rcaps 0.9.10 → 0.9.20
Sign up to get free protection for your applications and to get access to all the features.
- data/extconf.rb +0 -0
- data/rcaps.c +76 -40
- data/rcaps.h +3 -3
- data/test/all_tests.rb +0 -0
- metadata +41 -34
data/extconf.rb
CHANGED
File without changes
|
data/rcaps.c
CHANGED
@@ -49,6 +49,15 @@
|
|
49
49
|
*
|
50
50
|
* c.set_proc
|
51
51
|
*
|
52
|
+
* === Fetch running capabilities from another process and clear them.
|
53
|
+
* require 'rcaps'
|
54
|
+
*
|
55
|
+
* c = Caps.get_proc(1234)
|
56
|
+
*
|
57
|
+
* c.clear
|
58
|
+
*
|
59
|
+
* c.set_proc(1234)
|
60
|
+
*
|
52
61
|
* === Fetch running capabilities and ensure a certain capability is not set.
|
53
62
|
* require 'rcaps'
|
54
63
|
*
|
@@ -78,6 +87,8 @@
|
|
78
87
|
*/
|
79
88
|
|
80
89
|
#include "ruby.h"
|
90
|
+
//so that we get _cap_names.
|
91
|
+
#undef _POSIX_SOURCE
|
81
92
|
#include <sys/capability.h>
|
82
93
|
|
83
94
|
#include "rcaps.h"
|
@@ -90,13 +101,13 @@ Init_rcaps()
|
|
90
101
|
|
91
102
|
/* Caps class methods */
|
92
103
|
rb_define_singleton_method(rb_cCaps, "new", caps_new, -1);
|
93
|
-
rb_define_singleton_method(rb_cCaps, "get_proc", caps_get_proc,
|
104
|
+
rb_define_singleton_method(rb_cCaps, "get_proc", caps_get_proc, -1);
|
94
105
|
|
95
106
|
/* Caps instance methods */
|
96
107
|
rb_define_method(rb_cCaps, "initialize", caps_init, -1);
|
97
108
|
rb_define_method(rb_cCaps, "to_s", caps_to_string, 0);
|
98
109
|
rb_define_method(rb_cCaps, "clear", caps_clear, 0);
|
99
|
-
rb_define_method(rb_cCaps, "set_proc", caps_set_proc,
|
110
|
+
rb_define_method(rb_cCaps, "set_proc", caps_set_proc, -1);
|
100
111
|
rb_define_method(rb_cCaps, "set_effective", caps_SET_EFFECTIVE, 1);
|
101
112
|
rb_define_method(rb_cCaps, "clear_effective", caps_CLEAR_EFFECTIVE, 1);
|
102
113
|
rb_define_method(rb_cCaps, "set_permitted", caps_SET_PERMITTED, 1);
|
@@ -148,20 +159,38 @@ static VALUE caps_new (int argc, VALUE *argv, VALUE klass) {
|
|
148
159
|
/*
|
149
160
|
* Returns a new Caps object initialized with the set of capabilities from
|
150
161
|
* the currently running process.
|
162
|
+
* If passed a pid, the capabilities for that process will be retrieved
|
163
|
+
* instead.
|
151
164
|
*/
|
152
|
-
static VALUE caps_get_proc (VALUE klass) {
|
165
|
+
static VALUE caps_get_proc (int argc, VALUE *argv, VALUE klass) {
|
153
166
|
cap_t caps;
|
154
|
-
VALUE cdata;
|
155
|
-
|
167
|
+
VALUE cdata, optional_pid;
|
168
|
+
pid_t pid;
|
156
169
|
|
157
|
-
|
158
|
-
|
170
|
+
rb_scan_args(argc, argv, "01", &optional_pid);
|
171
|
+
|
172
|
+
switch(TYPE(optional_pid)) {
|
173
|
+
case T_NIL:
|
174
|
+
//without an argument, we'll fetch our own current capabilities.
|
175
|
+
pid = getpid();
|
176
|
+
break;
|
177
|
+
case T_FIXNUM:
|
178
|
+
pid = (pid_t) FIX2INT(optional_pid);
|
179
|
+
break;
|
180
|
+
default:
|
181
|
+
rb_raise(rb_eTypeError, "Invalid value passed as PID to retrieve capabilities from.");
|
182
|
+
break;
|
183
|
+
}
|
184
|
+
|
185
|
+
if ((caps = cap_init()) == NULL)
|
186
|
+
rb_sys_fail("Error initializing empty capability set");
|
187
|
+
else if (capgetp(pid, caps) != 0)
|
188
|
+
rb_sys_fail("Error retrieving capabilities from active process");
|
159
189
|
|
160
190
|
//as this is just a convenience wrapper instead of new(), we still
|
161
191
|
//want to call initialize.
|
162
192
|
cdata = Data_Wrap_Struct(klass, 0, caps_free, caps);
|
163
|
-
|
164
|
-
rb_obj_call_init(cdata, 1, argv);
|
193
|
+
rb_obj_call_init(cdata, argc, argv);
|
165
194
|
|
166
195
|
return cdata;
|
167
196
|
}
|
@@ -212,14 +241,32 @@ static VALUE caps_clear (VALUE self) {
|
|
212
241
|
/*
|
213
242
|
* Install the Caps object into the kernel. This is analogous to the C level
|
214
243
|
* function cap_set_proc.
|
244
|
+
* If a pid is given, the capabilities will be installed for that process
|
245
|
+
* instead. [Note: This likely won't work, but we support it anyway]
|
215
246
|
*/
|
216
|
-
static VALUE caps_set_proc (VALUE self) {
|
247
|
+
static VALUE caps_set_proc (int argc, VALUE *argv, VALUE self) {
|
217
248
|
cap_t caps;
|
249
|
+
VALUE optional_pid;
|
250
|
+
pid_t pid;
|
218
251
|
|
219
252
|
Data_Get_Struct(self, struct _cap_struct, caps);
|
253
|
+
rb_scan_args(argc, argv, "01", &optional_pid);
|
220
254
|
|
221
|
-
|
222
|
-
|
255
|
+
switch(TYPE(optional_pid)) {
|
256
|
+
case T_NIL:
|
257
|
+
//without an argument, we'll fetch our own current capabilities.
|
258
|
+
pid = getpid();
|
259
|
+
break;
|
260
|
+
case T_FIXNUM:
|
261
|
+
pid = (pid_t) FIX2INT(optional_pid);
|
262
|
+
break;
|
263
|
+
default:
|
264
|
+
rb_raise(rb_eTypeError, "Invalid value passed as PID to retrieve capabilities from.");
|
265
|
+
break;
|
266
|
+
}
|
267
|
+
|
268
|
+
if (capsetp(pid, caps) != 0)
|
269
|
+
rb_sys_fail("Error setting capabilities for process");
|
223
270
|
|
224
271
|
return self;
|
225
272
|
}
|
@@ -384,34 +431,23 @@ static VALUE caps_INHERITABLE (VALUE self, VALUE cap) {\
|
|
384
431
|
}
|
385
432
|
|
386
433
|
static void caps_setup_constants (void) {
|
434
|
+
int i;
|
435
|
+
char *sname, *x;
|
436
|
+
|
387
437
|
/* these constants represent capabilities that may be toggled on/off
|
388
438
|
* in one of the sets of cap_flag_t enumerated list */
|
389
|
-
|
390
|
-
|
391
|
-
|
392
|
-
|
393
|
-
|
394
|
-
|
395
|
-
|
396
|
-
|
397
|
-
|
398
|
-
|
399
|
-
|
400
|
-
|
401
|
-
|
402
|
-
|
403
|
-
rb_define_const(rb_cCaps, "IPC_OWNER", INT2FIX(CAP_IPC_OWNER));
|
404
|
-
rb_define_const(rb_cCaps, "SYS_MODULE", INT2FIX(CAP_SYS_MODULE));
|
405
|
-
rb_define_const(rb_cCaps, "SYS_RAWIO", INT2FIX(CAP_SYS_RAWIO));
|
406
|
-
rb_define_const(rb_cCaps, "SYS_CHROOT", INT2FIX(CAP_SYS_CHROOT));
|
407
|
-
rb_define_const(rb_cCaps, "SYS_PTRACE", INT2FIX(CAP_SYS_PTRACE));
|
408
|
-
rb_define_const(rb_cCaps, "SYS_PACCT", INT2FIX(CAP_SYS_PACCT));
|
409
|
-
rb_define_const(rb_cCaps, "SYS_ADMIN", INT2FIX(CAP_SYS_ADMIN));
|
410
|
-
rb_define_const(rb_cCaps, "SYS_BOOT", INT2FIX(CAP_SYS_BOOT));
|
411
|
-
rb_define_const(rb_cCaps, "SYS_NICE", INT2FIX(CAP_SYS_NICE));
|
412
|
-
rb_define_const(rb_cCaps, "SYS_RESOURCE", INT2FIX(CAP_SYS_RESOURCE));
|
413
|
-
rb_define_const(rb_cCaps, "SYS_TIME", INT2FIX(CAP_SYS_TIME));
|
414
|
-
rb_define_const(rb_cCaps, "SYS_TTY_CONFIG", INT2FIX(CAP_SYS_TTY_CONFIG));
|
415
|
-
rb_define_const(rb_cCaps, "MKNOD", INT2FIX(CAP_MKNOD));
|
416
|
-
rb_define_const(rb_cCaps, "LEASE", INT2FIX(CAP_LEASE));
|
439
|
+
|
440
|
+
/* This makes us Linux specific, as _cap_names is not part of the POSIX
|
441
|
+
* spec. */
|
442
|
+
for (i = 0; _cap_names[i]; i++) {
|
443
|
+
sname = strdup((char *)(_cap_names[i] + 4)); //strip off the cap_ part.
|
444
|
+
x = sname;
|
445
|
+
while (*x) {
|
446
|
+
*x = toupper(*x);
|
447
|
+
x++;
|
448
|
+
}
|
449
|
+
|
450
|
+
rb_define_const(rb_cCaps, sname, INT2FIX(i));
|
451
|
+
free(sname);
|
452
|
+
}
|
417
453
|
}
|
data/rcaps.h
CHANGED
@@ -7,14 +7,14 @@ static void caps_setup_constants (void); //define names for capabilities
|
|
7
7
|
static void caps_free (cap_t);
|
8
8
|
|
9
9
|
/* Caps class methods */
|
10
|
-
static VALUE caps_init (int, VALUE *, VALUE);
|
11
10
|
static VALUE caps_new (int, VALUE *, VALUE);
|
12
|
-
static VALUE caps_get_proc (VALUE);
|
11
|
+
static VALUE caps_get_proc (int, VALUE *, VALUE);
|
13
12
|
|
14
13
|
/* Caps instance methods */
|
14
|
+
static VALUE caps_init (int, VALUE *, VALUE);
|
15
15
|
static VALUE caps_to_string (VALUE);
|
16
16
|
static VALUE caps_clear (VALUE);
|
17
|
-
static VALUE caps_set_proc (VALUE);
|
17
|
+
static VALUE caps_set_proc (int, VALUE *, VALUE);
|
18
18
|
static VALUE captoggle (VALUE, VALUE, cap_flag_t, cap_flag_value_t);
|
19
19
|
// functions to toggle capabilities in the various sets.
|
20
20
|
static VALUE caps_SET_EFFECTIVE (VALUE, VALUE);
|
data/test/all_tests.rb
CHANGED
File without changes
|
metadata
CHANGED
@@ -1,49 +1,56 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
|
-
rubygems_version: 0.9.4
|
3
|
-
specification_version: 1
|
4
2
|
name: rcaps
|
5
3
|
version: !ruby/object:Gem::Version
|
6
|
-
version: 0.9.
|
7
|
-
date: 2008-09-27 00:00:00 -04:00
|
8
|
-
summary: A library for manipulating capabilities using the POSIX 1003.1e interfaces
|
9
|
-
require_paths:
|
10
|
-
- lib
|
11
|
-
email: bdwalton@gmail.com
|
12
|
-
homepage: http://rcaps.rubyforge.org/
|
13
|
-
rubyforge_project: http://rubyforge.org/projects/rcaps
|
14
|
-
description:
|
15
|
-
autorequire:
|
16
|
-
default_executable:
|
17
|
-
bindir: bin
|
18
|
-
has_rdoc: true
|
19
|
-
required_ruby_version: !ruby/object:Gem::Version::Requirement
|
20
|
-
requirements:
|
21
|
-
- - ">"
|
22
|
-
- !ruby/object:Gem::Version
|
23
|
-
version: 0.0.0
|
24
|
-
version:
|
4
|
+
version: 0.9.20
|
25
5
|
platform: ruby
|
26
|
-
signing_key:
|
27
|
-
cert_chain:
|
28
|
-
post_install_message:
|
29
6
|
authors:
|
30
7
|
- Ben Walton
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2008-10-09 00:00:00 -04:00
|
13
|
+
default_executable:
|
14
|
+
dependencies: []
|
15
|
+
|
16
|
+
description:
|
17
|
+
email: bdwalton@gmail.com
|
18
|
+
executables: []
|
19
|
+
|
20
|
+
extensions:
|
21
|
+
- extconf.rb
|
22
|
+
extra_rdoc_files: []
|
23
|
+
|
31
24
|
files:
|
32
25
|
- COPYING
|
33
26
|
- gpl.txt
|
34
27
|
- rcaps.c
|
35
28
|
- rcaps.h
|
36
|
-
|
37
|
-
|
29
|
+
has_rdoc: true
|
30
|
+
homepage: http://rcaps.rubyforge.org/
|
31
|
+
post_install_message:
|
38
32
|
rdoc_options:
|
39
33
|
- -x test/
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
-
|
34
|
+
require_paths:
|
35
|
+
- lib
|
36
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: "0"
|
41
|
+
version:
|
42
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - ">="
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: "0"
|
47
|
+
version:
|
46
48
|
requirements: []
|
47
49
|
|
48
|
-
|
49
|
-
|
50
|
+
rubyforge_project: http://rubyforge.org/projects/rcaps
|
51
|
+
rubygems_version: 1.1.1
|
52
|
+
signing_key:
|
53
|
+
specification_version: 2
|
54
|
+
summary: A library for manipulating capabilities using the POSIX 1003.1e interfaces
|
55
|
+
test_files:
|
56
|
+
- test/all_tests.rb
|