📄 lidsconf.c
字号:
if ( lids[i].s_ino == s_st.st_ino && lids[i].s_dev == s_st.st_dev && lids[i].o_ino == o_st.st_ino && lids[i].o_dev == o_st.st_dev ) { return lids[i].type; } } return LIDS_DELETE_FLAG;}void lids_del_file(char *subject_file,char *object_file){ int i; char canonical_s_path[PATH_MAX]; char canonical_o_path[PATH_MAX]; lids_read_conf(); i = lids_search_file(subject_file,object_file); if(!i) { realpath(subject_file,canonical_s_path); realpath(object_file,canonical_o_path); i = lids_search_file(canonical_s_path,canonical_o_path); if (!i) exit_error(2,"the file does not exit in "LIDS_CONF_FILE); } lids_write_file();}/* * get special type from typestr, when lidsadm -A -s ..-o .. -t -j .. */ int get_object_type(char *filename){ int i; char o_file[1024]; char *p=NULL; strcpy(o_file,filename); strcat(o_file,"/"); while( p != o_file) { p = rindex(o_file,'/'); if(!p) break; *p = '\0'; for(i=0; i<last;i++) { if(*(lids[i].s_file)=='\0' && strcmp(o_file,lids[i].o_file) == 0 ) { return lids[i].type; } } } return -1; }/* * lids_add_file */ void lids_add_file(char *subject_file, char *object_file,int type,int inherit,int domain,time_t timescale[][2]){ struct stat s_st,o_st,z_st; char canonical_s_path[PATH_MAX]; char canonical_o_path[PATH_MAX]; int default_rule=-1; int sys_cap = 0; /* 1 for system cap, 0 for individual cap */ entry_t *entry; lids_read_conf(); if ( last >= 1024 ) { exit_error(2, "cannot exceed 1024 entries."); } #ifdef DEBUG printf("sub=[%s],type=%d\n",subject_file,type);#endif if(*subject_file == '\0' ) { sys_cap = 1; } if(!sys_cap) { realpath(subject_file,canonical_s_path); if ( stat(canonical_s_path,&s_st) ) { exit_error(2, " cannot find the subject file"); } } else { s_st.st_ino = s_st.st_dev = 0; } if(type != LIDS_CAP) { realpath(object_file,canonical_o_path); if(stat(canonical_o_path,&o_st) ) { exit_error(2, " cannot find the object file"); } } else { o_st.st_ino = -1; /* special type's ino */ if (entry=getentrybyname(cap_list,object_file)) { o_st.st_dev=entry->val; } else { exit_error(2, "special type must be one of CAP_XXX_XXX. use lidsadm -h for details."); } /* if(o_st.st_dev == getentrybyname(cap_list,"CAP_NET_BIND_SERVICE")) { o_st.st_ino = bindport; } */ strcpy(canonical_o_path,object_file); } /* check the subject */ if(!sys_cap) { if((default_rule = get_object_type(canonical_s_path)) == -1) exit_error(2,"the subject file is not protected"); if(default_rule > LIDS_READONLY ) exit_error(2,"the subject files must be protected by READONLY or DENY"); } /* check the object */ if(type != LIDS_CAP) { if( (default_rule = get_object_type(canonical_o_path)) == -1) { if(!sys_cap) exit_error(2,"you must define the default rules for object files"); } } if(domain) type = -type; if (!(lids_search_inode(s_st,o_st) != type || lids_search_inode(s_st,o_st) == LIDS_DELETE_FLAG)) exit_error(2,"a file with the same inode and dev is already referenced."); lids[last].s_ino= s_st.st_ino; lids[last].s_dev = s_st.st_dev; lids[last].o_ino= o_st.st_ino; lids[last].o_dev = o_st.st_dev;#ifdef DEBUG printf("canonical_o_file=%s,o_ino =%d\n",canonical_o_path,o_st.st_ino);#endif lids[last].type = type; lids[last].inherit = inherit; strcpy(lids[last].s_file,canonical_s_path); strcpy(lids[last].o_file,canonical_o_path); memcpy(lids[last].time, timescale, LIDS_TIME_ITEM*2*sizeof(int *)); memcpy(lids[last].port, bindport, LIDS_PORT_ITEM*2*sizeof(int *)); last++; lids_write_file();}void lids_update(){ struct stat s_st,o_st; int i; lids_read_conf(); for (i=0; i<last; i++) { /* * check subject files */ if (*lids[i].s_file != '\0' ) { if(stat(lids[i].s_file,&s_st)) { printf("%s doesn't exist anymore. not removed.\n",lids[i].s_file); } else { if ((s_st.st_ino != lids[i].s_ino) || (s_st.st_dev != lids[i].s_dev) ) { printf("subject file %s was (%u:%u inode %lu) instead of (%u:%u %lu). corrected.\n", lids[i].s_file, MAJOR(lids[i].s_dev),MINOR(lids[i].s_dev),lids[i].s_ino, MAJOR((unsigned long)s_st.st_dev),MINOR((unsigned long)s_st.st_dev),s_st.st_ino); lids[i].s_ino = s_st.st_ino; lids[i].s_dev = s_st.st_dev; } } } /* * check object files */ if (*lids[i].o_file != '\0' && stat(lids[i].o_file,&o_st)) { if( (getentrybyname(cap_list,lids[i].o_file) < 0) && lids[i].type != LIDS_CAP) { printf("%s doesn't exist anymore. not removed.\n",lids[i].o_file); } } else { if (o_st.st_ino != lids[i].o_ino || o_st.st_dev != lids[i].o_dev) { printf("object file %s was (%u:%u inode %lu) instead of (%u:%u %lu). corrected.\n", lids[i].o_file, MAJOR(lids[i].o_dev),MINOR(lids[i].o_dev),lids[i].o_ino, MAJOR((unsigned long)o_st.st_dev),MINOR((unsigned long)o_st.st_dev),o_st.st_ino); lids[i].o_ino = o_st.st_ino; lids[i].o_dev = o_st.st_dev; } } } lids_write_file();}void lids_make_rmd160_passwd(){ char passwd[64*2]; int times=0; int ok; FILE *fd; memset(passwd,'\0',64*2); while(times < 3) { times++; if ((ok=read_rmd160_passwd(passwd,1,2))==0) break; } if (ok==0) { fd = fopen(LIDS_PW_FILE,"w"); if (fd == NULL) return; fwrite(passwd,1,strlen(passwd),fd); fclose(fd); printf("wrote password to %s\n", LIDS_PW_FILE); } } static char shortopts[] = "UADZLPs:o::j:i:deht:v";static struct option longopts[] = { { "update", 0, 0, 'U' }, { "add", 0, 0, 'A' }, { "delete", 0, 0, 'D' }, { "zero", 0, 0, 'Z' }, { "list", 0, 0, 'L' }, { "passwd", 0, 0, 'P' }, { "subject", 1, 0, 's' }, { "object", 2, 0, 'o' }, { "jump", 1, 0, 'j' }, { "inheritance", 1, 0, 'i' }, { "domain", 0, 0, 'd' }, { "extended", 0, 0, 'e' }, { "time", 1, 0, 't' }, { "help", 0, 0, 'h' }, { "version", 0, 0, 'v' }, { 0, 0, 0, 0 }};main(int argc,char **argv){ int command = LIDS_NONE; int type=LIDS_NONE; char subject_file[1024],object_file[1024]; char del_file[1024]; char sw_flag[16]; char lids_time[176]; int c,i; int index=0; int cap_type=0; /* program capability type */ int inherit=0;/* if the acl is inheritable*/ int domain = 0;/* here define the DOMAIN */ time_t timescale[LIDS_TIME_ITEM][2]; setentry(cap_list); memset(subject_file,'\0',1024); memset(object_file,'\0',1024); memset(timescale,0,sizeof(timescale)); if(getuid()!=0) { exit_error(2, "you must be root to run this program"); } while ((c = getopt_long (argc, argv, shortopts, longopts, &index)) != -1) { switch (c) { case 'U': if (command != LIDS_NONE) exit_error (2, "multiple commands specified"); command = LIDS_UPDATE; break; case 'A': if (command != LIDS_NONE) exit_error (2, "multiple commands specified"); command = LIDS_ADD; break; case 'D': if (command != LIDS_NONE) exit_error (2, "multiple commands specified"); command = LIDS_DELETE; break; case 'L': if (command != LIDS_NONE) exit_error (2, "multiple commands specified"); command = LIDS_LIST; break; case 'e': if (command != LIDS_LIST) exit_error (2, "error commands specified"); type = LIDS_EXTEND; break; case 'Z': if (command != LIDS_NONE) exit_error (2, "multiple commands specified"); command = LIDS_DELETE_ALL; break; case 'o': /* for object */ if (command == LIDS_NONE) exit_error (2, "no comands specified"); strcpy(object_file,argv[optind++]); if(!strcmp(object_file,"CAP_NET_BIND_SERVICE")) { if (optind != argc) { if(str2data(argv[optind],bindport,1,LIDS_PORT_ITEM)<0) exit_error(2,"The binding port is invalid"); optind++; } else bindport[0][0]=bindport[0][1]=0; } if(strchr(object_file,':')) exit_error (2, "filename can not contain :"); break; case 's': /* program capability subject*/ if (command == LIDS_NONE) exit_error (2, "no comands specified"); strcpy(subject_file,optarg); if(strchr(object_file,':')) exit_error (2, "filename must not contain :"); break; case 't': /* time scale restrition*/ if (command == LIDS_NONE) exit_error (2, "no comands specified"); if(strlen(optarg)>176) exit_error(2, "invalid time syntax"); memset(lids_time,'\0',176); strncpy(lids_time,optarg,176); /* use '-1" to indicate the default value*/ memset(timescale,'\0',LIDS_TIME_ITEM*2*sizeof(time_t *)); /* FIXME */ if(str2data(lids_time,timescale,0,LIDS_TIME_ITEM)<0) exit_error(2, "invalid time format"); break; case 'i': if (command == LIDS_NONE) exit_error (2, "no comands specified"); inherit= atoi(optarg); break; case 'd': if(command == LIDS_NONE) exit_error (2, "no comands specified"); domain=1; break; case 'j': if (command == LIDS_NONE) exit_error (2, "no comands specified"); if ( type != LIDS_NONE ) exit_error (2, "multiple types specified"); type = -1; for(i=0;i<6;i++) { if( !strcmp(optarg,lids_type_desc[i])) { type=lids_type_val[i]; } } if(type == -1) exit_error(2,"cap type must be READONLY, WRITE, APPEND, DENY or GRANT"); break; case 'P': if (command != LIDS_NONE) exit_error (2, "multiple commands specified"); command = LIDS_MK_PASSWD; break; case 'v': exit_version(); break; case 'h': exit_help(); default: } } if (optind < argc) exit_error (2, "unknown arguments found on commandline"); if ( (command == LIDS_NONE) || (argc < 2) ) exit_normal(); if ( (command == LIDS_ADD) && (type == LIDS_NONE) ) exit_normal(); if ( (subject_file[0] != 0) && (object_file[0] == 0) && (command == LIDS_ADD) ) exit_error(2,"defined subject must be related to an object"); switch(command) { case LIDS_ADD: printf("ADD\n"); lids_add_file(subject_file,object_file,type,inherit,domain,timescale); break; case LIDS_DELETE: printf("DELETE\n"); lids_del_file(subject_file,object_file); break; case LIDS_LIST: printf("LIST\n"); lids_list_file(type); break; case LIDS_DELETE_ALL: printf("DELETE_ALL\n"); lids_del_all(); break; case LIDS_MK_PASSWD: printf("MAKE PASSWD\n"); lids_make_rmd160_passwd(); break; case LIDS_UPDATE: printf("UPDATE\n"); lids_update(); break; } exit(0);}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -