1*1eaf0ac3Slogwang /*- 2*1eaf0ac3Slogwang * Copyright (c) 1989, 1993 3*1eaf0ac3Slogwang * The Regents of the University of California. All rights reserved. 4*1eaf0ac3Slogwang * 5*1eaf0ac3Slogwang * Redistribution and use in source and binary forms, with or without 6*1eaf0ac3Slogwang * modification, are permitted provided that the following conditions 7*1eaf0ac3Slogwang * are met: 8*1eaf0ac3Slogwang * 1. Redistributions of source code must retain the above copyright 9*1eaf0ac3Slogwang * notice, this list of conditions and the following disclaimer. 10*1eaf0ac3Slogwang * 2. Redistributions in binary form must reproduce the above copyright 11*1eaf0ac3Slogwang * notice, this list of conditions and the following disclaimer in the 12*1eaf0ac3Slogwang * documentation and/or other materials provided with the distribution. 13*1eaf0ac3Slogwang * 4. Neither the name of the University nor the names of its contributors 14*1eaf0ac3Slogwang * may be used to endorse or promote products derived from this software 15*1eaf0ac3Slogwang * without specific prior written permission. 16*1eaf0ac3Slogwang * 17*1eaf0ac3Slogwang * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18*1eaf0ac3Slogwang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19*1eaf0ac3Slogwang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20*1eaf0ac3Slogwang * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21*1eaf0ac3Slogwang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22*1eaf0ac3Slogwang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23*1eaf0ac3Slogwang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24*1eaf0ac3Slogwang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25*1eaf0ac3Slogwang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26*1eaf0ac3Slogwang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27*1eaf0ac3Slogwang * SUCH DAMAGE. 28*1eaf0ac3Slogwang * 29*1eaf0ac3Slogwang * @(#)ucred.h 8.4 (Berkeley) 1/9/95 30*1eaf0ac3Slogwang * $FreeBSD$ 31*1eaf0ac3Slogwang */ 32*1eaf0ac3Slogwang 33*1eaf0ac3Slogwang #ifndef _SYS_UCRED_H_ 34*1eaf0ac3Slogwang #define _SYS_UCRED_H_ 35*1eaf0ac3Slogwang 36*1eaf0ac3Slogwang #include <bsm/audit.h> 37*1eaf0ac3Slogwang 38*1eaf0ac3Slogwang struct loginclass; 39*1eaf0ac3Slogwang 40*1eaf0ac3Slogwang #define XU_NGROUPS 16 41*1eaf0ac3Slogwang 42*1eaf0ac3Slogwang /* 43*1eaf0ac3Slogwang * Credentials. 44*1eaf0ac3Slogwang * 45*1eaf0ac3Slogwang * Please do not inspect cr_uid directly to determine superuserness. The 46*1eaf0ac3Slogwang * priv(9) interface should be used to check for privilege. 47*1eaf0ac3Slogwang */ 48*1eaf0ac3Slogwang #if defined(_KERNEL) || defined(_WANT_UCRED) 49*1eaf0ac3Slogwang struct ucred { 50*1eaf0ac3Slogwang u_int cr_ref; /* reference count */ 51*1eaf0ac3Slogwang #define cr_startcopy cr_uid 52*1eaf0ac3Slogwang uid_t cr_uid; /* effective user id */ 53*1eaf0ac3Slogwang uid_t cr_ruid; /* real user id */ 54*1eaf0ac3Slogwang uid_t cr_svuid; /* saved user id */ 55*1eaf0ac3Slogwang int cr_ngroups; /* number of groups */ 56*1eaf0ac3Slogwang gid_t cr_rgid; /* real group id */ 57*1eaf0ac3Slogwang gid_t cr_svgid; /* saved group id */ 58*1eaf0ac3Slogwang struct uidinfo *cr_uidinfo; /* per euid resource consumption */ 59*1eaf0ac3Slogwang struct uidinfo *cr_ruidinfo; /* per ruid resource consumption */ 60*1eaf0ac3Slogwang struct prison *cr_prison; /* jail(2) */ 61*1eaf0ac3Slogwang struct loginclass *cr_loginclass; /* login class */ 62*1eaf0ac3Slogwang u_int cr_flags; /* credential flags */ 63*1eaf0ac3Slogwang void *cr_pspare2[2]; /* general use 2 */ 64*1eaf0ac3Slogwang #define cr_endcopy cr_label 65*1eaf0ac3Slogwang struct label *cr_label; /* MAC label */ 66*1eaf0ac3Slogwang struct auditinfo_addr cr_audit; /* Audit properties. */ 67*1eaf0ac3Slogwang gid_t *cr_groups; /* groups */ 68*1eaf0ac3Slogwang int cr_agroups; /* Available groups */ 69*1eaf0ac3Slogwang gid_t cr_smallgroups[XU_NGROUPS]; /* storage for small groups */ 70*1eaf0ac3Slogwang }; 71*1eaf0ac3Slogwang #define NOCRED ((struct ucred *)0) /* no credential available */ 72*1eaf0ac3Slogwang #define FSCRED ((struct ucred *)-1) /* filesystem credential */ 73*1eaf0ac3Slogwang #endif /* _KERNEL || _WANT_UCRED */ 74*1eaf0ac3Slogwang 75*1eaf0ac3Slogwang /* 76*1eaf0ac3Slogwang * Flags for cr_flags. 77*1eaf0ac3Slogwang */ 78*1eaf0ac3Slogwang #define CRED_FLAG_CAPMODE 0x00000001 /* In capability mode. */ 79*1eaf0ac3Slogwang 80*1eaf0ac3Slogwang /* 81*1eaf0ac3Slogwang * This is the external representation of struct ucred. 82*1eaf0ac3Slogwang */ 83*1eaf0ac3Slogwang struct xucred { 84*1eaf0ac3Slogwang u_int cr_version; /* structure layout version */ 85*1eaf0ac3Slogwang uid_t cr_uid; /* effective user id */ 86*1eaf0ac3Slogwang short cr_ngroups; /* number of groups */ 87*1eaf0ac3Slogwang gid_t cr_groups[XU_NGROUPS]; /* groups */ 88*1eaf0ac3Slogwang void *_cr_unused1; /* compatibility with old ucred */ 89*1eaf0ac3Slogwang }; 90*1eaf0ac3Slogwang #define XUCRED_VERSION 0 91*1eaf0ac3Slogwang 92*1eaf0ac3Slogwang /* This can be used for both ucred and xucred structures. */ 93*1eaf0ac3Slogwang #define cr_gid cr_groups[0] 94*1eaf0ac3Slogwang 95*1eaf0ac3Slogwang #ifdef _KERNEL 96*1eaf0ac3Slogwang struct proc; 97*1eaf0ac3Slogwang struct thread; 98*1eaf0ac3Slogwang 99*1eaf0ac3Slogwang void change_egid(struct ucred *newcred, gid_t egid); 100*1eaf0ac3Slogwang void change_euid(struct ucred *newcred, struct uidinfo *euip); 101*1eaf0ac3Slogwang void change_rgid(struct ucred *newcred, gid_t rgid); 102*1eaf0ac3Slogwang void change_ruid(struct ucred *newcred, struct uidinfo *ruip); 103*1eaf0ac3Slogwang void change_svgid(struct ucred *newcred, gid_t svgid); 104*1eaf0ac3Slogwang void change_svuid(struct ucred *newcred, uid_t svuid); 105*1eaf0ac3Slogwang void crcopy(struct ucred *dest, struct ucred *src); 106*1eaf0ac3Slogwang struct ucred *crcopysafe(struct proc *p, struct ucred *cr); 107*1eaf0ac3Slogwang struct ucred *crdup(struct ucred *cr); 108*1eaf0ac3Slogwang void crextend(struct ucred *cr, int n); 109*1eaf0ac3Slogwang void proc_set_cred_init(struct proc *p, struct ucred *cr); 110*1eaf0ac3Slogwang struct ucred *proc_set_cred(struct proc *p, struct ucred *cr); 111*1eaf0ac3Slogwang void crfree(struct ucred *cr); 112*1eaf0ac3Slogwang struct ucred *crget(void); 113*1eaf0ac3Slogwang struct ucred *crhold(struct ucred *cr); 114*1eaf0ac3Slogwang void cru2x(struct ucred *cr, struct xucred *xcr); 115*1eaf0ac3Slogwang void crsetgroups(struct ucred *cr, int n, gid_t *groups); 116*1eaf0ac3Slogwang int groupmember(gid_t gid, struct ucred *cred); 117*1eaf0ac3Slogwang #endif /* _KERNEL */ 118*1eaf0ac3Slogwang 119*1eaf0ac3Slogwang #endif /* !_SYS_UCRED_H_ */ 120