xref: /xnu-8792.81.2/bsd/sys/ucred.h (revision 19c3b8c28c31cb8130e034cfb5df6bf9ba342d90) 
1 /*
2  * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved.
3  *
4  * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5  *
6  * This file contains Original Code and/or Modifications of Original Code
7  * as defined in and that are subject to the Apple Public Source License
8  * Version 2.0 (the 'License'). You may not use this file except in
9  * compliance with the License. The rights granted to you under the License
10  * may not be used to create, or enable the creation or redistribution of,
11  * unlawful or unlicensed copies of an Apple operating system, or to
12  * circumvent, violate, or enable the circumvention or violation of, any
13  * terms of an Apple operating system software license agreement.
14  *
15  * Please obtain a copy of the License at
16  * http://www.opensource.apple.com/apsl/ and read it before using this file.
17  *
18  * The Original Code and all software distributed under the License are
19  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23  * Please see the License for the specific language governing rights and
24  * limitations under the License.
25  *
26  * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27  */
28 /* Copyright (c) 1995, 1997 Apple Computer, Inc. All Rights Reserved */
29 /*
30  * Copyright (c) 1989, 1993
31  *	The Regents of the University of California.  All rights reserved.
32  *
33  * Redistribution and use in source and binary forms, with or without
34  * modification, are permitted provided that the following conditions
35  * are met:
36  * 1. Redistributions of source code must retain the above copyright
37  *    notice, this list of conditions and the following disclaimer.
38  * 2. Redistributions in binary form must reproduce the above copyright
39  *    notice, this list of conditions and the following disclaimer in the
40  *    documentation and/or other materials provided with the distribution.
41  * 3. All advertising materials mentioning features or use of this software
42  *    must display the following acknowledgement:
43  *	This product includes software developed by the University of
44  *	California, Berkeley and its contributors.
45  * 4. Neither the name of the University nor the names of its contributors
46  *    may be used to endorse or promote products derived from this software
47  *    without specific prior written permission.
48  *
49  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59  * SUCH DAMAGE.
60  *
61  *	@(#)ucred.h	8.4 (Berkeley) 1/9/95
62  */
63 /*
64  * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce
65  * support for mandatory and extensible security protections.  This notice
66  * is included in support of clause 2.2 (b) of the Apple Public License,
67  * Version 2.0.
68  */
69 
70 #ifndef _SYS_UCRED_H_
71 #define _SYS_UCRED_H_
72 
73 #include <sys/appleapiopts.h>
74 #include <sys/cdefs.h>
75 #include <sys/param.h>
76 #include <bsm/audit.h>
77 
78 struct label;
79 
80 #ifdef __APPLE_API_UNSTABLE
81 #ifdef KERNEL
82 #include <sys/queue.h>
83 #include <os/base.h>
84 
85 /*
86  * In-kernel credential structure.
87  *
88  * Note that this structure should not be used outside the kernel, nor should
89  * it or copies of it be exported outside.
90  */
91 struct ucred {
92 #if BSD_KERNEL_PRIVATE
93 	struct ucred_rw        *cr_rw;
94 	void                   *cr_unused;
95 #else
96 	LIST_ENTRY(ucred)       cr_link; /* never modify this without KAUTH_CRED_HASH_LOCK */
97 #endif
98 	u_long                  cr_ref;  /* reference count */
99 
100 	struct posix_cred {
101 		/*
102 		 * The credential hash depends on everything from this point on
103 		 * (see kauth_cred_get_hashkey)
104 		 */
105 		uid_t   cr_uid;         /* effective user id */
106 		uid_t   cr_ruid;        /* real user id */
107 		uid_t   cr_svuid;       /* saved user id */
108 		u_short cr_ngroups;     /* number of groups in advisory list */
109 #if XNU_KERNEL_PRIVATE
110 		u_short __cr_padding;
111 #endif
112 		gid_t   cr_groups[NGROUPS];/* advisory group list */
113 		gid_t   cr_rgid;        /* real group id */
114 		gid_t   cr_svgid;       /* saved group id */
115 		uid_t   cr_gmuid;       /* UID for group membership purposes */
116 		int     cr_flags;       /* flags on credential */
117 	} cr_posix;
118 	struct label    * OS_PTRAUTH_SIGNED_PTR_AUTH_NULL("ucred.cr_label") cr_label;     /* MAC label */
119 
120 	/*
121 	 * NOTE: If anything else (besides the flags)
122 	 * added after the label, you must change
123 	 * kauth_cred_find().
124 	 */
125 	struct au_session cr_audit;             /* user auditing data */
126 };
127 #else /* KERNEL */
128 struct ucred;
129 struct posix_cred;
130 #endif /* KERNEL */
131 
132 #ifndef _KAUTH_CRED_T
133 #define _KAUTH_CRED_T
134 typedef struct ucred *kauth_cred_t;
135 typedef struct posix_cred *posix_cred_t;
136 #endif  /* !_KAUTH_CRED_T */
137 
138 /*
139  * Credential flags that can be set on a credential
140  */
141 #define CRF_NOMEMBERD   0x00000001      /* memberd opt out by setgroups() */
142 #define CRF_MAC_ENFORCE 0x00000002      /* force entry through MAC Framework */
143                                         /* also forces credential cache miss */
144 
145 /*
146  * This is the external representation of struct ucred.
147  */
148 struct xucred {
149 	u_int   cr_version;             /* structure layout version */
150 	uid_t   cr_uid;                 /* effective user id */
151 	short   cr_ngroups;             /* number of advisory groups */
152 	gid_t   cr_groups[NGROUPS];     /* advisory group list */
153 };
154 #define XUCRED_VERSION  0
155 
156 #define cr_gid cr_groups[0]
157 #define NOCRED ((kauth_cred_t )0)       /* no credential available */
158 #define FSCRED ((kauth_cred_t )-1)      /* filesystem credential */
159 
160 #define IS_VALID_CRED(_cr)      ((_cr) != NOCRED && (_cr) != FSCRED)
161 
162 #ifdef KERNEL
163 #ifdef __APPLE_API_OBSOLETE
164 __BEGIN_DECLS
165 int             crcmp(kauth_cred_t cr1, kauth_cred_t cr2);
166 int             suser(kauth_cred_t cred, u_short *acflag);
167 int             set_security_token(struct proc * p);
168 int             set_security_token_task_internal(struct proc *p, void *task);
169 void            cru2x(kauth_cred_t cr, struct xucred *xcr);
170 __END_DECLS
171 #endif /* __APPLE_API_OBSOLETE */
172 #endif /* KERNEL */
173 #endif /* __APPLE_API_UNSTABLE */
174 
175 #endif /* !_SYS_UCRED_H_ */
176