10Sstevel@tonic-gate /* 20Sstevel@tonic-gate * CDDL HEADER START 30Sstevel@tonic-gate * 40Sstevel@tonic-gate * The contents of this file are subject to the terms of the 51059Scasper * Common Development and Distribution License (the "License"). 61059Scasper * You may not use this file except in compliance with the License. 70Sstevel@tonic-gate * 80Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 90Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 100Sstevel@tonic-gate * See the License for the specific language governing permissions 110Sstevel@tonic-gate * and limitations under the License. 120Sstevel@tonic-gate * 130Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 140Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 150Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 160Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 170Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 180Sstevel@tonic-gate * 190Sstevel@tonic-gate * CDDL HEADER END 200Sstevel@tonic-gate */ 21*3864Sraf 220Sstevel@tonic-gate /* 23*3864Sraf * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 240Sstevel@tonic-gate * Use is subject to license terms. 250Sstevel@tonic-gate */ 260Sstevel@tonic-gate 270Sstevel@tonic-gate #ifndef _PRIV_PRIVATE_H 280Sstevel@tonic-gate #define _PRIV_PRIVATE_H 290Sstevel@tonic-gate 300Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 310Sstevel@tonic-gate 320Sstevel@tonic-gate #include <sys/types.h> 330Sstevel@tonic-gate #include <sys/priv.h> 340Sstevel@tonic-gate #include <limits.h> 350Sstevel@tonic-gate 360Sstevel@tonic-gate /* 370Sstevel@tonic-gate * Libc private privilege data. 380Sstevel@tonic-gate */ 390Sstevel@tonic-gate 400Sstevel@tonic-gate #ifdef __cplusplus 410Sstevel@tonic-gate extern "C" { 420Sstevel@tonic-gate #endif 430Sstevel@tonic-gate 44*3864Sraf #define LOADPRIVDATA(d) d = __priv_getdata() 45*3864Sraf #define GETPRIVDATA() __priv_getdata() 460Sstevel@tonic-gate #define LOCKPRIVDATA() { \ 471059Scasper /* Data already allocated */ \ 481059Scasper (void) lock_data(); \ 490Sstevel@tonic-gate (void) refresh_data(); \ 500Sstevel@tonic-gate } 510Sstevel@tonic-gate #define UNLOCKPRIVDATA() unlock_data() 520Sstevel@tonic-gate #define WITHPRIVLOCKED(t, b, x) { \ 530Sstevel@tonic-gate t __result; \ 541059Scasper if (lock_data() != 0) \ 551059Scasper return (b); \ 560Sstevel@tonic-gate __result = (x); \ 570Sstevel@tonic-gate if (__result == (b) && refresh_data()) \ 580Sstevel@tonic-gate __result = (x); \ 590Sstevel@tonic-gate unlock_data(); \ 600Sstevel@tonic-gate return (__result); \ 610Sstevel@tonic-gate } 620Sstevel@tonic-gate 630Sstevel@tonic-gate /* 640Sstevel@tonic-gate * Privilege mask macros. 650Sstevel@tonic-gate */ 660Sstevel@tonic-gate #define __NBWRD (CHAR_BIT * sizeof (priv_chunk_t)) 670Sstevel@tonic-gate #define privmask(n) (1 << ((__NBWRD - 1) - ((n) % __NBWRD))) 680Sstevel@tonic-gate #define privword(n) ((n)/__NBWRD) 690Sstevel@tonic-gate 700Sstevel@tonic-gate /* 710Sstevel@tonic-gate * Same as the functions, but for numeric privileges. 720Sstevel@tonic-gate */ 730Sstevel@tonic-gate #define PRIV_ADDSET(a, p) ((priv_chunk_t *)(a))[privword(p)] |= \ 740Sstevel@tonic-gate privmask(p) 750Sstevel@tonic-gate #define PRIV_DELSET(a, p) ((priv_chunk_t *)(a))[privword(p)] &= \ 760Sstevel@tonic-gate ~privmask(p) 770Sstevel@tonic-gate #define PRIV_ISMEMBER(a, p) ((((priv_chunk_t *)(a))[privword(p)] & \ 780Sstevel@tonic-gate privmask(p)) != 0) 790Sstevel@tonic-gate 800Sstevel@tonic-gate /* 810Sstevel@tonic-gate * The structure is static except for the setsort, privnames and nprivs 820Sstevel@tonic-gate * field. The pinfo structure initially has sufficient room and the kernel 830Sstevel@tonic-gate * guarantees no offset changes so we can copy a new structure on top of it. 840Sstevel@tonic-gate * The locking stratgegy is this: we lock it when we need to reference any 850Sstevel@tonic-gate * of the volatile fields. 860Sstevel@tonic-gate */ 870Sstevel@tonic-gate typedef struct priv_data { 880Sstevel@tonic-gate size_t pd_setsize; /* In bytes */ 890Sstevel@tonic-gate int pd_nsets, pd_nprivs; 900Sstevel@tonic-gate uint32_t pd_ucredsize; 910Sstevel@tonic-gate char **pd_setnames; 920Sstevel@tonic-gate char **pd_privnames; 930Sstevel@tonic-gate int *pd_setsort; 940Sstevel@tonic-gate priv_impl_info_t *pd_pinfo; 950Sstevel@tonic-gate priv_set_t *pd_basicset; 960Sstevel@tonic-gate priv_set_t *pd_zoneset; 970Sstevel@tonic-gate } priv_data_t; 980Sstevel@tonic-gate 990Sstevel@tonic-gate extern priv_data_t *__priv_getdata(void); 1000Sstevel@tonic-gate extern priv_data_t *__priv_parse_info(priv_impl_info_t *); 1010Sstevel@tonic-gate extern void __priv_free_info(priv_data_t *); 1020Sstevel@tonic-gate extern priv_data_t *privdata; 1030Sstevel@tonic-gate 1041059Scasper extern int lock_data(void); 1050Sstevel@tonic-gate extern boolean_t refresh_data(void); 1060Sstevel@tonic-gate extern void unlock_data(void); 1070Sstevel@tonic-gate 1080Sstevel@tonic-gate extern boolean_t __priv_isemptyset(priv_data_t *, const priv_set_t *); 1090Sstevel@tonic-gate extern boolean_t __priv_isfullset(priv_data_t *, const priv_set_t *); 1100Sstevel@tonic-gate extern boolean_t __priv_issubset(priv_data_t *, const priv_set_t *, 1110Sstevel@tonic-gate const priv_set_t *); 1120Sstevel@tonic-gate extern const char *__priv_getbynum(const priv_data_t *, int); 1130Sstevel@tonic-gate 1140Sstevel@tonic-gate extern int getprivinfo(priv_impl_info_t *, size_t); 1150Sstevel@tonic-gate 1160Sstevel@tonic-gate extern priv_set_t *priv_basic(void); 1170Sstevel@tonic-gate 1180Sstevel@tonic-gate #ifdef __cplusplus 1190Sstevel@tonic-gate } 1200Sstevel@tonic-gate #endif 1210Sstevel@tonic-gate 1220Sstevel@tonic-gate #endif /* _PRIV_PRIVATE_H */ 123