xref: /onnv-gate/usr/src/lib/libtsol/common/privlib.c (revision 1676:37f4a3e2bd99)
1*1676Sjpk /*
2*1676Sjpk  * CDDL HEADER START
3*1676Sjpk  *
4*1676Sjpk  * The contents of this file are subject to the terms of the
5*1676Sjpk  * Common Development and Distribution License (the "License").
6*1676Sjpk  * You may not use this file except in compliance with the License.
7*1676Sjpk  *
8*1676Sjpk  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9*1676Sjpk  * or http://www.opensolaris.org/os/licensing.
10*1676Sjpk  * See the License for the specific language governing permissions
11*1676Sjpk  * and limitations under the License.
12*1676Sjpk  *
13*1676Sjpk  * When distributing Covered Code, include this CDDL HEADER in each
14*1676Sjpk  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15*1676Sjpk  * If applicable, add the following below this CDDL HEADER, with the
16*1676Sjpk  * fields enclosed by brackets "[]" replaced with your own identifying
17*1676Sjpk  * information: Portions Copyright [yyyy] [name of copyright owner]
18*1676Sjpk  *
19*1676Sjpk  * CDDL HEADER END
20*1676Sjpk  */
21*1676Sjpk /*
22*1676Sjpk  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23*1676Sjpk  * Use is subject to license terms.
24*1676Sjpk  */
25*1676Sjpk 
26*1676Sjpk #pragma ident	"%Z%%M%	%I%	%E% SMI"
27*1676Sjpk 
28*1676Sjpk #include 	<errno.h>
29*1676Sjpk #include 	<priv.h>
30*1676Sjpk #include 	<sys/tsol/priv.h>
31*1676Sjpk #include 	<sys/varargs.h>
32*1676Sjpk 
33*1676Sjpk /*
34*1676Sjpk  * set_effective_priv(op, num_priv, priv_id1, priv_id2, ... )
35*1676Sjpk  *
36*1676Sjpk  * Library routine to enable a user process to set its effective
37*1676Sjpk  * privilege set appropriately using a single call.  User is
38*1676Sjpk  * required to specify the number of privilege ids that follow as
39*1676Sjpk  * arguments, rather than depending on the compiler to terminate
40*1676Sjpk  * the argument list with a NULL, which may be compiler-dependent.
41*1676Sjpk  */
42*1676Sjpk int
set_effective_priv(priv_op_t op,int num_priv,...)43*1676Sjpk set_effective_priv(priv_op_t op, int num_priv, ...)
44*1676Sjpk {
45*1676Sjpk 	priv_set_t *priv_set;
46*1676Sjpk 	priv_t priv_id;
47*1676Sjpk 	va_list ap;
48*1676Sjpk 	int	status;
49*1676Sjpk 
50*1676Sjpk 	priv_set = priv_allocset();
51*1676Sjpk 	PRIV_EMPTY(priv_set);
52*1676Sjpk 
53*1676Sjpk 	va_start(ap, num_priv);
54*1676Sjpk 	while (num_priv--) {
55*1676Sjpk 		char	*priv_name;
56*1676Sjpk 		/*
57*1676Sjpk 		 * Do sanity checking on priv_id's here to assure
58*1676Sjpk 		 * valid inputs to privilege macros.  This checks
59*1676Sjpk 		 * num_priv argument as well.
60*1676Sjpk 		 */
61*1676Sjpk 		priv_id = va_arg(ap, priv_t);
62*1676Sjpk 		priv_name = (char *)priv_getbynum((int)(uintptr_t)priv_id);
63*1676Sjpk 		if (priv_name == NULL) {
64*1676Sjpk 			errno = EINVAL;
65*1676Sjpk 			priv_freeset(priv_set);
66*1676Sjpk 			return (-1);
67*1676Sjpk 		}
68*1676Sjpk 		(void) priv_addset(priv_set, priv_name);
69*1676Sjpk 	}
70*1676Sjpk 	va_end(ap);
71*1676Sjpk 
72*1676Sjpk 	/*
73*1676Sjpk 	 * Depend on system call to do sanity checking on "op"
74*1676Sjpk 	 */
75*1676Sjpk 	status = setppriv(op, PRIV_EFFECTIVE, priv_set);
76*1676Sjpk 	priv_freeset(priv_set);
77*1676Sjpk 	return (status);
78*1676Sjpk 
79*1676Sjpk } /* set_effective_priv() */
80*1676Sjpk 
81*1676Sjpk 
82*1676Sjpk 
83*1676Sjpk 
84*1676Sjpk /*
85*1676Sjpk  * set_inheritable_priv(op, num_priv, priv_id1, priv_id2, ... )
86*1676Sjpk  *
87*1676Sjpk  * Library routine to enable a user process to set its inheritable
88*1676Sjpk  * privilege set appropriately using a single call.  User is
89*1676Sjpk  * required to specify the number of privilege ids that follow as
90*1676Sjpk  * arguments, rather than depending on the compiler to terminate
91*1676Sjpk  * the argument list with a NULL, which may be compiler-dependent.
92*1676Sjpk  */
93*1676Sjpk int
set_inheritable_priv(priv_op_t op,int num_priv,...)94*1676Sjpk set_inheritable_priv(priv_op_t op, int num_priv, ...)
95*1676Sjpk {
96*1676Sjpk 	priv_set_t *priv_set;
97*1676Sjpk 	priv_t priv_id;
98*1676Sjpk 	va_list ap;
99*1676Sjpk 	int	status;
100*1676Sjpk 
101*1676Sjpk 	priv_set = priv_allocset();
102*1676Sjpk 
103*1676Sjpk 	PRIV_EMPTY(priv_set);
104*1676Sjpk 
105*1676Sjpk 	va_start(ap, num_priv);
106*1676Sjpk 	while (num_priv--) {
107*1676Sjpk 		/*
108*1676Sjpk 		 * Do sanity checking on priv_id's here to assure
109*1676Sjpk 		 * valid inputs to privilege macros.  This checks
110*1676Sjpk 		 * num_priv argument as well.
111*1676Sjpk 		 */
112*1676Sjpk 		priv_id = va_arg(ap, priv_t);
113*1676Sjpk 		if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
114*1676Sjpk 			errno = EINVAL;
115*1676Sjpk 			priv_freeset(priv_set);
116*1676Sjpk 			return (-1);
117*1676Sjpk 		}
118*1676Sjpk 		(void) PRIV_ASSERT(priv_set, priv_id);
119*1676Sjpk 	}
120*1676Sjpk 	va_end(ap);
121*1676Sjpk 
122*1676Sjpk 	/*
123*1676Sjpk 	 * Depend on system call to do sanity checking on "op"
124*1676Sjpk 	 */
125*1676Sjpk 	status = setppriv(op, PRIV_INHERITABLE, priv_set);
126*1676Sjpk 	priv_freeset(priv_set);
127*1676Sjpk 	return (status);
128*1676Sjpk 
129*1676Sjpk } /* set_inheritable_priv() */
130*1676Sjpk 
131*1676Sjpk 
132*1676Sjpk 
133*1676Sjpk 
134*1676Sjpk /*
135*1676Sjpk  * set_permitted_priv(op, num_priv, priv_id1, priv_id2, ... )
136*1676Sjpk  *
137*1676Sjpk  * Library routine to enable a user process to set its permitted
138*1676Sjpk  * privilege set appropriately using a single call.  User is
139*1676Sjpk  * required to specify the number of privilege ids that follow as
140*1676Sjpk  * arguments, rather than depending on the compiler to terminate
141*1676Sjpk  * the argument list with a NULL, which may be compiler-dependent.
142*1676Sjpk  */
143*1676Sjpk int
set_permitted_priv(priv_op_t op,int num_priv,...)144*1676Sjpk set_permitted_priv(priv_op_t op, int num_priv, ...)
145*1676Sjpk {
146*1676Sjpk 	priv_set_t *priv_set;
147*1676Sjpk 	priv_t priv_id;
148*1676Sjpk 	va_list ap;
149*1676Sjpk 	int	status;
150*1676Sjpk 
151*1676Sjpk 	priv_set = priv_allocset();
152*1676Sjpk 
153*1676Sjpk 	PRIV_EMPTY(priv_set);
154*1676Sjpk 
155*1676Sjpk 	va_start(ap, num_priv);
156*1676Sjpk 	while (num_priv--) {
157*1676Sjpk 		/*
158*1676Sjpk 		 * Do sanity checking on priv_id's here to assure
159*1676Sjpk 		 * valid inputs to privilege macros.  This checks
160*1676Sjpk 		 * num_priv argument as well.
161*1676Sjpk 		 */
162*1676Sjpk 		priv_id = va_arg(ap, priv_t);
163*1676Sjpk 		if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
164*1676Sjpk 			errno = EINVAL;
165*1676Sjpk 			priv_freeset(priv_set);
166*1676Sjpk 			return (-1);
167*1676Sjpk 		}
168*1676Sjpk 		(void) PRIV_ASSERT(priv_set, priv_id);
169*1676Sjpk 	}
170*1676Sjpk 	va_end(ap);
171*1676Sjpk 
172*1676Sjpk 	/*
173*1676Sjpk 	 * Depend on system call to do sanity checking on "op"
174*1676Sjpk 	 */
175*1676Sjpk 	status = setppriv(op, PRIV_PERMITTED, priv_set);
176*1676Sjpk 	priv_freeset(priv_set);
177*1676Sjpk 	return (status);
178*1676Sjpk 
179*1676Sjpk } /* set_permitted_priv() */
180