]> git.proxmox.com Git - mirror_spl.git/blob - module/spl/spl-cred.c
projects / mirror_spl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update META to version 0.5.0
[mirror_spl.git] / module / spl / spl-cred.c
1 /*****************************************************************************\
2 * Copyright (C) 2007-2010 Lawrence Livermore National Security, LLC.
3 * Copyright (C) 2007 The Regents of the University of California.
4 * Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
5 * Written by Brian Behlendorf <behlendorf1@llnl.gov>.
6 * UCRL-CODE-235197
7 *
8 * This file is part of the SPL, Solaris Porting Layer.
9 * For details, see <http://github.com/behlendorf/spl/>.
10 *
11 * The SPL is free software; you can redistribute it and/or modify it
12 * under the terms of the GNU General Public License as published by the
13 * Free Software Foundation; either version 2 of the License, or (at your
14 * option) any later version.
15 *
16 * The SPL is distributed in the hope that it will be useful, but WITHOUT
17 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
18 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
19 * for more details.
20 *
21 * You should have received a copy of the GNU General Public License along
22 * with the SPL. If not, see <http://www.gnu.org/licenses/>.
23 *****************************************************************************
24 * Solaris Porting Layer (SPL) Credential Implementation.
25 \*****************************************************************************/
26
27 #include <sys/cred.h>
28
29 #ifdef DEBUG_SUBSYSTEM
30 #undef DEBUG_SUBSYSTEM
31 #endif
32
33 #define DEBUG_SUBSYSTEM S_CRED
34
35 #ifdef HAVE_GROUPS_SEARCH
36 /* Symbol may be exported by custom kernel patch */
37 #define cr_groups_search(gi, grp) groups_search(gi, grp)
38 #else
39 /* Implementation from 2.6.30 kernel */
40 static int
41 cr_groups_search(const struct group_info *group_info, gid_t grp)
42 {
43 unsigned int left, right;
44
45 if (!group_info)
46 return 0;
47
48 left = 0;
49 right = group_info->ngroups;
50 while (left < right) {
51 unsigned int mid = (left+right)/2;
52 int cmp = grp - GROUP_AT(group_info, mid);
53 if (cmp > 0)
54 left = mid + 1;
55 else if (cmp < 0)
56 right = mid;
57 else
58 return 1;
59 }
60 return 0;
61 }
62 #endif
63
64 #ifdef HAVE_CRED_STRUCT
65
66 /*
67 * As of 2.6.29 a clean credential API appears in the linux kernel.
68 * We attempt to layer the Solaris API on top of the linux API.
69 */
70
71 /* Hold a reference on the credential and group info */
72 void
73 crhold(cred_t *cr)
74 {
75 (void)get_cred((const cred_t *)cr);
76 (void)get_group_info(cr->group_info);
77 }
78
79 /* Free a reference on the credential and group info */
80 void
81 crfree(cred_t *cr)
82 {
83 put_group_info(cr->group_info);
84 put_cred((const cred_t *)cr);
85 }
86
87 /* Return the effective user id */
88 uid_t
89 crgetuid(const cred_t *cr)
90 {
91 return cr->euid;
92 }
93
94 /* Return the real user id */
95 uid_t
96 crgetruid(const cred_t *cr)
97 {
98 return cr->uid;
99 }
100
101 /* Return the saved user id */
102 uid_t
103 crgetsuid(const cred_t *cr)
104 {
105 return cr->suid;
106 }
107
108 /* Return the effective group id */
109 gid_t
110 crgetgid(const cred_t *cr)
111 {
112 return cr->egid;
113 }
114
115 /* Return the real group id */
116 gid_t
117 crgetrgid(const cred_t *cr)
118 {
119 return cr->gid;
120 }
121
122 /* Return the saved group id */
123 gid_t
124 crgetsgid(const cred_t *cr)
125 {
126 return cr->sgid;
127 }
128
129 /* Return the number of supplemental groups */
130 int
131 crgetngroups(const cred_t *cr)
132 {
133 struct group_info *gi;
134 int rc;
135
136 gi = get_group_info(cr->group_info);
137 rc = gi->ngroups;
138 put_group_info(gi);
139
140 return rc;
141 }
142
143 /*
144 * Return an array of supplemental gids. The returned address is safe
145 * to use as long as the caller has taken a reference with crhold().
146 * The caller is responsible for releasing the reference with crfree().
147 */
148 gid_t *
149 crgetgroups(const cred_t *cr)
150 {
151 struct group_info *gi;
152 gid_t *gids;
153
154 gi = get_group_info(cr->group_info);
155 gids = gi->blocks[0];
156 put_group_info(gi);
157
158 return gids;
159 }
160
161 /* Check if the passed gid is available is in supplied credential. */
162 int
163 groupmember(gid_t gid, const cred_t *cr)
164 {
165 struct group_info *gi;
166 int rc;
167
168 gi = get_group_info(cr->group_info);
169 rc = cr_groups_search(cr->group_info, gid);
170 put_group_info(gi);
171
172 return rc;
173 }
174
175 #else /* HAVE_CRED_STRUCT */
176
177 /*
178 * Until very recently all credential information was embedded in
179 * the linux task struct. For this reason to simulate a Solaris
180 * cred_t we need to pass the entire task structure around.
181 */
182
183 /* Hold a reference on the credential and group info */
184 void crhold(cred_t *cr) { }
185
186 /* Free a reference on the credential and group info */
187 void crfree(cred_t *cr) { }
188
189 /* Return the effective user id */
190 uid_t
191 crgetuid(const cred_t *cr) {
192 return cr->euid;
193 }
194
195 /* Return the effective real id */
196 uid_t
197 crgetruid(const cred_t *cr) {
198 return cr->uid;
199 }
200
201 /* Return the effective saved id */
202 uid_t
203 crgetsuid(const cred_t *cr) {
204 return cr->suid;
205 }
206
207 /* Return the effective group id */
208 gid_t
209 crgetgid(const cred_t *cr) {
210 return cr->egid;
211 }
212
213 /* Return the real group id */
214 gid_t
215 crgetrgid(const cred_t *cr) {
216 return cr->gid;
217 }
218
219 /* Return the saved group id */
220 gid_t
221 crgetsgid(const cred_t *cr) {
222 return cr->sgid;
223 }
224
225 /* Return the number of supplemental groups */
226 int
227 crgetngroups(const cred_t *cr)
228 {
229 int lock, rc;
230
231 lock = (cr != current);
232 if (lock)
233 task_lock((struct task_struct *)cr);
234
235 get_group_info(cr->group_info);
236 rc = cr->group_info->ngroups;
237 put_group_info(cr->group_info);
238
239 if (lock)
240 task_unlock((struct task_struct *)cr);
241
242 return rc;
243 }
244
245 /*
246 * Return an array of supplemental gids. The returned address is safe
247 * to use as long as the caller has taken a reference with crhold().
248 * The caller is responsible for releasing the reference with crfree().
249 */
250 gid_t *
251 crgetgroups(const cred_t *cr)
252 {
253 gid_t *gids;
254 int lock;
255
256 lock = (cr != current);
257 if (lock)
258 task_lock((struct task_struct *)cr);
259
260 get_group_info(cr->group_info);
261 gids = cr->group_info->blocks[0];
262 put_group_info(cr->group_info);
263
264 if (lock)
265 task_unlock((struct task_struct *)cr);
266
267 return gids;
268 }
269
270 /* Check if the passed gid is available is in supplied credential. */
271 int
272 groupmember(gid_t gid, const cred_t *cr)
273 {
274 int lock, rc;
275
276 lock = (cr != current);
277 if (lock)
278 task_lock((struct task_struct *)cr);
279
280 get_group_info(cr->group_info);
281 rc = cr_groups_search(cr->group_info, gid);
282 put_group_info(cr->group_info);
283
284 if (lock)
285 task_unlock((struct task_struct *)cr);
286
287 return rc;
288 }
289
290 #endif /* HAVE_CRED_STRUCT */
291
292 EXPORT_SYMBOL(crhold);
293 EXPORT_SYMBOL(crfree);
294 EXPORT_SYMBOL(crgetuid);
295 EXPORT_SYMBOL(crgetruid);
296 EXPORT_SYMBOL(crgetsuid);
297 EXPORT_SYMBOL(crgetgid);
298 EXPORT_SYMBOL(crgetrgid);
299 EXPORT_SYMBOL(crgetsgid);
300 EXPORT_SYMBOL(crgetngroups);
301 EXPORT_SYMBOL(crgetgroups);
302 EXPORT_SYMBOL(groupmember);
mirror of SPL module used by << 0.8.x ZFSOnLinux