Annotation of embedaddon/strongswan/src/libstrongswan/utils/capabilities.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2013 Tobias Brunner
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: * Copyright (C) 2012 Martin Willi
! 5: * Copyright (C) 2012 revosec AG
! 6: *
! 7: * This program is free software; you can redistribute it and/or modify it
! 8: * under the terms of the GNU General Public License as published by the
! 9: * Free Software Foundation; either version 2 of the License, or (at your
! 10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 11: *
! 12: * This program is distributed in the hope that it will be useful, but
! 13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 15: * for more details.
! 16: */
! 17:
! 18: /**
! 19: * @defgroup capabilities capabilities
! 20: * @{ @ingroup utils
! 21: */
! 22:
! 23: #ifndef CAPABILITIES_H_
! 24: #define CAPABILITIES_H_
! 25:
! 26: typedef struct capabilities_t capabilities_t;
! 27:
! 28: #include <library.h>
! 29: #ifdef HAVE_SYS_CAPABILITY_H
! 30: # include <sys/capability.h>
! 31: #elif defined(CAPABILITIES_NATIVE)
! 32: # include <linux/capability.h>
! 33: #endif
! 34:
! 35: #ifndef CAP_CHOWN
! 36: # define CAP_CHOWN 0
! 37: #endif
! 38: #ifndef CAP_NET_BIND_SERVICE
! 39: # define CAP_NET_BIND_SERVICE 10
! 40: #endif
! 41: #ifndef CAP_NET_ADMIN
! 42: # define CAP_NET_ADMIN 12
! 43: #endif
! 44: #ifndef CAP_NET_RAW
! 45: # define CAP_NET_RAW 13
! 46: #endif
! 47: #ifndef CAP_DAC_OVERRIDE
! 48: # define CAP_DAC_OVERRIDE 1
! 49: #endif
! 50: #ifndef CAP_SETPCAP
! 51: # define CAP_SETPCAP 8
! 52: #endif
! 53:
! 54: /**
! 55: * POSIX capability dropping abstraction layer.
! 56: */
! 57: struct capabilities_t {
! 58:
! 59: /**
! 60: * Register a capability to keep while calling drop(). Verifies that the
! 61: * capability is currently held.
! 62: *
! 63: * @note CAP_CHOWN is handled specially as it might not be required.
! 64: *
! 65: * @param cap capability to keep
! 66: * @return FALSE if the capability is currently not held
! 67: */
! 68: bool (*keep)(capabilities_t *this,
! 69: u_int cap) __attribute__((warn_unused_result));
! 70:
! 71: /**
! 72: * Check if the given capability is currently held.
! 73: *
! 74: * @note CAP_CHOWN is handled specially as it might not be required.
! 75: *
! 76: * @param cap capability to check
! 77: * @return TRUE if the capability is currently held
! 78: */
! 79: bool (*check)(capabilities_t *this, u_int cap);
! 80:
! 81: /**
! 82: * Get the user ID set through set_uid/resolve_uid.
! 83: *
! 84: * @return currently set user ID
! 85: */
! 86: uid_t (*get_uid)(capabilities_t *this);
! 87:
! 88: /**
! 89: * Get the group ID set through set_gid/resolve_gid.
! 90: *
! 91: * @return currently set group ID
! 92: */
! 93: gid_t (*get_gid)(capabilities_t *this);
! 94:
! 95: /**
! 96: * Set the numerical user ID to use during rights dropping.
! 97: *
! 98: * @param uid user ID to use
! 99: */
! 100: void (*set_uid)(capabilities_t *this, uid_t uid);
! 101:
! 102: /**
! 103: * Set the numerical group ID to use during rights dropping.
! 104: *
! 105: * @param gid group ID to use
! 106: */
! 107: void (*set_gid)(capabilities_t *this, gid_t gid);
! 108:
! 109: /**
! 110: * Resolve a username and set the user ID accordingly.
! 111: *
! 112: * @param username username get the uid for
! 113: * @return TRUE if username resolved and uid set
! 114: */
! 115: bool (*resolve_uid)(capabilities_t *this, char *username);
! 116:
! 117: /**
! 118: * Resolve a groupname and set the group ID accordingly.
! 119: *
! 120: * @param groupname groupname to get the gid for
! 121: * @return TRUE if groupname resolved and gid set
! 122: */
! 123: bool (*resolve_gid)(capabilities_t *this, char *groupname);
! 124:
! 125: /**
! 126: * Drop all capabilities not previously passed to keep(), switch to UID/GID.
! 127: *
! 128: * @return TRUE if capability drop successful
! 129: */
! 130: bool (*drop)(capabilities_t *this);
! 131:
! 132: /**
! 133: * Destroy a capabilities_t.
! 134: */
! 135: void (*destroy)(capabilities_t *this);
! 136: };
! 137:
! 138: /**
! 139: * Create a capabilities instance.
! 140: */
! 141: capabilities_t *capabilities_create();
! 142:
! 143: #endif /** CAPABILITIES_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>