FreeBSD/Linux Kernel Cross Reference
sys/kern/sysv_ipc.c
1 /*-
2 * SPDX-License-Identifier: BSD-4-Clause
3 *
4 * Copyright (c) 1994 Herb Peyerl <hpeyerl@novatel.ca>
5 * Copyright (c) 2006 nCircle Network Security, Inc.
6 * All rights reserved.
7 *
8 * This software was developed by Robert N. M. Watson for the TrustedBSD
9 * Project under contract to nCircle Network Security, Inc.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 * 3. All advertising materials mentioning features or use of this software
20 * must display the following acknowledgement:
21 * This product includes software developed by Herb Peyerl.
22 * 4. The name of Herb Peyerl may not be used to endorse or promote products
23 * derived from this software without specific prior written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 *
36 * $NetBSD: sysv_ipc.c,v 1.9 1995/06/02 19:04:22 mycroft Exp $
37 */
38
39 #include <sys/cdefs.h>
40 __FBSDID("$FreeBSD$");
41
42 #include "opt_sysvipc.h"
43
44 #include <sys/param.h>
45 #include <sys/systm.h>
46 #include <sys/sem.h>
47 #include <sys/shm.h>
48 #include <sys/ipc.h>
49 #include <sys/priv.h>
50 #include <sys/proc.h>
51 #include <sys/ucred.h>
52
53 void (*shmfork_hook)(struct proc *, struct proc *) = NULL;
54 void (*shmexit_hook)(struct vmspace *) = NULL;
55
56 /* called from kern_fork.c */
57 void
58 shmfork(p1, p2)
59 struct proc *p1, *p2;
60 {
61
62 if (shmfork_hook != NULL)
63 shmfork_hook(p1, p2);
64 return;
65 }
66
67 /* called from kern_exit.c */
68 void
69 shmexit(struct vmspace *vm)
70 {
71
72 if (shmexit_hook != NULL)
73 shmexit_hook(vm);
74 return;
75 }
76
77 /*
78 * Check for IPC permission.
79 *
80 * Note: The MAC Framework does not require any modifications to the
81 * ipcperm() function, as access control checks are performed throughout the
82 * implementation of each primitive. Those entry point calls complement the
83 * ipcperm() discertionary checks. Unlike file system discretionary access
84 * control, the original create of an object is given the same rights as the
85 * current owner.
86 */
87 int
88 ipcperm(struct thread *td, struct ipc_perm *perm, int acc_mode)
89 {
90 struct ucred *cred = td->td_ucred;
91 int error, obj_mode, dac_granted, priv_granted;
92
93 dac_granted = 0;
94 if (cred->cr_uid == perm->cuid || cred->cr_uid == perm->uid) {
95 obj_mode = perm->mode;
96 dac_granted |= IPC_M;
97 } else if (groupmember(perm->gid, cred) ||
98 groupmember(perm->cgid, cred)) {
99 obj_mode = perm->mode;
100 obj_mode <<= 3;
101 } else {
102 obj_mode = perm->mode;
103 obj_mode <<= 6;
104 }
105
106 /*
107 * While the System V IPC permission model allows IPC_M to be
108 * granted, as part of the mode, our implementation requires
109 * privilege to adminster the object if not the owner or creator.
110 */
111 #if 0
112 if (obj_mode & IPC_M)
113 dac_granted |= IPC_M;
114 #endif
115 if (obj_mode & IPC_R)
116 dac_granted |= IPC_R;
117 if (obj_mode & IPC_W)
118 dac_granted |= IPC_W;
119
120 /*
121 * Simple case: all required rights are granted by DAC.
122 */
123 if ((dac_granted & acc_mode) == acc_mode)
124 return (0);
125
126 /*
127 * Privilege is required to satisfy the request.
128 */
129 priv_granted = 0;
130 if ((acc_mode & IPC_M) && !(dac_granted & IPC_M)) {
131 error = priv_check(td, PRIV_IPC_ADMIN);
132 if (error == 0)
133 priv_granted |= IPC_M;
134 }
135
136 if ((acc_mode & IPC_R) && !(dac_granted & IPC_R)) {
137 error = priv_check(td, PRIV_IPC_READ);
138 if (error == 0)
139 priv_granted |= IPC_R;
140 }
141
142 if ((acc_mode & IPC_W) && !(dac_granted & IPC_W)) {
143 error = priv_check(td, PRIV_IPC_WRITE);
144 if (error == 0)
145 priv_granted |= IPC_W;
146 }
147
148 if (((dac_granted | priv_granted) & acc_mode) == acc_mode)
149 return (0);
150 else
151 return (EACCES);
152 }
153
154 #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
155 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
156 void
157 ipcperm_old2new(struct ipc_perm_old *old, struct ipc_perm *new)
158 {
159
160 new->cuid = old->cuid;
161 new->cgid = old->cgid;
162 new->uid = old->uid;
163 new->gid = old->gid;
164 new->mode = old->mode;
165 new->seq = old->seq;
166 new->key = old->key;
167 }
168
169 void
170 ipcperm_new2old(struct ipc_perm *new, struct ipc_perm_old *old)
171 {
172
173 /* XXX: How to handle ID's > USHORT_MAX? */
174 old->cuid = new->cuid;
175 old->cgid = new->cgid;
176 old->uid = new->uid;
177 old->gid = new->gid;
178 old->mode = new->mode;
179 old->seq = new->seq;
180 old->key = new->key;
181 }
182 #endif
183
184 #ifdef COMPAT_FREEBSD32
185 #include <sys/mount.h>
186 #include <sys/socket.h>
187 #include <compat/freebsd32/freebsd32.h>
188 #include <compat/freebsd32/freebsd32_ipc.h>
189 #include <compat/freebsd32/freebsd32_proto.h>
190 #include <compat/freebsd32/freebsd32_signal.h>
191 #include <compat/freebsd32/freebsd32_syscall.h>
192 #include <compat/freebsd32/freebsd32_util.h>
193
194 #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
195 defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
196 void
197 freebsd32_ipcperm_old_in(struct ipc_perm32_old *ip32, struct ipc_perm *ip)
198 {
199
200 CP(*ip32, *ip, cuid);
201 CP(*ip32, *ip, cgid);
202 CP(*ip32, *ip, uid);
203 CP(*ip32, *ip, gid);
204 CP(*ip32, *ip, mode);
205 CP(*ip32, *ip, seq);
206 CP(*ip32, *ip, key);
207 }
208
209 void
210 freebsd32_ipcperm_old_out(struct ipc_perm *ip, struct ipc_perm32_old *ip32)
211 {
212
213 CP(*ip, *ip32, cuid);
214 CP(*ip, *ip32, cgid);
215 CP(*ip, *ip32, uid);
216 CP(*ip, *ip32, gid);
217 CP(*ip, *ip32, mode);
218 CP(*ip, *ip32, seq);
219 CP(*ip, *ip32, key);
220 }
221 #endif
222
223 void
224 freebsd32_ipcperm_in(struct ipc_perm32 *ip32, struct ipc_perm *ip)
225 {
226
227 CP(*ip32, *ip, cuid);
228 CP(*ip32, *ip, cgid);
229 CP(*ip32, *ip, uid);
230 CP(*ip32, *ip, gid);
231 CP(*ip32, *ip, mode);
232 CP(*ip32, *ip, seq);
233 CP(*ip32, *ip, key);
234 }
235
236 void
237 freebsd32_ipcperm_out(struct ipc_perm *ip, struct ipc_perm32 *ip32)
238 {
239
240 CP(*ip, *ip32, cuid);
241 CP(*ip, *ip32, cgid);
242 CP(*ip, *ip32, uid);
243 CP(*ip, *ip32, gid);
244 CP(*ip, *ip32, mode);
245 CP(*ip, *ip32, seq);
246 CP(*ip, *ip32, key);
247 }
248 #endif
Cache object: c5bfc1f054c10b798e6c5bf129cdc054
|