1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #pragma ident "%Z%%M% %I% %E% SMI"
27
28 #include <errno.h>
29 #include <priv.h>
30 #include <sys/tsol/priv.h>
31 #include <sys/varargs.h>
32
33 /*
34 * set_effective_priv(op, num_priv, priv_id1, priv_id2, ... )
35 *
36 * Library routine to enable a user process to set its effective
37 * privilege set appropriately using a single call. User is
38 * required to specify the number of privilege ids that follow as
39 * arguments, rather than depending on the compiler to terminate
40 * the argument list with a NULL, which may be compiler-dependent.
41 */
42 int
set_effective_priv(priv_op_t op,int num_priv,...)43 set_effective_priv(priv_op_t op, int num_priv, ...)
44 {
45 priv_set_t *priv_set;
46 priv_t priv_id;
47 va_list ap;
48 int status;
49
50 priv_set = priv_allocset();
51 PRIV_EMPTY(priv_set);
52
53 va_start(ap, num_priv);
54 while (num_priv--) {
55 char *priv_name;
56 /*
57 * Do sanity checking on priv_id's here to assure
58 * valid inputs to privilege macros. This checks
59 * num_priv argument as well.
60 */
61 priv_id = va_arg(ap, priv_t);
62 priv_name = (char *)priv_getbynum((int)(uintptr_t)priv_id);
63 if (priv_name == NULL) {
64 errno = EINVAL;
65 priv_freeset(priv_set);
66 return (-1);
67 }
68 (void) priv_addset(priv_set, priv_name);
69 }
70 va_end(ap);
71
72 /*
73 * Depend on system call to do sanity checking on "op"
74 */
75 status = setppriv(op, PRIV_EFFECTIVE, priv_set);
76 priv_freeset(priv_set);
77 return (status);
78
79 } /* set_effective_priv() */
80
81
82
83
84 /*
85 * set_inheritable_priv(op, num_priv, priv_id1, priv_id2, ... )
86 *
87 * Library routine to enable a user process to set its inheritable
88 * privilege set appropriately using a single call. User is
89 * required to specify the number of privilege ids that follow as
90 * arguments, rather than depending on the compiler to terminate
91 * the argument list with a NULL, which may be compiler-dependent.
92 */
93 int
set_inheritable_priv(priv_op_t op,int num_priv,...)94 set_inheritable_priv(priv_op_t op, int num_priv, ...)
95 {
96 priv_set_t *priv_set;
97 priv_t priv_id;
98 va_list ap;
99 int status;
100
101 priv_set = priv_allocset();
102
103 PRIV_EMPTY(priv_set);
104
105 va_start(ap, num_priv);
106 while (num_priv--) {
107 /*
108 * Do sanity checking on priv_id's here to assure
109 * valid inputs to privilege macros. This checks
110 * num_priv argument as well.
111 */
112 priv_id = va_arg(ap, priv_t);
113 if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
114 errno = EINVAL;
115 priv_freeset(priv_set);
116 return (-1);
117 }
118 (void) PRIV_ASSERT(priv_set, priv_id);
119 }
120 va_end(ap);
121
122 /*
123 * Depend on system call to do sanity checking on "op"
124 */
125 status = setppriv(op, PRIV_INHERITABLE, priv_set);
126 priv_freeset(priv_set);
127 return (status);
128
129 } /* set_inheritable_priv() */
130
131
132
133
134 /*
135 * set_permitted_priv(op, num_priv, priv_id1, priv_id2, ... )
136 *
137 * Library routine to enable a user process to set its permitted
138 * privilege set appropriately using a single call. User is
139 * required to specify the number of privilege ids that follow as
140 * arguments, rather than depending on the compiler to terminate
141 * the argument list with a NULL, which may be compiler-dependent.
142 */
143 int
set_permitted_priv(priv_op_t op,int num_priv,...)144 set_permitted_priv(priv_op_t op, int num_priv, ...)
145 {
146 priv_set_t *priv_set;
147 priv_t priv_id;
148 va_list ap;
149 int status;
150
151 priv_set = priv_allocset();
152
153 PRIV_EMPTY(priv_set);
154
155 va_start(ap, num_priv);
156 while (num_priv--) {
157 /*
158 * Do sanity checking on priv_id's here to assure
159 * valid inputs to privilege macros. This checks
160 * num_priv argument as well.
161 */
162 priv_id = va_arg(ap, priv_t);
163 if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
164 errno = EINVAL;
165 priv_freeset(priv_set);
166 return (-1);
167 }
168 (void) PRIV_ASSERT(priv_set, priv_id);
169 }
170 va_end(ap);
171
172 /*
173 * Depend on system call to do sanity checking on "op"
174 */
175 status = setppriv(op, PRIV_PERMITTED, priv_set);
176 priv_freeset(priv_set);
177 return (status);
178
179 } /* set_permitted_priv() */
180