1 /*
   2  * CDDL HEADER START
   3  *
   4  * The contents of this file are subject to the terms of the
   5  * Common Development and Distribution License (the "License").
   6  * You may not use this file except in compliance with the License.
   7  *
   8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
   9  * or http://www.opensolaris.org/os/licensing.
  10  * See the License for the specific language governing permissions
  11  * and limitations under the License.
  12  *
  13  * When distributing Covered Code, include this CDDL HEADER in each
  14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  15  * If applicable, add the following below this CDDL HEADER, with the
  16  * fields enclosed by brackets "[]" replaced with your own identifying
  17  * information: Portions Copyright [yyyy] [name of copyright owner]
  18  *
  19  * CDDL HEADER END
  20  */
  21 /*
  22  * Copyright 2014 Garrett D'Amore <garrett@damore.org>
  23  *
  24  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  25  * Use is subject to license terms.
  26  */
  27 
  28 #ifndef _EXEC_ATTR_H
  29 #define _EXEC_ATTR_H
  30 
  31 #ifdef  __cplusplus
  32 extern "C" {
  33 #endif
  34 
  35 
  36 #include <sys/types.h>
  37 #include <secdb.h>
  38 
  39 
  40 #define EXECATTR_FILENAME               "/etc/security/exec_attr"
  41 #define EXECATTR_DB_NAME                "exec_attr.org_dir"
  42 #define EXECATTR_DB_NCOL                7       /* total columns */
  43 #define EXECATTR_DB_NKEYCOL             3       /* total searchable columns */
  44 #define EXECATTR_DB_TBLT                "exec_attr_tbl"
  45 #define EXECATTR_NAME_DEFAULT_KW        "nobody"
  46 
  47 #define EXECATTR_COL0_KW                "name"
  48 #define EXECATTR_COL1_KW                "policy"
  49 #define EXECATTR_COL2_KW                "type"
  50 #define EXECATTR_COL3_KW                "res1"
  51 #define EXECATTR_COL4_KW                "res2"
  52 #define EXECATTR_COL5_KW                "id"
  53 #define EXECATTR_COL6_KW                "attr"
  54 
  55 /*
  56  * indices of searchable columns
  57  */
  58 #define EXECATTR_KEYCOL0                0       /* name */
  59 #define EXECATTR_KEYCOL1                1       /* policy */
  60 #define EXECATTR_KEYCOL2                5       /* id */
  61 
  62 
  63 /*
  64  * Some macros used internally by the nsswitch code
  65  */
  66 
  67 /*
  68  * These macros are bitmasks. GET_ONE and GET_ALL are bitfield 0
  69  * and thus mutually exclusive. __SEARCH_ALL_POLLS is bitfield
  70  * 1 and can be logically ORed with GET_ALL if one wants to get
  71  * all matching profiles from all policies, not just the ones from
  72  * the currently active policy
  73  *
  74  * Testing for these values should be done using the IS_* macros
  75  * defined below.
  76  */
  77 #define GET_ONE                 0
  78 #define GET_ALL                 1
  79 #define __SEARCH_ALL_POLS       2
  80 
  81 /* get only one exec_attr from list */
  82 #define IS_GET_ONE(f) (((f) & GET_ALL) == 0)
  83 /* get all matching exec_attrs in list */
  84 #define IS_GET_ALL(f) (((f) & GET_ALL) == 1)
  85 /* search all existing policies */
  86 #define IS_SEARCH_ALL(f) (((f) & __SEARCH_ALL_POLS) == __SEARCH_ALL_POLS)
  87 
  88 /*
  89  * Key words used in the exec_attr database
  90  */
  91 #define EXECATTR_EUID_KW        "euid"
  92 #define EXECATTR_EGID_KW        "egid"
  93 #define EXECATTR_UID_KW         "uid"
  94 #define EXECATTR_GID_KW         "gid"
  95 #define EXECATTR_LPRIV_KW       "limitprivs"
  96 #define EXECATTR_IPRIV_KW       "privs"
  97 
  98 /*
  99  * Nsswitch representation of execution attributes.
 100  */
 101 typedef struct execstr_s {
 102         char   *name;           /* profile name */
 103         char   *policy;         /* suser/rbac/tsol */
 104         char   *type;           /* cmd/act */
 105         char   *res1;           /* reserved for future use */
 106         char   *res2;           /* reserved for future use */
 107         char   *id;             /* unique ID */
 108         char   *attr;           /* string of key-value pair attributes */
 109         struct execstr_s *next; /* pointer to next entry */
 110 } execstr_t;
 111 
 112 typedef struct execattr_s {
 113         char   *name;           /* profile name */
 114         char   *policy;         /* suser/rbac/tsol */
 115         char   *type;           /* cmd/act */
 116         char   *res1;           /* reserved for future use */
 117         char   *res2;           /* reserved for future use */
 118         char   *id;             /* unique ID */
 119         kva_t  *attr;           /* array of key-value pair attributes */
 120         struct execattr_s *next;        /* pointer to next entry */
 121 } execattr_t;
 122 
 123 typedef struct __private_execattr {
 124         const char *name;
 125         const char *type;
 126         const char *id;
 127         const char *policy;
 128         int search_flag;
 129         execstr_t *head_exec;
 130         execstr_t *prev_exec;
 131 } _priv_execattr;               /* Un-supported. For Sun internal use only */
 132 
 133 
 134 extern execattr_t *getexecattr(void);
 135 extern execattr_t *getexecuser(const char *, const char *, const char *, int);
 136 extern execattr_t *getexecprof(const char *, const char *, const char *, int);
 137 extern execattr_t *match_execattr(execattr_t *, const char *, const char *, \
 138         const char *);
 139 extern void free_execattr(execattr_t *);
 140 extern void setexecattr(void);
 141 extern void endexecattr(void);
 142 
 143 #ifdef __cplusplus
 144 }
 145 #endif
 146 
 147 #endif  /* _EXEC_ATTR_H */