ugidfw.c (a8879d0d7dc2ecfb99e31b1443a11a02feb49914) | ugidfw.c (34d26f04c39740f0c346ce98984615b640a86612) |
---|---|
1/*- | 1/*- |
2 * Copyright (c) 2002, 2004 Networks Associates Technology, Inc. | 2 * Copyright (c) 2002 Networks Associates Technology, Inc. |
3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by NAI Labs, the 6 * Security Research Division of Network Associates, Inc. under 7 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 8 * CHATS research program. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. | 3 * All rights reserved. 4 * 5 * This software was developed for the FreeBSD Project by NAI Labs, the 6 * Security Research Division of Network Associates, Inc. under 7 * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 8 * CHATS research program. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. |
18 * 3. The names of the authors may not be used to endorse or promote 19 * products derived from this software without specific prior written 20 * permission. |
|
18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 * SUCH DAMAGE. | 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 32 * SUCH DAMAGE. |
33 * 34 * $FreeBSD$ |
|
30 */ | 35 */ |
31 32#include <sys/cdefs.h> 33__FBSDID("$FreeBSD$"); 34 | |
35#include <sys/param.h> 36#include <sys/errno.h> | 36#include <sys/param.h> 37#include <sys/errno.h> |
37#include <sys/mount.h> | |
38#include <sys/time.h> 39#include <sys/sysctl.h> | 38#include <sys/time.h> 39#include <sys/sysctl.h> |
40#include <sys/vnode.h> |
|
40 41#include <security/mac_bsdextended/mac_bsdextended.h> 42 | 41 42#include <security/mac_bsdextended/mac_bsdextended.h> 43 |
43#include <err.h> | |
44#include <stdio.h> 45#include <stdlib.h> 46#include <string.h> 47#include <ugidfw.h> 48 | 44#include <stdio.h> 45#include <stdlib.h> 46#include <string.h> 47#include <ugidfw.h> 48 |
49void add_rule(int argc, char *argv[]); 50void list_rules(void); 51void remove_rule(int argc, char *argv[]); 52void set_rule(int argc, char *argv[]); 53void usage(void); 54 | |
55void 56usage(void) 57{ 58 | 49void 50usage(void) 51{ 52 |
59 fprintf(stderr, "usage: ugidfw add [subject [not] [uid uid] [gid gid]]" 60 " [object [not] [uid uid] \\\n"); 61 fprintf(stderr, " [gid gid]] mode arswxn\n"); 62 fprintf(stderr, " ugidfw list\n"); 63 fprintf(stderr, " ugidfw set rulenum [subject [not] [uid uid] [gid gid]]" | 53 fprintf(stderr, "ugidfw list\n"); 54 fprintf(stderr, "ugidfw set rulenum [subject [not] [uid uid] [gid gid]]" |
64 " [object [not] \\\n"); 65 fprintf(stderr, " [uid uid] [gid gid]] mode arswxn\n"); | 55 " [object [not] \\\n"); 56 fprintf(stderr, " [uid uid] [gid gid]] mode arswxn\n"); |
66 fprintf(stderr, " ugidfw remove rulenum\n"); | 57 fprintf(stderr, "ugidfw remove rulenum\n"); |
67 | 58 |
68 exit(1); | 59 exit(-1); |
69} 70 71void | 60} 61 62void |
72add_rule(int argc, char *argv[]) 73{ 74 char errstr[BUFSIZ], charstr[BUFSIZ]; 75 struct mac_bsdextended_rule rule; 76 int error, rulenum; 77 78 error = bsde_parse_rule(argc, argv, &rule, BUFSIZ, errstr); 79 if (error) { 80 warnx("%s", errstr); 81 return; 82 } 83 84 error = bsde_add_rule(&rulenum, &rule, BUFSIZ, errstr); 85 if (error) { 86 warnx("%s", errstr); 87 return; 88 } 89 if (bsde_rule_to_string(&rule, charstr, BUFSIZ) == -1) 90 warnx("Added rule, but unable to print string."); 91 else 92 printf("%d %s\n", rulenum, charstr); 93} 94 95void | |
96list_rules(void) 97{ 98 char errstr[BUFSIZ], charstr[BUFSIZ]; 99 struct mac_bsdextended_rule rule; 100 int error, i, rule_count, rule_slots; 101 102 rule_slots = bsde_get_rule_slots(BUFSIZ, errstr); 103 if (rule_slots == -1) { | 63list_rules(void) 64{ 65 char errstr[BUFSIZ], charstr[BUFSIZ]; 66 struct mac_bsdextended_rule rule; 67 int error, i, rule_count, rule_slots; 68 69 rule_slots = bsde_get_rule_slots(BUFSIZ, errstr); 70 if (rule_slots == -1) { |
104 warnx("unable to get rule slots; mac_bsdextended.ko " 105 "may not be loaded"); 106 errx(1, "bsde_get_rule_slots: %s", errstr); | 71 fprintf(stderr, "Unable to get rule slots; mac_bsdextended.ko " 72 "may not be loaded.\n"); 73 fprintf(stderr, "bsde_get_rule_slots: %s\n", errstr); 74 exit (-1); |
107 } 108 109 rule_count = bsde_get_rule_count(BUFSIZ, errstr); | 75 } 76 77 rule_count = bsde_get_rule_count(BUFSIZ, errstr); |
110 if (rule_count == -1) 111 errx(1, "bsde_get_rule_count: %s", errstr); | 78 if (rule_count == -1) { 79 fprintf(stderr, "bsde_get_rule_count: %s\n", errstr); 80 exit (-1); 81 } |
112 113 printf("%d slots, %d rules\n", rule_slots, rule_count); 114 | 82 83 printf("%d slots, %d rules\n", rule_slots, rule_count); 84 |
115 for (i = 0; i < rule_slots; i++) { | 85 for (i = 0; i <= rule_slots; i++) { |
116 error = bsde_get_rule(i, &rule, BUFSIZ, errstr); 117 switch (error) { 118 case -2: 119 continue; 120 case -1: | 86 error = bsde_get_rule(i, &rule, BUFSIZ, errstr); 87 switch (error) { 88 case -2: 89 continue; 90 case -1: |
121 warnx("rule %d: %s", i, errstr); | 91 fprintf(stderr, "rule %d: %s\n", i, errstr); |
122 continue; 123 case 0: 124 break; 125 } 126 127 if (bsde_rule_to_string(&rule, charstr, BUFSIZ) == -1) | 92 continue; 93 case 0: 94 break; 95 } 96 97 if (bsde_rule_to_string(&rule, charstr, BUFSIZ) == -1) |
128 warnx("unable to translate rule %d to string", i); | 98 fprintf(stderr, 99 "Unable to translate rule %d to string\n", i); |
129 else 130 printf("%d %s\n", i, charstr); 131 } 132} 133 134void 135set_rule(int argc, char *argv[]) 136{ --- 12 unchanged lines hidden (view full) --- 149 150 if ((long) value != (int) value || value < 0) 151 usage(); 152 153 rulenum = value; 154 155 error = bsde_parse_rule(argc - 1, argv + 1, &rule, BUFSIZ, errstr); 156 if (error) { | 100 else 101 printf("%d %s\n", i, charstr); 102 } 103} 104 105void 106set_rule(int argc, char *argv[]) 107{ --- 12 unchanged lines hidden (view full) --- 120 121 if ((long) value != (int) value || value < 0) 122 usage(); 123 124 rulenum = value; 125 126 error = bsde_parse_rule(argc - 1, argv + 1, &rule, BUFSIZ, errstr); 127 if (error) { |
157 warnx("%s", errstr); | 128 fprintf(stderr, "%s\n", errstr); |
158 return; 159 } 160 161 error = bsde_set_rule(rulenum, &rule, BUFSIZ, errstr); 162 if (error) { | 129 return; 130 } 131 132 error = bsde_set_rule(rulenum, &rule, BUFSIZ, errstr); 133 if (error) { |
163 warnx("%s", errstr); | 134 fprintf(stderr, "%s\n", errstr); |
164 return; 165 } 166} 167 168void 169remove_rule(int argc, char *argv[]) 170{ 171 char errstr[BUFSIZ]; --- 10 unchanged lines hidden (view full) --- 182 183 if ((long) value != (int) value || value < 0) 184 usage(); 185 186 rulenum = value; 187 188 error = bsde_delete_rule(rulenum, BUFSIZ, errstr); 189 if (error) | 135 return; 136 } 137} 138 139void 140remove_rule(int argc, char *argv[]) 141{ 142 char errstr[BUFSIZ]; --- 10 unchanged lines hidden (view full) --- 153 154 if ((long) value != (int) value || value < 0) 155 usage(); 156 157 rulenum = value; 158 159 error = bsde_delete_rule(rulenum, BUFSIZ, errstr); 160 if (error) |
190 warnx("%s", errstr); | 161 fprintf(stderr, "%s\n", errstr); |
191} 192 193int 194main(int argc, char *argv[]) 195{ 196 197 if (argc < 2) 198 usage(); 199 | 162} 163 164int 165main(int argc, char *argv[]) 166{ 167 168 if (argc < 2) 169 usage(); 170 |
200 if (strcmp("add", argv[1]) == 0) { 201 add_rule(argc-2, argv+2); 202 } else if (strcmp("list", argv[1]) == 0) { | 171 if (strcmp("list", argv[1]) == 0) { |
203 if (argc != 2) 204 usage(); 205 list_rules(); 206 } else if (strcmp("set", argv[1]) == 0) { 207 set_rule(argc-2, argv+2); 208 } else if (strcmp("remove", argv[1]) == 0) { 209 remove_rule(argc-2, argv+2); 210 } else 211 usage(); 212 213 return (0); 214} | 172 if (argc != 2) 173 usage(); 174 list_rules(); 175 } else if (strcmp("set", argv[1]) == 0) { 176 set_rule(argc-2, argv+2); 177 } else if (strcmp("remove", argv[1]) == 0) { 178 remove_rule(argc-2, argv+2); 179 } else 180 usage(); 181 182 return (0); 183} |