Logo ROOT   6.18/05
Reference Guide
XrdSysPriv.hh
Go to the documentation of this file.
1#ifndef __SYS_PRIV_H__
2#define __SYS_PRIV_H__
3/******************************************************************************/
4/* */
5/* X r d S y s P r i v . h h */
6/* */
7/* (c) 2006 G. Ganis (CERN) */
8/* */
9/* This file is part of the XRootD software suite. */
10/* */
11/* XRootD is free software: you can redistribute it and/or modify it under */
12/* the terms of the GNU Lesser General Public License as published by the */
13/* Free Software Foundation, either version 3 of the License, or (at your */
14/* option) any later version. */
15/* */
16/* XRootD is distributed in the hope that it will be useful, but WITHOUT */
17/* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */
18/* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */
19/* License for more details. */
20/* */
21/* You should have received a copy of the GNU Lesser General Public License */
22/* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */
23/* COPYING (GPL license). If not, see <http://www.gnu.org/licenses/>. */
24/* */
25/* The copyright holder's institutional names and contributor's names may not */
26/* be used to endorse or promote products derived from this software without */
27/* specific prior written permission of the institution or contributor. */
28/* All Rights Reserved. See XrdInfo.cc for complete License Terms */
29/******************************************************************************/
30
31//////////////////////////////////////////////////////////////////////////
32// //
33// XrdSysPriv //
34// //
35// Author: G. Ganis, CERN, 2006 //
36// //
37// Implementation of a privileges handling API following the paper //
38// "Setuid Demystified" by H.Chen, D.Wagner, D.Dean //
39// also quoted in "Secure programming Cookbook" by J.Viega & M.Messier. //
40// //
41// NB: this class can only used via XrdSysPrivGuard (see below) //
42// //
43//////////////////////////////////////////////////////////////////////////
44
45#if !defined(WINDOWS)
46# include <sys/types.h>
47#else
48# define uid_t unsigned int
49# define gid_t unsigned int
50#endif
51
52#include "XrdSys/XrdSysPthread.hh"
53
54class XrdSysPriv
55{
56 friend class XrdSysPrivGuard;
57 private:
58 // Ownership cannot be changed by thread, so there must be an overall
59 // locking
60 static XrdSysRecMutex fgMutex;
61
62 XrdSysPriv();
63
64 static bool fDebug;
65
66 static int ChangeTo(uid_t uid, gid_t gid);
67 static void DumpUGID(const char *msg = 0);
68 static int Restore(bool saved = 1);
69
70 public:
71 virtual ~XrdSysPriv() { }
72 static int ChangePerm(uid_t uid, gid_t gid);
73};
74
75//
76// Guard class;
77// Usage:
78//
79// { XrdSysPrivGuard priv(tempuid);
80//
81// // Work as tempuid (maybe superuser)
82// ...
83//
84// }
85//
86class XrdSysPrivGuard
87{
88 public:
89 XrdSysPrivGuard(uid_t uid, gid_t gid);
90 XrdSysPrivGuard(const char *user);
91 virtual ~XrdSysPrivGuard();
92 bool Valid() const { return valid; }
93 private:
94 bool dum;
95 bool valid;
96 void Init(uid_t uid, gid_t gid);
97};
98
99#endif
XrdSysRecMutex
#define XrdSysRecMutex
Definition: XrdSysToOuc.h:18
XrdSysPrivGuard::Valid
bool Valid() const
Definition: XrdSysPriv.hh:92
XrdSysPrivGuard::Init
void Init(uid_t uid, gid_t gid)
XrdSysPrivGuard::XrdSysPrivGuard
XrdSysPrivGuard(const char *user)
XrdSysPrivGuard::XrdSysPrivGuard
XrdSysPrivGuard(uid_t uid, gid_t gid)
XrdSysPrivGuard::~XrdSysPrivGuard
virtual ~XrdSysPrivGuard()
XrdSysPriv::Restore
static int Restore(bool saved=1)
XrdSysPriv::fgMutex
static XrdSysRecMutex fgMutex
Definition: XrdSysPriv.hh:60
XrdSysPriv::~XrdSysPriv
virtual ~XrdSysPriv()
Definition: XrdSysPriv.hh:71
XrdSysPriv::fDebug
static bool fDebug
Definition: XrdSysPriv.hh:64
XrdSysPriv::DumpUGID
static void DumpUGID(const char *msg=0)
XrdSysPriv::ChangeTo
static int ChangeTo(uid_t uid, gid_t gid)
XrdSysPriv::ChangePerm
static int ChangePerm(uid_t uid, gid_t gid)