1*65896a51Smaxv /* $NetBSD: umap_subr.c,v 1.29 2014/11/09 18:08:07 maxv Exp $ */
2cf92afd6Scgd
3cde1d475Smycroft /*
49866514dSwrstuden * Copyright (c) 1999 National Aeronautics & Space Administration
59866514dSwrstuden * All rights reserved.
69866514dSwrstuden *
79866514dSwrstuden * This software was written by William Studenmund of the
8e265f988Swiz * Numerical Aerospace Simulation Facility, NASA Ames Research Center.
99866514dSwrstuden *
109866514dSwrstuden * Redistribution and use in source and binary forms, with or without
119866514dSwrstuden * modification, are permitted provided that the following conditions
129866514dSwrstuden * are met:
139866514dSwrstuden * 1. Redistributions of source code must retain the above copyright
149866514dSwrstuden * notice, this list of conditions and the following disclaimer.
159866514dSwrstuden * 2. Redistributions in binary form must reproduce the above copyright
169866514dSwrstuden * notice, this list of conditions and the following disclaimer in the
179866514dSwrstuden * documentation and/or other materials provided with the distribution.
1895054da1Ssoren * 3. Neither the name of the National Aeronautics & Space Administration
199866514dSwrstuden * nor the names of its contributors may be used to endorse or promote
209866514dSwrstuden * products derived from this software without specific prior written
219866514dSwrstuden * permission.
229866514dSwrstuden *
239866514dSwrstuden * THIS SOFTWARE IS PROVIDED BY THE NATIONAL AERONAUTICS & SPACE ADMINISTRATION
249866514dSwrstuden * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
259866514dSwrstuden * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
269866514dSwrstuden * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE ADMINISTRATION OR CONTRIB-
279866514dSwrstuden * UTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
289866514dSwrstuden * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
299866514dSwrstuden * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
309866514dSwrstuden * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
319866514dSwrstuden * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
329866514dSwrstuden * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
339866514dSwrstuden * POSSIBILITY OF SUCH DAMAGE.
349866514dSwrstuden */
359866514dSwrstuden /*
36e5bc90f4Sfvdl * Copyright (c) 1992, 1993, 1995
37cde1d475Smycroft * The Regents of the University of California. All rights reserved.
38cde1d475Smycroft *
39cde1d475Smycroft * This code is derived from software donated to Berkeley by
40cde1d475Smycroft * Jan-Simon Pendry.
41cde1d475Smycroft *
42cde1d475Smycroft * Redistribution and use in source and binary forms, with or without
43cde1d475Smycroft * modification, are permitted provided that the following conditions
44cde1d475Smycroft * are met:
45cde1d475Smycroft * 1. Redistributions of source code must retain the above copyright
46cde1d475Smycroft * notice, this list of conditions and the following disclaimer.
47cde1d475Smycroft * 2. Redistributions in binary form must reproduce the above copyright
48cde1d475Smycroft * notice, this list of conditions and the following disclaimer in the
49cde1d475Smycroft * documentation and/or other materials provided with the distribution.
50aad01611Sagc * 3. Neither the name of the University nor the names of its contributors
51cde1d475Smycroft * may be used to endorse or promote products derived from this software
52cde1d475Smycroft * without specific prior written permission.
53cde1d475Smycroft *
54cde1d475Smycroft * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
55cde1d475Smycroft * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
56cde1d475Smycroft * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
57cde1d475Smycroft * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
58cde1d475Smycroft * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
59cde1d475Smycroft * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
60cde1d475Smycroft * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
61cde1d475Smycroft * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
62cde1d475Smycroft * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
63cde1d475Smycroft * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
64cde1d475Smycroft * SUCH DAMAGE.
65cde1d475Smycroft *
66cde1d475Smycroft * from: Id: lofs_subr.c, v 1.11 1992/05/30 10:05:43 jsp Exp
67e5bc90f4Sfvdl * @(#)umap_subr.c 8.9 (Berkeley) 5/14/95
68cde1d475Smycroft */
69cde1d475Smycroft
70e4b00f43Slukem #include <sys/cdefs.h>
71*65896a51Smaxv __KERNEL_RCSID(0, "$NetBSD: umap_subr.c,v 1.29 2014/11/09 18:08:07 maxv Exp $");
72e4b00f43Slukem
73cde1d475Smycroft #include <sys/param.h>
74cde1d475Smycroft #include <sys/systm.h>
75e5bc90f4Sfvdl #include <sys/proc.h>
76cde1d475Smycroft #include <sys/time.h>
77cde1d475Smycroft #include <sys/vnode.h>
78cde1d475Smycroft #include <sys/mount.h>
79cde1d475Smycroft #include <sys/namei.h>
80fc9422c9Selad #include <sys/kauth.h>
81fc9422c9Selad
82a3e9e809Scgd #include <miscfs/specfs/specdev.h>
83cde1d475Smycroft #include <miscfs/umapfs/umap.h>
84cde1d475Smycroft
85af97f2e8Sxtraeme u_long umap_findid(u_long, u_long [][2], int);
86af97f2e8Sxtraeme int umap_node_alloc(struct mount *, struct vnode *,
87af97f2e8Sxtraeme struct vnode **);
88631ccba6Schristos
89cde1d475Smycroft /*
90cde1d475Smycroft * umap_findid is called by various routines in umap_vnodeops.c to
91cde1d475Smycroft * find a user or group id in a map.
92cde1d475Smycroft */
939866514dSwrstuden u_long
umap_findid(u_long id,u_long map[][2],int nentries)94b8817e4aScegger umap_findid(u_long id, u_long map[][2], int nentries)
95cde1d475Smycroft {
96cde1d475Smycroft int i;
97cde1d475Smycroft
98cde1d475Smycroft /* Find uid entry in map */
99cde1d475Smycroft i = 0;
100cde1d475Smycroft while ((i<nentries) && ((map[i][0]) != id))
101cde1d475Smycroft i++;
102cde1d475Smycroft
103cde1d475Smycroft if (i < nentries)
104cde1d475Smycroft return (map[i][1]);
105cde1d475Smycroft else
106cde1d475Smycroft return (-1);
107cde1d475Smycroft
108cde1d475Smycroft }
109cde1d475Smycroft
110cde1d475Smycroft /*
111cde1d475Smycroft * umap_reverse_findid is called by umap_getattr() in umap_vnodeops.c to
112cde1d475Smycroft * find a user or group id in a map, in reverse.
113cde1d475Smycroft */
114cde1d475Smycroft u_long
umap_reverse_findid(u_long id,u_long map[][2],int nentries)115b8817e4aScegger umap_reverse_findid(u_long id, u_long map[][2], int nentries)
116cde1d475Smycroft {
117cde1d475Smycroft int i;
118cde1d475Smycroft
119cde1d475Smycroft /* Find uid entry in map */
120cde1d475Smycroft i = 0;
121cde1d475Smycroft while ((i<nentries) && ((map[i][1]) != id))
122cde1d475Smycroft i++;
123cde1d475Smycroft
124cde1d475Smycroft if (i < nentries)
125cde1d475Smycroft return (map[i][0]);
126cde1d475Smycroft else
127cde1d475Smycroft return (-1);
128cde1d475Smycroft
129cde1d475Smycroft }
130cde1d475Smycroft
131cde1d475Smycroft /* umap_mapids maps all of the ids in a credential, both user and group. */
132cde1d475Smycroft
133cde1d475Smycroft void
umap_mapids(struct mount * v_mount,kauth_cred_t credp)134454af1c0Sdsl umap_mapids(struct mount *v_mount, kauth_cred_t credp)
135cde1d475Smycroft {
136cde1d475Smycroft int i, unentries, gnentries;
137df052e72Scgd uid_t uid;
138df052e72Scgd gid_t gid;
139631ccba6Schristos u_long (*usermap)[2], (*groupmap)[2];
140fc9422c9Selad gid_t groups[NGROUPS];
141fc9422c9Selad uint16_t ngroups;
142cde1d475Smycroft
143821f05b0Splunky if (credp == NOCRED || credp == FSCRED)
144c685105fSthorpej return;
145c685105fSthorpej
146cde1d475Smycroft unentries = MOUNTTOUMAPMOUNT(v_mount)->info_nentries;
147631ccba6Schristos usermap = MOUNTTOUMAPMOUNT(v_mount)->info_mapdata;
148cde1d475Smycroft gnentries = MOUNTTOUMAPMOUNT(v_mount)->info_gnentries;
149631ccba6Schristos groupmap = MOUNTTOUMAPMOUNT(v_mount)->info_gmapdata;
150cde1d475Smycroft
151cde1d475Smycroft /* Find uid entry in map */
152cde1d475Smycroft
153fc9422c9Selad uid = (uid_t) umap_findid(kauth_cred_geteuid(credp), usermap, unentries);
154cde1d475Smycroft
155cde1d475Smycroft if (uid != -1)
156fc9422c9Selad kauth_cred_seteuid(credp, uid);
157cde1d475Smycroft else
158fc9422c9Selad kauth_cred_seteuid(credp, (uid_t)NOBODY);
159cde1d475Smycroft
16095ded74fSjtc #if 1
16195ded74fSjtc /* cr_gid is the same as cr_groups[0] in 4BSD, but not in NetBSD */
162cde1d475Smycroft
163cde1d475Smycroft /* Find gid entry in map */
164cde1d475Smycroft
165fc9422c9Selad gid = (gid_t) umap_findid(kauth_cred_getegid(credp), groupmap, gnentries);
166cde1d475Smycroft
167cde1d475Smycroft if (gid != -1)
168fc9422c9Selad kauth_cred_setegid(credp, gid);
169cde1d475Smycroft else
170fc9422c9Selad kauth_cred_setegid(credp, NULLGROUP);
171cde1d475Smycroft #endif
172cde1d475Smycroft
173cde1d475Smycroft /* Now we must map each of the set of groups in the cr_groups
174cde1d475Smycroft structure. */
175cde1d475Smycroft
176fc9422c9Selad ngroups = kauth_cred_ngroups(credp);
177fc9422c9Selad for (i = 0; i < ngroups; i++) {
178fc9422c9Selad /* XXX elad: can't we just skip cases where gid == -1? */
179fc9422c9Selad groups[i] = kauth_cred_group(credp, i);
180fc9422c9Selad gid = (gid_t) umap_findid(groups[i],
181cde1d475Smycroft groupmap, gnentries);
182cde1d475Smycroft if (gid != -1)
183fc9422c9Selad groups[i] = gid;
184cde1d475Smycroft else
185fc9422c9Selad groups[i] = NULLGROUP;
186cde1d475Smycroft }
187fc9422c9Selad
1886319443eSdsl kauth_cred_setgroups(credp, groups, ngroups, -1, UIO_SYSSPACE);
189cde1d475Smycroft }
190