1c10c16deSRichard Lowe.\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved. 2*0a4ff7c0SAndy Fiddaman.\" The contents of this file are subject to the terms of the Common 3*0a4ff7c0SAndy Fiddaman.\" Development and Distribution License (the "License"). You may not use 4*0a4ff7c0SAndy Fiddaman.\" this file except in compliance with the License. 5*0a4ff7c0SAndy Fiddaman.\" 6*0a4ff7c0SAndy Fiddaman.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or 7*0a4ff7c0SAndy Fiddaman.\" http://www.opensolaris.org/os/licensing. See the License for the 8*0a4ff7c0SAndy Fiddaman.\" specific language governing permissions and limitations under the 9*0a4ff7c0SAndy Fiddaman.\" License. 10*0a4ff7c0SAndy Fiddaman.\" 11*0a4ff7c0SAndy Fiddaman.\" When distributing Covered Code, include this CDDL HEADER in each file 12*0a4ff7c0SAndy Fiddaman.\" and include the License file at usr/src/OPENSOLARIS.LICENSE. If 13*0a4ff7c0SAndy Fiddaman.\" applicable, add the following below this CDDL HEADER, with the fields 14*0a4ff7c0SAndy Fiddaman.\" enclosed by brackets "[]" replaced with your own identifying 15*0a4ff7c0SAndy Fiddaman.\" information: Portions Copyright [yyyy] [name of copyright owner] 16*0a4ff7c0SAndy Fiddaman.\" 17*0a4ff7c0SAndy Fiddaman.\" Copyright 2022 OmniOS Community Edition (OmniOSce) Association. 18*0a4ff7c0SAndy Fiddaman.\" 19*0a4ff7c0SAndy Fiddaman.Dd June 3, 2022 20*0a4ff7c0SAndy Fiddaman.Dt PRIV_SET 3C 21*0a4ff7c0SAndy Fiddaman.Os 22*0a4ff7c0SAndy Fiddaman.Sh NAME 23*0a4ff7c0SAndy Fiddaman.Nm priv_set , 24*0a4ff7c0SAndy Fiddaman.Nm priv_ineffect 25*0a4ff7c0SAndy Fiddaman.Nd change privilege sets and check whether privileges are set 26*0a4ff7c0SAndy Fiddaman.Sh SYNOPSIS 27*0a4ff7c0SAndy Fiddaman.In priv.h 28*0a4ff7c0SAndy Fiddaman.Ft int 29*0a4ff7c0SAndy Fiddaman.Fo priv_set 30*0a4ff7c0SAndy Fiddaman.Fa "priv_op_t op" 31*0a4ff7c0SAndy Fiddaman.Fa "priv_ptype_t which" 32*0a4ff7c0SAndy Fiddaman.Fa "..." 33*0a4ff7c0SAndy Fiddaman.Fc 34*0a4ff7c0SAndy Fiddaman.Ft boolean_t 35*0a4ff7c0SAndy Fiddaman.Fo priv_ineffect 36*0a4ff7c0SAndy Fiddaman.Fa "const char *priv" 37*0a4ff7c0SAndy Fiddaman.Fc 38*0a4ff7c0SAndy Fiddaman.Sh DESCRIPTION 39*0a4ff7c0SAndy Fiddaman.Fn priv_set 40*0a4ff7c0SAndy Fiddamanis a convenient wrapper for the 41*0a4ff7c0SAndy Fiddaman.Xr setppriv 2 42*0a4ff7c0SAndy Fiddamanfunction. 43*0a4ff7c0SAndy FiddamanIt takes three or more arguments. 44*0a4ff7c0SAndy FiddamanThe operation argument, 45*0a4ff7c0SAndy Fiddaman.Ar op , 46*0a4ff7c0SAndy Fiddamancan be one of 47*0a4ff7c0SAndy Fiddaman.Dv PRIV_OFF , PRIV_ON 48*0a4ff7c0SAndy Fiddamanor 49*0a4ff7c0SAndy Fiddaman.Dv PRIV_SET . 50*0a4ff7c0SAndy FiddamanThe 51*0a4ff7c0SAndy Fiddaman.Ar which 52*0a4ff7c0SAndy Fiddamanargument is the name of the privilege set to change, one of 53*0a4ff7c0SAndy Fiddaman.Dv PRIV_EFFECTIVE , PRIV_INHERITABLE , PRIV_PERMITTED , PRIV_LIMIT 54*0a4ff7c0SAndy Fiddamanor the special pseudo set 55*0a4ff7c0SAndy Fiddaman.Dv PRIV_ALLSETS 56*0a4ff7c0SAndy Fiddamanif the operation should be applied to all privilege sets. 57*0a4ff7c0SAndy FiddamanSubsequent arguments provide zero or more privilege names, terminated with a 58*0a4ff7c0SAndy Fiddaman.Dv NULL 59*0a4ff7c0SAndy Fiddamanpointer. 60*0a4ff7c0SAndy FiddamanSee 61*0a4ff7c0SAndy Fiddaman.Sx EXAMPLES . 62*0a4ff7c0SAndy Fiddaman.Pp 63c10c16deSRichard LoweThe specified privileges are converted to a binary privilege set and 64*0a4ff7c0SAndy Fiddaman.Xr setppriv 2 65*0a4ff7c0SAndy Fiddamanis called with the same 66*0a4ff7c0SAndy Fiddaman.Ar op 67*0a4ff7c0SAndy Fiddamanand 68*0a4ff7c0SAndy Fiddaman.Ar which 69*0a4ff7c0SAndy Fiddamanarguments. 70*0a4ff7c0SAndy FiddamanWhen called with 71*0a4ff7c0SAndy Fiddaman.Dv PRIV_ALLSETS 72*0a4ff7c0SAndy Fiddamanas the value for the 73*0a4ff7c0SAndy Fiddaman.Ar which 74*0a4ff7c0SAndy Fiddamanargument, 75*0a4ff7c0SAndy Fiddaman.Xr setppriv 2 76*0a4ff7c0SAndy Fiddamanis called for each set in turn, aborting on the first failed call. 77*0a4ff7c0SAndy Fiddaman.Pp 78*0a4ff7c0SAndy Fiddaman.Fn priv_ineffect 79*0a4ff7c0SAndy Fiddamanis a convenient wrapper for the 80*0a4ff7c0SAndy Fiddaman.Xr getppriv 2 81*0a4ff7c0SAndy Fiddamanfunction. 82*0a4ff7c0SAndy FiddamanThe 83*0a4ff7c0SAndy Fiddaman.Ar priv 84*0a4ff7c0SAndy Fiddamanargument specifies the name of a privilege, and this function checks for its 85*0a4ff7c0SAndy Fiddamanpresence in the effective set. 86*0a4ff7c0SAndy Fiddaman.Sh RETURN VALUES 87*0a4ff7c0SAndy FiddamanUpon successful completion, 88*0a4ff7c0SAndy Fiddaman.Fn priv_set 89*0a4ff7c0SAndy Fiddamanreturn 0. 90*0a4ff7c0SAndy FiddamanOtherwise, -1 is returned and 91*0a4ff7c0SAndy Fiddaman.Dv errno 92*0a4ff7c0SAndy Fiddamanis set to indicate the error. 93*0a4ff7c0SAndy Fiddaman.Pp 94*0a4ff7c0SAndy FiddamanIf 95*0a4ff7c0SAndy Fiddaman.Ar priv 96*0a4ff7c0SAndy Fiddamanis a valid privilege that is a member of the effective set, 97*0a4ff7c0SAndy Fiddaman.Fn priv_ineffect 98*0a4ff7c0SAndy Fiddamanreturns 99*0a4ff7c0SAndy Fiddaman.Dv B_TRUE . 100*0a4ff7c0SAndy FiddamanOtherwise, it returns 101*0a4ff7c0SAndy Fiddaman.Dv B_FALSE 102*0a4ff7c0SAndy Fiddamanand sets 103*0a4ff7c0SAndy Fiddaman.Dv errno 104*0a4ff7c0SAndy Fiddamanto indicate the error. 105*0a4ff7c0SAndy Fiddaman.Sh EXAMPLES 106*0a4ff7c0SAndy Fiddaman.Sy Example 1 107*0a4ff7c0SAndy FiddamanUsing 108*0a4ff7c0SAndy Fiddaman.Fn priv_set 109*0a4ff7c0SAndy Fiddaman.Bd -literal -offset 6n 110*0a4ff7c0SAndy Fiddaman#include <priv.h> 111*0a4ff7c0SAndy Fiddaman\&... 112*0a4ff7c0SAndy Fiddaman/* Remove basic privileges we don't need */ 113*0a4ff7c0SAndy Fiddaman(void) priv_set(PRIV_OFF, PRIV_PERMITTED, PRIV_PROC_EXEC, 114*0a4ff7c0SAndy Fiddaman PRIV_PROC_INFO, PRIV_FILE_LINK_ANY, PRIV_PROC_SESSION, 115*0a4ff7c0SAndy Fiddaman NULL); 116*0a4ff7c0SAndy Fiddaman.Ed 117*0a4ff7c0SAndy Fiddaman.Sh ERRORS 118*0a4ff7c0SAndy FiddamanThe 119*0a4ff7c0SAndy Fiddaman.Fn priv_set 120*0a4ff7c0SAndy Fiddamanfunction will fail if: 121*0a4ff7c0SAndy Fiddaman.Bl -tag -width Ds 122*0a4ff7c0SAndy Fiddaman.It Er EINVAL 123*0a4ff7c0SAndy FiddamanThe value of 124*0a4ff7c0SAndy Fiddaman.Ar op 125*0a4ff7c0SAndy Fiddamanor 126*0a4ff7c0SAndy Fiddaman.Ar which 127*0a4ff7c0SAndy Fiddamanis out of range. 128*0a4ff7c0SAndy Fiddaman.It Er ENOMEM 129c10c16deSRichard LoweInsufficient memory was allocated. 130*0a4ff7c0SAndy Fiddaman.It Er EPERM 131*0a4ff7c0SAndy FiddamanThe application attempted to add privileges to 132*0a4ff7c0SAndy Fiddaman.Dv PRIV_LIMIT 133*0a4ff7c0SAndy Fiddamanor 134*0a4ff7c0SAndy Fiddaman.Dv PRIV_PERMITTED , 135*0a4ff7c0SAndy Fiddamanor the application attempted to add privileges to 136*0a4ff7c0SAndy Fiddaman.Dv PRIV_INHERITABLE 137*0a4ff7c0SAndy Fiddamanor 138*0a4ff7c0SAndy Fiddaman.Dv PRIV_EFFECTIVE 139*0a4ff7c0SAndy Fiddamanthat were not in 140*0a4ff7c0SAndy Fiddaman.Dv PRIV_PERMITTED . 141*0a4ff7c0SAndy Fiddaman.El 142*0a4ff7c0SAndy Fiddaman.Pp 143*0a4ff7c0SAndy FiddamanThe 144*0a4ff7c0SAndy Fiddaman.Fn priv_ineffect 145*0a4ff7c0SAndy Fiddamanfunction will fail if: 146*0a4ff7c0SAndy Fiddaman.Bl -tag -width Ds 147*0a4ff7c0SAndy Fiddaman.It Er EINVAL 148*0a4ff7c0SAndy FiddamanThe privilege specified by 149*0a4ff7c0SAndy Fiddaman.Ar priv 150*0a4ff7c0SAndy Fiddamanis invalid. 151*0a4ff7c0SAndy Fiddaman.It Er ENOMEM 152c10c16deSRichard LoweInsufficient memory was allocated. 153*0a4ff7c0SAndy Fiddaman.El 154*0a4ff7c0SAndy Fiddaman.Sh INTERFACE STABILITY 155*0a4ff7c0SAndy Fiddaman.Sy Uncommitted 156*0a4ff7c0SAndy Fiddaman.Sh MT-LEVEL 157*0a4ff7c0SAndy Fiddaman.Sy MT-Safe 158*0a4ff7c0SAndy Fiddaman.Sh SEE ALSO 159*0a4ff7c0SAndy Fiddaman.Xr setppriv 2 , 160*0a4ff7c0SAndy Fiddaman.Xr priv_str_to_set 3C , 161*0a4ff7c0SAndy Fiddaman.Xr attributes 7 , 162*0a4ff7c0SAndy Fiddaman.Xr privileges 7 163