xref: /titanic_51/usr/src/uts/common/sys/cred_impl.h (revision 0605fe789584720c74945c982c61a3f934642c02)
17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
545916cd2Sjpk  * Common Development and Distribution License (the "License").
645916cd2Sjpk  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
217c478bd9Sstevel@tonic-gate /*
22*0605fe78SGordon Ross  * Copyright 2011 Nexenta Systems, Inc.  All rights reserved.
2367dbe2beSCasper H.S. Dik  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
247c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
257c478bd9Sstevel@tonic-gate  */
267c478bd9Sstevel@tonic-gate 
277c478bd9Sstevel@tonic-gate #ifndef _SYS_CRED_IMPL_H
287c478bd9Sstevel@tonic-gate #define	_SYS_CRED_IMPL_H
297c478bd9Sstevel@tonic-gate 
307c478bd9Sstevel@tonic-gate #include <sys/types.h>
317c478bd9Sstevel@tonic-gate #include <sys/cred.h>
327c478bd9Sstevel@tonic-gate #include <sys/priv_impl.h>
33f48205beScasper #include <sys/sid.h>
347c478bd9Sstevel@tonic-gate 
357c478bd9Sstevel@tonic-gate #ifdef	__cplusplus
367c478bd9Sstevel@tonic-gate extern "C" {
377c478bd9Sstevel@tonic-gate #endif
387c478bd9Sstevel@tonic-gate 
397c478bd9Sstevel@tonic-gate /*
407c478bd9Sstevel@tonic-gate  * The user credential implementation.
417c478bd9Sstevel@tonic-gate  *
427c478bd9Sstevel@tonic-gate  * This is is not a public interface.  This file must not be included
437c478bd9Sstevel@tonic-gate  * except by those routines in Solaris proper that implement credential
447c478bd9Sstevel@tonic-gate  * manipulation and kernel policy.
457c478bd9Sstevel@tonic-gate  *
467c478bd9Sstevel@tonic-gate  * Credentials are shared, and therefor read-only, data structure.
477c478bd9Sstevel@tonic-gate  * After finalization, on the cr_ref field is changed through crhold/crfree.
487c478bd9Sstevel@tonic-gate  *
497c478bd9Sstevel@tonic-gate  * Kernel modules that need access to fields of cred_t should use the
507c478bd9Sstevel@tonic-gate  * accessor functions defined in <sys/cred.h>
517c478bd9Sstevel@tonic-gate  *
527c478bd9Sstevel@tonic-gate  * The size of the cr_groups[] array is configurable but is the same
537c478bd9Sstevel@tonic-gate  * (ngroups_max) for all cred_impl structures; cr_ngroups records the number
547c478bd9Sstevel@tonic-gate  * of elements currently in use, not the array size.
557c478bd9Sstevel@tonic-gate  *
567c478bd9Sstevel@tonic-gate  * Changes in the implementation will move cr_groups[] around.
577c478bd9Sstevel@tonic-gate  *
587c478bd9Sstevel@tonic-gate  * Properly sized cred_t structures are only returned by crget()/crdup()
597c478bd9Sstevel@tonic-gate  * crcopy().  It is not possible to declare one.
607c478bd9Sstevel@tonic-gate  */
617c478bd9Sstevel@tonic-gate 
627c478bd9Sstevel@tonic-gate #if defined(_KERNEL) || defined(_KMEMUSER)
637c478bd9Sstevel@tonic-gate 
647c478bd9Sstevel@tonic-gate struct zone;		/* forward reference */
6545916cd2Sjpk struct ts_label_s;	/* forward reference */
66ddf7fe95Scasper struct credklpd;	/* forward reference */
677c478bd9Sstevel@tonic-gate 
68*0605fe78SGordon Ross /* Supplemental groups list. */
69*0605fe78SGordon Ross typedef struct credgrp {
70*0605fe78SGordon Ross 	uint_t		crg_ref;
71*0605fe78SGordon Ross 	uint_t		crg_ngroups;
72*0605fe78SGordon Ross 	gid_t		crg_groups[1];
73*0605fe78SGordon Ross } credgrp_t;
74*0605fe78SGordon Ross 
757c478bd9Sstevel@tonic-gate struct cred {
767c478bd9Sstevel@tonic-gate 	uint_t		cr_ref;		/* reference count */
777c478bd9Sstevel@tonic-gate 	uid_t		cr_uid;		/* effective user id */
787c478bd9Sstevel@tonic-gate 	gid_t		cr_gid;		/* effective group id */
797c478bd9Sstevel@tonic-gate 	uid_t		cr_ruid;	/* real user id */
807c478bd9Sstevel@tonic-gate 	gid_t		cr_rgid;	/* real group id */
817c478bd9Sstevel@tonic-gate 	uid_t		cr_suid;	/* "saved" user id (from exec) */
827c478bd9Sstevel@tonic-gate 	gid_t		cr_sgid;	/* "saved" group id (from exec) */
837c478bd9Sstevel@tonic-gate 	cred_priv_t	cr_priv;	/* privileges */
847c478bd9Sstevel@tonic-gate 	projid_t	cr_projid;	/* project */
857c478bd9Sstevel@tonic-gate 	struct zone	*cr_zone;	/* pointer to per-zone structure */
8645916cd2Sjpk 	struct ts_label_s *cr_label;	/* pointer to the effective label */
87ddf7fe95Scasper 	struct credklpd *cr_klpd;	/* pointer to the cred's klpd */
88f48205beScasper 	credsid_t	*cr_ksid;	/* pointer to SIDs */
89*0605fe78SGordon Ross 	credgrp_t	*cr_grps;	/* supplemental groups */
907c478bd9Sstevel@tonic-gate 					/* audit info is defined dynamically */
917c478bd9Sstevel@tonic-gate 					/* and valid only when audit enabled */
927c478bd9Sstevel@tonic-gate 	/* auditinfo_addr_t	cr_auinfo;	audit info */
937c478bd9Sstevel@tonic-gate };
947c478bd9Sstevel@tonic-gate 
957c478bd9Sstevel@tonic-gate extern int ngroups_max;
967c478bd9Sstevel@tonic-gate 
977c478bd9Sstevel@tonic-gate #define	CR_PRIVS(c)	(&(c)->cr_priv)
987c478bd9Sstevel@tonic-gate #define	CR_PRIVSETS(c)	(((c)->cr_priv.crprivs))
997c478bd9Sstevel@tonic-gate 
1007c478bd9Sstevel@tonic-gate #endif	/* _KERNEL */
1017c478bd9Sstevel@tonic-gate 
1027c478bd9Sstevel@tonic-gate #ifdef	__cplusplus
1037c478bd9Sstevel@tonic-gate }
1047c478bd9Sstevel@tonic-gate #endif
1057c478bd9Sstevel@tonic-gate 
1067c478bd9Sstevel@tonic-gate #endif	/* _SYS_CRED_IMPL_H */
107