/*
* Copyright (c) 2000 Apple Computer, Inc. All rights reserved.
*
- * @APPLE_LICENSE_HEADER_START@
- *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
+ *
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
+ * compliance with the License. The rights granted to you under the License
+ * may not be used to create, or enable the creation or redistribution of,
+ * unlawful or unlicensed copies of an Apple operating system, or to
+ * circumvent, violate, or enable the circumvention or violation of, any
+ * terms of an Apple operating system software license agreement.
+ *
+ * Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this file.
+ *
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
+ *
+ * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
/* $NetBSD: sysv_ipc.c,v 1.7 1994/06/29 06:33:11 cgd Exp $ */
#include <sys/param.h>
#include <sys/ipc.h>
+#include <sys/stat.h> /* mode constants */
#include <sys/ucred.h>
#include <sys/kauth.h>
/*
* Check for ipc permission
- *
- * XXX: Should pass proc argument so that we can pass
- * XXX: proc->p_acflag to suser()
*/
+
+/*
+ * ipc_perm
+ *
+ * perm->mode mode of the object
+ * mode mode bits we want to test
+ *
+ * Returns: 0 Success
+ * EPERM
+ * EACCES
+ *
+ * Notes: The IPC_M bit is special, in that it may only be granted to
+ * root, the creating user, or the owning user.
+ *
+ * This code does not use posix_cred_access() because of the
+ * need to check both creator and owner separately when we are
+ * considering a rights grant. Because of this, we need to do
+ * two evaluations when the values are inequal, which can lead
+ * us to defeat the callout avoidance optimization. So we do
+ * the work here, inline. This is less than optimal for any
+ * future work involving opacity of of POSIX credentials.
+ *
+ * Setting up the mode_owner / mode_group / mode_world implicitly
+ * masks the IPC_M bit off. This is intentional.
+ *
+ * See the posix_cred_access() implementation for algorithm
+ * information.
+ */
int
-ipcperm(kauth_cred_t cred, struct ipc_perm *perm, int mode)
+ipcperm(kauth_cred_t cred, struct ipc_perm *perm, int mode_req)
{
+ uid_t uid = kauth_cred_getuid(cred); /* avoid multiple calls */
+ int want_mod_controlinfo = (mode_req & IPC_M);
+ int is_member;
+ mode_t mode_owner = (perm->mode & S_IRWXU);
+ mode_t mode_group = (perm->mode & S_IRWXG) << 3;
+ mode_t mode_world = (perm->mode & S_IRWXO) << 6;
- if (!suser(cred, (u_short *)NULL))
- return (0);
+ /* Grant all rights to super user */
+ if (!suser(cred, (u_short *)NULL)) {
+ return 0;
+ }
- /* Check for user match. */
- if (kauth_cred_getuid(cred) != perm->cuid && kauth_cred_getuid(cred) != perm->uid) {
- int is_member;
+ /* Grant or deny rights based on ownership */
+ if (uid == perm->cuid || uid == perm->uid) {
+ if (want_mod_controlinfo) {
+ return 0;
+ }
- if (mode & IPC_M)
- return (EPERM);
- /* Check for group match. */
- mode >>= 3;
- if ((kauth_cred_ismember_gid(cred, perm->gid, &is_member) || !is_member) &&
- (kauth_cred_ismember_gid(cred, perm->cgid, &is_member) || !is_member))
- /* Check for `other' match. */
- mode >>= 3;
+ return (mode_req & mode_owner) == mode_req ? 0 : EACCES;
+ } else {
+ /* everyone else who wants to modify control info is denied */
+ if (want_mod_controlinfo) {
+ return EPERM;
+ }
}
- if (mode & IPC_M)
- return (0);
- return ((mode & perm->mode) == mode ? 0 : EACCES);
+ /*
+ * Combined group and world rights check, if no owner rights; positive
+ * asssertion of gid/cgid equality avoids an extra callout in the
+ * common case.
+ */
+ if ((mode_req & mode_group & mode_world) == mode_req) {
+ return 0;
+ } else {
+ if ((mode_req & mode_group) != mode_req) {
+ if ((!kauth_cred_ismember_gid(cred, perm->gid, &is_member) && is_member) &&
+ ((perm->gid == perm->cgid) ||
+ (!kauth_cred_ismember_gid(cred, perm->cgid, &is_member) && is_member))) {
+ return EACCES;
+ } else {
+ if ((mode_req & mode_world) != mode_req) {
+ return EACCES;
+ } else {
+ return 0;
+ }
+ }
+ } else {
+ if ((!kauth_cred_ismember_gid(cred, perm->gid, &is_member) && is_member) ||
+ ((perm->gid != perm->cgid) &&
+ (!kauth_cred_ismember_gid(cred, perm->cgid, &is_member) && is_member))) {
+ return 0;
+ } else {
+ if ((mode_req & mode_world) != mode_req) {
+ return EACCES;
+ } else {
+ return 0;
+ }
+ }
+ }
+ }
}