source: trunk/include/trustfile.h@ 228

/*
 * This is the header file for the trust function
 *
 * Author information:
 * Matt Bishop
 * Department of Computer Science
 * University of California at Davis
 * Davis, CA  95616-8562
 * phone (916) 752-8060
 * email bishop@cs.ucdavis.edu
 *
 * This code is placed in the public domain.  I do ask that
 * you keep my name associated with it, that you not represent
 * it as written by you, and that you preserve these comments.
 * This software is provided "as is" and without any guarantees
 * of any sort.
 */
/*
 * trustfile return codes
 */
#define TF_ERROR        -1      /* can't check -- error */
#define TF_NO            0      /* file isn't trustworthy */
#define TF_YES           1      /* file is trustworthy */

/*
 * error codes
 */
#define TF_BADFILE      1       /* file name illegal */
#define TF_BADNAME      2       /* name not valid (prob. ran out of room) */
#define TF_BADSTAT      3       /* stat of file failed (see errno for why) */
#define TF_NOROOM       4       /* not enough allocated space */

/*
 * untrustworthy codes
 */
#define TF_BADUID       10      /* owner nmot trustworthy */
#define TF_BADGID       11      /* group writeable and member not trustworthy */
#define TF_BADOTH       12      /* anyone can write it */

/*
 * the basic constant -- what is the longest path name possible?
 * It should be at least the max path length as defined by system
 * + 4 ("/../") + max file name length as defined by system; this
 * should rarely fail (I rounded it up to 2048)
 */
#define MAXFILENAME     2048

/*
 * function declaration
 *
 * #ifdef __STDC__
 * extern int trustfile(char *, int *, int *);
 * #else
 * extern int trustfile();
 * #endif
 */
/*
 * these are useful global variables
 *
 * first set: who you gonna trust, by default?
 *      if the user does not specify a trusted or untrusted set of users,
 *      all users are considered untrusted EXCEPT:
 *      UID 0 -- root   as root can do anything on most UNIX systems, this
 *                      seems reasonable
 *      tf_euid -- programmer-selectable UID
 *                      if the caller specifies a specific UID by putting
 *                      it in this variable, it will be trusted; this is
 *                      typically used to trust the effective UID of the
 *                      process (note: NOT the real UID, which will cause all
 *                      sorts of problems!)  By default, this is set to -1,
 *                      so if it's not set, root is the only trusted user
 */
extern uid_t tf_euid;                   /* space for EUID of process */

/*
 * second set: how do you report problems?
 *      tf_errno        on return when an error has occurred, this is set
 *                      to the code indicating the reason for the error:
 *                         TF_BADFILE   passed NULL for pointer to file name
 *                         TF_BADNAME   could not expand to full path name
 *                         TF_BADSTAT   stat failed; usu. file doesn't exist
 *                         TF_BADUID    owner untrusted
 *                         TF_BADGID    group untrusted & can write
 *                         TF_BADOTH    anyone can write
 *                      the value is preserved across calls where no error
 *                      occurs, just like errno(2)
 *      tf_path         if error occurs and a file name is involved, this
 *                      contains the file name causing the problem
 */
extern char tf_path[MAXFILENAME];       /* error path for trust function */

extern uid_t rootonly[];
extern int  EUIDSLOT;