xref: /illumos-gate/usr/src/lib/libtsol/common/privlib.c (revision ddb365bfc9e868ad24ccdcb0dc91af18b10df082) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #include 	<errno.h>
27 #include 	<priv.h>
28 #include 	<sys/tsol/priv.h>
29 #include 	<sys/varargs.h>
30 
31 /*
32  * set_effective_priv(op, num_priv, priv_id1, priv_id2, ... )
33  *
34  * Library routine to enable a user process to set its effective
35  * privilege set appropriately using a single call.  User is
36  * required to specify the number of privilege ids that follow as
37  * arguments, rather than depending on the compiler to terminate
38  * the argument list with a NULL, which may be compiler-dependent.
39  */
40 int
41 set_effective_priv(priv_op_t op, int num_priv, ...)
42 {
43 	priv_set_t *priv_set;
44 	priv_t priv_id;
45 	va_list ap;
46 	int	status;
47 
48 	priv_set = priv_allocset();
49 	PRIV_EMPTY(priv_set);
50 
51 	va_start(ap, num_priv);
52 	while (num_priv--) {
53 		char	*priv_name;
54 		/*
55 		 * Do sanity checking on priv_id's here to assure
56 		 * valid inputs to privilege macros.  This checks
57 		 * num_priv argument as well.
58 		 */
59 		priv_id = va_arg(ap, priv_t);
60 		priv_name = (char *)priv_getbynum((int)(uintptr_t)priv_id);
61 		if (priv_name == NULL) {
62 			errno = EINVAL;
63 			priv_freeset(priv_set);
64 			return (-1);
65 		}
66 		(void) priv_addset(priv_set, priv_name);
67 	}
68 	va_end(ap);
69 
70 	/*
71 	 * Depend on system call to do sanity checking on "op"
72 	 */
73 	status = setppriv(op, PRIV_EFFECTIVE, priv_set);
74 	priv_freeset(priv_set);
75 	return (status);
76 
77 } /* set_effective_priv() */
78 
79 
80 
81 
82 /*
83  * set_inheritable_priv(op, num_priv, priv_id1, priv_id2, ... )
84  *
85  * Library routine to enable a user process to set its inheritable
86  * privilege set appropriately using a single call.  User is
87  * required to specify the number of privilege ids that follow as
88  * arguments, rather than depending on the compiler to terminate
89  * the argument list with a NULL, which may be compiler-dependent.
90  */
91 int
92 set_inheritable_priv(priv_op_t op, int num_priv, ...)
93 {
94 	priv_set_t *priv_set;
95 	priv_t priv_id;
96 	va_list ap;
97 	int	status;
98 
99 	priv_set = priv_allocset();
100 
101 	PRIV_EMPTY(priv_set);
102 
103 	va_start(ap, num_priv);
104 	while (num_priv--) {
105 		/*
106 		 * Do sanity checking on priv_id's here to assure
107 		 * valid inputs to privilege macros.  This checks
108 		 * num_priv argument as well.
109 		 */
110 		priv_id = va_arg(ap, priv_t);
111 		if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
112 			errno = EINVAL;
113 			priv_freeset(priv_set);
114 			return (-1);
115 		}
116 		(void) PRIV_ASSERT(priv_set, priv_id);
117 	}
118 	va_end(ap);
119 
120 	/*
121 	 * Depend on system call to do sanity checking on "op"
122 	 */
123 	status = setppriv(op, PRIV_INHERITABLE, priv_set);
124 	priv_freeset(priv_set);
125 	return (status);
126 
127 } /* set_inheritable_priv() */
128 
129 
130 
131 
132 /*
133  * set_permitted_priv(op, num_priv, priv_id1, priv_id2, ... )
134  *
135  * Library routine to enable a user process to set its permitted
136  * privilege set appropriately using a single call.  User is
137  * required to specify the number of privilege ids that follow as
138  * arguments, rather than depending on the compiler to terminate
139  * the argument list with a NULL, which may be compiler-dependent.
140  */
141 int
142 set_permitted_priv(priv_op_t op, int num_priv, ...)
143 {
144 	priv_set_t *priv_set;
145 	priv_t priv_id;
146 	va_list ap;
147 	int	status;
148 
149 	priv_set = priv_allocset();
150 
151 	PRIV_EMPTY(priv_set);
152 
153 	va_start(ap, num_priv);
154 	while (num_priv--) {
155 		/*
156 		 * Do sanity checking on priv_id's here to assure
157 		 * valid inputs to privilege macros.  This checks
158 		 * num_priv argument as well.
159 		 */
160 		priv_id = va_arg(ap, priv_t);
161 		if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
162 			errno = EINVAL;
163 			priv_freeset(priv_set);
164 			return (-1);
165 		}
166 		(void) PRIV_ASSERT(priv_set, priv_id);
167 	}
168 	va_end(ap);
169 
170 	/*
171 	 * Depend on system call to do sanity checking on "op"
172 	 */
173 	status = setppriv(op, PRIV_PERMITTED, priv_set);
174 	priv_freeset(priv_set);
175 	return (status);
176 
177 } /* set_permitted_priv() */
178