io-lx-public Cdiff usr/src/lib/libipadm/common/libipadm.c

Print this page

OS-4335 ipadm_door_call should work in a branded zone without chroot
OS-4336 ipmgmtd should work in a branded zone without chroot
Reviewed by: Robert Mustacchi <rm@joyent.com>
OS-2837 lx brand only works with shared IP stacks


*** 19,28 ****
--- 19,29 ----
   * CDDL HEADER END
   */
  
  /*
   * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+  * Copyright 2015 Joyent, Inc.
   * Copyright 2014 Nexenta Systems, Inc.  All rights reserved.
   */
  
  #include <stdio.h>
  #include <stdlib.h>
*** 283,297 ****
   * interfaces.
   */
  boolean_t
  ipadm_check_auth(void)
  {
          struct passwd   pwd;
          char            buf[NSS_BUFLEN_PASSWD];
  
          /* get the password entry for the given user ID */
!         if (getpwuid_r(getuid(), &pwd, buf, sizeof (buf)) == NULL)
                  return (B_FALSE);
  
          /* check for presence of given authorization */
          return (chkauthattr(NETWORK_INTERFACE_CONFIG_AUTH, pwd.pw_name) != 0);
  }
--- 284,306 ----
   * interfaces.
   */
  boolean_t
  ipadm_check_auth(void)
  {
+         int             uid;
          struct passwd   pwd;
          char            buf[NSS_BUFLEN_PASSWD];
  
+         /*
+          * Branded zones may have different kinds of auth, but root always
+          * allowed.
+          */
+         if ((uid = getuid()) == 0)
+                 return (B_TRUE);
+ 
          /* get the password entry for the given user ID */
!         if (getpwuid_r(uid, &pwd, buf, sizeof (buf)) == NULL)
                  return (B_FALSE);
  
          /* check for presence of given authorization */
          return (chkauthattr(NETWORK_INTERFACE_CONFIG_AUTH, pwd.pw_name) != 0);
  }
*** 895,907 ****
          darg.rbuf = *rbufp;
          darg.rsize = rsize;
  
  reopen:
          (void) pthread_mutex_lock(&iph->iph_lock);
!         /* The door descriptor is opened if it isn't already */
          if (iph->iph_door_fd == -1) {
!                 if ((iph->iph_door_fd = open(IPMGMT_DOOR, O_RDONLY)) < 0) {
                          err = errno;
                          (void) pthread_mutex_unlock(&iph->iph_lock);
                          return (err);
                  }
          }
--- 904,928 ----
          darg.rbuf = *rbufp;
          darg.rsize = rsize;
  
  reopen:
          (void) pthread_mutex_lock(&iph->iph_lock);
!         /*
!          * The door descriptor is opened if it isn't already.
!          */
          if (iph->iph_door_fd == -1) {
!                 char door[MAXPATHLEN];
!                 const char *zroot = zone_get_nroot();
! 
!                 /*
!                  * If this is a branded zone, make sure we use the "/native"
!                  * prefix for the door path:
!                  */
!                 (void) snprintf(door, sizeof (door), "%s%s", zroot != NULL ?
!                     zroot : "", IPMGMT_DOOR);
! 
!                 if ((iph->iph_door_fd = open(door, O_RDONLY)) < 0) {
                          err = errno;
                          (void) pthread_mutex_unlock(&iph->iph_lock);
                          return (err);
                  }
          }