release/src/router/vsftpd/secutil.h

   1 #ifndef VSF_SECUTIL_H
   2 #define VSF_SECUTIL_H
   3
   4 struct mystr;
   5
   6 /* vsf_secutil_change_credentials()
   7  * PURPOSE
   8  * This function securely switches process credentials to the user specified.
   9  * There are options to enter a chroot() jail, and supplementary groups may
  10  * or may not be activated.
  11  * PARAMETERS
  12  * p_user_str     - the name of the user to become
  13  * p_dir_str      - the directory to chdir() and possibly chroot() to.
  14  *                  (if NULL, the user's home directory is used)
  15  * p_ext_dir_str  - the directory to chdir() and possibly chroot() to,
  16  *                  applied in addition to the directory calculated by
  17  *                  p_user_str and p_dir_str.
  18  * caps           - bitmap of capabilities to adopt. NOTE, if the underlying
  19  *                  OS does not support capabilities as a non-root user, and
  20  *                  the capability bitset is non-empty, then root privileges
  21  *                  will have to be retained.
  22  * options        - see bitmask definitions below
  23  */
  24
  25 /* chroot() the user into the new directory */
  26 #define VSF_SECUTIL_OPTION_CHROOT       1
  27 /* Activate any supplementary groups the user may have */
  28 #define VSF_SECUTIL_OPTION_USE_GROUPS   2
  29 /* Do the chdir() as the effective userid of the target user */
  30 #define VSF_SECUTIL_OPTION_CHANGE_EUID  4
  31
  32 void vsf_secutil_change_credentials(const struct mystr* p_user_str,
  33                                     const struct mystr* p_dir_str,
  34                                     const struct mystr* p_ext_dir_str,
  35                                     unsigned int caps, unsigned int options);
  36 #endif /* VSF_SECUTIL_H */
  37