df29cd3a4394efa1d46bd72206dc64b343c332cf
[strongswan.git] / src / libstrongswan / utils / capabilities.h
1 /*
2 * Copyright (C) 2012 Martin Willi
3 * Copyright (C) 2012 revosec AG
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 /**
17 * @defgroup capabilities capabilities
18 * @{ @ingroup utils
19 */
20
21 #ifndef CAPABILITIES_H_
22 #define CAPABILITIES_H_
23
24 #include <library.h>
25 #ifdef HAVE_SYS_CAPABILITY_H
26 # include <sys/capability.h>
27 #else
28 # include <linux/capability.h>
29 #endif
30
31 typedef struct capabilities_t capabilities_t;
32
33 /**
34 * POSIX capability dropping abstraction layer.
35 */
36 struct capabilities_t {
37
38 /**
39 * Register a capability to keep while calling drop().
40 *
41 * @param cap capability to keep
42 */
43 void (*keep)(capabilities_t *this, u_int cap);
44
45 /**
46 * Get the user ID set through set_uid/resolve_uid.
47 *
48 * @return currently set user ID
49 */
50 uid_t (*get_uid)(capabilities_t *this);
51
52 /**
53 * Get the group ID set through set_gid/resolve_gid.
54 *
55 * @return currently set group ID
56 */
57 gid_t (*get_gid)(capabilities_t *this);
58
59 /**
60 * Set the numerical user ID to use during rights dropping.
61 *
62 * @param uid user ID to use
63 */
64 void (*set_uid)(capabilities_t *this, uid_t uid);
65
66 /**
67 * Set the numerical group ID to use during rights dropping.
68 *
69 * @param gid group ID to use
70 */
71 void (*set_gid)(capabilities_t *this, gid_t gid);
72
73 /**
74 * Resolve a username and set the user ID accordingly.
75 *
76 * @param username username get the uid for
77 * @return TRUE if username resolved and uid set
78 */
79 bool (*resolve_uid)(capabilities_t *this, char *username);
80
81 /**
82 * Resolve a groupname and set the group ID accordingly.
83 *
84 * @param groupname groupname to get the gid for
85 * @return TRUE if groupname resolved and gid set
86 */
87 bool (*resolve_gid)(capabilities_t *this, char *groupname);
88
89 /**
90 * Drop all capabilities not previously passed to keep(), switch to UID/GID.
91 *
92 * @return TRUE if capability drop successful
93 */
94 bool (*drop)(capabilities_t *this);
95
96 /**
97 * Destroy a capabilities_t.
98 */
99 void (*destroy)(capabilities_t *this);
100 };
101
102 /**
103 * Create a capabilities instance.
104 */
105 capabilities_t *capabilities_create();
106
107 #endif /** CAPABILITIES_H_ @}*/