Annotation of fam/fam/Cred.h, Revision 1.1
1.1 ! trev 1: // Copyright (C) 1999-2002 Silicon Graphics, Inc. All Rights Reserved.
! 2: //
! 3: // This program is free software; you can redistribute it and/or modify it
! 4: // under the terms of version 2 of the GNU General Public License as
! 5: // published by the Free Software Foundation.
! 6: //
! 7: // This program is distributed in the hope that it would be useful, but
! 8: // WITHOUT ANY WARRANTY; without even the implied warranty of
! 9: // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Further, any
! 10: // license provided herein, whether implied or otherwise, is limited to
! 11: // this program in accordance with the express provisions of the GNU
! 12: // General Public License. Patent licenses, if any, provided herein do not
! 13: // apply to combinations of this program with other product or programs, or
! 14: // any other product whatsoever. This program is distributed without any
! 15: // warranty that the program is delivered free of the rightful claim of any
! 16: // third person by way of infringement or the like. See the GNU General
! 17: // Public License for more details.
! 18: //
! 19: // You should have received a copy of the GNU General Public License along
! 20: // with this program; if not, write the Free Software Foundation, Inc., 59
! 21: // Temple Place - Suite 330, Boston MA 02111-1307, USA.
! 22:
! 23: #ifndef Cred_included
! 24: #define Cred_included
! 25:
! 26: #include <sys/param.h>
! 27: #include <sys/types.h>
! 28: #include <stddef.h>
! 29:
! 30: #include "Boolean.h"
! 31:
! 32: #ifdef HAVE_MAC
! 33: #include <sys/mac.h>
! 34: #else
! 35: // This typedef could be a really stupid idea. It's just so that we
! 36: // don't need to #ifdef the few methods that take a mac_t argument. If
! 37: // HAVE_MAC isn't defined, we should be ignoring those arguments anyway.
! 38: typedef void * mac_t;
! 39: #endif
! 40:
! 41: // Cred is short for Credentials, which is what NFS calls the
! 42: // structure that holds the user's uids and gids.
! 43: //
! 44: // A user of a Cred can get its uid and gid, and get an ASCII string
! 45: // for its group list. A user can also pass the message
! 46: // become_user() which will change the process's effective uid and
! 47: // gid and group list to match the Cred's. If the new IDs are the
! 48: // same as the current IDs, become_user() doesn't do any system
! 49: // calls.
! 50: //
! 51: // The Cred itself is simply a pointer to the Implementation. The
! 52: // Implementation is reference counted, so when the last Cred
! 53: // pointing to one is destroyed, the Implementation is destroyed too.
! 54: //
! 55: // Implementations are shared. There is currently a linked list of
! 56: // all Implementations, and that list is searched whenever a new Cred
! 57: // is created. A faster lookup method would be good...
! 58:
! 59: class Cred {
! 60:
! 61: public:
! 62:
! 63: Cred();
! 64: Cred(const Cred &that);
! 65: Cred(uid_t, int sockfd);
! 66: Cred(uid_t, unsigned int ngroups, const gid_t *, int sockfd);
! 67: Cred& operator = (const Cred& that);
! 68: ~Cred();
! 69:
! 70: bool is_valid() const { return p != NULL; }
! 71: uid_t uid() const { return p->uid(); }
! 72: uid_t gid() const { return p->gid(); }
! 73:
! 74: // The caller must not delete the memory returned
! 75: const char * getAddlGroupsString() const {return p->getAddlGroupsString();}
! 76:
! 77: void become_user() const { p->become_user(); }
! 78:
! 79: static const Cred SuperUser;
! 80:
! 81: static void set_untrusted_user(const char *name);
! 82: static uid_t get_untrusted_uid() { return untrusted.is_valid() ? untrusted.uid() : (uid_t)-1; }
! 83: static Cred get_cred_for_untrusted_conn(int sockfd);
! 84: static void disable_mac();
! 85: static void enable_insecure_compat();
! 86: static bool insecure_compat_enabled() { return insecure_compat; }
! 87:
! 88: private:
! 89:
! 90: Cred(int sockfd);
! 91:
! 92: class Implementation {
! 93:
! 94: public:
! 95:
! 96: Implementation(uid_t, gid_t, unsigned int, const gid_t *, mac_t);
! 97: ~Implementation();
! 98: bool equal(uid_t, gid_t, unsigned int ngroups,
! 99: const gid_t *, mac_t) const;
! 100: int cmp(uid_t, unsigned ngroups, const gid_t *, mac_t) const;
! 101:
! 102: uid_t uid() const { return myuid; }
! 103: gid_t gid() const { return mygid; }
! 104: const char * getAddlGroupsString() const;
! 105:
! 106: void become_user() const;
! 107:
! 108: unsigned refcount;
! 109:
! 110: friend class Cred; // so that set_untrusted_user can modify myuid
! 111:
! 112: private:
! 113:
! 114: uid_t myuid;
! 115: gid_t mygid;
! 116: unsigned int nAddlGroups;
! 117: gid_t *AddlGroups;
! 118: char * addlGroupsStr;
! 119: #ifdef HAVE_MAC
! 120: mac_t mac;
! 121: #endif
! 122:
! 123: bool addl_groups_equal(unsigned int ng, const gid_t *gs) const;
! 124:
! 125: static const Implementation *last;
! 126:
! 127: };
! 128:
! 129: Implementation *p;
! 130: static Cred untrusted;
! 131: static bool insecure_compat;
! 132: #ifdef HAVE_MAC
! 133: static bool use_mac;
! 134: #endif
! 135:
! 136: static Implementation **impllist;
! 137: static unsigned nimpl, nimpl_alloc;
! 138:
! 139: static void add(Implementation *);
! 140: static void drop(Implementation *);
! 141:
! 142: void new_impl(uid_t, unsigned int, const gid_t *, mac_t);
! 143: void new_impl(uid_t, gid_t, unsigned int, const gid_t *, mac_t);
! 144: };
! 145:
! 146: #endif /* !Cred_included */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to Cred.h CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [Development] / fam / fam