1ddf7fe95Scasper /* 2ddf7fe95Scasper * CDDL HEADER START 3ddf7fe95Scasper * 4ddf7fe95Scasper * The contents of this file are subject to the terms of the 5ddf7fe95Scasper * Common Development and Distribution License (the "License"). 6ddf7fe95Scasper * You may not use this file except in compliance with the License. 7ddf7fe95Scasper * 8ddf7fe95Scasper * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9ddf7fe95Scasper * or http://www.opensolaris.org/os/licensing. 10ddf7fe95Scasper * See the License for the specific language governing permissions 11ddf7fe95Scasper * and limitations under the License. 12ddf7fe95Scasper * 13ddf7fe95Scasper * When distributing Covered Code, include this CDDL HEADER in each 14ddf7fe95Scasper * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15ddf7fe95Scasper * If applicable, add the following below this CDDL HEADER, with the 16ddf7fe95Scasper * fields enclosed by brackets "[]" replaced with your own identifying 17ddf7fe95Scasper * information: Portions Copyright [yyyy] [name of copyright owner] 18ddf7fe95Scasper * 19ddf7fe95Scasper * CDDL HEADER END 20ddf7fe95Scasper */ 21ddf7fe95Scasper /* 22*134a1f4eSCasper H.S. Dik * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. 23ddf7fe95Scasper */ 24ddf7fe95Scasper 25ddf7fe95Scasper #ifndef _SYS_KLPD_H 26ddf7fe95Scasper #define _SYS_KLPD_H 27ddf7fe95Scasper 28ddf7fe95Scasper #include <sys/types.h> 29ddf7fe95Scasper #include <sys/priv.h> 30ddf7fe95Scasper #include <sys/procset.h> 31ddf7fe95Scasper 32ddf7fe95Scasper #ifdef _KERNEL 33ddf7fe95Scasper #include <sys/cred.h> 34ddf7fe95Scasper #include <sys/sysmacros.h> 35ddf7fe95Scasper #include <sys/varargs.h> 36ddf7fe95Scasper #endif 37ddf7fe95Scasper 38ddf7fe95Scasper #ifdef __cplusplus 39ddf7fe95Scasper extern "C" { 40ddf7fe95Scasper #endif 41ddf7fe95Scasper 42ddf7fe95Scasper #define KLPDCALL_VERS 1 43ddf7fe95Scasper 44ddf7fe95Scasper #define KLPDARG_NOMORE 0 /* End of argument List */ 45ddf7fe95Scasper #define KLPDARG_NONE 0 /* No argument */ 46ddf7fe95Scasper #define KLPDARG_VNODE 1 /* vnode_t * */ 47ddf7fe95Scasper #define KLPDARG_INT 2 /* int */ 48ddf7fe95Scasper #define KLPDARG_PORT 3 /* int, port number */ 49ddf7fe95Scasper #define KLPDARG_TCPPORT 4 /* int, tcp port number */ 50ddf7fe95Scasper #define KLPDARG_UDPPORT 5 /* int, udp port number */ 51ddf7fe95Scasper #define KLPDARG_SCTPPORT 6 /* int, sctp port number */ 52ddf7fe95Scasper #define KLPDARG_SDPPORT 7 /* int, sdp port number */ 53ddf7fe95Scasper 54ddf7fe95Scasper #ifdef _KERNEL 55ddf7fe95Scasper 56ddf7fe95Scasper struct klpd_reg; 57ddf7fe95Scasper struct credklpd; 58ddf7fe95Scasper 59ddf7fe95Scasper int klpd_reg(int, idtype_t, id_t, priv_set_t *); 60ddf7fe95Scasper int klpd_unreg(int, idtype_t, id_t); 61*134a1f4eSCasper H.S. Dik void klpd_freelist(struct klpd_reg **); 62ddf7fe95Scasper void klpd_rele(struct klpd_reg *); 63ddf7fe95Scasper int klpd_call(const cred_t *, const priv_set_t *, va_list); 64ddf7fe95Scasper void crklpd_hold(struct credklpd *); 65ddf7fe95Scasper void crklpd_rele(struct credklpd *); 66*134a1f4eSCasper H.S. Dik int pfexec_reg(int); 67*134a1f4eSCasper H.S. Dik int pfexec_unreg(int); 68*134a1f4eSCasper H.S. Dik int pfexec_call(const cred_t *, struct pathname *, cred_t **, boolean_t *); 69*134a1f4eSCasper H.S. Dik int get_forced_privs(const cred_t *, const char *, priv_set_t *); 70*134a1f4eSCasper H.S. Dik int check_user_privs(const cred_t *, const priv_set_t *); 71ddf7fe95Scasper 72ddf7fe95Scasper #endif /* _KERNEL */ 73ddf7fe95Scasper 74ddf7fe95Scasper typedef struct klpd_head { 75ddf7fe95Scasper uint32_t klh_vers; /* Version */ 76ddf7fe95Scasper uint32_t klh_len; /* Length of full packet */ 77ddf7fe95Scasper uint32_t klh_argoff; /* Offset of argument */ 78ddf7fe95Scasper uint32_t klh_privoff; /* Offset of privilege set */ 79ddf7fe95Scasper } klpd_head_t; 80ddf7fe95Scasper 81ddf7fe95Scasper #define KLH_PRIVSET(kh) ((priv_set_t *)(((kh)->klh_privoff == 0 ? NULL : \ 82ddf7fe95Scasper (char *)(kh) + (kh)->klh_privoff))) 83ddf7fe95Scasper #define KLH_ARG(kh) ((void *)((kh)->klh_argoff != 0 ? \ 84ddf7fe95Scasper (char *)(kh) + (kh)->klh_argoff : NULL)) 85ddf7fe95Scasper 86ddf7fe95Scasper typedef struct klpd_arg { 87ddf7fe95Scasper uint_t kla_type; 88ddf7fe95Scasper uint_t kla_dlen; 89ddf7fe95Scasper union { 90ddf7fe95Scasper char __cdata[1]; 91ddf7fe95Scasper int __idata; 92ddf7fe95Scasper uint_t __uidata; 93ddf7fe95Scasper } kla_data; 94ddf7fe95Scasper } klpd_arg_t; 95ddf7fe95Scasper 96ddf7fe95Scasper #define kla_str kla_data.__cdata 97ddf7fe95Scasper #define kla_int kla_data.__idata 98ddf7fe95Scasper #define kla_uint kla_data.__uidata 99ddf7fe95Scasper 100*134a1f4eSCasper H.S. Dik #define PFEXEC_ARG_VERS 0x1 101*134a1f4eSCasper H.S. Dik #define PFEXEC_EXEC_ATTRS 0x1 /* pfexec_reply_t */ 102*134a1f4eSCasper H.S. Dik #define PFEXEC_FORCED_PRIVS 0x2 /* priv_set_t */ 103*134a1f4eSCasper H.S. Dik #define PFEXEC_USER_PRIVS 0x3 /* uint32_t */ 104*134a1f4eSCasper H.S. Dik 105*134a1f4eSCasper H.S. Dik #define PFEXEC_ARG_SIZE(bufsize) \ 106*134a1f4eSCasper H.S. Dik (offsetof(pfexec_arg_t, pfa_data) + (bufsize)) 107*134a1f4eSCasper H.S. Dik 108*134a1f4eSCasper H.S. Dik typedef struct pfexec_arg { 109*134a1f4eSCasper H.S. Dik uint_t pfa_vers; /* Caller version */ 110*134a1f4eSCasper H.S. Dik uint_t pfa_call; /* Call type */ 111*134a1f4eSCasper H.S. Dik uint_t pfa_len; /* Length of data */ 112*134a1f4eSCasper H.S. Dik uid_t pfa_uid; /* Real uid of subject */ 113*134a1f4eSCasper H.S. Dik union { 114*134a1f4eSCasper H.S. Dik char __pfa_path[1]; 115*134a1f4eSCasper H.S. Dik uint32_t __pfa_buf[1]; 116*134a1f4eSCasper H.S. Dik } pfa_data; 117*134a1f4eSCasper H.S. Dik } pfexec_arg_t; 118*134a1f4eSCasper H.S. Dik 119*134a1f4eSCasper H.S. Dik #define pfa_path pfa_data.__pfa_path 120*134a1f4eSCasper H.S. Dik #define pfa_buf pfa_data.__pfa_buf 121*134a1f4eSCasper H.S. Dik 122*134a1f4eSCasper H.S. Dik #define PFEXEC_NOTSET ((uid_t)-1) 123*134a1f4eSCasper H.S. Dik 124*134a1f4eSCasper H.S. Dik typedef struct pfexec_reply { 125*134a1f4eSCasper H.S. Dik uint_t pfr_vers; 126*134a1f4eSCasper H.S. Dik uint_t pfr_len; 127*134a1f4eSCasper H.S. Dik uid_t pfr_ruid, pfr_euid; 128*134a1f4eSCasper H.S. Dik gid_t pfr_rgid, pfr_egid; 129*134a1f4eSCasper H.S. Dik boolean_t pfr_setcred; 130*134a1f4eSCasper H.S. Dik boolean_t pfr_scrubenv; 131*134a1f4eSCasper H.S. Dik boolean_t pfr_clearflag; 132*134a1f4eSCasper H.S. Dik boolean_t pfr_allowed; 133*134a1f4eSCasper H.S. Dik uint_t pfr_ioff; 134*134a1f4eSCasper H.S. Dik uint_t pfr_loff; 135*134a1f4eSCasper H.S. Dik } pfexec_reply_t; 136*134a1f4eSCasper H.S. Dik 137*134a1f4eSCasper H.S. Dik #define PFEXEC_REPLY_IPRIV(pfr) \ 138*134a1f4eSCasper H.S. Dik ((pfr)->pfr_ioff ? (priv_set_t *)((char *)(pfr) + (pfr)->pfr_ioff) \ 139*134a1f4eSCasper H.S. Dik : (priv_set_t *)0) 140*134a1f4eSCasper H.S. Dik #define PFEXEC_REPLY_LPRIV(pfr) \ 141*134a1f4eSCasper H.S. Dik ((pfr)->pfr_loff ? (priv_set_t *)((char *)(pfr) + (pfr)->pfr_loff) \ 142*134a1f4eSCasper H.S. Dik : (priv_set_t *)0) 143*134a1f4eSCasper H.S. Dik 144ddf7fe95Scasper #ifdef __cplusplus 145ddf7fe95Scasper } 146ddf7fe95Scasper #endif 147ddf7fe95Scasper 148ddf7fe95Scasper #endif /* _SYS_KLPD_H */ 149