XRootD
Loading...
Searching...
No Matches
XrdSysPriv.hh
Go to the documentation of this file.
1
#ifndef __SYS_PRIV_H__
2
#define __SYS_PRIV_H__
3
/******************************************************************************/
4
/* */
5
/* X r d S y s P r i v . h h */
6
/* */
7
/* (c) 2006 G. Ganis (CERN) */
8
/* */
9
/* This file is part of the XRootD software suite. */
10
/* */
11
/* XRootD is free software: you can redistribute it and/or modify it under */
12
/* the terms of the GNU Lesser General Public License as published by the */
13
/* Free Software Foundation, either version 3 of the License, or (at your */
14
/* option) any later version. */
15
/* */
16
/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17
/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18
/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19
/* License for more details. */
20
/* */
21
/* You should have received a copy of the GNU Lesser General Public License */
22
/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23
/* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24
/* */
25
/* The copyright holder's institutional names and contributor's names may not */
26
/* be used to endorse or promote products derived from this software without */
27
/* specific prior written permission of the institution or contributor. */
28
/* All Rights Reserved. See XrdInfo.cc for complete License Terms */
29
/******************************************************************************/
30
32
// //
33
// XrdSysPriv //
34
// //
35
// Author: G. Ganis, CERN, 2006 //
36
// //
37
// Implementation of a privileges handling API following the paper //
38
// "Setuid Demystified" by H.Chen, D.Wagner, D.Dean //
39
// also quoted in "Secure programming Cookbook" by J.Viega & M.Messier. //
40
// //
41
// NB: this class can only used via XrdSysPrivGuard (see below) //
42
// //
44
45
#if !defined(WINDOWS)
46
# include <sys/types.h>
47
#else
48
# define uid_t unsigned int
49
# define gid_t unsigned int
50
#endif
51
52
#include "
XrdSys/XrdSysPthread.hh
"
53
54
class
XrdSysPriv
55
{
56
friend
class
XrdSysPrivGuard
;
57
private
:
58
// Ownership cannot be changed by thread, so there must be an overall
59
// locking
60
static
XrdSysRecMutex
fgMutex;
61
62
XrdSysPriv
();
63
64
static
bool
fDebug;
65
66
static
int
ChangeTo(uid_t uid, gid_t gid);
67
static
void
DumpUGID(
const
char
*msg = 0);
68
static
int
Restore(
bool
saved = 1);
69
70
public
:
71
virtual
~XrdSysPriv
() { }
72
static
int
ChangePerm
(uid_t uid, gid_t gid);
73
};
74
75
//
76
// Guard class;
77
// Usage:
78
//
79
// { XrdSysPrivGuard priv(tempuid);
80
//
81
// // Work as tempuid (maybe superuser)
82
// ...
83
//
84
// }
85
//
86
class
XrdSysPrivGuard
87
{
88
public
:
89
XrdSysPrivGuard
(uid_t uid, gid_t gid);
90
XrdSysPrivGuard
(
const
char
*user);
91
virtual
~XrdSysPrivGuard
();
92
bool
Valid
()
const
{
return
valid; }
93
private
:
94
bool
dum;
95
bool
valid;
96
void
Init(uid_t uid, gid_t gid);
97
};
98
99
#endif
XrdSysPthread.hh
XrdSysPrivGuard
Definition
XrdSysPriv.hh:87
XrdSysPrivGuard::Valid
bool Valid() const
Definition
XrdSysPriv.hh:92
XrdSysPrivGuard::~XrdSysPrivGuard
virtual ~XrdSysPrivGuard()
Definition
XrdSysPriv.cc:373
XrdSysPriv
Definition
XrdSysPriv.hh:55
XrdSysPriv::ChangePerm
static int ChangePerm(uid_t uid, gid_t gid)
Definition
XrdSysPriv.cc:233
XrdSysPriv::~XrdSysPriv
virtual ~XrdSysPriv()
Definition
XrdSysPriv.hh:71
XrdSysRecMutex
Definition
XrdSysPthread.hh:242
XrdSys
XrdSysPriv.hh
Generated by
1.9.8