/*ARGSUSED*/ static void event_handler(void *cookie, char *argp, size_t asize, door_desc_t *dp, uint_t n_desc) { door_cred_t cred; nvlist_t *nvlp; char *dtype; if (piclevent_debug) syslog(LOG_INFO, "piclevent: got SLM event cookie:%p evarg:%p size:0x%x\n", cookie, argp, asize); if ((door_id < 0) || (argp == NULL) || (door_cred(&cred) < 0) || (cred.dc_euid != 0)) (void) door_return(argp, 0, NULL, 0); if (nvlist_unpack(argp, asize, &nvlp, NULL)) (void) door_return(argp, 0, NULL, 0); if (nvlist_lookup_string(nvlp, PICLEVENTARG_DATA_TYPE, &dtype)) { nvlist_free(nvlp); (void) door_return(argp, 0, NULL, 0); } if (strcmp(dtype, PICLEVENTARG_PICLEVENT_DATA) == 0) parse_piclevent(nvlp); /* * ignore other event data types */ nvlist_free(nvlp); (void) door_return(argp, 0, NULL, 0); }
int audit_save_me(door_data_t *door_dp) { door_cred_t client_cred; int ret_val; int i; ret_val = door_cred(&client_cred); if (ret_val == -1) return (ret_val); door_dp->audit_ap.ap_pid = client_cred.dc_pid; ret_val = auditon(A_GETPINFO_ADDR, (caddr_t)&door_dp->audit_ap, sizeof (door_dp->audit_ap)); if (ret_val == -1) return (ret_val); door_dp->audit_auid = door_dp->audit_ap.ap_auid; door_dp->audit_euid = client_cred.dc_euid; door_dp->audit_egid = client_cred.dc_egid; door_dp->audit_uid = client_cred.dc_ruid; door_dp->audit_gid = client_cred.dc_rgid; door_dp->audit_pid = client_cred.dc_pid; door_dp->audit_asid = door_dp->audit_ap.ap_asid; door_dp->audit_tid.at_port = door_dp->audit_ap.ap_termid.at_port; door_dp->audit_tid.at_type = door_dp->audit_ap.ap_termid.at_type; for (i = 0; i < (door_dp->audit_ap.ap_termid.at_type/4); i++) door_dp->audit_tid.at_addr[i] = door_dp->audit_ap.ap_termid.at_addr[i]; (void) audit_save_policy(door_dp); return (0); }
/* * This function returns the value of the PICL property specified by * its name. */ static void picld_get_attrval_by_name(picl_service_t *in) { picl_retattrvalbyname_t *ret; int err; size_t vbufsize; size_t len; door_cred_t cred; picl_nodehdl_t ptreeh; ptree_propinfo_t pinfo; if (door_cred(&cred) < 0) picld_return_error(in->in.cnum, PICL_FAILURE); err = cvt_picl2ptree(in->req_attrvalbyname.nodeh, &ptreeh); if (err != PICL_SUCCESS) picld_return_error(in->in.cnum, err); err = xptree_get_propinfo_by_name(ptreeh, in->req_attrvalbyname.propname, &pinfo); if (err != PICL_SUCCESS) picld_return_error(in->in.cnum, err); if (!(pinfo.piclinfo.accessmode & PICL_READ)) picld_return_error(in->in.cnum, PICL_NOTREADABLE); /* * allocate the minimum of piclinfo.size and input bufsize */ vbufsize = pinfo.piclinfo.size; vbufsize = MIN((size_t)in->req_attrvalbyname.bufsize, vbufsize); len = sizeof (picl_retattrvalbyname_t) + vbufsize; ret = alloca(len); if (ret == NULL) picld_return_error(in->in.cnum, PICL_FAILURE); ret->cnum = PICL_CNUM_GETATTRVALBYNAME; ret->nodeh = in->req_attrvalbyname.nodeh; (void) strcpy(ret->propname, in->req_attrvalbyname.propname); ret->nbytes = (uint32_t)vbufsize; err = xptree_get_propval_by_name_with_cred(ptreeh, in->req_attrvalbyname.propname, ret->ret_buf, vbufsize, cred); if (err != PICL_SUCCESS) picld_return_error(in->in.cnum, err); /* * adjust returned value size for charstrings */ if (pinfo.piclinfo.type == PICL_PTYPE_CHARSTRING) ret->nbytes = (uint32_t)strlen(ret->ret_buf) + 1; if ((pinfo.piclinfo.type == PICL_PTYPE_TABLE) || (pinfo.piclinfo.type == PICL_PTYPE_REFERENCE)) cvt_ptree2picl(&ret->ret_nodeh); (void) rw_unlock(&init_lk); (void) door_return((char *)ret, sizeof (picl_retattrvalbyname_t) + (size_t)ret->nbytes, NULL, 0); }
/* * This function returns the value of the PICL property */ static void picld_get_attrval(picl_service_t *in) { picl_retattrval_t *ret; int err; size_t vbufsize; size_t len; door_cred_t cred; picl_prophdl_t ptreeh; ptree_propinfo_t pinfo; if (door_cred(&cred) < 0) picld_return_error(in->in.cnum, PICL_FAILURE); err = cvt_picl2ptree(in->req_attrval.attr, &ptreeh); if (err != PICL_SUCCESS) picld_return_error(in->in.cnum, err); err = ptree_get_propinfo(ptreeh, &pinfo); if (err != PICL_SUCCESS) picld_return_error(in->in.cnum, err); if (!(pinfo.piclinfo.accessmode & PICL_READ)) picld_return_error(in->in.cnum, PICL_NOTREADABLE); vbufsize = pinfo.piclinfo.size; vbufsize = MIN((size_t)in->req_attrval.bufsize, vbufsize); len = sizeof (picl_retattrval_t) + vbufsize; ret = alloca(len); if (ret == NULL) picld_return_error(in->in.cnum, PICL_FAILURE); ret->cnum = PICL_CNUM_GETATTRVAL; ret->attr = in->req_attrval.attr; ret->nbytes = (uint32_t)vbufsize; err = xptree_get_propval_with_cred(ptreeh, ret->ret_buf, vbufsize, cred); if (err != PICL_SUCCESS) picld_return_error(in->in.cnum, err); /* * adjust returned bytes for charstrings */ if (pinfo.piclinfo.type == PICL_PTYPE_CHARSTRING) ret->nbytes = (uint32_t)strlen(ret->ret_buf) + 1; /* * convert handle values to picl handles */ if ((pinfo.piclinfo.type == PICL_PTYPE_TABLE) || (pinfo.piclinfo.type == PICL_PTYPE_REFERENCE)) cvt_ptree2picl(&ret->ret_nodeh); (void) rw_unlock(&init_lk); (void) door_return((char *)ret, sizeof (picl_retattrval_t) + (size_t)ret->nbytes, NULL, 0); }
/* * This function sets the value of a property specified by its name. */ static void picld_set_attrval_by_name(picl_service_t *in) { picl_retsetattrvalbyname_t ret; int err; door_cred_t cred; picl_prophdl_t ptreeh; ptree_propinfo_t pinfo; if (door_cred(&cred) < 0) picld_return_error(in->in.cnum, PICL_FAILURE); err = cvt_picl2ptree(in->req_setattrvalbyname.nodeh, &ptreeh); if (err != PICL_SUCCESS) picld_return_error(in->in.cnum, err); err = xptree_get_propinfo_by_name(ptreeh, in->req_setattrvalbyname.propname, &pinfo); if (err != PICL_SUCCESS) picld_return_error(in->in.cnum, err); if (!(pinfo.piclinfo.accessmode & PICL_WRITE)) picld_return_error(in->in.cnum, PICL_NOTWRITABLE); /* * For non-volatile prop, only super user can set its value. */ if (!(pinfo.piclinfo.accessmode & PICL_VOLATILE) && (cred.dc_euid != SUPER_USER)) picld_return_error(in->in.cnum, PICL_PERMDENIED); ret.cnum = PICL_CNUM_SETATTRVALBYNAME; ret.nodeh = in->req_setattrvalbyname.nodeh; (void) strcpy(ret.propname, in->req_setattrvalbyname.propname); err = xptree_update_propval_by_name_with_cred(ptreeh, in->req_setattrvalbyname.propname, in->req_setattrvalbyname.valbuf, (size_t)in->req_setattrvalbyname.bufsize, cred); if (err != PICL_SUCCESS) picld_return_error(in->in.cnum, err); (void) rw_unlock(&init_lk); (void) door_return((char *)&ret, sizeof (picl_retsetattrvalbyname_t), NULL, 0); }
/* * Sanity check that dsvcd_request_t `req' (which is `reqsize' bytes long) * is a correctly formed request; if not, return an error which will be * returned to the door caller. */ static int check_door_req(dsvcd_request_t *req, size_t reqsize, size_t minsize) { door_cred_t cred; if (req == NULL) { dhcpmsg(MSG_WARNING, "empty request, ignoring"); return (DSVC_SYNCH_ERR); } /* * Check credentials; we don't allow any non-super-user requests * since this would open a denial-of-service hole (since a lock * could be checked out indefinitely). */ if (door_cred(&cred) != 0) { dhcpmsg(MSG_WARNING, "request with unknown credentials"); return (DSVC_ACCESS); } if (cred.dc_euid != 0) { dhcpmsg(MSG_WARNING, "request with non-super-user credentials"); return (DSVC_ACCESS); } /* * Check the version and size; we check this before checking the * size of the request structure since an "incompatible version" * message is more helpful than a "short request" message. */ if (reqsize > offsetof(dsvcd_request_t, rq_version) && req->rq_version != DSVCD_DOOR_VERSION) { dhcpmsg(MSG_WARNING, "request with unsupported version `%d'", req->rq_version); return (DSVC_SYNCH_ERR); } if (reqsize < minsize) { dhcpmsg(MSG_VERBOSE, "short request (%d bytes, minimum %d " "bytes)", reqsize, minsize); return (DSVC_SYNCH_ERR); } return (DSVC_SUCCESS); }
static void server_proc (void *cookie, char *argp, size_t arg_size, door_desc_t *dp, uint_t n_desc) { long arg; long res; door_cred_t info; if (door_cred (&info) == -1) err_msg ("door_cred failed"); printf ("Client credentials:\n"); printf (" Effective user ID = %ld\n", info.dc_euid); printf (" Effective group ID = %ld\n", info.dc_egid); printf (" Real user ID = %ld\n", info.dc_ruid); printf (" Real group ID = %ld\n", info.dc_rgid); printf (" Process ID = %ld\n", info.dc_pid); arg = *((long *) argp); res = arg * arg; if (door_return ((char *) &res, sizeof (long), NULL, 0) == -1) err_msg ("door_return failed"); }