aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/cred.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/cred.h')
-rw-r--r--include/linux/cred.h56
1 files changed, 54 insertions, 2 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h
index 4fa999696310..4e3387a89cb9 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h
@@ -15,6 +15,7 @@
15#include <linux/capability.h> 15#include <linux/capability.h>
16#include <linux/init.h> 16#include <linux/init.h>
17#include <linux/key.h> 17#include <linux/key.h>
18#include <linux/selinux.h>
18#include <asm/atomic.h> 19#include <asm/atomic.h>
19 20
20struct user_struct; 21struct user_struct;
@@ -114,6 +115,13 @@ struct thread_group_cred {
114 */ 115 */
115struct cred { 116struct cred {
116 atomic_t usage; 117 atomic_t usage;
118#ifdef CONFIG_DEBUG_CREDENTIALS
119 atomic_t subscribers; /* number of processes subscribed */
120 void *put_addr;
121 unsigned magic;
122#define CRED_MAGIC 0x43736564
123#define CRED_MAGIC_DEAD 0x44656144
124#endif
117 uid_t uid; /* real UID of the task */ 125 uid_t uid; /* real UID of the task */
118 gid_t gid; /* real GID of the task */ 126 gid_t gid; /* real GID of the task */
119 uid_t suid; /* saved UID of the task */ 127 uid_t suid; /* saved UID of the task */
@@ -143,7 +151,9 @@ struct cred {
143}; 151};
144 152
145extern void __put_cred(struct cred *); 153extern void __put_cred(struct cred *);
154extern void exit_creds(struct task_struct *);
146extern int copy_creds(struct task_struct *, unsigned long); 155extern int copy_creds(struct task_struct *, unsigned long);
156extern struct cred *cred_alloc_blank(void);
147extern struct cred *prepare_creds(void); 157extern struct cred *prepare_creds(void);
148extern struct cred *prepare_exec_creds(void); 158extern struct cred *prepare_exec_creds(void);
149extern struct cred *prepare_usermodehelper_creds(void); 159extern struct cred *prepare_usermodehelper_creds(void);
@@ -158,6 +168,46 @@ extern int set_security_override_from_ctx(struct cred *, const char *);
158extern int set_create_files_as(struct cred *, struct inode *); 168extern int set_create_files_as(struct cred *, struct inode *);
159extern void __init cred_init(void); 169extern void __init cred_init(void);
160 170
171/*
172 * check for validity of credentials
173 */
174#ifdef CONFIG_DEBUG_CREDENTIALS
175extern void __invalid_creds(const struct cred *, const char *, unsigned);
176extern void __validate_process_creds(struct task_struct *,
177 const char *, unsigned);
178
179extern bool creds_are_invalid(const struct cred *cred);
180
181static inline void __validate_creds(const struct cred *cred,
182 const char *file, unsigned line)
183{
184 if (unlikely(creds_are_invalid(cred)))
185 __invalid_creds(cred, file, line);
186}
187
188#define validate_creds(cred) \
189do { \
190 __validate_creds((cred), __FILE__, __LINE__); \
191} while(0)
192
193#define validate_process_creds() \
194do { \
195 __validate_process_creds(current, __FILE__, __LINE__); \
196} while(0)
197
198extern void validate_creds_for_do_exit(struct task_struct *);
199#else
200static inline void validate_creds(const struct cred *cred)
201{
202}
203static inline void validate_creds_for_do_exit(struct task_struct *tsk)
204{
205}
206static inline void validate_process_creds(void)
207{
208}
209#endif
210
161/** 211/**
162 * get_new_cred - Get a reference on a new set of credentials 212 * get_new_cred - Get a reference on a new set of credentials
163 * @cred: The new credentials to reference 213 * @cred: The new credentials to reference
@@ -186,7 +236,9 @@ static inline struct cred *get_new_cred(struct cred *cred)
186 */ 236 */
187static inline const struct cred *get_cred(const struct cred *cred) 237static inline const struct cred *get_cred(const struct cred *cred)
188{ 238{
189 return get_new_cred((struct cred *) cred); 239 struct cred *nonconst_cred = (struct cred *) cred;
240 validate_creds(cred);
241 return get_new_cred(nonconst_cred);
190} 242}
191 243
192/** 244/**
@@ -204,7 +256,7 @@ static inline void put_cred(const struct cred *_cred)
204{ 256{
205 struct cred *cred = (struct cred *) _cred; 257 struct cred *cred = (struct cred *) _cred;
206 258
207 BUG_ON(atomic_read(&(cred)->usage) <= 0); 259 validate_creds(cred);
208 if (atomic_dec_and_test(&(cred)->usage)) 260 if (atomic_dec_and_test(&(cred)->usage))
209 __put_cred(cred); 261 __put_cred(cred);
210} 262}