Home
last modified time | relevance | path

Searched refs:rights (Results 1 – 25 of 1847) sorted by relevance

12345678910>>...74

/freebsd/sys/kern/
H A Dsubr_capability.c133 cap_rights_vset(cap_rights_t *rights, va_list ap) in cap_rights_vset() argument
138 assert(CAPVER(rights) == CAP_RIGHTS_VERSION_00); in cap_rights_vset()
140 n = CAPARSIZE(rights); in cap_rights_vset()
151 assert(CAPIDXBIT(rights->cr_rights[i]) == CAPIDXBIT(right)); in cap_rights_vset()
152 rights->cr_rights[i] |= right; in cap_rights_vset()
153 assert(CAPIDXBIT(rights->cr_rights[i]) == CAPIDXBIT(right)); in cap_rights_vset()
158 cap_rights_vclear(cap_rights_t *rights, va_list ap) in cap_rights_vclear() argument
163 assert(CAPVER(rights) == CAP_RIGHTS_VERSION_00); in cap_rights_vclear()
165 n = CAPARSIZE(rights); in cap_rights_vclear()
176 assert(CAPIDXBIT(rights->cr_rights[i]) == CAPIDXBIT(right)); in cap_rights_vclear()
[all …]
H A Dsys_capability.c160 const cap_rights_t rights[] = { *needp, *havep }; in _cap_check() local
164 ktrcapfail(type, rights); in _cap_check()
183 const cap_rights_t rights[] = { *needp, *havep }; in cap_check_failed_notcapable() local
186 ktrcapfail(CAPFAIL_NOTCAPABLE, rights); in cap_check_failed_notcapable()
230 kern_cap_rights_limit(struct thread *td, int fd, cap_rights_t *rights) in kern_cap_rights_limit() argument
245 error = _cap_check(cap_rights(fdp, fd), rights, CAPFAIL_INCREASE); in kern_cap_rights_limit()
248 fdep->fde_rights = *rights; in kern_cap_rights_limit()
249 if (!cap_rights_is_set(rights, CAP_IOCTL)) { in kern_cap_rights_limit()
254 if (!cap_rights_is_set(rights, CAP_FCNTL)) in kern_cap_rights_limit()
269 cap_rights_t rights; in sys_cap_rights_limit() local
[all …]
/freebsd/tests/sys/capsicum/
H A Dcapability-fd.cc125 cap_rights_t rights; in ShowCapRights() local
126 CAP_NONE(&rights); in ShowCapRights()
127 if (cap_rights_get(fd, &rights) < 0) { in ShowCapRights()
135 if (cap_rights_is_set(&rights, known_rights[ii].right)) { in ShowCapRights()
145 cap_rights_clear(&rights, known_rights[ii].right); in ShowCapRights()
149 for (ii = 0; ii < (size_t)CAPARSIZE(&rights); ii++) { in ShowCapRights()
150 uint64_t bits = (rights.cr_rights[0] & 0x01ffffffffffffffULL); in ShowCapRights()
187 cap_rights_t rights; in FORK_TEST() local
188 CAP_NONE(&rights); in FORK_TEST()
189 EXPECT_OK(cap_rights_get(cap_fd, &rights)); in FORK_TEST()
[all …]
H A Dfcntl.cc23 cap_rights_t rights; in FORK_TEST() local
24 cap_rights_init(&rights, CAP_READ, CAP_FCNTL); in FORK_TEST()
48 EXPECT_OK(cap_rights_limit(caps[key], &rights)); in FORK_TEST()
127 cap_rights_t rights; in CheckFcntl() local
128 cap_rights_init(&rights, right); in CheckFcntl()
131 if (cap_rights_contains(&(fcntl_rights[ii]), &rights)) { in CheckFcntl()
169 cap_rights_t rights; in TEST() local
170 cap_rights_init(&rights, 0); in TEST()
171 EXPECT_OK(cap_rights_get(newfd, &rights)); in TEST()
172 EXPECT_RIGHTS_EQ(&(fcntl_rights[0]), &rights); in TEST()
[all …]
H A Dioctl.cc52 cap_rights_t rights; in TEST() local
53 EXPECT_OK(cap_rights_get(fd, &rights)); in TEST()
56 EXPECT_RIGHTS_EQ(&all, &rights); in TEST()
74 cap_rights_t rights; in TEST() local
75 cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_SEEK, CAP_IOCTL); in TEST()
76 EXPECT_OK(cap_rights_limit(fd, &rights)); in TEST()
84 EXPECT_RIGHTS_EQ(&rights, &cur_rights); in TEST()
91 cap_rights_clear(&rights, CAP_READ); in TEST()
92 EXPECT_OK(cap_rights_limit(fd, &rights)); in TEST()
99 cap_rights_clear(&rights, CAP_IOCTL); in TEST()
[all …]
H A Dfexecve.cc95 cap_rights_t rights; in FORK_TEST_F() local
96 cap_rights_init(&rights, 0); in FORK_TEST_F()
97 EXPECT_OK(cap_rights_limit(cap_fd, &rights)); in FORK_TEST_F()
106 cap_rights_t rights; in FORK_TEST_F() local
109 cap_rights_init(&rights, CAP_FEXECVE, CAP_LOOKUP, CAP_READ); in FORK_TEST_F()
110 EXPECT_OK(cap_rights_limit(cap_fd, &rights)); in FORK_TEST_F()
158 cap_rights_t rights; in FORK_TEST_F() local
159 cap_rights_init(&rights, CAP_FEXECVE, CAP_READ, CAP_SEEK); in FORK_TEST_F()
160 EXPECT_OK(cap_rights_limit(fd, &rights)); in FORK_TEST_F()
H A Dbindat_connectat.c180 cap_rights_t *rights, cap_rights_t *sub_rights) in check_3() argument
184 ATF_REQUIRE(cap_rights_limit(s, rights) >= 0); in check_3()
189 cap_rights_remove(rights, sub_rights)) >= 0); in check_3()
198 cap_rights_t rights, sub_rights; in ATF_TC_BODY() local
208 cap_rights_init(&rights, CAP_SOCK_SERVER), in ATF_TC_BODY()
211 cap_rights_init(&rights, CAP_SOCK_SERVER), in ATF_TC_BODY()
214 cap_rights_init(&rights, CAP_SOCK_CLIENT), in ATF_TC_BODY()
217 cap_rights_init(&rights, CAP_SOCK_CLIENT), in ATF_TC_BODY()
H A Dcapsicum.h13 static inline void cap_rights_describe(const cap_rights_t *rights, char *buffer) { in cap_rights_describe() argument
16 int len = sprintf(buffer, "0x%016llx ", (unsigned long long)rights->cr_rights[ii]); in cap_rights_describe()
26 inline std::ostream& operator<<(std::ostream& os, cap_rights_t rights) {
28 …os << std::hex << std::setw(16) << std::setfill('0') << (unsigned long long)rights.cr_rights[ii] <…
H A Dlinux.cc335 cap_rights_t rights; in TEST() local
338 EXPECT_OK(cap_rights_limit(cap_rf, cap_rights_init(&rights, CAP_READ, CAP_FSTAT))); in TEST()
341 EXPECT_OK(cap_rights_limit(cap_ro, cap_rights_init(&rights, CAP_READ))); in TEST()
356 EXPECT_OK(cap_rights_limit(dir_rf, cap_rights_init(&rights, CAP_READ, CAP_FSTAT))); in TEST()
359 EXPECT_OK(cap_rights_limit(dir_ro, cap_rights_init(&rights, CAP_READ))); in TEST()
496 cap_rights_t rights; in TEST() local
497 CAL_ALL(&rights); in TEST()
498 EXPECT_OK(cap_rights_get(ev.fd, &rights)); in TEST()
499 EXPECT_RIGHTS_IN(&rights, &r_rslstat); in TEST()
1077 cap_rights_t rights; in TEST() local
[all …]
/freebsd/lib/libsysdecode/tests/
H A Dsysdecode_test.c91 cap_rights_t rights; in ATF_TC_BODY() local
101 cap_rights_init(&rights), in ATF_TC_BODY()
105 cap_rights_init(&rights, CAP_READ, CAP_SEEK), in ATF_TC_BODY()
109 cap_rights_init(&rights, CAP_READ, CAP_MMAP, CAP_SEEK_TELL), in ATF_TC_BODY()
113 cap_rights_init(&rights, CAP_MMAP, CAP_READ, CAP_WRITE, CAP_SEEK), in ATF_TC_BODY()
117 cap_rights_init(&rights, CAP_READ, CAP_MMAP_X), in ATF_TC_BODY()
122 cap_rights_init(&rights, CAP_RECV, CAP_SEND), in ATF_TC_BODY()
127 cap_rights_init(&rights, CAP_READ, CAP_KQUEUE), in ATF_TC_BODY()
131 cap_rights_init(&rights, CAP_SEEK); in ATF_TC_BODY()
132 cap_rights_clear(&rights, CAP_SEEK_TELL); in ATF_TC_BODY()
[all …]
/freebsd/sys/sys/
H A Dcapsicum.h297 #define CAP_ALL(rights) do { \ argument
298 (rights)->cr_rights[0] = \
300 (rights)->cr_rights[1] = CAP_ALL1; \
303 #define CAP_NONE(rights) do { \ argument
304 (rights)->cr_rights[0] = \
306 (rights)->cr_rights[1] = CAPRIGHT(1, 0ULL); \
310 #define CAPVER(rights) CAPRVER((rights)->cr_rights[0]) argument
311 #define CAPARSIZE(rights) (CAPVER(rights) + 2) argument
330 cap_rights_t *__cap_rights_init(int version, cap_rights_t *rights, ...);
334 cap_rights_t *__cap_rights_set(cap_rights_t *rights, ...);
[all …]
/freebsd/crypto/openssh/
H A Dsandbox-capsicum.c68 cap_rights_t rights; in ssh_sandbox_child() local
88 cap_rights_init(&rights); in ssh_sandbox_child()
90 if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) in ssh_sandbox_child()
92 if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) in ssh_sandbox_child()
94 if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) in ssh_sandbox_child()
97 cap_rights_init(&rights, CAP_READ, CAP_WRITE); in ssh_sandbox_child()
98 if (cap_rights_limit(box->m_recvfd, &rights) < 0 && in ssh_sandbox_child()
101 cap_rights_init(&rights, CAP_WRITE); in ssh_sandbox_child()
102 if (cap_rights_limit(box->m_log_sendfd, &rights) < 0 && in ssh_sandbox_child()
/freebsd/lib/libcapsicum/
H A Dcapsicum_helpers.h3 * All rights reserved.
64 caph_stream_rights(cap_rights_t *rights, int flags) in caph_stream_rights() argument
67 cap_rights_init(rights, CAP_EVENT, CAP_FCNTL, CAP_FSTAT, in caph_stream_rights()
71 cap_rights_set(rights, CAP_READ); in caph_stream_rights()
73 cap_rights_set(rights, CAP_WRITE); in caph_stream_rights()
75 cap_rights_set(rights, CAP_LOOKUP); in caph_stream_rights()
81 cap_rights_t rights; in caph_limit_stream() local
83 caph_stream_rights(&rights, flags); in caph_limit_stream()
84 if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) { in caph_limit_stream()
167 caph_rights_limit(int fd, const cap_rights_t *rights)
158 caph_rights_limit(int fd,const cap_rights_t * rights) caph_rights_limit() argument
[all...]
/freebsd/lib/libcasper/services/cap_fileargs/tests/
H A Dfileargs_test.c217 test_file_cap(int fd, cap_rights_t *rights) in test_file_cap() argument
223 return (cap_rights_contains(&fdrights, rights)); in test_file_cap()
285 cap_rights_t rights, norights; in ATF_TC_BODY() local
294 cap_rights_init(&rights, CAP_READ, CAP_FCNTL); in ATF_TC_BODY()
296 fa = fileargs_init(MAX_FILES, files, O_RDONLY, 0, &rights, in ATF_TC_BODY()
308 ATF_REQUIRE(test_file_cap(fd, &rights) == true); in ATF_TC_BODY()
332 cap_rights_t rights, norights; in ATF_TC_BODY() local
341 cap_rights_init(&rights, CAP_WRITE, CAP_FCNTL); in ATF_TC_BODY()
343 fa = fileargs_init(MAX_FILES, files, O_WRONLY, 0, &rights, in ATF_TC_BODY()
355 ATF_REQUIRE(test_file_cap(fd, &rights) == true); in ATF_TC_BODY()
[all …]
/freebsd/tools/regression/security/cap_test/
H A Dcap_test_relative.c56 cap_rights_t rights; in test_relative() local
59 CHECK_SYSCALL_SUCCEEDS(cap_getrights, etc, &rights); in test_relative()
60 CHECK_RIGHTS(rights, CAP_ALL); in test_relative()
98 CHECK_SYSCALL_SUCCEEDS(cap_getrights, etc_cap_base, &rights); in test_relative()
101 CHECK_SYSCALL_SUCCEEDS(cap_getrights, fd, &rights); in test_relative()
102 CHECK_RIGHTS(rights, baserights); in test_relative()
137 CHECK_SYSCALL_SUCCEEDS(cap_getrights, fd, &rights); in test_relative()
143 CHECK_SYSCALL_SUCCEEDS(cap_getrights, fd, &rights); in test_relative()
144 CHECK_RIGHTS(rights, baserights); in test_relative()
H A Dcap_test.h110 #define CHECK_RIGHTS(rights, max) do { \ argument
111 if ((success == PASSED) && (rights != max)) \
113 (cap_rights_t) rights, (cap_rights_t) max); \
117 #define MAKE_CAPABILITY(to, from, rights) do { \ argument
119 REQUIRE(to = cap_new(from, rights)); \
121 if ((success == PASSED) && (_rights != (rights))) \
123 _rights, (cap_rights_t) (rights)); \
H A Dcap_test_capabilities.c56 FAIL("%s:\t%s (rights 0x%jx)", #syscall, message, rights)
64 if ((rights & (rights_needed)) == (rights_needed)) { \
75 (uintmax_t)rights); \
87 if ((rights & (rights_needed)) == (rights_needed)) { \
98 " (rights 0x%jx)", "mmap", rights); \
111 try_file_ops(int filefd, int dirfd, cap_rights_t rights) in try_file_ops() argument
128 REQUIRE(fd_cap = cap_new(filefd, rights)); in try_file_ops()
130 CHECK(rights == erights); in try_file_ops()
131 REQUIRE(fd_capcap = cap_new(fd_cap, rights)); in try_file_ops()
133 CHECK(rights == erights); in try_file_ops()
[all …]
H A Dcap_test_fcntl.c64 cap_rights_t rights = CAP_READ | CAP_FCNTL; in test_fcntl() local
79 { "file cap", cap_new(files[0].f_fd, rights) }, in test_fcntl()
80 { "socket cap", cap_new(files[1].f_fd, rights) }, in test_fcntl()
81 { "SHM cap", cap_new(files[2].f_fd, rights) }, in test_fcntl()
/freebsd/crypto/openssl/doc/man7/
H A Dproxy-certificates.pod12 extend rights to some other entity (a computer process, typically, or
104 Note that the proxy policy value is what determines the rights granted
134 some default rights (perhaps none at all), then compute the resulting
135 rights by checking the rights against the chain of proxy certificates,
179 * In this example, I will use a view of granted rights as a bit
183 unsigned char rights[(total_rights + 7) / 8];
223 YOUR_RIGHTS *rights =
232 * Do whatever you need to grant explicit rights
235 * are none to be found, clear all rights (making
237 * of any rights).
[all …]
/freebsd/contrib/xz/src/xz/
H A Dsandbox.c272 cap_rights_t rights; in sandbox_enable_strict_if_allowed() local
277 if (cap_rights_limit(src_fd, cap_rights_init(&rights, in sandbox_enable_strict_if_allowed()
283 STDIN_FILENO, cap_rights_init(&rights))) in sandbox_enable_strict_if_allowed()
286 if (cap_rights_limit(STDOUT_FILENO, cap_rights_init(&rights, in sandbox_enable_strict_if_allowed()
291 if (cap_rights_limit(STDERR_FILENO, cap_rights_init(&rights, in sandbox_enable_strict_if_allowed()
295 if (cap_rights_limit(pipe_event_fd, cap_rights_init(&rights, in sandbox_enable_strict_if_allowed()
299 if (cap_rights_limit(pipe_write_fd, cap_rights_init(&rights, in sandbox_enable_strict_if_allowed()
/freebsd/tests/sys/vfs/
H A Dlookup_cap_dotdot.c117 cap_rights_t rights; in ATF_TC_BODY() local
122 cap_rights_init(&rights, CAP_LOOKUP, CAP_READ); in ATF_TC_BODY()
123 ATF_REQUIRE(cap_rights_limit(dirfd, &rights) >= 0); in ATF_TC_BODY()
140 cap_rights_t rights; in ATF_TC_BODY() local
145 cap_rights_init(&rights, CAP_LOOKUP, CAP_READ); in ATF_TC_BODY()
146 ATF_REQUIRE(cap_rights_limit(dirfd, &rights) >= 0); in ATF_TC_BODY()
218 cap_rights_t rights; in ATF_TC_BODY() local
223 cap_rights_init(&rights, CAP_LOOKUP, CAP_READ); in ATF_TC_BODY()
224 ATF_REQUIRE(cap_rights_limit(dirfd, &rights) >= 0); in ATF_TC_BODY()
/freebsd/usr.bin/write/
H A Dwrite.c69 cap_rights_t rights; in main() local
83 cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_LOOKUP, in main()
85 if (caph_rights_limit(devfd, &rights) < 0) in main()
92 cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_READ, in main()
94 if (caph_rights_limit(STDIN_FILENO, &rights) < 0 || in main()
95 caph_rights_limit(STDOUT_FILENO, &rights) < 0 || in main()
96 caph_rights_limit(STDERR_FILENO, &rights) < 0 || in main()
/freebsd/bin/cat/
H A Dcat.c137 cap_rights_t rights; in init_casper() local
144 cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_FCNTL, CAP_SEEK), in init_casper()
442 cap_rights_t rights; in udom_open() local
459 cap_rights_init(&rights, CAP_CONNECT, CAP_READ, CAP_WRITE, in udom_open()
474 if (caph_rights_limit(fd, &rights) != 0) { in udom_open()
502 cap_rights_clear(&rights, CAP_WRITE); in udom_open()
507 cap_rights_clear(&rights, CAP_READ); in udom_open()
515 cap_rights_clear(&rights, CAP_CONNECT, CAP_SHUTDOWN); in udom_open()
516 if (caph_rights_limit(fd, &rights) != 0) { in udom_open()
/freebsd/sys/netinet/
H A Dsctp_syscalls.c151 cap_rights_t rights; in sys_sctp_peeloff() local
157 cap_rights_init_one(&rights, CAP_PEELOFF), &headfp, &fcaps); in sys_sctp_peeloff()
239 cap_rights_t rights; in sys_sctp_generic_sendmsg() local
249 cap_rights_init_one(&rights, CAP_SEND); in sys_sctp_generic_sendmsg()
256 cap_rights_set_one(&rights, CAP_CONNECT); in sys_sctp_generic_sendmsg()
260 error = getsock(td, uap->sd, &rights, &fp); in sys_sctp_generic_sendmsg()
339 cap_rights_t rights; in sys_sctp_generic_sendmsg_iov() local
349 cap_rights_init_one(&rights, CAP_SEND); in sys_sctp_generic_sendmsg_iov()
356 cap_rights_set_one(&rights, CAP_CONNECT); in sys_sctp_generic_sendmsg_iov()
360 error = getsock(td, uap->sd, &rights, &fp); in sys_sctp_generic_sendmsg_iov()
[all …]
/freebsd/usr.bin/uniq/
H A Duniq.c5 * The Regents of the University of California. All rights reserved.
88 cap_rights_t rights; in main() local
148 cap_rights_init(&rights, CAP_FSTAT, CAP_READ); in main()
149 if (caph_rights_limit(fileno(ifp), &rights) < 0) in main()
150 err(1, "unable to limit rights for %s", ifn); in main()
151 cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE); in main()
155 cap_rights_set(&rights, CAP_IOCTL); in main()
156 if (caph_rights_limit(fileno(ofp), &rights) < 0) { in main()
157 err(1, "unable to limit rights for %s", in main()
160 if (cap_rights_is_set(&rights, CAP_IOCT in main()
[all...]

12345678910>>...74