diff options
author | Brian Behlendorf <[email protected]> | 2009-07-27 17:18:59 -0700 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2009-07-27 17:18:59 -0700 |
commit | ec7d53e99aee17ae1500701520649d3b54b31676 (patch) | |
tree | f421355a405d77f19d0ce0505a0e1069f64984ed /include/sys/cred.h | |
parent | 3d0cb2d31dbeef37382249ceb9f16a46c2ccd819 (diff) |
Add basic credential support and splat tests.
The previous credential implementation simply provided the needed types and
a couple of dummy functions needed. This update correctly ties the basic
Solaris credential API in to one of two Linux kernel APIs.
Prior to 2.6.29 the linux kernel embeded all credentials in the task
structure. For these kernels, we pass around the entire task struct as if
it were the credential, then we use the helper functions to extract the
credential related bits.
As of 2.6.29 a new credential type was added which we can and do fairly
cleanly layer on top of. Once again the helper functions nicely hide
the implementation details from all callers.
Three tests were added to the splat test framework to verify basic
correctness. They should be extended as needed when need credential
functions are added.
Diffstat (limited to 'include/sys/cred.h')
-rw-r--r-- | include/sys/cred.h | 76 |
1 files changed, 20 insertions, 56 deletions
diff --git a/include/sys/cred.h b/include/sys/cred.h index 47eeda2cb..9717b66bc 100644 --- a/include/sys/cred.h +++ b/include/sys/cred.h @@ -9,69 +9,33 @@ extern "C" { #include <sys/types.h> #include <sys/vfs.h> -/* XXX - Portions commented out because we really just want to have the type - * defined and the contents aren't nearly so important at the moment. */ -typedef struct cred { - uint_t cr_ref; /* reference count */ - uid_t cr_uid; /* effective user id */ - gid_t cr_gid; /* effective group id */ - uid_t cr_ruid; /* real user id */ - gid_t cr_rgid; /* real group id */ - uid_t cr_suid; /* "saved" user id (from exec) */ - gid_t cr_sgid; /* "saved" group id (from exec) */ - uint_t cr_ngroups; /* number of groups returned by */ - /* crgroups() */ -#if 0 - cred_priv_t cr_priv; /* privileges */ - projid_t cr_projid; /* project */ - struct zone *cr_zone; /* pointer to per-zone structure */ - struct ts_label_s *cr_label; /* pointer to the effective label */ - credsid_t *cr_ksid; /* pointer to SIDs */ -#endif - gid_t cr_groups[1]; /* cr_groups size not fixed */ - /* audit info is defined dynamically */ - /* and valid only when audit enabled */ - /* auditinfo_addr_t cr_auinfo; audit info */ -} cred_t; +#ifdef HAVE_CRED_STRUCT -#define kcred NULL -#define CRED() NULL +typedef struct cred cred_t; -static __inline__ uid_t -crgetuid(cred_t *cr) -{ - return 0; -} +#define kcred ((cred_t *)(init_task.cred)) +#define CRED() ((cred_t *)current_cred()) -static __inline__ gid_t -crgetgid(cred_t *cr) -{ - return 0; -} +#else -static __inline__ int -crgetngroups(cred_t *cr) -{ - return 0; -} +typedef struct task_struct cred_t; -static __inline__ gid_t * -crgetgroups(cred_t *cr) -{ - return NULL; -} - -static __inline__ int -groupmember(gid_t gid, const cred_t *cr) -{ - /* Primary group check */ - if ((cr) && (gid == cr->cr_gid)) - return 1; +#define kcred ((cred_t *)&init_task) +#define CRED() ((cred_t *)current) - /* Supplemental group check (unsupported) */ - return 0; -} +#endif /* HAVE_CRED_STRUCT */ +extern void crhold(cred_t *cr); +extern void crfree(cred_t *cr); +extern uid_t crgetuid(const cred_t *cr); +extern uid_t crgetruid(const cred_t *cr); +extern uid_t crgetsuid(const cred_t *cr); +extern gid_t crgetgid(const cred_t *cr); +extern gid_t crgetrgid(const cred_t *cr); +extern gid_t crgetsgid(const cred_t *cr); +extern int crgetngroups(const cred_t *cr); +extern gid_t * crgetgroups(const cred_t *cr); +extern int groupmember(gid_t gid, const cred_t *cr); #ifdef __cplusplus } |