xref: /illumos-gate/usr/src/uts/common/sys/klpd.h (revision c40a6cd785e883b3f052b122c332e21174fc1871)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
23  */
24 
25 #ifndef	_SYS_KLPD_H
26 #define	_SYS_KLPD_H
27 
28 #include <sys/types.h>
29 #include <sys/priv.h>
30 #include <sys/procset.h>
31 
32 #ifdef _KERNEL
33 #include <sys/cred.h>
34 #include <sys/sysmacros.h>
35 #include <sys/varargs.h>
36 #endif
37 
38 #ifdef	__cplusplus
39 extern "C" {
40 #endif
41 
42 #define	KLPDCALL_VERS		1
43 
44 #define	KLPDARG_NOMORE		0		/* End of argument List */
45 #define	KLPDARG_NONE		0		/* No argument */
46 #define	KLPDARG_VNODE		1		/* vnode_t * */
47 #define	KLPDARG_INT		2		/* int */
48 #define	KLPDARG_PORT		3		/* int, port number */
49 #define	KLPDARG_TCPPORT		4		/* int, tcp port number */
50 #define	KLPDARG_UDPPORT		5		/* int, udp port number */
51 #define	KLPDARG_SCTPPORT	6		/* int, sctp port number */
52 #define	KLPDARG_SDPPORT		7		/* int, sdp port number */
53 
54 #ifdef _KERNEL
55 
56 struct klpd_reg;
57 struct credklpd;
58 
59 int klpd_reg(int, idtype_t, id_t, priv_set_t *);
60 int klpd_unreg(int, idtype_t, id_t);
61 void klpd_freelist(struct klpd_reg **);
62 void klpd_rele(struct klpd_reg *);
63 int klpd_call(const cred_t *, const priv_set_t *, va_list);
64 void crklpd_hold(struct credklpd *);
65 void crklpd_rele(struct credklpd *);
66 int pfexec_reg(int);
67 int pfexec_unreg(int);
68 int pfexec_call(const cred_t *, struct pathname *, cred_t **, boolean_t *);
69 int get_forced_privs(const cred_t *, const char *, priv_set_t *);
70 int check_user_privs(const cred_t *, const priv_set_t *);
71 
72 #endif /* _KERNEL */
73 
74 typedef struct klpd_head {
75 	uint32_t	klh_vers;		/* Version */
76 	uint32_t	klh_len;		/* Length of full packet */
77 	uint32_t	klh_argoff;		/* Offset of argument */
78 	uint32_t	klh_privoff;		/* Offset of privilege set */
79 } klpd_head_t;
80 
81 #define	KLH_PRIVSET(kh)	((priv_set_t *)(((kh)->klh_privoff == 0 ? NULL : \
82 			(char *)(kh) + (kh)->klh_privoff)))
83 #define	KLH_ARG(kh)	((void *)((kh)->klh_argoff != 0 ? \
84 			(char *)(kh) + (kh)->klh_argoff : NULL))
85 
86 typedef struct klpd_arg {
87 	uint_t	kla_type;
88 	uint_t	kla_dlen;
89 	union {
90 		char	__cdata[1];
91 		int	__idata;
92 		uint_t	__uidata;
93 	} kla_data;
94 } klpd_arg_t;
95 
96 #define	kla_str		kla_data.__cdata
97 #define	kla_int		kla_data.__idata
98 #define	kla_uint	kla_data.__uidata
99 
100 #define	PFEXEC_ARG_VERS			0x1
101 #define	PFEXEC_EXEC_ATTRS		0x1	/* pfexec_reply_t */
102 #define	PFEXEC_FORCED_PRIVS		0x2	/* priv_set_t */
103 #define	PFEXEC_USER_PRIVS		0x3	/* uint32_t */
104 
105 #define	PFEXEC_ARG_SIZE(bufsize)	\
106 	(offsetof(pfexec_arg_t, pfa_data) + (bufsize))
107 
108 typedef struct pfexec_arg {
109 	uint_t	pfa_vers;		/* Caller version */
110 	uint_t	pfa_call;		/* Call type */
111 	uint_t	pfa_len;		/* Length of data */
112 	uid_t	pfa_uid;		/* Real uid of subject */
113 	union {
114 		char		__pfa_path[1];
115 		uint32_t	__pfa_buf[1];
116 	} pfa_data;
117 } pfexec_arg_t;
118 
119 #define	pfa_path	pfa_data.__pfa_path
120 #define	pfa_buf		pfa_data.__pfa_buf
121 
122 #define	PFEXEC_NOTSET		((uid_t)-1)
123 
124 typedef struct pfexec_reply {
125 	uint_t		pfr_vers;
126 	uint_t		pfr_len;
127 	uid_t		pfr_ruid, pfr_euid;
128 	gid_t		pfr_rgid, pfr_egid;
129 	boolean_t	pfr_setcred;
130 	boolean_t	pfr_scrubenv;
131 	boolean_t	pfr_clearflag;
132 	boolean_t	pfr_allowed;
133 	uint_t		pfr_ioff;
134 	uint_t		pfr_loff;
135 } pfexec_reply_t;
136 
137 #define	PFEXEC_REPLY_IPRIV(pfr)	\
138 	((pfr)->pfr_ioff ? (priv_set_t *)((char *)(pfr) + (pfr)->pfr_ioff) \
139 	:  (priv_set_t *)0)
140 #define	PFEXEC_REPLY_LPRIV(pfr)	\
141 	((pfr)->pfr_loff ? (priv_set_t *)((char *)(pfr) + (pfr)->pfr_loff) \
142 	:  (priv_set_t *)0)
143 
144 #ifdef	__cplusplus
145 }
146 #endif
147 
148 #endif	/* _SYS_KLPD_H */
149