1 /* Query, remove, or restore a Solaris privilege.
3 Copyright (C) 2009-2011 Free Software Foundation, Inc.
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 Written by David Bartley. */
23 #if HAVE_GETPPRIV && HAVE_PRIV_H
29 /* Holds a (cached) copy of the effective set. */
30 static priv_set_t *eff_set;
32 /* Holds a set of privileges that we have removed. */
33 static priv_set_t *rem_set;
35 static bool initialized;
38 priv_set_initialize (void)
42 eff_set = priv_allocset ();
47 rem_set = priv_allocset ();
50 priv_freeset (eff_set);
53 if (getppriv (PRIV_EFFECTIVE, eff_set) != 0)
55 priv_freeset (eff_set);
56 priv_freeset (rem_set);
59 priv_emptyset (rem_set);
67 /* Check if priv is in the effective set.
68 Returns 1 if priv is a member and 0 if not.
69 Returns -1 on error with errno set appropriately. */
71 priv_set_ismember (const char *priv)
73 if (! initialized && priv_set_initialize () != 0)
76 return priv_ismember (eff_set, priv);
80 /* Try to remove priv from the effective set.
81 Returns 0 if priv was removed.
82 Returns -1 on error with errno set appropriately. */
84 priv_set_remove (const char *priv)
86 if (! initialized && priv_set_initialize () != 0)
89 if (priv_ismember (eff_set, priv))
91 /* priv_addset/priv_delset can only fail if priv is invalid, which is
92 checked above by the priv_ismember call. */
93 priv_delset (eff_set, priv);
94 if (setppriv (PRIV_SET, PRIV_EFFECTIVE, eff_set) != 0)
96 priv_addset (eff_set, priv);
99 priv_addset (rem_set, priv);
111 /* Try to restore priv to the effective set.
112 Returns 0 if priv was re-added to the effective set (after being previously
113 removed by a call to priv_set_remove).
114 Returns -1 on error with errno set appropriately. */
116 priv_set_restore (const char *priv)
118 if (! initialized && priv_set_initialize () != 0)
121 if (priv_ismember (rem_set, priv))
123 /* priv_addset/priv_delset can only fail if priv is invalid, which is
124 checked above by the priv_ismember call. */
125 priv_addset (eff_set, priv);
126 if (setppriv (PRIV_SET, PRIV_EFFECTIVE, eff_set) != 0)
128 priv_delset (eff_set, priv);
131 priv_delset (rem_set, priv);