xref: /dragonfly/usr.sbin/sysvipcd/perm.c (revision 0db87cb7) 
1 /*
2  * Copyright (c) 2013 Larisa Grigore <larisagrigore@gmail.com>.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. All advertising materials mentioning features or use of this software
14  *    must display the following acknowledgement:
15  *      This product includes software developed by Herb Peyerl.
16  * 4. The name of Herb Peyerl may not be used to endorse or promote products
17  *    derived from this software without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29  */
30 
31 #include <unistd.h>
32 
33 #include "perm.h"
34 #include <errno.h>
35 
36 static int
37 is_root(struct cmsgcred *cred) {
38 	return (cred->cmcred_euid == 0);
39 }
40 
41 static int
42 is_grpmember(gid_t gid, struct cmsgcred *cred) {
43 	int n;
44 
45 	if (cred->cmcred_gid == gid)
46 		return (1);
47 
48 	for (n = 0 ; n < cred->cmcred_ngroups ; n++) {
49 		if (cred->cmcred_groups[n] == gid)
50 			return (1);
51 	}
52 
53 	return (0);
54 }
55 
56 int
57 ipcperm(struct cmsgcred *cred, struct ipc_perm *perm, int mode) {
58 	if (cred == NULL)
59 		return (0);
60 
61 	if (cred->cmcred_euid != perm->cuid
62 			&& cred->cmcred_euid != perm->uid) {
63 		/* In order to modify control info the caller must be
64 		 * owner, creator or privileged.
65 		 */
66 		if (mode & IPC_M)
67 			return (is_root(cred) ? 0 : EACCES);
68 
69 		/* Check for group match. */
70 		mode >>= 3;
71 		if (!is_grpmember(perm->gid, cred) &&
72 				!is_grpmember(perm->cgid, cred))
73 			mode >>= 3;
74 	}
75 
76 	if (mode & IPC_M)
77 		return (0);
78 
79 	if ((mode & perm->mode) == mode)
80 		return (0);
81 
82 	if (is_root(cred))
83 		return (0);
84 
85 	return (EACCES);
86 }
87