diff --git a/Cargo.lock b/Cargo.lock index 132bb83..f6a4c02 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -711,7 +711,7 @@ dependencies = [ "cc 1.0.47 (registry+https://github.com/rust-lang/crates.io-index)", "libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)", "pkg-config 0.3.17 (registry+https://github.com/rust-lang/crates.io-index)", - "vcpkg 0.2.7 (registry+https://github.com/rust-lang/crates.io-index)", + "vcpkg 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)", ] [[package]] @@ -794,6 +794,20 @@ dependencies = [ "libc 0.2.66 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "pledge-example-2015" +version = "0.0.0" +dependencies = [ + "pledge 0.3.1", +] + +[[package]] +name = "pledge-example-2018" +version = "0.0.0" +dependencies = [ + "pledge 0.3.1", +] + [[package]] name = "pledge-variants" version = "0.0.0" @@ -1521,7 +1535,7 @@ dependencies = [ [[package]] name = "vcpkg" -version = "0.2.7" +version = "0.2.8" source = "registry+https://github.com/rust-lang/crates.io-index" [[package]] @@ -1764,7 +1778,7 @@ dependencies = [ "checksum url 2.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "75b414f6c464c879d7f9babf951f23bc3743fb7313c081b2e6ca719067ea9d61" "checksum utf-8 0.7.5 (registry+https://github.com/rust-lang/crates.io-index)" = "05e42f7c18b8f902290b009cde6d651262f956c98bc51bca4cd1d511c9cd85c7" "checksum uuid 0.7.4 (registry+https://github.com/rust-lang/crates.io-index)" = "90dbc611eb48397705a6b0f6e917da23ae517e4d127123d2cf7674206627d32a" -"checksum vcpkg 0.2.7 (registry+https://github.com/rust-lang/crates.io-index)" = "33dd455d0f96e90a75803cfeb7f948768c08d70a6de9a8d2362461935698bf95" +"checksum vcpkg 0.2.8 (registry+https://github.com/rust-lang/crates.io-index)" = "3fc439f2794e98976c88a2a2dafce96b930fe8010b0a256b3c2199a773933168" "checksum version_check 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "914b1a6776c4c929a602fafd8bc742e06365d4bcbe48c30f9cca5824f70dc9dd" "checksum version_check 0.9.1 (registry+https://github.com/rust-lang/crates.io-index)" = "078775d0255232fb988e6fccf26ddc9d1ac274299aaedcedce21c6f72cc533ce" "checksum want 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b6395efa4784b027708f7451087e647ec73cc74f5d9bc2e418404248d679a230" diff --git a/Cargo.toml b/Cargo.toml index 5bcb301..497b164 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -10,7 +10,7 @@ keywords = ["openbsd", "binding", "security"] license = "MIT" [workspace] -members = ["variants"] +members = ["variants", "example-2015", "example-2018"] [dependencies] libc = "0.2" diff --git a/README.md b/README.md index fb3944d..c0195cb 100644 --- a/README.md +++ b/README.md @@ -7,77 +7,71 @@ A Rust binding to OpenBSD's pledge(2) interface. ## Usage - #[macro_use] extern crate pledge; - use pledge::{pledge, Promise, ToPromiseString}; + /* Rust 2015 only */ #[macro_use] extern crate pledge; + /* Rust 2018 only */ use pledge::{pledge, pledge_promises, pledge_execpromises}; fn foo() { // make both promises and execpromises - match pledge![Stdio Proc Exec, Stdio Tty] { - Err(_) => println!("Failed to pledge"), - _ => () - } + pledge![Stdio Proc Exec, Stdio Tty].unwrap(); // make promises only - match pledge_promises[Stdio Exec] { - Err(_) => println!("Failed to pledge"), - _ => () - } + pledge_promises![Stdio Exec].unwrap(); // make execpromises only - match pledge_execpromises[Stdio] { - Err(_) => println!("Failed to pledge"), - _ => () - } + pledge_execpromises![Stdio].unwrap(); } -This is equivalent to: +This is roughly equivalent to: - extern crate pledge; + /* Rust 2015 only */ extern crate pledge; use pledge::{pledge, Promise, ToPromiseString}; fn foo() { // make both promises and execpromises let promises = vec![Promise::Stdio, Promise::Proc, Promise::Exec]; let execpromises = vec![Promise::Stdio, Promise::Tty]; - match pledge(&*promises.to_promise_string(), &*execpromises.to_promise_string()) { - Err(_) => println!("Failed to pledge"), - _ => () - } + pledge(&*promises.to_promise_string(), &*execpromises.to_promise_string()).unwrap(); // make promises only let promises = vec![Promise::Stdio, Promise::Exec]; - match pledge(&*promises.to_promise_string(), None) { - Err(_) => println!("Failed to pledge"), - _ => () - } + pledge(&*promises.to_promise_string(), None).unwrap(); // make execpromises only let execpromises = vec![Promise::Stdio]; - match pledge(None, &*execpromises.to_promise_string()) { - Err(_) => println!("Failed to pledge"), - _ => () - } + pledge(None, &*execpromises.to_promise_string()).unwrap(); } You may also provide promises directly as a string: + /* Rust 2015 only */ extern crate pledge; use pledge::pledge; fn foo() { // make both promises and execpromises - if pledge("stdio proc exec", "stdio tty").is_err() { - panic!("Failed to pledge"); - } + pledge("stdio proc exec", "stdio tty").unwrap(); // make promises only - if pledge("stdio exec", None).is_err() { - panic!("Failed to pledge"); - } + pledge("stdio exec", None).unwrap(); // make execpromises only - if pledge(None, "stdio").is_err() { - panic!("Failed to pledge"); - } + pledge(None, "stdio").unwrap(); + } + +All of these will yield `pledge::Error::UnsupportedPlatform` on platforms that +don’t support pledge(2). You can use `pledge::Error::ignore_platform` to ignore +that variant and make your program portable to those platforms: + + /* Rust 2015 only */ extern crate pledge; + /* Rust 2018 only */ use pledge::pledge_promises; + + fn foo() { + ... + + pledge_promises![Stdio Exec] + .or_else(pledge::Error::ignore_platform) + .unwrap(); + + ... } ## Compatibility @@ -91,7 +85,7 @@ where the second parameter sets a whitelist of permitted paths. To migrate your code from older versions: -* change `pledge![P, Q, R]` call sites to `pledge_promises![P, Q, R]` +* change `pledge![P, Q, R]` call sites to `pledge_promises![P Q R]` * change `pledge("p q r")` call sites to `pledge("p q r", None)` * change `pledge_with_paths(promises, paths)` to `pledge(promises)` * update usage of renamed `Promise` variants (e.g. `MCast` → `Mcast`) diff --git a/example-2015/.gitignore b/example-2015/.gitignore new file mode 100644 index 0000000..b83d222 --- /dev/null +++ b/example-2015/.gitignore @@ -0,0 +1 @@ +/target/ diff --git a/example-2015/Cargo.toml b/example-2015/Cargo.toml new file mode 100644 index 0000000..6a4803b --- /dev/null +++ b/example-2015/Cargo.toml @@ -0,0 +1,9 @@ +[package] +name = "pledge-example-2015" +version = "0.0.0" +authors = ["Andrew Aldridge ", "Delan Azabani "] +edition = "2015" +publish = false + +[dependencies.pledge] +path = ".." diff --git a/example-2015/rustfmt.toml b/example-2015/rustfmt.toml new file mode 100644 index 0000000..e69de29 diff --git a/example-2015/src/main.rs b/example-2015/src/main.rs new file mode 100644 index 0000000..74a61e8 --- /dev/null +++ b/example-2015/src/main.rs @@ -0,0 +1,9 @@ +#[macro_use] +extern crate pledge; + +fn main() { + pledge_promises![Stdio] + .or_else(pledge::Error::ignore_platform) + .unwrap(); + println!("Hello, world!"); +} diff --git a/example-2018/.gitignore b/example-2018/.gitignore new file mode 100644 index 0000000..b83d222 --- /dev/null +++ b/example-2018/.gitignore @@ -0,0 +1 @@ +/target/ diff --git a/example-2018/Cargo.toml b/example-2018/Cargo.toml new file mode 100644 index 0000000..e7e69b9 --- /dev/null +++ b/example-2018/Cargo.toml @@ -0,0 +1,9 @@ +[package] +name = "pledge-example-2018" +version = "0.0.0" +authors = ["Andrew Aldridge ", "Delan Azabani "] +edition = "2018" +publish = false + +[dependencies.pledge] +path = ".." diff --git a/example-2018/rustfmt.toml b/example-2018/rustfmt.toml new file mode 100644 index 0000000..e69de29 diff --git a/example-2018/src/main.rs b/example-2018/src/main.rs new file mode 100644 index 0000000..fcd76fd --- /dev/null +++ b/example-2018/src/main.rs @@ -0,0 +1,8 @@ +use pledge::pledge_promises; + +fn main() { + pledge_promises![Stdio] + .or_else(pledge::Error::ignore_platform) + .unwrap(); + println!("Hello, world!"); +} diff --git a/src/lib.rs b/src/lib.rs index 208b9e4..7a0b116 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -12,6 +12,15 @@ pub enum Error { Other(c_int), } +impl Error { + pub fn ignore_platform(self) -> Result<(), Self> { + match self { + Error::UnsupportedPlatform => Ok(()), + x => Err(x), + } + } +} + impl fmt::Display for Error { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { match *self { @@ -68,14 +77,14 @@ macro_rules! pledge { let mut promises = Vec::new(); let mut execpromises = Vec::new(); $( - promises.push(Promise::$promises); + promises.push($crate::Promise::$promises); )* $( - execpromises.push(Promise::$execpromises); + execpromises.push($crate::Promise::$execpromises); )* - let promises = promises.to_promise_string(); - let execpromises = execpromises.to_promise_string(); - pledge(&*promises, &*execpromises) + let promises = $crate::ToPromiseString::to_promise_string(&*promises); + let execpromises = $crate::ToPromiseString::to_promise_string(&*execpromises); + $crate::pledge(&*promises, &*execpromises) } }; } @@ -86,10 +95,10 @@ macro_rules! pledge_promises { { let mut promises = Vec::new(); $( - promises.push(Promise::$promises); + promises.push($crate::Promise::$promises); )* - let promises = promises.to_promise_string(); - pledge(&*promises, None) + let promises = $crate::ToPromiseString::to_promise_string(&*promises); + $crate::pledge(&*promises, None) } }; } @@ -100,10 +109,10 @@ macro_rules! pledge_execpromises { { let mut execpromises = Vec::new(); $( - execpromises.push(Promise::$execpromises); + execpromises.push($crate::Promise::$execpromises); )* - let execpromises = execpromises.to_promise_string(); - pledge(None, &*execpromises) + let execpromises = $crate::ToPromiseString::to_promise_string(&*execpromises); + $crate::pledge(None, &*execpromises) } }; }