Annotation of fam/fam/Cred.h, Revision 1.1.1.1
1.1 trev 1: // Copyright (C) 1999-2002 Silicon Graphics, Inc. All Rights Reserved.
2: //
3: // This program is free software; you can redistribute it and/or modify it
4: // under the terms of version 2 of the GNU General Public License as
5: // published by the Free Software Foundation.
6: //
7: // This program is distributed in the hope that it would be useful, but
8: // WITHOUT ANY WARRANTY; without even the implied warranty of
9: // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Further, any
10: // license provided herein, whether implied or otherwise, is limited to
11: // this program in accordance with the express provisions of the GNU
12: // General Public License. Patent licenses, if any, provided herein do not
13: // apply to combinations of this program with other product or programs, or
14: // any other product whatsoever. This program is distributed without any
15: // warranty that the program is delivered free of the rightful claim of any
16: // third person by way of infringement or the like. See the GNU General
17: // Public License for more details.
18: //
19: // You should have received a copy of the GNU General Public License along
20: // with this program; if not, write the Free Software Foundation, Inc., 59
21: // Temple Place - Suite 330, Boston MA 02111-1307, USA.
22:
23: #ifndef Cred_included
24: #define Cred_included
25:
26: #include <sys/param.h>
27: #include <sys/types.h>
28: #include <stddef.h>
29:
30: #include "Boolean.h"
31:
32: #ifdef HAVE_MAC
33: #include <sys/mac.h>
34: #else
35: // This typedef could be a really stupid idea. It's just so that we
36: // don't need to #ifdef the few methods that take a mac_t argument. If
37: // HAVE_MAC isn't defined, we should be ignoring those arguments anyway.
38: typedef void * mac_t;
39: #endif
40:
41: // Cred is short for Credentials, which is what NFS calls the
42: // structure that holds the user's uids and gids.
43: //
44: // A user of a Cred can get its uid and gid, and get an ASCII string
45: // for its group list. A user can also pass the message
46: // become_user() which will change the process's effective uid and
47: // gid and group list to match the Cred's. If the new IDs are the
48: // same as the current IDs, become_user() doesn't do any system
49: // calls.
50: //
51: // The Cred itself is simply a pointer to the Implementation. The
52: // Implementation is reference counted, so when the last Cred
53: // pointing to one is destroyed, the Implementation is destroyed too.
54: //
55: // Implementations are shared. There is currently a linked list of
56: // all Implementations, and that list is searched whenever a new Cred
57: // is created. A faster lookup method would be good...
58:
59: class Cred {
60:
61: public:
62:
63: Cred();
64: Cred(const Cred &that);
65: Cred(uid_t, int sockfd);
66: Cred(uid_t, unsigned int ngroups, const gid_t *, int sockfd);
67: Cred& operator = (const Cred& that);
68: ~Cred();
69:
70: bool is_valid() const { return p != NULL; }
71: uid_t uid() const { return p->uid(); }
72: uid_t gid() const { return p->gid(); }
73:
74: // The caller must not delete the memory returned
75: const char * getAddlGroupsString() const {return p->getAddlGroupsString();}
76:
77: void become_user() const { p->become_user(); }
78:
79: static const Cred SuperUser;
80:
81: static void set_untrusted_user(const char *name);
82: static uid_t get_untrusted_uid() { return untrusted.is_valid() ? untrusted.uid() : (uid_t)-1; }
83: static Cred get_cred_for_untrusted_conn(int sockfd);
84: static void disable_mac();
85: static void enable_insecure_compat();
86: static bool insecure_compat_enabled() { return insecure_compat; }
87:
88: private:
89:
90: Cred(int sockfd);
91:
92: class Implementation {
93:
94: public:
95:
96: Implementation(uid_t, gid_t, unsigned int, const gid_t *, mac_t);
97: ~Implementation();
98: bool equal(uid_t, gid_t, unsigned int ngroups,
99: const gid_t *, mac_t) const;
100: int cmp(uid_t, unsigned ngroups, const gid_t *, mac_t) const;
101:
102: uid_t uid() const { return myuid; }
103: gid_t gid() const { return mygid; }
104: const char * getAddlGroupsString() const;
105:
106: void become_user() const;
107:
108: unsigned refcount;
109:
110: friend class Cred; // so that set_untrusted_user can modify myuid
111:
112: private:
113:
114: uid_t myuid;
115: gid_t mygid;
116: unsigned int nAddlGroups;
117: gid_t *AddlGroups;
118: char * addlGroupsStr;
119: #ifdef HAVE_MAC
120: mac_t mac;
121: #endif
122:
123: bool addl_groups_equal(unsigned int ng, const gid_t *gs) const;
124:
125: static const Implementation *last;
126:
127: };
128:
129: Implementation *p;
130: static Cred untrusted;
131: static bool insecure_compat;
132: #ifdef HAVE_MAC
133: static bool use_mac;
134: #endif
135:
136: static Implementation **impllist;
137: static unsigned nimpl, nimpl_alloc;
138:
139: static void add(Implementation *);
140: static void drop(Implementation *);
141:
142: void new_impl(uid_t, unsigned int, const gid_t *, mac_t);
143: void new_impl(uid_t, gid_t, unsigned int, const gid_t *, mac_t);
144: };
145:
146: #endif /* !Cred_included */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to Cred.h CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [Development] / fam / fam