diff --git a/pgrep.c b/pgrep.c index 0e18bce5..24d4e72c 100644 --- a/pgrep.c +++ b/pgrep.c @@ -398,7 +398,7 @@ output_strlist (const union el *list) } static PROCTAB * -do_openproc () +do_openproc (void) { PROCTAB *ptp; int flags = PROC_FILLANY; @@ -425,7 +425,7 @@ do_openproc () } static regex_t * -do_regcomp () +do_regcomp (void) { regex_t *preg = NULL; @@ -469,7 +469,7 @@ jiffies_to_time_t (long jiffies) #endif static union el * -select_procs () +select_procs (void) { PROCTAB *ptp; proc_t task; diff --git a/proc/readproc.c b/proc/readproc.c index bae36fbe..f9f0e8ba 100644 --- a/proc/readproc.c +++ b/proc/readproc.c @@ -48,15 +48,8 @@ PROCTAB* openproc(int flags, ...) { else if (Do(UID)) { PT->uids = va_arg(ap, uid_t*); PT->nuid = va_arg(ap, int); - } else if (Do(STAT)) - PT->stats = va_arg(ap, char*); -#ifdef FLASK_LINUX - else if ( Do(SID) || Do(CONTEXT) ) - PT->sids = va_arg(ap, security_id_t*); -#endif + } va_end(ap); /* Clean up args list */ - if (Do(ANYTTY) && Do(TTY)) - PT->flags = PT->flags & ~PROC_TTY; /* turn off TTY flag */ return PT; } @@ -318,7 +311,7 @@ proc_t* readproc(PROCTAB* PT, proc_t* p) { static char path[32], sbuf[1024]; /* bufs for stat,statm */ int matched = 0; /* flags */ #ifdef FLASK_LINUX - security_id_t sid; + security_id_t secsid; #endif /* loop until a proc matching restrictions is found or no more processes */ @@ -342,7 +335,7 @@ next_proc: /* get next PID for consideration */ sprintf(path, "/proc/%s", ent->d_name); } #ifdef FLASK_LINUX - if ( stat_secure(path, &sb, &sid) == -1 ) /* no such dirent (anymore) */ + if ( stat_secure(path, &sb, &secsid) == -1 ) /* no such dirent (anymore) */ #else if (stat(path, &sb) == -1) /* no such dirent (anymore) */ #endif @@ -356,27 +349,16 @@ next_proc: /* get next PID for consideration */ p->euid = sb.st_uid; /* need a way to get real uid */ #ifdef FLASK_LINUX - p->sid = sid; + p->secsid = secsid; #endif if ((file2str(path, "stat", sbuf, sizeof sbuf)) == -1) goto next_proc; /* error reading /proc/#/stat */ stat2proc(sbuf, p); /* parse /proc/#/stat */ -#ifdef FLASK_LINUX - if (!matched && (Do(SID) || Do(CONTEXT)) && !XinL(security_id_t, p->sid, PT->sids)) - goto next_proc; /* not one of the requested SIDs */ -#endif - if (!matched && Do(TTY) && !XinL(dev_t, p->tty, PT->ttys)) goto next_proc; /* not one of the requested ttys */ - if (!matched && Do(ANYTTY) && p->tty == -1) - goto next_proc; /* no controlling terminal */ - - if (!matched && Do(STAT) && !strchr(PT->stats,p->state)) - goto next_proc; /* not one of the requested states */ - if (Do(FILLMEM)) { /* read, parse /proc/#/statm */ if ((file2str(path, "statm", sbuf, sizeof sbuf)) != -1 ) statm2proc(sbuf, p); /* ignore statm errors here */ @@ -431,7 +413,7 @@ proc_t* ps_readproc(PROCTAB* PT, proc_t* p) { static struct stat sb; /* stat buffer */ static char path[32], sbuf[1024]; /* bufs for stat,statm */ #ifdef FLASK_LINUX - security_id_t sid; + security_id_t secsid; #endif /* loop until a proc matching restrictions is found or no more processes */ @@ -449,7 +431,7 @@ next_proc: /* get next PID for consideration */ sprintf(path, "/proc/%s", ent->d_name); #ifdef FLASK_LINUX - if (stat_secure(path, &sb, &sid) == -1) /* no such dirent (anymore) */ + if (stat_secure(path, &sb, &secsid) == -1) /* no such dirent (anymore) */ #else if (stat(path, &sb) == -1) /* no such dirent (anymore) */ #endif @@ -459,7 +441,7 @@ next_proc: /* get next PID for consideration */ p = xcalloc(p, sizeof *p); /* passed buf or alloced mem */ p->euid = sb.st_uid; /* need a way to get real uid */ #ifdef FLASK_LINUX - p->sid = sid; + p->secsid = secsid; #endif if ((file2str(path, "stat", sbuf, sizeof sbuf)) == -1) @@ -516,31 +498,6 @@ void look_up_our_self(proc_t *p) { } -/* Convenient wrapper around openproc and readproc to slurp in the whole process - * tree subset satisfying the constraints of flags and the optional PID list. - * Free allocated memory with freeproctree(). The tree structure is a classic - * left-list children + right-list siblings. The algorithm is a two-pass of the - * process table. Since most process trees will have children with strictly - * increasing PIDs, most of the structure will be picked up in the first pass. - * The second loop then cleans up any nodes which turn out to have preceeded - * their parent in /proc order. - */ - -/* Traverse tree 't' breadth-first looking for a process with pid p */ -static proc_t* LookupPID(proc_t* t, pid_t p) { - proc_t* tmp = NULL; - if (!t) - return NULL; - if (t->pid == p) /* look here/terminate recursion */ - return t; - if ((tmp = LookupPID(t->l, p))) /* recurse over children */ - return tmp; - for (; t; t=t->r) /* recurse over siblings */ - if ((tmp = LookupPID(tmp, p))) - return tmp; - return NULL; -} - /* Convenient wrapper around openproc and readproc to slurp in the whole process * table subset satisfying the constraints of flags and the optional PID list. * Free allocated memory with freeproctab(). Access via tab[N]->member. The @@ -564,12 +521,8 @@ proc_t** readproctab(int flags, ...) { i = va_arg(ap, int); PT = openproc(flags, u, i); } - else if (Do(PID) || Do(TTY) || Do(STAT)) + else if (Do(PID) || Do(TTY)) PT = openproc(flags, va_arg(ap, void*)); /* assume ptr sizes same */ -#ifdef FLASK_LINUX - else if ( Do(SID) || Do(CONTEXT) ) - PT = openproc(flags, va_arg(ap, security_id_t*)); -#endif else PT = openproc(flags); va_end(ap); diff --git a/proc/readproc.h b/proc/readproc.h index 1ec2b1f9..ea1d67c2 100644 --- a/proc/readproc.h +++ b/proc/readproc.h @@ -204,11 +204,5 @@ extern void freeproc(proc_t* p); #define PROC_PID 0x0100 /* process id numbers ( 0 terminated) */ #define PROC_TTY 0x0200 /* ctty device nos. ( 0 terminated) */ #define PROC_UID 0x0400 /* user id numbers ( length needed ) */ -#define PROC_STAT 0x0800 /* status fields ('\0' terminated) */ -#define PROC_ANYTTY 0x1000 /* proc must have a controlling terminal */ -#ifdef FLASK_LINUX -#define PROC_SID 0x2000 -#define PROC_CONTEXT 0x2000 /* synonym: SID gets converted to string if PROC_CONTEXT */ -#endif #endif diff --git a/ps/common.h b/ps/common.h index 1282264b..e6d9ea1c 100644 --- a/ps/common.h +++ b/ps/common.h @@ -105,10 +105,8 @@ #define FF_Bv 0x0080 /* v */ #define FF_LX 0x0100 /* X */ #define FF_Lm 0x0200 /* m */ /* overloaded: threads, sort, format */ -#ifdef FLASK_LINUX -#define FF_Fc 0x0400 /* --context */ /* Flask security context format */ -#define FF_Fs 0x0800 /* --SID */ /* Flask SID format */ -#endif +#define FF_Fc 0x0400 /* --context */ /* Flask security context format */ +#define FF_Fs 0x0800 /* --SID */ /* Flask SID format */ /* predefined format modifier flags such as: -l -f l u s -j */ #define FM_c 0x0001 /* -c */ diff --git a/ps/output.c b/ps/output.c index 257ee6bd..091e3b95 100644 --- a/ps/output.c +++ b/ps/output.c @@ -201,10 +201,6 @@ CMP_INT(pcpu) CMP_INT(state) -#ifdef FLASK_LINUX -CMP_INT(sid) -#endif - /***************************************************************************/ /************ Lots of format functions, starting with the NOP **************/ @@ -923,17 +919,20 @@ static int pr_sgi_p(void){ /* FIXME */ } - +/****************** FLASK security stuff **********************/ #ifdef FLASK_LINUX /* - * The sr_fn() calls -- for sorting -- don't return errors because the same errors - * should show up when the printing function pr_fn() is called, at which point the - * error goes onscreen. + * The sr_fn() calls -- for sorting -- don't return errors because + * the same errors should show up when the printing function pr_fn() + * is called, at which point the error goes onscreen. */ -static int pr_sid ( void ) { - return sprintf(outbuf, "%d", (int) pp->sid); +/* as above, creates sr_secsid function */ +CMP_INT(secsid) /* FLASK security ID, **NOT** a session ID -- ugh */ + +static int pr_secsid ( void ) { + return sprintf(outbuf, "%d", (int) pp->secsid); } static int pr_context ( void ) { @@ -941,11 +940,10 @@ static int pr_context ( void ) { unsigned int len; int rv; - len = DEF_CTXTLEN; ctxt = (char *) calloc(1, len); if ( ctxt != NULL ) - rv = security_sid_to_context(pp->sid, (security_context_t) ctxt, &len); + rv = security_sid_to_context(pp->secsid, (security_context_t) ctxt, &len); else return sprintf(outbuf, "-"); @@ -953,27 +951,24 @@ static int pr_context ( void ) { if ( errno != ENOSPC ) { free(ctxt); return sprintf(outbuf, "-"); - } - else { + } else { free(ctxt); ctxt = (char *) calloc(1, len); if ( ctxt != NULL ) { - rv = security_sid_to_context(pp->sid, (security_context_t) ctxt, &len); + rv = security_sid_to_context(pp->secsid, (security_context_t) ctxt, &len); if ( rv ) { free(ctxt); return sprintf(outbuf, "-"); - } - else { + } else { rv = sprintf(outbuf, "%s", ctxt); free(ctxt); return rv; } - } - else /* calloc() failed */ + } else { /* calloc() failed */ return sprintf(outbuf, "-"); + } } - } - else { + } else { rv = sprintf(outbuf, "%s", ctxt); free(ctxt); return rv; @@ -990,41 +985,39 @@ static int sr_context ( const proc_t* P, const proc_t* Q ) { ctxt_P = (char *) calloc(1, len); ctxt_Q = (char *) calloc(1, len); - rv = security_sid_to_context(P->sid, (security_context_t) ctxt_P, &len); + rv = security_sid_to_context(P->secsid, (security_context_t) ctxt_P, &len); if ( rv ) { if ( errno != ENOSPC ) { free(ctxt_P); /* error should resurface during printing */ return( 0 ); - } - else { + } else { free(ctxt_P); ctxt_P = (char *) calloc(1, len); if ( ctxt_P != NULL ) { - rv = security_sid_to_context(P->sid, (security_context_t) ctxt_P, &len); + rv = security_sid_to_context(P->secsid, (security_context_t) ctxt_P, &len); if ( rv ) { free(ctxt_P); /* error should resurface during printing */ return( 0 ); } - } - else /* calloc() failed */ + } else { /* calloc() failed */ /* error should resurface during printing */ return( 0 ); + } } } len = DEF_CTXTLEN; - rv = security_sid_to_context(Q->sid, (security_context_t) ctxt_Q, &len); + rv = security_sid_to_context(Q->secsid, (security_context_t) ctxt_Q, &len); if ( rv ) { if ( errno != ENOSPC ) { free(ctxt_P); free(ctxt_Q); /* error should resurface during printing */ return( 0 ); - } - else { + } else { free(ctxt_Q); ctxt_Q = (char *) calloc(1, len); if ( ctxt_Q != NULL ) { @@ -1035,11 +1028,11 @@ static int sr_context ( const proc_t* P, const proc_t* Q ) { /* error should resurface during printing */ return( 0 ); } - } - else /* calloc() failed */ + } else { /* calloc() failed */ /* error should resurface during printing */ free(ctxt_P); return( 0 ); + } } } @@ -1050,6 +1043,16 @@ static int sr_context ( const proc_t* P, const proc_t* Q ) { return( rv ); } + +#else + +/****** dummy functions ******/ + +#define pr_secsid pr_nop +#define sr_secsid sr_nop +#define pr_context pr_nop +#define sr_context sr_nop + #endif /***************************************************************************/ @@ -1122,9 +1125,7 @@ static const format_struct format_array[] = { {"cnswap", "-", pr_nop, sr_cnswap, 1, 0, LNX, RIGHT}, {"comm", "COMMAND", pr_comm, sr_nop, 16, 0, U98, UNLIMITED}, /*ucomm*/ {"command", "COMMAND", pr_args, sr_nop, 16, 0, XXX, UNLIMITED}, /*args*/ -#ifdef FLASK_LINUX {"context", "CONTEXT", pr_context, sr_context,40, 0, LNX, LEFT}, -#endif {"cp", "CP", pr_cp, sr_pcpu, 3, 0, DEC, RIGHT}, /*cpu*/ {"cpu", "CPU", pr_nop, sr_nop, 3, 0, BSD, RIGHT}, /* FIXME ... HP-UX wants this as the CPU number for SMP? */ {"cputime", "TIME", pr_time, sr_nop, 8, 0, DEC, RIGHT}, /*time*/ @@ -1234,9 +1235,7 @@ static const format_struct format_array[] = { {"sched", "SCH", pr_nop, sr_nop, 1, 0, AIX, RIGHT}, {"scnt", "SCNT", pr_nop, sr_nop, 4, 0, DEC, RIGHT}, /* man page misspelling of scount? */ {"scount", "SC", pr_nop, sr_nop, 4, 0, AIX, RIGHT}, /* scnt==scount, DEC claims both */ -#ifdef FLASK_LINUX -{"secsid", "SID", pr_sid, sr_sid, 6, 0, LNX, RIGHT}, /* Flask Linux */ -#endif +{"secsid", "SID", pr_secsid, sr_secsid, 6, 0, LNX, RIGHT}, /* Flask Linux */ {"sess", "SESS", pr_sess, sr_session, 5, 0, XXX, RIGHT}, {"session", "SESS", pr_sess, sr_session, 5, 0, LNX, RIGHT}, {"sgi_p", "P", pr_sgi_p, sr_nop, 1, 0, LNX, RIGHT}, /* "cpu" number */ @@ -1346,10 +1345,8 @@ static const macro_struct macro_array[] = { {"FL5FMT", "f,state,uid,pid,ppid,pcpu,pri,nice,rss,wchan,start,time,command"}, /* Digital -fl */ -#ifdef FLASK_LINUX {"FLASK_context", "pid,secsid,context,command"}, /* Flask Linux context, --context */ {"FLASK_sid", "pid,secsid,command"}, /* Flask Linux SID, --SID */ -#endif {"HP_", "pid,tty,time,comm"}, /* HP default */ {"HP_f", "user,pid,ppid,cpu,stime,tty,time,args"}, /* HP -f */ diff --git a/ps/parser.c b/ps/parser.c index 8f00896f..f3f671bd 100644 --- a/ps/parser.c +++ b/ps/parser.c @@ -726,15 +726,11 @@ static const char *parse_gnu_option(void){ gnu_table_struct *found; static const gnu_table_struct gnu_table[] = { {"Group", &&case_Group}, /* rgid */ -#ifdef FLASK_LINUX {"SID", &&case_secsid}, -#endif {"User", &&case_User}, /* ruid */ {"cols", &&case_cols}, {"columns", &&case_columns}, -#ifdef FLASK_LINUX {"context", &&case_context}, -#endif {"cumulative", &&case_cumulative}, {"deselect", &&case_deselect}, /* -N */ {"forest", &&case_forest}, /* f -H */ @@ -757,9 +753,7 @@ static const char *parse_gnu_option(void){ {"noheadings", &&case_noheadings}, {"pid", &&case_pid}, {"rows", &&case_rows}, -#ifdef FLASK_LINUX {"secsid", &&case_secsid}, -#endif {"sid", &&case_sid}, {"sort", &&case_sort}, {"tty", &&case_tty}, @@ -936,7 +930,6 @@ static const char *parse_gnu_option(void){ display_version(); exit(0); return NULL; -#ifdef FLASK_LINUX case_context: trace("--context\n"); format_flags |= FF_Fc; @@ -945,7 +938,6 @@ static const char *parse_gnu_option(void){ trace("--secsid\n"); format_flags |= FF_Fs; return NULL; -#endif } /*************** process trailing PIDs **********************/ diff --git a/ps/sortformat.c b/ps/sortformat.c index 21b5bb5f..aff90e4e 100644 --- a/ps/sortformat.c +++ b/ps/sortformat.c @@ -800,10 +800,10 @@ const char *process_sf_options(int localbroken){ /* These are old Linux options. Option m is overloaded. */ case FF_LX: spec="OL_X"; break; case FF_Lm: spec="OL_m"; break; -#ifdef FLASK_LINUX + + /* These are FLASK security options. */ case FF_Fc: spec="FLASK_context"; break; case FF_Fs: spec="FLASK_sid"; break; -#endif } /* end switch(format_flags) */