1 /* Query, remove, or restore a Solaris privilege.
2
3 Copyright (C) 2009-2023 Free Software Foundation, Inc.
4
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, either version 3 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <https://www.gnu.org/licenses/>.
17
18 Written by David Bartley. */
19
20 #include <config.h>
21
22 #define PRIV_SET_INLINE _GL_EXTERN_INLINE
23
24 #include "priv-set.h"
25
26 #if HAVE_GETPPRIV && HAVE_PRIV_H
27
28 # include <errno.h>
29 # include <priv.h>
30
31 /* Holds a (cached) copy of the effective set. */
32 static priv_set_t *eff_set;
33
34 /* Holds a set of privileges that we have removed. */
35 static priv_set_t *rem_set;
36
37 static bool initialized;
38
39 static int
40 priv_set_initialize (void)
41 {
42 if (! initialized)
43 {
44 eff_set = priv_allocset ();
45 if (!eff_set)
46 {
47 return -1;
48 }
49 rem_set = priv_allocset ();
50 if (!rem_set)
51 {
52 priv_freeset (eff_set);
53 return -1;
54 }
55 if (getppriv (PRIV_EFFECTIVE, eff_set) != 0)
56 {
57 priv_freeset (eff_set);
58 priv_freeset (rem_set);
59 return -1;
60 }
61 priv_emptyset (rem_set);
62 initialized = true;
63 }
64
65 return 0;
66 }
67
68
69 /* Check if priv is in the effective set.
70 Returns 1 if priv is a member and 0 if not.
71 Returns -1 on error with errno set appropriately. */
72 int
73 priv_set_ismember (const char *priv)
74 {
75 if (! initialized && priv_set_initialize () != 0)
76 return -1;
77
78 return priv_ismember (eff_set, priv);
79 }
80
81
82 /* Try to remove priv from the effective set.
83 Returns 0 if priv was removed.
84 Returns -1 on error with errno set appropriately. */
85 int
86 priv_set_remove (const char *priv)
87 {
88 if (! initialized && priv_set_initialize () != 0)
89 return -1;
90
91 if (priv_ismember (eff_set, priv))
92 {
93 /* priv_addset/priv_delset can only fail if priv is invalid, which is
94 checked above by the priv_ismember call. */
95 priv_delset (eff_set, priv);
96 if (setppriv (PRIV_SET, PRIV_EFFECTIVE, eff_set) != 0)
97 {
98 priv_addset (eff_set, priv);
99 return -1;
100 }
101 priv_addset (rem_set, priv);
102 }
103 else
104 {
105 errno = EINVAL;
106 return -1;
107 }
108
109 return 0;
110 }
111
112
113 /* Try to restore priv to the effective set.
114 Returns 0 if priv was re-added to the effective set (after being previously
115 removed by a call to priv_set_remove).
116 Returns -1 on error with errno set appropriately. */
117 int
118 priv_set_restore (const char *priv)
119 {
120 if (! initialized && priv_set_initialize () != 0)
121 return -1;
122
123 if (priv_ismember (rem_set, priv))
124 {
125 /* priv_addset/priv_delset can only fail if priv is invalid, which is
126 checked above by the priv_ismember call. */
127 priv_addset (eff_set, priv);
128 if (setppriv (PRIV_SET, PRIV_EFFECTIVE, eff_set) != 0)
129 {
130 priv_delset (eff_set, priv);
131 return -1;
132 }
133 priv_delset (rem_set, priv);
134 }
135 else
136 {
137 errno = EINVAL;
138 return -1;
139 }
140
141 return 0;
142 }
143
144 #endif