diff options
Diffstat (limited to 'include/linux/cred.h')
| -rw-r--r-- | include/linux/cred.h | 43 |
1 files changed, 20 insertions, 23 deletions
diff --git a/include/linux/cred.h b/include/linux/cred.h index adadf71a7327..ebbed2ce6637 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h | |||
| @@ -17,6 +17,7 @@ | |||
| 17 | #include <linux/key.h> | 17 | #include <linux/key.h> |
| 18 | #include <linux/selinux.h> | 18 | #include <linux/selinux.h> |
| 19 | #include <linux/atomic.h> | 19 | #include <linux/atomic.h> |
| 20 | #include <linux/uidgid.h> | ||
| 20 | 21 | ||
| 21 | struct user_struct; | 22 | struct user_struct; |
| 22 | struct cred; | 23 | struct cred; |
| @@ -26,14 +27,14 @@ struct inode; | |||
| 26 | * COW Supplementary groups list | 27 | * COW Supplementary groups list |
| 27 | */ | 28 | */ |
| 28 | #define NGROUPS_SMALL 32 | 29 | #define NGROUPS_SMALL 32 |
| 29 | #define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(gid_t))) | 30 | #define NGROUPS_PER_BLOCK ((unsigned int)(PAGE_SIZE / sizeof(kgid_t))) |
| 30 | 31 | ||
| 31 | struct group_info { | 32 | struct group_info { |
| 32 | atomic_t usage; | 33 | atomic_t usage; |
| 33 | int ngroups; | 34 | int ngroups; |
| 34 | int nblocks; | 35 | int nblocks; |
| 35 | gid_t small_block[NGROUPS_SMALL]; | 36 | kgid_t small_block[NGROUPS_SMALL]; |
| 36 | gid_t *blocks[0]; | 37 | kgid_t *blocks[0]; |
| 37 | }; | 38 | }; |
| 38 | 39 | ||
| 39 | /** | 40 | /** |
| @@ -66,14 +67,14 @@ extern struct group_info init_groups; | |||
| 66 | extern void groups_free(struct group_info *); | 67 | extern void groups_free(struct group_info *); |
| 67 | extern int set_current_groups(struct group_info *); | 68 | extern int set_current_groups(struct group_info *); |
| 68 | extern int set_groups(struct cred *, struct group_info *); | 69 | extern int set_groups(struct cred *, struct group_info *); |
| 69 | extern int groups_search(const struct group_info *, gid_t); | 70 | extern int groups_search(const struct group_info *, kgid_t); |
| 70 | 71 | ||
| 71 | /* access the groups "array" with this macro */ | 72 | /* access the groups "array" with this macro */ |
| 72 | #define GROUP_AT(gi, i) \ | 73 | #define GROUP_AT(gi, i) \ |
| 73 | ((gi)->blocks[(i) / NGROUPS_PER_BLOCK][(i) % NGROUPS_PER_BLOCK]) | 74 | ((gi)->blocks[(i) / NGROUPS_PER_BLOCK][(i) % NGROUPS_PER_BLOCK]) |
| 74 | 75 | ||
| 75 | extern int in_group_p(gid_t); | 76 | extern int in_group_p(kgid_t); |
| 76 | extern int in_egroup_p(gid_t); | 77 | extern int in_egroup_p(kgid_t); |
| 77 | 78 | ||
| 78 | /* | 79 | /* |
| 79 | * The common credentials for a thread group | 80 | * The common credentials for a thread group |
| @@ -122,14 +123,14 @@ struct cred { | |||
| 122 | #define CRED_MAGIC 0x43736564 | 123 | #define CRED_MAGIC 0x43736564 |
| 123 | #define CRED_MAGIC_DEAD 0x44656144 | 124 | #define CRED_MAGIC_DEAD 0x44656144 |
| 124 | #endif | 125 | #endif |
| 125 | uid_t uid; /* real UID of the task */ | 126 | kuid_t uid; /* real UID of the task */ |
| 126 | gid_t gid; /* real GID of the task */ | 127 | kgid_t gid; /* real GID of the task */ |
| 127 | uid_t suid; /* saved UID of the task */ | 128 | kuid_t suid; /* saved UID of the task */ |
| 128 | gid_t sgid; /* saved GID of the task */ | 129 | kgid_t sgid; /* saved GID of the task */ |
| 129 | uid_t euid; /* effective UID of the task */ | 130 | kuid_t euid; /* effective UID of the task */ |
| 130 | gid_t egid; /* effective GID of the task */ | 131 | kgid_t egid; /* effective GID of the task */ |
| 131 | uid_t fsuid; /* UID for VFS ops */ | 132 | kuid_t fsuid; /* UID for VFS ops */ |
| 132 | gid_t fsgid; /* GID for VFS ops */ | 133 | kgid_t fsgid; /* GID for VFS ops */ |
| 133 | unsigned securebits; /* SUID-less security management */ | 134 | unsigned securebits; /* SUID-less security management */ |
| 134 | kernel_cap_t cap_inheritable; /* caps our children can inherit */ | 135 | kernel_cap_t cap_inheritable; /* caps our children can inherit */ |
| 135 | kernel_cap_t cap_permitted; /* caps we're permitted */ | 136 | kernel_cap_t cap_permitted; /* caps we're permitted */ |
| @@ -146,7 +147,7 @@ struct cred { | |||
| 146 | void *security; /* subjective LSM security */ | 147 | void *security; /* subjective LSM security */ |
| 147 | #endif | 148 | #endif |
| 148 | struct user_struct *user; /* real user ID subscription */ | 149 | struct user_struct *user; /* real user ID subscription */ |
| 149 | struct user_namespace *user_ns; /* cached user->user_ns */ | 150 | struct user_namespace *user_ns; /* user_ns the caps and keyrings are relative to. */ |
| 150 | struct group_info *group_info; /* supplementary groups for euid/fsgid */ | 151 | struct group_info *group_info; /* supplementary groups for euid/fsgid */ |
| 151 | struct rcu_head rcu; /* RCU deletion hook */ | 152 | struct rcu_head rcu; /* RCU deletion hook */ |
| 152 | }; | 153 | }; |
| @@ -276,17 +277,13 @@ static inline void put_cred(const struct cred *_cred) | |||
| 276 | * @task: The task to query | 277 | * @task: The task to query |
| 277 | * | 278 | * |
| 278 | * Access the objective credentials of a task. The caller must hold the RCU | 279 | * Access the objective credentials of a task. The caller must hold the RCU |
| 279 | * readlock or the task must be dead and unable to change its own credentials. | 280 | * readlock. |
| 280 | * | 281 | * |
| 281 | * The result of this function should not be passed directly to get_cred(); | 282 | * The result of this function should not be passed directly to get_cred(); |
| 282 | * rather get_task_cred() should be used instead. | 283 | * rather get_task_cred() should be used instead. |
| 283 | */ | 284 | */ |
| 284 | #define __task_cred(task) \ | 285 | #define __task_cred(task) \ |
| 285 | ({ \ | 286 | rcu_dereference((task)->real_cred) |
| 286 | const struct task_struct *__t = (task); \ | ||
| 287 | rcu_dereference_check(__t->real_cred, \ | ||
| 288 | task_is_dead(__t)); \ | ||
| 289 | }) | ||
| 290 | 287 | ||
| 291 | /** | 288 | /** |
| 292 | * get_current_cred - Get the current task's subjective credentials | 289 | * get_current_cred - Get the current task's subjective credentials |
| @@ -357,11 +354,11 @@ static inline void put_cred(const struct cred *_cred) | |||
| 357 | #define current_user() (current_cred_xxx(user)) | 354 | #define current_user() (current_cred_xxx(user)) |
| 358 | #define current_security() (current_cred_xxx(security)) | 355 | #define current_security() (current_cred_xxx(security)) |
| 359 | 356 | ||
| 357 | extern struct user_namespace init_user_ns; | ||
| 360 | #ifdef CONFIG_USER_NS | 358 | #ifdef CONFIG_USER_NS |
| 361 | #define current_user_ns() (current_cred_xxx(user_ns)) | 359 | #define current_user_ns() (current_cred_xxx(user_ns)) |
| 362 | #define task_user_ns(task) (task_cred_xxx((task), user_ns)) | 360 | #define task_user_ns(task) (task_cred_xxx((task), user_ns)) |
| 363 | #else | 361 | #else |
| 364 | extern struct user_namespace init_user_ns; | ||
| 365 | #define current_user_ns() (&init_user_ns) | 362 | #define current_user_ns() (&init_user_ns) |
| 366 | #define task_user_ns(task) (&init_user_ns) | 363 | #define task_user_ns(task) (&init_user_ns) |
| 367 | #endif | 364 | #endif |