1 files changed, 90 insertions, 0 deletions

diff --git a/src/lib/restrict-access.h b/src/lib/restrict-access.h
new file mode 100644
index 0000000..ba4d893
--- /dev/null
+++ b/src/lib/restrict-access.h
@@ -0,0 +1,90 @@
+#ifndef RESTRICT_ACCESS_H
+#define RESTRICT_ACCESS_H
+
+enum restrict_access_flags {
+	/* If flags given to restrict_access() include
+	 * RESTRICT_ACCESS_FLAG_ALLOW_ROOT, we won't kill
+	 * ourself when we have root privileges. */
+	RESTRICT_ACCESS_FLAG_ALLOW_ROOT = 1,
+};
+
+struct restrict_access_settings {
+	/* UID to use, or (uid_t)-1 if you don't want to change it */
+	uid_t uid;
+	/* Effective GID to use, or (gid_t)-1 if you don't want to change it */
+	gid_t gid;
+	/* If not (gid_t)-1, the privileged GID can be temporarily
+	   enabled/disabled. */
+	gid_t privileged_gid;
+
+	/* Add access to these space or comma -separated extra groups */
+	const char *extra_groups;
+	/* Add access to groups this system user belongs to */
+	const char *system_groups_user;
+
+	/* All specified GIDs must be in this range. If extra_groups or system
+	   group user contains other GIDs, they're silently dropped. */
+	gid_t first_valid_gid, last_valid_gid;
+
+	/* Human readable "source" of UID and GID values. If non-NULL,
+	   displayed on error messages about failing to change uid/gid. */
+	const char *uid_source, *gid_source;
+
+	/* Chroot directory */
+	const char *chroot_dir;
+
+	/* Allow running in setuid-root mode, where real UID is root and
+	 * effective UID is non-root. By default the real UID is changed
+	 * to be the same as the effective UID. */
+	bool allow_setuid_root;
+};
+
+/* Initialize settings with values that don't change anything. */
+void restrict_access_init(struct restrict_access_settings *set);
+/* Restrict access as specified by the settings. If home is not NULL,
+   it's chdir()ed after chrooting, otherwise it chdirs to / (the chroot). */
+void restrict_access(const struct restrict_access_settings *set,
+		     enum restrict_access_flags flags, const char *home)
+		     ATTR_NULL(3);
+/* Set environment variables so they can be read with
+   restrict_access_by_env(). */
+void restrict_access_set_env(const struct restrict_access_settings *set);
+/* Read restrict_access_set_env() environments back into struct. */
+void restrict_access_get_env(struct restrict_access_settings *set_r);
+/* Read restrictions from environment and call restrict_access().
+   If flags do not include RESTRICT_ACCESS_FLAG_ALLOW_ROOT, we'll kill ourself
+   unless the RESTRICT_* environments caused root privileges to be dropped */
+void restrict_access_by_env(enum restrict_access_flags flags,
+			    const char *home) ATTR_NULL(2);
+
+/* Return the chrooted directory if restrict_access*() chrooted,
+   otherwise NULL. */
+const char *restrict_access_get_current_chroot(void);
+
+/*
+   Checks if PR_SET_DUMPABLE environment variable is set, and if it is,
+   calls restrict_access_set_dumpable(allow). 
+*/
+void restrict_access_allow_coredumps(bool allow);
+
+/* Sets process dumpable true or false. Setting this true allows core dumping,
+   reading /proc/self/io, attaching with PTRACE_ATTACH, and also changes
+   ownership of /proc/[pid] directory. */
+void restrict_access_set_dumpable(bool allow);
+
+/* Gets process dumpability, returns TRUE if not supported, because
+   we then assume that constraint is not present. */
+bool restrict_access_get_dumpable(void);
+
+/* If privileged_gid was set, these functions can be used to temporarily
+   gain access to the group. */
+int restrict_access_use_priv_gid(void);
+void restrict_access_drop_priv_gid(void);
+/* Returns TRUE if privileged GID exists for this process. */
+bool restrict_access_have_priv_gid(void);
+
+gid_t *restrict_get_groups_list(unsigned int *gid_count_r);
+
+void restrict_access_deinit(void);
+
+#endif