From owner-p4-projects@FreeBSD.ORG Mon Apr 24 14:06:42 2006 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id D2B5D16A40E; Mon, 24 Apr 2006 14:06:41 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 89B2D16A400 for ; Mon, 24 Apr 2006 14:06:39 +0000 (UTC) (envelope-from soc-bushman@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 36C6843D48 for ; Mon, 24 Apr 2006 14:06:39 +0000 (GMT) (envelope-from soc-bushman@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k3OE6dtY075267 for ; Mon, 24 Apr 2006 14:06:39 GMT (envelope-from soc-bushman@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k3OE6dsL075264 for perforce@freebsd.org; Mon, 24 Apr 2006 14:06:39 GMT (envelope-from soc-bushman@freebsd.org) Date: Mon, 24 Apr 2006 14:06:39 GMT Message-Id: <200604241406.k3OE6dsL075264@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to soc-bushman@freebsd.org using -f From: soc-bushman To: Perforce Change Reviews Cc: Subject: PERFORCE change 95996 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Apr 2006 14:06:42 -0000 http://perforce.freebsd.org/chv.cgi?CH=95996 Change 95996 by soc-bushman@soc-bushman_stinger on 2006/04/24 14:05:38 integrated with vendor branch Affected files ... .. //depot/projects/soc2005/nsswitch_cached/src/lib/libc/stdio/fcloseall.c#2 integrate .. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/ugidfw/ugidfw.8#3 integrate .. //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/ugidfw/ugidfw.c#3 integrate Differences ... ==== //depot/projects/soc2005/nsswitch_cached/src/lib/libc/stdio/fcloseall.c#2 (text) ==== @@ -24,12 +24,12 @@ */ #include -__FBSDID("$FreeBSD: src/lib/libc/stdio/fcloseall.c,v 1.1 2006/04/22 15:09:15 deischen Exp $"); +__FBSDID("$FreeBSD: src/lib/libc/stdio/fcloseall.c,v 1.2 2006/04/22 16:47:59 deischen Exp $"); #include #include "local.h" -__weak_reference(__fcloseall, fclose); +__weak_reference(__fcloseall, fcloseall); void __fcloseall(void) ==== //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/ugidfw/ugidfw.8#3 (text+ko) ==== @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $FreeBSD: src/usr.sbin/ugidfw/ugidfw.8,v 1.8 2005/01/10 00:35:54 trhodes Exp $ +.\" $FreeBSD: src/usr.sbin/ugidfw/ugidfw.8,v 1.9 2006/04/23 17:06:18 dwmalone Exp $ .\" .Dd February 24, 2004 .Dt UGIDFW 8 @@ -41,12 +41,52 @@ .Cm add .Cm subject .Op Cm not -.Op Cm uid Ar uid -.Op Cm gid Ar gid +.Oo +.Op Cm \&! +.Cm uid Ar uid | minuid:maxuid +.Oc +.Oo +.Op Cm \&! +.Cm gid Ar gid | mingid:maxgid +.Oc +.Oo +.Op Cm \&! +.Cm jailid Ad jailid +.Oc .Cm object .Op Cm not -.Op Cm uid Ar uid -.Op Cm gid Ar gid +.Oo +.Op Cm \&! +.Cm uid Ar uid | minuid:maxuid +.Oc +.Oo +.Op Cm \&! +.Cm gid Ar gid | mingid:maxgid +.Oc +.Oo +.Op Cm \&! +.Cm filesys Ad path +.Oc +.Oo +.Op Cm \&! +.Cm suid +.Oc +.Oo +.Op Cm \&! +.Cm sgid +.Oc +.Oo +.Op Cm \&! +.Cm uid_of_subject +.Oc +.Oo +.Op Cm \&! +.Cm gid_of_subject +.Oc +.Oo +.Op Cm \&! +.Cm type Ar ardbclsp +.Oc .Cm mode .Ar arswxn .Nm @@ -56,12 +96,52 @@ .Ar rulenum .Cm subject .Op Cm not -.Op Cm uid Ar uid -.Op Cm gid Ar gid +.Oo +.Op Cm \&! +.Cm uid Ar uid | minuid:maxuid +.Oc +.Oo +.Op Cm \&! +.Cm gid Ar gid | mingid:maxgid +.Oc +.Oo +.Op Cm \&! +.Cm jailid Ad jailid +.Oc .Cm object .Op Cm not -.Op Cm uid Ar uid -.Op Cm gid Ar gid +.Oo +.Op Cm \&! +.Cm uid Ar uid | minuid:maxuid +.Oc +.Oo +.Op Cm \&! +.Cm gid Ar gid | mingid:maxgid +.Oc +.Oo +.Op Cm \&! +.Cm filesys Ad path +.Oc +.Oo +.Op Cm \&! +.Cm suid +.Oc +.Oo +.Op Cm \&! +.Cm sgid +.Oc +.Oo +.Op Cm \&! +.Cm uid_of_subject +.Oc +.Oo +.Op Cm \&! +.Cm gid_of_subject +.Oc +.Oo +.Op Cm \&! +.Cm type Ar ardbclsp +.Oc .Cm mode .Ar arswxn .Nm @@ -80,20 +160,12 @@ .Pp The arguments are as follows: .Bl -tag -width indent -offset indent -.It Cm add -Add a new -.Nm -rule. .It Xo .Cm add .Cm subject -.Op Cm not -.Op Cm uid Ar uid -.Op Cm gid Ar gid +.Ar ... .Cm object -.Op Cm not -.Op Cm uid Ar uid -.Op Cm gid Ar gid +.Ar ... .Cm mode .Ar arswxn .Xc @@ -108,13 +180,9 @@ .It Xo .Cm set Ar rulenum .Cm subject -.Op Cm not -.Op Cm uid Ar uid -.Op Cm gid Ar gid +.Ar ... .Cm object -.Op Cm not -.Op Cm uid Ar uid -.Op Cm gid Ar gid +.Ar ... .Cm mode .Ar arswxn .Xc @@ -131,37 +199,120 @@ .It Xo .Cm subject .Op Cm not -.Op Cm uid Ar uid -.Op Cm gid Ar gid +.Oo +.Op Cm \&! +.Cm uid Ar uid | minuid:maxuid +.Oc +.Oo +.Op Cm \&! +.Cm gid Ar gid | mingid:maxgid +.Oc +.Oo +.Op Cm \&! +.Cm jailid Ad jailid +.Oc .Xc -Subjects performing an operation must match -(or, if +Subjects performing an operation must match all the conditions given. +A leading .Cm not -is specified, must -.Em not -match) -the user and group specified by +means that the subject should not match the remainder of the specification. +A condition may be prefixed by +.Cm \&! +to indicate that particular condition must not match the subject. +The subject can be required to have a particular .Ar uid and/or -.Ar gid -for the rule to be applied. +.Ar gid . +A range of uids/gids can be specified, +seperated by a colon. +The subject can be required to be in a particular jail with the +.Ar jailid . .It Xo .Cm object .Op Cm not -.Op Cm uid Ar uid -.Op Cm gid Ar gid +.Oo +.Op Cm \&! +.Cm uid Ar uid | minuid:maxuid +.Oc +.Oo +.Op Cm \&! +.Cm gid Ar gid | mingid:maxgid +.Oc +.Oo +.Op Cm \&! +.Cm filesys Ad path +.Oc +.Oo +.Op Cm \&! +.Cm suid +.Oc +.Oo +.Op Cm \&! +.Cm sgid +.Oc +.Oo +.Op Cm \&! +.Cm uid_of_subject +.Oc +.Oo +.Op Cm \&! +.Cm gid_of_subject +.Oc +.Oo +.Op Cm \&! +.Cm type Ar ardbclsp +.Oc .Xc -Objects must be owned by -(or, if +The rule will apply only to objects matching all the specified conditions. +A leading .Cm not -is specified, must -.Em not -be owned by) -the user and/or group specified by +means that the object should not match all the remaining conditions. +A condition may be prefixed by +.Cm \&! +to indicate that particular condition must not match the object. +Objects can be required to be owned by the user and/or group specified by .Ar uid and/or -.Ar gid -for the rule to be applied. +.Ar gid . +A range of uids/gids can be specified, seperated by a colon. +The object can be required to be in a particular filesystem by +specifing the filesystem using +.Cm filesys . +Note, +if the filesystem is unmounted and remounted, +then the rule may need to be reapplied to ensure the correct filesystem +id is used. +The object can be required to have the +.Cm suid +or +.Cm sgid +bits set. +The owner of the object can be required to match the +.Cm uid_of_subject +or the +.Cm gid_of_subject +attempting the operation. +The type of the object can be restricted to a subset of +the following types. +.Pp +.Bl -tag -width ".Cm w" -compact -offset indent +.It Cm a +any file type +.It Cm r +a regular file +.It Cm d +a directory +.It Cm b +a block special device +.It Cm c +a character special device +.It Cm l +a symbolic link +.It Cm s +a unix domain socket +.It Cm p +a named pipe (FIFO) +.El .It Cm mode Ar arswxn Similar to .Xr chmod 1 , ==== //depot/projects/soc2005/nsswitch_cached/src/usr.sbin/ugidfw/ugidfw.c#3 (text+ko) ==== @@ -30,10 +30,11 @@ */ #include -__FBSDID("$FreeBSD: src/usr.sbin/ugidfw/ugidfw.c,v 1.5 2005/07/21 13:23:23 avatar Exp $"); +__FBSDID("$FreeBSD: src/usr.sbin/ugidfw/ugidfw.c,v 1.6 2006/04/23 17:06:18 dwmalone Exp $"); #include #include +#include #include #include