| 1 | /* | 
|---|
| 2 | * This is the header file for the trust function | 
|---|
| 3 | * | 
|---|
| 4 | * Author information: | 
|---|
| 5 | * Matt Bishop | 
|---|
| 6 | * Department of Computer Science | 
|---|
| 7 | * University of California at Davis | 
|---|
| 8 | * Davis, CA  95616-8562 | 
|---|
| 9 | * phone (916) 752-8060 | 
|---|
| 10 | * email bishop@cs.ucdavis.edu | 
|---|
| 11 | * | 
|---|
| 12 | * This code is placed in the public domain.  I do ask that | 
|---|
| 13 | * you keep my name associated with it, that you not represent | 
|---|
| 14 | * it as written by you, and that you preserve these comments. | 
|---|
| 15 | * This software is provided "as is" and without any guarantees | 
|---|
| 16 | * of any sort. | 
|---|
| 17 | */ | 
|---|
| 18 | /* | 
|---|
| 19 | * trustfile return codes | 
|---|
| 20 | */ | 
|---|
| 21 | #define TF_ERROR        -1      /* can't check -- error */ | 
|---|
| 22 | #define TF_NO            0      /* file isn't trustworthy */ | 
|---|
| 23 | #define TF_YES           1      /* file is trustworthy */ | 
|---|
| 24 |  | 
|---|
| 25 | /* | 
|---|
| 26 | * error codes | 
|---|
| 27 | */ | 
|---|
| 28 | #define TF_BADFILE      1       /* file name illegal */ | 
|---|
| 29 | #define TF_BADNAME      2       /* name not valid (prob. ran out of room) */ | 
|---|
| 30 | #define TF_BADSTAT      3       /* stat of file failed (see errno for why) */ | 
|---|
| 31 | #define TF_NOROOM       4       /* not enough allocated space */ | 
|---|
| 32 |  | 
|---|
| 33 | /* | 
|---|
| 34 | * untrustworthy codes | 
|---|
| 35 | */ | 
|---|
| 36 | #define TF_BADUID       10      /* owner nmot trustworthy */ | 
|---|
| 37 | #define TF_BADGID       11      /* group writeable and member not trustworthy */ | 
|---|
| 38 | #define TF_BADOTH       12      /* anyone can write it */ | 
|---|
| 39 |  | 
|---|
| 40 | /* | 
|---|
| 41 | * the basic constant -- what is the longest path name possible? | 
|---|
| 42 | * It should be at least the max path length as defined by system | 
|---|
| 43 | * + 4 ("/../") + max file name length as defined by system; this | 
|---|
| 44 | * should rarely fail (I rounded it up to 2048) | 
|---|
| 45 | */ | 
|---|
| 46 | #define MAXFILENAME     2048 | 
|---|
| 47 |  | 
|---|
| 48 | /* | 
|---|
| 49 | * function declaration | 
|---|
| 50 | * | 
|---|
| 51 | * #ifdef __STDC__ | 
|---|
| 52 | * extern int trustfile(char *, int *, int *); | 
|---|
| 53 | * #else | 
|---|
| 54 | * extern int trustfile(); | 
|---|
| 55 | * #endif | 
|---|
| 56 | */ | 
|---|
| 57 | /* | 
|---|
| 58 | * these are useful global variables | 
|---|
| 59 | * | 
|---|
| 60 | * first set: who you gonna trust, by default? | 
|---|
| 61 | *      if the user does not specify a trusted or untrusted set of users, | 
|---|
| 62 | *      all users are considered untrusted EXCEPT: | 
|---|
| 63 | *      UID 0 -- root   as root can do anything on most UNIX systems, this | 
|---|
| 64 | *                      seems reasonable | 
|---|
| 65 | *      tf_euid -- programmer-selectable UID | 
|---|
| 66 | *                      if the caller specifies a specific UID by putting | 
|---|
| 67 | *                      it in this variable, it will be trusted; this is | 
|---|
| 68 | *                      typically used to trust the effective UID of the | 
|---|
| 69 | *                      process (note: NOT the real UID, which will cause all | 
|---|
| 70 | *                      sorts of problems!)  By default, this is set to -1, | 
|---|
| 71 | *                      so if it's not set, root is the only trusted user | 
|---|
| 72 | */ | 
|---|
| 73 | extern uid_t tf_euid;                   /* space for EUID of process */ | 
|---|
| 74 |  | 
|---|
| 75 | /* | 
|---|
| 76 | * second set: how do you report problems? | 
|---|
| 77 | *      tf_errno        on return when an error has occurred, this is set | 
|---|
| 78 | *                      to the code indicating the reason for the error: | 
|---|
| 79 | *                         TF_BADFILE   passed NULL for pointer to file name | 
|---|
| 80 | *                         TF_BADNAME   could not expand to full path name | 
|---|
| 81 | *                         TF_BADSTAT   stat failed; usu. file doesn't exist | 
|---|
| 82 | *                         TF_BADUID    owner untrusted | 
|---|
| 83 | *                         TF_BADGID    group untrusted & can write | 
|---|
| 84 | *                         TF_BADOTH    anyone can write | 
|---|
| 85 | *                      the value is preserved across calls where no error | 
|---|
| 86 | *                      occurs, just like errno(2) | 
|---|
| 87 | *      tf_path         if error occurs and a file name is involved, this | 
|---|
| 88 | *                      contains the file name causing the problem | 
|---|
| 89 | */ | 
|---|
| 90 | extern char tf_path[MAXFILENAME];       /* error path for trust function */ | 
|---|
| 91 |  | 
|---|
| 92 | extern uid_t rootonly[]; | 
|---|
| 93 | extern int  EUIDSLOT; | 
|---|
| 94 |  | 
|---|