]>
Commit | Line | Data |
---|---|---|
01245821 | 1 | /* |
2 | * Zebra privileges header. | |
3 | * | |
4 | * Copyright (C) 2003 Paul Jakma. | |
5 | * | |
6 | * This file is part of GNU Zebra. | |
7 | * | |
8 | * GNU Zebra is free software; you can redistribute it and/or modify it | |
9 | * under the terms of the GNU General Public License as published by the | |
10 | * Free Software Foundation; either version 2, or (at your option) any | |
11 | * later version. | |
12 | * | |
13 | * GNU Zebra is distributed in the hope that it will be useful, but | |
14 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | * General Public License for more details. | |
17 | * | |
896014f4 DL |
18 | * You should have received a copy of the GNU General Public License along |
19 | * with this program; see the file COPYING; if not, write to the Free Software | |
20 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
01245821 | 21 | */ |
22 | ||
23 | #ifndef _ZEBRA_PRIVS_H | |
24 | #define _ZEBRA_PRIVS_H | |
25 | ||
26 | /* list of zebra capabilities */ | |
27 | typedef enum | |
28 | { | |
ceacedba | 29 | ZCAP_SETID, |
01245821 | 30 | ZCAP_BIND, |
ceacedba | 31 | ZCAP_NET_ADMIN, |
8d6b00e4 | 32 | ZCAP_SYS_ADMIN, |
ceacedba | 33 | ZCAP_NET_RAW, |
01245821 | 34 | ZCAP_CHROOT, |
35 | ZCAP_NICE, | |
36 | ZCAP_PTRACE, | |
8d6b00e4 | 37 | ZCAP_DAC_OVERRIDE, |
38 | ZCAP_READ_SEARCH, | |
39 | ZCAP_FOWNER, | |
01245821 | 40 | ZCAP_MAX |
41 | } zebra_capabilities_t; | |
42 | ||
43 | typedef enum | |
44 | { | |
45 | ZPRIVS_LOWERED, | |
ceacedba | 46 | ZPRIVS_RAISED, |
47 | ZPRIVS_UNKNOWN, | |
01245821 | 48 | } zebra_privs_current_t; |
49 | ||
50 | typedef enum | |
51 | { | |
52 | ZPRIVS_RAISE, | |
53 | ZPRIVS_LOWER, | |
54 | } zebra_privs_ops_t; | |
55 | ||
56 | struct zebra_privs_t | |
57 | { | |
58 | zebra_capabilities_t *caps_p; /* caps required for operation */ | |
59 | zebra_capabilities_t *caps_i; /* caps to allow inheritance of */ | |
60 | int cap_num_p; /* number of caps in arrays */ | |
61 | int cap_num_i; | |
8c328f11 | 62 | const char *user; /* user and group to run as */ |
63 | const char *group; | |
64 | const char *vty_group; /* group to chown vty socket to */ | |
01245821 | 65 | /* methods */ |
66 | int | |
67 | (*change) (zebra_privs_ops_t); /* change privileges, 0 on success */ | |
68 | zebra_privs_current_t | |
69 | (*current_state) (void); /* current privilege state */ | |
70 | }; | |
71 | ||
ba3a0bc5 | 72 | struct zprivs_ids_t |
73 | { | |
74 | /* -1 is undefined */ | |
75 | uid_t uid_priv; /* privileged uid */ | |
76 | uid_t uid_normal; /* normal uid */ | |
77 | gid_t gid_priv; /* privileged uid */ | |
78 | gid_t gid_normal; /* normal uid */ | |
79 | gid_t gid_vty; /* vty gid */ | |
80 | }; | |
81 | ||
01245821 | 82 | /* initialise zebra privileges */ |
8cc4198f | 83 | extern void zprivs_init (struct zebra_privs_t *zprivs); |
01245821 | 84 | /* drop all and terminate privileges */ |
ceacedba | 85 | extern void zprivs_terminate (struct zebra_privs_t *); |
ba3a0bc5 | 86 | /* query for runtime uid's and gid's, eg vty needs this */ |
8cc4198f | 87 | extern void zprivs_get_ids(struct zprivs_ids_t *); |
01245821 | 88 | |
89 | #endif /* _ZEBRA_PRIVS_H */ |