159 	kauth_cred_t cred;
161 	cred = pool_cache_get(kauth_cred_cache, PR_WAITOK);
163 	cred->cr_refcnt = 1;
164 	cred->cr_uid = 0;
165 	cred->cr_euid = 0;
166 	cred->cr_svuid = 0;
167 	cred->cr_gid = 0;
168 	cred->cr_egid = 0;
169 	cred->cr_svgid = 0;
170 	cred->cr_ngroups = 0;
172 	specificdata_init(kauth_domain, &cred->cr_sd);
173 	kauth_cred_hook(cred, KAUTH_CRED_INIT, NULL, NULL);
175 	return (cred);
178 /* Increment reference count to cred. */
180 kauth_cred_hold(kauth_cred_t cred)
182 	KASSERT(cred != NULL);
183 	KASSERT(cred->cr_refcnt > 0);
185         atomic_inc_uint(&cred->cr_refcnt);
188 /* Decrease reference count to cred. If reached zero, free it. */
190 kauth_cred_free(kauth_cred_t cred)
193 	KASSERT(cred != NULL);
194 	KASSERT(cred->cr_refcnt > 0);
197 	if (atomic_dec_uint_nv(&cred->cr_refcnt) > 0)
200 	kauth_cred_hook(cred, KAUTH_CRED_FREE, NULL, NULL);
201 	specificdata_fini(kauth_domain, &cred->cr_sd);
202 	pool_cache_put(kauth_cred_cache, cred);
233  * Duplicate cred and return a new kauth_cred_t.
236 kauth_cred_dup(kauth_cred_t cred)
240 	KASSERT(cred != NULL);
241 	KASSERT(cred->cr_refcnt > 0);
245 	kauth_cred_clone(cred, new_cred);
255 kauth_cred_copy(kauth_cred_t cred)
259 	KASSERT(cred != NULL);
260 	KASSERT(cred->cr_refcnt > 0);
263 	if (cred->cr_refcnt == 1)
264 		return (cred);
268 	kauth_cred_clone(cred, new_cred);
270 	kauth_cred_free(cred);
290 kauth_cred_getuid(kauth_cred_t cred)
292 	KASSERT(cred != NULL);
294 	return (cred->cr_uid);
298 kauth_cred_geteuid(kauth_cred_t cred)
300 	KASSERT(cred != NULL);
302 	return (cred->cr_euid);
306 kauth_cred_getsvuid(kauth_cred_t cred)
308 	KASSERT(cred != NULL);
310 	return (cred->cr_svuid);
314 kauth_cred_getgid(kauth_cred_t cred)
316 	KASSERT(cred != NULL);
318 	return (cred->cr_gid);
322 kauth_cred_getegid(kauth_cred_t cred)
324 	KASSERT(cred != NULL);
326 	return (cred->cr_egid);
330 kauth_cred_getsvgid(kauth_cred_t cred)
332 	KASSERT(cred != NULL);
334 	return (cred->cr_svgid);
338 kauth_cred_setuid(kauth_cred_t cred, uid_t uid)
340 	KASSERT(cred != NULL);
341 	KASSERT(cred->cr_refcnt == 1);
343 	cred->cr_uid = uid;
347 kauth_cred_seteuid(kauth_cred_t cred, uid_t uid)
349 	KASSERT(cred != NULL);
350 	KASSERT(cred->cr_refcnt == 1);
352 	cred->cr_euid = uid;
356 kauth_cred_setsvuid(kauth_cred_t cred, uid_t uid)
358 	KASSERT(cred != NULL);
359 	KASSERT(cred->cr_refcnt == 1);
361 	cred->cr_svuid = uid;
365 kauth_cred_setgid(kauth_cred_t cred, gid_t gid)
367 	KASSERT(cred != NULL);
368 	KASSERT(cred->cr_refcnt == 1);
370 	cred->cr_gid = gid;
374 kauth_cred_setegid(kauth_cred_t cred, gid_t gid)
376 	KASSERT(cred != NULL);
377 	KASSERT(cred->cr_refcnt == 1);
379 	cred->cr_egid = gid;
383 kauth_cred_setsvgid(kauth_cred_t cred, gid_t gid)
385 	KASSERT(cred != NULL);
386 	KASSERT(cred->cr_refcnt == 1);
388 	cred->cr_svgid = gid;
391 /* Checks if gid is a member of the groups in cred. */
393 kauth_cred_ismember_gid(kauth_cred_t cred, gid_t gid, int *resultp)
397 	KASSERT(cred != NULL);
402 	for (i = 0; i < cred->cr_ngroups; i++)
403 		if (cred->cr_groups[i] == gid) {
412 kauth_cred_ngroups(kauth_cred_t cred)
414 	KASSERT(cred != NULL);
416 	return (cred->cr_ngroups);
420  * Return the group at index idx from the groups in cred.
423 kauth_cred_group(kauth_cred_t cred, u_int idx)
425 	KASSERT(cred != NULL);
426 	KASSERT(idx < cred->cr_ngroups);
428 	return (cred->cr_groups[idx]);
433 kauth_cred_setgroups(kauth_cred_t cred, const gid_t *grbuf, size_t len,
438 	KASSERT(cred != NULL);
439 	KASSERT(cred->cr_refcnt == 1);
441 	if (len > __arraycount(cred->cr_groups))
446 			memcpy(cred->cr_groups, grbuf,
447 			    len * sizeof(cred->cr_groups[0]));
449 			error = copyin(grbuf, cred->cr_groups,
450 			    len * sizeof(cred->cr_groups[0]));
455 	memset(cred->cr_groups + len, 0xff,
456 	    sizeof(cred->cr_groups) - (len * sizeof(cred->cr_groups[0])));
458 	cred->cr_ngroups = len;
467 	kauth_cred_t cred;
477 	cred = l->l_proc->p_cred;
479 	kauth_cred_clone1(cred, ncred, false);
481 	error = kauth_authorize_process(cred, KAUTH_PROCESS_SETID,
484 		proc_crmod_leave(cred, ncred, false);
489  	proc_crmod_leave(ncred, cred, true);
494 kauth_cred_getgroups(kauth_cred_t cred, gid_t *grbuf, size_t len,
497 	KASSERT(cred != NULL);
499 	if (len > cred->cr_ngroups)
503 		return copyout(cred->cr_groups, grbuf, sizeof(*grbuf) * len);
504 	memcpy(grbuf, cred->cr_groups, sizeof(*grbuf) * len);
543 kauth_cred_getdata(kauth_cred_t cred, kauth_key_t key)
545 	KASSERT(cred != NULL);
548 	return (specificdata_getspecific(kauth_domain, &cred->cr_sd,
553 kauth_cred_setdata(kauth_cred_t cred, kauth_key_t key, void *data)
555 	KASSERT(cred != NULL);
558 	specificdata_setspecific(kauth_domain, &cred->cr_sd, key->ks_key, data);
580 kauth_cred_getrefcnt(kauth_cred_t cred)
582 	KASSERT(cred != NULL);
584 	return (cred->cr_refcnt);
592 kauth_uucred_to_cred(kauth_cred_t cred, const struct uucred *uuc)
594 	KASSERT(cred != NULL);
597 	cred->cr_refcnt = 1;
598 	cred->cr_uid = uuc->cr_uid;
599 	cred->cr_euid = uuc->cr_uid;
600 	cred->cr_svuid = uuc->cr_uid;
601 	cred->cr_gid = uuc->cr_gid;
602 	cred->cr_egid = uuc->cr_gid;
603 	cred->cr_svgid = uuc->cr_gid;
604 	cred->cr_ngroups = min(uuc->cr_ngroups, NGROUPS);
605 	kauth_cred_setgroups(cred, __UNCONST(uuc->cr_groups),
606 	    cred->cr_ngroups, -1, UIO_SYSSPACE);
614 kauth_cred_to_uucred(struct uucred *uuc, const kauth_cred_t cred)
616 	KASSERT(cred != NULL);
620 	ng = min(cred->cr_ngroups, NGROUPS);
621 	uuc->cr_uid = cred->cr_euid;  
622 	uuc->cr_gid = cred->cr_egid;  
624 	kauth_cred_getgroups(cred, uuc->cr_groups, ng, UIO_SYSSPACE);
632 kauth_cred_uucmp(kauth_cred_t cred, const struct uucred *uuc)
634 	KASSERT(cred != NULL);
637 	if (cred->cr_euid == uuc->cr_uid &&
638 	    cred->cr_egid == uuc->cr_gid &&
639 	    cred->cr_ngroups == (uint32_t)uuc->cr_ngroups) {
642 		/* Check if all groups from uuc appear in cred. */
647 			if (kauth_cred_ismember_gid(cred, uuc->cr_groups[i],
662 kauth_cred_toucred(kauth_cred_t cred, struct ki_ucred *uc)
664 	KASSERT(cred != NULL);
667 	uc->cr_ref = cred->cr_refcnt;
668 	uc->cr_uid = cred->cr_euid;
669 	uc->cr_gid = cred->cr_egid;
670 	uc->cr_ngroups = min(cred->cr_ngroups, __arraycount(uc->cr_groups));
671 	memcpy(uc->cr_groups, cred->cr_groups,
679 kauth_cred_topcred(kauth_cred_t cred, struct ki_pcred *pc)
681 	KASSERT(cred != NULL);
685 	pc->p_ruid = cred->cr_uid;
686 	pc->p_svuid = cred->cr_svuid;
687 	pc->p_rgid = cred->cr_gid;
688 	pc->p_svgid = cred->cr_svgid;
689 	pc->p_refcnt = cred->cr_refcnt;
942 kauth_authorize_action_internal(kauth_scope_t scope, kauth_cred_t cred,
948 	KASSERT(cred != NULL);
952 	if (cred == NOCRED || cred == FSCRED)
962 		error = listener->func(cred, action, scope->cookie, arg0,
982 kauth_authorize_action(kauth_scope_t scope, kauth_cred_t cred,
987 	r = kauth_authorize_action_internal(scope, cred, action, arg0, arg1,
1006 kauth_authorize_generic(kauth_cred_t cred, kauth_action_t action, void *arg0)
1008 	return (kauth_authorize_action(kauth_builtin_scope_generic, cred, 
1016 kauth_authorize_system(kauth_cred_t cred, kauth_action_t action,
1019 	return (kauth_authorize_action(kauth_builtin_scope_system, cred,
1027 kauth_authorize_process(kauth_cred_t cred, kauth_action_t action,
1030 	return (kauth_authorize_action(kauth_builtin_scope_process, cred,
1038 kauth_authorize_network(kauth_cred_t cred, kauth_action_t action,
1041 	return (kauth_authorize_action(kauth_builtin_scope_network, cred,
1046 kauth_authorize_machdep(kauth_cred_t cred, kauth_action_t action,
1049 	return (kauth_authorize_action(kauth_builtin_scope_machdep, cred,
1054 kauth_authorize_device(kauth_cred_t cred, kauth_action_t action,
1057 	return (kauth_authorize_action(kauth_builtin_scope_device, cred,
1062 kauth_authorize_device_tty(kauth_cred_t cred, kauth_action_t action,
1065 	return (kauth_authorize_action(kauth_builtin_scope_device, cred,
1070 kauth_authorize_device_spec(kauth_cred_t cred, enum kauth_device_req req,
1073 	return (kauth_authorize_action(kauth_builtin_scope_device, cred,
1078 kauth_authorize_device_passthru(kauth_cred_t cred, dev_t dev, u_long bits,
1081 	return (kauth_authorize_action(kauth_builtin_scope_device, cred,
1102 kauth_authorize_vnode(kauth_cred_t cred, kauth_action_t action,
1107 	error = kauth_authorize_action_internal(kauth_builtin_scope_vnode, cred,
1129 kauth_cred_hook(kauth_cred_t cred, kauth_action_t action, void *arg0,
1134 	r = kauth_authorize_action(kauth_builtin_scope_cred, cred, action,

Indexes created Sun Jun 23 19:15:37 MDT 2024