1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #ifndef _EXEC_ATTR_H
27 #define _EXEC_ATTR_H
28
29 #ifdef __cplusplus
30 extern "C" {
31 #endif
32
33
34 #include <sys/types.h>
35 #include <secdb.h>
36
37
38 #define EXECATTR_FILENAME "/etc/security/exec_attr"
39 #define EXECATTR_DB_NAME "exec_attr.org_dir"
40 #define EXECATTR_DB_NCOL 7 /* total columns */
41 #define EXECATTR_DB_NKEYCOL 3 /* total searchable columns */
42 #define EXECATTR_DB_TBLT "exec_attr_tbl"
43 #define EXECATTR_NAME_DEFAULT_KW "nobody"
44
45 #define EXECATTR_COL0_KW "name"
46 #define EXECATTR_COL1_KW "policy"
47 #define EXECATTR_COL2_KW "type"
48 #define EXECATTR_COL3_KW "res1"
49 #define EXECATTR_COL4_KW "res2"
50 #define EXECATTR_COL5_KW "id"
51 #define EXECATTR_COL6_KW "attr"
52
53 /*
54 * indices of searchable columns
55 */
56 #define EXECATTR_KEYCOL0 0 /* name */
57 #define EXECATTR_KEYCOL1 1 /* policy */
58 #define EXECATTR_KEYCOL2 5 /* id */
59
60
61 /*
62 * Some macros used internally by the nsswitch code
63 */
64
65 /*
66 * These macros are bitmasks. GET_ONE and GET_ALL are bitfield 0
67 * and thus mutually exclusive. __SEARCH_ALL_POLLS is bitfield
68 * 1 and can be logically ORed with GET_ALL if one wants to get
69 * all matching profiles from all policies, not just the ones from
70 * the currently active policy
71 *
72 * Testing for these values should be done using the IS_* macros
73 * defined below.
74 */
75 #define GET_ONE 0
76 #define GET_ALL 1
77 #define __SEARCH_ALL_POLS 2
78
79 /* get only one exec_attr from list */
80 #define IS_GET_ONE(f) (((f) & GET_ALL) == 0)
81 /* get all matching exec_attrs in list */
82 #define IS_GET_ALL(f) (((f) & GET_ALL) == 1)
83 /* search all existing policies */
84 #define IS_SEARCH_ALL(f) (((f) & __SEARCH_ALL_POLS) == __SEARCH_ALL_POLS)
85
86 /*
87 * Key words used in the exec_attr database
88 */
89 #define EXECATTR_EUID_KW "euid"
90 #define EXECATTR_EGID_KW "egid"
91 #define EXECATTR_UID_KW "uid"
92 #define EXECATTR_GID_KW "gid"
93 #define EXECATTR_LPRIV_KW "limitprivs"
94 #define EXECATTR_IPRIV_KW "privs"
95
96 /*
97 * Nsswitch representation of execution attributes.
98 */
99 typedef struct execstr_s {
100 char *name; /* profile name */
101 char *policy; /* suser/rbac/tsol */
102 char *type; /* cmd/act */
103 char *res1; /* reserved for future use */
104 char *res2; /* reserved for future use */
105 char *id; /* unique ID */
106 char *attr; /* string of key-value pair attributes */
107 struct execstr_s *next; /* pointer to next entry */
108 } execstr_t;
109
110 typedef struct execattr_s {
111 char *name; /* profile name */
112 char *policy; /* suser/rbac/tsol */
113 char *type; /* cmd/act */
114 char *res1; /* reserved for future use */
115 char *res2; /* reserved for future use */
116 char *id; /* unique ID */
117 kva_t *attr; /* array of key-value pair attributes */
118 struct execattr_s *next; /* pointer to next entry */
119 } execattr_t;
120
121 typedef struct __private_execattr {
122 const char *name;
123 const char *type;
124 const char *id;
125 const char *policy;
126 int search_flag;
127 execstr_t *head_exec;
128 execstr_t *prev_exec;
129 } _priv_execattr; /* Un-supported. For Sun internal use only */
130
131
132 #ifdef __STDC__
133 extern execattr_t *getexecattr(void);
134 extern execattr_t *getexecuser(const char *, const char *, const char *, int);
135 extern execattr_t *getexecprof(const char *, const char *, const char *, int);
136 extern execattr_t *match_execattr(execattr_t *, const char *, const char *, \
137 const char *);
138 extern void free_execattr(execattr_t *);
139 extern void setexecattr(void);
140 extern void endexecattr(void);
141
142 #else /* not __STDC__ */
143
144 extern execattr_t *getexecattr();
145 extern execattr_t *getexecuser();
146 extern execattr_t *getexecprof();
147 extern execattr_t *match_execattr();
148 extern void setexecattr();
149 extern void endexecattr();
150 extern void free_execattr();
151 #endif
152
153 #ifdef __cplusplus
154 }
155 #endif
156
157 #endif /* _EXEC_ATTR_H */