revert between 56095 -> 55830 in arch
[AROS.git] / compiler / include / libraries / security.h
blob9c308750a4feef8bcc29df1b68e0f3dafd6b4ebb
1 /*
2 Copyright © 1995-2001, The AROS Development Team. All rights reserved.
3 $Id$
5 Desc: definitions for the security.library
6 Lang: english
7 */
8 #ifndef _SECURITY_H
9 #define _SECURITY_H
11 #ifndef EXEC_TYPES_H
12 #include <exec/types.h>
13 #endif /* EXEC_TYPES_H */
15 #ifndef EXEC_LISTS_H
16 #include <exec/lists.h>
17 #endif /* EXEC_LISTS_H */
19 #ifndef EXEC_LIBRARIES_H
20 #include <exec/libraries.h>
21 #endif /* EXEC_LIBRARIES_H */
23 #ifndef EXEC_EXECBASE_H
24 #include <exec/execbase.h>
25 #endif /* EXEC_EXECBASE_H */
27 #ifndef EXEC_PORTS_H
28 #include <exec/ports.h>
29 #endif /* EXEC_PORTS_H */
31 #ifndef LIBRARIES_DOS_H
32 #include <libraries/dos.h>
33 #endif /* LIBRARIES_DOS_H */
35 #ifndef UTILITY_TAGITEM_H
36 #include <utility/tagitem.h>
37 #endif /* UTILITY_TAGITEM_H */
39 #define DEBUG 1
41 #define TASKHASHVALUE 23
42 #define MEMHASHVALUE 101
45 Reserved users/groups
47 WARNING: a uid may NOT be 65535!
50 #define secOWNER_SYSTEM 0x00000000 /* always owner */
51 #define secOWNER_NOBODY 0xffffffff /* no rights */
53 #define secMASK_UID 0xffff0000 /* Mask for uid bits */
54 #define secMASK_GID 0x0000ffff /* Mask for gid bits */
56 #define secROOT_UID 0x0000 /* super user uid */
57 #define secROOT_GID 0x0000 /* super user gid */
59 #define secNOBODY_UID 0xffff /* nobody uid */
61 #define secUSERIDSIZE 32 /* Maximum size for a User ID */
62 #define secGROUPIDSIZE 32 /* Maximum size for a Group ID */
63 #define secPASSWORDSIZE 32 /* Maximum size for a Password */
64 #define secUSERNAMESIZE 220 /* Maximum size for a User Name */
65 #define secGROUPNAMESIZE 220 /* Maximum size for a Group Name */
66 #define secHOMEDIRSIZE 256 /* Maximum size for a Home Directory */
67 #define secSHELLSIZE 256 /* Maximum size for a Shell */
70 Tags for secLogoutA(), secLoginA() & secSetDefProtectionA()
73 #define secT_Input (TAG_USER+1) /* filehandle - default is Input() */
74 #define secT_Output (TAG_USER+2) /* filehandle - default is Output() */
75 #define secT_Graphical (TAG_USER+3) /* boolean - default is FALSE */
76 #define secT_PubScrName (TAG_USER+4) /* name of public screen */
77 #define secT_Task (TAG_USER+5) /* task (NOT the name!!) */
78 #define secT_Own (TAG_USER+6) /* make a task owned by this user */
79 #define secT_Global (TAG_USER+7) /* change it for all tasks on the */
80 /* same level as this one */
81 #define secT_Quiet (TAG_USER+8) /* for secLogoutA(), don't give a */
82 /* login prompt, simply logout */
83 #define secT_UserID (TAG_USER+9) /* UserID for secLoginA() */
84 #define secT_Password (TAG_USER+10) /* Password for secLoginA(), secst */
85 /* be combined with secT_UserID!! */
86 #define secT_DefProtection (TAG_USER+11) /* Default protection bits */
87 /* default is RWED GROUP R OTHER R */
88 #define secT_All (TAG_USER+12) /* for secLogoutA(), logout until */
89 /* user stack is empty */
90 #define secT_NoLog (TAG_USER+13) /* for secLoginA(), only root */
93 KeyTypes for secGetUserInfo() and secGetGroupInfo()
96 #define secKeyType_First (0)
97 #define secKeyType_Next (1)
98 #define secKeyType_gid (4)
101 KeyTypes for secGetUserInfo() only
104 #define secKeyType_UserID (2) /* Case-sensitive */
105 #define secKeyType_uid (3)
106 #define secKeyType_gidNext (5)
107 #define secKeyType_UserName (6) /* Case-insensitive */
108 #define secKeyType_WUserID (7) /* Case-insensitive, wild cards allowed */
109 #define secKeyType_WUserName (8) /* Case-insensitive, wild cards allowed */
110 #define secKeyType_WUserIDNext (9)
111 #define secKeyType_WUserNameNext (10)
114 KeyTypes for secGetGroupInfo() only
117 #define secKeyType_GroupID (11) /* Case-sensitive */
118 #define secKeyType_WGroupID (12) /* Case-insensitive, wild cards allowed */
119 #define secKeyType_WGroupIDNext (13)
120 #define secKeyType_GroupName (14) /* Case-insensitive */
121 #define secKeyType_WGroupName (15) /* Case-insensitive, wild cards allowed */
122 #define secKeyType_WGroupNameNext (16)
123 #define secKeyType_MgrUid (17)
124 #define secKeyType_MgrUidNext (18)
127 Protection bits (see also <dos/dos.h> :-)
130 #define secFIBB_SET_UID (31) /* Change owner during execution */
131 #define secFIBB_SET_GID (30) /* Change group during execution - not yet implemented */
133 #define secFIBF_SET_UID (1<<secFIBB_SET_UID)
134 #define secFIBF_SET_GID (1<<secFIBB_SET_GID)
137 Default Protection Bits
140 #define DEFPROTECTION (FIBF_OTR_READ | FIBF_GRP_READ)
144 Relations returned by secGetRelationshipA()
147 #define secRelB_ROOT_UID (0) /* User == super user */
148 #define secRelB_ROOT_GID (1) /* User belongs to the super user group */
149 #define secRelB_NOBODY (2) /* User == nobody */
150 #define secRelB_UID_MATCH (3) /* User == owner */
151 #define secRelB_GID_MATCH (4) /* User belongs to owner group */
152 #define secRelB_PRIM_GID (5) /* User's primary group == owner group */
153 #define secRelB_NO_OWNER (6) /* Owner == nobody */
155 #define secRelF_ROOT_UID (1<<secRelB_ROOT_UID)
156 #define secRelF_ROOT_GID (1<<secRelB_ROOT_GID)
157 #define secRelF_NOBODY (1<<secRelB_NOBODY)
158 #define secRelF_UID_MATCH (1<<secRelB_UID_MATCH)
159 #define secRelF_GID_MATCH (1<<secRelB_GID_MATCH)
160 #define secRelF_PRIM_GID (1<<secRelB_PRIM_GID)
161 #define secRelF_NO_OWNER (1<<secRelB_NO_OWNER)
164 Monitor Modes
167 #define secMon_IGNORE (0)
168 #define secMon_SEND_SIGNAL (1)
169 #define secMon_SEND_MESSAGE (2)
172 Monitor Triggers
175 #define secTrgB_OwnerChange (0) /* Task Owner Change */
176 /* From: uid of old user */
177 /* To: uid of new user */
178 #define secTrgB_Login (1) /* successful Login/Logout */
179 /* From: uid of old user */
180 /* To: uid of new user */
181 /* UserID: UserID of new user */
182 #define secTrgB_LoginFail (2) /* unsuccessful Login/Logout */
183 /* From: uid of old user */
184 /* UserID: UserID of new user */
185 #define secTrgB_Passwd (3) /* successful Passwd */
186 /* From: uid of user */
187 #define secTrgB_PasswdFail (4) /* unsuccessful Passwd */
188 /* From: uid of user */
189 #define secTrgB_CheckPasswd (5) /* successful CheckPasswd */
190 /* From: uid of user */
191 #define secTrgB_CheckPasswdFail (6) /* unsuccessful CheckPasswd */
192 /* From: uid of user */
194 #define secTrgF_OwnerChange (1<<secTrgB_OwnerChange)
195 #define secTrgF_Login (1<<secTrgB_Login)
196 #define secTrgF_LoginFail (1<<secTrgB_LoginFail)
197 #define secTrgF_Passwd (1<<secTrgB_Passwd)
198 #define secTrgF_PasswdFail (1<<secTrgB_PasswdFail)
199 #define secTrgF_CheckPasswd (1<<secTrgB_CheckPasswd)
200 #define secTrgF_CheckPasswdFail (1<<secTrgB_CheckPasswdFail)
203 /* Public secMemInfo structure. Don't expect it to remain */
205 struct secMemInfo
207 APTR Address;
208 ULONG Size;
209 struct secMemInfo *next;
213 /* This is what you get a pointer to from secLocksecBase() */
215 struct secPointers
217 struct MinList *Monitors;
218 struct MinList *Segments;
219 struct MinList *Sessions;
220 struct MinList *Tasks;
221 struct secVolume *Volumes;
225 Public User Information Structure
228 For future compatibility, you should ALWAYS use secAllocUserInfo()
229 to allocate this structure. NEVER do it by yourself!!
232 struct secUserInfo
234 char UserID[secUSERIDSIZE];
235 UWORD uid;
236 UWORD gid;
237 char UserName[secUSERNAMESIZE];
238 char HomeDir[secHOMEDIRSIZE];
239 UWORD NumSecGroups; /* Number of Secondary Groups this */
240 /* user belongs to */
241 UWORD *SecGroups; /* Points to an array of NumSecGroups */
242 /* Secondary Group Numbers */
243 char Shell[secSHELLSIZE];
248 Public Group Information Structure
251 For future compatibility, you should ALWAYS use secAllocGroupInfo()
252 to allocate this structure. NEVER do it by yourself!!
255 struct secGroupInfo
257 char GroupID[secGROUPIDSIZE];
258 UWORD gid;
259 UWORD MgrUid; /* Manager of this group */
260 char GroupName[secGROUPNAMESIZE];
264 Extended Owner Information Structure
266 A pointer to this structure is returned by secGetTaskExtOwner().
267 You MUST use secFreeExtOwner() to deallocate it!!
270 struct secExtOwner
272 UWORD uid;
273 UWORD gid;
274 UWORD NumSecGroups; /* Number of Secondary Groups this */
275 /* user belongs too. */
279 Monitor Structure
281 The use of this structure is restricted to root.
282 Do not modify or reuse this structure while it is active!
285 struct secMonitor
287 struct MinNode Node;
288 ULONG Mode; /* see definitions below */
289 ULONG Triggers; /* see definitions below */
290 union
292 struct
293 { /* for SEND_SIGNAL */
294 struct Task *Task;
295 ULONG SignalNum;
296 } Signal;
298 struct
299 { /* for SEND_MESSAGE */
300 struct MsgPort *Port;
301 } Message;
302 } u;
304 /* NOTE: This structure may be extended in future! */
308 Monitor Message
311 Sent to the application if SEND_MESSAGE is specified.
312 Do NOT forget to reply!
315 struct secMonMsg
317 struct Message ExecMsg;
318 struct secMonitor *Monitor; /* The monitor that sent the message */
319 ULONG Trigger; /* The trigger that caused the message */
320 UWORD From;
321 UWORD To;
322 char UserID[secUSERIDSIZE];
325 /****************************************************************************
327 -------------- Plugins ------------------
329 ****************************************************************************/
331 /* All plugins have this suffix */
333 #define secPLUGIN_SUFFIX ".secp"
335 /* Return values for plugin functions */
336 #define secpiTRUE 0UL /* operation completed with success */
337 #define secpiFALSE 1UL /* operation completed but failed: handling stops at this stage */
338 #define secpiASYNC 2UL /* operation will continue asynchronously and notify
339 the system when complete. The system will provide
340 the secSPacket that prompted the call and this
341 should be passed to the completion function. */
342 #define secpiFALSECONT 3UL /* operation completed but failed; the system may continue with other handlers
343 to see if they can satisfy the request */
344 #define secpiNOTSUPP 4UL /* Operation/Handler not supported */
347 Plugins overview -:
349 A plugin is a special form of executable.
351 The plugin should return a pointer to a 'Plugin' which describes what kind
352 of plugin it is, so that secFS can add it to the relevant list internally.
354 A plugin is recognized by a magic marker within the first 256 bytes of the
355 file.
357 All plugins are kept in the config dir, so the the library doesn't have to
358 search paths to find them.
360 The plugin is free to allocate memory/spawn processes (they will be
361 super-user priveleged) etc. without fear of being UnLoadSeg'd without the
362 library first calling its Incompatible function, which should cause the plugin
363 to free its resources. It will them be UnLoadSeg'd. Note that this only
364 occurs when a plugin is rejected for some reason (wrong version ?).
368 #define secFS_PLUGIN_IFACE1 1UL
369 #define secFS_PLUGIN_INTERFACE SEC_PLUGIN_IFACE1
371 #ifndef MAKE_ID /* also defined in <libraries/iffparse.h> */
372 #define MAKE_ID(a,b,c,d) ((ULONG)(a)<<24 | (ULONG)(b)<<16 | (ULONG)(c)<<8 | (ULONG)(d))
373 #endif
375 #define secPLUGIN_RECOGNITION MAKE_ID('m', 'S', 'p', 'I')
378 Function called to initialize the plugin.
379 The plugin should perform any initialization it needs, and then formally
380 register itself with the security.library.
381 module should be passed to the security.library when a handler is registered.
385 /* Plugin Module Definition - secst be located in the executeable */
386 struct secPluginHeader
388 ULONG plugin_magic; /* This should be secPLUGIN_RECOGNITION */
389 /* Module Descriptor */
390 ULONG Version; /* = SEC_PLUGIN_INTERFACE */
391 APTR Initialize;
392 APTR Terminate;
393 // secInitPluginFunc Initialize;
394 // secTerminatePluginFunc Terminate;
397 /* internal plugin records */
398 typedef struct
400 struct MinNode Node;
401 ULONG reference_count;
402 BPTR SegList;
403 struct secPluginHeader * header; /* For locating the init/fini functions */
404 UBYTE modulename[64]; /* For displaying */
405 } secPluginModule;
407 struct plugin_ops
409 ULONG HandlerType; /* = ID_PLUGIN_XXX */
410 secPluginModule * module; /* As provied by the Initialization function */
413 /* Encryption plugin */
415 #define ID_PLUGIN_ENCRYPTION MAKE_ID('c', 'r', 'p', 't')
416 struct plugin_crypt_ops
418 struct plugin_ops ops;
419 //ULONG (*Crypt)(STRPTR buffer, STRPTR key, STRPTR setting); /* Encrypt the supplied text using the supplied key and place the result in buffer */
420 //ULONG (*MaxPwdLen)(void); /* Return the maximum length of an encrypted password */
421 //ULONG (*CheckPassword)(STRPTR userid, STRPTR thepass, STRPTR suppliedpass); /* Check a password to see if it is valid */
422 //ULONG (*EncryptPassword)(STRPTR buffer, STRPTR userid, STRPTR thepass); /* Encrypt Password for storing in a userdb */
425 /* User DataBase Operations Plugin */
427 #define ID_PLUGIN_USER_DATABASE MAKE_ID('u', 'r', 'd', 'b')
429 struct sec_passwd /* Compatible with standard unix struct passwd */
431 char *pw_name; /* user name */
432 char *pw_passwd; /* user password */
433 int pw_uid; /* user id */
434 int pw_gid; /* group id */
435 char *pw_gecos; /* real name */
436 char *pw_dir; /* home directory */
437 char *pw_shell; /* shell program */
440 struct plugin_userdb_ops
442 struct plugin_ops ops;
443 // ULONG (*getpwent)(void);
446 /* Volumes */
448 struct secVolume
450 struct secVolume *Next;
451 struct DosList *DosList; /* DosList for this Volume */
452 struct MsgPort *Process; /* Process for this Volume */
454 /* Extensions from MUFS2 */
456 LONG FS_Flags; /* Allow set{g,u}id, read-only etc. */
458 /* If FS_Flags == 0, the rest of this structure is ignored; this indicates
459 * that the volume is a true MUFS compatable volume */
461 LONG RootProtection; /* Permissions for the root dir */
462 ULONG RootOwner; /* UID:GID of owner of root dir */
464 STRPTR FS_Name; /* So we dont re-run on the same volume */
465 struct MsgPort* OrigProc; /* The real FS */
466 struct MsgPort* RepPort; /* For talking with the real FS */
467 struct MinList FHCache[TASKHASHVALUE]; /* HashList of cached FileHandles */
468 struct FileInfoBlock *fib;
469 LONG PassKey; /* If non-zero, contains the 32 bit passkey
470 needed to write enable the filesystem
471 with ACTION_WRITE_PROTECT */
472 /* proxy enforcer */
473 struct MinList ProxyLocks; /* List of locks */
474 struct MinList ProxyHandles[TASKHASHVALUE]; /* HashList of proxy filehandles */
475 struct DeviceNode *ProxyDosList; /* Dos entry created by the proxy filesystem */
476 struct DeviceList *ProxyDosListVolume; /* Dos entry created by the proxy filesystem */
477 ULONG LockCount; /* Number of proxy locks in existence */
481 /* Security Configuration */
483 struct secConfig
485 ULONG Flags; /* See definitions*/
486 ULONG LogFlags; /* See definitions*/
487 UWORD PasswduidLevel; /* Lowest uid for users who can */
488 /* change their passwords */
489 UWORD PasswdgidLevel; /* Lowest gid for users who can */
490 /* change their passwords */
493 /****************************************************************************
495 -------------- Library Base ------------------
497 ****************************************************************************/
500 struct secBase
502 struct Library LibNode;
503 UBYTE Flags;
504 UBYTE Pad;
505 BPTR SegList;
507 /* The Server's Process */
509 struct Process *Server;
511 /* The Server's Packet MsgPort */
513 struct MsgPort *ServerPort;
515 /* List of sessions */
517 struct MinList SessionsList;
519 /* List of Tasks and their Owner(s) */
521 struct SignalSemaphore TaskOwnerSem;
522 struct MinList TaskOwnerList[TASKHASHVALUE];
524 /* List of memory chunks and address, size, owner.
525 It's using the tasksemaphore since one usually wants that one
526 too when dealing with this list. */
528 /* struct MinList MemOwnerList[MEMHASHVALUE];*/
530 /* List of Segments and their Owner */
532 struct SignalSemaphore SegOwnerSem;
533 struct MinList SegOwnerList;
535 /* Configuration */
537 struct secConfig Config;
539 /* Signals for Passwd File Notification and Consistency Check */
541 ULONG NotifySig;
542 ULONG ConsistencySig;
544 /* Security violation flag */
546 BOOL SecurityViolation;
548 /* Volumes */
550 struct SignalSemaphore VolumesSem;
551 struct secVolume *Volumes;
553 /* Monitoring */
555 struct SignalSemaphore MonitorSem;
556 struct MinList MonitorList;
557 struct MsgPort *MonitorPort;
559 /* Task Control */
561 struct MinList Frozen;
562 struct MinList Zombies;
564 /* LocaleInfo for logfile */
566 APTR LogInfo;
568 /* You must get this one if you intend to get more than one sem. */
570 struct SignalSemaphore SuperSem;
572 /* Plugins */
574 struct SignalSemaphore PluginModuleSem;
575 struct MinList PluginModuleList; /* List of loaded plugin modules */
577 /** OBSOLETE DEFINITIONS (or they will be once we integrate into aros..) */
578 /* Old AddTask()/RemTask() */
580 // AddTaskFunc OLDAddTask;
581 // RemTaskFunc OLDRemTask;
583 /* Old AllocMem()/FreeMem() */
585 // AllocMemFunc OLDAllocMem;
586 // FreeMemFunc OLDFreeMem;
588 /* Old LoadSeg()/NewLoadSeg()/UnLoadSeg()/InternalLoadSeg()/
589 InternalUnLoadSeg()/CreateProc()/CreateNewProc()/RunCommand()/
590 SetProtection() */
592 // LoadSegFunc OLDLoadSeg;
593 // NewLoadSegFunc OLDNewLoadSeg;
594 // UnLoadSegFunc OLDUnLoadSeg;
595 // InternalLoadSegFunc OLDInternalLoadSeg;
596 // InternalUnLoadSegFunc OLDInternalUnLoadSeg;
597 // CreateProcFunc OLDCreateProc;
598 // CreateNewProcFunc OLDCreateNewProc;
599 // RunCommandFunc OLDRunCommand;
600 // SetProtectionFunc OLDSetProtection;
603 #endif /* _SECURITY_H */