00001 #ifndef VSF_SECUTIL_H 00002 #define VSF_SECUTIL_H 00003 00004 struct mystr; 00005 00006 /* vsf_secutil_change_credentials() 00007 * PURPOSE 00008 * This function securely switches process credentials to the user specified. 00009 * There are options to enter a chroot() jail, and supplementary groups may 00010 * or may not be activated. 00011 * PARAMETERS 00012 * p_user_str - the name of the user to become 00013 * p_dir_str - the directory to chdir() and possibly chroot() to. 00014 * (if NULL, the user's home directory is used) 00015 * p_ext_dir_str - the directory to chdir() and possibly chroot() to, 00016 * applied in addition to the directory calculated by 00017 * p_user_str and p_dir_str. 00018 * caps - bitmap of capabilities to adopt. NOTE, if the underlying 00019 * OS does not support capabilities as a non-root user, and 00020 * the capability bitset is non-empty, then root privileges 00021 * will have to be retained. 00022 * options - see bitmask definitions below 00023 */ 00024 00025 /* chroot() the user into the new directory */ 00026 #define VSF_SECUTIL_OPTION_CHROOT 1 00027 /* Activate any supplementary groups the user may have */ 00028 #define VSF_SECUTIL_OPTION_USE_GROUPS 2 00029 /* Do the chdir() as the effective userid of the target user */ 00030 #define VSF_SECUTIL_OPTION_CHANGE_EUID 4 00031 00032 void vsf_secutil_change_credentials(const struct mystr* p_user_str, 00033 const struct mystr* p_dir_str, 00034 const struct mystr* p_ext_dir_str, 00035 unsigned int caps, unsigned int options); 00036 #endif /* VSF_SECUTIL_H */ 00037