PERFORCE change 47610 for review

Wed Feb 25 03:55:03 GMT 2004

http://perforce.freebsd.org/chv.cgi?CH=47610

Change 47610 by rwatson at rwatson_paprika on 2004/02/24 19:54:30

	Add an 'add' command to ugidfw(8), which automatically selects
	the rule number for a new rule using bsde_add_rule().

Affected files ...

.. //depot/projects/trustedbsd/mac/usr.sbin/ugidfw/ugidfw.8#4 edit
.. //depot/projects/trustedbsd/mac/usr.sbin/ugidfw/ugidfw.c#11 edit

Differences ...

==== //depot/projects/trustedbsd/mac/usr.sbin/ugidfw/ugidfw.8#4 (text+ko) ====

@@ -1,4 +1,4 @@
-.\" Copyright (c) 2002 Networks Associates Technology, Inc.
+.\" Copyright (c) 2002, 2004 Networks Associates Technology, Inc.
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by Chris
@@ -33,7 +33,7 @@
 .\"
 .\" $FreeBSD: src/usr.sbin/ugidfw/ugidfw.8,v 1.5 2002/12/12 14:09:25 ru Exp $
 .\"
-.Dd October 11, 2002
+.Dd February 24, 2004
 .Dt UGIDFW 8
 .Os
 .Sh NAME
@@ -41,6 +41,18 @@
 .Nd "firewall-like access controls for file system objects"
 .Sh SYNOPSIS
 .Nm
+.Cm add
+.Cm subject
+.Op Cm not
+.Op Cm uid Ar uid
+.Op Cm gid Ar gid
+.Cm object
+.Op Cm not
+.Op Cm uid Ar uid
+.Op Cm gid Ar gid
+.Cm mode
+.Ar arswxn
+.Nm
 .Cm list
 .Nm
 .Cm set
@@ -71,6 +83,27 @@
 .Pp
 The arguments are as follows:
 .Bl -tag -width indent -offset indent
+.It Cm add
+Add a new
+.Nm
+rule.
+.It Xo
+.Cm add
+.Cm subject
+.Op Cm not
+.Op Cm uid Ar uid
+.Op Cm gid Ar gid
+.Cm object
+.Op Cm not
+.Op Cm uid Ar uid
+.Op Cm gid Ar gid
+.Cm mode
+.Ar arswxn
+.Xc
+Add a new rule, automatically selecting the rule number.
+See the description of
+.Cm set
+for syntax information.
 .It Cm list
 Produces a list of all the current
 .Nm

==== //depot/projects/trustedbsd/mac/usr.sbin/ugidfw/ugidfw.c#11 (text+ko) ====

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2002 Networks Associates Technology, Inc.
+ * Copyright (c) 2002, 2004 Networks Associates Technology, Inc.
  * All rights reserved.
  *
  * This software was developed for the FreeBSD Project by NAI Labs, the
@@ -15,9 +15,6 @@
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
- * 3. The names of the authors may not be used to endorse or promote
- *    products derived from this software without specific prior written
- *    permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@@ -50,6 +47,9 @@
 usage(void)
 {
 
+	fprintf(stderr, "ugidfw add [subject [not] [uid uid] [gid gid]]"
+	    " [object [not] [uid uid] \\\n");
+	fprintf(stderr, "    [gid gid]] mode arswxn\n");
 	fprintf(stderr, "ugidfw list\n");
 	fprintf(stderr, "ugidfw set rulenum [subject [not] [uid uid] [gid gid]]"
 	    " [object [not] \\\n");
@@ -60,6 +60,29 @@
 }
 
 void
+add_rule(int argc, char *argv[])
+{
+	char errstr[BUFSIZ];
+	struct mac_bsdextended_rule rule;
+	long value;
+	int error, rulenum;
+	char *endp;
+
+	error = bsde_parse_rule(argc, argv, &rule, BUFSIZ, errstr);
+	if (error) {
+		fprintf(stderr, "%s\n", errstr);
+		return;
+	}
+
+	error = bsde_add_rule(&rulenum, &rule, BUFSIZ, errstr);
+	if (error) {
+		fprintf(stderr, "%s\n", errstr);
+		return;
+	}
+	printf("Added rule %d\n", rulenum);
+}
+
+void
 list_rules(void)
 {
 	char errstr[BUFSIZ], charstr[BUFSIZ];
@@ -168,7 +191,9 @@
 	if (argc < 2)
 		usage();
 
-	if (strcmp("list", argv[1]) == 0) {
+	if (strcmp("add", argv[1]) == 0) {
+		add_rule(argc-2, argv+2);
+	} else if (strcmp("list", argv[1]) == 0) {
 		if (argc != 2)
 			usage();
 		list_rules();
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message

