cred.h revision 185029
1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26/* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ 27/* All Rights Reserved */ 28 29/* 30 * Portions of this source code were derived from Berkeley 4.3 BSD 31 * under license from the Regents of the University of California. 32 */ 33 34#ifndef _SYS_CRED_H 35#define _SYS_CRED_H 36 37#pragma ident "%Z%%M% %I% %E% SMI" 38 39#include <sys/types.h> 40 41#ifdef __cplusplus 42extern "C" { 43#endif 44 45/* 46 * The credential is an opaque kernel private data structure defined in 47 * <sys/cred_impl.h>. 48 */ 49 50typedef struct cred cred_t; 51 52#ifdef _KERNEL 53 54#define CRED() curthread->t_cred 55 56struct proc; /* cred.h is included in proc.h */ 57struct prcred; 58struct ksid; 59struct ksidlist; 60struct credklpd; 61 62struct auditinfo_addr; /* cred.h is included in audit.h */ 63 64extern int ngroups_max; 65/* 66 * kcred is used when you need all privileges. 67 */ 68extern struct cred *kcred; 69 70extern void cred_init(void); 71extern void crhold(cred_t *); 72extern void crfree(cred_t *); 73extern cred_t *cralloc(void); /* all but ref uninitialized */ 74extern cred_t *cralloc_ksid(void); /* cralloc() + ksid alloc'ed */ 75extern cred_t *crget(void); /* initialized */ 76extern cred_t *crcopy(cred_t *); 77extern void crcopy_to(cred_t *, cred_t *); 78extern cred_t *crdup(cred_t *); 79extern void crdup_to(cred_t *, cred_t *); 80extern cred_t *crgetcred(void); 81extern void crset(struct proc *, cred_t *); 82extern int groupmember(gid_t, const cred_t *); 83extern int supgroupmember(gid_t, const cred_t *); 84extern int hasprocperm(const cred_t *, const cred_t *); 85extern int prochasprocperm(struct proc *, struct proc *, const cred_t *); 86extern int crcmp(const cred_t *, const cred_t *); 87extern cred_t *zone_kcred(void); 88 89extern uid_t crgetuid(const cred_t *); 90extern uid_t crgetruid(const cred_t *); 91extern uid_t crgetsuid(const cred_t *); 92extern gid_t crgetgid(const cred_t *); 93extern gid_t crgetrgid(const cred_t *); 94extern gid_t crgetsgid(const cred_t *); 95extern zoneid_t crgetzoneid(const cred_t *); 96extern projid_t crgetprojid(const cred_t *); 97 98extern cred_t *crgetmapped(const cred_t *); 99 100 101extern const struct auditinfo_addr *crgetauinfo(const cred_t *); 102extern struct auditinfo_addr *crgetauinfo_modifiable(cred_t *); 103 104extern uint_t crgetref(const cred_t *); 105 106extern const gid_t *crgetgroups(const cred_t *); 107 108extern int crgetngroups(const cred_t *); 109 110/* 111 * Sets real, effective and/or saved uid/gid; 112 * -1 argument accepted as "no change". 113 */ 114extern int crsetresuid(cred_t *, uid_t, uid_t, uid_t); 115extern int crsetresgid(cred_t *, gid_t, gid_t, gid_t); 116 117/* 118 * Sets real, effective and saved uids/gids all to the same 119 * values. Both values must be non-negative and <= MAXUID 120 */ 121extern int crsetugid(cred_t *, uid_t, gid_t); 122 123extern int crsetgroups(cred_t *, int, gid_t *); 124 125/* 126 * Private interface for setting zone association of credential. 127 */ 128struct zone; 129extern void crsetzone(cred_t *, struct zone *); 130extern struct zone *crgetzone(const cred_t *); 131 132/* 133 * Private interface for setting project id in credential. 134 */ 135extern void crsetprojid(cred_t *, projid_t); 136 137/* 138 * Private interface for nfs. 139 */ 140extern cred_t *crnetadjust(cred_t *); 141 142/* 143 * Private interface for procfs. 144 */ 145extern void cred2prcred(const cred_t *, struct prcred *); 146 147/* 148 * Private interfaces for Rampart Trusted Solaris. 149 */ 150struct ts_label_s; 151extern struct ts_label_s *crgetlabel(const cred_t *); 152extern boolean_t crisremote(const cred_t *); 153 154/* 155 * Private interfaces for ephemeral uids. 156 */ 157#define VALID_UID(id, zn) \ 158 ((id) <= MAXUID || valid_ephemeral_uid((zn), (id))) 159 160#define VALID_GID(id, zn) \ 161 ((id) <= MAXUID || valid_ephemeral_gid((zn), (id))) 162 163extern boolean_t valid_ephemeral_uid(struct zone *, uid_t); 164extern boolean_t valid_ephemeral_gid(struct zone *, gid_t); 165 166extern int eph_uid_alloc(struct zone *, int, uid_t *, int); 167extern int eph_gid_alloc(struct zone *, int, gid_t *, int); 168 169extern void crsetsid(cred_t *, struct ksid *, int); 170extern void crsetsidlist(cred_t *, struct ksidlist *); 171 172extern struct ksid *crgetsid(const cred_t *, int); 173extern struct ksidlist *crgetsidlist(const cred_t *); 174 175extern int crsetpriv(cred_t *, ...); 176 177extern struct credklpd *crgetcrklpd(const cred_t *); 178extern void crsetcrklpd(cred_t *, struct credklpd *); 179 180#endif /* _KERNEL */ 181 182#ifdef __cplusplus 183} 184#endif 185 186#endif /* _SYS_CRED_H */ 187