tmp / linux-rsbac-1.2 / rsbac / help

syscalls.c File Reference

#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/mac.h>
#include <rsbac/pm.h>
#include <rsbac/auth.h>
#include <rsbac/acl.h>
#include <rsbac/reg.h>
#include <rsbac/error.h>
#include <rsbac/debug.h>
#include <rsbac/helpers.h>
#include <rsbac/getname.h>
#include <rsbac/network.h>
#include <asm/segment.h>
#include <asm/semaphore.h>
#include <linux/sched.h>
#include <linux/file.h>
#include <rsbac/rkmem.h>
#include <rsbac/gen_lists.h>
#include <linux/smp_lock.h>
#include <asm/uaccess.h>
#include <rsbac/adf.h>
#include <rsbac/adf_main.h>
#include <rsbac/adf_syshelpers.h>
#include <rsbac/rc.h>
#include <rsbac/um.h>
#include <rsbac/um_types.h>
#include <rsbac/syscalls.h>
#include <linux/namei.h>

Function Documentation

int sys_rsbac_acl ( rsbac_list_ta_number_t ta_number,

enum rsbac_acl_syscall_type_t call,

struct rsbac_acl_syscall_arg_t * arg

)

Definition at line 3173 of file syscalls.c.
References ACLC_add_to_acl_entry, ACLC_none, ACLC_remove_acl, ACLC_remove_acl_entry, ACLC_remove_from_acl_entry, ACLC_remove_user, ACLC_set_acl_entry, ACLC_set_mask, ACLG_GLOBAL, ACLS_GROUP, ACLS_ROLE, ACLS_USER, rsbac_acl_group_entry_t::owner, RC_role_max_value, rsbac_acl_get_group_entry(), RSBAC_ACL_GROUP_EVERYONE, rsbac_acl_sys_add_to_acl_entry(), rsbac_acl_sys_remove_acl(), rsbac_acl_sys_remove_acl_entry(), rsbac_acl_sys_remove_from_acl_entry(), rsbac_acl_sys_remove_user(), rsbac_acl_sys_set_acl_entry(), rsbac_acl_sys_set_mask(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), T_NONE, T_USER, and rsbac_acl_group_entry_t::type.
Referenced by sys_rsbac().
03177 { 03178 #if defined(CONFIG_RSBAC_ACL) 03179 struct rsbac_acl_syscall_arg_t k_arg; 03180 /* union rsbac_target_id_t i_tid; */ 03181 int err = 0; 03182 03183 if(call >= ACLC_none) 03184 return(-RSBAC_EINVALIDREQUEST); 03185 if(!arg) 03186 return(-RSBAC_EINVALIDPOINTER); 03187 03188 /* get values from user space */ 03189 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) ); 03190 if(err < 0) 03191 return err; 03192 03193 if(k_arg.target >= T_NONE) 03194 return(-RSBAC_EINVALIDTARGET); 03195 /* rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): target = %u, call = %u, subj_type = %u, subj_id = %u!\n", 03196 k_arg.target, call, k_arg.subj_type, k_arg.subj_id); */ 03197 03198 #ifdef CONFIG_RSBAC_FREEZE 03199 if(rsbac_freeze) 03200 { 03201 rsbac_printk(KERN_WARNING 03202 "sys_rsbac_acl(): RSBAC configuration frozen, no administration allowed!\n"); 03203 return -EPERM; 03204 } 03205 #endif 03206 03207 if(call != ACLC_set_mask) 03208 { 03209 switch(k_arg.subj_type) 03210 { 03211 case ACLS_USER: 03212 break; 03213 case ACLS_GROUP: 03214 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE) 03215 { 03216 struct rsbac_acl_group_entry_t entry; 03217 rsbac_uid_t caller; 03218 03219 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry) 03220 || rsbac_get_owner(&caller) 03221 || ( (entry.owner != caller) 03222 && (entry.type != ACLG_GLOBAL) 03223 ) 03224 ) 03225 return(-RSBAC_EINVALIDVALUE); 03226 } 03227 break; 03228 #if defined(CONFIG_RSBAC_RC) 03229 case ACLS_ROLE: 03230 if(k_arg.subj_id > RC_role_max_value) 03231 { 03232 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid role %u!\n", k_arg.subj_id); 03233 return(-RSBAC_EINVALIDVALUE); 03234 } 03235 break; 03236 #endif 03237 default: 03238 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid subject type %u!\n", k_arg.subj_type); 03239 return(-RSBAC_EINVALIDVALUE); 03240 } 03241 if( (call == ACLC_remove_user) 03242 && (k_arg.target != T_USER) 03243 ) 03244 return -RSBAC_EINVALIDTARGET; 03245 03246 } 03247 03248 /* call acl function */ 03249 switch(call) 03250 { 03251 case ACLC_set_acl_entry: 03252 err = rsbac_acl_sys_set_acl_entry(ta_number, 03253 k_arg.target, 03254 k_arg.tid, 03255 k_arg.subj_type, 03256 k_arg.subj_id, 03257 k_arg.rights, 03258 k_arg.ttl); 03259 break; 03260 case ACLC_remove_acl_entry: 03261 err = rsbac_acl_sys_remove_acl_entry(ta_number, 03262 k_arg.target, 03263 k_arg.tid, 03264 k_arg.subj_type, 03265 k_arg.subj_id); 03266 break; 03267 case ACLC_remove_acl: 03268 err = rsbac_acl_sys_remove_acl(ta_number, 03269 k_arg.target, 03270 k_arg.tid); 03271 break; 03272 case ACLC_add_to_acl_entry: 03273 err = rsbac_acl_sys_add_to_acl_entry(ta_number, 03274 k_arg.target, 03275 k_arg.tid, 03276 k_arg.subj_type, 03277 k_arg.subj_id, 03278 k_arg.rights, 03279 k_arg.ttl); 03280 break; 03281 case ACLC_remove_from_acl_entry: 03282 err = rsbac_acl_sys_remove_from_acl_entry(ta_number, 03283 k_arg.target, 03284 k_arg.tid, 03285 k_arg.subj_type, 03286 k_arg.subj_id, 03287 k_arg.rights); 03288 break; 03289 case ACLC_set_mask: 03290 err = rsbac_acl_sys_set_mask(ta_number, 03291 k_arg.target, 03292 k_arg.tid, 03293 k_arg.rights); 03294 break; 03295 case ACLC_remove_user: 03296 err = rsbac_acl_sys_remove_user(ta_number, 03297 k_arg.tid.user); 03298 break; 03299 03300 default: 03301 err = -RSBAC_EINVALIDREQUEST; 03302 } 03303 return (err); 03304 #else 03305 return (-RSBAC_EINVALIDMODULE); 03306 #endif 03307 } /* end of sys_rsbac_acl() */

int sys_rsbac_acl_get_mask ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

union rsbac_target_id_t * tid,

rsbac_acl_rights_vector_t * mask_p

)

Definition at line 4165 of file syscalls.c.
References rsbac_acl_sys_get_mask(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, and T_NONE.
Referenced by sys_rsbac().
04170 { 04171 #if defined(CONFIG_RSBAC_ACL) 04172 union rsbac_target_id_t k_tid; 04173 rsbac_acl_rights_vector_t k_mask; 04174 int err = 0; 04175 04176 if(!tid || (target >= T_NONE)) 04177 return(-RSBAC_EINVALIDTARGET); 04178 if(!mask_p) 04179 return(-RSBAC_EINVALIDPOINTER); 04180 04181 /* get values from user space */ 04182 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 04183 04184 /* call acl function */ 04185 err = rsbac_acl_sys_get_mask(ta_number, target, k_tid, &k_mask); 04186 if(!err) 04187 { 04188 rsbac_put_user((u_char *) &k_mask, 04189 (u_char *) mask_p, 04190 sizeof(k_mask) ); 04191 } 04192 return err; 04193 #else 04194 return -RSBAC_EINVALIDMODULE; 04195 #endif 04196 } /* end of sys_rsbac_acl_get_mask() */

int sys_rsbac_acl_get_mask_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

char * t_name,

rsbac_acl_rights_vector_t * mask_p

)

Definition at line 4198 of file syscalls.c.
References D_block, D_char, rsbac_target_id_t::dev, FALSE, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_acl_sys_get_mask(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, rsbac_printk(), RSBAC_ZERO_DEV_DESC, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, TRUE, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
04203 { 04204 #if defined(CONFIG_RSBAC_ACL) 04205 struct dentry * t_dentry = NULL; 04206 rsbac_acl_rights_vector_t k_mask; 04207 rsbac_boolean_t need_put = FALSE; 04208 int err = 0; 04209 union rsbac_target_id_t tid; 04210 04211 struct nameidata nd; 04212 04213 if(target >= T_NONE) 04214 return(-RSBAC_EINVALIDTARGET); 04215 if(!mask_p) 04216 return(-RSBAC_EINVALIDPOINTER); 04217 04218 switch (target) 04219 { 04220 case T_FD: 04221 case T_FILE: 04222 case T_DIR: 04223 case T_FIFO: 04224 case T_SYMLINK: 04225 if(t_name) 04226 { 04227 if ((err = user_path_walk_link(t_name, &nd))) 04228 { 04229 #ifdef CONFIG_RSBAC_DEBUG 04230 if (rsbac_debug_aef_acl) 04231 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err); 04232 #endif 04233 goto out; 04234 } 04235 t_dentry = nd.dentry; 04236 need_put = TRUE; 04237 if (!t_dentry->d_inode) 04238 { 04239 err = -RSBAC_EINVALIDTARGET; 04240 goto out_dput; 04241 } 04242 /* is inode of type file, symlink or block/char device? */ 04243 switch(target) 04244 { 04245 case T_FD: 04246 if(S_ISREG(t_dentry->d_inode->i_mode)) 04247 { 04248 target = T_FILE; 04249 } 04250 else 04251 if(S_ISDIR(t_dentry->d_inode->i_mode)) 04252 { 04253 target = T_DIR; 04254 } 04255 else 04256 if(S_ISLNK(t_dentry->d_inode->i_mode)) 04257 { 04258 target = T_SYMLINK; 04259 } 04260 else 04261 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 04262 { 04263 target = T_FIFO; 04264 } 04265 else 04266 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04267 { 04268 target = T_FILE; 04269 } 04270 else 04271 if(S_ISCHR(t_dentry->d_inode->i_mode)) 04272 { 04273 target = T_FILE; 04274 } 04275 else 04276 { /* This is no file or device */ 04277 err = -RSBAC_EINVALIDTARGET; 04278 goto out_dput; 04279 } 04280 break; 04281 case T_FILE: 04282 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 04283 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 04284 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04285 { /* This is no file or device */ 04286 err = -RSBAC_EINVALIDTARGET; 04287 goto out_dput; 04288 } 04289 break; 04290 case T_DIR: 04291 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 04292 { /* This is no dir */ 04293 err = -RSBAC_EINVALIDTARGET; 04294 goto out_dput; 04295 } 04296 break; 04297 case T_FIFO: 04298 /* is inode of type fifo? */ 04299 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 04300 { /* This is no fifo */ 04301 err = -RSBAC_EINVALIDTARGET; 04302 goto out_dput; 04303 } 04304 break; 04305 case T_SYMLINK: 04306 /* is inode of type symlink? */ 04307 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 04308 { /* This is no symlink */ 04309 err = -RSBAC_EINVALIDTARGET; 04310 goto out_dput; 04311 } 04312 break; 04313 default: 04314 err = -RSBAC_EINVALIDTARGET; 04315 goto out_dput; 04316 } 04317 tid.file.device = t_dentry->d_sb->s_dev; 04318 tid.file.inode = t_dentry->d_inode->i_ino; 04319 tid.file.dentry_p = t_dentry; 04320 } 04321 else 04322 { 04323 if(target == T_FD) 04324 target = T_FILE; 04325 tid.file.device = RSBAC_ZERO_DEV; 04326 tid.file.inode = 0; 04327 tid.file.dentry_p = NULL; 04328 } 04329 break; 04330 04331 case T_DEV: 04332 if(t_name) 04333 { 04334 if ((err = user_path_walk_link(t_name, &nd))) 04335 { 04336 #ifdef CONFIG_RSBAC_DEBUG 04337 if (rsbac_debug_aef_acl) 04338 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err); 04339 #endif 04340 goto out; 04341 } 04342 t_dentry = nd.dentry; 04343 need_put = TRUE; 04344 if (!t_dentry->d_inode) 04345 { 04346 err = -RSBAC_EINVALIDTARGET; 04347 goto out_dput; 04348 } 04349 /* is inode of type block/char device? */ 04350 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 04351 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04352 { /* This is no file or device */ 04353 err = -RSBAC_EINVALIDTARGET; 04354 goto out_dput; 04355 } 04356 /* fill target id and call internal function */ 04357 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04358 tid.dev.type = D_block; 04359 else 04360 tid.dev.type = D_char; 04361 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 04362 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 04363 } 04364 else 04365 { 04366 tid.dev = RSBAC_ZERO_DEV_DESC; 04367 } 04368 break; 04369 04370 default: 04371 return -RSBAC_EINVALIDTARGET; 04372 } 04373 /* call ACL function */ 04374 err = rsbac_acl_sys_get_mask(ta_number, target, tid, &k_mask); 04375 04376 out_dput: 04377 if(need_put) 04378 path_release(&nd); 04379 out: 04380 if(!err) 04381 { 04382 rsbac_put_user((u_char *) &k_mask, 04383 (u_char *) mask_p, 04384 sizeof(k_mask) ); 04385 } 04386 return(err); 04387 04388 #else 04389 return (-RSBAC_EINVALIDMODULE); 04390 #endif 04391 } /* end of sys_rsbac_acl_get_mask_n() */

int sys_rsbac_acl_get_rights ( rsbac_list_ta_number_t ta_number,

struct rsbac_acl_syscall_arg_t * arg,

rsbac_acl_rights_vector_t * rights_p,

u_int effective

)

Definition at line 3600 of file syscalls.c.
References ACLG_GLOBAL, ACLS_GROUP, ACLS_ROLE, ACLS_USER, rsbac_acl_group_entry_t::owner, RC_role_max_value, rsbac_acl_get_group_entry(), RSBAC_ACL_GROUP_EVERYONE, rsbac_acl_sys_get_rights(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), T_NONE, and rsbac_acl_group_entry_t::type.
Referenced by sys_rsbac().
03605 { 03606 #if defined(CONFIG_RSBAC_ACL) 03607 struct rsbac_acl_syscall_arg_t k_arg; 03608 rsbac_acl_rights_vector_t k_rights = 0; 03609 int err = 0; 03610 03611 if(!arg || !rights_p) 03612 return(-RSBAC_EINVALIDPOINTER); 03613 /* get values from user space */ 03614 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) ); 03615 03616 if(k_arg.target >= T_NONE) 03617 return(-RSBAC_EINVALIDTARGET); 03618 /* printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): target = %u, subj_type = %u, subj_id = %u!\n", 03619 k_arg.target, k_arg.subj_type, k_arg.subj_id); */ 03620 switch(k_arg.subj_type) 03621 { 03622 case ACLS_USER: 03623 break; 03624 case ACLS_GROUP: 03625 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE) 03626 { 03627 struct rsbac_acl_group_entry_t entry; 03628 rsbac_uid_t caller; 03629 03630 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry) 03631 || rsbac_get_owner(&caller) 03632 || ( (entry.owner != caller) 03633 && (entry.type != ACLG_GLOBAL) 03634 ) 03635 ) 03636 return(-RSBAC_EINVALIDVALUE); 03637 } 03638 break; 03639 case ACLS_ROLE: 03640 #if defined(CONFIG_RSBAC_RC) 03641 if(k_arg.subj_id > RC_role_max_value) 03642 return(-RSBAC_EINVALIDVALUE); 03643 #endif 03644 break; 03645 default: 03646 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): Invalid subject type %u!\n", k_arg.subj_type); 03647 return(-RSBAC_EINVALIDVALUE); 03648 } 03649 03650 /* call acl function */ 03651 err = rsbac_acl_sys_get_rights(ta_number, 03652 k_arg.target, 03653 k_arg.tid, 03654 k_arg.subj_type, 03655 k_arg.subj_id, 03656 &k_rights, 03657 effective); 03658 if(!err) 03659 { 03660 err = rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) ); 03661 } 03662 return (err); 03663 #else 03664 return (-RSBAC_EINVALIDMODULE); 03665 #endif 03666 } /* end of sys_rsbac_acl_get_rights() */

int sys_rsbac_acl_get_rights_n ( rsbac_list_ta_number_t ta_number,

struct rsbac_acl_syscall_n_arg_t * arg,

rsbac_acl_rights_vector_t * rights_p,

u_int effective

)

Definition at line 3669 of file syscalls.c.
References ACLG_GLOBAL, ACLS_GROUP, ACLS_ROLE, ACLS_USER, D_block, D_char, rsbac_target_id_t::dev, FALSE, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_acl_group_entry_t::owner, RC_role_max_value, rsbac_acl_get_group_entry(), RSBAC_ACL_GROUP_EVERYONE, rsbac_acl_sys_get_rights(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), RSBAC_ZERO_DEV_DESC, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, TRUE, rsbac_dev_desc_t::type, and rsbac_acl_group_entry_t::type.
Referenced by sys_rsbac().
03674 { 03675 #if defined(CONFIG_RSBAC_ACL) 03676 struct dentry * t_dentry = NULL; 03677 rsbac_boolean_t need_put = FALSE; 03678 int err = 0; 03679 union rsbac_target_id_t tid; 03680 struct rsbac_acl_syscall_n_arg_t k_arg; 03681 rsbac_acl_rights_vector_t k_rights = 0; 03682 03683 struct nameidata nd; 03684 03685 if(!arg || !rights_p) 03686 return(-RSBAC_EINVALIDPOINTER); 03687 /* get values from user space */ 03688 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) ); 03689 03690 if(k_arg.target >= T_NONE) 03691 return(-RSBAC_EINVALIDTARGET); 03692 switch(k_arg.subj_type) 03693 { 03694 case ACLS_USER: 03695 break; 03696 case ACLS_GROUP: 03697 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE) 03698 { 03699 struct rsbac_acl_group_entry_t entry; 03700 rsbac_uid_t caller; 03701 03702 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry) 03703 || rsbac_get_owner(&caller) 03704 || ( (entry.owner != caller) 03705 && (entry.type != ACLG_GLOBAL) 03706 ) 03707 ) 03708 return(-RSBAC_EINVALIDVALUE); 03709 } 03710 break; 03711 case ACLS_ROLE: 03712 #if defined(CONFIG_RSBAC_RC) 03713 if(k_arg.subj_id > RC_role_max_value) 03714 return(-RSBAC_EINVALIDVALUE); 03715 #endif 03716 break; 03717 default: 03718 return(-RSBAC_EINVALIDVALUE); 03719 } 03720 03721 switch (k_arg.target) 03722 { 03723 case T_FD: 03724 case T_FILE: 03725 case T_DIR: 03726 case T_FIFO: 03727 case T_SYMLINK: 03728 if(k_arg.name) 03729 { 03730 if ((err = user_path_walk_link(k_arg.name, &nd))) 03731 { 03732 #ifdef CONFIG_RSBAC_DEBUG 03733 if (rsbac_debug_aef_acl) 03734 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err); 03735 #endif 03736 goto out; 03737 } 03738 t_dentry = nd.dentry; 03739 need_put = TRUE; 03740 if (!t_dentry->d_inode) 03741 { 03742 err = -RSBAC_EINVALIDTARGET; 03743 goto out_dput; 03744 } 03745 /* is inode of type file, symlink or block/char device? */ 03746 switch(k_arg.target) 03747 { 03748 case T_FD: 03749 if(S_ISREG(t_dentry->d_inode->i_mode)) 03750 { 03751 k_arg.target = T_FILE; 03752 } 03753 else 03754 if(S_ISDIR(t_dentry->d_inode->i_mode)) 03755 { 03756 k_arg.target = T_DIR; 03757 } 03758 else 03759 if(S_ISLNK(t_dentry->d_inode->i_mode)) 03760 { 03761 k_arg.target = T_SYMLINK; 03762 } 03763 else 03764 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 03765 { 03766 k_arg.target = T_FIFO; 03767 } 03768 else 03769 if(S_ISBLK(t_dentry->d_inode->i_mode)) 03770 { 03771 k_arg.target = T_FILE; 03772 } 03773 else 03774 if(S_ISCHR(t_dentry->d_inode->i_mode)) 03775 { 03776 k_arg.target = T_FILE; 03777 } 03778 else 03779 { /* This is no file or device */ 03780 err = -RSBAC_EINVALIDTARGET; 03781 goto out_dput; 03782 } 03783 break; 03784 case T_FILE: 03785 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 03786 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 03787 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 03788 { /* This is no file or device */ 03789 err = -RSBAC_EINVALIDTARGET; 03790 goto out_dput; 03791 } 03792 break; 03793 case T_DIR: 03794 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 03795 { /* This is no dir */ 03796 err = -RSBAC_EINVALIDTARGET; 03797 goto out_dput; 03798 } 03799 break; 03800 case T_FIFO: 03801 /* is inode of type fifo? */ 03802 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 03803 { /* This is no fifo */ 03804 err = -RSBAC_EINVALIDTARGET; 03805 goto out_dput; 03806 } 03807 break; 03808 case T_SYMLINK: 03809 /* is inode of type symlink? */ 03810 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 03811 { /* This is no symlink */ 03812 err = -RSBAC_EINVALIDTARGET; 03813 goto out_dput; 03814 } 03815 break; 03816 default: 03817 err = -RSBAC_EINVALIDTARGET; 03818 goto out_dput; 03819 } 03820 tid.file.device = t_dentry->d_sb->s_dev; 03821 tid.file.inode = t_dentry->d_inode->i_ino; 03822 tid.file.dentry_p = t_dentry; 03823 } 03824 else 03825 { 03826 if(k_arg.target == T_FD) 03827 k_arg.target = T_FILE; 03828 tid.file.device = RSBAC_ZERO_DEV; 03829 tid.file.inode = 0; 03830 tid.file.dentry_p = NULL; 03831 } 03832 break; 03833 03834 case T_DEV: 03835 if(k_arg.name) 03836 { 03837 if ((err = user_path_walk_link(k_arg.name, &nd))) 03838 { 03839 #ifdef CONFIG_RSBAC_DEBUG 03840 if (rsbac_debug_aef_acl) 03841 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err); 03842 #endif 03843 goto out; 03844 } 03845 t_dentry = nd.dentry; 03846 need_put = TRUE; 03847 if (!t_dentry->d_inode) 03848 { 03849 err = -RSBAC_EINVALIDTARGET; 03850 goto out_dput; 03851 } 03852 /* is inode of type file, symlink or block/char device? */ 03853 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 03854 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 03855 { /* This is no file or device */ 03856 err = -RSBAC_EINVALIDTARGET; 03857 goto out_dput; 03858 } 03859 /* fill target id and call internal function */ 03860 if(S_ISBLK(t_dentry->d_inode->i_mode)) 03861 tid.dev.type = D_block; 03862 else 03863 tid.dev.type = D_char; 03864 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 03865 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 03866 } 03867 else 03868 { 03869 tid.dev = RSBAC_ZERO_DEV_DESC; 03870 } 03871 break; 03872 03873 default: 03874 return -RSBAC_EINVALIDTARGET; 03875 } 03876 03877 /* call acl function */ 03878 err = rsbac_acl_sys_get_rights(ta_number, 03879 k_arg.target, 03880 tid, 03881 k_arg.subj_type, 03882 k_arg.subj_id, 03883 &k_rights, 03884 effective); 03885 03886 out_dput: 03887 if(need_put) 03888 path_release(&nd); 03889 out: 03890 if(!err) 03891 { 03892 rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) ); 03893 } 03894 return(err); 03895 #else 03896 return (-RSBAC_EINVALIDMODULE); 03897 #endif 03898 } /* end of sys_rsbac_acl_get_rights_n() */

int sys_rsbac_acl_get_tlist ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

union rsbac_target_id_t * tid,

struct rsbac_acl_entry_t entry_array[],

rsbac_time_t ttl_array[],

u_int maxnum

)

Definition at line 3902 of file syscalls.c.
References RSBAC_ACL_MAX_MAXNUM, rsbac_acl_sys_get_tlist(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_vfree, and T_NONE.
Referenced by sys_rsbac().
03909 { 03910 #if defined(CONFIG_RSBAC_ACL) 03911 union rsbac_target_id_t k_tid; 03912 struct rsbac_acl_entry_t * k_entry_p; 03913 rsbac_time_t * k_ttl_p; 03914 int err = 0; 03915 03916 if(!tid || (target >= T_NONE)) 03917 return(-RSBAC_EINVALIDTARGET); 03918 if(!entry_array) 03919 return(-RSBAC_EINVALIDPOINTER); 03920 if(!maxnum) 03921 return(-RSBAC_EINVALIDVALUE); 03922 if(maxnum > RSBAC_ACL_MAX_MAXNUM) 03923 maxnum = RSBAC_ACL_MAX_MAXNUM; 03924 03925 /* get values from user space */ 03926 err = rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 03927 if(err) 03928 return err; 03929 03930 /* call acl function */ 03931 err = rsbac_acl_sys_get_tlist(ta_number, target, k_tid, &k_entry_p, &k_ttl_p); 03932 if(err>0) 03933 { 03934 if(err > maxnum) 03935 err = maxnum; 03936 rsbac_put_user((u_char *) k_entry_p, 03937 (u_char *) entry_array, 03938 err * sizeof(*k_entry_p) ); 03939 if(ttl_array) 03940 { 03941 rsbac_put_user((u_char *) k_ttl_p, 03942 (u_char *) ttl_array, 03943 err * sizeof(*k_ttl_p) ); 03944 } 03945 rsbac_vfree(k_entry_p); 03946 rsbac_vfree(k_ttl_p); 03947 } 03948 return (err); 03949 #else 03950 return (-RSBAC_EINVALIDMODULE); 03951 #endif 03952 } /* end of sys_rsbac_acl_get_tlist() */

int sys_rsbac_acl_get_tlist_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

char * t_name,

struct rsbac_acl_entry_t entry_array[],

rsbac_time_t ttl_array[],

u_int maxnum

)

Definition at line 3954 of file syscalls.c.
References D_block, D_char, rsbac_target_id_t::dev, FALSE, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_acl_sys_get_tlist(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_vfree, RSBAC_ZERO_DEV_DESC, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, TRUE, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
03961 { 03962 #if defined(CONFIG_RSBAC_ACL) 03963 struct dentry * t_dentry = NULL; 03964 struct rsbac_acl_entry_t * k_entry_p; 03965 rsbac_time_t * k_ttl_p; 03966 rsbac_boolean_t need_put = FALSE; 03967 int err = 0; 03968 union rsbac_target_id_t tid; 03969 03970 struct nameidata nd; 03971 03972 if(target >= T_NONE) 03973 return(-RSBAC_EINVALIDTARGET); 03974 if(!entry_array) 03975 return(-RSBAC_EINVALIDPOINTER); 03976 03977 switch (target) 03978 { 03979 case T_FD: 03980 case T_FILE: 03981 case T_DIR: 03982 case T_FIFO: 03983 case T_SYMLINK: 03984 if(t_name) 03985 { 03986 if ((err = user_path_walk_link(t_name, &nd))) 03987 { 03988 #ifdef CONFIG_RSBAC_DEBUG 03989 if (rsbac_debug_aef_acl) 03990 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err); 03991 #endif 03992 goto out; 03993 } 03994 t_dentry = nd.dentry; 03995 need_put = TRUE; 03996 if (!t_dentry->d_inode) 03997 { 03998 err = -RSBAC_EINVALIDTARGET; 03999 goto out_dput; 04000 } 04001 /* is inode of type file, symlink or block/char device? */ 04002 switch(target) 04003 { 04004 case T_FD: 04005 if(S_ISREG(t_dentry->d_inode->i_mode)) 04006 { 04007 target = T_FILE; 04008 } 04009 else 04010 if(S_ISDIR(t_dentry->d_inode->i_mode)) 04011 { 04012 target = T_DIR; 04013 } 04014 else 04015 if(S_ISLNK(t_dentry->d_inode->i_mode)) 04016 { 04017 target = T_SYMLINK; 04018 } 04019 else 04020 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 04021 { 04022 target = T_FIFO; 04023 } 04024 else 04025 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04026 { 04027 target = T_FILE; 04028 } 04029 else 04030 if(S_ISCHR(t_dentry->d_inode->i_mode)) 04031 { 04032 target = T_FILE; 04033 } 04034 else 04035 { /* This is no file or device */ 04036 err = -RSBAC_EINVALIDTARGET; 04037 goto out_dput; 04038 } 04039 break; 04040 case T_FILE: 04041 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 04042 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 04043 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04044 { /* This is no file or device */ 04045 err = -RSBAC_EINVALIDTARGET; 04046 goto out_dput; 04047 } 04048 break; 04049 case T_DIR: 04050 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 04051 { /* This is no dir */ 04052 err = -RSBAC_EINVALIDTARGET; 04053 goto out_dput; 04054 } 04055 break; 04056 case T_FIFO: 04057 /* is inode of type fifo? */ 04058 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 04059 { /* This is no fifo */ 04060 err = -RSBAC_EINVALIDTARGET; 04061 goto out_dput; 04062 } 04063 break; 04064 case T_SYMLINK: 04065 /* is inode of type symlink? */ 04066 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 04067 { /* This is no symlink */ 04068 err = -RSBAC_EINVALIDTARGET; 04069 goto out_dput; 04070 } 04071 break; 04072 default: 04073 err = -RSBAC_EINVALIDTARGET; 04074 goto out_dput; 04075 } 04076 tid.file.device = t_dentry->d_sb->s_dev; 04077 tid.file.inode = t_dentry->d_inode->i_ino; 04078 tid.file.dentry_p = t_dentry; 04079 } 04080 else 04081 { 04082 if(target == T_FD) 04083 target = T_FILE; 04084 tid.file.device = RSBAC_ZERO_DEV; 04085 tid.file.inode = 0; 04086 tid.file.dentry_p = NULL; 04087 } 04088 break; 04089 04090 case T_DEV: 04091 if(t_name) 04092 { 04093 if ((err = user_path_walk_link(t_name, &nd))) 04094 { 04095 #ifdef CONFIG_RSBAC_DEBUG 04096 if (rsbac_debug_aef_acl) 04097 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err); 04098 #endif 04099 goto out; 04100 } 04101 t_dentry = nd.dentry; 04102 need_put = TRUE; 04103 if (!t_dentry->d_inode) 04104 { 04105 err = -RSBAC_EINVALIDTARGET; 04106 goto out_dput; 04107 } 04108 /* is inode of type file, symlink or block/char device? */ 04109 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 04110 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04111 { /* This is no file or device */ 04112 err = -RSBAC_EINVALIDTARGET; 04113 goto out_dput; 04114 } 04115 /* fill target id and call internal function */ 04116 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04117 tid.dev.type = D_block; 04118 else 04119 tid.dev.type = D_char; 04120 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 04121 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 04122 } 04123 else 04124 { 04125 tid.dev = RSBAC_ZERO_DEV_DESC; 04126 } 04127 break; 04128 04129 default: 04130 return -RSBAC_EINVALIDTARGET; 04131 } 04132 /* call ACL function */ 04133 err = rsbac_acl_sys_get_tlist(ta_number, target, tid, 04134 &k_entry_p, &k_ttl_p); 04135 04136 out_dput: 04137 if(need_put) 04138 path_release(&nd); 04139 out: 04140 if(err>0) 04141 { 04142 if(err > maxnum) 04143 err = maxnum; 04144 rsbac_put_user((u_char *) k_entry_p, 04145 (u_char *) entry_array, 04146 err * sizeof(*k_entry_p) ); 04147 if(ttl_array) 04148 { 04149 rsbac_put_user((u_char *) k_ttl_p, 04150 (u_char *) ttl_array, 04151 err * sizeof(*k_ttl_p) ); 04152 } 04153 rsbac_vfree(k_entry_p); 04154 rsbac_vfree(k_ttl_p); 04155 } 04156 return(err); 04157 04158 #else 04159 return (-RSBAC_EINVALIDMODULE); 04160 #endif 04161 } /* end of sys_rsbac_acl_get_tlist_n() */

int sys_rsbac_acl_group ( rsbac_list_ta_number_t ta_number,

enum rsbac_acl_group_syscall_type_t call,

union rsbac_acl_group_syscall_arg_t * arg_p

)

Definition at line 4395 of file syscalls.c.
References ACLGS_add_group, ACLGS_add_member, ACLGS_change_group, ACLGS_none, ACLGS_remove_group, ACLGS_remove_member, rsbac_acl_sys_group(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, and rsbac_printk().
Referenced by sys_rsbac().
04399 { 04400 #if defined(CONFIG_RSBAC_ACL) 04401 union rsbac_acl_group_syscall_arg_t k_arg; 04402 int err = 0; 04403 04404 if(call >= ACLGS_none) 04405 return(-RSBAC_EINVALIDREQUEST); 04406 if(!arg_p) 04407 return(-RSBAC_EINVALIDPOINTER); 04408 04409 #ifdef CONFIG_RSBAC_FREEZE 04410 if(rsbac_freeze) 04411 { 04412 switch(call) 04413 { 04414 case ACLGS_add_group: 04415 case ACLGS_change_group: 04416 case ACLGS_remove_group: 04417 case ACLGS_add_member: 04418 case ACLGS_remove_member: 04419 rsbac_printk(KERN_WARNING 04420 "sys_rsbac_acl_group(): RSBAC configuration frozen, no administration allowed!\n"); 04421 return -EPERM; 04422 04423 default: 04424 break; 04425 } 04426 } 04427 #endif 04428 04429 /* get values from user space */ 04430 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) ); 04431 04432 /* call acl function */ 04433 if(err >= 0) 04434 err = rsbac_acl_sys_group(ta_number, call, k_arg); 04435 return (err); 04436 #else 04437 return (-RSBAC_EINVALIDMODULE); 04438 #endif 04439 } /* end of sys_rsbac_acl() */

int sys_rsbac_acl_list_all_dev ( rsbac_list_ta_number_t ta_number,

struct rsbac_dev_desc_t * id_p,

u_long maxnum

)

Definition at line 4441 of file syscalls.c.
References NULL, rsbac_acl_list_all_dev(), rsbac_acl_list_all_major_dev(), RSBAC_EINVALIDMODULE, and rsbac_vfree.
Referenced by sys_rsbac().
04445 { 04446 #if defined(CONFIG_RSBAC_ACL) 04447 int err = 0; 04448 long count; 04449 long count2; 04450 04451 if(id_p && maxnum) 04452 { 04453 struct rsbac_dev_desc_t * k_id_p = NULL; 04454 04455 count = rsbac_acl_list_all_major_dev(ta_number, &k_id_p); 04456 if(count < 0) 04457 return count; 04458 if(count > maxnum) 04459 count = maxnum; 04460 04461 if(count) 04462 { 04463 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 04464 rsbac_vfree(k_id_p); 04465 if(err) 04466 return err; 04467 id_p += count; 04468 maxnum -= count; 04469 if(!maxnum) 04470 return count; 04471 } 04472 04473 count2 = rsbac_acl_list_all_dev(ta_number, &k_id_p); 04474 if(count2 < 0) 04475 return count2; 04476 if(count2 > maxnum) 04477 count2 = maxnum; 04478 04479 if(count2) 04480 { 04481 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count2 * sizeof(*k_id_p) ); 04482 rsbac_vfree(k_id_p); 04483 if(err) 04484 return err; 04485 count += count2; 04486 } 04487 return count; 04488 } 04489 else 04490 { 04491 count = rsbac_acl_list_all_major_dev(ta_number, NULL); 04492 if(count < 0) 04493 return count; 04494 count2 = rsbac_acl_list_all_dev(ta_number, NULL); 04495 if(count2 < 0) 04496 return count2; 04497 else 04498 return count + count2; 04499 } 04500 #else 04501 return (-RSBAC_EINVALIDMODULE); 04502 #endif 04503 }

int sys_rsbac_acl_list_all_group ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t * id_p,

u_long maxnum

)

Definition at line 4542 of file syscalls.c.
References NULL, rsbac_acl_list_all_group(), RSBAC_EINVALIDMODULE, and rsbac_vfree.
Referenced by sys_rsbac().
04546 { 04547 #ifdef CONFIG_RSBAC_ACL_UM_PROT 04548 int err = 0; 04549 long count; 04550 04551 if(id_p && maxnum) 04552 { 04553 rsbac_gid_t * k_id_p = NULL; 04554 04555 count = rsbac_acl_list_all_group(ta_number, &k_id_p); 04556 if(count < 0) 04557 return count; 04558 if(count > maxnum) 04559 count = maxnum; 04560 04561 if(count) 04562 { 04563 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 04564 rsbac_vfree(k_id_p); 04565 if(err) 04566 return err; 04567 } 04568 return count; 04569 } 04570 else 04571 { 04572 return rsbac_acl_list_all_group(ta_number, NULL); 04573 } 04574 #else 04575 return (-RSBAC_EINVALIDMODULE); 04576 #endif 04577 }

int sys_rsbac_acl_list_all_user ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t * id_p,

u_long maxnum

)

Definition at line 4505 of file syscalls.c.
References NULL, rsbac_acl_list_all_user(), RSBAC_EINVALIDMODULE, and rsbac_vfree.
Referenced by sys_rsbac().
04509 { 04510 #if defined(CONFIG_RSBAC_ACL) 04511 int err = 0; 04512 long count; 04513 04514 if(id_p && maxnum) 04515 { 04516 rsbac_uid_t * k_id_p = NULL; 04517 04518 count = rsbac_acl_list_all_user(ta_number, &k_id_p); 04519 if(count < 0) 04520 return count; 04521 if(count > maxnum) 04522 count = maxnum; 04523 04524 if(count) 04525 { 04526 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 04527 rsbac_vfree(k_id_p); 04528 if(err) 04529 return err; 04530 } 04531 return count; 04532 } 04533 else 04534 { 04535 return rsbac_acl_list_all_user(ta_number, NULL); 04536 } 04537 #else 04538 return (-RSBAC_EINVALIDMODULE); 04539 #endif 04540 }

int sys_rsbac_acl_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_acl_syscall_type_t call,

struct rsbac_acl_syscall_n_arg_t * arg

)

Definition at line 3310 of file syscalls.c.
References ACLC_add_to_acl_entry, ACLC_none, ACLC_remove_acl, ACLC_remove_acl_entry, ACLC_remove_from_acl_entry, ACLC_set_acl_entry, ACLC_set_mask, ACLG_GLOBAL, ACLS_GROUP, ACLS_ROLE, ACLS_USER, D_block, D_char, rsbac_target_id_t::dev, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_acl_group_entry_t::owner, RC_role_max_value, rsbac_acl_get_group_entry(), RSBAC_ACL_GROUP_EVERYONE, rsbac_acl_sys_add_to_acl_entry(), rsbac_acl_sys_remove_acl(), rsbac_acl_sys_remove_acl_entry(), rsbac_acl_sys_remove_from_acl_entry(), rsbac_acl_sys_set_acl_entry(), rsbac_acl_sys_set_mask(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), RSBAC_ZERO_DEV_DESC, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, rsbac_dev_desc_t::type, and rsbac_acl_group_entry_t::type.
Referenced by sys_rsbac().
03314 { 03315 #if defined(CONFIG_RSBAC_ACL) 03316 struct dentry * t_dentry = NULL; 03317 int err = 0; 03318 union rsbac_target_id_t tid; 03319 struct rsbac_acl_syscall_n_arg_t k_arg; 03320 03321 struct nameidata nd; 03322 03323 if(call >= ACLC_none) 03324 return(-RSBAC_EINVALIDREQUEST); 03325 if(!arg) 03326 return(-RSBAC_EINVALIDPOINTER); 03327 03328 #ifdef CONFIG_RSBAC_FREEZE 03329 if(rsbac_freeze) 03330 { 03331 rsbac_printk(KERN_WARNING 03332 "sys_rsbac_acl_n(): RSBAC configuration frozen, no administration allowed!\n"); 03333 return -EPERM; 03334 } 03335 #endif 03336 03337 /* get values from user space */ 03338 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) ); 03339 if(err < 0) 03340 return err; 03341 03342 if(k_arg.target >= T_NONE) 03343 return(-RSBAC_EINVALIDTARGET); 03344 if(call != ACLC_set_mask) 03345 { 03346 switch(k_arg.subj_type) 03347 { 03348 case ACLS_USER: 03349 break; 03350 case ACLS_GROUP: 03351 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE) 03352 { 03353 struct rsbac_acl_group_entry_t entry; 03354 rsbac_uid_t caller; 03355 03356 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry) 03357 || rsbac_get_owner(&caller) 03358 || ( (entry.owner != caller) 03359 && (entry.type != ACLG_GLOBAL) 03360 ) 03361 ) 03362 return(-RSBAC_EINVALIDVALUE); 03363 } 03364 break; 03365 #if defined(CONFIG_RSBAC_RC) 03366 case ACLS_ROLE: 03367 if(k_arg.subj_id > RC_role_max_value) 03368 return(-RSBAC_EINVALIDVALUE); 03369 break; 03370 #endif 03371 default: 03372 return(-RSBAC_EINVALIDVALUE); 03373 } 03374 } 03375 03376 if(k_arg.name) 03377 { 03378 /* lookup filename */ 03379 if ((err = user_path_walk_link(k_arg.name, &nd))) 03380 { 03381 #ifdef CONFIG_RSBAC_DEBUG 03382 if (rsbac_debug_aef) 03383 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): call to user_path_walk_link() returned %i\n", err); 03384 #endif 03385 goto out; 03386 } 03387 t_dentry = nd.dentry; 03388 if (!t_dentry->d_inode) 03389 { 03390 #ifdef CONFIG_RSBAC_DEBUG 03391 if (rsbac_debug_aef) 03392 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): file not found\n"); 03393 #endif 03394 err = -RSBAC_EINVALIDTARGET; 03395 goto out_dput; 03396 } 03397 tid.file.device = t_dentry->d_sb->s_dev; 03398 tid.file.inode = t_dentry->d_inode->i_ino; 03399 tid.file.dentry_p = t_dentry; 03400 } 03401 else 03402 { 03403 tid.file.device = RSBAC_ZERO_DEV; 03404 tid.file.inode = 0; 03405 tid.file.dentry_p = NULL; 03406 } 03407 03408 switch (k_arg.target) 03409 { 03410 case T_FD: 03411 if(k_arg.name) 03412 { 03413 if(S_ISREG(t_dentry->d_inode->i_mode)) 03414 { 03415 k_arg.target = T_FILE; 03416 } 03417 else 03418 if(S_ISDIR(t_dentry->d_inode->i_mode)) 03419 { 03420 k_arg.target = T_DIR; 03421 } 03422 else 03423 if(S_ISLNK(t_dentry->d_inode->i_mode)) 03424 { 03425 k_arg.target = T_SYMLINK; 03426 } 03427 else 03428 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 03429 { 03430 k_arg.target = T_FIFO; 03431 } 03432 else 03433 if(S_ISBLK(t_dentry->d_inode->i_mode)) 03434 { 03435 k_arg.target = T_FILE; 03436 } 03437 else 03438 if(S_ISCHR(t_dentry->d_inode->i_mode)) 03439 { 03440 k_arg.target = T_FILE; 03441 } 03442 else 03443 { 03444 #ifdef CONFIG_RSBAC_DEBUG 03445 if (rsbac_debug_aef) 03446 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): no filesystem object\n"); 03447 #endif 03448 err = -RSBAC_EINVALIDTARGET; 03449 goto out_dput; 03450 } 03451 } 03452 else 03453 k_arg.target = T_FILE; 03454 break; 03455 03456 case T_FILE: 03457 if(k_arg.name) 03458 { 03459 /* is inode of type file, symlink or block/char device? */ 03460 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 03461 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 03462 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 03463 { /* This is no file or device */ 03464 err = -RSBAC_EINVALIDTARGET; 03465 goto out_dput; 03466 } 03467 } 03468 break; 03469 03470 case T_DIR: 03471 if(k_arg.name) 03472 { 03473 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 03474 { /* This is no dir */ 03475 err = -RSBAC_EINVALIDTARGET; 03476 goto out_dput; 03477 } 03478 } 03479 break; 03480 03481 case T_FIFO: 03482 if(k_arg.name) 03483 { 03484 /* is inode of type fifo? */ 03485 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 03486 { /* This is no file or device */ 03487 err = -RSBAC_EINVALIDTARGET; 03488 goto out_dput; 03489 } 03490 } 03491 break; 03492 03493 case T_SYMLINK: 03494 if(k_arg.name) 03495 { 03496 /* is inode of type symlink? */ 03497 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 03498 { /* This is no file or device */ 03499 err = -RSBAC_EINVALIDTARGET; 03500 goto out_dput; 03501 } 03502 } 03503 break; 03504 03505 case T_DEV: 03506 if(k_arg.name) 03507 { 03508 /* is inode of type block/char device? */ 03509 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 03510 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 03511 { /* This is no file or device */ 03512 err = -RSBAC_EINVALIDTARGET; 03513 goto out_dput; 03514 } 03515 /* fill target id and call internal function */ 03516 if(S_ISBLK(t_dentry->d_inode->i_mode)) 03517 tid.dev.type = D_block; 03518 else 03519 tid.dev.type = D_char; 03520 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 03521 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 03522 } 03523 else 03524 { 03525 tid.dev = RSBAC_ZERO_DEV_DESC; 03526 } 03527 break; 03528 03529 default: 03530 err = -RSBAC_EINVALIDTARGET; 03531 goto out_dput; 03532 } 03533 /* call acl function */ 03534 switch(call) 03535 { 03536 case ACLC_set_acl_entry: 03537 err = rsbac_acl_sys_set_acl_entry(ta_number, 03538 k_arg.target, 03539 tid, 03540 k_arg.subj_type, 03541 k_arg.subj_id, 03542 k_arg.rights, 03543 k_arg.ttl); 03544 break; 03545 case ACLC_remove_acl_entry: 03546 err = rsbac_acl_sys_remove_acl_entry(ta_number, 03547 k_arg.target, 03548 tid, 03549 k_arg.subj_type, 03550 k_arg.subj_id); 03551 break; 03552 case ACLC_remove_acl: 03553 err = rsbac_acl_sys_remove_acl(ta_number, 03554 k_arg.target, 03555 tid); 03556 break; 03557 case ACLC_add_to_acl_entry: 03558 err = rsbac_acl_sys_add_to_acl_entry(ta_number, 03559 k_arg.target, 03560 tid, 03561 k_arg.subj_type, 03562 k_arg.subj_id, 03563 k_arg.rights, 03564 k_arg.ttl); 03565 break; 03566 case ACLC_remove_from_acl_entry: 03567 err = rsbac_acl_sys_remove_from_acl_entry(ta_number, 03568 k_arg.target, 03569 tid, 03570 k_arg.subj_type, 03571 k_arg.subj_id, 03572 k_arg.rights); 03573 break; 03574 case ACLC_set_mask: 03575 err = rsbac_acl_sys_set_mask(ta_number, 03576 k_arg.target, 03577 tid, 03578 k_arg.rights); 03579 break; 03580 03581 default: 03582 err = -RSBAC_EINVALIDREQUEST; 03583 } 03584 03585 out_dput: 03586 if(k_arg.name) 03587 { 03588 path_release(&nd); 03589 } 03590 03591 out: 03592 return(err); 03593 #else 03594 return (-RSBAC_EINVALIDMODULE); 03595 #endif 03596 } /* end of sys_rsbac_acl_n() */

int sys_rsbac_adf_log_switch ( enum rsbac_adf_request_t request,

enum rsbac_target_t target,

u_int value

)

Definition at line 6356 of file syscalls.c.
References rsbac_target_id_t::dummy, get_request_name(), LL_denied, LL_full, LL_none, R_NONE, R_SWITCH_LOG, rsbac_adf_log_switch(), rsbac_adf_request(), RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), T_FD, and T_NONE.
Referenced by sys_rsbac().
06359 { 06360 union rsbac_target_id_t rsbac_target_id; 06361 union rsbac_attribute_value_t rsbac_attribute_value; 06362 06363 if ((value != LL_none) && (value != LL_denied) && (value != LL_full)) 06364 return (-RSBAC_EINVALIDVALUE); 06365 if(request >= R_NONE) 06366 return(-RSBAC_EINVALIDREQUEST); 06367 if( (target == T_FD) 06368 || (target > T_NONE) 06369 ) 06370 return(-RSBAC_EINVALIDTARGET); 06371 06372 #ifdef CONFIG_RSBAC_FREEZE 06373 if(rsbac_freeze) 06374 { 06375 rsbac_printk(KERN_WARNING 06376 "sys_rsbac_adf_log_switch(): RSBAC configuration frozen, no administration allowed!\n"); 06377 return -EPERM; 06378 } 06379 #endif 06380 06381 /* call ADF */ 06382 #ifdef CONFIG_RSBAC_DEBUG 06383 if (rsbac_debug_aef) 06384 rsbac_printk(KERN_DEBUG "sys_rsbac_adf_log_switch(): calling ADF\n"); 06385 #endif 06386 rsbac_target_id.dummy = 0; 06387 rsbac_attribute_value.request = target; 06388 if (!rsbac_adf_request(R_SWITCH_LOG, 06389 current->pid, 06390 T_NONE, 06391 rsbac_target_id, 06392 A_request, 06393 rsbac_attribute_value)) 06394 { 06395 return -EPERM; 06396 } 06397 #ifdef CONFIG_RSBAC_DEBUG 06398 if (rsbac_debug_aef) 06399 { 06400 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06401 if(request_name) 06402 { 06403 get_request_name(request_name,target); 06404 rsbac_printk(KERN_INFO "sys_rsbac_adf_log_switch(): switching RSBAC module logging for request %s (No. %i) to %i!\n", 06405 request_name, target, value); 06406 rsbac_kfree(request_name); 06407 } 06408 } 06409 #endif 06410 rsbac_adf_log_switch(request,target,value); 06411 return(0); 06412 }

int sys_rsbac_auth_add_f_cap ( rsbac_list_ta_number_t ta_number,

char * filename,

enum rsbac_auth_cap_type_t cap_type,

struct rsbac_auth_cap_range_t cap_range,

rsbac_time_t ttl

)

Definition at line 2778 of file syscalls.c.
References ACT_none, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), rsbac_auth_add_f_cap(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), T_DIR, and T_FILE.
Referenced by sys_rsbac().
02784 { 02785 #if defined(CONFIG_RSBAC_AUTH) 02786 struct dentry * t_dentry; 02787 int err = 0; 02788 enum rsbac_target_t target; 02789 union rsbac_target_id_t tid; 02790 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 02791 union rsbac_attribute_value_t rsbac_attribute_value; 02792 #endif 02793 02794 struct nameidata nd; 02795 02796 if(cap_range.first > cap_range.last) 02797 return(-RSBAC_EINVALIDVALUE); 02798 02799 if(!filename) 02800 return(-RSBAC_EINVALIDTARGET); 02801 if(cap_type >= ACT_none) 02802 return(-RSBAC_EINVALIDTARGET); 02803 if(cap_range.first > cap_range.last) 02804 return(-RSBAC_EINVALIDVALUE); 02805 02806 #ifdef CONFIG_RSBAC_FREEZE 02807 if(rsbac_freeze) 02808 { 02809 rsbac_printk(KERN_WARNING 02810 "sys_rsbac_auth_add_f_cap(): RSBAC configuration frozen, no administration allowed!\n"); 02811 return -EPERM; 02812 } 02813 #endif 02814 02815 if ((err = user_path_walk_link(filename, &nd))) 02816 { 02817 #ifdef CONFIG_RSBAC_DEBUG 02818 if (rsbac_debug_aef_auth) 02819 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): call to user_path_walk_link() returned %i\n", err); 02820 #endif 02821 goto out; 02822 } 02823 t_dentry = nd.dentry; 02824 if (!t_dentry->d_inode) 02825 { 02826 err = -RSBAC_EINVALIDTARGET; 02827 goto out_dput; 02828 } 02829 /* is inode of type file? */ 02830 if(S_ISREG(t_dentry->d_inode->i_mode)) 02831 target = T_FILE; 02832 else 02833 if(S_ISDIR(t_dentry->d_inode->i_mode)) 02834 target = T_DIR; 02835 else 02836 { /* This is no file or dir */ 02837 err = -RSBAC_EINVALIDTARGET; 02838 goto out_dput; 02839 } 02840 tid.file.device = t_dentry->d_sb->s_dev; 02841 tid.file.inode = t_dentry->d_inode->i_ino; 02842 tid.file.dentry_p = t_dentry; 02843 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 02844 /* call ADF */ 02845 #ifdef CONFIG_RSBAC_DEBUG 02846 if (rsbac_debug_aef) 02847 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n"); 02848 #endif 02849 rsbac_attribute_value.auth_cap_range = cap_range; 02850 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 02851 current->pid, 02852 target, 02853 tid, 02854 A_auth_add_f_cap, 02855 rsbac_attribute_value)) 02856 { 02857 err = -EPERM; 02858 } 02859 else 02860 #endif 02861 err = rsbac_auth_add_f_cap(ta_number, tid.file, cap_type, cap_range, ttl); 02862 02863 out_dput: 02864 path_release(&nd); 02865 out: 02866 return(err); 02867 02868 #else 02869 return (-RSBAC_EINVALIDMODULE); 02870 #endif 02871 };

int sys_rsbac_auth_add_p_cap ( rsbac_list_ta_number_t ta_number,

rsbac_pid_t pid,

enum rsbac_auth_cap_type_t cap_type,

struct rsbac_auth_cap_range_t cap_range,

rsbac_time_t ttl

)

Definition at line 2700 of file syscalls.c.
References ACT_none, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_auth_add_p_cap(), RSBAC_AUTH_MAX_RANGE_UID, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, and rsbac_printk().
Referenced by sys_rsbac().
02706 { 02707 #if defined(CONFIG_RSBAC_AUTH) 02708 struct task_struct * task_p; 02709 02710 if(cap_type >= ACT_none) 02711 return(-RSBAC_EINVALIDTARGET); 02712 if(cap_range.first > cap_range.last) 02713 return(-RSBAC_EINVALIDVALUE); 02714 if( (cap_range.first > RSBAC_AUTH_MAX_RANGE_UID) 02715 || (cap_range.last > RSBAC_AUTH_MAX_RANGE_UID) 02716 ) 02717 return -RSBAC_EINVALIDVALUE; 02718 02719 #ifdef CONFIG_RSBAC_FREEZE 02720 if(rsbac_freeze) 02721 { 02722 rsbac_printk(KERN_WARNING 02723 "sys_rsbac_auth_add_p_cap(): RSBAC configuration frozen, no administration allowed!\n"); 02724 return -EPERM; 02725 } 02726 #endif 02727 02728 read_lock(&tasklist_lock); 02729 task_p = find_task_by_pid(pid); 02730 read_unlock(&tasklist_lock); 02731 if(!task_p) 02732 return(-RSBAC_EINVALIDTARGET); 02733 02734 /* call auth function and return its result */ 02735 /* permission checking is done there */ 02736 return(rsbac_auth_add_p_cap(ta_number, pid, cap_type, cap_range, ttl)); 02737 #else 02738 return (-RSBAC_EINVALIDMODULE); 02739 #endif 02740 }

int sys_rsbac_auth_get_f_caplist ( rsbac_list_ta_number_t ta_number,

char * filename,

enum rsbac_auth_cap_type_t cap_type,

struct rsbac_auth_cap_range_t caplist[],

rsbac_time_t ttllist[],

u_int maxnum

)

Definition at line 2966 of file syscalls.c.
References ACT_none, rsbac_attribute_value_t::dummy, R_READ_ATTRIBUTE, rsbac_adf_request(), rsbac_auth_get_f_caplist(), RSBAC_AUTH_MAX_MAXNUM, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_vfree, T_DIR, and T_FILE.
Referenced by sys_rsbac().
02973 { 02974 #if defined(CONFIG_RSBAC_AUTH) 02975 struct dentry * t_dentry; 02976 int err = 0, tmperr = 0; 02977 enum rsbac_target_t target; 02978 union rsbac_target_id_t tid; 02979 struct rsbac_auth_cap_range_t * k_caplist; 02980 rsbac_time_t * k_ttllist; 02981 02982 /* for adf_request */ 02983 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 02984 union rsbac_attribute_value_t rsbac_attribute_value; 02985 #endif 02986 02987 struct nameidata nd; 02988 02989 if(!filename) 02990 return(-RSBAC_EINVALIDTARGET); 02991 if(cap_type >= ACT_none) 02992 return(-RSBAC_EINVALIDTARGET); 02993 if(!caplist) 02994 return(-RSBAC_EINVALIDPOINTER); 02995 if(maxnum <= 0) 02996 return(-RSBAC_EINVALIDVALUE); 02997 if(maxnum > RSBAC_AUTH_MAX_MAXNUM) 02998 maxnum = RSBAC_AUTH_MAX_MAXNUM; 02999 03000 if ((err = user_path_walk_link(filename, &nd))) 03001 { 03002 #ifdef CONFIG_RSBAC_DEBUG 03003 if (rsbac_debug_aef_auth) 03004 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): call to user_path_walk_link() returned %i\n", err); 03005 #endif 03006 goto out; 03007 } 03008 t_dentry = nd.dentry; 03009 if (!t_dentry->d_inode) 03010 { 03011 err = -RSBAC_EINVALIDTARGET; 03012 goto out_dput; 03013 } 03014 /* is inode of type file or dir? */ 03015 if(S_ISREG(t_dentry->d_inode->i_mode)) 03016 target = T_FILE; 03017 else 03018 if(S_ISDIR(t_dentry->d_inode->i_mode)) 03019 target = T_DIR; 03020 else 03021 { /* This is no file or dir */ 03022 err = -RSBAC_EINVALIDTARGET; 03023 goto out_dput; 03024 } 03025 tid.file.device = t_dentry->d_sb->s_dev; 03026 tid.file.inode = t_dentry->d_inode->i_ino; 03027 tid.file.dentry_p = t_dentry; 03028 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03029 /* call ADF */ 03030 #ifdef CONFIG_RSBAC_DEBUG 03031 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): calling ADF\n"); 03032 #endif 03033 rsbac_attribute_value.dummy = 0; 03034 if (!rsbac_adf_request(R_READ_ATTRIBUTE, 03035 current->pid, 03036 target, 03037 tid, 03038 A_auth_get_caplist, 03039 rsbac_attribute_value)) 03040 { 03041 err = -EPERM; 03042 goto out_dput; 03043 } 03044 #endif 03045 err = rsbac_auth_get_f_caplist(ta_number, tid.file, cap_type, &k_caplist, &k_ttllist); 03046 if(err>0) 03047 { 03048 if(err > maxnum) 03049 err = maxnum; 03050 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist, 03051 sizeof(struct rsbac_auth_cap_range_t) * err); 03052 if(tmperr < 0) 03053 err = tmperr; 03054 else 03055 { 03056 if(ttllist) 03057 { 03058 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist, 03059 sizeof(rsbac_time_t) * err); 03060 if(tmperr < 0) 03061 err = tmperr; 03062 } 03063 } 03064 rsbac_vfree(k_caplist); 03065 rsbac_vfree(k_ttllist); 03066 } 03067 03068 out_dput: 03069 path_release(&nd); 03070 out: 03071 return(err); 03072 03073 #else 03074 return (-RSBAC_EINVALIDMODULE); 03075 #endif 03076 }

int sys_rsbac_auth_get_p_caplist ( rsbac_list_ta_number_t ta_number,

rsbac_pid_t pid,

enum rsbac_auth_cap_type_t cap_type,

struct rsbac_auth_cap_range_t caplist[],

rsbac_time_t ttllist[],

u_int maxnum

)

Definition at line 3078 of file syscalls.c.
References ACT_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::process, R_READ_ATTRIBUTE, rsbac_adf_request(), rsbac_auth_get_p_caplist(), RSBAC_AUTH_MAX_MAXNUM, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_vfree, and T_PROCESS.
Referenced by sys_rsbac().
03085 { 03086 #if defined(CONFIG_RSBAC_AUTH) 03087 int err = 0, tmperr = 0; 03088 union rsbac_target_id_t tid; 03089 struct rsbac_auth_cap_range_t * k_caplist; 03090 rsbac_time_t * k_ttllist; 03091 03092 /* for adf_request */ 03093 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03094 union rsbac_attribute_value_t rsbac_attribute_value; 03095 #endif 03096 03097 if(!pid) 03098 return(-RSBAC_EINVALIDTARGET); 03099 if(cap_type >= ACT_none) 03100 return(-RSBAC_EINVALIDTARGET); 03101 if(!caplist) 03102 return(-RSBAC_EINVALIDPOINTER); 03103 if(maxnum <= 0) 03104 return(-RSBAC_EINVALIDVALUE); 03105 if(maxnum > RSBAC_AUTH_MAX_MAXNUM) 03106 maxnum = RSBAC_AUTH_MAX_MAXNUM; 03107 03108 tid.process = pid; 03109 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03110 /* call ADF */ 03111 #ifdef CONFIG_RSBAC_DEBUG 03112 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_p_caplist(): calling ADF\n"); 03113 #endif 03114 rsbac_attribute_value.dummy = 0; 03115 if (!rsbac_adf_request(R_READ_ATTRIBUTE, 03116 current->pid, 03117 T_PROCESS, 03118 tid, 03119 A_auth_get_caplist, 03120 rsbac_attribute_value)) 03121 { 03122 return -EPERM; 03123 } 03124 #endif 03125 err = rsbac_auth_get_p_caplist(ta_number, tid.process, cap_type, 03126 &k_caplist, &k_ttllist); 03127 if(err>0) 03128 { 03129 if(err > maxnum) 03130 err = maxnum; 03131 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist, 03132 sizeof(struct rsbac_auth_cap_range_t) * err); 03133 if(tmperr < 0) 03134 err = tmperr; 03135 else 03136 { 03137 if(ttllist) 03138 { 03139 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist, 03140 sizeof(rsbac_time_t) * err); 03141 if(tmperr < 0) 03142 err = tmperr; 03143 } 03144 } 03145 rsbac_vfree(k_caplist); 03146 rsbac_vfree(k_ttllist); 03147 } 03148 03149 return(err); 03150 03151 #else 03152 return (-RSBAC_EINVALIDMODULE); 03153 #endif 03154 }

int sys_rsbac_auth_remove_f_cap ( rsbac_list_ta_number_t ta_number,

char * filename,

enum rsbac_auth_cap_type_t cap_type,

struct rsbac_auth_cap_range_t cap_range

)

Definition at line 2873 of file syscalls.c.
References ACT_none, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), rsbac_auth_remove_f_cap(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), T_DIR, and T_FILE.
Referenced by sys_rsbac().
02878 { 02879 #if defined(CONFIG_RSBAC_AUTH) 02880 struct dentry * t_dentry; 02881 int err = 0; 02882 enum rsbac_target_t target; 02883 union rsbac_target_id_t tid; 02884 02885 /* for adf_request */ 02886 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 02887 union rsbac_attribute_value_t rsbac_attribute_value; 02888 #endif 02889 02890 struct nameidata nd; 02891 02892 if(!filename) 02893 return(-RSBAC_EINVALIDTARGET); 02894 if(cap_type >= ACT_none) 02895 return(-RSBAC_EINVALIDTARGET); 02896 if(cap_range.first > cap_range.last) 02897 return(-RSBAC_EINVALIDVALUE); 02898 02899 #ifdef CONFIG_RSBAC_FREEZE 02900 if(rsbac_freeze) 02901 { 02902 rsbac_printk(KERN_WARNING 02903 "sys_rsbac_auth_remove_f_cap(): RSBAC configuration frozen, no administration allowed!\n"); 02904 return -EPERM; 02905 } 02906 #endif 02907 02908 if ((err = user_path_walk_link(filename, &nd))) 02909 { 02910 #ifdef CONFIG_RSBAC_DEBUG 02911 if (rsbac_debug_aef_auth) 02912 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_remove_f_cap(): call to user_path_walk_link() returned %i\n", err); 02913 #endif 02914 goto out; 02915 } 02916 t_dentry = nd.dentry; 02917 if (!t_dentry->d_inode) 02918 { 02919 err = -RSBAC_EINVALIDTARGET; 02920 goto out_dput; 02921 } 02922 /* is inode of type file or dir? */ 02923 if(S_ISREG(t_dentry->d_inode->i_mode)) 02924 target = T_FILE; 02925 else 02926 if(S_ISDIR(t_dentry->d_inode->i_mode)) 02927 target = T_DIR; 02928 else 02929 { /* This is no file or dir */ 02930 err = -RSBAC_EINVALIDTARGET; 02931 goto out_dput; 02932 } 02933 tid.file.device = t_dentry->d_sb->s_dev; 02934 tid.file.inode = t_dentry->d_inode->i_ino; 02935 tid.file.dentry_p = t_dentry; 02936 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 02937 /* call ADF */ 02938 #ifdef CONFIG_RSBAC_DEBUG 02939 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n"); 02940 #endif 02941 rsbac_attribute_value.auth_cap_range = cap_range; 02942 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 02943 current->pid, 02944 target, 02945 tid, 02946 A_auth_remove_f_cap, 02947 rsbac_attribute_value)) 02948 { 02949 err = -EPERM; 02950 } 02951 else 02952 #endif 02953 err = rsbac_auth_remove_f_cap(ta_number, tid.file, cap_type, cap_range); 02954 02955 out_dput: 02956 path_release(&nd); 02957 out: 02958 return(err); 02959 02960 #else 02961 return (-RSBAC_EINVALIDMODULE); 02962 #endif 02963 }

int sys_rsbac_auth_remove_p_cap ( rsbac_list_ta_number_t ta_number,

rsbac_pid_t pid,

enum rsbac_auth_cap_type_t cap_type,

struct rsbac_auth_cap_range_t cap_range

)

Definition at line 2742 of file syscalls.c.
References ACT_none, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_auth_remove_p_cap(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, and rsbac_printk().
Referenced by sys_rsbac().
02747 { 02748 #if defined(CONFIG_RSBAC_AUTH) 02749 struct task_struct * task_p; 02750 02751 if(cap_type >= ACT_none) 02752 return(-RSBAC_EINVALIDTARGET); 02753 if(cap_range.first > cap_range.last) 02754 return(-RSBAC_EINVALIDVALUE); 02755 02756 #ifdef CONFIG_RSBAC_FREEZE 02757 if(rsbac_freeze) 02758 { 02759 rsbac_printk(KERN_WARNING 02760 "sys_rsbac_auth_remove_p_cap(): RSBAC configuration frozen, no administration allowed!\n"); 02761 return -EPERM; 02762 } 02763 #endif 02764 02765 read_lock(&tasklist_lock); 02766 task_p = find_task_by_pid(pid); 02767 read_unlock(&tasklist_lock); 02768 if(!task_p) 02769 return(-RSBAC_EINVALIDTARGET); 02770 /* call auth function and return its result */ 02771 /* permission checking is done there */ 02772 return(rsbac_auth_remove_p_cap(ta_number, pid, cap_type, cap_range)); 02773 #else 02774 return (-RSBAC_EINVALIDMODULE); 02775 #endif 02776 }

int sys_rsbac_check ( int correct,

int check_inode

)

Definition at line 94 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), rsbac_check(), rsbac_check_acl(), rsbac_check_auth(), rsbac_check_lists(), rsbac_check_mac(), rsbac_check_reg(), rsbac_printk(), rsbac_write_sem, rsbac_target_id_t::scd, ST_rsbac, sys_sync(), and T_SCD.
Referenced by sys_rsbac().
00095 { 00096 union rsbac_target_id_t rsbac_target_id; 00097 union rsbac_attribute_value_t rsbac_attribute_value; 00098 int result; 00099 00100 #ifdef CONFIG_RSBAC_DEBUG 00101 if (rsbac_debug_aef) 00102 { 00103 rsbac_printk(KERN_DEBUG "sys_rsbac_check(): calling ADF\n"); 00104 } 00105 #endif 00106 rsbac_target_id.scd = ST_rsbac; 00107 rsbac_attribute_value.dummy = 0; 00108 if (!rsbac_adf_request(R_GET_STATUS_DATA, 00109 current->pid, 00110 T_SCD, 00111 rsbac_target_id, 00112 A_none, 00113 rsbac_attribute_value)) 00114 { 00115 return -EPERM; 00116 } 00117 00118 rsbac_printk(KERN_INFO 00119 "sys_rsbac_check(): triggering RSBAC consistency check, correct = %u, check_inode = %u!\n", 00120 correct, check_inode); 00121 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 00122 /* Sync to be sure */ 00123 if(check_inode) 00124 { 00125 rsbac_printk(KERN_INFO 00126 "sys_rsbac_check(): syncing disks\n"); 00127 sys_sync(); 00128 } 00129 #endif 00130 00131 lock_kernel(); 00132 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 00133 /* rsbac write blocking */ 00134 if(check_inode) 00135 down(&rsbac_write_sem); 00136 #endif 00137 00138 result=rsbac_check_lists(correct); 00139 00140 /* call other checks */ 00141 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 00142 if(!result) 00143 result = rsbac_check(correct, check_inode); 00144 #if defined(CONFIG_RSBAC_MAC) 00145 if(!result) 00146 result=rsbac_check_mac(correct, check_inode); 00147 #endif 00148 #if defined(CONFIG_RSBAC_AUTH) 00149 if(!result) 00150 result=rsbac_check_auth(correct, check_inode); 00151 #endif 00152 #endif 00153 #if defined(CONFIG_RSBAC_ACL) 00154 if(!result) 00155 result=rsbac_check_acl(correct, check_inode); 00156 #endif 00157 #if defined(CONFIG_RSBAC_REG) 00158 if(!result) 00159 result=rsbac_check_reg(correct, check_inode); 00160 #endif 00161 00162 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 00163 /* release write blocking */ 00164 if(check_inode) 00165 up(&rsbac_write_sem); 00166 #endif 00167 00168 unlock_kernel(); 00169 return(result); 00170 }

int sys_rsbac_daz_flush_cache ( void )

Definition at line 2239 of file syscalls.c.
References A_daz_role, DAZ, rsbac_daz_flush_cache(), rsbac_get_attr, rsbac_printk(), SR_administrator, SR_security_officer, rsbac_attribute_value_t::system_role, T_USER, TRUE, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
02240 { 02241 #ifndef CONFIG_RSBAC_DAZ_CACHE 02242 return (0); 02243 #else 02244 #ifndef CONFIG_RSBAC_MAINT 02245 union rsbac_target_id_t i_tid; 02246 union rsbac_attribute_value_t i_attr_val1; 02247 02248 /* Security Officer or admin? */ 02249 i_tid.user = current->uid; 02250 if (rsbac_get_attr(DAZ, 02251 T_USER, 02252 i_tid, 02253 A_daz_role, 02254 &i_attr_val1, 02255 TRUE)) 02256 { 02257 rsbac_printk(KERN_WARNING 02258 "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n"); 02259 return -EPERM; 02260 } 02261 /* if not sec_officer or admin, deny */ 02262 if ( (i_attr_val1.system_role != SR_security_officer) 02263 && (i_attr_val1.system_role != SR_administrator) 02264 ) 02265 #ifdef CONFIG_RSBAC_SOFTMODE 02266 if( !rsbac_softmode 02267 #ifdef CONFIG_RSBAC_SOFTMODE_IND 02268 && !rsbac_ind_softmode[DAZ] 02269 #endif 02270 ) 02271 #endif 02272 return -EPERM; 02273 #endif 02274 02275 rsbac_printk(KERN_INFO 02276 "sys_rsbac_daz_flush_cache(): flushing DAZuko result cache!\n"); 02277 02278 return(rsbac_daz_flush_cache()); 02279 #endif 02280 }

int sys_rsbac_get_adf_log ( enum rsbac_adf_request_t request,

enum rsbac_target_t target,

u_int * value_p

)

Definition at line 6414 of file syscalls.c.
References get_request_name(), R_GET_STATUS_DATA, R_NONE, rsbac_adf_request(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, rsbac_get_adf_log(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_target_id_t::scd, ST_rsbac, T_FD, T_NONE, and T_SCD.
Referenced by sys_rsbac().
06417 { 06418 union rsbac_target_id_t rsbac_target_id; 06419 union rsbac_attribute_value_t rsbac_attribute_value; 06420 u_int k_value; 06421 int err; 06422 06423 if(request >= R_NONE) 06424 return(-RSBAC_EINVALIDREQUEST); 06425 if( (target == T_FD) 06426 || (target > T_NONE) 06427 ) 06428 return(-RSBAC_EINVALIDTARGET); 06429 if(!value_p) 06430 return(-RSBAC_EINVALIDPOINTER); 06431 /* call ADF */ 06432 #ifdef CONFIG_RSBAC_DEBUG 06433 if (rsbac_debug_aef) 06434 rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): calling ADF\n"); 06435 #endif 06436 rsbac_target_id.scd = ST_rsbac; 06437 rsbac_attribute_value.request = request; 06438 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06439 current->pid, 06440 T_SCD, 06441 rsbac_target_id, 06442 A_request, 06443 rsbac_attribute_value)) 06444 { 06445 return -EPERM; 06446 } 06447 #ifdef CONFIG_RSBAC_DEBUG 06448 if (rsbac_debug_aef) 06449 { 06450 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06451 if(request_name) 06452 { 06453 get_request_name(request_name,target); 06454 rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): getting RSBAC module logging for request %s (No. %i)!\n", 06455 request_name, target); 06456 rsbac_kfree(request_name); 06457 } 06458 } 06459 #endif 06460 err = rsbac_get_adf_log(request, target, &k_value); 06461 if(!err) 06462 { 06463 rsbac_put_user((u_char *) &k_value, 06464 (u_char *) value_p, 06465 sizeof(k_value) ); 06466 } 06467 return(err); 06468 }

int sys_rsbac_get_attr ( rsbac_list_ta_number_t ta_number,

enum rsbac_switch_target_t module,

enum rsbac_target_t target,

union rsbac_target_id_t * tid,

enum rsbac_attribute_t attr,

union rsbac_attribute_value_t * value,

int inherit

)

Definition at line 210 of file syscalls.c.
References A_none, FALSE, get_attr_module(), R_READ_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_ta_get_attr(), SW_NONE, T_NETOBJ, T_NONE, and TRUE.
Referenced by sys_rsbac().
00218 { 00219 union rsbac_target_id_t k_tid; 00220 union rsbac_attribute_value_t k_value; 00221 int err = 0; 00222 rsbac_boolean_t i_inherit; 00223 00224 if(module > SW_NONE) 00225 return(-RSBAC_EINVALIDMODULE); 00226 if(!tid || (target >= T_NONE)) 00227 return(-RSBAC_EINVALIDTARGET); 00228 if(!value) 00229 return(-RSBAC_EINVALIDVALUE); 00230 if(attr >= A_none) 00231 return(-RSBAC_EINVALIDATTR); 00232 00233 if(module == SW_NONE) 00234 { 00235 module = get_attr_module(attr); 00236 if(module == SW_NONE) 00237 return(-RSBAC_EINVALIDMODULE); 00238 } 00239 00240 /* get values from user space */ 00241 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 00242 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00243 00244 if(inherit) 00245 i_inherit = TRUE; 00246 else 00247 i_inherit = FALSE; 00248 00249 #ifdef CONFIG_RSBAC_NET_OBJ 00250 /* sanity check before using pointer */ 00251 if( (target == T_NETOBJ) 00252 && ( !k_tid.netobj.sock_p 00253 || k_tid.netobj.remote_addr 00254 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00255 || !k_tid.netobj.sock_p->file 00256 || !k_tid.netobj.sock_p->file->f_dentry 00257 || !k_tid.netobj.sock_p->file->f_dentry->d_inode 00258 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p) 00259 #else 00260 || !k_tid.netobj.sock_p->inode 00261 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p) 00262 #endif 00263 ) 00264 ) 00265 return -RSBAC_EINVALIDTARGET; 00266 #endif 00267 00268 /* call ADF */ 00269 #ifdef CONFIG_RSBAC_DEBUG 00270 if (rsbac_debug_aef) 00271 { 00272 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): calling ADF\n"); 00273 } 00274 #endif 00275 if (!rsbac_adf_request(R_READ_ATTRIBUTE, 00276 current->pid, 00277 target, 00278 k_tid, 00279 attr, 00280 k_value)) 00281 { 00282 return -EPERM; 00283 } 00284 00285 err = rsbac_ta_get_attr(ta_number, module, target, k_tid, attr, &k_value, i_inherit); 00286 /* put result value to user space */ 00287 if(!err) 00288 { 00289 err = rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00290 } 00291 return (err); 00292 } /* end of sys_rsbac_get_attr() */

int sys_rsbac_get_attr_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_switch_target_t module,

enum rsbac_target_t target,

char * t_name,

enum rsbac_attribute_t attr,

union rsbac_attribute_value_t * value,

int inherit

)

Definition at line 295 of file syscalls.c.
References A_none, D_block, D_char, rsbac_target_id_t::dev, FALSE, get_attr_module(), rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, R_READ_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_ta_get_attr(), SW_NONE, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, TRUE, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
00303 { 00304 union rsbac_attribute_value_t k_value; 00305 struct dentry * t_dentry; 00306 int err = 0; 00307 union rsbac_target_id_t tid; 00308 /* struct passwd * user_description_p; */ 00309 rsbac_boolean_t i_inherit; 00310 struct nameidata nd; 00311 00312 if(module > SW_NONE) 00313 return(-RSBAC_EINVALIDMODULE); 00314 if(!t_name || (target >= T_NONE)) 00315 return(-RSBAC_EINVALIDTARGET); 00316 if(!value) 00317 return(-RSBAC_EINVALIDVALUE); 00318 if(attr >= A_none) 00319 return(-RSBAC_EINVALIDATTR); 00320 00321 if(module == SW_NONE) 00322 { 00323 module = get_attr_module(attr); 00324 if(module == SW_NONE) 00325 return(-RSBAC_EINVALIDMODULE); 00326 } 00327 00328 if(inherit) 00329 i_inherit = TRUE; 00330 else 00331 i_inherit = FALSE; 00332 00333 /* get values from user space */ 00334 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00335 00336 /* lookup filename */ 00337 if ((err = user_path_walk_link(t_name, &nd))) 00338 { 00339 #ifdef CONFIG_RSBAC_DEBUG 00340 if (rsbac_debug_aef) 00341 { 00342 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): call to user_path_walk_link() returned %i\n", err); 00343 } 00344 #endif 00345 goto out; 00346 } 00347 t_dentry = nd.dentry; 00348 if (!t_dentry->d_inode) 00349 { 00350 #ifdef CONFIG_RSBAC_DEBUG 00351 if (rsbac_debug_aef) 00352 { 00353 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): file not found\n"); 00354 } 00355 #endif 00356 err = -RSBAC_EINVALIDTARGET; 00357 goto out_dput; 00358 } 00359 00360 switch (target) 00361 { 00362 /* is inode of right type? */ 00363 case T_FD: 00364 if(S_ISREG(t_dentry->d_inode->i_mode)) 00365 { 00366 target = T_FILE; 00367 } 00368 else 00369 if(S_ISDIR(t_dentry->d_inode->i_mode)) 00370 { 00371 target = T_DIR; 00372 } 00373 else 00374 if(S_ISLNK(t_dentry->d_inode->i_mode)) 00375 { 00376 target = T_SYMLINK; 00377 } 00378 else 00379 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 00380 { 00381 target = T_FIFO; 00382 } 00383 else 00384 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00385 { 00386 target = T_FILE; 00387 } 00388 else 00389 if(S_ISCHR(t_dentry->d_inode->i_mode)) 00390 { 00391 target = T_FILE; 00392 } 00393 else 00394 { 00395 #ifdef CONFIG_RSBAC_DEBUG 00396 if (rsbac_debug_aef) 00397 { 00398 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no filesystem object\n"); 00399 } 00400 #endif 00401 err = -RSBAC_EINVALIDTARGET; 00402 goto out_dput; 00403 } 00404 break; 00405 00406 case T_FILE: 00407 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 00408 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 00409 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00410 { 00411 #ifdef CONFIG_RSBAC_DEBUG 00412 if (rsbac_debug_aef) 00413 { 00414 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no file\n"); 00415 } 00416 #endif 00417 err = -RSBAC_EINVALIDTARGET; 00418 goto out_dput; 00419 } 00420 break; 00421 00422 case T_DIR: 00423 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 00424 { 00425 #ifdef CONFIG_RSBAC_DEBUG 00426 if (rsbac_debug_aef) 00427 { 00428 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dir\n"); 00429 } 00430 #endif 00431 err = -RSBAC_EINVALIDTARGET; 00432 goto out_dput; 00433 } 00434 break; 00435 00436 case T_FIFO: 00437 /* is inode of type fifo? */ 00438 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 00439 { 00440 #ifdef CONFIG_RSBAC_DEBUG 00441 if (rsbac_debug_aef) 00442 { 00443 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no fifo\n"); 00444 } 00445 #endif 00446 err = -RSBAC_EINVALIDTARGET; 00447 goto out_dput; 00448 } 00449 break; 00450 00451 case T_SYMLINK: 00452 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 00453 { 00454 #ifdef CONFIG_RSBAC_DEBUG 00455 if (rsbac_debug_aef) 00456 { 00457 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no symlink\n"); 00458 } 00459 #endif 00460 err = -RSBAC_EINVALIDTARGET; 00461 goto out_dput; 00462 } 00463 break; 00464 00465 case T_DEV: 00466 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 00467 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00468 { 00469 #ifdef CONFIG_RSBAC_DEBUG 00470 if (rsbac_debug_aef) 00471 { 00472 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dev\n"); 00473 } 00474 #endif 00475 err = -RSBAC_EINVALIDTARGET; 00476 goto out_dput; 00477 } 00478 break; 00479 00480 default: 00481 err = -RSBAC_EINVALIDTARGET; 00482 goto out_dput; 00483 } 00484 00485 if(target == T_DEV) 00486 { 00487 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00488 tid.dev.type = D_block; 00489 else 00490 tid.dev.type = D_char; 00491 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 00492 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 00493 } 00494 else 00495 { 00496 /* fill target id and call internal function */ 00497 tid.file.device = t_dentry->d_sb->s_dev; 00498 tid.file.inode = t_dentry->d_inode->i_ino; 00499 tid.file.dentry_p = t_dentry; 00500 } 00501 /* call ADF */ 00502 #ifdef CONFIG_RSBAC_DEBUG 00503 if (rsbac_debug_aef) 00504 { 00505 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): calling ADF\n"); 00506 } 00507 #endif 00508 if (!rsbac_adf_request(R_READ_ATTRIBUTE, 00509 current->pid, 00510 target, 00511 tid, 00512 attr, 00513 k_value)) 00514 { 00515 err = -EPERM; 00516 } 00517 else 00518 { 00519 err = rsbac_ta_get_attr(ta_number, module, target, tid, attr, &k_value, i_inherit); 00520 /* put result value to user space */ 00521 if(!err) 00522 rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00523 } 00524 00525 out_dput: 00526 path_release(&nd); 00527 00528 out: 00529 return(err); 00530 } /* end of sys_rsbac_get_attr_n() */

int sys_rsbac_jail ( rsbac_version_t version,

char * path,

rsbac_jail_ip_t ip,

rsbac_jail_flags_t flags,

rsbac_cap_vector_t max_caps,

rsbac_jail_scd_vector_t scd_get,

rsbac_jail_scd_vector_t scd_modify

)

Definition at line 4581 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_jail_sys_jail().
04588 { 04589 #if defined(CONFIG_RSBAC_JAIL) 04590 return rsbac_jail_sys_jail(version, path, ip, flags, 04591 max_caps, scd_get, scd_modify); 04592 #else 04593 return (-RSBAC_EINVALIDMODULE); 04594 #endif 04595 }

int sys_rsbac_list_all_dev ( rsbac_list_ta_number_t ta_number,

struct rsbac_dev_desc_t * id_p,

u_long maxnum

)

Definition at line 1088 of file syscalls.c.
References NULL, rsbac_ta_list_all_dev(), and rsbac_vfree.
Referenced by sys_rsbac().
01092 { 01093 int err = 0; 01094 long count; 01095 01096 if(id_p && maxnum) 01097 { 01098 struct rsbac_dev_desc_t * k_id_p = NULL; 01099 01100 count = rsbac_ta_list_all_dev(ta_number, &k_id_p); 01101 if(count <= 0) 01102 return count; 01103 if(count > maxnum) 01104 count = maxnum; 01105 01106 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01107 01108 rsbac_vfree(k_id_p); 01109 01110 if(err) 01111 return err; 01112 else 01113 return count; 01114 } 01115 else 01116 return rsbac_ta_list_all_dev(ta_number, NULL); 01117 }

int sys_rsbac_list_all_group ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t * id_p,

u_long maxnum

)

Definition at line 1150 of file syscalls.c.
References NULL, rsbac_ta_list_all_group(), and rsbac_vfree.
Referenced by sys_rsbac().
01154 { 01155 int err = 0; 01156 long count; 01157 01158 if(id_p && maxnum) 01159 { 01160 rsbac_gid_t * k_id_p = NULL; 01161 01162 count = rsbac_ta_list_all_group(ta_number, &k_id_p); 01163 if(count <= 0) 01164 return count; 01165 if(count > maxnum) 01166 count = maxnum; 01167 01168 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01169 01170 rsbac_vfree(k_id_p); 01171 01172 if(err) 01173 return err; 01174 else 01175 return count; 01176 } 01177 else 01178 return rsbac_ta_list_all_group(ta_number, NULL); 01179 }

int sys_rsbac_list_all_user ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t * id_p,

u_long maxnum

)

Definition at line 1119 of file syscalls.c.
References NULL, rsbac_ta_list_all_user(), and rsbac_vfree.
Referenced by sys_rsbac().
01123 { 01124 int err = 0; 01125 long count; 01126 01127 if(id_p && maxnum) 01128 { 01129 rsbac_uid_t * k_id_p = NULL; 01130 01131 count = rsbac_ta_list_all_user(ta_number, &k_id_p); 01132 if(count <= 0) 01133 return count; 01134 if(count > maxnum) 01135 count = maxnum; 01136 01137 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01138 01139 rsbac_vfree(k_id_p); 01140 01141 if(err) 01142 return err; 01143 else 01144 return count; 01145 } 01146 else 01147 return rsbac_ta_list_all_user(ta_number, NULL); 01148 }

int sys_rsbac_log ( int type,

char * buf,

int len

)

Definition at line 6480 of file syscalls.c.
References rsbac_log().
Referenced by sys_rsbac().
06483 { 06484 #if defined(CONFIG_RSBAC_RMSG) 06485 /* lock_kernel is done in rsbac_log */ 06486 return(rsbac_log(type,buf,len)); 06487 #else 06488 return(0); 06489 #endif /* RMSG */ 06490 }

int sys_rsbac_mac_add_f_tru ( rsbac_list_ta_number_t ta_number,

char * filename,

rsbac_uid_t uid,

rsbac_time_t ttl

)

Definition at line 1851 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_mac_add_f_tru(), rsbac_printk(), T_DIR, and T_FILE.
Referenced by sys_rsbac().
01856 { 01857 #if defined(CONFIG_RSBAC_MAC) 01858 struct dentry * t_dentry; 01859 int err = 0; 01860 enum rsbac_target_t target; 01861 union rsbac_target_id_t tid; 01862 01863 struct nameidata nd; 01864 01865 if(!filename) 01866 return(-RSBAC_EINVALIDTARGET); 01867 01868 #ifdef CONFIG_RSBAC_FREEZE 01869 if(rsbac_freeze) 01870 { 01871 rsbac_printk(KERN_WARNING 01872 "sys_rsbac_mac_add_f_tru(): RSBAC configuration frozen, no administration allowed!\n"); 01873 return -EPERM; 01874 } 01875 #endif 01876 01877 if ((err = user_path_walk_link(filename, &nd))) 01878 { 01879 #ifdef CONFIG_RSBAC_DEBUG 01880 if (rsbac_debug_aef_mac) 01881 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_add_f_tru(): call to user_path_walk_link() returned %i\n", err); 01882 #endif 01883 goto out; 01884 } 01885 t_dentry = nd.dentry; 01886 if (!t_dentry->d_inode) 01887 { 01888 err = -RSBAC_EINVALIDTARGET; 01889 goto out_dput; 01890 } 01891 /* is inode of type file? */ 01892 if(S_ISREG(t_dentry->d_inode->i_mode)) 01893 target = T_FILE; 01894 else 01895 if(S_ISDIR(t_dentry->d_inode->i_mode)) 01896 target = T_DIR; 01897 else 01898 { /* This is no file or dir */ 01899 err = -RSBAC_EINVALIDTARGET; 01900 goto out_dput; 01901 } 01902 tid.file.device = t_dentry->d_sb->s_dev; 01903 tid.file.inode = t_dentry->d_inode->i_ino; 01904 tid.file.dentry_p = t_dentry; 01905 01906 err = rsbac_mac_add_f_tru(ta_number, tid.file, uid, ttl); 01907 01908 out_dput: 01909 path_release(&nd); 01910 out: 01911 return(err); 01912 01913 #else 01914 return (-RSBAC_EINVALIDMODULE); 01915 #endif 01916 }

int sys_rsbac_mac_add_p_tru ( rsbac_list_ta_number_t ta_number,

rsbac_pid_t pid,

rsbac_uid_t uid,

rsbac_time_t ttl

)

Definition at line 1793 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_mac_add_p_tru(), and rsbac_printk().
Referenced by sys_rsbac().
01798 { 01799 #if defined(CONFIG_RSBAC_MAC) 01800 struct task_struct * task_p; 01801 01802 #ifdef CONFIG_RSBAC_FREEZE 01803 if(rsbac_freeze) 01804 { 01805 rsbac_printk(KERN_WARNING 01806 "sys_rsbac_mac_add_p_tru(): RSBAC configuration frozen, no administration allowed!\n"); 01807 return -EPERM; 01808 } 01809 #endif 01810 01811 read_lock(&tasklist_lock); 01812 task_p = find_task_by_pid(pid); 01813 read_unlock(&tasklist_lock); 01814 if(!task_p) 01815 return(-RSBAC_EINVALIDTARGET); 01816 01817 return(rsbac_mac_add_p_tru(ta_number, pid, uid, ttl)); 01818 #else 01819 return (-RSBAC_EINVALIDMODULE); 01820 #endif 01821 }

int sys_rsbac_mac_get_curr_level ( rsbac_security_level_t * level_p,

rsbac_mac_category_vector_t * categories_p

)

Definition at line 1711 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_mac_get_curr_level().
Referenced by sys_rsbac().
01713 { 01714 #ifdef CONFIG_RSBAC_MAC 01715 int err = 0; 01716 rsbac_security_level_t k_level; 01717 rsbac_mac_category_vector_t k_categories; 01718 01719 err = rsbac_mac_get_curr_level(&k_level, &k_categories); 01720 if(err) 01721 return err; 01722 if(level_p) 01723 { 01724 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level)); 01725 if(err) 01726 return err; 01727 } 01728 if(categories_p) 01729 { 01730 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories)); 01731 } 01732 return err; 01733 #else 01734 return (-RSBAC_EINVALIDMODULE); 01735 #endif 01736 }

int sys_rsbac_mac_get_f_trulist ( rsbac_list_ta_number_t ta_number,

char * filename,

rsbac_uid_t trulist[],

rsbac_time_t ttllist[],

u_int maxnum

)

Definition at line 1985 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_mac_get_f_trulist(), RSBAC_MAC_MAX_MAXNUM, rsbac_printk(), rsbac_vfree, T_DIR, and T_FILE.
Referenced by sys_rsbac().
01991 { 01992 #if defined(CONFIG_RSBAC_MAC) 01993 struct dentry * t_dentry; 01994 int err = 0, tmperr = 0; 01995 enum rsbac_target_t target; 01996 union rsbac_target_id_t tid; 01997 rsbac_uid_t * k_trulist; 01998 rsbac_time_t * k_ttllist; 01999 02000 struct nameidata nd; 02001 02002 if(!filename) 02003 return(-RSBAC_EINVALIDTARGET); 02004 if(!trulist) 02005 return(-RSBAC_EINVALIDPOINTER); 02006 if(maxnum <= 0) 02007 return(-RSBAC_EINVALIDVALUE); 02008 if(maxnum > RSBAC_MAC_MAX_MAXNUM) 02009 maxnum = RSBAC_MAC_MAX_MAXNUM; 02010 02011 if ((err = user_path_walk_link(filename, &nd))) 02012 { 02013 #ifdef CONFIG_RSBAC_DEBUG 02014 if (rsbac_debug_aef_mac) 02015 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_get_f_trulist(): call to user_path_walk_link() returned %i\n", err); 02016 #endif 02017 goto out; 02018 } 02019 t_dentry = nd.dentry; 02020 if (!t_dentry->d_inode) 02021 { 02022 err = -RSBAC_EINVALIDTARGET; 02023 goto out_dput; 02024 } 02025 /* is inode of type file or dir? */ 02026 if(S_ISREG(t_dentry->d_inode->i_mode)) 02027 target = T_FILE; 02028 else 02029 if(S_ISDIR(t_dentry->d_inode->i_mode)) 02030 target = T_DIR; 02031 else 02032 { /* This is no file or dir */ 02033 err = -RSBAC_EINVALIDTARGET; 02034 goto out_dput; 02035 } 02036 tid.file.device = t_dentry->d_sb->s_dev; 02037 tid.file.inode = t_dentry->d_inode->i_ino; 02038 tid.file.dentry_p = t_dentry; 02039 02040 err = rsbac_mac_get_f_trulist(ta_number, tid.file, &k_trulist, &k_ttllist); 02041 if(err>0) 02042 { 02043 if(err > maxnum) 02044 err = maxnum; 02045 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist, 02046 sizeof(rsbac_uid_t) * err); 02047 if(tmperr < 0) 02048 err = tmperr; 02049 else 02050 { 02051 if(ttllist) 02052 { 02053 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist, 02054 sizeof(rsbac_time_t) * err); 02055 if(tmperr < 0) 02056 err = tmperr; 02057 } 02058 } 02059 rsbac_vfree(k_trulist); 02060 rsbac_vfree(k_ttllist); 02061 } 02062 02063 out_dput: 02064 path_release(&nd); 02065 out: 02066 return(err); 02067 02068 #else 02069 return (-RSBAC_EINVALIDMODULE); 02070 #endif 02071 }

int sys_rsbac_mac_get_max_level ( rsbac_security_level_t * level_p,

rsbac_mac_category_vector_t * categories_p

)

Definition at line 1738 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_mac_get_max_level().
Referenced by sys_rsbac().
01740 { 01741 #ifdef CONFIG_RSBAC_MAC 01742 int err = 0; 01743 rsbac_security_level_t k_level; 01744 rsbac_mac_category_vector_t k_categories; 01745 01746 err = rsbac_mac_get_max_level(&k_level, &k_categories); 01747 if(err) 01748 return err; 01749 if(level_p) 01750 { 01751 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level)); 01752 if(err) 01753 return err; 01754 } 01755 if(categories_p) 01756 { 01757 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories)); 01758 } 01759 return err; 01760 #else 01761 return (-RSBAC_EINVALIDMODULE); 01762 #endif 01763 }

int sys_rsbac_mac_get_min_level ( rsbac_security_level_t * level_p,

rsbac_mac_category_vector_t * categories_p

)

Definition at line 1765 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_mac_get_min_level().
Referenced by sys_rsbac().
01767 { 01768 #ifdef CONFIG_RSBAC_MAC 01769 int err = 0; 01770 rsbac_security_level_t k_level; 01771 rsbac_mac_category_vector_t k_categories; 01772 01773 err = rsbac_mac_get_min_level(&k_level, &k_categories); 01774 if(err) 01775 return err; 01776 if(level_p) 01777 { 01778 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level)); 01779 if(err) 01780 return err; 01781 } 01782 if(categories_p) 01783 { 01784 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories)); 01785 } 01786 return err; 01787 #else 01788 return (-RSBAC_EINVALIDMODULE); 01789 #endif 01790 }

int sys_rsbac_mac_get_p_trulist ( rsbac_list_ta_number_t ta_number,

rsbac_pid_t pid,

rsbac_uid_t trulist[],

rsbac_time_t ttllist[],

u_int maxnum

)

Definition at line 2073 of file syscalls.c.
References rsbac_target_id_t::process, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_mac_get_p_trulist(), RSBAC_MAC_MAX_MAXNUM, and rsbac_vfree.
Referenced by sys_rsbac().
02079 { 02080 #if defined(CONFIG_RSBAC_MAC) 02081 int err = 0, tmperr = 0; 02082 union rsbac_target_id_t tid; 02083 rsbac_uid_t * k_trulist; 02084 rsbac_time_t * k_ttllist; 02085 02086 if(!pid) 02087 return(-RSBAC_EINVALIDTARGET); 02088 if(!trulist) 02089 return(-RSBAC_EINVALIDPOINTER); 02090 if(maxnum <= 0) 02091 return(-RSBAC_EINVALIDVALUE); 02092 if(maxnum > RSBAC_MAC_MAX_MAXNUM) 02093 maxnum = RSBAC_MAC_MAX_MAXNUM; 02094 02095 tid.process = pid; 02096 02097 err = rsbac_mac_get_p_trulist(ta_number, tid.process, &k_trulist, &k_ttllist); 02098 if(err>0) 02099 { 02100 if(err > maxnum) 02101 err = maxnum; 02102 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist, 02103 sizeof(rsbac_uid_t) * err); 02104 if(tmperr < 0) 02105 err = tmperr; 02106 else 02107 { 02108 if(ttllist) 02109 { 02110 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist, 02111 sizeof(rsbac_time_t) * err); 02112 if(tmperr < 0) 02113 err = tmperr; 02114 } 02115 } 02116 rsbac_vfree(k_trulist); 02117 rsbac_vfree(k_ttllist); 02118 } 02119 02120 return(err); 02121 02122 #else 02123 return (-RSBAC_EINVALIDMODULE); 02124 #endif 02125 }

int sys_rsbac_mac_remove_f_tru ( rsbac_list_ta_number_t ta_number,

char * filename,

rsbac_uid_t uid

)

Definition at line 1918 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_mac_remove_f_tru(), rsbac_printk(), T_DIR, and T_FILE.
Referenced by sys_rsbac().
01922 { 01923 #if defined(CONFIG_RSBAC_MAC) 01924 struct dentry * t_dentry; 01925 int err = 0; 01926 enum rsbac_target_t target; 01927 union rsbac_target_id_t tid; 01928 01929 struct nameidata nd; 01930 01931 if(!filename) 01932 return(-RSBAC_EINVALIDTARGET); 01933 01934 #ifdef CONFIG_RSBAC_FREEZE 01935 if(rsbac_freeze) 01936 { 01937 rsbac_printk(KERN_WARNING 01938 "sys_rsbac_mac_remove_f_tru(): RSBAC configuration frozen, no administration allowed!\n"); 01939 return -EPERM; 01940 } 01941 #endif 01942 01943 if ((err = user_path_walk_link(filename, &nd))) 01944 { 01945 #ifdef CONFIG_RSBAC_DEBUG 01946 if (rsbac_debug_aef_mac) 01947 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_remove_f_tru(): call to user_path_walk_link() returned %i\n", err); 01948 #endif 01949 goto out; 01950 } 01951 t_dentry = nd.dentry; 01952 if (!t_dentry->d_inode) 01953 { 01954 err = -RSBAC_EINVALIDTARGET; 01955 goto out_dput; 01956 } 01957 /* is inode of type file or dir? */ 01958 if(S_ISREG(t_dentry->d_inode->i_mode)) 01959 target = T_FILE; 01960 else 01961 if(S_ISDIR(t_dentry->d_inode->i_mode)) 01962 target = T_DIR; 01963 else 01964 { /* This is no file or dir */ 01965 err = -RSBAC_EINVALIDTARGET; 01966 goto out_dput; 01967 } 01968 tid.file.device = t_dentry->d_sb->s_dev; 01969 tid.file.inode = t_dentry->d_inode->i_ino; 01970 tid.file.dentry_p = t_dentry; 01971 01972 err = rsbac_mac_remove_f_tru(ta_number, tid.file, uid); 01973 01974 out_dput: 01975 path_release(&nd); 01976 out: 01977 return(err); 01978 01979 #else 01980 return (-RSBAC_EINVALIDMODULE); 01981 #endif 01982 }

int sys_rsbac_mac_remove_p_tru ( rsbac_list_ta_number_t ta_number,

rsbac_pid_t pid,

rsbac_uid_t uid

)

Definition at line 1823 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_mac_remove_p_tru(), and rsbac_printk().
Referenced by sys_rsbac().
01827 { 01828 #if defined(CONFIG_RSBAC_MAC) 01829 struct task_struct * task_p; 01830 01831 #ifdef CONFIG_RSBAC_FREEZE 01832 if(rsbac_freeze) 01833 { 01834 rsbac_printk(KERN_WARNING 01835 "sys_rsbac_mac_remove_p_tru(): RSBAC configuration frozen, no administration allowed!\n"); 01836 return -EPERM; 01837 } 01838 #endif 01839 01840 read_lock(&tasklist_lock); 01841 task_p = find_task_by_pid(pid); 01842 read_unlock(&tasklist_lock); 01843 if(!task_p) 01844 return(-RSBAC_EINVALIDTARGET); 01845 return(rsbac_mac_remove_p_tru(ta_number, pid, uid)); 01846 #else 01847 return (-RSBAC_EINVALIDMODULE); 01848 #endif 01849 }

int sys_rsbac_mac_set_curr_level ( rsbac_security_level_t level,

rsbac_mac_category_vector_t * categories_p

)

Definition at line 1693 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, and rsbac_mac_set_curr_level().
Referenced by sys_rsbac().
01695 { 01696 #ifdef CONFIG_RSBAC_MAC 01697 rsbac_mac_category_vector_t k_categories; 01698 int err; 01699 01700 if(!categories_p) 01701 return -RSBAC_EINVALIDPOINTER; 01702 err = rsbac_get_user((char *) &k_categories, (char *) categories_p, sizeof(k_categories)); 01703 if(err) 01704 return err; 01705 return (rsbac_mac_set_curr_level(level, k_categories)); 01706 #else 01707 return (-RSBAC_EINVALIDMODULE); 01708 #endif 01709 }

int sys_rsbac_net_list_all_netdev ( rsbac_list_ta_number_t ta_number,

rsbac_netdev_id_t * id_p,

u_long maxnum

)

Definition at line 1181 of file syscalls.c.
References NULL, RSBAC_EINVALIDREQUEST, rsbac_ta_net_list_all_netdev(), and rsbac_vfree.
Referenced by sys_rsbac().
01185 { 01186 #ifdef CONFIG_RSBAC_NET_DEV 01187 int err = 0; 01188 long count; 01189 01190 if(id_p && maxnum) 01191 { 01192 rsbac_netdev_id_t * k_id_p = NULL; 01193 01194 count = rsbac_ta_net_list_all_netdev(ta_number, &k_id_p); 01195 if(count <= 0) 01196 return count; 01197 if(count > maxnum) 01198 count = maxnum; 01199 01200 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01201 01202 rsbac_vfree(k_id_p); 01203 01204 if(err) 01205 return err; 01206 else 01207 return count; 01208 } 01209 else 01210 return rsbac_ta_net_list_all_netdev(ta_number, NULL); 01211 01212 #else 01213 return -RSBAC_EINVALIDREQUEST; 01214 #endif /* CONFIG_RSBAC_NET_DEV */ 01215 }

int sys_rsbac_net_list_all_template ( rsbac_list_ta_number_t ta_number,

rsbac_net_temp_id_t * id_p,

u_long maxnum

)

Definition at line 1433 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::nettemp, NULL, R_READ, rsbac_adf_request(), RSBAC_EINVALIDREQUEST, rsbac_ta_net_list_all_template(), rsbac_vfree, and T_NETTEMP.
Referenced by sys_rsbac().
01437 { 01438 #ifdef CONFIG_RSBAC_NET_OBJ 01439 int err = 0; 01440 int count; 01441 union rsbac_target_id_t i_tid; 01442 union rsbac_attribute_value_t i_attr_val; 01443 01444 i_tid.nettemp = 0; 01445 i_attr_val.dummy = 0; 01446 if (!rsbac_adf_request(R_READ, 01447 current->pid, 01448 T_NETTEMP, 01449 i_tid, 01450 A_none, 01451 i_attr_val)) 01452 return -EPERM; 01453 if(id_p && maxnum) 01454 { 01455 rsbac_net_temp_id_t * k_id_p = NULL; 01456 01457 count = rsbac_ta_net_list_all_template(ta_number, &k_id_p); 01458 if(count <= 0) 01459 return count; 01460 if(count > maxnum) 01461 count = maxnum; 01462 01463 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01464 01465 rsbac_vfree(k_id_p); 01466 01467 if(err) 01468 return err; 01469 else 01470 return count; 01471 } 01472 else 01473 return rsbac_ta_net_list_all_template(ta_number, NULL); 01474 01475 #else 01476 return -RSBAC_EINVALIDREQUEST; 01477 #endif /* CONFIG_RSBAC_NET_OBJ */ 01478 }

int sys_rsbac_net_template ( rsbac_list_ta_number_t ta_number,

enum rsbac_net_temp_syscall_t call,

rsbac_net_temp_id_t id,

union rsbac_net_temp_syscall_data_t * data_p

)

Definition at line 1217 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_net_temp_syscall_data_t::id, rsbac_target_id_t::nettemp, NTS_check_id, NTS_copy_template, NTS_delete_template, NTS_get_address, NTS_get_address_family, NTS_get_max_port, NTS_get_min_port, NTS_get_name, NTS_get_netdev, NTS_get_protocol, NTS_get_type, NTS_get_valid_len, NTS_new_template, NTS_set_address, NTS_set_address_family, NTS_set_max_port, NTS_set_min_port, NTS_set_name, NTS_set_netdev, NTS_set_protocol, NTS_set_type, NTS_set_valid_len, R_CREATE, R_DELETE, R_READ, R_WRITE, rsbac_adf_request(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDVALUE, rsbac_net_template_exist(), rsbac_printk(), rsbac_ta_net_template(), and T_NETTEMP.
Referenced by sys_rsbac().
01222 { 01223 #ifdef CONFIG_RSBAC_NET_OBJ 01224 union rsbac_net_temp_syscall_data_t k_data; 01225 int err = 0; 01226 /* for adf_request */ 01227 #ifndef CONFIG_RSBAC_MAINT 01228 union rsbac_target_id_t i_tid; 01229 union rsbac_attribute_value_t i_attr_val; 01230 #endif 01231 01232 if(!id) 01233 return -RSBAC_EINVALIDVALUE; 01234 if(!data_p) 01235 return -RSBAC_EINVALIDPOINTER; 01236 01237 /* get data values from user space */ 01238 switch(call) 01239 { 01240 case NTS_set_address: 01241 case NTS_set_address_family: 01242 case NTS_set_valid_len: 01243 case NTS_set_type: 01244 case NTS_set_protocol: 01245 case NTS_set_netdev: 01246 case NTS_set_min_port: 01247 case NTS_set_max_port: 01248 case NTS_set_name: 01249 case NTS_new_template: 01250 case NTS_copy_template: 01251 case NTS_delete_template: 01252 #ifdef CONFIG_RSBAC_FREEZE 01253 if(rsbac_freeze) 01254 { 01255 rsbac_printk(KERN_WARNING 01256 "sys_rsbac_net_template(): RSBAC configuration frozen, no administration allowed!\n"); 01257 return -EPERM; 01258 } 01259 #endif 01260 if(call != NTS_delete_template) 01261 { 01262 err = rsbac_get_user((u_char *) &k_data, (u_char *) data_p, sizeof(k_data) ); 01263 if(err) 01264 return err; 01265 } 01266 break; 01267 case NTS_check_id: 01268 case NTS_get_address: 01269 case NTS_get_address_family: 01270 case NTS_get_valid_len: 01271 case NTS_get_type: 01272 case NTS_get_protocol: 01273 case NTS_get_netdev: 01274 case NTS_get_min_port: 01275 case NTS_get_max_port: 01276 case NTS_get_name: 01277 break; 01278 01279 default: 01280 return -RSBAC_EINVALIDREQUEST; 01281 } 01282 01283 #ifndef CONFIG_RSBAC_MAINT 01284 #ifdef CONFIG_RSBAC_DEBUG 01285 if (rsbac_debug_aef) 01286 rsbac_printk(KERN_DEBUG "sys_rsbac_net_template(): calling ADF\n"); 01287 #endif 01288 i_tid.nettemp = id; 01289 i_attr_val.dummy = 0; 01290 switch(call) 01291 { 01292 case NTS_new_template: 01293 if (!rsbac_adf_request(R_CREATE, 01294 current->pid, 01295 T_NETTEMP, 01296 i_tid, 01297 A_none, 01298 i_attr_val)) 01299 #ifdef CONFIG_RSBAC_SOFTMODE 01300 if(!rsbac_softmode) 01301 #endif 01302 return -EPERM; 01303 break; 01304 01305 case NTS_copy_template: 01306 if(!rsbac_net_template_exist(id)) 01307 { 01308 if(!rsbac_adf_request(R_CREATE, 01309 current->pid, 01310 T_NETTEMP, 01311 i_tid, 01312 A_none, 01313 i_attr_val)) 01314 #ifdef CONFIG_RSBAC_SOFTMODE 01315 if(!rsbac_softmode) 01316 #endif 01317 return -EPERM; 01318 } 01319 else 01320 { 01321 if(!rsbac_adf_request(R_WRITE, 01322 current->pid, 01323 T_NETTEMP, 01324 i_tid, 01325 A_none, 01326 i_attr_val)) 01327 #ifdef CONFIG_RSBAC_SOFTMODE 01328 if(!rsbac_softmode) 01329 #endif 01330 return -EPERM; 01331 } 01332 i_tid.nettemp = k_data.id; 01333 if (!rsbac_adf_request(R_READ, 01334 current->pid, 01335 T_NETTEMP, 01336 i_tid, 01337 A_none, 01338 i_attr_val)) 01339 #ifdef CONFIG_RSBAC_SOFTMODE 01340 if(!rsbac_softmode) 01341 #endif 01342 return -EPERM; 01343 break; 01344 01345 case NTS_delete_template: 01346 if (!rsbac_adf_request(R_DELETE, 01347 current->pid, 01348 T_NETTEMP, 01349 i_tid, 01350 A_none, 01351 i_attr_val)) 01352 #ifdef CONFIG_RSBAC_SOFTMODE 01353 if(!rsbac_softmode) 01354 #endif 01355 return -EPERM; 01356 break; 01357 01358 case NTS_get_address: 01359 case NTS_get_address_family: 01360 case NTS_get_valid_len: 01361 case NTS_get_type: 01362 case NTS_get_protocol: 01363 case NTS_get_netdev: 01364 case NTS_get_min_port: 01365 case NTS_get_max_port: 01366 if (!rsbac_adf_request(R_READ, 01367 current->pid, 01368 T_NETTEMP, 01369 i_tid, 01370 A_none, 01371 i_attr_val)) 01372 #ifdef CONFIG_RSBAC_SOFTMODE 01373 if(!rsbac_softmode) 01374 #endif 01375 return -EPERM; 01376 break; 01377 01378 case NTS_set_address: 01379 case NTS_set_address_family: 01380 case NTS_set_valid_len: 01381 case NTS_set_type: 01382 case NTS_set_protocol: 01383 case NTS_set_netdev: 01384 case NTS_set_min_port: 01385 case NTS_set_max_port: 01386 case NTS_set_name: 01387 if (!rsbac_adf_request(R_WRITE, 01388 current->pid, 01389 T_NETTEMP, 01390 i_tid, 01391 A_none, 01392 i_attr_val)) 01393 #ifdef CONFIG_RSBAC_SOFTMODE 01394 if(!rsbac_softmode) 01395 #endif 01396 return -EPERM; 01397 break; 01398 01399 default: 01400 break; 01401 } 01402 #endif /* !MAINT */ 01403 01404 err = rsbac_ta_net_template(ta_number, call, id, &k_data); 01405 if(!err) 01406 { 01407 /* put data values to user space */ 01408 switch(call) 01409 { 01410 case NTS_check_id: 01411 case NTS_get_address: 01412 case NTS_get_address_family: 01413 case NTS_get_valid_len: 01414 case NTS_get_type: 01415 case NTS_get_protocol: 01416 case NTS_get_netdev: 01417 case NTS_get_min_port: 01418 case NTS_get_max_port: 01419 case NTS_get_name: 01420 err = rsbac_put_user((u_char *) &k_data, (u_char *) data_p, sizeof(k_data) ); 01421 break; 01422 default: 01423 break; 01424 } 01425 } 01426 return err; 01427 01428 #else 01429 return -RSBAC_EINVALIDREQUEST; 01430 #endif /* NET_OBJ */ 01431 }

int sys_rsbac_pm ( rsbac_list_ta_number_t ta_number,

enum rsbac_pm_function_type_t function,

union rsbac_pm_function_param_t * param_p,

rsbac_pm_tkt_id_t ticket

)

Definition at line 2160 of file syscalls.c.
References PF_none, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, rsbac_pm(), and rsbac_printk().
Referenced by sys_rsbac().
02165 { 02166 #ifndef CONFIG_RSBAC_PM 02167 return (-RSBAC_EINVALIDMODULE); 02168 #else 02169 union rsbac_pm_function_param_t k_param; 02170 int result; 02171 02172 if(function >= PF_none) 02173 return(-RSBAC_EINVALIDREQUEST); 02174 if(!param_p) 02175 return(-RSBAC_EINVALIDPOINTER); 02176 #ifdef CONFIG_RSBAC_DEBUG 02177 if (rsbac_debug_aef_pm) 02178 rsbac_printk(KERN_DEBUG "sys_rsbac_pm(): called for function %i!\n", 02179 function); 02180 #endif 02181 02182 #ifdef CONFIG_RSBAC_FREEZE 02183 if(rsbac_freeze) 02184 { 02185 rsbac_printk(KERN_WARNING 02186 "sys_rsbac_pm(): RSBAC configuration frozen, no administration allowed!\n"); 02187 return -EPERM; 02188 } 02189 #endif 02190 02191 /* get parameters from user space */ 02192 rsbac_get_user((u_char *) &k_param, (u_char *) param_p, sizeof(k_param) ); 02193 /* call pm function and return its result */ 02194 lock_kernel(); 02195 result = rsbac_pm(ta_number, function, k_param, ticket); 02196 unlock_kernel(); 02197 return result; 02198 #endif 02199 }

int sys_rsbac_pm_change_current_task ( rsbac_pm_task_id_t task )

Definition at line 2201 of file syscalls.c.
References rsbac_pm_change_current_task(), and rsbac_printk().
Referenced by sys_rsbac().
02202 { 02203 #ifndef CONFIG_RSBAC_PM 02204 return (0); 02205 #else 02206 #ifdef CONFIG_RSBAC_DEBUG 02207 if (rsbac_debug_aef_pm) 02208 rsbac_printk(KERN_DEBUG 02209 "sys_rsbac_pm_change_current_task(): called for task %i!\n", 02210 task); 02211 #endif 02212 /* call pm function and return its result */ 02213 return(rsbac_pm_change_current_task(task)); 02214 #endif 02215 }

int sys_rsbac_pm_create_file ( const char * filename,

int mode,

rsbac_pm_object_class_id_t class

)

Definition at line 2217 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_pm_create_file(), and rsbac_printk().
Referenced by sys_rsbac().
02220 { 02221 #ifndef CONFIG_RSBAC_PM 02222 return (-RSBAC_EINVALIDMODULE); 02223 #else 02224 if(!filename) 02225 return(-RSBAC_EINVALIDPOINTER); 02226 #ifdef CONFIG_RSBAC_DEBUG 02227 if (rsbac_debug_aef_pm) 02228 rsbac_printk(KERN_DEBUG 02229 "sys_rsbac_pm_create_file(): called with class %i!\n", 02230 class); 02231 #endif 02232 /* call pm function and return its result */ 02233 return(rsbac_pm_create_file(filename, mode, class)); 02234 #endif 02235 }

int sys_rsbac_rc_change_role ( rsbac_rc_role_id_t role )

Definition at line 2492 of file syscalls.c.
References RC_role_max_value, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), and rsbac_rc_sys_change_role().
Referenced by sys_rsbac().
02493 { 02494 #if defined(CONFIG_RSBAC_RC) 02495 if(role > RC_role_max_value) 02496 return(-RSBAC_EINVALIDVALUE); 02497 #ifdef CONFIG_RSBAC_DEBUG 02498 if (rsbac_debug_aef_rc) 02499 rsbac_printk(KERN_DEBUG 02500 "sys_rsbac_rc_change_role(): role %i!\n", 02501 role); 02502 #endif 02503 /* call rc function and return its result */ 02504 return rsbac_rc_sys_change_role(role); 02505 #else 02506 return (-RSBAC_EINVALIDMODULE); 02507 #endif 02508 }

int sys_rsbac_rc_copy_role ( rsbac_list_ta_number_t ta_number,

rsbac_rc_role_id_t from_role,

rsbac_rc_role_id_t to_role

)

Definition at line 2285 of file syscalls.c.
References RC_role_max_value, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), and rsbac_rc_sys_copy_role().
Referenced by sys_rsbac().
02289 { 02290 #if defined(CONFIG_RSBAC_RC) 02291 if( (from_role > RC_role_max_value) 02292 || (from_role > RC_role_max_value)) 02293 return(-RSBAC_EINVALIDVALUE); 02294 #ifdef CONFIG_RSBAC_DEBUG 02295 if (rsbac_debug_aef_rc) 02296 rsbac_printk(KERN_DEBUG 02297 "sys_rsbac_rc_copy_role(): from %i, to %i!\n", 02298 from_role, to_role); 02299 #endif 02300 #ifdef CONFIG_RSBAC_FREEZE 02301 if(rsbac_freeze) 02302 { 02303 rsbac_printk(KERN_WARNING 02304 "sys_rsbac_rc_copy_role(): RSBAC configuration frozen, no administration allowed!\n"); 02305 return -EPERM; 02306 } 02307 #endif 02308 02309 /* call rc function and return its result */ 02310 return(rsbac_rc_sys_copy_role(ta_number, from_role, to_role)); 02311 #else 02312 return (-RSBAC_EINVALIDMODULE); 02313 #endif 02314 }

int sys_rsbac_rc_copy_type ( rsbac_list_ta_number_t ta_number,

enum rsbac_rc_target_t target,

rsbac_rc_type_id_t from_type,

rsbac_rc_type_id_t to_type

)

Definition at line 2316 of file syscalls.c.
References RC_type_max_value, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), and rsbac_rc_sys_copy_type().
Referenced by sys_rsbac().
02321 { 02322 #if defined(CONFIG_RSBAC_RC) 02323 if( (from_type > RC_type_max_value) 02324 || (from_type > RC_type_max_value)) 02325 return(-RSBAC_EINVALIDVALUE); 02326 #ifdef CONFIG_RSBAC_DEBUG 02327 if (rsbac_debug_aef_rc) 02328 rsbac_printk(KERN_DEBUG 02329 "sys_rsbac_rc_copy_type(): from %i, to %i!\n", 02330 from_type, to_type); 02331 #endif 02332 #ifdef CONFIG_RSBAC_FREEZE 02333 if(rsbac_freeze) 02334 { 02335 rsbac_printk(KERN_WARNING 02336 "sys_rsbac_rc_copy_type(): RSBAC configuration frozen, no administration allowed!\n"); 02337 return -EPERM; 02338 } 02339 #endif 02340 02341 /* call rc function and return its result */ 02342 return(rsbac_rc_sys_copy_type(ta_number, target, from_type, to_type)); 02343 #else 02344 return (-RSBAC_EINVALIDMODULE); 02345 #endif 02346 }

int sys_rsbac_rc_get_current_role ( rsbac_rc_role_id_t * role_p )

Definition at line 2676 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, and rsbac_rc_sys_get_current_role().
Referenced by sys_rsbac().
02677 { 02678 #if defined(CONFIG_RSBAC_RC) 02679 rsbac_rc_role_id_t k_role; 02680 int err; 02681 02682 if(!role_p) 02683 return(-RSBAC_EINVALIDPOINTER); 02684 /* call rc function and return its result */ 02685 err = rsbac_rc_sys_get_current_role(&k_role); 02686 if(!err) 02687 { 02688 err = rsbac_put_user((u_char *) &k_role, (u_char *) role_p, sizeof(k_role) ); 02689 } 02690 return err; 02691 #else 02692 return (-RSBAC_EINVALIDMODULE); 02693 #endif 02694 }

int sys_rsbac_rc_get_eff_rights_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

char * t_name,

rsbac_rc_request_vector_t * request_vector_p,

rsbac_time_t * ttl_p

)

Definition at line 2511 of file syscalls.c.
References D_block, D_char, rsbac_target_id_t::dev, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_rc_sys_get_eff_rights(), T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
02517 { 02518 #if defined(CONFIG_RSBAC_RC) 02519 struct dentry * t_dentry; 02520 int err = 0; 02521 rsbac_rc_request_vector_t k_req_vec; 02522 rsbac_time_t k_ttl; 02523 union rsbac_target_id_t tid; 02524 02525 struct nameidata nd; 02526 02527 if(!t_name || (target >= T_NONE)) 02528 return(-RSBAC_EINVALIDTARGET); 02529 02530 if ((err = user_path_walk_link(t_name, &nd))) 02531 { 02532 #ifdef CONFIG_RSBAC_DEBUG 02533 if (rsbac_debug_aef_rc) 02534 rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): call to user_path_walk_link() returned %i\n", err); 02535 #endif 02536 goto out; 02537 } 02538 t_dentry = nd.dentry; 02539 if (!t_dentry->d_inode) 02540 { 02541 err = -RSBAC_EINVALIDTARGET; 02542 goto out_dput; 02543 } 02544 02545 switch (target) 02546 { 02547 case T_FD: 02548 if(S_ISREG(t_dentry->d_inode->i_mode)) 02549 { 02550 target = T_FILE; 02551 } 02552 else 02553 if(S_ISDIR(t_dentry->d_inode->i_mode)) 02554 { 02555 target = T_DIR; 02556 } 02557 else 02558 if(S_ISLNK(t_dentry->d_inode->i_mode)) 02559 { 02560 target = T_SYMLINK; 02561 } 02562 else 02563 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 02564 { 02565 target = T_FIFO; 02566 } 02567 else 02568 if(S_ISBLK(t_dentry->d_inode->i_mode)) 02569 { 02570 target = T_FILE; 02571 } 02572 else 02573 if(S_ISCHR(t_dentry->d_inode->i_mode)) 02574 { 02575 target = T_FILE; 02576 } 02577 else 02578 { 02579 #ifdef CONFIG_RSBAC_DEBUG 02580 if (rsbac_debug_aef) 02581 rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): no filesystem object\n"); 02582 #endif 02583 err = -RSBAC_EINVALIDTARGET; 02584 goto out_dput; 02585 } 02586 break; 02587 02588 case T_FILE: 02589 /* is inode of type file, symlink or block/char device? */ 02590 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 02591 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 02592 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 02593 { /* This is no file or device */ 02594 err = -RSBAC_EINVALIDTARGET; 02595 goto out_dput; 02596 } 02597 break; 02598 02599 case T_DIR: 02600 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 02601 { /* This is no file */ 02602 err = -RSBAC_EINVALIDTARGET; 02603 goto out_dput; 02604 } 02605 break; 02606 02607 case T_FIFO: 02608 /* is inode of type fifo? */ 02609 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 02610 { /* This is no file or device */ 02611 err = -RSBAC_EINVALIDTARGET; 02612 goto out_dput; 02613 } 02614 break; 02615 02616 case T_SYMLINK: 02617 /* is inode of type symlink? */ 02618 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 02619 { /* This is no file or device */ 02620 err = -RSBAC_EINVALIDTARGET; 02621 goto out_dput; 02622 } 02623 break; 02624 02625 case T_DEV: 02626 /* is inode of type block/char device? */ 02627 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 02628 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 02629 { /* This is no dev */ 02630 err = -RSBAC_EINVALIDTARGET; 02631 goto out_dput; 02632 } 02633 break; 02634 02635 default: 02636 err = -RSBAC_EINVALIDTARGET; 02637 goto out_dput; 02638 } 02639 02640 if(target == T_DEV) 02641 { 02642 if(S_ISBLK(t_dentry->d_inode->i_mode)) 02643 tid.dev.type = D_block; 02644 else 02645 tid.dev.type = D_char; 02646 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 02647 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 02648 } 02649 else 02650 { 02651 /* fill target id and call internal function */ 02652 tid.file.device = t_dentry->d_sb->s_dev; 02653 tid.file.inode = t_dentry->d_inode->i_ino; 02654 tid.file.dentry_p = t_dentry; 02655 } 02656 err = rsbac_rc_sys_get_eff_rights(ta_number, target, tid, &k_req_vec, &k_ttl); 02657 /* put result value to user space */ 02658 if(!err) 02659 { 02660 err = rsbac_put_user((u_char *) &k_req_vec, (u_char *) request_vector_p, sizeof(k_req_vec) ); 02661 if(!err && ttl_p) 02662 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) ); 02663 } 02664 02665 out_dput: 02666 path_release(&nd); 02667 02668 out: 02669 return(err); 02670 #else 02671 return (-RSBAC_EINVALIDMODULE); 02672 #endif 02673 }

int sys_rsbac_rc_get_item ( rsbac_list_ta_number_t ta_number,

enum rsbac_rc_target_t target,

union rsbac_rc_target_id_t * tid_p,

union rsbac_rc_target_id_t * subtid_p,

enum rsbac_rc_item_t item,

union rsbac_rc_item_value_t * value_p,

rsbac_time_t * ttl_p

)

Definition at line 2349 of file syscalls.c.
References RI_none, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_rc_sys_get_item(), and RT_NONE.
Referenced by sys_rsbac().
02357 { 02358 #if defined(CONFIG_RSBAC_RC) 02359 union rsbac_rc_target_id_t k_tid; 02360 union rsbac_rc_target_id_t k_subtid; 02361 union rsbac_rc_item_value_t k_value; 02362 rsbac_time_t k_ttl; 02363 int err = 0; 02364 02365 if( (target >= RT_NONE) 02366 || (item >= RI_none)) 02367 return(-RSBAC_EINVALIDVALUE); 02368 /* get values from user space */ 02369 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) ); 02370 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) ); 02371 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) ); 02372 #ifdef CONFIG_RSBAC_DEBUG 02373 if (rsbac_debug_aef_rc) 02374 rsbac_printk(KERN_DEBUG 02375 "sys_rsbac_rc_get_item(): target %i, item %i!\n", 02376 target, item); 02377 #endif 02378 /* call rc function and return its result */ 02379 err = rsbac_rc_sys_get_item(ta_number, target, k_tid, k_subtid, 02380 item, &k_value, &k_ttl); 02381 /* put result value to user space */ 02382 if(!err) 02383 { 02384 err = rsbac_put_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) ); 02385 if(!err && ttl_p) 02386 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) ); 02387 } 02388 return (err); 02389 #else 02390 return (-RSBAC_EINVALIDMODULE); 02391 #endif 02392 }

int sys_rsbac_rc_get_list ( rsbac_list_ta_number_t ta_number,

enum rsbac_rc_target_t target,

union rsbac_rc_target_id_t * tid_p,

enum rsbac_rc_item_t item,

u_int maxnum,

__u32 * array_p,

rsbac_time_t * ttl_array_p

)

Definition at line 2439 of file syscalls.c.
References NULL, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_rc_get_list(), and rsbac_vfree.
Referenced by sys_rsbac().
02447 { 02448 #if defined(CONFIG_RSBAC_RC) 02449 union rsbac_rc_target_id_t k_tid; 02450 int err; 02451 02452 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) ); 02453 if(array_p) 02454 { 02455 __u32 * k_array_p; 02456 rsbac_time_t * k_ttl_array_p; 02457 02458 if(!maxnum) 02459 return -RSBAC_EINVALIDVALUE; 02460 /* call rc function and return its result */ 02461 err = rsbac_rc_get_list(ta_number, target, k_tid, item, 02462 &k_array_p, &k_ttl_array_p); 02463 /* put result value to user space */ 02464 if(err > 0) 02465 { 02466 int tmperr; 02467 02468 if(err > maxnum) 02469 err = maxnum; 02470 tmperr = rsbac_put_user((u_char *) k_array_p, (u_char *) array_p, err * sizeof(*k_array_p) ); 02471 if(tmperr) 02472 err = tmperr; 02473 rsbac_vfree(k_array_p); 02474 if(k_ttl_array_p && ttl_array_p) 02475 { 02476 tmperr = rsbac_put_user((u_char *) k_ttl_array_p, (u_char *) ttl_array_p, err * sizeof(*k_ttl_array_p) ); 02477 if(tmperr) 02478 err = tmperr; 02479 } 02480 rsbac_vfree(k_ttl_array_p); 02481 } 02482 return (err); 02483 } 02484 else 02485 return rsbac_rc_get_list(ta_number, target, k_tid, item, NULL, NULL); 02486 #else 02487 return (-RSBAC_EINVALIDMODULE); 02488 #endif 02489 };

int sys_rsbac_rc_set_item ( rsbac_list_ta_number_t ta_number,

enum rsbac_rc_target_t target,

union rsbac_rc_target_id_t * tid_p,

union rsbac_rc_target_id_t * subtid_p,

enum rsbac_rc_item_t item,

union rsbac_rc_item_value_t * value_p,

rsbac_time_t ttl

)

Definition at line 2395 of file syscalls.c.
References RI_none, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_rc_sys_set_item(), and RT_NONE.
Referenced by sys_rsbac().
02403 { 02404 #if defined(CONFIG_RSBAC_RC) 02405 union rsbac_rc_target_id_t k_tid; 02406 union rsbac_rc_target_id_t k_subtid; 02407 union rsbac_rc_item_value_t k_value; 02408 02409 if( (target >= RT_NONE) 02410 || (item >= RI_none)) 02411 return(-RSBAC_EINVALIDVALUE); 02412 02413 #ifdef CONFIG_RSBAC_FREEZE 02414 if(rsbac_freeze) 02415 { 02416 rsbac_printk(KERN_WARNING 02417 "sys_rsbac_rc_set_item(): RSBAC configuration frozen, no administration allowed!\n"); 02418 return -EPERM; 02419 } 02420 #endif 02421 02422 /* get values from user space */ 02423 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) ); 02424 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) ); 02425 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) ); 02426 #ifdef CONFIG_RSBAC_DEBUG 02427 if (rsbac_debug_aef_rc) 02428 rsbac_printk(KERN_DEBUG 02429 "sys_rsbac_rc_set_item(): target %i, item %i!\n", 02430 target, item); 02431 #endif 02432 /* call rc function and return its result */ 02433 return rsbac_rc_sys_set_item(ta_number, target, k_tid, k_subtid, item, k_value, ttl); 02434 #else 02435 return (-RSBAC_EINVALIDMODULE); 02436 #endif 02437 }

int sys_rsbac_reg ( rsbac_reg_handle_t handle,

void * arg

)

Definition at line 3159 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_reg_syscall().
Referenced by sys_rsbac().
03161 { 03162 #if defined(CONFIG_RSBAC_REG) 03163 return rsbac_reg_syscall(handle, arg); 03164 #else 03165 return (-RSBAC_EINVALIDMODULE); 03166 #endif 03167 }

int sys_rsbac_remove_target ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

union rsbac_target_id_t * tid

)

Definition at line 843 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_ta_remove_target(), and T_NONE.
Referenced by sys_rsbac().
00847 { 00848 union rsbac_target_id_t k_tid; 00849 int err = 0; 00850 00851 /* for adf_request */ 00852 union rsbac_attribute_value_t rsbac_attribute_value; 00853 00854 if(!tid || (target >= T_NONE)) 00855 return(-RSBAC_EINVALIDTARGET); 00856 00857 #ifdef CONFIG_RSBAC_FREEZE 00858 if(rsbac_freeze) 00859 { 00860 rsbac_printk(KERN_WARNING 00861 "sys_rsbac_remove_target(): RSBAC configuration frozen, no administration allowed!\n"); 00862 return -EPERM; 00863 } 00864 #endif 00865 00866 /* get values from user space */ 00867 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 00868 00869 /* call ADF */ 00870 #ifdef CONFIG_RSBAC_DEBUG 00871 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target(): calling ADF\n"); 00872 #endif 00873 rsbac_attribute_value.dummy = 0; 00874 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 00875 current->pid, 00876 target, 00877 k_tid, 00878 A_none, 00879 rsbac_attribute_value)) 00880 { 00881 return -EPERM; 00882 } 00883 err = rsbac_ta_remove_target(ta_number, target, k_tid); 00884 return (err); 00885 } /* end of sys_rsbac_remove_target() */

int sys_rsbac_remove_target_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

char * t_name

)

Definition at line 887 of file syscalls.c.
References A_none, D_block, D_char, rsbac_target_id_t::dev, rsbac_attribute_value_t::dummy, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_ta_remove_target(), T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
00891 { 00892 struct dentry * t_dentry; 00893 int err = 0; 00894 union rsbac_target_id_t tid; 00895 00896 /* for adf_request */ 00897 union rsbac_attribute_value_t rsbac_attribute_value; 00898 00899 /* struct passwd * user_description_p; */ 00900 00901 struct nameidata nd; 00902 00903 if(!t_name || (target >= T_NONE)) 00904 return(-RSBAC_EINVALIDTARGET); 00905 00906 #ifdef CONFIG_RSBAC_FREEZE 00907 if(rsbac_freeze) 00908 { 00909 rsbac_printk(KERN_WARNING 00910 "sys_rsbac_remove_target_n(): RSBAC configuration frozen, no administration allowed!\n"); 00911 return -EPERM; 00912 } 00913 #endif 00914 00915 /* lookup filename */ 00916 if ((err = user_path_walk_link(t_name, &nd))) 00917 { 00918 #ifdef CONFIG_RSBAC_DEBUG 00919 if (rsbac_debug_aef) 00920 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): call to user_path_walk_link() returned %i\n", err); 00921 #endif 00922 goto out; 00923 } 00924 t_dentry = nd.dentry; 00925 if (!t_dentry->d_inode) 00926 { 00927 #ifdef CONFIG_RSBAC_DEBUG 00928 if (rsbac_debug_aef) 00929 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): file not found\n"); 00930 #endif 00931 err = -RSBAC_EINVALIDTARGET; 00932 goto out_dput; 00933 } 00934 00935 switch (target) 00936 { 00937 /* is inode of right type? */ 00938 case T_FD: 00939 if(S_ISREG(t_dentry->d_inode->i_mode)) 00940 { 00941 target = T_FILE; 00942 } 00943 else 00944 if(S_ISDIR(t_dentry->d_inode->i_mode)) 00945 { 00946 target = T_DIR; 00947 } 00948 else 00949 if(S_ISLNK(t_dentry->d_inode->i_mode)) 00950 { 00951 target = T_SYMLINK; 00952 } 00953 else 00954 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 00955 { 00956 target = T_FIFO; 00957 } 00958 else 00959 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00960 { 00961 target = T_FILE; 00962 } 00963 else 00964 if(S_ISCHR(t_dentry->d_inode->i_mode)) 00965 { 00966 target = T_FILE; 00967 } 00968 else 00969 { 00970 #ifdef CONFIG_RSBAC_DEBUG 00971 if (rsbac_debug_aef) 00972 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no filesystem object\n"); 00973 #endif 00974 err = -RSBAC_EINVALIDTARGET; 00975 goto out_dput; 00976 } 00977 break; 00978 00979 case T_FILE: 00980 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 00981 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 00982 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00983 { 00984 #ifdef CONFIG_RSBAC_DEBUG 00985 if (rsbac_debug_aef) 00986 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no file\n"); 00987 #endif 00988 err = -RSBAC_EINVALIDTARGET; 00989 goto out_dput; 00990 } 00991 break; 00992 00993 case T_DIR: 00994 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 00995 { 00996 #ifdef CONFIG_RSBAC_DEBUG 00997 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n"); 00998 #endif 00999 err = -RSBAC_EINVALIDTARGET; 01000 goto out_dput; 01001 } 01002 break; 01003 01004 case T_FIFO: 01005 /* is inode of type fifo? */ 01006 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 01007 { 01008 #ifdef CONFIG_RSBAC_DEBUG 01009 if (rsbac_debug_aef) 01010 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no fifo\n"); 01011 #endif 01012 err = -RSBAC_EINVALIDTARGET; 01013 goto out_dput; 01014 } 01015 break; 01016 01017 case T_SYMLINK: 01018 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 01019 { 01020 #ifdef CONFIG_RSBAC_DEBUG 01021 if (rsbac_debug_aef) 01022 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no symlink\n"); 01023 #endif 01024 err = -RSBAC_EINVALIDTARGET; 01025 goto out_dput; 01026 } 01027 break; 01028 01029 case T_DEV: 01030 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 01031 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 01032 { 01033 #ifdef CONFIG_RSBAC_DEBUG 01034 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no dev\n"); 01035 #endif 01036 err = -RSBAC_EINVALIDTARGET; 01037 goto out_dput; 01038 } 01039 break; 01040 01041 default: 01042 err = -RSBAC_EINVALIDTARGET; 01043 goto out_dput; 01044 } 01045 01046 if(target == T_DEV) 01047 { 01048 if(S_ISBLK(t_dentry->d_inode->i_mode)) 01049 tid.dev.type = D_block; 01050 else 01051 tid.dev.type = D_char; 01052 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 01053 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 01054 } 01055 else 01056 { 01057 /* fill target id and call internal function */ 01058 tid.file.device = t_dentry->d_sb->s_dev; 01059 tid.file.inode = t_dentry->d_inode->i_ino; 01060 tid.file.dentry_p = t_dentry; 01061 } 01062 /* call ADF */ 01063 #ifdef CONFIG_RSBAC_DEBUG 01064 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): calling ADF\n"); 01065 #endif 01066 rsbac_attribute_value.dummy = 0; 01067 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 01068 current->pid, 01069 target, 01070 tid, 01071 A_none, 01072 rsbac_attribute_value)) 01073 { 01074 err = -EPERM; 01075 } 01076 else 01077 { 01078 err = rsbac_ta_remove_target(ta_number, target, tid); 01079 } 01080 01081 out_dput: 01082 path_release(&nd); 01083 01084 out: 01085 return(err); 01086 } /* end of sys_rsbac_remove_target_n() */

int sys_rsbac_set_attr ( rsbac_list_ta_number_t ta_number,

enum rsbac_switch_target_t module,

enum rsbac_target_t target,

union rsbac_target_id_t * tid,

enum rsbac_attribute_t attr,

union rsbac_attribute_value_t * value

)

Definition at line 534 of file syscalls.c.
References A_none, get_attr_module(), R_MODIFY_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_ta_set_attr(), SW_NONE, T_NETOBJ, T_NONE, and T_PROCESS.
Referenced by sys_rsbac().
00541 { 00542 union rsbac_target_id_t k_tid; 00543 union rsbac_attribute_value_t k_value; 00544 int err = 0; 00545 struct task_struct * task_p; 00546 00547 if(module > SW_NONE) 00548 return(-RSBAC_EINVALIDMODULE); 00549 if(!tid || (target >= T_NONE)) 00550 return(-RSBAC_EINVALIDTARGET); 00551 if(!value) 00552 return(-RSBAC_EINVALIDVALUE); 00553 if(attr >= A_none) 00554 return(-RSBAC_EINVALIDATTR); 00555 00556 if(module == SW_NONE) 00557 { 00558 module = get_attr_module(attr); 00559 if(module == SW_NONE) 00560 return(-RSBAC_EINVALIDMODULE); 00561 } 00562 #ifdef CONFIG_RSBAC_FREEZE 00563 if(rsbac_freeze) 00564 { 00565 rsbac_printk(KERN_WARNING 00566 "sys_rsbac_set_attr(): RSBAC configuration frozen, no administration allowed!\n"); 00567 return -EPERM; 00568 } 00569 #endif 00570 00571 /* get values from user space */ 00572 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 00573 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00574 00575 00576 switch(target) 00577 { 00578 case T_PROCESS: 00579 read_lock(&tasklist_lock); 00580 task_p = find_task_by_pid(k_tid.process); 00581 read_unlock(&tasklist_lock); 00582 if(!task_p) 00583 return(-RSBAC_EINVALIDTARGET); 00584 break; 00585 00586 #ifdef CONFIG_RSBAC_NET_OBJ 00587 /* sanity check before using pointer */ 00588 case T_NETOBJ: 00589 if( !k_tid.netobj.sock_p 00590 || k_tid.netobj.remote_addr 00591 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00592 || !k_tid.netobj.sock_p->file 00593 || !k_tid.netobj.sock_p->file->f_dentry 00594 || !k_tid.netobj.sock_p->file->f_dentry->d_inode 00595 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p) 00596 #else 00597 || !k_tid.netobj.sock_p->inode 00598 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p) 00599 #endif 00600 ) 00601 return -RSBAC_EINVALIDTARGET; 00602 #endif 00603 00604 00605 default: 00606 break; 00607 } 00608 00609 /* call ADF */ 00610 #ifdef CONFIG_RSBAC_DEBUG 00611 if (rsbac_debug_aef) 00612 rsbac_printk(KERN_DEBUG 00613 "sys_rsbac_set_attr(): calling ADF\n"); 00614 #endif 00615 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 00616 current->pid, 00617 target, 00618 k_tid, 00619 attr, 00620 k_value)) 00621 { 00622 return -EPERM; 00623 } 00624 err = rsbac_ta_set_attr(ta_number, module, target, k_tid, attr, k_value); 00625 return err; 00626 } /* end of sys_rsbac_set_attr() */

int sys_rsbac_set_attr_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_switch_target_t module,

enum rsbac_target_t target,

char * t_name,

enum rsbac_attribute_t attr,

union rsbac_attribute_value_t * value

)

Definition at line 628 of file syscalls.c.
References A_none, D_block, D_char, rsbac_target_id_t::dev, get_attr_module(), rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_ta_set_attr(), SW_NONE, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
00635 { 00636 struct dentry * t_dentry; 00637 int err = 0; 00638 union rsbac_attribute_value_t k_value; 00639 union rsbac_target_id_t tid; 00640 struct nameidata nd; 00641 00642 if(module > SW_NONE) 00643 return(-RSBAC_EINVALIDMODULE); 00644 if(!t_name || (target >= T_NONE)) 00645 return(-RSBAC_EINVALIDTARGET); 00646 if(!value) 00647 return(-RSBAC_EINVALIDVALUE); 00648 if(attr >= A_none) 00649 return(-RSBAC_EINVALIDATTR); 00650 00651 if(module == SW_NONE) 00652 { 00653 module = get_attr_module(attr); 00654 if(module == SW_NONE) 00655 return(-RSBAC_EINVALIDMODULE); 00656 } 00657 00658 #ifdef CONFIG_RSBAC_FREEZE 00659 if(rsbac_freeze) 00660 { 00661 rsbac_printk(KERN_WARNING 00662 "sys_rsbac_set_attr_n(): RSBAC configuration frozen, no administration allowed!\n"); 00663 return -EPERM; 00664 } 00665 #endif 00666 /* get values from user space */ 00667 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00668 00669 /* lookup filename */ 00670 if ((err = user_path_walk_link(t_name, &nd))) 00671 { 00672 #ifdef CONFIG_RSBAC_DEBUG 00673 if (rsbac_debug_aef) 00674 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): call to user_path_walk_link() returned %i\n", err); 00675 #endif 00676 goto out; 00677 } 00678 t_dentry = nd.dentry; 00679 if (!t_dentry->d_inode) 00680 { 00681 #ifdef CONFIG_RSBAC_DEBUG 00682 if (rsbac_debug_aef) 00683 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): file not found\n"); 00684 #endif 00685 err = -RSBAC_EINVALIDTARGET; 00686 goto out_dput; 00687 } 00688 00689 switch (target) 00690 { 00691 /* is inode of right type? */ 00692 case T_FD: 00693 if(S_ISREG(t_dentry->d_inode->i_mode)) 00694 { 00695 target = T_FILE; 00696 } 00697 else 00698 if(S_ISDIR(t_dentry->d_inode->i_mode)) 00699 { 00700 target = T_DIR; 00701 } 00702 else 00703 if(S_ISLNK(t_dentry->d_inode->i_mode)) 00704 { 00705 target = T_SYMLINK; 00706 } 00707 else 00708 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 00709 { 00710 target = T_FIFO; 00711 } 00712 else 00713 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00714 { 00715 target = T_FILE; 00716 } 00717 else 00718 if(S_ISCHR(t_dentry->d_inode->i_mode)) 00719 { 00720 target = T_FILE; 00721 } 00722 else 00723 { 00724 #ifdef CONFIG_RSBAC_DEBUG 00725 if (rsbac_debug_aef) 00726 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no filesystem object\n"); 00727 #endif 00728 err = -RSBAC_EINVALIDTARGET; 00729 goto out_dput; 00730 } 00731 break; 00732 00733 case T_FILE: 00734 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 00735 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 00736 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00737 { 00738 #ifdef CONFIG_RSBAC_DEBUG 00739 if (rsbac_debug_aef) 00740 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no file\n"); 00741 #endif 00742 err = -RSBAC_EINVALIDTARGET; 00743 goto out_dput; 00744 } 00745 break; 00746 00747 case T_DIR: 00748 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 00749 { 00750 #ifdef CONFIG_RSBAC_DEBUG 00751 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n"); 00752 #endif 00753 err = -RSBAC_EINVALIDTARGET; 00754 goto out_dput; 00755 } 00756 break; 00757 00758 case T_FIFO: 00759 /* is inode of type fifo? */ 00760 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 00761 { 00762 #ifdef CONFIG_RSBAC_DEBUG 00763 if (rsbac_debug_aef) 00764 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no fifo\n"); 00765 #endif 00766 err = -RSBAC_EINVALIDTARGET; 00767 goto out_dput; 00768 } 00769 break; 00770 00771 case T_SYMLINK: 00772 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 00773 { 00774 #ifdef CONFIG_RSBAC_DEBUG 00775 if (rsbac_debug_aef) 00776 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no symlink\n"); 00777 #endif 00778 err = -RSBAC_EINVALIDTARGET; 00779 goto out_dput; 00780 } 00781 break; 00782 00783 case T_DEV: 00784 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 00785 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00786 { 00787 #ifdef CONFIG_RSBAC_DEBUG 00788 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no dev\n"); 00789 #endif 00790 err = -RSBAC_EINVALIDTARGET; 00791 goto out_dput; 00792 } 00793 break; 00794 00795 default: 00796 err = -RSBAC_EINVALIDTARGET; 00797 goto out_dput; 00798 } 00799 00800 if(target == T_DEV) 00801 { 00802 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00803 tid.dev.type = D_block; 00804 else 00805 tid.dev.type = D_char; 00806 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 00807 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 00808 } 00809 else 00810 { 00811 /* fill target id and call internal function */ 00812 tid.file.device = t_dentry->d_sb->s_dev; 00813 tid.file.inode = t_dentry->d_inode->i_ino; 00814 tid.file.dentry_p = t_dentry; 00815 } 00816 /* call ADF */ 00817 #ifdef CONFIG_RSBAC_DEBUG 00818 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): calling ADF\n"); 00819 #endif 00820 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 00821 current->pid, 00822 target, 00823 tid, 00824 attr, 00825 k_value)) 00826 { 00827 err = -EPERM; 00828 } 00829 else 00830 { 00831 err = rsbac_ta_set_attr(ta_number, module, target, tid, attr, k_value); 00832 } 00833 00834 out_dput: 00835 path_release(&nd); 00836 00837 out: 00838 return(err); 00839 } /* end of sys_rsbac_set_attr_n() */

int sys_rsbac_stats ( void )

Definition at line 66 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), rsbac_printk(), rsbac_stats(), rsbac_target_id_t::scd, ST_rsbac, and T_SCD.
Referenced by sys_rsbac().
00067 { 00068 union rsbac_target_id_t rsbac_target_id; 00069 union rsbac_attribute_value_t rsbac_attribute_value; 00070 00071 #ifdef CONFIG_RSBAC_DEBUG 00072 if (rsbac_debug_aef) 00073 { 00074 rsbac_printk(KERN_DEBUG "sys_rsbac_stats(): calling ADF\n"); 00075 } 00076 #endif 00077 rsbac_target_id.scd = ST_rsbac; 00078 rsbac_attribute_value.dummy = 0; 00079 if (!rsbac_adf_request(R_GET_STATUS_DATA, 00080 current->pid, 00081 T_SCD, 00082 rsbac_target_id, 00083 A_none, 00084 rsbac_attribute_value)) 00085 { 00086 return -EPERM; 00087 } 00088 00089 return(rsbac_stats()); 00090 };

int sys_rsbac_stats_pm ( void )

Definition at line 2129 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), rsbac_printk(), rsbac_stats_pm(), rsbac_target_id_t::scd, ST_rsbac, and T_SCD.
Referenced by sys_rsbac().
02130 { 02131 #ifndef CONFIG_RSBAC_PM 02132 return (0); 02133 #else 02134 union rsbac_target_id_t rsbac_target_id; 02135 union rsbac_attribute_value_t rsbac_attribute_value; 02136 02137 #ifdef CONFIG_RSBAC_DEBUG 02138 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): calling ADF\n"); 02139 #endif 02140 rsbac_target_id.scd = ST_rsbac; 02141 rsbac_attribute_value.dummy = 0; 02142 if (!rsbac_adf_request(R_GET_STATUS_DATA, 02143 current->pid, 02144 T_SCD, 02145 rsbac_target_id, 02146 A_none, 02147 rsbac_attribute_value)) 02148 { 02149 return -EPERM; 02150 } 02151 02152 #ifdef CONFIG_RSBAC_DEBUG 02153 if (rsbac_debug_aef_pm) 02154 rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): getting RSBAC status!\n"); 02155 #endif 02156 return(rsbac_stats_pm()); 02157 #endif 02158 };

int sys_rsbac_switch ( enum rsbac_switch_target_t target,

int value

)

Definition at line 1485 of file syscalls.c.
References A_none, ACL, AUTH, CAP, DAC_DISABLE, DAZ, rsbac_attribute_value_t::dummy, rsbac_target_id_t::dummy, FF, FREEZE, get_switch_target_name(), JAIL, MAC, PAX, PM, R_MODIFY_PERMISSIONS_DATA, R_SWITCH_MODULE, RC, RES, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), SOFTMODE, SW_NONE, and T_NONE.
Referenced by sys_rsbac().
01486 { 01487 #if defined(CONFIG_RSBAC_SWITCH) || defined(CONFIG_RSBAC_SOFTMODE) 01488 union rsbac_target_id_t rsbac_target_id; 01489 union rsbac_attribute_value_t rsbac_attribute_value; 01490 char * switch_name; 01491 01492 /* call ADF */ 01493 if(target >= SW_NONE) 01494 return(-RSBAC_EINVALIDTARGET); 01495 if ( (value < 0) 01496 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01497 || (value > 3) 01498 #else 01499 || (value > 1) 01500 #endif 01501 ) 01502 return (-RSBAC_EINVALIDVALUE); 01503 01504 #ifdef CONFIG_RSBAC_SOFTMODE 01505 if( rsbac_softmode_prohibit 01506 && ( ( (value == 1) 01507 && (target == SOFTMODE) 01508 ) 01509 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01510 || (value == 3) 01511 #endif 01512 ) 01513 ) 01514 { 01515 rsbac_printk(KERN_WARNING 01516 "sys_rsbac_switch(): setting of softmode prohibited!\n"); 01517 return -EPERM; 01518 } 01519 #endif 01520 01521 #ifdef CONFIG_RSBAC_DEBUG 01522 if (rsbac_debug_aef) 01523 rsbac_printk(KERN_DEBUG "sys_rsbac_switch(): calling ADF\n"); 01524 #endif 01525 rsbac_target_id.dummy = 0; 01526 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE 01527 if(target == DAC_DISABLE) 01528 { 01529 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01530 if(value > 1) 01531 return -RSBAC_EINVALIDVALUE; 01532 #endif 01533 rsbac_attribute_value.dummy = 0; 01534 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA, 01535 current->pid, 01536 T_NONE, 01537 rsbac_target_id, 01538 A_none, 01539 rsbac_attribute_value)) 01540 { 01541 return -EPERM; 01542 } 01543 } 01544 else 01545 #endif 01546 { 01547 rsbac_attribute_value.switch_target = target; 01548 if (!rsbac_adf_request(R_SWITCH_MODULE, 01549 current->pid, 01550 T_NONE, 01551 rsbac_target_id, 01552 A_switch_target, 01553 rsbac_attribute_value)) 01554 { 01555 return -EPERM; 01556 } 01557 } 01558 01559 switch(value) 01560 { 01561 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01562 case 2: 01563 case 3: 01564 rsbac_ind_softmode[target] = value - 2; 01565 break; 01566 #endif 01567 01568 default: 01569 switch (target) 01570 { 01571 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL 01572 case DAC_DISABLE: rsbac_dac_disable = value; 01573 break; 01574 #endif 01575 #ifdef CONFIG_RSBAC_SOFTMODE 01576 case SOFTMODE: rsbac_softmode = value; 01577 break; 01578 #endif 01579 #ifdef CONFIG_RSBAC_FREEZE 01580 case FREEZE: 01581 if(rsbac_freeze) 01582 { 01583 rsbac_printk(KERN_WARNING 01584 "sys_rsbac_switch(): RSBAC configuration frozen, no administration allowed!\n"); 01585 return -EPERM; 01586 } 01587 rsbac_freeze = value; 01588 break; 01589 #endif 01590 #ifdef CONFIG_RSBAC_SWITCH_MAC 01591 case MAC: 01592 #ifndef CONFIG_RSBAC_SWITCH_ON 01593 if(value) 01594 return -RSBAC_EINVALIDMODULE; 01595 #endif 01596 rsbac_switch_mac = value; 01597 break; 01598 #endif 01599 #ifdef CONFIG_RSBAC_SWITCH_PM 01600 case PM: 01601 #ifndef CONFIG_RSBAC_SWITCH_ON 01602 if(value) 01603 return -RSBAC_EINVALIDMODULE; 01604 #endif 01605 rsbac_switch_pm = value; 01606 break; 01607 #endif 01608 #ifdef CONFIG_RSBAC_SWITCH_DAZ 01609 case DAZ: 01610 rsbac_switch_daz = value; 01611 break; 01612 #endif 01613 #ifdef CONFIG_RSBAC_SWITCH_FF 01614 case FF: 01615 rsbac_switch_ff = value; 01616 break; 01617 #endif 01618 #ifdef CONFIG_RSBAC_SWITCH_RC 01619 case RC: 01620 #ifndef CONFIG_RSBAC_SWITCH_ON 01621 if(value) 01622 return -RSBAC_EINVALIDMODULE; 01623 #endif 01624 rsbac_switch_rc = value; 01625 break; 01626 #endif 01627 #ifdef CONFIG_RSBAC_SWITCH_AUTH 01628 case AUTH: 01629 rsbac_switch_auth = value; 01630 break; 01631 #endif 01632 #ifdef CONFIG_RSBAC_SWITCH_ACL 01633 case ACL: 01634 rsbac_switch_acl = value; 01635 break; 01636 #endif 01637 #ifdef CONFIG_RSBAC_SWITCH_CAP 01638 case CAP: 01639 rsbac_switch_cap = value; 01640 break; 01641 #endif 01642 #ifdef CONFIG_RSBAC_SWITCH_JAIL 01643 case JAIL: 01644 rsbac_switch_jail = value; 01645 break; 01646 #endif 01647 #ifdef CONFIG_RSBAC_SWITCH_RES 01648 case RES: 01649 rsbac_switch_res = value; 01650 break; 01651 #endif 01652 #ifdef CONFIG_RSBAC_SWITCH_PAX 01653 case PAX: 01654 rsbac_switch_pax = value; 01655 break; 01656 #endif 01657 default: 01658 return (-RSBAC_EINVALIDMODULE); 01659 } 01660 } 01661 01662 switch_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01663 if(switch_name) 01664 { 01665 int show_value = value; 01666 01667 get_switch_target_name(switch_name,target); 01668 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01669 switch(value) 01670 { 01671 case 2: 01672 case 3: 01673 strcat(switch_name, " softmode"); 01674 show_value -= 2; 01675 break; 01676 default: 01677 break; 01678 } 01679 #endif 01680 rsbac_printk(KERN_WARNING 01681 "sys_rsbac_switch(): user %u switched RSBAC module %s to %i!\n", 01682 current->uid, switch_name, show_value); 01683 rsbac_kfree(switch_name); 01684 } 01685 return 0; 01686 #else 01687 return -RSBAC_EINVALIDREQUEST; 01688 #endif /* SWITCH || SOFTMODE*/ 01689 }

int sys_rsbac_um_add_gm ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t user,

rsbac_gid_t group,

rsbac_time_t ttl

)

Definition at line 4965 of file syscalls.c.
References R_CHANGE_GROUP, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_add_gm(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
04970 { 04971 #if defined(CONFIG_RSBAC_UM) 04972 #ifndef CONFIG_RSBAC_MAINT 04973 union rsbac_target_id_t rsbac_target_id; 04974 union rsbac_attribute_value_t rsbac_attribute_value; 04975 #endif 04976 04977 #ifdef CONFIG_RSBAC_FREEZE_UM 04978 if(rsbac_freeze) 04979 { 04980 rsbac_printk(KERN_WARNING 04981 "sys_rsbac_um_add_gm(): RSBAC configuration frozen, no administration allowed!\n"); 04982 return -EPERM; 04983 } 04984 #endif 04985 04986 #ifndef CONFIG_RSBAC_MAINT 04987 #ifdef CONFIG_RSBAC_DEBUG 04988 if (rsbac_debug_aef) 04989 { 04990 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_gm(): calling ADF\n"); 04991 } 04992 #endif 04993 rsbac_target_id.user = user; 04994 rsbac_attribute_value.group = group; 04995 if (!rsbac_adf_request(R_CHANGE_GROUP, 04996 current->pid, 04997 T_USER, 04998 rsbac_target_id, 04999 A_group, 05000 rsbac_attribute_value)) 05001 { 05002 return -EPERM; 05003 } 05004 #endif /* MAINT */ 05005 05006 return rsbac_um_add_gm(ta_number, user, group, ttl); 05007 #else 05008 return (-RSBAC_EINVALIDMODULE); 05009 #endif 05010 }

int sys_rsbac_um_add_group ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t gid,

struct rsbac_um_group_entry_t * entry_p,

char * pass,

rsbac_time_t ttl

)

Definition at line 4851 of file syscalls.c.
References A_none, rsbac_target_id_t::dummy, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_CREATE, rsbac_adf_request(), rsbac_adf_set_attr(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDVALUE, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_add_group(), T_GROUP, and T_NONE.
Referenced by sys_rsbac().
04857 { 04858 #if defined(CONFIG_RSBAC_UM) 04859 int err; 04860 struct rsbac_um_group_entry_t * k_entry_p; 04861 char * k_pass; 04862 #ifndef CONFIG_RSBAC_MAINT 04863 union rsbac_target_id_t rsbac_target_id; 04864 union rsbac_target_id_t rsbac_new_target_id; 04865 union rsbac_attribute_value_t rsbac_attribute_value; 04866 #endif 04867 04868 if(!entry_p) 04869 return -RSBAC_EINVALIDPOINTER; 04870 04871 #ifdef CONFIG_RSBAC_FREEZE_UM 04872 if(rsbac_freeze) 04873 { 04874 rsbac_printk(KERN_WARNING 04875 "sys_rsbac_um_add_group(): RSBAC configuration frozen, no administration allowed!\n"); 04876 return -EPERM; 04877 } 04878 #endif 04879 04880 #ifndef CONFIG_RSBAC_MAINT 04881 #ifdef CONFIG_RSBAC_DEBUG 04882 if (rsbac_debug_aef) 04883 { 04884 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_group(): calling ADF\n"); 04885 } 04886 #endif 04887 rsbac_target_id.group = gid; 04888 rsbac_attribute_value.dummy = 0; 04889 if (!rsbac_adf_request(R_CREATE, 04890 current->pid, 04891 T_GROUP, 04892 rsbac_target_id, 04893 A_none, 04894 rsbac_attribute_value)) 04895 { 04896 return -EPERM; 04897 } 04898 #endif /* MAINT */ 04899 04900 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p)); 04901 if(!k_entry_p) 04902 return -RSBAC_ENOMEM; 04903 if(pass) 04904 { 04905 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 04906 if(!k_pass) 04907 { 04908 rsbac_kfree(k_entry_p); 04909 return -RSBAC_ENOMEM; 04910 } 04911 } 04912 else 04913 k_pass = NULL; 04914 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p)); 04915 if(err) 04916 goto out_free; 04917 if(!k_entry_p->name[0]) 04918 { 04919 err = -RSBAC_EINVALIDVALUE; 04920 goto out_free; 04921 } 04922 if(pass) 04923 { 04924 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN); 04925 if(err) 04926 goto out_free; 04927 k_pass[RSBAC_MAXNAMELEN-1] = 0; 04928 } 04929 err = rsbac_um_add_group(ta_number, &gid, k_entry_p, k_pass, ttl); 04930 04931 #ifndef CONFIG_RSBAC_MAINT 04932 /* RSBAC: notify ADF of new group */ 04933 if(!err) 04934 { 04935 rsbac_target_id.group = gid; 04936 rsbac_new_target_id.dummy = 0; 04937 if (rsbac_adf_set_attr(R_CREATE, 04938 current->pid, 04939 T_GROUP, 04940 rsbac_target_id, 04941 T_NONE, 04942 rsbac_new_target_id, 04943 A_none, 04944 rsbac_attribute_value)) 04945 { 04946 rsbac_printk(KERN_WARNING 04947 "sys_rsbac_um_add_group(): rsbac_adf_set_attr() returned error\n"); 04948 } 04949 } 04950 #endif 04951 04952 out_free: 04953 rsbac_kfree(k_entry_p); 04954 if(k_pass) 04955 { 04956 memset(k_pass, 0, RSBAC_MAXNAMELEN); 04957 rsbac_kfree(k_pass); 04958 } 04959 return err; 04960 #else 04961 return (-RSBAC_EINVALIDMODULE); 04962 #endif 04963 }

int sys_rsbac_um_add_user ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t uid,

struct rsbac_um_user_entry_t * entry_p,

char * pass,

rsbac_time_t ttl

)

Definition at line 4737 of file syscalls.c.
References A_none, rsbac_target_id_t::dummy, rsbac_attribute_value_t::dummy, NULL, R_CREATE, rsbac_adf_request(), rsbac_adf_set_attr(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDVALUE, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_add_user(), T_NONE, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
04743 { 04744 #if defined(CONFIG_RSBAC_UM) 04745 int err; 04746 struct rsbac_um_user_entry_t * k_entry_p; 04747 char * k_pass; 04748 #ifndef CONFIG_RSBAC_MAINT 04749 union rsbac_target_id_t rsbac_target_id; 04750 union rsbac_target_id_t rsbac_new_target_id; 04751 union rsbac_attribute_value_t rsbac_attribute_value; 04752 #endif 04753 04754 if(!entry_p) 04755 return -RSBAC_EINVALIDPOINTER; 04756 04757 #ifdef CONFIG_RSBAC_FREEZE_UM 04758 if(rsbac_freeze) 04759 { 04760 rsbac_printk(KERN_WARNING 04761 "sys_rsbac_um_add_user(): RSBAC configuration frozen, no administration allowed!\n"); 04762 return -EPERM; 04763 } 04764 #endif 04765 04766 #ifndef CONFIG_RSBAC_MAINT 04767 #ifdef CONFIG_RSBAC_DEBUG 04768 if (rsbac_debug_aef) 04769 { 04770 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_user(): calling ADF\n"); 04771 } 04772 #endif 04773 rsbac_target_id.user = uid; 04774 rsbac_attribute_value.dummy = 0; 04775 if (!rsbac_adf_request(R_CREATE, 04776 current->pid, 04777 T_USER, 04778 rsbac_target_id, 04779 A_none, 04780 rsbac_attribute_value)) 04781 { 04782 return -EPERM; 04783 } 04784 #endif /* MAINT */ 04785 04786 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p)); 04787 if(!k_entry_p) 04788 return -RSBAC_ENOMEM; 04789 if(pass) 04790 { 04791 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 04792 if(!k_pass) 04793 { 04794 rsbac_kfree(k_entry_p); 04795 return -RSBAC_ENOMEM; 04796 } 04797 } 04798 else 04799 k_pass = NULL; 04800 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p)); 04801 if(err) 04802 goto out_free; 04803 if(!k_entry_p->name[0]) 04804 { 04805 err = -RSBAC_EINVALIDVALUE; 04806 goto out_free; 04807 } 04808 if(pass) 04809 { 04810 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN); 04811 if(err) 04812 goto out_free; 04813 k_pass[RSBAC_MAXNAMELEN-1] = 0; 04814 } 04815 err = rsbac_um_add_user(ta_number, &uid, k_entry_p, k_pass, ttl); 04816 04817 #ifndef CONFIG_RSBAC_MAINT 04818 /* RSBAC: notify ADF of new user */ 04819 if(!err) 04820 { 04821 rsbac_target_id.user = uid; 04822 rsbac_new_target_id.dummy = 0; 04823 if (rsbac_adf_set_attr(R_CREATE, 04824 current->pid, 04825 T_USER, 04826 rsbac_target_id, 04827 T_NONE, 04828 rsbac_new_target_id, 04829 A_none, 04830 rsbac_attribute_value)) 04831 { 04832 rsbac_printk(KERN_WARNING 04833 "sys_rsbac_um_add_user(): rsbac_adf_set_attr() returned error\n"); 04834 } 04835 } 04836 #endif 04837 04838 out_free: 04839 rsbac_kfree(k_entry_p); 04840 if(k_pass) 04841 { 04842 memset(k_pass, 0, RSBAC_MAXNAMELEN); 04843 rsbac_kfree(k_pass); 04844 } 04845 return err; 04846 #else 04847 return (-RSBAC_EINVALIDMODULE); 04848 #endif 04849 }

int sys_rsbac_um_auth_name ( char * name,

char * pass

)

Definition at line 4599 of file syscalls.c.
References A_auth_last_auth, AUTH, rsbac_attribute_value_t::auth_last_auth, rsbac_target_id_t::process, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_set_attr, rsbac_um_check_pass(), rsbac_um_get_uid(), RSBAC_UM_NAME_LEN, and T_PROCESS.
Referenced by sys_rsbac().
04602 { 04603 #if defined(CONFIG_RSBAC_UM) 04604 rsbac_uid_t uid; 04605 int err; 04606 char * k_name; 04607 char * k_pass; 04608 union rsbac_target_id_t i_tid; 04609 union rsbac_attribute_value_t i_attr_val; 04610 #ifdef CONFIG_RSBAC_DEBUG 04611 if (rsbac_debug_aef_um) 04612 { 04613 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user\n"); 04614 } 04615 #endif 04616 if(!name || !pass) 04617 { 04618 #ifdef CONFIG_RSBAC_DEBUG 04619 if (rsbac_debug_aef_um) 04620 { 04621 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): NULL name or pass\n"); 04622 } 04623 #endif 04624 return -RSBAC_EINVALIDPOINTER; 04625 } 04626 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN); 04627 if(!k_name) 04628 return -RSBAC_ENOMEM; 04629 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 04630 if(!k_pass) 04631 { 04632 rsbac_kfree(k_name); 04633 return -RSBAC_ENOMEM; 04634 } 04635 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 04636 if(err) 04637 goto out_free; 04638 k_name[RSBAC_UM_NAME_LEN-1] = 0; 04639 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN); 04640 if(err) 04641 goto out_free; 04642 k_pass[RSBAC_MAXNAMELEN-1] = 0; 04643 #if 0 04644 #ifdef CONFIG_RSBAC_DEBUG 04645 if (rsbac_debug_aef_um) 04646 { 04647 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user %s with pass %s\n", 04648 k_name, k_pass); 04649 } 04650 #endif 04651 #endif 04652 err = rsbac_um_get_uid(0, k_name, &uid); 04653 if(err) 04654 goto out_free; 04655 04656 err = rsbac_um_check_pass(uid, k_pass); 04657 if(err) 04658 goto out_free; 04659 04660 #ifdef CONFIG_RSBAC_AUTH 04661 /* set auth_last_auth for this process */ 04662 i_tid.process = current->pid; 04663 i_attr_val.auth_last_auth = uid; 04664 if (rsbac_set_attr(AUTH, 04665 T_PROCESS, 04666 i_tid, 04667 A_auth_last_auth, 04668 i_attr_val)) 04669 { 04670 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth); 04671 } 04672 #endif /* AUTH */ 04673 04674 out_free: 04675 rsbac_kfree(k_name); 04676 memset(k_pass, 0, RSBAC_MAXNAMELEN); 04677 rsbac_kfree(k_pass); 04678 return err; 04679 #else 04680 return (-RSBAC_EINVALIDMODULE); 04681 #endif 04682 }

int sys_rsbac_um_auth_uid ( rsbac_uid_t uid,

char * pass

)

Definition at line 4684 of file syscalls.c.
References A_auth_last_auth, AUTH, rsbac_attribute_value_t::auth_last_auth, rsbac_target_id_t::process, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_set_attr, rsbac_um_check_pass(), and T_PROCESS.
Referenced by sys_rsbac().
04686 { 04687 #if defined(CONFIG_RSBAC_UM) 04688 int err; 04689 char * k_pass; 04690 union rsbac_target_id_t i_tid; 04691 union rsbac_attribute_value_t i_attr_val; 04692 04693 if(!pass) 04694 return -RSBAC_EINVALIDPOINTER; 04695 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 04696 if(!k_pass) 04697 return -RSBAC_ENOMEM; 04698 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN); 04699 if(err) 04700 goto out_free; 04701 k_pass[RSBAC_MAXNAMELEN-1] = 0; 04702 04703 #ifdef CONFIG_RSBAC_DEBUG 04704 if (rsbac_debug_aef_um) 04705 { 04706 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_uid(): authenticating user %u with pass %s\n", 04707 uid, k_pass); 04708 } 04709 #endif 04710 err = rsbac_um_check_pass(uid, k_pass); 04711 if(err) 04712 goto out_free; 04713 04714 #ifdef CONFIG_RSBAC_AUTH 04715 /* set auth_last_auth for this process */ 04716 i_tid.process = current->pid; 04717 i_attr_val.auth_last_auth = uid; 04718 if (rsbac_set_attr(AUTH, 04719 T_PROCESS, 04720 i_tid, 04721 A_auth_last_auth, 04722 i_attr_val)) 04723 { 04724 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth); 04725 } 04726 #endif /* AUTH */ 04727 04728 out_free: 04729 memset(k_pass, 0, RSBAC_MAXNAMELEN); 04730 rsbac_kfree(k_pass); 04731 return err; 04732 #else 04733 return (-RSBAC_EINVALIDMODULE); 04734 #endif 04735 }

int sys_rsbac_um_check_account ( rsbac_uid_t uid )

Definition at line 6253 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_check_account(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
06254 { 06255 #if defined(CONFIG_RSBAC_UM) 06256 #ifndef CONFIG_RSBAC_MAINT 06257 union rsbac_target_id_t rsbac_target_id; 06258 union rsbac_attribute_value_t rsbac_attribute_value; 06259 #endif 06260 06261 06262 #ifndef CONFIG_RSBAC_MAINT 06263 #ifdef CONFIG_RSBAC_DEBUG 06264 if (rsbac_debug_aef) 06265 { 06266 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n"); 06267 } 06268 #endif 06269 rsbac_target_id.user = uid; 06270 rsbac_attribute_value.dummy = 0; 06271 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06272 current->pid, 06273 T_USER, 06274 rsbac_target_id, 06275 A_none, 06276 rsbac_attribute_value)) 06277 { 06278 return -EPERM; 06279 } 06280 #endif /* MAINT */ 06281 06282 return rsbac_um_check_account(uid); 06283 #else 06284 return (-RSBAC_EINVALIDMODULE); 06285 #endif 06286 }

int sys_rsbac_um_check_account_name ( char * name )

Definition at line 6288 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_printk(), rsbac_um_check_account(), rsbac_um_get_uid(), RSBAC_UM_NAME_LEN, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
06289 { 06290 #if defined(CONFIG_RSBAC_UM) 06291 int err; 06292 rsbac_uid_t uid; 06293 char k_name[RSBAC_UM_NAME_LEN]; 06294 #ifndef CONFIG_RSBAC_MAINT 06295 union rsbac_target_id_t rsbac_target_id; 06296 union rsbac_attribute_value_t rsbac_attribute_value; 06297 #endif 06298 06299 if(!name) 06300 return -RSBAC_EINVALIDPOINTER; 06301 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 06302 if(err) 06303 return err; 06304 k_name[RSBAC_UM_NAME_LEN-1] = 0; 06305 #ifdef CONFIG_RSBAC_DEBUG 06306 if (rsbac_debug_aef_um) 06307 { 06308 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): checking user %s\n", 06309 k_name); 06310 } 06311 #endif 06312 err = rsbac_um_get_uid(0, k_name, &uid); 06313 if(err) 06314 { 06315 #ifdef CONFIG_RSBAC_DEBUG 06316 if (rsbac_debug_aef_um) 06317 { 06318 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): lookup of user %s failed\n", 06319 k_name); 06320 } 06321 #endif 06322 return err; 06323 } 06324 06325 #ifndef CONFIG_RSBAC_MAINT 06326 #ifdef CONFIG_RSBAC_DEBUG 06327 if (rsbac_debug_aef) 06328 { 06329 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n"); 06330 } 06331 #endif 06332 rsbac_target_id.user = uid; 06333 rsbac_attribute_value.dummy = 0; 06334 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06335 current->pid, 06336 T_USER, 06337 rsbac_target_id, 06338 A_none, 06339 rsbac_attribute_value)) 06340 { 06341 return -EPERM; 06342 } 06343 #endif /* MAINT */ 06344 06345 return rsbac_um_check_account(uid); 06346 #else 06347 return (-RSBAC_EINVALIDMODULE); 06348 #endif 06349 }

int sys_rsbac_um_get_gid ( rsbac_list_ta_number_t ta_number,

char * name,

rsbac_gid_t * gid_p

)

Definition at line 5980 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_printk(), rsbac_um_get_gid(), RSBAC_UM_NAME_LEN, and T_GROUP.
Referenced by sys_rsbac().
05984 { 05985 #if defined(CONFIG_RSBAC_UM) 05986 rsbac_gid_t k_gid; 05987 int err; 05988 char k_name[RSBAC_UM_NAME_LEN]; 05989 05990 if(!name || !gid_p) 05991 return -RSBAC_EINVALIDPOINTER; 05992 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 05993 if(err) 05994 return err; 05995 k_name[RSBAC_UM_NAME_LEN-1] = 0; 05996 err = rsbac_um_get_gid(ta_number, k_name, &k_gid); 05997 if(!err) 05998 { 05999 #ifndef CONFIG_RSBAC_MAINT 06000 union rsbac_target_id_t rsbac_target_id; 06001 union rsbac_attribute_value_t rsbac_attribute_value; 06002 06003 #ifdef CONFIG_RSBAC_DEBUG 06004 if (rsbac_debug_aef) 06005 { 06006 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gid(): calling ADF\n"); 06007 } 06008 #endif 06009 rsbac_target_id.group = k_gid; 06010 rsbac_attribute_value.dummy = 0; 06011 if (!rsbac_adf_request(R_SEARCH, 06012 current->pid, 06013 T_GROUP, 06014 rsbac_target_id, 06015 A_none, 06016 rsbac_attribute_value)) 06017 { 06018 err = -EPERM; 06019 } 06020 else 06021 #endif /* MAINT */ 06022 06023 err = rsbac_put_user((char *)&k_gid, (char *) gid_p, sizeof(k_gid)); 06024 } 06025 return err; 06026 #else 06027 return (-RSBAC_EINVALIDMODULE); 06028 #endif 06029 }

int sys_rsbac_um_get_gm_list ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t user,

rsbac_gid_t group_array[],

u_int maxnum

)

Definition at line 5756 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, NULL, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_get_gm_list(), RSBAC_UM_MAX_MAXNUM, rsbac_vfree, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05761 { 05762 #if defined(CONFIG_RSBAC_UM) 05763 long count; 05764 rsbac_gid_t * k_group_array; 05765 #ifndef CONFIG_RSBAC_MAINT 05766 union rsbac_target_id_t rsbac_target_id; 05767 union rsbac_attribute_value_t rsbac_attribute_value; 05768 #endif 05769 05770 05771 if(maxnum > RSBAC_UM_MAX_MAXNUM) 05772 maxnum = RSBAC_UM_MAX_MAXNUM; 05773 05774 #ifndef CONFIG_RSBAC_MAINT 05775 #ifdef CONFIG_RSBAC_DEBUG 05776 if (rsbac_debug_aef) 05777 { 05778 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_list(): calling ADF\n"); 05779 } 05780 #endif 05781 rsbac_target_id.user = user; 05782 rsbac_attribute_value.dummy = 0; 05783 if (!rsbac_adf_request(R_GET_STATUS_DATA, 05784 current->pid, 05785 T_USER, 05786 rsbac_target_id, 05787 A_none, 05788 rsbac_attribute_value)) 05789 { 05790 return -EPERM; 05791 } 05792 #endif /* MAINT */ 05793 05794 /* count only */ 05795 if(!group_array || !maxnum) 05796 return rsbac_um_get_gm_list(ta_number, user, NULL); 05797 05798 count = rsbac_um_get_gm_list(ta_number, user, &k_group_array); 05799 if(count>0) 05800 { 05801 if(count > maxnum) 05802 count = maxnum; 05803 rsbac_put_user((u_char *) k_group_array, 05804 (u_char *) group_array, 05805 count * sizeof(*k_group_array) ); 05806 rsbac_vfree(k_group_array); 05807 } 05808 return count; 05809 #else 05810 return -RSBAC_EINVALIDMODULE; 05811 #endif 05812 }; /* end of sys_rsbac_um_get_group_list() */

int sys_rsbac_um_get_gm_user_list ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t group,

rsbac_uid_t user_array[],

u_int maxnum

)

Definition at line 5814 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_READ, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_get_gm_user_list(), RSBAC_UM_MAX_MAXNUM, rsbac_vfree, and T_GROUP.
Referenced by sys_rsbac().
05819 { 05820 #if defined(CONFIG_RSBAC_UM) 05821 long count; 05822 rsbac_uid_t * k_user_array; 05823 #ifndef CONFIG_RSBAC_MAINT 05824 union rsbac_target_id_t rsbac_target_id; 05825 union rsbac_attribute_value_t rsbac_attribute_value; 05826 #endif 05827 05828 if(maxnum > RSBAC_UM_MAX_MAXNUM) 05829 maxnum = RSBAC_UM_MAX_MAXNUM; 05830 05831 #ifndef CONFIG_RSBAC_MAINT 05832 #ifdef CONFIG_RSBAC_DEBUG 05833 if (rsbac_debug_aef) 05834 { 05835 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_user_list(): calling ADF\n"); 05836 } 05837 #endif 05838 rsbac_target_id.group = group; 05839 rsbac_attribute_value.dummy = 0; 05840 if (!rsbac_adf_request(R_READ, 05841 current->pid, 05842 T_GROUP, 05843 rsbac_target_id, 05844 A_none, 05845 rsbac_attribute_value)) 05846 { 05847 return -EPERM; 05848 } 05849 #endif /* MAINT */ 05850 /* count number of all users */ 05851 if(!user_array || !maxnum) 05852 return rsbac_um_get_gm_user_list(ta_number, group, NULL); 05853 05854 count = rsbac_um_get_gm_user_list(ta_number, group, &k_user_array); 05855 if(count>0) 05856 { 05857 if(count > maxnum) 05858 count = maxnum; 05859 rsbac_put_user((u_char *) k_user_array, 05860 (u_char *) user_array, 05861 count * sizeof(*k_user_array) ); 05862 rsbac_vfree(k_user_array); 05863 } 05864 return count; 05865 #else 05866 return -RSBAC_EINVALIDMODULE; 05867 #endif 05868 }; /* end of sys_rsbac_um_get_group_list() */

int sys_rsbac_um_get_group_item ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t gid,

enum rsbac_um_mod_t mod,

union rsbac_um_mod_data_t * data_p

)

Definition at line 5331 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, R_GET_PERMISSIONS_DATA, R_GET_STATUS_DATA, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), rsbac_printk(), rsbac_um_get_group_item(), T_GROUP, UM_name, UM_none, UM_pass, and UM_ttl.
Referenced by sys_rsbac().
05336 { 05337 #if defined(CONFIG_RSBAC_UM) 05338 int err; 05339 union rsbac_um_mod_data_t * k_data_p; 05340 #ifndef CONFIG_RSBAC_MAINT 05341 enum rsbac_adf_request_t rsbac_request; 05342 union rsbac_target_id_t rsbac_target_id; 05343 union rsbac_attribute_value_t rsbac_attribute_value; 05344 #endif 05345 05346 if(mod >= UM_none) 05347 return -RSBAC_EINVALIDREQUEST; 05348 if(!data_p) 05349 return -RSBAC_EINVALIDPOINTER; 05350 05351 #ifndef CONFIG_RSBAC_MAINT 05352 #ifdef CONFIG_RSBAC_DEBUG 05353 if (rsbac_debug_aef) 05354 { 05355 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_item(): calling ADF\n"); 05356 } 05357 #endif 05358 rsbac_attribute_value.dummy = 0; 05359 switch(mod) 05360 { 05361 case UM_name: 05362 rsbac_request = R_SEARCH; 05363 break; 05364 05365 case UM_pass: 05366 rsbac_request = R_GET_PERMISSIONS_DATA; 05367 break; 05368 05369 case UM_ttl: 05370 rsbac_request = R_GET_STATUS_DATA; 05371 break; 05372 05373 default: 05374 return -RSBAC_EINVALIDREQUEST; 05375 } 05376 rsbac_target_id.group = gid; 05377 if (!rsbac_adf_request(rsbac_request, 05378 current->pid, 05379 T_GROUP, 05380 rsbac_target_id, 05381 A_none, 05382 rsbac_attribute_value)) 05383 { 05384 return -EPERM; 05385 } 05386 #endif /* MAINT */ 05387 05388 k_data_p = rsbac_kmalloc(sizeof(*k_data_p)); 05389 if(!k_data_p) 05390 return -RSBAC_ENOMEM; 05391 memset(k_data_p, 0, sizeof(*k_data_p)); 05392 05393 err = rsbac_um_get_group_item(ta_number, gid, mod, k_data_p); 05394 if(!err) 05395 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) ); 05396 rsbac_kfree(k_data_p); 05397 return err; 05398 #else 05399 return (-RSBAC_EINVALIDMODULE); 05400 #endif 05401 }

int sys_rsbac_um_get_group_list ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t group_array[],

u_int maxnum

)

Definition at line 5870 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_SEARCH, rsbac_adf_request(), RSBAC_ALL_USERS, RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_get_group_list(), RSBAC_UM_MAX_MAXNUM, rsbac_vfree, and T_GROUP.
Referenced by sys_rsbac().
05874 { 05875 #if defined(CONFIG_RSBAC_UM) 05876 long count; 05877 rsbac_gid_t * k_group_array; 05878 #ifndef CONFIG_RSBAC_MAINT 05879 union rsbac_target_id_t rsbac_target_id; 05880 union rsbac_attribute_value_t rsbac_attribute_value; 05881 #endif 05882 05883 if(maxnum > RSBAC_UM_MAX_MAXNUM) 05884 maxnum = RSBAC_UM_MAX_MAXNUM; 05885 05886 #ifndef CONFIG_RSBAC_MAINT 05887 #ifdef CONFIG_RSBAC_DEBUG 05888 if (rsbac_debug_aef) 05889 { 05890 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_list(): calling ADF\n"); 05891 } 05892 #endif 05893 rsbac_target_id.group = RSBAC_ALL_USERS; 05894 rsbac_attribute_value.dummy = 0; 05895 if (!rsbac_adf_request(R_SEARCH, 05896 current->pid, 05897 T_GROUP, 05898 rsbac_target_id, 05899 A_none, 05900 rsbac_attribute_value)) 05901 { 05902 return -EPERM; 05903 } 05904 #endif /* MAINT */ 05905 05906 /* count only */ 05907 if(!group_array || !maxnum) 05908 return rsbac_um_get_group_list(ta_number, NULL); 05909 05910 count = rsbac_um_get_group_list(ta_number, &k_group_array); 05911 if(count>0) 05912 { 05913 if(count > maxnum) 05914 count = maxnum; 05915 rsbac_put_user((u_char *) k_group_array, 05916 (u_char *) group_array, 05917 count * sizeof(*k_group_array) ); 05918 rsbac_vfree(k_group_array); 05919 } 05920 return count; 05921 #else 05922 return -RSBAC_EINVALIDMODULE; 05923 #endif 05924 }; /* end of sys_rsbac_um_get_group_list() */

int sys_rsbac_um_get_next_user ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t old_user,

rsbac_uid_t * next_user_p

)

Definition at line 5655 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_printk(), rsbac_um_get_next_user(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05659 { 05660 #if defined(CONFIG_RSBAC_UM) 05661 rsbac_uid_t k_next_user; 05662 int err; 05663 #ifndef CONFIG_RSBAC_MAINT 05664 union rsbac_target_id_t rsbac_target_id; 05665 union rsbac_attribute_value_t rsbac_attribute_value; 05666 #endif 05667 05668 if(!next_user_p) 05669 return -RSBAC_EINVALIDPOINTER; 05670 05671 #ifndef CONFIG_RSBAC_MAINT 05672 #ifdef CONFIG_RSBAC_DEBUG 05673 if (rsbac_debug_aef) 05674 { 05675 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_next_user(): calling ADF\n"); 05676 } 05677 #endif 05678 rsbac_target_id.user = old_user; 05679 rsbac_attribute_value.dummy = 0; 05680 if (!rsbac_adf_request(R_SEARCH, 05681 current->pid, 05682 T_USER, 05683 rsbac_target_id, 05684 A_none, 05685 rsbac_attribute_value)) 05686 { 05687 return -EPERM; 05688 } 05689 #endif /* MAINT */ 05690 05691 err = rsbac_um_get_next_user(ta_number, old_user, &k_next_user); 05692 if(!err) 05693 err = rsbac_put_user((char *)&k_next_user, (char *) next_user_p, sizeof(k_next_user)); 05694 return err; 05695 #else 05696 return (-RSBAC_EINVALIDMODULE); 05697 #endif 05698 }

int sys_rsbac_um_get_uid ( rsbac_list_ta_number_t ta_number,

char * name,

rsbac_uid_t * uid_p

)

Definition at line 5928 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_printk(), rsbac_um_get_uid(), RSBAC_UM_NAME_LEN, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05932 { 05933 #if defined(CONFIG_RSBAC_UM) 05934 rsbac_uid_t k_uid; 05935 int err; 05936 char k_name[RSBAC_UM_NAME_LEN]; 05937 05938 if(!name || !uid_p) 05939 return -RSBAC_EINVALIDPOINTER; 05940 05941 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 05942 if(err) 05943 return err; 05944 k_name[RSBAC_UM_NAME_LEN-1] = 0; 05945 err = rsbac_um_get_uid(ta_number, k_name, &k_uid); 05946 if(!err) 05947 { 05948 #ifndef CONFIG_RSBAC_MAINT 05949 union rsbac_target_id_t rsbac_target_id; 05950 union rsbac_attribute_value_t rsbac_attribute_value; 05951 05952 #ifdef CONFIG_RSBAC_DEBUG 05953 if (rsbac_debug_aef) 05954 { 05955 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_uid(): calling ADF\n"); 05956 } 05957 #endif 05958 rsbac_target_id.user = k_uid; 05959 rsbac_attribute_value.dummy = 0; 05960 if (!rsbac_adf_request(R_SEARCH, 05961 current->pid, 05962 T_USER, 05963 rsbac_target_id, 05964 A_none, 05965 rsbac_attribute_value)) 05966 { 05967 err = -EPERM; 05968 } 05969 else 05970 #endif /* MAINT */ 05971 05972 err = rsbac_put_user((char *)&k_uid, (char *) uid_p, sizeof(k_uid)); 05973 } 05974 return err; 05975 #else 05976 return (-RSBAC_EINVALIDMODULE); 05977 #endif 05978 }

int sys_rsbac_um_get_user_item ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t uid,

enum rsbac_um_mod_t mod,

union rsbac_um_mod_data_t * data_p

)

Definition at line 5246 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_PERMISSIONS_DATA, R_GET_STATUS_DATA, R_READ, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), rsbac_printk(), rsbac_um_get_user_item(), T_USER, UM_expire, UM_fullname, UM_group, UM_homedir, UM_inactive, UM_lastchange, UM_maxchange, UM_minchange, UM_name, UM_none, UM_pass, UM_shell, UM_ttl, UM_warnchange, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05251 { 05252 #if defined(CONFIG_RSBAC_UM) 05253 int err; 05254 union rsbac_um_mod_data_t * k_data_p; 05255 #ifndef CONFIG_RSBAC_MAINT 05256 enum rsbac_adf_request_t rsbac_request; 05257 union rsbac_target_id_t rsbac_target_id; 05258 union rsbac_attribute_value_t rsbac_attribute_value; 05259 #endif 05260 05261 if(mod >= UM_none) 05262 return -RSBAC_EINVALIDREQUEST; 05263 if(!data_p) 05264 return -RSBAC_EINVALIDPOINTER; 05265 05266 #ifndef CONFIG_RSBAC_MAINT 05267 #ifdef CONFIG_RSBAC_DEBUG 05268 if (rsbac_debug_aef) 05269 { 05270 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_item(): calling ADF\n"); 05271 } 05272 #endif 05273 rsbac_attribute_value.dummy = 0; 05274 switch(mod) 05275 { 05276 case UM_name: 05277 rsbac_request = R_SEARCH; 05278 break; 05279 05280 case UM_group: 05281 case UM_fullname: 05282 case UM_homedir: 05283 case UM_shell: 05284 rsbac_request = R_GET_STATUS_DATA; 05285 break; 05286 05287 case UM_pass: 05288 rsbac_request = R_GET_PERMISSIONS_DATA; 05289 break; 05290 05291 case UM_lastchange: 05292 case UM_minchange: 05293 case UM_maxchange: 05294 case UM_warnchange: 05295 case UM_inactive: 05296 case UM_expire: 05297 case UM_ttl: 05298 rsbac_request = R_READ; 05299 break; 05300 05301 default: 05302 return -RSBAC_EINVALIDREQUEST; 05303 } 05304 rsbac_target_id.user = uid; 05305 if (!rsbac_adf_request(rsbac_request, 05306 current->pid, 05307 T_USER, 05308 rsbac_target_id, 05309 A_none, 05310 rsbac_attribute_value)) 05311 { 05312 return -EPERM; 05313 } 05314 #endif /* MAINT */ 05315 05316 k_data_p = rsbac_kmalloc(sizeof(*k_data_p)); 05317 if(!k_data_p) 05318 return -RSBAC_ENOMEM; 05319 memset(k_data_p, 0, sizeof(*k_data_p)); 05320 05321 err = rsbac_um_get_user_item(ta_number, uid, mod, k_data_p); 05322 if(!err) 05323 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) ); 05324 rsbac_kfree(k_data_p); 05325 return err; 05326 #else 05327 return (-RSBAC_EINVALIDMODULE); 05328 #endif 05329 }

int sys_rsbac_um_get_user_list ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t user_array[],

u_int maxnum

)

Definition at line 5700 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, NULL, R_SEARCH, rsbac_adf_request(), RSBAC_ALL_USERS, RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_get_user_list(), RSBAC_UM_MAX_MAXNUM, rsbac_vfree, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05704 { 05705 #if defined(CONFIG_RSBAC_UM) 05706 long count; 05707 rsbac_uid_t * k_user_array; 05708 #ifndef CONFIG_RSBAC_MAINT 05709 union rsbac_target_id_t rsbac_target_id; 05710 union rsbac_attribute_value_t rsbac_attribute_value; 05711 #endif 05712 05713 if(maxnum > RSBAC_UM_MAX_MAXNUM) 05714 maxnum = RSBAC_UM_MAX_MAXNUM; 05715 05716 #ifndef CONFIG_RSBAC_MAINT 05717 #ifdef CONFIG_RSBAC_DEBUG 05718 if (rsbac_debug_aef) 05719 { 05720 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_list(): calling ADF\n"); 05721 } 05722 #endif 05723 rsbac_target_id.user = RSBAC_ALL_USERS; 05724 rsbac_attribute_value.dummy = 0; 05725 if (!rsbac_adf_request(R_SEARCH, 05726 current->pid, 05727 T_USER, 05728 rsbac_target_id, 05729 A_none, 05730 rsbac_attribute_value)) 05731 { 05732 return -EPERM; 05733 } 05734 #endif /* MAINT */ 05735 05736 /* count only */ 05737 if(!user_array || !maxnum) 05738 return rsbac_um_get_user_list(ta_number, NULL); 05739 05740 count = rsbac_um_get_user_list(ta_number, &k_user_array); 05741 if(count>0) 05742 { 05743 if(count > maxnum) 05744 count = maxnum; 05745 rsbac_put_user((u_char *) k_user_array, 05746 (u_char *) user_array, 05747 count * sizeof(*k_user_array) ); 05748 rsbac_vfree(k_user_array); 05749 } 05750 return count; 05751 #else 05752 return -RSBAC_EINVALIDMODULE; 05753 #endif 05754 }; /* end of sys_rsbac_um_get_user_list() */

int sys_rsbac_um_group_exists ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t gid

)

Definition at line 5619 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_group_exists(), and T_GROUP.
05622 { 05623 #if defined(CONFIG_RSBAC_UM) 05624 #ifndef CONFIG_RSBAC_MAINT 05625 union rsbac_target_id_t rsbac_target_id; 05626 union rsbac_attribute_value_t rsbac_attribute_value; 05627 #endif 05628 05629 #ifndef CONFIG_RSBAC_MAINT 05630 #ifdef CONFIG_RSBAC_DEBUG 05631 if (rsbac_debug_aef) 05632 { 05633 rsbac_printk(KERN_DEBUG "sys_rsbac_um_group_exists(): calling ADF\n"); 05634 } 05635 #endif 05636 rsbac_target_id.group = gid; 05637 rsbac_attribute_value.dummy = 0; 05638 if (!rsbac_adf_request(R_SEARCH, 05639 current->pid, 05640 T_GROUP, 05641 rsbac_target_id, 05642 A_none, 05643 rsbac_attribute_value)) 05644 { 05645 return -EPERM; 05646 } 05647 #endif /* MAINT */ 05648 05649 return rsbac_um_group_exists(ta_number, gid); 05650 #else 05651 return (-RSBAC_EINVALIDMODULE); 05652 #endif 05653 }

int sys_rsbac_um_mod_group ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t gid,

enum rsbac_um_mod_t mod,

union rsbac_um_mod_data_t * data_p

)

Definition at line 5151 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_DELETE, R_MODIFY_PERMISSIONS_DATA, R_RENAME, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_mod_group(), T_GROUP, UM_cryptpass, UM_name, UM_none, UM_pass, and UM_ttl.
Referenced by sys_rsbac().
05156 { 05157 #if defined(CONFIG_RSBAC_UM) 05158 int err; 05159 union rsbac_um_mod_data_t * k_data_p; 05160 #ifndef CONFIG_RSBAC_MAINT 05161 enum rsbac_adf_request_t rsbac_request; 05162 union rsbac_target_id_t rsbac_target_id; 05163 union rsbac_attribute_value_t rsbac_attribute_value; 05164 #endif 05165 05166 if(mod >= UM_none) 05167 return -RSBAC_EINVALIDREQUEST; 05168 if( !data_p 05169 && (mod != UM_pass) 05170 ) 05171 return -RSBAC_EINVALIDPOINTER; 05172 05173 #ifdef CONFIG_RSBAC_FREEZE_UM 05174 if(rsbac_freeze) 05175 { 05176 rsbac_printk(KERN_WARNING 05177 "sys_rsbac_um_mod_group(): RSBAC configuration frozen, no administration allowed!\n"); 05178 return -EPERM; 05179 } 05180 #endif 05181 05182 #ifndef CONFIG_RSBAC_MAINT 05183 #ifdef CONFIG_RSBAC_DEBUG 05184 if (rsbac_debug_aef) 05185 { 05186 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_group(): calling ADF\n"); 05187 } 05188 #endif 05189 switch(mod) 05190 { 05191 case UM_name: 05192 rsbac_request = R_RENAME; 05193 break; 05194 05195 case UM_pass: 05196 case UM_cryptpass: 05197 rsbac_request = R_MODIFY_PERMISSIONS_DATA; 05198 break; 05199 05200 case UM_ttl: 05201 rsbac_request = R_DELETE; 05202 break; 05203 05204 default: 05205 return -RSBAC_EINVALIDREQUEST; 05206 } 05207 rsbac_target_id.group = gid; 05208 rsbac_attribute_value.dummy = 0; 05209 if (!rsbac_adf_request(rsbac_request, 05210 current->pid, 05211 T_GROUP, 05212 rsbac_target_id, 05213 A_none, 05214 rsbac_attribute_value)) 05215 { 05216 return -EPERM; 05217 } 05218 #endif /* MAINT */ 05219 05220 if(data_p) 05221 { 05222 k_data_p = rsbac_kmalloc(sizeof(*k_data_p)); 05223 if(!k_data_p) 05224 return -RSBAC_ENOMEM; 05225 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p)); 05226 if(err) 05227 { 05228 rsbac_kfree(k_data_p); 05229 return err; 05230 } 05231 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0; 05232 } 05233 else 05234 k_data_p = NULL; 05235 05236 err = rsbac_um_mod_group(ta_number, gid, mod, k_data_p); 05237 05238 if(k_data_p) 05239 rsbac_kfree(k_data_p); 05240 return err; 05241 #else 05242 return (-RSBAC_EINVALIDMODULE); 05243 #endif 05244 }

int sys_rsbac_um_mod_user ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t uid,

enum rsbac_um_mod_t mod,

union rsbac_um_mod_data_t * data_p

)

Definition at line 5012 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_um_mod_data_t::group, NULL, R_CHANGE_GROUP, R_DELETE, R_MODIFY_PERMISSIONS_DATA, R_RENAME, R_WRITE, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_mod_user(), T_USER, UM_cryptpass, UM_expire, UM_fullname, UM_group, UM_homedir, UM_inactive, UM_lastchange, UM_maxchange, UM_minchange, UM_name, UM_none, UM_pass, UM_shell, UM_ttl, UM_warnchange, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05017 { 05018 #if defined(CONFIG_RSBAC_UM) 05019 int err; 05020 union rsbac_um_mod_data_t * k_data_p; 05021 #ifndef CONFIG_RSBAC_MAINT 05022 enum rsbac_adf_request_t rsbac_request; 05023 union rsbac_target_id_t rsbac_target_id; 05024 enum rsbac_attribute_t rsbac_attribute = A_none; 05025 union rsbac_attribute_value_t rsbac_attribute_value; 05026 #endif 05027 05028 if(mod >= UM_none) 05029 return -RSBAC_EINVALIDREQUEST; 05030 if( !data_p 05031 && (mod != UM_pass) 05032 ) 05033 return -RSBAC_EINVALIDPOINTER; 05034 05035 #ifdef CONFIG_RSBAC_FREEZE_UM 05036 if(rsbac_freeze) 05037 { 05038 rsbac_printk(KERN_WARNING 05039 "sys_rsbac_um_mod_user(): RSBAC configuration frozen, no administration allowed!\n"); 05040 return -EPERM; 05041 } 05042 #endif 05043 05044 #ifndef CONFIG_RSBAC_MAINT 05045 #ifdef CONFIG_RSBAC_DEBUG 05046 if (rsbac_debug_aef) 05047 { 05048 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_user(): calling ADF\n"); 05049 } 05050 #endif 05051 rsbac_attribute_value.dummy = 0; 05052 switch(mod) 05053 { 05054 case UM_name: 05055 rsbac_request = R_RENAME; 05056 break; 05057 05058 case UM_pass: 05059 case UM_cryptpass: 05060 rsbac_request = R_MODIFY_PERMISSIONS_DATA; 05061 break; 05062 05063 case UM_fullname: 05064 rsbac_request = R_WRITE; 05065 break; 05066 05067 case UM_homedir: 05068 rsbac_request = R_WRITE; 05069 break; 05070 05071 case UM_shell: 05072 rsbac_request = R_WRITE; 05073 break; 05074 05075 case UM_group: 05076 rsbac_request = R_CHANGE_GROUP; 05077 rsbac_attribute = A_group; 05078 rsbac_attribute_value.group = data_p->group; 05079 break; 05080 05081 case UM_lastchange: 05082 rsbac_request = R_WRITE; 05083 break; 05084 05085 case UM_minchange: 05086 rsbac_request = R_WRITE; 05087 break; 05088 05089 case UM_maxchange: 05090 rsbac_request = R_WRITE; 05091 break; 05092 05093 case UM_warnchange: 05094 rsbac_request = R_WRITE; 05095 break; 05096 05097 case UM_inactive: 05098 rsbac_request = R_WRITE; 05099 break; 05100 05101 case UM_expire: 05102 rsbac_request = R_WRITE; 05103 break; 05104 05105 case UM_ttl: 05106 rsbac_request = R_DELETE; 05107 break; 05108 05109 default: 05110 return -RSBAC_EINVALIDREQUEST; 05111 } 05112 rsbac_target_id.user = uid; 05113 if (!rsbac_adf_request(rsbac_request, 05114 current->pid, 05115 T_USER, 05116 rsbac_target_id, 05117 rsbac_attribute, 05118 rsbac_attribute_value)) 05119 { 05120 return -EPERM; 05121 } 05122 #endif /* MAINT */ 05123 05124 05125 if(data_p) 05126 { 05127 k_data_p = rsbac_kmalloc(sizeof(*k_data_p)); 05128 if(!k_data_p) 05129 return -RSBAC_ENOMEM; 05130 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p)); 05131 if(err) 05132 { 05133 rsbac_kfree(k_data_p); 05134 return err; 05135 } 05136 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0; 05137 } 05138 else 05139 k_data_p = NULL; 05140 05141 err = rsbac_um_mod_user(ta_number, uid, mod, k_data_p); 05142 05143 if(k_data_p) 05144 rsbac_kfree(k_data_p); 05145 return err; 05146 #else 05147 return (-RSBAC_EINVALIDMODULE); 05148 #endif 05149 }

int sys_rsbac_um_remove_gm ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t user,

rsbac_gid_t group

)

Definition at line 5537 of file syscalls.c.
References R_CHANGE_GROUP, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_remove_gm(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05541 { 05542 #if defined(CONFIG_RSBAC_UM) 05543 #ifndef CONFIG_RSBAC_MAINT 05544 union rsbac_target_id_t rsbac_target_id; 05545 union rsbac_attribute_value_t rsbac_attribute_value; 05546 #endif 05547 05548 #ifdef CONFIG_RSBAC_FREEZE_UM 05549 if(rsbac_freeze) 05550 { 05551 rsbac_printk(KERN_WARNING 05552 "sys_rsbac_um_remove_gm(): RSBAC configuration frozen, no administration allowed!\n"); 05553 return -EPERM; 05554 } 05555 #endif 05556 05557 #ifndef CONFIG_RSBAC_MAINT 05558 #ifdef CONFIG_RSBAC_DEBUG 05559 if (rsbac_debug_aef) 05560 { 05561 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_gm(): calling ADF\n"); 05562 } 05563 #endif 05564 rsbac_target_id.user = user; 05565 rsbac_attribute_value.group = group; 05566 if (!rsbac_adf_request(R_CHANGE_GROUP, 05567 current->pid, 05568 T_USER, 05569 rsbac_target_id, 05570 A_group, 05571 rsbac_attribute_value)) 05572 { 05573 return -EPERM; 05574 } 05575 #endif /* MAINT */ 05576 05577 return rsbac_um_remove_gm(ta_number, user, group); 05578 #else 05579 return (-RSBAC_EINVALIDMODULE); 05580 #endif 05581 }

int sys_rsbac_um_remove_group ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t gid

)

Definition at line 5470 of file syscalls.c.
References A_none, rsbac_target_id_t::dummy, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, R_DELETE, rsbac_adf_request(), rsbac_adf_set_attr(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_remove_group(), T_GROUP, and T_NONE.
Referenced by sys_rsbac().
05473 { 05474 #if defined(CONFIG_RSBAC_UM) 05475 int err; 05476 #ifndef CONFIG_RSBAC_MAINT 05477 union rsbac_target_id_t rsbac_target_id; 05478 union rsbac_target_id_t rsbac_new_target_id; 05479 union rsbac_attribute_value_t rsbac_attribute_value; 05480 #endif 05481 05482 #ifdef CONFIG_RSBAC_FREEZE_UM 05483 if(rsbac_freeze) 05484 { 05485 rsbac_printk(KERN_WARNING 05486 "sys_rsbac_um_remove_group(): RSBAC configuration frozen, no administration allowed!\n"); 05487 return -EPERM; 05488 } 05489 #endif 05490 05491 #ifndef CONFIG_RSBAC_MAINT 05492 #ifdef CONFIG_RSBAC_DEBUG 05493 if (rsbac_debug_aef) 05494 { 05495 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_group(): calling ADF\n"); 05496 } 05497 #endif 05498 rsbac_target_id.group = gid; 05499 rsbac_attribute_value.dummy = 0; 05500 if (!rsbac_adf_request(R_DELETE, 05501 current->pid, 05502 T_GROUP, 05503 rsbac_target_id, 05504 A_none, 05505 rsbac_attribute_value)) 05506 { 05507 return -EPERM; 05508 } 05509 #endif /* MAINT */ 05510 05511 err = rsbac_um_remove_group(ta_number, gid); 05512 05513 #ifndef CONFIG_RSBAC_MAINT 05514 if(!err) 05515 { 05516 rsbac_new_target_id.dummy = 0; 05517 if (rsbac_adf_set_attr(R_DELETE, 05518 current->pid, 05519 T_GROUP, 05520 rsbac_target_id, 05521 T_NONE, 05522 rsbac_new_target_id, 05523 A_none, 05524 rsbac_attribute_value)) 05525 { 05526 rsbac_printk(KERN_WARNING 05527 "sys_rsbac_um_remove_group(): rsbac_adf_set_attr() returned error"); 05528 } 05529 } 05530 #endif 05531 return err; 05532 #else 05533 return (-RSBAC_EINVALIDMODULE); 05534 #endif 05535 }

int sys_rsbac_um_remove_user ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t uid

)

Definition at line 5403 of file syscalls.c.
References A_none, rsbac_target_id_t::dummy, rsbac_attribute_value_t::dummy, R_DELETE, rsbac_adf_request(), rsbac_adf_set_attr(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_remove_user(), T_NONE, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05406 { 05407 #if defined(CONFIG_RSBAC_UM) 05408 int err; 05409 #ifndef CONFIG_RSBAC_MAINT 05410 union rsbac_target_id_t rsbac_target_id; 05411 union rsbac_target_id_t rsbac_new_target_id; 05412 union rsbac_attribute_value_t rsbac_attribute_value; 05413 #endif 05414 05415 #ifdef CONFIG_RSBAC_FREEZE_UM 05416 if(rsbac_freeze) 05417 { 05418 rsbac_printk(KERN_WARNING 05419 "sys_rsbac_um_remove_user(): RSBAC configuration frozen, no administration allowed!\n"); 05420 return -EPERM; 05421 } 05422 #endif 05423 05424 #ifndef CONFIG_RSBAC_MAINT 05425 #ifdef CONFIG_RSBAC_DEBUG 05426 if (rsbac_debug_aef) 05427 { 05428 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_user(): calling ADF\n"); 05429 } 05430 #endif 05431 rsbac_target_id.user = uid; 05432 rsbac_attribute_value.dummy = 0; 05433 if (!rsbac_adf_request(R_DELETE, 05434 current->pid, 05435 T_USER, 05436 rsbac_target_id, 05437 A_none, 05438 rsbac_attribute_value)) 05439 { 05440 return -EPERM; 05441 } 05442 #endif /* MAINT */ 05443 05444 err = rsbac_um_remove_user(ta_number, uid); 05445 05446 #ifndef CONFIG_RSBAC_MAINT 05447 if(!err) 05448 { 05449 rsbac_new_target_id.dummy = 0; 05450 if (rsbac_adf_set_attr(R_DELETE, 05451 current->pid, 05452 T_USER, 05453 rsbac_target_id, 05454 T_NONE, 05455 rsbac_new_target_id, 05456 A_none, 05457 rsbac_attribute_value)) 05458 { 05459 rsbac_printk(KERN_WARNING 05460 "sys_rsbac_um_remove_user(): rsbac_adf_set_attr() returned error"); 05461 } 05462 } 05463 #endif 05464 return err; 05465 #else 05466 return (-RSBAC_EINVALIDMODULE); 05467 #endif 05468 }

int sys_rsbac_um_set_group_pass ( rsbac_gid_t gid,

char * new_pass

)

Definition at line 6189 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_MODIFY_PERMISSIONS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_set_group_pass(), and T_GROUP.
Referenced by sys_rsbac().
06191 { 06192 #if defined(CONFIG_RSBAC_UM) 06193 int err; 06194 char * k_new_pass; 06195 #ifndef CONFIG_RSBAC_MAINT 06196 union rsbac_target_id_t rsbac_target_id; 06197 union rsbac_attribute_value_t rsbac_attribute_value; 06198 #endif 06199 06200 #ifdef CONFIG_RSBAC_FREEZE_UM 06201 if(rsbac_freeze) 06202 { 06203 rsbac_printk(KERN_WARNING 06204 "sys_rsbac_um_set_group_pass(): RSBAC configuration frozen, no administration allowed!\n"); 06205 return -EPERM; 06206 } 06207 #endif 06208 06209 #ifndef CONFIG_RSBAC_MAINT 06210 /* check admin rights here */ 06211 #ifdef CONFIG_RSBAC_DEBUG 06212 if (rsbac_debug_aef) 06213 { 06214 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_group_pass(): calling ADF\n"); 06215 } 06216 #endif 06217 rsbac_target_id.group = gid; 06218 rsbac_attribute_value.dummy = 0; 06219 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA, 06220 current->pid, 06221 T_GROUP, 06222 rsbac_target_id, 06223 A_none, 06224 rsbac_attribute_value)) 06225 { 06226 return -EPERM; 06227 } 06228 #endif /* MAINT */ 06229 06230 if(new_pass) 06231 { 06232 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06233 if(!k_new_pass) 06234 return -RSBAC_ENOMEM; 06235 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN); 06236 if(!err) 06237 { 06238 k_new_pass[RSBAC_MAXNAMELEN-1] = 0; 06239 err = rsbac_um_set_group_pass(gid, k_new_pass); 06240 } 06241 rsbac_kfree(k_new_pass); 06242 } 06243 else 06244 { 06245 err = rsbac_um_set_group_pass(gid, NULL); 06246 } 06247 return err; 06248 #else 06249 return (-RSBAC_EINVALIDMODULE); 06250 #endif 06251 }

int sys_rsbac_um_set_pass ( rsbac_uid_t uid,

char * old_pass,

char * new_pass

)

Definition at line 6031 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_MODIFY_PERMISSIONS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_check_pass(), rsbac_um_good_pass(), rsbac_um_set_pass(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac(), and sys_rsbac_um_set_pass_name().
06034 { 06035 #if defined(CONFIG_RSBAC_UM) 06036 int err; 06037 char * k_new_pass; 06038 06039 if(!new_pass) 06040 return -RSBAC_EINVALIDPOINTER; 06041 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06042 if(!k_new_pass) 06043 return -RSBAC_ENOMEM; 06044 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN); 06045 if(err) 06046 { 06047 rsbac_kfree(k_new_pass); 06048 return err; 06049 } 06050 k_new_pass[RSBAC_MAXNAMELEN-1] = 0; 06051 06052 if(old_pass && (uid == current->uid)) 06053 { 06054 char * k_old_pass; 06055 06056 k_old_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06057 if(!k_old_pass) 06058 { 06059 rsbac_kfree(k_new_pass); 06060 return -RSBAC_ENOMEM; 06061 } 06062 err = rsbac_get_user(k_old_pass, old_pass, RSBAC_MAXNAMELEN); 06063 if(err) 06064 { 06065 rsbac_kfree(k_old_pass); 06066 rsbac_kfree(k_new_pass); 06067 return err; 06068 } 06069 k_old_pass[RSBAC_MAXNAMELEN-1] = 0; 06070 err = rsbac_um_check_pass(uid, k_old_pass); 06071 rsbac_kfree(k_old_pass); 06072 if(err) 06073 { 06074 rsbac_kfree(k_new_pass); 06075 rsbac_printk(KERN_INFO "sys_rsbac_um_set_pass(): old password check failed\n"); 06076 return err; 06077 } 06078 err = rsbac_um_good_pass(k_new_pass); 06079 if(err) 06080 { 06081 rsbac_kfree(k_new_pass); 06082 #ifdef CONFIG_RSBAC_DEBUG 06083 if (rsbac_debug_aef_um) 06084 { 06085 rsbac_printk(KERN_DEBUG 06086 "sys_rsbac_um_set_pass(): new password goodness check failed for user %u\n", 06087 uid); 06088 } 06089 #endif 06090 return err; 06091 } 06092 } 06093 else 06094 { 06095 #ifndef CONFIG_RSBAC_MAINT 06096 /* check admin rights here */ 06097 union rsbac_target_id_t rsbac_target_id; 06098 union rsbac_attribute_value_t rsbac_attribute_value; 06099 06100 #ifdef CONFIG_RSBAC_FREEZE_UM 06101 if(rsbac_freeze) 06102 { 06103 rsbac_printk(KERN_WARNING 06104 "sys_rsbac_um_set_pass(): RSBAC configuration frozen, no administration allowed!\n"); 06105 rsbac_kfree(k_new_pass); 06106 return -EPERM; 06107 } 06108 #endif 06109 06110 #ifdef CONFIG_RSBAC_DEBUG 06111 if (rsbac_debug_aef) 06112 { 06113 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass(): calling ADF\n"); 06114 } 06115 #endif 06116 rsbac_target_id.user = uid; 06117 rsbac_attribute_value.dummy = 0; 06118 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA, 06119 current->pid, 06120 T_USER, 06121 rsbac_target_id, 06122 A_none, 06123 rsbac_attribute_value)) 06124 { 06125 rsbac_kfree(k_new_pass); 06126 return -EPERM; 06127 } 06128 #endif /* MAINT */ 06129 } 06130 06131 err = rsbac_um_set_pass(uid, k_new_pass); 06132 rsbac_kfree(k_new_pass); 06133 return err; 06134 #else 06135 return (-RSBAC_EINVALIDMODULE); 06136 #endif 06137 }

int sys_rsbac_um_set_pass_name ( char * name,

char * old_pass,

char * new_pass

)

Definition at line 6139 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), rsbac_printk(), rsbac_um_get_uid(), RSBAC_UM_NAME_LEN, and sys_rsbac_um_set_pass().
Referenced by sys_rsbac().
06142 { 06143 #if defined(CONFIG_RSBAC_UM) 06144 int err; 06145 rsbac_uid_t uid; 06146 char * k_name; 06147 06148 if(!name || !new_pass) 06149 return -RSBAC_EINVALIDPOINTER; 06150 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN); 06151 if(!k_name) 06152 return -RSBAC_ENOMEM; 06153 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 06154 if(err) 06155 { 06156 rsbac_kfree(k_name); 06157 return err; 06158 } 06159 k_name[RSBAC_UM_NAME_LEN-1] = 0; 06160 06161 #ifdef CONFIG_RSBAC_DEBUG 06162 if (rsbac_debug_aef_um) 06163 { 06164 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): user %s\n", 06165 k_name); 06166 } 06167 #endif 06168 err = rsbac_um_get_uid(0, k_name, &uid); 06169 rsbac_kfree(k_name); 06170 if(err) 06171 { 06172 #ifdef CONFIG_RSBAC_DEBUG 06173 if (rsbac_debug_aef_um) 06174 { 06175 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): lookup of user %s failed\n", 06176 k_name); 06177 } 06178 #endif 06179 } 06180 else 06181 err = sys_rsbac_um_set_pass(uid, old_pass, new_pass); 06182 06183 return err; 06184 #else 06185 return (-RSBAC_EINVALIDMODULE); 06186 #endif 06187 }

int sys_rsbac_um_user_exists ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t uid

)

Definition at line 5583 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_user_exists(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05586 { 05587 #if defined(CONFIG_RSBAC_UM) 05588 #ifndef CONFIG_RSBAC_MAINT 05589 union rsbac_target_id_t rsbac_target_id; 05590 union rsbac_attribute_value_t rsbac_attribute_value; 05591 #endif 05592 05593 #ifndef CONFIG_RSBAC_MAINT 05594 #ifdef CONFIG_RSBAC_DEBUG 05595 if (rsbac_debug_aef) 05596 { 05597 rsbac_printk(KERN_DEBUG "sys_rsbac_um_user_exists(): calling ADF\n"); 05598 } 05599 #endif 05600 rsbac_target_id.user = uid; 05601 rsbac_attribute_value.dummy = 0; 05602 if (!rsbac_adf_request(R_SEARCH, 05603 current->pid, 05604 T_USER, 05605 rsbac_target_id, 05606 A_none, 05607 rsbac_attribute_value)) 05608 { 05609 return -EPERM; 05610 } 05611 #endif /* MAINT */ 05612 05613 return rsbac_um_user_exists(ta_number, uid); 05614 #else 05615 return (-RSBAC_EINVALIDMODULE); 05616 #endif 05617 }

int sys_rsbac_write ( void )

Definition at line 172 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_WRITE, rsbac_adf_request(), rsbac_printk(), rsbac_write(), rsbac_target_id_t::scd, ST_rsbac, T_SCD, and TRUE.
Referenced by sys_rsbac().
00173 { 00174 #if defined(CONFIG_RSBAC_AUTO_WRITE) 00175 union rsbac_target_id_t rsbac_target_id; 00176 union rsbac_attribute_value_t rsbac_attribute_value; 00177 int result; 00178 00179 #ifdef CONFIG_RSBAC_DEBUG 00180 if (rsbac_debug_aef) 00181 { 00182 rsbac_printk(KERN_DEBUG "sys_rsbac_write(): calling ADF\n"); 00183 } 00184 #endif 00185 rsbac_target_id.scd = ST_rsbac; 00186 rsbac_attribute_value.dummy = 0; 00187 if (!rsbac_adf_request(R_WRITE, 00188 current->pid, 00189 T_SCD, 00190 rsbac_target_id, 00191 A_none, 00192 rsbac_attribute_value)) 00193 { 00194 return -EPERM; 00195 } 00196 00197 /* lock_kernel(); -> rsbac_write(need_lock) */ 00198 result = rsbac_write(TRUE); 00199 /* unlock_kernel(); */ 00200 return result; 00201 #else 00202 return(0); 00203 #endif /* CONFIG_RSBAC_AUTO_WRITE */ 00204 };

long sys_sync ( void )

Referenced by sys_rsbac_check().

Variable Documentation

struct semaphore rsbac_write_sem

Referenced by rsbac_get_super_block(), rsbac_mount(), rsbac_umount(), sys_rsbac_check(), and write_info().

Generated on Thu Sep 22 16:42:33 2005 for RSBAC by

1.4.2


Functions
int	sys_rsbac_stats (void)
long	sys_sync (void)
int	sys_rsbac_check (int correct, int check_inode)
int	sys_rsbac_write (void)
int	sys_rsbac_get_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value, int inherit)
int	sys_rsbac_get_attr_n (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, char t_name, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value, int inherit)
int	sys_rsbac_set_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value)
int	sys_rsbac_set_attr_n (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, char t_name, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value)
int	sys_rsbac_remove_target (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t *tid)
int	sys_rsbac_remove_target_n (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, char *t_name)
int	sys_rsbac_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t *id_p, u_long maxnum)
int	sys_rsbac_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t *id_p, u_long maxnum)
int	sys_rsbac_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t *id_p, u_long maxnum)
int	sys_rsbac_net_list_all_netdev (rsbac_list_ta_number_t ta_number, rsbac_netdev_id_t *id_p, u_long maxnum)
int	sys_rsbac_net_template (rsbac_list_ta_number_t ta_number, enum rsbac_net_temp_syscall_t call, rsbac_net_temp_id_t id, union rsbac_net_temp_syscall_data_t *data_p)
int	sys_rsbac_net_list_all_template (rsbac_list_ta_number_t ta_number, rsbac_net_temp_id_t *id_p, u_long maxnum)
int	sys_rsbac_switch (enum rsbac_switch_target_t target, int value)
int	sys_rsbac_mac_set_curr_level (rsbac_security_level_t level, rsbac_mac_category_vector_t *categories_p)
int	sys_rsbac_mac_get_curr_level (rsbac_security_level_t level_p, rsbac_mac_category_vector_t categories_p)
int	sys_rsbac_mac_get_max_level (rsbac_security_level_t level_p, rsbac_mac_category_vector_t categories_p)
int	sys_rsbac_mac_get_min_level (rsbac_security_level_t level_p, rsbac_mac_category_vector_t categories_p)
int	sys_rsbac_mac_add_p_tru (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, rsbac_uid_t uid, rsbac_time_t ttl)
int	sys_rsbac_mac_remove_p_tru (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, rsbac_uid_t uid)
int	sys_rsbac_mac_add_f_tru (rsbac_list_ta_number_t ta_number, char *filename, rsbac_uid_t uid, rsbac_time_t ttl)
int	sys_rsbac_mac_remove_f_tru (rsbac_list_ta_number_t ta_number, char *filename, rsbac_uid_t uid)
int	sys_rsbac_mac_get_f_trulist (rsbac_list_ta_number_t ta_number, char *filename, rsbac_uid_t trulist[], rsbac_time_t ttllist[], u_int maxnum)
int	sys_rsbac_mac_get_p_trulist (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, rsbac_uid_t trulist[], rsbac_time_t ttllist[], u_int maxnum)
int	sys_rsbac_stats_pm (void)
int	sys_rsbac_pm (rsbac_list_ta_number_t ta_number, enum rsbac_pm_function_type_t function, union rsbac_pm_function_param_t *param_p, rsbac_pm_tkt_id_t ticket)
int	sys_rsbac_pm_change_current_task (rsbac_pm_task_id_t task)
int	sys_rsbac_pm_create_file (const char *filename, int mode, rsbac_pm_object_class_id_t class)
int	sys_rsbac_daz_flush_cache (void)
int	sys_rsbac_rc_copy_role (rsbac_list_ta_number_t ta_number, rsbac_rc_role_id_t from_role, rsbac_rc_role_id_t to_role)
int	sys_rsbac_rc_copy_type (rsbac_list_ta_number_t ta_number, enum rsbac_rc_target_t target, rsbac_rc_type_id_t from_type, rsbac_rc_type_id_t to_type)
int	sys_rsbac_rc_get_item (rsbac_list_ta_number_t ta_number, enum rsbac_rc_target_t target, union rsbac_rc_target_id_t tid_p, union rsbac_rc_target_id_t subtid_p, enum rsbac_rc_item_t item, union rsbac_rc_item_value_t value_p, rsbac_time_t ttl_p)
int	sys_rsbac_rc_set_item (rsbac_list_ta_number_t ta_number, enum rsbac_rc_target_t target, union rsbac_rc_target_id_t tid_p, union rsbac_rc_target_id_t subtid_p, enum rsbac_rc_item_t item, union rsbac_rc_item_value_t *value_p, rsbac_time_t ttl)
int	sys_rsbac_rc_get_list (rsbac_list_ta_number_t ta_number, enum rsbac_rc_target_t target, union rsbac_rc_target_id_t tid_p, enum rsbac_rc_item_t item, u_int maxnum, __u32 array_p, rsbac_time_t *ttl_array_p)
int	sys_rsbac_rc_change_role (rsbac_rc_role_id_t role)
int	sys_rsbac_rc_get_eff_rights_n (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, char t_name, rsbac_rc_request_vector_t request_vector_p, rsbac_time_t *ttl_p)
int	sys_rsbac_rc_get_current_role (rsbac_rc_role_id_t *role_p)
int	sys_rsbac_auth_add_p_cap (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl)
int	sys_rsbac_auth_remove_p_cap (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range)
int	sys_rsbac_auth_add_f_cap (rsbac_list_ta_number_t ta_number, char *filename, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl)
int	sys_rsbac_auth_remove_f_cap (rsbac_list_ta_number_t ta_number, char *filename, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range)
int	sys_rsbac_auth_get_f_caplist (rsbac_list_ta_number_t ta_number, char *filename, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t caplist[], rsbac_time_t ttllist[], u_int maxnum)
int	sys_rsbac_auth_get_p_caplist (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t caplist[], rsbac_time_t ttllist[], u_int maxnum)
int	sys_rsbac_reg (rsbac_reg_handle_t handle, void *arg)
int	sys_rsbac_acl (rsbac_list_ta_number_t ta_number, enum rsbac_acl_syscall_type_t call, struct rsbac_acl_syscall_arg_t *arg)
int	sys_rsbac_acl_n (rsbac_list_ta_number_t ta_number, enum rsbac_acl_syscall_type_t call, struct rsbac_acl_syscall_n_arg_t *arg)
int	sys_rsbac_acl_get_rights (rsbac_list_ta_number_t ta_number, struct rsbac_acl_syscall_arg_t arg, rsbac_acl_rights_vector_t rights_p, u_int effective)
int	sys_rsbac_acl_get_rights_n (rsbac_list_ta_number_t ta_number, struct rsbac_acl_syscall_n_arg_t arg, rsbac_acl_rights_vector_t rights_p, u_int effective)
int	sys_rsbac_acl_get_tlist (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t *tid, struct rsbac_acl_entry_t entry_array[], rsbac_time_t ttl_array[], u_int maxnum)
int	sys_rsbac_acl_get_tlist_n (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, char *t_name, struct rsbac_acl_entry_t entry_array[], rsbac_time_t ttl_array[], u_int maxnum)
int	sys_rsbac_acl_get_mask (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t tid, rsbac_acl_rights_vector_t mask_p)
int	sys_rsbac_acl_get_mask_n (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, char t_name, rsbac_acl_rights_vector_t mask_p)
int	sys_rsbac_acl_group (rsbac_list_ta_number_t ta_number, enum rsbac_acl_group_syscall_type_t call, union rsbac_acl_group_syscall_arg_t *arg_p)
int	sys_rsbac_acl_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t *id_p, u_long maxnum)
int	sys_rsbac_acl_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t *id_p, u_long maxnum)
int	sys_rsbac_acl_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t *id_p, u_long maxnum)
int	sys_rsbac_jail (rsbac_version_t version, char *path, rsbac_jail_ip_t ip, rsbac_jail_flags_t flags, rsbac_cap_vector_t max_caps, rsbac_jail_scd_vector_t scd_get, rsbac_jail_scd_vector_t scd_modify)
int	sys_rsbac_um_auth_name (char name, char pass)
int	sys_rsbac_um_auth_uid (rsbac_uid_t uid, char *pass)
int	sys_rsbac_um_add_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid, struct rsbac_um_user_entry_t entry_p, char pass, rsbac_time_t ttl)
int	sys_rsbac_um_add_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid, struct rsbac_um_group_entry_t entry_p, char pass, rsbac_time_t ttl)
int	sys_rsbac_um_add_gm (rsbac_list_ta_number_t ta_number, rsbac_uid_t user, rsbac_gid_t group, rsbac_time_t ttl)
int	sys_rsbac_um_mod_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid, enum rsbac_um_mod_t mod, union rsbac_um_mod_data_t *data_p)
int	sys_rsbac_um_mod_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid, enum rsbac_um_mod_t mod, union rsbac_um_mod_data_t *data_p)
int	sys_rsbac_um_get_user_item (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid, enum rsbac_um_mod_t mod, union rsbac_um_mod_data_t *data_p)
int	sys_rsbac_um_get_group_item (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid, enum rsbac_um_mod_t mod, union rsbac_um_mod_data_t *data_p)
int	sys_rsbac_um_remove_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid)
int	sys_rsbac_um_remove_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid)
int	sys_rsbac_um_remove_gm (rsbac_list_ta_number_t ta_number, rsbac_uid_t user, rsbac_gid_t group)
int	sys_rsbac_um_user_exists (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid)
int	sys_rsbac_um_group_exists (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid)
int	sys_rsbac_um_get_next_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t old_user, rsbac_uid_t *next_user_p)
int	sys_rsbac_um_get_user_list (rsbac_list_ta_number_t ta_number, rsbac_uid_t user_array[], u_int maxnum)
int	sys_rsbac_um_get_gm_list (rsbac_list_ta_number_t ta_number, rsbac_uid_t user, rsbac_gid_t group_array[], u_int maxnum)
int	sys_rsbac_um_get_gm_user_list (rsbac_list_ta_number_t ta_number, rsbac_gid_t group, rsbac_uid_t user_array[], u_int maxnum)
int	sys_rsbac_um_get_group_list (rsbac_list_ta_number_t ta_number, rsbac_gid_t group_array[], u_int maxnum)
int	sys_rsbac_um_get_uid (rsbac_list_ta_number_t ta_number, char name, rsbac_uid_t uid_p)
int	sys_rsbac_um_get_gid (rsbac_list_ta_number_t ta_number, char name, rsbac_gid_t gid_p)
int	sys_rsbac_um_set_pass (rsbac_uid_t uid, char old_pass, char new_pass)
int	sys_rsbac_um_set_pass_name (char name, char old_pass, char *new_pass)
int	sys_rsbac_um_set_group_pass (rsbac_gid_t gid, char *new_pass)
int	sys_rsbac_um_check_account (rsbac_uid_t uid)
int	sys_rsbac_um_check_account_name (char *name)
int	sys_rsbac_adf_log_switch (enum rsbac_adf_request_t request, enum rsbac_target_t target, u_int value)
int	sys_rsbac_get_adf_log (enum rsbac_adf_request_t request, enum rsbac_target_t target, u_int *value_p)
int	sys_rsbac_log (int type, char *buf, int len)
asmlinkage int	sys_rsbac (rsbac_version_t version, enum rsbac_syscall_t call, union rsbac_syscall_arg_t *arg_p)
Variables
semaphore	rsbac_write_sem

syscalls.c File Reference

Functions

Variables

Function Documentation

Variable Documentation