1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  23  * Use is subject to license terms.
  24  */
  25 
  26 #ifndef _EXEC_ATTR_H
  27 #define _EXEC_ATTR_H
  28 
  29 #ifdef  __cplusplus
  30 extern "C" {
  31 #endif
  32 
  33 
  34 #include <sys/types.h>
  35 #include <secdb.h>
  36 
  37 
  38 #define EXECATTR_FILENAME               "/etc/security/exec_attr"
  39 #define EXECATTR_DB_NAME                "exec_attr.org_dir"
  40 #define EXECATTR_DB_NCOL                7       /* total columns */
  41 #define EXECATTR_DB_NKEYCOL             3       /* total searchable columns */
  42 #define EXECATTR_DB_TBLT                "exec_attr_tbl"
  43 #define EXECATTR_NAME_DEFAULT_KW        "nobody"
  44 
  45 #define EXECATTR_COL0_KW                "name"
  46 #define EXECATTR_COL1_KW                "policy"
  47 #define EXECATTR_COL2_KW                "type"
  48 #define EXECATTR_COL3_KW                "res1"
  49 #define EXECATTR_COL4_KW                "res2"
  50 #define EXECATTR_COL5_KW                "id"
  51 #define EXECATTR_COL6_KW                "attr"
  52 
  53 /*
  54  * indices of searchable columns
  55  */
  56 #define EXECATTR_KEYCOL0                0       /* name */
  57 #define EXECATTR_KEYCOL1                1       /* policy */
  58 #define EXECATTR_KEYCOL2                5       /* id */
  59 
  60 
  61 /*
  62  * Some macros used internally by the nsswitch code
  63  */
  64 
  65 /*
  66  * These macros are bitmasks. GET_ONE and GET_ALL are bitfield 0
  67  * and thus mutually exclusive. __SEARCH_ALL_POLLS is bitfield
  68  * 1 and can be logically ORed with GET_ALL if one wants to get
  69  * all matching profiles from all policies, not just the ones from
  70  * the currently active policy
  71  *
  72  * Testing for these values should be done using the IS_* macros
  73  * defined below.
  74  */
  75 #define GET_ONE                 0
  76 #define GET_ALL                 1
  77 #define __SEARCH_ALL_POLS       2
  78 
  79 /* get only one exec_attr from list */
  80 #define IS_GET_ONE(f) (((f) & GET_ALL) == 0)
  81 /* get all matching exec_attrs in list */
  82 #define IS_GET_ALL(f) (((f) & GET_ALL) == 1)
  83 /* search all existing policies */
  84 #define IS_SEARCH_ALL(f) (((f) & __SEARCH_ALL_POLS) == __SEARCH_ALL_POLS)
  85 
  86 /*
  87  * Key words used in the exec_attr database
  88  */
  89 #define EXECATTR_EUID_KW        "euid"
  90 #define EXECATTR_EGID_KW        "egid"
  91 #define EXECATTR_UID_KW         "uid"
  92 #define EXECATTR_GID_KW         "gid"
  93 #define EXECATTR_LPRIV_KW       "limitprivs"
  94 #define EXECATTR_IPRIV_KW       "privs"
  95 
  96 /*
  97  * Nsswitch representation of execution attributes.
  98  */
  99 typedef struct execstr_s {
 100         char   *name;           /* profile name */
 101         char   *policy;         /* suser/rbac/tsol */
 102         char   *type;           /* cmd/act */
 103         char   *res1;           /* reserved for future use */
 104         char   *res2;           /* reserved for future use */
 105         char   *id;             /* unique ID */
 106         char   *attr;           /* string of key-value pair attributes */
 107         struct execstr_s *next; /* pointer to next entry */
 108 } execstr_t;
 109 
 110 typedef struct execattr_s {
 111         char   *name;           /* profile name */
 112         char   *policy;         /* suser/rbac/tsol */
 113         char   *type;           /* cmd/act */
 114         char   *res1;           /* reserved for future use */
 115         char   *res2;           /* reserved for future use */
 116         char   *id;             /* unique ID */
 117         kva_t  *attr;           /* array of key-value pair attributes */
 118         struct execattr_s *next;        /* pointer to next entry */
 119 } execattr_t;
 120 
 121 typedef struct __private_execattr {
 122         const char *name;
 123         const char *type;
 124         const char *id;
 125         const char *policy;
 126         int search_flag;
 127         execstr_t *head_exec;
 128         execstr_t *prev_exec;
 129 } _priv_execattr;               /* Un-supported. For Sun internal use only */
 130 
 131 
 132 #ifdef    __STDC__
 133 extern execattr_t *getexecattr(void);
 134 extern execattr_t *getexecuser(const char *, const char *, const char *, int);
 135 extern execattr_t *getexecprof(const char *, const char *, const char *, int);
 136 extern execattr_t *match_execattr(execattr_t *, const char *, const char *, \
 137         const char *);
 138 extern void free_execattr(execattr_t *);
 139 extern void setexecattr(void);
 140 extern void endexecattr(void);
 141 
 142 #else                           /* not __STDC__ */
 143 
 144 extern execattr_t *getexecattr();
 145 extern execattr_t *getexecuser();
 146 extern execattr_t *getexecprof();
 147 extern execattr_t *match_execattr();
 148 extern void setexecattr();
 149 extern void endexecattr();
 150 extern void free_execattr();
 151 #endif
 152 
 153 #ifdef __cplusplus
 154 }
 155 #endif
 156 
 157 #endif  /* _EXEC_ATTR_H */