xref: /xnu-11417.140.69/bsd/sys/ucred.h (revision 43a90889846e00bfb5cf1d255cdc0a701a1e05a4) ! 
1 /*
2  * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
3  *
4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5  *
6  * This file contains Original Code and/or Modifications of Original Code
7  * as defined in and that are subject to the Apple Public Source License
8  * Version 2.0 (the 'License'). You may not use this file except in
9  * compliance with the License. The rights granted to you under the License
10  * may not be used to create, or enable the creation or redistribution of,
11  * unlawful or unlicensed copies of an Apple operating system, or to
12  * circumvent, violate, or enable the circumvention or violation of, any
13  * terms of an Apple operating system software license agreement.
14  *
15  * Please obtain a copy of the License at
16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
17  *
18  * The Original Code and all software distributed under the License are
19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23  * Please see the License for the specific language governing rights and
24  * limitations under the License.
25  *
26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27  */
28 /* Copyright (c) 1995, 1997 Apple Computer, Inc. All Rights Reserved */
29 /*
30  * Copyright (c) 1989, 1993
31  *	The Regents of the University of California.  All rights reserved.
32  *
33  * Redistribution and use in source and binary forms, with or without
34  * modification, are permitted provided that the following conditions
35  * are met:
36  * 1. Redistributions of source code must retain the above copyright
37  *    notice, this list of conditions and the following disclaimer.
38  * 2. Redistributions in binary form must reproduce the above copyright
39  *    notice, this list of conditions and the following disclaimer in the
40  *    documentation and/or other materials provided with the distribution.
41  * 3. All advertising materials mentioning features or use of this software
42  *    must display the following acknowledgement:
43  *	This product includes software developed by the University of
44  *	California, Berkeley and its contributors.
45  * 4. Neither the name of the University nor the names of its contributors
46  *    may be used to endorse or promote products derived from this software
47  *    without specific prior written permission.
48  *
49  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59  * SUCH DAMAGE.
60  *
61  *	@(#)ucred.h	8.4 (Berkeley) 1/9/95
62  */
63 /*
64  * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
65  * support for mandatory and extensible security protections.  This notice
66  * is included in support of clause 2.2 (b) of the Apple Public License,
67  * Version 2.0.
68  */
69 
70 #ifndef _SYS_UCRED_H_
71 #define _SYS_UCRED_H_
72 
73 #include <sys/appleapiopts.h>
74 #include <sys/cdefs.h>
75 #include <sys/param.h>
76 #include <bsm/audit.h>
77 
78 struct label;
79 
80 #ifdef __APPLE_API_UNSTABLE
81 #ifdef KERNEL
82 #include <sys/queue.h>
83 #include <os/base.h>
84 
85 /*!
86  * @struct ucred
87  *
88  * @brief
89  * In-kernel credential structure.
90  *
91  * @discussion
92  * Note that this structure should not be used outside the kernel,
93  * nor should it or copies of it be exported outside.
94  *
95  * A credential has a relatively simple lifetime, with 3 phases:
96  * 1. construction
97  * 2. publication
98  * 3. death
99  *
100  *
101  * Construction
102  * ~~~~~~~~~~~~
103  *
104  * The construction phase happens via various MACF hooks,
105  * typically with the "associate" or "update" suffix.
106  *
107  * During this phase, the credential structure is completely private,
108  * and can't be looked up. All "associate" and "update" callouts are
109  * made serially (so no locking is required for clients to ensure
110  * atomicity of updates) and keeping references on the cred is forbidden.
111  *
112  *
113  * Publication
114  * ~~~~~~~~~~~
115  *
116  * Once the credential has been constructed, it is being published
117  * on its owning structure (typically the proc) and added into
118  * a uniquing hash table.
119  *
120  * After this point, the credential becomes a refcounted immutable
121  * "value type" data structure. MACF clients which have set labels
122  * are not allowed to modify this label pointer anymore (though
123  * their label itself might be mutable or contain caches).
124  *
125  * It means that while a client holds a reference on a credential,
126  * it can consult labels without further synchronization or references.
127  *
128  *
129  * Death
130  * ~~~~~
131  *
132  * Credentials are managed under the smr_kauth_cred domain,
133  * and retired according to the <kern/smr.h> rules.
134  *
135  * Once it is safe for the credential to be freed,
136  * callbacks will clean up the resources the credential
137  * holds onto via the MACF cred_label_destroy() hook.
138  *
139  * It means that under an smr_kauth_cred critical section,
140  * clients can consult labels without further synchronization
141  * or references, even after the credential hit a "0" refcount.
142  *
143  *
144  * KPIs to interact with this data structure live in <sys/kauth.h>
145  */
146 struct ucred {
147 #if BSD_KERNEL_PRIVATE
148 	struct ucred_rw        *cr_rw;
149 	void                   *cr_unused;
150 #else
151 	LIST_ENTRY(ucred)       cr_link; /* never modify this without KAUTH_CRED_HASH_LOCK */
152 #endif
153 	u_long                  cr_ref;  /* reference count */
154 
155 	struct posix_cred {
156 		/*
157 		 * The credential hash depends on everything from this point on
158 		 * (see kauth_cred_get_hashkey)
159 		 */
160 		uid_t   cr_uid;         /* effective user id */
161 		uid_t   cr_ruid;        /* real user id */
162 		uid_t   cr_svuid;       /* saved user id */
163 		u_short cr_ngroups;     /* number of groups in advisory list */
164 #if XNU_KERNEL_PRIVATE
165 		u_short __cr_padding;
166 #endif
167 		gid_t   cr_groups[NGROUPS];/* advisory group list */
168 		gid_t   cr_rgid;        /* real group id */
169 		gid_t   cr_svgid;       /* saved group id */
170 		uid_t   cr_gmuid;       /* UID for group membership purposes */
171 		int     cr_flags;       /* flags on credential */
172 	} cr_posix;
173 	struct label    * OS_PTRAUTH_SIGNED_PTR_AUTH_NULL("ucred.cr_label") cr_label;     /* MAC label */
174 
175 	/*
176 	 * NOTE: If anything else (besides the flags)
177 	 * added after the label, you must change
178 	 * kauth_cred_find().
179 	 */
180 	struct au_session cr_audit;             /* user auditing data */
181 };
182 #else /* KERNEL */
183 struct ucred;
184 struct posix_cred;
185 #endif /* KERNEL */
186 
187 #ifndef _KAUTH_CRED_T
188 #define _KAUTH_CRED_T
189 typedef struct ucred *kauth_cred_t;
190 typedef struct posix_cred *posix_cred_t;
191 #endif  /* !_KAUTH_CRED_T */
192 
193 /*
194  * Credential flags that can be set on a credential
195  */
196 #define CRF_NOMEMBERD   0x00000001      /* memberd opt out by setgroups() */
197 #define CRF_MAC_ENFORCE 0x00000002      /* force entry through MAC Framework */
198                                         /* also forces credential cache miss */
199 
200 /*
201  * This is the external representation of struct ucred.
202  */
203 struct xucred {
204 	u_int   cr_version;             /* structure layout version */
205 	uid_t   cr_uid;                 /* effective user id */
206 	short   cr_ngroups;             /* number of advisory groups */
207 	gid_t   cr_groups[NGROUPS];     /* advisory group list */
208 };
209 #define XUCRED_VERSION  0
210 
211 #define cr_gid cr_groups[0]
212 #define NOCRED ((kauth_cred_t )0)       /* no credential available */
213 #define FSCRED ((kauth_cred_t )-1)      /* filesystem credential */
214 
215 #define IS_VALID_CRED(_cr)      ((_cr) != NOCRED && (_cr) != FSCRED)
216 
217 #ifdef KERNEL
218 #ifdef __APPLE_API_OBSOLETE
219 __BEGIN_DECLS
220 int             suser(kauth_cred_t cred, u_short *acflag);
221 int             set_security_token(struct proc *p, struct ucred *cred);
222 void            cru2x(kauth_cred_t cr, struct xucred *xcr);
223 __END_DECLS
224 #endif /* __APPLE_API_OBSOLETE */
225 #endif /* KERNEL */
226 #endif /* __APPLE_API_UNSTABLE */
227 
228 #endif /* !_SYS_UCRED_H_ */
229