cred.h source code [linux/include/linux/cred.h]

1	/ SPDX-License-Identifier: GPL-2.0-or-later /
2	/ Credentials management - see Documentation/security/credentials.rst*
3	*
4	* Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
5	* Written by David Howells (dhowells@redhat.com)
6	*/
7
8	#ifndef _LINUX_CRED_H
9	#define _LINUX_CRED_H
10
11	#include <linux/capability.h>
12	#include <linux/init.h>
13	#include <linux/key.h>
14	#include <linux/atomic.h>
15	#include <linux/refcount.h>
16	#include <linux/uidgid.h>
17	#include <linux/sched.h>
18	#include <linux/sched/user.h>
19
20	struct cred;
21	struct inode;
22
23	/*
24	* COW Supplementary groups list
25	*/
26	struct group_info {
27	refcount_t usage;
28	int ngroups;
29	kgid_t gid[];
30	} __randomize_layout;
31
32	/**
33	* get_group_info - Get a reference to a group info structure
34	* @group_info: The group info to reference
35	*
36	* This gets a reference to a set of supplementary groups.
37	*
38	* If the caller is accessing a task's credentials, they must hold the RCU read
39	* lock when reading.
40	*/
41	static inline struct group_info get_group_info(struct* group_info *gi)
42	{
43	refcount_inc(r: &gi->usage);
44	return gi;
45	}
46
47	/**
48	* put_group_info - Release a reference to a group info structure
49	* @group_info: The group info to release
50	*/
51	#define put_group_info(group_info) \
52	do { \
53	if (refcount_dec_and_test(&(group_info)->usage)) \
54	groups_free(group_info); \
55	} while (0)
56
57	#ifdef CONFIG_MULTIUSER
58	extern struct group_info groups_alloc(int*);
59	extern void groups_free(struct group_info *);
60
61	extern int in_group_p(kgid_t);
62	extern int in_egroup_p(kgid_t);
63	extern int groups_search(const struct group_info *, kgid_t);
64
65	extern int set_current_groups(struct group_info *);
66	extern void set_groups(struct cred , struct* group_info *);
67	extern bool may_setgroups(void);
68	extern void groups_sort(struct group_info *);
69	#else
70	static inline void groups_free(struct group_info *group_info)
71	{
72	}
73
74	static inline int in_group_p(kgid_t grp)
75	{
76	return `1`;
77	}
78	static inline int in_egroup_p(kgid_t grp)
79	{
80	return `1`;
81	}
82	static inline int groups_search(const struct group_info *group_info, kgid_t grp)
83	{
84	return `1`;
85	}
86	#endif
87
88	/*
89	* The security context of a task
90	*
91	* The parts of the context break down into two categories:
92	*
93	* (1) The objective context of a task. These parts are used when some other
94	* task is attempting to affect this one.
95	*
96	* (2) The subjective context. These details are used when the task is acting
97	* upon another object, be that a file, a task, a key or whatever.
98	*
99	* Note that some members of this structure belong to both categories - the
100	* LSM security pointer for instance.
101	*
102	* A task has two security pointers. task->real_cred points to the objective
103	* context that defines that task's actual details. The objective part of this
104	* context is used whenever that task is acted upon.
105	*
106	* task->cred points to the subjective context that defines the details of how
107	* that task is going to act upon another object. This may be overridden
108	* temporarily to point to another security context, but normally points to the
109	* same context as task->real_cred.
110	*/
111	struct cred {
112	atomic_long_t usage;
113	kuid_t uid; / real UID of the task /
114	kgid_t gid; / real GID of the task /
115	kuid_t suid; / saved UID of the task /
116	kgid_t sgid; / saved GID of the task /
117	kuid_t euid; / effective UID of the task /
118	kgid_t egid; / effective GID of the task /
119	kuid_t fsuid; / UID for VFS ops /
120	kgid_t fsgid; / GID for VFS ops /
121	unsigned securebits; / SUID-less security management /
122	kernel_cap_t cap_inheritable; / caps our children can inherit /
123	kernel_cap_t cap_permitted; / caps we're permitted /
124	kernel_cap_t cap_effective; / caps we can actually use /
125	kernel_cap_t cap_bset; / capability bounding set /
126	kernel_cap_t cap_ambient; / Ambient capability set /
127	#ifdef CONFIG_KEYS
128	unsigned char jit_keyring; / default keyring to attach requested*
129	* keys to */
130	struct key session_keyring; /* keyring inherited over fork /
131	struct key process_keyring; /* keyring private to this process /
132	struct key thread_keyring; /* keyring private to this thread /
133	struct key request_key_auth; /* assumed request_key authority /
134	#endif
135	#ifdef CONFIG_SECURITY
136	void security; /* LSM security /
137	#endif
138	struct user_struct user; /* real user ID subscription /
139	struct user_namespace user_ns; /* user_ns the caps and keyrings are relative to. /
140	struct ucounts *ucounts;
141	struct group_info group_info; /* supplementary groups for euid/fsgid /
142	/ RCU deletion /
143	union {
144	int non_rcu; / Can we skip RCU deletion? /
145	struct rcu_head rcu; / RCU deletion hook /
146	};
147	} __randomize_layout;
148
149	extern void __put_cred(struct cred *);
150	extern void exit_creds(struct task_struct *);
151	extern int copy_creds(struct task_struct , unsigned* long);
152	extern const struct cred get_task_cred(struct* task_struct *);
153	extern struct cred cred_alloc_blank(void*);
154	extern struct cred prepare_creds(void*);
155	extern struct cred prepare_exec_creds(void*);
156	extern int commit_creds(struct cred *);
157	extern void abort_creds(struct cred *);
158	extern const struct cred override_creds(const* struct cred *);
159	extern void revert_creds(const struct cred *);
160	extern struct cred prepare_kernel_cred(struct* task_struct *);
161	extern int set_security_override(struct cred *, u32);
162	extern int set_security_override_from_ctx(struct cred , const* char *);
163	extern int set_create_files_as(struct cred , struct* inode *);
164	extern int cred_fscmp(const struct cred , const* struct cred *);
165	extern void __init cred_init(void);
166	extern int set_cred_ucounts(struct cred *);
167
168	static inline bool cap_ambient_invariant_ok(const struct cred *cred)
169	{
170	return cap_issubset(a: cred->cap_ambient,
171	set: cap_intersect(a: cred->cap_permitted,
172	b: cred->cap_inheritable));
173	}
174
175	/**
176	* get_new_cred_many - Get references on a new set of credentials
177	* @cred: The new credentials to reference
178	* @nr: Number of references to acquire
179	*
180	* Get references on the specified set of new credentials. The caller must
181	* release all acquired references.
182	*/
183	static inline struct cred get_new_cred_many(struct* cred cred, int* nr)
184	{
185	atomic_long_add(i: nr, v: &cred->usage);
186	return cred;
187	}
188
189	/**
190	* get_new_cred - Get a reference on a new set of credentials
191	* @cred: The new credentials to reference
192	*
193	* Get a reference on the specified set of new credentials. The caller must
194	* release the reference.
195	*/
196	static inline struct cred get_new_cred(struct* cred *cred)
197	{
198	return get_new_cred_many(cred, nr: `1`);
199	}
200
201	/**
202	* get_cred_many - Get references on a set of credentials
203	* @cred: The credentials to reference
204	* @nr: Number of references to acquire
205	*
206	* Get references on the specified set of credentials. The caller must release
207	* all acquired reference. If %NULL is passed, it is returned with no action.
208	*
209	* This is used to deal with a committed set of credentials. Although the
210	* pointer is const, this will temporarily discard the const and increment the
211	* usage count. The purpose of this is to attempt to catch at compile time the
212	* accidental alteration of a set of credentials that should be considered
213	* immutable.
214	*/
215	static inline const struct cred get_cred_many(const* struct cred cred, int* nr)
216	{
217	struct cred nonconst_cred = (struct* cred *) cred;
218	if (!cred)
219	return cred;
220	nonconst_cred->non_rcu = `0`;
221	return get_new_cred_many(cred: nonconst_cred, nr);
222	}
223
224	/*
225	* get_cred - Get a reference on a set of credentials
226	* @cred: The credentials to reference
227	*
228	* Get a reference on the specified set of credentials. The caller must
229	* release the reference. If %NULL is passed, it is returned with no action.
230	*
231	* This is used to deal with a committed set of credentials.
232	*/
233	static inline const struct cred get_cred(const* struct cred *cred)
234	{
235	return get_cred_many(cred, nr: `1`);
236	}
237
238	static inline const struct cred get_cred_rcu(const* struct cred *cred)
239	{
240	struct cred nonconst_cred = (struct* cred *) cred;
241	if (!cred)
242	return NULL;
243	if (!atomic_long_inc_not_zero(v: &nonconst_cred->usage))
244	return NULL;
245	nonconst_cred->non_rcu = `0`;
246	return cred;
247	}
248
249	/**
250	* put_cred - Release a reference to a set of credentials
251	* @cred: The credentials to release
252	* @nr: Number of references to release
253	*
254	* Release a reference to a set of credentials, deleting them when the last ref
255	* is released. If %NULL is passed, nothing is done.
256	*
257	* This takes a const pointer to a set of credentials because the credentials
258	* on task_struct are attached by const pointers to prevent accidental
259	* alteration of otherwise immutable credential sets.
260	*/
261	static inline void put_cred_many(const struct cred _cred, int* nr)
262	{
263	struct cred cred = (struct* cred *) _cred;
264
265	if (cred) {
266	if (atomic_long_sub_and_test(i: nr, v: &cred->usage))
267	__put_cred(cred);
268	}
269	}
270
271	/*
272	* put_cred - Release a reference to a set of credentials
273	* @cred: The credentials to release
274	*
275	* Release a reference to a set of credentials, deleting them when the last ref
276	* is released. If %NULL is passed, nothing is done.
277	*/
278	static inline void put_cred(const struct cred *cred)
279	{
280	put_cred_many(cred: cred, nr: `1`);
281	}
282
283	/**
284	* current_cred - Access the current task's subjective credentials
285	*
286	* Access the subjective credentials of the current task. RCU-safe,
287	* since nobody else can modify it.
288	*/
289	#define current_cred() \
290	rcu_dereference_protected(current->cred, 1)
291
292	/**
293	* current_real_cred - Access the current task's objective credentials
294	*
295	* Access the objective credentials of the current task. RCU-safe,
296	* since nobody else can modify it.
297	*/
298	#define current_real_cred() \
299	rcu_dereference_protected(current->real_cred, 1)
300
301	/**
302	* __task_cred - Access a task's objective credentials
303	* @task: The task to query
304	*
305	* Access the objective credentials of a task. The caller must hold the RCU
306	* readlock.
307	*
308	* The result of this function should not be passed directly to get_cred();
309	* rather get_task_cred() should be used instead.
310	*/
311	#define __task_cred(task) \
312	rcu_dereference((task)->real_cred)
313
314	/**
315	* get_current_cred - Get the current task's subjective credentials
316	*
317	* Get the subjective credentials of the current task, pinning them so that
318	* they can't go away. Accessing the current task's credentials directly is
319	* not permitted.
320	*/
321	#define get_current_cred() \
322	(get_cred(current_cred()))
323
324	/**
325	* get_current_user - Get the current task's user_struct
326	*
327	* Get the user record of the current task, pinning it so that it can't go
328	* away.
329	*/
330	#define get_current_user() \
331	({ \
332	struct user_struct *__u; \
333	const struct cred *__cred; \
334	__cred = current_cred(); \
335	__u = get_uid(__cred->user); \
336	__u; \
337	})
338
339	/**
340	* get_current_groups - Get the current task's supplementary group list
341	*
342	* Get the supplementary group list of the current task, pinning it so that it
343	* can't go away.
344	*/
345	#define get_current_groups() \
346	({ \
347	struct group_info *__groups; \
348	const struct cred *__cred; \
349	__cred = current_cred(); \
350	__groups = get_group_info(__cred->group_info); \
351	__groups; \
352	})
353
354	#define task_cred_xxx(task, xxx) \
355	({ \
356	__typeof__(((struct cred *)NULL)->xxx) ___val; \
357	rcu_read_lock(); \
358	___val = __task_cred((task))->xxx; \
359	rcu_read_unlock(); \
360	___val; \
361	})
362
363	#define task_uid(task) (task_cred_xxx((task), uid))
364	#define task_euid(task) (task_cred_xxx((task), euid))
365	#define task_ucounts(task) (task_cred_xxx((task), ucounts))
366
367	#define current_cred_xxx(xxx) \
368	({ \
369	current_cred()->xxx; \
370	})
371
372	#define current_uid() (current_cred_xxx(uid))
373	#define current_gid() (current_cred_xxx(gid))
374	#define current_euid() (current_cred_xxx(euid))
375	#define current_egid() (current_cred_xxx(egid))
376	#define current_suid() (current_cred_xxx(suid))
377	#define current_sgid() (current_cred_xxx(sgid))
378	#define current_fsuid() (current_cred_xxx(fsuid))
379	#define current_fsgid() (current_cred_xxx(fsgid))
380	#define current_cap() (current_cred_xxx(cap_effective))
381	#define current_user() (current_cred_xxx(user))
382	#define current_ucounts() (current_cred_xxx(ucounts))
383
384	extern struct user_namespace init_user_ns;
385	#ifdef CONFIG_USER_NS
386	#define current_user_ns() (current_cred_xxx(user_ns))
387	#else
388	static inline struct user_namespace current_user_ns(void*)
389	{
390	return &init_user_ns;
391	}
392	#endif
393
394
395	#define current_uid_gid(_uid, _gid) \
396	do { \
397	const struct cred *__cred; \
398	__cred = current_cred(); \
399	*(_uid) = __cred->uid; \
400	*(_gid) = __cred->gid; \
401	} while(0)
402
403	#define current_euid_egid(_euid, _egid) \
404	do { \
405	const struct cred *__cred; \
406	__cred = current_cred(); \
407	*(_euid) = __cred->euid; \
408	*(_egid) = __cred->egid; \
409	} while(0)
410
411	#define current_fsuid_fsgid(_fsuid, _fsgid) \
412	do { \
413	const struct cred *__cred; \
414	__cred = current_cred(); \
415	*(_fsuid) = __cred->fsuid; \
416	*(_fsgid) = __cred->fsgid; \
417	} while(0)
418
419	#endif /* _LINUX_CRED_H */
420

source code of linux/include/linux/cred.h