1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2014 Garrett D'Amore <garrett@damore.org>
*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#ifndef _EXEC_ATTR_H
#define _EXEC_ATTR_H
#ifdef __cplusplus
extern "C" {
#endif
#include <sys/types.h>
#include <secdb.h>
#define EXECATTR_FILENAME "/etc/security/exec_attr"
#define EXECATTR_DB_NAME "exec_attr.org_dir"
#define EXECATTR_DB_NCOL 7 /* total columns */
#define EXECATTR_DB_NKEYCOL 3 /* total searchable columns */
#define EXECATTR_DB_TBLT "exec_attr_tbl"
#define EXECATTR_NAME_DEFAULT_KW "nobody"
#define EXECATTR_COL0_KW "name"
#define EXECATTR_COL1_KW "policy"
#define EXECATTR_COL2_KW "type"
#define EXECATTR_COL3_KW "res1"
#define EXECATTR_COL4_KW "res2"
#define EXECATTR_COL5_KW "id"
#define EXECATTR_COL6_KW "attr"
/*
* indices of searchable columns
*/
#define EXECATTR_KEYCOL0 0 /* name */
#define EXECATTR_KEYCOL1 1 /* policy */
#define EXECATTR_KEYCOL2 5 /* id */
/*
* Some macros used internally by the nsswitch code
*/
/*
* These macros are bitmasks. GET_ONE and GET_ALL are bitfield 0
* and thus mutually exclusive. __SEARCH_ALL_POLLS is bitfield
* 1 and can be logically ORed with GET_ALL if one wants to get
* all matching profiles from all policies, not just the ones from
* the currently active policy
*
* Testing for these values should be done using the IS_* macros
* defined below.
*/
#define GET_ONE 0
#define GET_ALL 1
#define __SEARCH_ALL_POLS 2
/* get only one exec_attr from list */
#define IS_GET_ONE(f) (((f) & GET_ALL) == 0)
/* get all matching exec_attrs in list */
#define IS_GET_ALL(f) (((f) & GET_ALL) == 1)
/* search all existing policies */
#define IS_SEARCH_ALL(f) (((f) & __SEARCH_ALL_POLS) == __SEARCH_ALL_POLS)
/*
* Key words used in the exec_attr database
*/
#define EXECATTR_EUID_KW "euid"
#define EXECATTR_EGID_KW "egid"
#define EXECATTR_UID_KW "uid"
#define EXECATTR_GID_KW "gid"
#define EXECATTR_LPRIV_KW "limitprivs"
#define EXECATTR_IPRIV_KW "privs"
/*
* Nsswitch representation of execution attributes.
*/
typedef struct execstr_s {
char *name; /* profile name */
char *policy; /* suser/rbac/tsol */
char *type; /* cmd/act */
char *res1; /* reserved for future use */
char *res2; /* reserved for future use */
char *id; /* unique ID */
char *attr; /* string of key-value pair attributes */
struct execstr_s *next; /* pointer to next entry */
} execstr_t;
typedef struct execattr_s {
char *name; /* profile name */
char *policy; /* suser/rbac/tsol */
char *type; /* cmd/act */
char *res1; /* reserved for future use */
char *res2; /* reserved for future use */
char *id; /* unique ID */
kva_t *attr; /* array of key-value pair attributes */
struct execattr_s *next; /* pointer to next entry */
} execattr_t;
typedef struct __private_execattr {
const char *name;
const char *type;
const char *id;
const char *policy;
int search_flag;
execstr_t *head_exec;
execstr_t *prev_exec;
} _priv_execattr; /* Un-supported. For Sun internal use only */
extern execattr_t *getexecattr(void);
extern execattr_t *getexecuser(const char *, const char *, const char *, int);
extern execattr_t *getexecprof(const char *, const char *, const char *, int);
extern execattr_t *match_execattr(execattr_t *, const char *, const char *, \
const char *);
extern void free_execattr(execattr_t *);
extern void setexecattr(void);
extern void endexecattr(void);
#ifdef __cplusplus
}
#endif
#endif /* _EXEC_ATTR_H */
|
