diff options
Diffstat (limited to 'include/linux/cred.h')
-rw-r--r-- | include/linux/cred.h | 56 |
1 files changed, 54 insertions, 2 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h index 4fa999696310..4e3387a89cb9 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h | |||
@@ -15,6 +15,7 @@ | |||
15 | #include <linux/capability.h> | 15 | #include <linux/capability.h> |
16 | #include <linux/init.h> | 16 | #include <linux/init.h> |
17 | #include <linux/key.h> | 17 | #include <linux/key.h> |
18 | #include <linux/selinux.h> | ||
18 | #include <asm/atomic.h> | 19 | #include <asm/atomic.h> |
19 | 20 | ||
20 | struct user_struct; | 21 | struct user_struct; |
@@ -114,6 +115,13 @@ struct thread_group_cred { | |||
114 | */ | 115 | */ |
115 | struct cred { | 116 | struct cred { |
116 | atomic_t usage; | 117 | atomic_t usage; |
118 | #ifdef CONFIG_DEBUG_CREDENTIALS | ||
119 | atomic_t subscribers; /* number of processes subscribed */ | ||
120 | void *put_addr; | ||
121 | unsigned magic; | ||
122 | #define CRED_MAGIC 0x43736564 | ||
123 | #define CRED_MAGIC_DEAD 0x44656144 | ||
124 | #endif | ||
117 | uid_t uid; /* real UID of the task */ | 125 | uid_t uid; /* real UID of the task */ |
118 | gid_t gid; /* real GID of the task */ | 126 | gid_t gid; /* real GID of the task */ |
119 | uid_t suid; /* saved UID of the task */ | 127 | uid_t suid; /* saved UID of the task */ |
@@ -143,7 +151,9 @@ struct cred { | |||
143 | }; | 151 | }; |
144 | 152 | ||
145 | extern void __put_cred(struct cred *); | 153 | extern void __put_cred(struct cred *); |
154 | extern void exit_creds(struct task_struct *); | ||
146 | extern int copy_creds(struct task_struct *, unsigned long); | 155 | extern int copy_creds(struct task_struct *, unsigned long); |
156 | extern struct cred *cred_alloc_blank(void); | ||
147 | extern struct cred *prepare_creds(void); | 157 | extern struct cred *prepare_creds(void); |
148 | extern struct cred *prepare_exec_creds(void); | 158 | extern struct cred *prepare_exec_creds(void); |
149 | extern struct cred *prepare_usermodehelper_creds(void); | 159 | extern struct cred *prepare_usermodehelper_creds(void); |
@@ -158,6 +168,46 @@ extern int set_security_override_from_ctx(struct cred *, const char *); | |||
158 | extern int set_create_files_as(struct cred *, struct inode *); | 168 | extern int set_create_files_as(struct cred *, struct inode *); |
159 | extern void __init cred_init(void); | 169 | extern void __init cred_init(void); |
160 | 170 | ||
171 | /* | ||
172 | * check for validity of credentials | ||
173 | */ | ||
174 | #ifdef CONFIG_DEBUG_CREDENTIALS | ||
175 | extern void __invalid_creds(const struct cred *, const char *, unsigned); | ||
176 | extern void __validate_process_creds(struct task_struct *, | ||
177 | const char *, unsigned); | ||
178 | |||
179 | extern bool creds_are_invalid(const struct cred *cred); | ||
180 | |||
181 | static inline void __validate_creds(const struct cred *cred, | ||
182 | const char *file, unsigned line) | ||
183 | { | ||
184 | if (unlikely(creds_are_invalid(cred))) | ||
185 | __invalid_creds(cred, file, line); | ||
186 | } | ||
187 | |||
188 | #define validate_creds(cred) \ | ||
189 | do { \ | ||
190 | __validate_creds((cred), __FILE__, __LINE__); \ | ||
191 | } while(0) | ||
192 | |||
193 | #define validate_process_creds() \ | ||
194 | do { \ | ||
195 | __validate_process_creds(current, __FILE__, __LINE__); \ | ||
196 | } while(0) | ||
197 | |||
198 | extern void validate_creds_for_do_exit(struct task_struct *); | ||
199 | #else | ||
200 | static inline void validate_creds(const struct cred *cred) | ||
201 | { | ||
202 | } | ||
203 | static inline void validate_creds_for_do_exit(struct task_struct *tsk) | ||
204 | { | ||
205 | } | ||
206 | static inline void validate_process_creds(void) | ||
207 | { | ||
208 | } | ||
209 | #endif | ||
210 | |||
161 | /** | 211 | /** |
162 | * get_new_cred - Get a reference on a new set of credentials | 212 | * get_new_cred - Get a reference on a new set of credentials |
163 | * @cred: The new credentials to reference | 213 | * @cred: The new credentials to reference |
@@ -186,7 +236,9 @@ static inline struct cred *get_new_cred(struct cred *cred) | |||
186 | */ | 236 | */ |
187 | static inline const struct cred *get_cred(const struct cred *cred) | 237 | static inline const struct cred *get_cred(const struct cred *cred) |
188 | { | 238 | { |
189 | return get_new_cred((struct cred *) cred); | 239 | struct cred *nonconst_cred = (struct cred *) cred; |
240 | validate_creds(cred); | ||
241 | return get_new_cred(nonconst_cred); | ||
190 | } | 242 | } |
191 | 243 | ||
192 | /** | 244 | /** |
@@ -204,7 +256,7 @@ static inline void put_cred(const struct cred *_cred) | |||
204 | { | 256 | { |
205 | struct cred *cred = (struct cred *) _cred; | 257 | struct cred *cred = (struct cred *) _cred; |
206 | 258 | ||
207 | BUG_ON(atomic_read(&(cred)->usage) <= 0); | 259 | validate_creds(cred); |
208 | if (atomic_dec_and_test(&(cred)->usage)) | 260 | if (atomic_dec_and_test(&(cred)->usage)) |
209 | __put_cred(cred); | 261 | __put_cred(cred); |
210 | } | 262 | } |