Merge remote-tracking branch 'origin/master'
[unleashed/lotheac.git] / include / priv_utils.h
blobf32b81791c90b1e5323ba18dbd85f4497bf6be08
1 /*
2 * CDDL HEADER START
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License, Version 1.0 only
6 * (the "License"). You may not use this file except in compliance
7 * with the License.
9 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 * or http://www.opensolaris.org/os/licensing.
11 * See the License for the specific language governing permissions
12 * and limitations under the License.
14 * When distributing Covered Code, include this CDDL HEADER in each
15 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 * If applicable, add the following below this CDDL HEADER, with the
17 * fields enclosed by brackets "[]" replaced with your own identifying
18 * information: Portions Copyright [yyyy] [name of copyright owner]
20 * CDDL HEADER END
23 * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
26 * This is a private header file. The interfaces in this header are
27 * subject to change or removal without notice.
28 * The Sun classification is "Project Private".
31 #ifndef _PRIV_UTILS_H
32 #define _PRIV_UTILS_H
34 #pragma ident "%Z%%M% %I% %E% SMI"
36 #include <priv.h>
39 #ifdef __cplusplus
40 extern "C" {
41 #endif
43 #define PU_RESETGROUPS 0x0001 /* Remove supplemental groups */
44 #define PU_LIMITPRIVS 0x0002 /* L=P */
45 #define PU_INHERITPRIVS 0x0004 /* I=P */
46 #define PU_CLEARLIMITSET 0x0008 /* L=0 */
49 * Should be run at the start of a set-uid root program;
50 * if the effective uid == 0 and the real uid != 0,
51 * the specified privileges X are assigned as follows:
53 * P = I + X + B (B added insofar allowable from L)
54 * E = I
55 * (i.e., the requested privileges are dormant, not active)
56 * Then resets all uids to the invoking uid; no-op if euid == uid == 0.
58 * flags: PU_LIMITPRIVS, PU_CLEARLIMITSET, PU_CLEARINHERITABLE
60 * Caches the required privileges for use by __priv_bracket().
63 extern int __init_suid_priv(int, ...);
66 * After calling __init_suid_priv we can __priv_bracket(PRIV_ON) and
67 * __priv_bracket(PRIV_OFF) and __priv_relinquish to get rid of the
68 * privileges forever.
70 extern int __priv_bracket(priv_op_t);
71 extern void __priv_relinquish(void);
74 * Runs at the start of a daemon, assuming euid=uid=0.
76 * P = E = B + X
78 * Then resets uids.
80 * Flags: all
83 extern int __init_daemon_priv(int, uid_t, gid_t, ...);
86 * Runs after the daemon is initialized, and gives up the privileges
87 * passed in as argument because they are no longer needed.
88 * Reenables core dumps.
90 extern void __fini_daemon_priv(const char *, ...);
92 #ifdef __cplusplus
94 #endif
96 #endif /* _PRIV_UTILS_H */