1 /* $NetBSD: kern_auth.c,v 1.64 2009/09/03 04:45:27 elad Exp $ */ 2 3 /*- 4 * Copyright (c) 2006, 2007 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 * POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /*- 30 * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> 31 * All rights reserved. 32 * 33 * Redistribution and use in source and binary forms, with or without 34 * modification, are permitted provided that the following conditions 35 * are met: 36 * 1. Redistributions of source code must retain the above copyright 37 * notice, this list of conditions and the following disclaimer. 38 * 2. Redistributions in binary form must reproduce the above copyright 39 * notice, this list of conditions and the following disclaimer in the 40 * documentation and/or other materials provided with the distribution. 41 * 3. The name of the author may not be used to endorse or promote products 42 * derived from this software without specific prior written permission. 43 * 44 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 45 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 46 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 47 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 48 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 49 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 50 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 51 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 52 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 53 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 54 */ 55 56 #include <sys/cdefs.h> 57 __KERNEL_RCSID(0, "$NetBSD: kern_auth.c,v 1.64 2009/09/03 04:45:27 elad Exp $"); 58 59 #include <sys/types.h> 60 #include <sys/param.h> 61 #include <sys/queue.h> 62 #include <sys/proc.h> 63 #include <sys/ucred.h> 64 #include <sys/pool.h> 65 #include <sys/kauth.h> 66 #include <sys/kmem.h> 67 #include <sys/rwlock.h> 68 #include <sys/sysctl.h> /* for pi_[p]cread */ 69 #include <sys/atomic.h> 70 #include <sys/specificdata.h> 71 #include <sys/vnode.h> 72 73 /* 74 * Secmodel-specific credentials. 75 */ 76 struct kauth_key { 77 const char *ks_secmodel; /* secmodel */ 78 specificdata_key_t ks_key; /* key */ 79 }; 80 81 /* 82 * Credentials. 83 * 84 * A subset of this structure is used in kvm(3) (src/lib/libkvm/kvm_proc.c) 85 * and should be synchronized with this structure when the update is 86 * relevant. 87 */ 88 struct kauth_cred { 89 /* 90 * Ensure that the first part of the credential resides in its own 91 * cache line. Due to sharing there aren't many kauth_creds in a 92 * typical system, but the reference counts change very often. 93 * Keeping it seperate from the rest of the data prevents false 94 * sharing between CPUs. 95 */ 96 u_int cr_refcnt; /* reference count */ 97 #if COHERENCY_UNIT > 4 98 uint8_t cr_pad[COHERENCY_UNIT - 4]; 99 #endif 100 uid_t cr_uid; /* user id */ 101 uid_t cr_euid; /* effective user id */ 102 uid_t cr_svuid; /* saved effective user id */ 103 gid_t cr_gid; /* group id */ 104 gid_t cr_egid; /* effective group id */ 105 gid_t cr_svgid; /* saved effective group id */ 106 u_int cr_ngroups; /* number of groups */ 107 gid_t cr_groups[NGROUPS]; /* group memberships */ 108 specificdata_reference cr_sd; /* specific data */ 109 }; 110 111 /* 112 * Listener. 113 */ 114 struct kauth_listener { 115 kauth_scope_callback_t func; /* callback */ 116 kauth_scope_t scope; /* scope backpointer */ 117 u_int refcnt; /* reference count */ 118 SIMPLEQ_ENTRY(kauth_listener) listener_next; /* listener list */ 119 }; 120 121 /* 122 * Scope. 123 */ 124 struct kauth_scope { 125 const char *id; /* scope name */ 126 void *cookie; /* user cookie */ 127 u_int nlisteners; /* # of listeners */ 128 SIMPLEQ_HEAD(, kauth_listener) listenq; /* listener list */ 129 SIMPLEQ_ENTRY(kauth_scope) next_scope; /* scope list */ 130 }; 131 132 static int kauth_cred_hook(kauth_cred_t, kauth_action_t, void *, void *); 133 134 /* List of scopes and its lock. */ 135 static SIMPLEQ_HEAD(, kauth_scope) scope_list = 136 SIMPLEQ_HEAD_INITIALIZER(scope_list); 137 138 /* Built-in scopes: generic, process. */ 139 static kauth_scope_t kauth_builtin_scope_generic; 140 static kauth_scope_t kauth_builtin_scope_system; 141 static kauth_scope_t kauth_builtin_scope_process; 142 static kauth_scope_t kauth_builtin_scope_network; 143 static kauth_scope_t kauth_builtin_scope_machdep; 144 static kauth_scope_t kauth_builtin_scope_device; 145 static kauth_scope_t kauth_builtin_scope_cred; 146 static kauth_scope_t kauth_builtin_scope_vnode; 147 148 static unsigned int nsecmodels = 0; 149 150 static specificdata_domain_t kauth_domain; 151 static pool_cache_t kauth_cred_cache; 152 krwlock_t kauth_lock; 153 154 /* Allocate new, empty kauth credentials. */ 155 kauth_cred_t 156 kauth_cred_alloc(void) 157 { 158 kauth_cred_t cred; 159 160 cred = pool_cache_get(kauth_cred_cache, PR_WAITOK); 161 162 cred->cr_refcnt = 1; 163 cred->cr_uid = 0; 164 cred->cr_euid = 0; 165 cred->cr_svuid = 0; 166 cred->cr_gid = 0; 167 cred->cr_egid = 0; 168 cred->cr_svgid = 0; 169 cred->cr_ngroups = 0; 170 171 specificdata_init(kauth_domain, &cred->cr_sd); 172 kauth_cred_hook(cred, KAUTH_CRED_INIT, NULL, NULL); 173 174 return (cred); 175 } 176 177 /* Increment reference count to cred. */ 178 void 179 kauth_cred_hold(kauth_cred_t cred) 180 { 181 KASSERT(cred != NULL); 182 KASSERT(cred->cr_refcnt > 0); 183 184 atomic_inc_uint(&cred->cr_refcnt); 185 } 186 187 /* Decrease reference count to cred. If reached zero, free it. */ 188 void 189 kauth_cred_free(kauth_cred_t cred) 190 { 191 192 KASSERT(cred != NULL); 193 KASSERT(cred->cr_refcnt > 0); 194 ASSERT_SLEEPABLE(); 195 196 if (atomic_dec_uint_nv(&cred->cr_refcnt) > 0) 197 return; 198 199 kauth_cred_hook(cred, KAUTH_CRED_FREE, NULL, NULL); 200 specificdata_fini(kauth_domain, &cred->cr_sd); 201 pool_cache_put(kauth_cred_cache, cred); 202 } 203 204 static void 205 kauth_cred_clone1(kauth_cred_t from, kauth_cred_t to, bool copy_groups) 206 { 207 KASSERT(from != NULL); 208 KASSERT(to != NULL); 209 KASSERT(from->cr_refcnt > 0); 210 211 to->cr_uid = from->cr_uid; 212 to->cr_euid = from->cr_euid; 213 to->cr_svuid = from->cr_svuid; 214 to->cr_gid = from->cr_gid; 215 to->cr_egid = from->cr_egid; 216 to->cr_svgid = from->cr_svgid; 217 if (copy_groups) { 218 to->cr_ngroups = from->cr_ngroups; 219 memcpy(to->cr_groups, from->cr_groups, sizeof(to->cr_groups)); 220 } 221 222 kauth_cred_hook(from, KAUTH_CRED_COPY, to, NULL); 223 } 224 225 void 226 kauth_cred_clone(kauth_cred_t from, kauth_cred_t to) 227 { 228 kauth_cred_clone1(from, to, true); 229 } 230 231 /* 232 * Duplicate cred and return a new kauth_cred_t. 233 */ 234 kauth_cred_t 235 kauth_cred_dup(kauth_cred_t cred) 236 { 237 kauth_cred_t new_cred; 238 239 KASSERT(cred != NULL); 240 KASSERT(cred->cr_refcnt > 0); 241 242 new_cred = kauth_cred_alloc(); 243 244 kauth_cred_clone(cred, new_cred); 245 246 return (new_cred); 247 } 248 249 /* 250 * Similar to crcopy(), only on a kauth_cred_t. 251 * XXX: Is this even needed? [kauth_cred_copy] 252 */ 253 kauth_cred_t 254 kauth_cred_copy(kauth_cred_t cred) 255 { 256 kauth_cred_t new_cred; 257 258 KASSERT(cred != NULL); 259 KASSERT(cred->cr_refcnt > 0); 260 261 /* If the provided credentials already have one reference, use them. */ 262 if (cred->cr_refcnt == 1) 263 return (cred); 264 265 new_cred = kauth_cred_alloc(); 266 267 kauth_cred_clone(cred, new_cred); 268 269 kauth_cred_free(cred); 270 271 return (new_cred); 272 } 273 274 void 275 kauth_proc_fork(struct proc *parent, struct proc *child) 276 { 277 278 mutex_enter(parent->p_lock); 279 kauth_cred_hold(parent->p_cred); 280 child->p_cred = parent->p_cred; 281 mutex_exit(parent->p_lock); 282 283 /* XXX: relies on parent process stalling during fork() */ 284 kauth_cred_hook(parent->p_cred, KAUTH_CRED_FORK, parent, 285 child); 286 } 287 288 uid_t 289 kauth_cred_getuid(kauth_cred_t cred) 290 { 291 KASSERT(cred != NULL); 292 293 return (cred->cr_uid); 294 } 295 296 uid_t 297 kauth_cred_geteuid(kauth_cred_t cred) 298 { 299 KASSERT(cred != NULL); 300 301 return (cred->cr_euid); 302 } 303 304 uid_t 305 kauth_cred_getsvuid(kauth_cred_t cred) 306 { 307 KASSERT(cred != NULL); 308 309 return (cred->cr_svuid); 310 } 311 312 gid_t 313 kauth_cred_getgid(kauth_cred_t cred) 314 { 315 KASSERT(cred != NULL); 316 317 return (cred->cr_gid); 318 } 319 320 gid_t 321 kauth_cred_getegid(kauth_cred_t cred) 322 { 323 KASSERT(cred != NULL); 324 325 return (cred->cr_egid); 326 } 327 328 gid_t 329 kauth_cred_getsvgid(kauth_cred_t cred) 330 { 331 KASSERT(cred != NULL); 332 333 return (cred->cr_svgid); 334 } 335 336 void 337 kauth_cred_setuid(kauth_cred_t cred, uid_t uid) 338 { 339 KASSERT(cred != NULL); 340 KASSERT(cred->cr_refcnt == 1); 341 342 cred->cr_uid = uid; 343 } 344 345 void 346 kauth_cred_seteuid(kauth_cred_t cred, uid_t uid) 347 { 348 KASSERT(cred != NULL); 349 KASSERT(cred->cr_refcnt == 1); 350 351 cred->cr_euid = uid; 352 } 353 354 void 355 kauth_cred_setsvuid(kauth_cred_t cred, uid_t uid) 356 { 357 KASSERT(cred != NULL); 358 KASSERT(cred->cr_refcnt == 1); 359 360 cred->cr_svuid = uid; 361 } 362 363 void 364 kauth_cred_setgid(kauth_cred_t cred, gid_t gid) 365 { 366 KASSERT(cred != NULL); 367 KASSERT(cred->cr_refcnt == 1); 368 369 cred->cr_gid = gid; 370 } 371 372 void 373 kauth_cred_setegid(kauth_cred_t cred, gid_t gid) 374 { 375 KASSERT(cred != NULL); 376 KASSERT(cred->cr_refcnt == 1); 377 378 cred->cr_egid = gid; 379 } 380 381 void 382 kauth_cred_setsvgid(kauth_cred_t cred, gid_t gid) 383 { 384 KASSERT(cred != NULL); 385 KASSERT(cred->cr_refcnt == 1); 386 387 cred->cr_svgid = gid; 388 } 389 390 /* Checks if gid is a member of the groups in cred. */ 391 int 392 kauth_cred_ismember_gid(kauth_cred_t cred, gid_t gid, int *resultp) 393 { 394 uint32_t i; 395 396 KASSERT(cred != NULL); 397 KASSERT(resultp != NULL); 398 399 *resultp = 0; 400 401 for (i = 0; i < cred->cr_ngroups; i++) 402 if (cred->cr_groups[i] == gid) { 403 *resultp = 1; 404 break; 405 } 406 407 return (0); 408 } 409 410 u_int 411 kauth_cred_ngroups(kauth_cred_t cred) 412 { 413 KASSERT(cred != NULL); 414 415 return (cred->cr_ngroups); 416 } 417 418 /* 419 * Return the group at index idx from the groups in cred. 420 */ 421 gid_t 422 kauth_cred_group(kauth_cred_t cred, u_int idx) 423 { 424 KASSERT(cred != NULL); 425 KASSERT(idx < cred->cr_ngroups); 426 427 return (cred->cr_groups[idx]); 428 } 429 430 /* XXX elad: gmuid is unused for now. */ 431 int 432 kauth_cred_setgroups(kauth_cred_t cred, const gid_t *grbuf, size_t len, 433 uid_t gmuid, enum uio_seg seg) 434 { 435 int error = 0; 436 437 KASSERT(cred != NULL); 438 KASSERT(cred->cr_refcnt == 1); 439 440 if (len > __arraycount(cred->cr_groups)) 441 return EINVAL; 442 443 if (len) { 444 if (seg == UIO_SYSSPACE) { 445 memcpy(cred->cr_groups, grbuf, 446 len * sizeof(cred->cr_groups[0])); 447 } else { 448 error = copyin(grbuf, cred->cr_groups, 449 len * sizeof(cred->cr_groups[0])); 450 if (error != 0) 451 len = 0; 452 } 453 } 454 memset(cred->cr_groups + len, 0xff, 455 sizeof(cred->cr_groups) - (len * sizeof(cred->cr_groups[0]))); 456 457 cred->cr_ngroups = len; 458 459 return error; 460 } 461 462 /* This supports sys_setgroups() */ 463 int 464 kauth_proc_setgroups(struct lwp *l, kauth_cred_t ncred) 465 { 466 kauth_cred_t cred; 467 int error; 468 469 /* 470 * At this point we could delete duplicate groups from ncred, 471 * and plausibly sort the list - but in general the later is 472 * a bad idea. 473 */ 474 proc_crmod_enter(); 475 /* Maybe we should use curproc here ? */ 476 cred = l->l_proc->p_cred; 477 478 kauth_cred_clone1(cred, ncred, false); 479 480 error = kauth_authorize_process(cred, KAUTH_PROCESS_SETID, 481 l->l_proc, NULL, NULL, NULL); 482 if (error != 0) { 483 proc_crmod_leave(cred, ncred, false); 484 return error; 485 } 486 487 /* Broadcast our credentials to the process and other LWPs. */ 488 proc_crmod_leave(ncred, cred, true); 489 return 0; 490 } 491 492 int 493 kauth_cred_getgroups(kauth_cred_t cred, gid_t *grbuf, size_t len, 494 enum uio_seg seg) 495 { 496 KASSERT(cred != NULL); 497 498 if (len > cred->cr_ngroups) 499 return EINVAL; 500 501 if (seg == UIO_USERSPACE) 502 return copyout(cred->cr_groups, grbuf, sizeof(*grbuf) * len); 503 memcpy(grbuf, cred->cr_groups, sizeof(*grbuf) * len); 504 505 return 0; 506 } 507 508 int 509 kauth_register_key(const char *secmodel, kauth_key_t *result) 510 { 511 kauth_key_t k; 512 specificdata_key_t key; 513 int error; 514 515 KASSERT(result != NULL); 516 517 error = specificdata_key_create(kauth_domain, &key, NULL); 518 if (error) 519 return (error); 520 521 k = kmem_alloc(sizeof(*k), KM_SLEEP); 522 k->ks_secmodel = secmodel; 523 k->ks_key = key; 524 525 *result = k; 526 527 return (0); 528 } 529 530 int 531 kauth_deregister_key(kauth_key_t key) 532 { 533 KASSERT(key != NULL); 534 535 specificdata_key_delete(kauth_domain, key->ks_key); 536 kmem_free(key, sizeof(*key)); 537 538 return (0); 539 } 540 541 void * 542 kauth_cred_getdata(kauth_cred_t cred, kauth_key_t key) 543 { 544 KASSERT(cred != NULL); 545 KASSERT(key != NULL); 546 547 return (specificdata_getspecific(kauth_domain, &cred->cr_sd, 548 key->ks_key)); 549 } 550 551 void 552 kauth_cred_setdata(kauth_cred_t cred, kauth_key_t key, void *data) 553 { 554 KASSERT(cred != NULL); 555 KASSERT(key != NULL); 556 557 specificdata_setspecific(kauth_domain, &cred->cr_sd, key->ks_key, data); 558 } 559 560 /* 561 * Match uids in two credentials. 562 */ 563 int 564 kauth_cred_uidmatch(kauth_cred_t cred1, kauth_cred_t cred2) 565 { 566 KASSERT(cred1 != NULL); 567 KASSERT(cred2 != NULL); 568 569 if (cred1->cr_uid == cred2->cr_uid || 570 cred1->cr_euid == cred2->cr_uid || 571 cred1->cr_uid == cred2->cr_euid || 572 cred1->cr_euid == cred2->cr_euid) 573 return (1); 574 575 return (0); 576 } 577 578 u_int 579 kauth_cred_getrefcnt(kauth_cred_t cred) 580 { 581 KASSERT(cred != NULL); 582 583 return (cred->cr_refcnt); 584 } 585 586 /* 587 * Convert userland credentials (struct uucred) to kauth_cred_t. 588 * XXX: For NFS & puffs 589 */ 590 void 591 kauth_uucred_to_cred(kauth_cred_t cred, const struct uucred *uuc) 592 { 593 KASSERT(cred != NULL); 594 KASSERT(uuc != NULL); 595 596 cred->cr_refcnt = 1; 597 cred->cr_uid = uuc->cr_uid; 598 cred->cr_euid = uuc->cr_uid; 599 cred->cr_svuid = uuc->cr_uid; 600 cred->cr_gid = uuc->cr_gid; 601 cred->cr_egid = uuc->cr_gid; 602 cred->cr_svgid = uuc->cr_gid; 603 cred->cr_ngroups = min(uuc->cr_ngroups, NGROUPS); 604 kauth_cred_setgroups(cred, __UNCONST(uuc->cr_groups), 605 cred->cr_ngroups, -1, UIO_SYSSPACE); 606 } 607 608 /* 609 * Convert kauth_cred_t to userland credentials (struct uucred). 610 * XXX: For NFS & puffs 611 */ 612 void 613 kauth_cred_to_uucred(struct uucred *uuc, const kauth_cred_t cred) 614 { 615 KASSERT(cred != NULL); 616 KASSERT(uuc != NULL); 617 int ng; 618 619 ng = min(cred->cr_ngroups, NGROUPS); 620 uuc->cr_uid = cred->cr_euid; 621 uuc->cr_gid = cred->cr_egid; 622 uuc->cr_ngroups = ng; 623 kauth_cred_getgroups(cred, uuc->cr_groups, ng, UIO_SYSSPACE); 624 } 625 626 /* 627 * Compare kauth_cred_t and uucred credentials. 628 * XXX: Modelled after crcmp() for NFS. 629 */ 630 int 631 kauth_cred_uucmp(kauth_cred_t cred, const struct uucred *uuc) 632 { 633 KASSERT(cred != NULL); 634 KASSERT(uuc != NULL); 635 636 if (cred->cr_euid == uuc->cr_uid && 637 cred->cr_egid == uuc->cr_gid && 638 cred->cr_ngroups == (uint32_t)uuc->cr_ngroups) { 639 int i; 640 641 /* Check if all groups from uuc appear in cred. */ 642 for (i = 0; i < uuc->cr_ngroups; i++) { 643 int ismember; 644 645 ismember = 0; 646 if (kauth_cred_ismember_gid(cred, uuc->cr_groups[i], 647 &ismember) != 0 || !ismember) 648 return (1); 649 } 650 651 return (0); 652 } 653 654 return (1); 655 } 656 657 /* 658 * Make a struct ucred out of a kauth_cred_t. For compatibility. 659 */ 660 void 661 kauth_cred_toucred(kauth_cred_t cred, struct ki_ucred *uc) 662 { 663 KASSERT(cred != NULL); 664 KASSERT(uc != NULL); 665 666 uc->cr_ref = cred->cr_refcnt; 667 uc->cr_uid = cred->cr_euid; 668 uc->cr_gid = cred->cr_egid; 669 uc->cr_ngroups = min(cred->cr_ngroups, __arraycount(uc->cr_groups)); 670 memcpy(uc->cr_groups, cred->cr_groups, 671 uc->cr_ngroups * sizeof(uc->cr_groups[0])); 672 } 673 674 /* 675 * Make a struct pcred out of a kauth_cred_t. For compatibility. 676 */ 677 void 678 kauth_cred_topcred(kauth_cred_t cred, struct ki_pcred *pc) 679 { 680 KASSERT(cred != NULL); 681 KASSERT(pc != NULL); 682 683 pc->p_pad = NULL; 684 pc->p_ruid = cred->cr_uid; 685 pc->p_svuid = cred->cr_svuid; 686 pc->p_rgid = cred->cr_gid; 687 pc->p_svgid = cred->cr_svgid; 688 pc->p_refcnt = cred->cr_refcnt; 689 } 690 691 /* 692 * Return kauth_cred_t for the current LWP. 693 */ 694 kauth_cred_t 695 kauth_cred_get(void) 696 { 697 return (curlwp->l_cred); 698 } 699 700 /* 701 * Returns a scope matching the provided id. 702 * Requires the scope list lock to be held by the caller. 703 */ 704 static kauth_scope_t 705 kauth_ifindscope(const char *id) 706 { 707 kauth_scope_t scope; 708 709 KASSERT(rw_lock_held(&kauth_lock)); 710 711 scope = NULL; 712 SIMPLEQ_FOREACH(scope, &scope_list, next_scope) { 713 if (strcmp(scope->id, id) == 0) 714 break; 715 } 716 717 return (scope); 718 } 719 720 /* 721 * Register a new scope. 722 * 723 * id - identifier for the scope 724 * callback - the scope's default listener 725 * cookie - cookie to be passed to the listener(s) 726 */ 727 kauth_scope_t 728 kauth_register_scope(const char *id, kauth_scope_callback_t callback, 729 void *cookie) 730 { 731 kauth_scope_t scope; 732 kauth_listener_t listener = NULL; /* XXX gcc */ 733 734 /* Sanitize input */ 735 if (id == NULL) 736 return (NULL); 737 738 /* Allocate space for a new scope and listener. */ 739 scope = kmem_alloc(sizeof(*scope), KM_SLEEP); 740 if (scope == NULL) 741 return NULL; 742 if (callback != NULL) { 743 listener = kmem_alloc(sizeof(*listener), KM_SLEEP); 744 if (listener == NULL) { 745 kmem_free(scope, sizeof(*scope)); 746 return (NULL); 747 } 748 } 749 750 /* 751 * Acquire scope list lock. 752 */ 753 rw_enter(&kauth_lock, RW_WRITER); 754 755 /* Check we don't already have a scope with the same id */ 756 if (kauth_ifindscope(id) != NULL) { 757 rw_exit(&kauth_lock); 758 759 kmem_free(scope, sizeof(*scope)); 760 if (callback != NULL) 761 kmem_free(listener, sizeof(*listener)); 762 763 return (NULL); 764 } 765 766 /* Initialize new scope with parameters */ 767 scope->id = id; 768 scope->cookie = cookie; 769 scope->nlisteners = 1; 770 771 SIMPLEQ_INIT(&scope->listenq); 772 773 /* Add default listener */ 774 if (callback != NULL) { 775 listener->func = callback; 776 listener->scope = scope; 777 listener->refcnt = 0; 778 SIMPLEQ_INSERT_HEAD(&scope->listenq, listener, listener_next); 779 } 780 781 /* Insert scope to scopes list */ 782 SIMPLEQ_INSERT_TAIL(&scope_list, scope, next_scope); 783 784 rw_exit(&kauth_lock); 785 786 return (scope); 787 } 788 789 /* 790 * Initialize the kernel authorization subsystem. 791 * 792 * Initialize the scopes list lock. 793 * Create specificdata domain. 794 * Register the credentials scope, used in kauth(9) internally. 795 * Register built-in scopes: generic, system, process, network, machdep, device. 796 */ 797 void 798 kauth_init(void) 799 { 800 rw_init(&kauth_lock); 801 802 kauth_cred_cache = pool_cache_init(sizeof(struct kauth_cred), 803 coherency_unit, 0, 0, "kcredpl", NULL, IPL_NONE, 804 NULL, NULL, NULL); 805 806 /* Create specificdata domain. */ 807 kauth_domain = specificdata_domain_create(); 808 809 /* Register credentials scope. */ 810 kauth_builtin_scope_cred = 811 kauth_register_scope(KAUTH_SCOPE_CRED, NULL, NULL); 812 813 /* Register generic scope. */ 814 kauth_builtin_scope_generic = kauth_register_scope(KAUTH_SCOPE_GENERIC, 815 NULL, NULL); 816 817 /* Register system scope. */ 818 kauth_builtin_scope_system = kauth_register_scope(KAUTH_SCOPE_SYSTEM, 819 NULL, NULL); 820 821 /* Register process scope. */ 822 kauth_builtin_scope_process = kauth_register_scope(KAUTH_SCOPE_PROCESS, 823 NULL, NULL); 824 825 /* Register network scope. */ 826 kauth_builtin_scope_network = kauth_register_scope(KAUTH_SCOPE_NETWORK, 827 NULL, NULL); 828 829 /* Register machdep scope. */ 830 kauth_builtin_scope_machdep = kauth_register_scope(KAUTH_SCOPE_MACHDEP, 831 NULL, NULL); 832 833 /* Register device scope. */ 834 kauth_builtin_scope_device = kauth_register_scope(KAUTH_SCOPE_DEVICE, 835 NULL, NULL); 836 837 /* Register vnode scope. */ 838 kauth_builtin_scope_vnode = kauth_register_scope(KAUTH_SCOPE_VNODE, 839 NULL, NULL); 840 } 841 842 /* 843 * Deregister a scope. 844 * Requires scope list lock to be held by the caller. 845 * 846 * scope - the scope to deregister 847 */ 848 void 849 kauth_deregister_scope(kauth_scope_t scope) 850 { 851 if (scope != NULL) { 852 /* Remove scope from list */ 853 SIMPLEQ_REMOVE(&scope_list, scope, kauth_scope, next_scope); 854 kmem_free(scope, sizeof(*scope)); 855 } 856 } 857 858 /* 859 * Register a listener. 860 * 861 * id - scope identifier. 862 * callback - the callback routine for the listener. 863 * cookie - cookie to pass unmoidfied to the callback. 864 */ 865 kauth_listener_t 866 kauth_listen_scope(const char *id, kauth_scope_callback_t callback, 867 void *cookie) 868 { 869 kauth_scope_t scope; 870 kauth_listener_t listener; 871 872 listener = kmem_alloc(sizeof(*listener), KM_SLEEP); 873 if (listener == NULL) 874 return (NULL); 875 876 rw_enter(&kauth_lock, RW_WRITER); 877 878 /* 879 * Find scope struct. 880 */ 881 scope = kauth_ifindscope(id); 882 if (scope == NULL) { 883 rw_exit(&kauth_lock); 884 kmem_free(listener, sizeof(*listener)); 885 return (NULL); 886 } 887 888 /* Allocate listener */ 889 890 /* Initialize listener with parameters */ 891 listener->func = callback; 892 listener->refcnt = 0; 893 894 /* Add listener to scope */ 895 SIMPLEQ_INSERT_TAIL(&scope->listenq, listener, listener_next); 896 897 /* Raise number of listeners on scope. */ 898 scope->nlisteners++; 899 listener->scope = scope; 900 901 rw_exit(&kauth_lock); 902 903 return (listener); 904 } 905 906 /* 907 * Deregister a listener. 908 * 909 * listener - listener reference as returned from kauth_listen_scope(). 910 */ 911 void 912 kauth_unlisten_scope(kauth_listener_t listener) 913 { 914 915 if (listener != NULL) { 916 rw_enter(&kauth_lock, RW_WRITER); 917 SIMPLEQ_REMOVE(&listener->scope->listenq, listener, 918 kauth_listener, listener_next); 919 listener->scope->nlisteners--; 920 rw_exit(&kauth_lock); 921 kmem_free(listener, sizeof(*listener)); 922 } 923 } 924 925 /* 926 * Authorize a request. 927 * 928 * scope - the scope of the request as defined by KAUTH_SCOPE_* or as 929 * returned from kauth_register_scope(). 930 * credential - credentials of the user ("actor") making the request. 931 * action - request identifier. 932 * arg[0-3] - passed unmodified to listener(s). 933 * 934 * Returns the aggregated result: 935 * - KAUTH_RESULT_ALLOW if there is at least one KAUTH_RESULT_ALLOW and 936 * zero KAUTH_DESULT_DENY 937 * - KAUTH_RESULT_DENY if there is at least one KAUTH_RESULT_DENY 938 * - KAUTH_RESULT_DEFER if there is nothing but KAUTH_RESULT_DEFER 939 */ 940 static int 941 kauth_authorize_action_internal(kauth_scope_t scope, kauth_cred_t cred, 942 kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3) 943 { 944 kauth_listener_t listener; 945 int error, allow, fail; 946 947 KASSERT(cred != NULL); 948 KASSERT(action != 0); 949 950 /* Short-circuit requests coming from the kernel. */ 951 if (cred == NOCRED || cred == FSCRED) 952 return (0); 953 954 KASSERT(scope != NULL); 955 956 fail = 0; 957 allow = 0; 958 959 /* rw_enter(&kauth_lock, RW_READER); XXX not yet */ 960 SIMPLEQ_FOREACH(listener, &scope->listenq, listener_next) { 961 error = listener->func(cred, action, scope->cookie, arg0, 962 arg1, arg2, arg3); 963 964 if (error == KAUTH_RESULT_ALLOW) 965 allow = 1; 966 else if (error == KAUTH_RESULT_DENY) 967 fail = 1; 968 } 969 /* rw_exit(&kauth_lock); */ 970 971 if (fail) 972 return (KAUTH_RESULT_DENY); 973 974 if (allow) 975 return (KAUTH_RESULT_ALLOW); 976 977 return (KAUTH_RESULT_DEFER); 978 }; 979 980 int 981 kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred, 982 kauth_action_t action, void *arg0, void *arg1, void *arg2, void *arg3) 983 { 984 int r; 985 986 r = kauth_authorize_action_internal(scope, cred, action, arg0, arg1, 987 arg2, arg3); 988 989 if (r == KAUTH_RESULT_DENY) 990 return (EPERM); 991 992 if (r == KAUTH_RESULT_ALLOW) 993 return (0); 994 995 if (!nsecmodels) 996 return (0); 997 998 return (EPERM); 999 } 1000 1001 /* 1002 * Generic scope authorization wrapper. 1003 */ 1004 int 1005 kauth_authorize_generic(kauth_cred_t cred, kauth_action_t action, void *arg0) 1006 { 1007 return (kauth_authorize_action(kauth_builtin_scope_generic, cred, 1008 action, arg0, NULL, NULL, NULL)); 1009 } 1010 1011 /* 1012 * System scope authorization wrapper. 1013 */ 1014 int 1015 kauth_authorize_system(kauth_cred_t cred, kauth_action_t action, 1016 enum kauth_system_req req, void *arg1, void *arg2, void *arg3) 1017 { 1018 return (kauth_authorize_action(kauth_builtin_scope_system, cred, 1019 action, (void *)req, arg1, arg2, arg3)); 1020 } 1021 1022 /* 1023 * Process scope authorization wrapper. 1024 */ 1025 int 1026 kauth_authorize_process(kauth_cred_t cred, kauth_action_t action, 1027 struct proc *p, void *arg1, void *arg2, void *arg3) 1028 { 1029 return (kauth_authorize_action(kauth_builtin_scope_process, cred, 1030 action, p, arg1, arg2, arg3)); 1031 } 1032 1033 /* 1034 * Network scope authorization wrapper. 1035 */ 1036 int 1037 kauth_authorize_network(kauth_cred_t cred, kauth_action_t action, 1038 enum kauth_network_req req, void *arg1, void *arg2, void *arg3) 1039 { 1040 return (kauth_authorize_action(kauth_builtin_scope_network, cred, 1041 action, (void *)req, arg1, arg2, arg3)); 1042 } 1043 1044 int 1045 kauth_authorize_machdep(kauth_cred_t cred, kauth_action_t action, 1046 void *arg0, void *arg1, void *arg2, void *arg3) 1047 { 1048 return (kauth_authorize_action(kauth_builtin_scope_machdep, cred, 1049 action, arg0, arg1, arg2, arg3)); 1050 } 1051 1052 int 1053 kauth_authorize_device(kauth_cred_t cred, kauth_action_t action, 1054 void *arg0, void *arg1, void *arg2, void *arg3) 1055 { 1056 return (kauth_authorize_action(kauth_builtin_scope_device, cred, 1057 action, arg0, arg1, arg2, arg3)); 1058 } 1059 1060 int 1061 kauth_authorize_device_tty(kauth_cred_t cred, kauth_action_t action, 1062 struct tty *tty) 1063 { 1064 return (kauth_authorize_action(kauth_builtin_scope_device, cred, 1065 action, tty, NULL, NULL, NULL)); 1066 } 1067 1068 int 1069 kauth_authorize_device_spec(kauth_cred_t cred, enum kauth_device_req req, 1070 struct vnode *vp) 1071 { 1072 return (kauth_authorize_action(kauth_builtin_scope_device, cred, 1073 KAUTH_DEVICE_RAWIO_SPEC, (void *)req, vp, NULL, NULL)); 1074 } 1075 1076 int 1077 kauth_authorize_device_passthru(kauth_cred_t cred, dev_t dev, u_long bits, 1078 void *data) 1079 { 1080 return (kauth_authorize_action(kauth_builtin_scope_device, cred, 1081 KAUTH_DEVICE_RAWIO_PASSTHRU, (void *)bits, (void *)(u_long)dev, 1082 data, NULL)); 1083 } 1084 1085 kauth_action_t 1086 kauth_mode_to_action(mode_t mode) 1087 { 1088 kauth_action_t action = 0; 1089 1090 if (mode & VREAD) 1091 action |= KAUTH_VNODE_READ_DATA; 1092 if (mode & VWRITE) 1093 action |= KAUTH_VNODE_WRITE_DATA; 1094 if (mode & VEXEC) 1095 action |= KAUTH_VNODE_EXECUTE; 1096 1097 return action; 1098 } 1099 1100 int 1101 kauth_authorize_vnode(kauth_cred_t cred, kauth_action_t action, 1102 struct vnode *vp, struct vnode *dvp, int fs_decision) 1103 { 1104 int error; 1105 1106 error = kauth_authorize_action_internal(kauth_builtin_scope_vnode, cred, 1107 action, vp, dvp, NULL, NULL); 1108 1109 if (error == KAUTH_RESULT_DENY) 1110 return (EACCES); 1111 1112 if (error == KAUTH_RESULT_ALLOW) 1113 return (0); 1114 1115 /* 1116 * If the file-system does not support decision-before-action, we can 1117 * only short-circuit the operation (deny). If we're here, it means no 1118 * listener denied it, so our only alternative is to supposedly-allow 1119 * it and let the file-system have the last word. 1120 */ 1121 if (fs_decision == KAUTH_VNODE_REMOTEFS) 1122 return (0); 1123 1124 return (fs_decision); 1125 } 1126 1127 static int 1128 kauth_cred_hook(kauth_cred_t cred, kauth_action_t action, void *arg0, 1129 void *arg1) 1130 { 1131 int r; 1132 1133 r = kauth_authorize_action(kauth_builtin_scope_cred, cred, action, 1134 arg0, arg1, NULL, NULL); 1135 1136 #ifdef DIAGNOSTIC 1137 if (!SIMPLEQ_EMPTY(&kauth_builtin_scope_cred->listenq)) 1138 KASSERT(r == 0); 1139 #endif /* DIAGNOSTIC */ 1140 1141 return (r); 1142 } 1143 1144 void 1145 secmodel_register(void) 1146 { 1147 KASSERT(nsecmodels + 1 != 0); 1148 1149 rw_enter(&kauth_lock, RW_WRITER); 1150 nsecmodels++; 1151 rw_exit(&kauth_lock); 1152 } 1153 1154 void 1155 secmodel_deregister(void) 1156 { 1157 KASSERT(nsecmodels != 0); 1158 1159 rw_enter(&kauth_lock, RW_WRITER); 1160 nsecmodels--; 1161 rw_exit(&kauth_lock); 1162 } 1163