Print this page
uts: add a concept of a 'default' set of privileges, separate from 'basic'

Split Close
Expand all
Collapse all
          --- old/usr/src/lib/libc/port/gen/priv_str_xlate.c
          +++ new/usr/src/lib/libc/port/gen/priv_str_xlate.c
↓ open down ↓ 50 lines elided ↑ open up ↑
  51   51  priv_set_t *
  52   52  priv_basic(void)
  53   53  {
  54   54          priv_data_t *d;
  55   55  
  56   56          LOADPRIVDATA(d);
  57   57  
  58   58          return (d->pd_basicset);
  59   59  }
  60   60  
       61 +priv_set_t *
       62 +priv_default(void)
       63 +{
       64 +        priv_data_t *d;
       65 +
       66 +        LOADPRIVDATA(d);
       67 +
       68 +        return (d->pd_defaultset);
       69 +}
       70 +
  61   71  /*
  62   72   *      Name:   priv_str_to_set()
  63   73   *
  64   74   *      Description:    Given a buffer with privilege strings, the
  65   75   *      equivalent privilege set is returned.
  66   76   *
  67   77   *      Special tokens recognized: all, none, basic and "".
  68   78   *
  69   79   *      On failure, this function returns NULL.
  70   80   *      *endptr == NULL and errno set: resource error.
↓ open down ↓ 2 lines elided ↑ open up ↑
  73   83  priv_set_t *
  74   84  priv_str_to_set(const char *priv_names,
  75   85                  const char *separators,
  76   86                  const char **endptr)
  77   87  {
  78   88  
  79   89          char *base;
  80   90          char *offset;
  81   91          char *last;
  82   92          priv_set_t *pset = NULL;
  83      -        priv_set_t *zone;
  84      -        priv_set_t *basic;
       93 +        priv_set_t *zone = NULL;
       94 +        priv_set_t *basic = NULL;
       95 +        priv_set_t *deflt = NULL;
  85   96  
  86   97          if (endptr != NULL)
  87   98                  *endptr = NULL;
  88   99  
  89  100          if ((base = libc_strdup(priv_names)) == NULL ||
  90  101              (pset = priv_allocset()) == NULL) {
  91  102                  /* Whether base is NULL or allocated, this works */
  92  103                  libc_free(base);
  93  104                  return (NULL);
  94  105          }
  95  106  
  96  107          priv_emptyset(pset);
  97  108          basic = priv_basic();
      109 +        deflt = priv_default();
  98  110          zone = privdata->pd_zoneset;
  99  111  
 100  112          /* This is how to use strtok_r nicely in a while loop ... */
 101  113          last = base;
 102  114  
 103  115          while ((offset = strtok_r(NULL, separators, &last)) != NULL) {
 104  116                  /*
 105  117                   * Search for these special case strings.
 106  118                   */
 107  119                  if (basic != NULL && strcasecmp(offset, "basic") == 0) {
 108  120                          priv_union(basic, pset);
      121 +                } else if (deflt != NULL && strcasecmp(offset,
      122 +                    "default") == 0) {
      123 +                        priv_union(deflt, pset);
 109  124                  } else if (strcasecmp(offset, "none") == 0) {
 110  125                          priv_emptyset(pset);
 111  126                  } else if (strcasecmp(offset, "all") == 0) {
 112  127                          priv_fillset(pset);
 113  128                  } else if (strcasecmp(offset, "zone") == 0) {
 114  129                          priv_union(zone, pset);
 115  130                  } else {
 116  131                          boolean_t neg = (*offset == '-' || *offset == '!');
 117  132                          int privid;
 118  133                          int slen;
↓ open down ↓ 336 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX