xrootd
XrdSysPriv.hh
Go to the documentation of this file.
1 #ifndef __SYS_PRIV_H__
2 #define __SYS_PRIV_H__
3 /******************************************************************************/
4 /* */
5 /* X r d S y s P r i v . h h */
6 /* */
7 /* (c) 2006 G. Ganis (CERN) */
8 /* All Rights Reserved. See XrdInfo.cc for complete License Terms */
9 /******************************************************************************/
10 // $Id$
11 
13 // //
14 // XrdSysPriv //
15 // //
16 // Author: G. Ganis, CERN, 2006 //
17 // //
18 // Implementation of a privileges handling API following the paper //
19 // "Setuid Demystified" by H.Chen, D.Wagner, D.Dean //
20 // also quoted in "Secure programming Cookbook" by J.Viega & M.Messier. //
21 // //
22 // NB: this class can only used via XrdSysPrivGuard (see below) //
23 // //
25 
26 #if !defined(WINDOWS)
27 # include <sys/types.h>
28 #else
29 # define uid_t unsigned int
30 # define gid_t unsigned int
31 #endif
32 
33 #include "XrdSys/XrdSysPthread.hh"
34 
35 class XrdSysPriv
36 {
37  friend class XrdSysPrivGuard;
38  private:
39  // Ownership cannot be changed by thread, so there must be an overall
40  // locking
41  static XrdSysRecMutex fgMutex;
42 
43  XrdSysPriv();
44 
45  static bool fDebug;
46 
47  static int ChangeTo(uid_t uid, gid_t gid);
48  static void DumpUGID(const char *msg = 0);
49  static int Restore(bool saved = 1);
50 
51  public:
52  virtual ~XrdSysPriv() { }
53  static int ChangePerm(uid_t uid, gid_t gid);
54 };
55 
56 //
57 // Guard class;
58 // Usage:
59 //
60 // { XrdSysPrivGuard priv(tempuid);
61 //
62 // // Work as tempuid (maybe superuser)
63 // ...
64 //
65 // }
66 //
67 class XrdSysPrivGuard
68 {
69  public:
70  XrdSysPrivGuard(uid_t uid, gid_t gid);
71  XrdSysPrivGuard(const char *user);
72  virtual ~XrdSysPrivGuard();
73  bool Valid() const { return valid; }
74  private:
75  bool dum;
76  bool valid;
77  void Init(uid_t uid, gid_t gid);
78 };
79 
80 #endif
Generated by   doxygen 1.8.1.2