src/libstrongswan/utils/capabilities.h

   1 /*
   2  * Copyright (C) 2012 Martin Willi
   3  * Copyright (C) 2012 revosec AG
   4  *
   5  * This program is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License as published by the
   7  * Free Software Foundation; either version 2 of the License, or (at your
   8  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
   9  *
  10  * This program is distributed in the hope that it will be useful, but
  11  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  12  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  13  * for more details.
  14  */
  15
  16 /**
  17  * @defgroup capabilities capabilities
  18  * @{ @ingroup utils
  19  */
  20
  21 #ifndef CAPABILITIES_H_
  22 #define CAPABILITIES_H_
  23
  24 #include <library.h>
  25 #ifdef HAVE_SYS_CAPABILITY_H
  26 # include <sys/capability.h>
  27 #elif defined(CAPABILITIES_NATIVE)
  28 # include <linux/capability.h>
  29 #endif
  30
  31 typedef struct capabilities_t capabilities_t;
  32
  33 /**
  34  * POSIX capability dropping abstraction layer.
  35  */
  36 struct capabilities_t {
  37
  38         /**
  39          * Register a capability to keep while calling drop().
  40          *
  41          * @param cap           capability to keep
  42          */
  43         void (*keep)(capabilities_t *this, u_int cap);
  44
  45         /**
  46          * Get the user ID set through set_uid/resolve_uid.
  47          *
  48          * @return                      currently set user ID
  49          */
  50         uid_t (*get_uid)(capabilities_t *this);
  51
  52         /**
  53          * Get the group ID set through set_gid/resolve_gid.
  54          *
  55          * @return                      currently set group ID
  56          */
  57         gid_t (*get_gid)(capabilities_t *this);
  58
  59         /**
  60          * Set the numerical user ID to use during rights dropping.
  61          *
  62          * @param uid           user ID to use
  63          */
  64         void (*set_uid)(capabilities_t *this, uid_t uid);
  65
  66         /**
  67          * Set the numerical group ID to use during rights dropping.
  68          *
  69          * @param gid           group ID to use
  70          */
  71         void (*set_gid)(capabilities_t *this, gid_t gid);
  72
  73         /**
  74          * Resolve a username and set the user ID accordingly.
  75          *
  76          * @param username      username get the uid for
  77          * @return                      TRUE if username resolved and uid set
  78          */
  79         bool (*resolve_uid)(capabilities_t *this, char *username);
  80
  81         /**
  82          * Resolve a groupname and set the group ID accordingly.
  83          *
  84          * @param groupname     groupname to get the gid for
  85          * @return                      TRUE if groupname resolved and gid set
  86          */
  87         bool (*resolve_gid)(capabilities_t *this, char *groupname);
  88
  89         /**
  90          * Drop all capabilities not previously passed to keep(), switch to UID/GID.
  91          *
  92          * @return                      TRUE if capability drop successful
  93          */
  94         bool (*drop)(capabilities_t *this);
  95
  96         /**
  97          * Destroy a capabilities_t.
  98          */
  99         void (*destroy)(capabilities_t *this);
 100 };
 101
 102 /**
 103  * Create a capabilities instance.
 104  */
 105 capabilities_t *capabilities_create();
 106
 107 #endif /** CAPABILITIES_H_ @}*/