1*0Sstevel@tonic-gate /* 2*0Sstevel@tonic-gate * CDDL HEADER START 3*0Sstevel@tonic-gate * 4*0Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*0Sstevel@tonic-gate * Common Development and Distribution License, Version 1.0 only 6*0Sstevel@tonic-gate * (the "License"). You may not use this file except in compliance 7*0Sstevel@tonic-gate * with the License. 8*0Sstevel@tonic-gate * 9*0Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 10*0Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 11*0Sstevel@tonic-gate * See the License for the specific language governing permissions 12*0Sstevel@tonic-gate * and limitations under the License. 13*0Sstevel@tonic-gate * 14*0Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 15*0Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 16*0Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 17*0Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 18*0Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 19*0Sstevel@tonic-gate * 20*0Sstevel@tonic-gate * CDDL HEADER END 21*0Sstevel@tonic-gate */ 22*0Sstevel@tonic-gate /* 23*0Sstevel@tonic-gate * Copyright 2004 Sun Microsystems, Inc. All rights reserved. 24*0Sstevel@tonic-gate * Use is subject to license terms. 25*0Sstevel@tonic-gate */ 26*0Sstevel@tonic-gate 27*0Sstevel@tonic-gate #ifndef _SYS_PRIV_H 28*0Sstevel@tonic-gate #define _SYS_PRIV_H 29*0Sstevel@tonic-gate 30*0Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" /* from TSOL 8 */ 31*0Sstevel@tonic-gate 32*0Sstevel@tonic-gate #include <sys/types.h> 33*0Sstevel@tonic-gate #include <sys/cred.h> 34*0Sstevel@tonic-gate #include <sys/priv_names.h> 35*0Sstevel@tonic-gate 36*0Sstevel@tonic-gate #ifdef __cplusplus 37*0Sstevel@tonic-gate extern "C" { 38*0Sstevel@tonic-gate #endif 39*0Sstevel@tonic-gate 40*0Sstevel@tonic-gate typedef uint32_t priv_chunk_t; 41*0Sstevel@tonic-gate typedef struct priv_set priv_set_t; 42*0Sstevel@tonic-gate 43*0Sstevel@tonic-gate #ifdef _KERNEL 44*0Sstevel@tonic-gate 45*0Sstevel@tonic-gate /* 46*0Sstevel@tonic-gate * Kernel type definitions. 47*0Sstevel@tonic-gate */ 48*0Sstevel@tonic-gate typedef int priv_ptype_t; 49*0Sstevel@tonic-gate typedef int priv_t; 50*0Sstevel@tonic-gate 51*0Sstevel@tonic-gate #else /* _KERNEL */ 52*0Sstevel@tonic-gate 53*0Sstevel@tonic-gate /* 54*0Sstevel@tonic-gate * Userland type definitions. 55*0Sstevel@tonic-gate */ 56*0Sstevel@tonic-gate 57*0Sstevel@tonic-gate #ifdef __STDC__ 58*0Sstevel@tonic-gate typedef const char *priv_ptype_t; 59*0Sstevel@tonic-gate typedef const char *priv_t; 60*0Sstevel@tonic-gate #else 61*0Sstevel@tonic-gate typedef char *priv_ptype_t; 62*0Sstevel@tonic-gate typedef char *priv_t; 63*0Sstevel@tonic-gate #endif 64*0Sstevel@tonic-gate 65*0Sstevel@tonic-gate #endif /* _KERNEL */ 66*0Sstevel@tonic-gate 67*0Sstevel@tonic-gate /* 68*0Sstevel@tonic-gate * priv_op_t indicates a privilege operation type 69*0Sstevel@tonic-gate */ 70*0Sstevel@tonic-gate typedef enum priv_op { 71*0Sstevel@tonic-gate PRIV_ON, 72*0Sstevel@tonic-gate PRIV_OFF, 73*0Sstevel@tonic-gate PRIV_SET 74*0Sstevel@tonic-gate } priv_op_t; 75*0Sstevel@tonic-gate 76*0Sstevel@tonic-gate /* 77*0Sstevel@tonic-gate * Privilege system call subcodes. 78*0Sstevel@tonic-gate */ 79*0Sstevel@tonic-gate 80*0Sstevel@tonic-gate #define PRIVSYS_SETPPRIV 0 81*0Sstevel@tonic-gate #define PRIVSYS_GETPPRIV 1 82*0Sstevel@tonic-gate #define PRIVSYS_GETIMPLINFO 2 83*0Sstevel@tonic-gate #define PRIVSYS_SETPFLAGS 3 84*0Sstevel@tonic-gate #define PRIVSYS_GETPFLAGS 4 85*0Sstevel@tonic-gate 86*0Sstevel@tonic-gate /* 87*0Sstevel@tonic-gate * Maximum length of a user defined privilege name. 88*0Sstevel@tonic-gate */ 89*0Sstevel@tonic-gate #define PRIVNAME_MAX 32 90*0Sstevel@tonic-gate 91*0Sstevel@tonic-gate /* 92*0Sstevel@tonic-gate * Privilege interface functions for those parts of the kernel that 93*0Sstevel@tonic-gate * know nothing of the privilege internals. 94*0Sstevel@tonic-gate * 95*0Sstevel@tonic-gate * A privilege implementation can have a varying number of sets; sets 96*0Sstevel@tonic-gate * consist of a number of priv_chunk_t's and the size is expressed as such. 97*0Sstevel@tonic-gate * The privileges can be represented as 98*0Sstevel@tonic-gate * 99*0Sstevel@tonic-gate * priv_chunk_t privs[info.priv_nsets][info.priv_setsize] 100*0Sstevel@tonic-gate * ... priv_infosize of extra information ... 101*0Sstevel@tonic-gate * 102*0Sstevel@tonic-gate * Extra data contained in the privilege information consists of chunks 103*0Sstevel@tonic-gate * of data with specified size and type all headed by a priv_info_t header 104*0Sstevel@tonic-gate * which defines both the type of information as well as the size of the 105*0Sstevel@tonic-gate * information. ((char*)&info)+info->priv_info_size should be rounded up 106*0Sstevel@tonic-gate * to point to the next piece of information. 107*0Sstevel@tonic-gate */ 108*0Sstevel@tonic-gate 109*0Sstevel@tonic-gate typedef struct priv_impl_info { 110*0Sstevel@tonic-gate uint32_t priv_headersize; /* sizeof (priv_impl_info) */ 111*0Sstevel@tonic-gate uint32_t priv_flags; /* additional flags */ 112*0Sstevel@tonic-gate uint32_t priv_nsets; /* number of priv sets */ 113*0Sstevel@tonic-gate uint32_t priv_setsize; /* size in priv_chunk_t */ 114*0Sstevel@tonic-gate uint32_t priv_max; /* highest actual valid priv */ 115*0Sstevel@tonic-gate uint32_t priv_infosize; /* Per proc. additional info */ 116*0Sstevel@tonic-gate uint32_t priv_globalinfosize; /* Per system info */ 117*0Sstevel@tonic-gate } priv_impl_info_t; 118*0Sstevel@tonic-gate 119*0Sstevel@tonic-gate #define PRIV_IMPL_INFO_SIZE(p) \ 120*0Sstevel@tonic-gate ((p)->priv_headersize + (p)->priv_globalinfosize) 121*0Sstevel@tonic-gate 122*0Sstevel@tonic-gate #define PRIV_PRPRIV_INFO_OFFSET(p) \ 123*0Sstevel@tonic-gate (sizeof (*(p)) + \ 124*0Sstevel@tonic-gate ((p)->pr_nsets * (p)->pr_setsize - 1) * sizeof (priv_chunk_t)) 125*0Sstevel@tonic-gate 126*0Sstevel@tonic-gate #define PRIV_PRPRIV_SIZE(p) \ 127*0Sstevel@tonic-gate (PRIV_PRPRIV_INFO_OFFSET(p) + (p)->pr_infosize) 128*0Sstevel@tonic-gate 129*0Sstevel@tonic-gate /* 130*0Sstevel@tonic-gate * Per credential flags. 131*0Sstevel@tonic-gate */ 132*0Sstevel@tonic-gate #define PRIV_DEBUG 0x0001 /* User debugging */ 133*0Sstevel@tonic-gate #define PRIV_AWARE 0x0002 /* Is privilege aware */ 134*0Sstevel@tonic-gate #define PRIV_AWARE_INHERIT 0x0004 /* Inherit awareness */ 135*0Sstevel@tonic-gate #define __PROC_PROTECT 0x0008 /* Private */ 136*0Sstevel@tonic-gate #define PRIV_USER (PRIV_DEBUG) /* User settable */ 137*0Sstevel@tonic-gate 138*0Sstevel@tonic-gate /* 139*0Sstevel@tonic-gate * Header of the privilege info data structure; multiple structures can 140*0Sstevel@tonic-gate * follow the privilege sets and priv_impl_info structures. 141*0Sstevel@tonic-gate */ 142*0Sstevel@tonic-gate typedef struct priv_info { 143*0Sstevel@tonic-gate uint32_t priv_info_type; 144*0Sstevel@tonic-gate uint32_t priv_info_size; 145*0Sstevel@tonic-gate } priv_info_t; 146*0Sstevel@tonic-gate 147*0Sstevel@tonic-gate typedef struct priv_info_uint { 148*0Sstevel@tonic-gate priv_info_t info; 149*0Sstevel@tonic-gate uint_t val; 150*0Sstevel@tonic-gate } priv_info_uint_t; 151*0Sstevel@tonic-gate 152*0Sstevel@tonic-gate /* 153*0Sstevel@tonic-gate * Global privilege set information item; the actual size of the array is 154*0Sstevel@tonic-gate * {priv_setsize}. 155*0Sstevel@tonic-gate */ 156*0Sstevel@tonic-gate typedef struct priv_info_set { 157*0Sstevel@tonic-gate priv_info_t info; 158*0Sstevel@tonic-gate priv_chunk_t set[1]; 159*0Sstevel@tonic-gate } priv_info_set_t; 160*0Sstevel@tonic-gate 161*0Sstevel@tonic-gate /* 162*0Sstevel@tonic-gate * names[1] is a place holder which can contain multiple NUL terminated, 163*0Sstevel@tonic-gate * non-empty strings. 164*0Sstevel@tonic-gate */ 165*0Sstevel@tonic-gate 166*0Sstevel@tonic-gate typedef struct priv_info_names { 167*0Sstevel@tonic-gate priv_info_t info; 168*0Sstevel@tonic-gate int cnt; /* number of strings */ 169*0Sstevel@tonic-gate char names[1]; /* "string1\0string2\0 ..stringN\0" */ 170*0Sstevel@tonic-gate } priv_info_names_t; 171*0Sstevel@tonic-gate 172*0Sstevel@tonic-gate /* 173*0Sstevel@tonic-gate * Privilege information types. 174*0Sstevel@tonic-gate */ 175*0Sstevel@tonic-gate #define PRIV_INFO_SETNAMES 0x0001 176*0Sstevel@tonic-gate #define PRIV_INFO_PRIVNAMES 0x0002 177*0Sstevel@tonic-gate #define PRIV_INFO_BASICPRIVS 0x0003 178*0Sstevel@tonic-gate #define PRIV_INFO_FLAGS 0x0004 179*0Sstevel@tonic-gate 180*0Sstevel@tonic-gate /* 181*0Sstevel@tonic-gate * Special "privileges" used to indicate special conditions in privilege 182*0Sstevel@tonic-gate * debugging/tracing code. 183*0Sstevel@tonic-gate */ 184*0Sstevel@tonic-gate #define PRIV_ALL (-1) /* All privileges required */ 185*0Sstevel@tonic-gate #define PRIV_MULTIPLE (-2) /* More than one */ 186*0Sstevel@tonic-gate #define PRIV_NONE (-3) /* No value */ 187*0Sstevel@tonic-gate #define PRIV_ALLZONE (-4) /* All privileges in zone */ 188*0Sstevel@tonic-gate #define PRIV_GLOBAL (-5) /* Must be in global zone */ 189*0Sstevel@tonic-gate 190*0Sstevel@tonic-gate #ifdef _KERNEL 191*0Sstevel@tonic-gate 192*0Sstevel@tonic-gate #define PRIV_ALLOC 0x1 193*0Sstevel@tonic-gate 194*0Sstevel@tonic-gate struct proc; 195*0Sstevel@tonic-gate struct prpriv; 196*0Sstevel@tonic-gate struct cred; 197*0Sstevel@tonic-gate 198*0Sstevel@tonic-gate extern int priv_prgetprivsize(struct prpriv *); 199*0Sstevel@tonic-gate extern void cred2prpriv(const struct cred *, struct prpriv *); 200*0Sstevel@tonic-gate extern int priv_pr_spriv(struct proc *, struct prpriv *, const struct cred *); 201*0Sstevel@tonic-gate 202*0Sstevel@tonic-gate extern priv_impl_info_t *priv_hold_implinfo(void); 203*0Sstevel@tonic-gate extern void priv_release_implinfo(void); 204*0Sstevel@tonic-gate extern size_t priv_get_implinfo_size(void); 205*0Sstevel@tonic-gate extern const priv_set_t *priv_getset(const struct cred *, int); 206*0Sstevel@tonic-gate extern void priv_getinfo(const struct cred *, void *); 207*0Sstevel@tonic-gate extern int priv_getbyname(const char *, uint_t); 208*0Sstevel@tonic-gate extern int priv_getsetbyname(const char *, int); 209*0Sstevel@tonic-gate extern const char *priv_getbynum(int); 210*0Sstevel@tonic-gate extern const char *priv_getsetbynum(int); 211*0Sstevel@tonic-gate 212*0Sstevel@tonic-gate extern void priv_emptyset(priv_set_t *); 213*0Sstevel@tonic-gate extern void priv_fillset(priv_set_t *); 214*0Sstevel@tonic-gate extern void priv_addset(priv_set_t *, int); 215*0Sstevel@tonic-gate extern void priv_delset(priv_set_t *, int); 216*0Sstevel@tonic-gate extern boolean_t priv_ismember(const priv_set_t *, int); 217*0Sstevel@tonic-gate extern boolean_t priv_isemptyset(const priv_set_t *); 218*0Sstevel@tonic-gate extern boolean_t priv_isfullset(const priv_set_t *); 219*0Sstevel@tonic-gate extern boolean_t priv_isequalset(const priv_set_t *, const priv_set_t *); 220*0Sstevel@tonic-gate extern boolean_t priv_issubset(const priv_set_t *, const priv_set_t *); 221*0Sstevel@tonic-gate extern int priv_proc_cred_perm(const struct cred *, struct proc *, 222*0Sstevel@tonic-gate struct cred **, int); 223*0Sstevel@tonic-gate extern void priv_intersect(const priv_set_t *, priv_set_t *); 224*0Sstevel@tonic-gate extern void priv_union(const priv_set_t *, priv_set_t *); 225*0Sstevel@tonic-gate extern void priv_inverse(priv_set_t *); 226*0Sstevel@tonic-gate 227*0Sstevel@tonic-gate extern void priv_set_PA(cred_t *); 228*0Sstevel@tonic-gate extern void priv_adjust_PA(cred_t *); 229*0Sstevel@tonic-gate extern boolean_t priv_can_clear_PA(const cred_t *); 230*0Sstevel@tonic-gate 231*0Sstevel@tonic-gate #endif /* _KERNEL */ 232*0Sstevel@tonic-gate 233*0Sstevel@tonic-gate #ifdef __cplusplus 234*0Sstevel@tonic-gate } 235*0Sstevel@tonic-gate #endif 236*0Sstevel@tonic-gate 237*0Sstevel@tonic-gate #endif /* _SYS_PRIV_H */ 238