d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Introduce simple command line tools to manage MAC labels on processes and

Browse Source 
files.  Basically wrappers for mac_{get,set}_{file,link,pid,proc}(3).
Man pages to be updated shortly.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
This commit is contained in:
rwatson 2002-10-23 03:15:24 +00:00
parent b653eced35
commit fa51007874
11 changed files with 577 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
usr.sbin/Makefile
View File

@ -34,6 +34,8 @@ SUBDIR= IPXrouted \
fdformat \ fdformat \
fdread \ fdread \
fdwrite \ fdwrite \
getfmac \
getpmac \
ifmcstat \ ifmcstat \
inetd \ inetd \
iostat \ iostat \
@ -93,7 +95,9 @@ SUBDIR= IPXrouted \
rtsold \ rtsold \
rwhod \ rwhod \
sa \ sa \
setfmac \
setkey \ setkey \
setpmac \
sliplogin \ sliplogin \
slstat \ slstat \
spray \ spray \

7
usr.sbin/getfmac/Makefile Normal file
View File

@ -0,0 +1,7 @@
# $FreeBSD$
PROG= getfmac
SRCS= getfmac.c
MAN= getfmac.8
CFLAGS+=-Wall
.include <bsd.prog.mk>

54
usr.sbin/getfmac/getfmac.8 Normal file
View File

@ -0,0 +1,54 @@
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by Chris
.\" Costello at Safeport Network Services and NAI Labs, the Security
.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
.\" research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The names of the authors may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.Dd June 27, 2002
.Dt GETFMAC 8
.Sh NAME
.Nm getfmac
.Nd print MAC label for a file system object
.Sh SYNOPSIS
.Nm
.Op Fl h
.Op Fl l list,of,labels
.Op Ar
.Sh DESCRIPTION
The
.Nm
utility prints the text representation of the MAC label associated with the
specified file or files.
.Sh SEE ALSO
.Xr mac 3 ,
.Xr mac_get_file 3 ,
.Xr setfmac 8 ,
.Xr mac 9

116
usr.sbin/getfmac/getfmac.c Normal file
View File

@ -0,0 +1,116 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The names of the authors may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#include <sys/types.h>
#include <sys/mac.h>
#include <err.h>
#include <paths.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sysexits.h>
#include <unistd.h>
#define MAXELEMENTS 32
void
usage(void)
{
fprintf(stderr,
"getfmac [-h] [-l list,of,labels] [file1] [file2 ...]\n");
exit (EX_USAGE);
}
int
main(int argc, char *argv[])
{
char ch, *labellist, *string;
mac_t label;
int hflag;
int error, i;
labellist = NULL;
hflag = 0;
while ((ch = getopt(argc, argv, "hl:")) != -1) {
switch (ch) {
case 'h':
hflag = 1;
break;
case 'l':
if (labellist != NULL)
usage();
labellist = argv[optind - 1];
break;
default:
usage();
}
}
for (i = optind; i < argc; i++) {
if (labellist != NULL)
error = mac_prepare(&label, labellist);
else
error = mac_prepare_file_label(&label);
if (error != 0) {
perror("mac_prepare");
return (-1);
}
if (hflag)
error = mac_get_link(argv[i], label);
else
error = mac_get_file(argv[i], label);
if (error) {
perror(argv[i]);
mac_free(label);
continue;
}
error = mac_to_text(label, &string);
if (error != 0)
perror("mac_to_text");
else {
printf("%s: %s\n", argv[i], string);
free(string);
}
mac_free(label);
}
exit(EX_OK);
}

7
usr.sbin/getpmac/Makefile Normal file
View File

@ -0,0 +1,7 @@
# $FreeBSD$
PROG= getpmac
SRCS= getpmac.c
CFLAGS+=-Wall
NOMAN=yes
.include <bsd.prog.mk>

127
usr.sbin/getpmac/getpmac.c Normal file
View File

@ -0,0 +1,127 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by Network
* Associates Laboratories, the Security Research Division of Network
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
* ("CBOSS"), as part of the DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The names of the authors may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#include <sys/types.h>
#include <sys/mac.h>
#include <err.h>
#include <paths.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sysexits.h>
#include <unistd.h>
#define MAXELEMENTS 32
void
usage(void)
{
fprintf(stderr, "getpmac [-l list,of,labels] [-p pid]\n");
exit (EX_USAGE);
}
int
main(int argc, char *argv[])
{
char ch, *labellist, *string;
mac_t label;
pid_t pid;
int error, pid_set;
pid_set = 0;
pid = 0;
labellist = NULL;
while ((ch = getopt(argc, argv, "l:p:")) != -1) {
switch (ch) {
case 'l':
if (labellist != NULL)
usage();
labellist = argv[optind - 1];
break;
case 'p':
if (pid_set)
usage();
pid = atoi(argv[optind - 1]);
pid_set = 1;
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc != 0)
usage();
if (labellist != NULL)
error = mac_prepare(&label, labellist);
else
error = mac_prepare_process_label(&label);
if (error != 0) {
perror("mac_prepare");
return (-1);
}
if (pid_set) {
error = mac_get_pid(pid, label);
if (error)
perror("mac_get_pid");
}
else {
error = mac_get_proc(label);
if (error)
perror("mac_get_proc");
}
if (error) {
mac_free(label);
exit (-1);
}
error = mac_to_text(label, &string);
if (error != 0) {
perror("mac_to_text");
exit(EX_DATAERR);
}
printf("%s\n", string);
mac_free(label);
free(string);
exit(EX_OK);
}

7
usr.sbin/setfmac/Makefile Normal file
View File

@ -0,0 +1,7 @@
# $FreeBSD$
PROG= setfmac
SRCS= setfmac.c
MAN= setfmac.8
CFLAGS+=-Wall
.include <bsd.prog.mk>

53
usr.sbin/setfmac/setfmac.8 Normal file
View File

@ -0,0 +1,53 @@
.\" Copyright (c) 2002 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by Chris
.\" Costello at Safeport Network Services and NAI Labs, the Security
.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
.\" research program.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The names of the authors may not be used to endorse or promote
.\" products derived from this software without specific prior written
.\" permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD$
.Dd June 27, 2002
.Dt SETFMAC 8
.Sh NAME
.Nm setfmac
.Nd set MAC label for a file system object
.Sh SYNOPSIS
.Nm
.Ar label
.Ar file
.Op Ar file ...
.Sh DESCRIPTION
The
.Nm
utility associates the specified MAC label to the specified file or files.
.Sh SEE ALSO
.Xr mac 3 ,
.Xr mac_set_file 3 ,
.Xr getfmac 8 ,
.Xr mac 9

103
usr.sbin/setfmac/setfmac.c Normal file
View File

@ -0,0 +1,103 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by NAI Labs, the
* Security Research Division of Network Associates, Inc. under
* DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA
* CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The names of the authors may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#include <sys/types.h>
#include <sys/mac.h>
#include <err.h>
#include <paths.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sysexits.h>
#include <unistd.h>
#define MAXELEMENTS 32
void
usage(void)
{
fprintf(stderr, "setfmac [-h] [label] [file1] [file2 ...]\n");
exit (EX_USAGE);
}
int
main(int argc, char *argv[])
{
char ch;
mac_t label;
int hflag;
int error, i;
hflag = 0;
while ((ch = getopt(argc, argv, "h")) != -1) {
switch (ch) {
case 'h':
hflag = 1;
break;
default:
usage();
}
}
argv += optind;
argc -= optind;
if (argc < 2)
usage();
error = mac_from_text(&label, argv[0]);
if (error != 0) {
perror("mac_from_text");
return (-1);
}
for (i = 1; i < argc; i++) {
if (hflag)
error = mac_set_link(argv[i], label);
else
error = mac_set_file(argv[i], label);
if (error != 0) {
perror(argv[i]);
return (-1);
}
}
mac_free(label);
exit(EX_OK);
}

7
usr.sbin/setpmac/Makefile Normal file
View File

@ -0,0 +1,7 @@
# $FreeBSD$
PROG= setpmac
SRCS= setpmac.c
CFLAGS+=-Wall
NOMAN=yes
.include <bsd.prog.mk>

92
usr.sbin/setpmac/setpmac.c Normal file
View File

@ -0,0 +1,92 @@
/*-
* Copyright (c) 2002 Networks Associates Technology, Inc.
* All rights reserved.
*
* This software was developed for the FreeBSD Project by Network
* Associates Laboratories, the Security Research Division of Network
* Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
* ("CBOSS"), as part of the DARPA CHATS research program.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. The names of the authors may not be used to endorse or promote
* products derived from this software without specific prior written
* permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $FreeBSD$
*/
#include <sys/types.h>
#include <sys/mac.h>
#include <err.h>
#include <paths.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sysexits.h>
#include <unistd.h>
#define MAXELEMENTS 32
void
usage(void)
{
fprintf(stderr, "setpmac [label] [command] [args ...]\n");
exit (EX_USAGE);
}
int
main(int argc, char *argv[])
{
char *shell;
mac_t label;
int error;
if (argc < 3)
usage();
error = mac_from_text(&label, argv[1]);
if (error != 0) {
perror("mac_from_text");
return (-1);
}
error = mac_set_proc(label);
if (error != 0) {
perror(argv[1]);
return (-1);
}
mac_free(label);
if (argc >= 3) {
execvp(argv[2], argv + 2);
err(1, "%s", argv[2]);
} else {
if (!(shell = getenv("SHELL")))
shell = _PATH_BSHELL;
execlp(shell, shell, "-i", (char *)NULL);
err(1, "%s", shell);
}
/* NOTREACHED */
}