cred.h revision 11134:8aa0c4ca6639 
175584Sru/*
275584Sru * CDDL HEADER START
375584Sru *
475584Sru * The contents of this file are subject to the terms of the
575584Sru * Common Development and Distribution License (the "License").
675584Sru * You may not use this file except in compliance with the License.
775584Sru *
875584Sru * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
975584Sru * or http://www.opensolaris.org/os/licensing.
1075584Sru * See the License for the specific language governing permissions
1175584Sru * and limitations under the License.
1275584Sru *
1375584Sru * When distributing Covered Code, include this CDDL HEADER in each
1475584Sru * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1575584Sru * If applicable, add the following below this CDDL HEADER, with the
1675584Sru * fields enclosed by brackets "[]" replaced with your own identifying
1775584Sru * information: Portions Copyright [yyyy] [name of copyright owner]
1875584Sru *
1975584Sru * CDDL HEADER END
2075584Sru */
2175584Sru/*
2275584Sru * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
2375584Sru * Use is subject to license terms.
2475584Sru */
2575584Sru
2675584Sru/*	Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T	*/
2775584Sru/*	  All Rights Reserved  	*/
2875584Sru
2975584Sru/*
3075584Sru * Portions of this source code were derived from Berkeley 4.3 BSD
3175584Sru * under license from the Regents of the University of California.
3275584Sru */
3375584Sru
3475584Sru#ifndef _SYS_CRED_H
3575584Sru#define	_SYS_CRED_H
3675584Sru
3775584Sru#include <sys/types.h>
3875584Sru
3975584Sru#ifdef	__cplusplus
4075584Sruextern "C" {
4175584Sru#endif
4275584Sru
4375584Sru/*
4475584Sru * The credential is an opaque kernel private data structure defined in
4575584Sru * <sys/cred_impl.h>.
4675584Sru */
4775584Sru
4875584Srutypedef struct cred cred_t;
4975584Sru
5075584Sru#ifdef _KERNEL
5175584Sru
5275584Sru#define	CRED()		curthread->t_cred
5375584Sru
5475584Srustruct proc;				/* cred.h is included in proc.h */
5575584Srustruct prcred;
5675584Srustruct ksid;
5775584Srustruct ksidlist;
5875584Srustruct credklpd;
5975584Srustruct credgrp;
6075584Sru
6175584Srustruct auditinfo_addr;			/* cred.h is included in audit.h */
6275584Sru
6375584Sruextern int ngroups_max;
6475584Sru/*
6575584Sru * kcred is used when you need all privileges.
6675584Sru */
6775584Sruextern struct cred *kcred;
6875584Sru
6975584Sruextern void cred_init(void);
7075584Sruextern void crhold(cred_t *);
7175584Sruextern void crfree(cred_t *);
7275584Sruextern cred_t *cralloc(void);		/* all but ref uninitialized */
7375584Sruextern cred_t *cralloc_ksid(void);	/* cralloc() + ksid alloc'ed */
7475584Sruextern cred_t *crget(void);		/* initialized */
7575584Sruextern cred_t *crcopy(cred_t *);
7675584Sruextern void crcopy_to(cred_t *, cred_t *);
7775584Sruextern cred_t *crdup(cred_t *);
7875584Sruextern void crdup_to(cred_t *, cred_t *);
7975584Sruextern cred_t *crgetcred(void);
8075584Sruextern void crset(struct proc *, cred_t *);
8175584Sruextern void crset_zone_privall(cred_t *);
8275584Sruextern int groupmember(gid_t, const cred_t *);
8375584Sruextern int supgroupmember(gid_t, const cred_t *);
8475584Sruextern int hasprocperm(const cred_t *, const cred_t *);
8575584Sruextern int prochasprocperm(struct proc *, struct proc *, const cred_t *);
8675584Sruextern int crcmp(const cred_t *, const cred_t *);
8775584Sruextern cred_t *zone_kcred(void);
8875584Sru
8975584Sruextern uid_t crgetuid(const cred_t *);
9075584Sruextern uid_t crgetruid(const cred_t *);
9175584Sruextern uid_t crgetsuid(const cred_t *);
9275584Sruextern gid_t crgetgid(const cred_t *);
9375584Sruextern gid_t crgetrgid(const cred_t *);
9475584Sruextern gid_t crgetsgid(const cred_t *);
9575584Sruextern zoneid_t crgetzoneid(const cred_t *);
9675584Sruextern projid_t crgetprojid(const cred_t *);
9775584Sru
9875584Sruextern cred_t *crgetmapped(const cred_t *);
9975584Sru
10075584Sru
10175584Sruextern const struct auditinfo_addr *crgetauinfo(const cred_t *);
10275584Sruextern struct auditinfo_addr *crgetauinfo_modifiable(cred_t *);
10375584Sru
10475584Sruextern uint_t crgetref(const cred_t *);
10575584Sru
10675584Sruextern const gid_t *crgetgroups(const cred_t *);
10775584Sruextern const gid_t *crgetggroups(const struct credgrp *);
10875584Sru
10975584Sruextern int crgetngroups(const cred_t *);
11075584Sru
11175584Sru/*
11275584Sru * Sets real, effective and/or saved uid/gid;
11375584Sru * -1 argument accepted as "no change".
11475584Sru */
11575584Sruextern int crsetresuid(cred_t *, uid_t, uid_t, uid_t);
11675584Sruextern int crsetresgid(cred_t *, gid_t, gid_t, gid_t);
11775584Sru
11875584Sru/*
11975584Sru * Sets real, effective and saved uids/gids all to the same
12075584Sru * values.  Both values must be non-negative and <= MAXUID
12175584Sru */
12275584Sruextern int crsetugid(cred_t *, uid_t, gid_t);
12375584Sru
12475584Sru/*
12575584Sru * Functions to handle the supplemental group list.
12675584Sru */
12775584Sruextern int crsetgroups(cred_t *, int, gid_t *);
12875584Sruextern struct credgrp *crgrpcopyin(int, gid_t *);
12975584Sruextern void crgrprele(struct credgrp *);
13075584Sruextern void crsetcredgrp(cred_t *, struct credgrp *);
13175584Sru
13275584Sru/*
13375584Sru * Private interface for setting zone association of credential.
13475584Sru */
13575584Srustruct zone;
13675584Sruextern void crsetzone(cred_t *, struct zone *);
13775584Sruextern struct zone *crgetzone(const cred_t *);
13875584Sru
13975584Sru/*
14075584Sru * Private interface for setting project id in credential.
14175584Sru */
14275584Sruextern void crsetprojid(cred_t *, projid_t);
14375584Sru
14475584Sru/*
14575584Sru * Private interface for nfs.
14675584Sru */
14775584Sruextern cred_t *crnetadjust(cred_t *);
14875584Sru
14975584Sru/*
15075584Sru * Private interface for procfs.
15175584Sru */
15275584Sruextern void cred2prcred(const cred_t *, struct prcred *);
15375584Sru
15475584Sru/*
15575584Sru * Private interfaces for Rampart Trusted Solaris.
15675584Sru */
15775584Srustruct ts_label_s;
15875584Sruextern struct ts_label_s *crgetlabel(const cred_t *);
15975584Sruextern boolean_t crisremote(const cred_t *);
16075584Sru
16175584Sru/*
16275584Sru * Private interfaces for ephemeral uids.
16375584Sru */
16475584Sru#define	VALID_UID(id, zn)					\
16575584Sru	((id) <= MAXUID || valid_ephemeral_uid((zn), (id)))
16675584Sru
16775584Sru#define	VALID_GID(id, zn)					\
16875584Sru	((id) <= MAXUID || valid_ephemeral_gid((zn), (id)))
16975584Sru
17075584Sruextern boolean_t valid_ephemeral_uid(struct zone *, uid_t);
17175584Sruextern boolean_t valid_ephemeral_gid(struct zone *, gid_t);
17275584Sru
17375584Sruextern int eph_uid_alloc(struct zone *, int, uid_t *, int);
17475584Sruextern int eph_gid_alloc(struct zone *, int, gid_t *, int);
17575584Sru
17675584Sruextern void crsetsid(cred_t *, struct ksid *, int);
17775584Sruextern void crsetsidlist(cred_t *, struct ksidlist *);
17875584Sru
17975584Sruextern struct ksid *crgetsid(const cred_t *, int);
18075584Sruextern struct ksidlist *crgetsidlist(const cred_t *);
18175584Sru
18275584Sruextern int crsetpriv(cred_t *, ...);
18375584Sru
18475584Sruextern struct credklpd *crgetcrklpd(const cred_t *);
18575584Sruextern void crsetcrklpd(cred_t *, struct credklpd *);
18675584Sru
18775584Sru#endif	/* _KERNEL */
18875584Sru
18975584Sru#ifdef	__cplusplus
19075584Sru}
19175584Sru#endif
19275584Sru
19375584Sru#endif	/* _SYS_CRED_H */
19475584Sru