"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "lib/libcap/cap_proc.c" between
proftpd-1.3.6b.tar.gz and proftpd-1.3.6c.tar.gz

About: ProFTPD is a highly configurable FTP server software (with FTPS and SFTP support).

cap_proc.c  (proftpd-1.3.6b):cap_proc.c  (proftpd-1.3.6c)
/* /*
* Copyright (c) 1997-8 Andrew G Morgan <morgan@linux.kernel.org> * Copyright (c) 1997-8,2007,2011 Andrew G Morgan <morgan@kernel.org>
* *
* See end of file for Log. * This file deals with getting and setting capabilities on processes.
*
* This file deals with setting capabilities on processes.
*/ */
#include <sys/prctl.h>
#include "libcap.h" #include "libcap.h"
cap_t cap_get_proc(void) cap_t cap_get_proc(void)
{ {
cap_t result; cap_t result;
/* allocate a new capability set */ /* allocate a new capability set */
result = cap_init(); result = cap_init();
if (result) { if (result) {
_cap_debug("getting current process' capabilities"); _cap_debug("getting current process' capabilities");
/* fill the capability sets via a system call */ /* fill the capability sets via a system call */
if (capget(&result->head, &result->set)) { if (capget(&result->head, &result->u[0].set)) {
cap_free(&result); cap_free(result);
result = NULL;
} }
} }
return result; return result;
} }
int cap_set_proc(cap_t cap_d) int cap_set_proc(cap_t cap_d)
{ {
int retval; int retval;
if (!good_cap_t(cap_d)) { if (!good_cap_t(cap_d)) {
errno = EINVAL; errno = EINVAL;
return -1; return -1;
} }
_cap_debug("setting process capabilities"); _cap_debug("setting process capabilities");
retval = capset(&cap_d->head, &cap_d->set); retval = capset(&cap_d->head, &cap_d->u[0].set);
cap_d->head.version = _LINUX_CAPABILITY_VERSION_1;
return retval; return retval;
} }
/* the following two functions are not required by POSIX */ /* the following two functions are not required by POSIX */
/* read the caps on a specific process */ /* read the caps on a specific process */
int capgetp(pid_t pid, cap_t cap_d) int capgetp(pid_t pid, cap_t cap_d)
{ {
int error; int error;
if (!good_cap_t(cap_d)) { if (!good_cap_t(cap_d)) {
errno = EINVAL; errno = EINVAL;
return -1; return -1;
} }
_cap_debug("getting process capabilities for proc %d", pid); _cap_debug("getting process capabilities for proc %d", pid);
cap_d->head.pid = pid; cap_d->head.pid = pid;
error = capget(&cap_d->head, &cap_d->set); error = capget(&cap_d->head, &cap_d->u[0].set);
cap_d->head.version = _LINUX_CAPABILITY_VERSION_1;
cap_d->head.pid = 0; cap_d->head.pid = 0;
return error; return error;
} }
/* allocate space for and return capabilities of target process */
cap_t cap_get_pid(pid_t pid)
{
cap_t result;
result = cap_init();
if (result) {
if (capgetp(pid, result) != 0) {
int my_errno;
my_errno = errno;
cap_free(result);
errno = my_errno;
result = NULL;
}
}
return result;
}
/* set the caps on a specific process/pg etc.. */ /* set the caps on a specific process/pg etc.. */
int capsetp(pid_t pid, cap_t cap_d) int capsetp(pid_t pid, cap_t cap_d)
{ {
int error; int error;
if (!good_cap_t(cap_d)) { if (!good_cap_t(cap_d)) {
errno = EINVAL; errno = EINVAL;
return -1; return -1;
} }
_cap_debug("setting process capabilities for proc %d", pid); _cap_debug("setting process capabilities for proc %d", pid);
cap_d->head.pid = pid; cap_d->head.pid = pid;
error = capset(&cap_d->head, &cap_d->set); error = capset(&cap_d->head, &cap_d->u[0].set);
cap_d->head.version = _LINUX_CAPABILITY_VERSION_1; cap_d->head.version = _LIBCAP_CAPABILITY_VERSION;
cap_d->head.pid = 0; cap_d->head.pid = 0;
return error; return error;
} }
/* /* the kernel api requires unsigned long arguments */
* $Log: cap_proc.c,v $ #define pr_arg(x) ((unsigned long) x)
* Revision 1.2 2008-08-06 17:00:41 castaglia
* /* get a capability from the bounding set */
* Bug#3096 - libcap version errors on newer Linux kernel. Newer Linux kernels
* have a _LINUX_CAPABILITY_VERSION_2 macro, and redefine the old int cap_get_bound(cap_value_t cap)
* _LINUX_CAPABILITY_VERSION macro. To play better with such kernels, redefine {
* the bundled libcap to use _LINUX_CAPABILITY_VERSION_1. int result;
*
* Revision 1.1 2003/01/03 02:16:17 jwm result = prctl(PR_CAPBSET_READ, pr_arg(cap));
* if (result < 0) {
* Turning mod_linuxprivs into a core module, mod_cap. This is by no means errno = -result;
* complete. return -1;
* }
* Revision 1.2 1999/09/07 23:14:19 macgyver return result;
* Updated capabilities library and model. }
*
* Revision 1.2 1999/04/18 20:50:01 morgan /* drop a capability from the bounding set */
* reliable behavior when trying to talk with a kernel that has a more
* modern capability implementation than the one the library was compiled int cap_drop_bound(cap_value_t cap)
* with. {
* int result;
* Revision 1.1.1.1 1999/04/17 22:16:31 morgan
* release 1.0 of libcap result = prctl(PR_CAPBSET_DROP, pr_arg(cap));
* if (result < 0) {
* Revision 1.5 1998/05/24 22:54:09 morgan errno = -result;
* updated for 2.1.104 return -1;
* }
* Revision 1.4 1997/05/14 05:17:13 morgan return result;
* bug-fix from zefram (errno no set on success) }
*
* Revision 1.3 1997/05/04 05:35:46 morgan /* get a capability from the ambient set */
* fixed errno setting. syscalls do this part
* int cap_get_ambient(cap_value_t cap)
* Revision 1.2 1997/04/28 00:57:11 morgan {
* fixes and zefram's patches int result;
* result = prctl(PR_CAP_AMBIENT, pr_arg(PR_CAP_AMBIENT_IS_SET),
* Revision 1.1 1997/04/21 04:32:52 morgan pr_arg(cap), pr_arg(0), pr_arg(0));
* Initial revision if (result < 0) {
* errno = -result;
*/ return -1;
}
return result;
}
/* modify a single ambient capability value */
int cap_set_ambient(cap_value_t cap, cap_flag_value_t set)
{
int result, val;
switch (set) {
case CAP_SET:
val = PR_CAP_AMBIENT_RAISE;
break;
case CAP_CLEAR:
val = PR_CAP_AMBIENT_LOWER;
break;
default:
errno = EINVAL;
return -1;
}
result = prctl(PR_CAP_AMBIENT, pr_arg(val), pr_arg(cap),
pr_arg(0), pr_arg(0));
if (result < 0) {
errno = -result;
return -1;
}
return result;
}
/* erase all ambient capabilities */
int cap_reset_ambient()
{
int result;
result = prctl(PR_CAP_AMBIENT, pr_arg(PR_CAP_AMBIENT_CLEAR_ALL),
pr_arg(0), pr_arg(0), pr_arg(0));
if (result < 0) {
errno = -result;
return -1;
}
return result;
}
 End of changes. 10 change blocks. 
12 lines changed or deleted 32 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)