else if (Do(UID)) {
PT->uids = va_arg(ap, uid_t*);
PT->nuid = va_arg(ap, int);
- } else if (Do(STAT))
- PT->stats = va_arg(ap, char*);
-#ifdef FLASK_LINUX
- else if ( Do(SID) || Do(CONTEXT) )
- PT->sids = va_arg(ap, security_id_t*);
-#endif
+ }
va_end(ap); /* Clean up args list */
- if (Do(ANYTTY) && Do(TTY))
- PT->flags = PT->flags & ~PROC_TTY; /* turn off TTY flag */
return PT;
}
static char path[32], sbuf[1024]; /* bufs for stat,statm */
int matched = 0; /* flags */
#ifdef FLASK_LINUX
- security_id_t sid;
+ security_id_t secsid;
#endif
/* loop until a proc matching restrictions is found or no more processes */
sprintf(path, "/proc/%s", ent->d_name);
}
#ifdef FLASK_LINUX
- if ( stat_secure(path, &sb, &sid) == -1 ) /* no such dirent (anymore) */
+ if ( stat_secure(path, &sb, &secsid) == -1 ) /* no such dirent (anymore) */
#else
if (stat(path, &sb) == -1) /* no such dirent (anymore) */
#endif
p->euid = sb.st_uid; /* need a way to get real uid */
#ifdef FLASK_LINUX
- p->sid = sid;
+ p->secsid = secsid;
#endif
if ((file2str(path, "stat", sbuf, sizeof sbuf)) == -1)
goto next_proc; /* error reading /proc/#/stat */
stat2proc(sbuf, p); /* parse /proc/#/stat */
-#ifdef FLASK_LINUX
- if (!matched && (Do(SID) || Do(CONTEXT)) && !XinL(security_id_t, p->sid, PT->sids))
- goto next_proc; /* not one of the requested SIDs */
-#endif
-
if (!matched && Do(TTY) && !XinL(dev_t, p->tty, PT->ttys))
goto next_proc; /* not one of the requested ttys */
- if (!matched && Do(ANYTTY) && p->tty == -1)
- goto next_proc; /* no controlling terminal */
-
- if (!matched && Do(STAT) && !strchr(PT->stats,p->state))
- goto next_proc; /* not one of the requested states */
-
if (Do(FILLMEM)) { /* read, parse /proc/#/statm */
if ((file2str(path, "statm", sbuf, sizeof sbuf)) != -1 )
statm2proc(sbuf, p); /* ignore statm errors here */
static struct stat sb; /* stat buffer */
static char path[32], sbuf[1024]; /* bufs for stat,statm */
#ifdef FLASK_LINUX
- security_id_t sid;
+ security_id_t secsid;
#endif
/* loop until a proc matching restrictions is found or no more processes */
sprintf(path, "/proc/%s", ent->d_name);
#ifdef FLASK_LINUX
- if (stat_secure(path, &sb, &sid) == -1) /* no such dirent (anymore) */
+ if (stat_secure(path, &sb, &secsid) == -1) /* no such dirent (anymore) */
#else
if (stat(path, &sb) == -1) /* no such dirent (anymore) */
#endif
p = xcalloc(p, sizeof *p); /* passed buf or alloced mem */
p->euid = sb.st_uid; /* need a way to get real uid */
#ifdef FLASK_LINUX
- p->sid = sid;
+ p->secsid = secsid;
#endif
if ((file2str(path, "stat", sbuf, sizeof sbuf)) == -1)
}
-/* Convenient wrapper around openproc and readproc to slurp in the whole process
- * tree subset satisfying the constraints of flags and the optional PID list.
- * Free allocated memory with freeproctree(). The tree structure is a classic
- * left-list children + right-list siblings. The algorithm is a two-pass of the
- * process table. Since most process trees will have children with strictly
- * increasing PIDs, most of the structure will be picked up in the first pass.
- * The second loop then cleans up any nodes which turn out to have preceeded
- * their parent in /proc order.
- */
-
-/* Traverse tree 't' breadth-first looking for a process with pid p */
-static proc_t* LookupPID(proc_t* t, pid_t p) {
- proc_t* tmp = NULL;
- if (!t)
- return NULL;
- if (t->pid == p) /* look here/terminate recursion */
- return t;
- if ((tmp = LookupPID(t->l, p))) /* recurse over children */
- return tmp;
- for (; t; t=t->r) /* recurse over siblings */
- if ((tmp = LookupPID(tmp, p)))
- return tmp;
- return NULL;
-}
-
/* Convenient wrapper around openproc and readproc to slurp in the whole process
* table subset satisfying the constraints of flags and the optional PID list.
* Free allocated memory with freeproctab(). Access via tab[N]->member. The
i = va_arg(ap, int);
PT = openproc(flags, u, i);
}
- else if (Do(PID) || Do(TTY) || Do(STAT))
+ else if (Do(PID) || Do(TTY))
PT = openproc(flags, va_arg(ap, void*)); /* assume ptr sizes same */
-#ifdef FLASK_LINUX
- else if ( Do(SID) || Do(CONTEXT) )
- PT = openproc(flags, va_arg(ap, security_id_t*));
-#endif
else
PT = openproc(flags);
va_end(ap);
CMP_INT(state)
-#ifdef FLASK_LINUX
-CMP_INT(sid)
-#endif
-
/***************************************************************************/
/************ Lots of format functions, starting with the NOP **************/
}
-
+/****************** FLASK security stuff **********************/
#ifdef FLASK_LINUX
/*
- * The sr_fn() calls -- for sorting -- don't return errors because the same errors
- * should show up when the printing function pr_fn() is called, at which point the
- * error goes onscreen.
+ * The sr_fn() calls -- for sorting -- don't return errors because
+ * the same errors should show up when the printing function pr_fn()
+ * is called, at which point the error goes onscreen.
*/
-static int pr_sid ( void ) {
- return sprintf(outbuf, "%d", (int) pp->sid);
+/* as above, creates sr_secsid function */
+CMP_INT(secsid) /* FLASK security ID, **NOT** a session ID -- ugh */
+
+static int pr_secsid ( void ) {
+ return sprintf(outbuf, "%d", (int) pp->secsid);
}
static int pr_context ( void ) {
unsigned int len;
int rv;
-
len = DEF_CTXTLEN;
ctxt = (char *) calloc(1, len);
if ( ctxt != NULL )
- rv = security_sid_to_context(pp->sid, (security_context_t) ctxt, &len);
+ rv = security_sid_to_context(pp->secsid, (security_context_t) ctxt, &len);
else
return sprintf(outbuf, "-");
if ( errno != ENOSPC ) {
free(ctxt);
return sprintf(outbuf, "-");
- }
- else {
+ } else {
free(ctxt);
ctxt = (char *) calloc(1, len);
if ( ctxt != NULL ) {
- rv = security_sid_to_context(pp->sid, (security_context_t) ctxt, &len);
+ rv = security_sid_to_context(pp->secsid, (security_context_t) ctxt, &len);
if ( rv ) {
free(ctxt);
return sprintf(outbuf, "-");
- }
- else {
+ } else {
rv = sprintf(outbuf, "%s", ctxt);
free(ctxt);
return rv;
}
- }
- else /* calloc() failed */
+ } else { /* calloc() failed */
return sprintf(outbuf, "-");
+ }
}
- }
- else {
+ } else {
rv = sprintf(outbuf, "%s", ctxt);
free(ctxt);
return rv;
ctxt_P = (char *) calloc(1, len);
ctxt_Q = (char *) calloc(1, len);
- rv = security_sid_to_context(P->sid, (security_context_t) ctxt_P, &len);
+ rv = security_sid_to_context(P->secsid, (security_context_t) ctxt_P, &len);
if ( rv ) {
if ( errno != ENOSPC ) {
free(ctxt_P);
/* error should resurface during printing */
return( 0 );
- }
- else {
+ } else {
free(ctxt_P);
ctxt_P = (char *) calloc(1, len);
if ( ctxt_P != NULL ) {
- rv = security_sid_to_context(P->sid, (security_context_t) ctxt_P, &len);
+ rv = security_sid_to_context(P->secsid, (security_context_t) ctxt_P, &len);
if ( rv ) {
free(ctxt_P);
/* error should resurface during printing */
return( 0 );
}
- }
- else /* calloc() failed */
+ } else { /* calloc() failed */
/* error should resurface during printing */
return( 0 );
+ }
}
}
len = DEF_CTXTLEN;
- rv = security_sid_to_context(Q->sid, (security_context_t) ctxt_Q, &len);
+ rv = security_sid_to_context(Q->secsid, (security_context_t) ctxt_Q, &len);
if ( rv ) {
if ( errno != ENOSPC ) {
free(ctxt_P);
free(ctxt_Q);
/* error should resurface during printing */
return( 0 );
- }
- else {
+ } else {
free(ctxt_Q);
ctxt_Q = (char *) calloc(1, len);
if ( ctxt_Q != NULL ) {
/* error should resurface during printing */
return( 0 );
}
- }
- else /* calloc() failed */
+ } else { /* calloc() failed */
/* error should resurface during printing */
free(ctxt_P);
return( 0 );
+ }
}
}
return( rv );
}
+
+#else
+
+/****** dummy functions ******/
+
+#define pr_secsid pr_nop
+#define sr_secsid sr_nop
+#define pr_context pr_nop
+#define sr_context sr_nop
+
#endif
/***************************************************************************/
{"cnswap", "-", pr_nop, sr_cnswap, 1, 0, LNX, RIGHT},
{"comm", "COMMAND", pr_comm, sr_nop, 16, 0, U98, UNLIMITED}, /*ucomm*/
{"command", "COMMAND", pr_args, sr_nop, 16, 0, XXX, UNLIMITED}, /*args*/
-#ifdef FLASK_LINUX
{"context", "CONTEXT", pr_context, sr_context,40, 0, LNX, LEFT},
-#endif
{"cp", "CP", pr_cp, sr_pcpu, 3, 0, DEC, RIGHT}, /*cpu*/
{"cpu", "CPU", pr_nop, sr_nop, 3, 0, BSD, RIGHT}, /* FIXME ... HP-UX wants this as the CPU number for SMP? */
{"cputime", "TIME", pr_time, sr_nop, 8, 0, DEC, RIGHT}, /*time*/
{"sched", "SCH", pr_nop, sr_nop, 1, 0, AIX, RIGHT},
{"scnt", "SCNT", pr_nop, sr_nop, 4, 0, DEC, RIGHT}, /* man page misspelling of scount? */
{"scount", "SC", pr_nop, sr_nop, 4, 0, AIX, RIGHT}, /* scnt==scount, DEC claims both */
-#ifdef FLASK_LINUX
-{"secsid", "SID", pr_sid, sr_sid, 6, 0, LNX, RIGHT}, /* Flask Linux */
-#endif
+{"secsid", "SID", pr_secsid, sr_secsid, 6, 0, LNX, RIGHT}, /* Flask Linux */
{"sess", "SESS", pr_sess, sr_session, 5, 0, XXX, RIGHT},
{"session", "SESS", pr_sess, sr_session, 5, 0, LNX, RIGHT},
{"sgi_p", "P", pr_sgi_p, sr_nop, 1, 0, LNX, RIGHT}, /* "cpu" number */
{"FL5FMT", "f,state,uid,pid,ppid,pcpu,pri,nice,rss,wchan,start,time,command"}, /* Digital -fl */
-#ifdef FLASK_LINUX
{"FLASK_context", "pid,secsid,context,command"}, /* Flask Linux context, --context */
{"FLASK_sid", "pid,secsid,command"}, /* Flask Linux SID, --SID */
-#endif
{"HP_", "pid,tty,time,comm"}, /* HP default */
{"HP_f", "user,pid,ppid,cpu,stime,tty,time,args"}, /* HP -f */
projects / procps-ng / commitdiff