From 09eb839cca8c61f73b442ee1015b02aea8ff2ab7 Mon Sep 17 00:00:00 2001 From: rwatson Date: Wed, 25 Feb 2004 03:24:39 +0000 Subject: Add bsde_add_rule(), which is similar to bsde_set_rule() except that the caller does not specify the rule number -- instead, the kernel module is probed for the next available rule, which is then used. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research --- lib/libugidfw/Makefile | 1 + lib/libugidfw/bsde_get_rule.3 | 31 +++++++++++++++++++++++++++++-- lib/libugidfw/libugidfw.3 | 4 ++++ lib/libugidfw/ugidfw.c | 43 ++++++++++++++++++++++++++++++++++++++++++- lib/libugidfw/ugidfw.h | 4 +++- 5 files changed, 79 insertions(+), 4 deletions(-) diff --git a/lib/libugidfw/Makefile b/lib/libugidfw/Makefile index 1eb43d0..761b635 100644 --- a/lib/libugidfw/Makefile +++ b/lib/libugidfw/Makefile @@ -8,6 +8,7 @@ INCS= ugidfw.h MAN+= bsde_get_rule.3 bsde_get_rule_count.3 bsde_parse_rule.3 \ bsde_rule_to_string.3 libugidfw.3 +MLINKS= bsde_get_rule.3 bsde_add_rule.3 MLINKS= bsde_get_rule.3 bsde_delete_rule.3 MLINKS+= bsde_get_rule.3 bsde_set_rule.3 MLINKS+= bsde_get_rule_count.3 bsde_get_rule_slots.3 diff --git a/lib/libugidfw/bsde_get_rule.3 b/lib/libugidfw/bsde_get_rule.3 index 1d8ffb1..10bbb7c 100644 --- a/lib/libugidfw/bsde_get_rule.3 +++ b/lib/libugidfw/bsde_get_rule.3 @@ -1,4 +1,4 @@ -.\" Copyright (c) 2003 Networks Associates Technology, Inc. +.\" Copyright (c) 2003-2004 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by Chris @@ -30,10 +30,11 @@ .\" .\" $FreeBSD$ .\" -.Dd January 7, 2003 +.Dd February 24, 2004 .Os .Dt BSDE_GET_RULE 3 .Sh NAME +.Nm bsde_add_rule , .Nm bsde_get_rule , .Nm bsde_set_rule , .Nm bsde_delete_rule @@ -43,6 +44,11 @@ .Sh SYNOPSIS .In ugidfw.h .Ft int +.Fo bsde_add_rule +.Fa "int *rulenum" "struct mac_bsdextended_rule *rule" +.Fa "size_t buflen" "char *errstr" +.Fc +.Ft int .Fo bsde_get_rule .Fa "int rulenum" "struct mac_bsdextended_rule *rule" .Fa "size_t errlen" "char *errstr" @@ -56,6 +62,27 @@ .Fn bsde_delete_rule "int rulenum" "size_t errlen" "char *errstr" .Sh DESCRIPTION The +.Fn bsde_add_rule +function fills the next available +rule (in +.Vt "struct mac_bsdextended_rule" +form, either from +.Fn bsde_get_rule +or +.Xr bsde_parse_rule 3 ) . +If an error occurs, +.Fa *errstr +is filled with the error string +(up to +.Fa errlen +characters, including the terminating +.Dv NUL ) . +If successful and +.Fa rulenum +is non-NULL, the rule number used will be returned in +.Fa *rulenum . +.Pp +The .Fn bsde_get_rule function fills in .Fa *rule diff --git a/lib/libugidfw/libugidfw.3 b/lib/libugidfw/libugidfw.3 index 5b32be0..c5a3c7e 100644 --- a/lib/libugidfw/libugidfw.3 +++ b/lib/libugidfw/libugidfw.3 @@ -96,6 +96,10 @@ Uploads the rule to the module and applies it; see .Xr bsde_set_rule 3 . +.It Fn bsde_add_rule +Upload the rule to the module, automatically selecting the next available +rule number; see +.Xr bsde_add_rule 3 . .El .Sh SEE ALSO .Xr bsde_delete_rule 3 , diff --git a/lib/libugidfw/ugidfw.c b/lib/libugidfw/ugidfw.c index 351b84c..7a89eb9 100644 --- a/lib/libugidfw/ugidfw.c +++ b/lib/libugidfw/ugidfw.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002, 2004 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by Network Associates @@ -708,3 +708,44 @@ bsde_set_rule(int rulenum, struct mac_bsdextended_rule *rule, size_t buflen, return (0); } + +int +bsde_add_rule(int *rulenum, struct mac_bsdextended_rule *rule, size_t buflen, + char *errstr) +{ + char charstr[BUFSIZ]; + int name[10]; + size_t len, size; + int error, rule_slots; + + len = 10; + error = bsde_get_mib(MIB ".rules", name, &len); + if (error) { + len = snprintf(errstr, buflen, "%s: %s", MIB ".rules", + strerror(errno)); + return (-1); + } + + rule_slots = bsde_get_rule_slots(BUFSIZ, charstr); + if (rule_slots == -1) { + len = snprintf(errstr, buflen, "unable to get rule slots: %s", + strerror(errno)); + return (-1); + } + + name[len] = rule_slots; + len++; + + size = sizeof(*rule); + error = sysctl(name, len, NULL, NULL, rule, size); + if (error) { + len = snprintf(errstr, buflen, "%s.%d: %s", MIB ".rules", + rule_slots, strerror(errno)); + return (-1); + } + + if (rulenum != NULL) + rule_slots; + + return (0); +} diff --git a/lib/libugidfw/ugidfw.h b/lib/libugidfw/ugidfw.h index 41296c3..7637ca5 100644 --- a/lib/libugidfw/ugidfw.h +++ b/lib/libugidfw/ugidfw.h @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002, 2004 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by Network Associates @@ -54,6 +54,8 @@ int bsde_get_rule(int rulenum, struct mac_bsdextended_rule *rule, int bsde_delete_rule(int rulenum, size_t buflen, char *errstr); int bsde_set_rule(int rulenum, struct mac_bsdextended_rule *rule, size_t buflen, char *errstr); +int bsde_add_rule(int *rulename, struct mac_bsdextended_rule *rule, + size_t buflen, char *errstr); __END_DECLS #endif -- cgit v1.1