]> git.saurik.com Git - apple/xnu.git/blob - bsd/sys/kauth.h
projects / apple / xnu.git / blob
? search:


8a533524ef50abc9589ca02b2ae08482d4ec415f
[apple/xnu.git] / bsd / sys / kauth.h
1 /*
2 * Copyright (c) 2004-2010 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*
29 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
30 * support for mandatory and extensible security protections. This notice
31 * is included in support of clause 2.2 (b) of the Apple Public License,
32 * Version 2.0.
33 */
34
35 #ifndef _SYS_KAUTH_H
36 #define _SYS_KAUTH_H
37
38 #include <sys/appleapiopts.h>
39 #include <sys/cdefs.h>
40 #include <mach/boolean.h>
41 #include <sys/_types.h> /* __offsetof() */
42 #include <sys/syslimits.h> /* NGROUPS_MAX */
43
44 #ifdef __APPLE_API_EVOLVING
45
46 /*
47 * Identities.
48 */
49
50 #define KAUTH_UID_NONE (~(uid_t)0 - 100) /* not a valid UID */
51 #define KAUTH_GID_NONE (~(gid_t)0 - 100) /* not a valid GID */
52
53 #include <sys/_types/_guid_t.h>
54
55 /* NT Security Identifier, structure as defined by Microsoft */
56 #pragma pack(1) /* push packing of 1 byte */
57 typedef struct {
58 u_int8_t sid_kind;
59 u_int8_t sid_authcount;
60 u_int8_t sid_authority[6];
61 #define KAUTH_NTSID_MAX_AUTHORITIES 16
62 u_int32_t sid_authorities[KAUTH_NTSID_MAX_AUTHORITIES];
63 } ntsid_t;
64 #pragma pack() /* pop packing to previous packing level */
65 #define _NTSID_T
66
67 /* valid byte count inside a SID structure */
68 #define KAUTH_NTSID_HDRSIZE (8)
69 #define KAUTH_NTSID_SIZE(_s) (KAUTH_NTSID_HDRSIZE + ((_s)->sid_authcount * sizeof(u_int32_t)))
70
71 /*
72 * External lookup message payload; this structure is shared between the
73 * kernel group membership resolver, and the user space group membership
74 * resolver daemon, and is use to communicate resolution requests from the
75 * kernel to user space, and the result of that request from user space to
76 * the kernel.
77 */
78 struct kauth_identity_extlookup {
79 u_int32_t el_seqno; /* request sequence number */
80 u_int32_t el_result; /* lookup result */
81 #define KAUTH_EXTLOOKUP_SUCCESS 0 /* results here are good */
82 #define KAUTH_EXTLOOKUP_BADRQ 1 /* request badly formatted */
83 #define KAUTH_EXTLOOKUP_FAILURE 2 /* transient failure during lookup */
84 #define KAUTH_EXTLOOKUP_FATAL 3 /* permanent failure during lookup */
85 #define KAUTH_EXTLOOKUP_INPROG 100 /* request in progress */
86 u_int32_t el_flags;
87 #define KAUTH_EXTLOOKUP_VALID_UID (1<<0)
88 #define KAUTH_EXTLOOKUP_VALID_UGUID (1<<1)
89 #define KAUTH_EXTLOOKUP_VALID_USID (1<<2)
90 #define KAUTH_EXTLOOKUP_VALID_GID (1<<3)
91 #define KAUTH_EXTLOOKUP_VALID_GGUID (1<<4)
92 #define KAUTH_EXTLOOKUP_VALID_GSID (1<<5)
93 #define KAUTH_EXTLOOKUP_WANT_UID (1<<6)
94 #define KAUTH_EXTLOOKUP_WANT_UGUID (1<<7)
95 #define KAUTH_EXTLOOKUP_WANT_USID (1<<8)
96 #define KAUTH_EXTLOOKUP_WANT_GID (1<<9)
97 #define KAUTH_EXTLOOKUP_WANT_GGUID (1<<10)
98 #define KAUTH_EXTLOOKUP_WANT_GSID (1<<11)
99 #define KAUTH_EXTLOOKUP_WANT_MEMBERSHIP (1<<12)
100 #define KAUTH_EXTLOOKUP_VALID_MEMBERSHIP (1<<13)
101 #define KAUTH_EXTLOOKUP_ISMEMBER (1<<14)
102 #define KAUTH_EXTLOOKUP_VALID_PWNAM (1<<15)
103 #define KAUTH_EXTLOOKUP_WANT_PWNAM (1<<16)
104 #define KAUTH_EXTLOOKUP_VALID_GRNAM (1<<17)
105 #define KAUTH_EXTLOOKUP_WANT_GRNAM (1<<18)
106 #define KAUTH_EXTLOOKUP_VALID_SUPGRPS (1<<19)
107 #define KAUTH_EXTLOOKUP_WANT_SUPGRPS (1<<20)
108
109 __darwin_pid_t el_info_pid; /* request on behalf of PID */
110 u_int64_t el_extend; /* extension field */
111 u_int32_t el_info_reserved_1; /* reserved (APPLE) */
112
113 uid_t el_uid; /* user ID */
114 guid_t el_uguid; /* user GUID */
115 u_int32_t el_uguid_valid; /* TTL on translation result (seconds) */
116 ntsid_t el_usid; /* user NT SID */
117 u_int32_t el_usid_valid; /* TTL on translation result (seconds) */
118 gid_t el_gid; /* group ID */
119 guid_t el_gguid; /* group GUID */
120 u_int32_t el_gguid_valid; /* TTL on translation result (seconds) */
121 ntsid_t el_gsid; /* group SID */
122 u_int32_t el_gsid_valid; /* TTL on translation result (seconds) */
123 u_int32_t el_member_valid; /* TTL on group lookup result */
124 u_int32_t el_sup_grp_cnt; /* count of supplemental groups up to NGROUPS */
125 gid_t el_sup_groups[NGROUPS_MAX]; /* supplemental group list */
126 };
127
128 struct kauth_cache_sizes {
129 u_int32_t kcs_group_size;
130 u_int32_t kcs_id_size;
131 };
132
133 #define KAUTH_EXTLOOKUP_REGISTER (0)
134 #define KAUTH_EXTLOOKUP_RESULT (1<<0)
135 #define KAUTH_EXTLOOKUP_WORKER (1<<1)
136 #define KAUTH_EXTLOOKUP_DEREGISTER (1<<2)
137 #define KAUTH_GET_CACHE_SIZES (1<<3)
138 #define KAUTH_SET_CACHE_SIZES (1<<4)
139 #define KAUTH_CLEAR_CACHES (1<<5)
140
141
142 #ifdef KERNEL
143 /*
144 * Credentials.
145 */
146
147 #if 0
148 /*
149 * Supplemental credential data.
150 *
151 * This interface allows us to associate arbitrary data with a credential.
152 * As with the credential, the data is considered immutable.
153 */
154 struct kauth_cred_supplement {
155 TAILQ_ENTRY(kauth_cred_supplement) kcs_link;
156
157 int kcs_ref; /* reference count */
158 int kcs_id; /* vended identifier */
159 size_t kcs_size; /* size of data field */
160 char kcs_data[0];
161 };
162
163 typedef struct kauth_cred_supplement *kauth_cred_supplement_t;
164
165 struct kauth_cred {
166 TAILQ_ENTRY(kauth_cred) kc_link;
167
168 int kc_ref; /* reference count */
169 uid_t kc_uid; /* effective user id */
170 uid_t kc_ruid; /* real user id */
171 uid_t kc_svuid; /* saved user id */
172 gid_t kc_gid; /* effective group id */
173 gid_t kc_rgid; /* real group id */
174 gid_t kc_svgid; /* saved group id */
175
176 int kc_flags;
177 #define KAUTH_CRED_GRPOVERRIDE (1<<0) /* private group list is authoritative */
178
179 int kc_npvtgroups; /* private group list, advisory or authoritative */
180 gid_t kc_pvtgroups[NGROUPS]; /* based on KAUTH_CRED_GRPOVERRIDE flag */
181
182 int kc_nsuppgroups; /* supplementary group list */
183 gid_t *kc_suppgroups;
184
185 int kc_nwhtgroups; /* whiteout group list */
186 gid_t *kc_whtgroups;
187
188 struct au_session cr_audit; /* user auditing data */
189
190 int kc_nsupplement; /* entry count in supplemental data pointer array */
191 kauth_cred_supplement_t *kc_supplement;
192 };
193 #else
194
195 /* XXX just for now */
196 #include <sys/ucred.h>
197 // typedef struct ucred *kauth_cred_t;
198 #endif
199
200 /* Kernel SPI for now */
201 __BEGIN_DECLS
202 /*
203 * Routines specific to credentials with POSIX credential labels attached
204 *
205 * XXX Should be in policy_posix.h, with struct posix_cred
206 */
207 extern kauth_cred_t posix_cred_create(posix_cred_t pcred);
208 extern posix_cred_t posix_cred_get(kauth_cred_t cred);
209 extern void posix_cred_label(kauth_cred_t cred, posix_cred_t pcred);
210 extern int posix_cred_access(kauth_cred_t cred, id_t object_uid, id_t object_gid, mode_t object_mode, mode_t mode_req);
211
212 extern uid_t kauth_getuid(void);
213 extern uid_t kauth_getruid(void);
214 extern gid_t kauth_getgid(void);
215 extern kauth_cred_t kauth_cred_get(void);
216 extern kauth_cred_t kauth_cred_get_with_ref(void);
217 extern kauth_cred_t kauth_cred_proc_ref(proc_t procp);
218 extern kauth_cred_t kauth_cred_create(kauth_cred_t cred);
219 extern void kauth_cred_ref(kauth_cred_t _cred);
220 #ifndef __LP64__
221 /* Use kauth_cred_unref(), not kauth_cred_rele() */
222 extern void kauth_cred_rele(kauth_cred_t _cred) __deprecated;
223 #endif
224 extern void kauth_cred_unref(kauth_cred_t *_cred);
225
226 #if CONFIG_MACF
227 struct label;
228 extern kauth_cred_t kauth_cred_label_update(kauth_cred_t cred, struct label *label);
229 extern int kauth_proc_label_update(struct proc *p, struct label *label);
230 #else
231 /* this is a temp hack to cover us when MAC is not built in a kernel configuration.
232 * Since we cannot build our export list based on the kernel configuration we need
233 * to define a stub.
234 */
235 extern kauth_cred_t kauth_cred_label_update(kauth_cred_t cred, void *label);
236 extern int kauth_proc_label_update(struct proc *p, void *label);
237 #endif
238
239 extern kauth_cred_t kauth_cred_find(kauth_cred_t cred);
240 extern uid_t kauth_cred_getuid(kauth_cred_t _cred);
241 extern uid_t kauth_cred_getruid(kauth_cred_t _cred);
242 extern uid_t kauth_cred_getsvuid(kauth_cred_t _cred);
243 extern gid_t kauth_cred_getgid(kauth_cred_t _cred);
244 extern gid_t kauth_cred_getrgid(kauth_cred_t _cred);
245 extern gid_t kauth_cred_getsvgid(kauth_cred_t _cred);
246 extern int kauth_cred_pwnam2guid(char *pwnam, guid_t *guidp);
247 extern int kauth_cred_grnam2guid(char *grnam, guid_t *guidp);
248 extern int kauth_cred_guid2pwnam(guid_t *guidp, char *pwnam);
249 extern int kauth_cred_guid2grnam(guid_t *guidp, char *grnam);
250 extern int kauth_cred_guid2uid(guid_t *_guid, uid_t *_uidp);
251 extern int kauth_cred_guid2gid(guid_t *_guid, gid_t *_gidp);
252 extern int kauth_cred_ntsid2uid(ntsid_t *_sid, uid_t *_uidp);
253 extern int kauth_cred_ntsid2gid(ntsid_t *_sid, gid_t *_gidp);
254 extern int kauth_cred_ntsid2guid(ntsid_t *_sid, guid_t *_guidp);
255 extern int kauth_cred_uid2guid(uid_t _uid, guid_t *_guidp);
256 extern int kauth_cred_getguid(kauth_cred_t _cred, guid_t *_guidp);
257 extern int kauth_cred_gid2guid(gid_t _gid, guid_t *_guidp);
258 extern int kauth_cred_uid2ntsid(uid_t _uid, ntsid_t *_sidp);
259 extern int kauth_cred_getntsid(kauth_cred_t _cred, ntsid_t *_sidp);
260 extern int kauth_cred_gid2ntsid(gid_t _gid, ntsid_t *_sidp);
261 extern int kauth_cred_guid2ntsid(guid_t *_guid, ntsid_t *_sidp);
262 extern int kauth_cred_ismember_gid(kauth_cred_t _cred, gid_t _gid, int *_resultp);
263 extern int kauth_cred_ismember_guid(kauth_cred_t _cred, guid_t *_guidp, int *_resultp);
264
265 extern int groupmember(gid_t gid, kauth_cred_t cred);
266
267 /* currently only exported in unsupported for use by seatbelt */
268 extern int kauth_cred_issuser(kauth_cred_t _cred);
269
270
271 /* GUID, NTSID helpers */
272 extern guid_t kauth_null_guid;
273 extern int kauth_guid_equal(guid_t *_guid1, guid_t *_guid2);
274 #ifdef XNU_KERNEL_PRIVATE
275 extern int kauth_ntsid_equal(ntsid_t *_sid1, ntsid_t *_sid2);
276 #endif /* XNU_KERNEL_PRIVATE */
277
278 #ifdef XNU_KERNEL_PRIVATE
279 extern int kauth_wellknown_guid(guid_t *_guid);
280 #define KAUTH_WKG_NOT 0 /* not a well-known GUID */
281 #define KAUTH_WKG_OWNER 1
282 #define KAUTH_WKG_GROUP 2
283 #define KAUTH_WKG_NOBODY 3
284 #define KAUTH_WKG_EVERYBODY 4
285
286 extern kauth_cred_t kauth_cred_dup(kauth_cred_t cred);
287 extern gid_t kauth_getrgid(void);
288 extern kauth_cred_t kauth_cred_alloc(void);
289 extern int cantrace(proc_t cur_procp, kauth_cred_t creds, proc_t traced_procp, int *errp);
290 extern kauth_cred_t kauth_cred_copy_real(kauth_cred_t cred);
291 extern kauth_cred_t kauth_cred_setresuid(kauth_cred_t cred, uid_t ruid, uid_t euid, uid_t svuid, uid_t gmuid);
292 extern kauth_cred_t kauth_cred_setresgid(kauth_cred_t cred, gid_t rgid, gid_t egid, gid_t svgid);
293 extern kauth_cred_t kauth_cred_setuidgid(kauth_cred_t cred, uid_t uid, gid_t gid);
294 extern kauth_cred_t kauth_cred_setsvuidgid(kauth_cred_t cred, uid_t uid, gid_t gid);
295 extern kauth_cred_t kauth_cred_setgroups(kauth_cred_t cred, gid_t *groups, int groupcount, uid_t gmuid);
296 struct uthread;
297 extern void kauth_cred_uthread_update(struct uthread *, proc_t);
298 #ifdef CONFIG_MACF
299 extern void kauth_proc_label_update_execve(struct proc *p, struct vfs_context *ctx, struct vnode *vp, off_t offset, struct vnode *scriptvp, struct label *scriptlabel, struct label *execlabel, unsigned int *csflags, void *psattr, int *disjoint, int *update_return);
300 #endif
301 extern int kauth_cred_getgroups(kauth_cred_t _cred, gid_t *_groups, int *_groupcount);
302 extern int kauth_cred_assume(uid_t _uid);
303 extern int kauth_cred_gid_subset(kauth_cred_t _cred1, kauth_cred_t _cred2, int *_resultp);
304 struct auditinfo_addr;
305 extern kauth_cred_t kauth_cred_setauditinfo(kauth_cred_t, au_session_t *);
306 extern int kauth_cred_supplementary_register(const char *name, int *ident);
307 extern int kauth_cred_supplementary_add(kauth_cred_t cred, int ident, const void *data, size_t datasize);
308 extern int kauth_cred_supplementary_remove(kauth_cred_t cred, int ident);
309
310 #endif /* XNU_KERNEL_PRIVATE */
311 __END_DECLS
312
313 #endif /* KERNEL */
314
315 /*
316 * Generic Access Control Lists.
317 */
318 #if defined(KERNEL) || defined (_SYS_ACL_H)
319
320 typedef u_int32_t kauth_ace_rights_t;
321
322 /* Access Control List Entry (ACE) */
323 struct kauth_ace {
324 guid_t ace_applicable;
325 u_int32_t ace_flags;
326 #define KAUTH_ACE_KINDMASK 0xf
327 #define KAUTH_ACE_PERMIT 1
328 #define KAUTH_ACE_DENY 2
329 #define KAUTH_ACE_AUDIT 3 /* not implemented */
330 #define KAUTH_ACE_ALARM 4 /* not implemented */
331 #define KAUTH_ACE_INHERITED (1<<4)
332 #define KAUTH_ACE_FILE_INHERIT (1<<5)
333 #define KAUTH_ACE_DIRECTORY_INHERIT (1<<6)
334 #define KAUTH_ACE_LIMIT_INHERIT (1<<7)
335 #define KAUTH_ACE_ONLY_INHERIT (1<<8)
336 #define KAUTH_ACE_SUCCESS (1<<9) /* not implemented (AUDIT/ALARM) */
337 #define KAUTH_ACE_FAILURE (1<<10) /* not implemented (AUDIT/ALARM) */
338 /* All flag bits controlling ACE inheritance */
339 #define KAUTH_ACE_INHERIT_CONTROL_FLAGS \
340 (KAUTH_ACE_FILE_INHERIT | \
341 KAUTH_ACE_DIRECTORY_INHERIT | \
342 KAUTH_ACE_LIMIT_INHERIT | \
343 KAUTH_ACE_ONLY_INHERIT)
344 kauth_ace_rights_t ace_rights; /* scope specific */
345 /* These rights are never tested, but may be present in an ACL */
346 #define KAUTH_ACE_GENERIC_ALL (1<<21)
347 #define KAUTH_ACE_GENERIC_EXECUTE (1<<22)
348 #define KAUTH_ACE_GENERIC_WRITE (1<<23)
349 #define KAUTH_ACE_GENERIC_READ (1<<24)
350
351 };
352
353 #ifndef _KAUTH_ACE
354 #define _KAUTH_ACE
355 typedef struct kauth_ace *kauth_ace_t;
356 #endif
357
358
359 /* Access Control List */
360 struct kauth_acl {
361 u_int32_t acl_entrycount;
362 u_int32_t acl_flags;
363
364 struct kauth_ace acl_ace[1];
365 };
366
367 /*
368 * XXX this value needs to be raised - 3893388
369 */
370 #define KAUTH_ACL_MAX_ENTRIES 128
371
372 /*
373 * The low 16 bits of the flags field are reserved for filesystem
374 * internal use and must be preserved by all APIs. This includes
375 * round-tripping flags through user-space interfaces.
376 */
377 #define KAUTH_ACL_FLAGS_PRIVATE (0xffff)
378
379 /*
380 * The high 16 bits of the flags are used to store attributes and
381 * to request specific handling of the ACL.
382 */
383
384 /* inheritance will be deferred until the first rename operation */
385 #define KAUTH_ACL_DEFER_INHERIT (1<<16)
386 /* this ACL must not be overwritten as part of an inheritance operation */
387 #define KAUTH_ACL_NO_INHERIT (1<<17)
388
389 /* acl_entrycount that tells us the ACL is not valid */
390 #define KAUTH_FILESEC_NOACL ((u_int32_t)(-1))
391
392 /*
393 * If the acl_entrycount field is KAUTH_FILESEC_NOACL, then the size is the
394 * same as a kauth_acl structure; the intent is to put an actual entrycount of
395 * KAUTH_FILESEC_NOACL on disk to distinguish a kauth_filesec_t with an empty
396 * entry (Windows treats this as "deny all") from one that merely indicates a
397 * file group and/or owner guid values.
398 */
399 #define KAUTH_ACL_SIZE(c) (__offsetof(struct kauth_acl, acl_ace) + ((u_int32_t)(c) != KAUTH_FILESEC_NOACL ? ((c) * sizeof(struct kauth_ace)) : 0))
400 #define KAUTH_ACL_COPYSIZE(p) KAUTH_ACL_SIZE((p)->acl_entrycount)
401
402
403 #ifndef _KAUTH_ACL
404 #define _KAUTH_ACL
405 typedef struct kauth_acl *kauth_acl_t;
406 #endif
407
408 #ifdef KERNEL
409 __BEGIN_DECLS
410 kauth_acl_t kauth_acl_alloc(int size);
411 void kauth_acl_free(kauth_acl_t fsp);
412 __END_DECLS
413 #endif
414
415
416 /*
417 * Extended File Security.
418 */
419
420 /* File Security information */
421 struct kauth_filesec {
422 u_int32_t fsec_magic;
423 #define KAUTH_FILESEC_MAGIC 0x012cc16d
424 guid_t fsec_owner;
425 guid_t fsec_group;
426
427 struct kauth_acl fsec_acl;
428 };
429
430 /* backwards compatibility */
431 #define fsec_entrycount fsec_acl.acl_entrycount
432 #define fsec_flags fsec_acl.acl_flags
433 #define fsec_ace fsec_acl.acl_ace
434 #define KAUTH_FILESEC_FLAGS_PRIVATE KAUTH_ACL_FLAGS_PRIVATE
435 #define KAUTH_FILESEC_DEFER_INHERIT KAUTH_ACL_DEFER_INHERIT
436 #define KAUTH_FILESEC_NO_INHERIT KAUTH_ACL_NO_INHERIT
437 #define KAUTH_FILESEC_NONE ((kauth_filesec_t)0)
438 #define KAUTH_FILESEC_WANTED ((kauth_filesec_t)1)
439
440 #ifndef _KAUTH_FILESEC
441 #define _KAUTH_FILESEC
442 typedef struct kauth_filesec *kauth_filesec_t;
443 #endif
444
445 #define KAUTH_FILESEC_SIZE(c) (__offsetof(struct kauth_filesec, fsec_acl) + __offsetof(struct kauth_acl, acl_ace) + (c) * sizeof(struct kauth_ace))
446 #define KAUTH_FILESEC_COPYSIZE(p) KAUTH_FILESEC_SIZE(((p)->fsec_entrycount == KAUTH_FILESEC_NOACL) ? 0 : (p)->fsec_entrycount)
447 #define KAUTH_FILESEC_COUNT(s) (((s) - KAUTH_FILESEC_SIZE(0)) / sizeof(struct kauth_ace))
448 #define KAUTH_FILESEC_VALID(s) ((s) >= KAUTH_FILESEC_SIZE(0) && (((s) - KAUTH_FILESEC_SIZE(0)) % sizeof(struct kauth_ace)) == 0)
449
450 #define KAUTH_FILESEC_XATTR "com.apple.system.Security"
451
452 /* Allowable first arguments to kauth_filesec_acl_setendian() */
453 #define KAUTH_ENDIAN_HOST 0x00000001 /* set host endianness */
454 #define KAUTH_ENDIAN_DISK 0x00000002 /* set disk endianness */
455
456 #endif /* KERNEL || <sys/acl.h> */
457
458
459 #ifdef KERNEL
460
461
462 /*
463 * Scope management.
464 */
465 struct kauth_scope;
466 typedef struct kauth_scope *kauth_scope_t;
467 struct kauth_listener;
468 typedef struct kauth_listener *kauth_listener_t;
469 #ifndef _KAUTH_ACTION_T
470 typedef int kauth_action_t;
471 # define _KAUTH_ACTION_T
472 #endif
473
474 typedef int (* kauth_scope_callback_t)(kauth_cred_t _credential,
475 void *_idata,
476 kauth_action_t _action,
477 uintptr_t _arg0,
478 uintptr_t _arg1,
479 uintptr_t _arg2,
480 uintptr_t _arg3);
481
482 #define KAUTH_RESULT_ALLOW (1)
483 #define KAUTH_RESULT_DENY (2)
484 #define KAUTH_RESULT_DEFER (3)
485
486 struct kauth_acl_eval {
487 kauth_ace_t ae_acl;
488 int ae_count;
489 kauth_ace_rights_t ae_requested;
490 kauth_ace_rights_t ae_residual;
491 int ae_result;
492 boolean_t ae_found_deny;
493 int ae_options;
494 #define KAUTH_AEVAL_IS_OWNER (1<<0) /* authorizing operation for owner */
495 #define KAUTH_AEVAL_IN_GROUP (1<<1) /* authorizing operation for groupmember */
496 #define KAUTH_AEVAL_IN_GROUP_UNKNOWN (1<<2) /* authorizing operation for unknown group membership */
497 /* expansions for 'generic' rights bits */
498 kauth_ace_rights_t ae_exp_gall;
499 kauth_ace_rights_t ae_exp_gread;
500 kauth_ace_rights_t ae_exp_gwrite;
501 kauth_ace_rights_t ae_exp_gexec;
502 };
503
504 typedef struct kauth_acl_eval *kauth_acl_eval_t;
505
506 __BEGIN_DECLS
507 kauth_filesec_t kauth_filesec_alloc(int size);
508 void kauth_filesec_free(kauth_filesec_t fsp);
509 extern kauth_scope_t kauth_register_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata);
510 extern void kauth_deregister_scope(kauth_scope_t _scope);
511 extern kauth_listener_t kauth_listen_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata);
512 extern void kauth_unlisten_scope(kauth_listener_t _scope);
513 extern int kauth_authorize_action(kauth_scope_t _scope, kauth_cred_t _credential, kauth_action_t _action,
514 uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3);
515
516 /* default scope handlers */
517 extern int kauth_authorize_allow(kauth_cred_t _credential, void *_idata, kauth_action_t _action,
518 uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3);
519
520
521 #ifdef XNU_KERNEL_PRIVATE
522 void kauth_filesec_acl_setendian(int, kauth_filesec_t, kauth_acl_t);
523 int kauth_copyinfilesec(user_addr_t xsecurity, kauth_filesec_t *xsecdestpp);
524 extern int kauth_acl_evaluate(kauth_cred_t _credential, kauth_acl_eval_t _eval);
525 extern int kauth_acl_inherit(vnode_t _dvp, kauth_acl_t _initial, kauth_acl_t *_product, int _isdir, vfs_context_t _ctx);
526
527 #endif /* XNU_KERNEL_PRIVATE */
528
529
530 __END_DECLS
531
532 /*
533 * Generic scope.
534 */
535 #define KAUTH_SCOPE_GENERIC "com.apple.kauth.generic"
536
537 /* Actions */
538 #define KAUTH_GENERIC_ISSUSER 1
539
540 #ifdef XNU_KERNEL_PRIVATE
541 __BEGIN_DECLS
542 extern int kauth_authorize_generic(kauth_cred_t credential, kauth_action_t action);
543 __END_DECLS
544 #endif /* XNU_KERNEL_PRIVATE */
545
546 /*
547 * Process/task scope.
548 */
549 #define KAUTH_SCOPE_PROCESS "com.apple.kauth.process"
550
551 /* Actions */
552 #define KAUTH_PROCESS_CANSIGNAL 1
553 #define KAUTH_PROCESS_CANTRACE 2
554
555 __BEGIN_DECLS
556 extern int kauth_authorize_process(kauth_cred_t _credential, kauth_action_t _action,
557 struct proc *_process, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3);
558 __END_DECLS
559
560 /*
561 * Vnode operation scope.
562 *
563 * Prototype for vnode_authorize is in vnode.h
564 */
565 #define KAUTH_SCOPE_VNODE "com.apple.kauth.vnode"
566
567 /*
568 * File system operation scope.
569 *
570 */
571 #define KAUTH_SCOPE_FILEOP "com.apple.kauth.fileop"
572
573 /* Actions */
574 #define KAUTH_FILEOP_OPEN 1
575 #define KAUTH_FILEOP_CLOSE 2
576 #define KAUTH_FILEOP_RENAME 3
577 #define KAUTH_FILEOP_EXCHANGE 4
578 #define KAUTH_FILEOP_LINK 5
579 #define KAUTH_FILEOP_EXEC 6
580 #define KAUTH_FILEOP_DELETE 7
581
582 /*
583 * arguments passed to KAUTH_FILEOP_OPEN listeners
584 * arg0 is pointer to vnode (vnode *) for given user path.
585 * arg1 is pointer to path (char *) passed in to open.
586 * arguments passed to KAUTH_FILEOP_CLOSE listeners
587 * arg0 is pointer to vnode (vnode *) for file to be closed.
588 * arg1 is pointer to path (char *) of file to be closed.
589 * arg2 is close flags.
590 * arguments passed to KAUTH_FILEOP_RENAME listeners
591 * arg0 is pointer to "from" path (char *).
592 * arg1 is pointer to "to" path (char *).
593 * arguments passed to KAUTH_FILEOP_EXCHANGE listeners
594 * arg0 is pointer to file 1 path (char *).
595 * arg1 is pointer to file 2 path (char *).
596 * arguments passed to KAUTH_FILEOP_LINK listeners
597 * arg0 is pointer to path to file we are linking to (char *).
598 * arg1 is pointer to path to the new link file (char *).
599 * arguments passed to KAUTH_FILEOP_EXEC listeners
600 * arg0 is pointer to vnode (vnode *) for executable.
601 * arg1 is pointer to path (char *) to executable.
602 * arguments passed to KAUTH_FILEOP_DELETE listeners
603 * arg0 is pointer to vnode (vnode *) of file/dir that was deleted.
604 * arg1 is pointer to path (char *) of file/dir that was deleted.
605 */
606
607 /* Flag values returned to close listeners. */
608 #define KAUTH_FILEOP_CLOSE_MODIFIED (1<<1)
609
610 __BEGIN_DECLS
611 #ifdef XNU_KERNEL_PRIVATE
612 extern int kauth_authorize_fileop_has_listeners(void);
613 #endif /* XNU_KERNEL_PRIVATE */
614 extern int kauth_authorize_fileop(kauth_cred_t _credential, kauth_action_t _action,
615 uintptr_t _arg0, uintptr_t _arg1);
616 __END_DECLS
617
618 #endif /* KERNEL */
619
620 /* Actions, also rights bits in an ACE */
621
622 #if defined(KERNEL) || defined (_SYS_ACL_H)
623 #define KAUTH_VNODE_READ_DATA (1<<1)
624 #define KAUTH_VNODE_LIST_DIRECTORY KAUTH_VNODE_READ_DATA
625 #define KAUTH_VNODE_WRITE_DATA (1<<2)
626 #define KAUTH_VNODE_ADD_FILE KAUTH_VNODE_WRITE_DATA
627 #define KAUTH_VNODE_EXECUTE (1<<3)
628 #define KAUTH_VNODE_SEARCH KAUTH_VNODE_EXECUTE
629 #define KAUTH_VNODE_DELETE (1<<4)
630 #define KAUTH_VNODE_APPEND_DATA (1<<5)
631 #define KAUTH_VNODE_ADD_SUBDIRECTORY KAUTH_VNODE_APPEND_DATA
632 #define KAUTH_VNODE_DELETE_CHILD (1<<6)
633 #define KAUTH_VNODE_READ_ATTRIBUTES (1<<7)
634 #define KAUTH_VNODE_WRITE_ATTRIBUTES (1<<8)
635 #define KAUTH_VNODE_READ_EXTATTRIBUTES (1<<9)
636 #define KAUTH_VNODE_WRITE_EXTATTRIBUTES (1<<10)
637 #define KAUTH_VNODE_READ_SECURITY (1<<11)
638 #define KAUTH_VNODE_WRITE_SECURITY (1<<12)
639 #define KAUTH_VNODE_TAKE_OWNERSHIP (1<<13)
640
641 /* backwards compatibility only */
642 #define KAUTH_VNODE_CHANGE_OWNER KAUTH_VNODE_TAKE_OWNERSHIP
643
644 /* For Windows interoperability only */
645 #define KAUTH_VNODE_SYNCHRONIZE (1<<20)
646
647 /* (1<<21) - (1<<24) are reserved for generic rights bits */
648
649 /* Actions not expressed as rights bits */
650 /*
651 * Authorizes the vnode as the target of a hard link.
652 */
653 #define KAUTH_VNODE_LINKTARGET (1<<25)
654
655 /*
656 * Indicates that other steps have been taken to authorise the action,
657 * but authorisation should be denied for immutable objects.
658 */
659 #define KAUTH_VNODE_CHECKIMMUTABLE (1<<26)
660
661 /* Action modifiers */
662 /*
663 * The KAUTH_VNODE_ACCESS bit is passed to the callback if the authorisation
664 * request in progress is advisory, rather than authoritative. Listeners
665 * performing consequential work (i.e. not strictly checking authorisation)
666 * may test this flag to avoid performing unnecessary work.
667 *
668 * This bit will never be present in an ACE.
669 */
670 #define KAUTH_VNODE_ACCESS (1<<31)
671
672 /*
673 * The KAUTH_VNODE_NOIMMUTABLE bit is passed to the callback along with the
674 * KAUTH_VNODE_WRITE_SECURITY bit (and no others) to indicate that the
675 * caller wishes to change one or more of the immutable flags, and the
676 * state of these flags should not be considered when authorizing the request.
677 * The system immutable flags are only ignored when the system securelevel
678 * is low enough to allow their removal.
679 */
680 #define KAUTH_VNODE_NOIMMUTABLE (1<<30)
681
682
683 /*
684 * fake right that is composed by the following...
685 * vnode must have search for owner, group and world allowed
686 * plus there must be no deny modes present for SEARCH... this fake
687 * right is used by the fast lookup path to avoid checking
688 * for an exact match on the last credential to lookup
689 * the component being acted on
690 */
691 #define KAUTH_VNODE_SEARCHBYANYONE (1<<29)
692
693
694 /*
695 * when passed as an 'action' to "vnode_uncache_authorized_actions"
696 * it indicates that all of the cached authorizations for that
697 * vnode should be invalidated
698 */
699 #define KAUTH_INVALIDATE_CACHED_RIGHTS ((kauth_action_t)~0)
700
701
702
703 /* The expansions of the GENERIC bits at evaluation time */
704 #define KAUTH_VNODE_GENERIC_READ_BITS (KAUTH_VNODE_READ_DATA | \
705 KAUTH_VNODE_READ_ATTRIBUTES | \
706 KAUTH_VNODE_READ_EXTATTRIBUTES | \
707 KAUTH_VNODE_READ_SECURITY)
708
709 #define KAUTH_VNODE_GENERIC_WRITE_BITS (KAUTH_VNODE_WRITE_DATA | \
710 KAUTH_VNODE_APPEND_DATA | \
711 KAUTH_VNODE_DELETE | \
712 KAUTH_VNODE_DELETE_CHILD | \
713 KAUTH_VNODE_WRITE_ATTRIBUTES | \
714 KAUTH_VNODE_WRITE_EXTATTRIBUTES | \
715 KAUTH_VNODE_WRITE_SECURITY)
716
717 #define KAUTH_VNODE_GENERIC_EXECUTE_BITS (KAUTH_VNODE_EXECUTE)
718
719 #define KAUTH_VNODE_GENERIC_ALL_BITS (KAUTH_VNODE_GENERIC_READ_BITS | \
720 KAUTH_VNODE_GENERIC_WRITE_BITS | \
721 KAUTH_VNODE_GENERIC_EXECUTE_BITS)
722
723 /*
724 * Some sets of bits, defined here for convenience.
725 */
726 #define KAUTH_VNODE_WRITE_RIGHTS (KAUTH_VNODE_ADD_FILE | \
727 KAUTH_VNODE_ADD_SUBDIRECTORY | \
728 KAUTH_VNODE_DELETE_CHILD | \
729 KAUTH_VNODE_WRITE_DATA | \
730 KAUTH_VNODE_APPEND_DATA | \
731 KAUTH_VNODE_DELETE | \
732 KAUTH_VNODE_WRITE_ATTRIBUTES | \
733 KAUTH_VNODE_WRITE_EXTATTRIBUTES | \
734 KAUTH_VNODE_WRITE_SECURITY | \
735 KAUTH_VNODE_TAKE_OWNERSHIP | \
736 KAUTH_VNODE_LINKTARGET | \
737 KAUTH_VNODE_CHECKIMMUTABLE)
738
739
740 #endif /* KERNEL || <sys/acl.h> */
741
742 #ifdef KERNEL
743 #include <sys/lock.h> /* lck_grp_t */
744
745 /*
746 * Debugging
747 *
748 * XXX this wouldn't be necessary if we had a *real* debug-logging system.
749 */
750 #if 0
751 # ifndef _FN_KPRINTF
752 # define _FN_KPRINTF
753 void kprintf(const char *fmt, ...);
754 # endif /* !_FN_KPRINTF */
755 # define KAUTH_DEBUG_ENABLE
756 # define K_UUID_FMT "%08x:%08x:%08x:%08x"
757 # define K_UUID_ARG(_u) *(int *)&_u.g_guid[0],*(int *)&_u.g_guid[4],*(int *)&_u.g_guid[8],*(int *)&_u.g_guid[12]
758 # define KAUTH_DEBUG(fmt, args...) do { kprintf("%s:%d: " fmt "\n", __PRETTY_FUNCTION__, __LINE__ , ##args); } while (0)
759 # define KAUTH_DEBUG_CTX(_c) KAUTH_DEBUG("p = %p c = %p", _c->vc_proc, _c->vc_ucred)
760 # define VFS_DEBUG(_ctx, _vp, fmt, args...) \
761 do { \
762 kprintf("%p '%s' %s:%d " fmt "\n", \
763 _ctx, \
764 (_vp != NULL && _vp->v_name != NULL) ? _vp->v_name : "????", \
765 __PRETTY_FUNCTION__, __LINE__ , \
766 ##args); \
767 } while(0)
768 #else /* !0 */
769 # define KAUTH_DEBUG(fmt, args...) do { } while (0)
770 # define VFS_DEBUG(ctx, vp, fmt, args...) do { } while(0)
771 #endif /* !0 */
772
773 /*
774 * Initialisation.
775 */
776 extern lck_grp_t *kauth_lck_grp;
777 #ifdef XNU_KERNEL_PRIVATE
778 __BEGIN_DECLS
779 extern void kauth_init(void);
780 extern void kauth_cred_init(void);
781 #if CONFIG_EXT_RESOLVER
782 extern void kauth_identity_init(void);
783 extern void kauth_groups_init(void);
784 extern void kauth_resolver_init(void);
785 #endif
786 __END_DECLS
787 #endif /* XNU_KERNEL_PRIVATE */
788
789 #endif /* KERNEL */
790
791 #endif /* __APPLE_API_EVOLVING */
792 #endif /* _SYS_KAUTH_H */
mirror of XNU