xref: /illumos-gate/usr/src/lib/libtsol/common/privlib.c (revision 1f5207b7604fb44407eb4342aff613f7c4508508)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #pragma ident	"%Z%%M%	%I%	%E% SMI"
27 
28 #include 	<errno.h>
29 #include 	<priv.h>
30 #include 	<sys/tsol/priv.h>
31 #include 	<sys/varargs.h>
32 
33 /*
34  * set_effective_priv(op, num_priv, priv_id1, priv_id2, ... )
35  *
36  * Library routine to enable a user process to set its effective
37  * privilege set appropriately using a single call.  User is
38  * required to specify the number of privilege ids that follow as
39  * arguments, rather than depending on the compiler to terminate
40  * the argument list with a NULL, which may be compiler-dependent.
41  */
42 int
43 set_effective_priv(priv_op_t op, int num_priv, ...)
44 {
45 	priv_set_t *priv_set;
46 	priv_t priv_id;
47 	va_list ap;
48 	int	status;
49 
50 	priv_set = priv_allocset();
51 	PRIV_EMPTY(priv_set);
52 
53 	va_start(ap, num_priv);
54 	while (num_priv--) {
55 		char	*priv_name;
56 		/*
57 		 * Do sanity checking on priv_id's here to assure
58 		 * valid inputs to privilege macros.  This checks
59 		 * num_priv argument as well.
60 		 */
61 		priv_id = va_arg(ap, priv_t);
62 		priv_name = (char *)priv_getbynum((int)(uintptr_t)priv_id);
63 		if (priv_name == NULL) {
64 			errno = EINVAL;
65 			priv_freeset(priv_set);
66 			return (-1);
67 		}
68 		(void) priv_addset(priv_set, priv_name);
69 	}
70 	va_end(ap);
71 
72 	/*
73 	 * Depend on system call to do sanity checking on "op"
74 	 */
75 	status = setppriv(op, PRIV_EFFECTIVE, priv_set);
76 	priv_freeset(priv_set);
77 	return (status);
78 
79 } /* set_effective_priv() */
80 
81 
82 
83 
84 /*
85  * set_inheritable_priv(op, num_priv, priv_id1, priv_id2, ... )
86  *
87  * Library routine to enable a user process to set its inheritable
88  * privilege set appropriately using a single call.  User is
89  * required to specify the number of privilege ids that follow as
90  * arguments, rather than depending on the compiler to terminate
91  * the argument list with a NULL, which may be compiler-dependent.
92  */
93 int
94 set_inheritable_priv(priv_op_t op, int num_priv, ...)
95 {
96 	priv_set_t *priv_set;
97 	priv_t priv_id;
98 	va_list ap;
99 	int	status;
100 
101 	priv_set = priv_allocset();
102 
103 	PRIV_EMPTY(priv_set);
104 
105 	va_start(ap, num_priv);
106 	while (num_priv--) {
107 		/*
108 		 * Do sanity checking on priv_id's here to assure
109 		 * valid inputs to privilege macros.  This checks
110 		 * num_priv argument as well.
111 		 */
112 		priv_id = va_arg(ap, priv_t);
113 		if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
114 			errno = EINVAL;
115 			priv_freeset(priv_set);
116 			return (-1);
117 		}
118 		(void) PRIV_ASSERT(priv_set, priv_id);
119 	}
120 	va_end(ap);
121 
122 	/*
123 	 * Depend on system call to do sanity checking on "op"
124 	 */
125 	status = setppriv(op, PRIV_INHERITABLE, priv_set);
126 	priv_freeset(priv_set);
127 	return (status);
128 
129 } /* set_inheritable_priv() */
130 
131 
132 
133 
134 /*
135  * set_permitted_priv(op, num_priv, priv_id1, priv_id2, ... )
136  *
137  * Library routine to enable a user process to set its permitted
138  * privilege set appropriately using a single call.  User is
139  * required to specify the number of privilege ids that follow as
140  * arguments, rather than depending on the compiler to terminate
141  * the argument list with a NULL, which may be compiler-dependent.
142  */
143 int
144 set_permitted_priv(priv_op_t op, int num_priv, ...)
145 {
146 	priv_set_t *priv_set;
147 	priv_t priv_id;
148 	va_list ap;
149 	int	status;
150 
151 	priv_set = priv_allocset();
152 
153 	PRIV_EMPTY(priv_set);
154 
155 	va_start(ap, num_priv);
156 	while (num_priv--) {
157 		/*
158 		 * Do sanity checking on priv_id's here to assure
159 		 * valid inputs to privilege macros.  This checks
160 		 * num_priv argument as well.
161 		 */
162 		priv_id = va_arg(ap, priv_t);
163 		if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
164 			errno = EINVAL;
165 			priv_freeset(priv_set);
166 			return (-1);
167 		}
168 		(void) PRIV_ASSERT(priv_set, priv_id);
169 	}
170 	va_end(ap);
171 
172 	/*
173 	 * Depend on system call to do sanity checking on "op"
174 	 */
175 	status = setppriv(op, PRIV_PERMITTED, priv_set);
176 	priv_freeset(priv_set);
177 	return (status);
178 
179 } /* set_permitted_priv() */
180