Lines Matching +full:max +full:- +full:cur
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2002-2005 Networks Associates Technology, Inc.
9 * under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
67 char *cur, type[sizeof(rule->mbr_object.mbo_type) * CHAR_BIT + 1]; in bsde_rule_to_string() local
71 cur = buf; in bsde_rule_to_string()
74 len = snprintf(cur, left, "subject "); in bsde_rule_to_string()
77 left -= len; in bsde_rule_to_string()
78 cur += len; in bsde_rule_to_string()
79 if (rule->mbr_subject.mbs_flags) { in bsde_rule_to_string()
80 if (rule->mbr_subject.mbs_neg == MBS_ALL_FLAGS) { in bsde_rule_to_string()
81 len = snprintf(cur, left, "not "); in bsde_rule_to_string()
84 left -= len; in bsde_rule_to_string()
85 cur += len; in bsde_rule_to_string()
91 if (!notdone && (rule->mbr_subject.mbs_neg & MBO_UID_DEFINED)) { in bsde_rule_to_string()
92 len = snprintf(cur, left, "! "); in bsde_rule_to_string()
95 left -= len; in bsde_rule_to_string()
96 cur += len; in bsde_rule_to_string()
98 if (rule->mbr_subject.mbs_flags & MBO_UID_DEFINED) { in bsde_rule_to_string()
99 pwd = getpwuid(rule->mbr_subject.mbs_uid_min); in bsde_rule_to_string()
101 len = snprintf(cur, left, "uid %s", in bsde_rule_to_string()
102 pwd->pw_name); in bsde_rule_to_string()
105 left -= len; in bsde_rule_to_string()
106 cur += len; in bsde_rule_to_string()
108 len = snprintf(cur, left, "uid %u", in bsde_rule_to_string()
109 rule->mbr_subject.mbs_uid_min); in bsde_rule_to_string()
112 left -= len; in bsde_rule_to_string()
113 cur += len; in bsde_rule_to_string()
115 if (rule->mbr_subject.mbs_uid_min != in bsde_rule_to_string()
116 rule->mbr_subject.mbs_uid_max) { in bsde_rule_to_string()
117 pwd = getpwuid(rule->mbr_subject.mbs_uid_max); in bsde_rule_to_string()
119 len = snprintf(cur, left, ":%s ", in bsde_rule_to_string()
120 pwd->pw_name); in bsde_rule_to_string()
123 left -= len; in bsde_rule_to_string()
124 cur += len; in bsde_rule_to_string()
126 len = snprintf(cur, left, ":%u ", in bsde_rule_to_string()
127 rule->mbr_subject.mbs_uid_max); in bsde_rule_to_string()
130 left -= len; in bsde_rule_to_string()
131 cur += len; in bsde_rule_to_string()
134 len = snprintf(cur, left, " "); in bsde_rule_to_string()
137 left -= len; in bsde_rule_to_string()
138 cur += len; in bsde_rule_to_string()
141 if (!notdone && (rule->mbr_subject.mbs_neg & MBO_GID_DEFINED)) { in bsde_rule_to_string()
142 len = snprintf(cur, left, "! "); in bsde_rule_to_string()
145 left -= len; in bsde_rule_to_string()
146 cur += len; in bsde_rule_to_string()
148 if (rule->mbr_subject.mbs_flags & MBO_GID_DEFINED) { in bsde_rule_to_string()
149 grp = getgrgid(rule->mbr_subject.mbs_gid_min); in bsde_rule_to_string()
151 len = snprintf(cur, left, "gid %s", in bsde_rule_to_string()
152 grp->gr_name); in bsde_rule_to_string()
155 left -= len; in bsde_rule_to_string()
156 cur += len; in bsde_rule_to_string()
158 len = snprintf(cur, left, "gid %u", in bsde_rule_to_string()
159 rule->mbr_subject.mbs_gid_min); in bsde_rule_to_string()
162 left -= len; in bsde_rule_to_string()
163 cur += len; in bsde_rule_to_string()
165 if (rule->mbr_subject.mbs_gid_min != in bsde_rule_to_string()
166 rule->mbr_subject.mbs_gid_max) { in bsde_rule_to_string()
167 grp = getgrgid(rule->mbr_subject.mbs_gid_max); in bsde_rule_to_string()
169 len = snprintf(cur, left, ":%s ", in bsde_rule_to_string()
170 grp->gr_name); in bsde_rule_to_string()
173 left -= len; in bsde_rule_to_string()
174 cur += len; in bsde_rule_to_string()
176 len = snprintf(cur, left, ":%u ", in bsde_rule_to_string()
177 rule->mbr_subject.mbs_gid_max); in bsde_rule_to_string()
180 left -= len; in bsde_rule_to_string()
181 cur += len; in bsde_rule_to_string()
184 len = snprintf(cur, left, " "); in bsde_rule_to_string()
187 left -= len; in bsde_rule_to_string()
188 cur += len; in bsde_rule_to_string()
191 if (!notdone && (rule->mbr_subject.mbs_neg & MBS_PRISON_DEFINED)) { in bsde_rule_to_string()
192 len = snprintf(cur, left, "! "); in bsde_rule_to_string()
195 left -= len; in bsde_rule_to_string()
196 cur += len; in bsde_rule_to_string()
198 if (rule->mbr_subject.mbs_flags & MBS_PRISON_DEFINED) { in bsde_rule_to_string()
199 len = snprintf(cur, left, "jailid %d ", in bsde_rule_to_string()
200 rule->mbr_subject.mbs_prison); in bsde_rule_to_string()
203 left -= len; in bsde_rule_to_string()
204 cur += len; in bsde_rule_to_string()
208 len = snprintf(cur, left, "object "); in bsde_rule_to_string()
211 left -= len; in bsde_rule_to_string()
212 cur += len; in bsde_rule_to_string()
213 if (rule->mbr_object.mbo_flags) { in bsde_rule_to_string()
214 if (rule->mbr_object.mbo_neg == MBO_ALL_FLAGS) { in bsde_rule_to_string()
215 len = snprintf(cur, left, "not "); in bsde_rule_to_string()
218 left -= len; in bsde_rule_to_string()
219 cur += len; in bsde_rule_to_string()
225 if (!notdone && (rule->mbr_object.mbo_neg & MBO_UID_DEFINED)) { in bsde_rule_to_string()
226 len = snprintf(cur, left, "! "); in bsde_rule_to_string()
229 left -= len; in bsde_rule_to_string()
230 cur += len; in bsde_rule_to_string()
232 if (rule->mbr_object.mbo_flags & MBO_UID_DEFINED) { in bsde_rule_to_string()
233 pwd = getpwuid(rule->mbr_object.mbo_uid_min); in bsde_rule_to_string()
235 len = snprintf(cur, left, "uid %s", in bsde_rule_to_string()
236 pwd->pw_name); in bsde_rule_to_string()
239 left -= len; in bsde_rule_to_string()
240 cur += len; in bsde_rule_to_string()
242 len = snprintf(cur, left, "uid %u", in bsde_rule_to_string()
243 rule->mbr_object.mbo_uid_min); in bsde_rule_to_string()
246 left -= len; in bsde_rule_to_string()
247 cur += len; in bsde_rule_to_string()
249 if (rule->mbr_object.mbo_uid_min != in bsde_rule_to_string()
250 rule->mbr_object.mbo_uid_max) { in bsde_rule_to_string()
251 pwd = getpwuid(rule->mbr_object.mbo_uid_max); in bsde_rule_to_string()
253 len = snprintf(cur, left, ":%s ", in bsde_rule_to_string()
254 pwd->pw_name); in bsde_rule_to_string()
257 left -= len; in bsde_rule_to_string()
258 cur += len; in bsde_rule_to_string()
260 len = snprintf(cur, left, ":%u ", in bsde_rule_to_string()
261 rule->mbr_object.mbo_uid_max); in bsde_rule_to_string()
264 left -= len; in bsde_rule_to_string()
265 cur += len; in bsde_rule_to_string()
268 len = snprintf(cur, left, " "); in bsde_rule_to_string()
271 left -= len; in bsde_rule_to_string()
272 cur += len; in bsde_rule_to_string()
275 if (!notdone && (rule->mbr_object.mbo_neg & MBO_GID_DEFINED)) { in bsde_rule_to_string()
276 len = snprintf(cur, left, "! "); in bsde_rule_to_string()
279 left -= len; in bsde_rule_to_string()
280 cur += len; in bsde_rule_to_string()
282 if (rule->mbr_object.mbo_flags & MBO_GID_DEFINED) { in bsde_rule_to_string()
283 grp = getgrgid(rule->mbr_object.mbo_gid_min); in bsde_rule_to_string()
285 len = snprintf(cur, left, "gid %s", in bsde_rule_to_string()
286 grp->gr_name); in bsde_rule_to_string()
289 left -= len; in bsde_rule_to_string()
290 cur += len; in bsde_rule_to_string()
292 len = snprintf(cur, left, "gid %u", in bsde_rule_to_string()
293 rule->mbr_object.mbo_gid_min); in bsde_rule_to_string()
296 left -= len; in bsde_rule_to_string()
297 cur += len; in bsde_rule_to_string()
299 if (rule->mbr_object.mbo_gid_min != in bsde_rule_to_string()
300 rule->mbr_object.mbo_gid_max) { in bsde_rule_to_string()
301 grp = getgrgid(rule->mbr_object.mbo_gid_max); in bsde_rule_to_string()
303 len = snprintf(cur, left, ":%s ", in bsde_rule_to_string()
304 grp->gr_name); in bsde_rule_to_string()
307 left -= len; in bsde_rule_to_string()
308 cur += len; in bsde_rule_to_string()
310 len = snprintf(cur, left, ":%u ", in bsde_rule_to_string()
311 rule->mbr_object.mbo_gid_max); in bsde_rule_to_string()
314 left -= len; in bsde_rule_to_string()
315 cur += len; in bsde_rule_to_string()
318 len = snprintf(cur, left, " "); in bsde_rule_to_string()
321 left -= len; in bsde_rule_to_string()
322 cur += len; in bsde_rule_to_string()
325 if (!notdone && (rule->mbr_object.mbo_neg & MBO_FSID_DEFINED)) { in bsde_rule_to_string()
326 len = snprintf(cur, left, "! "); in bsde_rule_to_string()
329 left -= len; in bsde_rule_to_string()
330 cur += len; in bsde_rule_to_string()
332 if (rule->mbr_object.mbo_flags & MBO_FSID_DEFINED) { in bsde_rule_to_string()
335 if (fsidcmp(&rule->mbr_object.mbo_fsid, in bsde_rule_to_string()
338 len = snprintf(cur, left, "filesys %s ", in bsde_rule_to_string()
342 left -= len; in bsde_rule_to_string()
343 cur += len; in bsde_rule_to_string()
345 if (!notdone && (rule->mbr_object.mbo_neg & MBO_SUID)) { in bsde_rule_to_string()
346 len = snprintf(cur, left, "! "); in bsde_rule_to_string()
349 left -= len; in bsde_rule_to_string()
350 cur += len; in bsde_rule_to_string()
352 if (rule->mbr_object.mbo_flags & MBO_SUID) { in bsde_rule_to_string()
353 len = snprintf(cur, left, "suid "); in bsde_rule_to_string()
356 left -= len; in bsde_rule_to_string()
357 cur += len; in bsde_rule_to_string()
359 if (!notdone && (rule->mbr_object.mbo_neg & MBO_SGID)) { in bsde_rule_to_string()
360 len = snprintf(cur, left, "! "); in bsde_rule_to_string()
363 left -= len; in bsde_rule_to_string()
364 cur += len; in bsde_rule_to_string()
366 if (rule->mbr_object.mbo_flags & MBO_SGID) { in bsde_rule_to_string()
367 len = snprintf(cur, left, "sgid "); in bsde_rule_to_string()
370 left -= len; in bsde_rule_to_string()
371 cur += len; in bsde_rule_to_string()
373 if (!notdone && (rule->mbr_object.mbo_neg & MBO_UID_SUBJECT)) { in bsde_rule_to_string()
374 len = snprintf(cur, left, "! "); in bsde_rule_to_string()
377 left -= len; in bsde_rule_to_string()
378 cur += len; in bsde_rule_to_string()
380 if (rule->mbr_object.mbo_flags & MBO_UID_SUBJECT) { in bsde_rule_to_string()
381 len = snprintf(cur, left, "uid_of_subject "); in bsde_rule_to_string()
384 left -= len; in bsde_rule_to_string()
385 cur += len; in bsde_rule_to_string()
387 if (!notdone && (rule->mbr_object.mbo_neg & MBO_GID_SUBJECT)) { in bsde_rule_to_string()
388 len = snprintf(cur, left, "! "); in bsde_rule_to_string()
391 left -= len; in bsde_rule_to_string()
392 cur += len; in bsde_rule_to_string()
394 if (rule->mbr_object.mbo_flags & MBO_GID_SUBJECT) { in bsde_rule_to_string()
395 len = snprintf(cur, left, "gid_of_subject "); in bsde_rule_to_string()
398 left -= len; in bsde_rule_to_string()
399 cur += len; in bsde_rule_to_string()
401 if (!notdone && (rule->mbr_object.mbo_neg & MBO_TYPE_DEFINED)) { in bsde_rule_to_string()
402 len = snprintf(cur, left, "! "); in bsde_rule_to_string()
405 left -= len; in bsde_rule_to_string()
406 cur += len; in bsde_rule_to_string()
408 if (rule->mbr_object.mbo_flags & MBO_TYPE_DEFINED) { in bsde_rule_to_string()
410 if (rule->mbr_object.mbo_type & MBO_TYPE_REG) in bsde_rule_to_string()
412 if (rule->mbr_object.mbo_type & MBO_TYPE_DIR) in bsde_rule_to_string()
414 if (rule->mbr_object.mbo_type & MBO_TYPE_BLK) in bsde_rule_to_string()
416 if (rule->mbr_object.mbo_type & MBO_TYPE_CHR) in bsde_rule_to_string()
418 if (rule->mbr_object.mbo_type & MBO_TYPE_LNK) in bsde_rule_to_string()
420 if (rule->mbr_object.mbo_type & MBO_TYPE_SOCK) in bsde_rule_to_string()
422 if (rule->mbr_object.mbo_type & MBO_TYPE_FIFO) in bsde_rule_to_string()
424 if (rule->mbr_object.mbo_type == MBO_ALL_TYPE) { in bsde_rule_to_string()
429 len = snprintf(cur, left, "type %s ", type); in bsde_rule_to_string()
432 left -= len; in bsde_rule_to_string()
433 cur += len; in bsde_rule_to_string()
437 len = snprintf(cur, left, "mode "); in bsde_rule_to_string()
440 left -= len; in bsde_rule_to_string()
441 cur += len; in bsde_rule_to_string()
443 anymode = (rule->mbr_mode & MBI_ALLPERM); in bsde_rule_to_string()
444 unknownmode = (rule->mbr_mode & ~MBI_ALLPERM); in bsde_rule_to_string()
446 if (rule->mbr_mode & MBI_ADMIN) { in bsde_rule_to_string()
447 len = snprintf(cur, left, "a"); in bsde_rule_to_string()
451 left -= len; in bsde_rule_to_string()
452 cur += len; in bsde_rule_to_string()
454 if (rule->mbr_mode & MBI_READ) { in bsde_rule_to_string()
455 len = snprintf(cur, left, "r"); in bsde_rule_to_string()
459 left -= len; in bsde_rule_to_string()
460 cur += len; in bsde_rule_to_string()
462 if (rule->mbr_mode & MBI_STAT) { in bsde_rule_to_string()
463 len = snprintf(cur, left, "s"); in bsde_rule_to_string()
467 left -= len; in bsde_rule_to_string()
468 cur += len; in bsde_rule_to_string()
470 if (rule->mbr_mode & MBI_WRITE) { in bsde_rule_to_string()
471 len = snprintf(cur, left, "w"); in bsde_rule_to_string()
475 left -= len; in bsde_rule_to_string()
476 cur += len; in bsde_rule_to_string()
478 if (rule->mbr_mode & MBI_EXEC) { in bsde_rule_to_string()
479 len = snprintf(cur, left, "x"); in bsde_rule_to_string()
483 left -= len; in bsde_rule_to_string()
484 cur += len; in bsde_rule_to_string()
487 len = snprintf(cur, left, "n"); in bsde_rule_to_string()
491 left -= len; in bsde_rule_to_string()
492 cur += len; in bsde_rule_to_string()
495 len = snprintf(cur, left, "?"); in bsde_rule_to_string()
499 left -= len; in bsde_rule_to_string()
500 cur += len; in bsde_rule_to_string()
506 return (-1); in bsde_rule_to_string()
510 bsde_parse_uidrange(char *spec, uid_t *min, uid_t *max, in bsde_parse_uidrange() argument
522 uid1 = pwd->pw_uid; in bsde_parse_uidrange()
527 return (-1); in bsde_parse_uidrange()
533 *max = *min = uid1; in bsde_parse_uidrange()
539 uid2 = pwd->pw_uid; in bsde_parse_uidrange()
544 return (-1); in bsde_parse_uidrange()
550 *max = uid2; in bsde_parse_uidrange()
556 bsde_parse_gidrange(char *spec, gid_t *min, gid_t *max, in bsde_parse_gidrange() argument
568 gid1 = grp->gr_gid; in bsde_parse_gidrange()
573 return (-1); in bsde_parse_gidrange()
579 *max = *min = gid1; in bsde_parse_gidrange()
585 gid2 = grp->gr_gid; in bsde_parse_gidrange()
590 return (-1); in bsde_parse_gidrange()
596 *max = gid2; in bsde_parse_gidrange()
657 return (-1); in bsde_parse_subject()
661 return (-1); in bsde_parse_subject()
665 return (-1); in bsde_parse_subject()
675 return (-1); in bsde_parse_subject()
679 return (-1); in bsde_parse_subject()
683 return (-1); in bsde_parse_subject()
693 return (-1); in bsde_parse_subject()
697 return (-1); in bsde_parse_subject()
701 return (-1); in bsde_parse_subject()
711 return (-1); in bsde_parse_subject()
718 return (-1); in bsde_parse_subject()
722 subject->mbs_flags = flags; in bsde_parse_subject()
724 subject->mbs_neg = MBS_ALL_FLAGS ^ neg; in bsde_parse_subject()
726 subject->mbs_neg = neg; in bsde_parse_subject()
728 subject->mbs_uid_min = uid_min; in bsde_parse_subject()
729 subject->mbs_uid_max = uid_max; in bsde_parse_subject()
732 subject->mbs_gid_min = gid_min; in bsde_parse_subject()
733 subject->mbs_gid_max = gid_max; in bsde_parse_subject()
736 subject->mbs_prison = jid; in bsde_parse_subject()
750 case '-': in bsde_parse_type()
777 return (-1); in bsde_parse_type()
792 return (-1); in bsde_parse_fsid()
827 return (-1); in bsde_parse_object()
831 return (-1); in bsde_parse_object()
835 return (-1); in bsde_parse_object()
845 return (-1); in bsde_parse_object()
849 return (-1); in bsde_parse_object()
853 return (-1); in bsde_parse_object()
863 return (-1); in bsde_parse_object()
867 return (-1); in bsde_parse_object()
871 return (-1); in bsde_parse_object()
909 return (-1); in bsde_parse_object()
913 return (-1); in bsde_parse_object()
917 return (-1); in bsde_parse_object()
928 return (-1); in bsde_parse_object()
935 return (-1); in bsde_parse_object()
939 object->mbo_flags = flags; in bsde_parse_object()
941 object->mbo_neg = MBO_ALL_FLAGS ^ neg; in bsde_parse_object()
943 object->mbo_neg = neg; in bsde_parse_object()
945 object->mbo_uid_min = uid_min; in bsde_parse_object()
946 object->mbo_uid_max = uid_max; in bsde_parse_object()
949 object->mbo_gid_min = gid_min; in bsde_parse_object()
950 object->mbo_gid_max = gid_max; in bsde_parse_object()
953 object->mbo_fsid = fsid; in bsde_parse_object()
955 object->mbo_type = type; in bsde_parse_object()
968 return (-1); in bsde_parse_mode()
973 return (-1); in bsde_parse_mode()
1000 return (-1); in bsde_parse_mode()
1020 return (-1); in bsde_parse_rule()
1025 return (-1); in bsde_parse_rule()
1032 object = -1; in bsde_parse_rule()
1037 if (object == -1) { in bsde_parse_rule()
1039 return (-1); in bsde_parse_rule()
1043 mode = -1; in bsde_parse_rule()
1048 if (mode == -1) { in bsde_parse_rule()
1050 return (-1); in bsde_parse_rule()
1053 subject_elements_length = object - subject - 1; in bsde_parse_rule()
1055 object_elements_length = mode - object_elements; in bsde_parse_rule()
1057 mode_elements_length = argc - mode_elements; in bsde_parse_rule()
1060 argv + subject_elements, &rule->mbr_subject, buflen, errstr); in bsde_parse_rule()
1062 return (-1); in bsde_parse_rule()
1065 argv + object_elements, &rule->mbr_object, buflen, errstr); in bsde_parse_rule()
1067 return (-1); in bsde_parse_rule()
1070 &rule->mbr_mode, buflen, errstr); in bsde_parse_rule()
1072 return (-1); in bsde_parse_rule()
1130 return (-1); in bsde_check_version()
1135 return (-1); in bsde_check_version()
1151 return (-1); in bsde_get_rule_count()
1156 return (-1); in bsde_get_rule_count()
1173 return (-1); in bsde_get_rule_slots()
1177 return (-1); in bsde_get_rule_slots()
1185 * Returns -1 for failure;
1186 * Returns -2 for not present
1197 return (-1); in bsde_get_rule()
1204 return (-1); in bsde_get_rule()
1211 if (error == -1 && errno == ENOENT) in bsde_get_rule()
1212 return (-2); in bsde_get_rule()
1216 return (-1); in bsde_get_rule()
1220 return (-1); in bsde_get_rule()
1235 return (-1); in bsde_delete_rule()
1242 return (-1); in bsde_delete_rule()
1252 return (-1); in bsde_delete_rule()
1267 return (-1); in bsde_set_rule()
1274 return (-1); in bsde_set_rule()
1284 return (-1); in bsde_set_rule()
1300 return (-1); in bsde_add_rule()
1307 return (-1); in bsde_add_rule()
1311 if (rule_slots == -1) { in bsde_add_rule()
1314 return (-1); in bsde_add_rule()
1324 return (-1); in bsde_add_rule()