xref: /freebsd-src/sys/sys/ucred.h (revision ddb3eb4efe55e57c206f3534263c77b837aff1dc) 
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1989, 1993
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. Neither the name of the University nor the names of its contributors
16  *    may be used to endorse or promote products derived from this software
17  *    without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #ifndef _SYS_UCRED_H_
33 #define	_SYS_UCRED_H_
34 
35 #include <sys/types.h>
36 #if defined(_KERNEL) || defined(_WANT_UCRED)
37 #include <sys/_lock.h>
38 #include <sys/_mutex.h>
39 #endif
40 #include <bsm/audit.h>
41 
42 #if defined(_KERNEL) || defined(_WANT_UCRED)
43 /*
44  * Flags for cr_flags.
45  */
46 #define	CRED_FLAG_CAPMODE	0x00000001	/* In capability mode. */
47 
48 /*
49  * Number of groups inlined in 'struct ucred'.  It must stay reasonably low as
50  * it is also used by some functions to allocate an array of this size on the
51  * stack.
52  */
53 #define	CRED_SMALLGROUPS_NB	16
54 
55 struct label;
56 struct loginclass;
57 struct prison;
58 struct uidinfo;
59 
60 /*
61  * Credentials.
62  *
63  * Please do not inspect cr_uid directly to determine superuserness.  The
64  * priv(9) interface should be used to check for privilege.
65  *
66  * Lock reference:
67  *      c - cr_mtx
68  *
69  * Unmarked fields are constant after creation.
70  *
71  * See "Credential management" comment in kern_prot.c for more information.
72  */
73 struct ucred {
74 	struct mtx cr_mtx;
75 	long	cr_ref;			/* (c) reference count */
76 	u_int	cr_users;		/* (c) proc + thread using this cred */
77 	u_int	cr_flags;		/* credential flags */
78 	struct auditinfo_addr	cr_audit;	/* Audit properties. */
79 #define	cr_startcopy cr_uid
80 	uid_t	cr_uid;			/* effective user id */
81 	uid_t	cr_ruid;		/* real user id */
82 	uid_t	cr_svuid;		/* saved user id */
83 	/*
84 	 * XXXOC: On the next ABI change, please move 'cr_ngroups' out of the
85 	 * copied area (crcopy() already copes with this change).
86 	 */
87 	int	cr_ngroups;		/* number of groups */
88 	gid_t	cr_rgid;		/* real group id */
89 	gid_t	cr_svgid;		/* saved group id */
90 	struct uidinfo	*cr_uidinfo;	/* per euid resource consumption */
91 	struct uidinfo	*cr_ruidinfo;	/* per ruid resource consumption */
92 	struct prison	*cr_prison;	/* jail(2) */
93 	struct loginclass	*cr_loginclass; /* login class */
94 	void		*cr_pspare2[2];	/* general use 2 */
95 #define	cr_endcopy	cr_label
96 	struct label	*cr_label;	/* MAC label */
97 	gid_t	*cr_groups;		/* groups */
98 	int	cr_agroups;		/* Available groups */
99 	/* storage for small groups */
100 	gid_t   cr_smallgroups[CRED_SMALLGROUPS_NB];
101 };
102 #define	NOCRED	((struct ucred *)0)	/* no credential available */
103 #define	FSCRED	((struct ucred *)-1)	/* filesystem credential */
104 #endif /* _KERNEL || _WANT_UCRED */
105 
106 #define	XU_NGROUPS	16
107 
108 /*
109  * This is the external representation of struct ucred.
110  */
111 struct xucred {
112 	u_int	cr_version;		/* structure layout version */
113 	uid_t	cr_uid;			/* effective user id */
114 	short	cr_ngroups;		/* number of groups */
115 	gid_t	cr_groups[XU_NGROUPS];	/* groups */
116 	union {
117 		void	*_cr_unused1;	/* compatibility with old ucred */
118 		pid_t	cr_pid;
119 	};
120 };
121 #define	XUCRED_VERSION	0
122 
123 /* This can be used for both ucred and xucred structures. */
124 #define	cr_gid cr_groups[0]
125 
126 struct mac;
127 /*
128  * Structure to pass as an argument to the setcred() system call.
129  */
130 struct setcred {
131 	uid_t	 sc_uid;		/* effective user id */
132 	uid_t	 sc_ruid;		/* real user id */
133 	uid_t	 sc_svuid;		/* saved user id */
134 	gid_t	 sc_gid;		/* effective group id */
135 	gid_t	 sc_rgid;		/* real group id */
136 	gid_t	 sc_svgid;		/* saved group id */
137 	u_int	 sc_pad;		/* see 32-bit compat structure */
138 	u_int	 sc_supp_groups_nb;	/* number of supplementary groups */
139 	gid_t	*sc_supp_groups;	/* supplementary groups */
140 	struct mac *sc_label;		/* MAC label */
141 };
142 /*
143  * Initializer for 'struct setcred' variables.
144  */
145 #define	SETCRED_INITIALIZER	{ -1, -1, -1, -1, -1, -1, 0, 0, NULL, NULL }
146 
147 /*
148  * Flags to setcred().
149  */
150 #define	SETCREDF_UID		(1u << 0)
151 #define	SETCREDF_RUID		(1u << 1)
152 #define	SETCREDF_SVUID		(1u << 2)
153 #define	SETCREDF_GID		(1u << 3)
154 #define	SETCREDF_RGID		(1u << 4)
155 #define	SETCREDF_SVGID		(1u << 5)
156 #define	SETCREDF_SUPP_GROUPS	(1u << 6)
157 #define	SETCREDF_MAC_LABEL	(1u << 7)
158 
159 #ifdef _KERNEL
160 /*
161  * Masks of the currently valid flags to setcred().
162  *
163  * Please consider reserving some of the high bits in the 'flags' argument for
164  * versioning when almost all of them are in use.
165  */
166 #define	SETCREDF_MASK	(SETCREDF_UID | SETCREDF_RUID | SETCREDF_SVUID | \
167     SETCREDF_GID | SETCREDF_RGID | SETCREDF_SVGID | SETCREDF_SUPP_GROUPS | \
168     SETCREDF_MAC_LABEL)
169 
170 struct setcred32 {
171 #define	setcred32_copy_start	sc_uid
172 	uid_t	 sc_uid;
173 	uid_t	 sc_ruid;
174 	uid_t	 sc_svuid;
175 	gid_t	 sc_gid;
176 	gid_t	 sc_rgid;
177 	gid_t	 sc_svgid;
178 	u_int	 sc_pad;
179 	u_int	 sc_supp_groups_nb;
180 #define	setcred32_copy_end	sc_supp_groups
181 	uint32_t sc_supp_groups;	/* gid_t [*] */
182 	uint32_t sc_label;		/* struct mac32 [*] */
183 };
184 
185 struct thread;
186 
187 /* Common native and 32-bit compatibility entry point. */
188 int user_setcred(struct thread *td, const u_int flags,
189     const void *const uwcred, const size_t size, bool is_32bit);
190 
191 struct proc;
192 
193 struct credbatch {
194 	struct ucred *cred;
195 	int users;
196 	int ref;
197 };
198 
199 static inline void
200 credbatch_prep(struct credbatch *crb)
201 {
202 	crb->cred = NULL;
203 	crb->users = 0;
204 	crb->ref = 0;
205 }
206 void	credbatch_add(struct credbatch *crb, struct thread *td);
207 
208 static inline void
209 credbatch_process(struct credbatch *crb __unused)
210 {
211 
212 }
213 
214 void	credbatch_final(struct credbatch *crb);
215 
216 void	change_egid(struct ucred *newcred, gid_t egid);
217 void	change_euid(struct ucred *newcred, struct uidinfo *euip);
218 void	change_rgid(struct ucred *newcred, gid_t rgid);
219 void	change_ruid(struct ucred *newcred, struct uidinfo *ruip);
220 void	change_svgid(struct ucred *newcred, gid_t svgid);
221 void	change_svuid(struct ucred *newcred, uid_t svuid);
222 void	crcopy(struct ucred *dest, struct ucred *src);
223 struct ucred	*crcopysafe(struct proc *p, struct ucred *cr);
224 struct ucred	*crdup(struct ucred *cr);
225 void	crextend(struct ucred *cr, int n);
226 void	proc_set_cred(struct proc *p, struct ucred *newcred);
227 bool	proc_set_cred_enforce_proc_lim(struct proc *p, struct ucred *newcred);
228 void	proc_unset_cred(struct proc *p, bool decrement_proc_count);
229 void	crfree(struct ucred *cr);
230 struct ucred	*crcowsync(void);
231 struct ucred	*crget(void);
232 struct ucred	*crhold(struct ucred *cr);
233 struct ucred	*crcowget(struct ucred *cr);
234 void	crcowfree(struct thread *td);
235 void	cru2x(struct ucred *cr, struct xucred *xcr);
236 void	cru2xt(struct thread *td, struct xucred *xcr);
237 void	crsetgroups(struct ucred *cr, int ngrp, const gid_t *groups);
238 void	crsetgroups_fallback(struct ucred *cr, int ngrp, const gid_t *groups,
239 	    const gid_t fallback);
240 
241 /*
242  * Returns whether gid designates a primary group in cred.
243  */
244 static inline bool
245 group_is_primary(const gid_t gid, const struct ucred *const cred)
246 {
247 	return (gid == cred->cr_groups[0] || gid == cred->cr_rgid ||
248 	    gid == cred->cr_svgid);
249 }
250 bool	group_is_supplementary(const gid_t gid, const struct ucred *const cred);
251 bool	groupmember(gid_t gid, const struct ucred *cred);
252 bool	realgroupmember(gid_t gid, const struct ucred *cred);
253 
254 #else /* !_KERNEL */
255 
256 __BEGIN_DECLS
257 int	setcred(u_int flags, const struct setcred *wcred, size_t size);
258 __END_DECLS
259 
260 #endif /* _KERNEL */
261 
262 #endif /* !_SYS_UCRED_H_ */
263