cred.h revision 11134:8aa0c4ca6639
175584Sru/* 275584Sru * CDDL HEADER START 375584Sru * 475584Sru * The contents of this file are subject to the terms of the 575584Sru * Common Development and Distribution License (the "License"). 675584Sru * You may not use this file except in compliance with the License. 775584Sru * 875584Sru * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 975584Sru * or http://www.opensolaris.org/os/licensing. 1075584Sru * See the License for the specific language governing permissions 1175584Sru * and limitations under the License. 1275584Sru * 1375584Sru * When distributing Covered Code, include this CDDL HEADER in each 1475584Sru * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 1575584Sru * If applicable, add the following below this CDDL HEADER, with the 1675584Sru * fields enclosed by brackets "[]" replaced with your own identifying 1775584Sru * information: Portions Copyright [yyyy] [name of copyright owner] 1875584Sru * 1975584Sru * CDDL HEADER END 2075584Sru */ 2175584Sru/* 2275584Sru * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 2375584Sru * Use is subject to license terms. 2475584Sru */ 2575584Sru 2675584Sru/* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */ 2775584Sru/* All Rights Reserved */ 2875584Sru 2975584Sru/* 3075584Sru * Portions of this source code were derived from Berkeley 4.3 BSD 3175584Sru * under license from the Regents of the University of California. 3275584Sru */ 3375584Sru 3475584Sru#ifndef _SYS_CRED_H 3575584Sru#define _SYS_CRED_H 3675584Sru 3775584Sru#include <sys/types.h> 3875584Sru 3975584Sru#ifdef __cplusplus 4075584Sruextern "C" { 4175584Sru#endif 4275584Sru 4375584Sru/* 4475584Sru * The credential is an opaque kernel private data structure defined in 4575584Sru * <sys/cred_impl.h>. 4675584Sru */ 4775584Sru 4875584Srutypedef struct cred cred_t; 4975584Sru 5075584Sru#ifdef _KERNEL 5175584Sru 5275584Sru#define CRED() curthread->t_cred 5375584Sru 5475584Srustruct proc; /* cred.h is included in proc.h */ 5575584Srustruct prcred; 5675584Srustruct ksid; 5775584Srustruct ksidlist; 5875584Srustruct credklpd; 5975584Srustruct credgrp; 6075584Sru 6175584Srustruct auditinfo_addr; /* cred.h is included in audit.h */ 6275584Sru 6375584Sruextern int ngroups_max; 6475584Sru/* 6575584Sru * kcred is used when you need all privileges. 6675584Sru */ 6775584Sruextern struct cred *kcred; 6875584Sru 6975584Sruextern void cred_init(void); 7075584Sruextern void crhold(cred_t *); 7175584Sruextern void crfree(cred_t *); 7275584Sruextern cred_t *cralloc(void); /* all but ref uninitialized */ 7375584Sruextern cred_t *cralloc_ksid(void); /* cralloc() + ksid alloc'ed */ 7475584Sruextern cred_t *crget(void); /* initialized */ 7575584Sruextern cred_t *crcopy(cred_t *); 7675584Sruextern void crcopy_to(cred_t *, cred_t *); 7775584Sruextern cred_t *crdup(cred_t *); 7875584Sruextern void crdup_to(cred_t *, cred_t *); 7975584Sruextern cred_t *crgetcred(void); 8075584Sruextern void crset(struct proc *, cred_t *); 8175584Sruextern void crset_zone_privall(cred_t *); 8275584Sruextern int groupmember(gid_t, const cred_t *); 8375584Sruextern int supgroupmember(gid_t, const cred_t *); 8475584Sruextern int hasprocperm(const cred_t *, const cred_t *); 8575584Sruextern int prochasprocperm(struct proc *, struct proc *, const cred_t *); 8675584Sruextern int crcmp(const cred_t *, const cred_t *); 8775584Sruextern cred_t *zone_kcred(void); 8875584Sru 8975584Sruextern uid_t crgetuid(const cred_t *); 9075584Sruextern uid_t crgetruid(const cred_t *); 9175584Sruextern uid_t crgetsuid(const cred_t *); 9275584Sruextern gid_t crgetgid(const cred_t *); 9375584Sruextern gid_t crgetrgid(const cred_t *); 9475584Sruextern gid_t crgetsgid(const cred_t *); 9575584Sruextern zoneid_t crgetzoneid(const cred_t *); 9675584Sruextern projid_t crgetprojid(const cred_t *); 9775584Sru 9875584Sruextern cred_t *crgetmapped(const cred_t *); 9975584Sru 10075584Sru 10175584Sruextern const struct auditinfo_addr *crgetauinfo(const cred_t *); 10275584Sruextern struct auditinfo_addr *crgetauinfo_modifiable(cred_t *); 10375584Sru 10475584Sruextern uint_t crgetref(const cred_t *); 10575584Sru 10675584Sruextern const gid_t *crgetgroups(const cred_t *); 10775584Sruextern const gid_t *crgetggroups(const struct credgrp *); 10875584Sru 10975584Sruextern int crgetngroups(const cred_t *); 11075584Sru 11175584Sru/* 11275584Sru * Sets real, effective and/or saved uid/gid; 11375584Sru * -1 argument accepted as "no change". 11475584Sru */ 11575584Sruextern int crsetresuid(cred_t *, uid_t, uid_t, uid_t); 11675584Sruextern int crsetresgid(cred_t *, gid_t, gid_t, gid_t); 11775584Sru 11875584Sru/* 11975584Sru * Sets real, effective and saved uids/gids all to the same 12075584Sru * values. Both values must be non-negative and <= MAXUID 12175584Sru */ 12275584Sruextern int crsetugid(cred_t *, uid_t, gid_t); 12375584Sru 12475584Sru/* 12575584Sru * Functions to handle the supplemental group list. 12675584Sru */ 12775584Sruextern int crsetgroups(cred_t *, int, gid_t *); 12875584Sruextern struct credgrp *crgrpcopyin(int, gid_t *); 12975584Sruextern void crgrprele(struct credgrp *); 13075584Sruextern void crsetcredgrp(cred_t *, struct credgrp *); 13175584Sru 13275584Sru/* 13375584Sru * Private interface for setting zone association of credential. 13475584Sru */ 13575584Srustruct zone; 13675584Sruextern void crsetzone(cred_t *, struct zone *); 13775584Sruextern struct zone *crgetzone(const cred_t *); 13875584Sru 13975584Sru/* 14075584Sru * Private interface for setting project id in credential. 14175584Sru */ 14275584Sruextern void crsetprojid(cred_t *, projid_t); 14375584Sru 14475584Sru/* 14575584Sru * Private interface for nfs. 14675584Sru */ 14775584Sruextern cred_t *crnetadjust(cred_t *); 14875584Sru 14975584Sru/* 15075584Sru * Private interface for procfs. 15175584Sru */ 15275584Sruextern void cred2prcred(const cred_t *, struct prcred *); 15375584Sru 15475584Sru/* 15575584Sru * Private interfaces for Rampart Trusted Solaris. 15675584Sru */ 15775584Srustruct ts_label_s; 15875584Sruextern struct ts_label_s *crgetlabel(const cred_t *); 15975584Sruextern boolean_t crisremote(const cred_t *); 16075584Sru 16175584Sru/* 16275584Sru * Private interfaces for ephemeral uids. 16375584Sru */ 16475584Sru#define VALID_UID(id, zn) \ 16575584Sru ((id) <= MAXUID || valid_ephemeral_uid((zn), (id))) 16675584Sru 16775584Sru#define VALID_GID(id, zn) \ 16875584Sru ((id) <= MAXUID || valid_ephemeral_gid((zn), (id))) 16975584Sru 17075584Sruextern boolean_t valid_ephemeral_uid(struct zone *, uid_t); 17175584Sruextern boolean_t valid_ephemeral_gid(struct zone *, gid_t); 17275584Sru 17375584Sruextern int eph_uid_alloc(struct zone *, int, uid_t *, int); 17475584Sruextern int eph_gid_alloc(struct zone *, int, gid_t *, int); 17575584Sru 17675584Sruextern void crsetsid(cred_t *, struct ksid *, int); 17775584Sruextern void crsetsidlist(cred_t *, struct ksidlist *); 17875584Sru 17975584Sruextern struct ksid *crgetsid(const cred_t *, int); 18075584Sruextern struct ksidlist *crgetsidlist(const cred_t *); 18175584Sru 18275584Sruextern int crsetpriv(cred_t *, ...); 18375584Sru 18475584Sruextern struct credklpd *crgetcrklpd(const cred_t *); 18575584Sruextern void crsetcrklpd(cred_t *, struct credklpd *); 18675584Sru 18775584Sru#endif /* _KERNEL */ 18875584Sru 18975584Sru#ifdef __cplusplus 19075584Sru} 19175584Sru#endif 19275584Sru 19375584Sru#endif /* _SYS_CRED_H */ 19475584Sru