* Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
*
* @APPLE_OSREFERENCE_LICENSE_HEADER_START@
- *
+ *
* This file contains Original Code and/or Modifications of Original Code
* as defined in and that are subject to the Apple Public Source License
* Version 2.0 (the 'License'). You may not use this file except in
* unlawful or unlicensed copies of an Apple operating system, or to
* circumvent, violate, or enable the circumvention or violation of, any
* terms of an Apple operating system software license agreement.
- *
+ *
* Please obtain a copy of the License at
* http://www.opensource.apple.com/apsl/ and read it before using this file.
- *
+ *
* The Original Code and all software distributed under the License are
* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
* Please see the License for the specific language governing rights and
* limitations under the License.
- *
+ *
* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
/* Copyright (c) 1995, 1997 Apple Computer, Inc. All Rights Reserved */
*/
#ifndef _SYS_UCRED_H_
-#define _SYS_UCRED_H_
+#define _SYS_UCRED_H_
#include <sys/appleapiopts.h>
#include <sys/cdefs.h>
struct label;
#ifdef __APPLE_API_UNSTABLE
+#ifdef KERNEL
#include <sys/queue.h>
/*
* it or copies of it be exported outside.
*/
struct ucred {
- TAILQ_ENTRY(ucred) cr_link; /* never modify this without KAUTH_CRED_HASH_LOCK */
- u_long cr_ref; /* reference count */
-
- /*
- * The credential hash depends on everything from this point on
- * (see kauth_cred_get_hashkey)
- */
- uid_t cr_uid; /* effective user id */
- uid_t cr_ruid; /* real user id */
- uid_t cr_svuid; /* saved user id */
- short cr_ngroups; /* number of groups in advisory list */
- gid_t cr_groups[NGROUPS]; /* advisory group list */
- gid_t cr_rgid; /* real group id */
- gid_t cr_svgid; /* saved group id */
- uid_t cr_gmuid; /* UID for group membership purposes */
- /*
- * XXX - cr_au will be replaced with cr_audit below.
- * cr_au is here to keep kexts from breaking. It seems to
- * be currently used by the ucred hashing as well.
- */
- struct auditinfo cr_au; /* XXX This needs to go away. */
- struct label *cr_label; /* MAC label */
+ LIST_ENTRY(ucred) cr_link; /* never modify this without KAUTH_CRED_HASH_LOCK */
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && !defined(__STDC_NO_ATOMICS__)
+ _Atomic u_long cr_ref; /* reference count */
+#elif defined(__cplusplus) && __cplusplus >= 201103L
+ _Atomic u_long cr_ref; /* reference count */
+#else
+ volatile u_long cr_ref; /* reference count */
+#endif
- int cr_flags; /* flags on credential */
- /*
+ struct posix_cred {
+ /*
+ * The credential hash depends on everything from this point on
+ * (see kauth_cred_get_hashkey)
+ */
+ uid_t cr_uid; /* effective user id */
+ uid_t cr_ruid; /* real user id */
+ uid_t cr_svuid; /* saved user id */
+ short cr_ngroups; /* number of groups in advisory list */
+ gid_t cr_groups[NGROUPS];/* advisory group list */
+ gid_t cr_rgid; /* real group id */
+ gid_t cr_svgid; /* saved group id */
+ uid_t cr_gmuid; /* UID for group membership purposes */
+ int cr_flags; /* flags on credential */
+ } cr_posix;
+ struct label *cr_label; /* MAC label */
+ /*
* NOTE: If anything else (besides the flags)
* added after the label, you must change
* kauth_cred_find().
*/
- struct au_session cr_audit; /* user auditing data */
+ struct au_session cr_audit; /* user auditing data */
};
+#else /* KERNEL */
+struct ucred;
+struct posix_cred;
+#endif /* KERNEL */
+
#ifndef _KAUTH_CRED_T
-#define _KAUTH_CRED_T
+#define _KAUTH_CRED_T
typedef struct ucred *kauth_cred_t;
-#endif /* !_KAUTH_CRED_T */
+typedef struct posix_cred *posix_cred_t;
+#endif /* !_KAUTH_CRED_T */
/*
* Credential flags that can be set on a credential
*/
-#define CRF_NOMEMBERD 0x00000001 /* memberd opt out by setgroups() */
-#define CRF_MAC_ENFORCE 0x00000002 /* force entry through MAC Framework */
- /* also forces credential cache miss */
+#define CRF_NOMEMBERD 0x00000001 /* memberd opt out by setgroups() */
+#define CRF_MAC_ENFORCE 0x00000002 /* force entry through MAC Framework */
+ /* also forces credential cache miss */
/*
* This is the external representation of struct ucred.
*/
struct xucred {
- u_int cr_version; /* structure layout version */
- uid_t cr_uid; /* effective user id */
- short cr_ngroups; /* number of advisory groups */
- gid_t cr_groups[NGROUPS]; /* advisory group list */
+ u_int cr_version; /* structure layout version */
+ uid_t cr_uid; /* effective user id */
+ short cr_ngroups; /* number of advisory groups */
+ gid_t cr_groups[NGROUPS]; /* advisory group list */
};
#define XUCRED_VERSION 0
#define cr_gid cr_groups[0]
-#define NOCRED ((kauth_cred_t )0) /* no credential available */
-#define FSCRED ((kauth_cred_t )-1) /* filesystem credential */
+#define NOCRED ((kauth_cred_t )0) /* no credential available */
+#define FSCRED ((kauth_cred_t )-1) /* filesystem credential */
-#define IS_VALID_CRED(_cr) ((_cr) != NOCRED && (_cr) != FSCRED)
+#define IS_VALID_CRED(_cr) ((_cr) != NOCRED && (_cr) != FSCRED)
#ifdef KERNEL
#ifdef __APPLE_API_OBSOLETE
__BEGIN_DECLS
-int crcmp(kauth_cred_t cr1, kauth_cred_t cr2);
-int suser(kauth_cred_t cred, u_short *acflag);
-int is_suser(void);
-int is_suser1(void);
-int set_security_token(struct proc * p);
-void cru2x(kauth_cred_t cr, struct xucred *xcr);
+int crcmp(kauth_cred_t cr1, kauth_cred_t cr2);
+int suser(kauth_cred_t cred, u_short *acflag);
+int set_security_token(struct proc * p);
+int set_security_token_task_internal(struct proc *p, void *task);
+void cru2x(kauth_cred_t cr, struct xucred *xcr);
__END_DECLS
#endif /* __APPLE_API_OBSOLETE */
#endif /* KERNEL */