diff options
| author | Andrew Morgan <morgan@kernel.org> | 2007-07-10 20:52:44 -0700 |
|---|---|---|
| committer | Andrew Morgan <morgan@kernel.org> | 2007-07-10 20:52:44 -0700 |
| commit | db06d797939c9874a96549df1101be41bcbec17b (patch) | |
| tree | aa864ae7f307b3813e74fd4afcdeccc516f9ebb0 | |
| parent | 2c9c0532daccfd300f0eb1401b15348ed19d0ce7 (diff) | |
| download | libcap-db06d797939c9874a96549df1101be41bcbec17b.tar.gz | |
This is libcap-1.01libcap-1.01
http://www.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.2/libcap-1.01.tar.gz
90 files changed, 113 insertions, 7697 deletions
diff --git a/CHANGELOG b/CHANGELOG new file mode 100644 index 0000000..246e0a2 --- /dev/null +++ b/CHANGELOG @@ -0,0 +1,4 @@ +libcap 1.01 + +* bug fixes from peeterj. +* documentation fix regarding where binaries are installed @@ -1,5 +1,5 @@ # -# $Id: Make.Rules,v 1.7 1999/01/30 03:50:34 morgan Exp $ +# $Id: Make.Rules,v 1.2 1999/04/17 23:26:39 morgan Exp $ # # @@ -36,7 +36,7 @@ LIBDIR=$(FAKEROOT)$(lib_prefix)/lib # common defines for libcap (suitable for 2.2.1+ Linux kernels) VERSION=1 -MINOR=0 +MINOR=01 # # Compilation specifics @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.4 1997/05/14 05:15:40 morgan Exp $ +# $Id: Makefile,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ # # Makefile for libcap diff --git a/RCS/License,v b/RCS/License,v deleted file mode 100644 index bacc634..0000000 --- a/RCS/License,v +++ /dev/null @@ -1,65 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.21.01.43.16; author morgan; state Exp; -branches; -next ; - - -desc -@Do not abuse this! -@ - - -1.1 -log -@Initial revision -@ -text -@Unless otherwise *explicitly* stated, the following text describes the -licensed conditions under which the contents of this libcap release -may be used and distributed: - -------------------------------------------------------------------------- -Redistribution and use in source and binary forms of libcap, with -or without modification, are permitted provided that the following -conditions are met: - -1. Redistributions of source code must retain any existing copyright - notice, and this entire permission notice in its entirety, - including the disclaimer of warranties. - -2. Redistributions in binary form must reproduce all prior and current - copyright notices, this list of conditions, and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - -3. The name of any author may not be used to endorse or promote - products derived from this software without their specific prior - written permission. - -ALTERNATIVELY, this product may be distributed under the terms of the -GNU General Public License, in which case the provisions of the GNU -GPL are required INSTEAD OF the above restrictions. (This clause is -necessary due to a potential conflict between the GNU GPL and the -restrictions contained in a BSD-style copyright.) - -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, -INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS -OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR -TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE -USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH -DAMAGE. -------------------------------------------------------------------------- - -@ diff --git a/RCS/Make.Rules,v b/RCS/Make.Rules,v deleted file mode 100644 index 71428f9..0000000 --- a/RCS/Make.Rules,v +++ /dev/null @@ -1,275 +0,0 @@ -head 1.7; -access; -symbols; -locks; strict; -comment @# @; - - -1.7 -date 99.01.30.03.50.34; author morgan; state Exp; -branches; -next 1.6; - -1.6 -date 98.09.20.23.10.18; author morgan; state Exp; -branches; -next 1.5; - -1.5 -date 98.06.07.01.53.44; author morgan; state Exp; -branches; -next 1.4; - -1.4 -date 98.05.17.17.31.40; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 97.05.14.05.14.35; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.05.04.05.31.12; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.28.00.54.04; author morgan; state Exp; -branches; -next ; - - -desc -@revised with contributions from Zefram -@ - - -1.7 -log -@upped version to 1.0 (to match 2.2.1 Linux kernel) -@ -text -@# -# $Id: Make.Rules,v 1.6 1998/09/20 23:10:18 morgan Exp morgan $ -# - -# -## Optional prefixes: -# - -# common 'packaging' directoty - -FAKEROOT= - -# Autoconf-style prefixes are activated when $(prefix) is defined. -# Otherwise binaries and libraraies are installed in /{lib,sbin}/, -# header files in /usr/include/ and documentation in /usr/man/man?/. - -ifdef prefix -exec_prefix=$(prefix) -lib_prefix=$(exec_prefix) -inc_prefix=$(lib_prefix) -man_prefix=$(prefix) -else -prefix=/usr -exec_prefix= -lib_prefix=$(exec_prefix) -inc_prefix=$(prefix) -man_prefix=$(prefix) -endif - -# Target directories - -MANDIR=$(FAKEROOT)$(man_prefix)/man -SBINDIR=$(FAKEROOT)$(exec_prefix)/sbin -INCDIR=$(FAKEROOT)$(inc_prefix)/include -LIBDIR=$(FAKEROOT)$(lib_prefix)/lib - -# common defines for libcap (suitable for 2.2.1+ Linux kernels) -VERSION=1 -MINOR=0 -# - -# Compilation specifics - -CC=gcc -COPTFLAGS=-O2 -DEBUG=-g #-DDEBUG -WARNINGS=-ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \ - -Wpointer-arith -Wcast-qual -Wcast-align \ - -Wtraditional -Wstrict-prototypes -Wmissing-prototypes \ - -Wnested-externs -Winline -Wshadow -pedantic -LD=ld -LDFLAGS=-s #-g - -IPATH=-I$(topdir)/libcap/include -INCS=$(topdir)/libcap/include/sys/capability.h -LIBS=-L$(topdir)/libcap -lcap -CFLAGS=-Dlinux $(WARNINGS) $(DEBUG) $(COPTFLAG) $(IPATH) - -# Global cleanup stuff - -LOCALCLEAN=rm -f *~ core -DISTCLEAN=@@find . \( -name '*.orig' -o -name '*.rej' \) | xargs rm -f - -# Flags to pass down recursive makes - -MAKE_DEFS = CC='$(CC)' CFLAGS='$(CFLAGS)' \ - LD='$(LD)' LIBS='$(LIBS)' LDFLAGS='$(LDFLAGS)' \ - VERSION='$(VERSION)' MINOR='$(MINOR)' \ - LIBDIR='$(LIBDIR)' INCDIR='$(INCDIR)' \ - SBINDIR='$(SBINDIR)' MANDIR='$(MANDIR)' -@ - - -1.6 -log -@updated for kernel 2.1.122 (should work with 104+, since the changes -are a library bug fix and the addition of an other example prog: -sucap) -@ -text -@d2 1 -a2 1 -# $Id: Make.Rules,v 1.5 1998/06/07 01:53:44 morgan Exp morgan $ -d37 3 -a39 3 -# common defines for libcap -VERSION=0 -MINOR=122 -@ - - -1.5 -log -@updated for 0.104 -@ -text -@d2 1 -a2 1 -# $Id: Make.Rules,v 1.4 1998/05/17 17:31:40 morgan Exp morgan $ -d39 1 -a39 1 -MINOR=104 -@ - - -1.4 -log -@updated version number -modified some compilation flags -@ -text -@d2 1 -a2 1 -# $Id: Make.Rules,v 1.3 1997/05/14 05:14:35 morgan Exp morgan $ -d39 1 -a39 1 -MINOR=102 -@ - - -1.3 -log -@autoconf rearrangement from Zefram -@ -text -@d2 1 -a2 1 -# $Id: Make.Rules,v 1.2 1997/05/04 05:31:12 morgan Exp morgan $ -d39 1 -a39 1 -MINOR=85 -d46 1 -a46 1 -DEBUG=#-g -DDEBUG -@ - - -1.2 -log -@cleaner makefiles -@ -text -@d2 1 -a2 1 -# $Id: Make.Rules,v 1.1 1997/04/28 00:54:04 morgan Exp morgan $ -d10 1 -d13 16 -a28 2 -# include file prefix -inc_prefix=/usr -d30 1 -a30 2 -# library tree prefix -lib_prefix= -d32 4 -a35 5 -# manual tree prefix -man_prefix=/usr - -# sbin directory prefix -sbin_prefix= -d39 1 -a39 2 -MINOR=80 -# -a46 1 -FAKEROOT= -d51 3 -d55 2 -a56 2 -LPATH=-L$(topdir)/libcap -lcap - -a58 7 -# "Interesting target directories" - -MANDIR=$(FAKEROOT)$(man_prefix)/man -BINDIR=$(FAKEROOT)$(sbin_prefix)/sbin -INCDIR=$(FAKEROOT)$(inc_prefix)/include -LIBDIR=$(FAKEROOT)$(lib_prefix)/lib - -d63 8 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 -# $Id: Makefile,v 1.1 1997/04/21 04:32:27 morgan Exp $ -d4 20 -d26 1 -a26 1 -MINOR=02 -d30 2 -a31 1 -ifndef CC -a32 3 -endif - -ifndef COPTFLAGS -a33 3 -endif - -ifndef DEBUG -a34 3 -endif - -ifndef FAKEROOT -a35 2 -endif - -a39 5 - -MANDIR=$(FAKEROOT)/usr/man -BINDIR=$(FAKEROOT)/bin -INCDIR=$(FAKEROOT)/usr/include -LIBDIR=$(FAKEROOT)/lib -d44 9 -@ diff --git a/RCS/Makefile,v b/RCS/Makefile,v deleted file mode 100644 index cac5ea7..0000000 --- a/RCS/Makefile,v +++ /dev/null @@ -1,163 +0,0 @@ -head 1.4; -access; -symbols; -locks; strict; -comment @# @; - - -1.4 -date 97.05.14.05.15.40; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 97.05.04.05.31.12; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.00.54.04; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.32.27; author morgan; state Exp; -branches; -next ; - - -desc -@a start -@ - - -1.4 -log -@autoconf rearrangemnt from Zefram -@ -text -@# -# $Id: Makefile,v 1.3 1997/05/04 05:31:12 morgan Exp morgan $ -# -# Makefile for libcap - -topdir=$(shell pwd) -include Make.Rules - -# -# flags -# - -all install clean: %: %-here - make -C libcap $(MAKE_DEFS) $@@ - make -C progs $(MAKE_DEFS) $@@ - make -C doc $(MAKE_DEFS) $@@ - -all-here: - -install-here: - -clean-here: - $(LOCALCLEAN) - -distclean: clean - $(DISTCLEAN) - -release: distclean - cd .. ; tar cvfz libcap-$(VERSION).$(MINOR).tar.gz libcap-$(VERSION).$(MINOR) -@ - - -1.3 -log -@cleaner makefiles -@ -text -@d2 1 -a2 1 -# $Id: Makefile,v 1.2 1997/04/28 00:54:04 morgan Exp morgan $ -d6 1 -a6 1 -topdir=. -d14 3 -a16 3 - make -C libcap $@@ - make -C progs $@@ - make -C doc $@@ -@ - - -1.2 -log -@revised with contributions from Zefram -@ -text -@d2 1 -a2 1 -# $Id: Makefile,v 1.1 1997/04/21 04:32:27 morgan Exp morgan $ -a11 2 -# -# -d13 8 -a20 8 -all: - make -C libcap all - make -C progs all - -install: - make -C libcap install - make -C progs install - make -C doc install -d22 1 -a22 1 -clean: -a23 3 - make -C libcap clean - make -C progs clean - make -C doc clean -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 -# $Id$ -d6 2 -a7 19 -ifndef CC -CC=gcc -endif -export CC - -ifndef COPTFLAGS -COPTFLAGS=-O2 -endif -export COPTFLAGS - -ifndef DEBUG -DEBUG=#-g -DDEBUG -endif -export DEBUG - -ifndef FAKEROOT -FAKEROOT= -endif -export FAKEROOT -a11 6 -export IPATH=-I$(shell pwd)/libcap/include -export LPATH=-L$(shell pwd)/libcap -lcap -export WARNINGS = -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \ - -Wpointer-arith -Wcast-qual -Wcast-align \ - -Wtraditional -Wstrict-prototypes -Wmissing-prototypes \ - -Wnested-externs -Winline -Wshadow -pedantic -d22 1 -d25 1 -d28 1 -d31 4 -a34 1 - @@find . \( -name '*.orig' -o -name '*.rej' \) | xargs rm -f -@ diff --git a/RCS/README,v b/RCS/README,v deleted file mode 100644 index 7208411..0000000 --- a/RCS/README,v +++ /dev/null @@ -1,89 +0,0 @@ -head 1.2; -access; -symbols; -locks; strict; -comment @# @; - - -1.2 -date 98.05.17.17.33.01; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.32.27; author morgan; state Exp; -branches; -next ; - - -desc -@a start -@ - - -1.2 -log -@updated for 0.102 -@ -text -@ -This is a library for getting and setting POSIX.1e (formerly POSIX 6) -draft 15 capabilities. - -This library would not have been possible without the help of - - Aleph1, Roland Buresund and Andrew Main, Alexander Kjeldaas. - -More information on capabilities in the Linux kernel can be found at - - http://linux.kernel.org/pub/linux/libs/security/linux-privs/ - -# INSTALLATION - - Linux-Caps % make - - builds the library and the programs - - Linux-Caps % make install - - installs the library libcap.XX.Y in /lib/ - the binaries in /bin/ - the <sys/capability.h> file in /usr/include - -* for some example programs look in progs. - -Cheers - -Andrew G. Morgan <morgan@@linux.kernel.org> -@ - - -1.1 -log -@Initial revision -@ -text -@d1 1 -d3 1 -a3 2 -capabilities. It has been written to conform to the capabilities -associated with the capability-enhanced Linux kernel. -d7 1 -a7 1 - Aleph1, Roland Buresund and Andrew Main. -d11 1 -a11 1 - <URL:http://parc.power.net/morgan/Orange-Linux/linux-privs/> -d25 1 -a25 7 -# TESTING (preliminary) - - getcap <filename> - -[Not written yet: - setcap <filename> -] -d29 1 -a29 1 -Andrew G. Morgan <morgan@@parc.power.net> -@ diff --git a/RCS/pgp.keys.asc,v b/RCS/pgp.keys.asc,v deleted file mode 100644 index cdf61a5..0000000 --- a/RCS/pgp.keys.asc,v +++ /dev/null @@ -1,158 +0,0 @@ -head 1.3; -access; -symbols; -locks; strict; -comment @# @; - - -1.3 -date 99.01.30.03.49.08; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 98.05.24.21.09.12; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.01.42.57; author morgan; state Exp; -branches; -next ; - - -desc -@For future reference. -@ - - -1.3 -log -@added Andrey's key -@ -text -@Type Bits/KeyID Date User ID -pub 1024/2A398175 1996/11/17 Andrew G. Morgan <morgan@@linux.kernel.org> ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: 2.6.3a - -mQCNAzKOhJ4AAAEEAJ9xYnZSD1kYanF+8GUBhHf/gx6hGd8ZNmS5qIC8Qb8rMcTI -+E16nV+FnNRlPRbShITYjq1TPvVK8gTliZf41N9LRQZw0rywRt1NQyhdfKgDWYxB -kSOwK67oDjkzzC56XS2rrGI6K3Rz/VtYElRyuQ6ZyaKTGcgU/TTwrUUqOYF1AAUR -tChBbmRyZXcgRy4gTW9yZ2FuIDxtb3JnYW5AcGFyYy5wb3dlci5uZXQ+iQCVAwUQ -MvNT5Cd5aW9FNqjdAQFt+wP/elq589YoIgZewnFbhB/wZ9cvNBOuDwKT7B71s5L4 -DW3cbE1SaCLgCwgZ3P5KRmqf2Yma+zAmj3zA5BqLou9czdrVeBRiIq77vDWR01q+ -vqiaQD5egroboOPt8OwT0tyTUvFTN+jVJHaBkmoYePvBvAbHJJhKuXSoRdTOgIx2 -lp6JAJUDBRAyjoSfNPCtRSo5gXUBATTWA/9IJKdFUmfndQtVPkPiQ76BUHmYXAUV -zs/r/3V/KV14HhaPAHijAn/eCsB8vbD/WG41cjYb8VCjDE6QRmn+ydbv+7FPbBFU -X30J8hCBLB/Ft7CL+lkMsjoZ+2usH7Wqx+yiyRdq7QLohZZy2nXSJjRzp+OFci1E -bK45M7J9uNvl6Q== -=tk+w ------END PGP PUBLIC KEY BLOCK----- - -Type Bits/KeyID Date User ID -pub 1024/4536A8DD 1996/01/28 Michael K. Johnson <johnsonm@@redhat.com> - Michael K. Johnson <johnsonm@@nigel.vnet.net> ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: 2.6.3a - -mQCNAzEK0l0AAAEEAMWweYcS6ov1RISP6E7lb3vgQOrmhBy6S/8zkuHo92IkQWXm -V9AcMUY/eJPRJH6yI6o1ZKN4InT4uCkSIQOd2C8XyeIK5jFhpmP9DhoucacNL5H7 -oCV4wtFGhUDaDl9VeTtbWLSMESxJ4T/fL/IfkW95/Q2dF7zIDid5aW9FNqjdAAUR -tChNaWNoYWVsIEsuIEpvaG5zb24gPGpvaG5zb25tQHJlZGhhdC5jb20+iQCVAwUQ -MuqeiDTwrUUqOYF1AQEjywP/bCWLybbZSI8plyUSWD3yxwjsE+8BiOPGRu1AARUz -GbVZq9LqPDyjFtH9DqgXULyZtCAk8ebZonH/h/0EnZTi4tiZg3BHKXhIlWQnNz4D -QRdtUEmMNQzi9+3mU99CBGigsrDQnNrnI88ejo/0YY3gdt6752g5HAvY13h9A0ZP -MFWJAJUDBRAxgAouJ3lpb0U2qN0BActVA/9vgBOUheUpLPiIry/+2qqJv+e+LnHw -DgZqROpli9bhJ4wfb1sXPYkFzchR8BUeU0NY6HvAwxEilSNPE1yQoaJuy8POtTuu -aFO4wvuLp0v5LuatXaU8EsncwjrBsWqRB6Dqd+jyq24Pjx0YKNSRJxceiBE8SBDW -HESAhYTYCBLy77QsTWljaGFlbCBLLiBKb2huc29uIDxqb2huc29ubUBuaWdlbC52 -bmV0Lm5ldD6JAJUDBRAxGljWe01Ojay67k0BAf3qA/48N9OvgGk9nNR+Pg6aW3rK -2Dy8t2RQdFGd4b7gBtZeXUAklq9ppYZtS+cXFHoQ8d7K8XBjHh+rgF2oOSBQUrQf -eb8XkKSZQxB7DZVdi1gAsOzSwCrn4TWSSKc28P4Mjuj1Jr2f1FGST1+cGIl7JbhV -kLGjmvOIgs7lS8FE0Hhm/4kAlQMFEDEWclxEcVNogr/H7QEBN1QD/1iY+KYQyOTz -fgaBsx+Bt11kstmOlYhXx23yK2etG0p8XCD2r3aojGOTR/e3o2bLiJo4xe+iMhOM -dvdSzxSPGQ20wX3jGJaRrRiSClFTQbZSelGG0FcOGfM3mL5zeHaXzRcRciK3VDkD -IFzTQ3J5NJVBIVlAkxTMIxho758lR2SjiQCVAwUQMREqFnoDqzGe1QXFAQFdpAP/ -VPPoYO50seo1rLL28AA2PVKqo6BJwj0ZMsC14MDJEKryBbj/E4Ma25uSlzBjj+t9 -rbygoz0XWUQMLh8XPAEps3nE3n8FWROsdlucGzGiDGKVEygLPzCsjR7aGEspN1Y7 -4qOZPxbpGG7B5exOLur4ACY75m6oBh+PN+Q1liCIYXKJAJUDBRAxDpk1iGe2nxKR -G10BAeQjBACmx4DyJacQXxuckDaKMTXa8v2Q7lQpPDyHdn1oAUsx1mrbSL55v2AI -Q0riFWcFRTERpjAToCLgQjK1pKpmJcduiXURj6TPVKd88hYkuCIpn2hIaI7SCkd8 -HZlfFiuaxVN29UbbzHv3C+mseydpkPRrovqmOSuj2xAGFALo6Vl9U4kAlQMFEDEN -eD5EFXDNRmtCiQEBRmoEAJAuyY0F5hbweDOdeAhxLWeiTl9jGwQYDS3T5B5/9ZpC -bJ1yX7Pk2o7LvR9tg/Ji5sfMMvIpH48DNT4kyjmmChFXCUBccwd+33ugdTcYDwLR -Cdt7k9r2yXz1LEH+lVNKOEIhuIq8/sX61hvFR7+qSABthTLrvvynycD5n2pG3F7L -=aGjw ------END PGP PUBLIC KEY BLOCK----- - -Type Bits/KeyID Date User ID -pub 1024/D4F4D901 1997/03/05 Cristian Gafton <gafton@@redhat.com> - ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: 2.6.3a - -mQCNAzMdU6sAAAEEAKLF73rRJ3RUtl+y4bLUOVOV7ataJ46ZHxDZeGAVi+/suwT9 -Kq7QdaeFc4Xwaq8PVWv7pZ4/qTwHUkdbjBVeLt+KOlprvKuadyAh9aG/SqmKkEvA -hCS3yZDwNmeSLO7VIN5ko1nIwVD4kPJvS3xX6kn6jd4mvv/qGfGvxKXU9NkBAAUR -tCNDcmlzdGlhbiBHYWZ0b24gPGdhZnRvbkBzb3Jvc2lzLnJvPokAlQMFEDMeTlI0 -8K1FKjmBdQEBmgQD/02JxAU6+fiaBKwRIFDdsLYTy8mPgYaoul9RIX450W5D5nY/ -/696F6TfmFUzvnrvTbZUDyLxHB0mnh4SrdKRKo57i7RDrdx3Mqlt/xP4R6nHwFed -yTMvz3KB9tYuWfC1fJp69/VRIkMrw448zKkgqHUnAKxMIHvXnV3M9jd6lXSYiQCV -AwUQMx1Tq/GvxKXU9NkBAQE3/gP/RZMe59OkBWS4whc9c6eac6zwcC/hNc1vyiZ5 -2TEHJ10PgtNtHchD7j3xsDO17/DGEZB23OQiPAeLdqnBr+y2uiSlQfYdpVHBHX3A -uX3onc69LpEHmUAJAVOvfU1scnDtOH/KeVN3nwc6PWLxzLWzXfUbwLNK+LiPMNMV -1qygu+s= -=J4G2 ------END PGP PUBLIC KEY BLOCK----- - -Type Bits/KeyID Date User ID -pub 1024/A5D75B79 1997/03/01 Andrey V. Savochkin <saw@@msu.ru> - ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: 2.6.3a - -mQCNAzMYf1MAAAEEAK1S5jgmWnn8IS9mKoSpXu87f2soQhVZ3XdvsBCK2V7BojlU -0+JJrK+2gMH5tavyFsQ6cKch6I4xH54cS4P4tNE9M7OtfoXOxejtp9U9KZio8T0X -gM8qOS4fTQEfmdHSA5ETe5Vv+WPZ+/3SCo5kD1uIUUwppHDgJH+l396l11t5AAUR -tCBBbmRyZXkgVi4gU2F2b2Noa2luIDxzYXdAbXN1LnJ1PokAlQMFEDaIUh008K1F -KjmBdQEBFtkD/38mraXdr4aEYC6lxlG3cF+59XB6FjyBYhtwgNshpI2mB5XLr25p -f4jMFNUqnY/bGjXWKwbNguzJ0ukD8TgOg1ZXQZztRso1t1Y2M1KPbwlqj8ib1bZG -inQO/eqLrVwFH6F9CTiF0Fgy7faAIHN6BfE0o8earrcIwjT7sxRej3lziQCVAwUQ -M35653fqPT1smcpJAQHeqgQAlXMOru6Rz1TkslVrWD0n7dvBUHQxs0HS1pcWJnZJ -6kcYMLSA2RBi1fRabwzuOtzK60tOmfmnD7btcGBMMflOtfSulEg/xKNw2awEsNQK -ULEIBsvrpMr0UN4hWkxTggDXaykg7rQqgrbAsicoLuTtPDIbc+yhQcFEVGJiPO/I -tqiJAJUDBRAzfnUef89/VVw/1FkBAQ2lA/9q6FQM4RZzp75qxZ7jqAwUy9RFAKhp -L63YFJX3i1JsUjNoO51pjj5pEAxVVQsorqbdsmpC2aOUTf1AufEcs1kLojb3tc19 -MhXPyHTJs66QqWutdP/yOW+CLzmILAsbEgI6O+toVZ0rHVXjEtRgKUnYReHLrlYj -RKlBnkVc3NtPcIkAlQMFEDMYf1N/pd/epddbeQEBfKYD/3x/PkH2e+Cy7YXsfwxb -y/n+6eNIbfakSYjkwN5tDOeaKhdQKUJBKVwAzD2yrLmMDx6uW+FUOTucb6Anau6R -iKrAJq/a4DcpAeymo7cAthVU7en7HWwebQcL4wZGao1BJI+ulynki4sIqkfbGP83 -DK775eovl5X195ZkE/wNJvoi -=V5TY ------END PGP PUBLIC KEY BLOCK----- -@ - - -1.2 -log -@updated the email addresses -@ -text -@d76 25 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 -pub 1024/2A398175 1996/11/17 Andrew G. Morgan <morgan@@parc.power.net> -d57 1 -a57 1 -pub 1024/D4F4D901 1997/03/05 Cristian Gafton <gafton@@sorosis.ro> -d75 1 -@ @@ -19,7 +19,7 @@ More information on capabilities in the Linux kernel can be found at Linux-Caps % make install installs the library libcap.XX.Y in /lib/ - the binaries in /bin/ + the binaries in /sbin/ the <sys/capability.h> file in /usr/include * for some example programs look in progs. diff --git a/doc/Makefile b/doc/Makefile index 5f68b88..56d4837 100644 --- a/doc/Makefile +++ b/doc/Makefile @@ -1,5 +1,5 @@ # -# $Id: Makefile,v 1.4 1998/05/24 22:50:27 morgan Exp $ +# $Id: Makefile,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ # # Makefile for libcap documentation # diff --git a/doc/RCS/Makefile,v b/doc/RCS/Makefile,v deleted file mode 100644 index 69f32d0..0000000 --- a/doc/RCS/Makefile,v +++ /dev/null @@ -1,137 +0,0 @@ -head 1.4; -access; -symbols; -locks; strict; -comment @# @; - - -1.4 -date 98.05.24.22.50.27; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 97.05.14.05.16.29; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.05.04.05.31.57; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@for installing manuals -@ - - -1.4 -log -@updated for 2.1.104 release -@ -text -@# -# $Id: Makefile,v 1.3 1997/05/14 05:16:29 morgan Exp morgan $ -# -# Makefile for libcap documentation -# - -topdir=$(shell pwd)/.. -include $(topdir)/Make.Rules - -MAN2S = capget.2 capset.2 -MAN3S = cap_init.3 cap_free.3 cap_dup.3 \ - cap_clear.3 cap_get_flag.3 cap_set_flag.3 \ - cap_get_proc.3 cap_set_proc.3 \ - cap_copy_ext.3 cap_size.3 cap_copy_int.3 \ - cap_from_text.3 cap_to_text.3 _cap_names.3 \ - capsetp.3 capgetp.3 -#MAN8S = getcap.8 setcap.8 - -MANS = $(MAN2S) $(MAN3S) $(MAN8S) - -all: $(MANS) - -install: - mkdir -p -m 755 $(MANDIR)/man2 $(MANDIR)/man3 - for man in \ - $(MANDIR)/man2 $(MAN2S) \ - $(MANDIR)/man3 $(MAN3S) \ - ; \ - do \ - case $$man in \ - /*) sub=$$man ; continue ;; \ - esac; \ - install -m 644 $$man $$sub ; \ - done - -clean: - $(LOCALCLEAN) - -@ - - -1.3 -log -@autoconf rearrangement from Zefram -@ -text -@d2 1 -a2 1 -# $Id: Makefile,v 1.2 1997/05/04 05:31:57 morgan Exp morgan $ -d10 1 -a10 2 -MAN2S = _setproccap.2 _getproccap.2 \ - _setfilecap.2 _getfilecap.2 _fsetfilecap.2 _fgetfilecap.2 -a12 1 - cap_get_file.3 cap_set_file.3 cap_get_fd.3 cap_set_fd.3 \ -d15 3 -a17 2 - cap_from_text.3 cap_to_text.3 _cap_names.3 -MAN8S = getcap.8 setcap.8 -d24 1 -a24 1 - mkdir -p -m 755 $(MANDIR)/man2 $(MANDIR)/man3 $(MANDIR)/man8 -d28 1 -a28 1 - $(MANDIR)/man8 $(MAN8S) ; \ -@ - - -1.2 -log -@cleaner -@ -text -@d2 1 -a2 1 -# $Id: Makefile,v 1.1 1997/04/28 00:54:52 morgan Exp morgan $ -d7 1 -a7 1 -topdir=.. -d34 1 -a34 1 - install -m 644 -o root -g root $$man $$sub ; \ -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 -# $Id$ -d26 10 -a35 3 - install -m 644 -o root -g root $(MAN2S) $(MANDIR)/man2 - install -m 644 -o root -g root $(MAN3S) $(MANDIR)/man3 - install -m 644 -o root -g root $(MAN8S) $(MANDIR)/man8 -@ diff --git a/doc/RCS/_cap_names.3,v b/doc/RCS/_cap_names.3,v deleted file mode 100644 index 2ae4e62..0000000 --- a/doc/RCS/_cap_names.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_from_text.3 -@ diff --git a/doc/RCS/cap_clear.3,v b/doc/RCS/cap_clear.3,v deleted file mode 100644 index 3d4ef0e..0000000 --- a/doc/RCS/cap_clear.3,v +++ /dev/null @@ -1,169 +0,0 @@ -head 1.2; -access; -symbols; -locks; strict; -comment @# @; - - -1.2 -date 97.05.24.19.45.28; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.2 -log -@corrections from Aleph1 -@ -text -@.\" -.\" $Id: cap_clear.3,v 1.1 1997/04/28 00:54:52 morgan Exp morgan $ -.\" -.TH CAP_CLEAR 3 "26th May 1997" "" "Linux Programmer's Manual" -.SH NAME -cap_clear, cap_get_flag, cap_set_flag \- capability data object manipulation -.SH SYNOPSIS -.B #include <sys/capability.h> -.sp -.BI "int cap_clear(cap_t " cap_p ); -.sp -.BI "int cap_get_flag(cap_t " cap_p ", cap_value_t " cap ", cap_flag_t " flag ", cap_flag_value_t *" value_p ");" -.sp -.BI "int cap_set_flag(cap_t " cap_p ", cap_flag_t " flag ", int " ncap ", cap_value_t *" caps ", cap_flag_value_t " value ");" -.SH USAGE -.B cc ... -lcap -.SH DESCRIPTION -.B cap_clear -initializes the capability state in working storage identified by -.I cap_p -in such a way that all capability flags are cleared. -.PP -.B cap_get_flag -obtains the current value of the capability flag, -.IR flag , -of the capability, -.IR cap , -from the capability state identified by -.I cap_p -and places it in the location pointed to by -.IR value_p . -.PP -.B cap_set_flag -sets the flag, -.IR flag , -of each capability in the array -.I caps -in the capability state identified by -.I cap_p -to -.IR value . -The argument, -.IR ncap , -is used to specify the number of capabilities in the array, -.IR caps . -.PP -A -.B cap_value_t -can identify any capability, such as -.BR CAP_CHOWN . -A -.B cap_flag_t -can be set to -.BR CAP_EFFECTIVE , -.B CAP_INHERITABLE -or -.BR CAP_PERMITTED . -A -.B cap_flag_value_t -can be -.B CAP_CLEAR -(0) or -.B CAP_SET -(1). -.SH "RETURN VALUE" -.BR cap_clear , -.B cap_get_flag -and -.B cap_set_flag -return zero on success, and \-1 on failure. -.PP -On failure, -.BR errno (3) -is set to -.BR EINVAL , -indicating that one of the arguments is invalid. - -.SH "CONFORMING TO" -These functions are specified by POSIX.1e. -.SH "SEE ALSO" -.IR cap_copy_ext (3), -.IR cap_from_text (3), -.IR cap_get_file (3), -.IR cap_get_proc (3), -.IR cap_init (3) -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 -.\" $Id$ -d4 1 -a4 1 -.TH CAP_CLEAR 3 "26th April 1997" "" "Linux Programmer's Manual" -d6 1 -a6 1 -cap_clear, cap_get_flag, cap_set_flag \- twiddle bits in capability sets -d10 1 -a10 1 -.BI "int cap_clear(cap_t " caps ); -d12 1 -a12 1 -.BI "int cap_get_flag(cap_t " caps ", cap_value_t " capno ", cap_flag_t " set ", cap_flag_value_t *" result_p ");" -d14 3 -a16 1 -.BI "int cap_set_flag(cap_t " caps ", cap_flag_t " set ", int " numcaps ", cap_value_t *" capnos ", cap_flag_value_t " state ");" -d19 3 -a21 2 -clears all bits in the capability sets of -.IR caps . -d24 8 -a31 8 -extracts the state of capability number -.I capno -from capability set -.I set -in -.IR caps , -and writes it into -.IR *result_p . -d34 12 -a45 10 -sets the state of capabilities. It sets capabilities in capability set -.I set -in -.IR caps -to state -.IR state . -The capabilities to set are specified in an array pointed to by -.I capnos -of length -.IR numcaps . -d49 1 -a49 1 -can be set to any capability number, such as -@ diff --git a/doc/RCS/cap_copy_ext.3,v b/doc/RCS/cap_copy_ext.3,v deleted file mode 100644 index f6d427d..0000000 --- a/doc/RCS/cap_copy_ext.3,v +++ /dev/null @@ -1,215 +0,0 @@ -head 1.3; -access; -symbols; -locks; strict; -comment @# @; - - -1.3 -date 97.05.24.19.45.28; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.05.04.05.32.28; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.3 -log -@corrections from Aleph1 -@ -text -@.\" -.\" $Id: cap_copy_ext.3,v 1.2 1997/05/04 05:32:28 morgan Exp morgan $ -.\" -.TH CAP_COPY_EXT 3 "26th May 1997" "" "Linux Programmer's Manual" -.SH NAME -cap_copy_ext, cap_size, cap_copy_int \- capability state external representation translation -.SH SYNOPSIS -.B #include <sys/capability.h> -.sp -.BI "ssize_t cap_size(cap_t " cap_p ); -.sp -.BI "ssize_t cap_copy_ext(void *" ext_p ", cap_t " cap_p ", ssize_t " size ); -.sp -.BI "cap_t cap_copy_int(const void *" ext_p ); -.SH USAGE -.br -.B cc ... -lcap -.SH DESCRIPTION -These functions translate a capability state from an internal representation -into an external one. The external representation is an exportable, contiguous, -persistent representation of a capability state in user-managed space. The -internal representation is managed by the capability functions in working -storage. -.PP -.B cap_size -returns the total length (in bytes) that the capability state in working -storage identified by -.I cap_p -would require when converted by -.BR cap_copy_ext . -This function is used primarily to determine the amount of buffer space that -must be provided to the -.B cap_copy_ext -function in order to hold the capability data record created from -.IR cap_p . -.PP -.B cap_copy_ext -copies a capability state in working storage, identified by -.IR cap_p , -from system managed space to user-managed space (pointed to by -.IR ext_p ) -and returns the length of the resulting data record. The size parameter -represents the maximum size, in bytes, of the resulting data record. The -.B cap_copy_ext -function will do any conversions necessary to convert the capability state -from the undefined internal format to an exportable, contiguous, persistent -data record. It is the responsibility of the user to allocate a buffer large -enough to hold the copied data. The buffer length required to hold the copied -data may be obtained by a call to the -.B cap_size -function. -.PP -.B cap_copy_int -copies a capability state from a capability data record in user-managed -space to a new capability state in working storage, allocating any -memory necessary, and returning a pointer to the newly created capability -state. The function initializes the capability state and then copies -the capability state from the record painted to by -.I ext_p -into the capability state, converting, if necessary, the data from a -contiguous, persistent format to an undefined, internal format. Once -copied into internal format, the object can be manipulated by the capability -state manipulation functions. Note that the record pointed to by -.I ext_p -must have been obtained from a previous, successful call to -.B cap_copy_ext -for this function to work successfully. The caller should free any -releasable memory, when the capability state in working storage is no -longer required, by calling -.B cap_free -with the -.I cap_t -as an argument. -.SH "RETURN VALUE" -.B cap_size -returns the length required to hold a capability data record on success, -and -1 on failure. -.PP -.B cap_copy_ext -returns the number of bytes placed in the user managed space pointed to by -.I ext_p -on success, and -1 on failure. -.PP -.B cap_copy_int -returns a pointer to the newly created capability state in working storage -on success, and NULL on failure. -.PP -On failure, -.BR errno (3) -is set to -.BR EINVAL , -.BR ENOMEM , -or -.BR ERANGE . -.SH "CONFORMING TO" -These functions are specified by POSIX.1e. -.SH "SEE ALSO" -.IR cap_clear (3), -.IR cap_from_text (3), -.IR cap_get_file (3), -.IR cap_get_proc (3), -.IR cap_init (3) -@ - - -1.2 -log -@fixed title name -@ -text -@d2 1 -a2 1 -.\" $Id: cap_copy_ext.3,v 1.1 1997/04/28 00:54:52 morgan Exp morgan $ -d4 1 -a4 1 -.TH CAP_COPY_EXT 3 "26th April 1997" "" "Linux Programmer's Manual" -d6 1 -a6 1 -cap_copy_ext, cap_size, cap_copy_int \- external representation of capability sets -d10 1 -a10 1 -.BI "ssize_t cap_copy_ext(void *" extrep ", cap_t " caps ", ssize_t " length ); -d12 1 -a12 1 -.BI "ssize_t cap_size(cap_t " caps ); -d14 4 -a17 1 -.BI "cap_t cap_copy_int(void const *" extrep ); -d19 5 -a23 2 -These functions provide an external representation of POSIX.1e capabilities, -suitable for storage in archives or communication over pipes, for example. -d25 8 -d34 2 -a35 7 -copies the capability sets -.I caps -into the buffer -.I extrep -(of length -.IR length ), -and returns indicating how much of the buffer was actually used. -d37 13 -d51 1 -a51 3 -returns indicating how large a buffer would be required to fully represent -the capability set -.IR caps . -d54 12 -a65 3 -takes a buffer -.IR extrep , -whose contents are the result of a -d67 7 -a73 4 -call, and -reforms it into an internal-format capability set. -The return value must eventually be disposed of by passing it to -.BR cap_free . -d75 9 -d85 2 -a86 1 -returns a non-NULL value on success, and NULL on failure. -d92 1 -d94 1 -a94 1 -.BR ENOMEM . -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 -.\" $Id$ -d4 1 -a4 1 -.TH CAP_INIT 3 "26th April 1997" "" "Linux Programmer's Manual" -@ diff --git a/doc/RCS/cap_copy_int.3,v b/doc/RCS/cap_copy_int.3,v deleted file mode 100644 index 508f859..0000000 --- a/doc/RCS/cap_copy_int.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_copy_ext.3 -@ diff --git a/doc/RCS/cap_dup.3,v b/doc/RCS/cap_dup.3,v deleted file mode 100644 index 18f19ac..0000000 --- a/doc/RCS/cap_dup.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_init.3 -@ diff --git a/doc/RCS/cap_free.3,v b/doc/RCS/cap_free.3,v deleted file mode 100644 index 18f19ac..0000000 --- a/doc/RCS/cap_free.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_init.3 -@ diff --git a/doc/RCS/cap_from_text.3,v b/doc/RCS/cap_from_text.3,v deleted file mode 100644 index aae3806..0000000 --- a/doc/RCS/cap_from_text.3,v +++ /dev/null @@ -1,312 +0,0 @@ -head 1.3; -access; -symbols; -locks; strict; -comment @# @; - - -1.3 -date 97.05.24.19.45.28; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.05.04.05.32.50; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.3 -log -@corrections from Aleph1 -@ -text -@.\" -.\" $Id: cap_from_text.3,v 1.2 1997/05/04 05:32:50 morgan Exp morgan $ -.\" written by Andrew Main <zefram@@dcs.warwick.ac.uk> -.\" -.TH CAP_FROM_TEXT 3 "26th May 1997" "" "Linux Programmer's Manual" -.SH NAME -cap_from_text, cap_to_text, _cap_names \- capability state textual representation translation -.SH SYNOPSIS -.B #include <sys/capability.h> -.sp -.BI "cap_t cap_from_text(const char *" buf_p ); -.sp -.BI "char *cap_to_text(cap_t " caps ", ssize_t *" length_p ); -.sp -.B extern char const *_cap_names[]; -.SH USAGE -.br -.B cc ... -lcap -.SH DESCRIPTION -These functions translate a capability state from an internal representation -into a textual one. The internal representation is managed by the capability -functions in working storage. The textual representation is a structured, -human-readable, string suitable for display. -.PP -.B cap_from_text -allocates and initializes a capability state in working storage. It then -sets the contents of this newly-created capability state to the state -represented by human-readable, null terminated character string pointed to by -.IR buf_p . -It returns a pointer to the newly created capability state. The -caller should free any releasable memory, when the capability state in working -storage is no longer required, by calling -.B cap_free -with -.I cap_t -as an argument. The function returns an error if it cannot parse the -contents of the string pointed to by -.I buf_p -or does not recognize any -.I capability_name -or flag character as valid. The function also returns an error if any flag -is both set and cleared within a single clause. -.PP -.B cap_to_text -converts the capability state in working storage identified by -.I cap_p -into a null terminated human-readable string. This function allocates any -memory necessary to contain the string, and returns a pointer to the string. If -the pointer -.I len_p -is not -.BR NULL , -the function shall also return the full length of the string (not including -the null terminator) in the location pointed to by -.IR len_p . -The capability state in working storage, identified by -.IR cap_p , -is completely represented in the character string. The caller should -free any releasable memory, when the capability state in working -storage is no longer required, by calling -.B cap_free -with -.B cap_p -as an argument. -.PP -.B _cap_names -is an array of textual names for capability numbers. Unnamed capabilities -have a NULL entry. (This array is not defined by POSIX.1e.) -.SH "TEXTUAL REPRESENTATION" -A textual representation of capability sets consists of one or more -whitespace-separated -.IR clauses . -Each clause specifies some operations to a capability set; the set -starts out with all capabilities lowered, and the meaning of the -string is the state of the capability set after all the clauses have -been applied in order. -.PP -Each clause consists of a list of comma-separated capability names -(or the word -.RB ` all '), -followed by an -.IR action-list . -An action-list consists of a sequence of -.I operator flag -pairs. Legal operators are: -.RB ` = "', '" + "', and `" - "'." -Legal flags are: -.RB ` e "', `" i "', and `" p "'." -These flags are case-sensitive and specify the Effective, Inheritable -and Permitted sets respectively. -.PP -In the capability name lists, all names are case-insensitive. The -special name -.RB ` all ' -specifies all capabilities; it is equivalent to a list naming every -capability individually. -.PP -Although not defined by POSIX, unnamed capabilities can be specified -by number. -.PP -The -.RB ` = ' -operator indicates that the listed capabilities are first reset in -all three capability sets. The subsequent flags (which are optional -when associated with this operator) indicate that the listed -capabilities for the corresponding set are to be raised. For example: -"all=p" means lower every capability in the Effective and Inheritable -sets but raise all of the Permitted capabilities; -or, "cap_fowner=ep" means raise the Effective and Permitted -override-file-ownership capability, while lowering this Inheritable -capability. -.PP -In the case that the leading operator is -.RB ` = ', -and no list of capabilities is provided, the action-list is assumed to -refer to `all' capabilities. For example, the following three -clauses are equivalent to each other (and indicate a completely empty -capability set): "all="; "="; "cap_chown,<every-other-capability>=". -.PP -The operators, `+' and `-' both require an explicit preceding -capability list and one or more explicit trailing flags. The `+' -operator will raise all of the listed capabilities in the flagged -capability sets. The `-' operator will lower all of the listed -capabilities in the flagged capability sets. For example: -"all+p" will raise all of the Permitted capabilities; "cap_fowner+p-i" -will raise the override-file-ownership capability in the Permitted -capability set and lower this Inheritable capability; -"cap_fowner+pe-i" and "cap_fowner=+pe" are equivalent. -.SH "RETURN VALUE" -.B cap_from_text -and -.B cap_to_text -return a non-NULL value on success, and NULL on failure. -.PP -On failure, -.BR errno (3) -is set to -.BR EINVAL , -or -.BR ENOMEM . -.SH "CONFORMING TO" -.B cap_from_text -and -.B cap_to_text -are specified by POSIX.1e. -.B _cap_names -is a Linux extension. -.SH "SEE ALSO" -.IR cap_clear (3), -.IR cap_copy_ext (3), -.IR cap_get_file (3), -.IR cap_get_proc (3), -.IR cap_init (3) -@ - - -1.2 -log -@fixed title name and also made consistent with text handling -@ -text -@d2 1 -a2 1 -.\" $Id: cap_from_text.3,v 1.1 1997/04/28 00:54:52 morgan Exp morgan $ -d5 1 -a5 1 -.TH CAP_FROM_TEXT 3 "26th April 1997" "" "Linux Programmer's Manual" -d7 1 -a7 1 -cap_from_text, cap_to_text, _cap_names \- textual representation of capability sets -d11 1 -a11 1 -.BI "cap_t cap_from_text(char const *" string ); -d20 4 -a23 3 -These functions provide the interface to a textual representation of -POSIX.1e capabilities, suitable for display to and specification by -users. -d26 17 -a42 5 -interprets -.I string -and generates the corresponding internal-format capability set. -The return value must eventually be disposed of by passing it to -.BR cap_free . -d45 20 -a64 6 -formats -.I caps -into a string in a fixed buffer, returning a pointer to the buffer, -and storing the length of the string in -.IR *length_p . -The buffer will be overwritten on the next call. -d73 1 -a73 1 -Each clause specifies some modification to a capability set; the set -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 -.\" $Id$ -d5 1 -a5 1 -.TH CAP_INIT 3 "26th April 1997" "" "Linux Programmer's Manual" -d20 3 -a22 2 -These functions provide a textual representation of POSIX.1e capabilities, -suitable for display to and specification by users. -d43 1 -a43 1 -A textual representation of capability sets consists of zero or more -d46 8 -a53 5 -Each clause specifies some modification to a capability set; the set starts -out empty, and the meaning of the string is the state of the capability set -after all the clauses have been applied in order. -.PP -Each clause consists of an optional list of comma-separated capability names, -d55 9 -a63 3 -.IR operation , -followed by a possibly empty sequence of -.IR flags . -d65 2 -a66 1 -In the capability name lists, all names are case-insensitive. The special name -d68 5 -a72 27 -specifies all capabilities; it is equivalent to a list naming every capability -individually. If the list is omitted, it defaults to -.RB ` all '. -Unnamed capabilities can be specified by number. -.PP -The sequence of flags specifies a set of capability sets. The flags -.RB ` e ', -.RB ` i ' -and -.RB ` p ', -which are case-sensitive, specify the Effective, Inheritable and Permitted -sets respectively. The empty sequence of flags specifies none of these sets. -.PP -The operation must be one of -.RB ` + ', -.RB ` - ' -or -.RB ` = '. -.PP -If the operation is -.RB ` + ', -then the listed capability flags are -.I set -in the listed capability sets. Also, as an exception, an -empty capability list is not permitted; if -.RB ` all ' -is desired it must be specified explicitly. -d74 11 -a84 5 -If the operation is -.RB ` - ', -then the listed capability flags are -.I cleared -in the listed capability sets. -d86 1 -a86 1 -If the operation is -d88 14 -a101 5 -then the listed capability flags are -.I set -in the listed capability sets and -.I cleared -in all others. -@ diff --git a/doc/RCS/cap_get_fd.3,v b/doc/RCS/cap_get_fd.3,v deleted file mode 100644 index 6ccba9e..0000000 --- a/doc/RCS/cap_get_fd.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_get_file.3 -@ diff --git a/doc/RCS/cap_get_flag.3,v b/doc/RCS/cap_get_flag.3,v deleted file mode 100644 index 1b2deda..0000000 --- a/doc/RCS/cap_get_flag.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_clear.3 -@ diff --git a/doc/RCS/cap_get_proc.3,v b/doc/RCS/cap_get_proc.3,v deleted file mode 100644 index 313ea0b..0000000 --- a/doc/RCS/cap_get_proc.3,v +++ /dev/null @@ -1,236 +0,0 @@ -head 1.4; -access; -symbols; -locks; strict; -comment @# @; - - -1.4 -date 98.05.24.22.49.32; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 98.05.24.21.01.49; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.05.24.19.45.28; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.4 -log -@corrected the list of processes with CAP_SETPCAP enabled -@ -text -@.\" -.\" $Id: cap_get_proc.3,v 1.3 1998/05/24 21:01:49 morgan Exp morgan $ -.\" -.TH CAP_GET_PROC 3 "26th May 1997" "" "Linux Programmer's Manual" -.SH NAME -cap_get_proc, cap_set_proc \- POSIX capability manipulation on -processes -.sp -capgetp, capsetp \- Linux specific capability manipulation on -arbitrary processes -.SH SYNOPSIS -.B #include <sys/capability.h> -.sp -.B cap_t cap_get_proc(void); -.br -.BI "int cap_set_proc(cap_t " cap_p ); -.sp -.B #undef _POSIX_SOURCE -.br -.B #include <sys/capability.h> -.sp -.BI "cap_t capgetp(pid_t " pid ", cap_t " cap_d ); -.br -.BI "cap_t capsetp(pid_t " pid ", cap_t " cap_d ); - -.SH USAGE -.br -.B cc ... -lcap -.SH DESCRIPTION -.B cap_get_proc -allocates a capability state in working storage, sets its state to -that of the calling process, and returns a pointer to this newly -created capability state. The caller should free any releasable -memory, when the capability state in working storage is no longer -required, by calling -.B cap_free -with the -.I cap_t -as an argument. -.PP -.B cap_set_proc -sets the values for all capability flags for all capabilities with the -capability state identified by -.IR cap_p . -The new capability state of the process will be completely determined by -the contents of -.I cap_p -upon successful return from this function. If any flag in -.I cap_p -is set for any capability not currently permitted for the calling process, -the function will fail, and the capability state of the process will remain -unchanged. -.PP -.B capgetp -fills an existing -.BR cap_d , -see -.BR cap_init (3), -with the process capabilities of the process indicated by -.IR pid . -This information can also be obtained from the -.B /proc/<pid>/status -file. -.PP -.B capsetp -attempts to set the capabilities of some other process(es), -.IR pid . -If -.I pid -is positive it refers to a specific process; if it is zero, it refers -to the current process; -1 refers to all processes other than the -current process and process '1' (typically -.BR init (8)); -other negative values refer to the -.I -pid -process-group. In order to use this function, the current process -must have -.B CAP_SETPCAP -raised in its Effective capability set. The capabilities set in the -target process(es) are those contained in -.IR cap_d . - -.SH "RETURN VALUE" -.B cap_get_proc -returns a non-NULL value on success, and NULL on failure. -.PP -.BR cap_set_proc ", " capgetp " and " capsetp -return zero for success, and \-1 on failure. -.PP -On failure, -.BR errno (3) -is set to -.BR EINVAL , -.BR EPERM, -or -.BR ENOMEM . -.SH "CONFORMING TO" -.B cap_set_proc -and -.B cap_get_proc -are functions specified in the draft for POSIX.1e. - -.SH "NOTES" -The function -.B capsetp -should be used with care. It exists, primarily, to overcome a lack of -support for capabilities in any of the filesystems supported by Linux. -The semantics of this function may change as it is better understood. -Please note, by default, the only processes that have -.B CAP_SETPCAP -available to them are processes started as a kernel-thread. -(Typically this includes -.BR init (8), -kflushd and kswapd). You will need to recompile the kernel to modify -this default. - -.SH "SEE ALSO" -.IR cap_clear (3), -.IR cap_copy_ext (3), -.IR cap_from_text (3), -.IR cap_get_file (3), -.IR cap_init (3) -@ - - -1.3 -log -@added capsetp and capgetp descriptions -@ -text -@d2 1 -a2 1 -.\" $Id: cap_get_proc.3,v 1.2 1997/05/24 19:45:28 morgan Exp morgan $ -d109 1 -a109 1 -Please note, by default, the only process that has -d111 5 -a115 3 -available to it, is process 1 (typically -.BR init (8)). -You will need to recompile the kernel to modify this default. -@ - - -1.2 -log -@corrections from Aleph1 -@ -text -@d2 1 -a2 1 -.\" $Id: cap_get_proc.3,v 1.1 1997/04/28 00:54:52 morgan Exp morgan $ -d6 5 -a10 1 -cap_get_proc, cap_set_proc \- capability manipulation on processes -d15 2 -d18 8 -a25 1 -.BI "int cap_set_proc(cap_t " cap_p ); -d53 30 -d87 2 -a88 2 -.B cap_set_proc -returns zero on success, and \-1 on failure. -d98 17 -a114 1 -These functions are specified by POSIX.1e. -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 -.\" $Id$ -d4 1 -a4 1 -.TH CAP_GET_PROC 3 "26th April 1997" "" "Linux Programmer's Manual" -d6 1 -a6 1 -cap_get_proc, cap_set_proc \- get/set capabilities of the process -d12 4 -a15 1 -.BI "int cap_set_proc(cap_t " caps ); -d18 9 -a26 3 -returns the capability sets of the process. -The returned value must later be disposed of by passing it to -.BR cap_free . -d29 11 -a39 2 -sets the capabilities of the process to -.IR caps . -d46 8 -@ diff --git a/doc/RCS/cap_init.3,v b/doc/RCS/cap_init.3,v deleted file mode 100644 index df24e00..0000000 --- a/doc/RCS/cap_init.3,v +++ /dev/null @@ -1,157 +0,0 @@ -head 1.2; -access; -symbols; -locks; strict; -comment @# @; - - -1.2 -date 97.05.24.19.45.28; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.2 -log -@corrections from Aleph1 -@ -text -@.\" -.\" $Id: cap_init.3,v 1.1 1997/04/28 00:54:52 morgan Exp morgan $ -.\" written by Andrew Main <zefram@@dcs.warwick.ac.uk> -.\" -.TH CAP_INIT 3 "26th May 1997" "" "Linux Programmer's Manual" -.SH NAME -cap_init, cap_free, cap_dup \- capability data object storage management -.SH SYNOPSIS -.B #include <sys/capability.h> -.sp -.B cap_t cap_init(void); -.sp -.BI "int cap_free(void *" obj_d ); -.sp -.BI "cap_t cap_dup(cap_t " cap_p ); -.SH USAGE -.br -.B cc ... -lcap -.SH DESCRIPTION -The capabilities associated with a file or process are never edited -directly. Instead, working storage is allocated to contain a -representation of the capability state. Capabilities are edited and -manipulated only within this working storage area. Once editing of -the capability state is complete, the updated capability state is used -to replace the capability state associated with the file or process. -.PP -.B cap_init -creates a capability state in working storage and return a pointer to -the capability state. The initial value of all flags are cleared. The -caller should free any releasable memory, when the capability state in -working storage is no longer required, by calling -.B cap_free -with the -.I cap_t -as an argument. -.PP -.B cap_free -liberates any releasable memory that has been allocated to the -capability state identified by -.IR obj_d . -The -.I obj_d -argument may identify either a -.I cap_t -entity, or a -.I char * -entity allocated by the -.B cap_to_text -function. -.PP -.B cap_dup -returns a duplicate capability state in working storage given by the -source object -.IR cap_p , -allocating any memory necessary, and returning a -pointer to the newly created capability state. Once duplicated, no -operation on either capability state affects the other in any way. -.SH "RETURN VALUE" -.B cap_init -and -.B cap_dup -return a non-NULL value on success, and NULL on failure. -.PP -.B cap_free -returns zero on success, and \-1 on failure. -.PP -On failure, -.BR errno (3) -is set to -.BR EINVAL , -or -.BR ENOMEM . -.SH "CONFORMING TO" -These functions are specified by POSIX.1e. -.SH "SEE ALSO" -.IR cap_clear (3), -.IR cap_copy_ext (3), -.IR cap_from_text (3), -.IR cap_get_file (3), -.IR cap_get_proc (3) -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 -.\" $Id$ -d5 1 -a5 1 -.TH CAP_INIT 3 "26th April 1997" "" "Linux Programmer's Manual" -d7 1 -a7 1 -cap_init, cap_free, cap_dup \- manipulate capability sets -d13 1 -a13 1 -.BI "int cap_free(cap_t *" caps_p ); -d15 1 -a15 1 -.BI "cap_t cap_dup(cap_t " caps ); -d20 6 -a25 6 -POSIX.1e capability sets are manipulated abstractly via these interfaces. A -.B cap_t -is a pointer to allocated memory, containing data maintained by the -capability library, that should not be modified directly. -The object represents a group of three sets of capability bits; the three -sets are the Effective, Inheritable and Permitted sets. -d28 8 -a35 5 -returns a newly-allocated empty capability set. It is the caller's -responsibility to eventually dispose of the capability set with -.BR cap_free , -as it is with all the other functions that return a -.BR cap_t . -d38 12 -a49 5 -frees the resources associated with the capability set -.IR *caps_p , -and sets -.I *caps_p -to NULL. -d52 6 -a57 1 -returns a newly-allocated duplicate of the provided capability set. -@ diff --git a/doc/RCS/cap_set_fd.3,v b/doc/RCS/cap_set_fd.3,v deleted file mode 100644 index 6ccba9e..0000000 --- a/doc/RCS/cap_set_fd.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_get_file.3 -@ diff --git a/doc/RCS/cap_set_file.3,v b/doc/RCS/cap_set_file.3,v deleted file mode 100644 index 6ccba9e..0000000 --- a/doc/RCS/cap_set_file.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_get_file.3 -@ diff --git a/doc/RCS/cap_set_flag.3,v b/doc/RCS/cap_set_flag.3,v deleted file mode 100644 index 1b2deda..0000000 --- a/doc/RCS/cap_set_flag.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_clear.3 -@ diff --git a/doc/RCS/cap_set_proc.3,v b/doc/RCS/cap_set_proc.3,v deleted file mode 100644 index 1dd099e..0000000 --- a/doc/RCS/cap_set_proc.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_get_proc.3 -@ diff --git a/doc/RCS/cap_size.3,v b/doc/RCS/cap_size.3,v deleted file mode 100644 index 508f859..0000000 --- a/doc/RCS/cap_size.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_copy_ext.3 -@ diff --git a/doc/RCS/cap_to_text.3,v b/doc/RCS/cap_to_text.3,v deleted file mode 100644 index 2ae4e62..0000000 --- a/doc/RCS/cap_to_text.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_from_text.3 -@ diff --git a/doc/RCS/capget.2,v b/doc/RCS/capget.2,v deleted file mode 100644 index 6a07639..0000000 --- a/doc/RCS/capget.2,v +++ /dev/null @@ -1,66 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 98.05.24.21.05.20; author morgan; state Exp; -branches; -next ; - - -desc -@man page for the kernel API -@ - - -1.1 -log -@Initial revision -@ -text -@.\" -.\" $Id: _setproccap.2,v 1.1 1997/04/28 00:54:52 morgan Exp $ -.\" written by Andrew Morgan <morgan@@linux.kernel.org> -.\" -.TH CAPGET 2 "17th May 1998" "Linux 2.1" "Linux Programmer's Manual" -.SH NAME -capget, capset \- set/get process capabilities -.SH SYNOPSIS -.B #undef _POSIX_SOURCE -.br -.B #include <sys/capability.h> -.sp -.BI "int capget(cap_user_header_t " header ", cap_user_data_t " data ); -.sp -.BI "int capset(cap_user_header_t " header ", const cap_user_data_t " data ); -.SH DESCRIPTION -These two functions are the raw kernel interface for getting and -setting capabilities. The kernel API is likely to change and use of -these functions (in particular the format of the -.B cap_user_*_t -types) is subject to change with each kernel revision. -.sp -These system calls are specific to Linux. -The portable interfaces are -.IR cap_set_proc (3) -and -.IR cap_get_proc (3). -.SH "RETURN VALUE" -On success, zero is returned. On error, -1 is returned, and -.I errno -is set appropriately. -.SH ERRORS -.TP -.SB EINVAL -One of the arguments was invalid. -.TP -.SB EPERM -An attempt was made to add a capability to the Permitted set, or to set -a capability in the Effective or Inheritable sets that is not in the -Permitted set. - - -@ diff --git a/doc/RCS/capgetp.3,v b/doc/RCS/capgetp.3,v deleted file mode 100644 index 4117f3a..0000000 --- a/doc/RCS/capgetp.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 98.05.24.21.05.20; author morgan; state Exp; -branches; -next ; - - -desc -@links for other functions -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_get_proc.3 -@ diff --git a/doc/RCS/capset.2,v b/doc/RCS/capset.2,v deleted file mode 100644 index a961191..0000000 --- a/doc/RCS/capset.2,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 98.05.24.21.05.20; author morgan; state Exp; -branches; -next ; - - -desc -@links for other functions -@ - - -1.1 -log -@Initial revision -@ -text -@.so man2/capget.2 -@ diff --git a/doc/RCS/capsetp.3,v b/doc/RCS/capsetp.3,v deleted file mode 100644 index 4117f3a..0000000 --- a/doc/RCS/capsetp.3,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 98.05.24.21.05.20; author morgan; state Exp; -branches; -next ; - - -desc -@links for other functions -@ - - -1.1 -log -@Initial revision -@ -text -@.so man3/cap_get_proc.3 -@ diff --git a/doc/cap_clear.3 b/doc/cap_clear.3 index 859053e..c3560ff 100644 --- a/doc/cap_clear.3 +++ b/doc/cap_clear.3 @@ -1,5 +1,5 @@ .\" -.\" $Id: cap_clear.3,v 1.2 1997/05/24 19:45:28 morgan Exp $ +.\" $Id: cap_clear.3,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ .\" .TH CAP_CLEAR 3 "26th May 1997" "" "Linux Programmer's Manual" .SH NAME diff --git a/doc/cap_copy_ext.3 b/doc/cap_copy_ext.3 index 3483b54..1be1b2c 100644 --- a/doc/cap_copy_ext.3 +++ b/doc/cap_copy_ext.3 @@ -1,5 +1,5 @@ .\" -.\" $Id: cap_copy_ext.3,v 1.3 1997/05/24 19:45:28 morgan Exp $ +.\" $Id: cap_copy_ext.3,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ .\" .TH CAP_COPY_EXT 3 "26th May 1997" "" "Linux Programmer's Manual" .SH NAME diff --git a/doc/cap_from_text.3 b/doc/cap_from_text.3 index 26bd585..2780a82 100644 --- a/doc/cap_from_text.3 +++ b/doc/cap_from_text.3 @@ -1,5 +1,5 @@ .\" -.\" $Id: cap_from_text.3,v 1.3 1997/05/24 19:45:28 morgan Exp $ +.\" $Id: cap_from_text.3,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ .\" written by Andrew Main <zefram@dcs.warwick.ac.uk> .\" .TH CAP_FROM_TEXT 3 "26th May 1997" "" "Linux Programmer's Manual" diff --git a/doc/cap_get_proc.3 b/doc/cap_get_proc.3 index 3913cb2..da27d29 100644 --- a/doc/cap_get_proc.3 +++ b/doc/cap_get_proc.3 @@ -1,5 +1,5 @@ .\" -.\" $Id: cap_get_proc.3,v 1.4 1998/05/24 22:49:32 morgan Exp $ +.\" $Id: cap_get_proc.3,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ .\" .TH CAP_GET_PROC 3 "26th May 1997" "" "Linux Programmer's Manual" .SH NAME diff --git a/doc/cap_init.3 b/doc/cap_init.3 index 0548cf6..f7a6649 100644 --- a/doc/cap_init.3 +++ b/doc/cap_init.3 @@ -1,5 +1,5 @@ .\" -.\" $Id: cap_init.3,v 1.2 1997/05/24 19:45:28 morgan Exp $ +.\" $Id: cap_init.3,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ .\" written by Andrew Main <zefram@dcs.warwick.ac.uk> .\" .TH CAP_INIT 3 "26th May 1997" "" "Linux Programmer's Manual" diff --git a/doc/capget.2 b/doc/capget.2 index 9bcda65..af428f5 100644 --- a/doc/capget.2 +++ b/doc/capget.2 @@ -1,5 +1,5 @@ .\" -.\" $Id: capget.2,v 1.1 1998/05/24 21:05:20 morgan Exp $ +.\" $Id: capget.2,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ .\" written by Andrew Morgan <morgan@linux.kernel.org> .\" .TH CAPGET 2 "17th May 1998" "Linux 2.1" "Linux Programmer's Manual" diff --git a/doc/old/RCS/README,v b/doc/old/RCS/README,v deleted file mode 100644 index 8e261fc..0000000 --- a/doc/old/RCS/README,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 98.05.24.22.50.55; author morgan; state Exp; -branches; -next ; - - -desc -@description of this directory -@ - - -1.1 -log -@Initial revision -@ -text -@these files are not relevant to this release -@ diff --git a/doc/old/RCS/_fgetfilecap.2,v b/doc/old/RCS/_fgetfilecap.2,v deleted file mode 100644 index d5d976f..0000000 --- a/doc/old/RCS/_fgetfilecap.2,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man2/_setfilecap.2 -@ diff --git a/doc/old/RCS/_fsetfilecap.2,v b/doc/old/RCS/_fsetfilecap.2,v deleted file mode 100644 index d5d976f..0000000 --- a/doc/old/RCS/_fsetfilecap.2,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man2/_setfilecap.2 -@ diff --git a/doc/old/RCS/_getfilecap.2,v b/doc/old/RCS/_getfilecap.2,v deleted file mode 100644 index d5d976f..0000000 --- a/doc/old/RCS/_getfilecap.2,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man2/_setfilecap.2 -@ diff --git a/doc/old/RCS/_getproccap.2,v b/doc/old/RCS/_getproccap.2,v deleted file mode 100644 index 7b92324..0000000 --- a/doc/old/RCS/_getproccap.2,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.so man2/_setproccap.2 -@ diff --git a/doc/old/RCS/_setfilecap.2,v b/doc/old/RCS/_setfilecap.2,v deleted file mode 100644 index 61c8351..0000000 --- a/doc/old/RCS/_setfilecap.2,v +++ /dev/null @@ -1,141 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.\" -.\" $Id$ -.\" written by Andrew Main <zefram@@dcs.warwick.ac.uk> -.\" -.TH _SETFILECAP 2 "26th April 1997" "Linux 2.1" "Linux Programmer's Manual" -.SH NAME -_setfilecap, _getfilecap, _fsetfilecap, _fgetfilecap \- set/get file capabilities -.SH SYNOPSIS -.B #include <sys/capability.h> -.sp -.BI "int _setfilecap(char const *" filename ", size_t " usize ", __cap_s const *" iset ", __cap_s const *" pset ", __cap_s const *" eset ); -.sp -.BI "int _getproccap(char const *" filename ", size_t " usize ", __cap_s *" iset ", __cap_s *" pset ", __cap_s *" eset ); -.sp -.BI "int _fsetfilecap(int " fd ", size_t " usize ", __cap_s const *" iset ", __cap_s const *" pset ", __cap_s const *" eset ); -.sp -.BI "int _fgetproccap(int " fd ", size_t " usize ", __cap_s *" iset ", __cap_s *" pset ", __cap_s *" eset ); -.SH USAGE -.br -.B cc ... -lcap -.SH DESCRIPTION -.B _setfilecap -sets the specified -.IR filename 's -Inheritable, Permitted and Effective capabilities to the sets specified. -A NULL pointer specifies that a set should not be changed. -.PP -.B _fsetfilecap -does the same thing to the file referenced by file descriptor -.IR fd . -.PP -.B _getfilecap -and -.B _fgetfilecap -copy the file's capability sets into the sets provided. -A NULL pointer specifies that a set should not be returned. -.PP -The -.I usize -argument specifies the size of the user-space capability sets, in bytes. -If the kernel uses a different size internally, it will truncate or -zero-fill as required. -.PP -Files don't actually have a proper Effective capability set. Instead they -have a single-bit flag, that indicates that the set is either full or -empty. When setting a file's capabilities, that flag will be set if -and only if the Effective set specified has at least one bit set. -.SH "RETURN VALUE" -On success, zero is returned. On error, -1 is returned, and -.I errno -is set appropriately. -.SH ERRORS -.TP -.SB EFAULT -One of the capability arguments or the filename was an invalid data pointer. -.TP -.SB EPERM -An attempt was made to set non-empty capabilities on a file, -and the caller does not have the -.SB CAP_FSETCAP -capability raised. -.TP -.SB EPERM -An attempt was made to set capabilities on a file, and -the effective UID does not match the owner of the file, and the caller -does not have the -.SB CAP_FOWNER -capability raised. -.TP -.SB EINVAL -An attempt was made to set non-empty capabilities on a file -residing on a file system that does not support them. -.TP -.SB EROFS -An attempt was made to set capabilities on a file residing -on a read-only file system. -.TP -.SB ENAMETOOLONG -.I filename -is too long. -.TP -.SB ENOENT -The file specified does not exist. -.TP -.SB ENOMEM -Insufficient kernel memory was available. -.TP -.SB ENOTDIR -A component of the path prefix is not a directory. -.TP -.SB EACCES -Search permission is denied on a component of the path prefix. -.TP -.SB ELOOP -.I filename -containes a circular reference (via symlinks). -.TP -.SB EBADF -.I fd -is not a valid file descriptor. -.TP -.SB EIO -A hard error occurred while reading or writing the file system. -.TP -.SB ENOSYS -The POSIX.1e capability system was not configured into the kernel. -.SH "CONFORMING TO" -These system calls are specific to Linux. -The portable interfaces are -.IR cap_set_file (3), -.IR cap_get_file (3), -.IR cap_set_fd (3), -and -.IR cap_get_fd (3). -.SH "SEE ALSO" -.IR _setproccap (2). - -@ diff --git a/doc/old/RCS/_setproccap.2,v b/doc/old/RCS/_setproccap.2,v deleted file mode 100644 index 8c3084b..0000000 --- a/doc/old/RCS/_setproccap.2,v +++ /dev/null @@ -1,76 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.\" -.\" $Id$ -.\" written by Andrew Main <zefram@@dcs.warwick.ac.uk> -.\" -.TH _SETPROCCAP 2 "26th April 1997" "Linux 2.1" "Linux Programmer's Manual" -.SH NAME -_setproccap, _getproccap \- set/get process capabilities -.SH SYNOPSIS -.B #include <sys/capability.h> -.sp -.BI "int _setproccap(size_t " usize ", __cap_s const *" iset ", __cap_s const *" pset ", __cap_s const *" eset ); -.sp -.BI "int _getproccap(size_t " usize ", __cap_s *" iset ", __cap_s *" pset ", __cap_s *" eset ); -.SH DESCRIPTION -.B _setproccap -sets the calling process' -Inheritable, Permitted and Effective capabilities to the sets specified. -A NULL pointer specifies that a set should not be changed. -.PP -.B _getproccap -copies the process' capability sets into the sets provided. -A NULL pointer specifies that a set should not be returned. -.PP -The -.I usize -argument specifies the size of the user-space capability sets, in bytes. -If the kernel uses a different size internally, it will truncate or -zero-fill as required. -.SH "RETURN VALUE" -On success, zero is returned. On error, -1 is returned, and -.I errno -is set appropriately. -.SH ERRORS -.TP -.SB EFAULT -One of the capability arguments was an invalid data pointer. -.TP -.SB EPERM -An attempt was made to add a capability to the Permitted set, or to set -a capability in the Effective or Inheritable sets that is not in the -Permitted set. -.TP -.SB ENOSYS -The POSIX.1e capability system was not configured into the kernel. -.SH "CONFORMING TO" -These system calls are specific to Linux. -The portable interfaces are -.IR cap_set_proc (3) -and -.IR cap_get_proc (3). -.SH "SEE ALSO" -.IR _setfilecap (2). -@ diff --git a/doc/old/RCS/cap_get_file.3,v b/doc/old/RCS/cap_get_file.3,v deleted file mode 100644 index 6a57b4d..0000000 --- a/doc/old/RCS/cap_get_file.3,v +++ /dev/null @@ -1,202 +0,0 @@ -head 1.4; -access; -symbols; -locks; strict; -comment @# @; - - -1.4 -date 98.05.17.17.40.28; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 98.05.17.17.39.20; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.05.24.19.45.28; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.4 -log -@changed date of file -@ -text -@.\" -.\" $Id: cap_get_file.3,v 1.3 1998/05/17 17:39:20 morgan Exp morgan $ -.\" written by Andrew Main <zefram@@dcs.warwick.ac.uk> -.\" -.TH CAP_GET_FILE 3 "17th May 1998" "" "Linux Programmer's Manual" -.SH NAME -cap_get_file, cap_set_file, cap_get_fd, cap_set_fd \- capability manipulation on files -.sp -.B " PLEASE NOTE NONE OF THESE FUNCTIONS ARE IMPLEMENTED IN 0.102. NEITHER IS THERE SUPPORT FOR THEM IN LINUX 2.1.102." -.SH SYNOPSIS -.B -.sp -.B #include <sys/capability.h> -.sp -.BI "cap_t cap_get_file(const char *" path_p ); -.sp -.BI "int cap_set_file(const char *" path_p ", cap_t " cap_p ); -.sp -.BI "cap_t cap_get_fd(int " fd ); -.sp -.BI "int cap_set_fd(int " fd ", cap_t " caps ); -.SH USAGE -.br -.B cc ... -lcap -.SH DESCRIPTION -.B cap_get_file -and -.B cap_get_fd -allocate a capability state in working storage and set it to represent the -capability state of the pathname pointed to by -.I path_p -or the file open on descriptor -.IR fd . -These functions return a pointer to the newly created capability -state. The effects of reading the capability state from any file -other than a regular file is undefined. The caller should free any -releasable memory, when the capability state in working storage is no -longer required, by calling -.B cap_free -with the used -.I cap_t -as an argument. -.PP -.B cap_set_file -and -.B cap_set_fd -set the values for all capability flags for all capabilities for the pathname -pointed to by -.I path_p -or the file open on descriptor -.IR fd , -with the capability state identified by -.IR cap_p . -The new capability state of the file shall be completely determined by the -contents of -.IR cap_p . -For these functions to succeed, the calling process must have the -.B CAP_SETFCAP -capability enabled and either the effective user ID of the process must match -the file owner or the calling process must have the effective flag of the -.B CAP_FOWNER -capability set. The effects of writing the capability state to any file -type other than a regular file are undefined. -.SH "RETURN VALUE" -.B cap_get_file -and -.B cap_get_fd -return a non-NULL value on success, and NULL on failure. -.PP -.B cap_set_file -and -.B cap_set_fd -return zero on success, and \-1 on failure. -.PP -On failure, -.BR errno (3) -is set to -.BR EACCES , -.BR EBADFD , -.BR ENAMETOOLONG , -.BR ENOENT , -.BR ENOMEM , -.BR ENOTDIR , -.BR EPERM , -or -.BR EROFS . -.SH "CONFORMING TO" -These functions are specified by POSIX.1e. -.SH "SEE ALSO" -.IR cap_clear (3), -.IR cap_copy_ext (3), -.IR cap_from_text (3), -.IR cap_get_proc (3), -.IR cap_init (3) -@ - - -1.3 -log -@added comment about the fact that none of these functions are -currently implemented -@ -text -@d2 1 -a2 1 -.\" $Id: cap_get_file.3,v 1.2 1997/05/24 19:45:28 morgan Exp morgan $ -d5 1 -a5 1 -.TH CAP_GET_FILE 3 "26th May 1997" "" "Linux Programmer's Manual" -@ - - -1.2 -log -@corrections from Aleph1 -@ -text -@d2 1 -a2 1 -.\" $Id: cap_get_file.3,v 1.1 1997/04/28 00:54:52 morgan Exp morgan $ -d8 2 -d11 2 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 -.\" $Id$ -d5 1 -a5 1 -.TH CAP_GET_FILE 3 "26th April 1997" "" "Linux Programmer's Manual" -d7 1 -a7 1 -cap_get_file, cap_set_file, cap_get_fd, cap_set_fd \- get/set capabilities of files -d11 1 -a11 1 -.BI "cap_t cap_get_file(char const *" filename ); -d13 1 -a13 1 -.BI "int cap_set_file(char const *" filename ", cap_t " caps ); -d25 4 -a28 3 -return the capability sets of the file specified by -.I filename -or -d30 9 -a38 2 -The returned value must later be disposed of by passing it to -.BR cap_free . -d43 17 -a59 6 -set the capabilities of the file specified by -.I filename -or -.I fd -to -.IR caps . -d70 13 -@ diff --git a/doc/old/RCS/getcap.8,v b/doc/old/RCS/getcap.8,v deleted file mode 100644 index 817d0a4..0000000 --- a/doc/old/RCS/getcap.8,v +++ /dev/null @@ -1,42 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.\" -.\" $Id$ -.\" written by Andrew Main <zefram@@dcs.warwick.ac.uk> -.\" -.TH GETCAP 8 "26th April 1997" -.SH NAME -getcap \- examine file capabilities -.SH SYNOPSIS -\fBgetcap\fP \fIfilename\fP [ ... ] -.SH DESCRIPTION -.B getcap -displays the name and capabilities of each specified -.IR filename . -One file per line. -.SH "SEE ALSO" -.IR cap_get_file (3), -.IR cap_to_text (3), -.IR setcap (8) -@ diff --git a/doc/old/RCS/setcap.8,v b/doc/old/RCS/setcap.8,v deleted file mode 100644 index 380f126..0000000 --- a/doc/old/RCS/setcap.8,v +++ /dev/null @@ -1,51 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 97.04.28.00.54.52; author morgan; state Exp; -branches; -next ; - - -desc -@zefram's manual -@ - - -1.1 -log -@Initial revision -@ -text -@.\" -.\" $Id$ -.\" -.TH SETCAP 8 "26th April 1997" -.SH NAME -setcap \- set file capabilities -.SH SYNOPSIS -\fBsetcap\fP \fIcapabilities filename\fP [ ... \fIcapabilitiesN\fP \fIfileN\fP ] -.SH DESCRIPTION -.B setcap -sets the capabilities of each specified -.I filename -to the -.I capabilities -specified. The -.I capabilities -are specified in the form described in -.IR cap_from_text (3). -.PP -The special filename, '\-', -can be used to indicate that capabilities are read from the standard -input. In such cases, the capability set is terminated with a blank -line. -.SH "SEE ALSO" -.IR cap_from_text (3), -.IR cap_set_file (3), -.IR getcap (8) -@ diff --git a/doc/old/_setfilecap.2 b/doc/old/_setfilecap.2 index d4a9e6b..6a0538c 100644 --- a/doc/old/_setfilecap.2 +++ b/doc/old/_setfilecap.2 @@ -1,5 +1,5 @@ .\" -.\" $Id: _setfilecap.2,v 1.1 1997/04/28 00:54:52 morgan Exp $ +.\" $Id: _setfilecap.2,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ .\" written by Andrew Main <zefram@dcs.warwick.ac.uk> .\" .TH _SETFILECAP 2 "26th April 1997" "Linux 2.1" "Linux Programmer's Manual" diff --git a/doc/old/_setproccap.2 b/doc/old/_setproccap.2 index f48b521..d4579c8 100644 --- a/doc/old/_setproccap.2 +++ b/doc/old/_setproccap.2 @@ -1,5 +1,5 @@ .\" -.\" $Id: _setproccap.2,v 1.1 1997/04/28 00:54:52 morgan Exp $ +.\" $Id: _setproccap.2,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ .\" written by Andrew Main <zefram@dcs.warwick.ac.uk> .\" .TH _SETPROCCAP 2 "26th April 1997" "Linux 2.1" "Linux Programmer's Manual" diff --git a/doc/old/cap_get_file.3 b/doc/old/cap_get_file.3 index cb84c2b..e2eb626 100644 --- a/doc/old/cap_get_file.3 +++ b/doc/old/cap_get_file.3 @@ -1,5 +1,5 @@ .\" -.\" $Id: cap_get_file.3,v 1.4 1998/05/17 17:40:28 morgan Exp $ +.\" $Id: cap_get_file.3,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ .\" written by Andrew Main <zefram@dcs.warwick.ac.uk> .\" .TH CAP_GET_FILE 3 "17th May 1998" "" "Linux Programmer's Manual" diff --git a/doc/old/getcap.8 b/doc/old/getcap.8 index 65674ab..a0e2c41 100644 --- a/doc/old/getcap.8 +++ b/doc/old/getcap.8 @@ -1,5 +1,5 @@ .\" -.\" $Id: getcap.8,v 1.1 1997/04/28 00:54:52 morgan Exp $ +.\" $Id: getcap.8,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ .\" written by Andrew Main <zefram@dcs.warwick.ac.uk> .\" .TH GETCAP 8 "26th April 1997" diff --git a/doc/old/setcap.8 b/doc/old/setcap.8 index d8aaa90..1f727c1 100644 --- a/doc/old/setcap.8 +++ b/doc/old/setcap.8 @@ -1,5 +1,5 @@ .\" -.\" $Id: setcap.8,v 1.1 1997/04/28 00:54:52 morgan Exp $ +.\" $Id: setcap.8,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ .\" .TH SETCAP 8 "26th April 1997" .SH NAME diff --git a/libcap/Makefile b/libcap/Makefile index 19287da..4572673 100644 --- a/libcap/Makefile +++ b/libcap/Makefile @@ -1,5 +1,8 @@ ## ## $Log: Makefile,v $ +## Revision 1.1.1.1 1999/04/17 22:16:31 morgan +## release 1.0 of libcap +## ## Revision 1.5 1998/05/24 22:54:09 morgan ## updated for 2.1.104 ## diff --git a/libcap/RCS/Makefile,v b/libcap/RCS/Makefile,v deleted file mode 100644 index 098675e..0000000 --- a/libcap/RCS/Makefile,v +++ /dev/null @@ -1,256 +0,0 @@ -head 1.5; -access; -symbols; -locks; strict; -comment @# @; - - -1.5 -date 98.05.24.22.54.09; author morgan; state Exp; -branches; -next 1.4; - -1.4 -date 97.05.14.05.17.13; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 97.05.04.05.34.59; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.00.57.11; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.33.29; author morgan; state Exp; -branches; -next ; - - -desc -@first take -@ - - -1.5 -log -@updated for 2.1.104 -@ -text -@## -## $Log: Makefile,v $ -## Revision 1.4 1997/05/14 05:17:13 morgan -## autoconf rearrangement from Zefram -## -## Revision 1.3 1997/05/04 05:34:59 morgan -## cleaner -## -## Revision 1.2 1997/04/28 00:57:11 morgan -## fixes and zefram's patches -## -## Revision 1.1 1997/04/21 04:33:29 morgan -## Initial revision -## -## -## - -# -# defines -# -topdir=$(shell pwd)/.. -include ../Make.Rules -# -# Library version -# -LIBNAME=libcap.so -# - -FILES=cap_alloc cap_proc cap_extint cap_flag cap_text cap_sys - -# for later when there is filesystem support for cap's: -#FILES += cap_file - -INCLS=libcap.h cap_names.h $(INCS) -OBJS=$(addsuffix .o, $(FILES)) -MAJLIBNAME=$(LIBNAME).$(VERSION) -MINLIBNAME=$(MAJLIBNAME).$(MINOR) - -all: $(MINLIBNAME) - -_makenames: _makenames.c cap_names.sed - $(CC) $(CFLAGS) $(LDFLAGS) $< -o $@@ - -cap_names.h: _makenames - ./_makenames > cap_names.h - -cap_names.sed: Makefile /usr/include/linux/capability.h - @@echo "=> making cap_names.c from <linux/capability.h>" - @@sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define \([^ \t]*\)[ \t]*\([^ \t]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed -# @@sed -ne '/^#define[ \t]CAP[_A-Z]\+[ \t]\+[0-9]\+/{s/^#define CAP_\([^ \t]*\)[ \t]*\([^ \t]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | fgrep -v 0x > cap_names.sed - -$(MINLIBNAME): $(OBJS) - $(LD) -soname $(MAJLIBNAME) -x -shared -o $@@ $(OBJS) - ln -sf $(MINLIBNAME) $(MAJLIBNAME) - ln -sf $(MAJLIBNAME) $(LIBNAME) - -%.o: %.c $(INCLS) - $(CC) $(CFLAGS) -c $< -o $@@ - -install: all - mkdir -p -m 0755 $(INCDIR)/sys - install -m 0644 include/sys/capability.h $(INCDIR)/sys - mkdir -p -m 0755 $(LIBDIR) - install -m 0644 $(MINLIBNAME) $(LIBDIR)/$(MINLIBNAME) - ln -sf $(MINLIBNAME) $(LIBDIR)/$(MAJLIBNAME) - ln -sf $(MAJLIBNAME) $(LIBDIR)/$(LIBNAME) - -/sbin/ldconfig - -clean: - $(LOCALCLEAN) - rm -f $(OBJS) $(LIBNAME)* - rm -f cap_names.h cap_names.sed _makenames - cd include/sys && $(LOCALCLEAN) - -@ - - -1.4 -log -@autoconf rearrangement from Zefram -@ -text -@d3 3 -d29 4 -a32 2 -FILES=cap_alloc cap_file cap_proc cap_extint cap_flag cap_text cap_sys \ - cap_names -d34 1 -a34 1 -INCLS=libcap.h $(INCS) -d44 2 -a45 2 -cap_names.c: _makenames - ./_makenames > cap_names.c -d49 2 -a50 1 - @@sed -ne '/^#define CAP_/{s/^#define \([^ ]*\)[ ]*\([^ ]*\)/ \{ \2, \"\1\" \},/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h > cap_names.sed -d72 1 -a72 1 - rm -f cap_names.c cap_names.sed _makenames -@ - - -1.3 -log -@cleaner -@ -text -@d3 3 -d18 1 -a18 1 -topdir=.. -d29 1 -a29 1 -INCS=libcap.h include/sys/capability.h -d34 1 -a34 1 -all: $(LIBNAME) -d37 1 -a37 1 - $(CC) $(CFLAGS) $< -o $@@ -d46 1 -a46 1 -$(LIBNAME): $(OBJS) -d48 2 -d51 1 -a51 1 -%.o: %.c $(INCS) -d55 5 -a59 6 - mkdir -p $(INCDIR)/sys - install -g root -o root -m 0644 include/sys/capability.h $(INCDIR)/sys - mkdir -p $(LIBDIR) - install -g root -o root -m 0444 $(LIBNAME) $(LIBDIR)/$(MINLIBNAME) - rm -f $(LIBDIR)/$(LIBNAME) - /sbin/ldconfig -nN $(LIBDIR) -d61 1 -d65 2 -a66 1 - rm -f $(OBJS) $(LIBNAME) cap_names.c cap_names.sed _makenames -@ - - -1.2 -log -@fixes and zefram's patches -@ -text -@d3 3 -d33 9 -a41 12 -cap_names.c: _makenames /usr/include/linux/capability.h - @@echo -e "\n=> making cap_names.c from <linux/capability.h>\n" - @@( \ - echo '/** cap_names.c **'; \ - echo ' ** automatically generated -- DO NOT EDIT! **/'; \ - echo; \ - echo '#include "libcap.h"'; \ - echo; \ - echo 'char const *_cap_names[__CAP_BITS] = {'; \ - sed -ne '/^#define CAP_/{s/^#define \([^ ]*\)[ ]*\([^ ]*\)/ \2\/\1/;y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/;p;}' < /usr/include/linux/capability.h | ./_makenames; \ - echo '};'; \ - ) > $@@ -d55 2 -a56 2 - /sbin/ldconfig - cd $(LIBDIR) && ln -sf $(MAJLIBNAME) $(LIBNAME) -d60 1 -a60 1 - rm -f $(OBJS) $(LIBNAME) cap_names.c _makenames -@ - - -1.1 -log -@Initial revision -@ -text -@d3 3 -d10 1 -a10 1 -# flags -d12 2 -a13 5 -IPATH=-I./include -WARNINGS = -ansi -D_POSIX_SOURCE -Wall -Wwrite-strings \ - -Wpointer-arith -Wcast-qual -Wcast-align \ - -Wtraditional -Wstrict-prototypes -Wmissing-prototypes \ - -Wnested-externs -Winline -Wshadow -pedantic -a17 2 -VERSION=0 -MINOR=01 -d20 3 -a22 1 -FILES=cap_alloc cap_file cap_proc cap_extint cap_flag cap_text cap_sys -d28 1 -a28 1 -export CFLAGS =-Dlinux $(WARNINGS) $(DEBUG) $(COPTFLAG) $(IPATH) -d30 12 -a41 1 -all: $(LIBNAME) -d50 5 -a54 4 - mkdir -p $(FAKEROOT)/usr/include/sys - install -g root -o root -m 0644 include/sys/capability.h $(FAKEROOT)/usr/include/sys - mkdir -p $(FAKEROOT)/lib - install -g root -o root -m 0444 $(LIBNAME) $(FAKEROOT)/lib/$(MINLIBNAME) -d56 1 -d59 3 -a61 2 - rm -f *~ core $(OBJS) $(LIBNAME) - cd include/sys && rm -f *~ core -@ diff --git a/libcap/RCS/_makenames.c,v b/libcap/RCS/_makenames.c,v deleted file mode 100644 index 236d4be..0000000 --- a/libcap/RCS/_makenames.c,v +++ /dev/null @@ -1,218 +0,0 @@ -head 1.4; -access; -symbols; -locks; strict; -comment @ * @; - - -1.4 -date 98.06.07.15.50.12; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 98.05.24.22.54.09; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.05.04.05.35.46; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.28.00.57.11; author morgan; state Exp; -branches; -next ; - - -desc -@Ansi partner to zefram's one line sed command -@ - - -1.4 -log -@updated to accommodate kernel's real header file :*) -@ -text -@/* - * $Id: _makenames.c,v 1.3 1998/05/24 22:54:09 morgan Exp morgan $ - * - * Copyright (c) 1997-8 Andrew G. Morgan <morgan@@linux.kernel.org> - * - * This is a file to make the capability <-> string mappings for - * libcap. - */ - -#include <stdio.h> -#include <stdlib.h> -#include <linux/capability.h> - -/* - * #include 'sed' generated array - */ - -struct { - int index; - const char *name; -} const list[] = { -#include "cap_names.sed" - {-1, NULL} -}; - -/* this should be more than big enough (factor of three at least) */ -const char *pointers[8*sizeof(struct __user_cap_data_struct)]; - -int main(void) -{ - int i, maxcaps=0; - - for ( i=0; list[i].index >= 0 && list[i].name; ++i ) { - if (maxcaps < list[i].index) { - maxcaps = list[i].index; - } - pointers[list[i].index] = list[i].name; - } - - printf("/*\n" - " * DO NOT EDIT: this file is generated automatically from\n" - " *\n" - " * <linux/capability.h>\n" - " */\n" - "#define __CAP_BITS %d\n" - "\n" - "#ifdef LIBCAP_PLEASE_INCLUDE_ARRAY\n" - " char const *_cap_names[__CAP_BITS] = {\n", maxcaps); - - for (i=0; i<maxcaps; ++i) { - if (pointers[i]) - printf(" /* %d */\t\"%s\",\n", i, pointers[i]); - else - printf(" /* %d */\tNULL,\t\t/* - presently unused */\n", i); - } - - printf(" };\n" - "#endif /* LIBCAP_PLEASE_INCLUDE_ARRAY */\n" - "\n" - "/* END OF FILE */\n"); - - exit(0); -} - -/* - * $Log: _makenames.c,v $ - * Revision 1.3 1998/05/24 22:54:09 morgan - * updated for 2.1.104 - * - * Revision 1.2 1997/05/04 05:35:46 morgan - * cleaned up to #include sed output. also generates whole cap_names.c file - * - * Revision 1.1 1997/04/28 00:57:11 morgan - * Initial revision - * - */ -@ - - -1.3 -log -@updated for 2.1.104 -@ -text -@d2 1 -a2 1 - * $Id: _makenames.c,v 1.2 1997/05/04 05:35:46 morgan Exp morgan $ -d27 1 -a27 1 -const char *pointers[8*sizeof(struct _user_cap_data_struct)]; -d67 3 -@ - - -1.2 -log -@cleaned up to #include sed output. also generates whole cap_names.c file -@ -text -@d2 1 -a2 1 - * $Id: _makenames.c,v 1.1 1997/04/28 00:57:11 morgan Exp morgan $ -d4 1 -a4 1 - * Copyright (c) 1997 Andrew G. Morgan <morgan@@parc.power.net> -d26 2 -a27 1 -const char *pointers[__CAP_BITS]; -d31 1 -a31 1 - int i; -d34 3 -d45 1 -d47 2 -a48 3 - "#include \"libcap.h\"\n" - "\n" - "char const *_cap_names[__CAP_BITS] = {\n"); -d50 1 -a50 1 - for (i=0; i<__CAP_BITS; ++i) { -d52 1 -a52 1 - printf(" /* %d */\t\"%s\",\n", i, pointers[i]); -d54 1 -a54 1 - printf(" /* %d */\tNULL,\t\t/* - presently unused */\n", i); -d57 2 -a58 1 - printf("};\n" -d67 3 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id$ -a10 2 -#define __USE_BSD -#include <string.h> -d15 1 -a15 2 - * Read the standard input for a list of index/string pairs - * store them in an array and then output an array setting file -d18 7 -a24 1 -#define MAXBUFF 100 -d26 1 -a26 1 -char *pointers[__CAP_BITS]; -d28 1 -a28 1 -void main(void) -a29 1 - char buffer[MAXBUFF]; -d32 3 -a34 5 - while (fgets(buffer, MAXBUFF, stdin)) { - char *tmp = buffer; - - tmp = strtok(tmp, "/"); - i = atoi(tmp); -d36 9 -a44 6 - tmp = strtok(NULL, "/"); - if (tmp[strlen(tmp)-1] == '\n') - tmp[strlen(tmp)-1] = '\0'; - - pointers[i] = strdup(tmp); - } -d52 6 -d61 4 -a64 1 - * $Log$ -@ diff --git a/libcap/RCS/cap_alloc.c,v b/libcap/RCS/cap_alloc.c,v deleted file mode 100644 index 4167830..0000000 --- a/libcap/RCS/cap_alloc.c,v +++ /dev/null @@ -1,168 +0,0 @@ -head 1.3; -access; -symbols; -locks; strict; -comment @ * @; - - -1.3 -date 98.05.24.22.54.09; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.00.57.11; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.32.52; author morgan; state Exp; -branches; -next ; - - -desc -@first take -@ - - -1.3 -log -@updated for 2.1.104 -@ -text -@/* - * $Id: cap_alloc.c,v 1.2 1997/04/28 00:57:11 morgan Exp morgan $ - * - * Copyright (c) 1997-8 Andrew G Morgan <morgan@@linux.kernel.org> - * - * See end of file for Log. - * - * This file deals with allocation and deallocation of internal - * capability sets as specified by POSIX.1e (formerlly, POSIX 6). - */ - -#include "libcap.h" - -/* - * This function duplicates an internal capability set (x3) with - * malloc()'d memory. It is the responsibility of the user to call - * cap_free() to liberate it. - */ - -cap_t cap_dup(cap_t cap_d) -{ - cap_t result; - - if (!good_cap_t(cap_d)) { - _cap_debug("bad argument"); - errno = EINVAL; - return NULL; - } - - result = (cap_t) malloc( sizeof(*cap_d) ); - if (result == NULL) { - _cap_debug("out of memory"); - errno = ENOMEM; - return NULL; - } - - memcpy(result, cap_d, sizeof(*cap_d)); - - return result; -} - - -/* - * Scrub and then liberate an internal capability set. - */ - -int cap_free(cap_t *cap_d_p) -{ - if ( cap_d_p && good_cap_t(*cap_d_p) ) { - memset(*cap_d_p, 0, sizeof(**cap_d_p)); - free(*cap_d_p); - *cap_d_p = NULL; - - return 0; - } else { - _cap_debug("no capability to liberate"); - errno = EINVAL; - return -1; - } -} - -/* - * Obtain a blank set of capabilities - */ - -cap_t cap_init(void) -{ - cap_t result = (cap_t) calloc( 1, sizeof(*result) ); - - if (result) { - result->magic = CAP_T_MAGIC; - result->head.version = _LINUX_CAPABILITY_VERSION; - } else { - errno = ENOMEM; - } - return result; -} - -/* - * $Log: cap_alloc.c,v $ - * Revision 1.2 1997/04/28 00:57:11 morgan - * fixes and zefram's patches - * - * Revision 1.1 1997/04/21 04:32:52 morgan - * Initial revision - * - */ -@ - - -1.2 -log -@fixes and zefram's patches -@ -text -@d2 1 -a2 1 - * $Id: cap_alloc.c,v 1.1 1997/04/21 04:32:52 morgan Exp morgan $ -d4 1 -a4 1 - * Copyright (c) 1997 Andrew G Morgan <morgan@@parc.power.net> -d68 1 -a68 1 - cap_t result = (cap_t) malloc( sizeof(*result) ); -d72 1 -a72 1 - memset(&result->set, 0, 3*sizeof(__cap_s)); -d81 3 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id$ -a14 9 - * Return the byte length of the capability set - */ - -ssize_t cap_size(cap_t cap_d) -{ - return sizeof(*cap_d); -} - -/* -d51 1 -d72 1 -d80 4 -a83 1 - * $Log$ -@ diff --git a/libcap/RCS/cap_extint.c,v b/libcap/RCS/cap_extint.c,v deleted file mode 100644 index 3f07499..0000000 --- a/libcap/RCS/cap_extint.c,v +++ /dev/null @@ -1,260 +0,0 @@ -head 1.3; -access; -symbols; -locks; strict; -comment @ * @; - - -1.3 -date 98.05.24.22.54.09; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.00.57.11; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.32.52; author morgan; state Exp; -branches; -next ; - - -desc -@first take -@ - - -1.3 -log -@updated for 2.1.104 -@ -text -@/* - * $Id: cap_extint.c,v 1.2 1997/04/28 00:57:11 morgan Exp morgan $ - * - * Copyright (c) 1997-8 Andrew G Morgan <morgan@@linux.kernel.org> - * - * See end of file for Log. - * - * This file deals with exchanging internal and external - * representations of capability sets. - */ - -#include "libcap.h" - -/* - * External representation for capabilities. (exported as a fixed - * length (void *)) - */ -#define CAP_EXT_MAGIC "\220\302\001\121" -#define CAP_EXT_MAGIC_SIZE 4 -const static __u8 external_magic[CAP_EXT_MAGIC_SIZE+1] = CAP_EXT_MAGIC; - -struct cap_ext_struct { - __u8 magic[CAP_EXT_MAGIC_SIZE]; - __u8 length_of_capset; -/* note, we arrange these so the caps are stacked with byte-size - resolution */ - __u8 bytes[CAP_SET_SIZE][NUMBER_OF_CAP_SETS]; -}; - -/* - * return size of external capability set - */ - -ssize_t cap_size(cap_t caps) -{ - return sizeof(struct cap_ext_struct); -} - -/* - * Copy the internal (cap_d) capability set into an external - * representation. The external representation is portable to other - * Linux architectures. - */ - -ssize_t cap_copy_ext(void *cap_ext, cap_t cap_d, ssize_t length) -{ - struct cap_ext_struct *result = (struct cap_ext_struct *) cap_ext; - __u32 *from = (__u32 *) &(cap_d->set); - int i; - - /* valid arguments? */ - if (!good_cap_t(cap_d) || length < sizeof(struct cap_ext_struct) - || cap_ext == NULL) { - errno = EINVAL; - return -1; - } - - /* fill external capability set */ - memcpy(&result->magic, external_magic, CAP_EXT_MAGIC_SIZE); - result->length_of_capset = CAP_SET_SIZE; - - for (i=0; i<NUMBER_OF_CAP_SETS; ++i) { - int j; - for (j=0; j<CAP_SET_SIZE; ) { - __u32 val = *from++; - - result->bytes[j++][i] = val & 0xFF; - result->bytes[j++][i] = (val >>= 8) & 0xFF; - result->bytes[j++][i] = (val >>= 8) & 0xFF; - result->bytes[j++][i] = (val >> 8) & 0xFF; - } - } - - /* All done: return length of external representation */ - return (sizeof(struct cap_ext_struct)); -} - -/* - * Import an external representation to produce an internal rep. - * the internal rep should be liberated with cap_free(). - */ - -/* - * XXX - need to take a little more care when importing small - * capability sets. - */ - -cap_t cap_copy_int(const void *cap_ext) -{ - const struct cap_ext_struct *export = - (const struct cap_ext_struct *) cap_ext; - cap_t cap_d; - int set, blen; - __u32 * to = (__u32 *) &cap_d->set; - - /* Does the external representation make sense? */ - if (export == NULL || !memcmp(export->magic, external_magic - , CAP_EXT_MAGIC_SIZE)) { - errno = EINVAL; - return NULL; - } - - /* Obtain a new internal capability set */ - if (!(cap_d = cap_init())) - return NULL; - - blen = export->length_of_capset; - for (set=0; set<=NUMBER_OF_CAP_SETS; ++set) { - int blk; - int bno = 0; - for (blk=0; blk<(CAP_SET_SIZE/4); ++blk) { - __u32 val = 0; - - if (bno != blen) - val = export->bytes[bno++][set]; - if (bno != blen) - val |= export->bytes[bno++][set] << 8; - if (bno != blen) - val |= export->bytes[bno++][set] << 16; - if (bno != blen) - val |= export->bytes[bno++][set] << 24; - - *to++ = val; - } - } - - /* all done */ - return cap_d; -} - -/* - * $Log: cap_extint.c,v $ - * Revision 1.2 1997/04/28 00:57:11 morgan - * fixes and zefram's patches - * - * Revision 1.1 1997/04/21 04:32:52 morgan - * Initial revision - * - */ -@ - - -1.2 -log -@fixes and zefram's patches -@ -text -@d2 1 -a2 1 - * $Id: cap_extint.c,v 1.1 1997/04/21 04:32:52 morgan Exp morgan $ -d4 1 -a4 1 - * Copyright (c) 1997 Andrew G Morgan <morgan@@parc.power.net> -d20 1 -a20 1 -static __u8 external_magic[CAP_EXT_MAGIC_SIZE+1] = CAP_EXT_MAGIC; -d25 3 -a27 1 - __u8 bytes[sizeof(struct __cap_s)][3]; -d48 1 -d59 2 -a60 2 - memcpy(&result->magic,external_magic,CAP_EXT_MAGIC_SIZE); - result->length_of_capset = sizeof(struct __cap_s); -d62 1 -a62 1 - for (i=CAP_EFFECTIVE; i<=CAP_PERMITTED; ++i) { -d64 7 -a70 9 - for (j=0; j<__CAP_BLKS; ++j) { - __u32 val; - int k = j << 2; - - val = cap_d->set[i]._blk[j]; - result->bytes[k++][i] = val & 0xFF; - result->bytes[k++][i] = (val >>= 8) & 0xFF; - result->bytes[k++][i] = (val >>= 8) & 0xFF; - result->bytes[k][i] = (val >> 8) & 0xFF; -d94 1 -d108 1 -a108 1 - for (set=CAP_EFFECTIVE; set<=CAP_PERMITTED; ++set) { -d111 1 -a111 1 - for (blk=0; blk<__CAP_BLKS; ++blk) { -d123 1 -a123 1 - cap_d->set[set]._blk[blk] = val; -d133 3 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id$ -d18 3 -d23 1 -d29 9 -d56 1 -d92 1 -d95 2 -a96 1 - if (export == NULL || export->length_of_capset > sizeof(struct __cap_s)) { -d102 20 -a121 13 - if ((cap_d = cap_init())) { - int i; - for (i=CAP_EFFECTIVE; i<=CAP_PERMITTED; ++i) { - int j; - for (j=0; j<__CAP_BLKS; ++j) { - __u32 val; - int k = (j+1) << 2; - - val = export->bytes[--k][i] << 8; - val |= export->bytes[--k][i]; val <<= 8; - val |= export->bytes[--k][i]; val <<= 8; - cap_d->set[i]._blk[j] = val | export->bytes[--k][i]; - } -d130 4 -a133 1 - * $Log$ -@ diff --git a/libcap/RCS/cap_file.c,v b/libcap/RCS/cap_file.c,v deleted file mode 100644 index 3a06923..0000000 --- a/libcap/RCS/cap_file.c,v +++ /dev/null @@ -1,278 +0,0 @@ -head 1.5; -access; -symbols; -locks; strict; -comment @ * @; - - -1.5 -date 98.05.24.22.54.09; author morgan; state Exp; -branches; -next 1.4; - -1.4 -date 97.05.14.05.17.13; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 97.05.04.05.35.46; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.00.57.11; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.32.52; author morgan; state Exp; -branches; -next ; - - -desc -@first take -@ - - -1.5 -log -@updated for 2.1.104 -@ -text -@/* - * $Id: cap_file.c,v 1.4 1997/05/14 05:17:13 morgan Exp morgan $ - * - * Copyright (c) 1997 Andrew G Morgan <morgan@@linux.kernel.org> - * - * See end of file for Log. - * - * This file deals with setting capabilities on files. - */ - -#include "libcap.h" - -/* - * Get the capabilities of an open file, as specified by its file - * descriptor. - */ - -cap_t cap_get_fd(int fildes) -{ - cap_t result; - - /* allocate a new capability set */ - result = cap_init(); - if (result) { - _cap_debug("getting fildes capabilities"); - - /* fill the capability sets via a system call */ - if (_fgetfilecap(fildes, sizeof(struct __cap_s), - &result->set[CAP_INHERITABLE], - &result->set[CAP_PERMITTED], - &result->set[CAP_EFFECTIVE] )) { - cap_free(&result); - } - } - - return result; -} - -/* - * Set the capabilities on a named file. - */ - -cap_t cap_get_file(const char *filename) -{ - cap_t result; - - /* allocate a new capability set */ - result = cap_init(); - if (result) { - _cap_debug("getting named file capabilities"); - - /* fill the capability sets via a system call */ - if (_getfilecap(filename, sizeof(struct __cap_s), - &result->set[CAP_INHERITABLE], - &result->set[CAP_PERMITTED], - &result->set[CAP_EFFECTIVE] )) - cap_free(&result); - } - - return result; -} - -/* - * Set the capabilities of an open file, as specified by its file - * descriptor. - */ - -int cap_set_fd(int fildes, cap_t cap_d) -{ - if (!good_cap_t(cap_d)) { - errno = EINVAL; - return -1; - } - - _cap_debug("setting fildes capabilities"); - return _fsetfilecap(fildes, sizeof(struct __cap_s), - &cap_d->set[CAP_INHERITABLE], - &cap_d->set[CAP_PERMITTED], - &cap_d->set[CAP_EFFECTIVE] ); -} - -/* - * Set the capabilities of a named file. - */ - -int cap_set_file(const char *filename, cap_t cap_d) -{ - if (!good_cap_t(cap_d)) { - errno = EINVAL; - return -1; - } - - _cap_debug("setting filename capabilities"); - return _setfilecap(filename, sizeof(struct __cap_s), - &cap_d->set[CAP_INHERITABLE], - &cap_d->set[CAP_PERMITTED], - &cap_d->set[CAP_EFFECTIVE] ); -} - -/* - * $Log: cap_file.c,v $ - * Revision 1.4 1997/05/14 05:17:13 morgan - * bug-fix from zefram (errno no set on success) - * - * Revision 1.3 1997/05/04 05:35:46 morgan - * fixed errno setting. syscalls do this part - * - * Revision 1.2 1997/04/28 00:57:11 morgan - * fixes and zefram's patches - * - * Revision 1.1 1997/04/21 04:32:52 morgan - * Initial revision - * - */ -@ - - -1.4 -log -@bug-fix from zefram (errno no set on success) -@ -text -@d2 1 -a2 1 - * $Id: cap_file.c,v 1.3 1997/05/04 05:35:46 morgan Exp morgan $ -d4 1 -a4 1 - * Copyright (c) 1997 Andrew G Morgan <morgan@@parc.power.net> -d102 3 -@ - - -1.3 -log -@fixed errno setting. syscalls do this part -@ -text -@d2 1 -a2 1 - * $Id: cap_file.c,v 1.2 1997/04/28 00:57:11 morgan Exp morgan $ -d70 1 -a70 10 - if (good_cap_t(cap_d)) { - _cap_debug("setting fildes capabilities"); - - if (_fsetfilecap(fildes, sizeof(struct __cap_s), - &cap_d->set[CAP_INHERITABLE], - &cap_d->set[CAP_PERMITTED], - &cap_d->set[CAP_EFFECTIVE] )) { - _cap_debug("failed: %s", strerror(errno)); - } - } else { -d72 1 -d75 5 -a79 1 - return (errno ? -1:0); -d88 1 -a88 10 - if (good_cap_t(cap_d)) { - _cap_debug("setting named file capabilities"); - - if (_setfilecap(filename, sizeof(struct __cap_s), - &cap_d->set[CAP_INHERITABLE], - &cap_d->set[CAP_PERMITTED], - &cap_d->set[CAP_EFFECTIVE] )) { - _cap_debug("failed: %s", strerror(errno)); - } - } else { -d90 1 -d93 5 -a97 1 - return (errno ? -1:0); -d102 3 -@ - - -1.2 -log -@fixes and zefram's patches -@ -text -@d2 1 -a2 1 - * $Id: cap_file.c,v 1.1 1997/04/21 04:32:52 morgan Exp morgan $ -d28 1 -a28 1 - errno = -_fgetfilecap(fildes, sizeof(struct __cap_s), -d31 1 -a31 3 - &result->set[CAP_EFFECTIVE] ); - - if (errno) -d33 1 -d53 1 -a53 1 - errno = -_getfilecap(filename, sizeof(struct __cap_s), -d56 1 -a56 3 - &result->set[CAP_EFFECTIVE] ); - - if (errno) -d73 6 -a78 4 - errno = -_fsetfilecap(fildes, sizeof(struct __cap_s), - &cap_d->set[CAP_INHERITABLE], - &cap_d->set[CAP_PERMITTED], - &cap_d->set[CAP_EFFECTIVE] ); -d95 6 -a100 4 - errno = -_setfilecap(filename, sizeof(struct __cap_s), - &cap_d->set[CAP_INHERITABLE], - &cap_d->set[CAP_PERMITTED], - &cap_d->set[CAP_EFFECTIVE] ); -d110 3 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id$ -d26 1 -d32 3 -d52 1 -d58 3 -d75 1 -d95 1 -d108 4 -a111 1 - * $Log$ -@ diff --git a/libcap/RCS/cap_flag.c,v b/libcap/RCS/cap_flag.c,v deleted file mode 100644 index 45a7258..0000000 --- a/libcap/RCS/cap_flag.c,v +++ /dev/null @@ -1,241 +0,0 @@ -head 1.4; -access; -symbols; -locks; strict; -comment @ * @; - - -1.4 -date 98.09.20.23.07.59; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 98.05.24.22.54.09; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.00.57.11; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.32.52; author morgan; state Exp; -branches; -next ; - - -desc -@first take -@ - - -1.4 -log -@fixed lower bound check on 'set'. -@ -text -@/* - * $Id: cap_flag.c,v 1.3 1998/05/24 22:54:09 morgan Exp morgan $ - * - * Copyright (c) 1997-8 Andrew G. Morgan <morgan@@linux.kernel.org> - * - * See end of file for Log. - * - * This file deals with flipping of capabilities on internal - * capability sets as specified by POSIX.1e (formerlly, POSIX 6). - */ - -#include "libcap.h" - -/* - * Return the state of a specified capability flag. The state is - * returned as the contents of *raised. The capability is from one of - * the sets stored in cap_d as specified by set and value - */ - -int cap_get_flag(cap_t cap_d, cap_value_t value, cap_flag_t set, - cap_flag_value_t *raised) -{ - /* - * Do we have a set and a place to store its value? - * Is it a known capability? - */ - - if (raised && good_cap_t(cap_d) && value >= 0 && value < __CAP_BITS - && set >= 0 && set < NUMBER_OF_CAP_SETS) { - __cap_s *cap_p = (__cap_s *) (set*CAP_SET_SIZE - + (__u8 *) &cap_d->set); - - *raised = isset_cap(cap_p,value) ? CAP_SET:CAP_CLEAR; - return 0; - - } else { - - _cap_debug("invalid arguments"); - errno = EINVAL; - return -1; - - } -} - -/* - * raise/lower a selection of capabilities - */ - -int cap_set_flag(cap_t cap_d, cap_flag_t set, - int no_values, cap_value_t *array_values, - cap_flag_value_t raise) -{ - /* - * Do we have a set and a place to store its value? - * Is it a known capability? - */ - - if (good_cap_t(cap_d) && no_values > 0 && no_values <= __CAP_BITS - && (set >= 0) && (set < NUMBER_OF_CAP_SETS) - && (raise == CAP_SET || raise == CAP_CLEAR) ) { - int i; - for (i=0; i<no_values; ++i) { - if (array_values[i] < 0 || array_values[i] >= __CAP_BITS) { - _cap_debug("weird capability (%d) - skipped", array_values[i]); - } else { - int value = array_values[i]; - __cap_s *cap_p = (__cap_s *) (set*CAP_SET_SIZE - + (__u8 *) &cap_d->set); - - if (raise == CAP_SET) { - cap_p->raise_cap(value); - } else { - cap_p->lower_cap(value); - } - } - } - return 0; - - } else { - - _cap_debug("invalid arguments"); - errno = EINVAL; - return -1; - - } -} - -/* - * Reset the capability to be empty (nothing raised) - */ - -int cap_clear(cap_t cap_d) -{ - if (good_cap_t(cap_d)) { - - memset(&(cap_d->set), 0, sizeof(cap_d->set)); - return 0; - - } else { - - _cap_debug("invalid pointer"); - errno = EINVAL; - return -1; - - } -} - -/* - * $Log: cap_flag.c,v $ - * Revision 1.3 1998/05/24 22:54:09 morgan - * updated for 2.1.104 - * - * Revision 1.2 1997/04/28 00:57:11 morgan - * fixes and zefram's patches - * - * Revision 1.1 1997/04/21 04:32:52 morgan - * Initial revision - * - */ -@ - - -1.3 -log -@updated for 2.1.104 -@ -text -@d2 1 -a2 1 - * $Id: cap_flag.c,v 1.2 1997/04/28 00:57:11 morgan Exp morgan $ -d29 1 -a29 1 - && set > 0 && set < NUMBER_OF_CAP_SETS) { -d59 1 -a59 1 - && (set > 0) && (set < NUMBER_OF_CAP_SETS) -d110 3 -@ - - -1.2 -log -@fixes and zefram's patches -@ -text -@d2 1 -a2 1 - * $Id: cap_flag.c,v 1.1 1997/04/21 04:32:52 morgan Exp morgan $ -d4 1 -a4 1 - * Copyright (c) 1997 Andrew G. Morgan <morgan@@parc.power.net> -d20 2 -a21 2 -int cap_get_flag(cap_t cap_d, cap_value_t value, cap_flag_t set - , cap_flag_value_t *raised) -d28 4 -a31 1 - if (raised && good_cap_t(cap_d) && value >= 0 && value < __CAP_BITS) { -d33 1 -a33 1 - *raised = (cap_d->set[set]._cap_raised(value)) ? CAP_SET:CAP_CLEAR; -d49 3 -a51 3 -int cap_set_flag(cap_t cap_d, cap_flag_t set - , int no_values, cap_value_t *array_values - , cap_flag_value_t raise) -d59 1 -a61 1 - -d65 10 -a74 4 - } else if (raise == CAP_SET) { - cap_d->set[set]._cap_raise(array_values[i]); - } else if (raise == CAP_CLEAR) { - cap_d->set[set]._cap_lower(array_values[i]); -d96 1 -a96 1 - memset(&(cap_d->set), 0, 3*sizeof(__cap_s)); -d110 3 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id$ -d28 1 -a28 1 - if (raised && good_cap_t(cap_d)) { -d55 1 -a55 1 - if (good_cap_t(cap_d) && no_values > 0 && no_values < __NR_CAP -d60 1 -a60 1 - if (array_values[i] < 0 || array_values[i] >= __NR_CAP) { -d100 4 -a103 1 - * $Log$ -@ diff --git a/libcap/RCS/cap_proc.c,v b/libcap/RCS/cap_proc.c,v deleted file mode 100644 index 21a8c40..0000000 --- a/libcap/RCS/cap_proc.c,v +++ /dev/null @@ -1,241 +0,0 @@ -head 1.5; -access; -symbols; -locks; strict; -comment @ * @; - - -1.5 -date 98.05.24.22.54.09; author morgan; state Exp; -branches; -next 1.4; - -1.4 -date 97.05.14.05.17.13; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 97.05.04.05.35.46; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.00.57.11; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.32.52; author morgan; state Exp; -branches; -next ; - - -desc -@first take -@ - - -1.5 -log -@updated for 2.1.104 -@ -text -@/* - * $Id: cap_proc.c,v 1.4 1997/05/14 05:17:13 morgan Exp morgan $ - * - * Copyright (c) 1997-8 Andrew G Morgan <morgan@@linux.kernel.org> - * - * See end of file for Log. - * - * This file deals with setting capabilities on processes. - */ - -#include "libcap.h" - -cap_t cap_get_proc(void) -{ - cap_t result; - - /* allocate a new capability set */ - result = cap_init(); - if (result) { - _cap_debug("getting current process' capabilities"); - - /* fill the capability sets via a system call */ - if (capget(&result->head, &result->set)) { - cap_free(&result); - } - } - - return result; -} - -int cap_set_proc(cap_t cap_d) -{ - if (!good_cap_t(cap_d)) { - errno = EINVAL; - return -1; - } - - _cap_debug("setting process capabilities"); - return capset(&cap_d->head, &cap_d->set); -} - -/* the following two functions are not required by POSIX */ - -/* read the caps on a specific process */ - -int capgetp(pid_t pid, cap_t cap_d) -{ - int error; - - if (!good_cap_t(cap_d)) { - errno = EINVAL; - return -1; - } - - _cap_debug("getting process capabilities for proc %d", pid); - - cap_d->head.pid = pid; - error = capget(&cap_d->head, &cap_d->set); - cap_d->head.pid = 0; - - return error; -} - -/* set the caps on a specific process/pg etc.. */ - -int capsetp(pid_t pid, cap_t cap_d) -{ - int error; - - if (!good_cap_t(cap_d)) { - errno = EINVAL; - return -1; - } - - _cap_debug("setting process capabilities for proc %d", pid); - cap_d->head.pid = pid; - error = capset(&cap_d->head, &cap_d->set); - cap_d->head.pid = 0; - - return error; -} - -/* - * $Log: cap_proc.c,v $ - * Revision 1.4 1997/05/14 05:17:13 morgan - * bug-fix from zefram (errno no set on success) - * - * Revision 1.3 1997/05/04 05:35:46 morgan - * fixed errno setting. syscalls do this part - * - * Revision 1.2 1997/04/28 00:57:11 morgan - * fixes and zefram's patches - * - * Revision 1.1 1997/04/21 04:32:52 morgan - * Initial revision - * - */ -@ - - -1.4 -log -@bug-fix from zefram (errno no set on success) -@ -text -@d2 1 -a2 1 - * $Id: cap_proc.c,v 1.3 1997/05/04 05:35:46 morgan Exp morgan $ -d4 1 -a4 1 - * Copyright (c) 1997 Andrew G Morgan <morgan@@parc.power.net> -d23 1 -a23 4 - if (_getproccap(sizeof(struct __cap_s), - &result->set[CAP_INHERITABLE], - &result->set[CAP_PERMITTED], - &result->set[CAP_EFFECTIVE] )) -d25 1 -d39 42 -a80 4 - return _setproccap(sizeof(struct __cap_s), - &cap_d->set[CAP_INHERITABLE], - &cap_d->set[CAP_PERMITTED], - &cap_d->set[CAP_EFFECTIVE] ); -d85 3 -@ - - -1.3 -log -@fixed errno setting. syscalls do this part -@ -text -@d2 1 -a2 1 - * $Id: cap_proc.c,v 1.2 1997/04/28 00:57:11 morgan Exp morgan $ -d35 1 -a35 11 - if (good_cap_t(cap_d)) { - _cap_debug("setting current process' capabilities"); - - /* fill the capability sets via a system call */ - if (_setproccap(sizeof(struct __cap_s), - &cap_d->set[CAP_INHERITABLE], - &cap_d->set[CAP_PERMITTED], - &cap_d->set[CAP_EFFECTIVE] )) { - _cap_debug("failed: %s", strerror(errno)); - } - } else -d37 2 -d40 5 -a44 1 - return (errno ? -1:0); -d49 3 -@ - - -1.2 -log -@fixes and zefram's patches -@ -text -@d2 1 -a2 1 - * $Id: cap_proc.c,v 1.1 1997/04/21 04:32:52 morgan Exp morgan $ -d23 4 -a26 6 - errno = -_getproccap(sizeof(struct __cap_s), - &result->set[CAP_INHERITABLE], - &result->set[CAP_PERMITTED], - &result->set[CAP_EFFECTIVE] ); - - if (errno) -d39 6 -a44 4 - errno = -_setproccap(sizeof(struct __cap_s), - &cap_d->set[CAP_INHERITABLE], - &cap_d->set[CAP_PERMITTED], - &cap_d->set[CAP_EFFECTIVE] ); -d53 3 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id$ -d21 1 -d27 3 -d39 1 -d52 4 -a55 1 - * $Log$ -@ diff --git a/libcap/RCS/cap_sys.c,v b/libcap/RCS/cap_sys.c,v deleted file mode 100644 index bdd6098..0000000 --- a/libcap/RCS/cap_sys.c,v +++ /dev/null @@ -1,176 +0,0 @@ -head 1.4; -access; -symbols; -locks; strict; -comment @ * @; - - -1.4 -date 98.06.08.00.14.01; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 98.05.24.22.54.09; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.00.57.11; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.32.52; author morgan; state Exp; -branches; -next ; - - -desc -@first take -@ - - -1.4 -log -@change to accommodate alpha (glibc?) -@ -text -@/* - * $Id: cap_sys.c,v 1.3 1998/05/24 22:54:09 morgan Exp morgan $ - * - * Copyright (c) 1997-8 Andrew G. Morgan <morgan@@linux.kernel.org> - * - * This file contains the system calls for getting and setting - * capabilities - */ - -#include "libcap.h" -#define __LIBRARY__ -#include <linux/unistd.h> - -_syscall2(int, capget, - cap_user_header_t, header, - cap_user_data_t, data) - -_syscall2(int, capset, - cap_user_header_t, header, - const cap_user_data_t, data) - -/* - * $Log: cap_sys.c,v $ - * Revision 1.3 1998/05/24 22:54:09 morgan - * updated for 2.1.104 - * - * Revision 1.2 1997/04/28 00:57:11 morgan - * fixes and zefram's patches - * - * Revision 1.1 1997/04/21 04:32:52 morgan - * Initial revision - * - */ -@ - - -1.3 -log -@updated for 2.1.104 -@ -text -@d2 1 -a2 1 - * $Id: cap_sys.c,v 1.2 1997/04/28 00:57:11 morgan Exp morgan $ -d11 1 -d24 3 -@ - - -1.2 -log -@fixes and zefram's patches -@ -text -@d2 1 -a2 1 - * $Id: cap_sys.c,v 1.1 1997/04/21 04:32:52 morgan Exp morgan $ -d4 1 -a4 1 - * Copyright (c) 1997 Andrew G. Morgan <morgan@@parc.power.net> -d13 7 -a19 41 -_syscall4(int, _setproccap, - size_t, usize, - __cap_s const *, iset, - __cap_s const *, pset, - __cap_s const *, eset) - -_syscall4(int, _getproccap, - size_t, usize, - __cap_s *, iset, - __cap_s *, pset, - __cap_s *, eset) - -/* Secondly, we have the file capabilities */ - -_syscall5(int, _setfilecap, - char const *, filename, - size_t, usize, - __cap_s const *, iset, - __cap_s const *, pset, - __cap_s const *, eset) - -_syscall5(int, _getfilecap, - char const *, filename, - size_t, usize, - __cap_s *, iset, - __cap_s *, pset, - __cap_s *, eset) - -_syscall5(int, _fsetfilecap, - int, fd, - size_t, usize, - __cap_s const *, iset, - __cap_s const *, pset, - __cap_s const *, eset) - -_syscall5(int, _fgetfilecap, - int, fd, - size_t, usize, - __cap_s *, iset, - __cap_s *, pset, - __cap_s *, eset) -d23 3 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id$ -d11 1 -d21 3 -a23 3 - __cap_s const *, iset, - __cap_s const *, pset, - __cap_s const *, eset) -d25 1 -a25 1 -/* Secondly, we have the file capabilitiy setting */ -d37 3 -a39 3 - __cap_s const *, iset, - __cap_s const *, pset, - __cap_s const *, eset) -d51 3 -a53 3 - __cap_s const *, iset, - __cap_s const *, pset, - __cap_s const *, eset) -d56 4 -a59 1 - * $Log$ -@ diff --git a/libcap/RCS/cap_text.c,v b/libcap/RCS/cap_text.c,v deleted file mode 100644 index d537f75..0000000 --- a/libcap/RCS/cap_text.c,v +++ /dev/null @@ -1,996 +0,0 @@ -head 1.4; -access; -symbols; -locks; strict; -comment @ * @; - - -1.4 -date 98.05.24.22.54.09; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 97.05.04.05.37.00; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.00.57.11; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.32.52; author morgan; state Exp; -branches; -next ; - - -desc -@first take -@ - - -1.4 -log -@updated for 2.1.104 -@ -text -@/* - * $Id: cap_text.c,v 1.3 1997/05/04 05:37:00 morgan Exp morgan $ - * - * Copyright (c) 1997-8 Andrew G Morgan <morgan@@linux.kernel.org> - * Copyright (c) 1997 Andrew Main <zefram@@dcs.warwick.ac.uk> - * - * See end of file for Log. - * - * This file deals with exchanging internal and textual - * representations of capability sets. - */ - -#define LIBCAP_PLEASE_INCLUDE_ARRAY -#include "libcap.h" - -#include <ctype.h> -#include <stdio.h> - -char *strdup(const char *s); - -/* Maximum output text length (16 per cap) */ -#define CAP_TEXT_SIZE (16*__CAP_BITS) - -#define LIBCAP_EFF 01 -#define LIBCAP_INH 02 -#define LIBCAP_PER 04 - -/* - * Parse a textual representation of capabilities, returning an internal - * representation. - */ - -#define setbits(A,B) _setbits((__cap_s *)A, (__cap_s *)B) -static void _setbits(__cap_s *a, __cap_s *b) -{ - int n; - for (n = __CAP_BLKS; n--; ) - a->_blk[n] |= b->_blk[n]; -} - -#define clrbits(A,B) _clrbits((__cap_s *)A, (__cap_s *)B) -static void _clrbits(__cap_s *a, __cap_s *b) -{ - int n; - for (n = __CAP_BLKS; n--; ) - a->_blk[n] &= ~b->_blk[n]; -} - -static char const *namcmp(char const *str, char const *nam) -{ - while (*nam && tolower((unsigned char)*str) == *nam) { - str++; - nam++; - } - if (*nam || isalnum((unsigned char)*str) || *str == '_') - return NULL; - return str; -} - -static int lookupname(char const **strp) -{ - char const *str = *strp; - if (isdigit(*str)) { - unsigned long n = strtoul(str, (char **)&str, 0); - if (n >= __CAP_BITS) - return -1; - *strp = str; - return n; - } else { - char const *s; - int n; - for (n = __CAP_BITS; n--; ) - if (_cap_names[n] && (s = namcmp(str, _cap_names[n]))) { - *strp = s; - return n; - } - return -1; - } -} - -cap_t cap_from_text(const char *str) -{ - cap_t res; - __cap_s allones; - int n; - - if (str == NULL) { - _cap_debug("bad argument"); - errno = EINVAL; - return NULL; - } - - if (!(res = cap_init())) - return NULL; - for (n = __CAP_BLKS; n--; ) - allones._blk[n] = -1; - _cap_debug("%s", str); - - for (;;) { - char op; - int flags = 0, listed=0; - __cap_s list = {{0}}; - - /* skip leading spaces */ - while (isspace((unsigned char)*str)) - str++; - if (!*str) { - _cap_debugcap("e = ", &res->set.effective); - _cap_debugcap("i = ", &res->set.inheritable); - _cap_debugcap("p = ", &res->set.permitted); - return res; - } - - /* identify caps specified by this clause */ - if (isalnum((unsigned char)*str) || *str == '_') { - for (;;) { - if (namcmp(str, "all")) { - str += 3; - list = allones; - } else { - n = lookupname(&str); - if (n == -1) - goto bad; - list.raise_cap(n); - } - if (*str != ',') - break; - if (!isalnum((unsigned char)*++str) && *str != '_') - goto bad; - } - listed = 1; - } else if (*str == '+' || *str == '-') - goto bad; /* require a list of capabilities */ - else - list = allones; - - /* identify first operation on list of capabilities */ - op = *str++; - if (op == '=' && (*str == '+' || *str == '-')) { - if (!listed) - goto bad; - op = (*str++ == '+' ? 'P':'M'); /* skip '=' and take next op */ - } else if (op != '+' && op != '-' && op != '=') - goto bad; - - /* cycle through list of actions */ - do { - _cap_debug("next char = `%c'", *str); - if (*str && !isspace(*str)) { - switch (*str++) { /* Effective, Inheritable, Permitted */ - case 'e': - flags |= LIBCAP_EFF; - break; - case 'i': - flags |= LIBCAP_INH; - break; - case 'p': - flags |= LIBCAP_PER; - break; - default: - goto bad; - } - } else if (op != '=') { - _cap_debug("only '=' can be followed by space"); - goto bad; - } - - _cap_debug("how to read?"); - switch (op) { /* how do we interpret the caps? */ - case '=': - case 'P': /* =+ */ - case 'M': /* =- */ - clrbits(&res->set.effective, &list); - clrbits(&res->set.inheritable, &list); - clrbits(&res->set.permitted, &list); - /* fall through */ - if (op == 'M') - goto minus; - case '+': - if (flags & LIBCAP_EFF) - setbits(&res->set.effective, &list); - if (flags & LIBCAP_INH) - setbits(&res->set.inheritable, &list); - if (flags & LIBCAP_PER) - setbits(&res->set.permitted, &list); - break; - case '-': - minus: - if (flags & LIBCAP_EFF) - clrbits(&res->set.effective, &list); - if (flags & LIBCAP_INH) - clrbits(&res->set.inheritable, &list); - if (flags & LIBCAP_PER) - clrbits(&res->set.permitted, &list); - break; - } - - /* new directive? */ - if (*str == '+' || *str == '-') { - if (!listed) { - _cap_debug("for + & - must list capabilities"); - goto bad; - } - flags = 0; /* reset the flags */ - op = *str++; - if (!isalpha(*str)) - goto bad; - } - } while (*str && !isspace(*str)); - _cap_debug("next clause"); - } - -bad: - cap_free(&res); - errno = EINVAL; - return NULL; -} - -/* - * Convert an internal representation to a textual one. The textual - * representation is stored in static memory. It will be overwritten - * on the next occasion that this function is called. - */ - -static int getstateflags(cap_t caps, int capno) -{ - int f = 0; - - if (isset_cap((__cap_s *)(&caps->set.effective),capno)) - f |= LIBCAP_EFF; - if (isset_cap((__cap_s *)(&caps->set.inheritable),capno)) - f |= LIBCAP_INH; - if (isset_cap((__cap_s *)(&caps->set.permitted),capno)) - f |= LIBCAP_PER; - - return f; -} - -#define CAP_TEXT_BUFFER_ZONE 100 - -char *cap_to_text(cap_t caps, ssize_t *length_p) -{ - static char buf[CAP_TEXT_SIZE+CAP_TEXT_BUFFER_ZONE]; - char *p; - int histo[8] = {0}; - int m, n, t; - - /* Check arguments */ - if (!good_cap_t(caps) || length_p == NULL) { - errno = EINVAL; - return NULL; - } - - _cap_debugcap("e = ", &caps->set.effective); - _cap_debugcap("i = ", &caps->set.inheritable); - _cap_debugcap("p = ", &caps->set.permitted); - - for (n = __CAP_BITS; n--; ) - histo[getstateflags(caps, n)]++; - - for (m=t=7; t--; ) - if (histo[t] > histo[m]) - m = t; - - /* blank is not a valid capability set */ - p = sprintf(buf, "=%s%s%s", - (m & LIBCAP_EFF) ? "e" : "", - (m & LIBCAP_INH) ? "i" : "", - (m & LIBCAP_PER) ? "p" : "" ) + buf; - - for (t = 8; t--; ) - if (t != m && histo[t]) { - *p++ = ' '; - for (n = 0; n != __CAP_BITS; n++) - if (getstateflags(caps, n) == t) { - if (_cap_names[n]) - p += sprintf(p, "%s,", _cap_names[n]); - else - p += sprintf(p, "%d,", n); - if (p - buf > CAP_TEXT_SIZE) { - errno = ERANGE; - return NULL; - } - } - p--; - n = t & ~m; - if (n) - p += sprintf(p, "+%s%s%s", - (n & LIBCAP_EFF) ? "e" : "", - (n & LIBCAP_INH) ? "i" : "", - (n & LIBCAP_PER) ? "p" : ""); - n = ~t & m; - if (n) - p += sprintf(p, "-%s%s%s", - (n & LIBCAP_EFF) ? "e" : "", - (n & LIBCAP_INH) ? "i" : "", - (n & LIBCAP_PER) ? "p" : ""); - if (p - buf > CAP_TEXT_SIZE) { - errno = ERANGE; - return NULL; - } - } - - _cap_debug("%s", buf); - *length_p = p - buf; - return (strdup(buf)); -} - -/* - * $Log: cap_text.c,v $ - * Revision 1.3 1997/05/04 05:37:00 morgan - * case sensitvity to capability flags - * - * Revision 1.2 1997/04/28 00:57:11 morgan - * zefram's replacement file with a number of bug fixes from AGM - * - * Revision 1.1 1997/04/21 04:32:52 morgan - * Initial revision - * - */ -@ - - -1.3 -log -@case sensitvity to capability flags -@ -text -@d2 1 -a2 1 - * $Id: cap_text.c,v 1.2 1997/04/28 00:57:11 morgan Exp morgan $ -d4 1 -a4 1 - * Copyright (c) 1997 Andrew G Morgan <morgan@@parc.power.net> -d13 1 -d19 2 -d33 2 -a34 1 -static void setbits(__cap_s *a, __cap_s *b) -d41 2 -a42 1 -static void clrbits(__cap_s *a, __cap_s *b) -d108 3 -a110 3 - _cap_debugcap("e = ", &res->set[CAP_EFFECTIVE]); - _cap_debugcap("i = ", &res->set[CAP_INHERITABLE]); - _cap_debugcap("p = ", &res->set[CAP_PERMITTED]); -d124 1 -a124 1 - list._cap_raise(n); -d173 3 -a175 3 - clrbits(&res->set[CAP_EFFECTIVE], &list); - clrbits(&res->set[CAP_INHERITABLE], &list); - clrbits(&res->set[CAP_PERMITTED], &list); -d181 1 -a181 1 - setbits(&res->set[CAP_EFFECTIVE], &list); -d183 1 -a183 1 - setbits(&res->set[CAP_INHERITABLE], &list); -d185 1 -a185 1 - setbits(&res->set[CAP_PERMITTED], &list); -d190 1 -a190 1 - clrbits(&res->set[CAP_EFFECTIVE], &list); -d192 1 -a192 1 - clrbits(&res->set[CAP_INHERITABLE], &list); -d194 1 -a194 1 - clrbits(&res->set[CAP_PERMITTED], &list); -d229 1 -a229 1 - if (caps->set[CAP_EFFECTIVE]._cap_raised(capno)) -d231 1 -a231 1 - if (caps->set[CAP_INHERITABLE]._cap_raised(capno)) -d233 1 -a233 1 - if (caps->set[CAP_PERMITTED]._cap_raised(capno)) -d254 3 -a256 3 - _cap_debugcap("e = ", &caps->set[CAP_EFFECTIVE]); - _cap_debugcap("i = ", &caps->set[CAP_INHERITABLE]); - _cap_debugcap("p = ", &caps->set[CAP_PERMITTED]); -d306 1 -a306 1 - return buf; -d311 3 -@ - - -1.2 -log -@zefram's replacement file with a number of bug fixes from AGM -@ -text -@d2 1 -a2 1 - * $Id: cap_text.c,v 1.1 1997/04/21 04:32:52 morgan Exp morgan $ -a146 1 - case 'E': -a149 1 - case 'I': -a152 1 - case 'P': -d306 3 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id$ -d5 1 -d16 1 -d18 2 -a19 64 -/* - * Some static data: - */ - -/* A place to store the capability names */ -static const char * cap_text[__CAP_BITS] = { - -/* - * POSIX capabilities - */ - -/* CAP_CHOWN (0) */ "cap_chown", -/* CAP_DAC_OVERRIDE */ "cap_dac_override", -/* CAP_DAC_READ_SEARCH */ "cap_dac_read_search", -/* CAP_FOWNER */ "cap_fowner", -/* CAP_FSETID */ "cap_fsetid", -/* CAP_KILL (5) */ "cap_kill", -/* CAP_LINK_DIR */ "cap_link_dir", -/* CAP_SETFCAP */ "cap_setfcap", -/* CAP_SETGID */ "cap_setgid", -/* CAP_SETUID */ "cap_setuid", -/* CAP_SIGMASK (10) */ "cap_sigmask", - -/* CAP_MAC_DOWNGRADE (11) */ "cap_mac_downgrade", -/* CAP_MAC_READ */ "cap_mac_read", -/* CAP_MAC_RELABEL_SUB */ "cap_mac_relabel_sub", -/* CAP_MAC_UPGRADE */ "cap_mac_upgrade", -/* CAP_MAC_WRITE */ "cap_mac_write", - -/* CAP_INF_NOFLOAT_OBJ (16) */ "cap_inf_nofloat_obj", -/* CAP_INF_NOFLOAT_SUB */ "cap_inf_nofloat_lab", -/* CAP_INF_RELABEL_OBJ */ "cap_inf_relabel_obj", -/* CAP_INF_RELABEL_SUB */ "cap_inf_relabel_sub", - -/* CAP_AUDIT_CONTROL (20) */ "cap_audit_control", -/* CAP_AUDIT_WRITE */ "cap_audit_write", - -/* (22) reserved for POSIX */ NULL, -/* (23) reserved for POSIX */ NULL, -/* (24) reserved for POSIX */ NULL, -/* (25) reserved for POSIX */ NULL, -/* (26) reserved for POSIX */ NULL, -/* (27) reserved for POSIX */ NULL, -/* (28) reserved for POSIX */ NULL, -/* (29) reserved for POSIX */ NULL, -/* (30) reserved for POSIX */ NULL, -/* (31) reserved for POSIX */ NULL, - -/* - * Linux-specific capabilities - */ - -/* CAP_LINUX_IMMUTABLE (32) */ "cap_linux_immutable", -/* CAP_LINUX_KERNELD */ "cap_linux_kerneld", -/* CAP_LINUX_INSMOD */ "cap_linux_insmod", -/* CAP_LINUX_RMMOD */ "cap_linux_rmmod", -/* CAP_LINUX_RAWIO */ "cap_linux_rawio", -/* CAP_LINUX_ATTENTION */ "cap_linux_attention", -/* CAP_LINUX_RANDOM */ "cap_linux_random", - -/* - * Others.. A number of others have been defined; they do not belong - * to Linux or POSIX. [Subject to change]. - */ -d21 3 -a23 24 -/* CAP_NET_BIND_SERVICE (39) */ "cap_net_bind_service", -/* CAP_NET_BROADCAST */ "cap_net_broadcast", -/* CAP_NET_DEBUG */ "cap_net_debug", -/* CAP_NET_FIREWALL */ "cap_net_firewall", -/* CAP_NET_IFCONFIG */ "cap_net_ifconfig", -/* CAP_NET_PACKET */ "cap_net_packet", -/* CAP_NET_RAW (45) */ "cap_net_raw", -/* CAP_NET_ROUTE */ "cap_net_route", -/* CAP_NET_SETID */ "cap_net_setid", -/* CAP_IPC_LOCK */ "cap_ipc_lock", -/* CAP_IPC_OWNER */ "cap_ipc_owner", -/* CAP_SYS_CHROOT (50) */ "cap_sys_chroot", -/* CAP_SYS_PTRACE */ "cap_sys_ptrace", -/* CAP_SYS_ACCOUNT */ "cap_sys_account", -/* CAP_SYS_ADMIN */ "cap_sys_admin", -/* CAP_SYS_BOOT */ "cap_sys_boot", -/* CAP_SYS_DEVICES (55) */ "cap_sys_devices", -/* CAP_SYS_NICE */ "cap_sys_nice", -/* CAP_SYS_RESOURCE */ "cap_sys_resource", -/* CAP_SYS_TIME */ "cap_sys_time", -/* CAP_SYS_TTY_CONFIG */ "cap_sys_tty_config", -/* CAP_SYS_QUOTA (60) */ "cap_sys_quota", - -}; -d26 2 -a27 1 - * static parsing routines -d30 1 -a30 6 -/* - * Caseless string comparison - */ - -/* caseless string comparison: POSIX does not define this.. */ -static int _strCMP(const char *s, const char *t) -d32 3 -a34 8 - int cf; - - do { - cf = tolower(*s) - tolower(*t); - ++t; - } while (!cf && *s++); - - return cf; -d37 1 -a37 21 -/* - * Locate character (c) in an array of characters (array) - */ - -static int _cap_inarray(char c, const char * array) -{ - int i; - - for (i=0; *array; ++array, ++i) { - if (c == *array) - return i; - } - - return -1; -} - -/* - * Locate a token (tok) in an capability array - */ - -static int _cap_find_token(const char * const tok) -d39 3 -a41 9 - int i; - - for (i=0; i<__CAP_BITS; ++i) { - if (cap_text[i] && !_strCMP(cap_text[i], tok)) { - _cap_debug("located [%s]=%d", cap_text[i], i); - return i; - } - } - return -1; -d44 1 -a44 5 -/* - * This function copies the next clause (returning NULL at end) - */ - -static const char *_cap_get_clause(const char *from, char **to) -d46 3 -a48 6 - const char *begin; - - /* forget last value */ - if (*to) { - free(*to); - *to = NULL; -d50 1 -a50 3 - - /* verify that we have something to search */ - if (from == NULL) { -d52 1 -a52 26 - } - - /* skip leading spaces */ - for (; *from && isspace(*from); ++from); - - /* do we have a clause? */ - if (*from) { - int length; - - /* Skip to next space */ - for (begin = from; *from && !isspace(*from); ++from); - - length = from - begin; - *to = malloc(1 + length); - if (*to == NULL) { - _cap_debug("out of memory"); - errno = ENOMEM; - return NULL; - } - - /* copy clause */ - memcpy(*to, begin, length); - (*to)[length] = '\0'; - } - - return (*from ? from:NULL); -d55 1 -a55 8 -/* - * Read comma separated capabilities and set them in the argument capability - * set. - */ - -static const char * const op_list = "=+-"; - -static char *_cap_parse_caps(char *temp, __cap_s *caps) -d57 7 -a63 21 - char *ops, saved; - const char *tok; - - if (temp == NULL) { - _cap_debug("no capabilities provided"); - return NULL; - } - - /* find first non-capability char (=+-) and save for later writeback */ - for (ops=temp; (saved=*ops) && _cap_inarray(saved, op_list) < 0; ++ops); - *ops = '\0'; - - /* loop through tokens looking up each capability and raising it in caps */ - if (!_strCMP("all", temp)) { - int i; - - /* A little slow but this way we only raise defined capabilities */ - for (i=0; i<__CAP_BITS; ++i) { - if (cap_text[i]) - caps->_cap_raise(i); - } -d65 6 -a70 11 - /* break string into tokens */ - while ((tok = strtok(temp, ","))) { - int cap; - - temp = NULL; - - cap = _cap_find_token(tok); - if (cap == -1) { - _cap_debug("tok=[%s] is not known - ignoring it", tok); - } else { - caps->_cap_raise(cap); -d72 1 -a72 22 - } - } - - /* writeback first operator char */ - *ops = saved; - - /* return operator list */ - return ops; -} - -/* - * read the operator list and set the internal flags accordingly - */ - -static struct __cap_s cap_purge(const struct __cap_s *a, - const struct __cap_s *b) -{ - struct __cap_s result; - register i; - - for (i=0; i<__CAP_BLKS; ++i) { - result._blk[i] = a->_blk[i] & ~b->_blk[i]; -a73 1 - return result; -d76 1 -a76 2 -static struct __cap_s cap_union(const struct __cap_s *a, - const struct __cap_s *b) -d78 3 -a80 2 - struct __cap_s result; - register i; -d82 4 -a85 2 - for (i=0; i<__CAP_BLKS; ++i) { - result._blk[i] = a->_blk[i] | b->_blk[i]; -a86 2 - return result; -} -d88 20 -a107 3 -#define _LIBCAP_EQ 01 -#define _LIBCAP_PL 02 -#define _LIBCAP_MI 03 -d109 16 -a124 38 -static void _cap_parse_ops(char *temp, __cap_s *caps, cap_t cap_d) -{ - unsigned int state=0; - char c; - - while ((c = *temp++)) { - int op; - - /* Is this an operator? */ - if ((op = _cap_inarray(c, op_list)) >= 0) { - c = '\0'; - state = 1+op; - if (*temp && _cap_inarray(*temp, op_list) < 0) - continue; - /* Fall through for immediate action */ - } - switch (c) { - case '\0': - switch ((state & 03)) { - case _LIBCAP_EQ: - memset(&(cap_d->set), 0, 3*sizeof(__cap_s)); - break; - case _LIBCAP_PL: - cap_d->set[CAP_EFFECTIVE] - = cap_union(&cap_d->set[CAP_EFFECTIVE], caps); - cap_d->set[CAP_INHERITABLE] - = cap_union(&cap_d->set[CAP_EFFECTIVE], caps); - cap_d->set[CAP_PERMITTED] - = cap_union(&cap_d->set[CAP_EFFECTIVE], caps); - break; - case _LIBCAP_MI: - cap_d->set[CAP_EFFECTIVE] - = cap_purge(&cap_d->set[CAP_EFFECTIVE], caps); - cap_d->set[CAP_INHERITABLE] - = cap_purge(&cap_d->set[CAP_EFFECTIVE], caps); - cap_d->set[CAP_PERMITTED] - = cap_purge(&cap_d->set[CAP_EFFECTIVE], caps); - break; -d126 38 -a163 15 - break; - case 'e': - case 'E': /* set effective caps */ - switch ((state & 03)) { - case _LIBCAP_EQ: - memset(&(cap_d->set[CAP_EFFECTIVE]), 0, sizeof(__cap_s)); - break; - case _LIBCAP_PL: - cap_d->set[CAP_EFFECTIVE] - = cap_union(&cap_d->set[CAP_EFFECTIVE], caps); - break; - case _LIBCAP_MI: - cap_d->set[CAP_EFFECTIVE] - = cap_purge(&cap_d->set[CAP_EFFECTIVE], caps); - break; -d165 28 -a192 14 - break; - case 'i': - case 'I': - switch ((state & 03)) { - case _LIBCAP_EQ: - memset(&(cap_d->set[CAP_INHERITABLE]), 0, sizeof(__cap_s)); - break; - case _LIBCAP_PL: - cap_d->set[CAP_INHERITABLE] - = cap_union(&cap_d->set[CAP_INHERITABLE], caps); - break; - case _LIBCAP_MI: - cap_d->set[CAP_INHERITABLE] - = cap_purge(&cap_d->set[CAP_INHERITABLE], caps); -d195 11 -a205 15 - break; - case 'p': - case 'P': - switch ((state & 03)) { - case _LIBCAP_EQ: - memset(&(cap_d->set[CAP_PERMITTED]), 0, sizeof(__cap_s)); - break; - case _LIBCAP_PL: - cap_d->set[CAP_PERMITTED] - = cap_union(&cap_d->set[CAP_PERMITTED], caps); - break; - case _LIBCAP_MI: - cap_d->set[CAP_PERMITTED] - = cap_purge(&cap_d->set[CAP_PERMITTED], caps); - break; -d207 2 -a208 4 - break; - default: - _cap_debug("[%c] is ignored", c); - } -d210 5 -d218 3 -a220 1 - * Convert a textual representation to a capability set. -d223 1 -a223 1 -cap_t cap_from_text(const char *verbose) -d225 1 -a225 29 - char *clause=NULL; - cap_t cap_d; - - cap_d = cap_init(); - if (cap_d == NULL) { - _cap_debug("out of memory"); - errno = ENOMEM; - return NULL; - } - - /* Loop through clauses */ - while ((verbose = _cap_get_clause(verbose, &clause))) { - struct __cap_s capabilities; - char *temp = clause; - - /* reset local capability set */ - memset(&capabilities, 0, sizeof(capabilities)); - - /* spin through capabilities listed in this clause */ - temp = _cap_parse_caps(temp, &capabilities); - if (temp) { - /* spin through list of operators? */ - _cap_parse_ops(temp, &capabilities, cap_d); - } - } - - /* return the capability set */ - return cap_d; -} -d227 6 -a232 4 -static int count_bits(struct __cap_s *cap) -{ - register int i,count=0; - register __u32 block=0; -d234 1 -a234 6 - for (i=0; i<__CAP_BLKS; ++i) { - for (block = cap->_blk[i]; block; block >>= 1) { - count += (block&1); - } - } - return count; -a236 10 -/* - * Convert an internal representation to a textual one. The textual - * representation is stored in static memory. It will be overwritten - * on the next occasion that this function is called. - */ - -#define _LIBCAP_EFF 01 -#define _LIBCAP_INH 02 -#define _LIBCAP_PER 04 - -d239 1 -a239 1 -char *cap_to_text(cap_t cap_d, ssize_t *length_p) -a240 2 - int mone, moni, monp; - unsigned int persist; -d242 3 -a244 1 - int length, i; -d247 1 -a247 1 - if (!good_cap_t(cap_d) || length_p == NULL) { -d252 30 -a281 44 - mone = (count_bits(&cap_d->set[CAP_EFFECTIVE]) > 16) ? 1:0; - moni = (count_bits(&cap_d->set[CAP_INHERITABLE]) > 16) ? 1:0; - monp = (count_bits(&cap_d->set[CAP_PERMITTED]) > 16) ? 1:0; - - *length_p = 0; - length = sprintf(buf, "all%se%si%sp\n", - mone ? "+":"-", - moni ? "+":"-", - monp ? "+":"-" ); - - /* loop through clustering together all caps that are stored in - the same selection of sets.. */ - for (persist=0, i=0; i<=__CAP_BITS; ++i) { - unsigned int this=0; - - /* Which have this capability set? */ - if (i != __CAP_BITS) { - if ((!mone && cap_d->set[CAP_EFFECTIVE]._cap_raised(i)) - || (mone && !cap_d->set[CAP_EFFECTIVE]._cap_raised(i))) - this |= _LIBCAP_EFF; - if ((!moni && cap_d->set[CAP_INHERITABLE]._cap_raised(i)) - || (moni && !cap_d->set[CAP_INHERITABLE]._cap_raised(i))) - this |= _LIBCAP_INH; - if ((!monp && cap_d->set[CAP_PERMITTED]._cap_raised(i)) - || (monp && !cap_d->set[CAP_PERMITTED]._cap_raised(i))) - this |= _LIBCAP_PER; - } else - this = ~0; - - /* should we include this capability? */ - if (this) { - if (persist && (i == __CAP_BITS || this != persist)) { - /* write out actionlist for persistent caps */ - length += sprintf(length+buf, "%s%s%s\n" - , (persist & _LIBCAP_EFF) ? - (mone?"-e":"+e"):"" - , (persist & _LIBCAP_INH) ? - (moni?"-i":"+i"):"" - , (persist & _LIBCAP_PER) ? - (monp?"-p":"+p"):"" - ); - if (length > CAP_TEXT_SIZE) { - errno = ERANGE; - return NULL; -d283 14 -a296 15 - persist=0; - } - if (i == __CAP_BITS) { - /* All done */ - break; - } - - if (cap_text[i]) { - length += sprintf(length+buf, "%s%s", persist? ",":"" - , cap_text[i]); - } else { - _cap_debug("cap [%d] not defined but is set!?", i); - length += sprintf(length+buf, "%s(%d)", persist?",":"", i); - } - if (length > CAP_TEXT_SIZE) { -a299 3 - - /* we may have a new persistent combination */ - persist = this; -a300 3 - } - - /* return text */ -d302 2 -a303 1 - *length_p = strlen(buf); -d308 4 -a311 1 - * $Log$ -@ diff --git a/libcap/RCS/libcap.h,v b/libcap/RCS/libcap.h,v deleted file mode 100644 index dc70111..0000000 --- a/libcap/RCS/libcap.h,v +++ /dev/null @@ -1,287 +0,0 @@ -head 1.5; -access; -symbols; -locks; strict; -comment @ * @; - - -1.5 -date 98.06.08.00.15.28; author morgan; state Exp; -branches; -next 1.4; - -1.4 -date 98.06.07.15.58.23; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 98.05.24.22.54.09; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.00.57.11; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.32.52; author morgan; state Exp; -branches; -next ; - - -desc -@first take -@ - - -1.5 -log -@accommodate alpha (glibc?) -@ -text -@/* - * $Id: libcap.h,v 1.4 1998/06/07 15:58:23 morgan Exp morgan $ - * - * Copyright (c) 1997 Andrew G Morgan <morgan@@linux.kernel.org> - * - * See end of file for Log. - * - * This file contains internal definitions for the various functions in - * this small capability library. - */ - -#ifndef LIBCAP_H -#define LIBCAP_H - -#include <sys/types.h> -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <sys/capability.h> - -/* include the names for the caps and a definition of __CAP_BITS */ -#include "cap_names.h" - -/* - * This is a pointer to a struct containing three consecutive - * capability sets in the order of the cap_flag_t type: the are - * effective,inheritable and permitted. This is the type that the - * user-space routines think of as 'internal' capabilities - this is - * the type that is passed to the kernel with the system calls related - * to processes. - */ - -#define CAP_T_MAGIC 0xCA90D0 -struct _cap_struct { - int magic; - struct __user_cap_header_struct head; - struct __user_cap_data_struct set; -}; - -/* - * Do we match the local kernel? - */ - -#if !defined(_LINUX_CAPABILITY_VERSION) || \ - (_LINUX_CAPABILITY_VERSION != 0x19980330) - -# error "Kernel <linux/capability.h> does not match library" -# error "file "libcap.h" --> fix and recompile libcap" - -#endif - -/* - * kernel API cap set abstraction - */ - -#define NUMBER_OF_CAP_SETS 3 /* effective, inheritable, permitted */ -#define CAP_SET_SIZE (sizeof(struct __user_cap_data_struct)/NUMBER_OF_CAP_SETS) -#define __CAP_BLKS (CAP_SET_SIZE/sizeof(__u32)) -typedef struct { - __u32 _blk[__CAP_BLKS]; -} __cap_s; -#define raise_cap(x) _blk[(x)>>5] |= (1<<((x)&31)) -#define lower_cap(x) _blk[(x)>>5] |= (1<<((x)&31)) -#define isset_cap(y,x) ((y)->_blk[(x)>>5] & (1<<((x)&31))) - -/* - * Private definitions for internal use by the library. - */ - -#define good_cap_t(c) ((c) && (c)->magic == CAP_T_MAGIC) - -/* - * library debugging - */ -#ifdef DEBUG - -#include <stdio.h> -# define _cap_debug(f, x...) { \ - fprintf(stderr, __FUNCTION__ "(" __FILE__ ":%d): ", __LINE__); \ - fprintf(stderr, f, ## x); \ - fprintf(stderr, "\n"); \ -} -# define _cap_debugcap(s, c) \ - fprintf(stderr, __FUNCTION__ "(" __FILE__ ":%d): " s \ - "%08x\n", __LINE__, c) - -#else /* !DEBUG */ - -# define _cap_debug(f, x...) -# define _cap_debugcap(s, c) - -#endif /* DEBUG */ - -/* - * These are semi-public prototypes, they will only be defined in - * <sys/capability.h> if _POSIX_SOURCE is not #define'd, so we - * place them here too. - */ - -extern int capset(cap_user_header_t header, cap_user_data_t data); -extern int capget(cap_user_header_t header, const cap_user_data_t data); -extern int capgetp(pid_t pid, cap_t cap_d); -extern int capsetp(pid_t pid, cap_t cap_d); - -#endif /* LIBCAP_H */ - -/* - * $Log: libcap.h,v $ - * Revision 1.4 1998/06/07 15:58:23 morgan - * accommodate real kernel header files :*) - * - * Revision 1.3 1998/05/24 22:54:09 morgan - * updated for 2.1.104 - * - * Revision 1.2 1997/04/28 00:57:11 morgan - * zefram's replacement file with a number of bug fixes from AGM - * - * Revision 1.1 1997/04/21 04:32:52 morgan - * Initial revision - * - */ -@ - - -1.4 -log -@accommodate real kernel header files :*) -@ -text -@d2 1 -a2 1 - * $Id: libcap.h,v 1.3 1998/05/24 22:54:09 morgan Exp morgan $ -d15 1 -d110 3 -@ - - -1.3 -log -@updated for 2.1.104 -@ -text -@d2 1 -a2 1 - * $Id: libcap.h,v 1.2 1997/04/28 00:57:11 morgan Exp morgan $ -d36 2 -a37 2 - struct _user_cap_header_struct head; - struct _user_cap_data_struct set; -d57 1 -a57 1 -#define CAP_SET_SIZE (sizeof(struct _user_cap_data_struct)/NUMBER_OF_CAP_SETS) -d109 3 -@ - - -1.2 -log -@zefram's replacement file with a number of bug fixes from AGM -@ -text -@d2 1 -a2 1 - * $Id: libcap.h,v 1.1 1997/04/21 04:32:52 morgan Exp morgan $ -d4 1 -a4 1 - * Copyright (c) 1997 Andrew G Morgan <morgan@@parc.power.net> -d21 3 -d36 2 -a37 1 - struct __cap_s set[3]; -d45 1 -a45 1 - (_LINUX_CAPABILITY_VERSION != 0x19970420) -d53 14 -d85 1 -a85 2 - "%08x %08x %08x %08x\n", __LINE__, \ - (c)->_blk[0], (c)->_blk[1], (c)->_blk[2], (c)->_blk[3]) -d100 4 -a103 10 -int _setproccap(size_t, __cap_s const *,__cap_s const *, __cap_s const *); -int _getproccap(size_t, __cap_s *,__cap_s *, __cap_s *); -int _setfilecap(char const *, size_t, __cap_s const *, - __cap_s const *, __cap_s const *); -int _getfilecap(char const *, size_t, __cap_s *, __cap_s *, __cap_s *); -int _fsetfilecap(int, size_t, __cap_s const *, - __cap_s const *, __cap_s const *); -int _fgetfilecap(int, size_t, __cap_s *, __cap_s *, __cap_s *); - -extern char const *_cap_names[__CAP_BITS]; -d109 3 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id$ -d19 1 -a19 2 - -#include <linux/capability.h> -d22 1 -a22 1 - * This is a pointer to an struct containing three consecutive -a47 8 -#include <sys/capability.h> - -/* - * System calls - */ - -#include <linux/unistd.h> - -d63 1 -a63 1 - fprintf(stderr, "\n"); -d65 4 -d73 1 -d77 5 -a81 2 -/* These are semi-public prototypes -- perhaps they should be moved to - <sys/capability.h> ? */ -d84 1 -a84 1 -int _getproccap(size_t, __cap_s const *,__cap_s const *, __cap_s const *); -d87 1 -a87 2 -int _getfilecap(char const *, size_t, __cap_s const *, - __cap_s const *, __cap_s const *); -d90 3 -a92 2 -int _fgetfilecap(int, size_t, __cap_s const *, - __cap_s const *, __cap_s const *); -d97 4 -a100 1 - * $Log$ -@ diff --git a/libcap/_makenames.c b/libcap/_makenames.c index 5ef7192..deb858c 100644 --- a/libcap/_makenames.c +++ b/libcap/_makenames.c @@ -1,5 +1,5 @@ /* - * $Id: _makenames.c,v 1.4 1998/06/07 15:50:12 morgan Exp $ + * $Id: _makenames.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * Copyright (c) 1997-8 Andrew G. Morgan <morgan@linux.kernel.org> * @@ -64,6 +64,9 @@ int main(void) /* * $Log: _makenames.c,v $ + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.4 1998/06/07 15:50:12 morgan * updated to accommodate kernel's real header file :*) * diff --git a/libcap/cap_alloc.c b/libcap/cap_alloc.c index 3d9e7ab..58cdb81 100644 --- a/libcap/cap_alloc.c +++ b/libcap/cap_alloc.c @@ -1,5 +1,5 @@ /* - * $Id: cap_alloc.c,v 1.3 1998/05/24 22:54:09 morgan Exp $ + * $Id: cap_alloc.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * Copyright (c) 1997-8 Andrew G Morgan <morgan@linux.kernel.org> * @@ -78,6 +78,9 @@ cap_t cap_init(void) /* * $Log: cap_alloc.c,v $ + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.3 1998/05/24 22:54:09 morgan * updated for 2.1.104 * diff --git a/libcap/cap_extint.c b/libcap/cap_extint.c index 5f17f2c..3b0536b 100644 --- a/libcap/cap_extint.c +++ b/libcap/cap_extint.c @@ -1,5 +1,5 @@ /* - * $Id: cap_extint.c,v 1.3 1998/05/24 22:54:09 morgan Exp $ + * $Id: cap_extint.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * Copyright (c) 1997-8 Andrew G Morgan <morgan@linux.kernel.org> * @@ -130,6 +130,9 @@ cap_t cap_copy_int(const void *cap_ext) /* * $Log: cap_extint.c,v $ + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.3 1998/05/24 22:54:09 morgan * updated for 2.1.104 * diff --git a/libcap/cap_file.c b/libcap/cap_file.c index 0cb4114..ba51f15 100644 --- a/libcap/cap_file.c +++ b/libcap/cap_file.c @@ -1,5 +1,5 @@ /* - * $Id: cap_file.c,v 1.5 1998/05/24 22:54:09 morgan Exp $ + * $Id: cap_file.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * Copyright (c) 1997 Andrew G Morgan <morgan@linux.kernel.org> * @@ -99,6 +99,9 @@ int cap_set_file(const char *filename, cap_t cap_d) /* * $Log: cap_file.c,v $ + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.5 1998/05/24 22:54:09 morgan * updated for 2.1.104 * diff --git a/libcap/cap_flag.c b/libcap/cap_flag.c index 7d8f967..2181ade 100644 --- a/libcap/cap_flag.c +++ b/libcap/cap_flag.c @@ -1,5 +1,5 @@ /* - * $Id: cap_flag.c,v 1.4 1998/09/20 23:07:59 morgan Exp $ + * $Id: cap_flag.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * Copyright (c) 1997-8 Andrew G. Morgan <morgan@linux.kernel.org> * @@ -107,6 +107,9 @@ int cap_clear(cap_t cap_d) /* * $Log: cap_flag.c,v $ + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.4 1998/09/20 23:07:59 morgan * fixed lower bound check on 'set'. * diff --git a/libcap/cap_proc.c b/libcap/cap_proc.c index 35c640c..76d53a9 100644 --- a/libcap/cap_proc.c +++ b/libcap/cap_proc.c @@ -1,5 +1,5 @@ /* - * $Id: cap_proc.c,v 1.5 1998/05/24 22:54:09 morgan Exp $ + * $Id: cap_proc.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * Copyright (c) 1997-8 Andrew G Morgan <morgan@linux.kernel.org> * @@ -82,6 +82,9 @@ int capsetp(pid_t pid, cap_t cap_d) /* * $Log: cap_proc.c,v $ + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.5 1998/05/24 22:54:09 morgan * updated for 2.1.104 * diff --git a/libcap/cap_sys.c b/libcap/cap_sys.c index 896f5f2..f28e8a3 100644 --- a/libcap/cap_sys.c +++ b/libcap/cap_sys.c @@ -1,5 +1,5 @@ /* - * $Id: cap_sys.c,v 1.4 1998/06/08 00:14:01 morgan Exp $ + * $Id: cap_sys.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * Copyright (c) 1997-8 Andrew G. Morgan <morgan@linux.kernel.org> * @@ -21,6 +21,9 @@ _syscall2(int, capset, /* * $Log: cap_sys.c,v $ + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.4 1998/06/08 00:14:01 morgan * change to accommodate alpha (glibc?) * diff --git a/libcap/cap_text.c b/libcap/cap_text.c index 53b51d0..c17f89f 100644 --- a/libcap/cap_text.c +++ b/libcap/cap_text.c @@ -1,5 +1,5 @@ /* - * $Id: cap_text.c,v 1.4 1998/05/24 22:54:09 morgan Exp $ + * $Id: cap_text.c,v 1.2 1999/04/17 23:25:09 morgan Exp $ * * Copyright (c) 1997-8 Andrew G Morgan <morgan@linux.kernel.org> * Copyright (c) 1997 Andrew Main <zefram@dcs.warwick.ac.uk> @@ -246,7 +246,7 @@ char *cap_to_text(cap_t caps, ssize_t *length_p) int m, n, t; /* Check arguments */ - if (!good_cap_t(caps) || length_p == NULL) { + if (!good_cap_t(caps)) { errno = EINVAL; return NULL; } @@ -302,12 +302,21 @@ char *cap_to_text(cap_t caps, ssize_t *length_p) } _cap_debug("%s", buf); - *length_p = p - buf; + if (length_p) { + *length_p = p - buf; + } + return (strdup(buf)); } /* * $Log: cap_text.c,v $ + * Revision 1.2 1999/04/17 23:25:09 morgan + * fixes from peeterj + * + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.4 1998/05/24 22:54:09 morgan * updated for 2.1.104 * diff --git a/libcap/include/sys/RCS/capability.h,v b/libcap/include/sys/RCS/capability.h,v deleted file mode 100644 index 3e65886..0000000 --- a/libcap/include/sys/RCS/capability.h,v +++ /dev/null @@ -1,197 +0,0 @@ -head 1.3; -access; -symbols; -locks; strict; -comment @ * @; - - -1.3 -date 98.05.24.22.53.05; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.00.56.38; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.33.43; author morgan; state Exp; -branches; -next ; - - -desc -@first take -@ - - -1.3 -log -@updated for 2.1.104 -@ -text -@/* - * <sys/capability.h> - * - * - * Copyright (C) 1997 Aleph One - * Copyright (C) 1997-8 Andrew G. Morgan <morgan@@linux.kernel.org> - * - * POSIX.1e Standard: 25.2 Capabilities <sys/capability.h> - */ - -#ifndef _SYS_CAPABILITY_H -#define _SYS_CAPABILITY_H - -/* - * This file complements the kernel file by providing prototype - * information for the user library. - */ - -#include <linux/capability.h> - -/* - * POSIX capability types - */ - -/* - * Opaque capability handle (defined internally by libcap) - * internal capability representation - */ -typedef struct _cap_struct *cap_t; - -/* "external" capability representation is a (void *) */ - -/* - * This is the type used to identify capabilities - */ - -typedef int cap_value_t; - -/* - * Set identifiers - */ -typedef enum { - CAP_EFFECTIVE=0, /* Specifies the effective flag */ - CAP_PERMITTED=1, /* Specifies the permitted flag */ - CAP_INHERITABLE=2 /* Specifies the inheritable flag */ -} cap_flag_t; - -/* - * These are the states available to each capability - */ -typedef enum { - CAP_CLEAR=0, /* The flag is cleared/disabled */ - CAP_SET=1 /* The flag is set/enabled */ -} cap_flag_value_t; - -/* - * User-space capability manipulation routines - */ - -/* libcap/cap_alloc.c */ -cap_t cap_dup(cap_t); -int cap_free(cap_t *); -cap_t cap_init(void); - -/* libcap/cap_flag.c */ -int cap_get_flag(cap_t, cap_value_t, cap_flag_t, cap_flag_value_t *); -int cap_set_flag(cap_t, cap_flag_t, int, cap_value_t *, cap_flag_value_t); -int cap_clear(cap_t); - -/* libcap/cap_file.c */ -cap_t cap_get_fd(int); -cap_t cap_get_file(const char *); -int cap_set_fd(int, cap_t); -int cap_set_file(const char *, cap_t); - -/* libcap/cap_proc.c */ -cap_t cap_get_proc(void); -int cap_set_proc(cap_t); - -/* libcap/cap_extint.c */ -ssize_t cap_size(cap_t); -ssize_t cap_copy_ext(void *, cap_t, ssize_t); -cap_t cap_copy_int(const void *); - -/* libcap/cap_text.c */ -cap_t cap_from_text(const char *); -char * cap_to_text(cap_t, ssize_t *); - -/* - * Linux capability system calls: defined in libcap but only available - * if the following _POSIX_SOURCE is _undefined_ - */ - -#if !defined(_POSIX_SOURCE) - -extern int capset(cap_user_header_t header, cap_user_data_t data); -extern int capget(cap_user_header_t header, const cap_user_data_t data); -extern int capgetp(pid_t pid, cap_t cap_d); -extern int capsetp(pid_t pid, cap_t cap_d); -extern char const *_cap_names[]; - -#endif /* !defined(_POSIX_SOURCE) */ - -#endif /* _SYS_CAPABILITY_H */ -@ - - -1.2 -log -@update with zefram's fixes -@ -text -@d5 2 -a6 2 - * Copyright (C) 1997 Aleph One - * Copyright (C) 1997 Andrew G. Morgan <morgan@@parc.power.net> -a21 21 - * Linux capability system calls: defined in libcap but only available - * if the following _POSIX_SOURCE is _undefined_ - */ - -#if !defined(_POSIX_SOURCE) - -int _setproccap(size_t, __cap_s const *,__cap_s const *, __cap_s const *); -int _getproccap(size_t, __cap_s *,__cap_s *, __cap_s *); -int _setfilecap(char const *, size_t, __cap_s const *, - __cap_s const *, __cap_s const *); -int _getfilecap(char const *, size_t, __cap_s *, __cap_s *, __cap_s *); -int _fsetfilecap(int, size_t, __cap_s const *, - __cap_s const *, __cap_s const *); -int _fgetfilecap(int, size_t, __cap_s *, __cap_s *, __cap_s *); - -/* libcap/cap_names.c */ -extern char const *_cap_names[__CAP_BITS]; - -#endif /* !defined(_POSIX_SOURCE) */ - -/* -d44 2 -a45 2 - CAP_INHERITABLE=1, /* Specifies the inheritable flag */ - CAP_PERMITTED=2 /* Specifies the permitted flag */ -d88 15 -@ - - -1.1 -log -@Initial revision -@ -text -@d14 5 -d22 2 -a23 2 - * This file compliments the kernel file by providing prototype - * information for the user library. -d26 16 -a81 1 -ssize_t cap_size(cap_t); -d102 1 -a107 2 - -#define CAP_TEXT_SIZE 2048 /* Maximum text length (16 per cap) */ -@ diff --git a/libcap/include/sys/capability.h b/libcap/include/sys/capability.h index dd27978..219ad2a 100644 --- a/libcap/include/sys/capability.h +++ b/libcap/include/sys/capability.h @@ -5,12 +5,16 @@ * Copyright (C) 1997 Aleph One * Copyright (C) 1997-8 Andrew G. Morgan <morgan@linux.kernel.org> * - * POSIX.1e Standard: 25.2 Capabilities <sys/capability.h> + * defunct POSIX.1e Standard: 25.2 Capabilities <sys/capability.h> */ #ifndef _SYS_CAPABILITY_H #define _SYS_CAPABILITY_H +#ifdef __cplusplus +extern "C" { +#endif + /* * This file complements the kernel file by providing prototype * information for the user library. @@ -101,4 +105,8 @@ extern char const *_cap_names[]; #endif /* !defined(_POSIX_SOURCE) */ +#ifdef __cplusplus +} +#endif + #endif /* _SYS_CAPABILITY_H */ diff --git a/libcap/libcap.h b/libcap/libcap.h index 2036583..f206090 100644 --- a/libcap/libcap.h +++ b/libcap/libcap.h @@ -1,5 +1,5 @@ /* - * $Id: libcap.h,v 1.5 1998/06/08 00:15:28 morgan Exp $ + * $Id: libcap.h,v 1.2 1999/04/17 23:25:10 morgan Exp $ * * Copyright (c) 1997 Andrew G Morgan <morgan@linux.kernel.org> * @@ -19,6 +19,14 @@ #include <string.h> #include <sys/capability.h> +#ifndef __u8 +#define __u8 unsigned char +#endif /* __8 */ + +#ifndef __u32 +#define __u32 unsigned int +#endif /* __u32 */ + /* include the names for the caps and a definition of __CAP_BITS */ #include "cap_names.h" @@ -61,7 +69,7 @@ typedef struct { __u32 _blk[__CAP_BLKS]; } __cap_s; #define raise_cap(x) _blk[(x)>>5] |= (1<<((x)&31)) -#define lower_cap(x) _blk[(x)>>5] |= (1<<((x)&31)) +#define lower_cap(x) _blk[(x)>>5] &= ~(1<<((x)&31)) #define isset_cap(y,x) ((y)->_blk[(x)>>5] & (1<<((x)&31))) /* @@ -107,6 +115,12 @@ extern int capsetp(pid_t pid, cap_t cap_d); /* * $Log: libcap.h,v $ + * Revision 1.2 1999/04/17 23:25:10 morgan + * fixes from peeterj + * + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.5 1998/06/08 00:15:28 morgan * accommodate alpha (glibc?) * diff --git a/progs/Makefile b/progs/Makefile index 49cf246..1f78a5e 100644 --- a/progs/Makefile +++ b/progs/Makefile @@ -1,5 +1,8 @@ ## ## $Log: Makefile,v $ +## Revision 1.1.1.1 1999/04/17 22:16:31 morgan +## release 1.0 of libcap +## ## Revision 1.6 1998/09/20 23:17:32 morgan ## added sucap.c ## diff --git a/progs/RCS/Makefile,v b/progs/RCS/Makefile,v deleted file mode 100644 index c3e41ab..0000000 --- a/progs/RCS/Makefile,v +++ /dev/null @@ -1,187 +0,0 @@ -head 1.6; -access; -symbols; -locks; strict; -comment @# @; - - -1.6 -date 98.09.20.23.17.32; author morgan; state Exp; -branches; -next 1.5; - -1.5 -date 98.06.07.01.54.43; author morgan; state Exp; -branches; -next 1.4; - -1.4 -date 97.05.14.05.18.23; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 97.05.04.05.34.03; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.01.01.20; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.34.04; author morgan; state Exp; -branches; -next ; - - -desc -@first take -@ - - -1.6 -log -@added sucap.c -@ -text -@## -## $Log: Makefile,v $ -## Revision 1.5 1998/06/07 01:54:43 morgan -## updated for 0.104. Added execcap. -## -## Revision 1.4 1997/05/14 05:18:23 morgan -## autoconf rearrangement from Zefram -## -## Revision 1.3 1997/05/04 05:34:03 morgan -## took care of case that install cannot handle more than one file -## -## Revision 1.2 1997/04/28 01:01:20 morgan -## update with zefram's patches -## -## Revision 1.1 1997/04/21 04:34:04 morgan -## Initial revision -## -## - -topdir=$(shell pwd)/.. -include $(topdir)/Make.Rules -# -# Programs: all of the examples that we will compile -# -PROGS=getpcaps setpcaps execcap sucap - -# when we have filecaps... -#PROGS+=getcap setcap - -all: $(PROGS) - -$(PROGS): %: %.o - $(CC) $(LDFLAGS) -o $@@ $< $(LIBS) - -%.o: %.c $(INCS) - $(CC) $(CFLAGS) -c $< -o $@@ - -install: all - mkdir -p -m 0755 $(SBINDIR) - for p in $(PROGS) ; do \ - install -s -m 0755 $$p $(SBINDIR) ; \ - done - -clean: - $(LOCALCLEAN) - rm -f *.o $(PROGS) -@ - - -1.5 -log -@updated for 0.104. Added execcap. -@ -text -@d3 3 -d23 1 -a23 1 -# Programs: getcap, setcap and execcap -d25 1 -a25 1 -PROGS=getpcaps setpcaps execcap -@ - - -1.4 -log -@autoconf rearrangement from Zefram -@ -text -@d3 3 -a18 1 - -d20 1 -a20 1 -# Programs: getcap and setcap -d22 4 -a25 1 -PROGS=getcap setcap -@ - - -1.3 -log -@took care of case that install cannot handle more than one file -@ -text -@d3 3 -d14 1 -a14 1 -topdir=.. -d25 1 -a25 1 - $(CC) $(LDFLAGS) -o $@@ $< $(LPATH) -d31 1 -a31 1 - mkdir -p $(BINDIR) -d33 1 -a33 1 - install -s -g root -o root -m 0111 $$p $(BINDIR) ; \ -d37 2 -a38 1 - rm -f *~ core *.o $(PROGS) -@ - - -1.2 -log -@update with zefram's patches -@ -text -@d3 3 -d28 4 -a31 2 - mkdir -p $(FAKEROOT)/bin - install -s -g root -o root -m 0111 $(PROGS) $(BINDIR) -@ - - -1.1 -log -@Initial revision -@ -text -@d3 2 -d6 4 -d14 1 -a14 3 -PROGS=getcap # setcap - -export CFLAGS =-Dlinux $(WARNINGS) $(DEBUG) $(COPTFLAG) $(IPATH) -d18 2 -a19 2 -getcap: getcap.o - $(CC) -o $@@ $< $(LPATH) -d26 1 -a26 2 - strip $(PROGS) - install -g root -o root -m 0111 $(PROGS) $(FAKEROOT)/bin -@ diff --git a/progs/RCS/execcap.c,v b/progs/RCS/execcap.c,v deleted file mode 100644 index 9d1c20a..0000000 --- a/progs/RCS/execcap.c,v +++ /dev/null @@ -1,119 +0,0 @@ -head 1.3; -access; -symbols; -locks; strict; -comment @ * @; - - -1.3 -date 99.01.30.03.41.43; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 98.06.08.00.16.20; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 98.06.07.01.46.51; author morgan; state Exp; -branches; -next ; - - -desc -@example program to set capabilities of other processes -intended for use in limiting capabilities of programs later -in a chain of execution. -@ - - -1.3 -log -@compiles on a redhat 5.2 system (glibc) -@ -text -@/* - * This was written by Andrew G. Morgan <morgan@@linux.kernel.org> - * - * This is a program that is intended to exec a subsequent program. - * The purpose of this 'execcap' wrapper is to limit the inheritable - * capabilities of the exec()'d program. All environment variables - * are inherited. - */ - -#include <sys/types.h> -#include <errno.h> -#include <stdio.h> -#include <sys/capability.h> -#include <unistd.h> -#include <string.h> - -static void usage(void) -{ - fprintf(stderr, -"usage: execcap <caps> <command-path> [command-args...]\n\n" -" This program is a wrapper that can be used to limit the Inheritable\n" -" capabilities of a program to be executed. Note, this wrapper is\n" -" intended to assist in overcoming a lack of support for filesystem\n" -" capability attributes and should be used to launch other files.\n" -" This program should _NOT_ be made setuid-0.\n\n" -"[Copyright (c) 1998 Andrew G. Morgan <morgan@@linux.kernel.org>]\n"); - - exit(1); -} - -void main(int argc, char **argv) -{ - cap_t new_caps; - - /* this program should not be made setuid-0 */ - if (getuid() && !geteuid()) { - usage(); - } - - /* check that we have at least 2 arguments */ - if (argc < 3) { - usage(); - } - - /* parse the first argument to obtain a set of capabilities */ - new_caps = cap_from_text(argv[1]); - if (new_caps == NULL) { - fprintf(stderr, "requested capabilities were not recognized\n"); - usage(); - } - - /* set these capabilities for the current process */ - if (cap_set_proc(new_caps) != 0) { - fprintf(stderr, "unable to set capabilities: %s\n", strerror(errno)); - usage(); - } - - /* exec the program indicated by args 2 ... */ - execvp(argv[2], argv+2); - - /* if we fall through to here, our exec failed -- announce the fact */ - fprintf(stderr, "Unable to execute command: %s\n", strerror(errno)); - - usage(); -} -@ - - -1.2 -log -@change to accommodate alpha (glibc?) -@ -text -@d15 1 -@ - - -1.1 -log -@Initial revision -@ -text -@d10 1 -@ diff --git a/progs/RCS/getpcaps.c,v b/progs/RCS/getpcaps.c,v deleted file mode 100644 index a5e1e46..0000000 --- a/progs/RCS/getpcaps.c,v +++ /dev/null @@ -1,166 +0,0 @@ -head 1.4; -access; -symbols; -locks; strict; -comment @ * @; - - -1.4 -date 98.09.20.23.07.08; author morgan; state Exp; -branches; -next 1.3; - -1.3 -date 98.06.08.00.16.58; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 98.06.07.01.49.39; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 98.04.30.02.53.00; author morgan; state Exp; -branches; -next ; - - -desc -@@ - - -1.4 -log -@fixed comment at top -@ -text -@/* - * $Id: getpcaps.c,v 1.3 1998/06/08 00:16:58 morgan Exp morgan $ - * - * Copyright (c) 1997 Andrew G. Morgan <morgan@@linux.kernel.org> - * - * This displays the capabilities of a given process. - */ - -#include <sys/types.h> -#include <errno.h> -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#undef _POSIX_SOURCE -#include <sys/capability.h> - -static void usage(void) -{ - fprintf(stderr, -"usage: getcaps <pid> [<pid> ...]\n\n" -" This program displays the capabilities on the queried process(es).\n" -" The capabilities are displayed in the cap_from_text(3) format.\n\n" -"[Copyright (c) 1997-8 Andrew G. Morgan <morgan@@linux.kernel.org>]\n" - ); - exit(1); -} - -int main(int argc, char **argv) -{ - cap_t cap_d; - - if (argc < 2) { - usage(); - } - - cap_d = cap_init(); - for ( ++argv; --argc > 0; ++argv ) { - ssize_t length; - int pid; - - if (cap_d == NULL) { - fprintf(stderr, "Failed to make a blank capability set\n" - " (%s)\n", strerror(errno)); - exit(1); - } - - pid = atoi(argv[0]); - /* this is a non-POSIX function */ - if (capgetp(pid, cap_d)) { - fprintf(stderr, "Failed to get cap's for proccess %d:" - " (%s)\n", pid, strerror(errno)); - continue; - } else { - char *result = cap_to_text(cap_d, &length); - fprintf(stderr, "Capabilities for `%s': %s\n", *argv, result); - free(result); - result = NULL; - } - } - - return 0; -} - -/* - * $Log: getpcaps.c,v $ - * Revision 1.3 1998/06/08 00:16:58 morgan - * change to accommodate alpha (glibc?) - * - * Revision 1.2 1998/06/07 01:49:39 morgan - * added copyright info and some usage info. Small tidy up. - * - * Revision 1.1 1998/04/30 02:53:00 morgan - * Initial revision - * - */ -@ - - -1.3 -log -@change to accommodate alpha (glibc?) -@ -text -@d2 1 -a2 1 - * $Id: getpcaps.c,v 1.2 1998/06/07 01:49:39 morgan Exp morgan $ -d6 1 -a6 1 - * This displays the capabilities of a given file. -d66 3 -@ - - -1.2 -log -@added copyright info and some usage info. Small tidy up. -@ -text -@d2 1 -a2 1 - * $Id: getpcaps.c,v 1.1 1998/04/30 02:53:00 morgan Exp morgan $ -d9 1 -d66 3 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id: getcap.c,v 1.3 1997/05/04 05:34:32 morgan Exp $ -d19 4 -a22 3 - "usage: whatcaps <pid> [<pid> ...]\n" - "\n" - "\tdisplays the capabilities on the queried process(es).\n" -a29 1 - char *result=NULL; -d53 1 -a53 1 - result = cap_to_text(cap_d, &length); -d55 2 -d64 4 -a67 1 - * $Log: getcap.c,v $ -@ diff --git a/progs/RCS/setpcaps.c,v b/progs/RCS/setpcaps.c,v deleted file mode 100644 index 621331e..0000000 --- a/progs/RCS/setpcaps.c,v +++ /dev/null @@ -1,207 +0,0 @@ -head 1.3; -access; -symbols; -locks; strict; -comment @ * @; - - -1.3 -date 98.09.20.23.07.08; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 98.06.08.00.17.38; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 98.06.07.01.46.51; author morgan; state Exp; -branches; -next ; - - -desc -@example program to set capabilities of other processes -intended for use on non-capabilitiy supporting filesystems. -@ - - -1.3 -log -@fixed comment at top -@ -text -@/* - * $Id: setpcaps.c,v 1.2 1998/06/08 00:17:38 morgan Exp morgan $ - * - * Copyright (c) 1997-8 Andrew G. Morgan <morgan@@linux.kernel.org> - * - * This sets the capabilities of a given process. - */ - -#include <sys/types.h> -#include <errno.h> -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#undef _POSIX_SOURCE -#include <sys/capability.h> -#include <unistd.h> - -static void usage(void) -{ - fprintf(stderr, -"usage: setcap [-q] (-|<caps>) <pid> [ ... (-|<capsN>) <pid> ]\n\n" -" This program can be used to set the process capabilities of running\n" -" processes. In order to work, it needs to be executing with CAP_SETPCAP\n" -" raised, and the only capabilities that this program can bestow on others\n" -" are a subset of its effective set. This program is mostly intended as an\n" -" example -- a safe use of CAP_SETPCAP has yet to be demonstrated!\n\n" -"[Copyright (c) 1997-8 Andrew G. Morgan <morgan@@linux.kernel.org>]\n" - ); - exit(1); -} - -#define MAXCAP 2048 - -static int read_caps(int quiet, const char *filename, char *buffer) -{ - int i=MAXCAP; - - if (!quiet) { - fprintf(stderr, "Please enter caps for file [empty line to end]:\n"); - } - while (i > 0) { - int j = read(STDIN_FILENO, buffer, i); - - if (j < 0) { - fprintf(stderr, "\n[Error - aborting]\n"); - exit(1); - } - - if (j==0 || buffer[0] == '\n') { - /* we're done */ - break; - } - - /* move on... */ - - i -= j; - buffer += j; - } - - /* <NUL> terminate */ - buffer[0] = '\0'; - - return (i < MAXCAP ? 0:-1); -} - -int main(int argc, char **argv) -{ - char buffer[MAXCAP+1]; - int retval, quiet=0; - cap_t cap_d; - - if (argc < 3) { - usage(); - } - - while (--argc > 0) { - const char *text; - pid_t pid; - - if (!strcmp(*++argv,"-q")) { - quiet = 1; - continue; - } - if (!strcmp(*argv,"-")) { - retval = read_caps(quiet, *argv, buffer); - if (retval) - usage(); - text = buffer; - } else - text = *argv; - - cap_d = cap_from_text(text); - if (cap_d == NULL) { - perror("fatal error"); - usage(); - } -#ifndef DEBUG - { - ssize_t length; - char *result; - - result = cap_to_text(cap_d, &length); - fprintf(stderr, "[caps set to:\n%s\n]\n", result); - free(result); - result = NULL; - } -#endif - - if (--argc <= 0) - usage(); - - pid = atoi(*++argv); - retval = capsetp(pid, cap_d); - - if (retval != 0) { - fprintf(stderr, "Failed to set cap's on process `%d': (%s)\n", - pid, strerror(errno)); - usage(); - } -#ifndef DEBUG - fprintf(stderr, "[caps set on %d]\n", pid); -#endif - } - - return 0; -} - -/* - * $Log: setpcaps.c,v $ - * Revision 1.2 1998/06/08 00:17:38 morgan - * change to accommodate alpha (glibc?) - * - * Revision 1.1 1998/06/07 01:46:51 morgan - * Initial revision - * - * Revision 1.2 1997/05/04 05:34:32 morgan - * non void main - * - * Revision 1.1 1997/04/28 01:01:20 morgan - * Initial revision - * - */ -@ - - -1.2 -log -@change to accommodate alpha (glibc?) -@ -text -@d2 1 -a2 1 - * $Id: setpcaps.c,v 1.1 1998/06/07 01:46:51 morgan Exp morgan $ -d6 1 -a6 1 - * This sets the capabilities of a given file. -d130 3 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id: setcap.c,v 1.2 1997/05/04 05:34:32 morgan Exp $ -d9 1 -d129 4 -a132 1 - * $Log: setcap.c,v $ -@ diff --git a/progs/RCS/sucap.c,v b/progs/RCS/sucap.c,v deleted file mode 100644 index dbcf69f..0000000 --- a/progs/RCS/sucap.c,v +++ /dev/null @@ -1,266 +0,0 @@ -head 1.3; -access; -symbols; -locks; strict; -comment @ * @; - - -1.3 -date 99.01.30.03.40.39; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 98.09.20.23.15.30; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 98.09.20.23.06.06; author morgan; state Exp; -branches; -next ; - - -desc -@example program contributed by Finn Arne Gangstad <finnag@@guardian.no> -@ - - -1.3 -log -@compiles on a redhat 5.2 system (glibc) -@ -text -@/* - * $Id: sucap.c,v 1.2 1998/09/20 23:15:30 morgan Exp morgan $ - * - * This was written by Finn Arne Gangstad <finnag@@guardian.no> - * - * This is a program that is intended to exec a subsequent program. - * The purpose of this 'sucap' wrapper is to change uid but keep all - * privileges. All environment variables are inherited. - */ - -#include <sys/types.h> -#include <errno.h> -#include <stdio.h> -#undef _POSIX_SOURCE -#include <sys/capability.h> -#include <pwd.h> -#define __USE_BSD -#include <grp.h> -#include <unistd.h> -#include <sys/wait.h> -#include <errno.h> -#include <string.h> - -static void usage(void) -{ - fprintf(stderr, -"usage: sucap <user> <group> <command-path> [command-args...]\n\n" -" This program is a wrapper that change UID but not privileges of a\n" -" program to be executed.\n" -" Note, this wrapper is intended to assist in overcoming a lack of support\n" -" for filesystem capability attributes and should be used to launch other\n" -" files. This program should _NOT_ be made setuid-0.\n\n" -"[Copyright (c) 1998 Finn Arne Gangstad <finnag@@guardian.no>]\n"); - - exit(1); -} - - -static void -wait_on_fd(int fd) -{ - /* Wait until some data is available on a file descriptor, or until - * end of file or an error is detected */ - char buf[1]; - while (read(fd, buf, sizeof(buf)) == -1 && errno == EINTR) { - /* empty loop */ - } -} - - -void main(int argc, char **argv) -{ - cap_t old_caps; - uid_t uid; - pid_t pid, parent_pid; - gid_t gid; - int pipe_fds[2]; - - /* this program should not be made setuid-0 */ - if (getuid() && !geteuid()) { - usage(); - } - - /* check that we have at least 3 arguments */ - if (argc < 4) { - usage(); - } - - /* Convert username to uid */ - { - struct passwd *pw = getpwnam(argv[1]); - if (!pw) { - fprintf(stderr, "sucap: No such user: %s\n", argv[1]); - exit(1); - } - uid = pw->pw_uid; - } - - /* Convert groupname to gid */ - { - struct group *gr = getgrnam(argv[2]); - if (!gr) { - fprintf(stderr, "sucap: No such group: %s\n", argv[2]); - exit(1); - } - gid = gr->gr_gid; - } - - /* set process group to current pid */ - if (setpgid(0, getpid())) { - perror("sucap: Failed to set process group"); - exit(1); - } - - if (pipe(pipe_fds)) { - perror("sucap: pipe() failed"); - exit(1); - } - - parent_pid = getpid(); - - old_caps = cap_init(); - if (capgetp(0, old_caps)) { - perror("sucap: capgetp"); - exit(1); - } - - { - ssize_t x; - printf("Caps: %s\n", cap_to_text(old_caps, &x)); - } - - - /* fork off a child to do the hard work */ - fflush(NULL); - pid = fork(); - if (pid == -1) { - perror("sucap: fork failed"); - exit(1); - } - - /* 1. mother process sets gid and uid - * 2. child process sets capabilities of mother process - * 3. mother process execs whatever is to be executed - */ - - if (pid) { - /* Mother process. */ - close(pipe_fds[0]); - - /* Get rid of any supplemental groups */ - if (!getuid() && setgroups(0, 0)) { - perror("sucap: setgroups failed"); - exit(1); - } - - /* Set gid and uid (this probably clears capabilities) */ - setregid(gid, gid); - setreuid(uid, uid); - - { - ssize_t x; - cap_t cap = cap_init(); - capgetp(0, cap); - printf("Caps: %s\n", cap_to_text(cap, &x)); - } - - printf("[debug] uid:%d, real uid:%d\n", geteuid(), getuid()); - - /* Signal child that we want our privileges updated */ - close(pipe_fds[1]); /* Child hangs in blocking read */ - - /* Wait for child process to set our privileges */ - { - int status = 0; - if (wait(&status) == -1) { - perror("sucap: wait failed"); - } - if (!WIFEXITED(status) || WEXITSTATUS(status)) { - fprintf(stderr, "sucap: child did not exit cleanly.\n"); - exit(1); - } - } - - { - ssize_t x; - cap_t cap = cap_init(); - capgetp(0, cap); - printf("Caps: %s\n", cap_to_text(cap, &x)); - } - -/* printf("[debug] uid:%d, real uid:%d\n", geteuid(), getuid()); */ - /* exec the program indicated by args 2 ... */ - execvp(argv[3], argv+3); - - /* if we fall through to here, our exec failed -- announce the fact */ - fprintf(stderr, "Unable to execute command: %s\n", strerror(errno)); - - usage(); - } else { - /* Child process */ - close(pipe_fds[1]); - - /* Wait for mother process to setuid */ - wait_on_fd(pipe_fds[0]); - - /* Set privileges on mother process */ - if (capsetp(parent_pid, old_caps)) { - perror("sucaps: capsetp"); - _exit(1); - } - - /* exit to signal mother process that we are ready */ - _exit(0); - } -} -@ - - -1.2 -log -@a few changes to make it compile for me without any warnings. -@ -text -@d2 1 -a2 1 - * $Id: sucap.c,v 1.1 1998/09/20 23:06:06 morgan Exp morgan $ -d22 1 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id$ -d14 1 -a15 1 -#include <unistd.h> -d17 1 -d108 1 -a108 1 - size_t x; -d141 1 -a141 1 - size_t x; -d165 1 -a165 1 - size_t x; -@ diff --git a/progs/getpcaps.c b/progs/getpcaps.c index 46a3500..a831547 100644 --- a/progs/getpcaps.c +++ b/progs/getpcaps.c @@ -1,5 +1,5 @@ /* - * $Id: getpcaps.c,v 1.4 1998/09/20 23:07:08 morgan Exp $ + * $Id: getpcaps.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * Copyright (c) 1997 Andrew G. Morgan <morgan@linux.kernel.org> * @@ -63,6 +63,9 @@ int main(int argc, char **argv) /* * $Log: getpcaps.c,v $ + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.4 1998/09/20 23:07:08 morgan * fixed comment at top * diff --git a/progs/old/RCS/README,v b/progs/old/RCS/README,v deleted file mode 100644 index 304661d..0000000 --- a/progs/old/RCS/README,v +++ /dev/null @@ -1,25 +0,0 @@ -head 1.1; -access; -symbols; -locks; strict; -comment @# @; - - -1.1 -date 98.05.24.23.47.43; author morgan; state Exp; -branches; -next ; - - -desc -@description -@ - - -1.1 -log -@Initial revision -@ -text -@these files are not relevant to this release -@ diff --git a/progs/old/RCS/getcap.c,v b/progs/old/RCS/getcap.c,v deleted file mode 100644 index 04d3a1a..0000000 --- a/progs/old/RCS/getcap.c,v +++ /dev/null @@ -1,151 +0,0 @@ -head 1.3; -access; -symbols; -locks; strict; -comment @ * @; - - -1.3 -date 97.05.04.05.34.32; author morgan; state Exp; -branches; -next 1.2; - -1.2 -date 97.04.28.01.01.20; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.21.04.34.04; author morgan; state Exp; -branches; -next ; - - -desc -@first take -@ - - -1.3 -log -@non void main -@ -text -@/* - * $Id: getcap.c,v 1.2 1997/04/28 01:01:20 morgan Exp morgan $ - * - * Copyright (c) 1997 Andrew G. Morgan <morgan@@parc.power.net> - * - * This displays the capabilities of a given file. - */ - -#include <errno.h> -#include <stdio.h> -#include <string.h> -#include <sys/capability.h> - -static void usage(void) -{ - fprintf(stderr, - "usage: getcap <filename> [<filename> ...]\n" - "\n" - "\tdisplays the capabilities on the queried file(s).\n" - ); - exit(1); -} - -int main(int argc, char **argv) -{ - char *result=NULL; - - if (argc < 2) { - usage(); - } - - for ( ++argv; --argc > 0; ++argv ) { - ssize_t length; - cap_t cap_d; - - cap_d = cap_get_file(argv[0]); - - if (cap_d == NULL) { - fprintf(stderr, - "Failed to get capabilities for file `%s'\n" - " (%s)\n", argv[0], strerror(errno)); - continue; - } - - result = cap_to_text(cap_d, &length); - - fprintf(stderr, "Capabilities for `%s':\n%s\n", *argv, result); - } - - return 0; -} - -/* - * $Log: getcap.c,v $ - * Revision 1.2 1997/04/28 01:01:20 morgan - * update to allow more than one argument file - * - * Revision 1.1 1997/04/21 04:34:04 morgan - * Initial revision - * - */ -@ - - -1.2 -log -@update to allow more than one argument file -@ -text -@d2 1 -a2 1 - * $Id: getcap.c,v 1.1 1997/04/21 04:34:04 morgan Exp morgan $ -d24 1 -a24 1 -void main(int argc, char **argv) -d50 1 -a50 1 - exit(0); -d55 3 -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id$ -d17 1 -a17 1 - "usage: getcap <filename>\n" -d19 1 -a19 1 - "\tdisplays the capabilities on the queried file\n" -a26 2 - ssize_t length; - cap_t cap_d; -d28 1 -a28 1 - if (argc != 2) { -d32 16 -a47 6 - cap_d = cap_get_file(argv[1]); - if (cap_d == NULL) { - fprintf(stderr, - "Failed to get capabilities for file %s\n" - " (%s)\n", argv[1], strerror(errno)); - exit(1); -a49 3 - result = cap_to_text(cap_d, &length); - - fprintf(stderr, "%s", result); -d54 4 -a57 1 - * $Log$ -@ diff --git a/progs/old/RCS/setcap.c,v b/progs/old/RCS/setcap.c,v deleted file mode 100644 index 9b09195..0000000 --- a/progs/old/RCS/setcap.c,v +++ /dev/null @@ -1,168 +0,0 @@ -head 1.2; -access; -symbols; -locks; strict; -comment @ * @; - - -1.2 -date 97.05.04.05.34.32; author morgan; state Exp; -branches; -next 1.1; - -1.1 -date 97.04.28.01.01.20; author morgan; state Exp; -branches; -next ; - - -desc -@update: merged code from me and zefram -@ - - -1.2 -log -@non void main -@ -text -@/* - * $Id: setcap.c,v 1.1 1997/04/28 01:01:20 morgan Exp morgan $ - * - * Copyright (c) 1997 Andrew G. Morgan <morgan@@parc.power.net> - * - * This sets the capabilities of a given file. - */ - -#include <errno.h> -#include <stdio.h> -#include <string.h> -#include <sys/capability.h> -#include <unistd.h> - -static void usage(void) -{ - fprintf(stderr, - "usage: setcap [-q] (-|<caps>) <filename> " - "[ ... (-|<capsN>) <filenameN> ]\n" - ); - exit(1); -} - -#define MAXCAP 2048 - -static int read_caps(int quiet, const char *filename, char *buffer) -{ - int i=MAXCAP; - - if (!quiet) { - fprintf(stderr, "Please enter caps for file [empty line to end]:\n"); - } - while (i > 0) { - int j = read(STDIN_FILENO, buffer, i); - - if (j < 0) { - fprintf(stderr, "\n[Error - aborting]\n"); - exit(1); - } - - if (j==0 || buffer[0] == '\n') { - /* we're done */ - break; - } - - /* move on... */ - - i -= j; - buffer += j; - } - - /* <NUL> terminate */ - buffer[0] = '\0'; - - return (i < MAXCAP ? 0:-1); -} - -int main(int argc, char **argv) -{ - char buffer[MAXCAP+1]; - int retval, quiet=0; - cap_t cap_d; - - if (argc < 3) { - usage(); - } - - while (--argc > 0) { - const char *text; - - if (!strcmp(*++argv,"-q")) { - quiet = 1; - continue; - } - if (!strcmp(*argv,"-")) { - retval = read_caps(quiet, *argv, buffer); - if (retval) - usage(); - text = buffer; - } else - text = *argv; - - cap_d = cap_from_text(text); - if (cap_d == NULL) { - perror("fatal error"); - usage(); - } -#ifdef DEBUG - { - ssize_t length; - const char *result; - - result = cap_to_text(cap_d, &length); - fprintf(stderr, "[caps set to:\n%s\n]\n", result); - } -#endif - - if (--argc <= 0) - usage(); - - retval = cap_set_file(*++argv, cap_d); - - if (retval != 0) { - fprintf(stderr, - "Failed to set capabilities on file `%s'\n" - " (%s)\n", argv[0], strerror(errno)); - usage(); - } - } - - return 0; -} - -/* - * $Log: setcap.c,v $ - * Revision 1.1 1997/04/28 01:01:20 morgan - * Initial revision - * - */ -@ - - -1.1 -log -@Initial revision -@ -text -@d2 1 -a2 1 - * $Id: getcap.c,v 1.1 1997/04/21 04:34:04 morgan Exp morgan $ -d58 1 -a58 1 -void main(int argc, char **argv) -d111 1 -a111 1 - exit(0); -d115 4 -a118 1 - * $Log: getcap.c,v $ -@ diff --git a/progs/old/getcap.c b/progs/old/getcap.c index 67d904b..8a7102d 100644 --- a/progs/old/getcap.c +++ b/progs/old/getcap.c @@ -1,5 +1,5 @@ /* - * $Id: getcap.c,v 1.3 1997/05/04 05:34:32 morgan Exp $ + * $Id: getcap.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * Copyright (c) 1997 Andrew G. Morgan <morgan@parc.power.net> * @@ -52,6 +52,9 @@ int main(int argc, char **argv) /* * $Log: getcap.c,v $ + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.3 1997/05/04 05:34:32 morgan * non void main * diff --git a/progs/old/setcap.c b/progs/old/setcap.c index 7d959eb..15418da 100644 --- a/progs/old/setcap.c +++ b/progs/old/setcap.c @@ -1,5 +1,5 @@ /* - * $Id: setcap.c,v 1.2 1997/05/04 05:34:32 morgan Exp $ + * $Id: setcap.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * Copyright (c) 1997 Andrew G. Morgan <morgan@parc.power.net> * @@ -113,6 +113,9 @@ int main(int argc, char **argv) /* * $Log: setcap.c,v $ + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.2 1997/05/04 05:34:32 morgan * non void main * diff --git a/progs/setpcaps.c b/progs/setpcaps.c index 0389129..9ec3d5f 100644 --- a/progs/setpcaps.c +++ b/progs/setpcaps.c @@ -1,5 +1,5 @@ /* - * $Id: setpcaps.c,v 1.3 1998/09/20 23:07:08 morgan Exp $ + * $Id: setpcaps.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * Copyright (c) 1997-8 Andrew G. Morgan <morgan@linux.kernel.org> * @@ -127,6 +127,9 @@ int main(int argc, char **argv) /* * $Log: setpcaps.c,v $ + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * * Revision 1.3 1998/09/20 23:07:08 morgan * fixed comment at top * diff --git a/progs/sucap.c b/progs/sucap.c index 3c9c293..b567430 100644 --- a/progs/sucap.c +++ b/progs/sucap.c @@ -1,5 +1,5 @@ /* - * $Id: sucap.c,v 1.3 1999/01/30 03:40:39 morgan Exp $ + * $Id: sucap.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * This was written by Finn Arne Gangstad <finnag@guardian.no> * @@ -1,5 +1,5 @@ /* - * $Id$ + * $Id: template.c,v 1.1.1.1 1999/04/17 22:16:31 morgan Exp $ * * Copyright (c) 1997 <Author> <@> * @@ -7,5 +7,8 @@ */ /* - * $Log$ + * $Log: template.c,v $ + * Revision 1.1.1.1 1999/04/17 22:16:31 morgan + * release 1.0 of libcap + * */ |