1eda14cbcSMatt Macy /* 2eda14cbcSMatt Macy * Copyright (C) 2007-2010 Lawrence Livermore National Security, LLC. 3eda14cbcSMatt Macy * Copyright (C) 2007 The Regents of the University of California. 4eda14cbcSMatt Macy * Produced at Lawrence Livermore National Laboratory (cf, DISCLAIMER). 5eda14cbcSMatt Macy * Written by Brian Behlendorf <behlendorf1@llnl.gov>. 6eda14cbcSMatt Macy * UCRL-CODE-235197 7eda14cbcSMatt Macy * 8eda14cbcSMatt Macy * This file is part of the SPL, Solaris Porting Layer. 9eda14cbcSMatt Macy * 10eda14cbcSMatt Macy * The SPL is free software; you can redistribute it and/or modify it 11eda14cbcSMatt Macy * under the terms of the GNU General Public License as published by the 12eda14cbcSMatt Macy * Free Software Foundation; either version 2 of the License, or (at your 13eda14cbcSMatt Macy * option) any later version. 14eda14cbcSMatt Macy * 15eda14cbcSMatt Macy * The SPL is distributed in the hope that it will be useful, but WITHOUT 16eda14cbcSMatt Macy * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 17eda14cbcSMatt Macy * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 18eda14cbcSMatt Macy * for more details. 19eda14cbcSMatt Macy * 20eda14cbcSMatt Macy * You should have received a copy of the GNU General Public License along 21eda14cbcSMatt Macy * with the SPL. If not, see <http://www.gnu.org/licenses/>. 22eda14cbcSMatt Macy */ 23eda14cbcSMatt Macy 24eda14cbcSMatt Macy #ifndef _SPL_CRED_H 25eda14cbcSMatt Macy #define _SPL_CRED_H 26eda14cbcSMatt Macy 27eda14cbcSMatt Macy #include <linux/module.h> 28eda14cbcSMatt Macy #include <linux/cred.h> 29dbd5678dSMartin Matuska #include <linux/sched.h> 30eda14cbcSMatt Macy #include <sys/types.h> 31eda14cbcSMatt Macy #include <sys/vfs.h> 32eda14cbcSMatt Macy 33eda14cbcSMatt Macy typedef struct cred cred_t; 34eda14cbcSMatt Macy 35dbd5678dSMartin Matuska extern struct task_struct init_task; 36dbd5678dSMartin Matuska 37eda14cbcSMatt Macy #define kcred ((cred_t *)(init_task.cred)) 38eda14cbcSMatt Macy #define CRED() ((cred_t *)current_cred()) 39eda14cbcSMatt Macy 40eda14cbcSMatt Macy /* Linux 4.9 API change, GROUP_AT was removed */ 41eda14cbcSMatt Macy #ifndef GROUP_AT 42eda14cbcSMatt Macy #define GROUP_AT(gi, i) ((gi)->gid[i]) 43eda14cbcSMatt Macy #endif 44eda14cbcSMatt Macy 45eda14cbcSMatt Macy #define KUID_TO_SUID(x) (__kuid_val(x)) 46eda14cbcSMatt Macy #define KGID_TO_SGID(x) (__kgid_val(x)) 47eda14cbcSMatt Macy #define SUID_TO_KUID(x) (KUIDT_INIT(x)) 48eda14cbcSMatt Macy #define SGID_TO_KGID(x) (KGIDT_INIT(x)) 49eda14cbcSMatt Macy #define KGIDP_TO_SGIDP(x) (&(x)->val) 50eda14cbcSMatt Macy 51d411c1d6SMartin Matuska extern zidmap_t *zfs_get_init_idmap(void); 52d411c1d6SMartin Matuska 53dbd5678dSMartin Matuska /* Check if the user ns is the initial one */ 54dbd5678dSMartin Matuska static inline boolean_t 55dbd5678dSMartin Matuska zfs_is_init_userns(struct user_namespace *user_ns) 56dbd5678dSMartin Matuska { 57dbd5678dSMartin Matuska #if defined(CONFIG_USER_NS) 58dbd5678dSMartin Matuska return (user_ns == kcred->user_ns); 59dbd5678dSMartin Matuska #else 60dbd5678dSMartin Matuska return (B_FALSE); 61dbd5678dSMartin Matuska #endif 62dbd5678dSMartin Matuska } 63dbd5678dSMartin Matuska 64dbd5678dSMartin Matuska static inline struct user_namespace *zfs_i_user_ns(struct inode *inode) 65dbd5678dSMartin Matuska { 66dbd5678dSMartin Matuska return (inode->i_sb->s_user_ns); 67dbd5678dSMartin Matuska } 68dbd5678dSMartin Matuska 69dbd5678dSMartin Matuska static inline boolean_t zfs_no_idmapping(struct user_namespace *mnt_userns, 70dbd5678dSMartin Matuska struct user_namespace *fs_userns) 71dbd5678dSMartin Matuska { 72*fd45b686SMartin Matuska return (zfs_is_init_userns(mnt_userns) || 73*fd45b686SMartin Matuska mnt_userns == fs_userns); 74dbd5678dSMartin Matuska } 75dbd5678dSMartin Matuska 76d411c1d6SMartin Matuska static inline uid_t zfs_uid_to_vfsuid(zidmap_t *mnt_userns, 77dbd5678dSMartin Matuska struct user_namespace *fs_userns, uid_t uid) 78dbd5678dSMartin Matuska { 79*fd45b686SMartin Matuska struct user_namespace *owner; 80*fd45b686SMartin Matuska #ifdef HAVE_IOPS_CREATE_IDMAP 81*fd45b686SMartin Matuska if (mnt_userns == zfs_init_idmap) 82*fd45b686SMartin Matuska return (uid); 83*fd45b686SMartin Matuska #endif 84*fd45b686SMartin Matuska #ifdef HAVE_IDMAP_NO_USERNS 85*fd45b686SMartin Matuska struct user_namespace ns; 86*fd45b686SMartin Matuska ns.uid_map = mnt_userns->uid_map; 87*fd45b686SMartin Matuska owner = &ns; 88*fd45b686SMartin Matuska #else 89*fd45b686SMartin Matuska owner = idmap_owner(mnt_userns); 90*fd45b686SMartin Matuska #endif 91d411c1d6SMartin Matuska if (zfs_no_idmapping(owner, fs_userns)) 92dbd5678dSMartin Matuska return (uid); 93dbd5678dSMartin Matuska if (!zfs_is_init_userns(fs_userns)) 94dbd5678dSMartin Matuska uid = from_kuid(fs_userns, KUIDT_INIT(uid)); 95dbd5678dSMartin Matuska if (uid == (uid_t)-1) 96dbd5678dSMartin Matuska return (uid); 97d411c1d6SMartin Matuska return (__kuid_val(make_kuid(owner, uid))); 98dbd5678dSMartin Matuska } 99dbd5678dSMartin Matuska 100d411c1d6SMartin Matuska static inline gid_t zfs_gid_to_vfsgid(zidmap_t *mnt_userns, 101dbd5678dSMartin Matuska struct user_namespace *fs_userns, gid_t gid) 102dbd5678dSMartin Matuska { 103*fd45b686SMartin Matuska struct user_namespace *owner; 104*fd45b686SMartin Matuska #ifdef HAVE_IOPS_CREATE_IDMAP 105*fd45b686SMartin Matuska if (mnt_userns == zfs_init_idmap) 106*fd45b686SMartin Matuska return (gid); 107*fd45b686SMartin Matuska #endif 108*fd45b686SMartin Matuska #ifdef HAVE_IDMAP_NO_USERNS 109*fd45b686SMartin Matuska struct user_namespace ns; 110*fd45b686SMartin Matuska ns.gid_map = mnt_userns->gid_map; 111*fd45b686SMartin Matuska owner = &ns; 112*fd45b686SMartin Matuska #else 113*fd45b686SMartin Matuska owner = idmap_owner(mnt_userns); 114*fd45b686SMartin Matuska #endif 115d411c1d6SMartin Matuska if (zfs_no_idmapping(owner, fs_userns)) 116dbd5678dSMartin Matuska return (gid); 117dbd5678dSMartin Matuska if (!zfs_is_init_userns(fs_userns)) 118dbd5678dSMartin Matuska gid = from_kgid(fs_userns, KGIDT_INIT(gid)); 119dbd5678dSMartin Matuska if (gid == (gid_t)-1) 120dbd5678dSMartin Matuska return (gid); 121d411c1d6SMartin Matuska return (__kgid_val(make_kgid(owner, gid))); 122dbd5678dSMartin Matuska } 123dbd5678dSMartin Matuska 124d411c1d6SMartin Matuska static inline uid_t zfs_vfsuid_to_uid(zidmap_t *mnt_userns, 125dbd5678dSMartin Matuska struct user_namespace *fs_userns, uid_t uid) 126dbd5678dSMartin Matuska { 127*fd45b686SMartin Matuska struct user_namespace *owner; 128*fd45b686SMartin Matuska #ifdef HAVE_IOPS_CREATE_IDMAP 129*fd45b686SMartin Matuska if (mnt_userns == zfs_init_idmap) 130*fd45b686SMartin Matuska return (uid); 131*fd45b686SMartin Matuska #endif 132*fd45b686SMartin Matuska #ifdef HAVE_IDMAP_NO_USERNS 133*fd45b686SMartin Matuska struct user_namespace ns; 134*fd45b686SMartin Matuska ns.uid_map = mnt_userns->uid_map; 135*fd45b686SMartin Matuska owner = &ns; 136*fd45b686SMartin Matuska #else 137*fd45b686SMartin Matuska owner = idmap_owner(mnt_userns); 138*fd45b686SMartin Matuska #endif 139d411c1d6SMartin Matuska if (zfs_no_idmapping(owner, fs_userns)) 140dbd5678dSMartin Matuska return (uid); 141d411c1d6SMartin Matuska uid = from_kuid(owner, KUIDT_INIT(uid)); 142dbd5678dSMartin Matuska if (uid == (uid_t)-1) 143dbd5678dSMartin Matuska return (uid); 144dbd5678dSMartin Matuska if (zfs_is_init_userns(fs_userns)) 145dbd5678dSMartin Matuska return (uid); 146dbd5678dSMartin Matuska return (__kuid_val(make_kuid(fs_userns, uid))); 147dbd5678dSMartin Matuska } 148dbd5678dSMartin Matuska 149d411c1d6SMartin Matuska static inline gid_t zfs_vfsgid_to_gid(zidmap_t *mnt_userns, 150dbd5678dSMartin Matuska struct user_namespace *fs_userns, gid_t gid) 151dbd5678dSMartin Matuska { 152*fd45b686SMartin Matuska struct user_namespace *owner; 153*fd45b686SMartin Matuska #ifdef HAVE_IOPS_CREATE_IDMAP 154*fd45b686SMartin Matuska if (mnt_userns == zfs_init_idmap) 155*fd45b686SMartin Matuska return (gid); 156*fd45b686SMartin Matuska #endif 157*fd45b686SMartin Matuska #ifdef HAVE_IDMAP_NO_USERNS 158*fd45b686SMartin Matuska struct user_namespace ns; 159*fd45b686SMartin Matuska ns.gid_map = mnt_userns->gid_map; 160*fd45b686SMartin Matuska owner = &ns; 161*fd45b686SMartin Matuska #else 162*fd45b686SMartin Matuska owner = idmap_owner(mnt_userns); 163*fd45b686SMartin Matuska #endif 164d411c1d6SMartin Matuska if (zfs_no_idmapping(owner, fs_userns)) 165dbd5678dSMartin Matuska return (gid); 166d411c1d6SMartin Matuska gid = from_kgid(owner, KGIDT_INIT(gid)); 167dbd5678dSMartin Matuska if (gid == (gid_t)-1) 168dbd5678dSMartin Matuska return (gid); 169dbd5678dSMartin Matuska if (zfs_is_init_userns(fs_userns)) 170dbd5678dSMartin Matuska return (gid); 171dbd5678dSMartin Matuska return (__kgid_val(make_kgid(fs_userns, gid))); 172dbd5678dSMartin Matuska } 173dbd5678dSMartin Matuska 174eda14cbcSMatt Macy extern void crhold(cred_t *cr); 175eda14cbcSMatt Macy extern void crfree(cred_t *cr); 176eda14cbcSMatt Macy extern uid_t crgetuid(const cred_t *cr); 177eda14cbcSMatt Macy extern uid_t crgetruid(const cred_t *cr); 178eda14cbcSMatt Macy extern gid_t crgetgid(const cred_t *cr); 179eda14cbcSMatt Macy extern int crgetngroups(const cred_t *cr); 180eda14cbcSMatt Macy extern gid_t *crgetgroups(const cred_t *cr); 181eda14cbcSMatt Macy extern int groupmember(gid_t gid, const cred_t *cr); 182eda14cbcSMatt Macy #endif /* _SPL_CRED_H */ 183