1 #
2 # Copyright 2005 Sun Microsystems, Inc. All rights reserved.
3 # Use is subject to license terms.
4 #
5 # CDDL HEADER START
6 #
7 # The contents of this file are subject to the terms of the
8 # Common Development and Distribution License, Version 1.0 only
9 # (the "License"). You may not use this file except in compliance
10 # with the License.
11 #
12 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
13 # or http://www.opensolaris.org/os/licensing.
14 # See the License for the specific language governing permissions
15 # and limitations under the License.
16 #
17 # When distributing Covered Code, include this CDDL HEADER in each
18 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
19 # If applicable, add the following below this CDDL HEADER, with the
20 # fields enclosed by brackets "[]" replaced with your own identifying
21 # information: Portions Copyright [yyyy] [name of copyright owner]
22 #
23 # CDDL HEADER END
24 #
25 #ident "%Z%%M% %I% %E% SMI"
26 #
27 # This file generates three different C files:
28 #
29 # <sys/priv_const.h>
30 # An implementation private set of manifest integer constant
31 # for privileges and privilege sets and manifest constants for
32 # set size, number of sets, number of privileges
33 #
34 # os/priv_const.c
35 # A C source file containing the set names, privilege names
36 # arrays for the name <-> number mappings
37 #
38 # <sys/priv_names.h>
39 # A public header file containing the PRIV_* defines
40 # that map to strings; these are for convenience.
41 # (it's easy to misspell a string, harder to misspell a
42 # manifest constant)
43 #
44 # /etc/security/priv_names
45 # A privilege name to explanation mapping.
46 #
47 #
48 # The files are output on the awk variable privhfile, pubhfile, cfile,
49 # and pnamesfile respectively
50 #
51 # The input file should contain a standard Sun comment and ident string
52 # which is copied verbatim and lines of
53 #
54 # [keyword] privilege PRIV_<privilege>
55 # set PRIV_<set>
56 #
57 # Which are converted to privileges and privilege sets
58 #
59
60
61 BEGIN {
62 # Number of privileges read
63 npriv = 0
64
65 # Number of privilege sets
66 nset = 0
67
68 # Length of all strings concatenated, including \0
69 privbytes = 0
70 setbytes = 0
71
72 # Number of reserved privilege slots
73 slack = 10
74
75 privhcmt = \
76 " * Privilege constant definitions; these constants are subject to\n" \
77 " * change, including renumbering, without notice and should not be\n" \
78 " * used in any code. Privilege names must be used instead.\n" \
79 " * Privileges and privilege sets must not be stored in binary\n" \
80 " * form; privileges and privileges sets must be converted to\n" \
81 " * textual representation before being committed to persistent store."
82
83 ccmt = \
84 " * Privilege name table and size definitions."
85
86 pubhcmt = \
87 " * Privilege constant definitions. Privileges and privilege sets\n" \
88 " * are only known by name and should be mapped at runtime."
89
90 pnamescmt = \
91 "#\n" \
92 "# Privilege name explanation file\n" \
93 "# The format of entries is a privilege name starting at the\n" \
94 "# beginning of a line directly folowed by a new line followed\n" \
95 "# by several lines of texts starting with white space terminated\n" \
96 "# by a line with a single newline or not starting with white space\n" \
97 "#\n"
98 }
99
100 #
101 # Privilege strings are represented as lower case strings;
102 # PRIV_ is stripped from the strings.
103 #
104 /^([A-Za-z]* )?privilege / {
105 if (NF == 3) {
106 key = toupper($1)
107 priv = toupper($3)
108 if (set[key] != "")
109 set[key] = set[key] ";"
110 set[key] = set[key] "\\\n\t\tPRIV_ADDSET((set), " priv ")"
111 } else {
112 priv = toupper($2);
113 }
114 privs[npriv] = tolower(substr(priv, 6));
115 inset = 0
116 inpriv = 1
117
118 privind[npriv] = privbytes;
119
120 tabs = (32 - length(priv) - 1)/8
121 # length + \0 - PRIV_
122 privbytes += length(priv) - 4
123 pdef[npriv] = "#define\t" priv substr("\t\t\t\t\t", 1, tabs)
124
125 npriv++
126 next
127 }
128
129 #
130 # Set strings are represented as strings with an initial cap;
131 # PRIV_ is stripped from the strings.
132 #
133 /^set / {
134 $2 = toupper($2)
135 sets[nset] = toupper(substr($2, 6, 1)) tolower(substr($2, 7));
136 inset = 1
137 inpriv = 0
138
139 setind[nset] = setbytes
140
141 # length + \0 - PRIV_
142 setbytes += length($2) - 4
143 tabs = (32 - length($2) - 1)/8
144 sdef[nset] = "#define\t" $2 substr("\t\t\t\t\t", 1, tabs)
145
146 nset++
147 next
148 }
149
150 /INSERT COMMENT/ {
151 acmt = " *\n * THIS FILE WAS GENERATED; DO NOT EDIT"
152 if (cfile) {
153 print ccmt > cfile
154 print acmt > cfile
155 }
156 if (privhfile) {
157 print privhcmt > privhfile
158 print acmt > privhfile
159 }
160 if (pubhfile) {
161 print pubhcmt > pubhfile
162 print acmt > pubhfile
163 }
164 next
165 }
166 /^#pragma/ {
167 pragma = $0;
168 if (pnamesfile) {
169 print "#" substr($0, 9) > pnamesfile
170 }
171 next;
172 }
173
174 /^#/ && ! /^#pragma/{
175 # Comments, ignore
176 next
177 }
178
179 {
180 #
181 # Comments describing privileges and sets follow the definitions.
182 #
183 if (inset || inpriv) {
184 sub("^[ ]*", "")
185 sub("[ ]*$", "")
186 if (/^$/) next;
187 }
188 if (inset) {
189 setcmt[nset - 1] = setcmt[nset - 1] " * " $0 "\n"
190 next
191 } else if (inpriv) {
192 sub("^[ ]*", "")
193 privcmt[npriv - 1] = privcmt[npriv - 1] " * " $0 "\n"
194 privncmt[npriv - 1] = privncmt[npriv - 1] "\t" $0 "\n"
195 next
196 }
197
198 if (cfile)
199 print > cfile
200 if (privhfile)
201 print > privhfile
202 if (pubhfile)
203 print > pubhfile
204 if (pnamesfile) {
205 sub("^/\\*", "#")
206 sub("^ \\*/", "")
207 sub("^ \\*", "#")
208 if (/^$/) next;
209 print > pnamesfile
210 }
211 }
212
213 END {
214
215 if (!pubhfile && !privhfile && !cfile && !pnamesfile) {
216 print "Output file parameter not set" > "/dev/stderr"
217 exit 1
218 }
219
220 setsize = int((npriv + slack)/(8 * 4)) + 1
221 maxnpriv = setsize * 8 * 4
222 # Assume allocated privileges are on average "NSDQ" bytes larger.
223 maxprivbytes = int((privbytes / npriv + 5.5)) * (maxnpriv - npriv)
224 maxprivbytes += privbytes
225
226 if (cfile) {
227 print "\n" > cfile
228 print pragma "\n"> cfile
229 print "#include <sys/types.h>" > cfile
230 print "#include <sys/priv_const.h>" > cfile
231 print "#include <sys/priv_impl.h>" > cfile
232 print "#include <sys/priv.h>" > cfile
233 print "#include <sys/sysmacros.h>" > cfile
234 print "\n" > cfile
235 #
236 # Create the entire priv info structure here.
237 # When adding privileges, the kernel needs to update
238 # too many fields as the number of privileges is kept in
239 # many places.
240 #
241 print \
242 "static struct _info {\n" \
243 " priv_impl_info_t impl_info;\n" \
244 " priv_info_t settype;\n" \
245 " int nsets;\n" \
246 " const char sets[" setbytes "];\n" \
247 " priv_info_t privtype;\n" \
248 " int nprivs;\n" \
249 " char privs[" maxprivbytes "];\n" \
250 " priv_info_t sysset;\n" \
251 " priv_set_t basicset;\n" \
252 " priv_info_t defset;\n" \
253 " priv_set_t defaultset;\n" \
254 "} info = {\n" \
255 " { sizeof (priv_impl_info_t), 0, PRIV_NSET, " \
256 "PRIV_SETSIZE, " npriv ",\n" \
257 "\t\tsizeof (priv_info_uint_t),\n" \
258 "\t\tsizeof (info) - sizeof (info.impl_info)},\n" \
259 " { PRIV_INFO_SETNAMES,\n" \
260 " offsetof(struct _info, privtype) - " \
261 "offsetof(struct _info, settype)},\n\tPRIV_NSET," > cfile
262
263 sep = "\t\""
264 len = 9;
265 for (i = 0; i < nset; i++) {
266 if (len + length(sets[i]) > 80) {
267 sep = "\\0\"\n\t\""
268 len = 9
269 }
270 printf sep sets[i] > cfile
271 len += length(sets[i]) + length(sep);
272 sep = "\\0"
273 }
274 print "\\0\"," > cfile
275
276 print "\t{ PRIV_INFO_PRIVNAMES,\n\t " \
277 "offsetof(struct _info, sysset) - " \
278 "offsetof(struct _info, privtype)},\n\t" npriv "," \
279 > cfile
280
281 sep = "\t\""
282 len = 9;
283 for (i = 0; i < npriv; i++) {
284 if (len + length(privs[i]) > 80) {
285 sep = "\\0\"\n\t\""
286 len = 9
287 }
288 printf sep privs[i] > cfile
289 len += length(privs[i]) + length(sep);
290 sep = "\\0"
291 }
292 print "\\0\"," > cfile
293
294 print "\t{ PRIV_INFO_BASICPRIVS, offsetof (struct _info, defset) - " \
295 "offsetof(struct _info, sysset)}," > cfile
296 print "\t{ 0 },\n" > cfile
297 print "\t{ PRIV_INFO_DEFAULTPRIVS, sizeof (info) - " \
298 "offsetof(struct _info, defset)}" > cfile
299
300 print "};\n" > cfile
301
302 print "\nconst char *priv_names[" maxnpriv "] =\n{" > cfile
303 for (i = 0; i < npriv; i++)
304 print "\t&info.privs[" privind[i] "]," > cfile
305
306 print "};\n" > cfile
307
308 print "\nconst char *priv_setnames[" nset "] =\n{" > cfile
309 for (i = 0; i < nset; i++)
310 print "\t&info.sets[" setind[i] "]," > cfile
311
312 print "};\n" > cfile
313
314 print "int nprivs = " npriv ";" > cfile
315 print "int privbytes = " privbytes ";" > cfile
316 print "int maxprivbytes = " maxprivbytes ";" > cfile
317 print "size_t privinfosize = sizeof (info);" > cfile
318 print "char *priv_str = info.privs;" > cfile
319 print "priv_set_t *priv_basic = &info.basicset;" > cfile
320 print "priv_set_t *priv_default = &info.defaultset;" > cfile
321 print "priv_impl_info_t *priv_info = &info.impl_info;" > cfile
322 print "priv_info_names_t *priv_ninfo = " \
323 "(priv_info_names_t *)&info.privtype;" > cfile
324 close(cfile)
325 }
326
327 # Kernel private
328 if (privhfile) {
329 print "#ifndef _SYS_PRIV_CONST_H" > privhfile
330 print "#define\t_SYS_PRIV_CONST_H\n" > privhfile
331 print pragma "\n"> privhfile
332 print "\n#include <sys/types.h>\n\n" > privhfile
333 print "#ifdef __cplusplus\nextern \"C\" {\n#endif\n" > privhfile
334
335 print "#if defined(_KERNEL) || defined(_KMEMUSER)" > privhfile
336 print "#define\tPRIV_NSET\t\t\t " nset > privhfile
337 print "#define\tPRIV_SETSIZE\t\t\t " setsize > privhfile
338 print "#endif\n\n#ifdef _KERNEL" > privhfile
339 print "#define\t__PRIV_CONST_IMPL\n" > privhfile
340 print "extern const char *priv_names[];" > privhfile
341 print "extern const char *priv_setnames[];" > privhfile
342
343 print "extern int nprivs;" > privhfile
344 print "extern int privbytes;" > privhfile
345 print "extern int maxprivbytes;" > privhfile
346 print "extern size_t privinfosize;" > privhfile
347 print "extern char *priv_str;" > privhfile
348 print "extern struct priv_set *priv_basic;" > privhfile
349 print "extern struct priv_set *priv_default;" > privhfile
350 print "extern struct priv_impl_info *priv_info;" > privhfile
351 print "extern struct priv_info_names *priv_ninfo;" > privhfile
352
353 print "\n/* Privileges */" > privhfile
354
355 for (i = 0; i < npriv; i++)
356 print pdef[i] sprintf("%3d", i) > privhfile
357
358 print "\n/* Privilege sets */" > privhfile
359 for (i = 0; i < nset; i++)
360 print sdef[i] sprintf("%3d", i) > privhfile
361
362 print "\n#define\tMAX_PRIVILEGE\t\t\t " setsize * 32 \
363 > privhfile
364
365 # Special privilege categories.
366 for (s in set)
367 print "\n#define\tPRIV_" s "_ADDSET(set)" set[s] \
368 > privhfile
369
370 print "\n#endif /* _KERNEL */" > privhfile
371 print "\n#ifdef __cplusplus\n}\n#endif" > privhfile
372 print "\n#endif /* _SYS_PRIV_CONST_H */" > privhfile
373 close(privhfile)
374 }
375
376 if (pubhfile) {
377 cast="((const char *)"
378 print "#ifndef _SYS_PRIV_NAMES_H" > pubhfile
379 print "#define\t_SYS_PRIV_NAMES_H\n" > pubhfile
380
381 print pragma "\n" > pubhfile
382 print "#ifdef __cplusplus\nextern \"C\" {\n#endif\n" > pubhfile
383
384 print "#ifndef __PRIV_CONST_IMPL" > pubhfile
385 print "/*\n * Privilege names\n */" > pubhfile
386 for (i = 0; i < npriv; i++) {
387 print "/*\n" privcmt[i] " */" > pubhfile
388 print pdef[i] cast "\"" privs[i] "\")\n" > pubhfile
389 }
390
391 print "" > pubhfile
392
393 print "/*\n * Privilege set names\n */" > pubhfile
394 for (i = 0; i < nset; i++) {
395 print "/*\n" setcmt[i] " */" > pubhfile
396 print sdef[i] cast "\"" sets[i] "\")\n" > pubhfile
397 }
398
399 print "\n#endif /* __PRIV_CONST_IMPL */" > pubhfile
400 print "\n#ifdef __cplusplus\n}\n#endif" > pubhfile
401 print "\n#endif /* _SYS_PRIV_NAMES_H */" > pubhfile
402 close(pubhfile)
403 }
404
405 if (pnamesfile) {
406 print pnamescmt > pnamesfile
407 for (i = 0; i < npriv; i++) {
408 print privs[i] > pnamesfile
409 print privncmt[i] > pnamesfile
410 }
411 }
412
413 }