OS-5202 Support AT_SECURE & AT_*ID in LX

Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com>
Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>

4 files changed, 64 insertions, 11 deletions

diff --git a/usr/src/common/brand/lx/lx_auxv.c b/usr/src/common/brand/lx/lx_auxv.c
index 9fc21dbf10..bd7b588ac8 100644
--- a/usr/src/common/brand/lx/lx_auxv.c
+++ b/usr/src/common/brand/lx/lx_auxv.c
@@ -10,7 +10,7 @@
  */
 
 /*
- * Copyright 2015 Joyent, Inc.
+ * Copyright 2016 Joyent, Inc.
  */
 
 #include <sys/auxv.h>
@@ -49,6 +49,30 @@ lx_auxv_stol(const auxv_t *ap, auxv_t *oap, const lx_elf_data_t *edp)
 		oap->a_type = AT_CLKTCK;
 		oap->a_un.a_val = ap->a_un.a_val;
 		return (0);
+	case AT_SUN_AUXFLAGS:
+		if ((ap->a_un.a_val & AF_SUN_SETUGID) != 0) {
+			oap->a_type = AT_SECURE;
+			oap->a_un.a_val = 1;
+			return (0);
+		} else {
+			return (1);
+		}
+	case AT_SUN_GID:
+		oap->a_type = AT_LX_EGID;
+		oap->a_un.a_val = ap->a_un.a_val;
+		return (0);
+	case AT_SUN_RGID:
+		oap->a_type = AT_LX_GID;
+		oap->a_un.a_val = ap->a_un.a_val;
+		return (0);
+	case AT_SUN_UID:
+		oap->a_type = AT_LX_EUID;
+		oap->a_un.a_val = ap->a_un.a_val;
+		return (0);
+	case AT_SUN_RUID:
+		oap->a_type = AT_LX_UID;
+		oap->a_un.a_val = ap->a_un.a_val;
+		return (0);
 	case AT_EXECFD:
 	case AT_PAGESZ:
 	case AT_FLAGS:
diff --git a/usr/src/uts/common/brand/lx/sys/lx_brand.h b/usr/src/uts/common/brand/lx/sys/lx_brand.h
index b72632c790..747e8fa012 100644
--- a/usr/src/uts/common/brand/lx/sys/lx_brand.h
+++ b/usr/src/uts/common/brand/lx/sys/lx_brand.h
@@ -162,8 +162,15 @@ typedef enum lx_ptrace_options {
 #define	AT_SUN_BRAND_LX_CLKTCK		AT_SUN_BRAND_AUX3
 #define	AT_SUN_BRAND_LX_SYSINFO_EHDR	AT_SUN_BRAND_AUX4
 
+/* Aux vectors containing real/effective user/group IDs */
+#define	AT_LX_UID		11
+#define	AT_LX_EUID		12
+#define	AT_LX_GID		13
+#define	AT_LX_EGID		14
 /* Aux vector containing hz value */
 #define	AT_CLKTCK	17
+/* Aux vector containing secure boolean */
+#define	AT_SECURE	23
 /* Aux vector containing vDSO addr */
 #define	AT_SYSINFO_EHDR	33
 
diff --git a/usr/src/uts/common/exec/elf/elf.c b/usr/src/uts/common/exec/elf/elf.c
index e427ea01b3..bd2c615740 100644
--- a/usr/src/uts/common/exec/elf/elf.c
+++ b/usr/src/uts/common/exec/elf/elf.c
@@ -26,7 +26,7 @@
 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
 /*	  All Rights Reserved  	*/
 /*
- * Copyright (c) 2015, Joyent, Inc. All rights reserved.
+ * Copyright (c) 2016, Joyent, Inc. All rights reserved.
  */
 
 #include <sys/types.h>
@@ -554,6 +554,17 @@ elfexec(vnode_t *vp, execa_t *uap, uarg_t *args, intpdata_t *idatap,
 		args->auxsize += sizeof (aux_entry_t);
 	}
 
+	/*
+	 * If we have user credentials, we'll supply the following entries:
+	 *	AT_SUN_UID
+	 *	AT_SUN_RUID
+	 *	AT_SUN_GID
+	 *	AT_SUN_RGID
+	 */
+	if (cred != NULL) {
+		args->auxsize += 4 * sizeof (aux_entry_t);
+	}
+
 	if ((*brand_action != EBA_NATIVE) && (PROC_IS_BRANDED(p))) {
 		branded = 1;
 		/*
@@ -865,6 +876,18 @@ elfexec(vnode_t *vp, execa_t *uap, uarg_t *args, intpdata_t *idatap,
 		    ((char *)&aux->a_type -
 		    (char *)bigwad->elfargs));
 		ADDAUX(aux, AT_SUN_AUXFLAGS, auxf);
+
+		/*
+		 * Record information about the real and effective user and
+		 * group IDs.
+		 */
+		if (cred != NULL) {
+			ADDAUX(aux, AT_SUN_UID, crgetuid(cred));
+			ADDAUX(aux, AT_SUN_RUID, crgetruid(cred));
+			ADDAUX(aux, AT_SUN_GID, crgetgid(cred));
+			ADDAUX(aux, AT_SUN_RGID, crgetrgid(cred));
+		}
+
 		/*
 		 * Hardware capability flag word (performance hints)
 		 * Used for choosing faster library routines.
diff --git a/usr/src/uts/common/sys/auxv.h b/usr/src/uts/common/sys/auxv.h
index e875cd10d9..f4f3416946 100644
--- a/usr/src/uts/common/sys/auxv.h
+++ b/usr/src/uts/common/sys/auxv.h
@@ -93,19 +93,18 @@ typedef struct {
  * These are the values from LSB 1.3, the first five are also described
  * in the draft amd64 ABI.
  *
- * At the time of writing, Solaris doesn't place any of these values into
- * the aux vector, except AT_CLKTCK which is placed on the aux vector for
- * lx branded processes; also, we do similar things via AT_SUN_ values.
+ * At the time of writing, illumos doesn't place any of these values into the
+ * aux vector, except where noted. We do similar things via AT_SUN_ values.
  *
  * AT_NOTELF		10	program is not ELF?
- * AT_UID		11	real user id
- * AT_EUID		12	effective user id
- * AT_GID		13	real group id
- * AT_EGID		14	effective group id
+ * AT_UID		11	real user id (provided in LX)
+ * AT_EUID		12	effective user id (provided in LX)
+ * AT_GID		13	real group id (provided in LX)
+ * AT_EGID		14	effective group id (provided in LX)
  *
  * AT_PLATFORM		15
  * AT_HWCAP		16
- * AT_CLKTCK		17	c.f. _SC_CLK_TCK
+ * AT_CLKTCK		17	c.f. _SC_CLK_TCK (provided in LX)
  * AT_FPUCW		18
  *
  * AT_DCACHEBSIZE	19	(moved from 10)
@@ -116,7 +115,7 @@ typedef struct {
  *
  * On Linux:
  * AT_* values 18 through 22 are reserved
- * AT_SECURE		23	secure mode boolean
+ * AT_SECURE		23	secure mode boolean (provided in LX)
  * AT_BASE_PLATFORM	24	string identifying real platform, may
  *				differ from AT_PLATFORM.
  * AT_HWCAP2		26	extension of AT_HWCAP