search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Compat linux/linux32 nice(2) fix. The syscall argument is an increment
[netbsd-mini2440.git] / lib / libpuffs / creds.c
blob718ac052036ed162cec6c29f988094b215046e96
1 /* $NetBSD: creds.c,v 1.13 2007/10/18 13:48:04 pooka Exp $ */
2
3 /*
4 * Copyright (c) 2006 Antti Kantee. All Rights Reserved.
5 *
6 * Development of this software was supported by the Ulla Tuominen Foundation.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
18 * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
23 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 */
29
30 #include <sys/cdefs.h>
31 #if !defined(lint)
32 __RCSID("$NetBSD: creds.c,v 1.13 2007/10/18 13:48:04 pooka Exp $");
33 #endif /* !lint */
34
35 /*
36 * Interface for dealing with credits.
37 */
38
39 #include <sys/types.h>
40 #include <sys/param.h>
41
42 #include <errno.h>
43 #include <puffs.h>
44 #include <stdbool.h>
45 #include <string.h>
46
47 #include "puffs_priv.h"
48
49 #define UUCCRED(a) (a->pkcr_type == PUFFCRED_TYPE_UUC)
50 #define INTCRED(a) (a->pkcr_type == PUFFCRED_TYPE_INTERNAL)
51
52 int
53 puffs_cred_getuid(const struct puffs_cred *pcr, uid_t *ruid)
54 {
55 PUFFS_MAKEKCRED(pkcr, pcr);
56
57 if (!UUCCRED(pkcr)) {
58 errno = EOPNOTSUPP;
59 return -1;
60 }
61 *ruid = pkcr->pkcr_uuc.cr_uid;
62
63 return 0;
64 }
65
66 int
67 puffs_cred_getgid(const struct puffs_cred *pcr, gid_t *rgid)
68 {
69 PUFFS_MAKEKCRED(pkcr, pcr);
70
71 if (!UUCCRED(pkcr)) {
72 errno = EOPNOTSUPP;
73 return -1;
74 }
75 *rgid = pkcr->pkcr_uuc.cr_gid;
76
77 return 0;
78 }
79
80 int
81 puffs_cred_getgroups(const struct puffs_cred *pcr, gid_t *rgids, short *ngids)
82 {
83 PUFFS_MAKEKCRED(pkcr, pcr);
84 size_t ncopy;
85
86 if (!UUCCRED(pkcr)) {
87 errno = EOPNOTSUPP;
88 return -1;
89 }
90
91 ncopy = MIN(*ngids, NGROUPS);
92 (void)memcpy(rgids, pkcr->pkcr_uuc.cr_groups, sizeof(gid_t) * ncopy);
93 *ngids = (short)ncopy;
94
95 return 0;
96 }
97
98 bool
99 puffs_cred_isuid(const struct puffs_cred *pcr, uid_t uid)
100 {
101 PUFFS_MAKEKCRED(pkcr, pcr);
102
103 return UUCCRED(pkcr) && pkcr->pkcr_uuc.cr_uid == uid;
104 }
105
106 bool
107 puffs_cred_hasgroup(const struct puffs_cred *pcr, gid_t gid)
108 {
109 PUFFS_MAKEKCRED(pkcr, pcr);
110 short i;
111
112 if (!UUCCRED(pkcr))
113 return false;
114
115 if (pkcr->pkcr_uuc.cr_gid == gid)
116 return true;
117 for (i = 0; i < pkcr->pkcr_uuc.cr_ngroups; i++)
118 if (pkcr->pkcr_uuc.cr_groups[i] == gid)
119 return true;
120
121 return false;
122 }
123
124 bool
125 puffs_cred_isregular(const struct puffs_cred *pcr)
126 {
127 PUFFS_MAKEKCRED(pkcr, pcr);
128
129 return UUCCRED(pkcr);
130 }
131
132 bool
133 puffs_cred_iskernel(const struct puffs_cred *pcr)
134 {
135 PUFFS_MAKEKCRED(pkcr, pcr);
136
137 return INTCRED(pkcr) && pkcr->pkcr_internal == PUFFCRED_CRED_NOCRED;
138 }
139
140 bool
141 puffs_cred_isfs(const struct puffs_cred *pcr)
142 {
143 PUFFS_MAKEKCRED(pkcr, pcr);
144
145 return INTCRED(pkcr) && pkcr->pkcr_internal == PUFFCRED_CRED_FSCRED;
146 }
147
148 bool
149 puffs_cred_isjuggernaut(const struct puffs_cred *pcr)
150 {
151
152 return puffs_cred_isuid(pcr, 0) || puffs_cred_iskernel(pcr)
153 || puffs_cred_isfs(pcr);
154 }
155
156 /*
157 * Generic routine for checking file access rights. Modeled after
158 * vaccess() in the kernel.
159 */
160 int
161 puffs_access(enum vtype type, mode_t file_mode, uid_t uid, gid_t gid,
162 mode_t acc_mode, const struct puffs_cred *pcr)
163 {
164 mode_t mask;
165
166 /* megapower */
167 if (puffs_cred_iskernel(pcr) || puffs_cred_isfs(pcr))
168 return 0;
169
170 /* superuser, allow all except exec if *ALL* exec bits are unset */
171 if (puffs_cred_isuid(pcr, 0)) {
172 if ((acc_mode & PUFFS_VEXEC) && type != VDIR &&
173 (file_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0)
174 return EACCES;
175 return 0;
176 }
177
178 mask = 0;
179 /* owner */
180 if (puffs_cred_isuid(pcr, uid)) {
181 if (acc_mode & PUFFS_VEXEC)
182 mask |= S_IXUSR;
183 if (acc_mode & PUFFS_VREAD)
184 mask |= S_IRUSR;
185 if (acc_mode & PUFFS_VWRITE)
186 mask |= S_IWUSR;
187 /* group */
188 } else if (puffs_cred_hasgroup(pcr, gid)) {
189 if (acc_mode & PUFFS_VEXEC)
190 mask |= S_IXGRP;
191 if (acc_mode & PUFFS_VREAD)
192 mask |= S_IRGRP;
193 if (acc_mode & PUFFS_VWRITE)
194 mask |= S_IWGRP;
195 /* other */
196 } else {
197 if (acc_mode & PUFFS_VEXEC)
198 mask |= S_IXOTH;
199 if (acc_mode & PUFFS_VREAD)
200 mask |= S_IROTH;
201 if (acc_mode & PUFFS_VWRITE)
202 mask |= S_IWOTH;
203 }
204
205 if ((file_mode & mask) == mask)
206 return 0;
207 else
208 return EACCES;
209 }
210
211 int
212 puffs_access_chown(uid_t owner, gid_t group, uid_t newowner, gid_t newgroup,
213 const struct puffs_cred *pcr)
214 {
215
216 if (newowner == (uid_t)PUFFS_VNOVAL)
217 newowner = owner;
218 if (newgroup == (gid_t)PUFFS_VNOVAL)
219 newgroup = group;
220
221 if ((!puffs_cred_isuid(pcr, owner) || newowner != owner ||
222 ((newgroup != group && !puffs_cred_hasgroup(pcr, newgroup))))
223 && !puffs_cred_isjuggernaut(pcr))
224 return EPERM;
225
226 return 0;
227 }
228
229 int
230 puffs_access_chmod(uid_t owner, gid_t group, enum vtype type, mode_t mode,
231 const struct puffs_cred *pcr)
232 {
233
234 if (!puffs_cred_isuid(pcr, owner) && !puffs_cred_isjuggernaut(pcr))
235 return EPERM;
236
237 if (!puffs_cred_isjuggernaut(pcr)) {
238 if (type != VDIR && (mode & S_ISTXT))
239 return EFTYPE;
240 if (!puffs_cred_hasgroup(pcr, group) && (mode & S_ISGID))
241 return EPERM;
242 }
243
244 return 0;
245 }
246
247 int
248 puffs_access_times(uid_t uid, gid_t gid, mode_t mode, int va_utimes_null,
249 const struct puffs_cred *pcr)
250 {
251
252 if (!puffs_cred_isuid(pcr, uid) && !puffs_cred_isjuggernaut(pcr)
253 && (va_utimes_null == 0
254 || puffs_access(VNON, mode, uid, gid, PUFFS_VWRITE, pcr) != 0))
255 return EPERM;
256
257 return 0;
258 }
NetBSD on the FriendlyARM MINI2440