]>
git.proxmox.com Git - mirror_spl.git/blob - module/spl/spl-cred.c
0ed65725eb53a9dcab10e77dc47b0bf49c6051a0
1 /*****************************************************************************\
2 * Copyright (C) 2007-2010 Lawrence Livermore National Security, LLC.
3 * Copyright (C) 2007 The Regents of the University of California.
4 * Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
5 * Written by Brian Behlendorf <behlendorf1@llnl.gov>.
8 * This file is part of the SPL, Solaris Porting Layer.
9 * For details, see <http://zfsonlinux.org/>.
11 * The SPL is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the
13 * Free Software Foundation; either version 2 of the License, or (at your
14 * option) any later version.
16 * The SPL is distributed in the hope that it will be useful, but WITHOUT
17 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
18 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 * You should have received a copy of the GNU General Public License along
22 * with the SPL. If not, see <http://www.gnu.org/licenses/>.
23 *****************************************************************************
24 * Solaris Porting Layer (SPL) Credential Implementation.
25 \*****************************************************************************/
29 #ifdef DEBUG_SUBSYSTEM
30 #undef DEBUG_SUBSYSTEM
33 #define DEBUG_SUBSYSTEM S_CRED
35 #ifdef HAVE_GROUPS_SEARCH
36 /* Symbol may be exported by custom kernel patch */
37 #define cr_groups_search(gi, grp) groups_search(gi, grp)
39 /* Implementation from 2.6.30 kernel */
42 cr_groups_search(const struct group_info
*group_info
, kgid_t grp
)
44 cr_groups_search(const struct group_info
*group_info
, gid_t grp
)
47 unsigned int left
, right
;
53 right
= group_info
->ngroups
;
54 while (left
< right
) {
55 unsigned int mid
= (left
+right
)/2;
56 int cmp
= KGID_TO_SGID(grp
) - KGID_TO_SGID(GROUP_AT(group_info
, mid
));
68 #ifdef HAVE_CRED_STRUCT
71 * As of 2.6.29 a clean credential API appears in the linux kernel.
72 * We attempt to layer the Solaris API on top of the linux API.
75 /* Hold a reference on the credential and group info */
79 (void)get_cred((const cred_t
*)cr
);
80 (void)get_group_info(cr
->group_info
);
83 /* Free a reference on the credential and group info */
87 put_group_info(cr
->group_info
);
88 put_cred((const cred_t
*)cr
);
91 /* Return the number of supplemental groups */
93 crgetngroups(const cred_t
*cr
)
95 struct group_info
*gi
;
98 gi
= get_group_info(cr
->group_info
);
106 * Return an array of supplemental gids. The returned address is safe
107 * to use as long as the caller has taken a reference with crhold().
108 * The caller is responsible for releasing the reference with crfree().
111 crgetgroups(const cred_t
*cr
)
113 struct group_info
*gi
;
116 gi
= get_group_info(cr
->group_info
);
117 gids
= KGIDP_TO_SGIDP(gi
->blocks
[0]);
123 /* Check if the passed gid is available is in supplied credential. */
125 groupmember(gid_t gid
, const cred_t
*cr
)
127 struct group_info
*gi
;
130 gi
= get_group_info(cr
->group_info
);
131 rc
= cr_groups_search(cr
->group_info
, SGID_TO_KGID(gid
));
137 #else /* HAVE_CRED_STRUCT */
140 * Until very recently all credential information was embedded in
141 * the linux task struct. For this reason to simulate a Solaris
142 * cred_t we need to pass the entire task structure around.
145 /* Hold a reference on the credential and group info */
146 void crhold(cred_t
*cr
) { }
148 /* Free a reference on the credential and group info */
149 void crfree(cred_t
*cr
) { }
151 /* Return the number of supplemental groups */
153 crgetngroups(const cred_t
*cr
)
157 lock
= (cr
!= current
);
159 task_lock((struct task_struct
*)cr
);
161 get_group_info(cr
->group_info
);
162 rc
= cr
->group_info
->ngroups
;
163 put_group_info(cr
->group_info
);
166 task_unlock((struct task_struct
*)cr
);
172 * Return an array of supplemental gids. The returned address is safe
173 * to use as long as the caller has taken a reference with crhold().
174 * The caller is responsible for releasing the reference with crfree().
177 crgetgroups(const cred_t
*cr
)
182 lock
= (cr
!= current
);
184 task_lock((struct task_struct
*)cr
);
186 get_group_info(cr
->group_info
);
187 gids
= KGID_TO_SGID(cr
->group_info
->blocks
[0]);
188 put_group_info(cr
->group_info
);
191 task_unlock((struct task_struct
*)cr
);
196 /* Check if the passed gid is available is in supplied credential. */
198 groupmember(gid_t gid
, const cred_t
*cr
)
202 lock
= (cr
!= current
);
204 task_lock((struct task_struct
*)cr
);
206 get_group_info(cr
->group_info
);
207 rc
= cr_groups_search(cr
->group_info
, gid
);
208 put_group_info(cr
->group_info
);
211 task_unlock((struct task_struct
*)cr
);
216 #endif /* HAVE_CRED_STRUCT */
218 /* Return the effective user id */
220 crgetuid(const cred_t
*cr
)
222 return KUID_TO_SUID(cr
->euid
);
225 /* Return the real user id */
227 crgetruid(const cred_t
*cr
)
229 return KUID_TO_SUID(cr
->uid
);
232 /* Return the saved user id */
234 crgetsuid(const cred_t
*cr
)
236 return KUID_TO_SUID(cr
->suid
);
239 /* Return the filesystem user id */
241 crgetfsuid(const cred_t
*cr
)
243 return KUID_TO_SUID(cr
->fsuid
);
246 /* Return the effective group id */
248 crgetgid(const cred_t
*cr
)
250 return KGID_TO_SGID(cr
->egid
);
253 /* Return the real group id */
255 crgetrgid(const cred_t
*cr
)
257 return KGID_TO_SGID(cr
->gid
);
260 /* Return the saved group id */
262 crgetsgid(const cred_t
*cr
)
264 return KGID_TO_SGID(cr
->sgid
);
267 /* Return the filesystem group id */
269 crgetfsgid(const cred_t
*cr
)
271 return KGID_TO_SGID(cr
->fsgid
);
274 EXPORT_SYMBOL(crhold
);
275 EXPORT_SYMBOL(crfree
);
276 EXPORT_SYMBOL(crgetuid
);
277 EXPORT_SYMBOL(crgetruid
);
278 EXPORT_SYMBOL(crgetsuid
);
279 EXPORT_SYMBOL(crgetfsuid
);
280 EXPORT_SYMBOL(crgetgid
);
281 EXPORT_SYMBOL(crgetrgid
);
282 EXPORT_SYMBOL(crgetsgid
);
283 EXPORT_SYMBOL(crgetfsgid
);
284 EXPORT_SYMBOL(crgetngroups
);
285 EXPORT_SYMBOL(crgetgroups
);
286 EXPORT_SYMBOL(groupmember
);