00001
00002
00003
00004
00005
00006
00007
00008
00009 #include <rsbac/types.h>
00010 #include <rsbac/aci.h>
00011 #include <rsbac/mac.h>
00012 #include <rsbac/pm.h>
00013 #include <rsbac/auth.h>
00014 #include <rsbac/acl.h>
00015 #include <rsbac/reg.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/debug.h>
00018 #include <rsbac/helpers.h>
00019 #include <rsbac/getname.h>
00020 #include <rsbac/network.h>
00021 #include <asm/segment.h>
00022 #include <asm/semaphore.h>
00023 #include <linux/sched.h>
00024 #include <linux/file.h>
00025 #include <rsbac/rkmem.h>
00026 #include <rsbac/gen_lists.h>
00027 #include <linux/smp_lock.h>
00028 #include <asm/uaccess.h>
00029
00030 #include <rsbac/adf.h>
00031 #include <rsbac/adf_main.h>
00032 #include <rsbac/adf_syshelpers.h>
00033 #include <rsbac/rc.h>
00034 #include <rsbac/um.h>
00035 #include <rsbac/um_types.h>
00036 #include <rsbac/syscalls.h>
00037
00038 #ifdef CONFIG_RSBAC_NET_OBJ
00039 #include <rsbac/network.h>
00040 #endif
00041 #ifdef CONFIG_RSBAC_DAZ
00042 #include <rsbac/daz.h>
00043 #endif
00044
00045 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00046 #include <linux/namei.h>
00047 #endif
00048
00049
00050
00051
00052
00053 extern struct semaphore rsbac_write_sem;
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066 int sys_rsbac_stats(void)
00067 {
00068 union rsbac_target_id_t rsbac_target_id;
00069 union rsbac_attribute_value_t rsbac_attribute_value;
00070
00071 #ifdef CONFIG_RSBAC_DEBUG
00072 if (rsbac_debug_aef)
00073 {
00074 rsbac_printk(KERN_DEBUG "sys_rsbac_stats(): calling ADF\n");
00075 }
00076 #endif
00077 rsbac_target_id.scd = ST_rsbac;
00078 rsbac_attribute_value.dummy = 0;
00079 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00080 current->pid,
00081 T_SCD,
00082 rsbac_target_id,
00083 A_none,
00084 rsbac_attribute_value))
00085 {
00086 return -EPERM;
00087 }
00088
00089 return(rsbac_stats());
00090 };
00091
00092 long sys_sync(void);
00093
00094 int sys_rsbac_check(int correct, int check_inode)
00095 {
00096 union rsbac_target_id_t rsbac_target_id;
00097 union rsbac_attribute_value_t rsbac_attribute_value;
00098 int result;
00099
00100 #ifdef CONFIG_RSBAC_DEBUG
00101 if (rsbac_debug_aef)
00102 {
00103 rsbac_printk(KERN_DEBUG "sys_rsbac_check(): calling ADF\n");
00104 }
00105 #endif
00106 rsbac_target_id.scd = ST_rsbac;
00107 rsbac_attribute_value.dummy = 0;
00108 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00109 current->pid,
00110 T_SCD,
00111 rsbac_target_id,
00112 A_none,
00113 rsbac_attribute_value))
00114 {
00115 return -EPERM;
00116 }
00117
00118 rsbac_printk(KERN_INFO
00119 "sys_rsbac_check(): triggering RSBAC consistency check, correct = %u, check_inode = %u!\n",
00120 correct, check_inode);
00121 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00122
00123 if(check_inode)
00124 {
00125 rsbac_printk(KERN_INFO
00126 "sys_rsbac_check(): syncing disks\n");
00127 sys_sync();
00128 }
00129 #endif
00130
00131 lock_kernel();
00132 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00133
00134 if(check_inode)
00135 down(&rsbac_write_sem);
00136 #endif
00137
00138 result=rsbac_check_lists(correct);
00139
00140
00141 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00142 if(!result)
00143 result = rsbac_check(correct, check_inode);
00144 #if defined(CONFIG_RSBAC_MAC)
00145 if(!result)
00146 result=rsbac_check_mac(correct, check_inode);
00147 #endif
00148 #if defined(CONFIG_RSBAC_AUTH)
00149 if(!result)
00150 result=rsbac_check_auth(correct, check_inode);
00151 #endif
00152 #endif
00153 #if defined(CONFIG_RSBAC_ACL)
00154 if(!result)
00155 result=rsbac_check_acl(correct, check_inode);
00156 #endif
00157 #if defined(CONFIG_RSBAC_REG)
00158 if(!result)
00159 result=rsbac_check_reg(correct, check_inode);
00160 #endif
00161
00162 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00163
00164 if(check_inode)
00165 up(&rsbac_write_sem);
00166 #endif
00167
00168 unlock_kernel();
00169 return(result);
00170 }
00171
00172 int sys_rsbac_write(void)
00173 {
00174 #if defined(CONFIG_RSBAC_AUTO_WRITE)
00175 union rsbac_target_id_t rsbac_target_id;
00176 union rsbac_attribute_value_t rsbac_attribute_value;
00177 int result;
00178
00179 #ifdef CONFIG_RSBAC_DEBUG
00180 if (rsbac_debug_aef)
00181 {
00182 rsbac_printk(KERN_DEBUG "sys_rsbac_write(): calling ADF\n");
00183 }
00184 #endif
00185 rsbac_target_id.scd = ST_rsbac;
00186 rsbac_attribute_value.dummy = 0;
00187 if (!rsbac_adf_request(R_WRITE,
00188 current->pid,
00189 T_SCD,
00190 rsbac_target_id,
00191 A_none,
00192 rsbac_attribute_value))
00193 {
00194 return -EPERM;
00195 }
00196
00197
00198 result = rsbac_write(TRUE);
00199
00200 return result;
00201 #else
00202 return(0);
00203 #endif
00204 };
00205
00206
00207
00208
00209
00210 int sys_rsbac_get_attr(
00211 rsbac_list_ta_number_t ta_number,
00212 enum rsbac_switch_target_t module,
00213 enum rsbac_target_t target,
00214 union rsbac_target_id_t * tid,
00215 enum rsbac_attribute_t attr,
00216 union rsbac_attribute_value_t * value,
00217 int inherit)
00218 {
00219 union rsbac_target_id_t k_tid;
00220 union rsbac_attribute_value_t k_value;
00221 int err = 0;
00222 rsbac_boolean_t i_inherit;
00223
00224 if(module > SW_NONE)
00225 return(-RSBAC_EINVALIDMODULE);
00226 if(!tid || (target >= T_NONE))
00227 return(-RSBAC_EINVALIDTARGET);
00228 if(!value)
00229 return(-RSBAC_EINVALIDVALUE);
00230 if(attr >= A_none)
00231 return(-RSBAC_EINVALIDATTR);
00232
00233 if(module == SW_NONE)
00234 {
00235 module = get_attr_module(attr);
00236 if(module == SW_NONE)
00237 return(-RSBAC_EINVALIDMODULE);
00238 }
00239
00240
00241 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00242 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00243
00244 if(inherit)
00245 i_inherit = TRUE;
00246 else
00247 i_inherit = FALSE;
00248
00249 #ifdef CONFIG_RSBAC_NET_OBJ
00250
00251 if( (target == T_NETOBJ)
00252 && ( !k_tid.netobj.sock_p
00253 || k_tid.netobj.remote_addr
00254 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00255 || !k_tid.netobj.sock_p->file
00256 || !k_tid.netobj.sock_p->file->f_dentry
00257 || !k_tid.netobj.sock_p->file->f_dentry->d_inode
00258 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p)
00259 #else
00260 || !k_tid.netobj.sock_p->inode
00261 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p)
00262 #endif
00263 )
00264 )
00265 return -RSBAC_EINVALIDTARGET;
00266 #endif
00267
00268
00269 #ifdef CONFIG_RSBAC_DEBUG
00270 if (rsbac_debug_aef)
00271 {
00272 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): calling ADF\n");
00273 }
00274 #endif
00275 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
00276 current->pid,
00277 target,
00278 k_tid,
00279 attr,
00280 k_value))
00281 {
00282 return -EPERM;
00283 }
00284
00285 err = rsbac_ta_get_attr(ta_number, module, target, k_tid, attr, &k_value, i_inherit);
00286
00287 if(!err)
00288 {
00289 err = rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00290 }
00291 return (err);
00292 }
00293
00294
00295 int sys_rsbac_get_attr_n(
00296 rsbac_list_ta_number_t ta_number,
00297 enum rsbac_switch_target_t module,
00298 enum rsbac_target_t target,
00299 char * t_name,
00300 enum rsbac_attribute_t attr,
00301 union rsbac_attribute_value_t * value,
00302 int inherit)
00303 {
00304 union rsbac_attribute_value_t k_value;
00305 struct dentry * t_dentry;
00306 int err = 0;
00307 union rsbac_target_id_t tid;
00308
00309 rsbac_boolean_t i_inherit;
00310 struct nameidata nd;
00311
00312 if(module > SW_NONE)
00313 return(-RSBAC_EINVALIDMODULE);
00314 if(!t_name || (target >= T_NONE))
00315 return(-RSBAC_EINVALIDTARGET);
00316 if(!value)
00317 return(-RSBAC_EINVALIDVALUE);
00318 if(attr >= A_none)
00319 return(-RSBAC_EINVALIDATTR);
00320
00321 if(module == SW_NONE)
00322 {
00323 module = get_attr_module(attr);
00324 if(module == SW_NONE)
00325 return(-RSBAC_EINVALIDMODULE);
00326 }
00327
00328 if(inherit)
00329 i_inherit = TRUE;
00330 else
00331 i_inherit = FALSE;
00332
00333
00334 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00335
00336
00337 if ((err = user_path_walk_link(t_name, &nd)))
00338 {
00339 #ifdef CONFIG_RSBAC_DEBUG
00340 if (rsbac_debug_aef)
00341 {
00342 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): call to user_path_walk_link() returned %i\n", err);
00343 }
00344 #endif
00345 goto out;
00346 }
00347 t_dentry = nd.dentry;
00348 if (!t_dentry->d_inode)
00349 {
00350 #ifdef CONFIG_RSBAC_DEBUG
00351 if (rsbac_debug_aef)
00352 {
00353 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): file not found\n");
00354 }
00355 #endif
00356 err = -RSBAC_EINVALIDTARGET;
00357 goto out_dput;
00358 }
00359
00360 switch (target)
00361 {
00362
00363 case T_FD:
00364 if(S_ISREG(t_dentry->d_inode->i_mode))
00365 {
00366 target = T_FILE;
00367 }
00368 else
00369 if(S_ISDIR(t_dentry->d_inode->i_mode))
00370 {
00371 target = T_DIR;
00372 }
00373 else
00374 if(S_ISLNK(t_dentry->d_inode->i_mode))
00375 {
00376 target = T_SYMLINK;
00377 }
00378 else
00379 if(S_ISFIFO(t_dentry->d_inode->i_mode))
00380 {
00381 target = T_FIFO;
00382 }
00383 else
00384 if(S_ISBLK(t_dentry->d_inode->i_mode))
00385 {
00386 target = T_FILE;
00387 }
00388 else
00389 if(S_ISCHR(t_dentry->d_inode->i_mode))
00390 {
00391 target = T_FILE;
00392 }
00393 else
00394 {
00395 #ifdef CONFIG_RSBAC_DEBUG
00396 if (rsbac_debug_aef)
00397 {
00398 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no filesystem object\n");
00399 }
00400 #endif
00401 err = -RSBAC_EINVALIDTARGET;
00402 goto out_dput;
00403 }
00404 break;
00405
00406 case T_FILE:
00407 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
00408 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00409 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00410 {
00411 #ifdef CONFIG_RSBAC_DEBUG
00412 if (rsbac_debug_aef)
00413 {
00414 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no file\n");
00415 }
00416 #endif
00417 err = -RSBAC_EINVALIDTARGET;
00418 goto out_dput;
00419 }
00420 break;
00421
00422 case T_DIR:
00423 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00424 {
00425 #ifdef CONFIG_RSBAC_DEBUG
00426 if (rsbac_debug_aef)
00427 {
00428 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dir\n");
00429 }
00430 #endif
00431 err = -RSBAC_EINVALIDTARGET;
00432 goto out_dput;
00433 }
00434 break;
00435
00436 case T_FIFO:
00437
00438 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
00439 {
00440 #ifdef CONFIG_RSBAC_DEBUG
00441 if (rsbac_debug_aef)
00442 {
00443 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no fifo\n");
00444 }
00445 #endif
00446 err = -RSBAC_EINVALIDTARGET;
00447 goto out_dput;
00448 }
00449 break;
00450
00451 case T_SYMLINK:
00452 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
00453 {
00454 #ifdef CONFIG_RSBAC_DEBUG
00455 if (rsbac_debug_aef)
00456 {
00457 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no symlink\n");
00458 }
00459 #endif
00460 err = -RSBAC_EINVALIDTARGET;
00461 goto out_dput;
00462 }
00463 break;
00464
00465 case T_DEV:
00466 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
00467 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00468 {
00469 #ifdef CONFIG_RSBAC_DEBUG
00470 if (rsbac_debug_aef)
00471 {
00472 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dev\n");
00473 }
00474 #endif
00475 err = -RSBAC_EINVALIDTARGET;
00476 goto out_dput;
00477 }
00478 break;
00479
00480 default:
00481 err = -RSBAC_EINVALIDTARGET;
00482 goto out_dput;
00483 }
00484
00485 if(target == T_DEV)
00486 {
00487 if(S_ISBLK(t_dentry->d_inode->i_mode))
00488 tid.dev.type = D_block;
00489 else
00490 tid.dev.type = D_char;
00491 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
00492 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
00493 }
00494 else
00495 {
00496
00497 tid.file.device = t_dentry->d_sb->s_dev;
00498 tid.file.inode = t_dentry->d_inode->i_ino;
00499 tid.file.dentry_p = t_dentry;
00500 }
00501
00502 #ifdef CONFIG_RSBAC_DEBUG
00503 if (rsbac_debug_aef)
00504 {
00505 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): calling ADF\n");
00506 }
00507 #endif
00508 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
00509 current->pid,
00510 target,
00511 tid,
00512 attr,
00513 k_value))
00514 {
00515 err = -EPERM;
00516 }
00517 else
00518 {
00519 err = rsbac_ta_get_attr(ta_number, module, target, tid, attr, &k_value, i_inherit);
00520
00521 if(!err)
00522 rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00523 }
00524
00525 out_dput:
00526 path_release(&nd);
00527
00528 out:
00529 return(err);
00530 }
00531
00532
00533
00534 int sys_rsbac_set_attr(
00535 rsbac_list_ta_number_t ta_number,
00536 enum rsbac_switch_target_t module,
00537 enum rsbac_target_t target,
00538 union rsbac_target_id_t * tid,
00539 enum rsbac_attribute_t attr,
00540 union rsbac_attribute_value_t * value)
00541 {
00542 union rsbac_target_id_t k_tid;
00543 union rsbac_attribute_value_t k_value;
00544 int err = 0;
00545 struct task_struct * task_p;
00546
00547 if(module > SW_NONE)
00548 return(-RSBAC_EINVALIDMODULE);
00549 if(!tid || (target >= T_NONE))
00550 return(-RSBAC_EINVALIDTARGET);
00551 if(!value)
00552 return(-RSBAC_EINVALIDVALUE);
00553 if(attr >= A_none)
00554 return(-RSBAC_EINVALIDATTR);
00555
00556 if(module == SW_NONE)
00557 {
00558 module = get_attr_module(attr);
00559 if(module == SW_NONE)
00560 return(-RSBAC_EINVALIDMODULE);
00561 }
00562 #ifdef CONFIG_RSBAC_FREEZE
00563 if(rsbac_freeze)
00564 {
00565 rsbac_printk(KERN_WARNING
00566 "sys_rsbac_set_attr(): RSBAC configuration frozen, no administration allowed!\n");
00567 return -EPERM;
00568 }
00569 #endif
00570
00571
00572 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00573 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00574
00575
00576 switch(target)
00577 {
00578 case T_PROCESS:
00579 read_lock(&tasklist_lock);
00580 task_p = find_task_by_pid(k_tid.process);
00581 read_unlock(&tasklist_lock);
00582 if(!task_p)
00583 return(-RSBAC_EINVALIDTARGET);
00584 break;
00585
00586 #ifdef CONFIG_RSBAC_NET_OBJ
00587
00588 case T_NETOBJ:
00589 if( !k_tid.netobj.sock_p
00590 || k_tid.netobj.remote_addr
00591 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00592 || !k_tid.netobj.sock_p->file
00593 || !k_tid.netobj.sock_p->file->f_dentry
00594 || !k_tid.netobj.sock_p->file->f_dentry->d_inode
00595 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p)
00596 #else
00597 || !k_tid.netobj.sock_p->inode
00598 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p)
00599 #endif
00600 )
00601 return -RSBAC_EINVALIDTARGET;
00602 #endif
00603
00604
00605 default:
00606 break;
00607 }
00608
00609
00610 #ifdef CONFIG_RSBAC_DEBUG
00611 if (rsbac_debug_aef)
00612 rsbac_printk(KERN_DEBUG
00613 "sys_rsbac_set_attr(): calling ADF\n");
00614 #endif
00615 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00616 current->pid,
00617 target,
00618 k_tid,
00619 attr,
00620 k_value))
00621 {
00622 return -EPERM;
00623 }
00624 err = rsbac_ta_set_attr(ta_number, module, target, k_tid, attr, k_value);
00625 return err;
00626 }
00627
00628 int sys_rsbac_set_attr_n(
00629 rsbac_list_ta_number_t ta_number,
00630 enum rsbac_switch_target_t module,
00631 enum rsbac_target_t target,
00632 char * t_name,
00633 enum rsbac_attribute_t attr,
00634 union rsbac_attribute_value_t * value)
00635 {
00636 struct dentry * t_dentry;
00637 int err = 0;
00638 union rsbac_attribute_value_t k_value;
00639 union rsbac_target_id_t tid;
00640 struct nameidata nd;
00641
00642 if(module > SW_NONE)
00643 return(-RSBAC_EINVALIDMODULE);
00644 if(!t_name || (target >= T_NONE))
00645 return(-RSBAC_EINVALIDTARGET);
00646 if(!value)
00647 return(-RSBAC_EINVALIDVALUE);
00648 if(attr >= A_none)
00649 return(-RSBAC_EINVALIDATTR);
00650
00651 if(module == SW_NONE)
00652 {
00653 module = get_attr_module(attr);
00654 if(module == SW_NONE)
00655 return(-RSBAC_EINVALIDMODULE);
00656 }
00657
00658 #ifdef CONFIG_RSBAC_FREEZE
00659 if(rsbac_freeze)
00660 {
00661 rsbac_printk(KERN_WARNING
00662 "sys_rsbac_set_attr_n(): RSBAC configuration frozen, no administration allowed!\n");
00663 return -EPERM;
00664 }
00665 #endif
00666
00667 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00668
00669
00670 if ((err = user_path_walk_link(t_name, &nd)))
00671 {
00672 #ifdef CONFIG_RSBAC_DEBUG
00673 if (rsbac_debug_aef)
00674 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): call to user_path_walk_link() returned %i\n", err);
00675 #endif
00676 goto out;
00677 }
00678 t_dentry = nd.dentry;
00679 if (!t_dentry->d_inode)
00680 {
00681 #ifdef CONFIG_RSBAC_DEBUG
00682 if (rsbac_debug_aef)
00683 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): file not found\n");
00684 #endif
00685 err = -RSBAC_EINVALIDTARGET;
00686 goto out_dput;
00687 }
00688
00689 switch (target)
00690 {
00691
00692 case T_FD:
00693 if(S_ISREG(t_dentry->d_inode->i_mode))
00694 {
00695 target = T_FILE;
00696 }
00697 else
00698 if(S_ISDIR(t_dentry->d_inode->i_mode))
00699 {
00700 target = T_DIR;
00701 }
00702 else
00703 if(S_ISLNK(t_dentry->d_inode->i_mode))
00704 {
00705 target = T_SYMLINK;
00706 }
00707 else
00708 if(S_ISFIFO(t_dentry->d_inode->i_mode))
00709 {
00710 target = T_FIFO;
00711 }
00712 else
00713 if(S_ISBLK(t_dentry->d_inode->i_mode))
00714 {
00715 target = T_FILE;
00716 }
00717 else
00718 if(S_ISCHR(t_dentry->d_inode->i_mode))
00719 {
00720 target = T_FILE;
00721 }
00722 else
00723 {
00724 #ifdef CONFIG_RSBAC_DEBUG
00725 if (rsbac_debug_aef)
00726 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no filesystem object\n");
00727 #endif
00728 err = -RSBAC_EINVALIDTARGET;
00729 goto out_dput;
00730 }
00731 break;
00732
00733 case T_FILE:
00734 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
00735 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00736 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00737 {
00738 #ifdef CONFIG_RSBAC_DEBUG
00739 if (rsbac_debug_aef)
00740 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no file\n");
00741 #endif
00742 err = -RSBAC_EINVALIDTARGET;
00743 goto out_dput;
00744 }
00745 break;
00746
00747 case T_DIR:
00748 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00749 {
00750 #ifdef CONFIG_RSBAC_DEBUG
00751 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n");
00752 #endif
00753 err = -RSBAC_EINVALIDTARGET;
00754 goto out_dput;
00755 }
00756 break;
00757
00758 case T_FIFO:
00759
00760 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
00761 {
00762 #ifdef CONFIG_RSBAC_DEBUG
00763 if (rsbac_debug_aef)
00764 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no fifo\n");
00765 #endif
00766 err = -RSBAC_EINVALIDTARGET;
00767 goto out_dput;
00768 }
00769 break;
00770
00771 case T_SYMLINK:
00772 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
00773 {
00774 #ifdef CONFIG_RSBAC_DEBUG
00775 if (rsbac_debug_aef)
00776 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no symlink\n");
00777 #endif
00778 err = -RSBAC_EINVALIDTARGET;
00779 goto out_dput;
00780 }
00781 break;
00782
00783 case T_DEV:
00784 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
00785 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00786 {
00787 #ifdef CONFIG_RSBAC_DEBUG
00788 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no dev\n");
00789 #endif
00790 err = -RSBAC_EINVALIDTARGET;
00791 goto out_dput;
00792 }
00793 break;
00794
00795 default:
00796 err = -RSBAC_EINVALIDTARGET;
00797 goto out_dput;
00798 }
00799
00800 if(target == T_DEV)
00801 {
00802 if(S_ISBLK(t_dentry->d_inode->i_mode))
00803 tid.dev.type = D_block;
00804 else
00805 tid.dev.type = D_char;
00806 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
00807 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
00808 }
00809 else
00810 {
00811
00812 tid.file.device = t_dentry->d_sb->s_dev;
00813 tid.file.inode = t_dentry->d_inode->i_ino;
00814 tid.file.dentry_p = t_dentry;
00815 }
00816
00817 #ifdef CONFIG_RSBAC_DEBUG
00818 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): calling ADF\n");
00819 #endif
00820 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00821 current->pid,
00822 target,
00823 tid,
00824 attr,
00825 k_value))
00826 {
00827 err = -EPERM;
00828 }
00829 else
00830 {
00831 err = rsbac_ta_set_attr(ta_number, module, target, tid, attr, k_value);
00832 }
00833
00834 out_dput:
00835 path_release(&nd);
00836
00837 out:
00838 return(err);
00839 }
00840
00841
00842
00843 int sys_rsbac_remove_target(
00844 rsbac_list_ta_number_t ta_number,
00845 enum rsbac_target_t target,
00846 union rsbac_target_id_t * tid)
00847 {
00848 union rsbac_target_id_t k_tid;
00849 int err = 0;
00850
00851
00852 union rsbac_attribute_value_t rsbac_attribute_value;
00853
00854 if(!tid || (target >= T_NONE))
00855 return(-RSBAC_EINVALIDTARGET);
00856
00857 #ifdef CONFIG_RSBAC_FREEZE
00858 if(rsbac_freeze)
00859 {
00860 rsbac_printk(KERN_WARNING
00861 "sys_rsbac_remove_target(): RSBAC configuration frozen, no administration allowed!\n");
00862 return -EPERM;
00863 }
00864 #endif
00865
00866
00867 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00868
00869
00870 #ifdef CONFIG_RSBAC_DEBUG
00871 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target(): calling ADF\n");
00872 #endif
00873 rsbac_attribute_value.dummy = 0;
00874 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00875 current->pid,
00876 target,
00877 k_tid,
00878 A_none,
00879 rsbac_attribute_value))
00880 {
00881 return -EPERM;
00882 }
00883 err = rsbac_ta_remove_target(ta_number, target, k_tid);
00884 return (err);
00885 }
00886
00887 int sys_rsbac_remove_target_n(
00888 rsbac_list_ta_number_t ta_number,
00889 enum rsbac_target_t target,
00890 char * t_name)
00891 {
00892 struct dentry * t_dentry;
00893 int err = 0;
00894 union rsbac_target_id_t tid;
00895
00896
00897 union rsbac_attribute_value_t rsbac_attribute_value;
00898
00899
00900
00901 struct nameidata nd;
00902
00903 if(!t_name || (target >= T_NONE))
00904 return(-RSBAC_EINVALIDTARGET);
00905
00906 #ifdef CONFIG_RSBAC_FREEZE
00907 if(rsbac_freeze)
00908 {
00909 rsbac_printk(KERN_WARNING
00910 "sys_rsbac_remove_target_n(): RSBAC configuration frozen, no administration allowed!\n");
00911 return -EPERM;
00912 }
00913 #endif
00914
00915
00916 if ((err = user_path_walk_link(t_name, &nd)))
00917 {
00918 #ifdef CONFIG_RSBAC_DEBUG
00919 if (rsbac_debug_aef)
00920 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): call to user_path_walk_link() returned %i\n", err);
00921 #endif
00922 goto out;
00923 }
00924 t_dentry = nd.dentry;
00925 if (!t_dentry->d_inode)
00926 {
00927 #ifdef CONFIG_RSBAC_DEBUG
00928 if (rsbac_debug_aef)
00929 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): file not found\n");
00930 #endif
00931 err = -RSBAC_EINVALIDTARGET;
00932 goto out_dput;
00933 }
00934
00935 switch (target)
00936 {
00937
00938 case T_FD:
00939 if(S_ISREG(t_dentry->d_inode->i_mode))
00940 {
00941 target = T_FILE;
00942 }
00943 else
00944 if(S_ISDIR(t_dentry->d_inode->i_mode))
00945 {
00946 target = T_DIR;
00947 }
00948 else
00949 if(S_ISLNK(t_dentry->d_inode->i_mode))
00950 {
00951 target = T_SYMLINK;
00952 }
00953 else
00954 if(S_ISFIFO(t_dentry->d_inode->i_mode))
00955 {
00956 target = T_FIFO;
00957 }
00958 else
00959 if(S_ISBLK(t_dentry->d_inode->i_mode))
00960 {
00961 target = T_FILE;
00962 }
00963 else
00964 if(S_ISCHR(t_dentry->d_inode->i_mode))
00965 {
00966 target = T_FILE;
00967 }
00968 else
00969 {
00970 #ifdef CONFIG_RSBAC_DEBUG
00971 if (rsbac_debug_aef)
00972 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no filesystem object\n");
00973 #endif
00974 err = -RSBAC_EINVALIDTARGET;
00975 goto out_dput;
00976 }
00977 break;
00978
00979 case T_FILE:
00980 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
00981 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00982 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00983 {
00984 #ifdef CONFIG_RSBAC_DEBUG
00985 if (rsbac_debug_aef)
00986 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no file\n");
00987 #endif
00988 err = -RSBAC_EINVALIDTARGET;
00989 goto out_dput;
00990 }
00991 break;
00992
00993 case T_DIR:
00994 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00995 {
00996 #ifdef CONFIG_RSBAC_DEBUG
00997 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n");
00998 #endif
00999 err = -RSBAC_EINVALIDTARGET;
01000 goto out_dput;
01001 }
01002 break;
01003
01004 case T_FIFO:
01005
01006 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
01007 {
01008 #ifdef CONFIG_RSBAC_DEBUG
01009 if (rsbac_debug_aef)
01010 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no fifo\n");
01011 #endif
01012 err = -RSBAC_EINVALIDTARGET;
01013 goto out_dput;
01014 }
01015 break;
01016
01017 case T_SYMLINK:
01018 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
01019 {
01020 #ifdef CONFIG_RSBAC_DEBUG
01021 if (rsbac_debug_aef)
01022 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no symlink\n");
01023 #endif
01024 err = -RSBAC_EINVALIDTARGET;
01025 goto out_dput;
01026 }
01027 break;
01028
01029 case T_DEV:
01030 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
01031 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
01032 {
01033 #ifdef CONFIG_RSBAC_DEBUG
01034 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no dev\n");
01035 #endif
01036 err = -RSBAC_EINVALIDTARGET;
01037 goto out_dput;
01038 }
01039 break;
01040
01041 default:
01042 err = -RSBAC_EINVALIDTARGET;
01043 goto out_dput;
01044 }
01045
01046 if(target == T_DEV)
01047 {
01048 if(S_ISBLK(t_dentry->d_inode->i_mode))
01049 tid.dev.type = D_block;
01050 else
01051 tid.dev.type = D_char;
01052 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
01053 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
01054 }
01055 else
01056 {
01057
01058 tid.file.device = t_dentry->d_sb->s_dev;
01059 tid.file.inode = t_dentry->d_inode->i_ino;
01060 tid.file.dentry_p = t_dentry;
01061 }
01062
01063 #ifdef CONFIG_RSBAC_DEBUG
01064 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): calling ADF\n");
01065 #endif
01066 rsbac_attribute_value.dummy = 0;
01067 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
01068 current->pid,
01069 target,
01070 tid,
01071 A_none,
01072 rsbac_attribute_value))
01073 {
01074 err = -EPERM;
01075 }
01076 else
01077 {
01078 err = rsbac_ta_remove_target(ta_number, target, tid);
01079 }
01080
01081 out_dput:
01082 path_release(&nd);
01083
01084 out:
01085 return(err);
01086 }
01087
01088 int sys_rsbac_list_all_dev(
01089 rsbac_list_ta_number_t ta_number,
01090 struct rsbac_dev_desc_t * id_p,
01091 u_long maxnum)
01092 {
01093 int err = 0;
01094 long count;
01095
01096 if(id_p && maxnum)
01097 {
01098 struct rsbac_dev_desc_t * k_id_p = NULL;
01099
01100 count = rsbac_ta_list_all_dev(ta_number, &k_id_p);
01101 if(count <= 0)
01102 return count;
01103 if(count > maxnum)
01104 count = maxnum;
01105
01106 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01107
01108 rsbac_vfree(k_id_p);
01109
01110 if(err)
01111 return err;
01112 else
01113 return count;
01114 }
01115 else
01116 return rsbac_ta_list_all_dev(ta_number, NULL);
01117 }
01118
01119 int sys_rsbac_list_all_user(
01120 rsbac_list_ta_number_t ta_number,
01121 rsbac_uid_t * id_p,
01122 u_long maxnum)
01123 {
01124 int err = 0;
01125 long count;
01126
01127 if(id_p && maxnum)
01128 {
01129 rsbac_uid_t * k_id_p = NULL;
01130
01131 count = rsbac_ta_list_all_user(ta_number, &k_id_p);
01132 if(count <= 0)
01133 return count;
01134 if(count > maxnum)
01135 count = maxnum;
01136
01137 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01138
01139 rsbac_vfree(k_id_p);
01140
01141 if(err)
01142 return err;
01143 else
01144 return count;
01145 }
01146 else
01147 return rsbac_ta_list_all_user(ta_number, NULL);
01148 }
01149
01150 int sys_rsbac_list_all_group(
01151 rsbac_list_ta_number_t ta_number,
01152 rsbac_gid_t * id_p,
01153 u_long maxnum)
01154 {
01155 int err = 0;
01156 long count;
01157
01158 if(id_p && maxnum)
01159 {
01160 rsbac_gid_t * k_id_p = NULL;
01161
01162 count = rsbac_ta_list_all_group(ta_number, &k_id_p);
01163 if(count <= 0)
01164 return count;
01165 if(count > maxnum)
01166 count = maxnum;
01167
01168 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01169
01170 rsbac_vfree(k_id_p);
01171
01172 if(err)
01173 return err;
01174 else
01175 return count;
01176 }
01177 else
01178 return rsbac_ta_list_all_group(ta_number, NULL);
01179 }
01180
01181 int sys_rsbac_net_list_all_netdev(
01182 rsbac_list_ta_number_t ta_number,
01183 rsbac_netdev_id_t * id_p,
01184 u_long maxnum)
01185 {
01186 #ifdef CONFIG_RSBAC_NET_DEV
01187 int err = 0;
01188 long count;
01189
01190 if(id_p && maxnum)
01191 {
01192 rsbac_netdev_id_t * k_id_p = NULL;
01193
01194 count = rsbac_ta_net_list_all_netdev(ta_number, &k_id_p);
01195 if(count <= 0)
01196 return count;
01197 if(count > maxnum)
01198 count = maxnum;
01199
01200 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01201
01202 rsbac_vfree(k_id_p);
01203
01204 if(err)
01205 return err;
01206 else
01207 return count;
01208 }
01209 else
01210 return rsbac_ta_net_list_all_netdev(ta_number, NULL);
01211
01212 #else
01213 return -RSBAC_EINVALIDREQUEST;
01214 #endif
01215 }
01216
01217 int sys_rsbac_net_template(
01218 rsbac_list_ta_number_t ta_number,
01219 enum rsbac_net_temp_syscall_t call,
01220 rsbac_net_temp_id_t id,
01221 union rsbac_net_temp_syscall_data_t * data_p)
01222 {
01223 #ifdef CONFIG_RSBAC_NET_OBJ
01224 union rsbac_net_temp_syscall_data_t k_data;
01225 int err = 0;
01226
01227 #ifndef CONFIG_RSBAC_MAINT
01228 union rsbac_target_id_t i_tid;
01229 union rsbac_attribute_value_t i_attr_val;
01230 #endif
01231
01232 if(!id)
01233 return -RSBAC_EINVALIDVALUE;
01234 if(!data_p)
01235 return -RSBAC_EINVALIDPOINTER;
01236
01237
01238 switch(call)
01239 {
01240 case NTS_set_address:
01241 case NTS_set_address_family:
01242 case NTS_set_valid_len:
01243 case NTS_set_type:
01244 case NTS_set_protocol:
01245 case NTS_set_netdev:
01246 case NTS_set_min_port:
01247 case NTS_set_max_port:
01248 case NTS_set_name:
01249 case NTS_new_template:
01250 case NTS_copy_template:
01251 case NTS_delete_template:
01252 #ifdef CONFIG_RSBAC_FREEZE
01253 if(rsbac_freeze)
01254 {
01255 rsbac_printk(KERN_WARNING
01256 "sys_rsbac_net_template(): RSBAC configuration frozen, no administration allowed!\n");
01257 return -EPERM;
01258 }
01259 #endif
01260 if(call != NTS_delete_template)
01261 {
01262 err = rsbac_get_user((u_char *) &k_data, (u_char *) data_p, sizeof(k_data) );
01263 if(err)
01264 return err;
01265 }
01266 break;
01267 case NTS_check_id:
01268 case NTS_get_address:
01269 case NTS_get_address_family:
01270 case NTS_get_valid_len:
01271 case NTS_get_type:
01272 case NTS_get_protocol:
01273 case NTS_get_netdev:
01274 case NTS_get_min_port:
01275 case NTS_get_max_port:
01276 case NTS_get_name:
01277 break;
01278
01279 default:
01280 return -RSBAC_EINVALIDREQUEST;
01281 }
01282
01283 #ifndef CONFIG_RSBAC_MAINT
01284 #ifdef CONFIG_RSBAC_DEBUG
01285 if (rsbac_debug_aef)
01286 rsbac_printk(KERN_DEBUG "sys_rsbac_net_template(): calling ADF\n");
01287 #endif
01288 i_tid.nettemp = id;
01289 i_attr_val.dummy = 0;
01290 switch(call)
01291 {
01292 case NTS_new_template:
01293 if (!rsbac_adf_request(R_CREATE,
01294 current->pid,
01295 T_NETTEMP,
01296 i_tid,
01297 A_none,
01298 i_attr_val))
01299 #ifdef CONFIG_RSBAC_SOFTMODE
01300 if(!rsbac_softmode)
01301 #endif
01302 return -EPERM;
01303 break;
01304
01305 case NTS_copy_template:
01306 if(!rsbac_net_template_exist(id))
01307 {
01308 if(!rsbac_adf_request(R_CREATE,
01309 current->pid,
01310 T_NETTEMP,
01311 i_tid,
01312 A_none,
01313 i_attr_val))
01314 #ifdef CONFIG_RSBAC_SOFTMODE
01315 if(!rsbac_softmode)
01316 #endif
01317 return -EPERM;
01318 }
01319 else
01320 {
01321 if(!rsbac_adf_request(R_WRITE,
01322 current->pid,
01323 T_NETTEMP,
01324 i_tid,
01325 A_none,
01326 i_attr_val))
01327 #ifdef CONFIG_RSBAC_SOFTMODE
01328 if(!rsbac_softmode)
01329 #endif
01330 return -EPERM;
01331 }
01332 i_tid.nettemp = k_data.id;
01333 if (!rsbac_adf_request(R_READ,
01334 current->pid,
01335 T_NETTEMP,
01336 i_tid,
01337 A_none,
01338 i_attr_val))
01339 #ifdef CONFIG_RSBAC_SOFTMODE
01340 if(!rsbac_softmode)
01341 #endif
01342 return -EPERM;
01343 break;
01344
01345 case NTS_delete_template:
01346 if (!rsbac_adf_request(R_DELETE,
01347 current->pid,
01348 T_NETTEMP,
01349 i_tid,
01350 A_none,
01351 i_attr_val))
01352 #ifdef CONFIG_RSBAC_SOFTMODE
01353 if(!rsbac_softmode)
01354 #endif
01355 return -EPERM;
01356 break;
01357
01358 case NTS_get_address:
01359 case NTS_get_address_family:
01360 case NTS_get_valid_len:
01361 case NTS_get_type:
01362 case NTS_get_protocol:
01363 case NTS_get_netdev:
01364 case NTS_get_min_port:
01365 case NTS_get_max_port:
01366 if (!rsbac_adf_request(R_READ,
01367 current->pid,
01368 T_NETTEMP,
01369 i_tid,
01370 A_none,
01371 i_attr_val))
01372 #ifdef CONFIG_RSBAC_SOFTMODE
01373 if(!rsbac_softmode)
01374 #endif
01375 return -EPERM;
01376 break;
01377
01378 case NTS_set_address:
01379 case NTS_set_address_family:
01380 case NTS_set_valid_len:
01381 case NTS_set_type:
01382 case NTS_set_protocol:
01383 case NTS_set_netdev:
01384 case NTS_set_min_port:
01385 case NTS_set_max_port:
01386 case NTS_set_name:
01387 if (!rsbac_adf_request(R_WRITE,
01388 current->pid,
01389 T_NETTEMP,
01390 i_tid,
01391 A_none,
01392 i_attr_val))
01393 #ifdef CONFIG_RSBAC_SOFTMODE
01394 if(!rsbac_softmode)
01395 #endif
01396 return -EPERM;
01397 break;
01398
01399 default:
01400 break;
01401 }
01402 #endif
01403
01404 err = rsbac_ta_net_template(ta_number, call, id, &k_data);
01405 if(!err)
01406 {
01407
01408 switch(call)
01409 {
01410 case NTS_check_id:
01411 case NTS_get_address:
01412 case NTS_get_address_family:
01413 case NTS_get_valid_len:
01414 case NTS_get_type:
01415 case NTS_get_protocol:
01416 case NTS_get_netdev:
01417 case NTS_get_min_port:
01418 case NTS_get_max_port:
01419 case NTS_get_name:
01420 err = rsbac_put_user((u_char *) &k_data, (u_char *) data_p, sizeof(k_data) );
01421 break;
01422 default:
01423 break;
01424 }
01425 }
01426 return err;
01427
01428 #else
01429 return -RSBAC_EINVALIDREQUEST;
01430 #endif
01431 }
01432
01433 int sys_rsbac_net_list_all_template(
01434 rsbac_list_ta_number_t ta_number,
01435 rsbac_net_temp_id_t * id_p,
01436 u_long maxnum)
01437 {
01438 #ifdef CONFIG_RSBAC_NET_OBJ
01439 int err = 0;
01440 int count;
01441 union rsbac_target_id_t i_tid;
01442 union rsbac_attribute_value_t i_attr_val;
01443
01444 i_tid.nettemp = 0;
01445 i_attr_val.dummy = 0;
01446 if (!rsbac_adf_request(R_READ,
01447 current->pid,
01448 T_NETTEMP,
01449 i_tid,
01450 A_none,
01451 i_attr_val))
01452 return -EPERM;
01453 if(id_p && maxnum)
01454 {
01455 rsbac_net_temp_id_t * k_id_p = NULL;
01456
01457 count = rsbac_ta_net_list_all_template(ta_number, &k_id_p);
01458 if(count <= 0)
01459 return count;
01460 if(count > maxnum)
01461 count = maxnum;
01462
01463 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01464
01465 rsbac_vfree(k_id_p);
01466
01467 if(err)
01468 return err;
01469 else
01470 return count;
01471 }
01472 else
01473 return rsbac_ta_net_list_all_template(ta_number, NULL);
01474
01475 #else
01476 return -RSBAC_EINVALIDREQUEST;
01477 #endif
01478 }
01479
01480
01481
01482
01483
01484
01485 int sys_rsbac_switch(enum rsbac_switch_target_t target, int value)
01486 {
01487 #if defined(CONFIG_RSBAC_SWITCH) || defined(CONFIG_RSBAC_SOFTMODE)
01488 union rsbac_target_id_t rsbac_target_id;
01489 union rsbac_attribute_value_t rsbac_attribute_value;
01490 char * switch_name;
01491
01492
01493 if(target >= SW_NONE)
01494 return(-RSBAC_EINVALIDTARGET);
01495 if ( (value < 0)
01496 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01497 || (value > 3)
01498 #else
01499 || (value > 1)
01500 #endif
01501 )
01502 return (-RSBAC_EINVALIDVALUE);
01503
01504 #ifdef CONFIG_RSBAC_SOFTMODE
01505 if( rsbac_softmode_prohibit
01506 && ( ( (value == 1)
01507 && (target == SOFTMODE)
01508 )
01509 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01510 || (value == 3)
01511 #endif
01512 )
01513 )
01514 {
01515 rsbac_printk(KERN_WARNING
01516 "sys_rsbac_switch(): setting of softmode prohibited!\n");
01517 return -EPERM;
01518 }
01519 #endif
01520
01521 #ifdef CONFIG_RSBAC_DEBUG
01522 if (rsbac_debug_aef)
01523 rsbac_printk(KERN_DEBUG "sys_rsbac_switch(): calling ADF\n");
01524 #endif
01525 rsbac_target_id.dummy = 0;
01526 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
01527 if(target == DAC_DISABLE)
01528 {
01529 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01530 if(value > 1)
01531 return -RSBAC_EINVALIDVALUE;
01532 #endif
01533 rsbac_attribute_value.dummy = 0;
01534 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
01535 current->pid,
01536 T_NONE,
01537 rsbac_target_id,
01538 A_none,
01539 rsbac_attribute_value))
01540 {
01541 return -EPERM;
01542 }
01543 }
01544 else
01545 #endif
01546 {
01547 rsbac_attribute_value.switch_target = target;
01548 if (!rsbac_adf_request(R_SWITCH_MODULE,
01549 current->pid,
01550 T_NONE,
01551 rsbac_target_id,
01552 A_switch_target,
01553 rsbac_attribute_value))
01554 {
01555 return -EPERM;
01556 }
01557 }
01558
01559 switch(value)
01560 {
01561 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01562 case 2:
01563 case 3:
01564 rsbac_ind_softmode[target] = value - 2;
01565 break;
01566 #endif
01567
01568 default:
01569 switch (target)
01570 {
01571 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
01572 case DAC_DISABLE: rsbac_dac_disable = value;
01573 break;
01574 #endif
01575 #ifdef CONFIG_RSBAC_SOFTMODE
01576 case SOFTMODE: rsbac_softmode = value;
01577 break;
01578 #endif
01579 #ifdef CONFIG_RSBAC_FREEZE
01580 case FREEZE:
01581 if(rsbac_freeze)
01582 {
01583 rsbac_printk(KERN_WARNING
01584 "sys_rsbac_switch(): RSBAC configuration frozen, no administration allowed!\n");
01585 return -EPERM;
01586 }
01587 rsbac_freeze = value;
01588 break;
01589 #endif
01590 #ifdef CONFIG_RSBAC_SWITCH_MAC
01591 case MAC:
01592 #ifndef CONFIG_RSBAC_SWITCH_ON
01593 if(value)
01594 return -RSBAC_EINVALIDMODULE;
01595 #endif
01596 rsbac_switch_mac = value;
01597 break;
01598 #endif
01599 #ifdef CONFIG_RSBAC_SWITCH_PM
01600 case PM:
01601 #ifndef CONFIG_RSBAC_SWITCH_ON
01602 if(value)
01603 return -RSBAC_EINVALIDMODULE;
01604 #endif
01605 rsbac_switch_pm = value;
01606 break;
01607 #endif
01608 #ifdef CONFIG_RSBAC_SWITCH_DAZ
01609 case DAZ:
01610 rsbac_switch_daz = value;
01611 break;
01612 #endif
01613 #ifdef CONFIG_RSBAC_SWITCH_FF
01614 case FF:
01615 rsbac_switch_ff = value;
01616 break;
01617 #endif
01618 #ifdef CONFIG_RSBAC_SWITCH_RC
01619 case RC:
01620 #ifndef CONFIG_RSBAC_SWITCH_ON
01621 if(value)
01622 return -RSBAC_EINVALIDMODULE;
01623 #endif
01624 rsbac_switch_rc = value;
01625 break;
01626 #endif
01627 #ifdef CONFIG_RSBAC_SWITCH_AUTH
01628 case AUTH:
01629 rsbac_switch_auth = value;
01630 break;
01631 #endif
01632 #ifdef CONFIG_RSBAC_SWITCH_ACL
01633 case ACL:
01634 rsbac_switch_acl = value;
01635 break;
01636 #endif
01637 #ifdef CONFIG_RSBAC_SWITCH_CAP
01638 case CAP:
01639 rsbac_switch_cap = value;
01640 break;
01641 #endif
01642 #ifdef CONFIG_RSBAC_SWITCH_JAIL
01643 case JAIL:
01644 rsbac_switch_jail = value;
01645 break;
01646 #endif
01647 #ifdef CONFIG_RSBAC_SWITCH_RES
01648 case RES:
01649 rsbac_switch_res = value;
01650 break;
01651 #endif
01652 #ifdef CONFIG_RSBAC_SWITCH_PAX
01653 case PAX:
01654 rsbac_switch_pax = value;
01655 break;
01656 #endif
01657 default:
01658 return (-RSBAC_EINVALIDMODULE);
01659 }
01660 }
01661
01662 switch_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01663 if(switch_name)
01664 {
01665 int show_value = value;
01666
01667 get_switch_target_name(switch_name,target);
01668 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01669 switch(value)
01670 {
01671 case 2:
01672 case 3:
01673 strcat(switch_name, " softmode");
01674 show_value -= 2;
01675 break;
01676 default:
01677 break;
01678 }
01679 #endif
01680 rsbac_printk(KERN_WARNING
01681 "sys_rsbac_switch(): user %u switched RSBAC module %s to %i!\n",
01682 current->uid, switch_name, show_value);
01683 rsbac_kfree(switch_name);
01684 }
01685 return 0;
01686 #else
01687 return -RSBAC_EINVALIDREQUEST;
01688 #endif
01689 }
01690
01691
01692
01693 int sys_rsbac_mac_set_curr_level(rsbac_security_level_t level,
01694 rsbac_mac_category_vector_t * categories_p)
01695 {
01696 #ifdef CONFIG_RSBAC_MAC
01697 rsbac_mac_category_vector_t k_categories;
01698 int err;
01699
01700 if(!categories_p)
01701 return -RSBAC_EINVALIDPOINTER;
01702 err = rsbac_get_user((char *) &k_categories, (char *) categories_p, sizeof(k_categories));
01703 if(err)
01704 return err;
01705 return (rsbac_mac_set_curr_level(level, k_categories));
01706 #else
01707 return (-RSBAC_EINVALIDMODULE);
01708 #endif
01709 }
01710
01711 int sys_rsbac_mac_get_curr_level(rsbac_security_level_t * level_p,
01712 rsbac_mac_category_vector_t * categories_p)
01713 {
01714 #ifdef CONFIG_RSBAC_MAC
01715 int err = 0;
01716 rsbac_security_level_t k_level;
01717 rsbac_mac_category_vector_t k_categories;
01718
01719 err = rsbac_mac_get_curr_level(&k_level, &k_categories);
01720 if(err)
01721 return err;
01722 if(level_p)
01723 {
01724 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
01725 if(err)
01726 return err;
01727 }
01728 if(categories_p)
01729 {
01730 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
01731 }
01732 return err;
01733 #else
01734 return (-RSBAC_EINVALIDMODULE);
01735 #endif
01736 }
01737
01738 int sys_rsbac_mac_get_max_level(rsbac_security_level_t * level_p,
01739 rsbac_mac_category_vector_t * categories_p)
01740 {
01741 #ifdef CONFIG_RSBAC_MAC
01742 int err = 0;
01743 rsbac_security_level_t k_level;
01744 rsbac_mac_category_vector_t k_categories;
01745
01746 err = rsbac_mac_get_max_level(&k_level, &k_categories);
01747 if(err)
01748 return err;
01749 if(level_p)
01750 {
01751 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
01752 if(err)
01753 return err;
01754 }
01755 if(categories_p)
01756 {
01757 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
01758 }
01759 return err;
01760 #else
01761 return (-RSBAC_EINVALIDMODULE);
01762 #endif
01763 }
01764
01765 int sys_rsbac_mac_get_min_level(rsbac_security_level_t * level_p,
01766 rsbac_mac_category_vector_t * categories_p)
01767 {
01768 #ifdef CONFIG_RSBAC_MAC
01769 int err = 0;
01770 rsbac_security_level_t k_level;
01771 rsbac_mac_category_vector_t k_categories;
01772
01773 err = rsbac_mac_get_min_level(&k_level, &k_categories);
01774 if(err)
01775 return err;
01776 if(level_p)
01777 {
01778 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
01779 if(err)
01780 return err;
01781 }
01782 if(categories_p)
01783 {
01784 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
01785 }
01786 return err;
01787 #else
01788 return (-RSBAC_EINVALIDMODULE);
01789 #endif
01790 }
01791
01792
01793 int sys_rsbac_mac_add_p_tru(
01794 rsbac_list_ta_number_t ta_number,
01795 rsbac_pid_t pid,
01796 rsbac_uid_t uid,
01797 rsbac_time_t ttl)
01798 {
01799 #if defined(CONFIG_RSBAC_MAC)
01800 struct task_struct * task_p;
01801
01802 #ifdef CONFIG_RSBAC_FREEZE
01803 if(rsbac_freeze)
01804 {
01805 rsbac_printk(KERN_WARNING
01806 "sys_rsbac_mac_add_p_tru(): RSBAC configuration frozen, no administration allowed!\n");
01807 return -EPERM;
01808 }
01809 #endif
01810
01811 read_lock(&tasklist_lock);
01812 task_p = find_task_by_pid(pid);
01813 read_unlock(&tasklist_lock);
01814 if(!task_p)
01815 return(-RSBAC_EINVALIDTARGET);
01816
01817 return(rsbac_mac_add_p_tru(ta_number, pid, uid, ttl));
01818 #else
01819 return (-RSBAC_EINVALIDMODULE);
01820 #endif
01821 }
01822
01823 int sys_rsbac_mac_remove_p_tru(
01824 rsbac_list_ta_number_t ta_number,
01825 rsbac_pid_t pid,
01826 rsbac_uid_t uid)
01827 {
01828 #if defined(CONFIG_RSBAC_MAC)
01829 struct task_struct * task_p;
01830
01831 #ifdef CONFIG_RSBAC_FREEZE
01832 if(rsbac_freeze)
01833 {
01834 rsbac_printk(KERN_WARNING
01835 "sys_rsbac_mac_remove_p_tru(): RSBAC configuration frozen, no administration allowed!\n");
01836 return -EPERM;
01837 }
01838 #endif
01839
01840 read_lock(&tasklist_lock);
01841 task_p = find_task_by_pid(pid);
01842 read_unlock(&tasklist_lock);
01843 if(!task_p)
01844 return(-RSBAC_EINVALIDTARGET);
01845 return(rsbac_mac_remove_p_tru(ta_number, pid, uid));
01846 #else
01847 return (-RSBAC_EINVALIDMODULE);
01848 #endif
01849 }
01850
01851 int sys_rsbac_mac_add_f_tru(
01852 rsbac_list_ta_number_t ta_number,
01853 char * filename,
01854 rsbac_uid_t uid,
01855 rsbac_time_t ttl)
01856 {
01857 #if defined(CONFIG_RSBAC_MAC)
01858 struct dentry * t_dentry;
01859 int err = 0;
01860 enum rsbac_target_t target;
01861 union rsbac_target_id_t tid;
01862
01863 struct nameidata nd;
01864
01865 if(!filename)
01866 return(-RSBAC_EINVALIDTARGET);
01867
01868 #ifdef CONFIG_RSBAC_FREEZE
01869 if(rsbac_freeze)
01870 {
01871 rsbac_printk(KERN_WARNING
01872 "sys_rsbac_mac_add_f_tru(): RSBAC configuration frozen, no administration allowed!\n");
01873 return -EPERM;
01874 }
01875 #endif
01876
01877 if ((err = user_path_walk_link(filename, &nd)))
01878 {
01879 #ifdef CONFIG_RSBAC_DEBUG
01880 if (rsbac_debug_aef_mac)
01881 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_add_f_tru(): call to user_path_walk_link() returned %i\n", err);
01882 #endif
01883 goto out;
01884 }
01885 t_dentry = nd.dentry;
01886 if (!t_dentry->d_inode)
01887 {
01888 err = -RSBAC_EINVALIDTARGET;
01889 goto out_dput;
01890 }
01891
01892 if(S_ISREG(t_dentry->d_inode->i_mode))
01893 target = T_FILE;
01894 else
01895 if(S_ISDIR(t_dentry->d_inode->i_mode))
01896 target = T_DIR;
01897 else
01898 {
01899 err = -RSBAC_EINVALIDTARGET;
01900 goto out_dput;
01901 }
01902 tid.file.device = t_dentry->d_sb->s_dev;
01903 tid.file.inode = t_dentry->d_inode->i_ino;
01904 tid.file.dentry_p = t_dentry;
01905
01906 err = rsbac_mac_add_f_tru(ta_number, tid.file, uid, ttl);
01907
01908 out_dput:
01909 path_release(&nd);
01910 out:
01911 return(err);
01912
01913 #else
01914 return (-RSBAC_EINVALIDMODULE);
01915 #endif
01916 }
01917
01918 int sys_rsbac_mac_remove_f_tru(
01919 rsbac_list_ta_number_t ta_number,
01920 char * filename,
01921 rsbac_uid_t uid)
01922 {
01923 #if defined(CONFIG_RSBAC_MAC)
01924 struct dentry * t_dentry;
01925 int err = 0;
01926 enum rsbac_target_t target;
01927 union rsbac_target_id_t tid;
01928
01929 struct nameidata nd;
01930
01931 if(!filename)
01932 return(-RSBAC_EINVALIDTARGET);
01933
01934 #ifdef CONFIG_RSBAC_FREEZE
01935 if(rsbac_freeze)
01936 {
01937 rsbac_printk(KERN_WARNING
01938 "sys_rsbac_mac_remove_f_tru(): RSBAC configuration frozen, no administration allowed!\n");
01939 return -EPERM;
01940 }
01941 #endif
01942
01943 if ((err = user_path_walk_link(filename, &nd)))
01944 {
01945 #ifdef CONFIG_RSBAC_DEBUG
01946 if (rsbac_debug_aef_mac)
01947 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_remove_f_tru(): call to user_path_walk_link() returned %i\n", err);
01948 #endif
01949 goto out;
01950 }
01951 t_dentry = nd.dentry;
01952 if (!t_dentry->d_inode)
01953 {
01954 err = -RSBAC_EINVALIDTARGET;
01955 goto out_dput;
01956 }
01957
01958 if(S_ISREG(t_dentry->d_inode->i_mode))
01959 target = T_FILE;
01960 else
01961 if(S_ISDIR(t_dentry->d_inode->i_mode))
01962 target = T_DIR;
01963 else
01964 {
01965 err = -RSBAC_EINVALIDTARGET;
01966 goto out_dput;
01967 }
01968 tid.file.device = t_dentry->d_sb->s_dev;
01969 tid.file.inode = t_dentry->d_inode->i_ino;
01970 tid.file.dentry_p = t_dentry;
01971
01972 err = rsbac_mac_remove_f_tru(ta_number, tid.file, uid);
01973
01974 out_dput:
01975 path_release(&nd);
01976 out:
01977 return(err);
01978
01979 #else
01980 return (-RSBAC_EINVALIDMODULE);
01981 #endif
01982 }
01983
01984
01985 int sys_rsbac_mac_get_f_trulist(
01986 rsbac_list_ta_number_t ta_number,
01987 char * filename,
01988 rsbac_uid_t trulist[],
01989 rsbac_time_t ttllist[],
01990 u_int maxnum)
01991 {
01992 #if defined(CONFIG_RSBAC_MAC)
01993 struct dentry * t_dentry;
01994 int err = 0, tmperr = 0;
01995 enum rsbac_target_t target;
01996 union rsbac_target_id_t tid;
01997 rsbac_uid_t * k_trulist;
01998 rsbac_time_t * k_ttllist;
01999
02000 struct nameidata nd;
02001
02002 if(!filename)
02003 return(-RSBAC_EINVALIDTARGET);
02004 if(!trulist)
02005 return(-RSBAC_EINVALIDPOINTER);
02006 if(maxnum <= 0)
02007 return(-RSBAC_EINVALIDVALUE);
02008 if(maxnum > RSBAC_MAC_MAX_MAXNUM)
02009 maxnum = RSBAC_MAC_MAX_MAXNUM;
02010
02011 if ((err = user_path_walk_link(filename, &nd)))
02012 {
02013 #ifdef CONFIG_RSBAC_DEBUG
02014 if (rsbac_debug_aef_mac)
02015 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_get_f_trulist(): call to user_path_walk_link() returned %i\n", err);
02016 #endif
02017 goto out;
02018 }
02019 t_dentry = nd.dentry;
02020 if (!t_dentry->d_inode)
02021 {
02022 err = -RSBAC_EINVALIDTARGET;
02023 goto out_dput;
02024 }
02025
02026 if(S_ISREG(t_dentry->d_inode->i_mode))
02027 target = T_FILE;
02028 else
02029 if(S_ISDIR(t_dentry->d_inode->i_mode))
02030 target = T_DIR;
02031 else
02032 {
02033 err = -RSBAC_EINVALIDTARGET;
02034 goto out_dput;
02035 }
02036 tid.file.device = t_dentry->d_sb->s_dev;
02037 tid.file.inode = t_dentry->d_inode->i_ino;
02038 tid.file.dentry_p = t_dentry;
02039
02040 err = rsbac_mac_get_f_trulist(ta_number, tid.file, &k_trulist, &k_ttllist);
02041 if(err>0)
02042 {
02043 if(err > maxnum)
02044 err = maxnum;
02045 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist,
02046 sizeof(rsbac_uid_t) * err);
02047 if(tmperr < 0)
02048 err = tmperr;
02049 else
02050 {
02051 if(ttllist)
02052 {
02053 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
02054 sizeof(rsbac_time_t) * err);
02055 if(tmperr < 0)
02056 err = tmperr;
02057 }
02058 }
02059 rsbac_vfree(k_trulist);
02060 rsbac_vfree(k_ttllist);
02061 }
02062
02063 out_dput:
02064 path_release(&nd);
02065 out:
02066 return(err);
02067
02068 #else
02069 return (-RSBAC_EINVALIDMODULE);
02070 #endif
02071 }
02072
02073 int sys_rsbac_mac_get_p_trulist(
02074 rsbac_list_ta_number_t ta_number,
02075 rsbac_pid_t pid,
02076 rsbac_uid_t trulist[],
02077 rsbac_time_t ttllist[],
02078 u_int maxnum)
02079 {
02080 #if defined(CONFIG_RSBAC_MAC)
02081 int err = 0, tmperr = 0;
02082 union rsbac_target_id_t tid;
02083 rsbac_uid_t * k_trulist;
02084 rsbac_time_t * k_ttllist;
02085
02086 if(!pid)
02087 return(-RSBAC_EINVALIDTARGET);
02088 if(!trulist)
02089 return(-RSBAC_EINVALIDPOINTER);
02090 if(maxnum <= 0)
02091 return(-RSBAC_EINVALIDVALUE);
02092 if(maxnum > RSBAC_MAC_MAX_MAXNUM)
02093 maxnum = RSBAC_MAC_MAX_MAXNUM;
02094
02095 tid.process = pid;
02096
02097 err = rsbac_mac_get_p_trulist(ta_number, tid.process, &k_trulist, &k_ttllist);
02098 if(err>0)
02099 {
02100 if(err > maxnum)
02101 err = maxnum;
02102 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist,
02103 sizeof(rsbac_uid_t) * err);
02104 if(tmperr < 0)
02105 err = tmperr;
02106 else
02107 {
02108 if(ttllist)
02109 {
02110 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
02111 sizeof(rsbac_time_t) * err);
02112 if(tmperr < 0)
02113 err = tmperr;
02114 }
02115 }
02116 rsbac_vfree(k_trulist);
02117 rsbac_vfree(k_ttllist);
02118 }
02119
02120 return(err);
02121
02122 #else
02123 return (-RSBAC_EINVALIDMODULE);
02124 #endif
02125 }
02126
02127
02128
02129 int sys_rsbac_stats_pm(void)
02130 {
02131 #ifndef CONFIG_RSBAC_PM
02132 return (0);
02133 #else
02134 union rsbac_target_id_t rsbac_target_id;
02135 union rsbac_attribute_value_t rsbac_attribute_value;
02136
02137 #ifdef CONFIG_RSBAC_DEBUG
02138 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): calling ADF\n");
02139 #endif
02140 rsbac_target_id.scd = ST_rsbac;
02141 rsbac_attribute_value.dummy = 0;
02142 if (!rsbac_adf_request(R_GET_STATUS_DATA,
02143 current->pid,
02144 T_SCD,
02145 rsbac_target_id,
02146 A_none,
02147 rsbac_attribute_value))
02148 {
02149 return -EPERM;
02150 }
02151
02152 #ifdef CONFIG_RSBAC_DEBUG
02153 if (rsbac_debug_aef_pm)
02154 rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): getting RSBAC status!\n");
02155 #endif
02156 return(rsbac_stats_pm());
02157 #endif
02158 };
02159
02160 int sys_rsbac_pm(
02161 rsbac_list_ta_number_t ta_number,
02162 enum rsbac_pm_function_type_t function,
02163 union rsbac_pm_function_param_t * param_p,
02164 rsbac_pm_tkt_id_t ticket)
02165 {
02166 #ifndef CONFIG_RSBAC_PM
02167 return (-RSBAC_EINVALIDMODULE);
02168 #else
02169 union rsbac_pm_function_param_t k_param;
02170 int result;
02171
02172 if(function >= PF_none)
02173 return(-RSBAC_EINVALIDREQUEST);
02174 if(!param_p)
02175 return(-RSBAC_EINVALIDPOINTER);
02176 #ifdef CONFIG_RSBAC_DEBUG
02177 if (rsbac_debug_aef_pm)
02178 rsbac_printk(KERN_DEBUG "sys_rsbac_pm(): called for function %i!\n",
02179 function);
02180 #endif
02181
02182 #ifdef CONFIG_RSBAC_FREEZE
02183 if(rsbac_freeze)
02184 {
02185 rsbac_printk(KERN_WARNING
02186 "sys_rsbac_pm(): RSBAC configuration frozen, no administration allowed!\n");
02187 return -EPERM;
02188 }
02189 #endif
02190
02191
02192 rsbac_get_user((u_char *) &k_param, (u_char *) param_p, sizeof(k_param) );
02193
02194 lock_kernel();
02195 result = rsbac_pm(ta_number, function, k_param, ticket);
02196 unlock_kernel();
02197 return result;
02198 #endif
02199 }
02200
02201 int sys_rsbac_pm_change_current_task(rsbac_pm_task_id_t task)
02202 {
02203 #ifndef CONFIG_RSBAC_PM
02204 return (0);
02205 #else
02206 #ifdef CONFIG_RSBAC_DEBUG
02207 if (rsbac_debug_aef_pm)
02208 rsbac_printk(KERN_DEBUG
02209 "sys_rsbac_pm_change_current_task(): called for task %i!\n",
02210 task);
02211 #endif
02212
02213 return(rsbac_pm_change_current_task(task));
02214 #endif
02215 }
02216
02217 int sys_rsbac_pm_create_file(const char * filename,
02218 int mode,
02219 rsbac_pm_object_class_id_t class)
02220 {
02221 #ifndef CONFIG_RSBAC_PM
02222 return (-RSBAC_EINVALIDMODULE);
02223 #else
02224 if(!filename)
02225 return(-RSBAC_EINVALIDPOINTER);
02226 #ifdef CONFIG_RSBAC_DEBUG
02227 if (rsbac_debug_aef_pm)
02228 rsbac_printk(KERN_DEBUG
02229 "sys_rsbac_pm_create_file(): called with class %i!\n",
02230 class);
02231 #endif
02232
02233 return(rsbac_pm_create_file(filename, mode, class));
02234 #endif
02235 }
02236
02237
02238
02239 int sys_rsbac_daz_flush_cache(void)
02240 {
02241 #ifndef CONFIG_RSBAC_DAZ_CACHE
02242 return (0);
02243 #else
02244 #ifndef CONFIG_RSBAC_MAINT
02245 union rsbac_target_id_t i_tid;
02246 union rsbac_attribute_value_t i_attr_val1;
02247
02248
02249 i_tid.user = current->uid;
02250 if (rsbac_get_attr(DAZ,
02251 T_USER,
02252 i_tid,
02253 A_daz_role,
02254 &i_attr_val1,
02255 TRUE))
02256 {
02257 rsbac_printk(KERN_WARNING
02258 "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
02259 return -EPERM;
02260 }
02261
02262 if ( (i_attr_val1.system_role != SR_security_officer)
02263 && (i_attr_val1.system_role != SR_administrator)
02264 )
02265 #ifdef CONFIG_RSBAC_SOFTMODE
02266 if( !rsbac_softmode
02267 #ifdef CONFIG_RSBAC_SOFTMODE_IND
02268 && !rsbac_ind_softmode[DAZ]
02269 #endif
02270 )
02271 #endif
02272 return -EPERM;
02273 #endif
02274
02275 rsbac_printk(KERN_INFO
02276 "sys_rsbac_daz_flush_cache(): flushing DAZuko result cache!\n");
02277
02278 return(rsbac_daz_flush_cache());
02279 #endif
02280 }
02281
02282
02283
02284
02285 int sys_rsbac_rc_copy_role(
02286 rsbac_list_ta_number_t ta_number,
02287 rsbac_rc_role_id_t from_role,
02288 rsbac_rc_role_id_t to_role)
02289 {
02290 #if defined(CONFIG_RSBAC_RC)
02291 if( (from_role > RC_role_max_value)
02292 || (from_role > RC_role_max_value))
02293 return(-RSBAC_EINVALIDVALUE);
02294 #ifdef CONFIG_RSBAC_DEBUG
02295 if (rsbac_debug_aef_rc)
02296 rsbac_printk(KERN_DEBUG
02297 "sys_rsbac_rc_copy_role(): from %i, to %i!\n",
02298 from_role, to_role);
02299 #endif
02300 #ifdef CONFIG_RSBAC_FREEZE
02301 if(rsbac_freeze)
02302 {
02303 rsbac_printk(KERN_WARNING
02304 "sys_rsbac_rc_copy_role(): RSBAC configuration frozen, no administration allowed!\n");
02305 return -EPERM;
02306 }
02307 #endif
02308
02309
02310 return(rsbac_rc_sys_copy_role(ta_number, from_role, to_role));
02311 #else
02312 return (-RSBAC_EINVALIDMODULE);
02313 #endif
02314 }
02315
02316 int sys_rsbac_rc_copy_type(
02317 rsbac_list_ta_number_t ta_number,
02318 enum rsbac_rc_target_t target,
02319 rsbac_rc_type_id_t from_type,
02320 rsbac_rc_type_id_t to_type)
02321 {
02322 #if defined(CONFIG_RSBAC_RC)
02323 if( (from_type > RC_type_max_value)
02324 || (from_type > RC_type_max_value))
02325 return(-RSBAC_EINVALIDVALUE);
02326 #ifdef CONFIG_RSBAC_DEBUG
02327 if (rsbac_debug_aef_rc)
02328 rsbac_printk(KERN_DEBUG
02329 "sys_rsbac_rc_copy_type(): from %i, to %i!\n",
02330 from_type, to_type);
02331 #endif
02332 #ifdef CONFIG_RSBAC_FREEZE
02333 if(rsbac_freeze)
02334 {
02335 rsbac_printk(KERN_WARNING
02336 "sys_rsbac_rc_copy_type(): RSBAC configuration frozen, no administration allowed!\n");
02337 return -EPERM;
02338 }
02339 #endif
02340
02341
02342 return(rsbac_rc_sys_copy_type(ta_number, target, from_type, to_type));
02343 #else
02344 return (-RSBAC_EINVALIDMODULE);
02345 #endif
02346 }
02347
02348
02349 int sys_rsbac_rc_get_item (
02350 rsbac_list_ta_number_t ta_number,
02351 enum rsbac_rc_target_t target,
02352 union rsbac_rc_target_id_t * tid_p,
02353 union rsbac_rc_target_id_t * subtid_p,
02354 enum rsbac_rc_item_t item,
02355 union rsbac_rc_item_value_t * value_p,
02356 rsbac_time_t * ttl_p)
02357 {
02358 #if defined(CONFIG_RSBAC_RC)
02359 union rsbac_rc_target_id_t k_tid;
02360 union rsbac_rc_target_id_t k_subtid;
02361 union rsbac_rc_item_value_t k_value;
02362 rsbac_time_t k_ttl;
02363 int err = 0;
02364
02365 if( (target >= RT_NONE)
02366 || (item >= RI_none))
02367 return(-RSBAC_EINVALIDVALUE);
02368
02369 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02370 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) );
02371 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02372 #ifdef CONFIG_RSBAC_DEBUG
02373 if (rsbac_debug_aef_rc)
02374 rsbac_printk(KERN_DEBUG
02375 "sys_rsbac_rc_get_item(): target %i, item %i!\n",
02376 target, item);
02377 #endif
02378
02379 err = rsbac_rc_sys_get_item(ta_number, target, k_tid, k_subtid,
02380 item, &k_value, &k_ttl);
02381
02382 if(!err)
02383 {
02384 err = rsbac_put_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02385 if(!err && ttl_p)
02386 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) );
02387 }
02388 return (err);
02389 #else
02390 return (-RSBAC_EINVALIDMODULE);
02391 #endif
02392 }
02393
02394
02395 int sys_rsbac_rc_set_item(
02396 rsbac_list_ta_number_t ta_number,
02397 enum rsbac_rc_target_t target,
02398 union rsbac_rc_target_id_t * tid_p,
02399 union rsbac_rc_target_id_t * subtid_p,
02400 enum rsbac_rc_item_t item,
02401 union rsbac_rc_item_value_t * value_p,
02402 rsbac_time_t ttl)
02403 {
02404 #if defined(CONFIG_RSBAC_RC)
02405 union rsbac_rc_target_id_t k_tid;
02406 union rsbac_rc_target_id_t k_subtid;
02407 union rsbac_rc_item_value_t k_value;
02408
02409 if( (target >= RT_NONE)
02410 || (item >= RI_none))
02411 return(-RSBAC_EINVALIDVALUE);
02412
02413 #ifdef CONFIG_RSBAC_FREEZE
02414 if(rsbac_freeze)
02415 {
02416 rsbac_printk(KERN_WARNING
02417 "sys_rsbac_rc_set_item(): RSBAC configuration frozen, no administration allowed!\n");
02418 return -EPERM;
02419 }
02420 #endif
02421
02422
02423 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02424 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) );
02425 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02426 #ifdef CONFIG_RSBAC_DEBUG
02427 if (rsbac_debug_aef_rc)
02428 rsbac_printk(KERN_DEBUG
02429 "sys_rsbac_rc_set_item(): target %i, item %i!\n",
02430 target, item);
02431 #endif
02432
02433 return rsbac_rc_sys_set_item(ta_number, target, k_tid, k_subtid, item, k_value, ttl);
02434 #else
02435 return (-RSBAC_EINVALIDMODULE);
02436 #endif
02437 }
02438
02439 int sys_rsbac_rc_get_list(
02440 rsbac_list_ta_number_t ta_number,
02441 enum rsbac_rc_target_t target,
02442 union rsbac_rc_target_id_t * tid_p,
02443 enum rsbac_rc_item_t item,
02444 u_int maxnum,
02445 __u32 * array_p,
02446 rsbac_time_t * ttl_array_p)
02447 {
02448 #if defined(CONFIG_RSBAC_RC)
02449 union rsbac_rc_target_id_t k_tid;
02450 int err;
02451
02452 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02453 if(array_p)
02454 {
02455 __u32 * k_array_p;
02456 rsbac_time_t * k_ttl_array_p;
02457
02458 if(!maxnum)
02459 return -RSBAC_EINVALIDVALUE;
02460
02461 err = rsbac_rc_get_list(ta_number, target, k_tid, item,
02462 &k_array_p, &k_ttl_array_p);
02463
02464 if(err > 0)
02465 {
02466 int tmperr;
02467
02468 if(err > maxnum)
02469 err = maxnum;
02470 tmperr = rsbac_put_user((u_char *) k_array_p, (u_char *) array_p, err * sizeof(*k_array_p) );
02471 if(tmperr)
02472 err = tmperr;
02473 rsbac_vfree(k_array_p);
02474 if(k_ttl_array_p && ttl_array_p)
02475 {
02476 tmperr = rsbac_put_user((u_char *) k_ttl_array_p, (u_char *) ttl_array_p, err * sizeof(*k_ttl_array_p) );
02477 if(tmperr)
02478 err = tmperr;
02479 }
02480 rsbac_vfree(k_ttl_array_p);
02481 }
02482 return (err);
02483 }
02484 else
02485 return rsbac_rc_get_list(ta_number, target, k_tid, item, NULL, NULL);
02486 #else
02487 return (-RSBAC_EINVALIDMODULE);
02488 #endif
02489 };
02490
02491
02492 int sys_rsbac_rc_change_role (rsbac_rc_role_id_t role)
02493 {
02494 #if defined(CONFIG_RSBAC_RC)
02495 if(role > RC_role_max_value)
02496 return(-RSBAC_EINVALIDVALUE);
02497 #ifdef CONFIG_RSBAC_DEBUG
02498 if (rsbac_debug_aef_rc)
02499 rsbac_printk(KERN_DEBUG
02500 "sys_rsbac_rc_change_role(): role %i!\n",
02501 role);
02502 #endif
02503
02504 return rsbac_rc_sys_change_role(role);
02505 #else
02506 return (-RSBAC_EINVALIDMODULE);
02507 #endif
02508 }
02509
02510
02511 int sys_rsbac_rc_get_eff_rights_n(
02512 rsbac_list_ta_number_t ta_number,
02513 enum rsbac_target_t target,
02514 char * t_name,
02515 rsbac_rc_request_vector_t * request_vector_p,
02516 rsbac_time_t * ttl_p)
02517 {
02518 #if defined(CONFIG_RSBAC_RC)
02519 struct dentry * t_dentry;
02520 int err = 0;
02521 rsbac_rc_request_vector_t k_req_vec;
02522 rsbac_time_t k_ttl;
02523 union rsbac_target_id_t tid;
02524
02525 struct nameidata nd;
02526
02527 if(!t_name || (target >= T_NONE))
02528 return(-RSBAC_EINVALIDTARGET);
02529
02530 if ((err = user_path_walk_link(t_name, &nd)))
02531 {
02532 #ifdef CONFIG_RSBAC_DEBUG
02533 if (rsbac_debug_aef_rc)
02534 rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): call to user_path_walk_link() returned %i\n", err);
02535 #endif
02536 goto out;
02537 }
02538 t_dentry = nd.dentry;
02539 if (!t_dentry->d_inode)
02540 {
02541 err = -RSBAC_EINVALIDTARGET;
02542 goto out_dput;
02543 }
02544
02545 switch (target)
02546 {
02547 case T_FD:
02548 if(S_ISREG(t_dentry->d_inode->i_mode))
02549 {
02550 target = T_FILE;
02551 }
02552 else
02553 if(S_ISDIR(t_dentry->d_inode->i_mode))
02554 {
02555 target = T_DIR;
02556 }
02557 else
02558 if(S_ISLNK(t_dentry->d_inode->i_mode))
02559 {
02560 target = T_SYMLINK;
02561 }
02562 else
02563 if(S_ISFIFO(t_dentry->d_inode->i_mode))
02564 {
02565 target = T_FIFO;
02566 }
02567 else
02568 if(S_ISBLK(t_dentry->d_inode->i_mode))
02569 {
02570 target = T_FILE;
02571 }
02572 else
02573 if(S_ISCHR(t_dentry->d_inode->i_mode))
02574 {
02575 target = T_FILE;
02576 }
02577 else
02578 {
02579 #ifdef CONFIG_RSBAC_DEBUG
02580 if (rsbac_debug_aef)
02581 rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): no filesystem object\n");
02582 #endif
02583 err = -RSBAC_EINVALIDTARGET;
02584 goto out_dput;
02585 }
02586 break;
02587
02588 case T_FILE:
02589
02590 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
02591 && !(S_ISBLK(t_dentry->d_inode->i_mode))
02592 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
02593 {
02594 err = -RSBAC_EINVALIDTARGET;
02595 goto out_dput;
02596 }
02597 break;
02598
02599 case T_DIR:
02600 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
02601 {
02602 err = -RSBAC_EINVALIDTARGET;
02603 goto out_dput;
02604 }
02605 break;
02606
02607 case T_FIFO:
02608
02609 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
02610 {
02611 err = -RSBAC_EINVALIDTARGET;
02612 goto out_dput;
02613 }
02614 break;
02615
02616 case T_SYMLINK:
02617
02618 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
02619 {
02620 err = -RSBAC_EINVALIDTARGET;
02621 goto out_dput;
02622 }
02623 break;
02624
02625 case T_DEV:
02626
02627 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
02628 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
02629 {
02630 err = -RSBAC_EINVALIDTARGET;
02631 goto out_dput;
02632 }
02633 break;
02634
02635 default:
02636 err = -RSBAC_EINVALIDTARGET;
02637 goto out_dput;
02638 }
02639
02640 if(target == T_DEV)
02641 {
02642 if(S_ISBLK(t_dentry->d_inode->i_mode))
02643 tid.dev.type = D_block;
02644 else
02645 tid.dev.type = D_char;
02646 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
02647 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
02648 }
02649 else
02650 {
02651
02652 tid.file.device = t_dentry->d_sb->s_dev;
02653 tid.file.inode = t_dentry->d_inode->i_ino;
02654 tid.file.dentry_p = t_dentry;
02655 }
02656 err = rsbac_rc_sys_get_eff_rights(ta_number, target, tid, &k_req_vec, &k_ttl);
02657
02658 if(!err)
02659 {
02660 err = rsbac_put_user((u_char *) &k_req_vec, (u_char *) request_vector_p, sizeof(k_req_vec) );
02661 if(!err && ttl_p)
02662 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) );
02663 }
02664
02665 out_dput:
02666 path_release(&nd);
02667
02668 out:
02669 return(err);
02670 #else
02671 return (-RSBAC_EINVALIDMODULE);
02672 #endif
02673 }
02674
02675
02676 int sys_rsbac_rc_get_current_role (rsbac_rc_role_id_t * role_p)
02677 {
02678 #if defined(CONFIG_RSBAC_RC)
02679 rsbac_rc_role_id_t k_role;
02680 int err;
02681
02682 if(!role_p)
02683 return(-RSBAC_EINVALIDPOINTER);
02684
02685 err = rsbac_rc_sys_get_current_role(&k_role);
02686 if(!err)
02687 {
02688 err = rsbac_put_user((u_char *) &k_role, (u_char *) role_p, sizeof(k_role) );
02689 }
02690 return err;
02691 #else
02692 return (-RSBAC_EINVALIDMODULE);
02693 #endif
02694 }
02695
02696
02697
02698
02699
02700 int sys_rsbac_auth_add_p_cap(
02701 rsbac_list_ta_number_t ta_number,
02702 rsbac_pid_t pid,
02703 enum rsbac_auth_cap_type_t cap_type,
02704 struct rsbac_auth_cap_range_t cap_range,
02705 rsbac_time_t ttl)
02706 {
02707 #if defined(CONFIG_RSBAC_AUTH)
02708 struct task_struct * task_p;
02709
02710 if(cap_type >= ACT_none)
02711 return(-RSBAC_EINVALIDTARGET);
02712 if(cap_range.first > cap_range.last)
02713 return(-RSBAC_EINVALIDVALUE);
02714 if( (cap_range.first > RSBAC_AUTH_MAX_RANGE_UID)
02715 || (cap_range.last > RSBAC_AUTH_MAX_RANGE_UID)
02716 )
02717 return -RSBAC_EINVALIDVALUE;
02718
02719 #ifdef CONFIG_RSBAC_FREEZE
02720 if(rsbac_freeze)
02721 {
02722 rsbac_printk(KERN_WARNING
02723 "sys_rsbac_auth_add_p_cap(): RSBAC configuration frozen, no administration allowed!\n");
02724 return -EPERM;
02725 }
02726 #endif
02727
02728 read_lock(&tasklist_lock);
02729 task_p = find_task_by_pid(pid);
02730 read_unlock(&tasklist_lock);
02731 if(!task_p)
02732 return(-RSBAC_EINVALIDTARGET);
02733
02734
02735
02736 return(rsbac_auth_add_p_cap(ta_number, pid, cap_type, cap_range, ttl));
02737 #else
02738 return (-RSBAC_EINVALIDMODULE);
02739 #endif
02740 }
02741
02742 int sys_rsbac_auth_remove_p_cap(
02743 rsbac_list_ta_number_t ta_number,
02744 rsbac_pid_t pid,
02745 enum rsbac_auth_cap_type_t cap_type,
02746 struct rsbac_auth_cap_range_t cap_range)
02747 {
02748 #if defined(CONFIG_RSBAC_AUTH)
02749 struct task_struct * task_p;
02750
02751 if(cap_type >= ACT_none)
02752 return(-RSBAC_EINVALIDTARGET);
02753 if(cap_range.first > cap_range.last)
02754 return(-RSBAC_EINVALIDVALUE);
02755
02756 #ifdef CONFIG_RSBAC_FREEZE
02757 if(rsbac_freeze)
02758 {
02759 rsbac_printk(KERN_WARNING
02760 "sys_rsbac_auth_remove_p_cap(): RSBAC configuration frozen, no administration allowed!\n");
02761 return -EPERM;
02762 }
02763 #endif
02764
02765 read_lock(&tasklist_lock);
02766 task_p = find_task_by_pid(pid);
02767 read_unlock(&tasklist_lock);
02768 if(!task_p)
02769 return(-RSBAC_EINVALIDTARGET);
02770
02771
02772 return(rsbac_auth_remove_p_cap(ta_number, pid, cap_type, cap_range));
02773 #else
02774 return (-RSBAC_EINVALIDMODULE);
02775 #endif
02776 }
02777
02778 int sys_rsbac_auth_add_f_cap(
02779 rsbac_list_ta_number_t ta_number,
02780 char * filename,
02781 enum rsbac_auth_cap_type_t cap_type,
02782 struct rsbac_auth_cap_range_t cap_range,
02783 rsbac_time_t ttl)
02784 {
02785 #if defined(CONFIG_RSBAC_AUTH)
02786 struct dentry * t_dentry;
02787 int err = 0;
02788 enum rsbac_target_t target;
02789 union rsbac_target_id_t tid;
02790 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02791 union rsbac_attribute_value_t rsbac_attribute_value;
02792 #endif
02793
02794 struct nameidata nd;
02795
02796 if(cap_range.first > cap_range.last)
02797 return(-RSBAC_EINVALIDVALUE);
02798
02799 if(!filename)
02800 return(-RSBAC_EINVALIDTARGET);
02801 if(cap_type >= ACT_none)
02802 return(-RSBAC_EINVALIDTARGET);
02803 if(cap_range.first > cap_range.last)
02804 return(-RSBAC_EINVALIDVALUE);
02805
02806 #ifdef CONFIG_RSBAC_FREEZE
02807 if(rsbac_freeze)
02808 {
02809 rsbac_printk(KERN_WARNING
02810 "sys_rsbac_auth_add_f_cap(): RSBAC configuration frozen, no administration allowed!\n");
02811 return -EPERM;
02812 }
02813 #endif
02814
02815 if ((err = user_path_walk_link(filename, &nd)))
02816 {
02817 #ifdef CONFIG_RSBAC_DEBUG
02818 if (rsbac_debug_aef_auth)
02819 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): call to user_path_walk_link() returned %i\n", err);
02820 #endif
02821 goto out;
02822 }
02823 t_dentry = nd.dentry;
02824 if (!t_dentry->d_inode)
02825 {
02826 err = -RSBAC_EINVALIDTARGET;
02827 goto out_dput;
02828 }
02829
02830 if(S_ISREG(t_dentry->d_inode->i_mode))
02831 target = T_FILE;
02832 else
02833 if(S_ISDIR(t_dentry->d_inode->i_mode))
02834 target = T_DIR;
02835 else
02836 {
02837 err = -RSBAC_EINVALIDTARGET;
02838 goto out_dput;
02839 }
02840 tid.file.device = t_dentry->d_sb->s_dev;
02841 tid.file.inode = t_dentry->d_inode->i_ino;
02842 tid.file.dentry_p = t_dentry;
02843 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02844
02845 #ifdef CONFIG_RSBAC_DEBUG
02846 if (rsbac_debug_aef)
02847 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n");
02848 #endif
02849 rsbac_attribute_value.auth_cap_range = cap_range;
02850 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
02851 current->pid,
02852 target,
02853 tid,
02854 A_auth_add_f_cap,
02855 rsbac_attribute_value))
02856 {
02857 err = -EPERM;
02858 }
02859 else
02860 #endif
02861 err = rsbac_auth_add_f_cap(ta_number, tid.file, cap_type, cap_range, ttl);
02862
02863 out_dput:
02864 path_release(&nd);
02865 out:
02866 return(err);
02867
02868 #else
02869 return (-RSBAC_EINVALIDMODULE);
02870 #endif
02871 };
02872
02873 int sys_rsbac_auth_remove_f_cap(
02874 rsbac_list_ta_number_t ta_number,
02875 char * filename,
02876 enum rsbac_auth_cap_type_t cap_type,
02877 struct rsbac_auth_cap_range_t cap_range)
02878 {
02879 #if defined(CONFIG_RSBAC_AUTH)
02880 struct dentry * t_dentry;
02881 int err = 0;
02882 enum rsbac_target_t target;
02883 union rsbac_target_id_t tid;
02884
02885
02886 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02887 union rsbac_attribute_value_t rsbac_attribute_value;
02888 #endif
02889
02890 struct nameidata nd;
02891
02892 if(!filename)
02893 return(-RSBAC_EINVALIDTARGET);
02894 if(cap_type >= ACT_none)
02895 return(-RSBAC_EINVALIDTARGET);
02896 if(cap_range.first > cap_range.last)
02897 return(-RSBAC_EINVALIDVALUE);
02898
02899 #ifdef CONFIG_RSBAC_FREEZE
02900 if(rsbac_freeze)
02901 {
02902 rsbac_printk(KERN_WARNING
02903 "sys_rsbac_auth_remove_f_cap(): RSBAC configuration frozen, no administration allowed!\n");
02904 return -EPERM;
02905 }
02906 #endif
02907
02908 if ((err = user_path_walk_link(filename, &nd)))
02909 {
02910 #ifdef CONFIG_RSBAC_DEBUG
02911 if (rsbac_debug_aef_auth)
02912 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_remove_f_cap(): call to user_path_walk_link() returned %i\n", err);
02913 #endif
02914 goto out;
02915 }
02916 t_dentry = nd.dentry;
02917 if (!t_dentry->d_inode)
02918 {
02919 err = -RSBAC_EINVALIDTARGET;
02920 goto out_dput;
02921 }
02922
02923 if(S_ISREG(t_dentry->d_inode->i_mode))
02924 target = T_FILE;
02925 else
02926 if(S_ISDIR(t_dentry->d_inode->i_mode))
02927 target = T_DIR;
02928 else
02929 {
02930 err = -RSBAC_EINVALIDTARGET;
02931 goto out_dput;
02932 }
02933 tid.file.device = t_dentry->d_sb->s_dev;
02934 tid.file.inode = t_dentry->d_inode->i_ino;
02935 tid.file.dentry_p = t_dentry;
02936 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02937
02938 #ifdef CONFIG_RSBAC_DEBUG
02939 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n");
02940 #endif
02941 rsbac_attribute_value.auth_cap_range = cap_range;
02942 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
02943 current->pid,
02944 target,
02945 tid,
02946 A_auth_remove_f_cap,
02947 rsbac_attribute_value))
02948 {
02949 err = -EPERM;
02950 }
02951 else
02952 #endif
02953 err = rsbac_auth_remove_f_cap(ta_number, tid.file, cap_type, cap_range);
02954
02955 out_dput:
02956 path_release(&nd);
02957 out:
02958 return(err);
02959
02960 #else
02961 return (-RSBAC_EINVALIDMODULE);
02962 #endif
02963 }
02964
02965
02966 int sys_rsbac_auth_get_f_caplist(
02967 rsbac_list_ta_number_t ta_number,
02968 char * filename,
02969 enum rsbac_auth_cap_type_t cap_type,
02970 struct rsbac_auth_cap_range_t caplist[],
02971 rsbac_time_t ttllist[],
02972 u_int maxnum)
02973 {
02974 #if defined(CONFIG_RSBAC_AUTH)
02975 struct dentry * t_dentry;
02976 int err = 0, tmperr = 0;
02977 enum rsbac_target_t target;
02978 union rsbac_target_id_t tid;
02979 struct rsbac_auth_cap_range_t * k_caplist;
02980 rsbac_time_t * k_ttllist;
02981
02982
02983 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02984 union rsbac_attribute_value_t rsbac_attribute_value;
02985 #endif
02986
02987 struct nameidata nd;
02988
02989 if(!filename)
02990 return(-RSBAC_EINVALIDTARGET);
02991 if(cap_type >= ACT_none)
02992 return(-RSBAC_EINVALIDTARGET);
02993 if(!caplist)
02994 return(-RSBAC_EINVALIDPOINTER);
02995 if(maxnum <= 0)
02996 return(-RSBAC_EINVALIDVALUE);
02997 if(maxnum > RSBAC_AUTH_MAX_MAXNUM)
02998 maxnum = RSBAC_AUTH_MAX_MAXNUM;
02999
03000 if ((err = user_path_walk_link(filename, &nd)))
03001 {
03002 #ifdef CONFIG_RSBAC_DEBUG
03003 if (rsbac_debug_aef_auth)
03004 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): call to user_path_walk_link() returned %i\n", err);
03005 #endif
03006 goto out;
03007 }
03008 t_dentry = nd.dentry;
03009 if (!t_dentry->d_inode)
03010 {
03011 err = -RSBAC_EINVALIDTARGET;
03012 goto out_dput;
03013 }
03014
03015 if(S_ISREG(t_dentry->d_inode->i_mode))
03016 target = T_FILE;
03017 else
03018 if(S_ISDIR(t_dentry->d_inode->i_mode))
03019 target = T_DIR;
03020 else
03021 {
03022 err = -RSBAC_EINVALIDTARGET;
03023 goto out_dput;
03024 }
03025 tid.file.device = t_dentry->d_sb->s_dev;
03026 tid.file.inode = t_dentry->d_inode->i_ino;
03027 tid.file.dentry_p = t_dentry;
03028 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03029
03030 #ifdef CONFIG_RSBAC_DEBUG
03031 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): calling ADF\n");
03032 #endif
03033 rsbac_attribute_value.dummy = 0;
03034 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
03035 current->pid,
03036 target,
03037 tid,
03038 A_auth_get_caplist,
03039 rsbac_attribute_value))
03040 {
03041 err = -EPERM;
03042 goto out_dput;
03043 }
03044 #endif
03045 err = rsbac_auth_get_f_caplist(ta_number, tid.file, cap_type, &k_caplist, &k_ttllist);
03046 if(err>0)
03047 {
03048 if(err > maxnum)
03049 err = maxnum;
03050 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist,
03051 sizeof(struct rsbac_auth_cap_range_t) * err);
03052 if(tmperr < 0)
03053 err = tmperr;
03054 else
03055 {
03056 if(ttllist)
03057 {
03058 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
03059 sizeof(rsbac_time_t) * err);
03060 if(tmperr < 0)
03061 err = tmperr;
03062 }
03063 }
03064 rsbac_vfree(k_caplist);
03065 rsbac_vfree(k_ttllist);
03066 }
03067
03068 out_dput:
03069 path_release(&nd);
03070 out:
03071 return(err);
03072
03073 #else
03074 return (-RSBAC_EINVALIDMODULE);
03075 #endif
03076 }
03077
03078 int sys_rsbac_auth_get_p_caplist(
03079 rsbac_list_ta_number_t ta_number,
03080 rsbac_pid_t pid,
03081 enum rsbac_auth_cap_type_t cap_type,
03082 struct rsbac_auth_cap_range_t caplist[],
03083 rsbac_time_t ttllist[],
03084 u_int maxnum)
03085 {
03086 #if defined(CONFIG_RSBAC_AUTH)
03087 int err = 0, tmperr = 0;
03088 union rsbac_target_id_t tid;
03089 struct rsbac_auth_cap_range_t * k_caplist;
03090 rsbac_time_t * k_ttllist;
03091
03092
03093 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03094 union rsbac_attribute_value_t rsbac_attribute_value;
03095 #endif
03096
03097 if(!pid)
03098 return(-RSBAC_EINVALIDTARGET);
03099 if(cap_type >= ACT_none)
03100 return(-RSBAC_EINVALIDTARGET);
03101 if(!caplist)
03102 return(-RSBAC_EINVALIDPOINTER);
03103 if(maxnum <= 0)
03104 return(-RSBAC_EINVALIDVALUE);
03105 if(maxnum > RSBAC_AUTH_MAX_MAXNUM)
03106 maxnum = RSBAC_AUTH_MAX_MAXNUM;
03107
03108 tid.process = pid;
03109 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03110
03111 #ifdef CONFIG_RSBAC_DEBUG
03112 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_p_caplist(): calling ADF\n");
03113 #endif
03114 rsbac_attribute_value.dummy = 0;
03115 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
03116 current->pid,
03117 T_PROCESS,
03118 tid,
03119 A_auth_get_caplist,
03120 rsbac_attribute_value))
03121 {
03122 return -EPERM;
03123 }
03124 #endif
03125 err = rsbac_auth_get_p_caplist(ta_number, tid.process, cap_type,
03126 &k_caplist, &k_ttllist);
03127 if(err>0)
03128 {
03129 if(err > maxnum)
03130 err = maxnum;
03131 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist,
03132 sizeof(struct rsbac_auth_cap_range_t) * err);
03133 if(tmperr < 0)
03134 err = tmperr;
03135 else
03136 {
03137 if(ttllist)
03138 {
03139 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
03140 sizeof(rsbac_time_t) * err);
03141 if(tmperr < 0)
03142 err = tmperr;
03143 }
03144 }
03145 rsbac_vfree(k_caplist);
03146 rsbac_vfree(k_ttllist);
03147 }
03148
03149 return(err);
03150
03151 #else
03152 return (-RSBAC_EINVALIDMODULE);
03153 #endif
03154 }
03155
03156
03157
03158
03159 int sys_rsbac_reg(rsbac_reg_handle_t handle,
03160 void * arg)
03161 {
03162 #if defined(CONFIG_RSBAC_REG)
03163 return rsbac_reg_syscall(handle, arg);
03164 #else
03165 return (-RSBAC_EINVALIDMODULE);
03166 #endif
03167 }
03168
03169
03170
03171
03172
03173 int sys_rsbac_acl(
03174 rsbac_list_ta_number_t ta_number,
03175 enum rsbac_acl_syscall_type_t call,
03176 struct rsbac_acl_syscall_arg_t * arg)
03177 {
03178 #if defined(CONFIG_RSBAC_ACL)
03179 struct rsbac_acl_syscall_arg_t k_arg;
03180
03181 int err = 0;
03182
03183 if(call >= ACLC_none)
03184 return(-RSBAC_EINVALIDREQUEST);
03185 if(!arg)
03186 return(-RSBAC_EINVALIDPOINTER);
03187
03188
03189 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03190 if(err < 0)
03191 return err;
03192
03193 if(k_arg.target >= T_NONE)
03194 return(-RSBAC_EINVALIDTARGET);
03195
03196
03197
03198 #ifdef CONFIG_RSBAC_FREEZE
03199 if(rsbac_freeze)
03200 {
03201 rsbac_printk(KERN_WARNING
03202 "sys_rsbac_acl(): RSBAC configuration frozen, no administration allowed!\n");
03203 return -EPERM;
03204 }
03205 #endif
03206
03207 if(call != ACLC_set_mask)
03208 {
03209 switch(k_arg.subj_type)
03210 {
03211 case ACLS_USER:
03212 break;
03213 case ACLS_GROUP:
03214 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03215 {
03216 struct rsbac_acl_group_entry_t entry;
03217 rsbac_uid_t caller;
03218
03219 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03220 || rsbac_get_owner(&caller)
03221 || ( (entry.owner != caller)
03222 && (entry.type != ACLG_GLOBAL)
03223 )
03224 )
03225 return(-RSBAC_EINVALIDVALUE);
03226 }
03227 break;
03228 #if defined(CONFIG_RSBAC_RC)
03229 case ACLS_ROLE:
03230 if(k_arg.subj_id > RC_role_max_value)
03231 {
03232 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid role %u!\n", k_arg.subj_id);
03233 return(-RSBAC_EINVALIDVALUE);
03234 }
03235 break;
03236 #endif
03237 default:
03238 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid subject type %u!\n", k_arg.subj_type);
03239 return(-RSBAC_EINVALIDVALUE);
03240 }
03241 if( (call == ACLC_remove_user)
03242 && (k_arg.target != T_USER)
03243 )
03244 return -RSBAC_EINVALIDTARGET;
03245
03246 }
03247
03248
03249 switch(call)
03250 {
03251 case ACLC_set_acl_entry:
03252 err = rsbac_acl_sys_set_acl_entry(ta_number,
03253 k_arg.target,
03254 k_arg.tid,
03255 k_arg.subj_type,
03256 k_arg.subj_id,
03257 k_arg.rights,
03258 k_arg.ttl);
03259 break;
03260 case ACLC_remove_acl_entry:
03261 err = rsbac_acl_sys_remove_acl_entry(ta_number,
03262 k_arg.target,
03263 k_arg.tid,
03264 k_arg.subj_type,
03265 k_arg.subj_id);
03266 break;
03267 case ACLC_remove_acl:
03268 err = rsbac_acl_sys_remove_acl(ta_number,
03269 k_arg.target,
03270 k_arg.tid);
03271 break;
03272 case ACLC_add_to_acl_entry:
03273 err = rsbac_acl_sys_add_to_acl_entry(ta_number,
03274 k_arg.target,
03275 k_arg.tid,
03276 k_arg.subj_type,
03277 k_arg.subj_id,
03278 k_arg.rights,
03279 k_arg.ttl);
03280 break;
03281 case ACLC_remove_from_acl_entry:
03282 err = rsbac_acl_sys_remove_from_acl_entry(ta_number,
03283 k_arg.target,
03284 k_arg.tid,
03285 k_arg.subj_type,
03286 k_arg.subj_id,
03287 k_arg.rights);
03288 break;
03289 case ACLC_set_mask:
03290 err = rsbac_acl_sys_set_mask(ta_number,
03291 k_arg.target,
03292 k_arg.tid,
03293 k_arg.rights);
03294 break;
03295 case ACLC_remove_user:
03296 err = rsbac_acl_sys_remove_user(ta_number,
03297 k_arg.tid.user);
03298 break;
03299
03300 default:
03301 err = -RSBAC_EINVALIDREQUEST;
03302 }
03303 return (err);
03304 #else
03305 return (-RSBAC_EINVALIDMODULE);
03306 #endif
03307 }
03308
03309
03310 int sys_rsbac_acl_n(
03311 rsbac_list_ta_number_t ta_number,
03312 enum rsbac_acl_syscall_type_t call,
03313 struct rsbac_acl_syscall_n_arg_t * arg)
03314 {
03315 #if defined(CONFIG_RSBAC_ACL)
03316 struct dentry * t_dentry = NULL;
03317 int err = 0;
03318 union rsbac_target_id_t tid;
03319 struct rsbac_acl_syscall_n_arg_t k_arg;
03320
03321 struct nameidata nd;
03322
03323 if(call >= ACLC_none)
03324 return(-RSBAC_EINVALIDREQUEST);
03325 if(!arg)
03326 return(-RSBAC_EINVALIDPOINTER);
03327
03328 #ifdef CONFIG_RSBAC_FREEZE
03329 if(rsbac_freeze)
03330 {
03331 rsbac_printk(KERN_WARNING
03332 "sys_rsbac_acl_n(): RSBAC configuration frozen, no administration allowed!\n");
03333 return -EPERM;
03334 }
03335 #endif
03336
03337
03338 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03339 if(err < 0)
03340 return err;
03341
03342 if(k_arg.target >= T_NONE)
03343 return(-RSBAC_EINVALIDTARGET);
03344 if(call != ACLC_set_mask)
03345 {
03346 switch(k_arg.subj_type)
03347 {
03348 case ACLS_USER:
03349 break;
03350 case ACLS_GROUP:
03351 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03352 {
03353 struct rsbac_acl_group_entry_t entry;
03354 rsbac_uid_t caller;
03355
03356 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03357 || rsbac_get_owner(&caller)
03358 || ( (entry.owner != caller)
03359 && (entry.type != ACLG_GLOBAL)
03360 )
03361 )
03362 return(-RSBAC_EINVALIDVALUE);
03363 }
03364 break;
03365 #if defined(CONFIG_RSBAC_RC)
03366 case ACLS_ROLE:
03367 if(k_arg.subj_id > RC_role_max_value)
03368 return(-RSBAC_EINVALIDVALUE);
03369 break;
03370 #endif
03371 default:
03372 return(-RSBAC_EINVALIDVALUE);
03373 }
03374 }
03375
03376 if(k_arg.name)
03377 {
03378
03379 if ((err = user_path_walk_link(k_arg.name, &nd)))
03380 {
03381 #ifdef CONFIG_RSBAC_DEBUG
03382 if (rsbac_debug_aef)
03383 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): call to user_path_walk_link() returned %i\n", err);
03384 #endif
03385 goto out;
03386 }
03387 t_dentry = nd.dentry;
03388 if (!t_dentry->d_inode)
03389 {
03390 #ifdef CONFIG_RSBAC_DEBUG
03391 if (rsbac_debug_aef)
03392 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): file not found\n");
03393 #endif
03394 err = -RSBAC_EINVALIDTARGET;
03395 goto out_dput;
03396 }
03397 tid.file.device = t_dentry->d_sb->s_dev;
03398 tid.file.inode = t_dentry->d_inode->i_ino;
03399 tid.file.dentry_p = t_dentry;
03400 }
03401 else
03402 {
03403 tid.file.device = RSBAC_ZERO_DEV;
03404 tid.file.inode = 0;
03405 tid.file.dentry_p = NULL;
03406 }
03407
03408 switch (k_arg.target)
03409 {
03410 case T_FD:
03411 if(k_arg.name)
03412 {
03413 if(S_ISREG(t_dentry->d_inode->i_mode))
03414 {
03415 k_arg.target = T_FILE;
03416 }
03417 else
03418 if(S_ISDIR(t_dentry->d_inode->i_mode))
03419 {
03420 k_arg.target = T_DIR;
03421 }
03422 else
03423 if(S_ISLNK(t_dentry->d_inode->i_mode))
03424 {
03425 k_arg.target = T_SYMLINK;
03426 }
03427 else
03428 if(S_ISFIFO(t_dentry->d_inode->i_mode))
03429 {
03430 k_arg.target = T_FIFO;
03431 }
03432 else
03433 if(S_ISBLK(t_dentry->d_inode->i_mode))
03434 {
03435 k_arg.target = T_FILE;
03436 }
03437 else
03438 if(S_ISCHR(t_dentry->d_inode->i_mode))
03439 {
03440 k_arg.target = T_FILE;
03441 }
03442 else
03443 {
03444 #ifdef CONFIG_RSBAC_DEBUG
03445 if (rsbac_debug_aef)
03446 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): no filesystem object\n");
03447 #endif
03448 err = -RSBAC_EINVALIDTARGET;
03449 goto out_dput;
03450 }
03451 }
03452 else
03453 k_arg.target = T_FILE;
03454 break;
03455
03456 case T_FILE:
03457 if(k_arg.name)
03458 {
03459
03460 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
03461 && !(S_ISBLK(t_dentry->d_inode->i_mode))
03462 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03463 {
03464 err = -RSBAC_EINVALIDTARGET;
03465 goto out_dput;
03466 }
03467 }
03468 break;
03469
03470 case T_DIR:
03471 if(k_arg.name)
03472 {
03473 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
03474 {
03475 err = -RSBAC_EINVALIDTARGET;
03476 goto out_dput;
03477 }
03478 }
03479 break;
03480
03481 case T_FIFO:
03482 if(k_arg.name)
03483 {
03484
03485 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
03486 {
03487 err = -RSBAC_EINVALIDTARGET;
03488 goto out_dput;
03489 }
03490 }
03491 break;
03492
03493 case T_SYMLINK:
03494 if(k_arg.name)
03495 {
03496
03497 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
03498 {
03499 err = -RSBAC_EINVALIDTARGET;
03500 goto out_dput;
03501 }
03502 }
03503 break;
03504
03505 case T_DEV:
03506 if(k_arg.name)
03507 {
03508
03509 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
03510 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03511 {
03512 err = -RSBAC_EINVALIDTARGET;
03513 goto out_dput;
03514 }
03515
03516 if(S_ISBLK(t_dentry->d_inode->i_mode))
03517 tid.dev.type = D_block;
03518 else
03519 tid.dev.type = D_char;
03520 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
03521 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
03522 }
03523 else
03524 {
03525 tid.dev = RSBAC_ZERO_DEV_DESC;
03526 }
03527 break;
03528
03529 default:
03530 err = -RSBAC_EINVALIDTARGET;
03531 goto out_dput;
03532 }
03533
03534 switch(call)
03535 {
03536 case ACLC_set_acl_entry:
03537 err = rsbac_acl_sys_set_acl_entry(ta_number,
03538 k_arg.target,
03539 tid,
03540 k_arg.subj_type,
03541 k_arg.subj_id,
03542 k_arg.rights,
03543 k_arg.ttl);
03544 break;
03545 case ACLC_remove_acl_entry:
03546 err = rsbac_acl_sys_remove_acl_entry(ta_number,
03547 k_arg.target,
03548 tid,
03549 k_arg.subj_type,
03550 k_arg.subj_id);
03551 break;
03552 case ACLC_remove_acl:
03553 err = rsbac_acl_sys_remove_acl(ta_number,
03554 k_arg.target,
03555 tid);
03556 break;
03557 case ACLC_add_to_acl_entry:
03558 err = rsbac_acl_sys_add_to_acl_entry(ta_number,
03559 k_arg.target,
03560 tid,
03561 k_arg.subj_type,
03562 k_arg.subj_id,
03563 k_arg.rights,
03564 k_arg.ttl);
03565 break;
03566 case ACLC_remove_from_acl_entry:
03567 err = rsbac_acl_sys_remove_from_acl_entry(ta_number,
03568 k_arg.target,
03569 tid,
03570 k_arg.subj_type,
03571 k_arg.subj_id,
03572 k_arg.rights);
03573 break;
03574 case ACLC_set_mask:
03575 err = rsbac_acl_sys_set_mask(ta_number,
03576 k_arg.target,
03577 tid,
03578 k_arg.rights);
03579 break;
03580
03581 default:
03582 err = -RSBAC_EINVALIDREQUEST;
03583 }
03584
03585 out_dput:
03586 if(k_arg.name)
03587 {
03588 path_release(&nd);
03589 }
03590
03591 out:
03592 return(err);
03593 #else
03594 return (-RSBAC_EINVALIDMODULE);
03595 #endif
03596 }
03597
03598
03599
03600 int sys_rsbac_acl_get_rights(
03601 rsbac_list_ta_number_t ta_number,
03602 struct rsbac_acl_syscall_arg_t * arg,
03603 rsbac_acl_rights_vector_t * rights_p,
03604 u_int effective)
03605 {
03606 #if defined(CONFIG_RSBAC_ACL)
03607 struct rsbac_acl_syscall_arg_t k_arg;
03608 rsbac_acl_rights_vector_t k_rights = 0;
03609 int err = 0;
03610
03611 if(!arg || !rights_p)
03612 return(-RSBAC_EINVALIDPOINTER);
03613
03614 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03615
03616 if(k_arg.target >= T_NONE)
03617 return(-RSBAC_EINVALIDTARGET);
03618
03619
03620 switch(k_arg.subj_type)
03621 {
03622 case ACLS_USER:
03623 break;
03624 case ACLS_GROUP:
03625 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03626 {
03627 struct rsbac_acl_group_entry_t entry;
03628 rsbac_uid_t caller;
03629
03630 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03631 || rsbac_get_owner(&caller)
03632 || ( (entry.owner != caller)
03633 && (entry.type != ACLG_GLOBAL)
03634 )
03635 )
03636 return(-RSBAC_EINVALIDVALUE);
03637 }
03638 break;
03639 case ACLS_ROLE:
03640 #if defined(CONFIG_RSBAC_RC)
03641 if(k_arg.subj_id > RC_role_max_value)
03642 return(-RSBAC_EINVALIDVALUE);
03643 #endif
03644 break;
03645 default:
03646 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): Invalid subject type %u!\n", k_arg.subj_type);
03647 return(-RSBAC_EINVALIDVALUE);
03648 }
03649
03650
03651 err = rsbac_acl_sys_get_rights(ta_number,
03652 k_arg.target,
03653 k_arg.tid,
03654 k_arg.subj_type,
03655 k_arg.subj_id,
03656 &k_rights,
03657 effective);
03658 if(!err)
03659 {
03660 err = rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) );
03661 }
03662 return (err);
03663 #else
03664 return (-RSBAC_EINVALIDMODULE);
03665 #endif
03666 }
03667
03668
03669 int sys_rsbac_acl_get_rights_n(
03670 rsbac_list_ta_number_t ta_number,
03671 struct rsbac_acl_syscall_n_arg_t * arg,
03672 rsbac_acl_rights_vector_t * rights_p,
03673 u_int effective)
03674 {
03675 #if defined(CONFIG_RSBAC_ACL)
03676 struct dentry * t_dentry = NULL;
03677 rsbac_boolean_t need_put = FALSE;
03678 int err = 0;
03679 union rsbac_target_id_t tid;
03680 struct rsbac_acl_syscall_n_arg_t k_arg;
03681 rsbac_acl_rights_vector_t k_rights = 0;
03682
03683 struct nameidata nd;
03684
03685 if(!arg || !rights_p)
03686 return(-RSBAC_EINVALIDPOINTER);
03687
03688 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03689
03690 if(k_arg.target >= T_NONE)
03691 return(-RSBAC_EINVALIDTARGET);
03692 switch(k_arg.subj_type)
03693 {
03694 case ACLS_USER:
03695 break;
03696 case ACLS_GROUP:
03697 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03698 {
03699 struct rsbac_acl_group_entry_t entry;
03700 rsbac_uid_t caller;
03701
03702 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03703 || rsbac_get_owner(&caller)
03704 || ( (entry.owner != caller)
03705 && (entry.type != ACLG_GLOBAL)
03706 )
03707 )
03708 return(-RSBAC_EINVALIDVALUE);
03709 }
03710 break;
03711 case ACLS_ROLE:
03712 #if defined(CONFIG_RSBAC_RC)
03713 if(k_arg.subj_id > RC_role_max_value)
03714 return(-RSBAC_EINVALIDVALUE);
03715 #endif
03716 break;
03717 default:
03718 return(-RSBAC_EINVALIDVALUE);
03719 }
03720
03721 switch (k_arg.target)
03722 {
03723 case T_FD:
03724 case T_FILE:
03725 case T_DIR:
03726 case T_FIFO:
03727 case T_SYMLINK:
03728 if(k_arg.name)
03729 {
03730 if ((err = user_path_walk_link(k_arg.name, &nd)))
03731 {
03732 #ifdef CONFIG_RSBAC_DEBUG
03733 if (rsbac_debug_aef_acl)
03734 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err);
03735 #endif
03736 goto out;
03737 }
03738 t_dentry = nd.dentry;
03739 need_put = TRUE;
03740 if (!t_dentry->d_inode)
03741 {
03742 err = -RSBAC_EINVALIDTARGET;
03743 goto out_dput;
03744 }
03745
03746 switch(k_arg.target)
03747 {
03748 case T_FD:
03749 if(S_ISREG(t_dentry->d_inode->i_mode))
03750 {
03751 k_arg.target = T_FILE;
03752 }
03753 else
03754 if(S_ISDIR(t_dentry->d_inode->i_mode))
03755 {
03756 k_arg.target = T_DIR;
03757 }
03758 else
03759 if(S_ISLNK(t_dentry->d_inode->i_mode))
03760 {
03761 k_arg.target = T_SYMLINK;
03762 }
03763 else
03764 if(S_ISFIFO(t_dentry->d_inode->i_mode))
03765 {
03766 k_arg.target = T_FIFO;
03767 }
03768 else
03769 if(S_ISBLK(t_dentry->d_inode->i_mode))
03770 {
03771 k_arg.target = T_FILE;
03772 }
03773 else
03774 if(S_ISCHR(t_dentry->d_inode->i_mode))
03775 {
03776 k_arg.target = T_FILE;
03777 }
03778 else
03779 {
03780 err = -RSBAC_EINVALIDTARGET;
03781 goto out_dput;
03782 }
03783 break;
03784 case T_FILE:
03785 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
03786 && !(S_ISBLK(t_dentry->d_inode->i_mode))
03787 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03788 {
03789 err = -RSBAC_EINVALIDTARGET;
03790 goto out_dput;
03791 }
03792 break;
03793 case T_DIR:
03794 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
03795 {
03796 err = -RSBAC_EINVALIDTARGET;
03797 goto out_dput;
03798 }
03799 break;
03800 case T_FIFO:
03801
03802 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
03803 {
03804 err = -RSBAC_EINVALIDTARGET;
03805 goto out_dput;
03806 }
03807 break;
03808 case T_SYMLINK:
03809
03810 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
03811 {
03812 err = -RSBAC_EINVALIDTARGET;
03813 goto out_dput;
03814 }
03815 break;
03816 default:
03817 err = -RSBAC_EINVALIDTARGET;
03818 goto out_dput;
03819 }
03820 tid.file.device = t_dentry->d_sb->s_dev;
03821 tid.file.inode = t_dentry->d_inode->i_ino;
03822 tid.file.dentry_p = t_dentry;
03823 }
03824 else
03825 {
03826 if(k_arg.target == T_FD)
03827 k_arg.target = T_FILE;
03828 tid.file.device = RSBAC_ZERO_DEV;
03829 tid.file.inode = 0;
03830 tid.file.dentry_p = NULL;
03831 }
03832 break;
03833
03834 case T_DEV:
03835 if(k_arg.name)
03836 {
03837 if ((err = user_path_walk_link(k_arg.name, &nd)))
03838 {
03839 #ifdef CONFIG_RSBAC_DEBUG
03840 if (rsbac_debug_aef_acl)
03841 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err);
03842 #endif
03843 goto out;
03844 }
03845 t_dentry = nd.dentry;
03846 need_put = TRUE;
03847 if (!t_dentry->d_inode)
03848 {
03849 err = -RSBAC_EINVALIDTARGET;
03850 goto out_dput;
03851 }
03852
03853 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
03854 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03855 {
03856 err = -RSBAC_EINVALIDTARGET;
03857 goto out_dput;
03858 }
03859
03860 if(S_ISBLK(t_dentry->d_inode->i_mode))
03861 tid.dev.type = D_block;
03862 else
03863 tid.dev.type = D_char;
03864 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
03865 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
03866 }
03867 else
03868 {
03869 tid.dev = RSBAC_ZERO_DEV_DESC;
03870 }
03871 break;
03872
03873 default:
03874 return -RSBAC_EINVALIDTARGET;
03875 }
03876
03877
03878 err = rsbac_acl_sys_get_rights(ta_number,
03879 k_arg.target,
03880 tid,
03881 k_arg.subj_type,
03882 k_arg.subj_id,
03883 &k_rights,
03884 effective);
03885
03886 out_dput:
03887 if(need_put)
03888 path_release(&nd);
03889 out:
03890 if(!err)
03891 {
03892 rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) );
03893 }
03894 return(err);
03895 #else
03896 return (-RSBAC_EINVALIDMODULE);
03897 #endif
03898 }
03899
03900
03901
03902 int sys_rsbac_acl_get_tlist (
03903 rsbac_list_ta_number_t ta_number,
03904 enum rsbac_target_t target,
03905 union rsbac_target_id_t * tid,
03906 struct rsbac_acl_entry_t entry_array[],
03907 rsbac_time_t ttl_array[],
03908 u_int maxnum)
03909 {
03910 #if defined(CONFIG_RSBAC_ACL)
03911 union rsbac_target_id_t k_tid;
03912 struct rsbac_acl_entry_t * k_entry_p;
03913 rsbac_time_t * k_ttl_p;
03914 int err = 0;
03915
03916 if(!tid || (target >= T_NONE))
03917 return(-RSBAC_EINVALIDTARGET);
03918 if(!entry_array)
03919 return(-RSBAC_EINVALIDPOINTER);
03920 if(!maxnum)
03921 return(-RSBAC_EINVALIDVALUE);
03922 if(maxnum > RSBAC_ACL_MAX_MAXNUM)
03923 maxnum = RSBAC_ACL_MAX_MAXNUM;
03924
03925
03926 err = rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
03927 if(err)
03928 return err;
03929
03930
03931 err = rsbac_acl_sys_get_tlist(ta_number, target, k_tid, &k_entry_p, &k_ttl_p);
03932 if(err>0)
03933 {
03934 if(err > maxnum)
03935 err = maxnum;
03936 rsbac_put_user((u_char *) k_entry_p,
03937 (u_char *) entry_array,
03938 err * sizeof(*k_entry_p) );
03939 if(ttl_array)
03940 {
03941 rsbac_put_user((u_char *) k_ttl_p,
03942 (u_char *) ttl_array,
03943 err * sizeof(*k_ttl_p) );
03944 }
03945 rsbac_vfree(k_entry_p);
03946 rsbac_vfree(k_ttl_p);
03947 }
03948 return (err);
03949 #else
03950 return (-RSBAC_EINVALIDMODULE);
03951 #endif
03952 }
03953
03954 int sys_rsbac_acl_get_tlist_n(
03955 rsbac_list_ta_number_t ta_number,
03956 enum rsbac_target_t target,
03957 char * t_name,
03958 struct rsbac_acl_entry_t entry_array[],
03959 rsbac_time_t ttl_array[],
03960 u_int maxnum)
03961 {
03962 #if defined(CONFIG_RSBAC_ACL)
03963 struct dentry * t_dentry = NULL;
03964 struct rsbac_acl_entry_t * k_entry_p;
03965 rsbac_time_t * k_ttl_p;
03966 rsbac_boolean_t need_put = FALSE;
03967 int err = 0;
03968 union rsbac_target_id_t tid;
03969
03970 struct nameidata nd;
03971
03972 if(target >= T_NONE)
03973 return(-RSBAC_EINVALIDTARGET);
03974 if(!entry_array)
03975 return(-RSBAC_EINVALIDPOINTER);
03976
03977 switch (target)
03978 {
03979 case T_FD:
03980 case T_FILE:
03981 case T_DIR:
03982 case T_FIFO:
03983 case T_SYMLINK:
03984 if(t_name)
03985 {
03986 if ((err = user_path_walk_link(t_name, &nd)))
03987 {
03988 #ifdef CONFIG_RSBAC_DEBUG
03989 if (rsbac_debug_aef_acl)
03990 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err);
03991 #endif
03992 goto out;
03993 }
03994 t_dentry = nd.dentry;
03995 need_put = TRUE;
03996 if (!t_dentry->d_inode)
03997 {
03998 err = -RSBAC_EINVALIDTARGET;
03999 goto out_dput;
04000 }
04001
04002 switch(target)
04003 {
04004 case T_FD:
04005 if(S_ISREG(t_dentry->d_inode->i_mode))
04006 {
04007 target = T_FILE;
04008 }
04009 else
04010 if(S_ISDIR(t_dentry->d_inode->i_mode))
04011 {
04012 target = T_DIR;
04013 }
04014 else
04015 if(S_ISLNK(t_dentry->d_inode->i_mode))
04016 {
04017 target = T_SYMLINK;
04018 }
04019 else
04020 if(S_ISFIFO(t_dentry->d_inode->i_mode))
04021 {
04022 target = T_FIFO;
04023 }
04024 else
04025 if(S_ISBLK(t_dentry->d_inode->i_mode))
04026 {
04027 target = T_FILE;
04028 }
04029 else
04030 if(S_ISCHR(t_dentry->d_inode->i_mode))
04031 {
04032 target = T_FILE;
04033 }
04034 else
04035 {
04036 err = -RSBAC_EINVALIDTARGET;
04037 goto out_dput;
04038 }
04039 break;
04040 case T_FILE:
04041 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
04042 && !(S_ISBLK(t_dentry->d_inode->i_mode))
04043 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04044 {
04045 err = -RSBAC_EINVALIDTARGET;
04046 goto out_dput;
04047 }
04048 break;
04049 case T_DIR:
04050 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
04051 {
04052 err = -RSBAC_EINVALIDTARGET;
04053 goto out_dput;
04054 }
04055 break;
04056 case T_FIFO:
04057
04058 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
04059 {
04060 err = -RSBAC_EINVALIDTARGET;
04061 goto out_dput;
04062 }
04063 break;
04064 case T_SYMLINK:
04065
04066 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
04067 {
04068 err = -RSBAC_EINVALIDTARGET;
04069 goto out_dput;
04070 }
04071 break;
04072 default:
04073 err = -RSBAC_EINVALIDTARGET;
04074 goto out_dput;
04075 }
04076 tid.file.device = t_dentry->d_sb->s_dev;
04077 tid.file.inode = t_dentry->d_inode->i_ino;
04078 tid.file.dentry_p = t_dentry;
04079 }
04080 else
04081 {
04082 if(target == T_FD)
04083 target = T_FILE;
04084 tid.file.device = RSBAC_ZERO_DEV;
04085 tid.file.inode = 0;
04086 tid.file.dentry_p = NULL;
04087 }
04088 break;
04089
04090 case T_DEV:
04091 if(t_name)
04092 {
04093 if ((err = user_path_walk_link(t_name, &nd)))
04094 {
04095 #ifdef CONFIG_RSBAC_DEBUG
04096 if (rsbac_debug_aef_acl)
04097 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err);
04098 #endif
04099 goto out;
04100 }
04101 t_dentry = nd.dentry;
04102 need_put = TRUE;
04103 if (!t_dentry->d_inode)
04104 {
04105 err = -RSBAC_EINVALIDTARGET;
04106 goto out_dput;
04107 }
04108
04109 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
04110 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04111 {
04112 err = -RSBAC_EINVALIDTARGET;
04113 goto out_dput;
04114 }
04115
04116 if(S_ISBLK(t_dentry->d_inode->i_mode))
04117 tid.dev.type = D_block;
04118 else
04119 tid.dev.type = D_char;
04120 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
04121 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
04122 }
04123 else
04124 {
04125 tid.dev = RSBAC_ZERO_DEV_DESC;
04126 }
04127 break;
04128
04129 default:
04130 return -RSBAC_EINVALIDTARGET;
04131 }
04132
04133 err = rsbac_acl_sys_get_tlist(ta_number, target, tid,
04134 &k_entry_p, &k_ttl_p);
04135
04136 out_dput:
04137 if(need_put)
04138 path_release(&nd);
04139 out:
04140 if(err>0)
04141 {
04142 if(err > maxnum)
04143 err = maxnum;
04144 rsbac_put_user((u_char *) k_entry_p,
04145 (u_char *) entry_array,
04146 err * sizeof(*k_entry_p) );
04147 if(ttl_array)
04148 {
04149 rsbac_put_user((u_char *) k_ttl_p,
04150 (u_char *) ttl_array,
04151 err * sizeof(*k_ttl_p) );
04152 }
04153 rsbac_vfree(k_entry_p);
04154 rsbac_vfree(k_ttl_p);
04155 }
04156 return(err);
04157
04158 #else
04159 return (-RSBAC_EINVALIDMODULE);
04160 #endif
04161 }
04162
04163
04164
04165 int sys_rsbac_acl_get_mask (
04166 rsbac_list_ta_number_t ta_number,
04167 enum rsbac_target_t target,
04168 union rsbac_target_id_t * tid,
04169 rsbac_acl_rights_vector_t * mask_p)
04170 {
04171 #if defined(CONFIG_RSBAC_ACL)
04172 union rsbac_target_id_t k_tid;
04173 rsbac_acl_rights_vector_t k_mask;
04174 int err = 0;
04175
04176 if(!tid || (target >= T_NONE))
04177 return(-RSBAC_EINVALIDTARGET);
04178 if(!mask_p)
04179 return(-RSBAC_EINVALIDPOINTER);
04180
04181
04182 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
04183
04184
04185 err = rsbac_acl_sys_get_mask(ta_number, target, k_tid, &k_mask);
04186 if(!err)
04187 {
04188 rsbac_put_user((u_char *) &k_mask,
04189 (u_char *) mask_p,
04190 sizeof(k_mask) );
04191 }
04192 return err;
04193 #else
04194 return -RSBAC_EINVALIDMODULE;
04195 #endif
04196 }
04197
04198 int sys_rsbac_acl_get_mask_n(
04199 rsbac_list_ta_number_t ta_number,
04200 enum rsbac_target_t target,
04201 char * t_name,
04202 rsbac_acl_rights_vector_t * mask_p)
04203 {
04204 #if defined(CONFIG_RSBAC_ACL)
04205 struct dentry * t_dentry = NULL;
04206 rsbac_acl_rights_vector_t k_mask;
04207 rsbac_boolean_t need_put = FALSE;
04208 int err = 0;
04209 union rsbac_target_id_t tid;
04210
04211 struct nameidata nd;
04212
04213 if(target >= T_NONE)
04214 return(-RSBAC_EINVALIDTARGET);
04215 if(!mask_p)
04216 return(-RSBAC_EINVALIDPOINTER);
04217
04218 switch (target)
04219 {
04220 case T_FD:
04221 case T_FILE:
04222 case T_DIR:
04223 case T_FIFO:
04224 case T_SYMLINK:
04225 if(t_name)
04226 {
04227 if ((err = user_path_walk_link(t_name, &nd)))
04228 {
04229 #ifdef CONFIG_RSBAC_DEBUG
04230 if (rsbac_debug_aef_acl)
04231 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err);
04232 #endif
04233 goto out;
04234 }
04235 t_dentry = nd.dentry;
04236 need_put = TRUE;
04237 if (!t_dentry->d_inode)
04238 {
04239 err = -RSBAC_EINVALIDTARGET;
04240 goto out_dput;
04241 }
04242
04243 switch(target)
04244 {
04245 case T_FD:
04246 if(S_ISREG(t_dentry->d_inode->i_mode))
04247 {
04248 target = T_FILE;
04249 }
04250 else
04251 if(S_ISDIR(t_dentry->d_inode->i_mode))
04252 {
04253 target = T_DIR;
04254 }
04255 else
04256 if(S_ISLNK(t_dentry->d_inode->i_mode))
04257 {
04258 target = T_SYMLINK;
04259 }
04260 else
04261 if(S_ISFIFO(t_dentry->d_inode->i_mode))
04262 {
04263 target = T_FIFO;
04264 }
04265 else
04266 if(S_ISBLK(t_dentry->d_inode->i_mode))
04267 {
04268 target = T_FILE;
04269 }
04270 else
04271 if(S_ISCHR(t_dentry->d_inode->i_mode))
04272 {
04273 target = T_FILE;
04274 }
04275 else
04276 {
04277 err = -RSBAC_EINVALIDTARGET;
04278 goto out_dput;
04279 }
04280 break;
04281 case T_FILE:
04282 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
04283 && !(S_ISBLK(t_dentry->d_inode->i_mode))
04284 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04285 {
04286 err = -RSBAC_EINVALIDTARGET;
04287 goto out_dput;
04288 }
04289 break;
04290 case T_DIR:
04291 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
04292 {
04293 err = -RSBAC_EINVALIDTARGET;
04294 goto out_dput;
04295 }
04296 break;
04297 case T_FIFO:
04298
04299 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
04300 {
04301 err = -RSBAC_EINVALIDTARGET;
04302 goto out_dput;
04303 }
04304 break;
04305 case T_SYMLINK:
04306
04307 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
04308 {
04309 err = -RSBAC_EINVALIDTARGET;
04310 goto out_dput;
04311 }
04312 break;
04313 default:
04314 err = -RSBAC_EINVALIDTARGET;
04315 goto out_dput;
04316 }
04317 tid.file.device = t_dentry->d_sb->s_dev;
04318 tid.file.inode = t_dentry->d_inode->i_ino;
04319 tid.file.dentry_p = t_dentry;
04320 }
04321 else
04322 {
04323 if(target == T_FD)
04324 target = T_FILE;
04325 tid.file.device = RSBAC_ZERO_DEV;
04326 tid.file.inode = 0;
04327 tid.file.dentry_p = NULL;
04328 }
04329 break;
04330
04331 case T_DEV:
04332 if(t_name)
04333 {
04334 if ((err = user_path_walk_link(t_name, &nd)))
04335 {
04336 #ifdef CONFIG_RSBAC_DEBUG
04337 if (rsbac_debug_aef_acl)
04338 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err);
04339 #endif
04340 goto out;
04341 }
04342 t_dentry = nd.dentry;
04343 need_put = TRUE;
04344 if (!t_dentry->d_inode)
04345 {
04346 err = -RSBAC_EINVALIDTARGET;
04347 goto out_dput;
04348 }
04349
04350 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
04351 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04352 {
04353 err = -RSBAC_EINVALIDTARGET;
04354 goto out_dput;
04355 }
04356
04357 if(S_ISBLK(t_dentry->d_inode->i_mode))
04358 tid.dev.type = D_block;
04359 else
04360 tid.dev.type = D_char;
04361 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
04362 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
04363 }
04364 else
04365 {
04366 tid.dev = RSBAC_ZERO_DEV_DESC;
04367 }
04368 break;
04369
04370 default:
04371 return -RSBAC_EINVALIDTARGET;
04372 }
04373
04374 err = rsbac_acl_sys_get_mask(ta_number, target, tid, &k_mask);
04375
04376 out_dput:
04377 if(need_put)
04378 path_release(&nd);
04379 out:
04380 if(!err)
04381 {
04382 rsbac_put_user((u_char *) &k_mask,
04383 (u_char *) mask_p,
04384 sizeof(k_mask) );
04385 }
04386 return(err);
04387
04388 #else
04389 return (-RSBAC_EINVALIDMODULE);
04390 #endif
04391 }
04392
04393
04394
04395 int sys_rsbac_acl_group(
04396 rsbac_list_ta_number_t ta_number,
04397 enum rsbac_acl_group_syscall_type_t call,
04398 union rsbac_acl_group_syscall_arg_t * arg_p)
04399 {
04400 #if defined(CONFIG_RSBAC_ACL)
04401 union rsbac_acl_group_syscall_arg_t k_arg;
04402 int err = 0;
04403
04404 if(call >= ACLGS_none)
04405 return(-RSBAC_EINVALIDREQUEST);
04406 if(!arg_p)
04407 return(-RSBAC_EINVALIDPOINTER);
04408
04409 #ifdef CONFIG_RSBAC_FREEZE
04410 if(rsbac_freeze)
04411 {
04412 switch(call)
04413 {
04414 case ACLGS_add_group:
04415 case ACLGS_change_group:
04416 case ACLGS_remove_group:
04417 case ACLGS_add_member:
04418 case ACLGS_remove_member:
04419 rsbac_printk(KERN_WARNING
04420 "sys_rsbac_acl_group(): RSBAC configuration frozen, no administration allowed!\n");
04421 return -EPERM;
04422
04423 default:
04424 break;
04425 }
04426 }
04427 #endif
04428
04429
04430 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) );
04431
04432
04433 if(err >= 0)
04434 err = rsbac_acl_sys_group(ta_number, call, k_arg);
04435 return (err);
04436 #else
04437 return (-RSBAC_EINVALIDMODULE);
04438 #endif
04439 }
04440
04441 int sys_rsbac_acl_list_all_dev(
04442 rsbac_list_ta_number_t ta_number,
04443 struct rsbac_dev_desc_t * id_p,
04444 u_long maxnum)
04445 {
04446 #if defined(CONFIG_RSBAC_ACL)
04447 int err = 0;
04448 long count;
04449 long count2;
04450
04451 if(id_p && maxnum)
04452 {
04453 struct rsbac_dev_desc_t * k_id_p = NULL;
04454
04455 count = rsbac_acl_list_all_major_dev(ta_number, &k_id_p);
04456 if(count < 0)
04457 return count;
04458 if(count > maxnum)
04459 count = maxnum;
04460
04461 if(count)
04462 {
04463 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
04464 rsbac_vfree(k_id_p);
04465 if(err)
04466 return err;
04467 id_p += count;
04468 maxnum -= count;
04469 if(!maxnum)
04470 return count;
04471 }
04472
04473 count2 = rsbac_acl_list_all_dev(ta_number, &k_id_p);
04474 if(count2 < 0)
04475 return count2;
04476 if(count2 > maxnum)
04477 count2 = maxnum;
04478
04479 if(count2)
04480 {
04481 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count2 * sizeof(*k_id_p) );
04482 rsbac_vfree(k_id_p);
04483 if(err)
04484 return err;
04485 count += count2;
04486 }
04487 return count;
04488 }
04489 else
04490 {
04491 count = rsbac_acl_list_all_major_dev(ta_number, NULL);
04492 if(count < 0)
04493 return count;
04494 count2 = rsbac_acl_list_all_dev(ta_number, NULL);
04495 if(count2 < 0)
04496 return count2;
04497 else
04498 return count + count2;
04499 }
04500 #else
04501 return (-RSBAC_EINVALIDMODULE);
04502 #endif
04503 }
04504
04505 int sys_rsbac_acl_list_all_user(
04506 rsbac_list_ta_number_t ta_number,
04507 rsbac_uid_t * id_p,
04508 u_long maxnum)
04509 {
04510 #if defined(CONFIG_RSBAC_ACL)
04511 int err = 0;
04512 long count;
04513
04514 if(id_p && maxnum)
04515 {
04516 rsbac_uid_t * k_id_p = NULL;
04517
04518 count = rsbac_acl_list_all_user(ta_number, &k_id_p);
04519 if(count < 0)
04520 return count;
04521 if(count > maxnum)
04522 count = maxnum;
04523
04524 if(count)
04525 {
04526 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
04527 rsbac_vfree(k_id_p);
04528 if(err)
04529 return err;
04530 }
04531 return count;
04532 }
04533 else
04534 {
04535 return rsbac_acl_list_all_user(ta_number, NULL);
04536 }
04537 #else
04538 return (-RSBAC_EINVALIDMODULE);
04539 #endif
04540 }
04541
04542 int sys_rsbac_acl_list_all_group(
04543 rsbac_list_ta_number_t ta_number,
04544 rsbac_gid_t * id_p,
04545 u_long maxnum)
04546 {
04547 #ifdef CONFIG_RSBAC_ACL_UM_PROT
04548 int err = 0;
04549 long count;
04550
04551 if(id_p && maxnum)
04552 {
04553 rsbac_gid_t * k_id_p = NULL;
04554
04555 count = rsbac_acl_list_all_group(ta_number, &k_id_p);
04556 if(count < 0)
04557 return count;
04558 if(count > maxnum)
04559 count = maxnum;
04560
04561 if(count)
04562 {
04563 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
04564 rsbac_vfree(k_id_p);
04565 if(err)
04566 return err;
04567 }
04568 return count;
04569 }
04570 else
04571 {
04572 return rsbac_acl_list_all_group(ta_number, NULL);
04573 }
04574 #else
04575 return (-RSBAC_EINVALIDMODULE);
04576 #endif
04577 }
04578
04579
04580
04581 int sys_rsbac_jail(rsbac_version_t version,
04582 char * path,
04583 rsbac_jail_ip_t ip,
04584 rsbac_jail_flags_t flags,
04585 rsbac_cap_vector_t max_caps,
04586 rsbac_jail_scd_vector_t scd_get,
04587 rsbac_jail_scd_vector_t scd_modify)
04588 {
04589 #if defined(CONFIG_RSBAC_JAIL)
04590 return rsbac_jail_sys_jail(version, path, ip, flags,
04591 max_caps, scd_get, scd_modify);
04592 #else
04593 return (-RSBAC_EINVALIDMODULE);
04594 #endif
04595 }
04596
04597
04598
04599 int sys_rsbac_um_auth_name(
04600 char * name,
04601 char * pass)
04602 {
04603 #if defined(CONFIG_RSBAC_UM)
04604 rsbac_uid_t uid;
04605 int err;
04606 char * k_name;
04607 char * k_pass;
04608 union rsbac_target_id_t i_tid;
04609 union rsbac_attribute_value_t i_attr_val;
04610 #ifdef CONFIG_RSBAC_DEBUG
04611 if (rsbac_debug_aef_um)
04612 {
04613 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user\n");
04614 }
04615 #endif
04616 if(!name || !pass)
04617 {
04618 #ifdef CONFIG_RSBAC_DEBUG
04619 if (rsbac_debug_aef_um)
04620 {
04621 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): NULL name or pass\n");
04622 }
04623 #endif
04624 return -RSBAC_EINVALIDPOINTER;
04625 }
04626 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN);
04627 if(!k_name)
04628 return -RSBAC_ENOMEM;
04629 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04630 if(!k_pass)
04631 {
04632 rsbac_kfree(k_name);
04633 return -RSBAC_ENOMEM;
04634 }
04635 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
04636 if(err)
04637 goto out_free;
04638 k_name[RSBAC_UM_NAME_LEN-1] = 0;
04639 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
04640 if(err)
04641 goto out_free;
04642 k_pass[RSBAC_MAXNAMELEN-1] = 0;
04643 #if 0
04644 #ifdef CONFIG_RSBAC_DEBUG
04645 if (rsbac_debug_aef_um)
04646 {
04647 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user %s with pass %s\n",
04648 k_name, k_pass);
04649 }
04650 #endif
04651 #endif
04652 err = rsbac_um_get_uid(0, k_name, &uid);
04653 if(err)
04654 goto out_free;
04655
04656 err = rsbac_um_check_pass(uid, k_pass);
04657 if(err)
04658 goto out_free;
04659
04660 #ifdef CONFIG_RSBAC_AUTH
04661
04662 i_tid.process = current->pid;
04663 i_attr_val.auth_last_auth = uid;
04664 if (rsbac_set_attr(AUTH,
04665 T_PROCESS,
04666 i_tid,
04667 A_auth_last_auth,
04668 i_attr_val))
04669 {
04670 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth);
04671 }
04672 #endif
04673
04674 out_free:
04675 rsbac_kfree(k_name);
04676 memset(k_pass, 0, RSBAC_MAXNAMELEN);
04677 rsbac_kfree(k_pass);
04678 return err;
04679 #else
04680 return (-RSBAC_EINVALIDMODULE);
04681 #endif
04682 }
04683
04684 int sys_rsbac_um_auth_uid(rsbac_uid_t uid,
04685 char * pass)
04686 {
04687 #if defined(CONFIG_RSBAC_UM)
04688 int err;
04689 char * k_pass;
04690 union rsbac_target_id_t i_tid;
04691 union rsbac_attribute_value_t i_attr_val;
04692
04693 if(!pass)
04694 return -RSBAC_EINVALIDPOINTER;
04695 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04696 if(!k_pass)
04697 return -RSBAC_ENOMEM;
04698 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
04699 if(err)
04700 goto out_free;
04701 k_pass[RSBAC_MAXNAMELEN-1] = 0;
04702
04703 #ifdef CONFIG_RSBAC_DEBUG
04704 if (rsbac_debug_aef_um)
04705 {
04706 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_uid(): authenticating user %u with pass %s\n",
04707 uid, k_pass);
04708 }
04709 #endif
04710 err = rsbac_um_check_pass(uid, k_pass);
04711 if(err)
04712 goto out_free;
04713
04714 #ifdef CONFIG_RSBAC_AUTH
04715
04716 i_tid.process = current->pid;
04717 i_attr_val.auth_last_auth = uid;
04718 if (rsbac_set_attr(AUTH,
04719 T_PROCESS,
04720 i_tid,
04721 A_auth_last_auth,
04722 i_attr_val))
04723 {
04724 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth);
04725 }
04726 #endif
04727
04728 out_free:
04729 memset(k_pass, 0, RSBAC_MAXNAMELEN);
04730 rsbac_kfree(k_pass);
04731 return err;
04732 #else
04733 return (-RSBAC_EINVALIDMODULE);
04734 #endif
04735 }
04736
04737 int sys_rsbac_um_add_user(
04738 rsbac_list_ta_number_t ta_number,
04739 rsbac_uid_t uid,
04740 struct rsbac_um_user_entry_t * entry_p,
04741 char * pass,
04742 rsbac_time_t ttl)
04743 {
04744 #if defined(CONFIG_RSBAC_UM)
04745 int err;
04746 struct rsbac_um_user_entry_t * k_entry_p;
04747 char * k_pass;
04748 #ifndef CONFIG_RSBAC_MAINT
04749 union rsbac_target_id_t rsbac_target_id;
04750 union rsbac_target_id_t rsbac_new_target_id;
04751 union rsbac_attribute_value_t rsbac_attribute_value;
04752 #endif
04753
04754 if(!entry_p)
04755 return -RSBAC_EINVALIDPOINTER;
04756
04757 #ifdef CONFIG_RSBAC_FREEZE_UM
04758 if(rsbac_freeze)
04759 {
04760 rsbac_printk(KERN_WARNING
04761 "sys_rsbac_um_add_user(): RSBAC configuration frozen, no administration allowed!\n");
04762 return -EPERM;
04763 }
04764 #endif
04765
04766 #ifndef CONFIG_RSBAC_MAINT
04767 #ifdef CONFIG_RSBAC_DEBUG
04768 if (rsbac_debug_aef)
04769 {
04770 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_user(): calling ADF\n");
04771 }
04772 #endif
04773 rsbac_target_id.user = uid;
04774 rsbac_attribute_value.dummy = 0;
04775 if (!rsbac_adf_request(R_CREATE,
04776 current->pid,
04777 T_USER,
04778 rsbac_target_id,
04779 A_none,
04780 rsbac_attribute_value))
04781 {
04782 return -EPERM;
04783 }
04784 #endif
04785
04786 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p));
04787 if(!k_entry_p)
04788 return -RSBAC_ENOMEM;
04789 if(pass)
04790 {
04791 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04792 if(!k_pass)
04793 {
04794 rsbac_kfree(k_entry_p);
04795 return -RSBAC_ENOMEM;
04796 }
04797 }
04798 else
04799 k_pass = NULL;
04800 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p));
04801 if(err)
04802 goto out_free;
04803 if(!k_entry_p->name[0])
04804 {
04805 err = -RSBAC_EINVALIDVALUE;
04806 goto out_free;
04807 }
04808 if(pass)
04809 {
04810 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
04811 if(err)
04812 goto out_free;
04813 k_pass[RSBAC_MAXNAMELEN-1] = 0;
04814 }
04815 err = rsbac_um_add_user(ta_number, &uid, k_entry_p, k_pass, ttl);
04816
04817 #ifndef CONFIG_RSBAC_MAINT
04818
04819 if(!err)
04820 {
04821 rsbac_target_id.user = uid;
04822 rsbac_new_target_id.dummy = 0;
04823 if (rsbac_adf_set_attr(R_CREATE,
04824 current->pid,
04825 T_USER,
04826 rsbac_target_id,
04827 T_NONE,
04828 rsbac_new_target_id,
04829 A_none,
04830 rsbac_attribute_value))
04831 {
04832 rsbac_printk(KERN_WARNING
04833 "sys_rsbac_um_add_user(): rsbac_adf_set_attr() returned error\n");
04834 }
04835 }
04836 #endif
04837
04838 out_free:
04839 rsbac_kfree(k_entry_p);
04840 if(k_pass)
04841 {
04842 memset(k_pass, 0, RSBAC_MAXNAMELEN);
04843 rsbac_kfree(k_pass);
04844 }
04845 return err;
04846 #else
04847 return (-RSBAC_EINVALIDMODULE);
04848 #endif
04849 }
04850
04851 int sys_rsbac_um_add_group(
04852 rsbac_list_ta_number_t ta_number,
04853 rsbac_gid_t gid,
04854 struct rsbac_um_group_entry_t * entry_p,
04855 char * pass,
04856 rsbac_time_t ttl)
04857 {
04858 #if defined(CONFIG_RSBAC_UM)
04859 int err;
04860 struct rsbac_um_group_entry_t * k_entry_p;
04861 char * k_pass;
04862 #ifndef CONFIG_RSBAC_MAINT
04863 union rsbac_target_id_t rsbac_target_id;
04864 union rsbac_target_id_t rsbac_new_target_id;
04865 union rsbac_attribute_value_t rsbac_attribute_value;
04866 #endif
04867
04868 if(!entry_p)
04869 return -RSBAC_EINVALIDPOINTER;
04870
04871 #ifdef CONFIG_RSBAC_FREEZE_UM
04872 if(rsbac_freeze)
04873 {
04874 rsbac_printk(KERN_WARNING
04875 "sys_rsbac_um_add_group(): RSBAC configuration frozen, no administration allowed!\n");
04876 return -EPERM;
04877 }
04878 #endif
04879
04880 #ifndef CONFIG_RSBAC_MAINT
04881 #ifdef CONFIG_RSBAC_DEBUG
04882 if (rsbac_debug_aef)
04883 {
04884 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_group(): calling ADF\n");
04885 }
04886 #endif
04887 rsbac_target_id.group = gid;
04888 rsbac_attribute_value.dummy = 0;
04889 if (!rsbac_adf_request(R_CREATE,
04890 current->pid,
04891 T_GROUP,
04892 rsbac_target_id,
04893 A_none,
04894 rsbac_attribute_value))
04895 {
04896 return -EPERM;
04897 }
04898 #endif
04899
04900 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p));
04901 if(!k_entry_p)
04902 return -RSBAC_ENOMEM;
04903 if(pass)
04904 {
04905 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04906 if(!k_pass)
04907 {
04908 rsbac_kfree(k_entry_p);
04909 return -RSBAC_ENOMEM;
04910 }
04911 }
04912 else
04913 k_pass = NULL;
04914 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p));
04915 if(err)
04916 goto out_free;
04917 if(!k_entry_p->name[0])
04918 {
04919 err = -RSBAC_EINVALIDVALUE;
04920 goto out_free;
04921 }
04922 if(pass)
04923 {
04924 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
04925 if(err)
04926 goto out_free;
04927 k_pass[RSBAC_MAXNAMELEN-1] = 0;
04928 }
04929 err = rsbac_um_add_group(ta_number, &gid, k_entry_p, k_pass, ttl);
04930
04931 #ifndef CONFIG_RSBAC_MAINT
04932
04933 if(!err)
04934 {
04935 rsbac_target_id.group = gid;
04936 rsbac_new_target_id.dummy = 0;
04937 if (rsbac_adf_set_attr(R_CREATE,
04938 current->pid,
04939 T_GROUP,
04940 rsbac_target_id,
04941 T_NONE,
04942 rsbac_new_target_id,
04943 A_none,
04944 rsbac_attribute_value))
04945 {
04946 rsbac_printk(KERN_WARNING
04947 "sys_rsbac_um_add_group(): rsbac_adf_set_attr() returned error\n");
04948 }
04949 }
04950 #endif
04951
04952 out_free:
04953 rsbac_kfree(k_entry_p);
04954 if(k_pass)
04955 {
04956 memset(k_pass, 0, RSBAC_MAXNAMELEN);
04957 rsbac_kfree(k_pass);
04958 }
04959 return err;
04960 #else
04961 return (-RSBAC_EINVALIDMODULE);
04962 #endif
04963 }
04964
04965 int sys_rsbac_um_add_gm(
04966 rsbac_list_ta_number_t ta_number,
04967 rsbac_uid_t user,
04968 rsbac_gid_t group,
04969 rsbac_time_t ttl)
04970 {
04971 #if defined(CONFIG_RSBAC_UM)
04972 #ifndef CONFIG_RSBAC_MAINT
04973 union rsbac_target_id_t rsbac_target_id;
04974 union rsbac_attribute_value_t rsbac_attribute_value;
04975 #endif
04976
04977 #ifdef CONFIG_RSBAC_FREEZE_UM
04978 if(rsbac_freeze)
04979 {
04980 rsbac_printk(KERN_WARNING
04981 "sys_rsbac_um_add_gm(): RSBAC configuration frozen, no administration allowed!\n");
04982 return -EPERM;
04983 }
04984 #endif
04985
04986 #ifndef CONFIG_RSBAC_MAINT
04987 #ifdef CONFIG_RSBAC_DEBUG
04988 if (rsbac_debug_aef)
04989 {
04990 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_gm(): calling ADF\n");
04991 }
04992 #endif
04993 rsbac_target_id.user = user;
04994 rsbac_attribute_value.group = group;
04995 if (!rsbac_adf_request(R_CHANGE_GROUP,
04996 current->pid,
04997 T_USER,
04998 rsbac_target_id,
04999 A_group,
05000 rsbac_attribute_value))
05001 {
05002 return -EPERM;
05003 }
05004 #endif
05005
05006 return rsbac_um_add_gm(ta_number, user, group, ttl);
05007 #else
05008 return (-RSBAC_EINVALIDMODULE);
05009 #endif
05010 }
05011
05012 int sys_rsbac_um_mod_user(
05013 rsbac_list_ta_number_t ta_number,
05014 rsbac_uid_t uid,
05015 enum rsbac_um_mod_t mod,
05016 union rsbac_um_mod_data_t * data_p)
05017 {
05018 #if defined(CONFIG_RSBAC_UM)
05019 int err;
05020 union rsbac_um_mod_data_t * k_data_p;
05021 #ifndef CONFIG_RSBAC_MAINT
05022 enum rsbac_adf_request_t rsbac_request;
05023 union rsbac_target_id_t rsbac_target_id;
05024 enum rsbac_attribute_t rsbac_attribute = A_none;
05025 union rsbac_attribute_value_t rsbac_attribute_value;
05026 #endif
05027
05028 if(mod >= UM_none)
05029 return -RSBAC_EINVALIDREQUEST;
05030 if( !data_p
05031 && (mod != UM_pass)
05032 )
05033 return -RSBAC_EINVALIDPOINTER;
05034
05035 #ifdef CONFIG_RSBAC_FREEZE_UM
05036 if(rsbac_freeze)
05037 {
05038 rsbac_printk(KERN_WARNING
05039 "sys_rsbac_um_mod_user(): RSBAC configuration frozen, no administration allowed!\n");
05040 return -EPERM;
05041 }
05042 #endif
05043
05044 #ifndef CONFIG_RSBAC_MAINT
05045 #ifdef CONFIG_RSBAC_DEBUG
05046 if (rsbac_debug_aef)
05047 {
05048 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_user(): calling ADF\n");
05049 }
05050 #endif
05051 rsbac_attribute_value.dummy = 0;
05052 switch(mod)
05053 {
05054 case UM_name:
05055 rsbac_request = R_RENAME;
05056 break;
05057
05058 case UM_pass:
05059 case UM_cryptpass:
05060 rsbac_request = R_MODIFY_PERMISSIONS_DATA;
05061 break;
05062
05063 case UM_fullname:
05064 rsbac_request = R_WRITE;
05065 break;
05066
05067 case UM_homedir:
05068 rsbac_request = R_WRITE;
05069 break;
05070
05071 case UM_shell:
05072 rsbac_request = R_WRITE;
05073 break;
05074
05075 case UM_group:
05076 rsbac_request = R_CHANGE_GROUP;
05077 rsbac_attribute = A_group;
05078 rsbac_attribute_value.group = data_p->group;
05079 break;
05080
05081 case UM_lastchange:
05082 rsbac_request = R_WRITE;
05083 break;
05084
05085 case UM_minchange:
05086 rsbac_request = R_WRITE;
05087 break;
05088
05089 case UM_maxchange:
05090 rsbac_request = R_WRITE;
05091 break;
05092
05093 case UM_warnchange:
05094 rsbac_request = R_WRITE;
05095 break;
05096
05097 case UM_inactive:
05098 rsbac_request = R_WRITE;
05099 break;
05100
05101 case UM_expire:
05102 rsbac_request = R_WRITE;
05103 break;
05104
05105 case UM_ttl:
05106 rsbac_request = R_DELETE;
05107 break;
05108
05109 default:
05110 return -RSBAC_EINVALIDREQUEST;
05111 }
05112 rsbac_target_id.user = uid;
05113 if (!rsbac_adf_request(rsbac_request,
05114 current->pid,
05115 T_USER,
05116 rsbac_target_id,
05117 rsbac_attribute,
05118 rsbac_attribute_value))
05119 {
05120 return -EPERM;
05121 }
05122 #endif
05123
05124
05125 if(data_p)
05126 {
05127 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05128 if(!k_data_p)
05129 return -RSBAC_ENOMEM;
05130 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p));
05131 if(err)
05132 {
05133 rsbac_kfree(k_data_p);
05134 return err;
05135 }
05136 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0;
05137 }
05138 else
05139 k_data_p = NULL;
05140
05141 err = rsbac_um_mod_user(ta_number, uid, mod, k_data_p);
05142
05143 if(k_data_p)
05144 rsbac_kfree(k_data_p);
05145 return err;
05146 #else
05147 return (-RSBAC_EINVALIDMODULE);
05148 #endif
05149 }
05150
05151 int sys_rsbac_um_mod_group(
05152 rsbac_list_ta_number_t ta_number,
05153 rsbac_gid_t gid,
05154 enum rsbac_um_mod_t mod,
05155 union rsbac_um_mod_data_t * data_p)
05156 {
05157 #if defined(CONFIG_RSBAC_UM)
05158 int err;
05159 union rsbac_um_mod_data_t * k_data_p;
05160 #ifndef CONFIG_RSBAC_MAINT
05161 enum rsbac_adf_request_t rsbac_request;
05162 union rsbac_target_id_t rsbac_target_id;
05163 union rsbac_attribute_value_t rsbac_attribute_value;
05164 #endif
05165
05166 if(mod >= UM_none)
05167 return -RSBAC_EINVALIDREQUEST;
05168 if( !data_p
05169 && (mod != UM_pass)
05170 )
05171 return -RSBAC_EINVALIDPOINTER;
05172
05173 #ifdef CONFIG_RSBAC_FREEZE_UM
05174 if(rsbac_freeze)
05175 {
05176 rsbac_printk(KERN_WARNING
05177 "sys_rsbac_um_mod_group(): RSBAC configuration frozen, no administration allowed!\n");
05178 return -EPERM;
05179 }
05180 #endif
05181
05182 #ifndef CONFIG_RSBAC_MAINT
05183 #ifdef CONFIG_RSBAC_DEBUG
05184 if (rsbac_debug_aef)
05185 {
05186 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_group(): calling ADF\n");
05187 }
05188 #endif
05189 switch(mod)
05190 {
05191 case UM_name:
05192 rsbac_request = R_RENAME;
05193 break;
05194
05195 case UM_pass:
05196 case UM_cryptpass:
05197 rsbac_request = R_MODIFY_PERMISSIONS_DATA;
05198 break;
05199
05200 case UM_ttl:
05201 rsbac_request = R_DELETE;
05202 break;
05203
05204 default:
05205 return -RSBAC_EINVALIDREQUEST;
05206 }
05207 rsbac_target_id.group = gid;
05208 rsbac_attribute_value.dummy = 0;
05209 if (!rsbac_adf_request(rsbac_request,
05210 current->pid,
05211 T_GROUP,
05212 rsbac_target_id,
05213 A_none,
05214 rsbac_attribute_value))
05215 {
05216 return -EPERM;
05217 }
05218 #endif
05219
05220 if(data_p)
05221 {
05222 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05223 if(!k_data_p)
05224 return -RSBAC_ENOMEM;
05225 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p));
05226 if(err)
05227 {
05228 rsbac_kfree(k_data_p);
05229 return err;
05230 }
05231 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0;
05232 }
05233 else
05234 k_data_p = NULL;
05235
05236 err = rsbac_um_mod_group(ta_number, gid, mod, k_data_p);
05237
05238 if(k_data_p)
05239 rsbac_kfree(k_data_p);
05240 return err;
05241 #else
05242 return (-RSBAC_EINVALIDMODULE);
05243 #endif
05244 }
05245
05246 int sys_rsbac_um_get_user_item(
05247 rsbac_list_ta_number_t ta_number,
05248 rsbac_uid_t uid,
05249 enum rsbac_um_mod_t mod,
05250 union rsbac_um_mod_data_t * data_p)
05251 {
05252 #if defined(CONFIG_RSBAC_UM)
05253 int err;
05254 union rsbac_um_mod_data_t * k_data_p;
05255 #ifndef CONFIG_RSBAC_MAINT
05256 enum rsbac_adf_request_t rsbac_request;
05257 union rsbac_target_id_t rsbac_target_id;
05258 union rsbac_attribute_value_t rsbac_attribute_value;
05259 #endif
05260
05261 if(mod >= UM_none)
05262 return -RSBAC_EINVALIDREQUEST;
05263 if(!data_p)
05264 return -RSBAC_EINVALIDPOINTER;
05265
05266 #ifndef CONFIG_RSBAC_MAINT
05267 #ifdef CONFIG_RSBAC_DEBUG
05268 if (rsbac_debug_aef)
05269 {
05270 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_item(): calling ADF\n");
05271 }
05272 #endif
05273 rsbac_attribute_value.dummy = 0;
05274 switch(mod)
05275 {
05276 case UM_name:
05277 rsbac_request = R_SEARCH;
05278 break;
05279
05280 case UM_group:
05281 case UM_fullname:
05282 case UM_homedir:
05283 case UM_shell:
05284 rsbac_request = R_GET_STATUS_DATA;
05285 break;
05286
05287 case UM_pass:
05288 rsbac_request = R_GET_PERMISSIONS_DATA;
05289 break;
05290
05291 case UM_lastchange:
05292 case UM_minchange:
05293 case UM_maxchange:
05294 case UM_warnchange:
05295 case UM_inactive:
05296 case UM_expire:
05297 case UM_ttl:
05298 rsbac_request = R_READ;
05299 break;
05300
05301 default:
05302 return -RSBAC_EINVALIDREQUEST;
05303 }
05304 rsbac_target_id.user = uid;
05305 if (!rsbac_adf_request(rsbac_request,
05306 current->pid,
05307 T_USER,
05308 rsbac_target_id,
05309 A_none,
05310 rsbac_attribute_value))
05311 {
05312 return -EPERM;
05313 }
05314 #endif
05315
05316 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05317 if(!k_data_p)
05318 return -RSBAC_ENOMEM;
05319 memset(k_data_p, 0, sizeof(*k_data_p));
05320
05321 err = rsbac_um_get_user_item(ta_number, uid, mod, k_data_p);
05322 if(!err)
05323 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) );
05324 rsbac_kfree(k_data_p);
05325 return err;
05326 #else
05327 return (-RSBAC_EINVALIDMODULE);
05328 #endif
05329 }
05330
05331 int sys_rsbac_um_get_group_item(
05332 rsbac_list_ta_number_t ta_number,
05333 rsbac_gid_t gid,
05334 enum rsbac_um_mod_t mod,
05335 union rsbac_um_mod_data_t * data_p)
05336 {
05337 #if defined(CONFIG_RSBAC_UM)
05338 int err;
05339 union rsbac_um_mod_data_t * k_data_p;
05340 #ifndef CONFIG_RSBAC_MAINT
05341 enum rsbac_adf_request_t rsbac_request;
05342 union rsbac_target_id_t rsbac_target_id;
05343 union rsbac_attribute_value_t rsbac_attribute_value;
05344 #endif
05345
05346 if(mod >= UM_none)
05347 return -RSBAC_EINVALIDREQUEST;
05348 if(!data_p)
05349 return -RSBAC_EINVALIDPOINTER;
05350
05351 #ifndef CONFIG_RSBAC_MAINT
05352 #ifdef CONFIG_RSBAC_DEBUG
05353 if (rsbac_debug_aef)
05354 {
05355 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_item(): calling ADF\n");
05356 }
05357 #endif
05358 rsbac_attribute_value.dummy = 0;
05359 switch(mod)
05360 {
05361 case UM_name:
05362 rsbac_request = R_SEARCH;
05363 break;
05364
05365 case UM_pass:
05366 rsbac_request = R_GET_PERMISSIONS_DATA;
05367 break;
05368
05369 case UM_ttl:
05370 rsbac_request = R_GET_STATUS_DATA;
05371 break;
05372
05373 default:
05374 return -RSBAC_EINVALIDREQUEST;
05375 }
05376 rsbac_target_id.group = gid;
05377 if (!rsbac_adf_request(rsbac_request,
05378 current->pid,
05379 T_GROUP,
05380 rsbac_target_id,
05381 A_none,
05382 rsbac_attribute_value))
05383 {
05384 return -EPERM;
05385 }
05386 #endif
05387
05388 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05389 if(!k_data_p)
05390 return -RSBAC_ENOMEM;
05391 memset(k_data_p, 0, sizeof(*k_data_p));
05392
05393 err = rsbac_um_get_group_item(ta_number, gid, mod, k_data_p);
05394 if(!err)
05395 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) );
05396 rsbac_kfree(k_data_p);
05397 return err;
05398 #else
05399 return (-RSBAC_EINVALIDMODULE);
05400 #endif
05401 }
05402
05403 int sys_rsbac_um_remove_user(
05404 rsbac_list_ta_number_t ta_number,
05405 rsbac_uid_t uid)
05406 {
05407 #if defined(CONFIG_RSBAC_UM)
05408 int err;
05409 #ifndef CONFIG_RSBAC_MAINT
05410 union rsbac_target_id_t rsbac_target_id;
05411 union rsbac_target_id_t rsbac_new_target_id;
05412 union rsbac_attribute_value_t rsbac_attribute_value;
05413 #endif
05414
05415 #ifdef CONFIG_RSBAC_FREEZE_UM
05416 if(rsbac_freeze)
05417 {
05418 rsbac_printk(KERN_WARNING
05419 "sys_rsbac_um_remove_user(): RSBAC configuration frozen, no administration allowed!\n");
05420 return -EPERM;
05421 }
05422 #endif
05423
05424 #ifndef CONFIG_RSBAC_MAINT
05425 #ifdef CONFIG_RSBAC_DEBUG
05426 if (rsbac_debug_aef)
05427 {
05428 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_user(): calling ADF\n");
05429 }
05430 #endif
05431 rsbac_target_id.user = uid;
05432 rsbac_attribute_value.dummy = 0;
05433 if (!rsbac_adf_request(R_DELETE,
05434 current->pid,
05435 T_USER,
05436 rsbac_target_id,
05437 A_none,
05438 rsbac_attribute_value))
05439 {
05440 return -EPERM;
05441 }
05442 #endif
05443
05444 err = rsbac_um_remove_user(ta_number, uid);
05445
05446 #ifndef CONFIG_RSBAC_MAINT
05447 if(!err)
05448 {
05449 rsbac_new_target_id.dummy = 0;
05450 if (rsbac_adf_set_attr(R_DELETE,
05451 current->pid,
05452 T_USER,
05453 rsbac_target_id,
05454 T_NONE,
05455 rsbac_new_target_id,
05456 A_none,
05457 rsbac_attribute_value))
05458 {
05459 rsbac_printk(KERN_WARNING
05460 "sys_rsbac_um_remove_user(): rsbac_adf_set_attr() returned error");
05461 }
05462 }
05463 #endif
05464 return err;
05465 #else
05466 return (-RSBAC_EINVALIDMODULE);
05467 #endif
05468 }
05469
05470 int sys_rsbac_um_remove_group(
05471 rsbac_list_ta_number_t ta_number,
05472 rsbac_gid_t gid)
05473 {
05474 #if defined(CONFIG_RSBAC_UM)
05475 int err;
05476 #ifndef CONFIG_RSBAC_MAINT
05477 union rsbac_target_id_t rsbac_target_id;
05478 union rsbac_target_id_t rsbac_new_target_id;
05479 union rsbac_attribute_value_t rsbac_attribute_value;
05480 #endif
05481
05482 #ifdef CONFIG_RSBAC_FREEZE_UM
05483 if(rsbac_freeze)
05484 {
05485 rsbac_printk(KERN_WARNING
05486 "sys_rsbac_um_remove_group(): RSBAC configuration frozen, no administration allowed!\n");
05487 return -EPERM;
05488 }
05489 #endif
05490
05491 #ifndef CONFIG_RSBAC_MAINT
05492 #ifdef CONFIG_RSBAC_DEBUG
05493 if (rsbac_debug_aef)
05494 {
05495 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_group(): calling ADF\n");
05496 }
05497 #endif
05498 rsbac_target_id.group = gid;
05499 rsbac_attribute_value.dummy = 0;
05500 if (!rsbac_adf_request(R_DELETE,
05501 current->pid,
05502 T_GROUP,
05503 rsbac_target_id,
05504 A_none,
05505 rsbac_attribute_value))
05506 {
05507 return -EPERM;
05508 }
05509 #endif
05510
05511 err = rsbac_um_remove_group(ta_number, gid);
05512
05513 #ifndef CONFIG_RSBAC_MAINT
05514 if(!err)
05515 {
05516 rsbac_new_target_id.dummy = 0;
05517 if (rsbac_adf_set_attr(R_DELETE,
05518 current->pid,
05519 T_GROUP,
05520 rsbac_target_id,
05521 T_NONE,
05522 rsbac_new_target_id,
05523 A_none,
05524 rsbac_attribute_value))
05525 {
05526 rsbac_printk(KERN_WARNING
05527 "sys_rsbac_um_remove_group(): rsbac_adf_set_attr() returned error");
05528 }
05529 }
05530 #endif
05531 return err;
05532 #else
05533 return (-RSBAC_EINVALIDMODULE);
05534 #endif
05535 }
05536
05537 int sys_rsbac_um_remove_gm(
05538 rsbac_list_ta_number_t ta_number,
05539 rsbac_uid_t user,
05540 rsbac_gid_t group)
05541 {
05542 #if defined(CONFIG_RSBAC_UM)
05543 #ifndef CONFIG_RSBAC_MAINT
05544 union rsbac_target_id_t rsbac_target_id;
05545 union rsbac_attribute_value_t rsbac_attribute_value;
05546 #endif
05547
05548 #ifdef CONFIG_RSBAC_FREEZE_UM
05549 if(rsbac_freeze)
05550 {
05551 rsbac_printk(KERN_WARNING
05552 "sys_rsbac_um_remove_gm(): RSBAC configuration frozen, no administration allowed!\n");
05553 return -EPERM;
05554 }
05555 #endif
05556
05557 #ifndef CONFIG_RSBAC_MAINT
05558 #ifdef CONFIG_RSBAC_DEBUG
05559 if (rsbac_debug_aef)
05560 {
05561 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_gm(): calling ADF\n");
05562 }
05563 #endif
05564 rsbac_target_id.user = user;
05565 rsbac_attribute_value.group = group;
05566 if (!rsbac_adf_request(R_CHANGE_GROUP,
05567 current->pid,
05568 T_USER,
05569 rsbac_target_id,
05570 A_group,
05571 rsbac_attribute_value))
05572 {
05573 return -EPERM;
05574 }
05575 #endif
05576
05577 return rsbac_um_remove_gm(ta_number, user, group);
05578 #else
05579 return (-RSBAC_EINVALIDMODULE);
05580 #endif
05581 }
05582
05583 int sys_rsbac_um_user_exists(
05584 rsbac_list_ta_number_t ta_number,
05585 rsbac_uid_t uid)
05586 {
05587 #if defined(CONFIG_RSBAC_UM)
05588 #ifndef CONFIG_RSBAC_MAINT
05589 union rsbac_target_id_t rsbac_target_id;
05590 union rsbac_attribute_value_t rsbac_attribute_value;
05591 #endif
05592
05593 #ifndef CONFIG_RSBAC_MAINT
05594 #ifdef CONFIG_RSBAC_DEBUG
05595 if (rsbac_debug_aef)
05596 {
05597 rsbac_printk(KERN_DEBUG "sys_rsbac_um_user_exists(): calling ADF\n");
05598 }
05599 #endif
05600 rsbac_target_id.user = uid;
05601 rsbac_attribute_value.dummy = 0;
05602 if (!rsbac_adf_request(R_SEARCH,
05603 current->pid,
05604 T_USER,
05605 rsbac_target_id,
05606 A_none,
05607 rsbac_attribute_value))
05608 {
05609 return -EPERM;
05610 }
05611 #endif
05612
05613 return rsbac_um_user_exists(ta_number, uid);
05614 #else
05615 return (-RSBAC_EINVALIDMODULE);
05616 #endif
05617 }
05618
05619 int sys_rsbac_um_group_exists(
05620 rsbac_list_ta_number_t ta_number,
05621 rsbac_gid_t gid)
05622 {
05623 #if defined(CONFIG_RSBAC_UM)
05624 #ifndef CONFIG_RSBAC_MAINT
05625 union rsbac_target_id_t rsbac_target_id;
05626 union rsbac_attribute_value_t rsbac_attribute_value;
05627 #endif
05628
05629 #ifndef CONFIG_RSBAC_MAINT
05630 #ifdef CONFIG_RSBAC_DEBUG
05631 if (rsbac_debug_aef)
05632 {
05633 rsbac_printk(KERN_DEBUG "sys_rsbac_um_group_exists(): calling ADF\n");
05634 }
05635 #endif
05636 rsbac_target_id.group = gid;
05637 rsbac_attribute_value.dummy = 0;
05638 if (!rsbac_adf_request(R_SEARCH,
05639 current->pid,
05640 T_GROUP,
05641 rsbac_target_id,
05642 A_none,
05643 rsbac_attribute_value))
05644 {
05645 return -EPERM;
05646 }
05647 #endif
05648
05649 return rsbac_um_group_exists(ta_number, gid);
05650 #else
05651 return (-RSBAC_EINVALIDMODULE);
05652 #endif
05653 }
05654
05655 int sys_rsbac_um_get_next_user(
05656 rsbac_list_ta_number_t ta_number,
05657 rsbac_uid_t old_user,
05658 rsbac_uid_t * next_user_p)
05659 {
05660 #if defined(CONFIG_RSBAC_UM)
05661 rsbac_uid_t k_next_user;
05662 int err;
05663 #ifndef CONFIG_RSBAC_MAINT
05664 union rsbac_target_id_t rsbac_target_id;
05665 union rsbac_attribute_value_t rsbac_attribute_value;
05666 #endif
05667
05668 if(!next_user_p)
05669 return -RSBAC_EINVALIDPOINTER;
05670
05671 #ifndef CONFIG_RSBAC_MAINT
05672 #ifdef CONFIG_RSBAC_DEBUG
05673 if (rsbac_debug_aef)
05674 {
05675 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_next_user(): calling ADF\n");
05676 }
05677 #endif
05678 rsbac_target_id.user = old_user;
05679 rsbac_attribute_value.dummy = 0;
05680 if (!rsbac_adf_request(R_SEARCH,
05681 current->pid,
05682 T_USER,
05683 rsbac_target_id,
05684 A_none,
05685 rsbac_attribute_value))
05686 {
05687 return -EPERM;
05688 }
05689 #endif
05690
05691 err = rsbac_um_get_next_user(ta_number, old_user, &k_next_user);
05692 if(!err)
05693 err = rsbac_put_user((char *)&k_next_user, (char *) next_user_p, sizeof(k_next_user));
05694 return err;
05695 #else
05696 return (-RSBAC_EINVALIDMODULE);
05697 #endif
05698 }
05699
05700 int sys_rsbac_um_get_user_list(
05701 rsbac_list_ta_number_t ta_number,
05702 rsbac_uid_t user_array[],
05703 u_int maxnum)
05704 {
05705 #if defined(CONFIG_RSBAC_UM)
05706 long count;
05707 rsbac_uid_t * k_user_array;
05708 #ifndef CONFIG_RSBAC_MAINT
05709 union rsbac_target_id_t rsbac_target_id;
05710 union rsbac_attribute_value_t rsbac_attribute_value;
05711 #endif
05712
05713 if(maxnum > RSBAC_UM_MAX_MAXNUM)
05714 maxnum = RSBAC_UM_MAX_MAXNUM;
05715
05716 #ifndef CONFIG_RSBAC_MAINT
05717 #ifdef CONFIG_RSBAC_DEBUG
05718 if (rsbac_debug_aef)
05719 {
05720 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_list(): calling ADF\n");
05721 }
05722 #endif
05723 rsbac_target_id.user = RSBAC_ALL_USERS;
05724 rsbac_attribute_value.dummy = 0;
05725 if (!rsbac_adf_request(R_SEARCH,
05726 current->pid,
05727 T_USER,
05728 rsbac_target_id,
05729 A_none,
05730 rsbac_attribute_value))
05731 {
05732 return -EPERM;
05733 }
05734 #endif
05735
05736
05737 if(!user_array || !maxnum)
05738 return rsbac_um_get_user_list(ta_number, NULL);
05739
05740 count = rsbac_um_get_user_list(ta_number, &k_user_array);
05741 if(count>0)
05742 {
05743 if(count > maxnum)
05744 count = maxnum;
05745 rsbac_put_user((u_char *) k_user_array,
05746 (u_char *) user_array,
05747 count * sizeof(*k_user_array) );
05748 rsbac_vfree(k_user_array);
05749 }
05750 return count;
05751 #else
05752 return -RSBAC_EINVALIDMODULE;
05753 #endif
05754 };
05755
05756 int sys_rsbac_um_get_gm_list(
05757 rsbac_list_ta_number_t ta_number,
05758 rsbac_uid_t user,
05759 rsbac_gid_t group_array[],
05760 u_int maxnum)
05761 {
05762 #if defined(CONFIG_RSBAC_UM)
05763 long count;
05764 rsbac_gid_t * k_group_array;
05765 #ifndef CONFIG_RSBAC_MAINT
05766 union rsbac_target_id_t rsbac_target_id;
05767 union rsbac_attribute_value_t rsbac_attribute_value;
05768 #endif
05769
05770
05771 if(maxnum > RSBAC_UM_MAX_MAXNUM)
05772 maxnum = RSBAC_UM_MAX_MAXNUM;
05773
05774 #ifndef CONFIG_RSBAC_MAINT
05775 #ifdef CONFIG_RSBAC_DEBUG
05776 if (rsbac_debug_aef)
05777 {
05778 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_list(): calling ADF\n");
05779 }
05780 #endif
05781 rsbac_target_id.user = user;
05782 rsbac_attribute_value.dummy = 0;
05783 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05784 current->pid,
05785 T_USER,
05786 rsbac_target_id,
05787 A_none,
05788 rsbac_attribute_value))
05789 {
05790 return -EPERM;
05791 }
05792 #endif
05793
05794
05795 if(!group_array || !maxnum)
05796 return rsbac_um_get_gm_list(ta_number, user, NULL);
05797
05798 count = rsbac_um_get_gm_list(ta_number, user, &k_group_array);
05799 if(count>0)
05800 {
05801 if(count > maxnum)
05802 count = maxnum;
05803 rsbac_put_user((u_char *) k_group_array,
05804 (u_char *) group_array,
05805 count * sizeof(*k_group_array) );
05806 rsbac_vfree(k_group_array);
05807 }
05808 return count;
05809 #else
05810 return -RSBAC_EINVALIDMODULE;
05811 #endif
05812 };
05813
05814 int sys_rsbac_um_get_gm_user_list(
05815 rsbac_list_ta_number_t ta_number,
05816 rsbac_gid_t group,
05817 rsbac_uid_t user_array[],
05818 u_int maxnum)
05819 {
05820 #if defined(CONFIG_RSBAC_UM)
05821 long count;
05822 rsbac_uid_t * k_user_array;
05823 #ifndef CONFIG_RSBAC_MAINT
05824 union rsbac_target_id_t rsbac_target_id;
05825 union rsbac_attribute_value_t rsbac_attribute_value;
05826 #endif
05827
05828 if(maxnum > RSBAC_UM_MAX_MAXNUM)
05829 maxnum = RSBAC_UM_MAX_MAXNUM;
05830
05831 #ifndef CONFIG_RSBAC_MAINT
05832 #ifdef CONFIG_RSBAC_DEBUG
05833 if (rsbac_debug_aef)
05834 {
05835 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_user_list(): calling ADF\n");
05836 }
05837 #endif
05838 rsbac_target_id.group = group;
05839 rsbac_attribute_value.dummy = 0;
05840 if (!rsbac_adf_request(R_READ,
05841 current->pid,
05842 T_GROUP,
05843 rsbac_target_id,
05844 A_none,
05845 rsbac_attribute_value))
05846 {
05847 return -EPERM;
05848 }
05849 #endif
05850
05851 if(!user_array || !maxnum)
05852 return rsbac_um_get_gm_user_list(ta_number, group, NULL);
05853
05854 count = rsbac_um_get_gm_user_list(ta_number, group, &k_user_array);
05855 if(count>0)
05856 {
05857 if(count > maxnum)
05858 count = maxnum;
05859 rsbac_put_user((u_char *) k_user_array,
05860 (u_char *) user_array,
05861 count * sizeof(*k_user_array) );
05862 rsbac_vfree(k_user_array);
05863 }
05864 return count;
05865 #else
05866 return -RSBAC_EINVALIDMODULE;
05867 #endif
05868 };
05869
05870 int sys_rsbac_um_get_group_list(
05871 rsbac_list_ta_number_t ta_number,
05872 rsbac_gid_t group_array[],
05873 u_int maxnum)
05874 {
05875 #if defined(CONFIG_RSBAC_UM)
05876 long count;
05877 rsbac_gid_t * k_group_array;
05878 #ifndef CONFIG_RSBAC_MAINT
05879 union rsbac_target_id_t rsbac_target_id;
05880 union rsbac_attribute_value_t rsbac_attribute_value;
05881 #endif
05882
05883 if(maxnum > RSBAC_UM_MAX_MAXNUM)
05884 maxnum = RSBAC_UM_MAX_MAXNUM;
05885
05886 #ifndef CONFIG_RSBAC_MAINT
05887 #ifdef CONFIG_RSBAC_DEBUG
05888 if (rsbac_debug_aef)
05889 {
05890 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_list(): calling ADF\n");
05891 }
05892 #endif
05893 rsbac_target_id.group = RSBAC_ALL_USERS;
05894 rsbac_attribute_value.dummy = 0;
05895 if (!rsbac_adf_request(R_SEARCH,
05896 current->pid,
05897 T_GROUP,
05898 rsbac_target_id,
05899 A_none,
05900 rsbac_attribute_value))
05901 {
05902 return -EPERM;
05903 }
05904 #endif
05905
05906
05907 if(!group_array || !maxnum)
05908 return rsbac_um_get_group_list(ta_number, NULL);
05909
05910 count = rsbac_um_get_group_list(ta_number, &k_group_array);
05911 if(count>0)
05912 {
05913 if(count > maxnum)
05914 count = maxnum;
05915 rsbac_put_user((u_char *) k_group_array,
05916 (u_char *) group_array,
05917 count * sizeof(*k_group_array) );
05918 rsbac_vfree(k_group_array);
05919 }
05920 return count;
05921 #else
05922 return -RSBAC_EINVALIDMODULE;
05923 #endif
05924 };
05925
05926
05927
05928 int sys_rsbac_um_get_uid(
05929 rsbac_list_ta_number_t ta_number,
05930 char * name,
05931 rsbac_uid_t * uid_p)
05932 {
05933 #if defined(CONFIG_RSBAC_UM)
05934 rsbac_uid_t k_uid;
05935 int err;
05936 char k_name[RSBAC_UM_NAME_LEN];
05937
05938 if(!name || !uid_p)
05939 return -RSBAC_EINVALIDPOINTER;
05940
05941 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
05942 if(err)
05943 return err;
05944 k_name[RSBAC_UM_NAME_LEN-1] = 0;
05945 err = rsbac_um_get_uid(ta_number, k_name, &k_uid);
05946 if(!err)
05947 {
05948 #ifndef CONFIG_RSBAC_MAINT
05949 union rsbac_target_id_t rsbac_target_id;
05950 union rsbac_attribute_value_t rsbac_attribute_value;
05951
05952 #ifdef CONFIG_RSBAC_DEBUG
05953 if (rsbac_debug_aef)
05954 {
05955 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_uid(): calling ADF\n");
05956 }
05957 #endif
05958 rsbac_target_id.user = k_uid;
05959 rsbac_attribute_value.dummy = 0;
05960 if (!rsbac_adf_request(R_SEARCH,
05961 current->pid,
05962 T_USER,
05963 rsbac_target_id,
05964 A_none,
05965 rsbac_attribute_value))
05966 {
05967 err = -EPERM;
05968 }
05969 else
05970 #endif
05971
05972 err = rsbac_put_user((char *)&k_uid, (char *) uid_p, sizeof(k_uid));
05973 }
05974 return err;
05975 #else
05976 return (-RSBAC_EINVALIDMODULE);
05977 #endif
05978 }
05979
05980 int sys_rsbac_um_get_gid(
05981 rsbac_list_ta_number_t ta_number,
05982 char * name,
05983 rsbac_gid_t * gid_p)
05984 {
05985 #if defined(CONFIG_RSBAC_UM)
05986 rsbac_gid_t k_gid;
05987 int err;
05988 char k_name[RSBAC_UM_NAME_LEN];
05989
05990 if(!name || !gid_p)
05991 return -RSBAC_EINVALIDPOINTER;
05992 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
05993 if(err)
05994 return err;
05995 k_name[RSBAC_UM_NAME_LEN-1] = 0;
05996 err = rsbac_um_get_gid(ta_number, k_name, &k_gid);
05997 if(!err)
05998 {
05999 #ifndef CONFIG_RSBAC_MAINT
06000 union rsbac_target_id_t rsbac_target_id;
06001 union rsbac_attribute_value_t rsbac_attribute_value;
06002
06003 #ifdef CONFIG_RSBAC_DEBUG
06004 if (rsbac_debug_aef)
06005 {
06006 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gid(): calling ADF\n");
06007 }
06008 #endif
06009 rsbac_target_id.group = k_gid;
06010 rsbac_attribute_value.dummy = 0;
06011 if (!rsbac_adf_request(R_SEARCH,
06012 current->pid,
06013 T_GROUP,
06014 rsbac_target_id,
06015 A_none,
06016 rsbac_attribute_value))
06017 {
06018 err = -EPERM;
06019 }
06020 else
06021 #endif
06022
06023 err = rsbac_put_user((char *)&k_gid, (char *) gid_p, sizeof(k_gid));
06024 }
06025 return err;
06026 #else
06027 return (-RSBAC_EINVALIDMODULE);
06028 #endif
06029 }
06030
06031 int sys_rsbac_um_set_pass(rsbac_uid_t uid,
06032 char * old_pass,
06033 char * new_pass)
06034 {
06035 #if defined(CONFIG_RSBAC_UM)
06036 int err;
06037 char * k_new_pass;
06038
06039 if(!new_pass)
06040 return -RSBAC_EINVALIDPOINTER;
06041 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06042 if(!k_new_pass)
06043 return -RSBAC_ENOMEM;
06044 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN);
06045 if(err)
06046 {
06047 rsbac_kfree(k_new_pass);
06048 return err;
06049 }
06050 k_new_pass[RSBAC_MAXNAMELEN-1] = 0;
06051
06052 if(old_pass && (uid == current->uid))
06053 {
06054 char * k_old_pass;
06055
06056 k_old_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06057 if(!k_old_pass)
06058 {
06059 rsbac_kfree(k_new_pass);
06060 return -RSBAC_ENOMEM;
06061 }
06062 err = rsbac_get_user(k_old_pass, old_pass, RSBAC_MAXNAMELEN);
06063 if(err)
06064 {
06065 rsbac_kfree(k_old_pass);
06066 rsbac_kfree(k_new_pass);
06067 return err;
06068 }
06069 k_old_pass[RSBAC_MAXNAMELEN-1] = 0;
06070 err = rsbac_um_check_pass(uid, k_old_pass);
06071 rsbac_kfree(k_old_pass);
06072 if(err)
06073 {
06074 rsbac_kfree(k_new_pass);
06075 rsbac_printk(KERN_INFO "sys_rsbac_um_set_pass(): old password check failed\n");
06076 return err;
06077 }
06078 err = rsbac_um_good_pass(k_new_pass);
06079 if(err)
06080 {
06081 rsbac_kfree(k_new_pass);
06082 #ifdef CONFIG_RSBAC_DEBUG
06083 if (rsbac_debug_aef_um)
06084 {
06085 rsbac_printk(KERN_DEBUG
06086 "sys_rsbac_um_set_pass(): new password goodness check failed for user %u\n",
06087 uid);
06088 }
06089 #endif
06090 return err;
06091 }
06092 }
06093 else
06094 {
06095 #ifndef CONFIG_RSBAC_MAINT
06096
06097 union rsbac_target_id_t rsbac_target_id;
06098 union rsbac_attribute_value_t rsbac_attribute_value;
06099
06100 #ifdef CONFIG_RSBAC_FREEZE_UM
06101 if(rsbac_freeze)
06102 {
06103 rsbac_printk(KERN_WARNING
06104 "sys_rsbac_um_set_pass(): RSBAC configuration frozen, no administration allowed!\n");
06105 rsbac_kfree(k_new_pass);
06106 return -EPERM;
06107 }
06108 #endif
06109
06110 #ifdef CONFIG_RSBAC_DEBUG
06111 if (rsbac_debug_aef)
06112 {
06113 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass(): calling ADF\n");
06114 }
06115 #endif
06116 rsbac_target_id.user = uid;
06117 rsbac_attribute_value.dummy = 0;
06118 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
06119 current->pid,
06120 T_USER,
06121 rsbac_target_id,
06122 A_none,
06123 rsbac_attribute_value))
06124 {
06125 rsbac_kfree(k_new_pass);
06126 return -EPERM;
06127 }
06128 #endif
06129 }
06130
06131 err = rsbac_um_set_pass(uid, k_new_pass);
06132 rsbac_kfree(k_new_pass);
06133 return err;
06134 #else
06135 return (-RSBAC_EINVALIDMODULE);
06136 #endif
06137 }
06138
06139 int sys_rsbac_um_set_pass_name(char * name,
06140 char * old_pass,
06141 char * new_pass)
06142 {
06143 #if defined(CONFIG_RSBAC_UM)
06144 int err;
06145 rsbac_uid_t uid;
06146 char * k_name;
06147
06148 if(!name || !new_pass)
06149 return -RSBAC_EINVALIDPOINTER;
06150 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN);
06151 if(!k_name)
06152 return -RSBAC_ENOMEM;
06153 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06154 if(err)
06155 {
06156 rsbac_kfree(k_name);
06157 return err;
06158 }
06159 k_name[RSBAC_UM_NAME_LEN-1] = 0;
06160
06161 #ifdef CONFIG_RSBAC_DEBUG
06162 if (rsbac_debug_aef_um)
06163 {
06164 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): user %s\n",
06165 k_name);
06166 }
06167 #endif
06168 err = rsbac_um_get_uid(0, k_name, &uid);
06169 rsbac_kfree(k_name);
06170 if(err)
06171 {
06172 #ifdef CONFIG_RSBAC_DEBUG
06173 if (rsbac_debug_aef_um)
06174 {
06175 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): lookup of user %s failed\n",
06176 k_name);
06177 }
06178 #endif
06179 }
06180 else
06181 err = sys_rsbac_um_set_pass(uid, old_pass, new_pass);
06182
06183 return err;
06184 #else
06185 return (-RSBAC_EINVALIDMODULE);
06186 #endif
06187 }
06188
06189 int sys_rsbac_um_set_group_pass(rsbac_gid_t gid,
06190 char * new_pass)
06191 {
06192 #if defined(CONFIG_RSBAC_UM)
06193 int err;
06194 char * k_new_pass;
06195 #ifndef CONFIG_RSBAC_MAINT
06196 union rsbac_target_id_t rsbac_target_id;
06197 union rsbac_attribute_value_t rsbac_attribute_value;
06198 #endif
06199
06200 #ifdef CONFIG_RSBAC_FREEZE_UM
06201 if(rsbac_freeze)
06202 {
06203 rsbac_printk(KERN_WARNING
06204 "sys_rsbac_um_set_group_pass(): RSBAC configuration frozen, no administration allowed!\n");
06205 return -EPERM;
06206 }
06207 #endif
06208
06209 #ifndef CONFIG_RSBAC_MAINT
06210
06211 #ifdef CONFIG_RSBAC_DEBUG
06212 if (rsbac_debug_aef)
06213 {
06214 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_group_pass(): calling ADF\n");
06215 }
06216 #endif
06217 rsbac_target_id.group = gid;
06218 rsbac_attribute_value.dummy = 0;
06219 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
06220 current->pid,
06221 T_GROUP,
06222 rsbac_target_id,
06223 A_none,
06224 rsbac_attribute_value))
06225 {
06226 return -EPERM;
06227 }
06228 #endif
06229
06230 if(new_pass)
06231 {
06232 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06233 if(!k_new_pass)
06234 return -RSBAC_ENOMEM;
06235 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN);
06236 if(!err)
06237 {
06238 k_new_pass[RSBAC_MAXNAMELEN-1] = 0;
06239 err = rsbac_um_set_group_pass(gid, k_new_pass);
06240 }
06241 rsbac_kfree(k_new_pass);
06242 }
06243 else
06244 {
06245 err = rsbac_um_set_group_pass(gid, NULL);
06246 }
06247 return err;
06248 #else
06249 return (-RSBAC_EINVALIDMODULE);
06250 #endif
06251 }
06252
06253 int sys_rsbac_um_check_account(rsbac_uid_t uid)
06254 {
06255 #if defined(CONFIG_RSBAC_UM)
06256 #ifndef CONFIG_RSBAC_MAINT
06257 union rsbac_target_id_t rsbac_target_id;
06258 union rsbac_attribute_value_t rsbac_attribute_value;
06259 #endif
06260
06261
06262 #ifndef CONFIG_RSBAC_MAINT
06263 #ifdef CONFIG_RSBAC_DEBUG
06264 if (rsbac_debug_aef)
06265 {
06266 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n");
06267 }
06268 #endif
06269 rsbac_target_id.user = uid;
06270 rsbac_attribute_value.dummy = 0;
06271 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06272 current->pid,
06273 T_USER,
06274 rsbac_target_id,
06275 A_none,
06276 rsbac_attribute_value))
06277 {
06278 return -EPERM;
06279 }
06280 #endif
06281
06282 return rsbac_um_check_account(uid);
06283 #else
06284 return (-RSBAC_EINVALIDMODULE);
06285 #endif
06286 }
06287
06288 int sys_rsbac_um_check_account_name(char * name)
06289 {
06290 #if defined(CONFIG_RSBAC_UM)
06291 int err;
06292 rsbac_uid_t uid;
06293 char k_name[RSBAC_UM_NAME_LEN];
06294 #ifndef CONFIG_RSBAC_MAINT
06295 union rsbac_target_id_t rsbac_target_id;
06296 union rsbac_attribute_value_t rsbac_attribute_value;
06297 #endif
06298
06299 if(!name)
06300 return -RSBAC_EINVALIDPOINTER;
06301 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06302 if(err)
06303 return err;
06304 k_name[RSBAC_UM_NAME_LEN-1] = 0;
06305 #ifdef CONFIG_RSBAC_DEBUG
06306 if (rsbac_debug_aef_um)
06307 {
06308 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): checking user %s\n",
06309 k_name);
06310 }
06311 #endif
06312 err = rsbac_um_get_uid(0, k_name, &uid);
06313 if(err)
06314 {
06315 #ifdef CONFIG_RSBAC_DEBUG
06316 if (rsbac_debug_aef_um)
06317 {
06318 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): lookup of user %s failed\n",
06319 k_name);
06320 }
06321 #endif
06322 return err;
06323 }
06324
06325 #ifndef CONFIG_RSBAC_MAINT
06326 #ifdef CONFIG_RSBAC_DEBUG
06327 if (rsbac_debug_aef)
06328 {
06329 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n");
06330 }
06331 #endif
06332 rsbac_target_id.user = uid;
06333 rsbac_attribute_value.dummy = 0;
06334 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06335 current->pid,
06336 T_USER,
06337 rsbac_target_id,
06338 A_none,
06339 rsbac_attribute_value))
06340 {
06341 return -EPERM;
06342 }
06343 #endif
06344
06345 return rsbac_um_check_account(uid);
06346 #else
06347 return (-RSBAC_EINVALIDMODULE);
06348 #endif
06349 }
06350
06351
06352
06353
06354
06355
06356 int sys_rsbac_adf_log_switch(enum rsbac_adf_request_t request,
06357 enum rsbac_target_t target,
06358 u_int value)
06359 {
06360 union rsbac_target_id_t rsbac_target_id;
06361 union rsbac_attribute_value_t rsbac_attribute_value;
06362
06363 if ((value != LL_none) && (value != LL_denied) && (value != LL_full))
06364 return (-RSBAC_EINVALIDVALUE);
06365 if(request >= R_NONE)
06366 return(-RSBAC_EINVALIDREQUEST);
06367 if( (target == T_FD)
06368 || (target > T_NONE)
06369 )
06370 return(-RSBAC_EINVALIDTARGET);
06371
06372 #ifdef CONFIG_RSBAC_FREEZE
06373 if(rsbac_freeze)
06374 {
06375 rsbac_printk(KERN_WARNING
06376 "sys_rsbac_adf_log_switch(): RSBAC configuration frozen, no administration allowed!\n");
06377 return -EPERM;
06378 }
06379 #endif
06380
06381
06382 #ifdef CONFIG_RSBAC_DEBUG
06383 if (rsbac_debug_aef)
06384 rsbac_printk(KERN_DEBUG "sys_rsbac_adf_log_switch(): calling ADF\n");
06385 #endif
06386 rsbac_target_id.dummy = 0;
06387 rsbac_attribute_value.request = target;
06388 if (!rsbac_adf_request(R_SWITCH_LOG,
06389 current->pid,
06390 T_NONE,
06391 rsbac_target_id,
06392 A_request,
06393 rsbac_attribute_value))
06394 {
06395 return -EPERM;
06396 }
06397 #ifdef CONFIG_RSBAC_DEBUG
06398 if (rsbac_debug_aef)
06399 {
06400 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06401 if(request_name)
06402 {
06403 get_request_name(request_name,target);
06404 rsbac_printk(KERN_INFO "sys_rsbac_adf_log_switch(): switching RSBAC module logging for request %s (No. %i) to %i!\n",
06405 request_name, target, value);
06406 rsbac_kfree(request_name);
06407 }
06408 }
06409 #endif
06410 rsbac_adf_log_switch(request,target,value);
06411 return(0);
06412 }
06413
06414 int sys_rsbac_get_adf_log(enum rsbac_adf_request_t request,
06415 enum rsbac_target_t target,
06416 u_int * value_p)
06417 {
06418 union rsbac_target_id_t rsbac_target_id;
06419 union rsbac_attribute_value_t rsbac_attribute_value;
06420 u_int k_value;
06421 int err;
06422
06423 if(request >= R_NONE)
06424 return(-RSBAC_EINVALIDREQUEST);
06425 if( (target == T_FD)
06426 || (target > T_NONE)
06427 )
06428 return(-RSBAC_EINVALIDTARGET);
06429 if(!value_p)
06430 return(-RSBAC_EINVALIDPOINTER);
06431
06432 #ifdef CONFIG_RSBAC_DEBUG
06433 if (rsbac_debug_aef)
06434 rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): calling ADF\n");
06435 #endif
06436 rsbac_target_id.scd = ST_rsbac;
06437 rsbac_attribute_value.request = request;
06438 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06439 current->pid,
06440 T_SCD,
06441 rsbac_target_id,
06442 A_request,
06443 rsbac_attribute_value))
06444 {
06445 return -EPERM;
06446 }
06447 #ifdef CONFIG_RSBAC_DEBUG
06448 if (rsbac_debug_aef)
06449 {
06450 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06451 if(request_name)
06452 {
06453 get_request_name(request_name,target);
06454 rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): getting RSBAC module logging for request %s (No. %i)!\n",
06455 request_name, target);
06456 rsbac_kfree(request_name);
06457 }
06458 }
06459 #endif
06460 err = rsbac_get_adf_log(request, target, &k_value);
06461 if(!err)
06462 {
06463 rsbac_put_user((u_char *) &k_value,
06464 (u_char *) value_p,
06465 sizeof(k_value) );
06466 }
06467 return(err);
06468 }
06469
06470
06471
06472
06473
06474
06475
06476
06477
06478
06479
06480 int sys_rsbac_log(int type,
06481 char * buf,
06482 int len)
06483 {
06484 #if defined(CONFIG_RSBAC_RMSG)
06485
06486 return(rsbac_log(type,buf,len));
06487 #else
06488 return(0);
06489 #endif
06490 }
06491
06492 #if defined(CONFIG_RSBAC_INIT_DELAY)
06493 int sys_rsbac_init(char * path)
06494 {
06495 struct dentry * t_dentry = NULL;
06496 rsbac_boolean_t need_put = FALSE;
06497 int err = 0;
06498
06499 struct nameidata nd;
06500
06501 if(!path)
06502 return rsbac_init(ROOT_DEV);
06503
06504 if ((err = user_path_walk_link(path, &nd)))
06505 {
06506 goto out;
06507 }
06508 t_dentry = nd.dentry;
06509 need_put = TRUE;
06510 if (!t_dentry->d_inode)
06511 {
06512 err = -RSBAC_EINVALIDTARGET;
06513 goto out_dput;
06514 }
06515
06516 if(!S_ISBLK(t_dentry->d_inode->i_mode))
06517 {
06518 err = -RSBAC_EINVALIDTARGET;
06519 goto out_dput;
06520 }
06521 err = rsbac_init(t_dentry->d_sb->s_dev);
06522
06523 out_dput:
06524 if(need_put)
06525 path_release(&nd);
06526 out:
06527 return(err);
06528 }
06529 #endif
06530
06531 #ifdef CONFIG_RSBAC_LIST_TRANS
06532 int sys_rsbac_list_ta_begin(
06533 rsbac_time_t ttl,
06534 rsbac_list_ta_number_t * ta_number_p,
06535 rsbac_uid_t commit_uid,
06536 char * password)
06537 {
06538 int err;
06539 rsbac_list_ta_number_t k_ta_number;
06540 char * k_password = NULL;
06541
06542 if(password)
06543 {
06544 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
06545 if(!k_password)
06546 return -ENOMEM;
06547 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
06548 if(err)
06549 {
06550 rsbac_kfree(k_password);
06551 return err;
06552 }
06553 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
06554 }
06555 err = rsbac_list_ta_begin(ttl, &k_ta_number, commit_uid, k_password);
06556 if(!err)
06557 err = rsbac_put_user((u_char *) &k_ta_number,
06558 (u_char *) ta_number_p,
06559 sizeof(k_ta_number) );
06560 if(k_password)
06561 rsbac_kfree(k_password);
06562 return err;
06563 }
06564
06565 int sys_rsbac_list_ta_refresh(
06566 rsbac_time_t ttl,
06567 rsbac_list_ta_number_t ta_number,
06568 char * password)
06569 {
06570 int err;
06571 char * k_password;
06572
06573 if(password)
06574 {
06575 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
06576 if(!k_password)
06577 return -ENOMEM;
06578 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
06579 if(err)
06580 {
06581 rsbac_kfree(k_password);
06582 return err;
06583 }
06584 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
06585 }
06586 else
06587 k_password = NULL;
06588 err = rsbac_list_ta_refresh(ttl, ta_number, k_password);
06589 if(k_password)
06590 rsbac_kfree(k_password);
06591 return err;
06592 }
06593
06594 int sys_rsbac_list_ta_commit(
06595 rsbac_list_ta_number_t ta_number,
06596 char * password)
06597 {
06598 int err;
06599 char * k_password;
06600
06601 if(password)
06602 {
06603 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
06604 if(!k_password)
06605 return -ENOMEM;
06606 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
06607 if(err)
06608 {
06609 rsbac_kfree(k_password);
06610 return err;
06611 }
06612 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
06613 }
06614 else
06615 k_password = NULL;
06616 err = rsbac_list_ta_commit(ta_number, k_password);
06617 if(k_password)
06618 rsbac_kfree(k_password);
06619 return err;
06620 }
06621
06622 int sys_rsbac_list_ta_forget(
06623 rsbac_list_ta_number_t ta_number,
06624 char * password)
06625 {
06626 int err;
06627 char * k_password;
06628
06629 if(password)
06630 {
06631 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
06632 if(!k_password)
06633 return -ENOMEM;
06634 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
06635 if(err)
06636 {
06637 rsbac_kfree(k_password);
06638 return err;
06639 }
06640 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
06641 }
06642 else
06643 k_password = NULL;
06644 err = rsbac_list_ta_forget(ta_number, k_password);
06645 if(k_password)
06646 rsbac_kfree(k_password);
06647 return err;
06648 }
06649 #endif
06650
06651
06652 #ifdef rsbac_syscall4
06653 asmlinkage int sys_rsbac(int dummy,
06654 rsbac_version_t version,
06655 enum rsbac_syscall_t call,
06656 union rsbac_syscall_arg_t * arg_p)
06657 #else
06658 asmlinkage int sys_rsbac(rsbac_version_t version,
06659 enum rsbac_syscall_t call,
06660 union rsbac_syscall_arg_t * arg_p)
06661 #endif
06662 {
06663 union rsbac_syscall_arg_t k_arg;
06664 int err;
06665
06666 if(version != RSBAC_VERSION_NR)
06667 return -RSBAC_EINVALIDVERSION;
06668
06669 if(call >= RSYS_none)
06670 return -RSBAC_EINVALIDREQUEST;
06671
06672
06673 if(arg_p)
06674 {
06675 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) );
06676 if(err)
06677 return err;
06678 }
06679 else
06680 {
06681 memset(&k_arg, 0, sizeof(k_arg));
06682 }
06683
06684 switch(call)
06685 {
06686 case RSYS_stats:
06687 return sys_rsbac_stats();
06688 case RSYS_check:
06689 return sys_rsbac_check(k_arg.check.correct, k_arg.check.check_inode);
06690 case RSYS_get_attr:
06691 return sys_rsbac_get_attr(k_arg.get_attr.ta_number,
06692 k_arg.get_attr.module,
06693 k_arg.get_attr.target,
06694 k_arg.get_attr.tid,
06695 k_arg.get_attr.attr,
06696 k_arg.get_attr.value,
06697 k_arg.get_attr.inherit);
06698 case RSYS_get_attr_n:
06699 return sys_rsbac_get_attr_n(k_arg.get_attr_n.ta_number,
06700 k_arg.get_attr_n.module,
06701 k_arg.get_attr_n.target,
06702 k_arg.get_attr_n.t_name,
06703 k_arg.get_attr_n.attr,
06704 k_arg.get_attr_n.value,
06705 k_arg.get_attr_n.inherit);
06706 case RSYS_set_attr:
06707 return sys_rsbac_set_attr(k_arg.set_attr.ta_number,
06708 k_arg.set_attr.module,
06709 k_arg.set_attr.target,
06710 k_arg.set_attr.tid,
06711 k_arg.set_attr.attr,
06712 k_arg.set_attr.value);
06713 case RSYS_set_attr_n:
06714 return sys_rsbac_set_attr_n(k_arg.set_attr_n.ta_number,
06715 k_arg.set_attr_n.module,
06716 k_arg.set_attr_n.target,
06717 k_arg.set_attr_n.t_name,
06718 k_arg.set_attr_n.attr,
06719 k_arg.set_attr_n.value);
06720 case RSYS_remove_target:
06721 return sys_rsbac_remove_target(k_arg.remove_target.ta_number,
06722 k_arg.remove_target.target,
06723 k_arg.remove_target.tid);
06724 case RSYS_remove_target_n:
06725 return sys_rsbac_remove_target_n(k_arg.remove_target_n.ta_number,
06726 k_arg.remove_target_n.target,
06727 k_arg.remove_target_n.t_name);
06728 case RSYS_net_list_all_netdev:
06729 return sys_rsbac_net_list_all_netdev(k_arg.net_list_all_netdev.ta_number,
06730 k_arg.net_list_all_netdev.id_p,
06731 k_arg.net_list_all_netdev.maxnum);
06732 case RSYS_net_template:
06733 return sys_rsbac_net_template(k_arg.net_template.ta_number,
06734 k_arg.net_template.call,
06735 k_arg.net_template.id,
06736 k_arg.net_template.data_p);
06737 case RSYS_net_list_all_template:
06738 return sys_rsbac_net_list_all_template(k_arg.net_list_all_template.ta_number,
06739 k_arg.net_list_all_template.id_p,
06740 k_arg.net_list_all_template.maxnum);
06741 case RSYS_switch:
06742 return sys_rsbac_switch(k_arg.switch_module.target,
06743 k_arg.switch_module.value);
06744 case RSYS_adf_log_switch:
06745 return sys_rsbac_adf_log_switch(k_arg.adf_log_switch.request,
06746 k_arg.adf_log_switch.target,
06747 k_arg.adf_log_switch.value);
06748 case RSYS_get_adf_log:
06749 return sys_rsbac_get_adf_log(k_arg.get_adf_log.request,
06750 k_arg.get_adf_log.target,
06751 k_arg.get_adf_log.value_p);
06752 case RSYS_write:
06753 return sys_rsbac_write();
06754 case RSYS_log:
06755 return sys_rsbac_log(k_arg.log.type,
06756 k_arg.log.buf,
06757 k_arg.log.len);
06758 case RSYS_mac_set_curr_level:
06759 return sys_rsbac_mac_set_curr_level(k_arg.mac_set_curr_level.level,
06760 k_arg.mac_set_curr_level.categories_p);
06761 case RSYS_mac_get_curr_level:
06762 return sys_rsbac_mac_get_curr_level(k_arg.mac_get_curr_level.level_p,
06763 k_arg.mac_get_curr_level.categories_p);
06764 case RSYS_mac_get_max_level:
06765 return sys_rsbac_mac_get_max_level(k_arg.mac_get_max_level.level_p,
06766 k_arg.mac_get_max_level.categories_p);
06767 case RSYS_mac_get_min_level:
06768 return sys_rsbac_mac_get_min_level(k_arg.mac_get_min_level.level_p,
06769 k_arg.mac_get_min_level.categories_p);
06770 case RSYS_mac_add_p_tru:
06771 return sys_rsbac_mac_add_p_tru(k_arg.mac_add_p_tru.ta_number,
06772 k_arg.mac_add_p_tru.pid,
06773 k_arg.mac_add_p_tru.uid,
06774 k_arg.mac_add_p_tru.ttl);
06775 case RSYS_mac_remove_p_tru:
06776 return sys_rsbac_mac_remove_p_tru(k_arg.mac_remove_p_tru.ta_number,
06777 k_arg.mac_remove_p_tru.pid,
06778 k_arg.mac_add_p_tru.uid);
06779 case RSYS_mac_add_f_tru:
06780 return sys_rsbac_mac_add_f_tru(k_arg.mac_add_f_tru.ta_number,
06781 k_arg.mac_add_f_tru.filename,
06782 k_arg.mac_add_p_tru.uid,
06783 k_arg.mac_add_f_tru.ttl);
06784 case RSYS_mac_remove_f_tru:
06785 return sys_rsbac_mac_remove_f_tru(k_arg.mac_remove_f_tru.ta_number,
06786 k_arg.mac_remove_f_tru.filename,
06787 k_arg.mac_remove_f_tru.uid);
06788 case RSYS_mac_get_f_trulist:
06789 return sys_rsbac_mac_get_f_trulist(k_arg.mac_get_f_trulist.ta_number,
06790 k_arg.mac_get_f_trulist.filename,
06791 k_arg.mac_get_f_trulist.trulist,
06792 k_arg.mac_get_f_trulist.ttllist,
06793 k_arg.mac_get_f_trulist.maxnum);
06794 case RSYS_mac_get_p_trulist:
06795 return sys_rsbac_mac_get_p_trulist(k_arg.mac_get_p_trulist.ta_number,
06796 k_arg.mac_get_p_trulist.pid,
06797 k_arg.mac_get_p_trulist.trulist,
06798 k_arg.mac_get_p_trulist.ttllist,
06799 k_arg.mac_get_p_trulist.maxnum);
06800 case RSYS_stats_pm:
06801 return sys_rsbac_stats_pm();
06802 case RSYS_pm:
06803 return sys_rsbac_pm(k_arg.pm.ta_number,
06804 k_arg.pm.function,
06805 k_arg.pm.param_p,
06806 k_arg.pm.ticket);
06807 case RSYS_pm_change_current_task:
06808 return sys_rsbac_pm_change_current_task(k_arg.pm_change_current_task.task);
06809 case RSYS_pm_create_file:
06810 return sys_rsbac_pm_create_file(k_arg.pm_create_file.filename,
06811 k_arg.pm_create_file.mode,
06812 k_arg.pm_create_file.object_class);
06813 case RSYS_daz_flush_cache:
06814 return sys_rsbac_daz_flush_cache();
06815 case RSYS_rc_copy_role:
06816 return sys_rsbac_rc_copy_role(k_arg.rc_copy_role.ta_number,
06817 k_arg.rc_copy_role.from_role,
06818 k_arg.rc_copy_role.to_role);
06819 case RSYS_rc_copy_type:
06820 return sys_rsbac_rc_copy_type(k_arg.rc_copy_type.ta_number,
06821 k_arg.rc_copy_type.target,
06822 k_arg.rc_copy_type.from_type,
06823 k_arg.rc_copy_type.to_type);
06824 case RSYS_rc_get_item:
06825 return sys_rsbac_rc_get_item(k_arg.rc_get_item.ta_number,
06826 k_arg.rc_get_item.target,
06827 k_arg.rc_get_item.tid_p,
06828 k_arg.rc_get_item.subtid_p,
06829 k_arg.rc_get_item.item,
06830 k_arg.rc_get_item.value_p,
06831 k_arg.rc_get_item.ttl_p);
06832 case RSYS_rc_set_item:
06833 return sys_rsbac_rc_set_item(k_arg.rc_set_item.ta_number,
06834 k_arg.rc_set_item.target,
06835 k_arg.rc_set_item.tid_p,
06836 k_arg.rc_set_item.subtid_p,
06837 k_arg.rc_set_item.item,
06838 k_arg.rc_set_item.value_p,
06839 k_arg.rc_set_item.ttl);
06840 case RSYS_rc_change_role:
06841 return sys_rsbac_rc_change_role(k_arg.rc_change_role.role);
06842 case RSYS_rc_get_eff_rights_n:
06843 return sys_rsbac_rc_get_eff_rights_n(k_arg.rc_get_eff_rights_n.ta_number,
06844 k_arg.rc_get_eff_rights_n.target,
06845 k_arg.rc_get_eff_rights_n.t_name,
06846 k_arg.rc_get_eff_rights_n.request_vector_p,
06847 k_arg.rc_get_eff_rights_n.ttl_p);
06848 case RSYS_rc_get_list:
06849 return sys_rsbac_rc_get_list(k_arg.rc_get_list.ta_number,
06850 k_arg.rc_get_list.target,
06851 k_arg.rc_get_list.tid_p,
06852 k_arg.rc_get_list.item,
06853 k_arg.rc_get_list.maxnum,
06854 k_arg.rc_get_list.array_p,
06855 k_arg.rc_get_list.ttl_array_p);
06856 case RSYS_rc_get_current_role:
06857 return sys_rsbac_rc_get_current_role(k_arg.rc_get_current_role.role_p);
06858 case RSYS_auth_add_p_cap:
06859 return sys_rsbac_auth_add_p_cap(k_arg.auth_add_p_cap.ta_number,
06860 k_arg.auth_add_p_cap.pid,
06861 k_arg.auth_add_p_cap.cap_type,
06862 k_arg.auth_add_p_cap.cap_range,
06863 k_arg.auth_add_p_cap.ttl);
06864 case RSYS_auth_remove_p_cap:
06865 return sys_rsbac_auth_remove_p_cap(k_arg.auth_remove_p_cap.ta_number,
06866 k_arg.auth_remove_p_cap.pid,
06867 k_arg.auth_remove_p_cap.cap_type,
06868 k_arg.auth_remove_p_cap.cap_range);
06869 case RSYS_auth_add_f_cap:
06870 return sys_rsbac_auth_add_f_cap(k_arg.auth_add_f_cap.ta_number,
06871 k_arg.auth_add_f_cap.filename,
06872 k_arg.auth_add_f_cap.cap_type,
06873 k_arg.auth_add_f_cap.cap_range,
06874 k_arg.auth_add_f_cap.ttl);
06875 case RSYS_auth_remove_f_cap:
06876 return sys_rsbac_auth_remove_f_cap(k_arg.auth_remove_f_cap.ta_number,
06877 k_arg.auth_remove_f_cap.filename,
06878 k_arg.auth_remove_f_cap.cap_type,
06879 k_arg.auth_remove_f_cap.cap_range);
06880 case RSYS_auth_get_f_caplist:
06881 return sys_rsbac_auth_get_f_caplist(k_arg.auth_get_f_caplist.ta_number,
06882 k_arg.auth_get_f_caplist.filename,
06883 k_arg.auth_get_f_caplist.cap_type,
06884 k_arg.auth_get_f_caplist.caplist,
06885 k_arg.auth_get_f_caplist.ttllist,
06886 k_arg.auth_get_f_caplist.maxnum);
06887 case RSYS_auth_get_p_caplist:
06888 return sys_rsbac_auth_get_p_caplist(k_arg.auth_get_p_caplist.ta_number,
06889 k_arg.auth_get_p_caplist.pid,
06890 k_arg.auth_get_p_caplist.cap_type,
06891 k_arg.auth_get_p_caplist.caplist,
06892 k_arg.auth_get_p_caplist.ttllist,
06893 k_arg.auth_get_p_caplist.maxnum);
06894 case RSYS_acl:
06895 return sys_rsbac_acl(k_arg.acl.ta_number,
06896 k_arg.acl.call,
06897 k_arg.acl.arg);
06898 case RSYS_acl_n:
06899 return sys_rsbac_acl_n(k_arg.acl_n.ta_number,
06900 k_arg.acl_n.call,
06901 k_arg.acl_n.arg);
06902 case RSYS_acl_get_rights:
06903 return sys_rsbac_acl_get_rights(k_arg.acl_get_rights.ta_number,
06904 k_arg.acl_get_rights.arg,
06905 k_arg.acl_get_rights.rights_p,
06906 k_arg.acl_get_rights.effective);
06907 case RSYS_acl_get_rights_n:
06908 return sys_rsbac_acl_get_rights_n(k_arg.acl_get_rights_n.ta_number,
06909 k_arg.acl_get_rights_n.arg,
06910 k_arg.acl_get_rights_n.rights_p,
06911 k_arg.acl_get_rights_n.effective);
06912 case RSYS_acl_get_tlist:
06913 return sys_rsbac_acl_get_tlist(k_arg.acl_get_tlist.ta_number,
06914 k_arg.acl_get_tlist.target,
06915 k_arg.acl_get_tlist.tid,
06916 k_arg.acl_get_tlist.entry_array,
06917 k_arg.acl_get_tlist.ttl_array,
06918 k_arg.acl_get_tlist.maxnum);
06919 case RSYS_acl_get_tlist_n:
06920 return sys_rsbac_acl_get_tlist_n(k_arg.acl_get_tlist_n.ta_number,
06921 k_arg.acl_get_tlist_n.target,
06922 k_arg.acl_get_tlist_n.t_name,
06923 k_arg.acl_get_tlist_n.entry_array,
06924 k_arg.acl_get_tlist_n.ttl_array,
06925 k_arg.acl_get_tlist_n.maxnum);
06926 case RSYS_acl_get_mask:
06927 return sys_rsbac_acl_get_mask(k_arg.acl_get_mask.ta_number,
06928 k_arg.acl_get_mask.target,
06929 k_arg.acl_get_mask.tid,
06930 k_arg.acl_get_mask.mask_p);
06931 case RSYS_acl_get_mask_n:
06932 return sys_rsbac_acl_get_mask_n(k_arg.acl_get_mask_n.ta_number,
06933 k_arg.acl_get_mask_n.target,
06934 k_arg.acl_get_mask_n.t_name,
06935 k_arg.acl_get_mask_n.mask_p);
06936 case RSYS_acl_group:
06937 return sys_rsbac_acl_group(k_arg.acl_group.ta_number,
06938 k_arg.acl_group.call,
06939 k_arg.acl_group.arg_p);
06940 case RSYS_acl_list_all_dev:
06941 return sys_rsbac_acl_list_all_dev(k_arg.acl_list_all_dev.ta_number,
06942 k_arg.acl_list_all_dev.id_p,
06943 k_arg.acl_list_all_dev.maxnum);
06944 case RSYS_acl_list_all_user:
06945 return sys_rsbac_acl_list_all_user(k_arg.acl_list_all_user.ta_number,
06946 k_arg.acl_list_all_user.id_p,
06947 k_arg.acl_list_all_user.maxnum);
06948 case RSYS_acl_list_all_group:
06949 return sys_rsbac_acl_list_all_group(k_arg.acl_list_all_group.ta_number,
06950 k_arg.acl_list_all_group.id_p,
06951 k_arg.acl_list_all_group.maxnum);
06952
06953 case RSYS_reg:
06954 return sys_rsbac_reg(k_arg.reg.handle,
06955 k_arg.reg.arg);
06956 case RSYS_jail:
06957 #ifdef CONFIG_RSBAC_JAIL
06958 return rsbac_jail_sys_jail(k_arg.jail.version,
06959 k_arg.jail.path,
06960 k_arg.jail.ip,
06961 k_arg.jail.flags,
06962 k_arg.jail.max_caps,
06963 k_arg.jail.scd_get,
06964 k_arg.jail.scd_modify);
06965 #else
06966 return -RSBAC_EINVALIDMODULE;
06967 #endif
06968
06969 #if defined(CONFIG_RSBAC_INIT_DELAY)
06970 case RSYS_init:
06971 return sys_rsbac_init(k_arg.init.root_dev);
06972 #endif
06973
06974 case RSYS_um_auth_name:
06975 return sys_rsbac_um_auth_name(k_arg.um_auth_name.name,
06976 k_arg.um_auth_name.pass);
06977 case RSYS_um_auth_uid:
06978 return sys_rsbac_um_auth_uid(k_arg.um_auth_uid.uid,
06979 k_arg.um_auth_uid.pass);
06980 case RSYS_um_add_user:
06981 return sys_rsbac_um_add_user(k_arg.um_add_user.ta_number,
06982 k_arg.um_add_user.uid,
06983 k_arg.um_add_user.entry_p,
06984 k_arg.um_add_user.pass,
06985 k_arg.um_add_user.ttl);
06986 case RSYS_um_add_group:
06987 return sys_rsbac_um_add_group(k_arg.um_add_group.ta_number,
06988 k_arg.um_add_group.gid,
06989 k_arg.um_add_group.entry_p,
06990 k_arg.um_add_group.pass,
06991 k_arg.um_add_group.ttl);
06992 case RSYS_um_add_gm:
06993 return sys_rsbac_um_add_gm(k_arg.um_add_gm.ta_number,
06994 k_arg.um_add_gm.uid,
06995 k_arg.um_add_gm.gid,
06996 k_arg.um_add_gm.ttl);
06997 case RSYS_um_mod_user:
06998 return sys_rsbac_um_mod_user(k_arg.um_mod_user.ta_number,
06999 k_arg.um_mod_user.uid,
07000 k_arg.um_mod_user.mod,
07001 k_arg.um_mod_user.data_p);
07002 case RSYS_um_mod_group:
07003 return sys_rsbac_um_mod_group(k_arg.um_mod_group.ta_number,
07004 k_arg.um_mod_group.gid,
07005 k_arg.um_mod_group.mod,
07006 k_arg.um_mod_group.data_p);
07007 case RSYS_um_get_user_item:
07008 return sys_rsbac_um_get_user_item(k_arg.um_get_user_item.ta_number,
07009 k_arg.um_get_user_item.uid,
07010 k_arg.um_get_user_item.mod,
07011 k_arg.um_get_user_item.data_p);
07012 case RSYS_um_get_group_item:
07013 return sys_rsbac_um_get_group_item(k_arg.um_get_group_item.ta_number,
07014 k_arg.um_get_group_item.gid,
07015 k_arg.um_get_group_item.mod,
07016 k_arg.um_get_group_item.data_p);
07017 case RSYS_um_remove_user:
07018 return sys_rsbac_um_remove_user(k_arg.um_remove_user.ta_number,
07019 k_arg.um_remove_user.uid);
07020 case RSYS_um_remove_group:
07021 return sys_rsbac_um_remove_group(k_arg.um_remove_group.ta_number,
07022 k_arg.um_remove_group.gid);
07023 case RSYS_um_remove_gm:
07024 return sys_rsbac_um_remove_gm(k_arg.um_remove_gm.ta_number,
07025 k_arg.um_remove_gm.uid,
07026 k_arg.um_remove_gm.gid);
07027 case RSYS_um_user_exists:
07028 return sys_rsbac_um_user_exists(k_arg.um_user_exists.ta_number,
07029 k_arg.um_user_exists.uid);
07030 case RSYS_um_get_next_user:
07031 return sys_rsbac_um_get_next_user(k_arg.um_get_next_user.ta_number,
07032 k_arg.um_get_next_user.old_user,
07033 k_arg.um_get_next_user.next_user_p);
07034 case RSYS_um_get_user_list:
07035 return sys_rsbac_um_get_user_list(k_arg.um_get_user_list.ta_number,
07036 k_arg.um_get_user_list.user_array,
07037 k_arg.um_get_user_list.maxnum);
07038 case RSYS_um_get_gm_list:
07039 return sys_rsbac_um_get_gm_list(k_arg.um_get_gm_list.ta_number,
07040 k_arg.um_get_gm_list.user,
07041 k_arg.um_get_gm_list.group_array,
07042 k_arg.um_get_gm_list.maxnum);
07043 case RSYS_um_get_gm_user_list:
07044 return sys_rsbac_um_get_gm_user_list(k_arg.um_get_gm_user_list.ta_number,
07045 k_arg.um_get_gm_user_list.group,
07046 k_arg.um_get_gm_user_list.user_array,
07047 k_arg.um_get_gm_user_list.maxnum);
07048 case RSYS_um_get_group_list:
07049 return sys_rsbac_um_get_group_list(k_arg.um_get_group_list.ta_number,
07050 k_arg.um_get_group_list.group_array,
07051 k_arg.um_get_group_list.maxnum);
07052 case RSYS_um_get_uid:
07053 return sys_rsbac_um_get_uid(k_arg.um_get_uid.ta_number,
07054 k_arg.um_get_uid.name,
07055 k_arg.um_get_uid.uid_p);
07056 case RSYS_um_get_gid:
07057 return sys_rsbac_um_get_gid(k_arg.um_get_gid.ta_number,
07058 k_arg.um_get_gid.name,
07059 k_arg.um_get_gid.gid_p);
07060 case RSYS_um_set_pass:
07061 return sys_rsbac_um_set_pass(k_arg.um_set_pass.uid,
07062 k_arg.um_set_pass.old_pass,
07063 k_arg.um_set_pass.new_pass);
07064 case RSYS_um_set_pass_name:
07065 return sys_rsbac_um_set_pass_name(k_arg.um_set_pass_name.name,
07066 k_arg.um_set_pass_name.old_pass,
07067 k_arg.um_set_pass_name.new_pass);
07068 case RSYS_um_set_group_pass:
07069 return sys_rsbac_um_set_group_pass(k_arg.um_set_group_pass.gid,
07070 k_arg.um_set_group_pass.new_pass);
07071 case RSYS_um_check_account:
07072 return sys_rsbac_um_check_account(k_arg.um_check_account.uid);
07073 case RSYS_um_check_account_name:
07074 return sys_rsbac_um_check_account_name(k_arg.um_check_account_name.name);
07075
07076 #ifdef CONFIG_RSBAC_LIST_TRANS
07077 case RSYS_list_ta_begin:
07078 return sys_rsbac_list_ta_begin(k_arg.list_ta_begin.ttl,
07079 k_arg.list_ta_begin.ta_number_p,
07080 k_arg.list_ta_begin.commit_uid,
07081 k_arg.list_ta_begin.password);
07082 case RSYS_list_ta_refresh:
07083 return sys_rsbac_list_ta_refresh(k_arg.list_ta_refresh.ttl,
07084 k_arg.list_ta_refresh.ta_number,
07085 k_arg.list_ta_refresh.password);
07086 case RSYS_list_ta_commit:
07087 return sys_rsbac_list_ta_commit(k_arg.list_ta_commit.ta_number,
07088 k_arg.list_ta_commit.password);
07089 case RSYS_list_ta_forget:
07090 return sys_rsbac_list_ta_forget(k_arg.list_ta_forget.ta_number,
07091 k_arg.list_ta_forget.password);
07092 #endif
07093
07094 case RSYS_list_all_dev:
07095 return sys_rsbac_list_all_dev(k_arg.list_all_dev.ta_number,
07096 k_arg.list_all_dev.id_p,
07097 k_arg.list_all_dev.maxnum);
07098 case RSYS_list_all_user:
07099 return sys_rsbac_list_all_user(k_arg.list_all_user.ta_number,
07100 k_arg.list_all_user.id_p,
07101 k_arg.list_all_user.maxnum);
07102 case RSYS_list_all_group:
07103 return sys_rsbac_list_all_group(k_arg.list_all_group.ta_number,
07104 k_arg.list_all_group.id_p,
07105 k_arg.list_all_group.maxnum);
07106
07107 default:
07108 return -RSBAC_EINVALIDREQUEST;
07109 }
07110 }
07111
07112
07113
