Commit Graph

60 Commits

Author SHA1 Message Date
Chris D. Faulhaber
5a696f5d02 Correct function name: acl_clear_perm -> acl_clear_perms 2001-03-29 00:48:54 +00:00
Robert Watson
3cd4410688 o De-uglify IMPLEMENTATION NOTES section by removing unnecessary use of
.Fx
2001-03-28 01:03:33 +00:00
Ruslan Ermilov
4a558355e5 MAN[1-9] -> MAN. 2001-03-27 17:27:19 +00:00
Robert Watson
a21c3aa0e9 o Update copyright date
o Revise description in light of commits over last month including:
  - ACL editing library is now implemented
  - ACLs are now implemented

Obtained from:	TrustedBSD Project
2001-03-26 19:55:35 +00:00
Ruslan Ermilov
01f491fa8e mdoc(7) police: fix markup. 2001-03-23 14:01:28 +00:00
Chris D. Faulhaber
3dfe3292f1 Correct the acl_set_permset and acl_set_tag_type man pages
which somehow got mixed up with the acl_get_* man pages.

Submitted by:	ru
2001-03-23 11:30:31 +00:00
Ruslan Ermilov
8480a1eb14 mdoc(7) police: fix markup. 2001-03-23 09:39:35 +00:00
Ruslan Ermilov
f8376ccd46 mdoc(7) police: fix markup, function prototype, and RETURN VALUES text. 2001-03-23 09:38:43 +00:00
Chris D. Faulhaber
4bf60dfaf8 Add the following ACL editing functions:
acl_add_perm, acl_clear_perms, acl_copy_entry, acl_create_entry,
  acl_delete_perm, acl_get_permset, acl_get_qualifier, acl_get_tag_type,
  acl_set_permset, acl_set_qualifier, acl_set_tag_type

This brings us within 4 functions of a full ACL editing library.

Reviewed by:	rwatson
2001-03-22 22:31:01 +00:00
Ruslan Ermilov
bc057d3dff mdoc(7) police:
- lowercase Nd argument
- mark function arguments with Fa
- mark defined values with Dv
- simply copying POSIX text for RETURN VALUES and ERRORS sections is not
  always a good idea.  POSIX uses the word "shall" indicating the behavior
  the correct implementation should follow.
2001-03-19 08:08:22 +00:00
Chris D. Faulhaber
14721edabe Add the following POSIX 1003.1e functions and man pages:
o acl_calc_mask(): calculates the ACL mask entry associated with
    the given ACL.
  o acl_delete_entry(): remove a specified ACL entry from the given
    ACL.

Approved by:	rwatson
2001-03-19 03:19:51 +00:00
Robert Watson
2de14c39b5 o Update copyright dates.
o Rename internal library functions so that they are prefixed with
  _posix1e or _POSIX1E, removing them from the application namespace (and
  potential conflict with other ACL functions elsewhere in the system).

Obtained from:	TrustedBSD Project
2001-03-13 02:31:32 +00:00
Jeroen Ruigrok van der Werven
9a01d32bfd Fix typo: seperate -> separate.
Seperate does not exist in the english language.

Submitted to look at by:	kris
2001-02-06 10:39:38 +00:00
Bruce Evans
fc80017420 Fixed C error(s) in synopsis. 2001-02-06 00:02:32 +00:00
Robert Watson
f0078215b7 o When returning NULL, return (NULL) instead of return (0).
Submitted by:	jedgar
Obtained from:	TrustedBSD Project
2001-01-17 02:40:39 +00:00
Robert Watson
2137646abe o acl_from_text.c:
- errno is already set to ENOMEM (as appropriate) when asprintf(),
    strdup(), or acl_init() fails
o acl_to_text.c:
  - the return value of the initial strdup() is not checked
  - errno is already set to ENOMEM (as appropriate) when asprintf
    and acl_init() fails
  - let the the default: case use 'goto error_label' for consistency

Submitted by:	jedgar
2001-01-09 05:45:03 +00:00
Robert Watson
5db6984b12 o bzero() the ACL structure only if malloc() returns non-NULL.
Submitted by:	jedgar
2001-01-09 05:42:31 +00:00
Robert Watson
695bf79c7c o Correct spelling error from patch in previous commit. 2001-01-09 05:40:54 +00:00
Robert Watson
fe33e45a80 o Add missing initialization of errno from error returns of
cap_get_fd(), cap_get_file() and cap_get_proc().

Submitted by:	jedgar
2001-01-09 05:40:10 +00:00
Robert Watson
5aa25ec606 o Make acl_from_text() support uid's and gid's as well as usernames
and groupnames, by adding appropriate support to acl_name_to_id()
  in acl_support.c

Submitted by:	green
2001-01-08 01:28:53 +00:00
Chris D. Faulhaber
4786e00b40 Correct check of getgrnam output
Approved by:	rwatson
2001-01-07 21:41:05 +00:00
Ruslan Ermilov
4263595653 Prepare for mdoc(7)NG. 2000-12-29 14:08:20 +00:00
Ruslan Ermilov
ed40311694 mdoc(7) police: removed history info from the .Os FreeBSD call. 2000-12-14 11:52:05 +00:00
Robert Watson
6fd0cf5eb0 o Introduce a pile more documentation about capabilities, including
identification and descriptions of most capabilities, current inheritence
  rules, etc.  More to follow.

Reviewed by:	sheldonh
Obtained from:	TrustedBSD Project
2000-12-11 15:25:49 +00:00
Ruslan Ermilov
c23155a43a mdoc(7) police: Er macro usage cleanup. 2000-11-22 16:02:00 +00:00
Ruslan Ermilov
b5c508fba3 Use Fx macro wherever possible. 2000-11-14 11:20:58 +00:00
Robert Watson
36fa62c01b o Introduce cap_from_text() and cap_to_text() implementations.
Reviewed by:	green
Obtained from:	TrustedBSD Project
Security audited by:	imp, green
2000-10-13 18:24:58 +00:00
Robert Watson
ab024bb02e o Simplify capability types away from an array of ints to a single
u_int64_t flag field, bounding the number of capabilities at 64,
  but substantially cleaning up capability logic (there are currently
  43 defined capabilities).

o Heads up to anyone actually using capabilities: the constant
  assignments for various capabilities have been redone, so any
  persistent binary capability stores (i.e., '$posix1e.cap' EA
  backing files) must be recreated.  If you have one of these,
  you'll know about it, so if you have no idea what this means,
  don't worry.

o Update libposix1e to reflect this new definition, fixing the
  exposed functions that directly manipulate the flags fields.

Obtained from:	TrustedBSD Project
2000-10-13 17:12:58 +00:00
Robert Watson
42acb11991 o Update BUGS entry to indicate in a more precise manner the implementation
status of capabilities (library is complete, kernel work is maintained
  outside the tree).

Obtained from:	TrustedBSD Project
2000-10-12 17:58:14 +00:00
Robert Watson
c0e01b9036 o Introduce a MAINTAINER entry for libposix1e, since it is actively
developed and maintained.
2000-10-02 23:41:19 +00:00
Robert Watson
374c6c0f71 o Minor whitespace, comment cleanups
o Removal of unneeded enum
o Removal of commented out debugging printf()'s.

Obtained from:	TrustedBSD Project
2000-09-22 16:36:04 +00:00
Robert Watson
fa1ffad7e1 o Whitespace reduction appled to FreeBSD CVS ID
Obtained from:	TrustedBSD Project
2000-09-19 19:20:21 +00:00
Robert Watson
689f3ef9fe o General warning fixing commit
- Include <stdlib.h> and <string.h> as needed for prototypes
    - Remove unneeded "error" variables
o Make cap_init() use cap_clear() instead of bzero()

Obtained from:	TrustedBSD Project
2000-09-19 19:14:31 +00:00
Robert Watson
579f01fcfe o Add cap_from_text(3) and cap_to_text(3) man pages.
o Implementations will remain in the seperately distributed capability
  patch until the cap_t type changes are synchronized.

Obtained from:	TrustedBSD Project
2000-09-19 19:04:47 +00:00
Robert Watson
d94de3e80f o EACCES is not a possible error for acl_from_text(), so fix
acl_from_text.3
o Minor whitespace cleanups relative to the TrustedBSD tree to reduce
  content-free differences.

Obtained from:	TrustedBSD Project
2000-09-19 18:58:28 +00:00
Robert Watson
9f3aa35641 o cap_set_flag() was not correctly clearing capabilities when value
was CAP_CLEAR.

Obtained from:	TrustedBSD Project
2000-09-19 00:10:39 +00:00
Jeroen Ruigrok van der Werven
62048b0a9e Fix typo, teh -> the. 2000-07-14 11:23:04 +00:00
Robert Watson
76e14ed07f o Enable building of libposix1e capability state utility functions and
capability-related syscall wrappers.

Obtained from:	TrustedBSD Project
2000-07-05 04:25:09 +00:00
Robert Watson
89b7801213 o Introduce cap_{get,set}_{file,fd}() syscall wrappers, associated with
soon to be committed syscall stubs.  These calls will be used to get
  and set capability state associated with executables.

Obtained from:	TrustedBSD Project
2000-07-05 04:20:59 +00:00
Robert Watson
5d08343440 o When calling the syscall, use &cap instead of cap. Apparently this
error was introduced during the merge; fixing it corrects a (correct)
  warning about types.

Obtained from:	TrustedBSD Project
2000-07-05 04:08:35 +00:00
Robert Watson
b00446f08a o Comment out <sys/audit.h> and <sys/mac.h> since they are not yet
committed

Obtained from:	TrustedBSD Project
2000-07-05 03:30:32 +00:00
Chris Costello
55ef467128 - Replace `.Va (cap_t)NULL'' with `.Dv NULL''
- Fix a typo: ``constrains'' -> ``constraints''

Reviewed by:	rwatson
2000-06-09 02:01:27 +00:00
Chris Costello
cce53efa17 - Replace
.Pp
   .Fn func
   .Pp
   Description ...
  with a list (Bl ... Li ... El).
- Remove a superfluous ``.Sh ENVIRONMENT'' and replace it with a ``.Pp''
  within the IMPLEMENTATION DETAILS section.

Reviewed by:	rwatson
2000-06-09 01:59:48 +00:00
Robert Watson
9bcdb11de0 o Introduce libposix1e capability support routines, which provide a
standardized interface to the capability support in TrustedBSD.
o Not currently enabled in Makefile, as this code depends on syscalls
  and include files that will be committed at a later date.

Obtained from:	TrustedBSD Project
2000-06-04 22:17:11 +00:00
Robert Watson
4f15cc7406 o Fix incorrect descriptions of cap_get_flag() and cap_set_flag() in
capabilities summary manpage, cap(3).

Obtained from:	TrustedBSD Project
2000-06-04 22:14:10 +00:00
Robert Watson
ef9bbc7e4d o Build and install POSIX.1e capabilities man pages
o Add shared library version 2 to libposix1e given API changes, et al
o Commented out cap_*.c as that is not currently being compiled into
  the library (pending syscalls being committed)

Obtained from:	TrustedBSD Project
2000-06-04 21:25:31 +00:00
Robert Watson
db0e6ab267 o Add posix1e(3) references to acl.3 and cap.3
Obtained from:	TrustedBSD Project
2000-06-04 21:23:20 +00:00
Robert Watson
0da8c9400b o Add mention of capabilities documentation + APIs
o Switch reference to www.trustedbsd.org instead of POSIX.1e implementation
  page
o Add cross references to capabilities man pages
o Remove extended attribute not implemented "BUGS" entry

Obtained from:	TrustedBSD Project
2000-06-04 21:18:20 +00:00
Robert Watson
49a2603d32 o Introduce man pages for POSIX.1e capability API
- cap.3 describing library interface
  - cap_*.3 describing specific API calls

APIs to follow relatively soon, code to follow later.

Obtained from:	TrustedBSD Project
2000-06-04 21:15:16 +00:00
Robert Watson
f4286d4722 o Remove extra cross reference from acl.3 to acl.3
o Remove "BUGS" entries indicating that there's nowhere to store ACLs as
  we now have extended attributes.

Obtained from:	TrustedBSD Project
2000-06-04 21:10:59 +00:00