Kernel: Add basic Credentials for the system
Now filesystem access/open, etc confirm that you have access for rwxs
This commit is contained in:
Bananymous
40
kernel/include/kernel/Credentials.h
Normal file
40
kernel/include/kernel/Credentials.h
Normal file
@@ -0,0 +1,40 @@
|
||||
#pragma once
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
namespace Kernel
|
||||
{
|
||||
|
||||
class Credentials
|
||||
{
|
||||
public:
|
||||
Credentials(uid_t ruid, uid_t euid, gid_t rgid, gid_t egid)
|
||||
: m_ruid(ruid), m_euid(euid), m_suid(0)
|
||||
, m_rgid(rgid), m_egid(egid), m_sgid(0)
|
||||
{ }
|
||||
|
||||
uid_t ruid() const { return m_ruid; }
|
||||
uid_t euid() const { return m_euid; }
|
||||
uid_t suid() const { return m_suid; }
|
||||
|
||||
gid_t rgid() const { return m_rgid; }
|
||||
gid_t egid() const { return m_egid; }
|
||||
gid_t sgid() const { return m_sgid; }
|
||||
|
||||
private:
|
||||
uid_t m_ruid, m_euid, m_suid;
|
||||
gid_t m_rgid, m_egid, m_sgid;
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
namespace BAN::Formatter
|
||||
{
|
||||
|
||||
template<typename F>
|
||||
void print_argument(F putc, const Kernel::Credentials& credentials, const ValueFormat&)
|
||||
{
|
||||
print(putc, "(ruid {}, euid {})", credentials.ruid(), credentials.euid());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -6,6 +6,7 @@
|
||||
#include <BAN/Vector.h>
|
||||
|
||||
#include <kernel/API/DirectoryEntry.h>
|
||||
#include <kernel/Credentials.h>
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <time.h>
|
||||
@@ -56,6 +57,8 @@ namespace Kernel
|
||||
public:
|
||||
virtual ~Inode() {}
|
||||
|
||||
bool can_access(const Credentials&, int);
|
||||
|
||||
bool operator==(const Inode& other) const { return dev() == other.dev() && rdev() == other.rdev() && ino() == other.ino(); }
|
||||
|
||||
virtual ino_t ino() const = 0;
|
||||
|
||||
@@ -11,21 +11,21 @@ namespace Kernel
|
||||
class VirtualFileSystem : public FileSystem
|
||||
{
|
||||
public:
|
||||
static BAN::ErrorOr<void> initialize(BAN::StringView);
|
||||
static void initialize(BAN::StringView);
|
||||
static VirtualFileSystem& get();
|
||||
virtual ~VirtualFileSystem() {};
|
||||
|
||||
virtual BAN::RefPtr<Inode> root_inode() override { return m_root_fs->root_inode(); }
|
||||
|
||||
BAN::ErrorOr<void> mount(BAN::StringView, BAN::StringView);
|
||||
BAN::ErrorOr<void> mount(FileSystem*, BAN::StringView);
|
||||
BAN::ErrorOr<void> mount(const Credentials&, BAN::StringView, BAN::StringView);
|
||||
BAN::ErrorOr<void> mount(const Credentials&, FileSystem*, BAN::StringView);
|
||||
|
||||
struct File
|
||||
{
|
||||
BAN::RefPtr<Inode> inode;
|
||||
BAN::String canonical_path;
|
||||
};
|
||||
BAN::ErrorOr<File> file_from_absolute_path(BAN::StringView, bool follow_link);
|
||||
BAN::ErrorOr<File> file_from_absolute_path(const Credentials&, BAN::StringView, int);
|
||||
|
||||
private:
|
||||
VirtualFileSystem() = default;
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
#include <BAN/String.h>
|
||||
#include <BAN/StringView.h>
|
||||
#include <BAN/Vector.h>
|
||||
#include <kernel/Credentials.h>
|
||||
#include <kernel/FS/Inode.h>
|
||||
#include <kernel/Memory/FixedWidthAllocator.h>
|
||||
#include <kernel/Memory/GeneralAllocator.h>
|
||||
@@ -37,7 +38,7 @@ namespace Kernel
|
||||
|
||||
public:
|
||||
static Process* create_kernel(entry_t, void*);
|
||||
static BAN::ErrorOr<Process*> create_userspace(BAN::StringView);
|
||||
static BAN::ErrorOr<Process*> create_userspace(const Credentials&, BAN::StringView);
|
||||
~Process();
|
||||
|
||||
[[noreturn]] void exit(int status);
|
||||
@@ -91,12 +92,12 @@ namespace Kernel
|
||||
const userspace_info_t& userspace_info() const { return m_userspace_info; }
|
||||
|
||||
private:
|
||||
Process(pid_t);
|
||||
static Process* create_process();
|
||||
Process(const Credentials&, pid_t);
|
||||
static Process* create_process(const Credentials&);
|
||||
static void register_process(Process*);
|
||||
|
||||
// Load an elf file to virtual address space of the current page table
|
||||
static BAN::ErrorOr<BAN::UniqPtr<LibELF::ELF>> load_elf_for_exec(BAN::StringView file_path, const BAN::String& cwd, const BAN::Vector<BAN::StringView>& path_env);
|
||||
static BAN::ErrorOr<BAN::UniqPtr<LibELF::ELF>> load_elf_for_exec(const Credentials&, BAN::StringView file_path, const BAN::String& cwd, const BAN::Vector<BAN::StringView>& path_env);
|
||||
|
||||
// Copy an elf file from the current page table to the processes own
|
||||
void load_elf_to_memory(LibELF::ELF&);
|
||||
@@ -125,6 +126,8 @@ namespace Kernel
|
||||
int waiting { 0 };
|
||||
};
|
||||
|
||||
Credentials m_credentials;
|
||||
|
||||
BAN::Vector<OpenFileDescription> m_open_files;
|
||||
BAN::Vector<VirtualRange*> m_mapped_ranges;
|
||||
|
||||
|
||||
@@ -108,7 +108,8 @@ namespace Kernel
|
||||
TerminalDriver* m_terminal_driver { nullptr };
|
||||
|
||||
public:
|
||||
virtual Mode mode() const override { return { Mode::IFCHR | Mode::IRUSR }; }
|
||||
// FIXME: these should be crw------- with the owner being user
|
||||
virtual Mode mode() const override { return { Mode::IFCHR | Mode::IRUSR | Mode::IWUSR | Mode::IRGRP | Mode::IWGRP | Mode::IROTH | Mode::IWOTH }; }
|
||||
virtual uid_t uid() const override { return 0; }
|
||||
virtual gid_t gid() const override { return 0; }
|
||||
virtual dev_t rdev() const override { return m_rdev; }
|
||||
|
||||
Reference in New Issue
Block a user