4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /*
27 * Main door handler functions used by ipmgmtd to process the different door
28 * call requests, issued by the library libipadm.so.
29 */
30
31 #include <alloca.h>
32 #include <pwd.h>
33 #include <auth_attr.h>
34 #include <secdb.h>
35 #include <stdlib.h>
36 #include <stdio.h>
37 #include <string.h>
38 #include <strings.h>
39 #include <errno.h>
40 #include <assert.h>
41 #include <libnvpair.h>
42 #include "ipmgmt_impl.h"
43
95 ipmgmt_door_info_t *infop = NULL;
96 ipmgmt_retval_t retval;
97 int i;
98 uint_t err;
99 ucred_t *cred = NULL;
100
101 for (i = 0; i_ipmgmt_door_info_tbl[i].idi_cmd != 0; i++) {
102 if (i_ipmgmt_door_info_tbl[i].idi_cmd ==
103 ((ipmgmt_arg_t *)(void *)argp)->ia_cmd) {
104 infop = &i_ipmgmt_door_info_tbl[i];
105 break;
106 }
107 }
108
109 if (infop == NULL) {
110 ipmgmt_log(LOG_ERR, "Invalid door command specified");
111 err = EINVAL;
112 goto fail;
113 }
114
115 /* check for solaris.network.interface.config authorization */
116 if (infop->idi_set) {
117 uid_t uid;
118 struct passwd pwd;
119 char buf[1024];
120
121 if (door_ucred(&cred) != 0) {
122 err = errno;
123 ipmgmt_log(LOG_ERR, "Could not get user credentials.");
124 goto fail;
125 }
126 uid = ucred_getruid(cred);
127 if ((int)uid < 0) {
128 err = errno;
129 ipmgmt_log(LOG_ERR, "Could not get user id.");
130 goto fail;
131 }
132 if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) ==
133 NULL) {
134 err = errno;
135 ipmgmt_log(LOG_ERR, "Could not get password entry.");
136 goto fail;
137 }
138 if (chkauthattr(NETWORK_INTERFACE_CONFIG_AUTH,
139 pwd.pw_name) != 1) {
140 err = EPERM;
141 ipmgmt_log(LOG_ERR, "Not authorized for operation.");
142 goto fail;
143 }
144 ucred_free(cred);
145 }
146
147 /* individual handlers take care of calling door_return */
148 infop->idi_handler((void *)argp);
149 return;
150 fail:
151 ucred_free(cred);
152 retval.ir_err = err;
153 (void) door_return((char *)&retval, sizeof (retval), NULL, 0);
154 }
155
156 /*
157 * Handles the door command IPMGMT_CMD_GETPROP. It retrieves the persisted
158 * property value for the given property.
159 */
160 static void
161 ipmgmt_getprop_handler(void *argp)
162 {
163 ipmgmt_prop_arg_t *pargp = argp;
164 ipmgmt_getprop_rval_t rval, *rvalp = &rval;
165
|
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24 * Copyright 2014, Joyent, Inc. All rights reserved.
25 */
26
27 /*
28 * Main door handler functions used by ipmgmtd to process the different door
29 * call requests, issued by the library libipadm.so.
30 */
31
32 #include <alloca.h>
33 #include <pwd.h>
34 #include <auth_attr.h>
35 #include <secdb.h>
36 #include <stdlib.h>
37 #include <stdio.h>
38 #include <string.h>
39 #include <strings.h>
40 #include <errno.h>
41 #include <assert.h>
42 #include <libnvpair.h>
43 #include "ipmgmt_impl.h"
44
96 ipmgmt_door_info_t *infop = NULL;
97 ipmgmt_retval_t retval;
98 int i;
99 uint_t err;
100 ucred_t *cred = NULL;
101
102 for (i = 0; i_ipmgmt_door_info_tbl[i].idi_cmd != 0; i++) {
103 if (i_ipmgmt_door_info_tbl[i].idi_cmd ==
104 ((ipmgmt_arg_t *)(void *)argp)->ia_cmd) {
105 infop = &i_ipmgmt_door_info_tbl[i];
106 break;
107 }
108 }
109
110 if (infop == NULL) {
111 ipmgmt_log(LOG_ERR, "Invalid door command specified");
112 err = EINVAL;
113 goto fail;
114 }
115
116 /*
117 * if not root, check for solaris.network.interface.config authorization
118 */
119 if (infop->idi_set) {
120 uid_t uid;
121 struct passwd pwd;
122 char buf[1024];
123
124 if (door_ucred(&cred) != 0) {
125 err = errno;
126 ipmgmt_log(LOG_ERR, "Could not get user credentials.");
127 goto fail;
128 }
129 uid = ucred_getruid(cred);
130 ucred_free(cred);
131 if ((int)uid < 0) {
132 err = errno;
133 ipmgmt_log(LOG_ERR, "Could not get user id.");
134 goto fail;
135 }
136
137 /*
138 * Branded zones may have different auth, but root always
139 * allowed.
140 */
141 if (uid != 0) {
142 if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) == NULL) {
143 err = errno;
144 ipmgmt_log(LOG_ERR,
145 "Could not get password entry.");
146 goto fail;
147 }
148 if (chkauthattr(NETWORK_INTERFACE_CONFIG_AUTH,
149 pwd.pw_name) != 1) {
150 err = EPERM;
151 ipmgmt_log(LOG_ERR,
152 "Not authorized for operation.");
153 goto fail;
154 }
155 }
156 }
157
158 /* individual handlers take care of calling door_return */
159 infop->idi_handler((void *)argp);
160 return;
161 fail:
162 ucred_free(cred);
163 retval.ir_err = err;
164 (void) door_return((char *)&retval, sizeof (retval), NULL, 0);
165 }
166
167 /*
168 * Handles the door command IPMGMT_CMD_GETPROP. It retrieves the persisted
169 * property value for the given property.
170 */
171 static void
172 ipmgmt_getprop_handler(void *argp)
173 {
174 ipmgmt_prop_arg_t *pargp = argp;
175 ipmgmt_getprop_rval_t rval, *rvalp = &rval;
176
|