Home
last modified time | relevance | path

Searched refs:rights (Results 1 – 25 of 1769) sorted by relevance

12345678910>>...71

/freebsd/contrib/capsicum-test/
H A Dcapsicum-rights.h39 #define cap_rights_init(rights, ...) _cap_rights_init((rights), __VA_ARGS__, 0ULL) argument
40 #define cap_rights_set(rights, ...) _cap_rights_set((rights), __VA_ARGS__, 0ULL) argument
41 #define cap_rights_clear(rights, ...) _cap_rights_clear((rights), __VA_ARGS__, 0ULL) argument
42 #define cap_rights_is_set(rights, ...) _cap_rights_is_set((rights), __VA_ARGS__, 0ULL) argument
44 inline cap_rights_t* _cap_rights_init(cap_rights_t *rights, ...) { in _cap_rights_init() argument
47 *rights = 0; in _cap_rights_init()
48 va_start(ap, rights); in _cap_rights_init()
51 *rights |= right; in _cap_rights_init()
55 return rights; in _cap_rights_init()
58 inline cap_rights_t* _cap_rights_set(cap_rights_t *rights, ...) { in _cap_rights_set() argument
[all …]
H A Dcapsicum.h21 #define CAP_SET_ALL(rights) CAP_ALL(rights) argument
23 #define CAP_SET_ALL(rights) *(rights) = CAP_MASK_VALID argument
29 #define CAP_SET_NONE(rights) CAP_NONE(rights) argument
31 #define CAP_SET_NONE(rights) *(rights) = 0 argument
122 inline int cap_rights_get(int fd, cap_rights_t *rights) { in cap_rights_get() argument
123 return cap_getrights(fd, rights); in cap_rights_get()
130 inline int cap_rights_limit(int fd, const cap_rights_t *rights) { in cap_rights_limit() argument
131 int cap = cap_new(fd, *rights); in cap_rights_limit()
143 static inline void cap_rights_describe(const cap_rights_t *rights, char *buffer) { in cap_rights_describe() argument
146 int len = sprintf(buffer, "0x%016llx ", (unsigned long long)rights->cr_rights[ii]); in cap_rights_describe()
[all …]
H A Dcapability-fd.cc154 cap_rights_t rights; in ShowCapRights() local
155 CAP_SET_NONE(&rights); in ShowCapRights()
156 if (cap_rights_get(fd, &rights) < 0) { in ShowCapRights()
164 if (cap_rights_is_set(&rights, known_rights[ii].right)) { in ShowCapRights()
174 cap_rights_clear(&rights, known_rights[ii].right); in ShowCapRights()
178 for (ii = 0; ii < (size_t)CAPARSIZE(&rights); ii++) { in ShowCapRights()
179 uint64_t bits = (rights.cr_rights[0] & 0x01ffffffffffffffULL); in ShowCapRights()
216 cap_rights_t rights; in FORK_TEST() local
217 CAP_SET_NONE(&rights); in FORK_TEST()
218 EXPECT_OK(cap_rights_get(cap_fd, &rights)); in FORK_TEST()
[all …]
H A Dfcntl.cc23 cap_rights_t rights; in FORK_TEST() local
24 cap_rights_init(&rights, CAP_READ, CAP_FCNTL); in FORK_TEST()
48 EXPECT_OK(cap_rights_limit(caps[key], &rights)); in FORK_TEST()
132 cap_rights_t rights; in CheckFcntl() local
133 cap_rights_init(&rights, right); in CheckFcntl()
136 if (cap_rights_contains(&(fcntl_rights[ii]), &rights)) { in CheckFcntl()
174 cap_rights_t rights; in TEST() local
175 cap_rights_init(&rights, 0); in TEST()
176 EXPECT_OK(cap_rights_get(newfd, &rights)); in TEST()
177 EXPECT_RIGHTS_EQ(&(fcntl_rights[0]), &rights); in TEST()
[all …]
H A Dioctl.cc53 cap_rights_t rights; in TEST() local
54 EXPECT_OK(cap_rights_get(fd, &rights)); in TEST()
57 EXPECT_RIGHTS_EQ(&all, &rights); in TEST()
75 cap_rights_t rights; in TEST() local
76 cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_SEEK, CAP_IOCTL); in TEST()
77 EXPECT_OK(cap_rights_limit(fd, &rights)); in TEST()
85 EXPECT_RIGHTS_EQ(&rights, &cur_rights); in TEST()
92 cap_rights_clear(&rights, CAP_READ); in TEST()
93 EXPECT_OK(cap_rights_limit(fd, &rights)); in TEST()
100 cap_rights_clear(&rights, CAP_IOCTL); in TEST()
[all …]
H A Dfexecve.cc95 cap_rights_t rights; in FORK_TEST_F() local
96 cap_rights_init(&rights, 0); in FORK_TEST_F()
97 EXPECT_OK(cap_rights_limit(cap_fd, &rights)); in FORK_TEST_F()
106 cap_rights_t rights; in FORK_TEST_F() local
109 cap_rights_init(&rights, CAP_FEXECVE, CAP_LOOKUP, CAP_READ); in FORK_TEST_F()
110 EXPECT_OK(cap_rights_limit(cap_fd, &rights)); in FORK_TEST_F()
158 cap_rights_t rights; in FORK_TEST_F() local
159 cap_rights_init(&rights, CAP_FEXECVE, CAP_READ, CAP_SEEK); in FORK_TEST_F()
160 EXPECT_OK(cap_rights_limit(fd, &rights)); in FORK_TEST_F()
H A Dlinux.cc335 cap_rights_t rights; in TEST() local
338 EXPECT_OK(cap_rights_limit(cap_rf, cap_rights_init(&rights, CAP_READ, CAP_FSTAT))); in TEST()
341 EXPECT_OK(cap_rights_limit(cap_ro, cap_rights_init(&rights, CAP_READ))); in TEST()
356 EXPECT_OK(cap_rights_limit(dir_rf, cap_rights_init(&rights, CAP_READ, CAP_FSTAT))); in TEST()
359 EXPECT_OK(cap_rights_limit(dir_ro, cap_rights_init(&rights, CAP_READ))); in TEST()
496 cap_rights_t rights; in TEST() local
497 CAP_SET_ALL(&rights); in TEST()
498 EXPECT_OK(cap_rights_get(ev.fd, &rights)); in TEST()
499 EXPECT_RIGHTS_IN(&rights, &r_rslstat); in TEST()
1077 cap_rights_t rights; in TEST() local
[all …]
/freebsd/sys/kern/
H A Dsubr_capability.c172 cap_rights_vset(cap_rights_t *rights, va_list ap) in cap_rights_vset() argument
177 assert(CAPVER(rights) == CAP_RIGHTS_VERSION_00); in cap_rights_vset()
179 n = CAPARSIZE(rights); in cap_rights_vset()
190 assert(CAPIDXBIT(rights->cr_rights[i]) == CAPIDXBIT(right)); in cap_rights_vset()
191 rights->cr_rights[i] |= right; in cap_rights_vset()
192 assert(CAPIDXBIT(rights->cr_rights[i]) == CAPIDXBIT(right)); in cap_rights_vset()
197 cap_rights_vclear(cap_rights_t *rights, va_list ap) in cap_rights_vclear() argument
202 assert(CAPVER(rights) == CAP_RIGHTS_VERSION_00); in cap_rights_vclear()
204 n = CAPARSIZE(rights); in cap_rights_vclear()
215 assert(CAPIDXBIT(rights->cr_rights[i]) == CAPIDXBIT(right)); in cap_rights_vclear()
[all …]
H A Dsys_capability.c160 const cap_rights_t rights[] = { *needp, *havep }; in _cap_check() local
164 ktrcapfail(type, rights); in _cap_check()
183 const cap_rights_t rights[] = { *needp, *havep }; in cap_check_failed_notcapable() local
186 ktrcapfail(CAPFAIL_NOTCAPABLE, rights); in cap_check_failed_notcapable()
230 kern_cap_rights_limit(struct thread *td, int fd, cap_rights_t *rights) in kern_cap_rights_limit() argument
245 error = _cap_check(cap_rights(fdp, fd), rights, CAPFAIL_INCREASE); in kern_cap_rights_limit()
248 fdep->fde_rights = *rights; in kern_cap_rights_limit()
249 if (!cap_rights_is_set(rights, CAP_IOCTL)) { in kern_cap_rights_limit()
254 if (!cap_rights_is_set(rights, CAP_FCNTL)) in kern_cap_rights_limit()
269 cap_rights_t rights; in sys_cap_rights_limit() local
[all …]
/freebsd/lib/libsysdecode/tests/
H A Dsysdecode_test.c91 cap_rights_t rights; in ATF_TC_BODY() local
101 cap_rights_init(&rights), in ATF_TC_BODY()
105 cap_rights_init(&rights, CAP_READ, CAP_SEEK), in ATF_TC_BODY()
109 cap_rights_init(&rights, CAP_READ, CAP_MMAP, CAP_SEEK_TELL), in ATF_TC_BODY()
113 cap_rights_init(&rights, CAP_MMAP, CAP_READ, CAP_WRITE, CAP_SEEK), in ATF_TC_BODY()
117 cap_rights_init(&rights, CAP_READ, CAP_MMAP_X), in ATF_TC_BODY()
122 cap_rights_init(&rights, CAP_RECV, CAP_SEND), in ATF_TC_BODY()
127 cap_rights_init(&rights, CAP_READ, CAP_KQUEUE), in ATF_TC_BODY()
131 cap_rights_init(&rights, CAP_SEEK); in ATF_TC_BODY()
132 cap_rights_clear(&rights, CAP_SEEK_TELL); in ATF_TC_BODY()
[all …]
/freebsd/sys/sys/
H A Dcapsicum.h292 #define CAP_ALL(rights) do { \ argument
293 (rights)->cr_rights[0] = \
295 (rights)->cr_rights[1] = CAP_ALL1; \
298 #define CAP_NONE(rights) do { \ argument
299 (rights)->cr_rights[0] = \
301 (rights)->cr_rights[1] = CAPRIGHT(1, 0ULL); \
305 #define CAPVER(rights) CAPRVER((rights)->cr_rights[0]) argument
306 #define CAPARSIZE(rights) (CAPVER(rights) + 2) argument
325 cap_rights_t *__cap_rights_init(int version, cap_rights_t *rights, ...);
329 cap_rights_t *__cap_rights_set(cap_rights_t *rights, ...);
[all …]
/freebsd/lib/libcapsicum/
H A Dcapsicum_helpers.h3 * All rights reserved.
64 caph_stream_rights(cap_rights_t *rights, int flags) in caph_stream_rights() argument
67 cap_rights_init(rights, CAP_EVENT, CAP_FCNTL, CAP_FSTAT, in caph_stream_rights()
71 cap_rights_set(rights, CAP_READ); in caph_stream_rights()
73 cap_rights_set(rights, CAP_WRITE); in caph_stream_rights()
75 cap_rights_set(rights, CAP_LOOKUP); in caph_stream_rights()
81 cap_rights_t rights; in caph_limit_stream() local
83 caph_stream_rights(&rights, flags); in caph_limit_stream()
84 if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) { in caph_limit_stream()
167 caph_rights_limit(int fd, const cap_rights_t *rights)
158 caph_rights_limit(int fd,const cap_rights_t * rights) caph_rights_limit() argument
[all...]
/freebsd/crypto/openssh/
H A Dsandbox-capsicum.c73 cap_rights_t rights; in ssh_sandbox_child() local
93 cap_rights_init(&rights); in ssh_sandbox_child()
95 if (cap_rights_limit(STDIN_FILENO, &rights) < 0 && errno != ENOSYS) in ssh_sandbox_child()
97 if (cap_rights_limit(STDOUT_FILENO, &rights) < 0 && errno != ENOSYS) in ssh_sandbox_child()
99 if (cap_rights_limit(STDERR_FILENO, &rights) < 0 && errno != ENOSYS) in ssh_sandbox_child()
102 cap_rights_init(&rights, CAP_READ, CAP_WRITE); in ssh_sandbox_child()
103 if (cap_rights_limit(box->monitor->m_recvfd, &rights) < 0 && in ssh_sandbox_child()
106 cap_rights_init(&rights, CAP_WRITE); in ssh_sandbox_child()
107 if (cap_rights_limit(box->monitor->m_log_sendfd, &rights) < 0 && in ssh_sandbox_child()
/freebsd/lib/libcasper/services/cap_fileargs/tests/
H A Dfileargs_test.c217 test_file_cap(int fd, cap_rights_t *rights) in test_file_cap() argument
223 return (cap_rights_contains(&fdrights, rights)); in test_file_cap()
285 cap_rights_t rights, norights; in ATF_TC_BODY() local
294 cap_rights_init(&rights, CAP_READ, CAP_FCNTL); in ATF_TC_BODY()
296 fa = fileargs_init(MAX_FILES, files, O_RDONLY, 0, &rights, in ATF_TC_BODY()
308 ATF_REQUIRE(test_file_cap(fd, &rights) == true); in ATF_TC_BODY()
332 cap_rights_t rights, norights; in ATF_TC_BODY() local
341 cap_rights_init(&rights, CAP_WRITE, CAP_FCNTL); in ATF_TC_BODY()
343 fa = fileargs_init(MAX_FILES, files, O_WRONLY, 0, &rights, in ATF_TC_BODY()
355 ATF_REQUIRE(test_file_cap(fd, &rights) == true); in ATF_TC_BODY()
[all …]
/freebsd/tools/regression/security/cap_test/
H A Dcap_test_relative.c56 cap_rights_t rights; in test_relative() local
59 CHECK_SYSCALL_SUCCEEDS(cap_getrights, etc, &rights); in test_relative()
60 CHECK_RIGHTS(rights, CAP_ALL); in test_relative()
98 CHECK_SYSCALL_SUCCEEDS(cap_getrights, etc_cap_base, &rights); in test_relative()
101 CHECK_SYSCALL_SUCCEEDS(cap_getrights, fd, &rights); in test_relative()
102 CHECK_RIGHTS(rights, baserights); in test_relative()
137 CHECK_SYSCALL_SUCCEEDS(cap_getrights, fd, &rights); in test_relative()
143 CHECK_SYSCALL_SUCCEEDS(cap_getrights, fd, &rights); in test_relative()
144 CHECK_RIGHTS(rights, baserights); in test_relative()
H A Dcap_test.h110 #define CHECK_RIGHTS(rights, max) do { \ argument
111 if ((success == PASSED) && (rights != max)) \
113 (cap_rights_t) rights, (cap_rights_t) max); \
117 #define MAKE_CAPABILITY(to, from, rights) do { \ argument
119 REQUIRE(to = cap_new(from, rights)); \
121 if ((success == PASSED) && (_rights != (rights))) \
123 _rights, (cap_rights_t) (rights)); \
H A Dcap_test_capabilities.c56 FAIL("%s:\t%s (rights 0x%jx)", #syscall, message, rights)
64 if ((rights & (rights_needed)) == (rights_needed)) { \
75 (uintmax_t)rights); \
87 if ((rights & (rights_needed)) == (rights_needed)) { \
98 " (rights 0x%jx)", "mmap", rights); \
111 try_file_ops(int filefd, int dirfd, cap_rights_t rights) in try_file_ops() argument
128 REQUIRE(fd_cap = cap_new(filefd, rights)); in try_file_ops()
130 CHECK(rights == erights); in try_file_ops()
131 REQUIRE(fd_capcap = cap_new(fd_cap, rights)); in try_file_ops()
133 CHECK(rights == erights); in try_file_ops()
[all …]
H A Dcap_test_fcntl.c64 cap_rights_t rights = CAP_READ | CAP_FCNTL; in test_fcntl() local
79 { "file cap", cap_new(files[0].f_fd, rights) }, in test_fcntl()
80 { "socket cap", cap_new(files[1].f_fd, rights) }, in test_fcntl()
81 { "SHM cap", cap_new(files[2].f_fd, rights) }, in test_fcntl()
/freebsd/crypto/openssl/doc/man7/
H A Dproxy-certificates.pod12 extend rights to some other entity (a computer process, typically, or
104 Note that the proxy policy value is what determines the rights granted
134 some default rights (perhaps none at all), then compute the resulting
135 rights by checking the rights against the chain of proxy certificates,
179 * In this example, I will use a view of granted rights as a bit
183 unsigned char rights[(total_rights + 7) / 8];
223 YOUR_RIGHTS *rights =
232 * Do whatever you need to grant explicit rights
235 * are none to be found, clear all rights (making
237 * of any rights).
[all …]
/freebsd/tests/sys/vfs/
H A Dlookup_cap_dotdot.c117 cap_rights_t rights; in ATF_TC_BODY() local
122 cap_rights_init(&rights, CAP_LOOKUP, CAP_READ); in ATF_TC_BODY()
123 ATF_REQUIRE(cap_rights_limit(dirfd, &rights) >= 0); in ATF_TC_BODY()
140 cap_rights_t rights; in ATF_TC_BODY() local
145 cap_rights_init(&rights, CAP_LOOKUP, CAP_READ); in ATF_TC_BODY()
146 ATF_REQUIRE(cap_rights_limit(dirfd, &rights) >= 0); in ATF_TC_BODY()
218 cap_rights_t rights; in ATF_TC_BODY() local
223 cap_rights_init(&rights, CAP_LOOKUP, CAP_READ); in ATF_TC_BODY()
224 ATF_REQUIRE(cap_rights_limit(dirfd, &rights) >= 0); in ATF_TC_BODY()
/freebsd/tests/sys/capsicum/
H A Dbindat_connectat.c180 cap_rights_t *rights, cap_rights_t *sub_rights) in check_3() argument
184 ATF_REQUIRE(cap_rights_limit(s, rights) >= 0); in check_3()
189 cap_rights_remove(rights, sub_rights)) >= 0); in check_3()
198 cap_rights_t rights, sub_rights; in ATF_TC_BODY() local
208 cap_rights_init(&rights, CAP_SOCK_SERVER), in ATF_TC_BODY()
211 cap_rights_init(&rights, CAP_SOCK_SERVER), in ATF_TC_BODY()
214 cap_rights_init(&rights, CAP_SOCK_CLIENT), in ATF_TC_BODY()
217 cap_rights_init(&rights, CAP_SOCK_CLIENT), in ATF_TC_BODY()
/freebsd/sys/netinet/
H A Dsctp_syscalls.c145 cap_rights_t rights; in sys_sctp_peeloff() local
151 cap_rights_init_one(&rights, CAP_PEELOFF), &headfp, &fcaps); in sys_sctp_peeloff()
219 cap_rights_t rights; in sys_sctp_generic_sendmsg() local
229 cap_rights_init_one(&rights, CAP_SEND); in sys_sctp_generic_sendmsg()
236 cap_rights_set_one(&rights, CAP_CONNECT); in sys_sctp_generic_sendmsg()
240 error = getsock(td, uap->sd, &rights, &fp); in sys_sctp_generic_sendmsg()
319 cap_rights_t rights; in sys_sctp_generic_sendmsg_iov() local
329 cap_rights_init_one(&rights, CAP_SEND); in sys_sctp_generic_sendmsg_iov()
336 cap_rights_set_one(&rights, CAP_CONNECT); in sys_sctp_generic_sendmsg_iov()
340 error = getsock(td, uap->sd, &rights, &fp); in sys_sctp_generic_sendmsg_iov()
[all …]
/freebsd/usr.bin/write/
H A Dwrite.c69 cap_rights_t rights; in main() local
83 cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_LOOKUP, in main()
85 if (caph_rights_limit(devfd, &rights) < 0) in main()
92 cap_rights_init(&rights, CAP_FCNTL, CAP_FSTAT, CAP_IOCTL, CAP_READ, in main()
94 if (caph_rights_limit(STDIN_FILENO, &rights) < 0 || in main()
95 caph_rights_limit(STDOUT_FILENO, &rights) < 0 || in main()
96 caph_rights_limit(STDERR_FILENO, &rights) < 0 || in main()
/freebsd/bin/cat/
H A Dcat.c137 cap_rights_t rights; in init_casper() local
144 cap_rights_init(&rights, CAP_READ, CAP_FSTAT, CAP_FCNTL, CAP_SEEK), in init_casper()
442 cap_rights_t rights; in udom_open() local
459 cap_rights_init(&rights, CAP_CONNECT, CAP_READ, CAP_WRITE, in udom_open()
474 if (caph_rights_limit(fd, &rights) != 0) { in udom_open()
502 cap_rights_clear(&rights, CAP_WRITE); in udom_open()
507 cap_rights_clear(&rights, CAP_READ); in udom_open()
515 cap_rights_clear(&rights, CAP_CONNECT, CAP_SHUTDOWN); in udom_open()
516 if (caph_rights_limit(fd, &rights) != 0) { in udom_open()
/freebsd/usr.bin/uniq/
H A Duniq.c88 cap_rights_t rights; in main() local
148 cap_rights_init(&rights, CAP_FSTAT, CAP_READ); in main()
149 if (caph_rights_limit(fileno(ifp), &rights) < 0) in main()
151 cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE); in main()
155 cap_rights_set(&rights, CAP_IOCTL); in main()
156 if (caph_rights_limit(fileno(ofp), &rights) < 0) { in main()
160 if (cap_rights_is_set(&rights, CAP_IOCTL)) { in main()

12345678910>>...71