Skip to main content

Credentials

starnix_uapi::auth

Struct Credentials 

Source 
pub struct Credentials {
Show 16 fields
    pub uid: uid_t,
    pub gid: gid_t,
    pub euid: uid_t,
    pub egid: gid_t,
    pub saved_uid: uid_t,
    pub saved_gid: gid_t,
    pub groups: Vec<gid_t>,
    pub fsuid: uid_t,
    pub fsgid: gid_t,
    pub cap_permitted: Capabilities,
    pub cap_effective: Capabilities,
    pub cap_inheritable: Capabilities,
    pub cap_bounding: Capabilities,
    pub cap_ambient: Capabilities,
    pub securebits: SecureBits,
    pub security_state: TaskAttrs,

}

Fields§

§uid: uid_t§gid: gid_t§euid: uid_t§egid: gid_t§saved_uid: uid_t§saved_gid: gid_t§groups: Vec<gid_t>§fsuid: uid_t

See https://man7.org/linux/man-pages/man2/setfsuid.2.html

§fsgid: gid_t

See https://man7.org/linux/man-pages/man2/setfsgid.2.html

§cap_permitted: Capabilities

From https://man7.org/linux/man-pages/man7/capabilities.7.html

This is a limiting superset for the effective capabilities that the thread may assume. It is also a limiting superset for the capabilities that may be added to the inheritable set by a thread that does not have the CAP_SETPCAP capability in its effective set.

If a thread drops a capability from its permitted set, it can never reacquire that capability (unless it execve(2)s either a set-user-ID-root program, or a program whose associated file capabilities grant that capability).

§cap_effective: Capabilities

From https://man7.org/linux/man-pages/man7/capabilities.7.html

This is the set of capabilities used by the kernel to perform permission checks for the thread.

§cap_inheritable: Capabilities

From https://man7.org/linux/man-pages/man7/capabilities.7.html

This is a set of capabilities preserved across an execve(2). Inheritable capabilities remain inheritable when executing any program, and inheritable capabilities are added to the permitted set when executing a program that has the corresponding bits set in the file inheritable set.

Because inheritable capabilities are not generally preserved across execve(2) when running as a non-root user, applications that wish to run helper programs with elevated capabilities should consider using ambient capabilities, described below.

§cap_bounding: Capabilities

From https://man7.org/linux/man-pages/man7/capabilities.7.html

The capability bounding set is a mechanism that can be used to limit the capabilities that are gained during execve(2).

Since Linux 2.6.25, this is a per-thread capability set. In older kernels, the capability bounding set was a system wide attribute shared by all threads on the system.

§cap_ambient: Capabilities

From https://man7.org/linux/man-pages/man7/capabilities.7.html

This is a set of capabilities that are preserved across an execve(2) of a program that is not privileged. The ambient capability set obeys the invariant that no capability can ever be ambient if it is not both permitted and inheritable.

Executing a program that changes UID or GID due to the set-user-ID or set-group-ID bits or executing a program that has any file capabilities set will clear the ambient set.

§securebits: SecureBits

From https://man7.org/linux/man-pages/man7/capabilities.7.html

Starting with kernel 2.6.26, and with a kernel in which file capabilities are enabled, Linux implements a set of per-thread securebits flags that can be used to disable special handling of capabilities for UID 0 (root).

The securebits flags can be modified and retrieved using the prctl(2) PR_SET_SECUREBITS and PR_GET_SECUREBITS operations. The CAP_SETPCAP capability is required to modify the flags.

§security_state: TaskAttrs

The SELinux security state of the task.

Implementations§

Source§

impl Credentials

Source

pub fn root() -> Arc<Self>

Creates a set of credentials with all possible permissions and capabilities.

Source

pub fn with_ids(uid: uid_t, gid: gid_t) -> Credentials

Creates a set of credentials with the given uid and gid. If the uid is 0, the credentials will grant superuser access.

Source

pub fn is_in_group(&self, gid: gid_t) -> bool

Source

pub fn set_securebits(&mut self, securebits: SecureBits) -> Result<(), Errno>

Updates the securebits field, taking into account *_LOCKED bits.

Source

pub fn exec(&mut self, prev: &Credentials) -> bool

Source

pub fn as_fscred(&self) -> FsCred

Source

pub fn euid_as_fscred(&self) -> FsCred

Source

pub fn uid_as_fscred(&self) -> FsCred

Source

pub fn update_capabilities(&mut self, prev: &Credentials)

Adjusts the capability sets (permitted, effective, and ambient) of these credentials to reflect changes in user IDs (UID, EUID, Saved UID, or FSUID) from a previous state.

This method compares the current state of these credentials against the prev credentials to implement the Linux security model rules for UID transitions (as described in capabilities(7) under “Effect of user ID changes on capabilities”). It is typically called when preparing a new set of Credentials during setuid() family syscalls or during exec after UID/GID bits have been applied.

Trait Implementations§

Source§

impl Clone for Credentials

Source§

fn clone(&self) -> Credentials

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Credentials

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl From<Credentials> for FsCred

Source§

fn from(c: Credentials) -> Self

Converts to this type from the input type.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> AsAny for T
where T: Any,

Source§

fn as_any(&self) -> &(dyn Any + 'static)

Source§

fn type_name(&self) -> &'static str

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DynClone for T
where T: Clone,

Source§

fn __clone_box(&self, _: Private) -> *mut ()

§

impl<T, D> Encode<Ambiguous1, D> for T
where D: ResourceDialect,

§

unsafe fn encode( self, _encoder: &mut Encoder<'_, D>, _offset: usize, _depth: Depth, ) -> Result<(), Error>

Encodes the object into the encoder’s buffers. Any handles stored in the object are swapped for Handle::INVALID. Read more
§

impl<T, D> Encode<Ambiguous2, D> for T
where D: ResourceDialect,

§

unsafe fn encode( self, _encoder: &mut Encoder<'_, D>, _offset: usize, _depth: Depth, ) -> Result<(), Error>

Encodes the object into the encoder’s buffers. Any handles stored in the object are swapped for Handle::INVALID. Read more
§

impl<F, N> FidlIntoNative<Box<N>> for F
where F: FidlIntoNative<N>,

§

fn fidl_into_native(self) -> Box<N>

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> Into32<U> for T
where U: MultiArchFrom<T>,

Source§

fn into_32(self) -> U

Source§

impl<T, U> Into64<U> for T
where U: MultiArchFrom<T>,

Source§

fn into_64(self) -> U

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T, U> MultiArchFrom<T> for U
where U: From<T>,

Source§

fn from_64(value: T) -> U

Source§

fn from_32(value: T) -> U

§

impl<T> Pointable for T

§

const ALIGN: usize

The alignment of pointer.
§

type Init = T

The type for initializers.
§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.