The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/kern/sysv_ipc.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: sysv_ipc.c,v 1.7 1994/06/29 06:33:11 cgd Exp $ */
    2 /*-
    3  * Copyright (c) 1994 Herb Peyerl <hpeyerl@novatel.ca>
    4  * Copyright (c) 2006 nCircle Network Security, Inc.
    5  * All rights reserved.
    6  *
    7  * This software was developed by Robert N. M. Watson for the TrustedBSD
    8  * Project under contract to nCircle Network Security, Inc.
    9  *
   10  * Redistribution and use in source and binary forms, with or without
   11  * modification, are permitted provided that the following conditions
   12  * are met:
   13  * 1. Redistributions of source code must retain the above copyright
   14  *    notice, this list of conditions and the following disclaimer.
   15  * 2. Redistributions in binary form must reproduce the above copyright
   16  *    notice, this list of conditions and the following disclaimer in the
   17  *    documentation and/or other materials provided with the distribution.
   18  * 3. All advertising materials mentioning features or use of this software
   19  *    must display the following acknowledgement:
   20  *      This product includes software developed by Herb Peyerl.
   21  * 4. The name of Herb Peyerl may not be used to endorse or promote products
   22  *    derived from this software without specific prior written permission.
   23  *
   24  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   25  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   26  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   27  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   28  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   29  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   30  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   31  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   32  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   33  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   34  */
   35 
   36 #include <sys/cdefs.h>
   37 __FBSDID("$FreeBSD$");
   38 
   39 #include "opt_sysvipc.h"
   40 
   41 #include <sys/param.h>
   42 #include <sys/systm.h>
   43 #include <sys/sem.h>
   44 #include <sys/shm.h>
   45 #include <sys/ipc.h>
   46 #include <sys/priv.h>
   47 #include <sys/proc.h>
   48 #include <sys/ucred.h>
   49 
   50 void (*shmfork_hook)(struct proc *, struct proc *) = NULL;
   51 void (*shmexit_hook)(struct vmspace *) = NULL;
   52 
   53 /* called from kern_fork.c */
   54 void
   55 shmfork(p1, p2)
   56         struct proc *p1, *p2;
   57 {
   58 
   59         if (shmfork_hook != NULL)
   60                 shmfork_hook(p1, p2);
   61         return;
   62 }
   63 
   64 /* called from kern_exit.c */
   65 void
   66 shmexit(struct vmspace *vm)
   67 {
   68 
   69         if (shmexit_hook != NULL)
   70                 shmexit_hook(vm);
   71         return;
   72 }
   73 
   74 /*
   75  * Check for IPC permission.
   76  *
   77  * Note: The MAC Framework does not require any modifications to the
   78  * ipcperm() function, as access control checks are performed throughout the
   79  * implementation of each primitive.  Those entry point calls complement the
   80  * ipcperm() discertionary checks.  Unlike file system discretionary access
   81  * control, the original create of an object is given the same rights as the
   82  * current owner.
   83  */
   84 int
   85 ipcperm(struct thread *td, struct ipc_perm *perm, int acc_mode)
   86 {
   87         struct ucred *cred = td->td_ucred;
   88         int error, obj_mode, dac_granted, priv_granted;
   89 
   90         dac_granted = 0;
   91         if (cred->cr_uid == perm->cuid || cred->cr_uid == perm->uid) {
   92                 obj_mode = perm->mode;
   93                 dac_granted |= IPC_M;
   94         } else if (groupmember(perm->gid, cred) ||
   95             groupmember(perm->cgid, cred)) {
   96                 obj_mode = perm->mode;
   97                 obj_mode <<= 3;
   98         } else {
   99                 obj_mode = perm->mode;
  100                 obj_mode <<= 6;
  101         }
  102 
  103         /*
  104          * While the System V IPC permission model allows IPC_M to be
  105          * granted, as part of the mode, our implementation requires
  106          * privilege to adminster the object if not the owner or creator.
  107          */
  108 #if 0
  109         if (obj_mode & IPC_M)
  110                 dac_granted |= IPC_M;
  111 #endif
  112         if (obj_mode & IPC_R)
  113                 dac_granted |= IPC_R;
  114         if (obj_mode & IPC_W)
  115                 dac_granted |= IPC_W;
  116 
  117         /*
  118          * Simple case: all required rights are granted by DAC.
  119          */
  120         if ((dac_granted & acc_mode) == acc_mode)
  121                 return (0);
  122 
  123         /*
  124          * Privilege is required to satisfy the request.
  125          */
  126         priv_granted = 0;
  127         if ((acc_mode & IPC_M) && !(dac_granted & IPC_M)) {
  128                 error = priv_check(td, PRIV_IPC_ADMIN);
  129                 if (error == 0)
  130                         priv_granted |= IPC_M;
  131         }
  132 
  133         if ((acc_mode & IPC_R) && !(dac_granted & IPC_R)) {
  134                 error = priv_check(td, PRIV_IPC_READ);
  135                 if (error == 0)
  136                         priv_granted |= IPC_R;
  137         }
  138 
  139         if ((acc_mode & IPC_W) && !(dac_granted & IPC_W)) {
  140                 error = priv_check(td, PRIV_IPC_WRITE);
  141                 if (error == 0)
  142                         priv_granted |= IPC_W;
  143         }
  144 
  145         if (((dac_granted | priv_granted) & acc_mode) == acc_mode)
  146                 return (0);
  147         else
  148                 return (EACCES);
  149 }
  150 
  151 void
  152 ipcperm_old2new(struct ipc_perm_old *old, struct ipc_perm *new)
  153 {
  154 
  155         new->cuid = old->cuid;
  156         new->cgid = old->cgid;
  157         new->uid = old->uid;
  158         new->gid = old->gid;
  159         new->mode = old->mode;
  160         new->seq = old->seq;
  161         new->key = old->key;
  162 }
  163 
  164 void
  165 ipcperm_new2old(struct ipc_perm *new, struct ipc_perm_old *old)
  166 {
  167 
  168         /* XXX: How to handle ID's > USHORT_MAX? */
  169         old->cuid = new->cuid;
  170         old->cgid = new->cgid;
  171         old->uid = new->uid;
  172         old->gid = new->gid;
  173         old->mode = new->mode;
  174         old->seq = new->seq;
  175         old->key = new->key;
  176 }

Cache object: 623fe492ed9a75656daa9881049babf0


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.