X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/43866e378188c25dd1e2208016ab3cbeb086ae6c..c6bf4f310a33a9262d455ea4d3f0630b1255e3fe:/bsd/kern/sysv_ipc.c diff --git a/bsd/kern/sysv_ipc.c b/bsd/kern/sysv_ipc.c index 9b63e4fa1..926ce9f7e 100644 --- a/bsd/kern/sysv_ipc.c +++ b/bsd/kern/sysv_ipc.c @@ -1,17 +1,20 @@ /* * Copyright (c) 2000 Apple Computer, Inc. All rights reserved. * - * @APPLE_LICENSE_HEADER_START@ - * - * Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved. - * + * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ + * * This file contains Original Code and/or Modifications of Original Code * as defined in and that are subject to the Apple Public Source License * Version 2.0 (the 'License'). You may not use this file except in - * compliance with the License. Please obtain a copy of the License at - * http://www.opensource.apple.com/apsl/ and read it before using this - * file. - * + * compliance with the License. The rights granted to you under the License + * may not be used to create, or enable the creation or redistribution of, + * unlawful or unlicensed copies of an Apple operating system, or to + * circumvent, violate, or enable the circumvention or violation of, any + * terms of an Apple operating system software license agreement. + * + * Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this file. + * * The Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, @@ -19,8 +22,8 @@ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. * Please see the License for the specific language governing rights and * limitations under the License. - * - * @APPLE_LICENSE_HEADER_END@ + * + * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ /* $NetBSD: sysv_ipc.c,v 1.7 1994/06/29 06:33:11 cgd Exp $ */ @@ -57,106 +60,104 @@ #include #include +#include /* mode constants */ #include +#include /* * Check for ipc permission - * - * XXX: Should pass proc argument so that we can pass - * XXX: proc->p_acflag to suser() */ -int -ipcperm(cred, perm, mode) - struct ucred *cred; - struct ipc_perm *perm; - int mode; -{ - - if (!suser(cred, (u_short *)NULL)) - return (0); - - /* Check for user match. */ - if (cred->cr_uid != perm->cuid && cred->cr_uid != perm->uid) { - if (mode & IPC_M) - return (EPERM); - /* Check for group match. */ - mode >>= 3; - if (!groupmember(perm->gid, cred) && - !groupmember(perm->cgid, cred)) - /* Check for `other' match. */ - mode >>= 3; - } - - if (mode & IPC_M) - return (0); - return ((mode & perm->mode) == mode ? 0 : EACCES); -} - - /* - * SYSVMSG stubs + * ipc_perm + * + * perm->mode mode of the object + * mode mode bits we want to test + * + * Returns: 0 Success + * EPERM + * EACCES + * + * Notes: The IPC_M bit is special, in that it may only be granted to + * root, the creating user, or the owning user. + * + * This code does not use posix_cred_access() because of the + * need to check both creator and owner separately when we are + * considering a rights grant. Because of this, we need to do + * two evaluations when the values are inequal, which can lead + * us to defeat the callout avoidance optimization. So we do + * the work here, inline. This is less than optimal for any + * future work involving opacity of of POSIX credentials. + * + * Setting up the mode_owner / mode_group / mode_world implicitly + * masks the IPC_M bit off. This is intentional. + * + * See the posix_cred_access() implementation for algorithm + * information. */ - -int -msgsys(p, uap) - struct proc *p; - /* XXX actually varargs. */ -#if 0 - struct msgsys_args *uap; -#else - void *uap; -#endif -{ - return(EOPNOTSUPP); -}; - -int -msgctl(p, uap) - struct proc *p; -#if 0 - register struct msgctl_args *uap; -#else - void *uap; -#endif -{ - return(EOPNOTSUPP); -}; - int -msgget(p, uap) - struct proc *p; -#if 0 - register struct msgget_args *uap; -#else - void *uap; -#endif +ipcperm(kauth_cred_t cred, struct ipc_perm *perm, int mode_req) { - return(EOPNOTSUPP); -}; + uid_t uid = kauth_cred_getuid(cred); /* avoid multiple calls */ + int want_mod_controlinfo = (mode_req & IPC_M); + int is_member; + mode_t mode_owner = (perm->mode & S_IRWXU); + mode_t mode_group = (perm->mode & S_IRWXG) << 3; + mode_t mode_world = (perm->mode & S_IRWXO) << 6; + + /* Grant all rights to super user */ + if (!suser(cred, (u_short *)NULL)) { + return 0; + } -int -msgsnd(p, uap) - struct proc *p; -#if 0 - register struct msgsnd_args *uap; -#else - void *uap; -#endif -{ - return(EOPNOTSUPP); -}; + /* Grant or deny rights based on ownership */ + if (uid == perm->cuid || uid == perm->uid) { + if (want_mod_controlinfo) { + return 0; + } + + return (mode_req & mode_owner) == mode_req ? 0 : EACCES; + } else { + /* everyone else who wants to modify control info is denied */ + if (want_mod_controlinfo) { + return EPERM; + } + } -int -msgrcv(p, uap) - struct proc *p; -#if 0 - register struct msgrcv_args *uap; -#else - void *uap; -#endif -{ - return(EOPNOTSUPP); -}; + /* + * Combined group and world rights check, if no owner rights; positive + * asssertion of gid/cgid equality avoids an extra callout in the + * common case. + */ + if ((mode_req & mode_group & mode_world) == mode_req) { + return 0; + } else { + if ((mode_req & mode_group) != mode_req) { + if ((!kauth_cred_ismember_gid(cred, perm->gid, &is_member) && is_member) && + ((perm->gid == perm->cgid) || + (!kauth_cred_ismember_gid(cred, perm->cgid, &is_member) && is_member))) { + return EACCES; + } else { + if ((mode_req & mode_world) != mode_req) { + return EACCES; + } else { + return 0; + } + } + } else { + if ((!kauth_cred_ismember_gid(cred, perm->gid, &is_member) && is_member) || + ((perm->gid != perm->cgid) && + (!kauth_cred_ismember_gid(cred, perm->cgid, &is_member) && is_member))) { + return 0; + } else { + if ((mode_req & mode_world) != mode_req) { + return EACCES; + } else { + return 0; + } + } + } + } +}