Date: Thu, 16 Jun 2011 18:23:30 +0000 From: aalvarez@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r223305 - soc2011/aalvarez/pbmac/lib/libugidfw Message-ID: <20110616182330.83E36106566B@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: aalvarez Date: Thu Jun 16 18:23:30 2011 New Revision: 223305 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=223305 Log: Parse rules with filepath object arguments. Modified: soc2011/aalvarez/pbmac/lib/libugidfw/ugidfw.c Modified: soc2011/aalvarez/pbmac/lib/libugidfw/ugidfw.c ============================================================================== --- soc2011/aalvarez/pbmac/lib/libugidfw/ugidfw.c Thu Jun 16 18:21:41 2011 (r223304) +++ soc2011/aalvarez/pbmac/lib/libugidfw/ugidfw.c Thu Jun 16 18:23:30 2011 (r223305) @@ -36,6 +36,8 @@ #include <sys/sysctl.h> #include <sys/ucred.h> #include <sys/mount.h> +#include <sys/types.h> +#include <sys/stat.h> #include <security/mac_bsdextended/mac_bsdextended.h> @@ -342,6 +344,21 @@ left -= len; cur += len; } + if (!notdone && (rule->mbr_object.mbo_neg & MBO_FPATH_DEFINED)) { + len = snprintf(cur, left, "! "); + if (len < 0 || len > left) + goto truncated; + left -= len; + cur += len; + } + if (rule->mbr_object.mbo_flags & MBO_FSID_DEFINED) { + len = snprintf(cur, left, "filepath %s ", + rule->mbr_object.mbo_fpath); + if (len < 0 || len > left) + goto truncated; + left -= len; + cur += len; + } if (!notdone && (rule->mbr_object.mbo_neg & MBO_SUID)) { len = snprintf(cur, left, "! "); if (len < 0 || len > left) @@ -783,6 +800,24 @@ } int +bsde_parse_fpath(char *spec, char** fpath, size_t buflen, char *errstr) +{ + size_t len; + + len = strlen(spec); + *fpath = malloc(len * sizeof(*spec)); + + if (*fpath == NULL) { + len = snprintf(errstr, buflen, "Unable to allocate memory for filepath %s: %s", + spec, strerror(errno)); + } + + strncpy(*fpath, spec, len); + + return (0); +} + +int bsde_parse_object(int argc, char *argv[], struct mac_bsdextended_object *object, size_t buflen, char *errstr) { @@ -792,6 +827,7 @@ gid_t gid_min, gid_max; int type; struct fsid fsid; + char* fpath; size_t len; current = 0; @@ -860,6 +896,24 @@ nextnot = 0; } current += 2; + } else if (strcmp(argv[current], "filepath") == 0) { + if (current + 2 > argc) { + len = snprintf(errstr, buflen, "filepath short"); + return (-1); + } + if (flags & MBO_FPATH_DEFINED) { + len = snprintf(errstr, buflen, "one fpath only"); + return (-1); + } + if (bsde_parse_fpath(argv[current+1], &fpath, + buflen, errstr) < 0) + return (-1); + flags |= MBO_FPATH_DEFINED; + if (nextnot) { + neg ^= MBO_FPATH_DEFINED; + nextnot = 0; + } + current += 2; } else if (strcmp(argv[current], "suid") == 0) { flags |= MBO_SUID; if (nextnot) { @@ -938,6 +992,10 @@ object->mbo_fsid = fsid; if (flags & MBO_TYPE_DEFINED) object->mbo_type = type; + if (flags & MBO_FPATH_DEFINED) { + object->mbo_fpath = fpath; + object->mbo_fpath_len = strlen(fpath); + } return (0); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110616182330.83E36106566B>