
    788 			error = KAUTH_RESULT_DEFER;
    789 
    790 		break;
    791 		}
    792 
    793 	case KAUTH_PROCESS_CANPTRACE:
    794 		if (kauth_cred_uidmatch(cred, cred2))
    795 			error = KAUTH_RESULT_ALLOW;
    796 		else
    797 			error = KAUTH_RESULT_DENY;
    798 		break;
    799 
    800 	case KAUTH_PROCESS_CANSEE:
    801 		if (kauth_cred_uidmatch(cred, cred2))
    802 			error = KAUTH_RESULT_ALLOW;
    803 		else
    804 			error = KAUTH_RESULT_DENY;
    805 			/* arg2 - type of information [XXX NOTIMPL] */
    806 		break;
    807 	}
    808 
    809 	return (error);
    810 }
    811 
    812 /*
    813  * Process scope authorization wrapper.
    814  */
    815 int
    816 kauth_authorize_process(kauth_cred_t cred, kauth_action_t action,
    817     struct proc *p, void *arg1, void *arg2, void *arg3)
    818 {
    819 	return (kauth_authorize_action(kauth_builtin_scope_process, cred,
    820 	    action, p, arg1, arg2, arg3));
    821 }
    822