1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21/* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26/* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ 27/* All Rights Reserved */ 28 29/* 30 * Portions of this source code were derived from Berkeley 4.3 BSD 31 * under license from the Regents of the University of California. 32 */ 33 34#ifndef _SYS_CRED_H 35#define _SYS_CRED_H 36 37#include <sys/types.h> 38 39#ifdef __cplusplus 40extern "C" { 41#endif 42 43/* 44 * The credential is an opaque kernel private data structure defined in 45 * <sys/cred_impl.h>. 46 */ 47 48typedef struct ucred cred_t; 49 50#define CRED() curthread->td_ucred 51#define kcred (thread0.td_ucred) 52 53#define KUID_TO_SUID(x) (x) 54#define KGID_TO_SGID(x) (x) 55#define crgetuid(cred) ((cred)->cr_uid) 56#define crgetruid(cred) ((cred)->cr_ruid) 57#define crgetgid(cred) ((cred)->cr_gid) 58#define crgetgroups(cred) ((cred)->cr_groups) 59#define crgetngroups(cred) ((cred)->cr_ngroups) 60#define crgetsid(cred, i) (NULL) 61 62struct proc; /* cred.h is included in proc.h */ 63struct prcred; 64struct ksid; 65struct ksidlist; 66struct credklpd; 67struct credgrp; 68 69struct auditinfo_addr; /* cred.h is included in audit.h */ 70 71extern int ngroups_max; 72/* 73 * kcred is used when you need all privileges. 74 */ 75 76extern void cred_init(void); 77extern void crfree(cred_t *); 78extern cred_t *cralloc(void); /* all but ref uninitialized */ 79extern cred_t *cralloc_ksid(void); /* cralloc() + ksid alloc'ed */ 80extern cred_t *crget(void); /* initialized */ 81extern void crcopy_to(cred_t *, cred_t *); 82extern cred_t *crdup(cred_t *); 83extern void crdup_to(cred_t *, cred_t *); 84extern cred_t *crgetcred(void); 85extern void crset(struct proc *, cred_t *); 86extern void crset_zone_privall(cred_t *); 87extern int supgroupmember(gid_t, const cred_t *); 88extern int hasprocperm(const cred_t *, const cred_t *); 89extern int prochasprocperm(struct proc *, struct proc *, const cred_t *); 90extern int crcmp(const cred_t *, const cred_t *); 91extern cred_t *zone_kcred(void); 92 93extern gid_t crgetrgid(const cred_t *); 94extern gid_t crgetsgid(const cred_t *); 95 96#define crgetzoneid(cr) ((cr)->cr_prison->pr_id) 97extern projid_t crgetprojid(const cred_t *); 98 99extern cred_t *crgetmapped(const cred_t *); 100 101 102extern const struct auditinfo_addr *crgetauinfo(const cred_t *); 103extern struct auditinfo_addr *crgetauinfo_modifiable(cred_t *); 104 105extern uint_t crgetref(const cred_t *); 106 107extern const gid_t *crgetggroups(const struct credgrp *); 108 109 110/* 111 * Sets real, effective and/or saved uid/gid; 112 * -1 argument accepted as "no change". 113 */ 114extern int crsetresuid(cred_t *, uid_t, uid_t, uid_t); 115extern int crsetresgid(cred_t *, gid_t, gid_t, gid_t); 116 117/* 118 * Sets real, effective and saved uids/gids all to the same 119 * values. Both values must be non-negative and <= MAXUID 120 */ 121extern int crsetugid(cred_t *, uid_t, gid_t); 122 123/* 124 * Functions to handle the supplemental group list. 125 */ 126extern struct credgrp *crgrpcopyin(int, gid_t *); 127extern void crgrprele(struct credgrp *); 128extern void crsetcredgrp(cred_t *, struct credgrp *); 129 130/* 131 * Private interface for setting zone association of credential. 132 */ 133struct zone; 134extern void crsetzone(cred_t *, struct zone *); 135extern struct zone *crgetzone(const cred_t *); 136 137/* 138 * Private interface for setting project id in credential. 139 */ 140extern void crsetprojid(cred_t *, projid_t); 141 142/* 143 * Private interface for nfs. 144 */ 145extern cred_t *crnetadjust(cred_t *); 146 147/* 148 * Private interface for procfs. 149 */ 150extern void cred2prcred(const cred_t *, struct prcred *); 151 152/* 153 * Private interfaces for Rampart Trusted Solaris. 154 */ 155struct ts_label_s; 156extern struct ts_label_s *crgetlabel(const cred_t *); 157extern boolean_t crisremote(const cred_t *); 158 159/* 160 * Private interfaces for ephemeral uids. 161 */ 162#define VALID_UID(id, zn) \ 163 ((id) <= MAXUID || valid_ephemeral_uid((zn), (id))) 164 165#define VALID_GID(id, zn) \ 166 ((id) <= MAXUID || valid_ephemeral_gid((zn), (id))) 167 168extern boolean_t valid_ephemeral_uid(struct zone *, uid_t); 169extern boolean_t valid_ephemeral_gid(struct zone *, gid_t); 170 171extern int eph_uid_alloc(struct zone *, int, uid_t *, int); 172extern int eph_gid_alloc(struct zone *, int, gid_t *, int); 173 174extern void crsetsid(cred_t *, struct ksid *, int); 175extern void crsetsidlist(cred_t *, struct ksidlist *); 176 177extern struct ksidlist *crgetsidlist(const cred_t *); 178 179extern int crsetpriv(cred_t *, ...); 180 181extern struct credklpd *crgetcrklpd(const cred_t *); 182extern void crsetcrklpd(cred_t *, struct credklpd *); 183 184#ifdef __cplusplus 185} 186#endif 187 188#endif /* _SYS_CRED_H */ 189