diff options
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/kdump/kdump.c | 71 | ||||
-rw-r--r-- | usr.bin/kdump/mksubr | 24 | ||||
-rw-r--r-- | usr.bin/procstat/procstat_files.c | 18 | ||||
-rw-r--r-- | usr.bin/rwho/rwho.c | 7 | ||||
-rw-r--r-- | usr.bin/uniq/uniq.c | 13 |
5 files changed, 72 insertions, 61 deletions
diff --git a/usr.bin/kdump/kdump.c b/usr.bin/kdump/kdump.c index 06be0c0..0de183c 100644 --- a/usr.bin/kdump/kdump.c +++ b/usr.bin/kdump/kdump.c @@ -103,6 +103,7 @@ void ktrcsw_old(struct ktr_csw_old *); void ktruser_malloc(unsigned char *); void ktruser_rtld(int, unsigned char *); void ktruser(int, unsigned char *); +void ktrcaprights(cap_rights_t *); void ktrsockaddr(struct sockaddr *); void ktrstat(struct stat *); void ktrstruct(char *, size_t); @@ -379,21 +380,21 @@ limitfd(int fd) cap_rights_t rights; unsigned long cmd; - rights = CAP_FSTAT; + cap_rights_init(&rights, CAP_FSTAT); cmd = -1; switch (fd) { case STDIN_FILENO: - rights |= CAP_READ; + cap_rights_set(&rights, CAP_READ); break; case STDOUT_FILENO: - rights |= CAP_IOCTL | CAP_WRITE; + cap_rights_set(&rights, CAP_IOCTL, CAP_WRITE); cmd = TIOCGETA; /* required by isatty(3) in printf(3) */ break; case STDERR_FILENO: - rights |= CAP_WRITE; + cap_rights_set(&rights, CAP_WRITE); if (!suppressdata) { - rights |= CAP_IOCTL; + cap_rights_set(&rights, CAP_IOCTL); cmd = TIOCGWINSZ; } break; @@ -401,7 +402,7 @@ limitfd(int fd) abort(); } - if (cap_rights_limit(fd, rights) < 0 && errno != ENOSYS) + if (cap_rights_limit(fd, &rights) < 0 && errno != ENOSYS) err(1, "unable to limit rights for descriptor %d", fd); if (cmd != -1 && cap_ioctls_limit(fd, &cmd, 1) < 0 && errno != ENOSYS) err(1, "unable to limit ioctls for descriptor %d", fd); @@ -1120,35 +1121,6 @@ ktrsyscall(struct ktr_syscall *ktr, u_int flags) ip++; narg--; break; - case SYS_cap_new: - case SYS_cap_rights_limit: - print_number(ip, narg, c); - putchar(','); - arg = *ip; - ip++; - narg--; - /* - * Hack: the second argument is a - * cap_rights_t, which 64 bits wide, so on - * 32-bit systems, it is split between two - * registers. - * - * Since sizeof() is not evaluated by the - * preprocessor, we can't use an #ifdef, - * but the compiler will probably optimize - * the code out anyway. - */ - if (sizeof(cap_rights_t) > sizeof(register_t)) { -#if _BYTE_ORDER == _LITTLE_ENDIAN - arg = ((intmax_t)*ip << 32) + arg; -#else - arg = (arg << 32) + *ip; -#endif - ip++; - narg--; - } - capname(arg); - break; case SYS_cap_fcntls_limit: print_number(ip, narg, c); putchar(','); @@ -1536,6 +1508,15 @@ ktruser(int len, unsigned char *p) } void +ktrcaprights(cap_rights_t *rightsp) +{ + + printf("cap_rights_t "); + capname(rightsp); + printf("\n"); +} + +void ktrsockaddr(struct sockaddr *sa) { /* @@ -1712,6 +1693,7 @@ ktrstruct(char *buf, size_t buflen) char *name, *data; size_t namelen, datalen; int i; + cap_rights_t rights; struct stat sb; struct sockaddr_storage ss; @@ -1731,7 +1713,12 @@ ktrstruct(char *buf, size_t buflen) for (i = 0; i < (int)namelen; ++i) if (!isalpha(name[i])) goto invalid; - if (strcmp(name, "stat") == 0) { + if (strcmp(name, "caprights") == 0) { + if (datalen != sizeof(cap_rights_t)) + goto invalid; + memcpy(&rights, data, datalen); + ktrcaprights(&rights); + } else if (strcmp(name, "stat") == 0) { if (datalen != sizeof(struct stat)) goto invalid; memcpy(&sb, data, datalen); @@ -1758,16 +1745,16 @@ ktrcapfail(struct ktr_cap_fail *ktr) case CAPFAIL_NOTCAPABLE: /* operation on fd with insufficient capabilities */ printf("operation requires "); - capname((intmax_t)ktr->cap_needed); + capname(&ktr->cap_needed); printf(", process holds "); - capname((intmax_t)ktr->cap_held); + capname(&ktr->cap_held); break; case CAPFAIL_INCREASE: /* requested more capabilities than fd already has */ printf("attempt to increase capabilities from "); - capname((intmax_t)ktr->cap_held); + capname(&ktr->cap_held); printf(" to "); - capname((intmax_t)ktr->cap_needed); + capname(&ktr->cap_needed); break; case CAPFAIL_SYSCALL: /* called restricted syscall */ @@ -1779,9 +1766,9 @@ ktrcapfail(struct ktr_cap_fail *ktr) break; default: printf("unknown capability failure: "); - capname((intmax_t)ktr->cap_needed); + capname(&ktr->cap_needed); printf(" "); - capname((intmax_t)ktr->cap_held); + capname(&ktr->cap_held); break; } printf("\n"); diff --git a/usr.bin/kdump/mksubr b/usr.bin/kdump/mksubr index b10af94..676e9e2 100644 --- a/usr.bin/kdump/mksubr +++ b/usr.bin/kdump/mksubr @@ -385,7 +385,6 @@ _EOF_ auto_or_type "accessmodename" "[A-Z]_OK[[:space:]]+0?x?[0-9A-Fa-f]+" "sys/unistd.h" auto_switch_type "acltypename" "ACL_TYPE_[A-Z4_]+[[:space:]]+0x[0-9]+" "sys/acl.h" -auto_or_type "capname" "CAP_[A-Z]+[[:space:]]+0x[01248]{16}ULL" "sys/capability.h" auto_or_type "capfcntlname" "CAP_FCNTL_[A-Z]+[[:space:]]+\(1" "sys/capability.h" auto_switch_type "extattrctlname" "EXTATTR_NAMESPACE_[A-Z]+[[:space:]]+0x[0-9]+" "sys/extattr.h" auto_switch_type "fadvisebehavname" "POSIX_FADV_[A-Z]+[[:space:]]+[0-9]+" "sys/fcntl.h" @@ -609,3 +608,26 @@ cat <<_EOF_ } } } + +_EOF_ +egrep '#define[[:space:]]+CAP_[A-Z_]+[[:space:]]+CAPRIGHT\([0-9],[[:space:]]+0x[0-9]{16}ULL\)' \ + $include_dir/sys/capability.h | \ + sed -E 's/[ ]+/ /g' | \ + awk -F '[ \(,\)]' ' + BEGIN { + printf "void\n" + printf "capname(const cap_rights_t *rightsp)\n" + printf "{\n" + printf "\tint comma = 0;\n\n" + printf "\tprintf(\"<\");\n" + } + { + printf "\tif ((rightsp->cr_rights[%s] & %s) == %s) {\n", $4, $2, $2 + printf "\t\tif (comma) printf(\",\"); else comma = 1;\n" + printf "\t\tprintf(\"%s\");\n", $2 + printf "\t}\n" + } + END { + printf "\tprintf(\">\");\n" + printf "}\n" + }' diff --git a/usr.bin/procstat/procstat_files.c b/usr.bin/procstat/procstat_files.c index 72600de..d65c1ae 100644 --- a/usr.bin/procstat/procstat_files.c +++ b/usr.bin/procstat/procstat_files.c @@ -133,7 +133,7 @@ print_address(struct sockaddr_storage *ss) } static struct cap_desc { - cap_rights_t cd_right; + uint64_t cd_right; const char *cd_desc; } cap_desc[] = { /* General file I/O. */ @@ -244,14 +244,14 @@ static const u_int cap_desc_count = sizeof(cap_desc) / sizeof(cap_desc[0]); static u_int -width_capability(cap_rights_t rights) +width_capability(cap_rights_t *rightsp) { u_int count, i, width; count = 0; width = 0; for (i = 0; i < cap_desc_count; i++) { - if ((cap_desc[i].cd_right & ~rights) == 0) { + if (cap_rights_is_set(rightsp, cap_desc[i].cd_right)) { width += strlen(cap_desc[i].cd_desc); if (count) width++; @@ -262,20 +262,20 @@ width_capability(cap_rights_t rights) } static void -print_capability(cap_rights_t rights, u_int capwidth) +print_capability(cap_rights_t *rightsp, u_int capwidth) { u_int count, i, width; count = 0; width = 0; - for (i = width_capability(rights); i < capwidth; i++) { - if (rights || i != 0) + for (i = width_capability(rightsp); i < capwidth; i++) { + if (i != 0) printf(" "); else printf("-"); } for (i = 0; i < cap_desc_count; i++) { - if ((cap_desc[i].cd_right & ~rights) == 0) { + if (cap_rights_is_set(rightsp, cap_desc[i].cd_right)) { printf("%s%s", count ? "," : "", cap_desc[i].cd_desc); width += strlen(cap_desc[i].cd_desc); if (count) @@ -306,7 +306,7 @@ procstat_files(struct procstat *procstat, struct kinfo_proc *kipp) head = procstat_getfiles(procstat, kipp, 0); if (head != NULL && Cflag) { STAILQ_FOREACH(fst, head, next) { - width = width_capability(fst->fs_cap_rights); + width = width_capability(&fst->fs_cap_rights); if (width > capwidth) capwidth = width; } @@ -460,7 +460,7 @@ procstat_files(struct procstat *procstat, struct kinfo_proc *kipp) printf("%7c ", '-'); } if (Cflag) { - print_capability(fst->fs_cap_rights, capwidth); + print_capability(&fst->fs_cap_rights, capwidth); printf(" "); } switch (fst->fs_type) { diff --git a/usr.bin/rwho/rwho.c b/usr.bin/rwho/rwho.c index bcb5adb..8c985f0 100644 --- a/usr.bin/rwho/rwho.c +++ b/usr.bin/rwho/rwho.c @@ -93,6 +93,7 @@ main(int argc, char *argv[]) struct whod *w; struct whoent *we; struct myutmp *mp; + cap_rights_t rights; int f, n, i; int d_first; int dfd; @@ -124,7 +125,8 @@ main(int argc, char *argv[]) err(1, "opendir(%s)", _PATH_RWHODIR); dfd = dirfd(dirp); mp = myutmp; - if (cap_rights_limit(dfd, CAP_READ | CAP_LOOKUP) < 0 && errno != ENOSYS) + cap_rights_init(&rights, CAP_READ, CAP_LOOKUP); + if (cap_rights_limit(dfd, &rights) < 0 && errno != ENOSYS) err(1, "cap_rights_limit failed: %s", _PATH_RWHODIR); /* * Cache files required for time(3) and localtime(3) before entering @@ -135,13 +137,14 @@ main(int argc, char *argv[]) if (cap_enter() < 0 && errno != ENOSYS) err(1, "cap_enter"); (void) time(&now); + cap_rights_init(&rights, CAP_READ); while ((dp = readdir(dirp)) != NULL) { if (dp->d_ino == 0 || strncmp(dp->d_name, "whod.", 5) != 0) continue; f = openat(dfd, dp->d_name, O_RDONLY); if (f < 0) continue; - if (cap_rights_limit(f, CAP_READ) < 0 && errno != ENOSYS) + if (cap_rights_limit(f, &rights) < 0 && errno != ENOSYS) err(1, "cap_rights_limit failed: %s", dp->d_name); cc = read(f, (char *)&wd, sizeof(struct whod)); if (cc < WHDRSIZE) { diff --git a/usr.bin/uniq/uniq.c b/usr.bin/uniq/uniq.c index d34b0c0..8e7f40f 100644 --- a/usr.bin/uniq/uniq.c +++ b/usr.bin/uniq/uniq.c @@ -145,20 +145,19 @@ main (int argc, char *argv[]) ofp = stdout; if (argc > 0 && strcmp(argv[0], "-") != 0) ifp = file(ifn = argv[0], "r"); - if (cap_rights_limit(fileno(ifp), CAP_FSTAT | CAP_READ) < 0 && - errno != ENOSYS) { + cap_rights_init(&rights, CAP_FSTAT, CAP_READ); + if (cap_rights_limit(fileno(ifp), &rights) < 0 && errno != ENOSYS) err(1, "unable to limit rights for %s", ifn); - } - rights = CAP_FSTAT | CAP_WRITE; + cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE); if (argc > 1) ofp = file(argv[1], "w"); else - rights |= CAP_IOCTL; - if (cap_rights_limit(fileno(ofp), rights) < 0 && errno != ENOSYS) { + cap_rights_set(&rights, CAP_IOCTL); + if (cap_rights_limit(fileno(ofp), &rights) < 0 && errno != ENOSYS) { err(1, "unable to limit rights for %s", argc > 1 ? argv[1] : "stdout"); } - if ((rights & CAP_IOCTL) != 0) { + if (cap_rights_is_set(&rights, CAP_IOCTL)) { unsigned long cmd; cmd = TIOCGETA; /* required by isatty(3) in printf(3) */ |