1/* 2 * Copyright (c) 2000-2004 Apple Computer, Inc. All rights reserved. 3 * 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. The rights granted to you under the License 10 * may not be used to create, or enable the creation or redistribution of, 11 * unlawful or unlicensed copies of an Apple operating system, or to 12 * circumvent, violate, or enable the circumvention or violation of, any 13 * terms of an Apple operating system software license agreement. 14 * 15 * Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this file. 17 * 18 * The Original Code and all software distributed under the License are 19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 23 * Please see the License for the specific language governing rights and 24 * limitations under the License. 25 * 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ 27 */ 28/* Copyright (c) 1995, 1997 Apple Computer, Inc. All Rights Reserved */ 29/* 30 * Copyright (c) 1989, 1993 31 * The Regents of the University of California. All rights reserved. 32 * 33 * Redistribution and use in source and binary forms, with or without 34 * modification, are permitted provided that the following conditions 35 * are met: 36 * 1. Redistributions of source code must retain the above copyright 37 * notice, this list of conditions and the following disclaimer. 38 * 2. Redistributions in binary form must reproduce the above copyright 39 * notice, this list of conditions and the following disclaimer in the 40 * documentation and/or other materials provided with the distribution. 41 * 3. All advertising materials mentioning features or use of this software 42 * must display the following acknowledgement: 43 * This product includes software developed by the University of 44 * California, Berkeley and its contributors. 45 * 4. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)ucred.h 8.4 (Berkeley) 1/9/95 62 */ 63/* 64 * NOTICE: This file was modified by SPARTA, Inc. in 2005 to introduce 65 * support for mandatory and extensible security protections. This notice 66 * is included in support of clause 2.2 (b) of the Apple Public License, 67 * Version 2.0. 68 */ 69 70#ifndef _SYS_UCRED_H_ 71#define _SYS_UCRED_H_ 72 73#include <sys/appleapiopts.h> 74#include <sys/cdefs.h> 75#include <sys/param.h> 76#include <bsm/audit.h> 77 78struct label; 79 80#ifdef __APPLE_API_UNSTABLE 81#include <sys/queue.h> 82 83/* 84 * In-kernel credential structure. 85 * 86 * Note that this structure should not be used outside the kernel, nor should 87 * it or copies of it be exported outside. 88 */ 89struct ucred { 90 TAILQ_ENTRY(ucred) cr_link; /* never modify this without KAUTH_CRED_HASH_LOCK */ 91 u_long cr_ref; /* reference count */ 92 93struct posix_cred { 94 /* 95 * The credential hash depends on everything from this point on 96 * (see kauth_cred_get_hashkey) 97 */ 98 uid_t cr_uid; /* effective user id */ 99 uid_t cr_ruid; /* real user id */ 100 uid_t cr_svuid; /* saved user id */ 101 short cr_ngroups; /* number of groups in advisory list */ 102 gid_t cr_groups[NGROUPS]; /* advisory group list */ 103 gid_t cr_rgid; /* real group id */ 104 gid_t cr_svgid; /* saved group id */ 105 uid_t cr_gmuid; /* UID for group membership purposes */ 106 int cr_flags; /* flags on credential */ 107} cr_posix; 108 struct label *cr_label; /* MAC label */ 109 /* 110 * NOTE: If anything else (besides the flags) 111 * added after the label, you must change 112 * kauth_cred_find(). 113 */ 114 struct au_session cr_audit; /* user auditing data */ 115}; 116#ifndef _KAUTH_CRED_T 117#define _KAUTH_CRED_T 118typedef struct ucred *kauth_cred_t; 119typedef struct posix_cred *posix_cred_t; 120#endif /* !_KAUTH_CRED_T */ 121 122/* 123 * Credential flags that can be set on a credential 124 */ 125#define CRF_NOMEMBERD 0x00000001 /* memberd opt out by setgroups() */ 126#define CRF_MAC_ENFORCE 0x00000002 /* force entry through MAC Framework */ 127 /* also forces credential cache miss */ 128 129/* 130 * This is the external representation of struct ucred. 131 */ 132struct xucred { 133 u_int cr_version; /* structure layout version */ 134 uid_t cr_uid; /* effective user id */ 135 short cr_ngroups; /* number of advisory groups */ 136 gid_t cr_groups[NGROUPS]; /* advisory group list */ 137}; 138#define XUCRED_VERSION 0 139 140#define cr_gid cr_groups[0] 141#define NOCRED ((kauth_cred_t )0) /* no credential available */ 142#define FSCRED ((kauth_cred_t )-1) /* filesystem credential */ 143 144#define IS_VALID_CRED(_cr) ((_cr) != NOCRED && (_cr) != FSCRED) 145 146#ifdef KERNEL 147#ifdef __APPLE_API_OBSOLETE 148__BEGIN_DECLS 149int crcmp(kauth_cred_t cr1, kauth_cred_t cr2); 150int suser(kauth_cred_t cred, u_short *acflag); 151int set_security_token(struct proc * p); 152void cru2x(kauth_cred_t cr, struct xucred *xcr); 153__END_DECLS 154#endif /* __APPLE_API_OBSOLETE */ 155#endif /* KERNEL */ 156#endif /* __APPLE_API_UNSTABLE */ 157 158#endif /* !_SYS_UCRED_H_ */ 159