xref: /titanic_41/usr/src/head/exec_attr.h (revision 634e26ec75c89095090605284938356a3145f2b8) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 #ifndef	_EXEC_ATTR_H
27 #define	_EXEC_ATTR_H
28 
29 #ifdef	__cplusplus
30 extern "C" {
31 #endif
32 
33 
34 #include <sys/types.h>
35 #include <secdb.h>
36 
37 
38 #define	EXECATTR_FILENAME		"/etc/security/exec_attr"
39 #define	EXECATTR_DB_NAME		"exec_attr.org_dir"
40 #define	EXECATTR_DB_NCOL		7	/* total columns */
41 #define	EXECATTR_DB_NKEYCOL		3	/* total searchable columns */
42 #define	EXECATTR_DB_TBLT		"exec_attr_tbl"
43 #define	EXECATTR_NAME_DEFAULT_KW	"nobody"
44 
45 #define	EXECATTR_COL0_KW		"name"
46 #define	EXECATTR_COL1_KW		"policy"
47 #define	EXECATTR_COL2_KW		"type"
48 #define	EXECATTR_COL3_KW		"res1"
49 #define	EXECATTR_COL4_KW		"res2"
50 #define	EXECATTR_COL5_KW		"id"
51 #define	EXECATTR_COL6_KW		"attr"
52 
53 /*
54  * indices of searchable columns
55  */
56 #define	EXECATTR_KEYCOL0		0	/* name */
57 #define	EXECATTR_KEYCOL1		1	/* policy */
58 #define	EXECATTR_KEYCOL2		5	/* id */
59 
60 
61 /*
62  * Some macros used internally by the nsswitch code
63  */
64 
65 /*
66  * These macros are bitmasks. GET_ONE and GET_ALL are bitfield 0
67  * and thus mutually exclusive. __SEARCH_ALL_POLLS is bitfield
68  * 1 and can be logically ORed with GET_ALL if one wants to get
69  * all matching profiles from all policies, not just the ones from
70  * the currently active policy
71  *
72  * Testing for these values should be done using the IS_* macros
73  * defined below.
74  */
75 #define	GET_ONE			0
76 #define	GET_ALL			1
77 #define	__SEARCH_ALL_POLS	2
78 
79 /* get only one exec_attr from list */
80 #define	IS_GET_ONE(f) (((f) & GET_ALL) == 0)
81 /* get all matching exec_attrs in list */
82 #define	IS_GET_ALL(f) (((f) & GET_ALL) == 1)
83 /* search all existing policies */
84 #define	IS_SEARCH_ALL(f) (((f) & __SEARCH_ALL_POLS) == __SEARCH_ALL_POLS)
85 
86 /*
87  * Key words used in the exec_attr database
88  */
89 #define	EXECATTR_EUID_KW	"euid"
90 #define	EXECATTR_EGID_KW	"egid"
91 #define	EXECATTR_UID_KW		"uid"
92 #define	EXECATTR_GID_KW		"gid"
93 #define	EXECATTR_LPRIV_KW	"limitprivs"
94 #define	EXECATTR_IPRIV_KW	"privs"
95 
96 /*
97  * Nsswitch representation of execution attributes.
98  */
99 typedef struct execstr_s {
100 	char   *name;		/* profile name */
101 	char   *policy;		/* suser/rbac/tsol */
102 	char   *type;		/* cmd/act */
103 	char   *res1;		/* reserved for future use */
104 	char   *res2;		/* reserved for future use */
105 	char   *id;		/* unique ID */
106 	char   *attr;		/* string of key-value pair attributes */
107 	struct execstr_s *next;	/* pointer to next entry */
108 } execstr_t;
109 
110 typedef struct execattr_s {
111 	char   *name;		/* profile name */
112 	char   *policy;		/* suser/rbac/tsol */
113 	char   *type;		/* cmd/act */
114 	char   *res1;		/* reserved for future use */
115 	char   *res2;		/* reserved for future use */
116 	char   *id;		/* unique ID */
117 	kva_t  *attr;		/* array of key-value pair attributes */
118 	struct execattr_s *next;	/* pointer to next entry */
119 } execattr_t;
120 
121 typedef struct __private_execattr {
122 	const char *name;
123 	const char *type;
124 	const char *id;
125 	const char *policy;
126 	int search_flag;
127 	execstr_t *head_exec;
128 	execstr_t *prev_exec;
129 } _priv_execattr;		/* Un-supported. For Sun internal use only */
130 
131 
132 #ifdef    __STDC__
133 extern execattr_t *getexecattr(void);
134 extern execattr_t *getexecuser(const char *, const char *, const char *, int);
135 extern execattr_t *getexecprof(const char *, const char *, const char *, int);
136 extern execattr_t *match_execattr(execattr_t *, const char *, const char *, \
137 	const char *);
138 extern void free_execattr(execattr_t *);
139 extern void setexecattr(void);
140 extern void endexecattr(void);
141 
142 #else				/* not __STDC__ */
143 
144 extern execattr_t *getexecattr();
145 extern execattr_t *getexecuser();
146 extern execattr_t *getexecprof();
147 extern execattr_t *match_execattr();
148 extern void setexecattr();
149 extern void endexecattr();
150 extern void free_execattr();
151 #endif
152 
153 #ifdef __cplusplus
154 }
155 #endif
156 
157 #endif	/* _EXEC_ATTR_H */
158