RubyGems - rcaps - Versions diffs - 0.9.10 → 0.9.20 - Mend

rcaps 0.9.10 → 0.9.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

data/extconf.rb CHANGED Viewed

File without changes

data/rcaps.c CHANGED Viewed

@@ -49,6 +49,15 @@
  *
  * c.set_proc
  *
+ * === Fetch running capabilities from another process and clear them.
+ * require 'rcaps'
+ *
+ * c = Caps.get_proc(1234)
+ *
+ * c.clear
+ *
+ * c.set_proc(1234)
+ *
  * === Fetch running capabilities and ensure a certain capability is not set.
  * require 'rcaps'
  *
@@ -78,6 +87,8 @@
  */
 #include "ruby.h"
+//so that we get _cap_names.
+#undef _POSIX_SOURCE
 #include <sys/capability.h>
 #include "rcaps.h"
@@ -90,13 +101,13 @@ Init_rcaps()
   /* Caps class methods */
   rb_define_singleton_method(rb_cCaps, "new", caps_new, -1);
-  rb_define_singleton_method(rb_cCaps, "get_proc", caps_get_proc, 0);
+  rb_define_singleton_method(rb_cCaps, "get_proc", caps_get_proc, -1);
   /* Caps instance methods */
   rb_define_method(rb_cCaps, "initialize", caps_init, -1);
   rb_define_method(rb_cCaps, "to_s", caps_to_string, 0);
   rb_define_method(rb_cCaps, "clear", caps_clear, 0);
-  rb_define_method(rb_cCaps, "set_proc", caps_set_proc, 0);
+  rb_define_method(rb_cCaps, "set_proc", caps_set_proc, -1);
   rb_define_method(rb_cCaps, "set_effective", caps_SET_EFFECTIVE, 1);
   rb_define_method(rb_cCaps, "clear_effective", caps_CLEAR_EFFECTIVE, 1);
   rb_define_method(rb_cCaps, "set_permitted", caps_SET_PERMITTED, 1);
@@ -148,20 +159,38 @@ static VALUE caps_new (int argc, VALUE *argv, VALUE klass) {
 /*
  * Returns a new Caps object initialized with the set of capabilities from
  * the currently running process.
+ * If passed a pid, the capabilities for that process will be retrieved
+ * instead.
  */
-static VALUE caps_get_proc (VALUE klass) {
+static VALUE caps_get_proc (int argc, VALUE *argv, VALUE klass) {
   cap_t caps;
-  VALUE cdata;
-  VALUE argv[1];
+  VALUE cdata, optional_pid;
+  pid_t pid;
-  if ((caps = cap_get_proc()) == NULL)
-    rb_sys_fail("Error retrieving active capabilties");
+  rb_scan_args(argc, argv, "01", &optional_pid);
+  switch(TYPE(optional_pid)) {
+    case T_NIL:
+      //without an argument, we'll fetch our own current capabilities.
+      pid = getpid();
+      break;
+    case T_FIXNUM:
+      pid = (pid_t) FIX2INT(optional_pid);
+      break;
+    default:
+      rb_raise(rb_eTypeError, "Invalid value passed as PID to retrieve capabilities from.");
+      break;
+  }
+  if ((caps = cap_init()) == NULL)
+    rb_sys_fail("Error initializing empty capability set");
+  else if (capgetp(pid, caps) != 0)
+    rb_sys_fail("Error retrieving capabilities from active process");
   //as this is just a convenience wrapper instead of new(), we still
   //want to call initialize.
   cdata = Data_Wrap_Struct(klass, 0, caps_free, caps);
-  argv[0] = rb_funcall(cdata, rb_intern("to_s"), 0);
-  rb_obj_call_init(cdata, 1, argv);
+  rb_obj_call_init(cdata, argc, argv);
   return cdata;
 }
@@ -212,14 +241,32 @@ static VALUE caps_clear (VALUE self) {
 /*
  * Install the Caps object into the kernel.  This is analogous to the C level
  * function cap_set_proc.
+ * If a pid is given, the capabilities will be installed for that process
+ * instead.  [Note: This likely won't work, but we support it anyway]
  */
-static VALUE caps_set_proc (VALUE self) {
+static VALUE caps_set_proc (int argc, VALUE *argv, VALUE self) {
   cap_t caps;
+  VALUE optional_pid;
+  pid_t pid;
   Data_Get_Struct(self, struct _cap_struct, caps);
+  rb_scan_args(argc, argv, "01", &optional_pid);
-  if (cap_set_proc(caps) != 0)
-    rb_sys_fail("Error activating capabilities.");
+  switch(TYPE(optional_pid)) {
+    case T_NIL:
+      //without an argument, we'll fetch our own current capabilities.
+      pid = getpid();
+      break;
+    case T_FIXNUM:
+      pid = (pid_t) FIX2INT(optional_pid);
+      break;
+    default:
+      rb_raise(rb_eTypeError, "Invalid value passed as PID to retrieve capabilities from.");
+      break;
+  }
+  if (capsetp(pid, caps) != 0)
+    rb_sys_fail("Error setting capabilities for process");
   return self;
 }
@@ -384,34 +431,23 @@ static VALUE caps_INHERITABLE (VALUE self, VALUE cap) {\
 }
 static void caps_setup_constants (void) {
+  int i;
+  char *sname, *x;
   /* these constants represent capabilities that may be toggled on/off
    * in one of the sets of cap_flag_t enumerated list */
-  rb_define_const(rb_cCaps, "CHOWN", INT2FIX(CAP_CHOWN));
-  rb_define_const(rb_cCaps, "DAC_OVERRIDE", INT2FIX(CAP_DAC_OVERRIDE));
-  rb_define_const(rb_cCaps, "DAC_READ_SEARCH", INT2FIX(CAP_DAC_READ_SEARCH));
-  rb_define_const(rb_cCaps, "FOWNER", INT2FIX(CAP_FOWNER));
-  rb_define_const(rb_cCaps, "FSETID", INT2FIX(CAP_FSETID));
-  rb_define_const(rb_cCaps, "KILL", INT2FIX(CAP_KILL));
-  rb_define_const(rb_cCaps, "SETGID", INT2FIX(CAP_SETGID));
-  rb_define_const(rb_cCaps, "SETUID", INT2FIX(CAP_SETUID));
-  rb_define_const(rb_cCaps, "LINUX_IMMUTABLE", INT2FIX(CAP_LINUX_IMMUTABLE));
-  rb_define_const(rb_cCaps, "NET_BIND_SERVICE", INT2FIX(CAP_NET_BIND_SERVICE));
-  rb_define_const(rb_cCaps, "NET_BROADCAST", INT2FIX(CAP_NET_BROADCAST));
-  rb_define_const(rb_cCaps, "NET_ADMIN", INT2FIX(CAP_NET_ADMIN));
-  rb_define_const(rb_cCaps, "NET_RAW", INT2FIX(CAP_NET_RAW));
-  rb_define_const(rb_cCaps, "IPC_LOCK", INT2FIX(CAP_IPC_LOCK));
-  rb_define_const(rb_cCaps, "IPC_OWNER", INT2FIX(CAP_IPC_OWNER));
-  rb_define_const(rb_cCaps, "SYS_MODULE", INT2FIX(CAP_SYS_MODULE));
-  rb_define_const(rb_cCaps, "SYS_RAWIO", INT2FIX(CAP_SYS_RAWIO));
-  rb_define_const(rb_cCaps, "SYS_CHROOT", INT2FIX(CAP_SYS_CHROOT));
-  rb_define_const(rb_cCaps, "SYS_PTRACE", INT2FIX(CAP_SYS_PTRACE));
-  rb_define_const(rb_cCaps, "SYS_PACCT", INT2FIX(CAP_SYS_PACCT));
-  rb_define_const(rb_cCaps, "SYS_ADMIN", INT2FIX(CAP_SYS_ADMIN));
-  rb_define_const(rb_cCaps, "SYS_BOOT", INT2FIX(CAP_SYS_BOOT));
-  rb_define_const(rb_cCaps, "SYS_NICE", INT2FIX(CAP_SYS_NICE));
-  rb_define_const(rb_cCaps, "SYS_RESOURCE", INT2FIX(CAP_SYS_RESOURCE));
-  rb_define_const(rb_cCaps, "SYS_TIME", INT2FIX(CAP_SYS_TIME));
-  rb_define_const(rb_cCaps, "SYS_TTY_CONFIG", INT2FIX(CAP_SYS_TTY_CONFIG));
-  rb_define_const(rb_cCaps, "MKNOD", INT2FIX(CAP_MKNOD));
-  rb_define_const(rb_cCaps, "LEASE", INT2FIX(CAP_LEASE));
+  /* This makes us Linux specific, as _cap_names is not part of the POSIX
+   *  spec. */
+  for (i = 0; _cap_names[i]; i++) {
+    sname = strdup((char *)(_cap_names[i] + 4));  //strip off the cap_ part.
+    x = sname;
+    while (*x) {
+      *x = toupper(*x);
+      x++;
+    }
+    rb_define_const(rb_cCaps, sname, INT2FIX(i));
+    free(sname);
+  }
 }

data/rcaps.h CHANGED Viewed

@@ -7,14 +7,14 @@ static void caps_setup_constants (void);  //define names for capabilities
 static void caps_free (cap_t);
 /* Caps class methods */
-static VALUE caps_init (int, VALUE *, VALUE);
 static VALUE caps_new (int, VALUE *, VALUE);
-static VALUE caps_get_proc (VALUE);
+static VALUE caps_get_proc (int, VALUE *, VALUE);
 /* Caps instance methods */
+static VALUE caps_init (int, VALUE *, VALUE);
 static VALUE caps_to_string (VALUE);
 static VALUE caps_clear (VALUE);
-static VALUE caps_set_proc (VALUE);
+static VALUE caps_set_proc (int, VALUE *, VALUE);
 static VALUE captoggle (VALUE, VALUE, cap_flag_t, cap_flag_value_t);
 // functions to toggle capabilities in the various sets.
 static VALUE caps_SET_EFFECTIVE (VALUE, VALUE);

data/test/all_tests.rb CHANGED Viewed

File without changes

metadata CHANGED Viewed

@@ -1,49 +1,56 @@
 --- !ruby/object:Gem::Specification
-rubygems_version: 0.9.4
-specification_version: 1
 name: rcaps
 version: !ruby/object:Gem::Version
-  version: 0.9.10
-date: 2008-09-27 00:00:00 -04:00
-summary: A library for manipulating capabilities using the POSIX 1003.1e interfaces
-require_paths:
-- lib
-email: bdwalton@gmail.com
-homepage: http://rcaps.rubyforge.org/
-rubyforge_project: http://rubyforge.org/projects/rcaps
-description:
-autorequire:
-default_executable:
-bindir: bin
-has_rdoc: true
-required_ruby_version: !ruby/object:Gem::Version::Requirement
-  requirements:
-  - - ">"
-    - !ruby/object:Gem::Version
-      version: 0.0.0
-  version:
+  version: 0.9.20
 platform: ruby
-signing_key:
-cert_chain:
-post_install_message:
 authors:
 - Ben Walton
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2008-10-09 00:00:00 -04:00
+default_executable:
+dependencies: []
+description:
+email: bdwalton@gmail.com
+executables: []
+extensions:
+- extconf.rb
+extra_rdoc_files: []
 files:
 - COPYING
 - gpl.txt
 - rcaps.c
 - rcaps.h
-test_files:
-- test/all_tests.rb
+has_rdoc: true
+homepage: http://rcaps.rubyforge.org/
+post_install_message:
 rdoc_options:
 - -x test/
-extra_rdoc_files: []
-executables: []
-extensions:
-- extconf.rb
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
 requirements: []
-dependencies: []
+rubyforge_project: http://rubyforge.org/projects/rcaps
+rubygems_version: 1.1.1
+signing_key:
+specification_version: 2
+summary: A library for manipulating capabilities using the POSIX 1003.1e interfaces
+test_files:
+- test/all_tests.rb