]> git.saurik.com Git - apple/xnu.git/blob - bsd/sys/kauth.h
projects / apple / xnu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
xnu-1228.0.2.tar.gz
[apple/xnu.git] / bsd / sys / kauth.h
1 /*
2 * Copyright (c) 2004-2007 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
30 * support for mandatory and extensible security protections. This notice
31 * is included in support of clause 2.2 (b) of the Apple Public License,
32 * Version 2.0.
33 */
34
35 #ifndef _SYS_KAUTH_H
36 #define _SYS_KAUTH_H
37
38 #include <sys/appleapiopts.h>
39 #include <sys/cdefs.h>
40 #include <mach/boolean.h>
41
42 #ifdef __APPLE_API_EVOLVING
43
44 /*
45 * Identities.
46 */
47
48 #define KAUTH_UID_NONE (~(uid_t)0 - 100) /* not a valid UID */
49 #define KAUTH_GID_NONE (~(gid_t)0 - 100) /* not a valid GID */
50
51 #ifndef _KAUTH_GUID
52 #define _KAUTH_GUID
53 /* Apple-style globally unique identifier */
54 typedef struct {
55 #define KAUTH_GUID_SIZE 16 /* 128-bit identifier */
56 unsigned char g_guid[KAUTH_GUID_SIZE];
57 } guid_t;
58 #define _GUID_T
59 #endif /* _KAUTH_GUID */
60
61 /* NT Security Identifier, structure as defined by Microsoft */
62 #pragma pack(1) /* push packing of 1 byte */
63 typedef struct {
64 u_int8_t sid_kind;
65 u_int8_t sid_authcount;
66 u_int8_t sid_authority[6];
67 #define KAUTH_NTSID_MAX_AUTHORITIES 16
68 u_int32_t sid_authorities[KAUTH_NTSID_MAX_AUTHORITIES];
69 } ntsid_t;
70 #pragma pack() /* pop packing to previous packing level */
71 #define _NTSID_T
72
73 /* valid byte count inside a SID structure */
74 #define KAUTH_NTSID_HDRSIZE (8)
75 #define KAUTH_NTSID_SIZE(_s) (KAUTH_NTSID_HDRSIZE + ((_s)->sid_authcount * sizeof(u_int32_t)))
76
77 /*
78 * External lookup message payload; this structure is shared between the
79 * kernel group membership resolver, and the user space group membership
80 * resolver daemon, and is use to communicate resolution requests from the
81 * kernel to user space, and the result of that request from user space to
82 * the kernel.
83 */
84 struct kauth_identity_extlookup {
85 u_int32_t el_seqno; /* request sequence number */
86 u_int32_t el_result; /* lookup result */
87 #define KAUTH_EXTLOOKUP_SUCCESS 0 /* results here are good */
88 #define KAUTH_EXTLOOKUP_BADRQ 1 /* request badly formatted */
89 #define KAUTH_EXTLOOKUP_FAILURE 2 /* transient failure during lookup */
90 #define KAUTH_EXTLOOKUP_FATAL 3 /* permanent failure during lookup */
91 #define KAUTH_EXTLOOKUP_INPROG 100 /* request in progress */
92 u_int32_t el_flags;
93 #define KAUTH_EXTLOOKUP_VALID_UID (1<<0)
94 #define KAUTH_EXTLOOKUP_VALID_UGUID (1<<1)
95 #define KAUTH_EXTLOOKUP_VALID_USID (1<<2)
96 #define KAUTH_EXTLOOKUP_VALID_GID (1<<3)
97 #define KAUTH_EXTLOOKUP_VALID_GGUID (1<<4)
98 #define KAUTH_EXTLOOKUP_VALID_GSID (1<<5)
99 #define KAUTH_EXTLOOKUP_WANT_UID (1<<6)
100 #define KAUTH_EXTLOOKUP_WANT_UGUID (1<<7)
101 #define KAUTH_EXTLOOKUP_WANT_USID (1<<8)
102 #define KAUTH_EXTLOOKUP_WANT_GID (1<<9)
103 #define KAUTH_EXTLOOKUP_WANT_GGUID (1<<10)
104 #define KAUTH_EXTLOOKUP_WANT_GSID (1<<11)
105 #define KAUTH_EXTLOOKUP_WANT_MEMBERSHIP (1<<12)
106 #define KAUTH_EXTLOOKUP_VALID_MEMBERSHIP (1<<13)
107 #define KAUTH_EXTLOOKUP_ISMEMBER (1<<14)
108 uid_t el_uid; /* user ID */
109 guid_t el_uguid; /* user GUID */
110 u_int32_t el_uguid_valid; /* TTL on translation result (seconds) */
111 ntsid_t el_usid; /* user NT SID */
112 u_int32_t el_usid_valid; /* TTL on translation result (seconds) */
113 gid_t el_gid; /* group ID */
114 guid_t el_gguid; /* group GUID */
115 u_int32_t el_gguid_valid; /* TTL on translation result (seconds) */
116 ntsid_t el_gsid; /* group SID */
117 u_int32_t el_gsid_valid; /* TTL on translation result (seconds) */
118 u_int32_t el_member_valid; /* TTL on group lookup result */
119 };
120
121 #define KAUTH_EXTLOOKUP_REGISTER (0)
122 #define KAUTH_EXTLOOKUP_RESULT (1<<0)
123 #define KAUTH_EXTLOOKUP_WORKER (1<<1)
124
125
126 #ifdef KERNEL
127 /*
128 * Credentials.
129 */
130
131 #if 0
132 /*
133 * Supplemental credential data.
134 *
135 * This interface allows us to associate arbitrary data with a credential.
136 * As with the credential, the data is considered immutable.
137 */
138 struct kauth_cred_supplement {
139 TAILQ_ENTRY(kauth_cred_supplement) kcs_link;
140
141 int kcs_ref; /* reference count */
142 int kcs_id; /* vended identifier */
143 size_t kcs_size; /* size of data field */
144 char kcs_data[0];
145 };
146
147 typedef struct kauth_cred_supplement *kauth_cred_supplement_t;
148
149 struct kauth_cred {
150 TAILQ_ENTRY(kauth_cred) kc_link;
151
152 int kc_ref; /* reference count */
153 uid_t kc_uid; /* effective user id */
154 uid_t kc_ruid; /* real user id */
155 uid_t kc_svuid; /* saved user id */
156 gid_t kc_gid; /* effective group id */
157 gid_t kc_rgid; /* real group id */
158 gid_t kc_svgid; /* saved group id */
159
160 int kc_flags;
161 #define KAUTH_CRED_GRPOVERRIDE (1<<0) /* private group list is authoritative */
162
163 int kc_npvtgroups; /* private group list, advisory or authoritative */
164 gid_t kc_pvtgroups[NGROUPS]; /* based on KAUTH_CRED_GRPOVERRIDE flag */
165
166 int kc_nsuppgroups; /* supplementary group list */
167 gid_t *kc_suppgroups;
168
169 int kc_nwhtgroups; /* whiteout group list */
170 gid_t *kc_whtgroups;
171
172 struct auditinfo cr_au; /* user auditing data */
173
174 int kc_nsupplement; /* entry count in supplemental data pointer array */
175 kauth_cred_supplement_t *kc_supplement;
176 };
177 #else
178
179 /* XXX just for now */
180 #include <sys/ucred.h>
181 // typedef struct ucred *kauth_cred_t;
182 #endif
183
184 /* Kernel SPI for now */
185 __BEGIN_DECLS
186 extern uid_t kauth_getuid(void);
187 extern uid_t kauth_getruid(void);
188 extern gid_t kauth_getgid(void);
189 extern gid_t kauth_getrgid(void);
190 extern kauth_cred_t kauth_cred_get(void);
191 extern kauth_cred_t kauth_cred_get_with_ref(void);
192 extern kauth_cred_t kauth_cred_proc_ref(proc_t procp);
193 extern kauth_cred_t kauth_cred_alloc(void);
194 extern kauth_cred_t kauth_cred_create(kauth_cred_t cred);
195 extern void kauth_cred_ref(kauth_cred_t _cred);
196 /* Use kauth_cred_unref(), not kauth_cred_rele() */
197 extern void kauth_cred_rele(kauth_cred_t _cred) __deprecated;
198 extern kauth_cred_t kauth_cred_dup(kauth_cred_t cred);
199 extern kauth_cred_t kauth_cred_copy_real(kauth_cred_t cred);
200 extern void kauth_cred_unref(kauth_cred_t *_cred);
201 extern kauth_cred_t kauth_cred_setresuid(kauth_cred_t cred, uid_t ruid, uid_t euid, uid_t svuid, uid_t gmuid);
202 extern kauth_cred_t kauth_cred_setresgid(kauth_cred_t cred, gid_t rgid, gid_t egid, gid_t svgid);
203 extern kauth_cred_t kauth_cred_setuidgid(kauth_cred_t cred, uid_t uid, gid_t gid);
204 extern kauth_cred_t kauth_cred_setsvuidgid(kauth_cred_t cred, uid_t uid, gid_t gid);
205 extern kauth_cred_t kauth_cred_setgroups(kauth_cred_t cred, gid_t *groups, int groupcount, uid_t gmuid);
206 struct uthread;
207 extern void kauth_cred_uthread_update(struct uthread *, proc_t);
208 #if CONFIG_MACF
209 struct label;
210 extern kauth_cred_t kauth_cred_label_update(kauth_cred_t cred, struct label *label);
211 extern int kauth_proc_label_update(struct proc *p, struct label *label);
212 extern int kauth_proc_label_update_execve(struct proc *p, struct vfs_context *ctx, struct vnode *vp, struct label *scriptlabel, struct label *execlabel);
213 #else
214 /* this is a temp hack to cover us when MAC is not built in a kernel configuration.
215 * Since we cannot build our export list based on the kernel configuration we need
216 * to define a stub.
217 */
218 extern kauth_cred_t kauth_cred_label_update(kauth_cred_t cred, void *label);
219 extern int kauth_proc_label_update(struct proc *p, void *label);
220 #endif
221
222 extern kauth_cred_t kauth_cred_find(kauth_cred_t cred);
223 extern int kauth_cred_getgroups(gid_t *_groups, int *_groupcount);
224 extern int kauth_cred_assume(uid_t _uid);
225 extern uid_t kauth_cred_getuid(kauth_cred_t _cred);
226 extern gid_t kauth_cred_getgid(kauth_cred_t _cred);
227 extern int kauth_cred_guid2uid(guid_t *_guid, uid_t *_uidp);
228 extern int kauth_cred_guid2gid(guid_t *_guid, gid_t *_gidp);
229 extern int kauth_cred_ntsid2uid(ntsid_t *_sid, uid_t *_uidp);
230 extern int kauth_cred_ntsid2gid(ntsid_t *_sid, gid_t *_gidp);
231 extern int kauth_cred_ntsid2guid(ntsid_t *_sid, guid_t *_guidp);
232 extern int kauth_cred_uid2guid(uid_t _uid, guid_t *_guidp);
233 extern int kauth_cred_getguid(kauth_cred_t _cred, guid_t *_guidp);
234 extern int kauth_cred_gid2guid(gid_t _gid, guid_t *_guidp);
235 extern int kauth_cred_uid2ntsid(uid_t _uid, ntsid_t *_sidp);
236 extern int kauth_cred_getntsid(kauth_cred_t _cred, ntsid_t *_sidp);
237 extern int kauth_cred_gid2ntsid(gid_t _gid, ntsid_t *_sidp);
238 extern int kauth_cred_guid2ntsid(guid_t *_guid, ntsid_t *_sidp);
239 extern int kauth_cred_ismember_gid(kauth_cred_t _cred, gid_t _gid, int *_resultp);
240 extern int kauth_cred_ismember_guid(kauth_cred_t _cred, guid_t *_guidp, int *_resultp);
241 extern int kauth_cred_gid_subset(kauth_cred_t _cred1, kauth_cred_t _cred2, int *_resultp);
242
243 struct auditinfo;
244 extern kauth_cred_t kauth_cred_setauditinfo(kauth_cred_t, struct auditinfo *);
245
246 extern int kauth_cred_supplementary_register(const char *name, int *ident);
247 extern int kauth_cred_supplementary_add(kauth_cred_t cred, int ident, const void *data, size_t datasize);
248 extern int kauth_cred_supplementary_remove(kauth_cred_t cred, int ident);
249
250 /* currently only exported in unsupported for use by seatbelt */
251 extern int kauth_cred_issuser(kauth_cred_t _cred);
252
253
254 /* GUID, NTSID helpers */
255 extern guid_t kauth_null_guid;
256 extern int kauth_guid_equal(guid_t *_guid1, guid_t *_guid2);
257 extern int kauth_ntsid_equal(ntsid_t *_sid1, ntsid_t *_sid2);
258
259 extern int kauth_wellknown_guid(guid_t *_guid);
260 #define KAUTH_WKG_NOT 0 /* not a well-known GUID */
261 #define KAUTH_WKG_OWNER 1
262 #define KAUTH_WKG_GROUP 2
263 #define KAUTH_WKG_NOBODY 3
264 #define KAUTH_WKG_EVERYBODY 4
265
266 extern int cantrace(proc_t cur_procp, kauth_cred_t creds, proc_t traced_procp, int *errp);
267
268 __END_DECLS
269
270 #endif /* KERNEL */
271
272 /*
273 * Generic Access Control Lists.
274 */
275 #if defined(KERNEL) || defined (_SYS_ACL_H)
276
277 typedef u_int32_t kauth_ace_rights_t;
278
279 /* Access Control List Entry (ACE) */
280 struct kauth_ace {
281 guid_t ace_applicable;
282 u_int32_t ace_flags;
283 #define KAUTH_ACE_KINDMASK 0xf
284 #define KAUTH_ACE_PERMIT 1
285 #define KAUTH_ACE_DENY 2
286 #define KAUTH_ACE_AUDIT 3 /* not implemented */
287 #define KAUTH_ACE_ALARM 4 /* not implemented */
288 #define KAUTH_ACE_INHERITED (1<<4)
289 #define KAUTH_ACE_FILE_INHERIT (1<<5)
290 #define KAUTH_ACE_DIRECTORY_INHERIT (1<<6)
291 #define KAUTH_ACE_LIMIT_INHERIT (1<<7)
292 #define KAUTH_ACE_ONLY_INHERIT (1<<8)
293 #define KAUTH_ACE_SUCCESS (1<<9) /* not implemented (AUDIT/ALARM) */
294 #define KAUTH_ACE_FAILURE (1<<10) /* not implemented (AUDIT/ALARM) */
295 /* All flag bits controlling ACE inheritance */
296 #define KAUTH_ACE_INHERIT_CONTROL_FLAGS \
297 (KAUTH_ACE_FILE_INHERIT | \
298 KAUTH_ACE_DIRECTORY_INHERIT | \
299 KAUTH_ACE_LIMIT_INHERIT | \
300 KAUTH_ACE_ONLY_INHERIT)
301 kauth_ace_rights_t ace_rights; /* scope specific */
302 /* These rights are never tested, but may be present in an ACL */
303 #define KAUTH_ACE_GENERIC_ALL (1<<21)
304 #define KAUTH_ACE_GENERIC_EXECUTE (1<<22)
305 #define KAUTH_ACE_GENERIC_WRITE (1<<23)
306 #define KAUTH_ACE_GENERIC_READ (1<<24)
307
308 };
309
310 #ifndef _KAUTH_ACE
311 #define _KAUTH_ACE
312 typedef struct kauth_ace *kauth_ace_t;
313 #endif
314
315
316 /* Access Control List */
317 struct kauth_acl {
318 u_int32_t acl_entrycount;
319 u_int32_t acl_flags;
320
321 struct kauth_ace acl_ace[];
322 };
323
324 /*
325 * XXX this value needs to be raised - 3893388
326 */
327 #define KAUTH_ACL_MAX_ENTRIES 128
328
329 /*
330 * The low 16 bits of the flags field are reserved for filesystem
331 * internal use and must be preserved by all APIs. This includes
332 * round-tripping flags through user-space interfaces.
333 */
334 #define KAUTH_ACL_FLAGS_PRIVATE (0xffff)
335
336 /*
337 * The high 16 bits of the flags are used to store attributes and
338 * to request specific handling of the ACL.
339 */
340
341 /* inheritance will be deferred until the first rename operation */
342 #define KAUTH_ACL_DEFER_INHERIT (1<<16)
343 /* this ACL must not be overwritten as part of an inheritance operation */
344 #define KAUTH_ACL_NO_INHERIT (1<<17)
345
346 /* acl_entrycount that tells us the ACL is not valid */
347 #define KAUTH_FILESEC_NOACL ((u_int32_t)(-1))
348
349 /*
350 * If the acl_entrycount field is KAUTH_FILESEC_NOACL, then the size is the
351 * same as a kauth_acl structure; the intent is to put an actual entrycount of
352 * KAUTH_FILESEC_NOACL on disk to distinguish a kauth_filesec_t with an empty
353 * entry (Windows treats this as "deny all") from one that merely indicates a
354 * file group and/or owner guid values.
355 */
356 #define KAUTH_ACL_SIZE(c) (sizeof(struct kauth_acl) + ((u_int32_t)(c) != KAUTH_FILESEC_NOACL ? ((c) * sizeof(struct kauth_ace)) : 0))
357 #define KAUTH_ACL_COPYSIZE(p) KAUTH_ACL_SIZE((p)->acl_entrycount)
358
359
360 #ifndef _KAUTH_ACL
361 #define _KAUTH_ACL
362 typedef struct kauth_acl *kauth_acl_t;
363 #endif
364
365 #ifdef KERNEL
366 __BEGIN_DECLS
367 kauth_acl_t kauth_acl_alloc(int size);
368 void kauth_acl_free(kauth_acl_t fsp);
369 __END_DECLS
370 #endif
371
372
373 /*
374 * Extended File Security.
375 */
376
377 /* File Security information */
378 struct kauth_filesec {
379 u_int32_t fsec_magic;
380 #define KAUTH_FILESEC_MAGIC 0x012cc16d
381 guid_t fsec_owner;
382 guid_t fsec_group;
383
384 struct kauth_acl fsec_acl;
385 };
386
387 /* backwards compatibility */
388 #define fsec_entrycount fsec_acl.acl_entrycount
389 #define fsec_flags fsec_acl.acl_flags
390 #define fsec_ace fsec_acl.acl_ace
391 #define KAUTH_FILESEC_FLAGS_PRIVATE KAUTH_ACL_FLAGS_PRIVATE
392 #define KAUTH_FILESEC_DEFER_INHERIT KAUTH_ACL_DEFER_INHERIT
393 #define KAUTH_FILESEC_NO_INHERIT KAUTH_ACL_NO_INHERIT
394 #define KAUTH_FILESEC_NONE ((kauth_filesec_t)0)
395 #define KAUTH_FILESEC_WANTED ((kauth_filesec_t)1)
396
397 #ifndef _KAUTH_FILESEC
398 #define _KAUTH_FILESEC
399 typedef struct kauth_filesec *kauth_filesec_t;
400 #endif
401
402 #define KAUTH_FILESEC_SIZE(c) (sizeof(struct kauth_filesec) + (c) * sizeof(struct kauth_ace))
403 #define KAUTH_FILESEC_COPYSIZE(p) KAUTH_FILESEC_SIZE(((p)->fsec_entrycount == KAUTH_FILESEC_NOACL) ? 0 : (p)->fsec_entrycount)
404 #define KAUTH_FILESEC_COUNT(s) ((s - sizeof(struct kauth_filesec)) / sizeof(struct kauth_ace))
405 #define KAUTH_FILESEC_VALID(s) ((s) >= sizeof(struct kauth_filesec) && (((s) - sizeof(struct kauth_filesec)) % sizeof(struct kauth_ace)) == 0)
406
407 #define KAUTH_FILESEC_XATTR "com.apple.system.Security"
408
409 /* Allowable first arguments to kauth_filesec_acl_setendian() */
410 #define KAUTH_ENDIAN_HOST 0x00000001 /* set host endianness */
411 #define KAUTH_ENDIAN_DISK 0x00000002 /* set disk endianness */
412
413 #endif /* KERNEL || <sys/acl.h> */
414
415
416 #ifdef KERNEL
417
418 /* KPI */
419 __BEGIN_DECLS
420 kauth_filesec_t kauth_filesec_alloc(int size);
421 void kauth_filesec_free(kauth_filesec_t fsp);
422 int kauth_copyinfilesec(user_addr_t xsecurity, kauth_filesec_t *xsecdestpp);
423 void kauth_filesec_acl_setendian(int, kauth_filesec_t, kauth_acl_t);
424 __END_DECLS
425
426 /*
427 * Scope management.
428 */
429 struct kauth_scope;
430 typedef struct kauth_scope *kauth_scope_t;
431 struct kauth_listener;
432 typedef struct kauth_listener *kauth_listener_t;
433 #ifndef _KAUTH_ACTION_T
434 typedef int kauth_action_t;
435 # define _KAUTH_ACTION_T
436 #endif
437
438 typedef int (* kauth_scope_callback_t)(kauth_cred_t _credential,
439 void *_idata,
440 kauth_action_t _action,
441 uintptr_t _arg0,
442 uintptr_t _arg1,
443 uintptr_t _arg2,
444 uintptr_t _arg3);
445
446 #define KAUTH_RESULT_ALLOW (1)
447 #define KAUTH_RESULT_DENY (2)
448 #define KAUTH_RESULT_DEFER (3)
449
450 struct kauth_acl_eval {
451 kauth_ace_t ae_acl;
452 int ae_count;
453 kauth_ace_rights_t ae_requested;
454 kauth_ace_rights_t ae_residual;
455 int ae_result;
456 boolean_t ae_found_deny;
457 int ae_options;
458 #define KAUTH_AEVAL_IS_OWNER (1<<0) /* authorizing operation for owner */
459 #define KAUTH_AEVAL_IN_GROUP (1<<1) /* authorizing operation for groupmember */
460 /* expansions for 'generic' rights bits */
461 kauth_ace_rights_t ae_exp_gall;
462 kauth_ace_rights_t ae_exp_gread;
463 kauth_ace_rights_t ae_exp_gwrite;
464 kauth_ace_rights_t ae_exp_gexec;
465 };
466
467 typedef struct kauth_acl_eval *kauth_acl_eval_t;
468
469 __BEGIN_DECLS
470 extern kauth_scope_t kauth_register_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata);
471 extern void kauth_deregister_scope(kauth_scope_t _scope);
472 extern kauth_listener_t kauth_listen_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata);
473 extern void kauth_unlisten_scope(kauth_listener_t _scope);
474 extern int kauth_authorize_action(kauth_scope_t _scope, kauth_cred_t _credential, kauth_action_t _action,
475 uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3);
476 extern int kauth_acl_evaluate(kauth_cred_t _credential, kauth_acl_eval_t _eval);
477 extern int kauth_acl_inherit(vnode_t _dvp, kauth_acl_t _initial, kauth_acl_t *_product, int _isdir, vfs_context_t _ctx);
478
479 /* default scope handlers */
480 extern int kauth_authorize_allow(kauth_cred_t _credential, void *_idata, kauth_action_t _action,
481 uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3);
482 __END_DECLS
483
484 /*
485 * Generic scope.
486 */
487 #define KAUTH_SCOPE_GENERIC "com.apple.kauth.generic"
488
489 /* Actions */
490 #define KAUTH_GENERIC_ISSUSER 1
491
492 __BEGIN_DECLS
493 extern int kauth_authorize_generic(kauth_cred_t credential, kauth_action_t action);
494 __END_DECLS
495
496 /*
497 * Process/task scope.
498 */
499 #define KAUTH_SCOPE_PROCESS "com.apple.kauth.process"
500
501 /* Actions */
502 #define KAUTH_PROCESS_CANSIGNAL 1
503 #define KAUTH_PROCESS_CANTRACE 2
504
505 __BEGIN_DECLS
506 extern int kauth_authorize_process(kauth_cred_t _credential, kauth_action_t _action,
507 struct proc *_process, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3);
508 __END_DECLS
509
510 /*
511 * Vnode operation scope.
512 *
513 * Prototype for vnode_authorize is in vnode.h
514 */
515 #define KAUTH_SCOPE_VNODE "com.apple.kauth.vnode"
516
517 /*
518 * File system operation scope.
519 *
520 */
521 #define KAUTH_SCOPE_FILEOP "com.apple.kauth.fileop"
522
523 /* Actions */
524 #define KAUTH_FILEOP_OPEN 1
525 #define KAUTH_FILEOP_CLOSE 2
526 #define KAUTH_FILEOP_RENAME 3
527 #define KAUTH_FILEOP_EXCHANGE 4
528 #define KAUTH_FILEOP_LINK 5
529 #define KAUTH_FILEOP_EXEC 6
530 #define KAUTH_FILEOP_DELETE 7
531
532 /*
533 * arguments passed to KAUTH_FILEOP_OPEN listeners
534 * arg0 is pointer to vnode (vnode *) for given user path.
535 * arg1 is pointer to path (char *) passed in to open.
536 * arguments passed to KAUTH_FILEOP_CLOSE listeners
537 * arg0 is pointer to vnode (vnode *) for file to be closed.
538 * arg1 is pointer to path (char *) of file to be closed.
539 * arg2 is close flags.
540 * arguments passed to KAUTH_FILEOP_RENAME listeners
541 * arg0 is pointer to "from" path (char *).
542 * arg1 is pointer to "to" path (char *).
543 * arguments passed to KAUTH_FILEOP_EXCHANGE listeners
544 * arg0 is pointer to file 1 path (char *).
545 * arg1 is pointer to file 2 path (char *).
546 * arguments passed to KAUTH_FILEOP_LINK listeners
547 * arg0 is pointer to path to file we are linking to (char *).
548 * arg1 is pointer to path to the new link file (char *).
549 * arguments passed to KAUTH_FILEOP_EXEC listeners
550 * arg0 is pointer to vnode (vnode *) for executable.
551 * arg1 is pointer to path (char *) to executable.
552 * arguments passed to KAUTH_FILEOP_DELETE listeners
553 * arg0 is pointer to vnode (vnode *) of file/dir that was deleted.
554 * arg1 is pointer to path (char *) of file/dir that was deleted.
555 */
556
557 /* Flag values returned to close listeners. */
558 #define KAUTH_FILEOP_CLOSE_MODIFIED (1<<1)
559
560 __BEGIN_DECLS
561 extern int kauth_authorize_fileop_has_listeners(void);
562 extern int kauth_authorize_fileop(kauth_cred_t _credential, kauth_action_t _action,
563 uintptr_t _arg0, uintptr_t _arg1);
564 __END_DECLS
565
566 #endif /* KERNEL */
567
568 /* Actions, also rights bits in an ACE */
569
570 #if defined(KERNEL) || defined (_SYS_ACL_H)
571 #define KAUTH_VNODE_READ_DATA (1<<1)
572 #define KAUTH_VNODE_LIST_DIRECTORY KAUTH_VNODE_READ_DATA
573 #define KAUTH_VNODE_WRITE_DATA (1<<2)
574 #define KAUTH_VNODE_ADD_FILE KAUTH_VNODE_WRITE_DATA
575 #define KAUTH_VNODE_EXECUTE (1<<3)
576 #define KAUTH_VNODE_SEARCH KAUTH_VNODE_EXECUTE
577 #define KAUTH_VNODE_DELETE (1<<4)
578 #define KAUTH_VNODE_APPEND_DATA (1<<5)
579 #define KAUTH_VNODE_ADD_SUBDIRECTORY KAUTH_VNODE_APPEND_DATA
580 #define KAUTH_VNODE_DELETE_CHILD (1<<6)
581 #define KAUTH_VNODE_READ_ATTRIBUTES (1<<7)
582 #define KAUTH_VNODE_WRITE_ATTRIBUTES (1<<8)
583 #define KAUTH_VNODE_READ_EXTATTRIBUTES (1<<9)
584 #define KAUTH_VNODE_WRITE_EXTATTRIBUTES (1<<10)
585 #define KAUTH_VNODE_READ_SECURITY (1<<11)
586 #define KAUTH_VNODE_WRITE_SECURITY (1<<12)
587 #define KAUTH_VNODE_TAKE_OWNERSHIP (1<<13)
588
589 /* backwards compatibility only */
590 #define KAUTH_VNODE_CHANGE_OWNER KAUTH_VNODE_TAKE_OWNERSHIP
591
592 /* For Windows interoperability only */
593 #define KAUTH_VNODE_SYNCHRONIZE (1<<20)
594
595 /* (1<<21) - (1<<24) are reserved for generic rights bits */
596
597 /* Actions not expressed as rights bits */
598 /*
599 * Authorizes the vnode as the target of a hard link.
600 */
601 #define KAUTH_VNODE_LINKTARGET (1<<25)
602
603 /*
604 * Indicates that other steps have been taken to authorise the action,
605 * but authorisation should be denied for immutable objects.
606 */
607 #define KAUTH_VNODE_CHECKIMMUTABLE (1<<26)
608
609 /* Action modifiers */
610 /*
611 * The KAUTH_VNODE_ACCESS bit is passed to the callback if the authorisation
612 * request in progress is advisory, rather than authoritative. Listeners
613 * performing consequential work (i.e. not strictly checking authorisation)
614 * may test this flag to avoid performing unnecessary work.
615 *
616 * This bit will never be present in an ACE.
617 */
618 #define KAUTH_VNODE_ACCESS (1<<31)
619
620 /*
621 * The KAUTH_VNODE_NOIMMUTABLE bit is passed to the callback along with the
622 * KAUTH_VNODE_WRITE_SECURITY bit (and no others) to indicate that the
623 * caller wishes to change one or more of the immutable flags, and the
624 * state of these flags should not be considered when authorizing the request.
625 * The system immutable flags are only ignored when the system securelevel
626 * is low enough to allow their removal.
627 */
628 #define KAUTH_VNODE_NOIMMUTABLE (1<<30)
629
630
631 /*
632 * fake right that is composed by the following...
633 * vnode must have search for owner, group and world allowed
634 * plus there must be no deny modes present for SEARCH... this fake
635 * right is used by the fast lookup path to avoid checking
636 * for an exact match on the last credential to lookup
637 * the component being acted on
638 */
639 #define KAUTH_VNODE_SEARCHBYANYONE (1<<29)
640
641
642 /*
643 * when passed as an 'action' to "vnode_uncache_authorized_actions"
644 * it indicates that all of the cached authorizations for that
645 * vnode should be invalidated
646 */
647 #define KAUTH_INVALIDATE_CACHED_RIGHTS ((kauth_action_t)~0)
648
649
650
651 /* The expansions of the GENERIC bits at evaluation time */
652 #define KAUTH_VNODE_GENERIC_READ_BITS (KAUTH_VNODE_READ_DATA | \
653 KAUTH_VNODE_READ_ATTRIBUTES | \
654 KAUTH_VNODE_READ_EXTATTRIBUTES | \
655 KAUTH_VNODE_READ_SECURITY)
656
657 #define KAUTH_VNODE_GENERIC_WRITE_BITS (KAUTH_VNODE_WRITE_DATA | \
658 KAUTH_VNODE_APPEND_DATA | \
659 KAUTH_VNODE_DELETE | \
660 KAUTH_VNODE_DELETE_CHILD | \
661 KAUTH_VNODE_WRITE_ATTRIBUTES | \
662 KAUTH_VNODE_WRITE_EXTATTRIBUTES | \
663 KAUTH_VNODE_WRITE_SECURITY)
664
665 #define KAUTH_VNODE_GENERIC_EXECUTE_BITS (KAUTH_VNODE_EXECUTE)
666
667 #define KAUTH_VNODE_GENERIC_ALL_BITS (KAUTH_VNODE_GENERIC_READ_BITS | \
668 KAUTH_VNODE_GENERIC_WRITE_BITS | \
669 KAUTH_VNODE_GENERIC_EXECUTE_BITS)
670
671 /*
672 * Some sets of bits, defined here for convenience.
673 */
674 #define KAUTH_VNODE_WRITE_RIGHTS (KAUTH_VNODE_ADD_FILE | \
675 KAUTH_VNODE_ADD_SUBDIRECTORY | \
676 KAUTH_VNODE_DELETE_CHILD | \
677 KAUTH_VNODE_WRITE_DATA | \
678 KAUTH_VNODE_APPEND_DATA | \
679 KAUTH_VNODE_DELETE | \
680 KAUTH_VNODE_WRITE_ATTRIBUTES | \
681 KAUTH_VNODE_WRITE_EXTATTRIBUTES | \
682 KAUTH_VNODE_WRITE_SECURITY | \
683 KAUTH_VNODE_TAKE_OWNERSHIP | \
684 KAUTH_VNODE_LINKTARGET | \
685 KAUTH_VNODE_CHECKIMMUTABLE)
686
687
688 #endif /* KERNEL || <sys/acl.h> */
689
690 #ifdef KERNEL
691 #include <sys/lock.h> /* lck_grp_t */
692
693 /*
694 * Debugging
695 *
696 * XXX this wouldn't be necessary if we had a *real* debug-logging system.
697 */
698 #if 0
699 # ifndef _FN_KPRINTF
700 # define _FN_KPRINTF
701 void kprintf(const char *fmt, ...);
702 # endif /* !_FN_KPRINTF */
703 # define KAUTH_DEBUG_ENABLE
704 # define K_UUID_FMT "%08x:%08x:%08x:%08x"
705 # define K_UUID_ARG(_u) *(int *)&_u.g_guid[0],*(int *)&_u.g_guid[4],*(int *)&_u.g_guid[8],*(int *)&_u.g_guid[12]
706 # define KAUTH_DEBUG(fmt, args...) do { kprintf("%s:%d: " fmt "\n", __PRETTY_FUNCTION__, __LINE__ , ##args); } while (0)
707 # define KAUTH_DEBUG_CTX(_c) KAUTH_DEBUG("p = %p c = %p", _c->vc_proc, _c->vc_ucred)
708 # define VFS_DEBUG(_ctx, _vp, fmt, args...) \
709 do { \
710 kprintf("%p '%s' %s:%d " fmt "\n", \
711 _ctx, \
712 (_vp != NULL && _vp->v_name != NULL) ? _vp->v_name : "????", \
713 __PRETTY_FUNCTION__, __LINE__ , \
714 ##args); \
715 } while(0)
716 #else /* !0 */
717 # define KAUTH_DEBUG(fmt, args...) do { } while (0)
718 # define VFS_DEBUG(ctx, vp, fmt, args...) do { } while(0)
719 #endif /* !0 */
720
721 /*
722 * Initialisation.
723 */
724 extern lck_grp_t *kauth_lck_grp;
725 __BEGIN_DECLS
726 extern void kauth_init(void) __attribute__((section("__TEXT, initcode")));
727 extern void kauth_identity_init(void) __attribute__((section("__TEXT, initcode")));
728 extern void kauth_groups_init(void) __attribute__((section("__TEXT, initcode")));
729 extern void kauth_cred_init(void) __attribute__((section("__TEXT, initcode")));
730 extern void kauth_resolver_init(void) __attribute__((section("__TEXT, initcode")));
731 __END_DECLS
732 #endif /* KERNEL */
733
734 #endif /* __APPLE_API_EVOLVING */
735 #endif /* _SYS_KAUTH_H */
mirror of XNU