1101209Srwatson/*- 2126218Srwatson * Copyright (c) 2002, 2004 Networks Associates Technology, Inc. 3101209Srwatson * All rights reserved. 4101209Srwatson * 5101209Srwatson * This software was developed for the FreeBSD Project by NAI Labs, the 6101209Srwatson * Security Research Division of Network Associates, Inc. under 7101209Srwatson * DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA 8101209Srwatson * CHATS research program. 9101209Srwatson * 10101209Srwatson * Redistribution and use in source and binary forms, with or without 11101209Srwatson * modification, are permitted provided that the following conditions 12101209Srwatson * are met: 13101209Srwatson * 1. Redistributions of source code must retain the above copyright 14101209Srwatson * notice, this list of conditions and the following disclaimer. 15101209Srwatson * 2. Redistributions in binary form must reproduce the above copyright 16101209Srwatson * notice, this list of conditions and the following disclaimer in the 17101209Srwatson * documentation and/or other materials provided with the distribution. 18101209Srwatson * 19101209Srwatson * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 20101209Srwatson * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21101209Srwatson * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22101209Srwatson * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 23101209Srwatson * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24101209Srwatson * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25101209Srwatson * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26101209Srwatson * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27101209Srwatson * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28101209Srwatson * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29101209Srwatson * SUCH DAMAGE. 30101209Srwatson */ 31140343Scharnier 32140343Scharnier#include <sys/cdefs.h> 33140343Scharnier__FBSDID("$FreeBSD: releng/10.2/usr.sbin/ugidfw/ugidfw.c 186480 2008-12-24 22:40:13Z rwatson $"); 34140343Scharnier 35101209Srwatson#include <sys/param.h> 36101209Srwatson#include <sys/errno.h> 37157986Sdwmalone#include <sys/mount.h> 38101209Srwatson#include <sys/time.h> 39101209Srwatson#include <sys/sysctl.h> 40101209Srwatson 41101209Srwatson#include <security/mac_bsdextended/mac_bsdextended.h> 42101209Srwatson 43140343Scharnier#include <err.h> 44101209Srwatson#include <stdio.h> 45101209Srwatson#include <stdlib.h> 46101209Srwatson#include <string.h> 47101209Srwatson#include <ugidfw.h> 48101209Srwatson 49140343Scharniervoid add_rule(int argc, char *argv[]); 50140343Scharniervoid list_rules(void); 51140343Scharniervoid remove_rule(int argc, char *argv[]); 52140343Scharniervoid set_rule(int argc, char *argv[]); 53140343Scharniervoid usage(void); 54140343Scharnier 55101209Srwatsonvoid 56101209Srwatsonusage(void) 57101209Srwatson{ 58101209Srwatson 59140343Scharnier fprintf(stderr, "usage: ugidfw add [subject [not] [uid uid] [gid gid]]" 60126218Srwatson " [object [not] [uid uid] \\\n"); 61126218Srwatson fprintf(stderr, " [gid gid]] mode arswxn\n"); 62140343Scharnier fprintf(stderr, " ugidfw list\n"); 63140343Scharnier fprintf(stderr, " ugidfw set rulenum [subject [not] [uid uid] [gid gid]]" 64101209Srwatson " [object [not] \\\n"); 65101209Srwatson fprintf(stderr, " [uid uid] [gid gid]] mode arswxn\n"); 66140343Scharnier fprintf(stderr, " ugidfw remove rulenum\n"); 67101209Srwatson 68140343Scharnier exit(1); 69101209Srwatson} 70101209Srwatson 71101209Srwatsonvoid 72126218Srwatsonadd_rule(int argc, char *argv[]) 73126218Srwatson{ 74186480Srwatson char errstr[BUFSIZ], charstr[BUFSIZ]; 75126218Srwatson struct mac_bsdextended_rule rule; 76126218Srwatson int error, rulenum; 77126218Srwatson 78126218Srwatson error = bsde_parse_rule(argc, argv, &rule, BUFSIZ, errstr); 79126218Srwatson if (error) { 80140343Scharnier warnx("%s", errstr); 81126218Srwatson return; 82126218Srwatson } 83126218Srwatson 84126218Srwatson error = bsde_add_rule(&rulenum, &rule, BUFSIZ, errstr); 85126218Srwatson if (error) { 86140343Scharnier warnx("%s", errstr); 87126218Srwatson return; 88126218Srwatson } 89186480Srwatson if (bsde_rule_to_string(&rule, charstr, BUFSIZ) == -1) 90186480Srwatson warnx("Added rule, but unable to print string."); 91186480Srwatson else 92186480Srwatson printf("%d %s\n", rulenum, charstr); 93126218Srwatson} 94126218Srwatson 95126218Srwatsonvoid 96101209Srwatsonlist_rules(void) 97101209Srwatson{ 98101209Srwatson char errstr[BUFSIZ], charstr[BUFSIZ]; 99101209Srwatson struct mac_bsdextended_rule rule; 100101209Srwatson int error, i, rule_count, rule_slots; 101101209Srwatson 102101209Srwatson rule_slots = bsde_get_rule_slots(BUFSIZ, errstr); 103101209Srwatson if (rule_slots == -1) { 104140343Scharnier warnx("unable to get rule slots; mac_bsdextended.ko " 105140343Scharnier "may not be loaded"); 106140343Scharnier errx(1, "bsde_get_rule_slots: %s", errstr); 107101209Srwatson } 108101209Srwatson 109101209Srwatson rule_count = bsde_get_rule_count(BUFSIZ, errstr); 110140343Scharnier if (rule_count == -1) 111140343Scharnier errx(1, "bsde_get_rule_count: %s", errstr); 112101209Srwatson 113101209Srwatson printf("%d slots, %d rules\n", rule_slots, rule_count); 114101209Srwatson 115148240Savatar for (i = 0; i < rule_slots; i++) { 116101209Srwatson error = bsde_get_rule(i, &rule, BUFSIZ, errstr); 117101209Srwatson switch (error) { 118101209Srwatson case -2: 119101209Srwatson continue; 120101209Srwatson case -1: 121140343Scharnier warnx("rule %d: %s", i, errstr); 122101209Srwatson continue; 123101209Srwatson case 0: 124101209Srwatson break; 125101209Srwatson } 126101209Srwatson 127101209Srwatson if (bsde_rule_to_string(&rule, charstr, BUFSIZ) == -1) 128140343Scharnier warnx("unable to translate rule %d to string", i); 129101209Srwatson else 130101209Srwatson printf("%d %s\n", i, charstr); 131101209Srwatson } 132101209Srwatson} 133101209Srwatson 134101209Srwatsonvoid 135101209Srwatsonset_rule(int argc, char *argv[]) 136101209Srwatson{ 137101209Srwatson char errstr[BUFSIZ]; 138101209Srwatson struct mac_bsdextended_rule rule; 139101209Srwatson long value; 140101209Srwatson int error, rulenum; 141101209Srwatson char *endp; 142101209Srwatson 143101209Srwatson if (argc < 1) 144101209Srwatson usage(); 145101209Srwatson 146101209Srwatson value = strtol(argv[0], &endp, 10); 147101209Srwatson if (*endp != '\0') 148101209Srwatson usage(); 149101209Srwatson 150101209Srwatson if ((long) value != (int) value || value < 0) 151101209Srwatson usage(); 152101209Srwatson 153101209Srwatson rulenum = value; 154101209Srwatson 155101209Srwatson error = bsde_parse_rule(argc - 1, argv + 1, &rule, BUFSIZ, errstr); 156101209Srwatson if (error) { 157140343Scharnier warnx("%s", errstr); 158101209Srwatson return; 159101209Srwatson } 160101209Srwatson 161101209Srwatson error = bsde_set_rule(rulenum, &rule, BUFSIZ, errstr); 162101209Srwatson if (error) { 163140343Scharnier warnx("%s", errstr); 164101209Srwatson return; 165101209Srwatson } 166101209Srwatson} 167101209Srwatson 168101209Srwatsonvoid 169101209Srwatsonremove_rule(int argc, char *argv[]) 170101209Srwatson{ 171101209Srwatson char errstr[BUFSIZ]; 172101209Srwatson long value; 173101209Srwatson int error, rulenum; 174101209Srwatson char *endp; 175101209Srwatson 176101209Srwatson if (argc != 1) 177101209Srwatson usage(); 178101209Srwatson 179101209Srwatson value = strtol(argv[0], &endp, 10); 180101209Srwatson if (*endp != '\0') 181101209Srwatson usage(); 182101209Srwatson 183101209Srwatson if ((long) value != (int) value || value < 0) 184101209Srwatson usage(); 185101209Srwatson 186101209Srwatson rulenum = value; 187101209Srwatson 188101209Srwatson error = bsde_delete_rule(rulenum, BUFSIZ, errstr); 189101209Srwatson if (error) 190140343Scharnier warnx("%s", errstr); 191101209Srwatson} 192101209Srwatson 193101209Srwatsonint 194101209Srwatsonmain(int argc, char *argv[]) 195101209Srwatson{ 196101209Srwatson 197101209Srwatson if (argc < 2) 198101209Srwatson usage(); 199101209Srwatson 200126218Srwatson if (strcmp("add", argv[1]) == 0) { 201126218Srwatson add_rule(argc-2, argv+2); 202126218Srwatson } else if (strcmp("list", argv[1]) == 0) { 203101209Srwatson if (argc != 2) 204101209Srwatson usage(); 205101209Srwatson list_rules(); 206101209Srwatson } else if (strcmp("set", argv[1]) == 0) { 207101209Srwatson set_rule(argc-2, argv+2); 208101209Srwatson } else if (strcmp("remove", argv[1]) == 0) { 209101209Srwatson remove_rule(argc-2, argv+2); 210101209Srwatson } else 211101209Srwatson usage(); 212101209Srwatson 213101209Srwatson return (0); 214101209Srwatson} 215