Airframe Application Utilities
libairframe 0.7.2 API documentation

Main Page | Data Structures | File List | Data Fields | Globals

privconfig.h File Reference

Airframe Privilege Configuration Support. More...

#include <airframe/autoinc.h>
#include <airframe/airopt.h>

Go to the source code of this file.


Defines

#define PRIVC_ERROR_DOMAIN   g_quark_from_string("airframePrivilegeError")
 GError domain for privconfig errors.
#define PRIVC_ERROR_SETUP   1
 Privconfig setup error.
#define PRIVC_ERROR_FAILED   2
 Privilege drop error.
#define PRIVC_ERROR_ALREADY   3
 Couldn't drop privilege because privilege already dropped.
#define PRIVC_ERROR_NODROP   4
 Won't drop privilege because not running as root.

Functions

gboolean privc_add_option_group (AirOptionCtx *aoctx)
 Return an option group for privilege configuration.
gboolean privc_setup (GError **err)
 Set up privilege configuration.
gboolean privc_configured ()
 Determine if the user wants to drop privileges.
gboolean privc_become (GError **err)
 Drop privileges if necessary.

Detailed Description

Airframe Privilege Configuration Support.

Supplies privilege dropping for post-root initialization reduction of privileges (e.g. for live packet capture applications) and the command line option processing necessary to use it. Use this when you want to drop privileges after doing one-time setup as root.


Define Documentation

#define PRIVC_ERROR_SETUP   1
 

Privconfig setup error.

Signifies that setup failed because of bad command line options.


Function Documentation

gboolean privc_add_option_group AirOptionCtx aoctx  ) 
 

Return an option group for privilege configuration.

This option group defines two options: --become-user (-U) to become a specified user by name, and --become-group to additionally specify a group to become (otherwise, drops privileges to the given user's default group.)

Parameters:
aoctx airframe option context
Returns:
TRUE if successful, FALSE otherwise

gboolean privc_become GError **  err  ) 
 

Drop privileges if necessary.

Returns TRUE if not running as root. Returns FALSE if running as root with no --become-user option with PRIVC_ERROR_NODROP, or if privc_become() was already called succsssfully with PRIVC_ERROR_ALREADY. If for some reason a required privilege drop fails, returns FALSE with PRIVC_ERROR_FAILED.

Parameters:
err an error description
Returns:
TRUE on success, FALSE otherwise

gboolean privc_configured  ) 
 

Determine if the user wants to drop privileges.

Use this to determine whether warn the user if the application will not call priv_become() due to some application-specific state.

Returns:
TRUE if --become-user supplied on command line.

gboolean privc_setup GError **  err  ) 
 

Set up privilege configuration.

Call this after parsing an options context including a GOptionGroup returned from privc_option_group(). This sets up internal state used by the other privconfig calls.

Parameters:
err an error description
Returns:
TRUE on success, FALSE otherwise