/*
- * Copyright (c) 2004-2007 Apple Inc. All rights reserved.
+ * Copyright (c) 2004-2010 Apple Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
*
#include <sys/cdefs.h>
#include <mach/boolean.h>
#include <sys/_types.h> /* __offsetof() */
+#include <sys/syslimits.h> /* NGROUPS_MAX */
#ifdef __APPLE_API_EVOLVING
#define KAUTH_UID_NONE (~(uid_t)0 - 100) /* not a valid UID */
#define KAUTH_GID_NONE (~(gid_t)0 - 100) /* not a valid GID */
-#ifndef _KAUTH_GUID
-#define _KAUTH_GUID
-/* Apple-style globally unique identifier */
-typedef struct {
-#define KAUTH_GUID_SIZE 16 /* 128-bit identifier */
- unsigned char g_guid[KAUTH_GUID_SIZE];
-} guid_t;
-#define _GUID_T
-#endif /* _KAUTH_GUID */
+#include <sys/_types/_guid_t.h>
/* NT Security Identifier, structure as defined by Microsoft */
#pragma pack(1) /* push packing of 1 byte */
#define KAUTH_EXTLOOKUP_WANT_MEMBERSHIP (1<<12)
#define KAUTH_EXTLOOKUP_VALID_MEMBERSHIP (1<<13)
#define KAUTH_EXTLOOKUP_ISMEMBER (1<<14)
+#define KAUTH_EXTLOOKUP_VALID_PWNAM (1<<15)
+#define KAUTH_EXTLOOKUP_WANT_PWNAM (1<<16)
+#define KAUTH_EXTLOOKUP_VALID_GRNAM (1<<17)
+#define KAUTH_EXTLOOKUP_WANT_GRNAM (1<<18)
+#define KAUTH_EXTLOOKUP_VALID_SUPGRPS (1<<19)
+#define KAUTH_EXTLOOKUP_WANT_SUPGRPS (1<<20)
__darwin_pid_t el_info_pid; /* request on behalf of PID */
+ u_int64_t el_extend; /* extension field */
u_int32_t el_info_reserved_1; /* reserved (APPLE) */
- u_int32_t el_info_reserved_2; /* reserved (APPLE) */
- u_int32_t el_info_reserved_3; /* reserved (APPLE) */
uid_t el_uid; /* user ID */
guid_t el_uguid; /* user GUID */
ntsid_t el_gsid; /* group SID */
u_int32_t el_gsid_valid; /* TTL on translation result (seconds) */
u_int32_t el_member_valid; /* TTL on group lookup result */
+ u_int32_t el_sup_grp_cnt; /* count of supplemental groups up to NGROUPS */
+ gid_t el_sup_groups[NGROUPS_MAX]; /* supplemental group list */
+};
+
+struct kauth_cache_sizes {
+ u_int32_t kcs_group_size;
+ u_int32_t kcs_id_size;
};
#define KAUTH_EXTLOOKUP_REGISTER (0)
#define KAUTH_EXTLOOKUP_RESULT (1<<0)
#define KAUTH_EXTLOOKUP_WORKER (1<<1)
#define KAUTH_EXTLOOKUP_DEREGISTER (1<<2)
+#define KAUTH_GET_CACHE_SIZES (1<<3)
+#define KAUTH_SET_CACHE_SIZES (1<<4)
+#define KAUTH_CLEAR_CACHES (1<<5)
#ifdef KERNEL
int kc_nwhtgroups; /* whiteout group list */
gid_t *kc_whtgroups;
- struct auditinfo cr_au;
struct au_session cr_audit; /* user auditing data */
int kc_nsupplement; /* entry count in supplemental data pointer array */
/* Kernel SPI for now */
__BEGIN_DECLS
+/*
+ * Routines specific to credentials with POSIX credential labels attached
+ *
+ * XXX Should be in policy_posix.h, with struct posix_cred
+ */
+extern kauth_cred_t posix_cred_create(posix_cred_t pcred);
+extern posix_cred_t posix_cred_get(kauth_cred_t cred);
+extern void posix_cred_label(kauth_cred_t cred, posix_cred_t pcred);
+extern int posix_cred_access(kauth_cred_t cred, id_t object_uid, id_t object_gid, mode_t object_mode, mode_t mode_req);
+
extern uid_t kauth_getuid(void);
extern uid_t kauth_getruid(void);
extern gid_t kauth_getgid(void);
extern kauth_cred_t kauth_cred_find(kauth_cred_t cred);
extern uid_t kauth_cred_getuid(kauth_cred_t _cred);
+extern uid_t kauth_cred_getruid(kauth_cred_t _cred);
+extern uid_t kauth_cred_getsvuid(kauth_cred_t _cred);
extern gid_t kauth_cred_getgid(kauth_cred_t _cred);
+extern gid_t kauth_cred_getrgid(kauth_cred_t _cred);
+extern gid_t kauth_cred_getsvgid(kauth_cred_t _cred);
+extern int kauth_cred_pwnam2guid(char *pwnam, guid_t *guidp);
+extern int kauth_cred_grnam2guid(char *grnam, guid_t *guidp);
+extern int kauth_cred_guid2pwnam(guid_t *guidp, char *pwnam);
+extern int kauth_cred_guid2grnam(guid_t *guidp, char *grnam);
extern int kauth_cred_guid2uid(guid_t *_guid, uid_t *_uidp);
extern int kauth_cred_guid2gid(guid_t *_guid, gid_t *_gidp);
extern int kauth_cred_ntsid2uid(ntsid_t *_sid, uid_t *_uidp);
struct uthread;
extern void kauth_cred_uthread_update(struct uthread *, proc_t);
#ifdef CONFIG_MACF
-extern int kauth_proc_label_update_execve(struct proc *p, struct vfs_context *ctx, struct vnode *vp, struct label *scriptlabel, struct label *execlabel);
+extern void kauth_proc_label_update_execve(struct proc *p, struct vfs_context *ctx, struct vnode *vp, off_t offset, struct vnode *scriptvp, struct label *scriptlabel, struct label *execlabel, unsigned int *csflags, void *psattr, int *disjoint, int *update_return);
#endif
-extern int kauth_cred_getgroups(gid_t *_groups, int *_groupcount);
+extern int kauth_cred_getgroups(kauth_cred_t _cred, gid_t *_groups, int *_groupcount);
extern int kauth_cred_assume(uid_t _uid);
extern int kauth_cred_gid_subset(kauth_cred_t _cred1, kauth_cred_t _cred2, int *_resultp);
struct auditinfo_addr;
int ae_options;
#define KAUTH_AEVAL_IS_OWNER (1<<0) /* authorizing operation for owner */
#define KAUTH_AEVAL_IN_GROUP (1<<1) /* authorizing operation for groupmember */
+#define KAUTH_AEVAL_IN_GROUP_UNKNOWN (1<<2) /* authorizing operation for unknown group membership */
/* expansions for 'generic' rights bits */
kauth_ace_rights_t ae_exp_gall;
kauth_ace_rights_t ae_exp_gread;
extern lck_grp_t *kauth_lck_grp;
#ifdef XNU_KERNEL_PRIVATE
__BEGIN_DECLS
-extern void kauth_init(void) __attribute__((section("__TEXT, initcode")));
-extern void kauth_identity_init(void) __attribute__((section("__TEXT, initcode")));
-extern void kauth_groups_init(void) __attribute__((section("__TEXT, initcode")));
-extern void kauth_cred_init(void) __attribute__((section("__TEXT, initcode")));
-extern void kauth_resolver_init(void) __attribute__((section("__TEXT, initcode")));
+extern void kauth_init(void);
+extern void kauth_cred_init(void);
+#if CONFIG_EXT_RESOLVER
+extern void kauth_identity_init(void);
+extern void kauth_groups_init(void);
+extern void kauth_resolver_init(void);
+#endif
__END_DECLS
#endif /* XNU_KERNEL_PRIVATE */
projects / apple / xnu.git / blobdiff