X-Git-Url: https://git.saurik.com/apple/xnu.git/blobdiff_plain/21362eb3e66fd2c787aee132bce100a44d71a99c..6d2010ae8f7a6078e10b361c6962983bab233e0f:/bsd/sys/kauth.h diff --git a/bsd/sys/kauth.h b/bsd/sys/kauth.h index 151499920..94f0b1e1e 100644 --- a/bsd/sys/kauth.h +++ b/bsd/sys/kauth.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2004 Apple Computer, Inc. All rights reserved. + * Copyright (c) 2004-2010 Apple Inc. All rights reserved. * * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ * @@ -25,12 +25,20 @@ * * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ */ +/* + * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce + * support for mandatory and extensible security protections. This notice + * is included in support of clause 2.2 (b) of the Apple Public License, + * Version 2.0. + */ #ifndef _SYS_KAUTH_H #define _SYS_KAUTH_H #include #include +#include +#include /* __offsetof() */ #ifdef __APPLE_API_EVOLVING @@ -68,7 +76,11 @@ typedef struct { #define KAUTH_NTSID_SIZE(_s) (KAUTH_NTSID_HDRSIZE + ((_s)->sid_authcount * sizeof(u_int32_t))) /* - * External lookup message payload + * External lookup message payload; this structure is shared between the + * kernel group membership resolver, and the user space group membership + * resolver daemon, and is use to communicate resolution requests from the + * kernel to user space, and the result of that request from user space to + * the kernel. */ struct kauth_identity_extlookup { u_int32_t el_seqno; /* request sequence number */ @@ -94,6 +106,15 @@ struct kauth_identity_extlookup { #define KAUTH_EXTLOOKUP_WANT_MEMBERSHIP (1<<12) #define KAUTH_EXTLOOKUP_VALID_MEMBERSHIP (1<<13) #define KAUTH_EXTLOOKUP_ISMEMBER (1<<14) +#define KAUTH_EXTLOOKUP_VALID_PWNAM (1<<15) +#define KAUTH_EXTLOOKUP_WANT_PWNAM (1<<16) +#define KAUTH_EXTLOOKUP_VALID_GRNAM (1<<17) +#define KAUTH_EXTLOOKUP_WANT_GRNAM (1<<18) + + __darwin_pid_t el_info_pid; /* request on behalf of PID */ + u_int64_t el_extend; /* extension field */ + u_int32_t el_info_reserved_1; /* reserved (APPLE) */ + uid_t el_uid; /* user ID */ guid_t el_uguid; /* user GUID */ u_int32_t el_uguid_valid; /* TTL on translation result (seconds) */ @@ -110,6 +131,7 @@ struct kauth_identity_extlookup { #define KAUTH_EXTLOOKUP_REGISTER (0) #define KAUTH_EXTLOOKUP_RESULT (1<<0) #define KAUTH_EXTLOOKUP_WORKER (1<<1) +#define KAUTH_EXTLOOKUP_DEREGISTER (1<<2) #ifdef KERNEL @@ -158,7 +180,7 @@ struct kauth_cred { int kc_nwhtgroups; /* whiteout group list */ gid_t *kc_whtgroups; - struct auditinfo cr_au; /* user auditing data */ + struct au_session cr_audit; /* user auditing data */ int kc_nsupplement; /* entry count in supplemental data pointer array */ kauth_cred_supplement_t *kc_supplement; @@ -172,32 +194,54 @@ struct kauth_cred { /* Kernel SPI for now */ __BEGIN_DECLS +/* + * Routines specific to credentials with POSIX credential labels attached + * + * XXX Should be in policy_posix.h, with struct posix_cred + */ +extern kauth_cred_t posix_cred_create(posix_cred_t pcred); +extern posix_cred_t posix_cred_get(kauth_cred_t cred); +extern void posix_cred_label(kauth_cred_t cred, posix_cred_t pcred); +extern int posix_cred_access(kauth_cred_t cred, id_t object_uid, id_t object_gid, mode_t object_mode, mode_t mode_req); + extern uid_t kauth_getuid(void); extern uid_t kauth_getruid(void); extern gid_t kauth_getgid(void); -extern gid_t kauth_getrgid(void); extern kauth_cred_t kauth_cred_get(void); extern kauth_cred_t kauth_cred_get_with_ref(void); extern kauth_cred_t kauth_cred_proc_ref(proc_t procp); -extern kauth_cred_t kauth_cred_alloc(void); extern kauth_cred_t kauth_cred_create(kauth_cred_t cred); extern void kauth_cred_ref(kauth_cred_t _cred); -extern void kauth_cred_rele(kauth_cred_t _cred); -extern kauth_cred_t kauth_cred_dup(kauth_cred_t cred); -extern kauth_cred_t kauth_cred_copy_real(kauth_cred_t cred); -extern void kauth_cred_unref(kauth_cred_t _cred); -extern kauth_cred_t kauth_cred_setuid(kauth_cred_t cred, uid_t uid); -extern kauth_cred_t kauth_cred_seteuid(kauth_cred_t cred, uid_t euid); -extern kauth_cred_t kauth_cred_setgid(kauth_cred_t cred, gid_t gid); -extern kauth_cred_t kauth_cred_setegid(kauth_cred_t cred, gid_t egid); -extern kauth_cred_t kauth_cred_setuidgid(kauth_cred_t cred, uid_t uid, gid_t gid); -extern kauth_cred_t kauth_cred_setsvuidgid(kauth_cred_t cred, uid_t uid, gid_t gid); -extern kauth_cred_t kauth_cred_setgroups(kauth_cred_t cred, gid_t *groups, int groupcount, uid_t gmuid); +#ifndef __LP64__ +/* Use kauth_cred_unref(), not kauth_cred_rele() */ +extern void kauth_cred_rele(kauth_cred_t _cred) __deprecated; +#endif +extern void kauth_cred_unref(kauth_cred_t *_cred); + +#if CONFIG_MACF +struct label; +extern kauth_cred_t kauth_cred_label_update(kauth_cred_t cred, struct label *label); +extern int kauth_proc_label_update(struct proc *p, struct label *label); +#else +/* this is a temp hack to cover us when MAC is not built in a kernel configuration. + * Since we cannot build our export list based on the kernel configuration we need + * to define a stub. + */ +extern kauth_cred_t kauth_cred_label_update(kauth_cred_t cred, void *label); +extern int kauth_proc_label_update(struct proc *p, void *label); +#endif + extern kauth_cred_t kauth_cred_find(kauth_cred_t cred); -extern int kauth_cred_getgroups(gid_t *_groups, int *_groupcount); -extern int kauth_cred_assume(uid_t _uid); extern uid_t kauth_cred_getuid(kauth_cred_t _cred); +extern uid_t kauth_cred_getruid(kauth_cred_t _cred); +extern uid_t kauth_cred_getsvuid(kauth_cred_t _cred); extern gid_t kauth_cred_getgid(kauth_cred_t _cred); +extern gid_t kauth_cred_getrgid(kauth_cred_t _cred); +extern gid_t kauth_cred_getsvgid(kauth_cred_t _cred); +extern int kauth_cred_pwnam2guid(char *pwnam, guid_t *guidp); +extern int kauth_cred_grnam2guid(char *grnam, guid_t *guidp); +extern int kauth_cred_guid2pwnam(guid_t *guidp, char *pwnam); +extern int kauth_cred_guid2grnam(guid_t *guidp, char *grnam); extern int kauth_cred_guid2uid(guid_t *_guid, uid_t *_uidp); extern int kauth_cred_guid2gid(guid_t *_guid, gid_t *_gidp); extern int kauth_cred_ntsid2uid(ntsid_t *_sid, uid_t *_uidp); @@ -213,19 +257,20 @@ extern int kauth_cred_guid2ntsid(guid_t *_guid, ntsid_t *_sidp); extern int kauth_cred_ismember_gid(kauth_cred_t _cred, gid_t _gid, int *_resultp); extern int kauth_cred_ismember_guid(kauth_cred_t _cred, guid_t *_guidp, int *_resultp); -extern int kauth_cred_supplementary_register(const char *name, int *ident); -extern int kauth_cred_supplementary_add(kauth_cred_t cred, int ident, const void *data, size_t datasize); -extern int kauth_cred_supplementary_remove(kauth_cred_t cred, int ident); +extern int groupmember(gid_t gid, kauth_cred_t cred); -/* NOT KPI - fast path for in-kernel code only */ +/* currently only exported in unsupported for use by seatbelt */ extern int kauth_cred_issuser(kauth_cred_t _cred); /* GUID, NTSID helpers */ extern guid_t kauth_null_guid; extern int kauth_guid_equal(guid_t *_guid1, guid_t *_guid2); +#ifdef XNU_KERNEL_PRIVATE extern int kauth_ntsid_equal(ntsid_t *_sid1, ntsid_t *_sid2); +#endif /* XNU_KERNEL_PRIVATE */ +#ifdef XNU_KERNEL_PRIVATE extern int kauth_wellknown_guid(guid_t *_guid); #define KAUTH_WKG_NOT 0 /* not a well-known GUID */ #define KAUTH_WKG_OWNER 1 @@ -233,8 +278,31 @@ extern int kauth_wellknown_guid(guid_t *_guid); #define KAUTH_WKG_NOBODY 3 #define KAUTH_WKG_EVERYBODY 4 +extern kauth_cred_t kauth_cred_dup(kauth_cred_t cred); +extern gid_t kauth_getrgid(void); +extern kauth_cred_t kauth_cred_alloc(void); extern int cantrace(proc_t cur_procp, kauth_cred_t creds, proc_t traced_procp, int *errp); +extern kauth_cred_t kauth_cred_copy_real(kauth_cred_t cred); +extern kauth_cred_t kauth_cred_setresuid(kauth_cred_t cred, uid_t ruid, uid_t euid, uid_t svuid, uid_t gmuid); +extern kauth_cred_t kauth_cred_setresgid(kauth_cred_t cred, gid_t rgid, gid_t egid, gid_t svgid); +extern kauth_cred_t kauth_cred_setuidgid(kauth_cred_t cred, uid_t uid, gid_t gid); +extern kauth_cred_t kauth_cred_setsvuidgid(kauth_cred_t cred, uid_t uid, gid_t gid); +extern kauth_cred_t kauth_cred_setgroups(kauth_cred_t cred, gid_t *groups, int groupcount, uid_t gmuid); +struct uthread; +extern void kauth_cred_uthread_update(struct uthread *, proc_t); +#ifdef CONFIG_MACF +extern int kauth_proc_label_update_execve(struct proc *p, struct vfs_context *ctx, struct vnode *vp, struct label *scriptlabel, struct label *execlabel); +#endif +extern int kauth_cred_getgroups(kauth_cred_t _cred, gid_t *_groups, int *_groupcount); +extern int kauth_cred_assume(uid_t _uid); +extern int kauth_cred_gid_subset(kauth_cred_t _cred1, kauth_cred_t _cred2, int *_resultp); +struct auditinfo_addr; +extern kauth_cred_t kauth_cred_setauditinfo(kauth_cred_t, au_session_t *); +extern int kauth_cred_supplementary_register(const char *name, int *ident); +extern int kauth_cred_supplementary_add(kauth_cred_t cred, int ident, const void *data, size_t datasize); +extern int kauth_cred_supplementary_remove(kauth_cred_t cred, int ident); +#endif /* XNU_KERNEL_PRIVATE */ __END_DECLS #endif /* KERNEL */ @@ -262,6 +330,12 @@ struct kauth_ace { #define KAUTH_ACE_ONLY_INHERIT (1<<8) #define KAUTH_ACE_SUCCESS (1<<9) /* not implemented (AUDIT/ALARM) */ #define KAUTH_ACE_FAILURE (1<<10) /* not implemented (AUDIT/ALARM) */ +/* All flag bits controlling ACE inheritance */ +#define KAUTH_ACE_INHERIT_CONTROL_FLAGS \ + (KAUTH_ACE_FILE_INHERIT | \ + KAUTH_ACE_DIRECTORY_INHERIT | \ + KAUTH_ACE_LIMIT_INHERIT | \ + KAUTH_ACE_ONLY_INHERIT) kauth_ace_rights_t ace_rights; /* scope specific */ /* These rights are never tested, but may be present in an ACL */ #define KAUTH_ACE_GENERIC_ALL (1<<21) @@ -282,7 +356,7 @@ struct kauth_acl { u_int32_t acl_entrycount; u_int32_t acl_flags; - struct kauth_ace acl_ace[]; + struct kauth_ace acl_ace[1]; }; /* @@ -307,7 +381,17 @@ struct kauth_acl { /* this ACL must not be overwritten as part of an inheritance operation */ #define KAUTH_ACL_NO_INHERIT (1<<17) -#define KAUTH_ACL_SIZE(c) (sizeof(struct kauth_acl) + (c) * sizeof(struct kauth_ace)) +/* acl_entrycount that tells us the ACL is not valid */ +#define KAUTH_FILESEC_NOACL ((u_int32_t)(-1)) + +/* + * If the acl_entrycount field is KAUTH_FILESEC_NOACL, then the size is the + * same as a kauth_acl structure; the intent is to put an actual entrycount of + * KAUTH_FILESEC_NOACL on disk to distinguish a kauth_filesec_t with an empty + * entry (Windows treats this as "deny all") from one that merely indicates a + * file group and/or owner guid values. + */ +#define KAUTH_ACL_SIZE(c) (__offsetof(struct kauth_acl, acl_ace) + ((u_int32_t)(c) != KAUTH_FILESEC_NOACL ? ((c) * sizeof(struct kauth_ace)) : 0)) #define KAUTH_ACL_COPYSIZE(p) KAUTH_ACL_SIZE((p)->acl_entrycount) @@ -336,8 +420,6 @@ struct kauth_filesec { guid_t fsec_group; struct kauth_acl fsec_acl; - /* acl_entrycount that tells us the ACL is not valid */ -#define KAUTH_FILESEC_NOACL ((u_int32_t)(-1)) }; /* backwards compatibility */ @@ -355,22 +437,23 @@ struct kauth_filesec { typedef struct kauth_filesec *kauth_filesec_t; #endif -#define KAUTH_FILESEC_SIZE(c) (sizeof(struct kauth_filesec) + (c) * sizeof(struct kauth_ace)) +#define KAUTH_FILESEC_SIZE(c) (__offsetof(struct kauth_filesec, fsec_acl) + __offsetof(struct kauth_acl, acl_ace) + (c) * sizeof(struct kauth_ace)) #define KAUTH_FILESEC_COPYSIZE(p) KAUTH_FILESEC_SIZE(((p)->fsec_entrycount == KAUTH_FILESEC_NOACL) ? 0 : (p)->fsec_entrycount) -#define KAUTH_FILESEC_COUNT(s) ((s - sizeof(struct kauth_filesec)) / sizeof(struct kauth_ace)) +#define KAUTH_FILESEC_COUNT(s) (((s) - KAUTH_FILESEC_SIZE(0)) / sizeof(struct kauth_ace)) +#define KAUTH_FILESEC_VALID(s) ((s) >= KAUTH_FILESEC_SIZE(0) && (((s) - KAUTH_FILESEC_SIZE(0)) % sizeof(struct kauth_ace)) == 0) #define KAUTH_FILESEC_XATTR "com.apple.system.Security" -__BEGIN_DECLS -kauth_filesec_t kauth_filesec_alloc(int size); -void kauth_filesec_free(kauth_filesec_t fsp); -int kauth_copyinfilesec(user_addr_t xsecurity, kauth_filesec_t *xsecdestpp); -__END_DECLS +/* Allowable first arguments to kauth_filesec_acl_setendian() */ +#define KAUTH_ENDIAN_HOST 0x00000001 /* set host endianness */ +#define KAUTH_ENDIAN_DISK 0x00000002 /* set disk endianness */ #endif /* KERNEL || */ #ifdef KERNEL + + /* * Scope management. */ @@ -401,9 +484,11 @@ struct kauth_acl_eval { kauth_ace_rights_t ae_requested; kauth_ace_rights_t ae_residual; int ae_result; + boolean_t ae_found_deny; int ae_options; #define KAUTH_AEVAL_IS_OWNER (1<<0) /* authorizing operation for owner */ #define KAUTH_AEVAL_IN_GROUP (1<<1) /* authorizing operation for groupmember */ +#define KAUTH_AEVAL_IN_GROUP_UNKNOWN (1<<2) /* authorizing operation for unknown group membership */ /* expansions for 'generic' rights bits */ kauth_ace_rights_t ae_exp_gall; kauth_ace_rights_t ae_exp_gread; @@ -414,18 +499,29 @@ struct kauth_acl_eval { typedef struct kauth_acl_eval *kauth_acl_eval_t; __BEGIN_DECLS +kauth_filesec_t kauth_filesec_alloc(int size); +void kauth_filesec_free(kauth_filesec_t fsp); extern kauth_scope_t kauth_register_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata); extern void kauth_deregister_scope(kauth_scope_t _scope); extern kauth_listener_t kauth_listen_scope(const char *_identifier, kauth_scope_callback_t _callback, void *_idata); extern void kauth_unlisten_scope(kauth_listener_t _scope); extern int kauth_authorize_action(kauth_scope_t _scope, kauth_cred_t _credential, kauth_action_t _action, uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3); -extern int kauth_acl_evaluate(kauth_cred_t _credential, kauth_acl_eval_t _eval); -extern int kauth_acl_inherit(vnode_t _dvp, kauth_acl_t _initial, kauth_acl_t *_product, int _isdir, vfs_context_t _ctx); /* default scope handlers */ extern int kauth_authorize_allow(kauth_cred_t _credential, void *_idata, kauth_action_t _action, uintptr_t _arg0, uintptr_t _arg1, uintptr_t _arg2, uintptr_t _arg3); + + +#ifdef XNU_KERNEL_PRIVATE +void kauth_filesec_acl_setendian(int, kauth_filesec_t, kauth_acl_t); +int kauth_copyinfilesec(user_addr_t xsecurity, kauth_filesec_t *xsecdestpp); +extern int kauth_acl_evaluate(kauth_cred_t _credential, kauth_acl_eval_t _eval); +extern int kauth_acl_inherit(vnode_t _dvp, kauth_acl_t _initial, kauth_acl_t *_product, int _isdir, vfs_context_t _ctx); + +#endif /* XNU_KERNEL_PRIVATE */ + + __END_DECLS /* @@ -436,9 +532,11 @@ __END_DECLS /* Actions */ #define KAUTH_GENERIC_ISSUSER 1 +#ifdef XNU_KERNEL_PRIVATE __BEGIN_DECLS extern int kauth_authorize_generic(kauth_cred_t credential, kauth_action_t action); __END_DECLS +#endif /* XNU_KERNEL_PRIVATE */ /* * Process/task scope. @@ -471,9 +569,10 @@ __END_DECLS #define KAUTH_FILEOP_OPEN 1 #define KAUTH_FILEOP_CLOSE 2 #define KAUTH_FILEOP_RENAME 3 -#define KAUTH_FILEOP_EXCHANGE 4 +#define KAUTH_FILEOP_EXCHANGE 4 #define KAUTH_FILEOP_LINK 5 #define KAUTH_FILEOP_EXEC 6 +#define KAUTH_FILEOP_DELETE 7 /* * arguments passed to KAUTH_FILEOP_OPEN listeners @@ -495,13 +594,18 @@ __END_DECLS * arguments passed to KAUTH_FILEOP_EXEC listeners * arg0 is pointer to vnode (vnode *) for executable. * arg1 is pointer to path (char *) to executable. + * arguments passed to KAUTH_FILEOP_DELETE listeners + * arg0 is pointer to vnode (vnode *) of file/dir that was deleted. + * arg1 is pointer to path (char *) of file/dir that was deleted. */ /* Flag values returned to close listeners. */ #define KAUTH_FILEOP_CLOSE_MODIFIED (1<<1) __BEGIN_DECLS +#ifdef XNU_KERNEL_PRIVATE extern int kauth_authorize_fileop_has_listeners(void); +#endif /* XNU_KERNEL_PRIVATE */ extern int kauth_authorize_fileop(kauth_cred_t _credential, kauth_action_t _action, uintptr_t _arg0, uintptr_t _arg1); __END_DECLS @@ -570,6 +674,27 @@ __END_DECLS */ #define KAUTH_VNODE_NOIMMUTABLE (1<<30) + +/* + * fake right that is composed by the following... + * vnode must have search for owner, group and world allowed + * plus there must be no deny modes present for SEARCH... this fake + * right is used by the fast lookup path to avoid checking + * for an exact match on the last credential to lookup + * the component being acted on + */ +#define KAUTH_VNODE_SEARCHBYANYONE (1<<29) + + +/* + * when passed as an 'action' to "vnode_uncache_authorized_actions" + * it indicates that all of the cached authorizations for that + * vnode should be invalidated + */ +#define KAUTH_INVALIDATE_CACHED_RIGHTS ((kauth_action_t)~0) + + + /* The expansions of the GENERIC bits at evaluation time */ #define KAUTH_VNODE_GENERIC_READ_BITS (KAUTH_VNODE_READ_DATA | \ KAUTH_VNODE_READ_ATTRIBUTES | \ @@ -621,7 +746,7 @@ __END_DECLS # ifndef _FN_KPRINTF # define _FN_KPRINTF void kprintf(const char *fmt, ...); -# endif +# endif /* !_FN_KPRINTF */ # define KAUTH_DEBUG_ENABLE # define K_UUID_FMT "%08x:%08x:%08x:%08x" # define K_UUID_ARG(_u) *(int *)&_u.g_guid[0],*(int *)&_u.g_guid[4],*(int *)&_u.g_guid[8],*(int *)&_u.g_guid[12] @@ -635,24 +760,26 @@ void kprintf(const char *fmt, ...); __PRETTY_FUNCTION__, __LINE__ , \ ##args); \ } while(0) -#else +#else /* !0 */ # define KAUTH_DEBUG(fmt, args...) do { } while (0) # define VFS_DEBUG(ctx, vp, fmt, args...) do { } while(0) -#endif +#endif /* !0 */ /* * Initialisation. */ extern lck_grp_t *kauth_lck_grp; +#ifdef XNU_KERNEL_PRIVATE __BEGIN_DECLS -extern void kauth_init(void); -extern void kauth_identity_init(void); -extern void kauth_groups_init(void); -extern void kauth_cred_init(void); -extern void kauth_resolver_init(void); +extern void kauth_init(void) __attribute__((section("__TEXT, initcode"))); +extern void kauth_identity_init(void) __attribute__((section("__TEXT, initcode"))); +extern void kauth_groups_init(void) __attribute__((section("__TEXT, initcode"))); +extern void kauth_cred_init(void) __attribute__((section("__TEXT, initcode"))); +extern void kauth_resolver_init(void) __attribute__((section("__TEXT, initcode"))); __END_DECLS -#endif +#endif /* XNU_KERNEL_PRIVATE */ + +#endif /* KERNEL */ #endif /* __APPLE_API_EVOLVING */ #endif /* _SYS_KAUTH_H */ -