int
kern_cap_rights_limit(struct thread *td, int fd, cap_rights_t *rights)
{
struct filedesc *fdp;
int error;
fdp = td->td_proc->p_fd;
FILEDESC_XLOCK(fdp);
if (fget_locked(fdp, fd) == NULL) {
FILEDESC_XUNLOCK(fdp);
return (EBADF);
}
error = _cap_check(cap_rights(fdp, fd), rights, CAPFAIL_INCREASE);
if (error == 0) {
fdp->fd_ofiles[fd].fde_rights = *rights;
if (!cap_rights_is_set(rights, CAP_IOCTL)) {
free(fdp->fd_ofiles[fd].fde_ioctls, M_FILECAPS);
fdp->fd_ofiles[fd].fde_ioctls = NULL;
fdp->fd_ofiles[fd].fde_nioctls = 0;
}
if (!cap_rights_is_set(rights, CAP_FCNTL))
fdp->fd_ofiles[fd].fde_fcntls = 0;
}
FILEDESC_XUNLOCK(fdp);
return (error);
}
/*
* Convert capability rights into VM access flags.
*/
u_char
cap_rights_to_vmprot(cap_rights_t *havep)
{
u_char maxprot;
maxprot = VM_PROT_NONE;
if (cap_rights_is_set(havep, CAP_MMAP_R))
maxprot |= VM_PROT_READ;
if (cap_rights_is_set(havep, CAP_MMAP_W))
maxprot |= VM_PROT_WRITE;
if (cap_rights_is_set(havep, CAP_MMAP_X))
maxprot |= VM_PROT_EXECUTE;
return (maxprot);
}
int
main (int argc, char *argv[])
{
wchar_t *tprev, *tthis;
FILE *ifp, *ofp;
int ch, comp;
size_t prevbuflen, thisbuflen, b1;
char *prevline, *thisline, *p;
const char *ifn;
cap_rights_t rights;
(void) setlocale(LC_ALL, "");
obsolete(argv);
while ((ch = getopt(argc, argv, "cdif:s:u")) != -1)
switch (ch) {
case 'c':
cflag = 1;
break;
case 'd':
dflag = 1;
break;
case 'i':
iflag = 1;
break;
case 'f':
numfields = strtol(optarg, &p, 10);
if (numfields < 0 || *p)
errx(1, "illegal field skip value: %s", optarg);
break;
case 's':
numchars = strtol(optarg, &p, 10);
if (numchars < 0 || *p)
errx(1, "illegal character skip value: %s", optarg);
break;
case 'u':
uflag = 1;
break;
case '?':
default:
usage();
}
argc -= optind;
argv += optind;
/* If no flags are set, default is -d -u. */
if (cflag) {
if (dflag || uflag)
usage();
} else if (!dflag && !uflag)
dflag = uflag = 1;
if (argc > 2)
usage();
ifp = stdin;
ifn = "stdin";
ofp = stdout;
if (argc > 0 && strcmp(argv[0], "-") != 0)
ifp = file(ifn = argv[0], "r");
cap_rights_init(&rights, CAP_FSTAT, CAP_READ);
if (cap_rights_limit(fileno(ifp), &rights) < 0 && errno != ENOSYS)
err(1, "unable to limit rights for %s", ifn);
cap_rights_init(&rights, CAP_FSTAT, CAP_WRITE);
if (argc > 1)
ofp = file(argv[1], "w");
else
cap_rights_set(&rights, CAP_IOCTL);
if (cap_rights_limit(fileno(ofp), &rights) < 0 && errno != ENOSYS) {
err(1, "unable to limit rights for %s",
argc > 1 ? argv[1] : "stdout");
}
if (cap_rights_is_set(&rights, CAP_IOCTL)) {
unsigned long cmd;
cmd = TIOCGETA; /* required by isatty(3) in printf(3) */
if (cap_ioctls_limit(fileno(ofp), &cmd, 1) < 0 &&
errno != ENOSYS) {
err(1, "unable to limit ioctls for %s",
argc > 1 ? argv[1] : "stdout");
}
}
strerror_init();
if (cap_enter() < 0 && errno != ENOSYS)
err(1, "unable to enter capability mode");
prevbuflen = thisbuflen = 0;
prevline = thisline = NULL;
if (getline(&prevline, &prevbuflen, ifp) < 0) {
if (ferror(ifp))
err(1, "%s", ifn);
exit(0);
}
tprev = convert(prevline);
if (!cflag && uflag && dflag)
show(ofp, prevline);
tthis = NULL;
while (getline(&thisline, &thisbuflen, ifp) >= 0) {
if (tthis != NULL)
free(tthis);
tthis = convert(thisline);
if (tthis == NULL && tprev == NULL)
comp = inlcmp(thisline, prevline);
else if (tthis == NULL || tprev == NULL)
comp = 1;
else
comp = wcscoll(tthis, tprev);
if (comp) {
/* If different, print; set previous to new value. */
if (cflag || !dflag || !uflag)
show(ofp, prevline);
p = prevline;
b1 = prevbuflen;
prevline = thisline;
prevbuflen = thisbuflen;
if (tprev != NULL)
free(tprev);
tprev = tthis;
if (!cflag && uflag && dflag)
show(ofp, prevline);
thisline = p;
thisbuflen = b1;
tthis = NULL;
repeats = 0;
} else
++repeats;
}
if (ferror(ifp))
err(1, "%s", ifn);
if (cflag || !dflag || !uflag)
show(ofp, prevline);
exit(0);
}
/*
* System call to limit rights of the given capability.
*/
int
sys_cap_rights_limit(struct thread *td, struct cap_rights_limit_args *uap)
{
struct filedesc *fdp;
cap_rights_t rights;
int error, fd, version;
cap_rights_init(&rights);
error = copyin(uap->rightsp, &rights, sizeof(rights.cr_rights[0]));
if (error != 0)
return (error);
version = CAPVER(&rights);
if (version != CAP_RIGHTS_VERSION_00)
return (EINVAL);
error = copyin(uap->rightsp, &rights,
sizeof(rights.cr_rights[0]) * CAPARSIZE(&rights));
if (error != 0)
return (error);
/* Check for race. */
if (CAPVER(&rights) != version)
return (EINVAL);
if (!cap_rights_is_valid(&rights))
return (EINVAL);
if (version != CAP_RIGHTS_VERSION) {
rights.cr_rights[0] &= ~(0x3ULL << 62);
rights.cr_rights[0] |= ((uint64_t)CAP_RIGHTS_VERSION << 62);
}
#ifdef KTRACE
if (KTRPOINT(td, KTR_STRUCT))
ktrcaprights(&rights);
#endif
fd = uap->fd;
AUDIT_ARG_FD(fd);
AUDIT_ARG_RIGHTS(&rights);
fdp = td->td_proc->p_fd;
FILEDESC_XLOCK(fdp);
if (fget_locked(fdp, fd) == NULL) {
FILEDESC_XUNLOCK(fdp);
return (EBADF);
}
error = _cap_check(cap_rights(fdp, fd), &rights, CAPFAIL_INCREASE);
if (error == 0) {
fdp->fd_ofiles[fd].fde_rights = rights;
if (!cap_rights_is_set(&rights, CAP_IOCTL)) {
free(fdp->fd_ofiles[fd].fde_ioctls, M_FILECAPS);
fdp->fd_ofiles[fd].fde_ioctls = NULL;
fdp->fd_ofiles[fd].fde_nioctls = 0;
}
if (!cap_rights_is_set(&rights, CAP_FCNTL))
fdp->fd_ofiles[fd].fde_fcntls = 0;
}
FILEDESC_XUNLOCK(fdp);
return (error);
}