1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 #ifndef _SYS_PRIV_H 27 #define _SYS_PRIV_H 28 29 #include <sys/types.h> 30 #include <sys/cred.h> 31 #include <sys/priv_names.h> 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 typedef uint32_t priv_chunk_t; 38 typedef struct priv_set priv_set_t; 39 40 #ifdef _KERNEL 41 42 /* 43 * Kernel type definitions. 44 */ 45 typedef int priv_ptype_t; 46 typedef int priv_t; 47 48 #else /* _KERNEL */ 49 50 /* 51 * Userland type definitions. 52 */ 53 54 #ifdef __STDC__ 55 typedef const char *priv_ptype_t; 56 typedef const char *priv_t; 57 #else 58 typedef char *priv_ptype_t; 59 typedef char *priv_t; 60 #endif 61 62 #endif /* _KERNEL */ 63 64 /* 65 * priv_op_t indicates a privilege operation type 66 */ 67 typedef enum priv_op { 68 PRIV_ON, 69 PRIV_OFF, 70 PRIV_SET 71 } priv_op_t; 72 73 /* 74 * Privilege system call subcodes. 75 */ 76 77 #define PRIVSYS_SETPPRIV 0 78 #define PRIVSYS_GETPPRIV 1 79 #define PRIVSYS_GETIMPLINFO 2 80 #define PRIVSYS_SETPFLAGS 3 81 #define PRIVSYS_GETPFLAGS 4 82 #define PRIVSYS_ISSETUGID 5 83 #define PRIVSYS_KLPD_REG 6 84 #define PRIVSYS_KLPD_UNREG 7 85 86 /* 87 * Maximum length of a user defined privilege name. 88 */ 89 #define PRIVNAME_MAX 32 90 91 /* 92 * Privilege interface functions for those parts of the kernel that 93 * know nothing of the privilege internals. 94 * 95 * A privilege implementation can have a varying number of sets; sets 96 * consist of a number of priv_chunk_t's and the size is expressed as such. 97 * The privileges can be represented as 98 * 99 * priv_chunk_t privs[info.priv_nsets][info.priv_setsize] 100 * ... priv_infosize of extra information ... 101 * 102 * Extra data contained in the privilege information consists of chunks 103 * of data with specified size and type all headed by a priv_info_t header 104 * which defines both the type of information as well as the size of the 105 * information. ((char*)&info)+info->priv_info_size should be rounded up 106 * to point to the next piece of information. 107 */ 108 109 typedef struct priv_impl_info { 110 uint32_t priv_headersize; /* sizeof (priv_impl_info) */ 111 uint32_t priv_flags; /* additional flags */ 112 uint32_t priv_nsets; /* number of priv sets */ 113 uint32_t priv_setsize; /* size in priv_chunk_t */ 114 uint32_t priv_max; /* highest actual valid priv */ 115 uint32_t priv_infosize; /* Per proc. additional info */ 116 uint32_t priv_globalinfosize; /* Per system info */ 117 } priv_impl_info_t; 118 119 #define PRIV_IMPL_INFO_SIZE(p) \ 120 ((p)->priv_headersize + (p)->priv_globalinfosize) 121 122 #define PRIV_PRPRIV_INFO_OFFSET(p) \ 123 (sizeof (*(p)) + \ 124 ((p)->pr_nsets * (p)->pr_setsize - 1) * sizeof (priv_chunk_t)) 125 126 #define PRIV_PRPRIV_SIZE(p) \ 127 (PRIV_PRPRIV_INFO_OFFSET(p) + (p)->pr_infosize) 128 129 /* 130 * Per credential flags. 131 */ 132 #define PRIV_DEBUG 0x0001 /* User debugging */ 133 #define PRIV_AWARE 0x0002 /* Is privilege aware */ 134 #define PRIV_AWARE_INHERIT 0x0004 /* Inherit awareness */ 135 #define __PROC_PROTECT 0x0008 /* Private */ 136 #define NET_MAC_AWARE 0x0010 /* Is MAC aware */ 137 #define NET_MAC_AWARE_INHERIT 0x0020 /* Inherit MAC aware */ 138 #define PRIV_AWARE_RESET 0x0040 /* Reset on setuid() */ 139 #define PRIV_XPOLICY 0x0080 /* Extended policy */ 140 141 /* user-settable flags: */ 142 #define PRIV_USER (PRIV_DEBUG | NET_MAC_AWARE | NET_MAC_AWARE_INHERIT |\ 143 PRIV_XPOLICY | PRIV_AWARE_RESET) 144 145 /* 146 * Header of the privilege info data structure; multiple structures can 147 * follow the privilege sets and priv_impl_info structures. 148 */ 149 typedef struct priv_info { 150 uint32_t priv_info_type; 151 uint32_t priv_info_size; 152 } priv_info_t; 153 154 typedef struct priv_info_uint { 155 priv_info_t info; 156 uint_t val; 157 } priv_info_uint_t; 158 159 /* 160 * Global privilege set information item; the actual size of the array is 161 * {priv_setsize}. 162 */ 163 typedef struct priv_info_set { 164 priv_info_t info; 165 priv_chunk_t set[1]; 166 } priv_info_set_t; 167 168 /* 169 * names[1] is a place holder which can contain multiple NUL terminated, 170 * non-empty strings. 171 */ 172 173 typedef struct priv_info_names { 174 priv_info_t info; 175 int cnt; /* number of strings */ 176 char names[1]; /* "string1\0string2\0 ..stringN\0" */ 177 } priv_info_names_t; 178 179 /* 180 * Privilege information types. 181 */ 182 #define PRIV_INFO_SETNAMES 0x0001 183 #define PRIV_INFO_PRIVNAMES 0x0002 184 #define PRIV_INFO_BASICPRIVS 0x0003 185 #define PRIV_INFO_FLAGS 0x0004 186 187 /* 188 * Special "privileges" used to indicate special conditions in privilege 189 * debugging/tracing code. 190 */ 191 #define PRIV_ALL (-1) /* All privileges required */ 192 #define PRIV_MULTIPLE (-2) /* More than one */ 193 #define PRIV_NONE (-3) /* No value */ 194 #define PRIV_ALLZONE (-4) /* All privileges in zone */ 195 #define PRIV_GLOBAL (-5) /* Must be in global zone */ 196 197 #ifdef _KERNEL 198 199 #define PRIV_ALLOC 0x1 200 201 struct proc; 202 struct prpriv; 203 struct cred; 204 205 extern int priv_prgetprivsize(struct prpriv *); 206 extern void cred2prpriv(const struct cred *, struct prpriv *); 207 extern int priv_pr_spriv(struct proc *, struct prpriv *, const struct cred *); 208 209 extern priv_impl_info_t *priv_hold_implinfo(void); 210 extern void priv_release_implinfo(void); 211 extern size_t priv_get_implinfo_size(void); 212 extern const priv_set_t *priv_getset(const struct cred *, int); 213 extern void priv_getinfo(const struct cred *, void *); 214 extern int priv_getbyname(const char *, uint_t); 215 extern int priv_getsetbyname(const char *, int); 216 extern const char *priv_getbynum(int); 217 extern const char *priv_getsetbynum(int); 218 219 extern void priv_emptyset(priv_set_t *); 220 extern void priv_fillset(priv_set_t *); 221 extern void priv_addset(priv_set_t *, int); 222 extern void priv_delset(priv_set_t *, int); 223 extern boolean_t priv_ismember(const priv_set_t *, int); 224 extern boolean_t priv_isemptyset(const priv_set_t *); 225 extern boolean_t priv_isfullset(const priv_set_t *); 226 extern boolean_t priv_isequalset(const priv_set_t *, const priv_set_t *); 227 extern boolean_t priv_issubset(const priv_set_t *, const priv_set_t *); 228 extern int priv_proc_cred_perm(const struct cred *, struct proc *, 229 struct cred **, int); 230 extern void priv_intersect(const priv_set_t *, priv_set_t *); 231 extern void priv_union(const priv_set_t *, priv_set_t *); 232 extern void priv_inverse(priv_set_t *); 233 234 extern void priv_set_PA(cred_t *); 235 extern void priv_adjust_PA(cred_t *); 236 extern void priv_reset_PA(cred_t *, boolean_t); 237 extern boolean_t priv_can_clear_PA(const cred_t *); 238 239 extern int setpflags(uint_t, uint_t, cred_t *); 240 extern uint_t getpflags(uint_t, const cred_t *); 241 242 #endif /* _KERNEL */ 243 244 #ifdef __cplusplus 245 } 246 #endif 247 248 #endif /* _SYS_PRIV_H */ 249
Indexes created Thu Nov 26 13:30:14 UTC 2009
Terms of Use |
Privacy |
Trademarks |
Copyright Policy |
Site Guidelines |
Help
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Use.
Copyright © 1995-2008 Sun Microsystems, Inc.