[mirror_spl-debian.git] / module / spl / spl-cred.c

/*****************************************************************************\
 *  Copyright (C) 2007-2010 Lawrence Livermore National Security, LLC.
 *  Copyright (C) 2007 The Regents of the University of California.
 *  Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
 *  Written by Brian Behlendorf <behlendorf1@llnl.gov>.
 *  UCRL-CODE-235197
 *
 *  This file is part of the SPL, Solaris Porting Layer.
 *  For details, see <http://zfsonlinux.org/>.
 *
 *  The SPL is free software; you can redistribute it and/or modify it
 *  under the terms of the GNU General Public License as published by the
 *  Free Software Foundation; either version 2 of the License, or (at your
 *  option) any later version.
 *
 *  The SPL is distributed in the hope that it will be useful, but WITHOUT
 *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 *  for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with the SPL.  If not, see <http://www.gnu.org/licenses/>.
 *****************************************************************************
 *  Solaris Porting Layer (SPL) Credential Implementation.
\*****************************************************************************/

#include <sys/cred.h>

#ifdef DEBUG_SUBSYSTEM
#undef DEBUG_SUBSYSTEM
#endif

#define DEBUG_SUBSYSTEM S_CRED

#ifdef HAVE_GROUPS_SEARCH
/* Symbol may be exported by custom kernel patch */
#define cr_groups_search(gi, grp)	groups_search(gi, grp)
#else
/* Implementation from 2.6.30 kernel */
static int
cr_groups_search(const struct group_info *group_info, gid_t grp)
{
	unsigned int left, right;

	if (!group_info)
		return 0;

	left = 0;
	right = group_info->ngroups;
	while (left < right) {
		unsigned int mid = (left+right)/2;
		int cmp = grp - GROUP_AT(group_info, mid);
		if (cmp > 0)
			left = mid + 1;
		else if (cmp < 0)
			right = mid;
		else
			return 1;
	}
	return 0;
}
#endif

#ifdef HAVE_CRED_STRUCT

/*
 * As of 2.6.29 a clean credential API appears in the linux kernel.
 * We attempt to layer the Solaris API on top of the linux API.
 */

/* Hold a reference on the credential and group info */
void
crhold(cred_t *cr)
{
	(void)get_cred((const cred_t *)cr);
	(void)get_group_info(cr->group_info);
}

/* Free a reference on the credential and group info */
void
crfree(cred_t *cr)
{
	put_group_info(cr->group_info);
	put_cred((const cred_t *)cr);
}

/* Return the number of supplemental groups */
int
crgetngroups(const cred_t *cr)
{
	struct group_info *gi;
	int rc;

	gi = get_group_info(cr->group_info);
	rc = gi->ngroups;
	put_group_info(gi);

	return rc;
}

/*
 * Return an array of supplemental gids.  The returned address is safe
 * to use as long as the caller has taken a reference with crhold().
 * The caller is responsible for releasing the reference with crfree().
 */
gid_t *
crgetgroups(const cred_t *cr)
{
	struct group_info *gi;
	gid_t *gids;

	gi = get_group_info(cr->group_info);
	gids = gi->blocks[0];
	put_group_info(gi);

	return gids;
}

/* Check if the passed gid is available is in supplied credential. */
int
groupmember(gid_t gid, const cred_t *cr)
{
	struct group_info *gi;
	int rc;

	gi = get_group_info(cr->group_info);
	rc = cr_groups_search(cr->group_info, gid);
	put_group_info(gi);

	return rc;
}

#else /* HAVE_CRED_STRUCT */

/*
 * Until very recently all credential information was embedded in
 * the linux task struct.  For this reason to simulate a Solaris
 * cred_t we need to pass the entire task structure around.
 */

/* Hold a reference on the credential and group info */
void crhold(cred_t *cr) { }

/* Free a reference on the credential and group info */
void crfree(cred_t *cr) { }

/* Return the number of supplemental groups */
int
crgetngroups(const cred_t *cr)
{
	int lock, rc;

	lock = (cr != current);
	if (lock)
		task_lock((struct task_struct *)cr);

	get_group_info(cr->group_info);
	rc = cr->group_info->ngroups;
	put_group_info(cr->group_info);

	if (lock)
		task_unlock((struct task_struct *)cr);

	return rc;
}

/*
 * Return an array of supplemental gids.  The returned address is safe
 * to use as long as the caller has taken a reference with crhold().
 * The caller is responsible for releasing the reference with crfree().
 */
gid_t *
crgetgroups(const cred_t *cr)
{
	gid_t *gids;
	int lock;

	lock = (cr != current);
	if (lock)
		task_lock((struct task_struct *)cr);

	get_group_info(cr->group_info);
	gids = cr->group_info->blocks[0];
	put_group_info(cr->group_info);

	if (lock)
		task_unlock((struct task_struct *)cr);

	return gids;
}

/* Check if the passed gid is available is in supplied credential. */
int
groupmember(gid_t gid, const cred_t *cr)
{
	int lock, rc;

	lock = (cr != current);
	if (lock)
		task_lock((struct task_struct *)cr);

	get_group_info(cr->group_info);
	rc = cr_groups_search(cr->group_info, gid);
	put_group_info(cr->group_info);

	if (lock)
		task_unlock((struct task_struct *)cr);

	return rc;
}

#endif /* HAVE_CRED_STRUCT */

/* Return the effective user id */
uid_t
crgetuid(const cred_t *cr)
{
	return cr->euid;
}

/* Return the real user id */
uid_t
crgetruid(const cred_t *cr)
{
	return cr->uid;
}

/* Return the saved user id */
uid_t
crgetsuid(const cred_t *cr)
{
	return cr->suid;
}

/* Return the filesystem user id */
uid_t
crgetfsuid(const cred_t *cr)
{
	return cr->fsuid;
}

/* Return the effective group id */
gid_t
crgetgid(const cred_t *cr)
{
	return cr->egid;
}

/* Return the real group id */
gid_t
crgetrgid(const cred_t *cr)
{
	return cr->gid;
}

/* Return the saved group id */
gid_t
crgetsgid(const cred_t *cr)
{
	return cr->sgid;
}

/* Return the filesystem group id */
gid_t
crgetfsgid(const cred_t *cr)
{
	return cr->fsgid;
}

EXPORT_SYMBOL(crhold);
EXPORT_SYMBOL(crfree);
EXPORT_SYMBOL(crgetuid);
EXPORT_SYMBOL(crgetruid);
EXPORT_SYMBOL(crgetsuid);
EXPORT_SYMBOL(crgetfsuid);
EXPORT_SYMBOL(crgetgid);
EXPORT_SYMBOL(crgetrgid);
EXPORT_SYMBOL(crgetsgid);
EXPORT_SYMBOL(crgetfsgid);
EXPORT_SYMBOL(crgetngroups);
EXPORT_SYMBOL(crgetgroups);
EXPORT_SYMBOL(groupmember);
Commit	Line	Data
716154c5 BB	1	/*****************************************************************************\
	2	* Copyright (C) 2007-2010 Lawrence Livermore National Security, LLC.
	3	* Copyright (C) 2007 The Regents of the University of California.
	4	* Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
	5	* Written by Brian Behlendorf <behlendorf1@llnl.gov>.
ec7d53e9 BB	6	* UCRL-CODE-235197
ec7d53e9 BB	7	*
716154c5	8	* This file is part of the SPL, Solaris Porting Layer.
3d6af2dd	9	* For details, see <http://zfsonlinux.org/>.
ec7d53e9	10	*
716154c5 BB	11	* The SPL is free software; you can redistribute it and/or modify it
	12	* under the terms of the GNU General Public License as published by the
	13	* Free Software Foundation; either version 2 of the License, or (at your
	14	* option) any later version.
	15	*
	16	* The SPL is distributed in the hope that it will be useful, but WITHOUT
ec7d53e9 BB	17	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	18	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	19	* for more details.
	20	*
	21	* You should have received a copy of the GNU General Public License along
716154c5 BB	22	* with the SPL. If not, see <http://www.gnu.org/licenses/>.
	23	*****************************************************************************
	24	* Solaris Porting Layer (SPL) Credential Implementation.
	25	\*****************************************************************************/
ec7d53e9 BB	26
	27	#include <sys/cred.h>
	28
	29	#ifdef DEBUG_SUBSYSTEM
	30	#undef DEBUG_SUBSYSTEM
	31	#endif
	32
	33	#define DEBUG_SUBSYSTEM S_CRED
	34
	35	#ifdef HAVE_GROUPS_SEARCH
	36	/* Symbol may be exported by custom kernel patch */
	37	#define cr_groups_search(gi, grp) groups_search(gi, grp)
	38	#else
	39	/* Implementation from 2.6.30 kernel */
	40	static int
	41	cr_groups_search(const struct group_info *group_info, gid_t grp)
	42	{
	43	unsigned int left, right;
	44
	45	if (!group_info)
	46	return 0;
	47
	48	left = 0;
	49	right = group_info->ngroups;
	50	while (left < right) {
	51	unsigned int mid = (left+right)/2;
	52	int cmp = grp - GROUP_AT(group_info, mid);
	53	if (cmp > 0)
	54	left = mid + 1;
	55	else if (cmp < 0)
	56	right = mid;
	57	else
	58	return 1;
	59	}
	60	return 0;
	61	}
	62	#endif
	63
	64	#ifdef HAVE_CRED_STRUCT
	65
	66	/*
	67	* As of 2.6.29 a clean credential API appears in the linux kernel.
	68	* We attempt to layer the Solaris API on top of the linux API.
	69	*/
	70
	71	/* Hold a reference on the credential and group info */
	72	void
	73	crhold(cred_t *cr)
	74	{
	75	(void)get_cred((const cred_t *)cr);
	76	(void)get_group_info(cr->group_info);
	77	}
	78
	79	/* Free a reference on the credential and group info */
	80	void
	81	crfree(cred_t *cr)
	82	{
	83	put_group_info(cr->group_info);
	84	put_cred((const cred_t *)cr);
	85	}
	86
ec7d53e9 BB	87	/* Return the number of supplemental groups */
	88	int
	89	crgetngroups(const cred_t *cr)
	90	{
	91	struct group_info *gi;
	92	int rc;
	93
	94	gi = get_group_info(cr->group_info);
	95	rc = gi->ngroups;
	96	put_group_info(gi);
	97
	98	return rc;
	99	}
	100
	101	/*
	102	* Return an array of supplemental gids. The returned address is safe
	103	* to use as long as the caller has taken a reference with crhold().
	104	* The caller is responsible for releasing the reference with crfree().
	105	*/
	106	gid_t *
	107	crgetgroups(const cred_t *cr)
	108	{
	109	struct group_info *gi;
	110	gid_t *gids;
	111
	112	gi = get_group_info(cr->group_info);
	113	gids = gi->blocks[0];
	114	put_group_info(gi);
	115
	116	return gids;
	117	}
	118
	119	/* Check if the passed gid is available is in supplied credential. */
	120	int
	121	groupmember(gid_t gid, const cred_t *cr)
	122	{
	123	struct group_info *gi;
	124	int rc;
	125
	126	gi = get_group_info(cr->group_info);
	127	rc = cr_groups_search(cr->group_info, gid);
	128	put_group_info(gi);
	129
	130	return rc;
	131	}
	132
	133	#else /* HAVE_CRED_STRUCT */
	134
	135	/*
	136	* Until very recently all credential information was embedded in
	137	* the linux task struct. For this reason to simulate a Solaris
	138	* cred_t we need to pass the entire task structure around.
	139	*/
	140
	141	/* Hold a reference on the credential and group info */
6b09f739	142	void crhold(cred_t *cr) { }
ec7d53e9 BB	143
ec7d53e9 BB	144	/* Free a reference on the credential and group info */
6b09f739	145	void crfree(cred_t *cr) { }
ec7d53e9	146
ec7d53e9 BB	147	/* Return the number of supplemental groups */
	148	int
	149	crgetngroups(const cred_t *cr)
	150	{
	151	int lock, rc;
	152
	153	lock = (cr != current);
	154	if (lock)
	155	task_lock((struct task_struct *)cr);
	156
	157	get_group_info(cr->group_info);
	158	rc = cr->group_info->ngroups;
	159	put_group_info(cr->group_info);
	160
	161	if (lock)
	162	task_unlock((struct task_struct *)cr);
	163
	164	return rc;
	165	}
	166
	167	/*
	168	* Return an array of supplemental gids. The returned address is safe
	169	* to use as long as the caller has taken a reference with crhold().
	170	* The caller is responsible for releasing the reference with crfree().
	171	*/
	172	gid_t *
	173	crgetgroups(const cred_t *cr)
	174	{
	175	gid_t *gids;
	176	int lock;
	177
	178	lock = (cr != current);
	179	if (lock)
	180	task_lock((struct task_struct *)cr);
	181
	182	get_group_info(cr->group_info);
	183	gids = cr->group_info->blocks[0];
	184	put_group_info(cr->group_info);
	185
	186	if (lock)
	187	task_unlock((struct task_struct *)cr);
	188
	189	return gids;
	190	}
	191
	192	/* Check if the passed gid is available is in supplied credential. */
	193	int
	194	groupmember(gid_t gid, const cred_t *cr)
	195	{
	196	int lock, rc;
	197
	198	lock = (cr != current);
	199	if (lock)
	200	task_lock((struct task_struct *)cr);
	201
	202	get_group_info(cr->group_info);
	203	rc = cr_groups_search(cr->group_info, gid);
	204	put_group_info(cr->group_info);
	205
	206	if (lock)
	207	task_unlock((struct task_struct *)cr);
	208
	209	return rc;
	210	}
211
212	#endif /* HAVE_CRED_STRUCT */
213
734fcac7 BB	214	/* Return the effective user id */
	215	uid_t
	216	crgetuid(const cred_t *cr)
	217	{
	218	return cr->euid;
	219	}
	220
	221	/* Return the real user id */
	222	uid_t
	223	crgetruid(const cred_t *cr)
	224	{
	225	return cr->uid;
	226	}
	227
	228	/* Return the saved user id */
	229	uid_t
	230	crgetsuid(const cred_t *cr)
	231	{
	232	return cr->suid;
	233	}
	234
	235	/* Return the filesystem user id */
	236	uid_t
	237	crgetfsuid(const cred_t *cr)
	238	{
	239	return cr->fsuid;
	240	}
	241
	242	/* Return the effective group id */
	243	gid_t
	244	crgetgid(const cred_t *cr)
	245	{
	246	return cr->egid;
	247	}
	248
	249	/* Return the real group id */
	250	gid_t
	251	crgetrgid(const cred_t *cr)
	252	{
	253	return cr->gid;
	254	}
	255
	256	/* Return the saved group id */
	257	gid_t
	258	crgetsgid(const cred_t *cr)
	259	{
	260	return cr->sgid;
	261	}
	262
	263	/* Return the filesystem group id */
	264	gid_t
	265	crgetfsgid(const cred_t *cr)
	266	{
	267	return cr->fsgid;
	268	}
	269
ec7d53e9 BB	270	EXPORT_SYMBOL(crhold);
	271	EXPORT_SYMBOL(crfree);
	272	EXPORT_SYMBOL(crgetuid);
	273	EXPORT_SYMBOL(crgetruid);
	274	EXPORT_SYMBOL(crgetsuid);
734fcac7	275	EXPORT_SYMBOL(crgetfsuid);
ec7d53e9 BB	276	EXPORT_SYMBOL(crgetgid);
	277	EXPORT_SYMBOL(crgetrgid);
	278	EXPORT_SYMBOL(crgetsgid);
734fcac7	279	EXPORT_SYMBOL(crgetfsgid);
ec7d53e9 BB	280	EXPORT_SYMBOL(crgetngroups);
	281	EXPORT_SYMBOL(crgetgroups);
	282	EXPORT_SYMBOL(groupmember);