From 2c264d5813d3251e9cf1582dffdc3adb445dd93a Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Thu, 18 Mar 2021 18:43:12 -0500 Subject: [PATCH] Bugfix: recently added capability functions are from newer version. The libcap project hasn't been updated in a long time. Apparently, somebody relatively recently picked up the project and started maintaining it. This introduced newer functions. For some reason, my system has a hybrid of this. The headers show the newer functions but the libraries lack them. Add a new define "_libcap_legacy_only_". Enable this by default given how long libcap has exist unchanged. I also noticed and inconsistency with the function names for users and groups (which are newer functions). Rename them to not include the "_id". Remove a duplicate function that didn't even have a reference in the header (oops!). --- build/level_0/settings | 2 +- build/monolithic/settings | 2 +- level_0/f_capability/c/capability.c | 129 +++++++++++++++++++++++-------- level_0/f_capability/c/capability.h | 6 +- level_0/f_capability/data/build/defines | 2 +- level_0/f_capability/data/build/settings | 2 +- 6 files changed, 102 insertions(+), 41 deletions(-) diff --git a/build/level_0/settings b/build/level_0/settings index d07decb..b5e93a6 100644 --- a/build/level_0/settings +++ b/build/level_0/settings @@ -46,7 +46,7 @@ search_shared yes search_static yes #defines_all -D_di_libcap_ -defines_all +defines_all -D_libcap_legacy_only_ defines_all-level_threadless -D_di_pthread_support_ defines_static defines_shared diff --git a/build/monolithic/settings b/build/monolithic/settings index 0dfe062..3ddf554 100644 --- a/build/monolithic/settings +++ b/build/monolithic/settings @@ -46,7 +46,7 @@ search_shared yes search_static yes #defines_all -D_di_libcap_ -defines_all +defines_all -D_libcap_legacy_only_ defines_all-monolithic_threadless -D_di_pthread_support_ defines_static defines_shared diff --git a/level_0/f_capability/c/capability.c b/level_0/f_capability/c/capability.c index ca95b06..271637e 100644 --- a/level_0/f_capability/c/capability.c +++ b/level_0/f_capability/c/capability.c @@ -4,7 +4,7 @@ extern "C" { #endif -#ifdef _di_libcap_ +#if defined(_di_libcap_) || defined(_libcap_legacy_only_) #ifndef _di_f_capability_ambient_get_ f_status_t f_capability_ambient_get(const f_capability_value_t value, int *ambient) { @@ -28,11 +28,9 @@ extern "C" { } #endif // _di_f_capability_ambient_set_ - #ifndef _di_f_capability_groups_set_ - f_status_t f_capability_groups_set(const gid_t id_group, const size_t total, const gid_t id_groups[]) { - return F_status_set_error(F_implemented_not); - } - #endif // _di_f_capability_groups_set_ +#endif // defined(_di_libcap_) || defined(_libcap_legacy_only_) + +#ifdef _di_libcap_ #ifndef _di_f_capability_clear_ f_status_t f_capability_clear(f_capability_t *capability) { @@ -177,11 +175,19 @@ extern "C" { } #endif // _di_f_capability_from_text_ - #ifndef f_capability_groups_id_set - f_status_t f_capability_groups_id_set(const gid_t id_group, const size_t total, const gid_t id_groups[]) { +#endif // _di_libcap_ + +#if defined(_di_libcap_) || defined(_libcap_legacy_only_) + + #ifndef _di_f_capability_groups_set_ + f_status_t f_capability_groups_set(const gid_t id_group, const size_t total, const gid_t id_groups[]) { return F_status_set_error(F_implemented_not); } - #endif // f_capability_groups_id_set + #endif // _di_f_capability_groups_set_ + +#endif // defined(_di_libcap_) || defined(_libcap_legacy_only_) + +#ifdef _di_libcap_ #ifndef _di_f_capability_initialize_ f_status_t f_capability_initialize(f_capability_t *capability) { @@ -193,6 +199,10 @@ extern "C" { } #endif // _di_f_capability_initialize_ +#endif // _di_libcap_ + +#if defined(_di_libcap_) || defined(_libcap_legacy_only_) + #ifndef _di_f_capability_mode_get_ f_status_t f_capability_mode_get(f_capability_mode_t *mode) { #ifndef _di_level_0_parameter_checking_ @@ -235,6 +245,10 @@ extern "C" { } #endif // _di_f_capability_owner_set_ +#endif // defined(_di_libcap_) || defined(_libcap_legacy_only_) + +#ifdef _di_libcap_ + #ifndef _di_f_capability_process_bound_drop_ f_status_t f_capability_process_bound_drop(f_capability_value_t code, int *bound) { #ifndef _di_level_0_parameter_checking_ @@ -281,6 +295,10 @@ extern "C" { } #endif // _di_f_capability_process_set_ +#endif // _di_libcap_ + +#if defined(_di_libcap_) || defined(_libcap_legacy_only_) + #ifndef _di_f_capability_security_bits_get_ f_status_t f_capability_security_bits_get(f_capability_bits_t *bits) { #ifndef _di_level_0_parameter_checking_ @@ -297,6 +315,10 @@ extern "C" { } #endif // _di_f_capability_security_bits_set_ +#endif // defined(_di_libcap_) || defined(_libcap_legacy_only_) + +#ifdef _di_libcap_ + #ifndef _di_f_capability_size_ f_status_t f_capability_size(const f_capability_t capability, ssize_t *size) { #ifndef _di_level_0_parameter_checking_ @@ -313,12 +335,20 @@ extern "C" { } #endif // _di_f_capability_supported_ +#endif // _di_libcap_ + +#if defined(_di_libcap_) || defined(_libcap_legacy_only_) + #ifndef _di_f_capability_supported_ambient_ bool f_capability_supported_ambient() { return F_false; } #endif // _di_f_capability_supported_ambient_ +#endif // defined(_di_libcap_) || defined(_libcap_legacy_only_) + +#ifdef _di_libcap_ + #ifndef _di_f_capability_supported_code_ bool f_capability_supported_code(const f_capability_value_t code) { return F_false; @@ -345,13 +375,19 @@ extern "C" { } #endif // _di_f_capability_to_text_ - #ifndef f_capability_user_id_set - f_status_t f_capability_user_id_set(const uid_t id_user) { +#endif // _di_libcap_ + +#if defined(_di_libcap_) || defined(_libcap_legacy_only_) + + #ifndef f_capability_user_set + f_status_t f_capability_user_set(const uid_t id_user) { return F_status_set_error(F_implemented_not); } - #endif // f_capability_user_id_set + #endif // f_capability_user_set + +#endif // defined(_di_libcap_) || defined(_libcap_legacy_only_) -#else // _di_libcap_ +#if !defined(_di_libcap_) && !defined(_libcap_legacy_only_) #ifndef _di_f_capability_ambient_get_ f_status_t f_capability_ambient_get(const f_capability_value_t value, int *ambient) { @@ -403,20 +439,9 @@ extern "C" { } #endif // _di_f_capability_ambient_set_ - #ifndef _di_f_capability_groups_set_ - f_status_t f_capability_groups_set(const gid_t id_group, const size_t total, const gid_t id_groups[]) { +#endif // !defined(_di_libcap_) && !defined(_libcap_legacy_only_) - if (cap_setgroups(id_group, total, id_groups) == -1) { - if (errno == EINVAL) return F_status_set_error(F_parameter); - if (errno == ENOMEM) return F_status_set_error(F_memory_not); - if (errno == ERANGE) return F_status_set_error(F_range_not); - - return F_status_set_error(F_failure); - } - - return F_none; - } - #endif // _di_f_capability_groups_set_ +#ifndef _di_libcap_ #ifndef _di_f_capability_clear_ f_status_t f_capability_clear(f_capability_t *capability) { @@ -721,20 +746,28 @@ extern "C" { } #endif // _di_f_capability_from_text_ - #ifndef f_capability_groups_id_set - f_status_t f_capability_groups_id_set(const gid_t id_group, const size_t total, const gid_t id_groups[]) { +#endif // _di_libcap_ + +#if !defined(_di_libcap_) && !defined(_libcap_legacy_only_) + + #ifndef _di_f_capability_groups_set_ + f_status_t f_capability_groups_set(const gid_t id_group, const size_t total, const gid_t id_groups[]) { if (cap_setgroups(id_group, total, id_groups) == -1) { if (errno == EINVAL) return F_status_set_error(F_parameter); if (errno == ENOMEM) return F_status_set_error(F_memory_not); - if (errno == EPERM) return F_status_set_error(F_prohibited); + if (errno == ERANGE) return F_status_set_error(F_range_not); return F_status_set_error(F_failure); } return F_none; } - #endif // f_capability_groups_id_set + #endif // _di_f_capability_groups_set_ + +#endif // !defined(_di_libcap_) && !defined(_libcap_legacy_only_) + +#ifndef _di_libcap_ #ifndef _di_f_capability_initialize_ f_status_t f_capability_initialize(f_capability_t *capability) { @@ -755,6 +788,10 @@ extern "C" { } #endif // _di_f_capability_initialize_ +#endif // _di_libcap_ + +#if !defined(_di_libcap_) && !defined(_libcap_legacy_only_) + #ifndef _di_f_capability_mode_get_ f_status_t f_capability_mode_get(f_capability_mode_t *mode) { #ifndef _di_level_0_parameter_checking_ @@ -827,6 +864,10 @@ extern "C" { } #endif // _di_f_capability_owner_set_ +#endif // !defined(_di_libcap_) && !defined(_libcap_legacy_only_) + +#ifndef _di_libcap_ + #ifndef _di_f_capability_process_bound_drop_ f_status_t f_capability_process_bound_drop(f_capability_value_t code, int *bound) { #ifndef _di_level_0_parameter_checking_ @@ -913,6 +954,10 @@ extern "C" { } #endif // _di_f_capability_process_set_ +#endif // _di_libcap_ + +#if !defined(_di_libcap_) && !defined(_libcap_legacy_only_) + #ifndef _di_f_capability_security_bits_get_ f_status_t f_capability_security_bits_get(f_capability_bits_t *bits) { #ifndef _di_level_0_parameter_checking_ @@ -940,6 +985,10 @@ extern "C" { } #endif // _di_f_capability_security_bits_set_ +#endif // !defined(_di_libcap_) && !defined(_libcap_legacy_only_) + +#ifndef _di_libcap_ + #ifndef _di_f_capability_size_ f_status_t f_capability_size(const f_capability_t capability, ssize_t *size) { #ifndef _di_level_0_parameter_checking_ @@ -966,12 +1015,20 @@ extern "C" { } #endif // _di_f_capability_supported_ +#endif // _di_libcap_ + +#if !defined(_di_libcap_) && !defined(_libcap_legacy_only_) + #ifndef _di_f_capability_supported_ambient_ bool f_capability_supported_ambient() { return CAP_AMBIENT_SUPPORTED(); } #endif // _di_f_capability_supported_ambient_ +#endif // !defined(_di_libcap_) && !defined(_libcap_legacy_only_) + +#ifndef _di_libcap_ + #ifndef _di_f_capability_supported_code_ bool f_capability_supported_code(const f_capability_value_t code) { return CAP_IS_SUPPORTED(code); @@ -1060,8 +1117,12 @@ extern "C" { } #endif // _di_f_capability_to_text_ - #ifndef _di_f_capability_user_id_set_ - f_status_t f_capability_user_id_set(const uid_t id_user) { +#endif // _di_libcap_ + +#if !defined(_di_libcap_) && !defined(_libcap_legacy_only_) + + #ifndef _di_f_capability_user_set_ + f_status_t f_capability_user_set(const uid_t id_user) { if (cap_setuid(id_user) == -1) { if (errno == EINVAL) return F_status_set_error(F_parameter); @@ -1073,9 +1134,9 @@ extern "C" { return F_none; } - #endif // _di_f_capability_user_id_set_ + #endif // _di_f_capability_user_set_ -#endif // _di_libcap_ +#endif // !defined(_di_libcap_) && !defined(_libcap_legacy_only_) #ifdef __cplusplus } // extern "C" diff --git a/level_0/f_capability/c/capability.h b/level_0/f_capability/c/capability.h index 57581a2..dbf10ff 100644 --- a/level_0/f_capability/c/capability.h +++ b/level_0/f_capability/c/capability.h @@ -990,9 +990,9 @@ extern "C" { * @see cap_setuid() * @see setuid() */ -#ifndef _di_f_capability_user_id_set_ - extern f_status_t f_capability_user_id_set(const uid_t id_user); -#endif // _di_f_capability_user_id_set_ +#ifndef _di_f_capability_user_set_ + extern f_status_t f_capability_user_set(const uid_t id_user); +#endif // _di_f_capability_user_set_ #ifdef __cplusplus } // extern "C" diff --git a/level_0/f_capability/data/build/defines b/level_0/f_capability/data/build/defines index 0d51e58..8be394f 100644 --- a/level_0/f_capability/data/build/defines +++ b/level_0/f_capability/data/build/defines @@ -1,3 +1,3 @@ # fss-0000 _di_libcap_ Disable libcap support, allow for compiling and linking without libcap (-lcap). - +_libcap_legacy_only_ Disable functionality provided by later versions of libcap (2.43 and later). diff --git a/level_0/f_capability/data/build/settings b/level_0/f_capability/data/build/settings index 0450682..6a6fb17 100644 --- a/level_0/f_capability/data/build/settings +++ b/level_0/f_capability/data/build/settings @@ -45,7 +45,7 @@ search_shared yes search_static yes #defines_all -D_di_libcap_ -defines_all +defines_all -D_libcap_legacy_only_ defines_static defines_shared -- 1.8.3.1