xnu-2050.24.15.tar.gz

[apple/xnu.git] / bsd / sys / kauth.h

diff --git a/bsd/sys/kauth.h b/bsd/sys/kauth.h
index 33078a1f408ea7e46cce7a903bc08c7547f66952..a077ceefa627e5bd05eabbce22ce44091cc982fe 100644 (file)
--- a/bsd/sys/kauth.h
+++ b/bsd/sys/kauth.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004-2007 Apple Inc. All rights reserved.
+ * Copyright (c) 2004-2010 Apple Inc. All rights reserved.
  *
  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
  * 
@@ -106,11 +106,14 @@ struct kauth_identity_extlookup {
 #define KAUTH_EXTLOOKUP_WANT_MEMBERSHIP        (1<<12)
 #define KAUTH_EXTLOOKUP_VALID_MEMBERSHIP (1<<13)
 #define KAUTH_EXTLOOKUP_ISMEMBER       (1<<14)
+#define KAUTH_EXTLOOKUP_VALID_PWNAM    (1<<15)
+#define        KAUTH_EXTLOOKUP_WANT_PWNAM      (1<<16)
+#define KAUTH_EXTLOOKUP_VALID_GRNAM    (1<<17)
+#define        KAUTH_EXTLOOKUP_WANT_GRNAM      (1<<18)
 
        __darwin_pid_t  el_info_pid;            /* request on behalf of PID */
+       u_int64_t       el_extend;              /* extension field */
        u_int32_t       el_info_reserved_1;     /* reserved (APPLE) */
-       u_int32_t       el_info_reserved_2;     /* reserved (APPLE) */
-       u_int32_t       el_info_reserved_3;     /* reserved (APPLE) */
 
        uid_t           el_uid;         /* user ID */
        guid_t          el_uguid;       /* user GUID */
@@ -125,10 +128,18 @@ struct kauth_identity_extlookup {
        u_int32_t       el_member_valid; /* TTL on group lookup result */
 };
 
+struct kauth_cache_sizes {
+       u_int32_t kcs_group_size;
+       u_int32_t kcs_id_size;
+};
+
 #define KAUTH_EXTLOOKUP_REGISTER       (0)
 #define KAUTH_EXTLOOKUP_RESULT         (1<<0)
 #define KAUTH_EXTLOOKUP_WORKER         (1<<1)
 #define        KAUTH_EXTLOOKUP_DEREGISTER      (1<<2)
+#define        KAUTH_GET_CACHE_SIZES           (1<<3)
+#define        KAUTH_SET_CACHE_SIZES           (1<<4)
+#define        KAUTH_CLEAR_CACHES              (1<<5)
 
 
 #ifdef KERNEL
@@ -177,7 +188,6 @@ struct kauth_cred {
        int     kc_nwhtgroups;          /* whiteout group list */
        gid_t   *kc_whtgroups;
        
-       struct auditinfo  cr_au;
        struct au_session cr_audit;     /* user auditing data */
 
        int     kc_nsupplement;         /* entry count in supplemental data pointer array */
@@ -192,6 +202,16 @@ struct kauth_cred {
 
 /* Kernel SPI for now */
 __BEGIN_DECLS
+/*
+ * Routines specific to credentials with POSIX credential labels attached
+ *
+ * XXX Should be in policy_posix.h, with struct posix_cred
+ */
+extern kauth_cred_t posix_cred_create(posix_cred_t pcred);
+extern posix_cred_t posix_cred_get(kauth_cred_t cred);
+extern void posix_cred_label(kauth_cred_t cred, posix_cred_t pcred);
+extern int posix_cred_access(kauth_cred_t cred, id_t object_uid, id_t object_gid, mode_t object_mode, mode_t mode_req);
+
 extern uid_t   kauth_getuid(void);
 extern uid_t   kauth_getruid(void);
 extern gid_t   kauth_getgid(void);
@@ -221,7 +241,15 @@ extern int kauth_proc_label_update(struct proc *p, void *label);
 
 extern kauth_cred_t kauth_cred_find(kauth_cred_t cred);
 extern uid_t   kauth_cred_getuid(kauth_cred_t _cred);
+extern uid_t   kauth_cred_getruid(kauth_cred_t _cred);
+extern uid_t   kauth_cred_getsvuid(kauth_cred_t _cred);
 extern gid_t   kauth_cred_getgid(kauth_cred_t _cred);
+extern gid_t   kauth_cred_getrgid(kauth_cred_t _cred);
+extern gid_t   kauth_cred_getsvgid(kauth_cred_t _cred);
+extern int     kauth_cred_pwnam2guid(char *pwnam, guid_t *guidp);
+extern int     kauth_cred_grnam2guid(char *grnam, guid_t *guidp);
+extern int     kauth_cred_guid2pwnam(guid_t *guidp, char *pwnam);
+extern int     kauth_cred_guid2grnam(guid_t *guidp, char *grnam);
 extern int      kauth_cred_guid2uid(guid_t *_guid, uid_t *_uidp);
 extern int      kauth_cred_guid2gid(guid_t *_guid, gid_t *_gidp);
 extern int      kauth_cred_ntsid2uid(ntsid_t *_sid, uid_t *_uidp);
@@ -273,7 +301,7 @@ extern void kauth_cred_uthread_update(struct uthread *, proc_t);
 #ifdef CONFIG_MACF
 extern int kauth_proc_label_update_execve(struct proc *p, struct vfs_context *ctx, struct vnode *vp, struct label *scriptlabel, struct label *execlabel);
 #endif
-extern int     kauth_cred_getgroups(gid_t *_groups, int *_groupcount);
+extern int     kauth_cred_getgroups(kauth_cred_t _cred, gid_t *_groups, int *_groupcount);
 extern int     kauth_cred_assume(uid_t _uid);
 extern int     kauth_cred_gid_subset(kauth_cred_t _cred1, kauth_cred_t _cred2, int *_resultp);
 struct auditinfo_addr;
@@ -468,6 +496,7 @@ struct kauth_acl_eval {
        int                     ae_options;
 #define KAUTH_AEVAL_IS_OWNER   (1<<0)          /* authorizing operation for owner */
 #define KAUTH_AEVAL_IN_GROUP   (1<<1)          /* authorizing operation for groupmember */
+#define KAUTH_AEVAL_IN_GROUP_UNKNOWN   (1<<2)          /* authorizing operation for unknown group membership */
        /* expansions for 'generic' rights bits */
        kauth_ace_rights_t      ae_exp_gall;
        kauth_ace_rights_t      ae_exp_gread;
@@ -751,10 +780,12 @@ extern lck_grp_t *kauth_lck_grp;
 #ifdef XNU_KERNEL_PRIVATE
 __BEGIN_DECLS
 extern void    kauth_init(void) __attribute__((section("__TEXT, initcode")));
+extern void    kauth_cred_init(void) __attribute__((section("__TEXT, initcode")));
+#if CONFIG_EXT_RESOLVER
 extern void    kauth_identity_init(void) __attribute__((section("__TEXT, initcode")));
 extern void    kauth_groups_init(void) __attribute__((section("__TEXT, initcode")));
-extern void    kauth_cred_init(void) __attribute__((section("__TEXT, initcode")));
 extern void    kauth_resolver_init(void) __attribute__((section("__TEXT, initcode")));
+#endif
 __END_DECLS
 #endif /* XNU_KERNEL_PRIVATE */