diff options
-rw-r--r-- | lib/libc/Makefile.inc | 3 | ||||
-rw-r--r-- | lib/libc/posix1e/Makefile.inc | 11 | ||||
-rw-r--r-- | lib/libc/posix1e/extattr.3 | 98 | ||||
-rw-r--r-- | lib/libc/posix1e/extattr_name.c | 79 | ||||
-rw-r--r-- | lib/libc/posix1e/posix1e.3 | 83 | ||||
-rw-r--r-- | lib/libc/sys/Makefile.inc | 14 | ||||
-rw-r--r-- | lib/libc/sys/extattr_get_file.2 | 222 |
7 files changed, 508 insertions, 2 deletions
diff --git a/lib/libc/Makefile.inc b/lib/libc/Makefile.inc index 27b8e06d65e..46b7d97b43f 100644 --- a/lib/libc/Makefile.inc +++ b/lib/libc/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.5 2001/11/20 01:09:38 pvalchev Exp $ +# $OpenBSD: Makefile.inc,v 1.6 2002/02/22 21:06:00 drahn Exp $ # # This file contains make rules that are shared by libc and libc_r. # @@ -49,6 +49,7 @@ AINC+= -nostdinc -idirafter ${DESTDIR}/usr/include .include "${LIBCSRCDIR}/thread/Makefile.inc" .include "${LIBCSRCDIR}/time/Makefile.inc" .include "${LIBCSRCDIR}/sys/Makefile.inc" +.include "${LIBCSRCDIR}/posix1e/Makefile.inc" .if (${YP:L} == "yes") .include "${LIBCSRCDIR}/yp/Makefile.inc" .endif diff --git a/lib/libc/posix1e/Makefile.inc b/lib/libc/posix1e/Makefile.inc new file mode 100644 index 00000000000..500755ec237 --- /dev/null +++ b/lib/libc/posix1e/Makefile.inc @@ -0,0 +1,11 @@ +# $OpenBSD: Makefile.inc,v 1.1 2002/02/22 21:06:00 drahn Exp $ + +.PATH: ${.CURDIR}/../libc/posix1e + +SRCS+= extattr_name.c + +MAN+= posix1e.3 \ + extattr.3 + +MLINKS+= extattr.3 extattr_namespace_to_string.3 \ + extattr.3 extattr_string_to_namespace.3 diff --git a/lib/libc/posix1e/extattr.3 b/lib/libc/posix1e/extattr.3 new file mode 100644 index 00000000000..f446c3221c8 --- /dev/null +++ b/lib/libc/posix1e/extattr.3 @@ -0,0 +1,98 @@ +.\" $OpenBSD: extattr.3,v 1.1 2002/02/22 21:06:00 drahn Exp $ +.\" +.\" Copyright (c) 2001 Dima Dorfman <dd@FreeBSD.org> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: extattr.3,v 1.3 2001/10/01 16:09:18 ru Exp $ +.\" +.Dd June 24, 2001 +.Dt EXTATTR 3 +.Os +.Sh NAME +.Nm extattr_namespace_to_string , +.Nm extattr_string_to_namespace +.Nd convert an extended attribute namespace identifier to a string and +vice versa +.Sh SYNOPSIS +.In sys/extattr.h +.In libutil.h +.Ft int +.Fn extattr_namespace_to_string "int attrnamespace" "char **string" +.Ft int +.Fn extattr_string_to_namespace "const char *string" "int *attrnamespace" +.Sh DESCRIPTION +The +.Fn extattr_namespace_to_string +function converts a VFS extended attribute identifier to a human-readable +string; +the +.Fn extattr_string_to_namespace +function undoes the aforementioned operation, +and converts a human-readable string representing a namespace to a +namespace identifier. +Although a filesystem may implement arbitrary namespaces, +these functions only support the +.Dv EXTATTR_NAMESPACE_USER +.Pq Dq user +and +.Dv EXTATTR_NAMESPACE_SYSTEM +.Pq Dq system +namespaces, +which are defined in +.Xr extattr 9 . +.Pp +These functions are meant to be used in error reporting and other +interactive tasks. +For example, +instead of printing the integer identifying an extended attribute in +an error message, +a program might use +.Fn extattr_namespace_to_string +to obtain a human-readable representation. +Likewise, +instead of requiring a user to enter the integer representing a namespace, +an interactive program might ask for a name and use +.Fn extattr_string_to_namespace +to get the desired identifier. +.Sh RETURN VALUES +If any of the calls are unsuccessful, the value \-1 is returned +and the global variable +.Va errno +is set to indicate the error. +.Sh ERRORS +.Bl -tag -width Er +.It Bq Er EINVAL +The requested namespace could not be identified. +.El +.Sh SEE ALSO +.Xr extattr 2 , +.Xr getextattr 8 , +.Xr setextattr 8 , +.Xr extattr 9 +.Sh HISTORY +Extended attribute support was developed as part of the +.Tn TrustedBSD +Project. +It was developed to support security extensions requiring additional labels +to be associated with each file or directory. diff --git a/lib/libc/posix1e/extattr_name.c b/lib/libc/posix1e/extattr_name.c new file mode 100644 index 00000000000..73496592826 --- /dev/null +++ b/lib/libc/posix1e/extattr_name.c @@ -0,0 +1,79 @@ +/* $OpenBSD: extattr_name.c,v 1.1 2002/02/22 21:06:00 drahn Exp $ */ +/*- + * Copyright (c) 2001 Robert N. M. Watson + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* +__FBSDID("$FreeBSD: extattr.c,v 1.3 2001/09/30 22:35:07 dillon Exp $"); +*/ + +/* + * TrustedBSD: Utility functions for extended attributes. + */ + +#include <sys/types.h> +#include <sys/extattr.h> + +#include <errno.h> +#include <string.h> + +int +extattr_namespace_to_string(int attrnamespace, char **string) +{ + + switch(attrnamespace) { + case EXTATTR_NAMESPACE_USER: + if (*string != NULL) + *string = strdup(EXTATTR_NAMESPACE_USER_STRING); + return (0); + + case EXTATTR_NAMESPACE_SYSTEM: + if (*string != NULL) + *string = strdup(EXTATTR_NAMESPACE_SYSTEM_STRING); + return (0); + + default: + errno = EINVAL; + return (-1); + } +} + +int +extattr_string_to_namespace(const char *string, int *attrnamespace) +{ + + if (!strcmp(string, EXTATTR_NAMESPACE_USER_STRING)) { + if (attrnamespace != NULL) + *attrnamespace = EXTATTR_NAMESPACE_USER; + return (0); + } else if (!strcmp(string, EXTATTR_NAMESPACE_SYSTEM_STRING)) { + if (attrnamespace != NULL) + *attrnamespace = EXTATTR_NAMESPACE_SYSTEM; + return (0); + } else { + errno = EINVAL; + return (-1); + } +} diff --git a/lib/libc/posix1e/posix1e.3 b/lib/libc/posix1e/posix1e.3 new file mode 100644 index 00000000000..b86cc40068b --- /dev/null +++ b/lib/libc/posix1e/posix1e.3 @@ -0,0 +1,83 @@ +.\" $OpenBSD: posix1e.3,v 1.1 2002/02/22 21:06:00 drahn Exp $ +.\"- +.\" Copyright (c) 2000 Robert N. M. Watson +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: src/lib/libc/posix1e/posix1e.3,v 1.19 2001/09/11 09:26:38 ru Exp $ +.\" +.Dd January 17, 2000 +.Dt POSIX1E 3 +.Os +.Sh NAME +.Nm posix1e +.Nd introduction to the POSIX.1e security API +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/types.h +.Sh DESCRIPTION +The IEEE POSIX.1e specification never left draft form, but the interfaces +it describes are now widely used despite inherent limitations. Currently, +only a few of the interfaces and features are implemented in +.Ox , +although efforts are underway to complete the integration at this time. +.Pp +POSIX.1e describes five security extensions to the base POSIX.1 API: +Access Control Lists (ACLs), Auditing, Capabilities, Mandatory Access +Control, and Information Flow Labels. +.Pp +POSIX.1e defines both syntax and semantics for these features, but fairly +substantial changes are required to implement these features in the +operating system. +.Sh IMPLEMENTATION NOTES +.Fx Ns 's +support for POSIX.1e interfaces and features is still under +development at this time. +.Sh ENVIRONMENT +POSIX.1e assigns security labels to all objects, extending the security +functionality described in POSIX.1. These additional labels provide +fine-grained discretionary access control, fine-grained capabilities, +and labels necessary for mandatory access control. POSIX.2c describes +a set of userland utilities for manipulating these labels. +.Sh FILES +.Sh SEE ALSO +.Xr extattr 9 +.Sh STANDARDS +POSIX.1e is described in IEEE POSIX.1e draft 17. Discussion +of the draft continues on the cross-platform POSIX.1e implementation +mailing list. To join this list, see the +.Ox +POSIX.1e implementation +page for more information. +.Sh HISTORY +POSIX.1e support was introduced in +.Ox 3.1 +and development continues. +.Sh AUTHORS +.An Robert N M Watson +.An Chris D. Faulhaber +.An Thomas Moestl +.An Ilmar S Habibulin +.Sh BUGS +These features are not yet fully implemented. diff --git a/lib/libc/sys/Makefile.inc b/lib/libc/sys/Makefile.inc index 1505d12c36c..365a30a28b1 100644 --- a/lib/libc/sys/Makefile.inc +++ b/lib/libc/sys/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.50 2002/02/21 21:19:20 art Exp $ +# $OpenBSD: Makefile.inc,v 1.51 2002/02/22 21:06:01 drahn Exp $ # $NetBSD: Makefile.inc,v 1.35 1995/10/16 23:49:07 jtc Exp $ # @(#)Makefile.inc 8.1 (Berkeley) 6/17/93 @@ -61,6 +61,10 @@ ASM= accept.o access.o acct.o adjtime.o bind.o chdir.o chflags.o chmod.o \ utimes.o vadvise.o wait4.o write.o writev.o xfspioctl.o __semctl.o \ __syscall.o __sysctl.o +ASM+= extattrctl.o extattr_set_file.o extattr_get_file.o \ + extattr_delete_file.o extattr_set_fd.o extattr_get_fd.o \ + extattr_delete_fd.o + GASM= ${ASM:.o=.go} PASM= ${ASM:.o=.po} SASM= ${ASM:.o=.so} @@ -226,6 +230,14 @@ MAN+= accept.2 access.2 acct.2 adjtime.2 bind.2 brk.2 chdir.2 chflags.2 \ sysarch.2 syscall.2 truncate.2 umask.2 unlink.2 utimes.2 vfork.2 \ wait.2 write.2 +MAN+= extattr_get_file.2 +MLINKS+=extattr_get_file.2 extattr_set_file.2 \ + extattr_get_file.2 extattr_delete_file.2 \ + extattr_get_file.2 extattr_get_fd.2 \ + extattr_get_file.2 extattr_set_fd.2 \ + extattr_get_file.2 extattr_delete_fd.2 \ + extattr_get_file.2 extattr.2 + MAN+= msgctl.2 shmctl.2 shmat.2 semop.2 semget.2 semctl.2 msgsnd.2 msgrcv.2 \ msgget.2 shmget.2 diff --git a/lib/libc/sys/extattr_get_file.2 b/lib/libc/sys/extattr_get_file.2 new file mode 100644 index 00000000000..c20699875a7 --- /dev/null +++ b/lib/libc/sys/extattr_get_file.2 @@ -0,0 +1,222 @@ +.\" $OpenBSD: extattr_get_file.2,v 1.1 2002/02/22 21:06:01 drahn Exp $ +.\" +.\" Copyright (c) 2001 Dima Dorfman <dima@unixfreak.org> +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD: extattr_get_file.2,v 1.7 2002/02/10 04:46:28 rwatson Exp $ +.\" +.Dd March 28, 2001 +.Dt EXTATTR 2 +.Os +.Sh NAME +.Nm extattr_get_fd , +.Nm extattr_set_fd , +.Nm extattr_delete_fd , +.Nm extattr_get_file , +.Nm extattr_set_file , +.Nm extattr_delete_file +.Nd system calls to manipulate VFS extended attributes +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/types.h +.In sys/extattr.h +.In sys/uio.h +.Ft ssize_t +.Fn extattr_get_fd "int fd" "int attrnamespace" "const char *attrname" "void *data" "size_t nbytes" +.Ft int +.Fn extattr_set_fd "int fd" "int attrnamespace" "const char *attrname" "const void *data" "size_t nbytes" +.Ft int +.Fn extattr_delete_fd "int fd" "int attrnamespace" "const char *attrname" +.Ft ssize_t +.Fn extattr_get_file "const char *path" "int attrnamespace" "const char *attrname" "void *data" "size_t nbytes" +.Ft int +.Fn extattr_set_file "const char *path" "int attrnamespace" "const char *attrname" "const void *data" "size_t nbytes" +.Ft int +.Fn extattr_delete_file "const char *path" "int attrnamespace" "const char *attrname" +.Sh DESCRIPTION +Named extended attributes are meta-data associated with vnodes +representing files and directories. +They exist as +.Qq Li name=value +pairs within a set of namespaces. +The +.Fn extattr_get_file +call retrieves the value of the specified extended attribute into +a buffer pointed to by +.Fa data +of size +.Fa nbytes +. +The +.Fn extattr_set_file +call sets the value of the specified extended attribute to the data +described by +.Fa data . +The +.Fn extattr_delete_file +call deletes the extended attribute specified. +The +.Fn extattr_get_file +and +.Fn extattr_set_file +calls consume the +.Fa data +and +.Fa nbytes +arguments in the style of +.Xr read 2 +and +.Xr write 2 , +respectively. +If +.Fa data +is +.Dv NULL +in a call to +.Fn extattr_get_file +then the size of defined extended attribute data will be returned, rather +than the quantity read, permitting applications to test the size of the +data without performing a read. +.Pp +The +.Fn extatttr_get_fd , +.Fn extattr_set_fd , +and +.Fn extattr_delete_fd +calls are identical to their +.Qq Li _file +counterparts except for the first argument. +The +.Qq Li _fd +functions take a file descriptor, while the +.Qq Li _file +functions take a path. +Both arguments describe a file associated with the extended attribute +that should be manipulated. +.Pp +The following arguments are common to all the system calls described here: +.Bl -tag -width attrnamespace +.It Fa attrnamespace +the namespace in which the extended attribute resides; see +.Xr extattr 9 +.It Fa attrname +the name of the extended attribute +.El +.Pp +Named extended attribute semantics vary by filesystem implementing the call. +Not all operations may be supported for a particular attribute. +Additionally, the format of the data in +.Fa data +is attribute-specific. +.Pp +For more information on named extended attributes, please see +.Xr extattr 9 . +.Sh CAVEAT +This interface is under active development, and as such is subject to +change as applications are adapted to use it. +Developers are discouraged from relying on its stability. +.Sh RETURN VALUES +If successful, the +.Fn extattr_get_file +and +.Fn extattr_set_file +calls return the number of bytes +that were read or written from the +.Fa data , +respectively, or if +.Fa data +was +.Dv NULL , +then +.Fn extattr_get_file +returns the number of bytes available to read. +If any of the calls are unsuccessful, the value \-1 is returned +and the global variable +.Va errno +is set to indicate the error. +.Pp +.Rv -std extattr_delete_file +.Sh ERRORS +The following errors may be returned by the system calls themselves. +Additionally, the filesystem implementing the call may return any +other errors it desires. +.Bl -tag -width Er +.It Bq Er EFAULT +.Fa attrnamespace , +.Fa attrname , +or the memory range defined by +.Fa data +and +.Fa nbytes +points outside the process's allocated address space. +.It Bq Er ENAMETOOLONG +The attribute name was longer than +.Dv EXTATTR_MAXNAMELEN . +.El +.Pp +The +.Fn extattr_get_fd , +.Fn extattr_set_fd , +and +.Fn extattr_delete_fd +functions may also fail if: +.Bl -tag -width Er +.It Bq Er EBADF +The file descriptor referenced by +.Fa fd +was invalid. +.El +.Pp +Additionally, the +.Fn extattr_get_file , +.Fn extattr_set_file , +and +.Fn extattr_delete_file +calls may also fail due to the following errors: +.Bl -tag -width Er +.It Bq Er ENOTDIR +A component of the path prefix is not a directory. +.It Bq Er ENAMETOOLONG +A component of a pathname exceeded 255 characters, +or an entire path name exceeded 1023 characters. +.It Bq Er ENOENT +A component of the path name that must exist does not exist. +.It Bq Er EACCES +Search permission is denied for a component of the path prefix. +.\" XXX are any missing? +.El +.Sh SEE ALSO +.Xr extattr 3 , +.Xr extattrctl 8 , +.Xr getextattr 8 , +.Xr setextattr 8 , +.Xr extattr 9 , +.Sh HISTORY +Extended attribute support was developed as part of the +.Tn TrustedBSD +Project, and introduced in +.Ox 3.1 . +It was developed to support security extensions requiring additional labels +to be associated with each file or directory. |