#include <Cred/group.h>
#include <Cred/user.h>
#include <Fs/vfs.h>
#include <process.h>

Include dependency graph for cred.h:

This graph shows which files directly or indirectly include this file:

Macros
#define	CRED_CAP_SETUID 0

#define	CRED_CAP_SETGID 1

#define	CRED_CAP_BYPASS_PERM_CHECK 2

#define	CRED_CAP_BYPASS_SECURITY_CHECK 3

#define	CRED_CAP_IPC 4

#define	CRED_CAP_SETCAP 5

#define	CRED_IS_CAPABLE(a, b) ((a >> b) & 0x1)

#define	CRED_SET_CAP(b) (1ULL<< b)

#define	CRED_SET_CAP_ROOT(proc) (proc->creds.caps = UINT8_MAX)

#define	CRED_MARK_ROOT(proc)

Functions
int	AuCredChangeID (int fd, UID_NUM uid, GID_NUM gid)
	AuCredChangeID – change credential ids.

int	AuCredAddSGroup (int proc_id, int sgid)
	AuCredAddSGroup – add supplimentary gid to process.

int	AuCredSetCap (int proc_id, int cap)

int	AuCredGetCap (int proc_id)

int	AuCredCheckPermissions (AuVFSNode node, AuProcCredentials cred)
	AuCredCheckPermissions – before giving permission, check all credentials, enei aru access koriba dibi neki, ji pai take korba nori tu.

int	AuSetUID (int proc_id, UID_NUM uid)
	AuSetUID – change user id of a process.

int	AuSetGID (int proc_id, GID_NUM gid)
	AuSetGID – change user id of a process.

Detailed Description

BSD 2-Clause License

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Macro Definition Documentation

◆ CRED_CAP_BYPASS_PERM_CHECK

#define CRED_CAP_BYPASS_PERM_CHECK 2

◆ CRED_CAP_BYPASS_SECURITY_CHECK

#define CRED_CAP_BYPASS_SECURITY_CHECK 3

◆ CRED_CAP_IPC

#define CRED_CAP_IPC 4

◆ CRED_CAP_SETCAP

#define CRED_CAP_SETCAP 5

◆ CRED_CAP_SETGID

#define CRED_CAP_SETGID 1

◆ CRED_CAP_SETUID

#define CRED_CAP_SETUID 0

◆ CRED_IS_CAPABLE

#define CRED_IS_CAPABLE	(	a,
		b
	)	((a >> b) & 0x1)

verify capability bit position's value

◆ CRED_MARK_ROOT

#define CRED_MARK_ROOT ( proc )

Value:

proc->creds.uid = 0; \

proc->creds.gid = 0

◆ CRED_SET_CAP

#define CRED_SET_CAP ( b ) (1ULL<< b)

set a capability

◆ CRED_SET_CAP_ROOT

#define CRED_SET_CAP_ROOT ( proc ) (proc->creds.caps = UINT8_MAX)

set root capabilities

Function Documentation

◆ AuCredAddSGroup()

int AuCredAddSGroup	(	int	proc_id,
		int	sgid
	)

extern

AuCredAddSGroup – add supplimentary gid to process.

Parameters

proc_id	– process id number
sgid	– sgid number

check capabilities

◆ AuCredChangeID()

int AuCredChangeID	(	int	fd,
		UID_NUM	uid,
		GID_NUM	gid
	)

extern

AuCredChangeID – change credential ids.

Parameters

fd	– file descriptor
uid	– user id
gid	– groupd id number

check capabilities

◆ AuCredCheckPermissions()

int AuCredCheckPermissions	(	AuVFSNode *	node,
		AuProcCredentials *	cred
	)

extern

AuCredCheckPermissions – before giving permission, check all credentials, enei aru access koriba dibi neki, ji pai take korba nori tu.

Parameters

node	– File node
cred	– Process's credential

root get access to everything

maybe this process's user, created the file and owner of this file

maybe this process directly belong to the group

now search for supplimentary gids

sorry,kela, no access to the file

◆ AuCredGetCap()

int AuCredGetCap ( int proc_id )

extern

AuCredGetCap – get capabilities of desired process

Parameters

proc_id – process id, zero for current process

check capabilities

◆ AuCredSetCap()

int AuCredSetCap	(	int	proc_id,
		int	cap
	)

extern

AuCredSetCap – add capability to a process

Parameters

proc_id	– process id, zero for current process
cap	– capability to add

check capabilities

◆ AuSetGID()

int AuSetGID	(	int	proc_id,
		GID_NUM	gid
	)

extern

AuSetGID – change user id of a process.

Parameters

proc	– Process id to change their uid
uid	– User id

don't allow root process to change it's uid/gid, in Xeneva the root process get process id of one

◆ AuSetUID()

int AuSetUID	(	int	proc_id,
		UID_NUM	uid
	)

extern

AuSetUID – change user id of a process.

Parameters

proc	– Process id to change their uid
uid	– User id

don't allow root process to change it's uid/gid, in Xeneva the root process get process id of one

Macros

Functions

Detailed Description

Macro Definition Documentation

◆ CRED_CAP_BYPASS_PERM_CHECK

◆ CRED_CAP_BYPASS_SECURITY_CHECK

◆ CRED_CAP_IPC

◆ CRED_CAP_SETCAP

◆ CRED_CAP_SETGID

◆ CRED_CAP_SETUID

◆ CRED_IS_CAPABLE

◆ CRED_MARK_ROOT

◆ CRED_SET_CAP

◆ CRED_SET_CAP_ROOT

Function Documentation

◆ AuCredAddSGroup()

◆ AuCredChangeID()

◆ AuCredCheckPermissions()

◆ AuCredGetCap()

◆ AuCredSetCap()

◆ AuSetGID()

◆ AuSetUID()