[mirror_frr.git] / lib / privs.h

/* 
 * Zebra privileges header.
 *
 * Copyright (C) 2003 Paul Jakma.
 *
 * This file is part of GNU Zebra.
 *
 * GNU Zebra is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2, or (at your option) any
 * later version.
 *
 * GNU Zebra is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; see the file COPYING; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
 */

#ifndef _ZEBRA_PRIVS_H
#define _ZEBRA_PRIVS_H

/* list of zebra capabilities */
typedef enum 
{
  ZCAP_SETID,
  ZCAP_BIND,
  ZCAP_NET_ADMIN,
  ZCAP_SYS_ADMIN,
  ZCAP_NET_RAW,
  ZCAP_CHROOT,
  ZCAP_NICE,
  ZCAP_PTRACE,
  ZCAP_DAC_OVERRIDE,
  ZCAP_READ_SEARCH,
  ZCAP_FOWNER,
  ZCAP_MAX
} zebra_capabilities_t;

typedef enum
{
  ZPRIVS_LOWERED,
  ZPRIVS_RAISED,
  ZPRIVS_UNKNOWN,
} zebra_privs_current_t;

typedef enum
{
  ZPRIVS_RAISE,
  ZPRIVS_LOWER,
} zebra_privs_ops_t;

struct zebra_privs_t
{
  zebra_capabilities_t *caps_p;       /* caps required for operation */
  zebra_capabilities_t *caps_i;       /* caps to allow inheritance of */
  int cap_num_p;                      /* number of caps in arrays */
  int cap_num_i;                    
  const char *user;                   /* user and group to run as */
  const char *group;
  const char *vty_group;              /* group to chown vty socket to */
  /* methods */
  int 
    (*change) (zebra_privs_ops_t);    /* change privileges, 0 on success */
  zebra_privs_current_t 
    (*current_state) (void);          /* current privilege state */
};

struct zprivs_ids_t
{
  /* -1 is undefined */
  uid_t uid_priv;                     /* privileged uid */
  uid_t uid_normal;                   /* normal uid */
  gid_t gid_priv;                     /* privileged uid */
  gid_t gid_normal;                   /* normal uid */
  gid_t gid_vty;                      /* vty gid */
};

  /* initialise zebra privileges */
extern void zprivs_init (struct zebra_privs_t *zprivs);
  /* drop all and terminate privileges */ 
extern void zprivs_terminate (struct zebra_privs_t *);
  /* query for runtime uid's and gid's, eg vty needs this */
extern void zprivs_get_ids(struct zprivs_ids_t *);

#endif /* _ZEBRA_PRIVS_H */
Commit	Line	Data
01245821	1	/*
	2	* Zebra privileges header.
	3	*
	4	* Copyright (C) 2003 Paul Jakma.
	5	*
	6	* This file is part of GNU Zebra.
	7	*
	8	* GNU Zebra is free software; you can redistribute it and/or modify it
	9	* under the terms of the GNU General Public License as published by the
	10	* Free Software Foundation; either version 2, or (at your option) any
	11	* later version.
	12	*
	13	* GNU Zebra is distributed in the hope that it will be useful, but
	14	* WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	* General Public License for more details.
	17	*
896014f4 DL	18	* You should have received a copy of the GNU General Public License along
	19	* with this program; see the file COPYING; if not, write to the Free Software
	20	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
01245821	21	*/
	22
	23	#ifndef _ZEBRA_PRIVS_H
	24	#define _ZEBRA_PRIVS_H
	25
	26	/* list of zebra capabilities */
	27	typedef enum
	28	{
ceacedba	29	ZCAP_SETID,
01245821	30	ZCAP_BIND,
ceacedba	31	ZCAP_NET_ADMIN,
8d6b00e4	32	ZCAP_SYS_ADMIN,
ceacedba	33	ZCAP_NET_RAW,
01245821	34	ZCAP_CHROOT,
	35	ZCAP_NICE,
	36	ZCAP_PTRACE,
8d6b00e4	37	ZCAP_DAC_OVERRIDE,
	38	ZCAP_READ_SEARCH,
	39	ZCAP_FOWNER,
01245821	40	ZCAP_MAX
	41	} zebra_capabilities_t;
	42
	43	typedef enum
	44	{
	45	ZPRIVS_LOWERED,
ceacedba	46	ZPRIVS_RAISED,
ceacedba	47	ZPRIVS_UNKNOWN,
01245821	48	} zebra_privs_current_t;
	49
	50	typedef enum
	51	{
	52	ZPRIVS_RAISE,
	53	ZPRIVS_LOWER,
	54	} zebra_privs_ops_t;
	55
	56	struct zebra_privs_t
	57	{
	58	zebra_capabilities_t caps_p; / caps required for operation */
	59	zebra_capabilities_t caps_i; / caps to allow inheritance of */
	60	int cap_num_p; /* number of caps in arrays */
	61	int cap_num_i;
8c328f11	62	const char user; / user and group to run as */
	63	const char *group;
	64	const char vty_group; / group to chown vty socket to */
01245821	65	/* methods */
	66	int
	67	(change) (zebra_privs_ops_t); / change privileges, 0 on success */
	68	zebra_privs_current_t
	69	(current_state) (void); / current privilege state */
	70	};
	71
ba3a0bc5	72	struct zprivs_ids_t
	73	{
	74	/* -1 is undefined */
	75	uid_t uid_priv; /* privileged uid */
	76	uid_t uid_normal; /* normal uid */
	77	gid_t gid_priv; /* privileged uid */
	78	gid_t gid_normal; /* normal uid */
	79	gid_t gid_vty; /* vty gid */
	80	};
	81
01245821	82	/* initialise zebra privileges */
8cc4198f	83	extern void zprivs_init (struct zebra_privs_t *zprivs);
01245821	84	/* drop all and terminate privileges */
ceacedba	85	extern void zprivs_terminate (struct zebra_privs_t *);
ba3a0bc5	86	/* query for runtime uid's and gid's, eg vty needs this */
8cc4198f	87	extern void zprivs_get_ids(struct zprivs_ids_t *);
01245821	88
01245821	89	#endif /* _ZEBRA_PRIVS_H */