1 /* 2 * Copyright (c) 2013 Larisa Grigore <larisagrigore@gmail.com>. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by Herb Peyerl. 16 * 4. The name of Herb Peyerl may not be used to endorse or promote products 17 * derived from this software without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 #include <unistd.h> 32 33 #include "perm.h" 34 #include <errno.h> 35 36 static int 37 is_root(struct cmsgcred *cred) { 38 return (cred->cmcred_euid == 0); 39 } 40 41 static int 42 is_grpmember(gid_t gid, struct cmsgcred *cred) { 43 int n; 44 45 if (cred->cmcred_gid == gid) 46 return (1); 47 48 for (n = 0 ; n < cred->cmcred_ngroups ; n++) { 49 if (cred->cmcred_groups[n] == gid) 50 return (1); 51 } 52 53 return (0); 54 } 55 56 int 57 ipcperm(struct cmsgcred *cred, struct ipc_perm *perm, int mode) { 58 if (cred == NULL) 59 return (0); 60 61 if (cred->cmcred_euid != perm->cuid 62 && cred->cmcred_euid != perm->uid) { 63 /* In order to modify control info the caller must be 64 * owner, creator or privileged. 65 */ 66 if (mode & IPC_M) 67 return (is_root(cred) ? 0 : EACCES); 68 69 /* Check for group match. */ 70 mode >>= 3; 71 if (!is_grpmember(perm->gid, cred) && 72 !is_grpmember(perm->cgid, cred)) 73 mode >>= 3; 74 } 75 76 if (mode & IPC_M) 77 return (0); 78 79 if ((mode & perm->mode) == mode) 80 return (0); 81 82 if (is_root(cred)) 83 return (0); 84 85 return (EACCES); 86 } 87