/*
* This function is called to check whether the credentials set
* "scrp" has permission to act on credentials set "tcrp". It enforces the
* permission requirements needed to send a signal to a process.
* The same requirements are imposed by other system calls, however.
*
* The rules are:
* (1) if the credentials are the same, the check succeeds
* (2) if the zone ids don't match, and scrp is not in the global zone or
* does not have the PRIV_PROC_ZONE privilege, the check fails
* (3) if the real or effective user id of scrp matches the real or saved
* user id of tcrp or scrp has the PRIV_PROC_OWNER privilege, the check
* succeeds
* (4) otherwise, the check fails
*/
int
hasprocperm(const cred_t *tcrp, const cred_t *scrp)
{
if (scrp == tcrp)
return (1);
if (scrp->cr_zone != tcrp->cr_zone &&
(scrp->cr_zone != global_zone ||
secpolicy_proc_zone(scrp) != 0))
return (0);
if (scrp->cr_uid == tcrp->cr_ruid ||
scrp->cr_ruid == tcrp->cr_ruid ||
scrp->cr_uid == tcrp->cr_suid ||
scrp->cr_ruid == tcrp->cr_suid ||
!PRIV_POLICY(scrp, PRIV_PROC_OWNER, B_FALSE, EPERM, "hasprocperm"))
return (1);
return (0);
}
/* ARGSUSED */
int
dadk_ioctl(opaque_t objp, dev_t dev, int cmd, intptr_t arg, int flag,
cred_t *cred_p, int *rval_p)
{
struct dadk *dadkp = (struct dadk *)objp;
switch (cmd) {
case DKIOCGETDEF:
{
struct buf *bp;
int err, head;
unsigned char *secbuf;
STRUCT_DECL(defect_header, adh);
STRUCT_INIT(adh, flag & FMODELS);
/*
* copyin header ....
* yields head number and buffer address
*/
if (ddi_copyin((caddr_t)arg, STRUCT_BUF(adh), STRUCT_SIZE(adh),
flag))
return (EFAULT);
head = STRUCT_FGET(adh, head);
if (head < 0 || head >= dadkp->dad_phyg.g_head)
return (ENXIO);
secbuf = kmem_zalloc(NBPSCTR, KM_SLEEP);
if (!secbuf)
return (ENOMEM);
bp = getrbuf(KM_SLEEP);
if (!bp) {
kmem_free(secbuf, NBPSCTR);
return (ENOMEM);
}
bp->b_edev = dev;
bp->b_dev = cmpdev(dev);
bp->b_flags = B_BUSY;
bp->b_resid = 0;
bp->b_bcount = NBPSCTR;
bp->b_un.b_addr = (caddr_t)secbuf;
bp->b_blkno = head; /* I had to put it somwhere! */
bp->b_forw = (struct buf *)dadkp;
bp->b_back = (struct buf *)DCMD_GETDEF;
mutex_enter(&dadkp->dad_cmd_mutex);
dadkp->dad_cmd_count++;
mutex_exit(&dadkp->dad_cmd_mutex);
FLC_ENQUE(dadkp->dad_flcobjp, bp);
err = biowait(bp);
if (!err) {
if (ddi_copyout((caddr_t)secbuf,
STRUCT_FGETP(adh, buffer), NBPSCTR, flag))
err = ENXIO;
}
kmem_free(secbuf, NBPSCTR);
freerbuf(bp);
return (err);
}
case DIOCTL_RWCMD:
{
struct dadkio_rwcmd *rwcmdp;
int status, rw;
/*
* copied in by cmdk and, if necessary, converted to the
* correct datamodel
*/
rwcmdp = (struct dadkio_rwcmd *)(intptr_t)arg;
/*
* handle the complex cases here; we pass these
* through to the driver, which will queue them and
* handle the requests asynchronously. The simpler
* cases ,which can return immediately, fail here, and
* the request reverts to the dadk_ioctl routine, while
* will reroute them directly to the ata driver.
*/
switch (rwcmdp->cmd) {
case DADKIO_RWCMD_READ :
/*FALLTHROUGH*/
case DADKIO_RWCMD_WRITE:
rw = ((rwcmdp->cmd == DADKIO_RWCMD_WRITE) ?
B_WRITE : B_READ);
status = dadk_dk_buf_setup(dadkp,
(opaque_t)rwcmdp, dev, ((flag &FKIOCTL) ?
UIO_SYSSPACE : UIO_USERSPACE), rw);
return (status);
default:
return (EINVAL);
}
}
case DKIOC_UPDATEFW:
/*
* Require PRIV_ALL privilege to invoke DKIOC_UPDATEFW
* to protect the firmware update from malicious use
*/
if (PRIV_POLICY(cred_p, PRIV_ALL, B_FALSE, EPERM, NULL) != 0)
return (EPERM);
else
return (dadk_ctl_ioctl(dadkp, cmd, arg, flag));
case DKIOCFLUSHWRITECACHE:
{
struct buf *bp;
int err = 0;
struct dk_callback *dkc = (struct dk_callback *)arg;
struct cmpkt *pktp;
int is_sync = 1;
mutex_enter(&dadkp->dad_mutex);
if (dadkp->dad_noflush || ! dadkp->dad_wce) {
err = dadkp->dad_noflush ? ENOTSUP : 0;
mutex_exit(&dadkp->dad_mutex);
/*
* If a callback was requested: a
* callback will always be done if the
* caller saw the DKIOCFLUSHWRITECACHE
* ioctl return 0, and never done if the
* caller saw the ioctl return an error.
*/
if ((flag & FKIOCTL) && dkc != NULL &&
dkc->dkc_callback != NULL) {
(*dkc->dkc_callback)(dkc->dkc_cookie,
err);
/*
* Did callback and reported error.
* Since we did a callback, ioctl
* should return 0.
*/
err = 0;
}
return (err);
}
mutex_exit(&dadkp->dad_mutex);
bp = getrbuf(KM_SLEEP);
bp->b_edev = dev;
bp->b_dev = cmpdev(dev);
bp->b_flags = B_BUSY;
bp->b_resid = 0;
bp->b_bcount = 0;
SET_BP_SEC(bp, 0);
if ((flag & FKIOCTL) && dkc != NULL &&
dkc->dkc_callback != NULL) {
struct dk_callback *dkc2 =
(struct dk_callback *)kmem_zalloc(
sizeof (struct dk_callback), KM_SLEEP);
bcopy(dkc, dkc2, sizeof (*dkc2));
bp->b_private = dkc2;
bp->b_iodone = dadk_flushdone;
is_sync = 0;
}
/*
* Setup command pkt
* dadk_pktprep() can't fail since DDI_DMA_SLEEP set
*/
pktp = dadk_pktprep(dadkp, NULL, bp,
dadk_iodone, DDI_DMA_SLEEP, NULL);
pktp->cp_time = DADK_FLUSH_CACHE_TIME;
*((char *)(pktp->cp_cdbp)) = DCMD_FLUSH_CACHE;
pktp->cp_byteleft = 0;
pktp->cp_private = NULL;
pktp->cp_secleft = 0;
pktp->cp_srtsec = -1;
pktp->cp_bytexfer = 0;
CTL_IOSETUP(dadkp->dad_ctlobjp, pktp);
mutex_enter(&dadkp->dad_cmd_mutex);
dadkp->dad_cmd_count++;
mutex_exit(&dadkp->dad_cmd_mutex);
FLC_ENQUE(dadkp->dad_flcobjp, bp);
if (is_sync) {
err = biowait(bp);
freerbuf(bp);
}
return (err);
}
default:
if (!dadkp->dad_rmb)
return (dadk_ctl_ioctl(dadkp, cmd, arg, flag));
}
switch (cmd) {
case CDROMSTOP:
return (dadk_rmb_ioctl(dadkp, DCMD_STOP_MOTOR, 0,
0, DADK_SILENT));
case CDROMSTART:
return (dadk_rmb_ioctl(dadkp, DCMD_START_MOTOR, 0,
0, DADK_SILENT));
case DKIOCLOCK:
return (dadk_rmb_ioctl(dadkp, DCMD_LOCK, 0, 0, DADK_SILENT));
case DKIOCUNLOCK:
return (dadk_rmb_ioctl(dadkp, DCMD_UNLOCK, 0, 0, DADK_SILENT));
case DKIOCEJECT:
case CDROMEJECT:
{
int ret;
if (ret = dadk_rmb_ioctl(dadkp, DCMD_UNLOCK, 0, 0,
DADK_SILENT)) {
return (ret);
}
if (ret = dadk_rmb_ioctl(dadkp, DCMD_EJECT, 0, 0,
DADK_SILENT)) {
return (ret);
}
mutex_enter(&dadkp->dad_mutex);
dadkp->dad_iostate = DKIO_EJECTED;
cv_broadcast(&dadkp->dad_state_cv);
mutex_exit(&dadkp->dad_mutex);
return (0);
}
default:
return (ENOTTY);
/*
* cdrom audio commands
*/
case CDROMPAUSE:
cmd = DCMD_PAUSE;
break;
case CDROMRESUME:
cmd = DCMD_RESUME;
break;
case CDROMPLAYMSF:
cmd = DCMD_PLAYMSF;
break;
case CDROMPLAYTRKIND:
cmd = DCMD_PLAYTRKIND;
break;
case CDROMREADTOCHDR:
cmd = DCMD_READTOCHDR;
break;
case CDROMREADTOCENTRY:
cmd = DCMD_READTOCENT;
break;
case CDROMVOLCTRL:
cmd = DCMD_VOLCTRL;
break;
case CDROMSUBCHNL:
cmd = DCMD_SUBCHNL;
break;
case CDROMREADMODE2:
cmd = DCMD_READMODE2;
break;
case CDROMREADMODE1:
cmd = DCMD_READMODE1;
break;
case CDROMREADOFFSET:
cmd = DCMD_READOFFSET;
break;
}
return (dadk_rmb_ioctl(dadkp, cmd, arg, flag, 0));
}
/*
* Backward compatibility check for suser().
* Accounting flag is now set in the policy functions; auditing is
* done through use of privilege in the audit trail.
*/
int
suser(cred_t *cr)
{
return (PRIV_POLICY(cr, PRIV_SYS_SUSER_COMPAT, B_FALSE, EPERM, NULL)
== 0);
}