bsd/sys/ucred.h

   1 /*
   2  * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
   3  *
   4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. The rights granted to you under the License
  10  * may not be used to create, or enable the creation or redistribution of,
  11  * unlawful or unlicensed copies of an Apple operating system, or to
  12  * circumvent, violate, or enable the circumvention or violation of, any
  13  * terms of an Apple operating system software license agreement.
  14  *
  15  * Please obtain a copy of the License at
  16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
  17  *
  18  * The Original Code and all software distributed under the License are
  19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  23  * Please see the License for the specific language governing rights and
  24  * limitations under the License.
  25  *
  26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
  27  */
  28 /* Copyright (c) 1995, 1997 Apple Computer, Inc. All Rights Reserved */
  29 /*
  30  * Copyright (c) 1989, 1993
  31  *      The Regents of the University of California.  All rights reserved.
  32  *
  33  * Redistribution and use in source and binary forms, with or without
  34  * modification, are permitted provided that the following conditions
  35  * are met:
  36  * 1. Redistributions of source code must retain the above copyright
  37  *    notice, this list of conditions and the following disclaimer.
  38  * 2. Redistributions in binary form must reproduce the above copyright
  39  *    notice, this list of conditions and the following disclaimer in the
  40  *    documentation and/or other materials provided with the distribution.
  41  * 3. All advertising materials mentioning features or use of this software
  42  *    must display the following acknowledgement:
  43  *      This product includes software developed by the University of
  44  *      California, Berkeley and its contributors.
  45  * 4. Neither the name of the University nor the names of its contributors
  46  *    may be used to endorse or promote products derived from this software
  47  *    without specific prior written permission.
  48  *
  49  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
  50  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  51  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  52  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
  53  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  54  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  55  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  56  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  57  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  58  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  59  * SUCH DAMAGE.
  60  *
  61  *      @(#)ucred.h     8.4 (Berkeley) 1/9/95
  62  */
  63 /*
  64  * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
  65  * support for mandatory and extensible security protections.  This notice
  66  * is included in support of clause 2.2 (b) of the Apple Public License,
  67  * Version 2.0.
  68  */
  69
  70 #ifndef _SYS_UCRED_H_
  71 #define _SYS_UCRED_H_
  72
  73 #include <sys/appleapiopts.h>
  74 #include <sys/cdefs.h>
  75 #include <sys/param.h>
  76 #include <bsm/audit.h>
  77
  78 struct label;
  79
  80 #ifdef __APPLE_API_UNSTABLE
  81 #ifdef KERNEL
  82 #include <sys/queue.h>
  83
  84 /*
  85  * In-kernel credential structure.
  86  *
  87  * Note that this structure should not be used outside the kernel, nor should
  88  * it or copies of it be exported outside.
  89  */
  90 struct ucred {
  91         LIST_ENTRY(ucred)       cr_link; /* never modify this without KAUTH_CRED_HASH_LOCK */
  92 #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && !defined(__STDC_NO_ATOMICS__)
  93         _Atomic u_long          cr_ref;  /* reference count */
  94 #elif defined(__cplusplus) && __cplusplus >= 201103L
  95         _Atomic u_long          cr_ref;  /* reference count */
  96 #else
  97         volatile u_long         cr_ref;  /* reference count */
  98 #endif
  99
 100         struct posix_cred {
 101                 /*
 102                  * The credential hash depends on everything from this point on
 103                  * (see kauth_cred_get_hashkey)
 104                  */
 105                 uid_t   cr_uid;         /* effective user id */
 106                 uid_t   cr_ruid;        /* real user id */
 107                 uid_t   cr_svuid;       /* saved user id */
 108                 short   cr_ngroups;     /* number of groups in advisory list */
 109                 gid_t   cr_groups[NGROUPS];/* advisory group list */
 110                 gid_t   cr_rgid;        /* real group id */
 111                 gid_t   cr_svgid;       /* saved group id */
 112                 uid_t   cr_gmuid;       /* UID for group membership purposes */
 113                 int     cr_flags;       /* flags on credential */
 114         } cr_posix;
 115         struct label    *cr_label;      /* MAC label */
 116         /*
 117          * NOTE: If anything else (besides the flags)
 118          * added after the label, you must change
 119          * kauth_cred_find().
 120          */
 121         struct au_session cr_audit;             /* user auditing data */
 122 };
 123 #else /* KERNEL */
 124 struct ucred;
 125 struct posix_cred;
 126 #endif /* KERNEL */
 127
 128 #ifndef _KAUTH_CRED_T
 129 #define _KAUTH_CRED_T
 130 typedef struct ucred *kauth_cred_t;
 131 typedef struct posix_cred *posix_cred_t;
 132 #endif  /* !_KAUTH_CRED_T */
 133
 134 /*
 135  * Credential flags that can be set on a credential
 136  */
 137 #define CRF_NOMEMBERD   0x00000001      /* memberd opt out by setgroups() */
 138 #define CRF_MAC_ENFORCE 0x00000002      /* force entry through MAC Framework */
 139                                         /* also forces credential cache miss */
 140
 141 /*
 142  * This is the external representation of struct ucred.
 143  */
 144 struct xucred {
 145         u_int   cr_version;             /* structure layout version */
 146         uid_t   cr_uid;                 /* effective user id */
 147         short   cr_ngroups;             /* number of advisory groups */
 148         gid_t   cr_groups[NGROUPS];     /* advisory group list */
 149 };
 150 #define XUCRED_VERSION  0
 151
 152 #define cr_gid cr_groups[0]
 153 #define NOCRED ((kauth_cred_t )0)       /* no credential available */
 154 #define FSCRED ((kauth_cred_t )-1)      /* filesystem credential */
 155
 156 #define IS_VALID_CRED(_cr)      ((_cr) != NOCRED && (_cr) != FSCRED)
 157
 158 #ifdef KERNEL
 159 #ifdef __APPLE_API_OBSOLETE
 160 __BEGIN_DECLS
 161 int             crcmp(kauth_cred_t cr1, kauth_cred_t cr2);
 162 int             suser(kauth_cred_t cred, u_short *acflag);
 163 int             set_security_token(struct proc * p);
 164 int             set_security_token_task_internal(struct proc *p, void *task);
 165 void            cru2x(kauth_cred_t cr, struct xucred *xcr);
 166 __END_DECLS
 167 #endif /* __APPLE_API_OBSOLETE */
 168 #endif /* KERNEL */
 169 #endif /* __APPLE_API_UNSTABLE */
 170
 171 #endif /* !_SYS_UCRED_H_ */