1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-20 11:11:24 +00:00
freebsd/usr.bin
Pawel Jakub Dawidek 7008be5bd7 Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.

The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.

The structure definition looks like this:

	struct cap_rights {
		uint64_t	cr_rights[CAP_RIGHTS_VERSION + 2];
	};

The initial CAP_RIGHTS_VERSION is 0.

The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.

The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.

To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.

	#define	CAP_PDKILL	CAPRIGHT(1, 0x0000000000000800ULL)

We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:

	#define	CAP_LOOKUP	CAPRIGHT(0, 0x0000000000000400ULL)
	#define	CAP_FCHMOD	CAPRIGHT(0, 0x0000000000002000ULL)

	#define	CAP_FCHMODAT	(CAP_FCHMOD | CAP_LOOKUP)

There is new API to manage the new cap_rights_t structure:

	cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
	void cap_rights_set(cap_rights_t *rights, ...);
	void cap_rights_clear(cap_rights_t *rights, ...);
	bool cap_rights_is_set(const cap_rights_t *rights, ...);

	bool cap_rights_is_valid(const cap_rights_t *rights);
	void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
	void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
	bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);

Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:

	cap_rights_t rights;

	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);

There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:

	#define	cap_rights_set(rights, ...)				\
		__cap_rights_set((rights), __VA_ARGS__, 0ULL)
	void __cap_rights_set(cap_rights_t *rights, ...);

Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:

	cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);

Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.

This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.

Sponsored by:	The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
..
alias
apply Constify arguments. While I'm there, also add a static for usage(). 2013-01-04 23:44:22 +00:00
ar Work around build breakages with GCC 4.2. 2013-05-23 05:42:35 +00:00
asa
at - Do not bail out if stat(2) fails with ENOENT in the spool directory. This 2013-04-12 14:32:16 +00:00
atf Add ATF to the build. This is may be a bit rought around the egdes, 2012-10-22 01:18:41 +00:00
atm
awk
banner Add missing static keywords to banner(1) 2011-11-06 08:13:51 +00:00
basename
bc Work around build breakages with GCC 4.2. 2013-05-23 05:42:35 +00:00
biff Fix EXIT STATUS. biff reports its status when it was invoked. 2013-04-28 09:29:44 +00:00
bluetooth
bmake ParseGetLine: don't treat a zero byte as end of buffer if P_end says it isn't. 2013-08-10 21:31:35 +00:00
brandelf fix up my copyright and remove third clause.. 2013-08-26 18:51:48 +00:00
bsdiff Remove trailing whitespace per mdoc lint warning 2012-03-29 05:02:12 +00:00
bzip2
bzip2recover Add the Clang specific -Wmissing-variable-declarations to WARNS=6. 2013-04-19 19:45:00 +00:00
c89 Make c89(1) invoke /usr/bin/cc with argv[0] also set to /usr/bin/cc, 2013-03-07 21:34:16 +00:00
c99 Make c99(1) invoke /usr/bin/cc with argv[0] set to "/usr/bin/cc" instead 2013-03-07 21:37:23 +00:00
calendar Provide UTF-8 version of russian calendars. 2013-08-16 07:02:17 +00:00
cap_mkdb Add missing static keywords to cap_mkdb(1) 2011-11-06 08:14:03 +00:00
catman Add missing static keywords to catman(1) 2011-11-06 08:14:09 +00:00
chat More -Wmissing-variable-declarations fixes. 2012-10-19 14:49:42 +00:00
checknr Mark global functions and/or variables in checknr(1) static where possible. 2011-11-06 18:49:03 +00:00
chkey Handle NULL return from crypt(3). Mostly from DragonFly 2012-02-22 06:27:20 +00:00
chpass Avoid possible null deref if ypclnt_new returns null 2012-11-15 15:06:18 +00:00
cksum More -Wmissing-variable-declarations fixes. 2012-10-20 10:33:15 +00:00
clang Upgrade our copy of llvm/clang to 3.3 release. 2013-06-12 18:48:53 +00:00
cmp Add missing static keywords to cmp(1) 2011-11-06 08:14:16 +00:00
col Add missing static keywords to col(1) 2011-11-06 08:14:22 +00:00
colcrt Add missing static keywords to colcrt(1) 2011-11-06 08:14:28 +00:00
colldef
colrm
column Add missing static keywords to column(1) 2011-11-06 08:14:34 +00:00
comm Remove trailing whitespace per mdoc lint warning 2012-03-29 05:02:12 +00:00
compile_et - Update FreeBSD Heimdal distribution to version 1.5.1. This also brings 2012-03-22 08:48:42 +00:00
compress Replace index() and rindex() calls with strchr() and strrchr(). 2012-01-03 18:51:58 +00:00
cpio MFV r248590,248594: 2013-03-22 13:36:03 +00:00
cpuset Add missing static keywords to cpuset(1) 2011-11-06 08:14:40 +00:00
csplit Add missing static keywords to csplit(1) 2011-11-06 08:14:45 +00:00
csup Clean up -Wheader-guard warnings. 2013-06-17 20:11:04 +00:00
ctags
ctlstat Fix bugs in the elapsed time calculation in ctlstat_standard() 2013-04-11 21:18:04 +00:00
cut The is_delim function works on wchar_t characters not ints, update the 2012-11-24 04:15:25 +00:00
dc Properly handle '-h' argument. 2013-02-28 01:22:14 +00:00
dig Reduce WARNS to 0 for dig, host, and nslookup to make them 2013-08-30 06:21:00 +00:00
dirname
dtc Remove EOL whitespace. 2013-08-22 16:01:20 +00:00
du New sentence, new line. 2012-11-04 09:27:01 +00:00
ee Fix spelling. 2013-03-11 13:08:32 +00:00
elf2aout
elfdump More -Wmissing-variable-declarations fixes. 2012-10-19 14:49:42 +00:00
enigma Handle NULL return from crypt(3). Mostly from DragonFly 2012-02-22 06:27:20 +00:00
env
expand Mark global functions and/or variables in expand(1) static where possible. 2011-11-06 18:49:30 +00:00
false
fetch Include an Accept header in requests. 2013-07-30 13:07:55 +00:00
file Update file(1) to version 5.11. 2012-04-19 03:20:13 +00:00
file2c
find find: Allow -delete to delete files given as arguments. 2013-08-02 14:14:23 +00:00
finger More -Wmissing-variable-declarations fixes. 2012-10-19 14:49:42 +00:00
fmt
fold Add missing static keywords to fold(1) 2011-11-06 08:15:23 +00:00
from
fstat Similar to 233760 and 236717, export some more useful info about the 2013-05-03 21:11:57 +00:00
fsync
ftp Merge tnftp-20100108 from the vendor branch into head. 2011-06-20 08:00:32 +00:00
gcore Add some missing DPADD. 2013-05-11 13:46:05 +00:00
gencat More -Wmissing-variable-declarations fixes. 2012-10-19 14:49:42 +00:00
getconf
getent Add support for netgroup, based on patch in the PR but made consistent 2013-05-23 20:52:30 +00:00
getopt Fix typo in example getopt(1) script: $i vs $1 [1] 2011-01-26 18:43:15 +00:00
gprof rework old-style functions prototypes 2013-02-14 08:16:03 +00:00
grep grep -i does not work for simple patterns and single byte locales, like 2013-07-30 18:16:43 +00:00
gzip More -Wmissing-variable-declarations fixes. 2012-10-19 14:49:42 +00:00
head Remove EOL whitespace accidentally introduced in r248393. 2013-03-17 06:57:25 +00:00
hesinfo
hexdump Fix typo ('1' != 'l') 2013-03-04 02:21:06 +00:00
host Reduce WARNS to 0 for dig, host, and nslookup to make them 2013-08-30 06:21:00 +00:00
iconv As a followup to r252547, propate const down the call stack. 2013-07-03 18:27:45 +00:00
id Correct the change made in r227166. 2011-11-06 09:09:45 +00:00
indent Add the Clang specific -Wmissing-variable-declarations to WARNS=6. 2013-04-19 19:45:00 +00:00
ipcrm General mdoc(7) and typo fixes. 2012-05-10 02:07:00 +00:00
ipcs Spelling fixes for usr.bin/ 2011-12-30 11:02:40 +00:00
join Cast *tabchar, a wchar_t, to a wint_t as it is the type the %lc printf 2013-02-04 10:05:55 +00:00
jot Remove superfluous paragraph macro. 2012-03-25 09:19:25 +00:00
kdump Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
keylogin WARNS=6 compliance 2013-02-19 13:32:26 +00:00
keylogout
killall killall: add -q flag to suppress error message when no processes are matched 2013-06-30 20:27:31 +00:00
ktrace Don't trace or dump page fault records in the default set of tracepoints 2012-05-31 14:46:02 +00:00
ktrdump - Implement run-time expansion of the KTR buffer via sysctl. 2012-11-15 00:51:57 +00:00
lam Mark global functions and/or variables in lam(1) static where possible. 2011-11-06 18:49:41 +00:00
last Bump date missed in r202756 2012-09-14 17:50:42 +00:00
lastcomm Allow to specify strftime(3) format for process start end exit times. 2012-05-17 11:10:13 +00:00
ldd Pass variables prefixed with both LD_ and LD_32_ to the run-time linker. 2013-08-07 00:28:17 +00:00
leave Build last(1) and leave(1) with WARNS=6. 2011-10-14 07:26:20 +00:00
less Note that the manual page of less(1) says: 2012-12-03 21:49:37 +00:00
lessecho
lesskey
lex Connect flex 2.5.37 to the build and bump __FreeBSD_version. 2013-05-21 19:32:35 +00:00
limits General mdoc(7) and typo fixes. 2012-05-10 02:07:00 +00:00
locale Sort options. 2012-11-17 23:52:38 +00:00
locate Give users a hint when their locate database is too small. 2012-12-10 02:26:01 +00:00
lock Check the return error of set[e][ug]id. While this can never fail in the 2012-10-22 03:07:05 +00:00
lockf Add option to lockf to avoid creating a file if it does not exist. 2013-05-10 17:30:29 +00:00
logger Add missing const keywords. 2012-10-19 14:29:03 +00:00
login None of these programs actually use auth.conf. 2012-06-11 16:18:39 +00:00
logins Reencode files from latin1 to UTF-8. 2011-12-30 10:59:15 +00:00
logname
look Add missing static keywords to look(1) 2011-11-06 08:15:59 +00:00
lorder
lsvfs - Add file system type number (vfc_typenum) in the list. This is useful 2013-06-09 16:33:32 +00:00
lzmainfo Remove unneeded WARNS=3 lines. 2011-10-16 08:04:43 +00:00
m4 mdoc: convert .Fd to .In, which is much nicer. 2013-06-04 07:37:06 +00:00
mail Remove unnecessary cast to pid_t. 2013-07-04 03:24:58 +00:00
make Remove unnecessary cast to pid_t. 2013-07-04 03:24:58 +00:00
makewhatis Currently the code uses gzFile * for a zlib file descriptor, which 2012-06-20 23:53:36 +00:00
man Remove default support for 1aout section manpages. There haven't been 2013-01-16 23:20:24 +00:00
mandoc Merge mandoc from vendor into contrib and provide the necessary Makefile glue. 2012-10-19 22:21:01 +00:00
mesg
minigzip MFV: Update zlib to 1.2.7. 2012-06-21 21:47:08 +00:00
ministat Add option to suppress just the plot in ministat while still retaining 2012-11-15 15:06:12 +00:00
mkcsmapper Attempt to deal with a compile failure that shows up with gcc, which 2013-07-03 18:25:27 +00:00
mkcsmapper_static Add the BSD-licensed Citrus iconv to the base system with default off 2011-02-25 00:04:39 +00:00
mkdep
mkesdb Attempt to deal with a compile failure that shows up with gcc, which 2013-07-03 18:25:27 +00:00
mkesdb_static Add the BSD-licensed Citrus iconv to the base system with default off 2011-02-25 00:04:39 +00:00
mkfifo
mklocale Work around build breakages with GCC 4.2. 2013-05-23 05:42:35 +00:00
mkstr
mktemp Use the macro for standard error return values. 2012-11-18 16:34:06 +00:00
mkulzma mdoc: document title should be all caps. 2012-03-25 19:34:05 +00:00
mkuzip Fixed an embedded shell script. 2011-05-13 09:55:48 +00:00
msgs Check the return error of set[e][ug]id. While this can never fail in the 2012-10-22 03:07:05 +00:00
mt In usr.bin/mt/mt.c, the c_code member of struct commands should really 2011-12-17 02:23:30 +00:00
nc
ncal More -Wmissing-variable-declarations fixes. 2012-10-19 14:49:42 +00:00
netstat - Use getnameinfo(3) instead of gethostbyaddr(3) or inet_ntop(3). 2013-08-17 17:23:42 +00:00
newgrp Print a warning if not setuid root. 2013-02-08 14:14:00 +00:00
newkey
nfsstat Modify nfsstat.c so that it prints out an error when a non-root 2013-06-09 21:54:19 +00:00
nice Not only had I included a syntax / style error, nice.3 is also 2011-02-26 11:20:51 +00:00
nl Make nl(1) build with WARNS=6. 2011-10-14 07:28:39 +00:00
nohup
nslookup Reduce WARNS to 0 for dig, host, and nslookup to make them 2013-08-30 06:21:00 +00:00
nsupdate Update Bind to 9.9.3-P2 2013-08-22 08:15:03 +00:00
opieinfo
opiekey
opiepasswd
pagesize
pamtest Update to OpenPAM Micrampelis. 2012-05-26 17:10:16 +00:00
passwd Respect NO_FSCHG and don't set 'schg' flag on passwd/yppasswd is defined. 2012-11-27 16:23:12 +00:00
paste Mark global functions and/or variables in paste(1) static where possible. 2011-11-06 18:49:53 +00:00
patch Drop build option switch for the older GNU patch. 2013-08-29 00:38:24 +00:00
pathchk
perror
pr Standardize EXIT STATUS instructions in man pages when possible. 2012-11-18 16:33:51 +00:00
printenv
printf POSIX requires that non-existent or null arguments be treated as if a 2012-12-18 21:02:38 +00:00
procstat Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
quota Add missing static keywords to quota(1) 2011-11-06 08:16:29 +00:00
rctl Minor spelling and grammar fixes. 2013-04-11 19:05:24 +00:00
renice Move example to EXAMPLES. 2013-03-17 06:36:04 +00:00
rev
revoke
rlogin More -Wmissing-variable-declarations fixes. 2012-10-19 14:49:42 +00:00
rpcgen More -Wmissing-variable-declarations fixes. 2012-10-19 14:49:42 +00:00
rpcinfo Cleanup use of 'host' when running 'rpcinfo -p'. 2012-08-18 16:14:50 +00:00
rs Add missing static keywords to rs(1) 2011-11-06 08:16:35 +00:00
rsh None of these programs actually use auth.conf. 2012-06-11 16:18:39 +00:00
rup
ruptime Add missing static keywords to ruptime(1) 2011-11-06 08:16:41 +00:00
rusers Add missing static keywords to rusers(1) 2011-11-06 08:16:47 +00:00
rwall Add missing static keywords to rwall(1) 2011-11-06 08:16:53 +00:00
rwho Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
script MFC'ing to 9.2. 2013-07-30 19:21:36 +00:00
sed sed: use getline() instead of fgetln(). 2013-06-26 04:14:19 +00:00
seq Standardize EXIT STATUS instructions in man pages when possible. 2012-11-18 16:33:51 +00:00
setchannel Remove superfluous paragraph macro. 2012-03-25 09:19:25 +00:00
shar
showmount Ensure there is a whitespace after a mount point. 2011-05-24 06:56:40 +00:00
smbutil
sockstat Update the usage with the new jail option. 2012-06-27 23:26:32 +00:00
sort Fix header guards. 2013-06-17 20:15:39 +00:00
split Avoid signed overflow in error handling code. 2013-05-21 19:56:03 +00:00
ssh-copy-id Add examples to the ssh-copy-id script. 2012-11-13 13:06:57 +00:00
stat More -Wmissing-variable-declarations fixes. 2012-10-19 14:49:42 +00:00
stdbuf Remove stray tabs. 2013-01-14 11:06:50 +00:00
su Make check for unknown login class actually work. Previously, using the "-c" option 2013-08-12 21:01:01 +00:00
svn Update serf 1.2.1 -> 1.3.0 for svn 2013-08-02 19:21:46 +00:00
systat Nuke "systat -mbuf". It was broken since FreeBSD 5, and since there 2013-07-15 12:15:14 +00:00
tabs
tail Print file names without stdio buffering to avoid mixing buffered and 2013-06-09 08:06:26 +00:00
talk Bump date missed in r202756 2012-09-14 17:50:42 +00:00
tar MFV r248590,248594: 2013-03-22 13:36:03 +00:00
tcopy Add missing static keywords to tcopy(1) 2011-11-06 08:17:29 +00:00
tee Reverting last change r231449 (fix bin/164947) due to concerns voiced 2012-02-11 16:34:03 +00:00
telnet
tftp More -Wmissing-variable-declarations fixes. 2012-10-19 14:49:42 +00:00
time time: Use close-on-exec instead of fclose() in the child process. 2012-12-08 17:41:39 +00:00
tip A number of places in the source tree still reference cuad.* after 2012-12-08 22:16:36 +00:00
top Bump the CPU/WCPU column width by one so that it fits values from 100% up 2013-06-11 19:05:29 +00:00
touch Constify where appropriate. 2013-04-23 13:03:17 +00:00
tput
tr When copying the complement of the string loop to WINT_MAX as we are dealing 2013-01-22 05:39:34 +00:00
true
truncate
truss Remove incorrect 'const' qualifier from pointers to dynamic string 2013-08-19 17:09:14 +00:00
tset More -Wmissing-variable-declarations fixes. 2012-10-19 14:49:42 +00:00
tsort Add missing static keywords to tsort(1) 2011-11-06 08:17:47 +00:00
tty
ul Fix a signed/unsigned comparison when wchar_t is unsigned by casting the 2013-01-06 03:08:27 +00:00
uname Add missing static keywords to uname(1) 2011-11-06 08:17:59 +00:00
unexpand Add missing static keywords to unexpand(1) 2011-11-06 08:18:05 +00:00
unifdef Update to upstream version 2.7 2013-03-28 20:33:07 +00:00
uniq Change the cap_rights_t type from uint64_t to a structure that we can extend 2013-09-05 00:09:56 +00:00
units mdoc: terminate quoted strings. 2012-03-26 15:18:14 +00:00
unvis Replace our (un)vis(1) commands with implementations from NetBSD to 2013-03-15 00:05:50 +00:00
unzip Replace deprecated (or remove obsolete) libarchive 2.8 functions 2013-03-22 10:17:42 +00:00
usbhidaction Add missing static keywords to usbhidaction(1) 2011-11-06 08:18:23 +00:00
usbhidctl mdoc sweep. 2013-05-12 22:22:12 +00:00
users Bump date missed in r202756 2012-09-14 17:50:42 +00:00
uudecode
uuencode Prefer an example users born after myself might use. 2012-10-26 15:21:23 +00:00
vacation Since clang 3.2 now has an option to suppress warnings about implicitly 2013-02-16 20:17:31 +00:00
vgrind mdoc: terminate quoted strings. 2012-03-26 15:18:14 +00:00
vi Give up on using iconv to convert to UTF-8 at build time. I don't see any 2013-08-12 09:56:52 +00:00
vis Replace our (un)vis(1) commands with implementations from NetBSD to 2013-03-15 00:05:50 +00:00
vmstat - Show page faults requiring I/O when -s invoked. 2013-01-28 12:58:37 +00:00
w Revert r253748,253749 2013-07-28 18:44:17 +00:00
wall Check the return error of set[e][ug]id. While this can never fail in the 2012-10-22 03:07:05 +00:00
wc Add missing static keywords to wc(1) 2011-11-06 08:19:00 +00:00
what
whereis Reencode files from latin1 to UTF-8. 2011-12-30 10:59:15 +00:00
which Mark global functions and/or variables in which(1) static where possible. 2011-11-06 18:50:26 +00:00
who Remove contractions. 2012-10-07 20:01:41 +00:00
whois General mdoc(7) and typo fixes. 2012-05-10 02:07:00 +00:00
write Fix write(1) to support wide characters. 2012-02-13 14:40:15 +00:00
xargs Style(9) changes fo xargs.c 2013-05-10 03:49:05 +00:00
xinstall New install flags were merged to 9-STABLE and will appear in FreeBSD-9.2. 2013-06-05 17:02:21 +00:00
xlint Improve compatibility with recent flex from flex.sourceforge.net. 2013-05-03 23:51:32 +00:00
xstr Mark global functions and/or variables in xstr(1) static where possible. 2011-11-06 18:50:39 +00:00
xz
xzdec Remove unneeded WARNS=3 lines. 2011-10-16 08:04:43 +00:00
yacc Import byacc from invisible island, it brings us lots of compatibilities with 2012-05-21 13:31:26 +00:00
yes yes(1) actually comes from V7. 2012-09-17 23:04:15 +00:00
ypcat
ypmatch
ypwhich
Makefile Subversion requires atomic functions we only support on arm with clang. 2013-08-19 17:44:19 +00:00
Makefile.amd64 - Trim an unused and bogus Makefile for mount_smbfs. 2013-06-28 21:00:08 +00:00
Makefile.arm Add arm bits to truss. 2013-03-07 23:44:35 +00:00
Makefile.i386 - Trim an unused and bogus Makefile for mount_smbfs. 2013-06-28 21:00:08 +00:00
Makefile.ia64 - Trim an unused and bogus Makefile for mount_smbfs. 2013-06-28 21:00:08 +00:00
Makefile.inc
Makefile.powerpc - Trim an unused and bogus Makefile for mount_smbfs. 2013-06-28 21:00:08 +00:00
Makefile.sparc64 - Trim an unused and bogus Makefile for mount_smbfs. 2013-06-28 21:00:08 +00:00