Logo ROOT   6.10/09
Reference Guide
XrdSysPriv.hh
Go to the documentation of this file.
1 #ifndef __SYS_PRIV_H__
2 #define __SYS_PRIV_H__
3 /******************************************************************************/
4 /* */
5 /* X r d S y s P r i v . h h */
6 /* */
7 /* (c) 2006 G. Ganis (CERN) */
8 /* */
9 /* This file is part of the XRootD software suite. */
10 /* */
11 /* XRootD is free software: you can redistribute it and/or modify it under */
12 /* the terms of the GNU Lesser General Public License as published by the */
13 /* Free Software Foundation, either version 3 of the License, or (at your */
14 /* option) any later version. */
15 /* */
16 /* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17 /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18 /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19 /* License for more details. */
20 /* */
21 /* You should have received a copy of the GNU Lesser General Public License */
22 /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23 /* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24 /* */
25 /* The copyright holder's institutional names and contributor's names may not */
26 /* be used to endorse or promote products derived from this software without */
27 /* specific prior written permission of the institution or contributor. */
28 /* All Rights Reserved. See XrdInfo.cc for complete License Terms */
29 /******************************************************************************/
30 
31 //////////////////////////////////////////////////////////////////////////
32 // //
33 // XrdSysPriv //
34 // //
35 // Author: G. Ganis, CERN, 2006 //
36 // //
37 // Implementation of a privileges handling API following the paper //
38 // "Setuid Demystified" by H.Chen, D.Wagner, D.Dean //
39 // also quoted in "Secure programming Cookbook" by J.Viega & M.Messier. //
40 // //
41 // NB: this class can only used via XrdSysPrivGuard (see below) //
42 // //
43 //////////////////////////////////////////////////////////////////////////
44 
45 #if !defined(WINDOWS)
46 # include <sys/types.h>
47 #else
48 # define uid_t unsigned int
49 # define gid_t unsigned int
50 #endif
51 
52 #include "XrdSys/XrdSysPthread.hh"
53 
54 class XrdSysPriv
55 {
56  friend class XrdSysPrivGuard;
57  private:
58  // Ownership cannot be changed by thread, so there must be an overall
59  // locking
60  static XrdSysRecMutex fgMutex;
61 
62  XrdSysPriv();
63 
64  static bool fDebug;
65 
66  static int ChangeTo(uid_t uid, gid_t gid);
67  static void DumpUGID(const char *msg = 0);
68  static int Restore(bool saved = 1);
69 
70  public:
71  virtual ~XrdSysPriv() { }
72  static int ChangePerm(uid_t uid, gid_t gid);
73 };
74 
75 //
76 // Guard class;
77 // Usage:
78 //
79 // { XrdSysPrivGuard priv(tempuid);
80 //
81 // // Work as tempuid (maybe superuser)
82 // ...
83 //
84 // }
85 //
86 class XrdSysPrivGuard
87 {
88  public:
89  XrdSysPrivGuard(uid_t uid, gid_t gid);
90  XrdSysPrivGuard(const char *user);
91  virtual ~XrdSysPrivGuard();
92  bool Valid() const { return valid; }
93  private:
94  bool dum;
95  bool valid;
96  void Init(uid_t uid, gid_t gid);
97 };
98 
99 #endif
XrdSysPriv::XrdSysPrivGuard
friend class XrdSysPrivGuard
Definition: XrdSysPriv.hh:56
XrdSysPriv::fDebug
static bool fDebug
Definition: XrdSysPriv.hh:64
XrdSysRecMutex
#define XrdSysRecMutex
Definition: XrdSysToOuc.h:18
XrdSysPriv::ChangePerm
static int ChangePerm(uid_t uid, gid_t gid)
XrdSysPriv::Restore
static int Restore(bool saved=1)
XrdSysPriv::DumpUGID
static void DumpUGID(const char *msg=0)
XrdSysPriv::~XrdSysPriv
virtual ~XrdSysPriv()
Definition: XrdSysPriv.hh:71
XrdSysPriv::ChangeTo
static int ChangeTo(uid_t uid, gid_t gid)
XrdSysPrivGuard::Valid
bool Valid() const
Definition: XrdSysPriv.hh:92
XrdSysPriv::fgMutex
static XrdSysRecMutex fgMutex
Definition: XrdSysPriv.hh:60