Class: CapNG

Inherits:
Object
  • Object
show all
Defined in:
ext/capng/capng.c,
lib/capng.rb,
lib/capng/version.rb,
ext/capng/capng.c

Overview

CapNG class.

Examples:

# Current process capability example
require 'capng'

@capng = CapNG.new(:current_process)
@capng.have_capability?(:effective, :dac_read_search)
# Other process capability example
require 'capng'

@capng = CapNG.new(:other_process, 12345)
@capng.have_capability?(:effective, :dac_override)

Defined Under Namespace

Modules: Action, Flags, Result, Select, Type Classes: Capability, Error, Print, State

Constant Summary collapse

VERSION = 
"0.2.3"

Instance Method Summary collapse

Constructor Details

#initialize(target = nil, pid_or_file = nil) ⇒ nil

Initalize CapNG class.



92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
 
# File 'ext/capng/capng.c', line 92

static VALUE
rb_capng_initialize(int argc, VALUE* argv, VALUE self)
{
  VALUE rb_target, rb_pid;
  int result = 0;
  char* target = NULL;
  int pid = 0;

  rb_scan_args(argc, argv, "02", &rb_target, &rb_pid);

  if (NIL_P(rb_target)) {
    return Qnil;
  }

  if (RB_TYPE_P(rb_target, T_SYMBOL)) {
    target = RSTRING_PTR(rb_sym2str(rb_target));
  } else if (RB_TYPE_P(rb_target, T_STRING)) {
    target = StringValuePtr(rb_target);
  } else {
    rb_raise(rb_eArgError, "Expected a String or a Symbol instance for tagret argument");
  }

  if (strcmp(target, "current_process") == 0) {
    result = capng_get_caps_process();
    if (result != 0) {
      rb_raise(rb_eRuntimeError, "Couldn't get current process' capability");
    }
  } else if (strcmp(target, "other_process") == 0) {
    Check_Type(rb_pid, T_FIXNUM);

    pid = NUM2INT(rb_pid);
    capng_setpid(pid);
    result = capng_get_caps_process();
    if (result != 0) {
      rb_raise(rb_eRuntimeError, "Couldn't get current process' capability");
    }
  }

  return Qnil;
}

Instance Method Details

#apply(rb_select_name_or_enum) ⇒ Boolean

Apply capabilities on specified target.

Parameters:

  • rb_select_name_or_enum (Symbol or String or Fixnum)

    targets are CAPS, BOUNDS, BOTH, and AMBIENT for supported platform.

Returns:

  • (Boolean) 


335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
 
# File 'ext/capng/capng.c', line 335

static VALUE
rb_capng_apply(VALUE self, VALUE rb_select_name_or_enum)
{
  int result = 0;
  capng_select_t select = 0;

  switch (TYPE(rb_select_name_or_enum)) {
    case T_SYMBOL:
      select =
        select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
      break;
    case T_STRING:
      select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
      break;
    case T_FIXNUM:
      select = NUM2INT(rb_select_name_or_enum);
      break;
    default:
      rb_raise(rb_eArgError,
               "Expected a String or a Symbol instance, or a capability type constant");
  }

  result = capng_apply(select);

  if (result == 0)
    return Qtrue;
  else
    return Qfalse;
}

#apply_caps_file(rb_file) ⇒ Boolean

Apply capabilities on specified target (file specific version).

Parameters:

  • rb_file (File)

    target file object

Returns:

  • (Boolean) 


539
540
541
542
543
544
545
546
547
548
549
 
# File 'ext/capng/capng.c', line 539

def apply_caps_file(file_or_string_path)
  if file_or_string_path.is_a?(String) && File.exist?(file_or_string_path)
    File.open(file_or_string_path) do |f|
      apply_caps_file_raw(f)
    end
  elsif file_or_string_path.is_a?(File)
    apply_caps_file_raw(file_or_string_path)
  else
    raise ArgumentError, "#{file_or_string_path} should be File class or String class instance."
  end
end

#apply_caps_file_rawObject

:nodoc:



13
 
# File 'lib/capng.rb', line 13

alias_method :apply_caps_file_raw, :apply_caps_file

#caps_file(rb_file) ⇒ Boolean

Retrieve capabilities from file.

Parameters:

  • rb_file (File)

    target file object

Returns:

  • (Boolean) 


512
513
514
515
516
517
518
519
520
521
522
 
# File 'ext/capng/capng.c', line 512

def caps_file(file_or_string_path)
  if file_or_string_path.is_a?(String) && File.exist?(file_or_string_path)
    File.open(file_or_string_path) do |f|
      caps_file_raw(f)
    end
  elsif file_or_string_path.is_a?(File)
    caps_file_raw(file_or_string_path)
  else
    raise ArgumentError, "#{file_or_string_path} should be File class or String class instance."
  end
end

#caps_file_rawObject

:nodoc:



10
 
# File 'lib/capng.rb', line 10

alias_method :caps_file_raw, :caps_file

#caps_processBoolean

Specify process ID to retrieve process capabilities. If not calling #setpid before, it returns current process’ capabilities.

Returns:

  • (Boolean) 


228
229
230
231
232
233
234
235
236
237
238
 
# File 'ext/capng/capng.c', line 228

static VALUE
rb_capng_get_caps_process(VALUE self)
{
  int result = 0;
  result = capng_get_caps_process();

  if (result == 0)
    return Qtrue;
  else
    return Qfalse;
}

#change_id(rb_uid, rb_gid, rb_flags) ⇒ Object

Change the credentials retaining capabilities. @see: capng_change_id(3)

Parameters:

  • rb_uid (Fixnum)

    User ID.

  • rb_gid (Fixnum)

    Group ID.

  • rb_flags (Fixnum)

    CapNG::Flags constants.



392
393
394
395
396
397
398
399
400
401
402
403
404
405
 
# File 'ext/capng/capng.c', line 392

static VALUE
rb_capng_change_id(VALUE self, VALUE rb_uid, VALUE rb_gid, VALUE rb_flags)
{
  int result = 0;

  result = capng_change_id(NUM2INT(rb_uid), NUM2INT(rb_gid), NUM2INT(rb_flags));

  if (result == 0)
    return Qtrue;
  else
    rb_raise(rb_eRuntimeError,
             "Calling capng_change_id is failed with: (exitcode: %d)\n",
             result);
}

#clear(rb_select_name_or_enum) ⇒ nil

Clear capabilities on specified target.

Parameters:

  • rb_select_name_or_enum (Symbol or String or Fixnum)

    targets are CAPS, BOUNDS, BOTH, and AMBIENT for supported platform.

Returns:

  • (nil) 


142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
 
# File 'ext/capng/capng.c', line 142

static VALUE
rb_capng_clear(VALUE self, VALUE rb_select_name_or_enum)
{
  capng_select_t select = 0;

  switch (TYPE(rb_select_name_or_enum)) {
    case T_SYMBOL:
      select =
        select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
      break;
    case T_STRING:
      select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
      break;
    case T_FIXNUM:
      select = NUM2INT(rb_select_name_or_enum);
      break;
    default:
      rb_raise(rb_eArgError,
               "Expected a String or a Symbol instance, or a capability type constant");
  }

  capng_clear(select);

  return Qnil;
}

#fill(rb_select_name_or_enum) ⇒ nil

Fill capabilities on specified target.

Parameters:

  • rb_select_name_or_enum (Symbol or String or Fixnum)

    targets are CAPS, BOUNDS, BOTH, and AMBIENT for supported platform.

Returns:

  • (nil) 


177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
 
# File 'ext/capng/capng.c', line 177

static VALUE
rb_capng_fill(VALUE self, VALUE rb_select_name_or_enum)
{
  capng_select_t select = 0;

  switch (TYPE(rb_select_name_or_enum)) {
    case T_SYMBOL:
      select =
        select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
      break;
    case T_STRING:
      select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
      break;
    case T_FIXNUM:
      select = NUM2INT(rb_select_name_or_enum);
      break;
    default:
      rb_raise(rb_eArgError,
               "Expected a String or a Symbol instance, or a capability type constant");
  }

  capng_fill(select);

  return Qnil;
}

#get_caps_file(rb_file) ⇒ Boolean

Retrieve capabilities from file.

Parameters:

  • rb_file (File)

    target file object

Returns:

  • (Boolean) 


512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
 
# File 'ext/capng/capng.c', line 512

static VALUE
rb_capng_get_caps_file(VALUE self, VALUE rb_file)
{
  int result = 0, fd = 0;

  Check_Type(rb_file, T_FILE);

  if (NIL_P(rb_file)) {
    return Qfalse;
  }
  fd = capng_get_file_descriptor(rb_file);
  result = capng_get_caps_fd(fd);

  if (result == 0)
    return Qtrue;
  else
    return Qfalse;
}

#get_caps_processBoolean

Specify process ID to retrieve process capabilities. If not calling #setpid before, it returns current process’ capabilities.

Returns:

  • (Boolean) 


228
229
230
231
232
233
234
235
236
237
238
 
# File 'ext/capng/capng.c', line 228

static VALUE
rb_capng_get_caps_process(VALUE self)
{
  int result = 0;
  result = capng_get_caps_process();

  if (result == 0)
    return Qtrue;
  else
    return Qfalse;
}

#have_capabilities?(rb_select_name_or_enum) ⇒ Integer

Check whether capabilities on specified target or not.

Parameters:

  • rb_select_name_or_enum (Symbol or String or Fixnum)

    targets are CAPS, BOUNDS, BOTH, and AMBIENT for supported platform.

Returns:

  • (Integer) 


416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
 
# File 'ext/capng/capng.c', line 416

static VALUE
rb_capng_have_capabilities_p(VALUE self, VALUE rb_select_name_or_enum)
{
  int result = 0;
  capng_select_t select = 0;

  switch (TYPE(rb_select_name_or_enum)) {
    case T_SYMBOL:
      select =
        select_name_to_select_type(RSTRING_PTR(rb_sym2str(rb_select_name_or_enum)));
      break;
    case T_STRING:
      select = select_name_to_select_type(StringValuePtr(rb_select_name_or_enum));
      break;
    case T_FIXNUM:
      select = NUM2INT(rb_select_name_or_enum);
      break;
    default:
      rb_raise(rb_eArgError,
               "Expected a String or a Symbol instance, or a capability type constant");
  }
  result = capng_have_capabilities(select);

  return INT2NUM(result);
}

#have_capability?(rb_capability_name_or_type, rb_capability_or_name) ⇒ Boolean

Check whether capabilities on specified target or not.

@see: [CapNG::Capability]

Parameters:

  • rb_capability_name_or_type (Symbol or String or Fixnum)

    types are EFFECTIVE, INHERITABLE, PERMITTED, and AMBIENT for supported platform.

  • rb_capability_or_name (Symbol or String or Fixnum)

    Capability name or constants.

Returns:

  • (Boolean) 


455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
 
# File 'ext/capng/capng.c', line 455

static VALUE
rb_capng_have_capability_p(VALUE self, VALUE rb_capability_name_or_type,
                           VALUE rb_capability_or_name)
{
  int result = 0;
  unsigned int capability = 0;
  capng_type_t capability_type = 0;

  switch (TYPE(rb_capability_name_or_type)) {
    case T_SYMBOL:
      capability_type = capability_type_name_to_capability_type(
        RSTRING_PTR(rb_sym2str(rb_capability_name_or_type)));
      break;
    case T_STRING:
      capability_type = capability_type_name_to_capability_type(
        StringValuePtr(rb_capability_name_or_type));
      break;
    case T_FIXNUM:
      capability_type = NUM2INT(rb_capability_name_or_type);
      break;
    default:
      rb_raise(rb_eArgError,
               "Expected a String or a Symbol instance, or a capability type constant");
  }

  switch (TYPE(rb_capability_or_name)) {
    case T_SYMBOL:
      capability =
        capng_name_to_capability(RSTRING_PTR(rb_sym2str(rb_capability_or_name)));
      break;
    case T_STRING:
      capability = capng_name_to_capability(StringValuePtr(rb_capability_or_name));
      break;
    case T_FIXNUM:
      capability = NUM2INT(rb_capability_or_name);
      break;
    default:
      rb_raise(rb_eArgError,
               "Expected a String or a Symbol instance, or a capability constant");
  }

  result = capng_have_capability(capability_type, capability);

  if (result == 1)
    return Qtrue;
  else
    return Qfalse;
}

#lockBoolean

Lock capabilities.

Returns:

  • (Boolean) 


371
372
373
374
375
376
377
378
379
380
381
382
 
# File 'ext/capng/capng.c', line 371

static VALUE
rb_capng_lock(VALUE self)
{
  int result = 0;

  result = capng_lock();

  if (result == 0)
    return Qtrue;
  else
    return Qfalse;
}

#setpid(rb_pid) ⇒ nil

Specify process ID to retrieve other process capabilities.

Parameters:

  • rb_pid (Fixnum)

    Process ID.

Returns:

  • (nil) 


211
212
213
214
215
216
217
218
219
 
# File 'ext/capng/capng.c', line 211

static VALUE
rb_capng_setpid(VALUE self, VALUE rb_pid)
{
  Check_Type(rb_pid, T_FIXNUM);

  capng_setpid(NUM2INT(rb_pid));

  return Qnil;
}

#update(rb_action_name_or_action, rb_capability_name_or_type, rb_capability_or_name) ⇒ Boolean

Update capabilities.

@see: [CapNG::Capability])

Parameters:

  • rb_action_name_or_action (Symbol or String or Fixnum)

    ADD or DROP.

  • rb_capability_name_or_type (Symbol or String or Fixnum)

    Effective/Inheritable/Permitted/Ambient (If supported) or their combinations

  • rb_capability_or_name (Symbol or String or Fixnum)

    Capability name or constants.

Returns:

  • (Boolean) 


252
253
254
255
256
257
258
259
260
261
262
263
264
 
# File 'ext/capng/capng.c', line 252

def update(action, type, capability_or_capability_array)
  if capability_or_capability_array.is_a?(Array) && !capability_or_capability_array.empty?
    results = []
    capability_or_capability_array.each do |capability|
      result = update_raw(action, type, capability)
      results << result
      return results if !result
    end
    results
  else
    update_raw(action, type, capability_or_capability_array)
  end
end

#update_rawObject

:nodoc:



16
 
# File 'lib/capng.rb', line 16

alias_method :update_raw, :update