module/spl/spl-cred.c

   1 /*****************************************************************************\
   2  *  Copyright (C) 2007-2010 Lawrence Livermore National Security, LLC.
   3  *  Copyright (C) 2007 The Regents of the University of California.
   4  *  Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER).
   5  *  Written by Brian Behlendorf <behlendorf1@llnl.gov>.
   6  *  UCRL-CODE-235197
   7  *
   8  *  This file is part of the SPL, Solaris Porting Layer.
   9  *  For details, see <http://github.com/behlendorf/spl/>.
  10  *
  11  *  The SPL is free software; you can redistribute it and/or modify it
  12  *  under the terms of the GNU General Public License as published by the
  13  *  Free Software Foundation; either version 2 of the License, or (at your
  14  *  option) any later version.
  15  *
  16  *  The SPL is distributed in the hope that it will be useful, but WITHOUT
  17  *  ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  18  *  FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  19  *  for more details.
  20  *
  21  *  You should have received a copy of the GNU General Public License along
  22  *  with the SPL.  If not, see <http://www.gnu.org/licenses/>.
  23  *****************************************************************************
  24  *  Solaris Porting Layer (SPL) Credential Implementation.
  25 \*****************************************************************************/
  26
  27 #include <sys/cred.h>
  28
  29 #ifdef DEBUG_SUBSYSTEM
  30 #undef DEBUG_SUBSYSTEM
  31 #endif
  32
  33 #define DEBUG_SUBSYSTEM S_CRED
  34
  35 #ifdef HAVE_GROUPS_SEARCH
  36 /* Symbol may be exported by custom kernel patch */
  37 #define cr_groups_search(gi, grp)       groups_search(gi, grp)
  38 #else
  39 /* Implementation from 2.6.30 kernel */
  40 static int
  41 cr_groups_search(const struct group_info *group_info, gid_t grp)
  42 {
  43         unsigned int left, right;
  44
  45         if (!group_info)
  46                 return 0;
  47
  48         left = 0;
  49         right = group_info->ngroups;
  50         while (left < right) {
  51                 unsigned int mid = (left+right)/2;
  52                 int cmp = grp - GROUP_AT(group_info, mid);
  53                 if (cmp > 0)
  54                         left = mid + 1;
  55                 else if (cmp < 0)
  56                         right = mid;
  57                 else
  58                         return 1;
  59         }
  60         return 0;
  61 }
  62 #endif
  63
  64 #ifdef HAVE_CRED_STRUCT
  65
  66 /*
  67  * As of 2.6.29 a clean credential API appears in the linux kernel.
  68  * We attempt to layer the Solaris API on top of the linux API.
  69  */
  70
  71 /* Hold a reference on the credential and group info */
  72 void
  73 crhold(cred_t *cr)
  74 {
  75         (void)get_cred((const cred_t *)cr);
  76         (void)get_group_info(cr->group_info);
  77 }
  78
  79 /* Free a reference on the credential and group info */
  80 void
  81 crfree(cred_t *cr)
  82 {
  83         put_group_info(cr->group_info);
  84         put_cred((const cred_t *)cr);
  85 }
  86
  87 /* Return the number of supplemental groups */
  88 int
  89 crgetngroups(const cred_t *cr)
  90 {
  91         struct group_info *gi;
  92         int rc;
  93
  94         gi = get_group_info(cr->group_info);
  95         rc = gi->ngroups;
  96         put_group_info(gi);
  97
  98         return rc;
  99 }
 100
 101 /*
 102  * Return an array of supplemental gids.  The returned address is safe
 103  * to use as long as the caller has taken a reference with crhold().
 104  * The caller is responsible for releasing the reference with crfree().
 105  */
 106 gid_t *
 107 crgetgroups(const cred_t *cr)
 108 {
 109         struct group_info *gi;
 110         gid_t *gids;
 111
 112         gi = get_group_info(cr->group_info);
 113         gids = gi->blocks[0];
 114         put_group_info(gi);
 115
 116         return gids;
 117 }
 118
 119 /* Check if the passed gid is available is in supplied credential. */
 120 int
 121 groupmember(gid_t gid, const cred_t *cr)
 122 {
 123         struct group_info *gi;
 124         int rc;
 125
 126         gi = get_group_info(cr->group_info);
 127         rc = cr_groups_search(cr->group_info, gid);
 128         put_group_info(gi);
 129
 130         return rc;
 131 }
 132
 133 #else /* HAVE_CRED_STRUCT */
 134
 135 /*
 136  * Until very recently all credential information was embedded in
 137  * the linux task struct.  For this reason to simulate a Solaris
 138  * cred_t we need to pass the entire task structure around.
 139  */
 140
 141 /* Hold a reference on the credential and group info */
 142 void crhold(cred_t *cr) { }
 143
 144 /* Free a reference on the credential and group info */
 145 void crfree(cred_t *cr) { }
 146
 147 /* Return the number of supplemental groups */
 148 int
 149 crgetngroups(const cred_t *cr)
 150 {
 151         int lock, rc;
 152
 153         lock = (cr != current);
 154         if (lock)
 155                 task_lock((struct task_struct *)cr);
 156
 157         get_group_info(cr->group_info);
 158         rc = cr->group_info->ngroups;
 159         put_group_info(cr->group_info);
 160
 161         if (lock)
 162                 task_unlock((struct task_struct *)cr);
 163
 164         return rc;
 165 }
 166
 167 /*
 168  * Return an array of supplemental gids.  The returned address is safe
 169  * to use as long as the caller has taken a reference with crhold().
 170  * The caller is responsible for releasing the reference with crfree().
 171  */
 172 gid_t *
 173 crgetgroups(const cred_t *cr)
 174 {
 175         gid_t *gids;
 176         int lock;
 177
 178         lock = (cr != current);
 179         if (lock)
 180                 task_lock((struct task_struct *)cr);
 181
 182         get_group_info(cr->group_info);
 183         gids = cr->group_info->blocks[0];
 184         put_group_info(cr->group_info);
 185
 186         if (lock)
 187                 task_unlock((struct task_struct *)cr);
 188
 189         return gids;
 190 }
 191
 192 /* Check if the passed gid is available is in supplied credential. */
 193 int
 194 groupmember(gid_t gid, const cred_t *cr)
 195 {
 196         int lock, rc;
 197
 198         lock = (cr != current);
 199         if (lock)
 200                 task_lock((struct task_struct *)cr);
 201
 202         get_group_info(cr->group_info);
 203         rc = cr_groups_search(cr->group_info, gid);
 204         put_group_info(cr->group_info);
 205
 206         if (lock)
 207                 task_unlock((struct task_struct *)cr);
 208
 209         return rc;
 210 }
 211
 212 #endif /* HAVE_CRED_STRUCT */
 213
 214 /* Return the effective user id */
 215 uid_t
 216 crgetuid(const cred_t *cr)
 217 {
 218         return cr->euid;
 219 }
 220
 221 /* Return the real user id */
 222 uid_t
 223 crgetruid(const cred_t *cr)
 224 {
 225         return cr->uid;
 226 }
 227
 228 /* Return the saved user id */
 229 uid_t
 230 crgetsuid(const cred_t *cr)
 231 {
 232         return cr->suid;
 233 }
 234
 235 /* Return the filesystem user id */
 236 uid_t
 237 crgetfsuid(const cred_t *cr)
 238 {
 239         return cr->fsuid;
 240 }
 241
 242 /* Return the effective group id */
 243 gid_t
 244 crgetgid(const cred_t *cr)
 245 {
 246         return cr->egid;
 247 }
 248
 249 /* Return the real group id */
 250 gid_t
 251 crgetrgid(const cred_t *cr)
 252 {
 253         return cr->gid;
 254 }
 255
 256 /* Return the saved group id */
 257 gid_t
 258 crgetsgid(const cred_t *cr)
 259 {
 260         return cr->sgid;
 261 }
 262
 263 /* Return the filesystem group id */
 264 gid_t
 265 crgetfsgid(const cred_t *cr)
 266 {
 267         return cr->fsgid;
 268 }
 269
 270 EXPORT_SYMBOL(crhold);
 271 EXPORT_SYMBOL(crfree);
 272 EXPORT_SYMBOL(crgetuid);
 273 EXPORT_SYMBOL(crgetruid);
 274 EXPORT_SYMBOL(crgetsuid);
 275 EXPORT_SYMBOL(crgetfsuid);
 276 EXPORT_SYMBOL(crgetgid);
 277 EXPORT_SYMBOL(crgetrgid);
 278 EXPORT_SYMBOL(crgetsgid);
 279 EXPORT_SYMBOL(crgetfsgid);
 280 EXPORT_SYMBOL(crgetngroups);
 281 EXPORT_SYMBOL(crgetgroups);
 282 EXPORT_SYMBOL(groupmember);