PSARC 2007/064 Unified POSIX and Windows Credentials for Solaris

4994017 data structure sharing between rpcbind and libnsl leads to accidents
6549510 Need the ability to store SIDs in the Solaris cred_t
6549515 PSARC 2007/064: uid_t and gid_t to become unsigned

9 files changed, 105 insertions, 32 deletions

diff --git a/usr/src/lib/libc/port/gen/getgrnam_r.c b/usr/src/lib/libc/port/gen/getgrnam_r.c
index 17b8ed6f0e..ab41c50bac 100644
--- a/usr/src/lib/libc/port/gen/getgrnam_r.c
+++ b/usr/src/lib/libc/port/gen/getgrnam_r.c
@@ -20,7 +20,7 @@
  */
 
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -396,10 +396,9 @@ str2group(const char *instr, int lenstr, void *ent, char *buffer, int buflen)
 			return (NSS_STR_PARSE_PARSE);
 		}
 		/*
-		 * gids should be non-negative; anything else
-		 * is administrative policy.
+		 * gids should be in the range 0 .. MAXUID
 		 */
-		if (group->gr_gid < 0)
+		if (group->gr_gid > MAXUID)
 			group->gr_gid = GID_NOBODY;
 	}
 	if (*next++ != ':') {
diff --git a/usr/src/lib/libc/port/gen/getpwnam_r.c b/usr/src/lib/libc/port/gen/getpwnam_r.c
index 75b8fa171d..21d1c3c7e5 100644
--- a/usr/src/lib/libc/port/gen/getpwnam_r.c
+++ b/usr/src/lib/libc/port/gen/getpwnam_r.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -330,7 +330,7 @@ str2passwd(const char *instr, int lenstr, void *ent, char *buffer, int buflen)
 		 * Now we just check for negative uids; anything else
 		 * is administrative policy
 		 */
-		if (passwd->pw_uid < 0)
+		if (passwd->pw_uid > MAXUID)
 			passwd->pw_uid = UID_NOBODY;
 	}
 	if (*next++ != ':') {
@@ -356,7 +356,7 @@ str2passwd(const char *instr, int lenstr, void *ent, char *buffer, int buflen)
 		 * gid should be non-negative; anything else
 		 * is administrative policy.
 		 */
-		if (passwd->pw_gid < 0)
+		if (passwd->pw_gid > MAXUID)
 			passwd->pw_gid = GID_NOBODY;
 	}
 	if (*next++ != ':') {
diff --git a/usr/src/lib/libc/port/gen/initgroups.c b/usr/src/lib/libc/port/gen/initgroups.c
index 1f7c2b32ce..82be7bb739 100644
--- a/usr/src/lib/libc/port/gen/initgroups.c
+++ b/usr/src/lib/libc/port/gen/initgroups.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -37,6 +36,7 @@
 #include <errno.h>
 #include <grp.h>
 #include <sys/types.h>
+#include <sys/param.h>
 #include <unistd.h>
 
 /* Private interface to the groups code in getgrnam.c */
@@ -68,7 +68,7 @@ initgroups(const char *uname, gid_t agroup)
 	groups[0] = agroup;
 
 	ngroups = _getgroupsbymember(uname, groups, (int)ngroups_max,
-					(agroup >= 0) ? 1 : 0);
+					(agroup <= MAXUID) ? 1 : 0);
 	if (ngroups < 0) {
 		/* XXX -- man page does not define a value for errno in */
 		/* this case.  Should be looked into sometime.	*/
diff --git a/usr/src/lib/libc/port/gen/privlib.c b/usr/src/lib/libc/port/gen/privlib.c
index f7d289aa25..1968f7eaa4 100644
--- a/usr/src/lib/libc/port/gen/privlib.c
+++ b/usr/src/lib/libc/port/gen/privlib.c
@@ -508,7 +508,7 @@ __init_daemon_priv(int flags, uid_t uid, gid_t gid, ...)
 	if (flags & PU_RESETGROUPS)
 		(void) setgroups(0, NULL);
 
-	if (gid != -1 && setgid(gid) != 0)
+	if (gid != (gid_t)-1 && setgid(gid) != 0)
 		goto end;
 
 	perm = priv_allocset();
@@ -520,7 +520,7 @@ __init_daemon_priv(int flags, uid_t uid, gid_t gid, ...)
 	(void) setppriv(PRIV_SET, effective, perm);
 
 	/* Now reset suid and euid */
-	if (uid != -1 && setreuid(uid, uid) != 0)
+	if (uid != (uid_t)-1 && setreuid(uid, uid) != 0)
 		goto end;
 
 	/* Check for the limit privs */
@@ -549,7 +549,7 @@ end:
 	if (core_get_process_path(buf, sizeof (buf), getpid()) == 0 &&
 	    strcmp(buf, "core") == 0) {
 
-		if ((uid == -1 ? geteuid() : uid) == 0) {
+		if ((uid == (uid_t)-1 ? geteuid() : uid) == 0) {
 			(void) core_set_process_path(root_cp, sizeof (root_cp),
 			    getpid());
 		} else {
diff --git a/usr/src/lib/libc/port/gen/sysconf.c b/usr/src/lib/libc/port/gen/sysconf.c
index 769298e131..2fce51b32e 100644
--- a/usr/src/lib/libc/port/gen/sysconf.c
+++ b/usr/src/lib/libc/port/gen/sysconf.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -439,6 +438,9 @@ sysconf(int name)
 		case _SC_CPUID_MAX:
 			return (_sysconfig(_CONFIG_CPUID_MAX));
 
+		case _SC_EPHID_MAX:
+			return (_sysconfig(_CONFIG_EPHID_MAX));
+
 		/* UNIX 03 names - XPG6/SUSv3/POSIX.1-2001 */
 
 		case _SC_REGEXP:
diff --git a/usr/src/lib/libc/port/gen/ucred.c b/usr/src/lib/libc/port/gen/ucred.c
index b500617d48..03b6fa325f 100644
--- a/usr/src/lib/libc/port/gen/ucred.c
+++ b/usr/src/lib/libc/port/gen/ucred.c
@@ -19,7 +19,7 @@
  * CDDL HEADER END
  */
 /*
- * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -115,7 +115,7 @@ ucred_geteuid(const ucred_t *uc)
 
 	if (cr == NULL) {
 		errno = EINVAL;
-		return (-1);
+		return ((uid_t)-1);
 	}
 
 	return (cr->pr_euid);
@@ -129,7 +129,7 @@ ucred_getruid(const ucred_t *uc)
 
 	if (cr == NULL) {
 		errno = EINVAL;
-		return (-1);
+		return ((uid_t)-1);
 	}
 
 	return (cr->pr_ruid);
@@ -143,7 +143,7 @@ ucred_getsuid(const ucred_t *uc)
 
 	if (cr == NULL) {
 		errno = EINVAL;
-		return (-1);
+		return ((uid_t)-1);
 	}
 
 	return (cr->pr_suid);
@@ -157,7 +157,7 @@ ucred_getegid(const ucred_t *uc)
 
 	if (cr == NULL) {
 		errno = EINVAL;
-		return (-1);
+		return ((gid_t)-1);
 	}
 
 	return (cr->pr_egid);
@@ -171,7 +171,7 @@ ucred_getrgid(const ucred_t *uc)
 
 	if (cr == NULL) {
 		errno = EINVAL;
-		return (-1);
+		return ((gid_t)-1);
 	}
 
 	return (cr->pr_rgid);
@@ -185,7 +185,7 @@ ucred_getsgid(const ucred_t *uc)
 
 	if (cr == NULL) {
 		errno = EINVAL;
-		return (-1);
+		return ((gid_t)-1);
 	}
 
 	return (cr->pr_sgid);
diff --git a/usr/src/lib/libc/port/mapfile-vers b/usr/src/lib/libc/port/mapfile-vers
index 33f1ae8d42..932505d279 100644
--- a/usr/src/lib/libc/port/mapfile-vers
+++ b/usr/src/lib/libc/port/mapfile-vers
@@ -1279,6 +1279,7 @@ SUNWprivate_1.1 {
 	_acctctl;
 	_acl;
 	_adjtime;
+	allocids;
 	___Argv = NODIRECT;
 	_ascftime;
 	_asctime_r;
@@ -1596,6 +1597,8 @@ SUNWprivate_1.1 {
 	_iconv;
 	_iconv_close;
 	_iconv_open;
+	idmap_reg;
+	idmap_unreg;
 	__inf_read;
 	__inf_written;
 	__init_daemon_priv;
diff --git a/usr/src/lib/libc/port/sys/issetugid.c b/usr/src/lib/libc/port/sys/issetugid.c
index 8043ca69e6..2185bf9397 100644
--- a/usr/src/lib/libc/port/sys/issetugid.c
+++ b/usr/src/lib/libc/port/sys/issetugid.c
@@ -2,9 +2,8 @@
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License").  You may not use this file except in compliance
- * with the License.
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
@@ -20,8 +19,8 @@
  * CDDL HEADER END
  */
 /*
- * Copyright (c) 2001 by Sun Microsystems, Inc.
- * All rights reserved.
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
  */
 
 #pragma ident	"%Z%%M%	%I%	%E% SMI"
@@ -30,10 +29,11 @@
 
 #include "synonyms.h"
 #include <sys/syscall.h>
+#include <sys/priv.h>
 #include <unistd.h>
 
 int
 issetugid(void)
 {
-	return (syscall(SYS_issetugid));
+	return (syscall(SYS_privsys, PRIVSYS_ISSETUGID));
 }
diff --git a/usr/src/lib/libc/port/sys/sidsys.c b/usr/src/lib/libc/port/sys/sidsys.c
new file mode 100644
index 0000000000..d1ccabd2f4
--- /dev/null
+++ b/usr/src/lib/libc/port/sys/sidsys.c
@@ -0,0 +1,69 @@
+/*
+ * CDDL HEADER START
+ *
+ * The contents of this file are subject to the terms of the
+ * Common Development and Distribution License (the "License").
+ * You may not use this file except in compliance with the License.
+ *
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+ * or http://www.opensolaris.org/os/licensing.
+ * See the License for the specific language governing permissions
+ * and limitations under the License.
+ *
+ * When distributing Covered Code, include this CDDL HEADER in each
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+ * If applicable, add the following below this CDDL HEADER, with the
+ * fields enclosed by brackets "[]" replaced with your own identifying
+ * information: Portions Copyright [yyyy] [name of copyright owner]
+ *
+ * CDDL HEADER END
+ */
+
+/*
+ * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+#pragma ident	"%Z%%M%	%I%	%E% SMI"
+
+/*
+ * UID/SID mapping system call entries.
+ */
+
+#include "synonyms.h"
+#include <sys/sid.h>
+#include <sys/syscall.h>
+
+
+int
+allocids(int flag, int nuids, uid_t *suid, int ngids, gid_t *sgid)
+{
+	sysret_t rv;
+	int e;
+
+	e = __systemcall(&rv, SYS_sidsys, SIDSYS_ALLOC_IDS, flag, nuids, ngids);
+
+	if (e != 0) {
+		(void) __set_errno(e);
+		return (-1);
+	}
+
+	if (suid != NULL)
+		*suid = (uid_t)rv.sys_rval1;
+	if (sgid != NULL)
+		*sgid = (gid_t)rv.sys_rval2;
+
+	return (0);
+}
+
+int
+idmap_reg(int fd)
+{
+	return (syscall(SYS_sidsys, SIDSYS_IDMAP_REG, fd));
+}
+
+int
+idmap_unreg(int fd)
+{
+	return (syscall(SYS_sidsys, SIDSYS_IDMAP_UNREG, fd));
+}