summaryrefslogtreecommitdiffstats
path: root/usr.bin
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/kdump/kdump.c71
-rw-r--r--usr.bin/kdump/mksubr24
-rw-r--r--usr.bin/procstat/procstat_files.c18
-rw-r--r--usr.bin/rwho/rwho.c7
-rw-r--r--usr.bin/uniq/uniq.c13
5 files changed, 72 insertions, 61 deletions
diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c
index 06be0c0..0de183c 100644
--- a/usr.bin/kdump/kdump.c
+++ b/usr.bin/kdump/kdump.c
@@ -103,6 +103,7 @@ void ktrcsw_old(struct ktr_csw_old *);
void ktruser_malloc(unsigned char *);
void ktruser_rtld(int, unsigned char *);
void ktruser(int, unsigned char *);
+void ktrcaprights(cap_rights_t *);
void ktrsockaddr(struct sockaddr *);
void ktrstat(struct stat *);
void ktrstruct(char *, size_t);
@@ -379,21 +380,21 @@ limitfd(int fd)
cap_rights_t rights;
unsigned long cmd;
- rights = CAP_FSTAT;
+ cap_rights_init(&rights, CAP_FSTAT);
cmd = -1;
switch (fd) {
case STDIN_FILENO:
- rights |= CAP_READ;
+ cap_rights_set(&rights, CAP_READ);
break;
case STDOUT_FILENO:
- rights |= CAP_IOCTL | CAP_WRITE;
+ cap_rights_set(&rights, CAP_IOCTL, CAP_WRITE);
cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
break;
case STDERR_FILENO:
- rights |= CAP_WRITE;
+ cap_rights_set(&rights, CAP_WRITE);
if (!suppressdata) {
- rights |= CAP_IOCTL;
+ cap_rights_set(&rights, CAP_IOCTL);
cmd = TIOCGWINSZ;
}
break;
@@ -401,7 +402,7 @@ limitfd(int fd)
abort();
}
- if (cap_rights_limit(fd, rights) < 0 && errno != ENOSYS)
+ if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for descriptor %d", fd);
if (cmd != -1 && cap_ioctls_limit(fd, &cmd, 1) < 0 && errno != ENOSYS)
err(1, "unable to limit ioctls for descriptor %d", fd);
@@ -1120,35 +1121,6 @@ ktrsyscall(struct ktr_syscall *ktr, u_int flags)
ip++;
narg--;
break;
- case SYS_cap_new:
- case SYS_cap_rights_limit:
- print_number(ip, narg, c);
- putchar(',');
- arg = *ip;
- ip++;
- narg--;
- /*
- * Hack: the second argument is a
- * cap_rights_t, which 64 bits wide, so on
- * 32-bit systems, it is split between two
- * registers.
- *
- * Since sizeof() is not evaluated by the
- * preprocessor, we can't use an #ifdef,
- * but the compiler will probably optimize
- * the code out anyway.
- */
- if (sizeof(cap_rights_t) > sizeof(register_t)) {
-#if _BYTE_ORDER == _LITTLE_ENDIAN
- arg = ((intmax_t)*ip << 32) + arg;
-#else
- arg = (arg << 32) + *ip;
-#endif
- ip++;
- narg--;
- }
- capname(arg);
- break;
case SYS_cap_fcntls_limit:
print_number(ip, narg, c);
putchar(',');
@@ -1536,6 +1508,15 @@ ktruser(int len, unsigned char *p)
}
void
+ktrcaprights(cap_rights_t *rightsp)
+{
+
+ printf("cap_rights_t ");
+ capname(rightsp);
+ printf("\n");
+}
+
+void
ktrsockaddr(struct sockaddr *sa)
{
/*
@@ -1712,6 +1693,7 @@ ktrstruct(char *buf, size_t buflen)
char *name, *data;
size_t namelen, datalen;
int i;
+ cap_rights_t rights;
struct stat sb;
struct sockaddr_storage ss;
@@ -1731,7 +1713,12 @@ ktrstruct(char *buf, size_t buflen)
for (i = 0; i < (int)namelen; ++i)
if (!isalpha(name[i]))
goto invalid;
- if (strcmp(name, "stat") == 0) {
+ if (strcmp(name, "caprights") == 0) {
+ if (datalen != sizeof(cap_rights_t))
+ goto invalid;
+ memcpy(&rights, data, datalen);
+ ktrcaprights(&rights);
+ } else if (strcmp(name, "stat") == 0) {
if (datalen != sizeof(struct stat))
goto invalid;
memcpy(&sb, data, datalen);
@@ -1758,16 +1745,16 @@ ktrcapfail(struct ktr_cap_fail *ktr)
case CAPFAIL_NOTCAPABLE:
/* operation on fd with insufficient capabilities */
printf("operation requires ");
- capname((intmax_t)ktr->cap_needed);
+ capname(&ktr->cap_needed);
printf(", process holds ");
- capname((intmax_t)ktr->cap_held);
+ capname(&ktr->cap_held);
break;
case CAPFAIL_INCREASE:
/* requested more capabilities than fd already has */
printf("attempt to increase capabilities from ");
- capname((intmax_t)ktr->cap_held);
+ capname(&ktr->cap_held);
printf(" to ");
- capname((intmax_t)ktr->cap_needed);
+ capname(&ktr->cap_needed);
break;
case CAPFAIL_SYSCALL:
/* called restricted syscall */
@@ -1779,9 +1766,9 @@ ktrcapfail(struct ktr_cap_fail *ktr)
break;
default:
printf("unknown capability failure: ");
- capname((intmax_t)ktr->cap_needed);
+ capname(&ktr->cap_needed);
printf(" ");
- capname((intmax_t)ktr->cap_held);
+ capname(&ktr->cap_held);
break;
}
printf("\n");
diff --git a/usr.bin/kdump/mksubr b/usr.bin/kdump/mksubr
index b10af94..676e9e2 100644
--- a/usr.bin/kdump/mksubr
+++ b/usr.bin/kdump/mksubr
@@ -385,7 +385,6 @@ _EOF_
auto_or_type "accessmodename" "[A-Z]_OK[[:space:]]+0?x?[0-9A-Fa-f]+" "sys/unistd.h"
auto_switch_type "acltypename" "ACL_TYPE_[A-Z4_]+[[:space:]]+0x[0-9]+" "sys/acl.h"
-auto_or_type "capname" "CAP_[A-Z]+[[:space:]]+0x[01248]{16}ULL" "sys/capability.h"
auto_or_type "capfcntlname" "CAP_FCNTL_[A-Z]+[[:space:]]+\(1" "sys/capability.h"
auto_switch_type "extattrctlname" "EXTATTR_NAMESPACE_[A-Z]+[[:space:]]+0x[0-9]+" "sys/extattr.h"
auto_switch_type "fadvisebehavname" "POSIX_FADV_[A-Z]+[[:space:]]+[0-9]+" "sys/fcntl.h"
@@ -609,3 +608,26 @@ cat <<_EOF_
}
}
}
+
+_EOF_
+egrep '#define[[:space:]]+CAP_[A-Z_]+[[:space:]]+CAPRIGHT\([0-9],[[:space:]]+0x[0-9]{16}ULL\)' \
+ $include_dir/sys/capability.h | \
+ sed -E 's/[ ]+/ /g' | \
+ awk -F '[ \(,\)]' '
+ BEGIN {
+ printf "void\n"
+ printf "capname(const cap_rights_t *rightsp)\n"
+ printf "{\n"
+ printf "\tint comma = 0;\n\n"
+ printf "\tprintf(\"<\");\n"
+ }
+ {
+ printf "\tif ((rightsp->cr_rights[%s] & %s) == %s) {\n", $4, $2, $2
+ printf "\t\tif (comma) printf(\",\"); else comma = 1;\n"
+ printf "\t\tprintf(\"%s\");\n", $2
+ printf "\t}\n"
+ }
+ END {
+ printf "\tprintf(\">\");\n"
+ printf "}\n"
+ }'
diff --git a/usr.bin/procstat/procstat_files.c b/usr.bin/procstat/procstat_files.c
index 72600de..d65c1ae 100644
--- a/usr.bin/procstat/procstat_files.c
+++ b/usr.bin/procstat/procstat_files.c
@@ -133,7 +133,7 @@ print_address(struct sockaddr_storage *ss)
}
static struct cap_desc {
- cap_rights_t cd_right;
+ uint64_t cd_right;
const char *cd_desc;
} cap_desc[] = {
/* General file I/O. */
@@ -244,14 +244,14 @@ static const u_int cap_desc_count = sizeof(cap_desc) /
sizeof(cap_desc[0]);
static u_int
-width_capability(cap_rights_t rights)
+width_capability(cap_rights_t *rightsp)
{
u_int count, i, width;
count = 0;
width = 0;
for (i = 0; i < cap_desc_count; i++) {
- if ((cap_desc[i].cd_right & ~rights) == 0) {
+ if (cap_rights_is_set(rightsp, cap_desc[i].cd_right)) {
width += strlen(cap_desc[i].cd_desc);
if (count)
width++;
@@ -262,20 +262,20 @@ width_capability(cap_rights_t rights)
}
static void
-print_capability(cap_rights_t rights, u_int capwidth)
+print_capability(cap_rights_t *rightsp, u_int capwidth)
{
u_int count, i, width;
count = 0;
width = 0;
- for (i = width_capability(rights); i < capwidth; i++) {
- if (rights || i != 0)
+ for (i = width_capability(rightsp); i < capwidth; i++) {
+ if (i != 0)
printf(" ");
else
printf("-");
}
for (i = 0; i < cap_desc_count; i++) {
- if ((cap_desc[i].cd_right & ~rights) == 0) {
+ if (cap_rights_is_set(rightsp, cap_desc[i].cd_right)) {
printf("%s%s", count ? "," : "", cap_desc[i].cd_desc);
width += strlen(cap_desc[i].cd_desc);
if (count)
@@ -306,7 +306,7 @@ procstat_files(struct procstat *procstat, struct kinfo_proc *kipp)
head = procstat_getfiles(procstat, kipp, 0);
if (head != NULL && Cflag) {
STAILQ_FOREACH(fst, head, next) {
- width = width_capability(fst->fs_cap_rights);
+ width = width_capability(&fst->fs_cap_rights);
if (width > capwidth)
capwidth = width;
}
@@ -460,7 +460,7 @@ procstat_files(struct procstat *procstat, struct kinfo_proc *kipp)
printf("%7c ", '-');
}
if (Cflag) {
- print_capability(fst->fs_cap_rights, capwidth);
+ print_capability(&fst->fs_cap_rights, capwidth);
printf(" ");
}
switch (fst->fs_type) {
diff --git a/usr.bin/rwho/rwho.c b/usr.bin/rwho/rwho.c
index bcb5adb..8c985f0 100644
--- a/usr.bin/rwho/rwho.c
+++ b/usr.bin/rwho/rwho.c
@@ -93,6 +93,7 @@ main(int argc, char *argv[])
struct whod *w;
struct whoent *we;
struct myutmp *mp;
+ cap_rights_t rights;
int f, n, i;
int d_first;
int dfd;
@@ -124,7 +125,8 @@ main(int argc, char *argv[])
err(1, "opendir(%s)", _PATH_RWHODIR);
dfd = dirfd(dirp);
mp = myutmp;
- if (cap_rights_limit(dfd, CAP_READ | CAP_LOOKUP) < 0 && errno != ENOSYS)
+ cap_rights_init(&rights, CAP_READ, CAP_LOOKUP);
+ if (cap_rights_limit(dfd, &rights) < 0 && errno != ENOSYS)
err(1, "cap_rights_limit failed: %s", _PATH_RWHODIR);
/*
* Cache files required for time(3) and localtime(3) before entering
@@ -135,13 +137,14 @@ main(int argc, char *argv[])
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "cap_enter");
(void) time(&now);
+ cap_rights_init(&rights, CAP_READ);
while ((dp = readdir(dirp)) != NULL) {
if (dp->d_ino == 0 || strncmp(dp->d_name, "whod.", 5) != 0)
continue;
f = openat(dfd, dp->d_name, O_RDONLY);
if (f < 0)
continue;
- if (cap_rights_limit(f, CAP_READ) < 0 && errno != ENOSYS)
+ if (cap_rights_limit(f, &rights) < 0 && errno != ENOSYS)
err(1, "cap_rights_limit failed: %s", dp->d_name);
cc = read(f, (char *)&wd, sizeof(struct whod));
if (cc < WHDRSIZE) {
diff --git a/usr.bin/uniq/uniq.c b/usr.bin/uniq/uniq.c
index d34b0c0..8e7f40f 100644
--- a/usr.bin/uniq/uniq.c
+++ b/usr.bin/uniq/uniq.c
@@ -145,20 +145,19 @@ main (int argc, char *argv[])
ofp = stdout;
if (argc > 0 && strcmp(argv[0], "-") != 0)
ifp = file(ifn = argv[0], "r");
- if (cap_rights_limit(fileno(ifp), CAP_FSTAT | CAP_READ) < 0 &&
- errno != ENOSYS) {
+ cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
+ if (cap_rights_limit(fileno(ifp), &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for %s", ifn);
- }
- rights = CAP_FSTAT | CAP_WRITE;
+ cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE);
if (argc > 1)
ofp = file(argv[1], "w");
else
- rights |= CAP_IOCTL;
- if (cap_rights_limit(fileno(ofp), rights) < 0 && errno != ENOSYS) {
+ cap_rights_set(&rights, CAP_IOCTL);
+ if (cap_rights_limit(fileno(ofp), &rights) < 0 && errno != ENOSYS) {
err(1, "unable to limit rights for %s",
argc > 1 ? argv[1] : "stdout");
}
- if ((rights & CAP_IOCTL) != 0) {
+ if (cap_rights_is_set(&rights, CAP_IOCTL)) {
unsigned long cmd;
cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
OpenPOWER on IntegriCloud