Add basic credential support and splat tests.

The previous credential implementation simply provided the needed types and
a couple of dummy functions needed.  This update correctly ties the basic
Solaris credential API in to one of two Linux kernel APIs.

Prior to 2.6.29 the linux kernel embeded all credentials in the task
structure.  For these kernels, we pass around the entire task struct as if
it were the credential, then we use the helper functions to extract the
credential related bits.

As of 2.6.29 a new credential type was added which we can and do fairly
cleanly layer on top of.  Once again the helper functions nicely hide
the implementation details from all callers.

Three tests were added to the splat test framework to verify basic
correctness.  They should be extended as needed when need credential
functions are added.

include/sys/cred.h

@@ -9,69 +9,33 @@ extern "C" {
 #include <sys/types.h>
 #include <sys/vfs.h>
 
-/* XXX - Portions commented out because we really just want to have the type
- * defined and the contents aren't nearly so important at the moment. */
-typedef struct cred {
-        uint_t          cr_ref;         /* reference count */
-        uid_t           cr_uid;         /* effective user id */
-        gid_t           cr_gid;         /* effective group id */
-        uid_t           cr_ruid;        /* real user id */
-        gid_t           cr_rgid;        /* real group id */
-        uid_t           cr_suid;        /* "saved" user id (from exec) */
-        gid_t           cr_sgid;        /* "saved" group id (from exec) */
-        uint_t          cr_ngroups;     /* number of groups returned by */
-                                        /* crgroups() */
-#if 0
-        cred_priv_t     cr_priv;        /* privileges */
-        projid_t        cr_projid;      /* project */
-        struct zone     *cr_zone;       /* pointer to per-zone structure */
-        struct ts_label_s *cr_label;    /* pointer to the effective label */
-        credsid_t       *cr_ksid;       /* pointer to SIDs */
-#endif
-        gid_t           cr_groups[1];   /* cr_groups size not fixed */
-                                        /* audit info is defined dynamically */
-                                        /* and valid only when audit enabled */
-        /* auditinfo_addr_t     cr_auinfo;      audit info */
-} cred_t;
+#ifdef HAVE_CRED_STRUCT
 
-#define kcred				NULL
-#define CRED()				NULL
+typedef struct cred cred_t;
 
-static __inline__ uid_t
-crgetuid(cred_t *cr)
-{
-	return 0;
-}
+#define kcred		((cred_t *)(init_task.cred))
+#define CRED()		((cred_t *)current_cred())
 
-static __inline__ gid_t
-crgetgid(cred_t *cr)
-{
-	return 0;
-}
+#else
 
-static __inline__ int
-crgetngroups(cred_t *cr)
-{
-	return 0;
-}
+typedef struct task_struct cred_t;
 
-static __inline__ gid_t *
-crgetgroups(cred_t *cr)
-{
-	return NULL;
-}
+#define kcred		((cred_t *)&init_task)
+#define CRED()		((cred_t *)current)
 
-static __inline__ int
-groupmember(gid_t gid, const cred_t *cr)
-{
-	/* Primary group check */
-	if ((cr) && (gid == cr->cr_gid))
-		return 1;
-
-	/* Supplemental group check (unsupported) */
-	return 0;
-}
+#endif /* HAVE_CRED_STRUCT */
 
+extern void crhold(cred_t *cr);
+extern void crfree(cred_t *cr);
+extern uid_t crgetuid(const cred_t *cr);
+extern uid_t crgetruid(const cred_t *cr);
+extern uid_t crgetsuid(const cred_t *cr);
+extern gid_t crgetgid(const cred_t *cr);
+extern gid_t crgetrgid(const cred_t *cr);
+extern gid_t crgetsgid(const cred_t *cr);
+extern int crgetngroups(const cred_t *cr);
+extern gid_t * crgetgroups(const cred_t *cr);
+extern int groupmember(gid_t gid, const cred_t *cr);
 
 #ifdef  __cplusplus
 }

include/sys/debug.h

@@ -53,6 +53,7 @@ extern unsigned long spl_debug_subsys;
 #define S_GENERIC     0x00002000
 #define S_PROC        0x00004000
 #define S_MODULE      0x00008000
+#define S_CRED        0x00010000
 
 #define D_TRACE       0x00000001
 #define D_INFO        0x00000002