20 Commits

Author SHA1 Message Date
Pedro F. Giffuni
5e53a4f90f lib: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
2017-11-26 02:00:33 +00:00
Enji Cooper
fcc46733b3 Clean up trailing whitespace
MFC after:	1 week
2017-10-23 16:55:22 +00:00
Enji Cooper
df6a67d624 Remove dead stores
The return value of various snprintf calls was stored in `len` and not used
in many functions.

MFC after:	1 week
Reported by:	clang-scanbuild
2017-10-23 16:54:30 +00:00
Bryan Drewery
66157b3899 Fix 'ugidfw remove' after r284251 incorrectly changed it.
The sysctl_rule() node removes entries when given a newptr and newlen == 0.
2015-09-29 18:48:12 +00:00
Marcelo Araujo
bf41706273 Set some internal helpers as static and initialize few variables to silence
CLANG WARNINGS.
BUMP SHLIB_MAJOR version as the ABI potentially changed.

Also run an 'exp run' to double check if any external project are using
those functions. Thanks antoine@.

PR:			200807
Differential Revision:	D2775
Reviewed by:		kib, ngie
2015-06-24 01:48:44 +00:00
Marcelo Araujo
a7c4e991b8 Remove unnecessary variable and fix the usage of sysctl(3).
Differential Revision:	D2733
Reviewed by:		ngie, kib
2015-06-11 01:22:27 +00:00
Marcelo Araujo
da1259f032 Remove unused variables and silence clang warnings.
Differential Revision:	D2686
Reviewed by:		rodrigc
2015-06-04 02:44:37 +00:00
Ed Maste
fa1f169d8c Quiet clang warnings by using string literal format strings. 2011-01-04 13:02:52 +00:00
Ed Schouten
26fac73c1c Remove an unused variable. 2009-12-31 01:38:12 +00:00
David Malone
89ddbd45e5 Add some new options to mac_bsdestended. We can now match on:
subject: ranges of uid, ranges of gid, jail id
	objects: ranges of uid, ranges of gid, filesystem,
		object is suid, object is sgid, object matches subject uid/gid
		object type

We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.

These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.

Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.

Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
2006-04-23 17:06:18 +00:00
Tom Rhodes
0a5660df88 Fix two typos in comments. 2005-04-23 02:20:35 +00:00
Robert Watson
a6c2bc8bcb When parsing the second {uid,gid} in an identity phrase for ugidfw,
check the password or group database before attempting to parse as an
integer, as is done for the first {uid,gid} in an identity phrase.

Obtained from:	TrustedBSD Project
Sponsored by:	SPAWAR, SPARTA
2005-04-16 11:58:55 +00:00
Pawel Jakub Dawidek
fbc822ae3a Properly return rule number.
Submitted by:	Wojciech A. Koszek
PR:		bin/79292
MFC after:	1 week
2005-03-28 09:37:44 +00:00
Robert Watson
f4194603ce Modify libugidfw(3) to use MBI_* permission flags from mac_bsdextended.h
instead of using the V* permission flags from vnode.h.  Remove include
of vnode.h.

Requested by:	phk
2004-10-21 11:21:13 +00:00
Bruce Evans
0f9a2306a5 Fixed misspellings of 0 as NULL. 2004-03-11 09:56:04 +00:00
Robert Watson
47ab23aa82 Add bsde_add_rule(), which is similar to bsde_set_rule() except that
the caller does not specify the rule number -- instead, the kernel
module is probed for the next available rule, which is then used.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, McAfee Research
2004-02-25 03:24:39 +00:00
Robert Watson
0285334bc8 License and blurb update authorized by Network Associates. 2002-11-07 20:37:04 +00:00
Robert Watson
da30581ecb Use size_t instead of int for len variables passed in/out of sysctl.
Pointed out by:	jake
2002-09-27 16:35:19 +00:00
Robert Watson
912dd12ad1 Use "ugidfw.h" rather than <ugidfw.h> so that mkdep can find it.
Suggested by:	mike
2002-08-14 22:30:07 +00:00
Robert Watson
46d1a925c2 Introduce support for Mandatory Access Control and extensible
kernel access control.

Provide a library to manage user file system firewall-like rules
supported by the mac_bsdextended.ko security model.  The kernel
module exports the current rule set using sysctl, and this
library provides a front end that includes support for retrieving
and setting rules, as well as printing and parsing them.

Note: as with other userland components, this is a WIP.  However,
when used in combination with the soon-to-be-committed ugidfw,
it can actually be quite useful in multi-user environments to
allow the administrator to limit inter-user file operations without
resorting to heavier weight labeled security policies.

Obtained form:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 07:07:35 +00:00