From owner-p4-projects@FreeBSD.ORG Wed Feb 25 08:52:59 2004 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id EC41C16A4D0; Wed, 25 Feb 2004 08:52:58 -0800 (PST) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C26F616A4CE for ; Wed, 25 Feb 2004 08:52:58 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6BC043D1D for ; Wed, 25 Feb 2004 08:52:58 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i1PGqwGe065211 for ; Wed, 25 Feb 2004 08:52:58 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i1PGqwVE065208 for perforce@freebsd.org; Wed, 25 Feb 2004 08:52:58 -0800 (PST) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Date: Wed, 25 Feb 2004 08:52:58 -0800 (PST) Message-Id: <200402251652.i1PGqwVE065208@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson To: Perforce Change Reviews Subject: PERFORCE change 47630 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2004 16:52:59 -0000 http://perforce.freebsd.org/chv.cgi?CH=47630 Change 47630 by rwatson@rwatson_tislabs on 2004/02/25 08:52:45 Loop back support for 'ugidfw add' from the FreeBSD CVS HEAD to TrustedBSD base branch. Affected files ... .. //depot/projects/trustedbsd/base/usr.sbin/ugidfw/ugidfw.8#4 integrate .. //depot/projects/trustedbsd/base/usr.sbin/ugidfw/ugidfw.c#2 integrate Differences ... ==== //depot/projects/trustedbsd/base/usr.sbin/ugidfw/ugidfw.8#4 (text+ko) ==== @@ -1,4 +1,4 @@ -.\" Copyright (c) 2002 Networks Associates Technology, Inc. +.\" Copyright (c) 2002, 2004 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by Chris @@ -15,9 +15,6 @@ .\" 2. Redistributions in binary form must reproduce the above copyright .\" notice, this list of conditions and the following disclaimer in the .\" documentation and/or other materials provided with the distribution. -.\" 3. The names of the authors may not be used to endorse or promote -.\" products derived from this software without specific prior written -.\" permission. .\" .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -31,9 +28,9 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/usr.sbin/ugidfw/ugidfw.8,v 1.5 2002/12/12 14:09:25 ru Exp $ +.\" $FreeBSD: src/usr.sbin/ugidfw/ugidfw.8,v 1.6 2004/02/25 03:59:56 rwatson Exp $ .\" -.Dd October 11, 2002 +.Dd February 24, 2004 .Dt UGIDFW 8 .Os .Sh NAME @@ -41,6 +38,18 @@ .Nd "firewall-like access controls for file system objects" .Sh SYNOPSIS .Nm +.Cm add +.Cm subject +.Op Cm not +.Op Cm uid Ar uid +.Op Cm gid Ar gid +.Cm object +.Op Cm not +.Op Cm uid Ar uid +.Op Cm gid Ar gid +.Cm mode +.Ar arswxn +.Nm .Cm list .Nm .Cm set @@ -71,6 +80,27 @@ .Pp The arguments are as follows: .Bl -tag -width indent -offset indent +.It Cm add +Add a new +.Nm +rule. +.It Xo +.Cm add +.Cm subject +.Op Cm not +.Op Cm uid Ar uid +.Op Cm gid Ar gid +.Cm object +.Op Cm not +.Op Cm uid Ar uid +.Op Cm gid Ar gid +.Cm mode +.Ar arswxn +.Xc +Add a new rule, automatically selecting the rule number. +See the description of +.Cm set +for syntax information. .It Cm list Produces a list of all the current .Nm ==== //depot/projects/trustedbsd/base/usr.sbin/ugidfw/ugidfw.c#2 (text+ko) ==== @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002, 2004 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by NAI Labs, the @@ -15,9 +15,6 @@ * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. - * 3. The names of the authors may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE @@ -31,7 +28,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/usr.sbin/ugidfw/ugidfw.c,v 1.1 2002/08/02 07:14:22 rwatson Exp $ + * $FreeBSD: src/usr.sbin/ugidfw/ugidfw.c,v 1.2 2004/02/25 03:59:56 rwatson Exp $ */ #include #include @@ -50,6 +47,9 @@ usage(void) { + fprintf(stderr, "ugidfw add [subject [not] [uid uid] [gid gid]]" + " [object [not] [uid uid] \\\n"); + fprintf(stderr, " [gid gid]] mode arswxn\n"); fprintf(stderr, "ugidfw list\n"); fprintf(stderr, "ugidfw set rulenum [subject [not] [uid uid] [gid gid]]" " [object [not] \\\n"); @@ -60,6 +60,29 @@ } void +add_rule(int argc, char *argv[]) +{ + char errstr[BUFSIZ]; + struct mac_bsdextended_rule rule; + long value; + int error, rulenum; + char *endp; + + error = bsde_parse_rule(argc, argv, &rule, BUFSIZ, errstr); + if (error) { + fprintf(stderr, "%s\n", errstr); + return; + } + + error = bsde_add_rule(&rulenum, &rule, BUFSIZ, errstr); + if (error) { + fprintf(stderr, "%s\n", errstr); + return; + } + printf("Added rule %d\n", rulenum); +} + +void list_rules(void) { char errstr[BUFSIZ], charstr[BUFSIZ]; @@ -168,7 +191,9 @@ if (argc < 2) usage(); - if (strcmp("list", argv[1]) == 0) { + if (strcmp("add", argv[1]) == 0) { + add_rule(argc-2, argv+2); + } else if (strcmp("list", argv[1]) == 0) { if (argc != 2) usage(); list_rules();