The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/kern/sysv_ipc.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*      $NetBSD: sysv_ipc.c,v 1.7 1994/06/29 06:33:11 cgd Exp $ */
    2 /*-
    3  * Copyright (c) 1994 Herb Peyerl <hpeyerl@novatel.ca>
    4  * Copyright (c) 2006 nCircle Network Security, Inc.
    5  * All rights reserved.
    6  *
    7  * This software was developed by Robert N. M. Watson for the TrustedBSD
    8  * Project under contract to nCircle Network Security, Inc.
    9  *
   10  * Redistribution and use in source and binary forms, with or without
   11  * modification, are permitted provided that the following conditions
   12  * are met:
   13  * 1. Redistributions of source code must retain the above copyright
   14  *    notice, this list of conditions and the following disclaimer.
   15  * 2. Redistributions in binary form must reproduce the above copyright
   16  *    notice, this list of conditions and the following disclaimer in the
   17  *    documentation and/or other materials provided with the distribution.
   18  * 3. All advertising materials mentioning features or use of this software
   19  *    must display the following acknowledgement:
   20  *      This product includes software developed by Herb Peyerl.
   21  * 4. The name of Herb Peyerl may not be used to endorse or promote products
   22  *    derived from this software without specific prior written permission.
   23  *
   24  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   25  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   26  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   27  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   28  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   29  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   30  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   31  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   32  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   33  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   34  */
   35 
   36 #include <sys/cdefs.h>
   37 __FBSDID("$FreeBSD$");
   38 
   39 #include "opt_compat.h"
   40 #include "opt_sysvipc.h"
   41 
   42 #include <sys/param.h>
   43 #include <sys/systm.h>
   44 #include <sys/sem.h>
   45 #include <sys/shm.h>
   46 #include <sys/ipc.h>
   47 #include <sys/priv.h>
   48 #include <sys/proc.h>
   49 #include <sys/ucred.h>
   50 
   51 void (*shmfork_hook)(struct proc *, struct proc *) = NULL;
   52 void (*shmexit_hook)(struct vmspace *) = NULL;
   53 
   54 /* called from kern_fork.c */
   55 void
   56 shmfork(p1, p2)
   57         struct proc *p1, *p2;
   58 {
   59 
   60         if (shmfork_hook != NULL)
   61                 shmfork_hook(p1, p2);
   62         return;
   63 }
   64 
   65 /* called from kern_exit.c */
   66 void
   67 shmexit(struct vmspace *vm)
   68 {
   69 
   70         if (shmexit_hook != NULL)
   71                 shmexit_hook(vm);
   72         return;
   73 }
   74 
   75 /*
   76  * Check for IPC permission.
   77  *
   78  * Note: The MAC Framework does not require any modifications to the
   79  * ipcperm() function, as access control checks are performed throughout the
   80  * implementation of each primitive.  Those entry point calls complement the
   81  * ipcperm() discertionary checks.  Unlike file system discretionary access
   82  * control, the original create of an object is given the same rights as the
   83  * current owner.
   84  */
   85 int
   86 ipcperm(struct thread *td, struct ipc_perm *perm, int acc_mode)
   87 {
   88         struct ucred *cred = td->td_ucred;
   89         int error, obj_mode, dac_granted, priv_granted;
   90 
   91         dac_granted = 0;
   92         if (cred->cr_uid == perm->cuid || cred->cr_uid == perm->uid) {
   93                 obj_mode = perm->mode;
   94                 dac_granted |= IPC_M;
   95         } else if (groupmember(perm->gid, cred) ||
   96             groupmember(perm->cgid, cred)) {
   97                 obj_mode = perm->mode;
   98                 obj_mode <<= 3;
   99         } else {
  100                 obj_mode = perm->mode;
  101                 obj_mode <<= 6;
  102         }
  103 
  104         /*
  105          * While the System V IPC permission model allows IPC_M to be
  106          * granted, as part of the mode, our implementation requires
  107          * privilege to adminster the object if not the owner or creator.
  108          */
  109 #if 0
  110         if (obj_mode & IPC_M)
  111                 dac_granted |= IPC_M;
  112 #endif
  113         if (obj_mode & IPC_R)
  114                 dac_granted |= IPC_R;
  115         if (obj_mode & IPC_W)
  116                 dac_granted |= IPC_W;
  117 
  118         /*
  119          * Simple case: all required rights are granted by DAC.
  120          */
  121         if ((dac_granted & acc_mode) == acc_mode)
  122                 return (0);
  123 
  124         /*
  125          * Privilege is required to satisfy the request.
  126          */
  127         priv_granted = 0;
  128         if ((acc_mode & IPC_M) && !(dac_granted & IPC_M)) {
  129                 error = priv_check(td, PRIV_IPC_ADMIN);
  130                 if (error == 0)
  131                         priv_granted |= IPC_M;
  132         }
  133 
  134         if ((acc_mode & IPC_R) && !(dac_granted & IPC_R)) {
  135                 error = priv_check(td, PRIV_IPC_READ);
  136                 if (error == 0)
  137                         priv_granted |= IPC_R;
  138         }
  139 
  140         if ((acc_mode & IPC_W) && !(dac_granted & IPC_W)) {
  141                 error = priv_check(td, PRIV_IPC_WRITE);
  142                 if (error == 0)
  143                         priv_granted |= IPC_W;
  144         }
  145 
  146         if (((dac_granted | priv_granted) & acc_mode) == acc_mode)
  147                 return (0);
  148         else
  149                 return (EACCES);
  150 }
  151 
  152 #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
  153     defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
  154 void
  155 ipcperm_old2new(struct ipc_perm_old *old, struct ipc_perm *new)
  156 {
  157 
  158         new->cuid = old->cuid;
  159         new->cgid = old->cgid;
  160         new->uid = old->uid;
  161         new->gid = old->gid;
  162         new->mode = old->mode;
  163         new->seq = old->seq;
  164         new->key = old->key;
  165 }
  166 
  167 void
  168 ipcperm_new2old(struct ipc_perm *new, struct ipc_perm_old *old)
  169 {
  170 
  171         /* XXX: How to handle ID's > USHORT_MAX? */
  172         old->cuid = new->cuid;
  173         old->cgid = new->cgid;
  174         old->uid = new->uid;
  175         old->gid = new->gid;
  176         old->mode = new->mode;
  177         old->seq = new->seq;
  178         old->key = new->key;
  179 }
  180 #endif
  181 
  182 #ifdef COMPAT_FREEBSD32
  183 #include <sys/mount.h>
  184 #include <sys/socket.h>
  185 #include <compat/freebsd32/freebsd32.h>
  186 #include <compat/freebsd32/freebsd32_ipc.h>
  187 #include <compat/freebsd32/freebsd32_proto.h>
  188 #include <compat/freebsd32/freebsd32_signal.h>
  189 #include <compat/freebsd32/freebsd32_syscall.h>
  190 #include <compat/freebsd32/freebsd32_util.h>
  191 
  192 #if defined(COMPAT_FREEBSD4) || defined(COMPAT_FREEBSD5) || \
  193     defined(COMPAT_FREEBSD6) || defined(COMPAT_FREEBSD7)
  194 void
  195 freebsd32_ipcperm_old_in(struct ipc_perm32_old *ip32, struct ipc_perm *ip)
  196 {
  197 
  198         CP(*ip32, *ip, cuid);
  199         CP(*ip32, *ip, cgid);
  200         CP(*ip32, *ip, uid);
  201         CP(*ip32, *ip, gid);
  202         CP(*ip32, *ip, mode);
  203         CP(*ip32, *ip, seq);
  204         CP(*ip32, *ip, key);
  205 }
  206 
  207 void
  208 freebsd32_ipcperm_old_out(struct ipc_perm *ip, struct ipc_perm32_old *ip32)
  209 {
  210 
  211         CP(*ip, *ip32, cuid);
  212         CP(*ip, *ip32, cgid);
  213         CP(*ip, *ip32, uid);
  214         CP(*ip, *ip32, gid);
  215         CP(*ip, *ip32, mode);
  216         CP(*ip, *ip32, seq);
  217         CP(*ip, *ip32, key);
  218 }
  219 #endif
  220 
  221 void
  222 freebsd32_ipcperm_in(struct ipc_perm32 *ip32, struct ipc_perm *ip)
  223 {
  224 
  225         CP(*ip32, *ip, cuid);
  226         CP(*ip32, *ip, cgid);
  227         CP(*ip32, *ip, uid);
  228         CP(*ip32, *ip, gid);
  229         CP(*ip32, *ip, mode);
  230         CP(*ip32, *ip, seq);
  231         CP(*ip32, *ip, key);
  232 }
  233 
  234 void
  235 freebsd32_ipcperm_out(struct ipc_perm *ip, struct ipc_perm32 *ip32)
  236 {
  237 
  238         CP(*ip, *ip32, cuid);
  239         CP(*ip, *ip32, cgid);
  240         CP(*ip, *ip32, uid);
  241         CP(*ip, *ip32, gid);
  242         CP(*ip, *ip32, mode);
  243         CP(*ip, *ip32, seq);
  244         CP(*ip, *ip32, key);
  245 }
  246 #endif

Cache object: af5b32637c4de7294abe51d8a26ef65d


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.