146 lines
3.4 KiB
C
146 lines
3.4 KiB
C
|
/* Query, remove, or restore a Solaris privilege.
|
||
|
|
||
|
Copyright (C) 2009-2020 Free Software Foundation, Inc.
|
||
|
|
||
|
This program is free software: you can redistribute it and/or modify
|
||
|
it under the terms of the GNU General Public License as published by
|
||
|
the Free Software Foundation; either version 3 of the License, or
|
||
|
(at your option) any later version.
|
||
|
|
||
|
This program is distributed in the hope that it will be useful,
|
||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
GNU General Public License for more details.
|
||
|
|
||
|
You should have received a copy of the GNU General Public License
|
||
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||
|
|
||
|
Written by David Bartley. */
|
||
|
|
||
|
#include <config.h>
|
||
|
|
||
|
#define PRIV_SET_INLINE _GL_EXTERN_INLINE
|
||
|
|
||
|
#include "priv-set.h"
|
||
|
|
||
|
#if HAVE_GETPPRIV && HAVE_PRIV_H
|
||
|
|
||
|
# include <errno.h>
|
||
|
# include <stdbool.h>
|
||
|
# include <priv.h>
|
||
|
|
||
|
/* Holds a (cached) copy of the effective set. */
|
||
|
static priv_set_t *eff_set;
|
||
|
|
||
|
/* Holds a set of privileges that we have removed. */
|
||
|
static priv_set_t *rem_set;
|
||
|
|
||
|
static bool initialized;
|
||
|
|
||
|
static int
|
||
|
priv_set_initialize (void)
|
||
|
{
|
||
|
if (! initialized)
|
||
|
{
|
||
|
eff_set = priv_allocset ();
|
||
|
if (!eff_set)
|
||
|
{
|
||
|
return -1;
|
||
|
}
|
||
|
rem_set = priv_allocset ();
|
||
|
if (!rem_set)
|
||
|
{
|
||
|
priv_freeset (eff_set);
|
||
|
return -1;
|
||
|
}
|
||
|
if (getppriv (PRIV_EFFECTIVE, eff_set) != 0)
|
||
|
{
|
||
|
priv_freeset (eff_set);
|
||
|
priv_freeset (rem_set);
|
||
|
return -1;
|
||
|
}
|
||
|
priv_emptyset (rem_set);
|
||
|
initialized = true;
|
||
|
}
|
||
|
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
|
||
|
/* Check if priv is in the effective set.
|
||
|
Returns 1 if priv is a member and 0 if not.
|
||
|
Returns -1 on error with errno set appropriately. */
|
||
|
int
|
||
|
priv_set_ismember (const char *priv)
|
||
|
{
|
||
|
if (! initialized && priv_set_initialize () != 0)
|
||
|
return -1;
|
||
|
|
||
|
return priv_ismember (eff_set, priv);
|
||
|
}
|
||
|
|
||
|
|
||
|
/* Try to remove priv from the effective set.
|
||
|
Returns 0 if priv was removed.
|
||
|
Returns -1 on error with errno set appropriately. */
|
||
|
int
|
||
|
priv_set_remove (const char *priv)
|
||
|
{
|
||
|
if (! initialized && priv_set_initialize () != 0)
|
||
|
return -1;
|
||
|
|
||
|
if (priv_ismember (eff_set, priv))
|
||
|
{
|
||
|
/* priv_addset/priv_delset can only fail if priv is invalid, which is
|
||
|
checked above by the priv_ismember call. */
|
||
|
priv_delset (eff_set, priv);
|
||
|
if (setppriv (PRIV_SET, PRIV_EFFECTIVE, eff_set) != 0)
|
||
|
{
|
||
|
priv_addset (eff_set, priv);
|
||
|
return -1;
|
||
|
}
|
||
|
priv_addset (rem_set, priv);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
errno = EINVAL;
|
||
|
return -1;
|
||
|
}
|
||
|
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
|
||
|
/* Try to restore priv to the effective set.
|
||
|
Returns 0 if priv was re-added to the effective set (after being previously
|
||
|
removed by a call to priv_set_remove).
|
||
|
Returns -1 on error with errno set appropriately. */
|
||
|
int
|
||
|
priv_set_restore (const char *priv)
|
||
|
{
|
||
|
if (! initialized && priv_set_initialize () != 0)
|
||
|
return -1;
|
||
|
|
||
|
if (priv_ismember (rem_set, priv))
|
||
|
{
|
||
|
/* priv_addset/priv_delset can only fail if priv is invalid, which is
|
||
|
checked above by the priv_ismember call. */
|
||
|
priv_addset (eff_set, priv);
|
||
|
if (setppriv (PRIV_SET, PRIV_EFFECTIVE, eff_set) != 0)
|
||
|
{
|
||
|
priv_delset (eff_set, priv);
|
||
|
return -1;
|
||
|
}
|
||
|
priv_delset (rem_set, priv);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
errno = EINVAL;
|
||
|
return -1;
|
||
|
}
|
||
|
|
||
|
return 0;
|
||
|
}
|
||
|
|
||
|
#endif
|