RubyGems - rcaps - Versions diffs - 0.9.10 → 0.9.20 - Mend

rcaps 0.9.10 → 0.9.20

Files changed (5) hide show

data/extconf.rb CHANGED Viewed

File without changes

data/rcaps.c CHANGED Viewed

@@ -49,6 +49,15 @@
  *
  * c.set_proc
  *
+ * === Fetch running capabilities from another process and clear them.
+ * require 'rcaps'
+ *
+ * c = Caps.get_proc(1234)
+ *
+ * c.clear
+ *
+ * c.set_proc(1234)
+ *
  * === Fetch running capabilities and ensure a certain capability is not set.
  * require 'rcaps'
  *
@@ -78,6 +87,8 @@
  */
 #include "ruby.h"
+//so that we get _cap_names.
+#undef _POSIX_SOURCE
 #include <sys/capability.h>
 #include "rcaps.h"
@@ -90,13 +101,13 @@ Init_rcaps()
   /* Caps class methods */
   rb_define_singleton_method(rb_cCaps, "new", caps_new, -1);
-  rb_define_singleton_method(rb_cCaps, "get_proc", caps_get_proc, 0);
+  rb_define_singleton_method(rb_cCaps, "get_proc", caps_get_proc, -1);
   /* Caps instance methods */
   rb_define_method(rb_cCaps, "initialize", caps_init, -1);
   rb_define_method(rb_cCaps, "to_s", caps_to_string, 0);
   rb_define_method(rb_cCaps, "clear", caps_clear, 0);
-  rb_define_method(rb_cCaps, "set_proc", caps_set_proc, 0);
+  rb_define_method(rb_cCaps, "set_proc", caps_set_proc, -1);
   rb_define_method(rb_cCaps, "set_effective", caps_SET_EFFECTIVE, 1);
   rb_define_method(rb_cCaps, "clear_effective", caps_CLEAR_EFFECTIVE, 1);
   rb_define_method(rb_cCaps, "set_permitted", caps_SET_PERMITTED, 1);
@@ -148,20 +159,38 @@ static VALUE caps_new (int argc, VALUE *argv, VALUE klass) {
 /*
  * Returns a new Caps object initialized with the set of capabilities from
  * the currently running process.
+ * If passed a pid, the capabilities for that process will be retrieved
+ * instead.
  */
-static VALUE caps_get_proc (VALUE klass) {
+static VALUE caps_get_proc (int argc, VALUE *argv, VALUE klass) {
   cap_t caps;
-  VALUE cdata;
-  VALUE argv[1];
+  VALUE cdata, optional_pid;
+  pid_t pid;
-  if ((caps = cap_get_proc()) == NULL)
-    rb_sys_fail("Error retrieving active capabilties");
+  rb_scan_args(argc, argv, "01", &optional_pid);
+  switch(TYPE(optional_pid)) {
+    case T_NIL:
+      //without an argument, we'll fetch our own current capabilities.
+      pid = getpid();
+      break;
+    case T_FIXNUM:
+      pid = (pid_t) FIX2INT(optional_pid);
+      break;
+    default:
+      rb_raise(rb_eTypeError, "Invalid value passed as PID to retrieve capabilities from.");
+      break;
+  }
+  if ((caps = cap_init()) == NULL)
+    rb_sys_fail("Error initializing empty capability set");
+  else if (capgetp(pid, caps) != 0)
+    rb_sys_fail("Error retrieving capabilities from active process");
   //as this is just a convenience wrapper instead of new(), we still
   //want to call initialize.
   cdata = Data_Wrap_Struct(klass, 0, caps_free, caps);
-  argv[0] = rb_funcall(cdata, rb_intern("to_s"), 0);
-  rb_obj_call_init(cdata, 1, argv);
+  rb_obj_call_init(cdata, argc, argv);
   return cdata;
 }
@@ -212,14 +241,32 @@ static VALUE caps_clear (VALUE self) {
 /*
  * Install the Caps object into the kernel.  This is analogous to the C level
  * function cap_set_proc.
+ * If a pid is given, the capabilities will be installed for that process
+ * instead.  [Note: This likely won't work, but we support it anyway]
  */
-static VALUE caps_set_proc (VALUE self) {
+static VALUE caps_set_proc (int argc, VALUE *argv, VALUE self) {
   cap_t caps;
+  VALUE optional_pid;
+  pid_t pid;
   Data_Get_Struct(self, struct _cap_struct, caps);
+  rb_scan_args(argc, argv, "01", &optional_pid);
-  if (cap_set_proc(caps) != 0)
-    rb_sys_fail("Error activating capabilities.");
+  switch(TYPE(optional_pid)) {
+    case T_NIL:
+      //without an argument, we'll fetch our own current capabilities.
+      pid = getpid();
+      break;
+    case T_FIXNUM:
+      pid = (pid_t) FIX2INT(optional_pid);
+      break;
+    default:
+      rb_raise(rb_eTypeError, "Invalid value passed as PID to retrieve capabilities from.");
+      break;
+  }
+  if (capsetp(pid, caps) != 0)
+    rb_sys_fail("Error setting capabilities for process");
   return self;
 }
@@ -384,34 +431,23 @@ static VALUE caps_INHERITABLE (VALUE self, VALUE cap) {\
 }
 static void caps_setup_constants (void) {
+  int i;
+  char *sname, *x;
   /* these constants represent capabilities that may be toggled on/off
    * in one of the sets of cap_flag_t enumerated list */
-  rb_define_const(rb_cCaps, "CHOWN", INT2FIX(CAP_CHOWN));
-  rb_define_const(rb_cCaps, "DAC_OVERRIDE", INT2FIX(CAP_DAC_OVERRIDE));
-  rb_define_const(rb_cCaps, "DAC_READ_SEARCH", INT2FIX(CAP_DAC_READ_SEARCH));
-  rb_define_const(rb_cCaps, "FOWNER", INT2FIX(CAP_FOWNER));
-  rb_define_const(rb_cCaps, "FSETID", INT2FIX(CAP_FSETID));
-  rb_define_const(rb_cCaps, "KILL", INT2FIX(CAP_KILL));
-  rb_define_const(rb_cCaps, "SETGID", INT2FIX(CAP_SETGID));
-  rb_define_const(rb_cCaps, "SETUID", INT2FIX(CAP_SETUID));
-  rb_define_const(rb_cCaps, "LINUX_IMMUTABLE", INT2FIX(CAP_LINUX_IMMUTABLE));
-  rb_define_const(rb_cCaps, "NET_BIND_SERVICE", INT2FIX(CAP_NET_BIND_SERVICE));
-  rb_define_const(rb_cCaps, "NET_BROADCAST", INT2FIX(CAP_NET_BROADCAST));
-  rb_define_const(rb_cCaps, "NET_ADMIN", INT2FIX(CAP_NET_ADMIN));
-  rb_define_const(rb_cCaps, "NET_RAW", INT2FIX(CAP_NET_RAW));
-  rb_define_const(rb_cCaps, "IPC_LOCK", INT2FIX(CAP_IPC_LOCK));
-  rb_define_const(rb_cCaps, "IPC_OWNER", INT2FIX(CAP_IPC_OWNER));
-  rb_define_const(rb_cCaps, "SYS_MODULE", INT2FIX(CAP_SYS_MODULE));
-  rb_define_const(rb_cCaps, "SYS_RAWIO", INT2FIX(CAP_SYS_RAWIO));
-  rb_define_const(rb_cCaps, "SYS_CHROOT", INT2FIX(CAP_SYS_CHROOT));
-  rb_define_const(rb_cCaps, "SYS_PTRACE", INT2FIX(CAP_SYS_PTRACE));
-  rb_define_const(rb_cCaps, "SYS_PACCT", INT2FIX(CAP_SYS_PACCT));
-  rb_define_const(rb_cCaps, "SYS_ADMIN", INT2FIX(CAP_SYS_ADMIN));
-  rb_define_const(rb_cCaps, "SYS_BOOT", INT2FIX(CAP_SYS_BOOT));
-  rb_define_const(rb_cCaps, "SYS_NICE", INT2FIX(CAP_SYS_NICE));
-  rb_define_const(rb_cCaps, "SYS_RESOURCE", INT2FIX(CAP_SYS_RESOURCE));
-  rb_define_const(rb_cCaps, "SYS_TIME", INT2FIX(CAP_SYS_TIME));
-  rb_define_const(rb_cCaps, "SYS_TTY_CONFIG", INT2FIX(CAP_SYS_TTY_CONFIG));
-  rb_define_const(rb_cCaps, "MKNOD", INT2FIX(CAP_MKNOD));
-  rb_define_const(rb_cCaps, "LEASE", INT2FIX(CAP_LEASE));
+  /* This makes us Linux specific, as _cap_names is not part of the POSIX
+   *  spec. */
+  for (i = 0; _cap_names[i]; i++) {
+    sname = strdup((char *)(_cap_names[i] + 4));  //strip off the cap_ part.
+    x = sname;
+    while (*x) {
+      *x = toupper(*x);
+      x++;
+    }
+    rb_define_const(rb_cCaps, sname, INT2FIX(i));
+    free(sname);
+  }
 }

data/rcaps.h CHANGED Viewed

@@ -7,14 +7,14 @@ static void caps_setup_constants (void);  //define names for capabilities
 static void caps_free (cap_t);
 /* Caps class methods */
-static VALUE caps_init (int, VALUE *, VALUE);
 static VALUE caps_new (int, VALUE *, VALUE);
-static VALUE caps_get_proc (VALUE);
+static VALUE caps_get_proc (int, VALUE *, VALUE);
 /* Caps instance methods */
+static VALUE caps_init (int, VALUE *, VALUE);
 static VALUE caps_to_string (VALUE);
 static VALUE caps_clear (VALUE);
-static VALUE caps_set_proc (VALUE);
+static VALUE caps_set_proc (int, VALUE *, VALUE);
 static VALUE captoggle (VALUE, VALUE, cap_flag_t, cap_flag_value_t);
 // functions to toggle capabilities in the various sets.
 static VALUE caps_SET_EFFECTIVE (VALUE, VALUE);

data/test/all_tests.rb CHANGED Viewed

File without changes

metadata CHANGED Viewed

@@ -1,49 +1,56 @@
 --- !ruby/object:Gem::Specification
-rubygems_version: 0.9.4
-specification_version: 1
 name: rcaps
 version: !ruby/object:Gem::Version
-  version: 0.9.10
-date: 2008-09-27 00:00:00 -04:00
-summary: A library for manipulating capabilities using the POSIX 1003.1e interfaces
-require_paths:
-- lib
-email: bdwalton@gmail.com
-homepage: http://rcaps.rubyforge.org/
-rubyforge_project: http://rubyforge.org/projects/rcaps
-description:
-autorequire:
-default_executable:
-bindir: bin
-has_rdoc: true
-required_ruby_version: !ruby/object:Gem::Version::Requirement
-  requirements:
-  - - ">"
-    - !ruby/object:Gem::Version
-      version: 0.0.0
-  version:
+  version: 0.9.20
 platform: ruby
-signing_key:
-cert_chain:
-post_install_message:
 authors:
 - Ben Walton
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2008-10-09 00:00:00 -04:00
+default_executable:
+dependencies: []
+description:
+email: bdwalton@gmail.com
+executables: []
+extensions:
+- extconf.rb
+extra_rdoc_files: []
 files:
 - COPYING
 - gpl.txt
 - rcaps.c
 - rcaps.h
-test_files:
-- test/all_tests.rb
+has_rdoc: true
+homepage: http://rcaps.rubyforge.org/
+post_install_message:
 rdoc_options:
 - -x test/
-extra_rdoc_files: []
-executables: []
-extensions:
-- extconf.rb
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
 requirements: []
-dependencies: []
+rubyforge_project: http://rubyforge.org/projects/rcaps
+rubygems_version: 1.1.1
+signing_key:
+specification_version: 2
+summary: A library for manipulating capabilities using the POSIX 1003.1e interfaces
+test_files:
+- test/all_tests.rb