Commit Graph

100 Commits

Author SHA1 Message Date
rwatson
f843a4812b o To support new EA interface with explicit namespaces, introduce two
utility functions which convert between string namespace names and
  numeric constants used by the interface.  Right now, two namespaces
  are supported, EXTATTR_NAMESPACE_SYSTEM ("system") and
  EXTATTR_NAMESPACE_USER ("user").  These functions are used by
  various userland EA utilities, rather than hard coding the routines
  all over the place.

Obtained from:	TrustedBSD Project
2001-03-15 03:00:39 +00:00
rwatson
8e7df2068e o Update copyright dates.
o Rename internal library functions so that they are prefixed with
  _posix1e or _POSIX1E, removing them from the application namespace (and
  potential conflict with other ACL functions elsewhere in the system).

Obtained from:	TrustedBSD Project
2001-03-13 02:31:32 +00:00
asmodai
47a2266000 Fix typo: seperate -> separate.
Seperate does not exist in the english language.

Submitted to look at by:	kris
2001-02-06 10:39:38 +00:00
bde
9f31431f35 Fixed C error(s) in synopsis. 2001-02-06 00:02:32 +00:00
rwatson
80d719db5a o When returning NULL, return (NULL) instead of return (0).
Submitted by:	jedgar
Obtained from:	TrustedBSD Project
2001-01-17 02:40:39 +00:00
rwatson
0a3118c247 o acl_from_text.c:
- errno is already set to ENOMEM (as appropriate) when asprintf(),
    strdup(), or acl_init() fails
o acl_to_text.c:
  - the return value of the initial strdup() is not checked
  - errno is already set to ENOMEM (as appropriate) when asprintf
    and acl_init() fails
  - let the the default: case use 'goto error_label' for consistency

Submitted by:	jedgar
2001-01-09 05:45:03 +00:00
rwatson
a80aac3d99 o bzero() the ACL structure only if malloc() returns non-NULL.
Submitted by:	jedgar
2001-01-09 05:42:31 +00:00
rwatson
77af9a1a64 o Correct spelling error from patch in previous commit. 2001-01-09 05:40:54 +00:00
rwatson
8b948144e8 o Add missing initialization of errno from error returns of
cap_get_fd(), cap_get_file() and cap_get_proc().

Submitted by:	jedgar
2001-01-09 05:40:10 +00:00
rwatson
b87b91a453 o Make acl_from_text() support uid's and gid's as well as usernames
and groupnames, by adding appropriate support to acl_name_to_id()
  in acl_support.c

Submitted by:	green
2001-01-08 01:28:53 +00:00
jedgar
01950c7ecf Correct check of getgrnam output
Approved by:	rwatson
2001-01-07 21:41:05 +00:00
ru
8ba4187688 Prepare for mdoc(7)NG. 2000-12-29 14:08:20 +00:00
ru
c23c39b3a4 mdoc(7) police: removed history info from the .Os FreeBSD call. 2000-12-14 11:52:05 +00:00
rwatson
8ba4e536f8 o Introduce a pile more documentation about capabilities, including
identification and descriptions of most capabilities, current inheritence
  rules, etc.  More to follow.

Reviewed by:	sheldonh
Obtained from:	TrustedBSD Project
2000-12-11 15:25:49 +00:00
ru
bdc5340b39 mdoc(7) police: Er macro usage cleanup. 2000-11-22 16:02:00 +00:00
ru
7d99729431 Use Fx macro wherever possible. 2000-11-14 11:20:58 +00:00
rwatson
9ddccb5505 o Introduce cap_from_text() and cap_to_text() implementations.
Reviewed by:	green
Obtained from:	TrustedBSD Project
Security audited by:	imp, green
2000-10-13 18:24:58 +00:00
rwatson
79bb6ec5ea o Simplify capability types away from an array of ints to a single
u_int64_t flag field, bounding the number of capabilities at 64,
  but substantially cleaning up capability logic (there are currently
  43 defined capabilities).

o Heads up to anyone actually using capabilities: the constant
  assignments for various capabilities have been redone, so any
  persistent binary capability stores (i.e., '$posix1e.cap' EA
  backing files) must be recreated.  If you have one of these,
  you'll know about it, so if you have no idea what this means,
  don't worry.

o Update libposix1e to reflect this new definition, fixing the
  exposed functions that directly manipulate the flags fields.

Obtained from:	TrustedBSD Project
2000-10-13 17:12:58 +00:00
rwatson
88e255ce85 o Update BUGS entry to indicate in a more precise manner the implementation
status of capabilities (library is complete, kernel work is maintained
  outside the tree).

Obtained from:	TrustedBSD Project
2000-10-12 17:58:14 +00:00
rwatson
14557f318d o Introduce a MAINTAINER entry for libposix1e, since it is actively
developed and maintained.
2000-10-02 23:41:19 +00:00
rwatson
c82f318b15 o Minor whitespace, comment cleanups
o Removal of unneeded enum
o Removal of commented out debugging printf()'s.

Obtained from:	TrustedBSD Project
2000-09-22 16:36:04 +00:00
rwatson
d7712a127a o Whitespace reduction appled to FreeBSD CVS ID
Obtained from:	TrustedBSD Project
2000-09-19 19:20:21 +00:00
rwatson
78ae6f5157 o General warning fixing commit
- Include <stdlib.h> and <string.h> as needed for prototypes
    - Remove unneeded "error" variables
o Make cap_init() use cap_clear() instead of bzero()

Obtained from:	TrustedBSD Project
2000-09-19 19:14:31 +00:00
rwatson
5d231e02f9 o Add cap_from_text(3) and cap_to_text(3) man pages.
o Implementations will remain in the seperately distributed capability
  patch until the cap_t type changes are synchronized.

Obtained from:	TrustedBSD Project
2000-09-19 19:04:47 +00:00
rwatson
f685b50bd4 o EACCES is not a possible error for acl_from_text(), so fix
acl_from_text.3
o Minor whitespace cleanups relative to the TrustedBSD tree to reduce
  content-free differences.

Obtained from:	TrustedBSD Project
2000-09-19 18:58:28 +00:00
rwatson
4cfb55034a o cap_set_flag() was not correctly clearing capabilities when value
was CAP_CLEAR.

Obtained from:	TrustedBSD Project
2000-09-19 00:10:39 +00:00
asmodai
2d06929aed Fix typo, teh -> the. 2000-07-14 11:23:04 +00:00
rwatson
1349e5a450 o Enable building of libposix1e capability state utility functions and
capability-related syscall wrappers.

Obtained from:	TrustedBSD Project
2000-07-05 04:25:09 +00:00
rwatson
111a0a6e96 o Introduce cap_{get,set}_{file,fd}() syscall wrappers, associated with
soon to be committed syscall stubs.  These calls will be used to get
  and set capability state associated with executables.

Obtained from:	TrustedBSD Project
2000-07-05 04:20:59 +00:00
rwatson
377c3393c9 o When calling the syscall, use &cap instead of cap. Apparently this
error was introduced during the merge; fixing it corrects a (correct)
  warning about types.

Obtained from:	TrustedBSD Project
2000-07-05 04:08:35 +00:00
rwatson
693177f07a o Comment out <sys/audit.h> and <sys/mac.h> since they are not yet
committed

Obtained from:	TrustedBSD Project
2000-07-05 03:30:32 +00:00
chris
542d0d3b9f - Replace `.Va (cap_t)NULL'' with `.Dv NULL''
- Fix a typo: ``constrains'' -> ``constraints''

Reviewed by:	rwatson
2000-06-09 02:01:27 +00:00
chris
85ea7aa673 - Replace
.Pp
   .Fn func
   .Pp
   Description ...
  with a list (Bl ... Li ... El).
- Remove a superfluous ``.Sh ENVIRONMENT'' and replace it with a ``.Pp''
  within the IMPLEMENTATION DETAILS section.

Reviewed by:	rwatson
2000-06-09 01:59:48 +00:00
rwatson
791168a446 o Introduce libposix1e capability support routines, which provide a
standardized interface to the capability support in TrustedBSD.
o Not currently enabled in Makefile, as this code depends on syscalls
  and include files that will be committed at a later date.

Obtained from:	TrustedBSD Project
2000-06-04 22:17:11 +00:00
rwatson
d12b21d070 o Fix incorrect descriptions of cap_get_flag() and cap_set_flag() in
capabilities summary manpage, cap(3).

Obtained from:	TrustedBSD Project
2000-06-04 22:14:10 +00:00
rwatson
de14938f8d o Build and install POSIX.1e capabilities man pages
o Add shared library version 2 to libposix1e given API changes, et al
o Commented out cap_*.c as that is not currently being compiled into
  the library (pending syscalls being committed)

Obtained from:	TrustedBSD Project
2000-06-04 21:25:31 +00:00
rwatson
4b16d857fd o Add posix1e(3) references to acl.3 and cap.3
Obtained from:	TrustedBSD Project
2000-06-04 21:23:20 +00:00
rwatson
1cb9ff5220 o Add mention of capabilities documentation + APIs
o Switch reference to www.trustedbsd.org instead of POSIX.1e implementation
  page
o Add cross references to capabilities man pages
o Remove extended attribute not implemented "BUGS" entry

Obtained from:	TrustedBSD Project
2000-06-04 21:18:20 +00:00
rwatson
9f516a06e7 o Introduce man pages for POSIX.1e capability API
- cap.3 describing library interface
  - cap_*.3 describing specific API calls

APIs to follow relatively soon, code to follow later.

Obtained from:	TrustedBSD Project
2000-06-04 21:15:16 +00:00
rwatson
8f2f5fdfd0 o Remove extra cross reference from acl.3 to acl.3
o Remove "BUGS" entries indicating that there's nowhere to store ACLs as
  we now have extended attributes.

Obtained from:	TrustedBSD Project
2000-06-04 21:10:59 +00:00
phantom
0660c0586a Introduce .Lb macro to libposix1e manpages
Sort some .Nm values
Decapitalize .Nd values
2000-04-22 16:13:36 +00:00
bde
d83d7a1636 Fixed wrong function return types in synopsis. 2000-03-03 05:28:51 +00:00
mpp
0fbb016487 Fix various typos and mdoc style issues.
Reviewed by:	rwatson
2000-01-29 04:18:51 +00:00
rwatson
e94ca06e82 Introduce ACL man pages en masse for library calls, and general introduction.
Introduce ACL man pages en masse for library calls, and general introduction.

Also, fix acl_valid.c non-portable calls to include _np in their names,
making them standard-happy as well as consistent with acl.h
2000-01-28 20:07:00 +00:00
rwatson
4f34910f07 A few more touchups:
- clean up unneeded AFS ID type
- Add Coda, NTFS, NWFS ACL types
- Add acl_dup() prototype
- Remove acl_calc_mask, which belongs in the editing library
- Introduce posix1e.3, a man page introducing POSIX.1e library calls
  (more man pages to follow)
2000-01-26 16:15:48 +00:00
rwatson
bca585a108 Minor fixes to library interface to improve POSIX.1e compliance. This
adds _np to a couple of function prototypes that provided more broad/useful
interfaces than POSIX.1e interfaces included.

Also, move from using a heuristic to identify POSIX.1e-semantic ACLs to
using different ACL types for non-POSIX.1e ACLs.  This should clean up the
existing fuzzy logic that determined when acl_sort() should be applied
before kernel submission.
2000-01-26 04:19:38 +00:00
rwatson
bfcdbb7508 Fix bde'isms in acl/extattr syscall interface, renaming syscalls to
prettier (?) names, adding some const's around here, et al.

This is commit 4 out of 3, updating the userland library to reflect kernel
interface changes.

Reviewed by:	bde
2000-01-19 06:13:59 +00:00
rwatson
a9df9c5f9f acl_delete_default_file() changed to acl_delete_def_file() 2000-01-17 17:48:22 +00:00
rwatson
e48c1317b1 Oops, didn't commit the Makefile for libposix1e--this should fix build
problems.

Reviewed by:	eivind
2000-01-15 23:33:49 +00:00
rwatson
71ddc09478 libposix1e provides userland library calls for the POSIX.1e security
interface.  This commit introduces the library, as well as a modest
subset of the ACL calls, with some modifications to support multiple
ACL semantics.

Reviewed by:	eivind
2000-01-15 19:44:27 +00:00