xref: /titanic_41/usr/src/head/priv_utils.h (revision fa4825fa53a7f93d9b56c4c309623155890c9059)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  *
26  * This is a private header file.  The interfaces in this header are
27  * subject to change or removal without notice.
28  * The Sun classification is "Project Private".
29  */
30 
31 #ifndef	_PRIV_UTILS_H
32 #define	_PRIV_UTILS_H
33 
34 #pragma ident	"%Z%%M%	%I%	%E% SMI"
35 
36 #include <priv.h>
37 
38 
39 #ifdef	__cplusplus
40 extern "C" {
41 #endif
42 
43 #define	PU_RESETGROUPS		0x0001	/* Remove supplemental groups */
44 #define	PU_LIMITPRIVS		0x0002	/* L=P */
45 #define	PU_INHERITPRIVS		0x0004	/* I=P */
46 #define	PU_CLEARLIMITSET	0x0008	/* L=0 */
47 
48 /*
49  * Should be run at the start of a set-uid root program;
50  * if the effective uid == 0 and the real uid != 0,
51  * the specified privileges X are assigned as follows:
52  *
53  * P = I + X + B (B added insofar allowable from L)
54  * E = I
55  * (i.e., the requested privileges are dormant, not active)
56  * Then resets all uids to the invoking uid; no-op if euid == uid == 0.
57  *
58  * flags: PU_LIMITPRIVS, PU_CLEARLIMITSET, PU_CLEARINHERITABLE
59  *
60  * Caches the required privileges for use by __priv_bracket().
61  *
62  */
63 extern int __init_suid_priv(int, ...);
64 
65 /*
66  * After calling __init_suid_priv we can __priv_bracket(PRIV_ON) and
67  * __priv_bracket(PRIV_OFF) and __priv_relinquish to get rid of the
68  * privileges forever.
69  */
70 extern int __priv_bracket(priv_op_t);
71 extern void __priv_relinquish(void);
72 
73 /*
74  * Runs at the start of a daemon, assuming euid=uid=0.
75  *
76  * P = E = B + X
77  *
78  * Then resets uids.
79  *
80  * Flags: all
81  *
82  */
83 extern int __init_daemon_priv(int, uid_t, gid_t, ...);
84 
85 /*
86  * Runs after the daemon is initialized, and gives up the privileges
87  * passed in as argument because they are no longer needed.
88  * Reenables core dumps.
89  */
90 extern void __fini_daemon_priv(const char *, ...);
91 
92 #ifdef	__cplusplus
93 }
94 #endif
95 
96 #endif	/* _PRIV_UTILS_H */
97