Lines Matching refs:cred
94 extern void kauth_cred_print(kauth_cred_t cred);
251 static void kauth_cred_remove(kauth_cred_t cred);
253 static u_long kauth_cred_get_hashkey(kauth_cred_t cred);
260 static void kauth_cred_print(kauth_cred_t cred);
1769 * Parameters: cred Pointer to the credential to modify
1785 kauth_cred_change_egid(kauth_cred_t cred, gid_t new_egid)
1792 gid_t old_egid = kauth_cred_getgid(cred);
1793 posix_cred_t pcred = posix_cred_get(cred);
1829 kauth_cred_ismember_gid(cred, new_egid, &is_member) == 0 &&
1848 * Parameters: cred Credential to examine
1853 kauth_cred_getuid(kauth_cred_t cred)
1855 NULLCRED_CHECK(cred);
1856 return(posix_cred_get(cred)->cr_uid);
1865 * Parameters: cred Credential to examine
1870 kauth_cred_getruid(kauth_cred_t cred)
1872 NULLCRED_CHECK(cred);
1873 return(posix_cred_get(cred)->cr_ruid);
1882 * Parameters: cred Credential to examine
1887 kauth_cred_getsvuid(kauth_cred_t cred)
1889 NULLCRED_CHECK(cred);
1890 return(posix_cred_get(cred)->cr_svuid);
1899 * Parameters: cred Credential to examine
1904 kauth_cred_getgid(kauth_cred_t cred)
1906 NULLCRED_CHECK(cred);
1907 return(posix_cred_get(cred)->cr_gid);
1916 * Parameters: cred Credential to examine
1921 kauth_cred_getrgid(kauth_cred_t cred)
1923 NULLCRED_CHECK(cred);
1924 return(posix_cred_get(cred)->cr_rgid);
1933 * Parameters: cred Credential to examine
1938 kauth_cred_getsvgid(kauth_cred_t cred)
1940 NULLCRED_CHECK(cred);
1941 return(posix_cred_get(cred)->cr_svgid);
2185 * Parameters: cred Credential to examine
2195 kauth_cred_getguid(kauth_cred_t cred, guid_t *guidp)
2197 NULLCRED_CHECK(cred);
2198 return(kauth_cred_uid2guid(kauth_cred_getuid(cred), guidp));
2249 * Parameters: cred Credential to examine
2259 kauth_cred_getntsid(kauth_cred_t cred, ntsid_t *sidp)
2261 NULLCRED_CHECK(cred);
2262 return(kauth_cred_uid2ntsid(kauth_cred_getuid(cred), sidp));
2791 * Parameters: cred Credential to check in
2816 kauth_cred_ismember_gid(kauth_cred_t cred, gid_t gid, int *resultp)
2818 posix_cred_t pcred = posix_cred_get(cred);
2824 * We can conditionalise this on cred->cr_gmuid == KAUTH_UID_NONE since
2835 * If we don't have a UID for group membership checks, the in-cred list
2922 * Parameters: cred Credential to check in
2943 kauth_cred_ismember_guid(__unused kauth_cred_t cred, guid_t *guidp, int *resultp)
2996 * thus the cred can't be a member.
3004 error = kauth_cred_ismember_gid(cred, gid, resultp);
3090 * Parameters: cred Credential to check for super
3100 kauth_cred_issuser(kauth_cred_t cred)
3102 return(kauth_cred_getuid(cred) == 0);
3258 * instead, to protect against any future changes to the cred
3303 * late-bind the uthread cred to the proc cred.
3374 /* take reference for new cred in thread */
3415 kauth_cred_t cred;
3418 cred = proc_ucred(procp);
3419 kauth_cred_ref(cred);
3421 return(cred);
3476 /* must do this, or cred has same group membership as uid 0 */
3504 * Parameters: cred Template for credential to
3523 kauth_cred_create(kauth_cred_t cred)
3526 posix_cred_t pcred = posix_cred_get(cred);
3545 if (!kauth_cred_ismember_gid(cred, 0, &is_member)) {
3573 found_cred = kauth_cred_find(cred);
3602 bcopy(&cred->cr_audit, &new_cred->cr_audit,
3635 * Parameters: cred The original credential
3661 kauth_cred_setresuid(kauth_cred_t cred, uid_t ruid, uid_t euid, uid_t svuid, uid_t gmuid)
3665 posix_cred_t pcred = posix_cred_get(cred);
3667 NULLCRED_CHECK(cred);
3678 return(cred);
3682 * Look up in cred hash table to see if we have a matching credential
3685 bcopy(cred, &temp_cred, sizeof(temp_cred));
3705 return(kauth_cred_update(cred, &temp_cred, TRUE));
3716 * Parameters: cred The original credential
3736 kauth_cred_setresgid(kauth_cred_t cred, gid_t rgid, gid_t egid, gid_t svgid)
3740 posix_cred_t pcred = posix_cred_get(cred);
3742 NULLCRED_CHECK(cred);
3743 DEBUG_CRED_ENTER("kauth_cred_setresgid %p %d %d %d\n", cred, rgid, egid, svgid);
3753 return(cred);
3757 * Look up in cred hash table to see if we have a matching credential
3760 bcopy(cred, &temp_cred, sizeof(temp_cred));
3778 return(kauth_cred_update(cred, &temp_cred, TRUE));
3795 * Parameters: cred The original credential
3832 kauth_cred_setgroups(kauth_cred_t cred, gid_t *groups, int groupcount, uid_t gmuid)
3839 NULLCRED_CHECK(cred);
3841 pcred = posix_cred_get(cred);
3854 return(cred);
3859 * Look up in cred hash table to see if we have a matching credential
3865 bcopy(cred, &temp_cred, sizeof(temp_cred));
3874 return(kauth_cred_update(cred, &temp_cred, TRUE));
3886 kauth_cred_getgroups(kauth_cred_t cred, gid_t *grouplist, int *countp)
3897 limit = MIN(*countp, cred->cr_posix.cr_ngroups);
3901 memcpy(grouplist, cred->cr_posix.cr_groups, sizeof(gid_t) * limit);
3915 * Parameters: cred The original credential
3943 kauth_cred_setuidgid(kauth_cred_t cred, uid_t uid, gid_t gid)
3949 NULLCRED_CHECK(cred);
3951 pcred = posix_cred_get(cred);
3960 return(cred);
3964 * Look up in cred hash table to see if we have a matching credential
3989 temp_cred.cr_label = cred->cr_label;
3992 return(kauth_cred_update(cred, &temp_cred, TRUE));
4002 * Parameters: cred The credential to update
4021 kauth_cred_setsvuidgid(kauth_cred_t cred, uid_t uid, gid_t gid)
4027 NULLCRED_CHECK(cred);
4029 pcred = posix_cred_get(cred);
4031 DEBUG_CRED_ENTER("kauth_cred_setsvuidgid: %p u%d->%d g%d->%d\n", cred, cred->cr_svuid, uid, cred->cr_svgid, gid);
4040 return(cred);
4042 DEBUG_CRED_CHANGE("kauth_cred_setsvuidgid: cred change\n");
4044 /* look up in cred hash table to see if we have a matching credential
4047 bcopy(cred, &temp_cred, sizeof(temp_cred));
4051 return(kauth_cred_update(cred, &temp_cred, TRUE));
4060 * Parameters: cred The original credential
4078 kauth_cred_setauditinfo(kauth_cred_t cred, au_session_t *auditinfo_p)
4082 NULLCRED_CHECK(cred);
4088 if (bcmp(&cred->cr_audit, auditinfo_p, sizeof(cred->cr_audit)) == 0) {
4090 return(cred);
4093 bcopy(cred, &temp_cred, sizeof(temp_cred));
4096 return(kauth_cred_update(cred, &temp_cred, FALSE));
4105 * Parameters: cred The original credential
4123 kauth_cred_label_update(kauth_cred_t cred, struct label *label)
4128 bcopy(cred, &temp_cred, sizeof(temp_cred));
4131 mac_cred_label_associate(cred, &temp_cred);
4134 newcred = kauth_cred_update(cred, &temp_cred, TRUE);
4145 * Parameters: cred The original credential
4172 kauth_cred_label_update_execve(kauth_cred_t cred, vfs_context_t ctx,
4179 bcopy(cred, &temp_cred, sizeof(temp_cred));
4182 mac_cred_label_associate(cred, &temp_cred);
4186 newcred = kauth_cred_update(cred, &temp_cred, TRUE);
4231 * restart this again with the new cred.
4241 /* update cred on proc */
4309 * restart this again with the new cred.
4319 /* update cred on proc */
4336 kauth_cred_t kauth_cred_setlabel(kauth_cred_t cred, struct label *label);
4338 kauth_cred_setlabel(kauth_cred_t cred, struct label *label)
4340 return kauth_cred_label_update(cred, label);
4358 kauth_cred_label_update(__unused kauth_cred_t cred, __unused void *label)
4373 kauth_cred_t kauth_cred_setlabel(kauth_cred_t cred, void *label);
4375 kauth_cred_setlabel(__unused kauth_cred_t cred, __unused void *label)
4394 * Parameters: cred The credential to reference
4404 * if from the per vnode name cache cred cache, and so on).
4410 * time it is unreferenced from the cred hash cache.
4413 kauth_cred_ref(kauth_cred_t cred)
4417 NULLCRED_CHECK(cred);
4419 old_value = OSAddAtomicLong(1, (long*)&cred->cr_ref);
4422 panic("kauth_cred_ref: trying to take a reference on a cred with no references");
4425 if ( is_target_cred( cred ) != 0 ) {
4474 panic("%s:0x%08x kauth_cred_unref_hashlocked: dropping a reference on a cred with no references", current_proc()->p_comm, *credp);
4476 panic("%s:0x%08x kauth_cred_unref_hashlocked: dropping a reference on a cred with no hash entry", current_proc()->p_comm, *credp);
4531 * Parameters: cred Credential to release
4541 kauth_cred_rele(kauth_cred_t cred)
4543 kauth_cred_unref(&cred);
4554 * Parameters: cred The credential to duplicate
4588 kauth_cred_dup(kauth_cred_t cred)
4596 if (cred == NOCRED || cred == FSCRED)
4604 bcopy(cred, newcred, sizeof(*newcred));
4607 mac_cred_label_associate(cred, newcred);
4609 AUDIT_SESSION_REF(cred);
4621 * Parameters: cred The credential from which to
4628 * additional reference on the passed cred (if any), and the
4633 kauth_cred_copy_real(kauth_cred_t cred)
4638 posix_cred_t pcred = posix_cred_get(cred);
4643 kauth_cred_ref(cred);
4644 return(cred);
4648 * Look up in cred hash table to see if we have a matching credential
4651 bcopy(cred, &temp_cred, sizeof(temp_cred));
4659 * If the cred is not opted out, make sure we are using the r/euid
4670 if (found_cred == cred) {
4671 /* same cred so just bail */
4673 return(cred);
4759 /* same cred so just bail */
4808 * Parameters: new_cred Credential to insert into cred
4817 * Notes: The 'new_cred' MUST NOT already be in the cred hash cache
4853 * Parameters: cred Credential to remove from cred
4866 kauth_cred_remove(kauth_cred_t cred)
4871 hash_key = kauth_cred_get_hashkey(cred);
4875 if (cred->cr_ref < 1)
4876 panic("cred reference underflow");
4877 if (cred->cr_ref > 1)
4880 /* Find cred in the credential hash table */
4882 if (found_cred == cred) {
4886 mac_cred_label_destroy(cred);
4888 AUDIT_SESSION_UNREF(cred);
4890 cred->cr_ref = 0;
4891 FREE_ZONE(cred, sizeof(*cred), M_CRED);
4900 printf("%s:%d - %s - %s - did not find a match for %p\n", __FILE__, __LINE__, __FUNCTION__, current_proc()->p_comm, cred);
4911 * Parameters: cred Credential to lookup in cred
4916 * cred hash cache
4921 kauth_cred_find(kauth_cred_t cred)
4925 posix_cred_t pcred = posix_cred_get(cred);
4938 hash_key = kauth_cred_get_hashkey(cred);
4941 /* Find cred in the credential hash table */
4951 match = match && ((bcmp(&found_cred->cr_audit, &cred->cr_audit,
4952 sizeof(cred->cr_audit)) == 0) ? TRUE : FALSE);
4956 cred->cr_label);
5009 * Parameters: cred Credential for which hash is
5018 kauth_cred_get_hashkey(kauth_cred_t cred)
5020 posix_cred_t pcred = posix_cred_get(cred);
5023 hash_key = kauth_cred_hash((uint8_t *)&cred->cr_posix,
5026 hash_key = kauth_cred_hash((uint8_t *)&cred->cr_audit,
5031 hash_key = kauth_cred_hash((uint8_t *)cred->cr_label,
5043 * Description: Print out cred hash cache table information for debugging
5058 printf("\n\t kauth credential hash table statistics - current cred count %d \n", kauth_cred_count);
5086 * Parameters: cred The credential to print out
5093 kauth_cred_print(kauth_cred_t cred)
5097 printf("%p - refs %lu flags 0x%08x uids e%d r%d sv%d gm%d ", cred, cred->cr_ref, cred->cr_flags, cred->cr_uid, cred->cr_ruid, cred->cr_svuid, cred->cr_gmuid);
5098 printf("group count %d gids ", cred->cr_ngroups);
5102 printf("%d ", cred->cr_groups[i]);
5104 printf("r%d sv%d ", cred->cr_rgid, cred->cr_svgid);
5106 cred->cr_audit.s_aia_p->ai_auid,
5107 cred->cr_audit.as_mask.am_success,
5108 cred->cr_audit.as_mask.am_failure,
5109 cred->cr_audit.as_aia_p->ai_termid.at_port,
5110 cred->cr_audit.as_aia_p->ai_termid.at_addr[0],
5111 cred->cr_audit.as_aia_p->ai_asid);
5168 return( -1 ); // found target cred
5224 NULL, 0, sysctl_dump_creds, "S,debug_ucred", "List of credentials in the cred hash");
5445 * Parameters: cred The credential to obtain the label from
5473 posix_cred_get(kauth_cred_t cred)
5475 return(&cred->cr_posix);
5484 * Parameters: cred The credential to label
5501 posix_cred_label(kauth_cred_t cred, posix_cred_t pcred)
5503 cred->cr_posix = *pcred; /* structure assign for now */
5512 * Parameters: cred The credential to check
5527 posix_cred_access(kauth_cred_t cred, id_t object_uid, id_t object_gid, mode_t object_mode, mode_t mode_req)
5537 if (kauth_cred_getuid(cred) == object_uid && (mode_req & mode_owner) == mode_req)
5559 if (!kauth_cred_ismember_gid(cred, object_gid, &is_member) && is_member) {
5584 if (!kauth_cred_ismember_gid(cred, object_gid, &is_member) && is_member) {