/[pdpsoft]/trunk/grid-mw-security/cgul/fileutil/fileutil.h
ViewVC logotype

Contents of /trunk/grid-mw-security/cgul/fileutil/fileutil.h

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1476 - (show annotations) (download) (as text)
Mon Feb 8 16:11:46 2010 UTC (12 years, 4 months ago) by msalle
File MIME type: text/x-csrc
File size: 2392 byte(s)
- new function cgul_read_config that reads a config file into a memory buffer
  using J. Kupsch' safefile (only the safe_is_path_trusted_r() )

- hopefully raise all privileges also when failure.

- remove dead code


1 #define LCK_NOLOCK 1<<0 /* Make special flag, then we can specify it as lock_type */
2 #define LCK_FCNTL 1<<1
3 #define LCK_FLOCK 1<<2
4
5 #define LCK_READ 1<<0
6 #define LCK_WRITE 1<<1
7 #define LCK_UNLOCK 1<<2
8
9 int cgul_filelock(int fd, int lock_type, int action);
10
11 /**
12 * Reads proxy from *path using given lock_type (see cgul_filelock). It tries to
13 * drop privilege to real-uid/read_gid. Space needed will be malloc-ed.
14 * Return values:
15 * 0: success
16 * -1: I/O error
17 * -2: privilege-drop error
18 * -3: permissions error
19 * -4: memory error
20 * -5: too many retries needed during reading
21 */
22 int cgul_read_proxy(const char *path, int lock_type, char **proxy, gid_t read_gid);
23
24 /**
25 * Used to read in a config file, the path is checked to be trusted using
26 * safe_is_path_trusted_r() from the safefile library of J. Kupsch.
27 * Upon successful completion config contains the contents of path
28 * Return values:
29 * 0: succes
30 * -1: I/O error
31 * -2: privilege-drop error
32 * -3: permission error (untrusted path)
33 * -4: memory error
34 * -5: unknown or safefile error
35 */
36 int cgul_read_config(const char *path, char **config, gid_t read_gid);
37
38 /**
39 * Writes proxy from *proxy to *path using given lock_type (see cgul_filelock).
40 * It tries to drop privilege to given write_uid, gid_t write_gid. When either
41 * of them is -1, that one is ignored.
42 * Return values:
43 * 0: success
44 * -1: I/O error
45 * -2: privilege-drop error
46 * -3: permissions error
47 */
48 int cgul_write_proxy(const char *path, int lock_type, const char *proxy,
49 uid_t write_uid, gid_t write_gid);
50
51 /**
52 * Writes proxy to random unique filename created from path_template using
53 * mkstemp(). It drops privilege (if possible) to write_uid/write_gid
54 * Any directory in path_template will be attempted to be created if it doesn't
55 * exist, with mode 0600.
56 * Return values:
57 * 0: success
58 * -1: I/O error
59 * -2: privilege-drop error
60 * -3: path_template is not absolute (does not start with '/')
61 * -4: memory error
62 */
63 int cgul_write_uniq_proxy(const char *path_template, const char *proxy,
64 uid_t write_uid, gid_t write_gid);
65
66 /**
67 * Behaviour as mkdir -p: create parents where needed.
68 * Return values:
69 * 0: success
70 * -1: result is not a directory
71 * -3: absolutedir is not absolute (does not start with '/')
72 * -4: out of memory
73 */
74 int cgul_mkdir_with_parents(const char *absolutedir, mode_t mode);
75

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28