libcreds3. Can be readded later on if needed easily.
lib_LTLIBRARIES = libsmack.la
libsmack_la_LDFLAGS = -version-info 1:0
-libsmack_la_SOURCES = smack_rules.c smack_users.c smack_xattr.c
+libsmack_la_SOURCES = smack_rules.c smack_xattr.c
*/
typedef struct smack_rules *smack_rules_t;
-/*!
- * Handle to a in-memory representation of set of Smack users.
- */
-typedef struct smack_users *smack_users_t;
-
#ifdef __cplusplus
extern "C" {
#endif
*/
extern int smack_have_access_rule(smack_rules_t handle, const char *subject,
const char *object, const char *access);
-/*!
- * Create users database. The returned rule set must be freed with
- * smack_destroy_rules().
- *
- * @return handle to the users db. Returns NULL if creation fails.
- */
-extern smack_users_t smack_create_users();
-
-/*!
- * Free users database.
- *
- * @param handle handle to a rules
- */
-extern void smack_destroy_users(smack_users_t handle);
-
-/*!
- * Read users from a given file.
- *
- * @param handle handle to an users db
- * @param path path to the file containing users
- * @return 0 on success
- */
-extern int smack_read_users_from_file(smack_users_t handle, const char *path);
-
-/*!
- * Write users to a given file.
- *
- * @param handle handle to an users db
- * @param path path to the users file
- * @return 0 on success
- */
-extern int smack_write_users_to_file(smack_users_t handle, const char *path);
-
-/*!
- * Add user to the user db. Updates existing user if user is already in the
- * user db.
- *
- * @param handle handle to the users db
- * @param user user name
- * @param label user label
- */
-extern int smack_add_user(smack_users_t handle, const char *user,
- const char *label);
-
-/*!
- * Remove user from the user db.
- *
- * @param handle handle to the users db
- * @param user user name
- * @return 0 if user was found from user db.
- */
-extern int smack_remove_user(smack_users_t handle, const char *user);
-
-/*!
- * Get label of user.
- *
- * @param handle handle to an users db
- * @param user user name
- *
- * @return pointer to a string containing label of the user. Returns NULL
- * on failure.
- */
-const char *smack_get_user_label(smack_users_t handle, const char *user);
/*!
* Set SMACK64 security attribute for a given file.
extern int smack_get_smack_from_file(const char *path, char **smack);
/*!
- * Set SMACK64 security attribute for a given file or symbolic link.
- *
- * @param path path to a file
- * @param smack new value
- * @return 0 on success
- */
-extern int smack_set_smack_to_file_or_symlink(const char *path, const char *smack);
-
-/*!
- * Get SMACK64 security attribute for a given file or symlink.
- * Allocated memory must be freed by the caller.
- *
- * @param path path to a file
- * @param smack current value
- * @return 0 on success
- */
-extern int smack_get_smack_from_file_or_symlink(const char *path, char **smack);
-
-/*!
* Get SMACK64 security attribute for a given pid.
*
* @param pid pid of a process
+++ /dev/null
-/*
- * This file is part of libsmack
- *
- * Copyright (C) 2010 Nokia Corporation
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * version 2.1 as published by the Free Software Foundation.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA
- *
- * Authors:
- * Jarkko Sakkinen <ext-jarkko.2.sakkinen@nokia.com>
- */
-
-#include "smack.h"
-#include <sys/types.h>
-#include <attr/xattr.h>
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <uthash.h>
-
-#define SMACK64_LEN 23
-
-struct smack_user {
- char *user;
- char label[SMACK64_LEN + 1];
- UT_hash_handle hh;
-};
-
-struct smack_users {
- struct smack_user *users;
-};
-
-static int update_user(struct smack_user **users,
- const char *user, const char *label);
-static void destroy_users(struct smack_user **users);
-
-smack_users_t smack_create_users()
-{
- struct smack_users *result =
- calloc(1, sizeof(struct smack_users));
- return result;
-}
-
-void smack_destroy_users(smack_users_t handle)
-{
- destroy_users(&handle->users);
- free(handle);
-}
-
-int smack_read_users_from_file(smack_users_t handle, const char *path)
-{
- FILE *file;
- char *buf = NULL;
- size_t size;
- const char *user, *label;
- struct smack_user *users = NULL;
- int ret = 0;
-
- file = fopen(path, "r");
- if (file == NULL)
- return -1;
-
- while (ret == 0 && getline(&buf, &size, file) != -1) {
- user = strtok(buf, " \n");
- label = strtok(NULL, " \n");
-
- if (user == NULL || label == NULL ||
- strtok(NULL, " \n") != NULL)
- ret = -1;
- else
- ret = update_user(&users, user, label);
-
- free(buf);
- buf = NULL;
- }
-
- if (ferror(file))
- ret = -1;
-
- if (ret == 0) {
- destroy_users(&handle->users);
- handle->users = users;
- } else {
- destroy_users(&users);
- }
-
- free(buf);
- fclose(file);
- return 0;
-}
-
-int smack_write_users_to_file(smack_users_t handle, const char *path)
-{
- struct smack_user *u, *tmp;
- FILE *file;
- int err;
-
- file = fopen(path, "w+");
- if (!file)
- return -1;
-
- HASH_ITER(hh, handle->users, u, tmp) {
- err = fprintf(file, "%s %s\n",
- u->user, u->label);
- if (err < 0) {
- fclose(file);
- return errno;
- }
- }
-
- fclose(file);
- return 0;
-}
-
-int smack_add_user(smack_users_t handle, const char *user, const char *label)
-{
- int ret;
- ret = update_user(&handle->users, user, label);
- return ret == 0 ? 0 : -1;
-}
-
-int smack_remove_user(smack_users_t handle, const char *user)
-{
- struct smack_user *u = NULL;
-
- HASH_FIND_STR(handle->users, user, u);
- if (u == NULL)
- return -1;
-
- HASH_DEL(handle->users, u);
- free(u);
- return 0;
-}
-
-const char *smack_get_user_label(smack_users_t handle, const char *user)
-{
- struct smack_user *u;
-
- HASH_FIND_STR(handle->users, user, u);
-
- if (u == NULL)
- return;
-
- return u->label;
-}
-
-static int update_user(struct smack_user **users,
- const char *user, const char *label)
-{
- struct smack_user *u = NULL;
-
- if (strlen(label) > SMACK64_LEN)
- return -ERANGE;
-
- HASH_FIND_STR(*users, user, u);
- if (u == NULL) {
- u = calloc(1, sizeof(struct smack_user));
- u->user = strdup(user);
- HASH_ADD_KEYPTR( hh, *users, u->user, strlen(u->user), u);
- }
-
- strcpy(u->label, label);
- return 0;
-}
-
-static void destroy_users(struct smack_user **users)
-{
- struct smack_user *u, *tmp;
-
- HASH_ITER(hh, *users, u, tmp) {
- HASH_DEL(*users, u);
- free(u->user);
- free(u);
- }
-}
-
return 0;
}
-int smack_set_smack_to_file_or_symlink(const char *path, const char *smack)
-{
- size_t size;
- int ret;
-
- size = strlen(smack);
- if (size > SMACK64_LEN)
- return -1;
-
- return lsetxattr(path, SMACK64, smack, size, 0);
-}
-
-int smack_get_smack_from_file_or_symlink(const char *path, char **smack)
-{
- ssize_t ret;
- char *buf;
-
- ret = lgetxattr(path, SMACK64, NULL, 0);
- if (ret < 0)
- return -1;
-
- buf = malloc(ret + 1);
-
- ret = lgetxattr(path, SMACK64, buf, ret);
- if (ret < 0) {
- free(buf);
- return -1;
- }
-
- buf[ret] = '\0';
- *smack = buf;
- return 0;
-
-}
-
int smack_set_smackexec_to_file(const char *path, const char *smack)
{
size_t size;
-TESTS = check_rules check_users check_xattr
-check_PROGRAMS = check_rules check_users check_xattr
+TESTS = check_rules check_xattr
+check_PROGRAMS = check_rules check_xattr
check_rules_SOURCES = check_rules.c $(top_builddir)/src/smack.h
check_rules_CFLAGS = @CHECK_CFLAGS@
check_rules_LDADD = $(top_builddir)/src/libsmack.la @CHECK_LIBS@
-check_users_SOURCES = check_users.c $(top_builddir)/src/smack.h
-check_users_CFLAGS = @CHECK_CFLAGS@
-check_users_LDADD = $(top_builddir)/src/libsmack.la @CHECK_LIBS@
-
check_xattr_SOURCES = check_xattr.c $(top_builddir)/src/smack.h
check_xattr_CFLAGS = @CHECK_CFLAGS@
check_xattr_LDADD = $(top_builddir)/src/libsmack.la @CHECK_LIBS@
+++ /dev/null
-/*
- * This file is part of libsmack
- *
- * Copyright (C) 2010 Nokia Corporation
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public License
- * version 2.1 as published by the Free Software Foundation.
- *
- * This library is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA
- *
- * Author: Jarkko Sakkinen <ext-jarkko.2.sakkinen@nokia.com>
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <check.h>
-#include "../src/smack.h"
-
-static int files_equal(const char *filename1, const char *filename2);
-
-START_TEST(test_add_user)
-{
- int rc;
- smack_users_t users = smack_create_users();
- fail_unless(users != NULL, "Users creation failed");
- rc = smack_read_users_from_file(users, "data/add_user-in.txt");
- fail_unless(rc == 0, "Failed to read users");
-
- rc = smack_add_user(users, "zip", "Zap");
- fail_unless(rc == 0, "Failed to add user");
-
- rc = smack_write_users_to_file(users, "add_user-result.txt");
- fail_unless(rc == 0, "Failed to write ruleset");
- rc = files_equal("add_user-result.txt", "data/add_user-excepted.txt");
- fail_unless(rc == 1, "Unexcepted result");
- smack_destroy_users(users);
-}
-END_TEST
-
-START_TEST(test_remove_user)
-{
- int rc;
- smack_users_t users = smack_create_users();
- fail_unless(users != NULL, "Users creation failed");
- rc = smack_read_users_from_file(users, "data/add_user-in.txt");
- fail_unless(rc == 0, "Failed to read users");
-
- rc = smack_remove_user(users, "bar");
- fail_unless(rc == 0, "Failed to remove user");
-
- rc = smack_write_users_to_file(users, "remove_user-result.txt");
- fail_unless(rc == 0, "Failed to write ruleset");
-
- rc = files_equal("remove_user-result.txt", "data/remove_user-excepted.txt");
- fail_unless(rc == 1, "Unexcepted result");
-
- smack_destroy_users(users);
-}
-END_TEST
-
-START_TEST(test_user_label)
-{
- int rc;
- const char *l;
-
- smack_users_t users = smack_create_users();
- fail_unless(users != NULL, "Users creation failed");
-
- rc = smack_read_users_from_file(users, "data/add_user-in.txt");
- fail_unless(rc == 0, "Failed to read users");
-
- l = smack_get_user_label(users, "bar");
- fail_unless(l != NULL, "Label not found");
- fail_unless(strcmp(l, "Orange") == 0, "Unexcepted label %s", l);
-
- smack_destroy_users(users);
-}
-END_TEST
-
-Suite *ruleset_suite (void)
-{
- Suite *s;
- TCase *tc_core;
-
- s = suite_create("User");
-
- tc_core = tcase_create("Users");
- tcase_add_test(tc_core, test_add_user);
- tcase_add_test(tc_core, test_remove_user);
- tcase_add_test(tc_core, test_user_label);
- suite_add_tcase(s, tc_core);
-
- return s;
-}
-
-int main(void)
-{
- int nfailed;
- Suite *s = ruleset_suite();
- SRunner *sr = srunner_create(s);
- srunner_set_log(sr, "check_users.log");
- srunner_run_all(sr, CK_ENV);
- nfailed = srunner_ntests_failed(sr);
- srunner_free(sr);
- return (nfailed == 0) ? EXIT_SUCCESS : EXIT_FAILURE;
-}
-
-static int files_equal(const char *filename1, const char *filename2)
-{
- FILE *fp1 = NULL;
- FILE *fp2 = NULL;
- char ch1, ch2;
- int rc = 0;
-
- fp1 = fopen(filename1, "rb");
- if (fp1 == NULL) {
- goto out;
- }
-
- fp2 = fopen(filename2, "rb");
- if (fp2 == NULL) {
- goto out;
- }
-
- rc = 1;
- for (;;) {
- if (feof(fp1) && feof(fp2))
- break;
-
- if (feof(fp1) || feof(fp2)) {
- rc = 0;
- break;
- }
-
- ch1 = fgetc(fp1);
- if (ferror(fp1)) {
- rc = 0;
- break;
- }
-
- ch2 = fgetc(fp2);
- if (ferror(fp2)) {
- rc = 0;
- break;
- }
-
- if (ch1 != ch2) {
- rc = 0;
- break;
- }
- }
-out:
- if (fp1 != NULL)
- fclose(fp1);
- if (fp2 != NULL)
- fclose(fp2);
- return rc;
-}
-
}
END_TEST
-START_TEST(test_set_smack_to_file_symlink)
-{
- FILE *file;
- int rc = 0;
- char *smack = NULL;
-
- symlink("unknown.txt", "set_smack-symlink.txt");
-
- rc = smack_set_smack_to_file_or_symlink("set_smack-symlink.txt", "Apple");
- fail_unless(rc == 0, "Failed to set SMACK64");
-
- rc = smack_get_smack_from_file_or_symlink("set_smack-symlink.txt", &smack);
- fail_unless(rc == 0, "Failed to get SMACK64");
-
- rc = strcmp(smack, "Apple");
- fail_unless(rc == 0, "smack %s not equal to Apple", smack);
-
- free(smack);
-}
-END_TEST
-
START_TEST(test_set_smackexec_to_file)
{
FILE *file;
tc_core = tcase_create("Xattr");
tcase_add_test(tc_core, test_set_smack_to_file);
- tcase_add_test(tc_core, test_set_smack_to_file_symlink);
tcase_add_test(tc_core, test_set_smackexec_to_file);
suite_add_tcase(s, tc_core);