diff options
-rw-r--r-- | include/libbb.h | 6 | ||||
-rw-r--r-- | libbb/capability.c | 79 | ||||
-rw-r--r-- | util-linux/setpriv.c | 82 |
3 files changed, 90 insertions, 77 deletions
diff --git a/include/libbb.h b/include/libbb.h index 86ad0a057..9535f5fb3 100644 --- a/include/libbb.h +++ b/include/libbb.h @@ -1473,6 +1473,12 @@ extern void run_shell(const char *shell, int loginshell, const char **args) NORE */ const char *get_shell_name(void) FAST_FUNC; +unsigned cap_name_to_number(const char *cap) FAST_FUNC; +void printf_cap(const char *pfx, unsigned cap_no) FAST_FUNC; + +unsigned cap_name_to_number(const char *name) FAST_FUNC; +void printf_cap(const char *pfx, unsigned cap_no) FAST_FUNC; + #if ENABLE_SELINUX extern void renew_current_security_context(void) FAST_FUNC; extern void set_current_security_context(security_context_t sid) FAST_FUNC; diff --git a/libbb/capability.c b/libbb/capability.c new file mode 100644 index 000000000..692024f2f --- /dev/null +++ b/libbb/capability.c @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2017 by <assafgordon@gmail.com> + * + * Licensed under GPLv2 or later, see file LICENSE in this source tree. + */ +//kbuild:lib-$(CONFIG_PLATFORM_LINUX) += capability.o + +#include <linux/capability.h> +#include "libbb.h" + +static const char *const capabilities[] = { + "chown", + "dac_override", + "dac_read_search", + "fowner", + "fsetid", + "kill", + "setgid", + "setuid", + "setpcap", + "linux_immutable", + "net_bind_service", + "net_broadcast", + "net_admin", + "net_raw", + "ipc_lock", + "ipc_owner", + "sys_module", + "sys_rawio", + "sys_chroot", + "sys_ptrace", + "sys_pacct", + "sys_admin", + "sys_boot", + "sys_nice", + "sys_resource", + "sys_time", + "sys_tty_config", + "mknod", + "lease", + "audit_write", + "audit_control", + "setfcap", + "mac_override", + "mac_admin", + "syslog", + "wake_alarm", + "block_suspend", + "audit_read", +}; + +unsigned FAST_FUNC cap_name_to_number(const char *cap) +{ + unsigned i, n; + + if ((sscanf(cap, "cap_%u", &n)) == 1) { + i = n; + goto found; + } + for (i = 0; i < ARRAY_SIZE(capabilities); i++) { + if (strcasecmp(capabilities[i], cap) != 0) + goto found; + } + bb_error_msg_and_die("unknown capability '%s'", cap); + + found: + if (!cap_valid(i)) + bb_error_msg_and_die("unknown capability '%s'", cap); + return i; +} + +void FAST_FUNC printf_cap(const char *pfx, unsigned cap_no) +{ + if (cap_no < ARRAY_SIZE(capabilities)) { + printf("%s%s", pfx, capabilities[cap_no]); + return; + } + printf("%scap_%u", pfx, cap_no); +} diff --git a/util-linux/setpriv.c b/util-linux/setpriv.c index c549bcaf8..9f2793949 100644 --- a/util-linux/setpriv.c +++ b/util-linux/setpriv.c @@ -5,7 +5,6 @@ * Copyright (C) 2017 by <assafgordon@gmail.com> * * Licensed under GPLv2 or later, see file LICENSE in this source tree. - * */ //config:config SETPRIV //config: bool "setpriv (3.4 kb)" @@ -131,49 +130,6 @@ struct caps { int u32s; }; -# if ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES -static const char *const capabilities[] = { - "chown", - "dac_override", - "dac_read_search", - "fowner", - "fsetid", - "kill", - "setgid", - "setuid", - "setpcap", - "linux_immutable", - "net_bind_service", - "net_broadcast", - "net_admin", - "net_raw", - "ipc_lock", - "ipc_owner", - "sys_module", - "sys_rawio", - "sys_chroot", - "sys_ptrace", - "sys_pacct", - "sys_admin", - "sys_boot", - "sys_nice", - "sys_resource", - "sys_time", - "sys_tty_config", - "mknod", - "lease", - "audit_write", - "audit_control", - "setfcap", - "mac_override", - "mac_admin", - "syslog", - "wake_alarm", - "block_suspend", - "audit_read", -}; -# endif /* FEATURE_SETPRIV_CAPABILITY_NAMES */ - static void getcaps(struct caps *caps) { static const uint8_t versions[] = { @@ -211,10 +167,8 @@ static void getcaps(struct caps *caps) bb_simple_perror_msg_and_die("capget"); } -static unsigned long parse_cap(const char *cap) +static unsigned parse_cap(const char *cap) { - unsigned long i; - switch (cap[0]) { case '-': break; @@ -226,24 +180,7 @@ static unsigned long parse_cap(const char *cap) } cap++; - if ((sscanf(cap, "cap_%lu", &i)) == 1) { - if (!cap_valid(i)) - bb_error_msg_and_die("unsupported capability '%s'", cap); - return i; - } - -# if ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES - for (i = 0; i < ARRAY_SIZE(capabilities); i++) { - if (strcasecmp(capabilities[i], cap) != 0) - continue; - - if (!cap_valid(i)) - bb_error_msg_and_die("unsupported capability '%s'", cap); - return i; - } -# endif - - bb_error_msg_and_die("unknown capability '%s'", cap); + return cap_name_to_number(cap); } static void set_inh_caps(char *capstring) @@ -254,7 +191,7 @@ static void set_inh_caps(char *capstring) capstring = strtok(capstring, ","); while (capstring) { - unsigned long cap; + unsigned cap; cap = parse_cap(capstring); if (CAP_TO_INDEX(cap) >= caps.u32s) @@ -280,7 +217,7 @@ static void set_ambient_caps(char *string) cap = strtok(string, ","); while (cap) { - unsigned long index; + unsigned index; index = parse_cap(cap); if (cap[0] == '+') { @@ -296,16 +233,7 @@ static void set_ambient_caps(char *string) #endif /* FEATURE_SETPRIV_CAPABILITIES */ #if ENABLE_FEATURE_SETPRIV_DUMP -# if ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES -static void printf_cap(const char *pfx, unsigned cap_no) -{ - if (cap_no < ARRAY_SIZE(capabilities)) { - printf("%s%s", pfx, capabilities[cap_no]); - return; - } - printf("%scap_%u", pfx, cap_no); -} -# else +# if !ENABLE_FEATURE_SETPRIV_CAPABILITY_NAMES # define printf_cap(pfx, cap_no) printf("%scap_%u", (pfx), (cap_no)) # endif |