From 79bb6ec5ea6aacb1b51654255a46244dd3193676 Mon Sep 17 00:00:00 2001 From: rwatson Date: Fri, 13 Oct 2000 17:12:58 +0000 Subject: o Simplify capability types away from an array of ints to a single u_int64_t flag field, bounding the number of capabilities at 64, but substantially cleaning up capability logic (there are currently 43 defined capabilities). o Heads up to anyone actually using capabilities: the constant assignments for various capabilities have been redone, so any persistent binary capability stores (i.e., '$posix1e.cap' EA backing files) must be recreated. If you have one of these, you'll know about it, so if you have no idea what this means, don't worry. o Update libposix1e to reflect this new definition, fixing the exposed functions that directly manipulate the flags fields. Obtained from: TrustedBSD Project --- lib/libc/posix1e/cap_get_flag.c | 3 +-- lib/libc/posix1e/cap_set_flag.c | 15 +++++++++------ lib/libposix1e/cap_get_flag.c | 3 +-- lib/libposix1e/cap_set_flag.c | 15 +++++++++------ 4 files changed, 20 insertions(+), 16 deletions(-) (limited to 'lib') diff --git a/lib/libc/posix1e/cap_get_flag.c b/lib/libc/posix1e/cap_get_flag.c index 6c549e61..37595ee 100644 --- a/lib/libc/posix1e/cap_get_flag.c +++ b/lib/libc/posix1e/cap_get_flag.c @@ -37,8 +37,7 @@ int cap_get_flag(cap_t cap_p, cap_value_t cap, cap_flag_t flag, cap_flag_value_t *value_p) { - cap_flag_value_t result; - u_int32_t *mask; + u_int64_t mask; switch(flag) { diff --git a/lib/libc/posix1e/cap_set_flag.c b/lib/libc/posix1e/cap_set_flag.c index e6e2259..bf150e9 100644 --- a/lib/libc/posix1e/cap_set_flag.c +++ b/lib/libc/posix1e/cap_set_flag.c @@ -37,28 +37,31 @@ int cap_set_flag(cap_t cap_p, cap_flag_t flag, int ncap, cap_value_t caps[], cap_flag_value_t value) { - u_int *mask; + u_int64_t *mask; int i; switch(flag) { case CAP_EFFECTIVE: - mask = &cap_p->c_effective[0]; + mask = &cap_p->c_effective; break; case CAP_INHERITABLE: - mask = &cap_p->c_inheritable[0]; + mask = &cap_p->c_inheritable; break; case CAP_PERMITTED: - mask = &cap_p->c_permitted[0]; + mask = &cap_p->c_permitted; break; default: return (EINVAL); } + if (value != CAP_SET && value != CAP_CLEAR) + return (EINVAL); + for (i = 0; i < ncap; i++) if (value == CAP_SET) - SET_CAPABILITY(mask, caps[i]); + SET_CAPABILITY(*mask, caps[i]); else - UNSET_CAPABILITY(mask, caps[i]); + UNSET_CAPABILITY(*mask, caps[i]); return (0); } diff --git a/lib/libposix1e/cap_get_flag.c b/lib/libposix1e/cap_get_flag.c index 6c549e61..37595ee 100644 --- a/lib/libposix1e/cap_get_flag.c +++ b/lib/libposix1e/cap_get_flag.c @@ -37,8 +37,7 @@ int cap_get_flag(cap_t cap_p, cap_value_t cap, cap_flag_t flag, cap_flag_value_t *value_p) { - cap_flag_value_t result; - u_int32_t *mask; + u_int64_t mask; switch(flag) { diff --git a/lib/libposix1e/cap_set_flag.c b/lib/libposix1e/cap_set_flag.c index e6e2259..bf150e9 100644 --- a/lib/libposix1e/cap_set_flag.c +++ b/lib/libposix1e/cap_set_flag.c @@ -37,28 +37,31 @@ int cap_set_flag(cap_t cap_p, cap_flag_t flag, int ncap, cap_value_t caps[], cap_flag_value_t value) { - u_int *mask; + u_int64_t *mask; int i; switch(flag) { case CAP_EFFECTIVE: - mask = &cap_p->c_effective[0]; + mask = &cap_p->c_effective; break; case CAP_INHERITABLE: - mask = &cap_p->c_inheritable[0]; + mask = &cap_p->c_inheritable; break; case CAP_PERMITTED: - mask = &cap_p->c_permitted[0]; + mask = &cap_p->c_permitted; break; default: return (EINVAL); } + if (value != CAP_SET && value != CAP_CLEAR) + return (EINVAL); + for (i = 0; i < ncap; i++) if (value == CAP_SET) - SET_CAPABILITY(mask, caps[i]); + SET_CAPABILITY(*mask, caps[i]); else - UNSET_CAPABILITY(mask, caps[i]); + UNSET_CAPABILITY(*mask, caps[i]); return (0); } -- cgit v1.1