Line data Source code
1 : /* Credentials management - see Documentation/credentials.txt
2 : *
3 : * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
4 : * Written by David Howells (dhowells@redhat.com)
5 : *
6 : * This program is free software; you can redistribute it and/or
7 : * modify it under the terms of the GNU General Public Licence
8 : * as published by the Free Software Foundation; either version
9 : * 2 of the Licence, or (at your option) any later version.
10 : */
11 :
12 : #ifndef _LINUX_CRED_H
13 : #define _LINUX_CRED_H
14 :
15 : #include <linux/capability.h>
16 : #include <linux/init.h>
17 : #include <linux/key.h>
18 : #include <linux/selinux.h>
19 : #include <asm/atomic.h>
20 :
21 : struct user_struct;
22 : struct cred;
23 : struct inode;
24 :
25 : /*
26 : * COW Supplementary groups list
27 : */
28 : #define NGROUPS_SMALL 32
29 : #define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t)))
30 :
31 : struct group_info {
32 : atomic_t usage;
33 : int ngroups;
34 : int nblocks;
35 : gid_t small_block[NGROUPS_SMALL];
36 : gid_t *blocks[0];
37 : };
38 :
39 : /**
40 : * get_group_info - Get a reference to a group info structure
41 : * @group_info: The group info to reference
42 : *
43 : * This gets a reference to a set of supplementary groups.
44 : *
45 : * If the caller is accessing a task's credentials, they must hold the RCU read
46 : * lock when reading.
47 : */
48 : static inline struct group_info *get_group_info(struct group_info *gi)
49 : {
50 : atomic_inc(&gi->usage);
51 : return gi;
52 : }
53 :
54 : /**
55 : * put_group_info - Release a reference to a group info structure
56 : * @group_info: The group info to release
57 : */
58 : #define put_group_info(group_info) \
59 : do { \
60 : if (atomic_dec_and_test(&(group_info)->usage)) \
61 : groups_free(group_info); \
62 : } while (0)
63 :
64 : extern struct group_info *groups_alloc(int);
65 : extern struct group_info init_groups;
66 : extern void groups_free(struct group_info *);
67 : extern int set_current_groups(struct group_info *);
68 : extern int set_groups(struct cred *, struct group_info *);
69 : extern int groups_search(const struct group_info *, gid_t);
70 :
71 : /* access the groups "array" with this macro */
72 : #define GROUP_AT(gi, i) \
73 : ((gi)->blocks[(i) / NGROUPS_PER_BLOCK][(i) % NGROUPS_PER_BLOCK])
74 :
75 : extern int in_group_p(gid_t);
76 : extern int in_egroup_p(gid_t);
77 1 :
78 : /*
79 : * The common credentials for a thread group
80 : * - shared by CLONE_THREAD
81 : */
82 : #ifdef CONFIG_KEYS
83 : struct thread_group_cred {
84 : atomic_t usage;
85 : pid_t tgid; /* thread group process ID */
86 : spinlock_t lock;
87 : struct key *session_keyring; /* keyring inherited over fork */
88 : struct key *process_keyring; /* keyring private to this process */
89 : struct rcu_head rcu; /* RCU deletion hook */
90 : };
91 : #endif
92 :
93 : /*
94 : * The security context of a task
95 : *
96 : * The parts of the context break down into two categories:
97 : *
98 : * (1) The objective context of a task. These parts are used when some other
99 : * task is attempting to affect this one.
100 : *
101 : * (2) The subjective context. These details are used when the task is acting
102 : * upon another object, be that a file, a task, a key or whatever.
103 : *
104 : * Note that some members of this structure belong to both categories - the
105 : * LSM security pointer for instance.
106 : *
107 : * A task has two security pointers. task->real_cred points to the objective
108 : * context that defines that task's actual details. The objective part of this
109 : * context is used whenever that task is acted upon.
110 : *
111 : * task->cred points to the subjective context that defines the details of how
112 : * that task is going to act upon another object. This may be overridden
113 : * temporarily to point to another security context, but normally points to the
114 : * same context as task->real_cred.
115 : */
116 : struct cred {
117 : atomic_t usage;
118 : #ifdef CONFIG_DEBUG_CREDENTIALS
119 : atomic_t subscribers; /* number of processes subscribed */
120 : void *put_addr;
121 : unsigned magic;
122 : #define CRED_MAGIC 0x43736564
123 : #define CRED_MAGIC_DEAD 0x44656144
124 : #endif
125 : uid_t uid; /* real UID of the task */
126 : gid_t gid; /* real GID of the task */
127 : uid_t suid; /* saved UID of the task */
128 : gid_t sgid; /* saved GID of the task */
129 : uid_t euid; /* effective UID of the task */
130 : gid_t egid; /* effective GID of the task */
131 : uid_t fsuid; /* UID for VFS ops */
132 : gid_t fsgid; /* GID for VFS ops */
133 : unsigned securebits; /* SUID-less security management */
134 : kernel_cap_t cap_inheritable; /* caps our children can inherit */
135 : kernel_cap_t cap_permitted; /* caps we're permitted */
136 : kernel_cap_t cap_effective; /* caps we can actually use */
137 : kernel_cap_t cap_bset; /* capability bounding set */
138 : #ifdef CONFIG_KEYS
139 : unsigned char jit_keyring; /* default keyring to attach requested
140 : * keys to */
141 : struct key *thread_keyring; /* keyring private to this thread */
142 : struct key *request_key_auth; /* assumed request_key authority */
143 : struct thread_group_cred *tgcred; /* thread-group shared credentials */
144 : #endif
145 : #ifdef CONFIG_SECURITY
146 : void *security; /* subjective LSM security */
147 : #endif
148 : struct user_struct *user; /* real user ID subscription */
149 : struct group_info *group_info; /* supplementary groups for euid/fsgid */
150 : struct rcu_head rcu; /* RCU deletion hook */
151 : };
152 :
153 : extern void __put_cred(struct cred *);
154 : extern void exit_creds(struct task_struct *);
155 : extern int copy_creds(struct task_struct *, unsigned long);
156 : extern const struct cred *get_task_cred(struct task_struct *);
157 : extern struct cred *cred_alloc_blank(void);
158 : extern struct cred *prepare_creds(void);
159 : extern struct cred *prepare_exec_creds(void);
160 : extern struct cred *prepare_usermodehelper_creds(void);
161 : extern int commit_creds(struct cred *);
162 : extern void abort_creds(struct cred *);
163 : extern const struct cred *override_creds(const struct cred *);
164 : extern void revert_creds(const struct cred *);
165 : extern struct cred *prepare_kernel_cred(struct task_struct *);
166 : extern int change_create_files_as(struct cred *, struct inode *);
167 : extern int set_security_override(struct cred *, u32);
168 : extern int set_security_override_from_ctx(struct cred *, const char *);
169 : extern int set_create_files_as(struct cred *, struct inode *);
170 : extern void __init cred_init(void);
171 :
172 : /*
173 : * check for validity of credentials
174 : */
175 : #ifdef CONFIG_DEBUG_CREDENTIALS
176 : extern void __invalid_creds(const struct cred *, const char *, unsigned);
177 : extern void __validate_process_creds(struct task_struct *,
178 : const char *, unsigned);
179 :
180 : extern bool creds_are_invalid(const struct cred *cred);
181 :
182 : static inline void __validate_creds(const struct cred *cred,
183 : const char *file, unsigned line)
184 : {
185 : if (unlikely(creds_are_invalid(cred)))
186 : __invalid_creds(cred, file, line);
187 : }
188 :
189 : #define validate_creds(cred) \
190 : do { \
191 : __validate_creds((cred), __FILE__, __LINE__); \
192 : } while(0)
193 :
194 : #define validate_process_creds() \
195 : do { \
196 : __validate_process_creds(current, __FILE__, __LINE__); \
197 : } while(0)
198 :
199 : extern void validate_creds_for_do_exit(struct task_struct *);
200 : #else
201 : static inline void validate_creds(const struct cred *cred)
202 : {
203 : }
204 : static inline void validate_creds_for_do_exit(struct task_struct *tsk)
205 : {
206 : }
207 : static inline void validate_process_creds(void)
208 : {
209 : }
210 : #endif
211 :
212 : /**
213 : * get_new_cred - Get a reference on a new set of credentials
214 : * @cred: The new credentials to reference
215 : *
216 : * Get a reference on the specified set of new credentials. The caller must
217 : * release the reference.
218 : */
219 : static inline struct cred *get_new_cred(struct cred *cred)
220 : {
221 : atomic_inc(&cred->usage);
222 : return cred;
223 : }
224 :
225 : /**
226 : * get_cred - Get a reference on a set of credentials
227 : * @cred: The credentials to reference
228 : *
229 : * Get a reference on the specified set of credentials. The caller must
230 : * release the reference.
231 : *
232 : * This is used to deal with a committed set of credentials. Although the
233 : * pointer is const, this will temporarily discard the const and increment the
234 : * usage count. The purpose of this is to attempt to catch at compile time the
235 : * accidental alteration of a set of credentials that should be considered
236 : * immutable.
237 : */
238 : static inline const struct cred *get_cred(const struct cred *cred)
239 : {
240 : struct cred *nonconst_cred = (struct cred *) cred;
241 : validate_creds(cred);
242 : return get_new_cred(nonconst_cred);
243 : }
244 :
245 : /**
246 : * put_cred - Release a reference to a set of credentials
247 : * @cred: The credentials to release
248 : *
249 : * Release a reference to a set of credentials, deleting them when the last ref
250 : * is released.
251 : *
252 : * This takes a const pointer to a set of credentials because the credentials
253 : * on task_struct are attached by const pointers to prevent accidental
254 : * alteration of otherwise immutable credential sets.
255 : */
256 : static inline void put_cred(const struct cred *_cred)
257 : {
258 : struct cred *cred = (struct cred *) _cred;
259 :
260 : validate_creds(cred);
261 : if (atomic_dec_and_test(&(cred)->usage))
262 : __put_cred(cred);
263 : }
264 1 :
265 1 : /**
266 1 : * current_cred - Access the current task's subjective credentials
267 1 : *
268 1 : * Access the subjective credentials of the current task.
269 1 : */
270 : #define current_cred() \
271 : (current->cred)
272 :
273 : /**
274 : * __task_cred - Access a task's objective credentials
275 : * @task: The task to query
276 : *
277 : * Access the objective credentials of a task. The caller must hold the RCU
278 : * readlock.
279 : *
280 : * The caller must make sure task doesn't go away, either by holding a ref on
281 : * task or by holding tasklist_lock to prevent it from being unlinked.
282 : */
283 : #define __task_cred(task) \
284 : ((const struct cred *)(rcu_dereference((task)->real_cred)))
285 :
286 : /**
287 : * get_current_cred - Get the current task's subjective credentials
288 : *
289 : * Get the subjective credentials of the current task, pinning them so that
290 : * they can't go away. Accessing the current task's credentials directly is
291 : * not permitted.
292 : */
293 : #define get_current_cred() \
294 : (get_cred(current_cred()))
295 :
296 : /**
297 : * get_current_user - Get the current task's user_struct
298 : *
299 : * Get the user record of the current task, pinning it so that it can't go
300 : * away.
301 : */
302 : #define get_current_user() \
303 : ({ \
304 : struct user_struct *__u; \
305 : struct cred *__cred; \
306 : __cred = (struct cred *) current_cred(); \
307 : __u = get_uid(__cred->user); \
308 : __u; \
309 : })
310 :
311 : /**
312 : * get_current_groups - Get the current task's supplementary group list
313 : *
314 : * Get the supplementary group list of the current task, pinning it so that it
315 : * can't go away.
316 : */
317 : #define get_current_groups() \
318 : ({ \
319 : struct group_info *__groups; \
320 : struct cred *__cred; \
321 : __cred = (struct cred *) current_cred(); \
322 : __groups = get_group_info(__cred->group_info); \
323 : __groups; \
324 : })
325 :
326 : #define task_cred_xxx(task, xxx) \
327 : ({ \
328 : __typeof__(((struct cred *)NULL)->xxx) ___val; \
329 : rcu_read_lock(); \
330 : ___val = __task_cred((task))->xxx; \
331 : rcu_read_unlock(); \
332 : ___val; \
333 : })
334 :
335 : #define task_uid(task) (task_cred_xxx((task), uid))
336 : #define task_euid(task) (task_cred_xxx((task), euid))
337 :
338 : #define current_cred_xxx(xxx) \
339 : ({ \
340 : current->cred->xxx; \
341 : })
342 :
343 : #define current_uid() (current_cred_xxx(uid))
344 : #define current_gid() (current_cred_xxx(gid))
345 : #define current_euid() (current_cred_xxx(euid))
346 : #define current_egid() (current_cred_xxx(egid))
347 : #define current_suid() (current_cred_xxx(suid))
348 : #define current_sgid() (current_cred_xxx(sgid))
349 : #define current_fsuid() (current_cred_xxx(fsuid))
350 : #define current_fsgid() (current_cred_xxx(fsgid))
351 : #define current_cap() (current_cred_xxx(cap_effective))
352 : #define current_user() (current_cred_xxx(user))
353 : #define current_user_ns() (current_cred_xxx(user)->user_ns)
354 : #define current_security() (current_cred_xxx(security))
355 :
356 : #define current_uid_gid(_uid, _gid) \
357 : do { \
358 : const struct cred *__cred; \
359 : __cred = current_cred(); \
360 : *(_uid) = __cred->uid; \
361 : *(_gid) = __cred->gid; \
362 : } while(0)
363 :
364 : #define current_euid_egid(_euid, _egid) \
365 : do { \
366 : const struct cred *__cred; \
367 : __cred = current_cred(); \
368 : *(_euid) = __cred->euid; \
369 : *(_egid) = __cred->egid; \
370 : } while(0)
371 :
372 : #define current_fsuid_fsgid(_fsuid, _fsgid) \
373 : do { \
374 : const struct cred *__cred; \
375 : __cred = current_cred(); \
376 : *(_fsuid) = __cred->fsuid; \
377 : *(_fsgid) = __cred->fsgid; \
378 : } while(0)
379 :
380 : #endif /* _LINUX_CRED_H */
|