kern_prot.c revision 1.88.10.2
1 1.88.10.2 elad /* $NetBSD: kern_prot.c,v 1.88.10.2 2006/03/08 22:12:35 elad Exp $ */ 2 1.16 cgd 3 1.14 cgd /* 4 1.15 cgd * Copyright (c) 1982, 1986, 1989, 1990, 1991, 1993 5 1.15 cgd * The Regents of the University of California. All rights reserved. 6 1.14 cgd * (c) UNIX System Laboratories, Inc. 7 1.14 cgd * All or some portions of this file are derived from material licensed 8 1.14 cgd * to the University of California by American Telephone and Telegraph 9 1.14 cgd * Co. or Unix System Laboratories, Inc. and are reproduced herein with 10 1.14 cgd * the permission of UNIX System Laboratories, Inc. 11 1.14 cgd * 12 1.14 cgd * Redistribution and use in source and binary forms, with or without 13 1.14 cgd * modification, are permitted provided that the following conditions 14 1.14 cgd * are met: 15 1.14 cgd * 1. Redistributions of source code must retain the above copyright 16 1.14 cgd * notice, this list of conditions and the following disclaimer. 17 1.14 cgd * 2. Redistributions in binary form must reproduce the above copyright 18 1.14 cgd * notice, this list of conditions and the following disclaimer in the 19 1.14 cgd * documentation and/or other materials provided with the distribution. 20 1.80 agc * 3. Neither the name of the University nor the names of its contributors 21 1.14 cgd * may be used to endorse or promote products derived from this software 22 1.14 cgd * without specific prior written permission. 23 1.14 cgd * 24 1.14 cgd * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 1.14 cgd * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 1.14 cgd * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 1.14 cgd * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 1.14 cgd * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 1.14 cgd * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 1.14 cgd * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 1.14 cgd * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 1.14 cgd * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 1.14 cgd * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 1.14 cgd * SUCH DAMAGE. 35 1.14 cgd * 36 1.44 fvdl * @(#)kern_prot.c 8.9 (Berkeley) 2/14/95 37 1.14 cgd */ 38 1.14 cgd 39 1.14 cgd /* 40 1.14 cgd * System calls related to processes and protection 41 1.14 cgd */ 42 1.65 lukem 43 1.65 lukem #include <sys/cdefs.h> 44 1.88.10.2 elad __KERNEL_RCSID(0, "$NetBSD: kern_prot.c,v 1.88.10.2 2006/03/08 22:12:35 elad Exp $"); 45 1.45 thorpej 46 1.51 christos #include "opt_compat_43.h" 47 1.14 cgd 48 1.14 cgd #include <sys/param.h> 49 1.14 cgd #include <sys/acct.h> 50 1.14 cgd #include <sys/systm.h> 51 1.14 cgd #include <sys/ucred.h> 52 1.14 cgd #include <sys/proc.h> 53 1.14 cgd #include <sys/timeb.h> 54 1.14 cgd #include <sys/times.h> 55 1.82 simonb #include <sys/pool.h> 56 1.72 dsl #include <sys/syslog.h> 57 1.81 christos #include <sys/resourcevar.h> 58 1.14 cgd 59 1.19 cgd #include <sys/mount.h> 60 1.70 thorpej #include <sys/sa.h> 61 1.19 cgd #include <sys/syscallargs.h> 62 1.71 thorpej 63 1.88.10.1 elad #include <sys/malloc.h> 64 1.88.10.1 elad 65 1.82 simonb POOL_INIT(cred_pool, sizeof(struct ucred), 0, 0, 0, "credpl", 66 1.82 simonb &pool_allocator_nointr); 67 1.63 mycroft 68 1.70 thorpej int sys_getpid(struct lwp *, void *, register_t *); 69 1.70 thorpej int sys_getpid_with_ppid(struct lwp *, void *, register_t *); 70 1.70 thorpej int sys_getuid(struct lwp *, void *, register_t *); 71 1.70 thorpej int sys_getuid_with_euid(struct lwp *, void *, register_t *); 72 1.70 thorpej int sys_getgid(struct lwp *, void *, register_t *); 73 1.70 thorpej int sys_getgid_with_egid(struct lwp *, void *, register_t *); 74 1.32 christos 75 1.86 christos static int grsortu(gid_t *, int); 76 1.86 christos 77 1.14 cgd /* ARGSUSED */ 78 1.32 christos int 79 1.73 dsl sys_getpid(struct lwp *l, void *v, register_t *retval) 80 1.14 cgd { 81 1.70 thorpej struct proc *p = l->l_proc; 82 1.14 cgd 83 1.14 cgd *retval = p->p_pid; 84 1.62 mycroft return (0); 85 1.62 mycroft } 86 1.62 mycroft 87 1.62 mycroft /* ARGSUSED */ 88 1.62 mycroft int 89 1.73 dsl sys_getpid_with_ppid(struct lwp *l, void *v, register_t *retval) 90 1.62 mycroft { 91 1.70 thorpej struct proc *p = l->l_proc; 92 1.62 mycroft 93 1.62 mycroft retval[0] = p->p_pid; 94 1.62 mycroft retval[1] = p->p_pptr->p_pid; 95 1.14 cgd return (0); 96 1.14 cgd } 97 1.14 cgd 98 1.14 cgd /* ARGSUSED */ 99 1.32 christos int 100 1.73 dsl sys_getppid(struct lwp *l, void *v, register_t *retval) 101 1.14 cgd { 102 1.70 thorpej struct proc *p = l->l_proc; 103 1.14 cgd 104 1.14 cgd *retval = p->p_pptr->p_pid; 105 1.14 cgd return (0); 106 1.14 cgd } 107 1.14 cgd 108 1.14 cgd /* Get process group ID; note that POSIX getpgrp takes no parameter */ 109 1.32 christos int 110 1.73 dsl sys_getpgrp(struct lwp *l, void *v, register_t *retval) 111 1.14 cgd { 112 1.70 thorpej struct proc *p = l->l_proc; 113 1.14 cgd 114 1.14 cgd *retval = p->p_pgrp->pg_id; 115 1.14 cgd return (0); 116 1.43 thorpej } 117 1.43 thorpej 118 1.43 thorpej /* 119 1.43 thorpej * Return the process group ID of the session leader (session ID) 120 1.43 thorpej * for the specified process. 121 1.43 thorpej */ 122 1.43 thorpej int 123 1.73 dsl sys_getsid(struct lwp *l, void *v, register_t *retval) 124 1.43 thorpej { 125 1.43 thorpej struct sys_getsid_args /* { 126 1.43 thorpej syscalldarg(pid_t) pid; 127 1.43 thorpej } */ *uap = v; 128 1.70 thorpej struct proc *p = l->l_proc; 129 1.43 thorpej 130 1.43 thorpej if (SCARG(uap, pid) == 0) 131 1.43 thorpej goto found; 132 1.43 thorpej if ((p = pfind(SCARG(uap, pid))) == 0) 133 1.43 thorpej return (ESRCH); 134 1.43 thorpej found: 135 1.43 thorpej *retval = p->p_session->s_sid; 136 1.60 christos return (0); 137 1.36 mrg } 138 1.36 mrg 139 1.36 mrg int 140 1.73 dsl sys_getpgid(struct lwp *l, void *v, register_t *retval) 141 1.36 mrg { 142 1.56 augustss struct sys_getpgid_args /* { 143 1.36 mrg syscallarg(pid_t) pid; 144 1.36 mrg } */ *uap = v; 145 1.70 thorpej struct proc *p = l->l_proc; 146 1.36 mrg 147 1.36 mrg if (SCARG(uap, pid) == 0) 148 1.36 mrg goto found; 149 1.36 mrg if ((p = pfind(SCARG(uap, pid))) == 0) 150 1.36 mrg return (ESRCH); 151 1.36 mrg found: 152 1.36 mrg *retval = p->p_pgid; 153 1.60 christos return (0); 154 1.14 cgd } 155 1.14 cgd 156 1.14 cgd /* ARGSUSED */ 157 1.32 christos int 158 1.73 dsl sys_getuid(struct lwp *l, void *v, register_t *retval) 159 1.14 cgd { 160 1.70 thorpej struct proc *p = l->l_proc; 161 1.14 cgd 162 1.88.10.1 elad *retval = kauth_cred_getuid(p->p_cred); 163 1.62 mycroft return (0); 164 1.62 mycroft } 165 1.62 mycroft 166 1.62 mycroft /* ARGSUSED */ 167 1.62 mycroft int 168 1.73 dsl sys_getuid_with_euid(struct lwp *l, void *v, register_t *retval) 169 1.62 mycroft { 170 1.70 thorpej struct proc *p = l->l_proc; 171 1.62 mycroft 172 1.88.10.1 elad retval[0] = kauth_cred_getuid(p->p_cred); 173 1.88.10.1 elad retval[1] = kauth_cred_geteuid(p->p_cred); 174 1.14 cgd return (0); 175 1.14 cgd } 176 1.14 cgd 177 1.14 cgd /* ARGSUSED */ 178 1.32 christos int 179 1.73 dsl sys_geteuid(struct lwp *l, void *v, register_t *retval) 180 1.14 cgd { 181 1.70 thorpej struct proc *p = l->l_proc; 182 1.14 cgd 183 1.88.10.1 elad *retval = kauth_cred_geteuid(p->p_cred); 184 1.14 cgd return (0); 185 1.14 cgd } 186 1.14 cgd 187 1.14 cgd /* ARGSUSED */ 188 1.32 christos int 189 1.73 dsl sys_getgid(struct lwp *l, void *v, register_t *retval) 190 1.14 cgd { 191 1.70 thorpej struct proc *p = l->l_proc; 192 1.14 cgd 193 1.88.10.1 elad *retval = kauth_cred_getgid(p->p_cred); 194 1.62 mycroft return (0); 195 1.62 mycroft } 196 1.62 mycroft 197 1.62 mycroft /* ARGSUSED */ 198 1.62 mycroft int 199 1.73 dsl sys_getgid_with_egid(struct lwp *l, void *v, register_t *retval) 200 1.62 mycroft { 201 1.70 thorpej struct proc *p = l->l_proc; 202 1.62 mycroft 203 1.88.10.1 elad retval[0] = kauth_cred_getgid(p->p_cred); 204 1.88.10.1 elad retval[1] = kauth_cred_getegid(p->p_cred); 205 1.14 cgd return (0); 206 1.14 cgd } 207 1.14 cgd 208 1.14 cgd /* 209 1.14 cgd * Get effective group ID. The "egid" is groups[0], and could be obtained 210 1.14 cgd * via getgroups. This syscall exists because it is somewhat painful to do 211 1.14 cgd * correctly in a library function. 212 1.14 cgd */ 213 1.14 cgd /* ARGSUSED */ 214 1.32 christos int 215 1.73 dsl sys_getegid(struct lwp *l, void *v, register_t *retval) 216 1.14 cgd { 217 1.70 thorpej struct proc *p = l->l_proc; 218 1.75 enami 219 1.88.10.1 elad *retval = kauth_cred_getegid(p->p_cred); 220 1.14 cgd return (0); 221 1.14 cgd } 222 1.14 cgd 223 1.32 christos int 224 1.73 dsl sys_getgroups(struct lwp *l, void *v, register_t *retval) 225 1.29 thorpej { 226 1.56 augustss struct sys_getgroups_args /* { 227 1.41 thorpej syscallarg(int) gidsetsize; 228 1.19 cgd syscallarg(gid_t *) gidset; 229 1.29 thorpej } */ *uap = v; 230 1.70 thorpej struct proc *p = l->l_proc; 231 1.88.10.1 elad kauth_cred_t pc = p->p_cred; 232 1.69 thorpej u_int ngrp; 233 1.14 cgd int error; 234 1.88.10.1 elad gid_t *grbuf; 235 1.88.10.1 elad int i; 236 1.14 cgd 237 1.69 thorpej if (SCARG(uap, gidsetsize) == 0) { 238 1.88.10.1 elad *retval = kauth_cred_ngroups(pc); 239 1.14 cgd return (0); 240 1.69 thorpej } else if (SCARG(uap, gidsetsize) < 0) 241 1.69 thorpej return (EINVAL); 242 1.69 thorpej ngrp = SCARG(uap, gidsetsize); 243 1.88.10.1 elad if (ngrp < kauth_cred_ngroups(pc)) 244 1.14 cgd return (EINVAL); 245 1.88.10.1 elad ngrp = kauth_cred_ngroups(pc); 246 1.88.10.1 elad 247 1.88.10.1 elad /* XXX elad - this is ugly */ 248 1.88.10.1 elad grbuf = malloc(ngrp * sizeof(*grbuf), M_TEMP, M_WAITOK); 249 1.88.10.1 elad for (i = 0; i < ngrp; i++) 250 1.88.10.1 elad grbuf[i] = kauth_cred_group(pc, i); 251 1.88.10.1 elad error = copyout(grbuf, (caddr_t)SCARG(uap, gidset), 252 1.88.10.1 elad ngrp * sizeof(gid_t)); 253 1.88.10.1 elad free(grbuf, M_TEMP); 254 1.32 christos if (error) 255 1.14 cgd return (error); 256 1.14 cgd *retval = ngrp; 257 1.14 cgd return (0); 258 1.14 cgd } 259 1.14 cgd 260 1.14 cgd /* ARGSUSED */ 261 1.32 christos int 262 1.73 dsl sys_setsid(struct lwp *l, void *v, register_t *retval) 263 1.14 cgd { 264 1.70 thorpej struct proc *p = l->l_proc; 265 1.14 cgd 266 1.14 cgd if (p->p_pgid == p->p_pid || pgfind(p->p_pid)) { 267 1.14 cgd return (EPERM); 268 1.14 cgd } else { 269 1.15 cgd (void)enterpgrp(p, p->p_pid, 1); 270 1.14 cgd *retval = p->p_pid; 271 1.14 cgd return (0); 272 1.14 cgd } 273 1.14 cgd } 274 1.14 cgd 275 1.14 cgd /* 276 1.14 cgd * set process group (setpgid/old setpgrp) 277 1.14 cgd * 278 1.14 cgd * caller does setpgid(targpid, targpgid) 279 1.14 cgd * 280 1.39 mikel * pgid must be in valid range (EINVAL) 281 1.14 cgd * pid must be caller or child of caller (ESRCH) 282 1.14 cgd * if a child 283 1.14 cgd * pid must be in same session (EPERM) 284 1.14 cgd * pid can't have done an exec (EACCES) 285 1.14 cgd * if pgid != pid 286 1.14 cgd * there must exist some pid in same session having pgid (EPERM) 287 1.14 cgd * pid must not be session leader (EPERM) 288 1.77 dsl * 289 1.77 dsl * Permission checks now in enterpgrp() 290 1.14 cgd */ 291 1.14 cgd /* ARGSUSED */ 292 1.32 christos int 293 1.73 dsl sys_setpgid(struct lwp *l, void *v, register_t *retval) 294 1.29 thorpej { 295 1.56 augustss struct sys_setpgid_args /* { 296 1.19 cgd syscallarg(int) pid; 297 1.19 cgd syscallarg(int) pgid; 298 1.29 thorpej } */ *uap = v; 299 1.70 thorpej struct proc *curp = l->l_proc; 300 1.56 augustss struct proc *targp; /* target process */ 301 1.14 cgd 302 1.39 mikel if (SCARG(uap, pgid) < 0) 303 1.77 dsl return EINVAL; 304 1.14 cgd 305 1.77 dsl /* XXX MP - there is a horrid race here with targp exiting! */ 306 1.19 cgd if (SCARG(uap, pid) != 0 && SCARG(uap, pid) != curp->p_pid) { 307 1.77 dsl targp = pfind(SCARG(uap, pid)); 308 1.77 dsl if (targp == NULL) 309 1.77 dsl return ESRCH; 310 1.14 cgd } else 311 1.14 cgd targp = curp; 312 1.77 dsl 313 1.19 cgd if (SCARG(uap, pgid) == 0) 314 1.19 cgd SCARG(uap, pgid) = targp->p_pid; 315 1.77 dsl return enterpgrp(targp, SCARG(uap, pgid), 0); 316 1.14 cgd } 317 1.14 cgd 318 1.76 dsl /* 319 1.76 dsl * Set real, effective and saved uids to the requested values. 320 1.76 dsl * non-root callers can only ever change uids to values that match 321 1.76 dsl * one of the processes current uid values. 322 1.76 dsl * This is further restricted by the flags argument. 323 1.76 dsl */ 324 1.76 dsl 325 1.76 dsl int 326 1.76 dsl do_setresuid(struct lwp *l, uid_t r, uid_t e, uid_t sv, u_int flags) 327 1.76 dsl { 328 1.76 dsl int error; 329 1.76 dsl struct proc *p = l->l_proc; 330 1.88.10.1 elad kauth_cred_t cred = p->p_cred; 331 1.76 dsl 332 1.76 dsl /* Superuser can do anything it wants to.... */ 333 1.88.10.1 elad error = generic_authorize(cred, KAUTH_GENERIC_ISSUSER, &p->p_acflag); 334 1.76 dsl if (error) { 335 1.76 dsl /* Otherwise check new value is one of the allowed 336 1.76 dsl existing values. */ 337 1.88.10.1 elad if (r != -1 && !((flags & ID_R_EQ_R) && r == kauth_cred_getuid(cred)) 338 1.88.10.1 elad && !((flags & ID_R_EQ_E) && r == kauth_cred_geteuid(cred)) 339 1.88.10.1 elad && !((flags & ID_R_EQ_S) && r == kauth_cred_getsvuid(cred))) 340 1.76 dsl return error; 341 1.88.10.1 elad if (e != -1 && !((flags & ID_E_EQ_R) && e == kauth_cred_getuid(cred)) 342 1.88.10.1 elad && !((flags & ID_E_EQ_E) && e == kauth_cred_geteuid(cred)) 343 1.88.10.1 elad && !((flags & ID_E_EQ_S) && e == kauth_cred_getsvuid(cred))) 344 1.76 dsl return error; 345 1.88.10.1 elad if (sv != -1 && !((flags & ID_S_EQ_R) && sv == kauth_cred_getuid(cred)) 346 1.88.10.1 elad && !((flags & ID_S_EQ_E) && sv == kauth_cred_geteuid(cred)) 347 1.88.10.1 elad && !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvuid(cred))) 348 1.76 dsl return error; 349 1.76 dsl } 350 1.76 dsl 351 1.76 dsl /* If nothing has changed, short circuit the request */ 352 1.88.10.1 elad if ((r == -1 || r == kauth_cred_getuid(cred)) 353 1.88.10.1 elad && (e == -1 || e == kauth_cred_geteuid(cred)) 354 1.88.10.1 elad && (sv == -1 || sv == kauth_cred_getsvuid(cred))) 355 1.76 dsl /* nothing to do */ 356 1.76 dsl return 0; 357 1.76 dsl 358 1.76 dsl /* The pcred structure is not actually shared... */ 359 1.88.10.1 elad if (r != -1 && r != kauth_cred_getuid(cred)) { 360 1.76 dsl /* Update count of processes for this user */ 361 1.88.10.1 elad (void)chgproccnt(kauth_cred_getuid(cred), -1); 362 1.76 dsl (void)chgproccnt(r, 1); 363 1.88.10.1 elad kauth_cred_setuid(cred, r); 364 1.76 dsl } 365 1.76 dsl if (sv != -1) 366 1.88.10.1 elad kauth_cred_setsvuid(cred, sv); 367 1.88.10.1 elad if (e != -1 && e != kauth_cred_geteuid(cred)) { 368 1.76 dsl /* Update a clone of the current credentials */ 369 1.88.10.2 elad cred = kauth_cred_copy(cred); 370 1.88.10.1 elad kauth_cred_seteuid(cred, e); 371 1.88.10.2 elad p->p_cred = cred; 372 1.76 dsl } 373 1.76 dsl 374 1.76 dsl /* Mark process as having changed credentials, stops tracing etc */ 375 1.76 dsl p_sugid(p); 376 1.76 dsl return 0; 377 1.76 dsl } 378 1.76 dsl 379 1.76 dsl /* 380 1.76 dsl * Set real, effective and saved gids to the requested values. 381 1.76 dsl * non-root callers can only ever change gids to values that match 382 1.76 dsl * one of the processes current gid values. 383 1.76 dsl * This is further restricted by the flags argument. 384 1.76 dsl */ 385 1.76 dsl 386 1.76 dsl int 387 1.76 dsl do_setresgid(struct lwp *l, gid_t r, gid_t e, gid_t sv, u_int flags) 388 1.76 dsl { 389 1.76 dsl int error; 390 1.76 dsl struct proc *p = l->l_proc; 391 1.88.10.1 elad kauth_cred_t cred = p->p_cred; 392 1.76 dsl 393 1.76 dsl /* Superuser can do anything it wants to.... */ 394 1.88.10.1 elad error = generic_authorize(cred, KAUTH_GENERIC_ISSUSER, &p->p_acflag); 395 1.76 dsl if (error) { 396 1.76 dsl /* Otherwise check new value is one of the allowed 397 1.76 dsl existing values. */ 398 1.88.10.1 elad if (r != -1 && !((flags & ID_R_EQ_R) && r == kauth_cred_getgid(cred)) 399 1.88.10.1 elad && !((flags & ID_R_EQ_E) && r == kauth_cred_getegid(cred)) 400 1.88.10.1 elad && !((flags & ID_R_EQ_S) && r == kauth_cred_getsvgid(cred))) 401 1.76 dsl return error; 402 1.88.10.1 elad if (e != -1 && !((flags & ID_E_EQ_R) && e == kauth_cred_getgid(cred)) 403 1.88.10.1 elad && !((flags & ID_E_EQ_E) && e == kauth_cred_getegid(cred)) 404 1.88.10.1 elad && !((flags & ID_E_EQ_S) && e == kauth_cred_getsvgid(cred))) 405 1.76 dsl return error; 406 1.88.10.1 elad if (sv != -1 && !((flags & ID_S_EQ_R) && sv == kauth_cred_getgid(cred)) 407 1.88.10.1 elad && !((flags & ID_S_EQ_E) && sv == kauth_cred_getegid(cred)) 408 1.88.10.1 elad && !((flags & ID_S_EQ_S) && sv == kauth_cred_getsvgid(cred))) 409 1.76 dsl return error; 410 1.76 dsl } 411 1.76 dsl 412 1.76 dsl /* If nothing has changed, short circuit the request */ 413 1.88.10.1 elad if ((r == -1 || r == kauth_cred_getgid(cred)) 414 1.88.10.1 elad && (e == -1 || e == kauth_cred_getegid(cred)) 415 1.88.10.1 elad && (sv == -1 || sv == kauth_cred_getsvgid(cred))) 416 1.76 dsl /* nothing to do */ 417 1.76 dsl return 0; 418 1.76 dsl 419 1.76 dsl /* The pcred structure is not actually shared... */ 420 1.76 dsl if (r != -1) 421 1.88.10.1 elad kauth_cred_setgid(cred, r); 422 1.76 dsl if (sv != -1) 423 1.88.10.1 elad kauth_cred_setsvgid(cred, sv); 424 1.88.10.1 elad if (e != -1 && e != kauth_cred_getegid(cred)) { 425 1.76 dsl /* Update a clone of the current credentials */ 426 1.88.10.2 elad cred = kauth_cred_copy(cred); 427 1.88.10.1 elad kauth_cred_setegid(cred, e); 428 1.88.10.2 elad p->p_cred = cred; 429 1.76 dsl } 430 1.76 dsl 431 1.76 dsl /* Mark process as having changed credentials, stops tracing etc */ 432 1.76 dsl p_sugid(p); 433 1.76 dsl return 0; 434 1.76 dsl } 435 1.76 dsl 436 1.14 cgd /* ARGSUSED */ 437 1.32 christos int 438 1.73 dsl sys_setuid(struct lwp *l, void *v, register_t *retval) 439 1.29 thorpej { 440 1.30 mycroft struct sys_setuid_args /* { 441 1.19 cgd syscallarg(uid_t) uid; 442 1.29 thorpej } */ *uap = v; 443 1.76 dsl uid_t uid = SCARG(uap, uid); 444 1.14 cgd 445 1.76 dsl return do_setresuid(l, uid, uid, uid, 446 1.76 dsl ID_R_EQ_R | ID_E_EQ_R | ID_S_EQ_R); 447 1.14 cgd } 448 1.14 cgd 449 1.14 cgd /* ARGSUSED */ 450 1.32 christos int 451 1.73 dsl sys_seteuid(struct lwp *l, void *v, register_t *retval) 452 1.29 thorpej { 453 1.30 mycroft struct sys_seteuid_args /* { 454 1.19 cgd syscallarg(uid_t) euid; 455 1.29 thorpej } */ *uap = v; 456 1.59 christos 457 1.76 dsl return do_setresuid(l, -1, SCARG(uap, euid), -1, ID_E_EQ_R | ID_E_EQ_S); 458 1.14 cgd } 459 1.14 cgd 460 1.35 mycroft int 461 1.73 dsl sys_setreuid(struct lwp *l, void *v, register_t *retval) 462 1.35 mycroft { 463 1.35 mycroft struct sys_setreuid_args /* { 464 1.35 mycroft syscallarg(uid_t) ruid; 465 1.35 mycroft syscallarg(uid_t) euid; 466 1.35 mycroft } */ *uap = v; 467 1.70 thorpej struct proc *p = l->l_proc; 468 1.76 dsl uid_t ruid, euid, svuid; 469 1.35 mycroft 470 1.35 mycroft ruid = SCARG(uap, ruid); 471 1.35 mycroft euid = SCARG(uap, euid); 472 1.76 dsl if (ruid == -1) 473 1.88.10.1 elad ruid = kauth_cred_getuid(p->p_cred); 474 1.76 dsl if (euid == -1) 475 1.88.10.1 elad euid = kauth_cred_geteuid(p->p_cred); 476 1.76 dsl /* Saved uid is set to the new euid if the ruid changed */ 477 1.88.10.1 elad svuid = (ruid == kauth_cred_getuid(p->p_cred)) ? -1 : euid; 478 1.76 dsl 479 1.76 dsl return do_setresuid(l, ruid, euid, svuid, 480 1.76 dsl ID_R_EQ_R | ID_R_EQ_E | 481 1.76 dsl ID_E_EQ_R | ID_E_EQ_E | ID_E_EQ_S | 482 1.76 dsl ID_S_EQ_R | ID_S_EQ_E | ID_S_EQ_S); 483 1.35 mycroft } 484 1.35 mycroft 485 1.14 cgd /* ARGSUSED */ 486 1.32 christos int 487 1.73 dsl sys_setgid(struct lwp *l, void *v, register_t *retval) 488 1.29 thorpej { 489 1.30 mycroft struct sys_setgid_args /* { 490 1.19 cgd syscallarg(gid_t) gid; 491 1.29 thorpej } */ *uap = v; 492 1.76 dsl gid_t gid = SCARG(uap, gid); 493 1.14 cgd 494 1.76 dsl return do_setresgid(l, gid, gid, gid, 495 1.76 dsl ID_R_EQ_R | ID_E_EQ_R | ID_S_EQ_R); 496 1.14 cgd } 497 1.14 cgd 498 1.14 cgd /* ARGSUSED */ 499 1.32 christos int 500 1.73 dsl sys_setegid(struct lwp *l, void *v, register_t *retval) 501 1.29 thorpej { 502 1.30 mycroft struct sys_setegid_args /* { 503 1.19 cgd syscallarg(gid_t) egid; 504 1.29 thorpej } */ *uap = v; 505 1.14 cgd 506 1.76 dsl return do_setresgid(l, -1, SCARG(uap, egid), -1, ID_E_EQ_R | ID_E_EQ_S); 507 1.35 mycroft } 508 1.35 mycroft 509 1.35 mycroft int 510 1.73 dsl sys_setregid(struct lwp *l, void *v, register_t *retval) 511 1.35 mycroft { 512 1.35 mycroft struct sys_setregid_args /* { 513 1.35 mycroft syscallarg(gid_t) rgid; 514 1.35 mycroft syscallarg(gid_t) egid; 515 1.35 mycroft } */ *uap = v; 516 1.70 thorpej struct proc *p = l->l_proc; 517 1.76 dsl gid_t rgid, egid, svgid; 518 1.35 mycroft 519 1.35 mycroft rgid = SCARG(uap, rgid); 520 1.35 mycroft egid = SCARG(uap, egid); 521 1.76 dsl if (rgid == -1) 522 1.88.10.1 elad rgid = kauth_cred_getgid(p->p_cred); 523 1.76 dsl if (egid == -1) 524 1.88.10.1 elad egid = kauth_cred_getegid(p->p_cred); 525 1.76 dsl /* Saved gid is set to the new egid if the rgid changed */ 526 1.88.10.1 elad svgid = rgid == kauth_cred_getgid(p->p_cred) ? -1 : egid; 527 1.76 dsl 528 1.76 dsl return do_setresgid(l, rgid, egid, svgid, 529 1.76 dsl ID_R_EQ_R | ID_R_EQ_E | 530 1.76 dsl ID_E_EQ_R | ID_E_EQ_E | ID_E_EQ_S | 531 1.76 dsl ID_S_EQ_R | ID_S_EQ_E | ID_S_EQ_S); 532 1.57 minoura } 533 1.57 minoura 534 1.57 minoura int 535 1.73 dsl sys_issetugid(struct lwp *l, void *v, register_t *retval) 536 1.57 minoura { 537 1.70 thorpej struct proc *p = l->l_proc; 538 1.75 enami 539 1.57 minoura /* 540 1.57 minoura * Note: OpenBSD sets a P_SUGIDEXEC flag set at execve() time, 541 1.57 minoura * we use P_SUGID because we consider changing the owners as 542 1.57 minoura * "tainting" as well. 543 1.57 minoura * This is significant for procs that start as root and "become" 544 1.57 minoura * a user without an exec - programs cannot know *everything* 545 1.57 minoura * that libc *might* have put in their data segment. 546 1.57 minoura */ 547 1.57 minoura *retval = (p->p_flag & P_SUGID) != 0; 548 1.60 christos return (0); 549 1.14 cgd } 550 1.14 cgd 551 1.86 christos /* 552 1.86 christos * sort -u for groups. 553 1.86 christos */ 554 1.86 christos static int 555 1.86 christos grsortu(gid_t *grp, int ngrp) 556 1.86 christos { 557 1.87 rillig const gid_t *src, *end; 558 1.87 rillig gid_t *dst; 559 1.87 rillig gid_t group; 560 1.87 rillig int i, j; 561 1.86 christos 562 1.86 christos /* bubble sort */ 563 1.86 christos for (i = 0; i < ngrp; i++) 564 1.86 christos for (j = i + 1; j < ngrp; j++) 565 1.86 christos if (grp[i] > grp[j]) { 566 1.86 christos gid_t tmp = grp[i]; 567 1.86 christos grp[i] = grp[j]; 568 1.86 christos grp[j] = tmp; 569 1.86 christos } 570 1.87 rillig 571 1.86 christos /* uniq */ 572 1.87 rillig end = grp + ngrp; 573 1.87 rillig src = grp; 574 1.87 rillig dst = grp; 575 1.87 rillig while (src < end) { 576 1.87 rillig group = *src++; 577 1.87 rillig while (src < end && *src == group) 578 1.87 rillig src++; 579 1.87 rillig *dst++ = group; 580 1.87 rillig } 581 1.87 rillig 582 1.86 christos #ifdef DIAGNOSTIC 583 1.87 rillig /* zero out the rest of the array */ 584 1.87 rillig (void)memset(dst, 0, sizeof(*grp) * (end - dst)); 585 1.86 christos #endif 586 1.87 rillig 587 1.87 rillig return dst - grp; 588 1.86 christos } 589 1.86 christos 590 1.15 cgd /* ARGSUSED */ 591 1.32 christos int 592 1.73 dsl sys_setgroups(struct lwp *l, void *v, register_t *retval) 593 1.29 thorpej { 594 1.30 mycroft struct sys_setgroups_args /* { 595 1.41 thorpej syscallarg(int) gidsetsize; 596 1.38 cgd syscallarg(const gid_t *) gidset; 597 1.29 thorpej } */ *uap = v; 598 1.70 thorpej struct proc *p = l->l_proc; 599 1.88.10.1 elad kauth_cred_t pc = p->p_cred; 600 1.56 augustss int ngrp; 601 1.15 cgd int error; 602 1.59 christos gid_t grp[NGROUPS]; 603 1.59 christos size_t grsize; 604 1.88.10.1 elad int do_ngroups, i, j; 605 1.15 cgd 606 1.88.10.1 elad if ((error = generic_authorize(pc, KAUTH_GENERIC_ISSUSER, 607 1.88.10.1 elad &p->p_acflag)) != 0) 608 1.15 cgd return (error); 609 1.59 christos 610 1.19 cgd ngrp = SCARG(uap, gidsetsize); 611 1.42 mycroft if ((u_int)ngrp > NGROUPS) 612 1.15 cgd return (EINVAL); 613 1.59 christos 614 1.59 christos grsize = ngrp * sizeof(gid_t); 615 1.59 christos error = copyin(SCARG(uap, gidset), grp, grsize); 616 1.32 christos if (error) 617 1.15 cgd return (error); 618 1.86 christos 619 1.86 christos ngrp = grsortu(grp, ngrp); 620 1.59 christos 621 1.88.10.1 elad /* XXX elad pc = kauth_cred_copy(pc); */ 622 1.88.10.1 elad kauth_cred_setrefcnt(pc, 1); 623 1.88.10.1 elad 624 1.88.10.1 elad do_ngroups = kauth_cred_ngroups(pc); 625 1.88.10.1 elad 626 1.88.10.1 elad /* (1) For every group in current group array... */ 627 1.88.10.1 elad for (i = 0; i < do_ngroups; i++) { 628 1.88.10.1 elad int in_new_array; 629 1.88.10.1 elad 630 1.88.10.1 elad /* ...check if it's also in the new array... */ 631 1.88.10.1 elad in_new_array = 0; 632 1.88.10.1 elad for (j = 0; j < ngrp; j++) { 633 1.88.10.1 elad if (kauth_cred_group(pc, i) == grp[j]) 634 1.88.10.1 elad in_new_array = 1; 635 1.88.10.1 elad } 636 1.88.10.1 elad 637 1.88.10.1 elad /* ...if not, delete it. */ 638 1.88.10.1 elad if (!in_new_array) { 639 1.88.10.1 elad kauth_cred_delgroup(pc, kauth_cred_group(pc, i)); 640 1.88.10.1 elad do_ngroups--; 641 1.88.10.1 elad } 642 1.88.10.1 elad } 643 1.88.10.1 elad 644 1.88.10.1 elad /* (2) For every group in the new group array... */ 645 1.88.10.1 elad for (i = 0; i < ngrp; i++) { 646 1.88.10.1 elad /* ...add it to current group array. */ 647 1.88.10.1 elad kauth_cred_addgroup(pc, grp[i]); 648 1.88.10.1 elad } 649 1.88.10.1 elad 650 1.55 bouyer p_sugid(p); 651 1.15 cgd return (0); 652 1.15 cgd } 653 1.14 cgd 654 1.14 cgd /* 655 1.14 cgd * Check if gid is a member of the group set. 656 1.14 cgd */ 657 1.32 christos int 658 1.73 dsl groupmember(gid_t gid, const struct ucred *cred) 659 1.14 cgd { 660 1.73 dsl const gid_t *gp; 661 1.73 dsl const gid_t *egp; 662 1.14 cgd 663 1.14 cgd egp = &(cred->cr_groups[cred->cr_ngroups]); 664 1.14 cgd for (gp = cred->cr_groups; gp < egp; gp++) 665 1.14 cgd if (*gp == gid) 666 1.14 cgd return (1); 667 1.14 cgd return (0); 668 1.14 cgd } 669 1.14 cgd 670 1.14 cgd /* 671 1.14 cgd * Test whether the specified credentials imply "super-user" 672 1.14 cgd * privilege; if so, and we have accounting info, set the flag 673 1.14 cgd * indicating use of super-powers. 674 1.14 cgd * Returns 0 or error. 675 1.14 cgd */ 676 1.32 christos int 677 1.73 dsl suser(const struct ucred *cred, u_short *acflag) 678 1.14 cgd { 679 1.75 enami 680 1.14 cgd if (cred->cr_uid == 0) { 681 1.14 cgd if (acflag) 682 1.14 cgd *acflag |= ASU; 683 1.14 cgd return (0); 684 1.14 cgd } 685 1.14 cgd return (EPERM); 686 1.14 cgd } 687 1.14 cgd 688 1.14 cgd /* 689 1.14 cgd * Allocate a zeroed cred structure. 690 1.14 cgd */ 691 1.14 cgd struct ucred * 692 1.73 dsl crget(void) 693 1.14 cgd { 694 1.56 augustss struct ucred *cr; 695 1.14 cgd 696 1.82 simonb cr = pool_get(&cred_pool, PR_WAITOK); 697 1.82 simonb memset(cr, 0, sizeof(*cr)); 698 1.83 pk simple_lock_init(&cr->cr_lock); 699 1.14 cgd cr->cr_ref = 1; 700 1.14 cgd return (cr); 701 1.14 cgd } 702 1.14 cgd 703 1.14 cgd /* 704 1.14 cgd * Free a cred structure. 705 1.14 cgd * Throws away space when ref count gets to 0. 706 1.14 cgd */ 707 1.22 cgd void 708 1.73 dsl crfree(struct ucred *cr) 709 1.14 cgd { 710 1.83 pk int n; 711 1.14 cgd 712 1.83 pk simple_lock(&cr->cr_lock); 713 1.83 pk n = --cr->cr_ref; 714 1.83 pk simple_unlock(&cr->cr_lock); 715 1.83 pk if (n == 0) 716 1.82 simonb pool_put(&cred_pool, cr); 717 1.79 christos } 718 1.79 christos 719 1.79 christos /* 720 1.79 christos * Compare cred structures and return 0 if they match 721 1.79 christos */ 722 1.79 christos int 723 1.79 christos crcmp(const struct ucred *cr1, const struct uucred *cr2) 724 1.79 christos { 725 1.85 rillig /* FIXME: The group lists should be compared element by element, 726 1.85 rillig * as the order of groups may be different in the two lists. 727 1.85 rillig * Currently this function can return a non-zero value for 728 1.85 rillig * equivalent group lists. */ 729 1.79 christos return cr1->cr_uid != cr2->cr_uid || 730 1.79 christos cr1->cr_gid != cr2->cr_gid || 731 1.79 christos cr1->cr_ngroups != (uint32_t)cr2->cr_ngroups || 732 1.85 rillig memcmp(cr1->cr_groups, cr2->cr_groups, 733 1.85 rillig sizeof(cr1->cr_groups[0]) * cr1->cr_ngroups); 734 1.14 cgd } 735 1.14 cgd 736 1.14 cgd /* 737 1.14 cgd * Copy cred structure to a new one and free the old one. 738 1.14 cgd */ 739 1.14 cgd struct ucred * 740 1.73 dsl crcopy(struct ucred *cr) 741 1.14 cgd { 742 1.14 cgd struct ucred *newcr; 743 1.14 cgd 744 1.84 pk if (cr->cr_ref == 1) 745 1.14 cgd return (cr); 746 1.83 pk 747 1.14 cgd newcr = crget(); 748 1.83 pk memcpy(&newcr->cr_startcopy, &cr->cr_startcopy, 749 1.83 pk sizeof(struct ucred) - offsetof(struct ucred, cr_startcopy)); 750 1.14 cgd crfree(cr); 751 1.14 cgd return (newcr); 752 1.14 cgd } 753 1.14 cgd 754 1.14 cgd /* 755 1.14 cgd * Dup cred struct to a new held one. 756 1.14 cgd */ 757 1.14 cgd struct ucred * 758 1.73 dsl crdup(const struct ucred *cr) 759 1.14 cgd { 760 1.14 cgd struct ucred *newcr; 761 1.14 cgd 762 1.14 cgd newcr = crget(); 763 1.83 pk memcpy(&newcr->cr_startcopy, &cr->cr_startcopy, 764 1.83 pk sizeof(struct ucred) - offsetof(struct ucred, cr_startcopy)); 765 1.14 cgd return (newcr); 766 1.67 christos } 767 1.67 christos 768 1.67 christos /* 769 1.67 christos * convert from userland credentials to kernel one 770 1.67 christos */ 771 1.67 christos void 772 1.73 dsl crcvt(struct ucred *uc, const struct uucred *uuc) 773 1.67 christos { 774 1.75 enami 775 1.67 christos uc->cr_ref = 0; 776 1.67 christos uc->cr_uid = uuc->cr_uid; 777 1.67 christos uc->cr_gid = uuc->cr_gid; 778 1.67 christos uc->cr_ngroups = uuc->cr_ngroups; 779 1.67 christos (void)memcpy(uc->cr_groups, uuc->cr_groups, sizeof(uuc->cr_groups)); 780 1.14 cgd } 781 1.14 cgd 782 1.14 cgd /* 783 1.14 cgd * Get login name, if available. 784 1.14 cgd */ 785 1.14 cgd /* ARGSUSED */ 786 1.32 christos int 787 1.73 dsl sys___getlogin(struct lwp *l, void *v, register_t *retval) 788 1.29 thorpej { 789 1.37 jtc struct sys___getlogin_args /* { 790 1.19 cgd syscallarg(char *) namebuf; 791 1.53 kleink syscallarg(size_t) namelen; 792 1.29 thorpej } */ *uap = v; 793 1.70 thorpej struct proc *p = l->l_proc; 794 1.14 cgd 795 1.48 perry if (SCARG(uap, namelen) > sizeof(p->p_pgrp->pg_session->s_login)) 796 1.48 perry SCARG(uap, namelen) = sizeof(p->p_pgrp->pg_session->s_login); 797 1.14 cgd return (copyout((caddr_t) p->p_pgrp->pg_session->s_login, 798 1.19 cgd (caddr_t) SCARG(uap, namebuf), SCARG(uap, namelen))); 799 1.14 cgd } 800 1.14 cgd 801 1.14 cgd /* 802 1.14 cgd * Set login name. 803 1.14 cgd */ 804 1.14 cgd /* ARGSUSED */ 805 1.32 christos int 806 1.73 dsl sys___setlogin(struct lwp *l, void *v, register_t *retval) 807 1.29 thorpej { 808 1.70 thorpej struct sys___setlogin_args /* { 809 1.38 cgd syscallarg(const char *) namebuf; 810 1.29 thorpej } */ *uap = v; 811 1.70 thorpej struct proc *p = l->l_proc; 812 1.72 dsl struct session *s = p->p_pgrp->pg_session; 813 1.72 dsl char newname[sizeof s->s_login + 1]; 814 1.14 cgd int error; 815 1.14 cgd 816 1.88.10.1 elad if ((error = generic_authorize(p->p_cred, KAUTH_GENERIC_ISSUSER, 817 1.88.10.1 elad &p->p_acflag)) != 0) 818 1.14 cgd return (error); 819 1.72 dsl error = copyinstr(SCARG(uap, namebuf), &newname, sizeof newname, NULL); 820 1.72 dsl if (error != 0) 821 1.75 enami return (error == ENAMETOOLONG ? EINVAL : error); 822 1.72 dsl 823 1.72 dsl if (s->s_flags & S_LOGIN_SET && p->p_pid != s->s_sid && 824 1.72 dsl strncmp(newname, s->s_login, sizeof s->s_login) != 0) 825 1.74 wiz log(LOG_WARNING, "%s (pid %d) changing logname from " 826 1.74 wiz "%.*s to %s\n", p->p_comm, p->p_pid, 827 1.74 wiz (int)sizeof s->s_login, s->s_login, newname); 828 1.72 dsl s->s_flags |= S_LOGIN_SET; 829 1.72 dsl strncpy(s->s_login, newname, sizeof s->s_login); 830 1.75 enami return (0); 831 1.14 cgd } 832
Indexes created Fri Sep 26 08:10:20 GMT 2025