diff options
| author | paul <paul> | 2005-09-29 14:39:32 +0000 |
|---|---|---|
| committer | paul <paul> | 2005-09-29 14:39:32 +0000 |
| commit | ceacedba227e77156f92f7676b274c48a2817e8f (patch) | |
| tree | f362ecc8f6f183347ebe45ab79727b54d2f527a6 /lib/privs.h | |
| parent | e62178797d0ee5f326fd587b84ee965cf88833e4 (diff) | |
2005-09-29 Paul Jakma <paul.jakma@sun.com>
* configure.ac: Add the test for Solaris least-privileges. Set
defines for whether capabilities are supported and whether of
the linux or solaris variety.
Add missing-prototypes, missing-declarations, char-subscripts
and cast-qual warnings to default cflags, cause Hasso enjoys warnings,
and we really should clean the remaining ones up. (ie isisd..).
* (*/*main.c) Update the zebra_capabilities_t arrays in the various
daemons to match the changes made in lib/privs.h.
* zebra.h: Solaris capabilities requires priv.h to be included.
* privs.{c,h}: Add support for Solaris Least-Privileges.
privs.h: Reduce some of the abstract capabilities, which do
not have rough equivalents on both systems. Rename the net
related caps to _NET, as they should have been in first
place.
(zprivs_terminate) should take the zebra_privs_t as argument so
that it can update change pointer.
Add an additional privilege state, ZPRIVS_UNKNOWN.
* privs.c: (various capability functions) Add
Solaris privileges variants.
(zprivs_state) Use privs.c specific generic types to
represent various capability/privilege related types, so that
each can be typedef'd as appropriate on each platform.
(zprivs_null_state) static added, to hold the state the null
method should report (should be raised by default, and
LOWERED if zprivs_terminate has been called)
(zprivs_state_null) Report back the zprivs_null_state.
(cap_map) Make it able to map abstract capability to multiple
system capabilities.
(zcaps2sys) Map to abstract capabilities to multiple system
privileges/capabilities.
(zprivs_init) move capability related init to seperate
function, zprivs_caps_init.
(zprivs_terminate) ditto, moved to zprivs_caps_terminate.
Set the change_state callback to the NULL state, so the
user can continue to run and use the callbacks.
Diffstat (limited to 'lib/privs.h')
| -rw-r--r-- | lib/privs.h | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/lib/privs.h b/lib/privs.h index 70507565..46d614e0 100644 --- a/lib/privs.h +++ b/lib/privs.h @@ -27,13 +27,11 @@ /* list of zebra capabilities */ typedef enum { - ZCAP_SETGID, - ZCAP_SETUID, + ZCAP_SETID, ZCAP_BIND, - ZCAP_BROADCAST, - ZCAP_ADMIN, + ZCAP_NET_ADMIN, ZCAP_SYS_ADMIN, - ZCAP_RAW, + ZCAP_NET_RAW, ZCAP_CHROOT, ZCAP_NICE, ZCAP_PTRACE, @@ -46,7 +44,8 @@ typedef enum typedef enum { ZPRIVS_LOWERED, - ZPRIVS_RAISED + ZPRIVS_RAISED, + ZPRIVS_UNKNOWN, } zebra_privs_current_t; typedef enum @@ -84,7 +83,7 @@ struct zprivs_ids_t /* initialise zebra privileges */ extern void zprivs_init (struct zebra_privs_t *zprivs); /* drop all and terminate privileges */ -extern void zprivs_terminate (void); +extern void zprivs_terminate (struct zebra_privs_t *); /* query for runtime uid's and gid's, eg vty needs this */ extern void zprivs_get_ids(struct zprivs_ids_t *); |