usr/src/lib/libtsol/common/privlib.c - illumos-gate - Gitiles

 /*
  * CDDL HEADER START
  *
  * The contents of this file are subject to the terms of the
  * Common Development and Distribution License (the "License").
  * You may not use this file except in compliance with the License.
  *
  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  * or http://www.opensolaris.org/os/licensing.
  * See the License for the specific language governing permissions
  * and limitations under the License.
  *
  * When distributing Covered Code, include this CDDL HEADER in each
  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  * If applicable, add the following below this CDDL HEADER, with the
  * fields enclosed by brackets "[]" replaced with your own identifying
  * information: Portions Copyright [yyyy] [name of copyright owner]
  *
  * CDDL HEADER END
  */
 /*
  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */

 #pragma ident	"%Z%%M%	%I%	%E% SMI"

 #include 	<errno.h>
 #include 	<priv.h>
 #include 	<sys/tsol/priv.h>
 #include 	<sys/varargs.h>

 /*
  * set_effective_priv(op, num_priv, priv_id1, priv_id2, ... )
  *
  * Library routine to enable a user process to set its effective
  * privilege set appropriately using a single call.  User is
  * required to specify the number of privilege ids that follow as
  * arguments, rather than depending on the compiler to terminate
  * the argument list with a NULL, which may be compiler-dependent.
  */
 int
 set_effective_priv(priv_op_t op, int num_priv, ...)
 {
 	priv_set_t *priv_set;
 	priv_t priv_id;
 	va_list ap;
 	int	status;

 	priv_set = priv_allocset();
 	PRIV_EMPTY(priv_set);

 	va_start(ap, num_priv);
 	while (num_priv--) {
 		char	*priv_name;
 		/*
 		 * Do sanity checking on priv_id's here to assure
 		 * valid inputs to privilege macros.  This checks
 		 * num_priv argument as well.
 		 */
 		priv_id = va_arg(ap, priv_t);
 		priv_name = (char *)priv_getbynum((int)(uintptr_t)priv_id);
 		if (priv_name == NULL) {
 			errno = EINVAL;
 			priv_freeset(priv_set);
 			return (-1);
 		}
 		(void) priv_addset(priv_set, priv_name);
 	}
 	va_end(ap);

 	/*
 	 * Depend on system call to do sanity checking on "op"
 	 */
 	status = setppriv(op, PRIV_EFFECTIVE, priv_set);
 	priv_freeset(priv_set);
 	return (status);

 } /* set_effective_priv() */


 /*
  * set_inheritable_priv(op, num_priv, priv_id1, priv_id2, ... )
  *
  * Library routine to enable a user process to set its inheritable
  * privilege set appropriately using a single call.  User is
  * required to specify the number of privilege ids that follow as
  * arguments, rather than depending on the compiler to terminate
  * the argument list with a NULL, which may be compiler-dependent.
  */
 int
 set_inheritable_priv(priv_op_t op, int num_priv, ...)
 {
 	priv_set_t *priv_set;
 	priv_t priv_id;
 	va_list ap;
 	int	status;

 	priv_set = priv_allocset();

 	PRIV_EMPTY(priv_set);

 	va_start(ap, num_priv);
 	while (num_priv--) {
 		/*
 		 * Do sanity checking on priv_id's here to assure
 		 * valid inputs to privilege macros.  This checks
 		 * num_priv argument as well.
 		 */
 		priv_id = va_arg(ap, priv_t);
 		if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
 			errno = EINVAL;
 			priv_freeset(priv_set);
 			return (-1);
 		}
 		(void) PRIV_ASSERT(priv_set, priv_id);
 	}
 	va_end(ap);

 	/*
 	 * Depend on system call to do sanity checking on "op"
 	 */
 	status = setppriv(op, PRIV_INHERITABLE, priv_set);
 	priv_freeset(priv_set);
 	return (status);

 } /* set_inheritable_priv() */


 /*
  * set_permitted_priv(op, num_priv, priv_id1, priv_id2, ... )
  *
  * Library routine to enable a user process to set its permitted
  * privilege set appropriately using a single call.  User is
  * required to specify the number of privilege ids that follow as
  * arguments, rather than depending on the compiler to terminate
  * the argument list with a NULL, which may be compiler-dependent.
  */
 int
 set_permitted_priv(priv_op_t op, int num_priv, ...)
 {
 	priv_set_t *priv_set;
 	priv_t priv_id;
 	va_list ap;
 	int	status;

 	priv_set = priv_allocset();

 	PRIV_EMPTY(priv_set);

 	va_start(ap, num_priv);
 	while (num_priv--) {
 		/*
 		 * Do sanity checking on priv_id's here to assure
 		 * valid inputs to privilege macros.  This checks
 		 * num_priv argument as well.
 		 */
 		priv_id = va_arg(ap, priv_t);
 		if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
 			errno = EINVAL;
 			priv_freeset(priv_set);
 			return (-1);
 		}
 		(void) PRIV_ASSERT(priv_set, priv_id);
 	}
 	va_end(ap);

 	/*
 	 * Depend on system call to do sanity checking on "op"
 	 */
 	status = setppriv(op, PRIV_PERMITTED, priv_set);
 	priv_freeset(priv_set);
 	return (status);

 } /* set_permitted_priv() */
	/*
	* CDDL HEADER START
	*
	* The contents of this file are subject to the terms of the
	* Common Development and Distribution License (the "License").
	* You may not use this file except in compliance with the License.
	*
	* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
	* or http://www.opensolaris.org/os/licensing.
	* See the License for the specific language governing permissions
	* and limitations under the License.
	*
	* When distributing Covered Code, include this CDDL HEADER in each
	* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
	* If applicable, add the following below this CDDL HEADER, with the
	* fields enclosed by brackets "[]" replaced with your own identifying
	* information: Portions Copyright [yyyy] [name of copyright owner]
	*
	* CDDL HEADER END
	*/
	/*
	* Copyright 2006 Sun Microsystems, Inc. All rights reserved.
	* Use is subject to license terms.
	*/

	#pragma ident "%Z%%M% %I% %E% SMI"

	#include <errno.h>
	#include <priv.h>
	#include <sys/tsol/priv.h>
	#include <sys/varargs.h>

	/*
	* set_effective_priv(op, num_priv, priv_id1, priv_id2, ... )
	*
	* Library routine to enable a user process to set its effective
	* privilege set appropriately using a single call. User is
	* required to specify the number of privilege ids that follow as
	* arguments, rather than depending on the compiler to terminate
	* the argument list with a NULL, which may be compiler-dependent.
	*/
	int
	set_effective_priv(priv_op_t op, int num_priv, ...)
	{
	priv_set_t *priv_set;
	priv_t priv_id;
	va_list ap;
	int status;

	priv_set = priv_allocset();
	PRIV_EMPTY(priv_set);

	va_start(ap, num_priv);
	while (num_priv--) {
	char *priv_name;
	/*
	* Do sanity checking on priv_id's here to assure
	* valid inputs to privilege macros. This checks
	* num_priv argument as well.
	*/
	priv_id = va_arg(ap, priv_t);
	priv_name = (char *)priv_getbynum((int)(uintptr_t)priv_id);
	if (priv_name == NULL) {
	errno = EINVAL;
	priv_freeset(priv_set);
	return (-1);
	}
	(void) priv_addset(priv_set, priv_name);
	}
	va_end(ap);

	/*
	* Depend on system call to do sanity checking on "op"
	*/
	status = setppriv(op, PRIV_EFFECTIVE, priv_set);
	priv_freeset(priv_set);
	return (status);

	} /* set_effective_priv() */




	/*
	* set_inheritable_priv(op, num_priv, priv_id1, priv_id2, ... )
	*
	* Library routine to enable a user process to set its inheritable
	* privilege set appropriately using a single call. User is
	* required to specify the number of privilege ids that follow as
	* arguments, rather than depending on the compiler to terminate
	* the argument list with a NULL, which may be compiler-dependent.
	*/
	int
	set_inheritable_priv(priv_op_t op, int num_priv, ...)
	{
	priv_set_t *priv_set;
	priv_t priv_id;
	va_list ap;
	int status;

	priv_set = priv_allocset();

	PRIV_EMPTY(priv_set);

	va_start(ap, num_priv);
	while (num_priv--) {
	/*
	* Do sanity checking on priv_id's here to assure
	* valid inputs to privilege macros. This checks
	* num_priv argument as well.
	*/
	priv_id = va_arg(ap, priv_t);
	if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
	errno = EINVAL;
	priv_freeset(priv_set);
	return (-1);
	}
	(void) PRIV_ASSERT(priv_set, priv_id);
	}
	va_end(ap);

	/*
	* Depend on system call to do sanity checking on "op"
	*/
	status = setppriv(op, PRIV_INHERITABLE, priv_set);
	priv_freeset(priv_set);
	return (status);

	} /* set_inheritable_priv() */




	/*
	* set_permitted_priv(op, num_priv, priv_id1, priv_id2, ... )
	*
	* Library routine to enable a user process to set its permitted
	* privilege set appropriately using a single call. User is
	* required to specify the number of privilege ids that follow as
	* arguments, rather than depending on the compiler to terminate
	* the argument list with a NULL, which may be compiler-dependent.
	*/
	int
	set_permitted_priv(priv_op_t op, int num_priv, ...)
	{
	priv_set_t *priv_set;
	priv_t priv_id;
	va_list ap;
	int status;

	priv_set = priv_allocset();

	PRIV_EMPTY(priv_set);

	va_start(ap, num_priv);
	while (num_priv--) {
	/*
	* Do sanity checking on priv_id's here to assure
	* valid inputs to privilege macros. This checks
	* num_priv argument as well.
	*/
	priv_id = va_arg(ap, priv_t);
	if ((char *)priv_getbynum((int)(uintptr_t)priv_id) == NULL) {
	errno = EINVAL;
	priv_freeset(priv_set);
	return (-1);
	}
	(void) PRIV_ASSERT(priv_set, priv_id);
	}
	va_end(ap);

	/*
	* Depend on system call to do sanity checking on "op"
	*/
	status = setppriv(op, PRIV_PERMITTED, priv_set);
	priv_freeset(priv_set);
	return (status);

	} /* set_permitted_priv() */