diff --git a/Cargo.toml b/Cargo.toml index 1b8d80f..8ccfc60 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,3 +1,7 @@ [workspace] resolver = "2" members = ["capsicum", "casper-sys"] + +[patch.crates-io] +libc = { git = "https://github.com/asomers/libc.git", rev = "00300738e7465725fdac5229f486241caed2cfcc" } +nix = { git = "https://github.com/asomers/nix.git", rev = "5c8b253b8b3b93e262cd6e13c09460c0fdafa21b" } diff --git a/capsicum/CHANGELOG.md b/capsicum/CHANGELOG.md index 29388aa..2750121 100644 --- a/capsicum/CHANGELOG.md +++ b/capsicum/CHANGELOG.md @@ -15,6 +15,9 @@ This project adheres to [Semantic Versioning](https://semver.org/). ### Changed +- Fixed two misnamed constants: `Right::Fchflagsat` and `Right::Mknotat`. + ([#87](https://github.com/dlrobertson/capsicum-rs/pull/87)) + - Renamed `Right::Renameat` to `Right::RenameatSource`. ([#85](https://github.com/dlrobertson/capsicum-rs/pull/85)) diff --git a/capsicum/Cargo.toml b/capsicum/Cargo.toml index 85000f8..1985821 100644 --- a/capsicum/Cargo.toml +++ b/capsicum/Cargo.toml @@ -32,7 +32,7 @@ required-features = ["casper"] path = "examples/getuid.rs" [dependencies] -libc = { version = "0.2.138", features = [ "extra_traits" ] } +libc = { version = "0.2.151", features = [ "extra_traits" ] } casper-sys = { path = "../casper-sys", optional = true, version = "0.1.1" } libnv = { version = "0.4.2", default_features = false, features = [ "libnv" ], optional = true } libnv-sys = { version = "0.2.1", optional = true } @@ -44,6 +44,6 @@ version_check = "0.9.4" [dev-dependencies] cap-std = "3.0" cstr = "0.2.11" -nix = { version = "0.27.0", default_features = false, features = [ "fs", "ioctl", "process", "socket" ] } +nix = { version = "0.28.0", default_features = false, features = [ "fs", "ioctl", "process", "socket" ] } libnv-sys = "0.2.1" tempfile = "3.0" diff --git a/capsicum/src/fcntl.rs b/capsicum/src/fcntl.rs index f94775e..42ad056 100644 --- a/capsicum/src/fcntl.rs +++ b/capsicum/src/fcntl.rs @@ -16,14 +16,14 @@ use crate::common::CapRights; #[derive(Debug)] pub enum Fcntl { /// Get descriptor status flags. - GetFL = 0x8, + GetFL = libc::CAP_FCNTL_GETFL, /// Set descriptor status flags. - SetFL = 0x10, + SetFL = libc::CAP_FCNTL_SETFL, /// Get the process ID or process group currently receiving SIGIO and SIGURG /// signals. - GetOwn = 0x20, + GetOwn = libc::CAP_FCNTL_GETOWN, /// Set the process or process group to receive SIGIO and SIGURG signal. - SetOwn = 0x40, + SetOwn = libc::CAP_FCNTL_SETOWN, } /// Used to construct a new set of allowed fcntl commands. diff --git a/capsicum/src/right.rs b/capsicum/src/right.rs index 945fb1f..d340902 100644 --- a/capsicum/src/right.rs +++ b/capsicum/src/right.rs @@ -20,20 +20,6 @@ use libc::cap_rights_t; use crate::common::CapRights; -pub const RIGHTS_VERSION: i32 = 0; - -macro_rules! cap_right { - ($idx:expr, $bit:expr) => { - ((1u64 << (57 + ($idx))) | ($bit)) - }; -} - -macro_rules! right_or { - ($($right:expr),*) => { - $($right as u64)|* - } -} - /// Capsicum capability rights for file descriptors. /// /// See [`rights(4)`](https://www.freebsd.org/cgi/man.cgi?query=rights) for details. @@ -42,116 +28,103 @@ macro_rules! right_or { #[allow(missing_docs)] // Individual bits are documented via the external link. pub enum Right { Null = 0, - Read = cap_right!(0, 0x1u64), - Write = cap_right!(0, 0x2u64), - SeekTell = cap_right!(0, 0x4u64), - Seek = right_or!(Right::SeekTell, 0x8u64), - Pread = right_or!(Right::Seek, Right::Read), - Pwrite = right_or!(Right::Seek, Right::Write), - Mmap = cap_right!(0, 0x10u64), - MmapR = right_or!(Right::Mmap, Right::Seek, Right::Read), - MmapW = right_or!(Right::Mmap, Right::Seek, Right::Write), - MmapX = right_or!(Right::Mmap, Right::Seek, 0x20u64), - MmapRW = right_or!(Right::MmapR, Right::MmapW), - MmapRX = right_or!(Right::MmapR, Right::MmapX), - MmapWX = right_or!(Right::MmapW, Right::MmapX), - MmapRWX = right_or!(Right::MmapR, Right::MmapW, Right::MmapX), - Create = cap_right!(0, 0x40u64), - Fexecve = cap_right!(0, 0x80u64), - Fsync = cap_right!(0, 0x100u64), - Ftruncate = cap_right!(0, 0x200u64), - Lookup = cap_right!(0, 0x400u64), - Fchdir = cap_right!(0, 0x800u64), - Fchflags = cap_right!(0, 0x1000u64), - Fchflagsat = right_or!(Right::Fchflags, Right::Lookup), - Fchmod = cap_right!(0, 0x2000u64), - Fchmodat = right_or!(Right::Fchmod, Right::Lookup), - Fchown = cap_right!(0, 0x4000u64), - Fchownat = right_or!(Right::Fchown, Right::Lookup), - Fcntl = cap_right!(0, 0x8000u64), - Flock = cap_right!(0, 0x10000u64), - Fpathconf = cap_right!(0, 0x20000u64), - Fsck = cap_right!(0, 0x40000u64), - Fstat = cap_right!(0, 0x80000u64), - Fstatat = right_or!(Right::Fstat, Right::Lookup), - Fstatfs = cap_right!(0, 0x100000u64), - Futimes = cap_right!(0, 0x200000u64), - Futimesat = right_or!(Right::Futimes, Right::Lookup), - Linkat = right_or!(Right::Lookup, 0x400000u64), - Mkdirat = right_or!(Right::Lookup, 0x800000u64), - Mkfifoat = right_or!(Right::Lookup, 0x1000000u64), - Mknotat = right_or!(Right::Lookup, 0x2000000u64), - RenameatSource = right_or!(Right::Lookup, 0x4000000u64), - RenameatTarget = right_or!(Right::Lookup, 0x0000040000000000u64), - Symlinkat = right_or!(Right::Lookup, 0x8000000u64), - Unlinkat = right_or!(Right::Lookup, 0x10000000u64), - Accept = cap_right!(0, 0x20000000u64), - Bind = cap_right!(0, 0x40000000u64), - Connect = cap_right!(0, 0x80000000u64), - Getpeername = cap_right!(0, 0x100000000u64), - Getsockname = cap_right!(0, 0x200000000u64), - Getsockopt = cap_right!(0, 0x400000000u64), - Listen = cap_right!(0, 0x800000000u64), - Peeloff = cap_right!(0, 0x1000000000u64), - Setsockopt = cap_right!(0, 0x2000000000u64), - Shutdown = cap_right!(0, 0x4000000000u64), - Bindat = right_or!(Right::Lookup, 0x8000000000u64), - Connectat = right_or!(Right::Lookup, 0x10000000000u64), - SockClient = right_or!( - Right::Connect, - Right::Getpeername, - Right::Getsockname, - Right::Getsockopt, - Right::Peeloff, - Right::Read, - Right::Write, - Right::Setsockopt, - Right::Shutdown - ), - SockServer = right_or!( - Right::Accept, - Right::Bind, - Right::Getpeername, - Right::Getsockname, - Right::Getsockopt, - Right::Listen, - Right::Peeloff, - Right::Read, - Right::Write, - Right::Setsockopt, - Right::Shutdown - ), - All0 = cap_right!(0, 0x7FFFFFFFFFu64), - Unused044 = cap_right!(0, 0x0000080000000000u64), - Unused057 = cap_right!(0, 0x0100000000000000u64), - MacGet = cap_right!(1, 0x1u64), - MacSet = cap_right!(1, 0x2u64), - SemGetvalue = cap_right!(1, 0x4u64), - SemPost = cap_right!(1, 0x8u64), - SemWait = cap_right!(1, 0x10u64), - Event = cap_right!(1, 0x20u64), - KqueueEvent = cap_right!(1, 0x40u64), - Ioctl = cap_right!(1, 0x80u64), - Ttyhook = cap_right!(1, 0x100u64), - Pdgetpid = cap_right!(1, 0x200u64), - Pdwait = cap_right!(1, 0x400u64), - Pdkill = cap_right!(1, 0x800), - ExtattrDelete = cap_right!(1, 0x1000u64), - ExtattrGet = cap_right!(1, 0x2000u64), - ExtattrList = cap_right!(1, 0x4000u64), - ExtattrSet = cap_right!(1, 0x8000u64), - AclCheck = cap_right!(1, 0x10000u64), - AclDelete = cap_right!(1, 0x20000u64), - AclGet = cap_right!(1, 0x40000u64), - AclSet = cap_right!(1, 0x80000u64), - KqueueChange = cap_right!(1, 0x100000u64), - Kqueue = right_or!(Right::KqueueEvent, Right::KqueueChange), - All1 = cap_right!(1, 0x1FFFFFu64), - Unused122 = cap_right!(1, 0x200000u64), - Unused157 = cap_right!(1, 0x100000000000000u64), + Read = libc::CAP_READ, + Write = libc::CAP_WRITE, + SeekTell = libc::CAP_SEEK_TELL, + Seek = libc::CAP_SEEK, + Pread = libc::CAP_PREAD, + Pwrite = libc::CAP_PWRITE, + Mmap = libc::CAP_MMAP, + MmapR = libc::CAP_MMAP_R, + MmapW = libc::CAP_MMAP_W, + MmapX = libc::CAP_MMAP_X, + MmapRW = libc::CAP_MMAP_RW, + MmapRX = libc::CAP_MMAP_RX, + MmapWX = libc::CAP_MMAP_WX, + MmapRWX = libc::CAP_MMAP_RWX, + Create = libc::CAP_CREATE, + Fexecve = libc::CAP_FEXECVE, + Fsync = libc::CAP_FSYNC, + Ftruncate = libc::CAP_FTRUNCATE, + Lookup = libc::CAP_LOOKUP, + Fchdir = libc::CAP_FCHDIR, + Fchflags = libc::CAP_FCHFLAGS, + Chflagsat = libc::CAP_CHFLAGSAT, + Fchmod = libc::CAP_FCHMOD, + Fchmodat = libc::CAP_FCHMODAT, + Fchown = libc::CAP_FCHOWN, + Fchownat = libc::CAP_FCHOWNAT, + Fcntl = libc::CAP_FCNTL, + Flock = libc::CAP_FLOCK, + Fpathconf = libc::CAP_FPATHCONF, + Fsck = libc::CAP_FSCK, + Fstat = libc::CAP_FSTAT, + Fstatat = libc::CAP_FSTATAT, + Fstatfs = libc::CAP_FSTATFS, + Futimes = libc::CAP_FUTIMES, + Futimesat = libc::CAP_FUTIMESAT, + LinkatTarget = libc::CAP_LINKAT_TARGET, + Mkdirat = libc::CAP_MKDIRAT, + Mkfifoat = libc::CAP_MKFIFOAT, + Mknodat = libc::CAP_MKNODAT, + RenameatSource = libc::CAP_RENAMEAT_SOURCE, + RenameatTarget = libc::CAP_RENAMEAT_TARGET, + Symlinkat = libc::CAP_SYMLINKAT, + Unlinkat = libc::CAP_UNLINKAT, + Accept = libc::CAP_ACCEPT, + Bind = libc::CAP_BIND, + Connect = libc::CAP_CONNECT, + Getpeername = libc::CAP_GETPEERNAME, + Getsockname = libc::CAP_GETSOCKNAME, + Getsockopt = libc::CAP_GETSOCKOPT, + Listen = libc::CAP_LISTEN, + Peeloff = libc::CAP_PEELOFF, + Setsockopt = libc::CAP_SETSOCKOPT, + Shutdown = libc::CAP_SHUTDOWN, + Bindat = libc::CAP_BINDAT, + Connectat = libc::CAP_CONNECTAT, + LinkatSource = libc::CAP_LINKAT_SOURCE, + SockClient = libc::CAP_SOCK_CLIENT, + SockServer = libc::CAP_SOCK_SERVER, + All0 = libc::CAP_ALL0, + Unused044 = libc::CAP_UNUSED0_44, + Unused057 = libc::CAP_UNUSED0_57, + MacGet = libc::CAP_MAC_GET, + MacSet = libc::CAP_MAC_SET, + SemGetvalue = libc::CAP_SEM_GETVALUE, + SemPost = libc::CAP_SEM_POST, + SemWait = libc::CAP_SEM_WAIT, + Event = libc::CAP_EVENT, + KqueueEvent = libc::CAP_KQUEUE_EVENT, + Ioctl = libc::CAP_IOCTL, + Ttyhook = libc::CAP_TTYHOOK, + Pdgetpid = libc::CAP_PDGETPID, + Pdwait = libc::CAP_PDWAIT, + Pdkill = libc::CAP_PDKILL, + ExtattrDelete = libc::CAP_EXTATTR_DELETE, + ExtattrGet = libc::CAP_EXTATTR_GET, + ExtattrList = libc::CAP_EXTATTR_LIST, + ExtattrSet = libc::CAP_EXTATTR_SET, + AclCheck = libc::CAP_ACL_CHECK, + AclDelete = libc::CAP_ACL_DELETE, + AclGet = libc::CAP_ACL_GET, + AclSet = libc::CAP_ACL_SET, + KqueueChange = libc::CAP_KQUEUE_CHANGE, + Kqueue = libc::CAP_KQUEUE, + All1 = libc::CAP_ALL1, + Unused122 = libc::CAP_UNUSED1_22, + Unused157 = libc::CAP_UNUSED1_57, } impl Right { + #[allow(non_upper_case_globals)] + #[allow(missing_docs)] + #[deprecated(since = "0.4.0", note = "Use Right::Chflagsat instead")] + pub const Fchflagsat: Right = Right::Chflagsat; + #[allow(non_upper_case_globals)] + #[allow(missing_docs)] + #[deprecated(since = "0.4.0", note = "Use Right::Mknodat instead")] + pub const Mknotat: Right = Right::Mknodat; #[allow(non_upper_case_globals)] #[allow(missing_docs)] #[deprecated(since = "0.4.0", note = "Use Right::RenameatSource instead")] @@ -177,7 +150,11 @@ impl RightsBuilder { // cap_rights_init is documented as infalliable. let inner_rights = unsafe { let mut inner_rights = mem::zeroed(); - libc::__cap_rights_init(RIGHTS_VERSION, &mut inner_rights as *mut cap_rights_t, 0u64); + libc::__cap_rights_init( + libc::CAP_RIGHTS_VERSION, + &mut inner_rights as *mut cap_rights_t, + 0u64, + ); inner_rights }; let builder = RightsBuilder(inner_rights); @@ -270,7 +247,7 @@ impl FileRights { let inner_rights = unsafe { let mut inner_rights = mem::zeroed(); libc::__cap_rights_init( - RIGHTS_VERSION, + libc::CAP_RIGHTS_VERSION, &mut inner_rights as *mut cap_rights_t, raw_rights, 0u64, @@ -310,7 +287,7 @@ impl FileRights { let inner_rights = unsafe { let mut inner_rights = unsafe { mem::zeroed() }; let res = libc::__cap_rights_get( - RIGHTS_VERSION, + libc::CAP_RIGHTS_VERSION, fd.as_raw_fd(), &mut inner_rights as *mut cap_rights_t, ); @@ -447,9 +424,3 @@ impl CapRights for FileRights { } } } - -#[test] -fn test_macros() { - assert_eq!(cap_right!(0, 1), 144115188075855873u64); - assert_eq!(right_or!(Right::Read, Right::Write), 144115188075855875u64); -}