1 /*-
2 * SPDX-License-Identifier: BSD-3-Clause
3 *
4 * Copyright (c) 1989, 1993
5 * The Regents of the University of California. All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name of the University nor the names of its contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 */
31
32 #ifndef _SYS_UCRED_H_
33 #define _SYS_UCRED_H_
34
35 #include <sys/types.h>
36 #if defined(_KERNEL) || defined(_WANT_UCRED)
37 #include <sys/_lock.h>
38 #include <sys/_mutex.h>
39 #endif
40 #include <bsm/audit.h>
41
42 #if defined(_KERNEL) || defined(_WANT_UCRED)
43 /*
44 * Flags for cr_flags.
45 */
46 #define CRED_FLAG_CAPMODE 0x00000001 /* In capability mode. */
47
48 /*
49 * Number of groups inlined in 'struct ucred'. It must stay reasonably low as
50 * it is also used by some functions to allocate an array of this size on the
51 * stack.
52 */
53 #define CRED_SMALLGROUPS_NB 16
54
55 struct label;
56 struct loginclass;
57 struct prison;
58 struct uidinfo;
59
60 /*
61 * Credentials.
62 *
63 * Please do not inspect cr_uid directly to determine superuserness. The
64 * priv(9) interface should be used to check for privilege.
65 *
66 * Lock reference:
67 * c - cr_mtx
68 *
69 * Unmarked fields are constant after creation.
70 *
71 * See "Credential management" comment in kern_prot.c for more information.
72 */
73 struct ucred {
74 struct mtx cr_mtx;
75 long cr_ref; /* (c) reference count */
76 u_int cr_users; /* (c) proc + thread using this cred */
77 u_int cr_flags; /* credential flags */
78 struct auditinfo_addr cr_audit; /* Audit properties. */
79 #define cr_startcopy cr_uid
80 uid_t cr_uid; /* effective user id */
81 uid_t cr_ruid; /* real user id */
82 uid_t cr_svuid; /* saved user id */
83 /*
84 * XXXOC: On the next ABI change, please move 'cr_ngroups' out of the
85 * copied area (crcopy() already copes with this change).
86 */
87 int cr_ngroups; /* number of groups */
88 gid_t cr_rgid; /* real group id */
89 gid_t cr_svgid; /* saved group id */
90 struct uidinfo *cr_uidinfo; /* per euid resource consumption */
91 struct uidinfo *cr_ruidinfo; /* per ruid resource consumption */
92 struct prison *cr_prison; /* jail(2) */
93 struct loginclass *cr_loginclass; /* login class */
94 void *cr_pspare2[2]; /* general use 2 */
95 #define cr_endcopy cr_label
96 struct label *cr_label; /* MAC label */
97 gid_t *cr_groups; /* groups */
98 int cr_agroups; /* Available groups */
99 /* storage for small groups */
100 gid_t cr_smallgroups[CRED_SMALLGROUPS_NB];
101 };
102 #define NOCRED ((struct ucred *)0) /* no credential available */
103 #define FSCRED ((struct ucred *)-1) /* filesystem credential */
104 #endif /* _KERNEL || _WANT_UCRED */
105
106 #define XU_NGROUPS 16
107
108 /*
109 * This is the external representation of struct ucred.
110 */
111 struct xucred {
112 u_int cr_version; /* structure layout version */
113 uid_t cr_uid; /* effective user id */
114 short cr_ngroups; /* number of groups */
115 gid_t cr_groups[XU_NGROUPS]; /* groups */
116 union {
117 void *_cr_unused1; /* compatibility with old ucred */
118 pid_t cr_pid;
119 };
120 };
121 #define XUCRED_VERSION 0
122
123 /* This can be used for both ucred and xucred structures. */
124 #define cr_gid cr_groups[0]
125
126 struct mac;
127 /*
128 * Structure to pass as an argument to the setcred() system call.
129 */
130 struct setcred {
131 uid_t sc_uid; /* effective user id */
132 uid_t sc_ruid; /* real user id */
133 uid_t sc_svuid; /* saved user id */
134 gid_t sc_gid; /* effective group id */
135 gid_t sc_rgid; /* real group id */
136 gid_t sc_svgid; /* saved group id */
137 u_int sc_pad; /* see 32-bit compat structure */
138 u_int sc_supp_groups_nb; /* number of supplementary groups */
139 gid_t *sc_supp_groups; /* supplementary groups */
140 struct mac *sc_label; /* MAC label */
141 };
142 /*
143 * Initializer for 'struct setcred' variables.
144 */
145 #define SETCRED_INITIALIZER { -1, -1, -1, -1, -1, -1, 0, 0, NULL, NULL }
146
147 /*
148 * Flags to setcred().
149 */
150 #define SETCREDF_UID (1u << 0)
151 #define SETCREDF_RUID (1u << 1)
152 #define SETCREDF_SVUID (1u << 2)
153 #define SETCREDF_GID (1u << 3)
154 #define SETCREDF_RGID (1u << 4)
155 #define SETCREDF_SVGID (1u << 5)
156 #define SETCREDF_SUPP_GROUPS (1u << 6)
157 #define SETCREDF_MAC_LABEL (1u << 7)
158
159 #ifdef _KERNEL
160 /*
161 * Masks of the currently valid flags to setcred().
162 *
163 * Please consider reserving some of the high bits in the 'flags' argument for
164 * versioning when almost all of them are in use.
165 */
166 #define SETCREDF_MASK (SETCREDF_UID | SETCREDF_RUID | SETCREDF_SVUID | \
167 SETCREDF_GID | SETCREDF_RGID | SETCREDF_SVGID | SETCREDF_SUPP_GROUPS | \
168 SETCREDF_MAC_LABEL)
169
170 struct setcred32 {
171 #define setcred32_copy_start sc_uid
172 uid_t sc_uid;
173 uid_t sc_ruid;
174 uid_t sc_svuid;
175 gid_t sc_gid;
176 gid_t sc_rgid;
177 gid_t sc_svgid;
178 u_int sc_pad;
179 u_int sc_supp_groups_nb;
180 #define setcred32_copy_end sc_supp_groups
181 uint32_t sc_supp_groups; /* gid_t [*] */
182 uint32_t sc_label; /* struct mac32 [*] */
183 };
184
185 struct thread;
186
187 /* Common native and 32-bit compatibility entry point. */
188 int user_setcred(struct thread *td, const u_int flags,
189 const void *const uwcred, const size_t size, bool is_32bit);
190
191 struct proc;
192
193 struct credbatch {
194 struct ucred *cred;
195 int users;
196 int ref;
197 };
198
199 static inline void
credbatch_prep(struct credbatch * crb)200 credbatch_prep(struct credbatch *crb)
201 {
202 crb->cred = NULL;
203 crb->users = 0;
204 crb->ref = 0;
205 }
206 void credbatch_add(struct credbatch *crb, struct thread *td);
207
208 static inline void
credbatch_process(struct credbatch * crb __unused)209 credbatch_process(struct credbatch *crb __unused)
210 {
211
212 }
213
214 void credbatch_final(struct credbatch *crb);
215
216 void change_egid(struct ucred *newcred, gid_t egid);
217 void change_euid(struct ucred *newcred, struct uidinfo *euip);
218 void change_rgid(struct ucred *newcred, gid_t rgid);
219 void change_ruid(struct ucred *newcred, struct uidinfo *ruip);
220 void change_svgid(struct ucred *newcred, gid_t svgid);
221 void change_svuid(struct ucred *newcred, uid_t svuid);
222 void crcopy(struct ucred *dest, struct ucred *src);
223 struct ucred *crcopysafe(struct proc *p, struct ucred *cr);
224 struct ucred *crdup(struct ucred *cr);
225 void crextend(struct ucred *cr, int n);
226 void proc_set_cred(struct proc *p, struct ucred *newcred);
227 bool proc_set_cred_enforce_proc_lim(struct proc *p, struct ucred *newcred);
228 void proc_unset_cred(struct proc *p, bool decrement_proc_count);
229 void crfree(struct ucred *cr);
230 struct ucred *crcowsync(void);
231 struct ucred *crget(void);
232 struct ucred *crhold(struct ucred *cr);
233 struct ucred *crcowget(struct ucred *cr);
234 void crcowfree(struct thread *td);
235 void cru2x(struct ucred *cr, struct xucred *xcr);
236 void cru2xt(struct thread *td, struct xucred *xcr);
237 void crsetgroups(struct ucred *cr, int ngrp, const gid_t *groups);
238 void crsetgroups_fallback(struct ucred *cr, int ngrp, const gid_t *groups,
239 const gid_t fallback);
240
241 /*
242 * Returns whether gid designates a primary group in cred.
243 */
244 static inline bool
group_is_primary(const gid_t gid,const struct ucred * const cred)245 group_is_primary(const gid_t gid, const struct ucred *const cred)
246 {
247 return (gid == cred->cr_groups[0] || gid == cred->cr_rgid ||
248 gid == cred->cr_svgid);
249 }
250 bool group_is_supplementary(const gid_t gid, const struct ucred *const cred);
251 bool groupmember(gid_t gid, const struct ucred *cred);
252 bool realgroupmember(gid_t gid, const struct ucred *cred);
253
254 #else /* !_KERNEL */
255
256 __BEGIN_DECLS
257 int setcred(u_int flags, const struct setcred *wcred, size_t size);
258 __END_DECLS
259
260 #endif /* _KERNEL */
261
262 #endif /* !_SYS_UCRED_H_ */
263