Annotation of embedaddon/strongswan/src/libstrongswan/utils/capabilities.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2013 Tobias Brunner
3: * HSR Hochschule fuer Technik Rapperswil
4: * Copyright (C) 2012 Martin Willi
5: * Copyright (C) 2012 revosec AG
6: *
7: * This program is free software; you can redistribute it and/or modify it
8: * under the terms of the GNU General Public License as published by the
9: * Free Software Foundation; either version 2 of the License, or (at your
10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11: *
12: * This program is distributed in the hope that it will be useful, but
13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15: * for more details.
16: */
17:
18: /**
19: * @defgroup capabilities capabilities
20: * @{ @ingroup utils
21: */
22:
23: #ifndef CAPABILITIES_H_
24: #define CAPABILITIES_H_
25:
26: typedef struct capabilities_t capabilities_t;
27:
28: #include <library.h>
29: #ifdef HAVE_SYS_CAPABILITY_H
30: # include <sys/capability.h>
31: #elif defined(CAPABILITIES_NATIVE)
32: # include <linux/capability.h>
33: #endif
34:
35: #ifndef CAP_CHOWN
36: # define CAP_CHOWN 0
37: #endif
38: #ifndef CAP_NET_BIND_SERVICE
39: # define CAP_NET_BIND_SERVICE 10
40: #endif
41: #ifndef CAP_NET_ADMIN
42: # define CAP_NET_ADMIN 12
43: #endif
44: #ifndef CAP_NET_RAW
45: # define CAP_NET_RAW 13
46: #endif
47: #ifndef CAP_DAC_OVERRIDE
48: # define CAP_DAC_OVERRIDE 1
49: #endif
50: #ifndef CAP_SETPCAP
51: # define CAP_SETPCAP 8
52: #endif
53:
54: /**
55: * POSIX capability dropping abstraction layer.
56: */
57: struct capabilities_t {
58:
59: /**
60: * Register a capability to keep while calling drop(). Verifies that the
61: * capability is currently held.
62: *
63: * @note CAP_CHOWN is handled specially as it might not be required.
64: *
65: * @param cap capability to keep
66: * @return FALSE if the capability is currently not held
67: */
68: bool (*keep)(capabilities_t *this,
69: u_int cap) __attribute__((warn_unused_result));
70:
71: /**
72: * Check if the given capability is currently held.
73: *
74: * @note CAP_CHOWN is handled specially as it might not be required.
75: *
76: * @param cap capability to check
77: * @return TRUE if the capability is currently held
78: */
79: bool (*check)(capabilities_t *this, u_int cap);
80:
81: /**
82: * Get the user ID set through set_uid/resolve_uid.
83: *
84: * @return currently set user ID
85: */
86: uid_t (*get_uid)(capabilities_t *this);
87:
88: /**
89: * Get the group ID set through set_gid/resolve_gid.
90: *
91: * @return currently set group ID
92: */
93: gid_t (*get_gid)(capabilities_t *this);
94:
95: /**
96: * Set the numerical user ID to use during rights dropping.
97: *
98: * @param uid user ID to use
99: */
100: void (*set_uid)(capabilities_t *this, uid_t uid);
101:
102: /**
103: * Set the numerical group ID to use during rights dropping.
104: *
105: * @param gid group ID to use
106: */
107: void (*set_gid)(capabilities_t *this, gid_t gid);
108:
109: /**
110: * Resolve a username and set the user ID accordingly.
111: *
112: * @param username username get the uid for
113: * @return TRUE if username resolved and uid set
114: */
115: bool (*resolve_uid)(capabilities_t *this, char *username);
116:
117: /**
118: * Resolve a groupname and set the group ID accordingly.
119: *
120: * @param groupname groupname to get the gid for
121: * @return TRUE if groupname resolved and gid set
122: */
123: bool (*resolve_gid)(capabilities_t *this, char *groupname);
124:
125: /**
126: * Drop all capabilities not previously passed to keep(), switch to UID/GID.
127: *
128: * @return TRUE if capability drop successful
129: */
130: bool (*drop)(capabilities_t *this);
131:
132: /**
133: * Destroy a capabilities_t.
134: */
135: void (*destroy)(capabilities_t *this);
136: };
137:
138: /**
139: * Create a capabilities instance.
140: */
141: capabilities_t *capabilities_create();
142:
143: #endif /** CAPABILITIES_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>