Add bsde_add_rule(), which is similar to bsde_set_rule() except that

the caller does not specify the rule number -- instead, the kernel module is probed for the next available rule, which is then used. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research
svn path=/head/; revision=126217
2024-07-22 10:48:02 +00:00 · 2004-02-25 03:24:39 +00:00 · 2004-02-25 03:24:39 +00:00 · 47ab23aa82 · 2020-12-20 02:59:44 +00:00
parent b3ab6e504b
commit 47ab23aa82
5 changed files with 79 additions and 4 deletions
--- a/lib/libugidfw/Makefile
+++ b/lib/libugidfw/Makefile
@ -8,6 +8,7 @@ INCS=		ugidfw.h
 MAN+=		bsde_get_rule.3 bsde_get_rule_count.3 bsde_parse_rule.3 \
 		bsde_rule_to_string.3 libugidfw.3

+MLINKS= 	bsde_get_rule.3 bsde_add_rule.3
 MLINKS= 	bsde_get_rule.3 bsde_delete_rule.3
 MLINKS+=	bsde_get_rule.3 bsde_set_rule.3
 MLINKS+=	bsde_get_rule_count.3 bsde_get_rule_slots.3
--- a/lib/libugidfw/bsde_get_rule.3
+++ b/lib/libugidfw/bsde_get_rule.3
@ -1,4 +1,4 @@
-.\" Copyright (c) 2003 Networks Associates Technology, Inc.
+.\" Copyright (c) 2003-2004 Networks Associates Technology, Inc.
 .\" All rights reserved.
 .\"
 .\" This software was developed for the FreeBSD Project by Chris
@ -30,10 +30,11 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd January 7, 2003
+.Dd February 24, 2004
 .Os
 .Dt BSDE_GET_RULE 3
 .Sh NAME
+.Nm bsde_add_rule ,
 .Nm bsde_get_rule ,
 .Nm bsde_set_rule ,
 .Nm bsde_delete_rule
@ -43,6 +44,11 @@
 .Sh SYNOPSIS
 .In ugidfw.h
 .Ft int
+.Fo bsde_add_rule
+.Fa "int *rulenum" "struct mac_bsdextended_rule *rule"
+.Fa "size_t buflen" "char *errstr"
+.Fc
+.Ft int
 .Fo bsde_get_rule
 .Fa "int rulenum" "struct mac_bsdextended_rule *rule"
 .Fa "size_t errlen" "char *errstr"
@ -56,6 +62,27 @@
 .Fn bsde_delete_rule "int rulenum" "size_t errlen" "char *errstr"
 .Sh DESCRIPTION
 The
+.Fn bsde_add_rule
+function fills the next available
+rule (in
+.Vt "struct mac_bsdextended_rule"
+form, either from
+.Fn bsde_get_rule
+or
+.Xr bsde_parse_rule 3 ) .
+If an error occurs,
+.Fa *errstr
+is filled with the error string
+(up to
+.Fa errlen
+characters, including the terminating
+.Dv NUL ) .
+If successful and
+.Fa rulenum
+is non-NULL, the rule number used will be returned in
+.Fa *rulenum .
+.Pp
+The
 .Fn bsde_get_rule
 function fills in
 .Fa *rule
--- a/lib/libugidfw/libugidfw.3
+++ b/lib/libugidfw/libugidfw.3
@ -96,6 +96,10 @@ Uploads the rule to the
 module and applies it;
 see
 .Xr bsde_set_rule 3 .
+.It Fn bsde_add_rule
+Upload the rule to the module, automatically selecting the next available
+rule number; see
+.Xr bsde_add_rule 3 .
 .El
 .Sh SEE ALSO
 .Xr bsde_delete_rule 3 ,
--- a/lib/libugidfw/ugidfw.c
+++ b/lib/libugidfw/ugidfw.c
@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2002 Networks Associates Technology, Inc.
+ * Copyright (c) 2002, 2004 Networks Associates Technology, Inc.
 * All rights reserved.
 *
 * This software was developed for the FreeBSD Project by Network Associates
@ -708,3 +708,44 @@ bsde_set_rule(int rulenum, struct mac_bsdextended_rule *rule, size_t buflen,

 	return (0);
 }
+
+int
+bsde_add_rule(int *rulenum, struct mac_bsdextended_rule *rule, size_t buflen,
+    char *errstr)
+{
+	char charstr[BUFSIZ];
+	int name[10];
+	size_t len, size;
+	int error, rule_slots;
+
+	len = 10;
+	error = bsde_get_mib(MIB ".rules", name, &len);
+	if (error) {
+		len = snprintf(errstr, buflen, "%s: %s", MIB ".rules",
+		    strerror(errno));
+		return (-1);
+	}
+
+	rule_slots = bsde_get_rule_slots(BUFSIZ, charstr);
+	if (rule_slots == -1) {
+		len = snprintf(errstr, buflen, "unable to get rule slots: %s",
+		    strerror(errno));
+		return (-1);
+	}
+
+	name[len] = rule_slots;
+	len++;
+
+	size = sizeof(*rule);
+	error = sysctl(name, len, NULL, NULL, rule, size);
+	if (error) {
+		len = snprintf(errstr, buflen, "%s.%d: %s", MIB ".rules",
+		    rule_slots, strerror(errno));
+		return (-1);
+	}
+
+	if (rulenum != NULL)
+		rule_slots;
+
+	return (0);
+}
--- a/lib/libugidfw/ugidfw.h
+++ b/lib/libugidfw/ugidfw.h
@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2002 Networks Associates Technology, Inc.
+ * Copyright (c) 2002, 2004 Networks Associates Technology, Inc.
 * All rights reserved.
 *
 * This software was developed for the FreeBSD Project by Network Associates
@ -54,6 +54,8 @@ int	bsde_get_rule(int rulenum, struct mac_bsdextended_rule *rule,
 int	bsde_delete_rule(int rulenum, size_t buflen, char *errstr);
 int	bsde_set_rule(int rulenum, struct mac_bsdextended_rule *rule,
 	    size_t buflen, char *errstr);
+int	bsde_add_rule(int *rulename, struct mac_bsdextended_rule *rule,
+	    size_t buflen, char *errstr);
 __END_DECLS

 #endif