Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/sys/kauth.h
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /* $NetBSD: kauth.h,v 1.24.2.4 2007/01/21 19:12:10 bouyer Exp $ */ 2 3 /*- 4 * Copyright (c) 2005, 2006 Elad Efrat <elad@NetBSD.org> 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by Elad Efrat. 18 * 4. The name of the author may not be used to endorse or promote products 19 * derived from this software without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * This is based on Apple TN2127, available online at 35 * http://developer.apple.com/technotes/tn2005/tn2127.html 36 */ 37 38 #ifndef _SYS_KAUTH_H_ 39 #define _SYS_KAUTH_H_ 40 41 struct uucred; 42 struct ucred; 43 struct pcred; 44 struct proc; 45 struct tty; 46 struct vnode; 47 48 /* Types. */ 49 typedef struct kauth_scope *kauth_scope_t; 50 typedef struct kauth_listener *kauth_listener_t; 51 typedef uint32_t kauth_action_t; 52 typedef int (*kauth_scope_callback_t)(kauth_cred_t, kauth_action_t, 53 void *, void *, void *, void *, void *); 54 55 /* 56 * Possible return values for a listener. 57 */ 58 #define KAUTH_RESULT_ALLOW 0 /* allow access */ 59 #define KAUTH_RESULT_DENY 1 /* deny access */ 60 #define KAUTH_RESULT_DEFER 2 /* let others decide */ 61 62 /* 63 * Scopes. 64 */ 65 #define KAUTH_SCOPE_GENERIC "org.netbsd.kauth.generic" 66 #define KAUTH_SCOPE_SYSTEM "org.netbsd.kauth.system" 67 #define KAUTH_SCOPE_PROCESS "org.netbsd.kauth.process" 68 #define KAUTH_SCOPE_NETWORK "org.netbsd.kauth.network" 69 #define KAUTH_SCOPE_MACHDEP "org.netbsd.kauth.machdep" 70 #define KAUTH_SCOPE_DEVICE "org.netbsd.kauth.device" 71 72 /* 73 * Generic scope - actions. 74 */ 75 enum { 76 KAUTH_GENERIC_CANSEE=1, 77 KAUTH_GENERIC_ISSUSER 78 }; 79 80 /* 81 * System scope - actions. 82 */ 83 enum { 84 KAUTH_SYSTEM_ACCOUNTING=1, 85 KAUTH_SYSTEM_CHROOT, 86 KAUTH_SYSTEM_DEBUG, 87 KAUTH_SYSTEM_FILEHANDLE, 88 KAUTH_SYSTEM_LKM, 89 KAUTH_SYSTEM_MKNOD, 90 KAUTH_SYSTEM_REBOOT, 91 KAUTH_SYSTEM_SETIDCORE, 92 KAUTH_SYSTEM_SWAPCTL, 93 KAUTH_SYSTEM_SYSCTL, 94 KAUTH_SYSTEM_TIME 95 }; 96 97 /* 98 * System scope - sub-actions. 99 */ 100 enum kauth_system_req { 101 KAUTH_REQ_SYSTEM_CHROOT_CHROOT=1, 102 KAUTH_REQ_SYSTEM_CHROOT_FCHROOT, 103 KAUTH_REQ_SYSTEM_DEBUG_IPKDB, 104 KAUTH_REQ_SYSTEM_SYSCTL_ADD, 105 KAUTH_REQ_SYSTEM_SYSCTL_DELETE, 106 KAUTH_REQ_SYSTEM_SYSCTL_DESC, 107 KAUTH_REQ_SYSTEM_SYSCTL_PRVT, 108 KAUTH_REQ_SYSTEM_TIME_ADJTIME, 109 KAUTH_REQ_SYSTEM_TIME_BACKWARDS, 110 KAUTH_REQ_SYSTEM_TIME_NTPADJTIME, 111 KAUTH_REQ_SYSTEM_TIME_RTCOFFSET, 112 KAUTH_REQ_SYSTEM_TIME_SYSTEM 113 }; 114 115 /* 116 * Process scope - actions. 117 */ 118 enum { 119 KAUTH_PROCESS_CANKTRACE=1, 120 KAUTH_PROCESS_CANPROCFS, 121 KAUTH_PROCESS_CANPTRACE, 122 KAUTH_PROCESS_CANSEE, 123 KAUTH_PROCESS_CANSIGNAL, 124 KAUTH_PROCESS_CANSYSTRACE, 125 KAUTH_PROCESS_CORENAME, 126 KAUTH_PROCESS_NICE, 127 KAUTH_PROCESS_RLIMIT, 128 KAUTH_PROCESS_SETID 129 }; 130 131 /* 132 * Process scope - sub-actions. 133 */ 134 enum kauth_process_req { 135 KAUTH_REQ_PROCESS_CANPROCFS_CTL=1, 136 KAUTH_REQ_PROCESS_CANPROCFS_READ, 137 KAUTH_REQ_PROCESS_CANPROCFS_RW, 138 KAUTH_REQ_PROCESS_CANPROCFS_WRITE 139 }; 140 141 /* 142 * Network scope - actions. 143 */ 144 enum { 145 KAUTH_NETWORK_ALTQ=1, 146 KAUTH_NETWORK_BIND, 147 KAUTH_NETWORK_FIREWALL, 148 KAUTH_NETWORK_INTERFACE, 149 KAUTH_NETWORK_FORWSRCRT, 150 KAUTH_NETWORK_ROUTE, 151 KAUTH_NETWORK_SOCKET 152 }; 153 154 /* 155 * Network scope - sub-actions. 156 */ 157 enum kauth_network_req { 158 KAUTH_REQ_NETWORK_ALTQ_AFMAP=1, 159 KAUTH_REQ_NETWORK_ALTQ_BLUE, 160 KAUTH_REQ_NETWORK_ALTQ_CBQ, 161 KAUTH_REQ_NETWORK_ALTQ_CDNR, 162 KAUTH_REQ_NETWORK_ALTQ_CONF, 163 KAUTH_REQ_NETWORK_ALTQ_FIFOQ, 164 KAUTH_REQ_NETWORK_ALTQ_HFSC, 165 KAUTH_REQ_NETWORK_ALTQ_JOBS, 166 KAUTH_REQ_NETWORK_ALTQ_PRIQ, 167 KAUTH_REQ_NETWORK_ALTQ_RED, 168 KAUTH_REQ_NETWORK_ALTQ_RIO, 169 KAUTH_REQ_NETWORK_ALTQ_WFQ, 170 KAUTH_REQ_NETWORK_BIND_PORT, 171 KAUTH_REQ_NETWORK_BIND_PRIVPORT, 172 KAUTH_REQ_NETWORK_FIREWALL_FW, 173 KAUTH_REQ_NETWORK_FIREWALL_NAT, 174 KAUTH_REQ_NETWORK_INTERFACE_GET, 175 KAUTH_REQ_NETWORK_INTERFACE_GETPRIV, 176 KAUTH_REQ_NETWORK_INTERFACE_SET, 177 KAUTH_REQ_NETWORK_INTERFACE_SETPRIV, 178 KAUTH_REQ_NETWORK_SOCKET_OPEN, 179 KAUTH_REQ_NETWORK_SOCKET_RAWSOCK, 180 KAUTH_REQ_NETWORK_SOCKET_CANSEE 181 }; 182 183 /* 184 * Machdep scope - actions. 185 */ 186 enum { 187 KAUTH_MACHDEP_IOPERM_GET=1, 188 KAUTH_MACHDEP_IOPERM_SET, 189 KAUTH_MACHDEP_IOPL, 190 KAUTH_MACHDEP_LDT_GET, 191 KAUTH_MACHDEP_LDT_SET, 192 KAUTH_MACHDEP_MTRR_GET, 193 KAUTH_MACHDEP_MTRR_SET, 194 KAUTH_MACHDEP_UNMANAGEDMEM 195 }; 196 197 /* 198 * Device scope - actions. 199 */ 200 enum { 201 KAUTH_DEVICE_TTY_OPEN=1, 202 KAUTH_DEVICE_TTY_PRIVSET, 203 KAUTH_DEVICE_RAWIO_SPEC, 204 KAUTH_DEVICE_RAWIO_PASSTHRU 205 }; 206 207 /* 208 * Device scope - sub-actions. 209 */ 210 enum kauth_device_req { 211 KAUTH_REQ_DEVICE_RAWIO_SPEC_READ=1, 212 KAUTH_REQ_DEVICE_RAWIO_SPEC_WRITE, 213 KAUTH_REQ_DEVICE_RAWIO_SPEC_RW, 214 }; 215 216 /* 217 * Device scope, passthru request - identifiers. 218 */ 219 #define KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READ 0x00000001 220 #define KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITE 0x00000002 221 #define KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_READCONF 0x00000004 222 #define KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_WRITECONF 0x00000008 223 #define KAUTH_REQ_DEVICE_RAWIO_PASSTHRU_ALL 0x0000000F 224 225 #define NOCRED ((kauth_cred_t)-1) /* no credential available */ 226 #define FSCRED ((kauth_cred_t)-2) /* filesystem credential */ 227 228 /* Macro to help passing arguments to authorization wrappers. */ 229 #define KAUTH_ARG(arg) ((void *)(unsigned long)(arg)) 230 231 /* 232 * Prototypes. 233 */ 234 void kauth_init(void); 235 kauth_scope_t kauth_register_scope(const char *, kauth_scope_callback_t, void *); 236 void kauth_deregister_scope(kauth_scope_t); 237 kauth_listener_t kauth_listen_scope(const char *, kauth_scope_callback_t, void *); 238 void kauth_unlisten_scope(kauth_listener_t); 239 int kauth_authorize_action(kauth_scope_t, kauth_cred_t, kauth_action_t, void *, 240 void *, void *, void *); 241 242 /* Authorization wrappers. */ 243 int kauth_authorize_generic(kauth_cred_t, kauth_action_t, void *); 244 int kauth_authorize_system(kauth_cred_t, kauth_action_t, enum kauth_system_req, 245 void *, void *, void *); 246 int kauth_authorize_process(kauth_cred_t, kauth_action_t, struct proc *, 247 void *, void *, void *); 248 int kauth_authorize_network(kauth_cred_t, kauth_action_t, 249 enum kauth_network_req, void *, void *, void *); 250 int kauth_authorize_machdep(kauth_cred_t, kauth_action_t, 251 void *, void *, void *, void *); 252 int kauth_authorize_device(kauth_cred_t, kauth_action_t, 253 void *, void *, void *, void *); 254 int kauth_authorize_device_tty(kauth_cred_t, kauth_action_t, struct tty *); 255 int kauth_authorize_device_spec(kauth_cred_t, enum kauth_device_req, 256 struct vnode *); 257 int kauth_authorize_device_passthru(kauth_cred_t, dev_t, u_long, void *); 258 259 /* Kauth credentials management routines. */ 260 kauth_cred_t kauth_cred_alloc(void); 261 void kauth_cred_free(kauth_cred_t); 262 void kauth_cred_clone(kauth_cred_t, kauth_cred_t); 263 kauth_cred_t kauth_cred_dup(kauth_cred_t); 264 kauth_cred_t kauth_cred_copy(kauth_cred_t); 265 266 uid_t kauth_cred_getuid(kauth_cred_t); 267 uid_t kauth_cred_geteuid(kauth_cred_t); 268 uid_t kauth_cred_getsvuid(kauth_cred_t); 269 gid_t kauth_cred_getgid(kauth_cred_t); 270 gid_t kauth_cred_getegid(kauth_cred_t); 271 gid_t kauth_cred_getsvgid(kauth_cred_t); 272 int kauth_cred_ismember_gid(kauth_cred_t, gid_t, int *); 273 u_int kauth_cred_ngroups(kauth_cred_t); 274 gid_t kauth_cred_group(kauth_cred_t, u_int); 275 276 void kauth_cred_setuid(kauth_cred_t, uid_t); 277 void kauth_cred_seteuid(kauth_cred_t, uid_t); 278 void kauth_cred_setsvuid(kauth_cred_t, uid_t); 279 void kauth_cred_setgid(kauth_cred_t, gid_t); 280 void kauth_cred_setegid(kauth_cred_t, gid_t); 281 void kauth_cred_setsvgid(kauth_cred_t, gid_t); 282 283 void kauth_cred_hold(kauth_cred_t); 284 u_int kauth_cred_getrefcnt(kauth_cred_t); 285 286 int kauth_cred_setgroups(kauth_cred_t, gid_t *, size_t, uid_t); 287 int kauth_cred_getgroups(kauth_cred_t, gid_t *, size_t); 288 289 int kauth_cred_uidmatch(kauth_cred_t, kauth_cred_t); 290 void kauth_uucred_to_cred(kauth_cred_t, const struct uucred *); 291 void kauth_cred_to_uucred(struct uucred *, const kauth_cred_t); 292 int kauth_cred_uucmp(kauth_cred_t, const struct uucred *); 293 void kauth_cred_toucred(kauth_cred_t, struct ucred *); 294 void kauth_cred_topcred(kauth_cred_t, struct pcred *); 295 296 kauth_cred_t kauth_cred_get(void); 297 298 #endif /* !_SYS_KAUTH_H_ */
Cache object: 6b7ae80dc1b34a0c9fa12ab8280aba18
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]