1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
24 * Use is subject to license terms.
25 */
26
27#pragma ident	"%Z%%M%	%I%	%E% SMI"
28
29#include "lint.h"
30#include "priv_private.h"
31#include "mtlib.h"
32#include "libc.h"
33#include <door.h>
34#include <errno.h>
35#include <priv.h>
36#include <klpd.h>
37#include <stdio.h>
38#include <stdlib.h>
39#include <string.h>
40#include <sys/klpd.h>
41#include <sys/param.h>
42#include <sys/syscall.h>
43#include <unistd.h>
44#include <netinet/in.h>
45
46typedef struct klpd_data {
47	boolean_t	(*kd_callback)(void *, const priv_set_t *, void *);
48	void		*kd_user_cookie;
49	int		kd_doorfd;
50} klpd_data_t;
51
52typedef struct klpd_ctxt {
53	klpd_data_t	*kc_data;
54	char		*kc_path;
55	int		kc_int;
56	int		kc_type;
57} klpd_ctxt_t;
58
59/* ARGSUSED */
60static void
61klpd_door_callback(void *kd_cookie, char *argp, size_t arg_size,
62    door_desc_t *dp, uint_t ndesc)
63{
64	klpd_data_t *p = kd_cookie;
65	int res;
66	klpd_ctxt_t ctx;
67	klpd_head_t *klh;
68	klpd_arg_t *ka;
69	priv_set_t *pset;
70
71	if (argp == DOOR_UNREF_DATA) {
72		(void) p->kd_callback(p->kd_user_cookie, NULL, NULL);
73		(void) door_return(NULL, 0, NULL, 0);
74	}
75
76	klh = (void *)argp;
77	ka = KLH_ARG(klh);
78	pset = KLH_PRIVSET(klh);
79
80	ctx.kc_type = ka == NULL ? KLPDARG_NONE : ka->kla_type;
81
82	switch (ctx.kc_type) {
83	case KLPDARG_NONE:
84		ctx.kc_path = NULL;
85		ctx.kc_int = -1;
86		break;
87	case KLPDARG_VNODE:
88		ctx.kc_path = ka->kla_str;
89		ctx.kc_int = -1;
90		break;
91	default:
92		ctx.kc_int = ka->kla_int;
93		ctx.kc_path = NULL;
94		break;
95	}
96
97	ctx.kc_data = p;
98
99	if (p->kd_callback(p->kd_user_cookie, pset, &ctx))
100		res = 0;
101	else
102		res = 1;
103
104	(void) door_return((char *)&res, sizeof (res), NULL, 0);
105}
106
107void *
108klpd_create(boolean_t (*callback)(void *, const priv_set_t *, void *),
109    void *cookie)
110{
111	klpd_data_t *p = malloc(sizeof (klpd_data_t));
112
113	if (p == NULL)
114		return (NULL);
115
116	p->kd_doorfd = door_create(klpd_door_callback, p,
117	    DOOR_REFUSE_DESC | DOOR_UNREF);
118	if (p->kd_doorfd == -1)
119		goto out;
120
121	p->kd_user_cookie = cookie;
122	p->kd_callback = callback;
123
124	return (p);
125
126out:
127	free(p);
128	return (NULL);
129}
130
131int
132klpd_register_id(const priv_set_t *set, void *handle, idtype_t type, id_t id)
133{
134	klpd_data_t *p = handle;
135	priv_data_t *d;
136
137	LOADPRIVDATA(d);
138
139	/* We really need to have the privilege set as argument here */
140	if (syscall(SYS_privsys, PRIVSYS_KLPD_REG, p->kd_doorfd, id,
141	    set, d->pd_setsize, type) == -1)
142		return (-1);
143
144	/* Registration for the current process?  Then do the thing. */
145	if (type == P_PID && (id == 0 || (pid_t)id == getpid())) {
146		(void) setppriv(PRIV_OFF, PRIV_INHERITABLE, set);
147		(void) setpflags(PRIV_XPOLICY, 1);
148	}
149	return (0);
150}
151
152int
153klpd_register(const priv_set_t *set, void *handle)
154{
155	return (klpd_register_id(set, handle, P_PID, -1));
156}
157
158int
159klpd_unregister_id(void *handle, idtype_t type, id_t id)
160{
161	klpd_data_t *p = handle;
162	int err;
163
164	err = syscall(SYS_privsys, PRIVSYS_KLPD_UNREG, p->kd_doorfd, id,
165	    (void *)NULL, 0L, type);
166	if (close(p->kd_doorfd) != 0)
167		err = -1;
168	free(p);
169	return (err);
170}
171
172int
173klpd_unregister(void *handle)
174{
175	return (klpd_unregister_id(handle, P_PID, -1));
176}
177
178const char *
179klpd_getpath(void *context)
180{
181	klpd_ctxt_t *p = context;
182
183	if (p->kc_type != KLPDARG_VNODE)
184		errno = EINVAL;
185	return (p->kc_path);
186}
187
188int
189klpd_getport(void *context, int *proto)
190{
191	klpd_ctxt_t *p = context;
192
193	switch (p->kc_type) {
194	case KLPDARG_TCPPORT:
195		*proto = IPPROTO_TCP;
196		break;
197	case KLPDARG_UDPPORT:
198		*proto = IPPROTO_UDP;
199		break;
200	case KLPDARG_SCTPPORT:
201		*proto = IPPROTO_SCTP;
202		break;
203	case KLPDARG_SDPPORT:
204		*proto = PROTO_SDP;
205		break;
206	default:
207		errno = EINVAL;
208		return (-1);
209	}
210	return (p->kc_int);
211}
212
213/*ARGSUSED*/
214int
215klpd_getucred(ucred_t **uc, void *context)
216{
217	return (door_ucred(uc));
218}
219