RSBAC: /linux-2.6.16-rsbac-1.2.6/rsbac/help/debug.c Source File

00001 /************************************ */
00002 /* Rule Set Based Access Control      */
00003 /*                                    */
00004 /* Author and (c) 1999-2005:          */
00005 /*   Amon Ott <ao@rsbac.org>          */
00006 /*                                    */
00007 /* Debug and logging functions for all parts */
00008 /*                                    */
00009 /* Last modified: 09/Sep/2005         */
00010 /************************************ */
00011  
00012 #include <asm/uaccess.h>
00013 #include <rsbac/types.h>
00014 #include <rsbac/aci.h>
00015 #include <rsbac/aci_data_structures.h>
00016 #include <rsbac/debug.h>
00017 #include <rsbac/error.h>
00018 #include <rsbac/proc_fs.h>
00019 #include <rsbac/getname.h>
00020 #include <rsbac/net_getname.h>
00021 #include <rsbac/adf.h>
00022 #include <rsbac/rkmem.h>
00023 #if defined(CONFIG_RSBAC_DAZ)
00024 #include <rsbac/daz.h>
00025 #endif
00026 #include <linux/smp_lock.h>
00027 #include <linux/init.h>
00028 #include <linux/config.h>
00029 #include <linux/module.h>
00030 #include <linux/console.h>
00031 #include <linux/net.h>
00032 #include <linux/in.h>
00033 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00034 #include <linux/moduleparam.h>
00035 #include <linux/syscalls.h>
00036 #endif
00037 
00038 /* Boolean debug switch for NO_WRITE (global) */
00039 int  rsbac_debug_no_write = 0;
00040 
00041 static rsbac_boolean_t debug_initialized = FALSE;
00042 
00043 #ifdef CONFIG_RSBAC_DEBUG
00044 /* Boolean debug switch for data structures */
00045 int  rsbac_debug_ds = 0;
00046 
00047 /* Boolean debug switch for writing of data structures */
00048 int  rsbac_debug_write = 0;
00049 
00050 /* Boolean debug switch for AEF */
00051 EXPORT_SYMBOL(rsbac_debug_aef);
00052 int  rsbac_debug_aef = 0;
00053 
00054 /* Boolean debug switch for stack debugging */
00055 int  rsbac_debug_stack = 0;
00056 
00057 /* Boolean debug switch for generic lists */
00058 int  rsbac_debug_lists = 0;
00059 
00060 #ifdef CONFIG_RSBAC_NET
00061 int rsbac_debug_ds_net = 0;
00062 int rsbac_debug_adf_net = 0;
00063 int rsbac_debug_aef_net = 0;
00064 #endif
00065 
00066 #if defined(CONFIG_RSBAC_MAC)
00067 /* Boolean debug switch for MAC data structures */
00068 int  rsbac_debug_ds_mac = 0;
00069 /* Boolean debug switch for MAC syscalls / AEF */
00070 int  rsbac_debug_aef_mac = 0;
00071 /* Boolean debug switch for MAC decisions / ADF */
00072 int  rsbac_debug_adf_mac = 0;
00073 #endif
00074 
00075 #if defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_PM_MAINT)
00076 /* Boolean debug switch for PM data structures */
00077 int  rsbac_debug_ds_pm = 0;
00078 /* Boolean debug switch for PM syscalls / AEF */
00079 int  rsbac_debug_aef_pm = 0;
00080 /* Boolean debug switch for PM decisions / ADF */
00081 int  rsbac_debug_adf_pm = 0;
00082 #endif
00083 
00084 #if defined(CONFIG_RSBAC_DAZ)
00085 /* Boolean debug switch for DAZ decisions / ADF */
00086 int  rsbac_debug_adf_daz = 0;
00087 #endif
00088 
00089 #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
00090 /* Boolean debug switch for RC data structures */
00091 int  rsbac_debug_ds_rc = 0;
00092 /* Boolean debug switch for RC syscalls / AEF */
00093 int  rsbac_debug_aef_rc = 0;
00094 /* Boolean debug switch for RC decisions / ADF */
00095 int  rsbac_debug_adf_rc = 0;
00096 #endif
00097 
00098 #if defined(CONFIG_RSBAC_AUTH) || defined(CONFIG_RSBAC_AUTH_MAINT)
00099 /* Boolean debug switch for AUTH data structures */
00100 int  rsbac_debug_ds_auth = 0;
00101 /* Boolean debug switch for AUTH syscalls / AEF */
00102 int  rsbac_debug_aef_auth = 0;
00103 /* Boolean debug switch for AUTH decisions / ADF */
00104 int  rsbac_debug_adf_auth = 0;
00105 #endif
00106 
00107 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00108 /* Boolean debug switch for REG */
00109 int  rsbac_debug_reg = 0;
00110 #endif
00111 
00112 #if defined(CONFIG_RSBAC_ACL) || defined(CONFIG_RSBAC_ACL_MAINT)
00113 /* Boolean debug switch for ACL data structures */
00114 int  rsbac_debug_ds_acl = 0;
00115 /* Boolean debug switch for ACL syscalls / AEF */
00116 int  rsbac_debug_aef_acl = 0;
00117 /* Boolean debug switch for ACL decisions / ADF */
00118 int  rsbac_debug_adf_acl = 0;
00119 #endif
00120 
00121 #if defined(CONFIG_RSBAC_JAIL)
00122 /* Boolean debug switch for JAIL syscalls / AEF */
00123 int  rsbac_debug_aef_jail = 0;
00124 /* Boolean debug switch for JAIL decisions / ADF */
00125 int  rsbac_debug_adf_jail = 0;
00126 #endif
00127 
00128 #if defined(CONFIG_RSBAC_PAX)
00129 /* Boolean debug switch for PAX decisions / ADF */
00130 int  rsbac_debug_adf_pax = 0;
00131 #endif
00132 
00133 #if defined(CONFIG_RSBAC_UM)
00134 /* Boolean debug switch for UM data structures */
00135 int  rsbac_debug_ds_um = 0;
00136 /* Boolean debug switch for UM syscalls / AEF */
00137 int  rsbac_debug_aef_um = 0;
00138 /* Boolean debug switch for UM decisions / ADF */
00139 int  rsbac_debug_adf_um = 0;
00140 #endif
00141 
00142 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
00143   int  rsbac_debug_auto = 0;
00144 #endif /* CONFIG_RSBAC_AUTO_WRITE > 0 */
00145 
00146 #endif /* DEBUG */
00147 
00148 #if defined(CONFIG_RSBAC_UM_EXCL)
00149 int  rsbac_um_no_excl = 0;
00150 #endif
00151 
00152 #if defined(CONFIG_RSBAC_AUTH) || defined(CONFIG_RSBAC_AUTH_MAINT)
00153 /* Boolean switch for AUTH init: set may_setuid for /bin/login */
00154 int  rsbac_auth_enable_login = 0;
00155 #if defined(CONFIG_RSBAC_AUTH_LEARN)
00156 int  rsbac_auth_learn = 0;
00157 #endif
00158 #endif
00159 
00160 #if defined(CONFIG_RSBAC_ACL_LEARN)
00161 int  rsbac_acl_learn_fd = 0;
00162 #endif
00163 
00164 /* Suppress default list creation for complete restore */
00165 int  rsbac_no_defaults = 0;
00166 
00167 static rsbac_list_handle_t log_levels_handle = NULL;
00168 
00169 #ifdef CONFIG_RSBAC_SOFTMODE
00170 /* Boolean switch for RSBAC soft mode */
00171 int  rsbac_softmode = 0;
00172 int  rsbac_softmode_prohibit = 0;
00173 #ifdef CONFIG_RSBAC_SOFTMODE_IND
00174 int  rsbac_ind_softmode[SW_NONE] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0};
00175 #endif
00176 
00177 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00178 EXPORT_SYMBOL(rsbac_in_softmode);
00179 #endif
00180 int rsbac_in_softmode(void)
00181   {
00182     return rsbac_softmode;
00183   }
00184 #endif
00185 
00186 #ifdef CONFIG_RSBAC_FREEZE
00187 int rsbac_freeze = 0;
00188 #endif
00189 
00190 #if defined(CONFIG_RSBAC_CAP_PROC_HIDE)
00191 int rsbac_cap_process_hiding = 0;
00192 #endif
00193 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
00194 int rsbac_cap_log_missing = 0;
00195 #endif
00196 #ifdef CONFIG_RSBAC_JAIL_LOG_MISSING
00197 int rsbac_jail_log_missing = 0;
00198 #endif
00199 
00200 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
00201 /* Boolean switch for disabling Linux DAC */
00202 int  rsbac_dac_disable = 0;
00203 
00204 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00205 EXPORT_SYMBOL(rsbac_dac_is_disabled);
00206 #endif
00207 int rsbac_dac_is_disabled(void)
00208   {
00209     return rsbac_dac_disable;
00210   }
00211 #endif
00212 
00213 static u_int log_seq = 0;
00214 
00215 /* Boolean switch for no syslog option*/
00216 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00217 int  rsbac_nosyslog = 0;
00218 #endif
00219 
00220 #ifdef CONFIG_RSBAC_SYSLOG_RATE
00221 static u_int rsbac_syslog_rate = CONFIG_RSBAC_SYSLOG_RATE_DEF;
00222 static u_int syslog_count = 0;
00223 #endif
00224 
00225 /* Boolean switch for delayed init option*/
00226 #ifdef CONFIG_RSBAC_INIT_DELAY
00227 int  rsbac_no_delay_init = 0;
00228 kdev_t rsbac_delayed_root = RSBAC_MKDEV(0,0);
00229 #endif
00230 
00231 /* Array of Boolean debug switches for ADF */
00232 int  rsbac_debug_adf_default = 1;
00233 rsbac_log_entry_t  rsbac_log_levels[R_NONE+1];
00234 
00235 rsbac_boolean_t rsbac_debug_adf_dirty = FALSE;
00236 
00237 /* variables for rsbac_logging */
00238 #if defined(CONFIG_RSBAC_RMSG)
00239 #include <linux/poll.h>
00240 #include <linux/smp.h>
00241 #define RLOG_BUF_LEN (1 << 15)
00242 #define RLOG_BUF_MASK (RLOG_BUF_LEN-1)
00243 DECLARE_WAIT_QUEUE_HEAD(rlog_wait);
00244 static unsigned long log_end = 0;               /* Index into log_buf: most-recently-written-char + 1 */
00245 static char rlog_buf[RLOG_BUF_LEN];
00246 #define RLOG_BUF(idx) (rlog_buf[(idx) & RLOG_BUF_MASK])
00247 static unsigned long log_start = 0;
00248 static unsigned long logged_chars = 0;
00249 
00250 #if defined(CONFIG_RSBAC_LOG_REMOTE)
00251 #define REMOTE_RLOG_BUF_LEN (16384)
00252 #define REMOTE_RLOG_BUF_MASK (REMOTE_RLOG_BUF_LEN-1)
00253 static DECLARE_WAIT_QUEUE_HEAD(rsbaclogd_wait);
00254 #ifndef CONFIG_RSBAC_LOG_REMOTE_SYNC
00255 static struct timer_list rsbac_log_remote_timer;
00256 u_int rsbac_log_remote_interval = CONFIG_RSBAC_LOG_INTERVAL;
00257 #endif
00258 rsbac_pid_t rsbaclogd_pid=0;
00259 #define REMOTE_SEND_BUF_LEN 1024
00260 static unsigned long remote_log_end;
00261 static char remote_rlog_buf[REMOTE_RLOG_BUF_LEN];
00262 static unsigned long remote_log_start = 0;
00263 static unsigned long remote_logged_chars = 0;
00264 #define REMOTE_RLOG_BUF(idx) (remote_rlog_buf[(idx) & REMOTE_RLOG_BUF_MASK])
00265 static __u16 rsbac_log_remote_port = 0;
00266 static __u32 rsbac_log_remote_addr = 0;
00267 static char rsbac_log_remote_addr_string[RSBAC_MAXNAMELEN] = CONFIG_RSBAC_LOG_REMOTE_ADDR;
00268 #endif
00269 
00270 #endif /* RMSG */
00271 
00272 #ifdef CONFIG_RSBAC_SYSLOG_RATE
00273 static struct timer_list rsbac_syslog_rate_timer;
00274 #endif
00275 
00276 void  rsbac_adf_log_switch(rsbac_adf_request_int_t request,
00277                            enum rsbac_target_t target,
00278                            rsbac_enum_t value)
00279   {
00280     if(   (request < R_NONE)
00281        && (target <= T_NONE)
00282        && (value <= LL_full)
00283       )
00284       {
00285         rsbac_log_levels[request][target] = value;
00286         if(log_levels_handle)
00287           rsbac_list_add(log_levels_handle, &request, rsbac_log_levels[request]);
00288       }
00289   };
00290 
00291 int rsbac_get_adf_log(rsbac_adf_request_int_t request,
00292                       enum rsbac_target_t target,
00293                       u_int * value_p)
00294   {
00295     if(   (request < R_NONE)
00296        && (target <= T_NONE)
00297       )
00298       {
00299         *value_p = rsbac_log_levels[request][target];
00300         return 0;
00301       }
00302     else
00303       return -RSBAC_EINVALIDVALUE;
00304   }
00305 
00306 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00307 inline rsbac_boolean_t rsbac_parse_koptions(char * line)
00308   {
00309     /* RSBAC: suppress defaults? */
00310     if (!strcmp(line,"rsbac_no_defaults"))
00311       {
00312         rsbac_no_defaults = 1;
00313         return(TRUE);
00314       }
00315     #if defined(CONFIG_RSBAC_UM_EXCL)
00316     if (!strcmp(line,"rsbac_um_no_excl"))
00317       {
00318         rsbac_um_no_excl = 1;
00319         return(TRUE);
00320       }
00321     #endif
00322     #if defined(CONFIG_RSBAC_DAZ_CACHE)
00323     /* RSBAC: DAZ - set cache ttl */
00324     if (!strncmp(line,"rsbac_daz_ttl=",14))
00325       {
00326         char * p = line+14;
00327 
00328         if(*p)
00329           {
00330             rsbac_daz_set_ttl(simple_strtoul(p, NULL, 0));
00331           }
00332         return(TRUE);
00333       }
00334     #endif
00335     #if defined(CONFIG_RSBAC_AUTH) || defined(CONFIG_RSBAC_AUTH_MAINT)
00336     /* RSBAC: AUTH - set auth_may_setuid for /bin/login? */
00337     if (!strcmp(line,"rsbac_auth_enable_login"))
00338       {
00339         rsbac_auth_enable_login = 1;
00340         return(TRUE);
00341       }
00342     #if defined(CONFIG_RSBAC_AUTH_LEARN)
00343     if (!strcmp(line,"rsbac_auth_learn"))
00344       {
00345         rsbac_auth_learn = 1;
00346         return(TRUE);
00347       }
00348     #endif
00349     #endif
00350     #if defined(CONFIG_RSBAC_ACL_LEARN)
00351     /* Learn for all target types */
00352     if (!strcmp(line,"rsbac_acl_learn"))
00353       {
00354         rsbac_acl_learn_fd = 1;
00355         return(TRUE);
00356       }
00357     if (!strcmp(line,"rsbac_acl_learn_fd"))
00358       {
00359         rsbac_acl_learn_fd = 1;
00360         return(TRUE);
00361       }
00362     #endif
00363     #if defined(CONFIG_RSBAC_SOFTMODE)
00364     /* RSBAC: softmode on? */
00365     if (!strcmp(line,"rsbac_softmode_once"))
00366       {
00367         rsbac_softmode = 1;
00368         rsbac_softmode_prohibit = 1;
00369         return(TRUE);
00370       }
00371     if (!strcmp(line,"rsbac_softmode_never"))
00372       {
00373         rsbac_softmode_prohibit = 1;
00374         return(TRUE);
00375       }
00376     if (!strcmp(line,"rsbac_softmode"))
00377       {
00378         rsbac_softmode = 1;
00379         return(TRUE);
00380       }
00381     #if defined(CONFIG_RSBAC_SOFTMODE_IND)
00382     /* RSBAC: softmode on for a module? */
00383     if (!strcmp(line,"rsbac_softmode_mac"))
00384       {
00385         rsbac_ind_softmode[MAC] = 1;
00386         return(TRUE);
00387       }
00388     if (!strcmp(line,"rsbac_softmode_pm"))
00389       {
00390         rsbac_ind_softmode[PM] = 1;
00391         return(TRUE);
00392       }
00393     if (!strcmp(line,"rsbac_softmode_daz"))
00394       {
00395         rsbac_ind_softmode[DAZ] = 1;
00396         return(TRUE);
00397       }
00398     if (!strcmp(line,"rsbac_softmode_ff"))
00399       {
00400         rsbac_ind_softmode[FF] = 1;
00401         return(TRUE);
00402       }
00403     if (!strcmp(line,"rsbac_softmode_rc"))
00404       {
00405         rsbac_ind_softmode[RC] = 1;
00406         return(TRUE);
00407       }
00408     if (!strcmp(line,"rsbac_softmode_auth"))
00409       {
00410         rsbac_ind_softmode[AUTH] = 1;
00411         return(TRUE);
00412       }
00413     if (!strcmp(line,"rsbac_softmode_reg"))
00414       {
00415         rsbac_ind_softmode[REG] = 1;
00416         return(TRUE);
00417       }
00418     if (!strcmp(line,"rsbac_softmode_acl"))
00419       {
00420         rsbac_ind_softmode[ACL] = 1;
00421         return(TRUE);
00422       }
00423     if (!strcmp(line,"rsbac_softmode_cap"))
00424       {
00425         rsbac_ind_softmode[CAP] = 1;
00426         return(TRUE);
00427       }
00428     if (!strcmp(line,"rsbac_softmode_jail"))
00429       {
00430         rsbac_ind_softmode[JAIL] = 1;
00431         return(TRUE);
00432       }
00433     if (!strcmp(line,"rsbac_softmode_res"))
00434       {
00435         rsbac_ind_softmode[RES] = 1;
00436         return(TRUE);
00437       }
00438     #endif
00439     #endif
00440     #if defined(CONFIG_RSBAC_CAP_PROC_HIDE)
00441     /* RSBAC: hide processes? */
00442     if (!strcmp(line,"rsbac_cap_process_hiding"))
00443       {
00444         rsbac_cap_process_hiding = 1;
00445         return(TRUE);
00446       }
00447     #endif
00448     #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
00449     /* RSBAC: log missing caps? */
00450     if (!strcmp(line,"rsbac_cap_log_missing"))
00451       {
00452         rsbac_cap_log_missing = 1;
00453         return(TRUE);
00454       }
00455     #endif
00456     #ifdef CONFIG_RSBAC_JAIL_LOG_MISSING
00457     /* RSBAC: log missing jail caps? */
00458     if (!strcmp(line,"rsbac_jail_log_missing"))
00459       {
00460         rsbac_jail_log_missing = 1;
00461         return(TRUE);
00462       }
00463     #endif
00464     #if defined(CONFIG_RSBAC_FREEZE)
00465     /* RSBAC: freeze config? */
00466     if (!strcmp(line,"rsbac_freeze"))
00467       {
00468         rsbac_freeze = 1;
00469         return(TRUE);
00470       }
00471     #endif
00472     #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
00473     /* RSBAC: disable Linux DAC? */
00474     if (!strcmp(line,"rsbac_dac_disable"))
00475       {
00476         rsbac_dac_disable = 1;
00477         return(TRUE);
00478       }
00479     #endif
00480     #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00481     if (   !strcmp(line,"rsbac_nosyslog")
00482         || !strcmp(line,"rsbac_no_syslog")
00483        )
00484       {
00485         rsbac_nosyslog = 1;
00486         return(TRUE);
00487       }
00488     #endif
00489     #if defined(CONFIG_RSBAC_LOG_REMOTE)
00490     /* Set remote address */
00491     if (   !strncmp(line,"rsbac_log_remote_addr=",22)
00492        )
00493       {
00494         char * p = line+22;
00495 
00496         if(*p)
00497           {
00498             strncpy(rsbac_log_remote_addr_string, p, RSBAC_MAXNAMELEN - 1);
00499             rsbac_log_remote_addr_string[RSBAC_MAXNAMELEN -1] = 0;
00500           }
00501         return(TRUE);
00502       }
00503     /* Set remote port */
00504     if (   !strncmp(line,"rsbac_log_remote_port=",22)
00505        )
00506       {
00507         char * p = line+22;
00508 
00509         if(*p)
00510           {
00511             rsbac_log_remote_port = htons(simple_strtoul(p, NULL, 0));
00512           }
00513         return(TRUE);
00514       }
00515     #endif
00516     #ifdef CONFIG_RSBAC_INIT_DELAY
00517     if (   !strcmp(line,"rsbac_delay_init")
00518        )
00519       {
00520         rsbac_no_delay_init = 0;
00521         return(TRUE);
00522       }
00523     if (   !strcmp(line,"rsbac_no_delay_init")
00524         || !strcmp(line,"rsbac_no_init_delay")
00525        )
00526       {
00527         rsbac_no_delay_init = 1;
00528         return(TRUE);
00529       }
00530     if (   !strncmp(line,"rsbac_delayed_root=",19)
00531        )
00532       {
00533         char * p = line+19;
00534         u_int major = 0;
00535         u_int minor = 0;
00536 
00537         if(*p)
00538           {
00539             major = simple_strtoul(p, NULL, 0);
00540             while((*p != ':') && (*p != '\0'))
00541               p++;
00542             if(*p)
00543               {
00544                 p++;
00545                 minor = simple_strtoul(p, NULL, 0);
00546               }
00547             rsbac_delayed_root = RSBAC_MKDEV(major,minor);
00548           }
00549         return(TRUE);
00550       }
00551     #endif
00552     #ifdef CONFIG_RSBAC_SYSLOG_RATE
00553     /* Set syslog rate limit */
00554     if (   !strncmp(line,"rsbac_syslog_rate=",18)
00555        )
00556       {
00557         char * p = line+18;
00558 
00559         if(*p)
00560           {
00561             rsbac_syslog_rate = simple_strtoul(p, NULL, 0);
00562           }
00563         return(TRUE);
00564       }
00565     #endif
00566 
00567 #ifdef CONFIG_RSBAC_DEBUG
00568     #ifdef CONFIG_RSBAC_NET
00569     /* RSBAC: debug for all of net? */
00570     if (!strcmp(line,"rsbac_debug_net"))
00571       {
00572         rsbac_debug_ds_net = 1;
00573         rsbac_debug_aef_net = 1;
00574         rsbac_debug_adf_net = 1;
00575         return(TRUE);
00576       }
00577     /* RSBAC: debug for net data structures? */
00578     if (!strcmp(line,"rsbac_debug_ds_net"))
00579       {
00580         rsbac_debug_ds_net = 1;
00581         return(TRUE);
00582       }
00583     /* RSBAC: debug for net syscalls/AEF? */
00584     if (!strcmp(line,"rsbac_debug_aef_net"))
00585       {
00586         rsbac_debug_aef_net = 1;
00587         return(TRUE);
00588       }
00589     /* RSBAC: debug for net decisions/ADF? */
00590     if (!strcmp(line,"rsbac_debug_adf_net"))
00591       {
00592         rsbac_debug_adf_net = 1;
00593         return(TRUE);
00594       }
00595     #endif
00596 
00597     #if defined(CONFIG_RSBAC_MAC)
00598     /* RSBAC: debug for all of mac? */
00599     if (!strcmp(line,"rsbac_debug_mac"))
00600       {
00601         rsbac_debug_ds_mac = 1;
00602         rsbac_debug_aef_mac = 1;
00603         rsbac_debug_adf_mac = 1;
00604         return(TRUE);
00605       }
00606     /* RSBAC: debug for mac data structures? */
00607     if (!strcmp(line,"rsbac_debug_ds_mac"))
00608       {
00609         rsbac_debug_ds_mac = 1;
00610         return(TRUE);
00611       }
00612     /* RSBAC: debug for MAC-syscalls/AEF? */
00613     if (!strcmp(line,"rsbac_debug_aef_mac"))
00614       {
00615         rsbac_debug_aef_mac = 1;
00616         return(TRUE);
00617       }
00618     /* RSBAC: debug for MAC-decisions/ADF? */
00619     if (!strcmp(line,"rsbac_debug_adf_mac"))
00620       {
00621         rsbac_debug_adf_mac = 1;
00622         return(TRUE);
00623       }
00624     #endif
00625     #if defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_PM_MAINT)
00626     /* RSBAC: debug for all of pm? */
00627     if (!strcmp(line,"rsbac_debug_pm"))
00628       {
00629         rsbac_debug_ds_pm = 1;
00630         rsbac_debug_aef_pm = 1;
00631         rsbac_debug_adf_pm = 1;
00632         return(TRUE);
00633       }
00634     /* RSBAC: debug for pm data structures? */
00635     if (!strcmp(line,"rsbac_debug_ds_pm"))
00636       {
00637         rsbac_debug_ds_pm = 1;
00638         return(TRUE);
00639       }
00640     /* RSBAC: debug for PM-syscalls/AEF? */
00641     if (!strcmp(line,"rsbac_debug_aef_pm"))
00642       {
00643         rsbac_debug_aef_pm = 1;
00644         return(TRUE);
00645       }
00646     /* RSBAC: debug for PM-decisions/ADF? */
00647     if (!strcmp(line,"rsbac_debug_adf_pm"))
00648       {
00649         rsbac_debug_adf_pm = 1;
00650         return(TRUE);
00651       }
00652     #endif
00653     #if defined(CONFIG_RSBAC_DAZ)
00654     /* RSBAC: debug for DAZ decisions/ADF? */
00655     if (   !strcmp(line,"rsbac_debug_adf_daz")
00656         || !strcmp(line,"rsbac_debug_daz")
00657        )
00658       {
00659         rsbac_debug_adf_daz = 1;
00660         return(TRUE);
00661       }
00662     #endif
00663     #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
00664     /* RSBAC: debug for all of rc? */
00665     if (!strcmp(line,"rsbac_debug_rc"))
00666       {
00667         rsbac_debug_ds_rc = 1;
00668         rsbac_debug_aef_rc = 1;
00669         rsbac_debug_adf_rc = 1;
00670         return(TRUE);
00671       }
00672     /* RSBAC: debug for rc data structures? */
00673     if (!strcmp(line,"rsbac_debug_ds_rc"))
00674       {
00675         rsbac_debug_ds_rc = 1;
00676         return(TRUE);
00677       }
00678     /* RSBAC: debug for RC-syscalls/AEF? */
00679     if (!strcmp(line,"rsbac_debug_aef_rc"))
00680       {
00681         rsbac_debug_aef_rc = 1;
00682         return(TRUE);
00683       }
00684     /* RSBAC: debug for RC-decisions/ADF? */
00685     if (!strcmp(line,"rsbac_debug_adf_rc"))
00686       {
00687         rsbac_debug_adf_rc = 1;
00688         return(TRUE);
00689       }
00690     #endif
00691     #if defined(CONFIG_RSBAC_AUTH) || defined(CONFIG_RSBAC_AUTH_MAINT)
00692     /* RSBAC: debug for all of auth? */
00693     if (!strcmp(line,"rsbac_debug_auth"))
00694       {
00695         rsbac_debug_ds_auth = 1;
00696         rsbac_debug_aef_auth = 1;
00697         rsbac_debug_adf_auth = 1;
00698         return(TRUE);
00699       }
00700     /* RSBAC: debug for auth data structures? */
00701     if (!strcmp(line,"rsbac_debug_ds_auth"))
00702       {
00703         rsbac_debug_ds_auth = 1;
00704         return(TRUE);
00705       }
00706     /* RSBAC: debug for AUTH-syscalls/AEF? */
00707     if (!strcmp(line,"rsbac_debug_aef_auth"))
00708       {
00709         rsbac_debug_aef_auth = 1;
00710         return(TRUE);
00711       }
00712     /* RSBAC: debug for AUTH-decisions/ADF? */
00713     if (!strcmp(line,"rsbac_debug_adf_auth"))
00714       {
00715         rsbac_debug_adf_auth = 1;
00716         return(TRUE);
00717       }
00718     #endif
00719     #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
00720     /* RSBAC: debug for all of reg? */
00721     if (!strcmp(line,"rsbac_debug_reg"))
00722       {
00723         rsbac_debug_reg = 1;
00724         return(TRUE);
00725       }
00726     #endif
00727     #if defined(CONFIG_RSBAC_ACL) || defined(CONFIG_RSBAC_ACL_MAINT)
00728     /* RSBAC: debug for all of acl? */
00729     if (!strcmp(line,"rsbac_debug_acl"))
00730       {
00731         rsbac_debug_ds_acl = 1;
00732         rsbac_debug_aef_acl = 1;
00733         rsbac_debug_adf_acl = 1;
00734         return(TRUE);
00735       }
00736     /* RSBAC: debug for ACL data structures? */
00737     if (!strcmp(line,"rsbac_debug_ds_acl"))
00738       {
00739         rsbac_debug_ds_acl = 1;
00740         return(TRUE);
00741       }
00742     /* RSBAC: debug for ACL-syscalls/AEF? */
00743     if (!strcmp(line,"rsbac_debug_aef_acl"))
00744       {
00745         rsbac_debug_aef_acl = 1;
00746         return(TRUE);
00747       }
00748     /* RSBAC: debug for ACL-decisions/ADF? */
00749     if (!strcmp(line,"rsbac_debug_adf_acl"))
00750       {
00751         rsbac_debug_adf_acl = 1;
00752         return(TRUE);
00753       }
00754     #endif
00755     #if defined(CONFIG_RSBAC_JAIL)
00756     /* RSBAC: debug for all of jail? */
00757     if (!strcmp(line,"rsbac_debug_jail"))
00758       {
00759         rsbac_debug_aef_jail = 1;
00760         rsbac_debug_adf_jail = 1;
00761         return(TRUE);
00762       }
00763     /* RSBAC: debug for JAIL-syscalls/AEF? */
00764     if (!strcmp(line,"rsbac_debug_aef_jail"))
00765       {
00766         rsbac_debug_aef_jail = 1;
00767         return(TRUE);
00768       }
00769     /* RSBAC: debug for JAIL-decisions/ADF? */
00770     if (!strcmp(line,"rsbac_debug_adf_jail"))
00771       {
00772         rsbac_debug_adf_jail = 1;
00773         return(TRUE);
00774       }
00775     #endif
00776     #if defined(CONFIG_RSBAC_PAX)
00777     /* RSBAC: debug for all of pax? */
00778     if (!strcmp(line,"rsbac_debug_pax"))
00779       {
00780         rsbac_debug_adf_pax = 1;
00781         return(TRUE);
00782       }
00783     /* RSBAC: debug for PAX-decisions/ADF? */
00784     if (!strcmp(line,"rsbac_debug_adf_pax"))
00785       {
00786         rsbac_debug_adf_pax = 1;
00787         return(TRUE);
00788       }
00789     #endif
00790     #if defined(CONFIG_RSBAC_UM)
00791     /* RSBAC: debug for all of um? */
00792     if (!strcmp(line,"rsbac_debug_um"))
00793       {
00794         rsbac_debug_ds_um = 1;
00795         rsbac_debug_aef_um = 1;
00796         rsbac_debug_adf_um = 1;
00797         return(TRUE);
00798       }
00799     /* RSBAC: debug for um data structures? */
00800     if (!strcmp(line,"rsbac_debug_ds_um"))
00801       {
00802         rsbac_debug_ds_um = 1;
00803         return(TRUE);
00804       }
00805     /* RSBAC: debug for UM-syscalls/AEF? */
00806     if (!strcmp(line,"rsbac_debug_aef_um"))
00807       {
00808         rsbac_debug_aef_um = 1;
00809         return(TRUE);
00810       }
00811     /* RSBAC: debug for UM-decisions/ADF? */
00812     if (!strcmp(line,"rsbac_debug_adf_um"))
00813       {
00814         rsbac_debug_adf_um = 1;
00815         return(TRUE);
00816       }
00817     #endif
00818     #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
00819     /* RSBAC: debug for auto-write? */
00820     if (!strcmp(line,"rsbac_debug_auto"))
00821       {
00822         rsbac_debug_auto = 1;
00823         return(TRUE);
00824       }
00825     #endif
00826     /* RSBAC: debug for all? */
00827     if (!strcmp(line,"rsbac_debug_all"))
00828       {
00829         rsbac_debug_ds = 1;
00830         rsbac_debug_write = 1;
00831         rsbac_debug_aef = 1;
00832         rsbac_debug_adf_default = 2;
00833         #if defined(CONFIG_RSBAC_MAC)
00834         rsbac_debug_ds_mac = 1;
00835         rsbac_debug_aef_mac = 1;
00836         rsbac_debug_adf_mac = 1;
00837         #endif
00838         #if defined(CONFIG_RSBAC_PM)
00839         rsbac_debug_ds_pm = 1;
00840         rsbac_debug_aef_pm = 1;
00841         rsbac_debug_adf_pm = 1;
00842         #endif
00843         #if defined(CONFIG_RSBAC_DAZ)
00844         rsbac_debug_adf_daz = 1;
00845         #endif
00846         #if defined(CONFIG_RSBAC_RC)
00847         rsbac_debug_ds_rc = 1;
00848         rsbac_debug_aef_rc = 1;
00849         rsbac_debug_adf_rc = 1;
00850         #endif
00851         #if defined(CONFIG_RSBAC_AUTH)
00852         rsbac_debug_ds_auth = 1;
00853         rsbac_debug_aef_auth = 1;
00854         rsbac_debug_adf_auth = 1;
00855         #endif
00856         #if defined(CONFIG_RSBAC_ACL)
00857         rsbac_debug_ds_acl = 1;
00858         rsbac_debug_aef_acl = 1;
00859         rsbac_debug_adf_acl = 1;
00860         #endif
00861         #if defined(CONFIG_RSBAC_JAIL)
00862         rsbac_debug_aef_jail = 1;
00863         rsbac_debug_adf_jail = 1;
00864         #endif
00865         #if defined(CONFIG_RSBAC_PAX)
00866         rsbac_debug_adf_pax = 1;
00867         #endif
00868         #if defined(CONFIG_RSBAC_UM)
00869         rsbac_debug_ds_um = 1;
00870         rsbac_debug_aef_um = 1;
00871         rsbac_debug_adf_um = 1;
00872         #endif
00873         #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
00874         rsbac_debug_auto = 1;
00875         #endif
00876 
00877         return(TRUE);
00878       }
00879     /* RSBAC: debug_lists */
00880     if (!strcmp(line,"rsbac_debug_lists"))
00881       {
00882         rsbac_debug_lists = 1;
00883         return(TRUE);
00884       }
00885     /* RSBAC: debug_stack */
00886     if (!strcmp(line,"rsbac_debug_stack"))
00887       {
00888         rsbac_debug_stack = 1;
00889         return(TRUE);
00890       }
00891     /* RSBAC: debug for data structures? */
00892     if (!strcmp(line,"rsbac_debug_ds"))
00893       {
00894         rsbac_debug_ds = 1;
00895         return(TRUE);
00896       }
00897     /* RSBAC: debug for writing of data structures? */
00898     if (!strcmp(line,"rsbac_debug_write"))
00899       {
00900         rsbac_debug_write = 1;
00901         return(TRUE);
00902       }
00903     /* RSBAC: debug for AEF? */
00904     if (!strcmp(line,"rsbac_debug_aef"))
00905       {
00906         rsbac_debug_aef = 1;
00907         return(TRUE);
00908       }
00909     /* RSBAC: debug_no_write for ds */
00910     if (!strcmp(line,"rsbac_debug_no_write"))
00911       {
00912         rsbac_debug_no_write = 1;
00913         return(TRUE);
00914       }
00915     /* RSBAC: debug default 0 for ADF */
00916     if (!strcmp(line,"rsbac_debug_no_adf"))
00917       {
00918         rsbac_debug_adf_default = 0;
00919         return(TRUE);
00920       }
00921     /* RSBAC: debug default 1 for ADF, log denied requests? (default value) */
00922     if (!strcmp(line,"rsbac_debug_adf"))
00923       {
00924         rsbac_debug_adf_default = 1;
00925         return(TRUE);
00926       }
00927     /* RSBAC: debug: log all for ADF, even GRANTED and DO_NOT_CARE? */
00928     if (!strcmp(line,"rsbac_debug_adf_all"))
00929       {
00930         rsbac_debug_adf_default = 2;
00931         return(TRUE);
00932       }
00933 #endif /* DEBUG */
00934 
00935     /* nothing matched */
00936     return(FALSE);
00937   }
00938 
00939 #else /* KERNEL_VERSION >= 2.6.0 */
00940 
00941 //  module_param(rsbac_no_defaults, bool, S_IRUGO);
00942   static int R_INIT no_defaults_setup(char *line)
00943     {
00944       rsbac_no_defaults = 1;
00945       return 1;
00946     }
00947 __setup("rsbac_no_defaults", no_defaults_setup);
00948 
00949   #if defined(CONFIG_RSBAC_UM_EXCL)
00950   static int R_INIT um_no_excl_setup(char *line)
00951     {
00952       rsbac_um_no_excl = 1;
00953       return 1;
00954     }
00955   __setup("rsbac_um_no_excl", um_no_excl_setup);
00956   #endif
00957   #if defined(CONFIG_RSBAC_DAZ_CACHE)
00958   /* RSBAC: DAZ - set cache ttl */
00959 //    module_param(rsbac_daz_ttl,
00960 //                 int,
00961 //                 S_IRUGO);
00962   static int R_INIT daz_ttl_setup(char *line)
00963     {
00964       rsbac_daz_set_ttl(simple_strtoul(line, NULL, 0));
00965       return 1;
00966     }
00967   __setup("rsbac_daz_ttl=", daz_ttl_setup);
00968   #endif
00969   #if defined(CONFIG_RSBAC_AUTH) || defined(CONFIG_RSBAC_AUTH_MAINT)
00970   /* RSBAC: AUTH - set auth_may_setuid for /bin/login? */
00971 //    module_param(rsbac_auth_enable_login, int, S_IRUGO);
00972   static int R_INIT auth_enable_login_setup(char *line)
00973     {
00974       rsbac_auth_enable_login = 1;
00975       return 1;
00976     }
00977   __setup("rsbac_auth_enable_login", auth_enable_login_setup);
00978     #if defined(CONFIG_RSBAC_AUTH_LEARN)
00979   static int R_INIT auth_learn_setup(char *line)
00980     {
00981       rsbac_auth_learn = 1;
00982       return 1;
00983     }
00984   __setup("rsbac_auth_learn", auth_learn_setup);
00985     #endif
00986   #endif
00987   #if defined(CONFIG_RSBAC_ACL_LEARN)
00988   /* learn all target types */
00989   static int R_INIT acl_learn_setup(char *line)
00990     {
00991       rsbac_acl_learn_fd = 1;
00992       return 1;
00993     }
00994   __setup("rsbac_acl_learn", acl_learn_setup);
00995   static int R_INIT acl_learn_fd_setup(char *line)
00996     {
00997       rsbac_acl_learn_fd = 1;
00998       return 1;
00999     }
01000   __setup("rsbac_acl_learn_fd", acl_learn_fd_setup);
01001   #endif
01002 
01003   #if defined(CONFIG_RSBAC_SOFTMODE)
01004   /* RSBAC: softmode on? */
01005 //    module_param(rsbac_softmode_once, bool, S_IRUGO);
01006   static int R_INIT softmode_once_setup(char *line)
01007     {
01008       rsbac_softmode = 1;
01009       rsbac_softmode_prohibit = 1;
01010       return 1;
01011     }
01012   __setup("rsbac_softmode_once", softmode_once_setup);
01013 //    module_param(rsbac_softmode_never, bool, S_IRUGO);
01014   static int R_INIT softmode_never_setup(char *line)
01015     {
01016       rsbac_softmode_prohibit = 1;
01017       return 1;
01018     }
01019   __setup("rsbac_softmode_never", softmode_never_setup);
01020 //    module_param(rsbac_softmode, bool, S_IRUGO);
01021   static int R_INIT softmode_setup(char *line)
01022     {
01023       rsbac_softmode = 1;
01024       return 1;
01025     }
01026   __setup("rsbac_softmode", softmode_setup);
01027 
01028     #if defined(CONFIG_RSBAC_SOFTMODE_IND)
01029     /* RSBAC: softmode on for a module? */
01030 //    module_param_named(rsbac_softmode_mac, rsbac_ind_softmode[MAC], bool, S_IRUGO);
01031   static int R_INIT softmode_mac_setup(char *line)
01032     {
01033       rsbac_ind_softmode[MAC] = 1;
01034       return 1;
01035     }
01036   __setup("rsbac_softmode_mac", softmode_mac_setup);
01037 //    module_param_named(rsbac_softmode_pm, rsbac_ind_softmode[PM], bool, S_IRUGO);
01038   static int R_INIT softmode_pm_setup(char *line)
01039     {
01040       rsbac_ind_softmode[PM] = 1;
01041       return 1;
01042     }
01043   __setup("rsbac_softmode_pm", softmode_pm_setup);
01044 //    module_param_named(rsbac_softmode_daz, rsbac_ind_softmode[DAZ], bool, S_IRUGO);
01045   static int R_INIT softmode_daz_setup(char *line)
01046     {
01047       rsbac_ind_softmode[DAZ] = 1;
01048       return 1;
01049     }
01050   __setup("rsbac_softmode_daz", softmode_daz_setup);
01051 //    module_param_named(rsbac_softmode_ff, rsbac_ind_softmode[FF], bool, S_IRUGO);
01052   static int R_INIT softmode_ff_setup(char *line)
01053     {
01054       rsbac_ind_softmode[FF] = 1;
01055       return 1;
01056     }
01057   __setup("rsbac_softmode_ff", softmode_ff_setup);
01058 //    module_param_named(rsbac_softmode_rc, rsbac_ind_softmode[RC], bool, S_IRUGO);
01059   static int R_INIT softmode_rc_setup(char *line)
01060     {
01061       rsbac_ind_softmode[RC] = 1;
01062       return 1;
01063     }
01064   __setup("rsbac_softmode_rc", softmode_rc_setup);
01065 //    module_param_named(rsbac_softmode_auth, rsbac_ind_softmode[AUTH], bool, S_IRUGO);
01066   static int R_INIT softmode_auth_setup(char *line)
01067     {
01068       rsbac_ind_softmode[AUTH] = 1;
01069       return 1;
01070     }
01071   __setup("rsbac_softmode_auth", softmode_auth_setup);
01072 //    module_param_named(rsbac_softmode_reg, rsbac_ind_softmode[REG], bool, S_IRUGO);
01073   static int R_INIT softmode_reg_setup(char *line)
01074     {
01075       rsbac_ind_softmode[REG] = 1;
01076       return 1;
01077     }
01078   __setup("rsbac_softmode_reg", softmode_reg_setup);
01079 //    module_param_named(rsbac_softmode_acl, rsbac_ind_softmode[ACL], bool, S_IRUGO);
01080   static int R_INIT softmode_acl_setup(char *line)
01081     {
01082       rsbac_ind_softmode[ACL] = 1;
01083       return 1;
01084     }
01085   __setup("rsbac_softmode_acl", softmode_acl_setup);
01086 //    module_param_named(rsbac_softmode_cap, rsbac_ind_softmode[CAP], bool, S_IRUGO);
01087   static int R_INIT softmode_cap_setup(char *line)
01088     {
01089       rsbac_ind_softmode[CAP] = 1;
01090       return 1;
01091     }
01092   __setup("rsbac_softmode_cap", softmode_cap_setup);
01093 //    module_param_named(rsbac_softmode_jail, rsbac_ind_softmode[JAIL], bool, S_IRUGO);
01094   static int R_INIT softmode_jail_setup(char *line)
01095     {
01096       rsbac_ind_softmode[JAIL] = 1;
01097       return 1;
01098     }
01099   __setup("rsbac_softmode_jail", softmode_jail_setup);
01100 //    module_param_named(rsbac_softmode_res, rsbac_ind_softmode[RES], bool, S_IRUGO);
01101   static int R_INIT softmode_res_setup(char *line)
01102     {
01103       rsbac_ind_softmode[RES] = 1;
01104       return 1;
01105     }
01106   __setup("rsbac_softmode_res", softmode_res_setup);
01107     #endif
01108     #endif
01109 
01110     #if defined(CONFIG_RSBAC_CAP_PROC_HIDE)
01111     /* RSBAC: hide processes? */
01112 //    module_param(rsbac_cap_process_hiding, bool, S_IRUGO);
01113   static int R_INIT cap_process_hiding_setup(char *line)
01114     {
01115       rsbac_cap_process_hiding = 1;
01116       return 1;
01117     }
01118   __setup("rsbac_cap_process_hiding", cap_process_hiding_setup);
01119     #endif
01120     #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
01121     /* RSBAC: log missing caps? */
01122 //    module_param(rsbac_cap_log_missing, bool, S_IRUGO);
01123   static int R_INIT cap_log_missing_setup(char *line)
01124     {
01125       rsbac_cap_log_missing = 1;
01126       return 1;
01127     }
01128   __setup("rsbac_cap_log_missing", cap_log_missing_setup);
01129     #endif
01130     #ifdef CONFIG_RSBAC_JAIL_LOG_MISSING
01131     /* RSBAC: log missing jail caps? */
01132 //    module_param(rsbac_jail_log_missing, bool, S_IRUGO);
01133   static int R_INIT jail_log_missing_setup(char *line)
01134     {
01135       rsbac_jail_log_missing = 1;
01136       return 1;
01137     }
01138   __setup("rsbac_jail_log_missing", jail_log_missing_setup);
01139     #endif
01140     #if defined(CONFIG_RSBAC_FREEZE)
01141     /* RSBAC: freeze config? */
01142 //    module_param(rsbac_freeze, bool, S_IRUGO);
01143   static int R_INIT freeze_setup(char *line)
01144     {
01145       rsbac_freeze = 1;
01146       return 1;
01147     }
01148   __setup("rsbac_freeze", freeze_setup);
01149     #endif
01150     #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
01151     /* RSBAC: disable Linux DAC? */
01152 //    module_param(rsbac_dac_disable, bool, S_IRUGO);
01153   static int R_INIT dac_disable_setup(char *line)
01154     {
01155       rsbac_dac_disable = 1;
01156       return 1;
01157     }
01158   __setup("rsbac_dac_disable", dac_disable_setup);
01159     #endif
01160     #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01161 //    module_param(rsbac_nosyslog, bool, S_IRUGO);
01162   static int R_INIT nosyslog_setup(char *line)
01163     {
01164       rsbac_nosyslog = 1;
01165       return 1;
01166     }
01167   __setup("rsbac_nosyslog", nosyslog_setup);
01168 //    module_param_named(rsbac_no_syslog, rsbac_nosyslog, bool, S_IRUGO);
01169   static int R_INIT no_syslog_setup(char *line)
01170     {
01171       rsbac_nosyslog = 1;
01172       return 1;
01173     }
01174   __setup("rsbac_no_syslog", no_syslog_setup);
01175     #endif
01176     #if defined(CONFIG_RSBAC_LOG_REMOTE)
01177 //    module_param_string(rsbac_log_remote_addr,
01178 //                        rsbac_log_remote_addr_string,
01179 //                        sizeof(rsbac_log_remote_addr_string),
01180 //                        S_IRUGO);
01181   static int R_INIT log_remote_addr_setup(char *line)
01182     {
01183       strncpy(rsbac_log_remote_addr_string, line, RSBAC_MAXNAMELEN - 1);
01184       rsbac_log_remote_addr_string[RSBAC_MAXNAMELEN - 1]=0;
01185       return 1;
01186     }
01187   __setup("rsbac_log_remote_addr=", log_remote_addr_setup);
01188 //    module_param(rsbac_log_remote_port,
01189 //                 int,
01190 //                 S_IRUGO);
01191   static int R_INIT log_remote_port_setup(char *line)
01192     {
01193       __u16 tmp_port;
01194 
01195       tmp_port = simple_strtoul(line, NULL, 0);
01196       rsbac_log_remote_port = htons(tmp_port);
01197       return 1;
01198     }
01199   __setup("rsbac_log_remote_port=", log_remote_port_setup);
01200     #endif
01201     #ifdef CONFIG_RSBAC_INIT_DELAY
01202 //    module_param(rsbac_no_delay_init, bool, S_IRUGO);
01203   static int R_INIT no_delay_init_setup(char *line)
01204     {
01205       rsbac_no_delay_init = 1;
01206       return 1;
01207     }
01208   __setup("rsbac_no_delay_init", no_delay_init_setup);
01209 //    module_param_named(rsbac_no_init_delay, rsbac_no_delay_init, bool, S_IRUGO);
01210   static int R_INIT no_init_delay_setup(char *line)
01211     {
01212       rsbac_no_delay_init = 1;
01213       return 1;
01214     }
01215   __setup("rsbac_no_init_delay", no_init_delay_setup);
01216     char rsbac_delayed_root_str[20] = "";
01217 //    module_param_string(rsbac_delayed_root,
01218 //                        rsbac_delayed_root_str,
01219 //                        sizeof(rsbac_delayed_root_str),
01220 //                        S_IRUGO);
01221   static int R_INIT delayed_root_setup(char *line)
01222     {
01223       strncpy(rsbac_delayed_root_str, line, 19);
01224       rsbac_delayed_root_str[19]=0;
01225       return 1;
01226     }
01227   __setup("rsbac_delayed_root=", delayed_root_setup);
01228     #endif
01229     #ifdef CONFIG_RSBAC_SYSLOG_RATE
01230 //    module_param(rsbac_syslog_rate,
01231 //                 int,
01232 //                 S_IRUGO);
01233   static int R_INIT syslog_rate_setup(char *line)
01234     {
01235       rsbac_syslog_rate = simple_strtoul(line, NULL, 0);
01236       return 1;
01237     }
01238   __setup("rsbac_syslog_rate=", syslog_rate_setup);
01239     #endif
01240 
01241 #ifdef CONFIG_RSBAC_DEBUG
01242     #ifdef CONFIG_RSBAC_NET
01243     /* RSBAC: debug for net data structures? */
01244 //    module_param(rsbac_debug_ds_net, bool, S_IRUGO);
01245   static int R_INIT debug_ds_net_setup(char *line)
01246     {
01247       rsbac_debug_ds_net = 1;
01248       return 1;
01249     }
01250   __setup("rsbac_debug_ds_net", debug_ds_net_setup);
01251     /* RSBAC: debug for net syscalls/AEF? */
01252 //    module_param(rsbac_debug_aef_net, bool, S_IRUGO);
01253   static int R_INIT debug_aef_net_setup(char *line)
01254     {
01255       rsbac_debug_aef_net = 1;
01256       return 1;
01257     }
01258   __setup("rsbac_debug_aef_net", debug_aef_net_setup);
01259     /* RSBAC: debug for net decisions/ADF? */
01260 //    module_param(rsbac_debug_adf_net, bool, S_IRUGO);
01261   static int R_INIT debug_adf_net_setup(char *line)
01262     {
01263       rsbac_debug_adf_net = 1;
01264       return 1;
01265     }
01266   __setup("rsbac_debug_adf_net", debug_adf_net_setup);
01267     #endif
01268 
01269     #if defined(CONFIG_RSBAC_MAC)
01270 //    module_param(rsbac_debug_ds_mac, bool, S_IRUGO);
01271   static int R_INIT debug_ds_mac_setup(char *line)
01272     {
01273       rsbac_debug_ds_mac = 1;
01274       return 1;
01275     }
01276   __setup("rsbac_debug_ds_mac", debug_ds_mac_setup);
01277 //    module_param(rsbac_debug_aef_mac, bool, S_IRUGO);
01278   static int R_INIT debug_aef_mac_setup(char *line)
01279     {
01280       rsbac_debug_aef_mac = 1;
01281       return 1;
01282     }
01283   __setup("rsbac_debug_aef_mac", debug_aef_mac_setup);
01284 //    module_param(rsbac_debug_adf_mac, bool, S_IRUGO);
01285   static int R_INIT debug_adf_mac_setup(char *line)
01286     {
01287       rsbac_debug_adf_mac = 1;
01288       return 1;
01289     }
01290   __setup("rsbac_debug_adf_mac", debug_adf_mac_setup);
01291     #endif
01292     #if defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_PM_MAINT)
01293 //    module_param(rsbac_debug_ds_pm, bool, S_IRUGO);
01294   static int R_INIT debug_ds_pm_setup(char *line)
01295     {
01296       rsbac_debug_ds_pm = 1;
01297       return 1;
01298     }
01299   __setup("rsbac_debug_ds_pm", debug_ds_pm_setup);
01300 //    module_param(rsbac_debug_aef_pm, bool, S_IRUGO);
01301   static int R_INIT debug_aef_pm_setup(char *line)
01302     {
01303       rsbac_debug_aef_pm = 1;
01304       return 1;
01305     }
01306   __setup("rsbac_debug_aef_pm", debug_aef_pm_setup);
01307 //    module_param(rsbac_debug_adf_pm, bool, S_IRUGO);
01308   static int R_INIT debug_adf_pm_setup(char *line)
01309     {
01310       rsbac_debug_adf_pm = 1;
01311       return 1;
01312     }
01313   __setup("rsbac_debug_adf_pm", debug_adf_pm_setup);
01314     #endif
01315     #if defined(CONFIG_RSBAC_DAZ)
01316 //    module_param(rsbac_debug_adf_daz, bool, S_IRUGO);
01317   static int R_INIT debug_adf_daz_setup(char *line)
01318     {
01319       rsbac_debug_adf_daz = 1;
01320       return 1;
01321     }
01322   __setup("rsbac_debug_adf_daz", debug_adf_daz_setup);
01323     #endif
01324     #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
01325 //    module_param(rsbac_debug_ds_rc, bool, S_IRUGO);
01326   static int R_INIT debug_ds_rc_setup(char *line)
01327     {
01328       rsbac_debug_ds_rc = 1;
01329       return 1;
01330     }
01331   __setup("rsbac_debug_ds_rc", debug_ds_rc_setup);
01332 //    module_param(rsbac_debug_aef_rc, bool, S_IRUGO);
01333   static int R_INIT debug_aef_rc_setup(char *line)
01334     {
01335       rsbac_debug_aef_rc = 1;
01336       return 1;
01337     }
01338   __setup("rsbac_debug_aef_rc", debug_aef_rc_setup);
01339 //    module_param(rsbac_debug_adf_rc, bool, S_IRUGO);
01340   static int R_INIT debug_adf_rc_setup(char *line)
01341     {
01342       rsbac_debug_adf_rc = 1;
01343       return 1;
01344     }
01345   __setup("rsbac_debug_adf_rc", debug_adf_rc_setup);
01346     #endif
01347     #if defined(CONFIG_RSBAC_AUTH) || defined(CONFIG_RSBAC_AUTH_MAINT)
01348 //    module_param(rsbac_debug_ds_auth, bool, S_IRUGO);
01349   static int R_INIT debug_ds_auth_setup(char *line)
01350     {
01351       rsbac_debug_ds_auth = 1;
01352       return 1;
01353     }
01354   __setup("rsbac_debug_ds_auth", debug_ds_auth_setup);
01355 //    module_param(rsbac_debug_aef_auth, bool, S_IRUGO);
01356   static int R_INIT debug_aef_auth_setup(char *line)
01357     {
01358       rsbac_debug_aef_auth = 1;
01359       return 1;
01360     }
01361   __setup("rsbac_debug_aef_auth", debug_aef_auth_setup);
01362 //    module_param(rsbac_debug_adf_auth, bool, S_IRUGO);
01363   static int R_INIT debug_adf_auth_setup(char *line)
01364     {
01365       rsbac_debug_adf_auth = 1;
01366       return 1;
01367     }
01368   __setup("rsbac_debug_adf_auth", debug_adf_auth_setup);
01369     #endif
01370     #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
01371 //    module_param(rsbac_debug_reg, bool, S_IRUGO);
01372   static int R_INIT debug_reg_setup(char *line)
01373     {
01374       rsbac_debug_reg = 1;
01375       return 1;
01376     }
01377   __setup("rsbac_debug_reg", debug_reg_setup);
01378     #endif
01379     #if defined(CONFIG_RSBAC_ACL) || defined(CONFIG_RSBAC_ACL_MAINT)
01380 //    module_param(rsbac_debug_ds_acl, bool, S_IRUGO);
01381   static int R_INIT debug_ds_acl_setup(char *line)
01382     {
01383       rsbac_debug_ds_acl = 1;
01384       return 1;
01385     }
01386   __setup("rsbac_debug_ds_acl", debug_ds_acl_setup);
01387 //    module_param(rsbac_debug_aef_acl, bool, S_IRUGO);
01388   static int R_INIT debug_aef_acl_setup(char *line)
01389     {
01390       rsbac_debug_aef_acl = 1;
01391       return 1;
01392     }
01393   __setup("rsbac_debug_aef_acl", debug_aef_acl_setup);
01394 //    module_param(rsbac_debug_adf_acl, bool, S_IRUGO);
01395   static int R_INIT debug_adf_acl_setup(char *line)
01396     {
01397       rsbac_debug_adf_acl = 1;
01398       return 1;
01399     }
01400   __setup("rsbac_debug_adf_acl", debug_adf_acl_setup);
01401     #endif
01402     #if defined(CONFIG_RSBAC_JAIL)
01403 //    module_param(rsbac_debug_aef_jail, bool, S_IRUGO);
01404   static int R_INIT debug_aef_jail_setup(char *line)
01405     {
01406       rsbac_debug_aef_jail = 1;
01407       return 1;
01408     }
01409   __setup("rsbac_debug_aef_jail", debug_aef_jail_setup);
01410 //    module_param(rsbac_debug_adf_jail, bool, S_IRUGO);
01411   static int R_INIT debug_adf_jail_setup(char *line)
01412     {
01413       rsbac_debug_adf_jail = 1;
01414       return 1;
01415     }
01416   __setup("rsbac_debug_adf_jail", debug_adf_jail_setup);
01417     #endif
01418     #if defined(CONFIG_RSBAC_PAX)
01419 //    module_param(rsbac_debug_adf_pax, bool, S_IRUGO);
01420   static int R_INIT debug_adf_pax_setup(char *line)
01421     {
01422       rsbac_debug_adf_pax = 1;
01423       return 1;
01424     }
01425   __setup("rsbac_debug_adf_pax", debug_adf_pax_setup);
01426     #endif
01427     #if defined(CONFIG_RSBAC_UM)
01428 //    module_param(rsbac_debug_ds_um, bool, S_IRUGO);
01429   static int R_INIT debug_ds_um_setup(char *line)
01430     {
01431       rsbac_debug_ds_um = 1;
01432       return 1;
01433     }
01434   __setup("rsbac_debug_ds_um", debug_ds_um_setup);
01435 //    module_param(rsbac_debug_aef_um, bool, S_IRUGO);
01436   static int R_INIT debug_aef_um_setup(char *line)
01437     {
01438       rsbac_debug_aef_um = 1;
01439       return 1;
01440     }
01441   __setup("rsbac_debug_aef_um", debug_aef_um_setup);
01442 //    module_param(rsbac_debug_adf_um, bool, S_IRUGO);
01443   static int R_INIT debug_adf_um_setup(char *line)
01444     {
01445       rsbac_debug_adf_um = 1;
01446       return 1;
01447     }
01448   __setup("rsbac_debug_adf_um", debug_adf_um_setup);
01449     #endif
01450     #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
01451 //    module_param(rsbac_debug_auto, bool, S_IRUGO);
01452   static int R_INIT debug_auto_setup(char *line)
01453     {
01454       rsbac_debug_auto = 1;
01455       return 1;
01456     }
01457   __setup("rsbac_debug_auto", debug_auto_setup);
01458     #endif
01459     /* RSBAC: debug_lists */
01460 //    module_param(rsbac_debug_lists, bool, S_IRUGO);
01461   static int R_INIT debug_lists_setup(char *line)
01462     {
01463       rsbac_debug_lists = 1;
01464       return 1;
01465     }
01466   __setup("rsbac_debug_lists", debug_lists_setup);
01467     /* RSBAC: debug_stack */
01468 //    module_param(rsbac_debug_stack, bool, S_IRUGO);
01469   static int R_INIT debug_stack_setup(char *line)
01470     {
01471       rsbac_debug_stack = 1;
01472       return 1;
01473     }
01474   __setup("rsbac_debug_stack", debug_stack_setup);
01475     /* RSBAC: debug for data structures? */
01476 //    module_param(rsbac_debug_ds, bool, S_IRUGO);
01477   static int R_INIT debug_ds_setup(char *line)
01478     {
01479       rsbac_debug_ds = 1;
01480       return 1;
01481     }
01482   __setup("rsbac_debug_ds", debug_ds_setup);
01483     /* RSBAC: debug for writing of data structures? */
01484 //    module_param(rsbac_debug_write, bool, S_IRUGO);
01485   static int R_INIT debug_write_setup(char *line)
01486     {
01487       rsbac_debug_write = 1;
01488       return 1;
01489     }
01490   __setup("rsbac_debug_write", debug_write_setup);
01491     /* RSBAC: debug for AEF? */
01492 //    module_param(rsbac_debug_aef, bool, S_IRUGO);
01493   static int R_INIT debug_aef_setup(char *line)
01494     {
01495       rsbac_debug_aef = 1;
01496       return 1;
01497     }
01498   __setup("rsbac_debug_aef", debug_aef_setup);
01499     /* RSBAC: debug_no_write for ds */
01500 //    module_param(rsbac_debug_no_write, bool, S_IRUGO);
01501   static int R_INIT debug_no_write_setup(char *line)
01502     {
01503       rsbac_debug_no_write = 1;
01504       return 1;
01505     }
01506   __setup("rsbac_debug_no_write", debug_no_write_setup);
01507     /* RSBAC: debug default for ADF */
01508 //    module_param(rsbac_debug_adf_default, int, S_IRUGO);
01509   static int R_INIT debug_adf_default_setup(char *line)
01510     {
01511       rsbac_debug_adf_default = 1;
01512       return 1;
01513     }
01514   __setup("rsbac_debug_adf_default", debug_adf_default_setup);
01515 #endif /* DEBUG */
01516 
01517 #endif /* KERNEL_VERSION < or >= 2.6.0 */
01518 
01519 #if defined(CONFIG_RSBAC_RMSG)
01520 static spinlock_t rsbac_log_lock = SPIN_LOCK_UNLOCKED;
01521 
01522 #if defined(CONFIG_RSBAC_LOG_REMOTE)
01523 static spinlock_t rsbac_log_remote_lock = SPIN_LOCK_UNLOCKED;
01524 #endif
01525 
01526 /*
01527  * Commands to do_syslog:
01528  *
01529  *      0 -- Close the log.  Currently a NOP.
01530  *      1 -- Open the log. Currently a NOP.
01531  *      2 -- Read from the log.
01532  *      3 -- Read all messages remaining in the ring buffer.
01533  *      4 -- Read and clear all messages remaining in the ring buffer
01534  *      5 -- Clear ring buffer.
01535  *      9 -- Return number of unread characters in the log buffer
01536  */
01537 int rsbac_log(int type, char * buf, int len)
01538 {
01539         unsigned long i, j, limit, count;
01540         int do_clear = 0;
01541         char c;
01542         int error = 0;
01543 
01544         union rsbac_target_id_t       rsbac_target_id;
01545         union rsbac_attribute_value_t rsbac_attribute_value;
01546 
01547         /* RSBAC */
01548         rsbac_target_id.scd = ST_rsbaclog;
01549         rsbac_attribute_value.dummy = 0;
01550         if ((type == 4) || (type == 5))
01551           {
01552 #ifdef CONFIG_RSBAC_DEBUG
01553             if (rsbac_debug_aef)
01554               {
01555                 rsbac_printk(KERN_DEBUG "rsbac_log(): function %u, calling ADF for MODIFY_SYSTEM_DATA\n", type);
01556               }
01557 #endif
01558             if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
01559                                    current->pid,
01560                                    T_SCD,
01561                                    rsbac_target_id,
01562                                    A_none,
01563                                    rsbac_attribute_value))
01564               {
01565                 error = -EPERM;
01566                 goto out;
01567               }
01568           }
01569         else
01570         if(type >= 1)
01571           {
01572 #ifdef CONFIG_RSBAC_DEBUG
01573             if (rsbac_debug_aef)
01574               {
01575                 rsbac_printk(KERN_DEBUG "rsbac_log(): function %u, calling ADF for GET_STATUS_DATA\n", type);
01576               }
01577 #endif
01578             if (!rsbac_adf_request(R_GET_STATUS_DATA,
01579                                    current->pid,
01580                                    T_SCD,
01581                                    rsbac_target_id,
01582                                    A_none,
01583                                    rsbac_attribute_value))
01584               {
01585                 error = -EPERM;
01586                 goto out;
01587               }
01588           }
01589 
01590         switch (type) {
01591         case 0:         /* Close log */
01592                 break;
01593         case 1:         /* Open log */
01594                 break;
01595         case 2:         /* Read from log */
01596                 error = -EINVAL;
01597                 if (!buf || len < 0)
01598                         goto out;
01599                 error = 0;
01600                 if (!len)
01601                         goto out;
01602                 error = access_ok(VERIFY_WRITE,buf,len);
01603                 if (!error)
01604                         goto out;
01605                 error = wait_event_interruptible(rlog_wait, (log_start - log_end));
01606                 if (error)
01607                         goto out;
01608                 i = 0;
01609                 spin_lock(&rsbac_log_lock);
01610                 while ((log_start != log_end) && i < len) {
01611                         c = RLOG_BUF(log_start);
01612                         log_start++;
01613                         spin_unlock(&rsbac_log_lock);
01614                         __put_user(c,buf);
01615                         buf++;
01616                         i++;
01617                         spin_lock(&rsbac_log_lock);
01618                 }
01619                 spin_unlock(&rsbac_log_lock);
01620                 error = i;
01621                 break;
01622         case 4:         /* Read/clear last kernel messages */
01623                 do_clear = 1; 
01624                 /* FALL THRU */
01625         case 3:         /* Read last kernel messages */
01626                 error = -EINVAL;
01627                 if (!buf || len < 0)
01628                         goto out;
01629                 error = 0;
01630                 if (!len)
01631                         goto out;
01632                 error = access_ok(VERIFY_WRITE,buf,len);
01633                 if (!error)
01634                         goto out;
01635                 count = len;
01636                 if (count > RLOG_BUF_LEN)
01637                         count = RLOG_BUF_LEN;
01638                 spin_lock(&rsbac_log_lock);
01639                 if (count > logged_chars)
01640                         count = logged_chars;
01641                 if (do_clear)
01642                         logged_chars = 0;
01643                 limit = log_end;
01644                 /*
01645                  * __put_user() could sleep, and while we sleep
01646                  * printk() could overwrite the messages 
01647                  * we try to copy to user space. Therefore
01648                  * the messages are copied in reverse. <manfreds>
01649                  */
01650                 for(i=0;i < count;i++) {
01651                         j = limit-1-i;
01652                         if (j+RLOG_BUF_LEN < log_end)
01653                                 break;
01654                         c = RLOG_BUF(j);
01655                         spin_unlock(&rsbac_log_lock);
01656                         __put_user(c,&buf[count-1-i]);
01657                         spin_lock(&rsbac_log_lock);
01658                 }
01659                 spin_unlock(&rsbac_log_lock);
01660                 error = i;
01661                 if(i != count) {
01662                         int offset = count-error;
01663                         /* buffer overflow during copy, correct user buffer. */
01664                         for(i=0;i<error;i++) {
01665                                 __get_user(c,&buf[i+offset]);
01666                                 __put_user(c,&buf[i]);
01667                         }
01668                 }
01669 
01670                 break;
01671         case 5:         /* Clear ring buffer */
01672                 spin_lock(&rsbac_log_lock);
01673                 logged_chars = 0;
01674                 spin_unlock(&rsbac_log_lock);
01675                 break;
01676         case 9:         /* Number of chars in the log buffer */
01677                 spin_lock(&rsbac_log_lock);
01678                 error = log_end - log_start;
01679                 spin_unlock(&rsbac_log_lock);
01680                 break;
01681         default:
01682                 error = -EINVAL;
01683                 break;
01684         }
01685 out:
01686         return error;
01687 }
01688 
01689 static void emit_log_char(char c)
01690 {
01691         RLOG_BUF(log_end) = c;
01692         log_end++;
01693         if (log_end - log_start > RLOG_BUF_LEN)
01694                 log_start = log_end - RLOG_BUF_LEN;
01695         if (logged_chars < RLOG_BUF_LEN)
01696                 logged_chars++;
01697 }
01698 
01699 #if defined(CONFIG_RSBAC_LOG_REMOTE)
01700 static void emit_remote_log_char(char c)
01701 {
01702         REMOTE_RLOG_BUF(remote_log_end) = c;
01703         remote_log_end++;
01704         if (remote_log_end - remote_log_start > REMOTE_RLOG_BUF_LEN)
01705                 remote_log_start = remote_log_end - REMOTE_RLOG_BUF_LEN;
01706         if (remote_logged_chars < REMOTE_RLOG_BUF_LEN)
01707                 remote_logged_chars++;
01708 }
01709 #endif
01710 
01711 #endif /* RMSG */
01712 
01713 #ifdef CONFIG_RSBAC_SYSLOG_RATE
01714 static void syslog_rate_reset(u_long dummy)
01715   {
01716     if(syslog_count > rsbac_syslog_rate)
01717       printk(KERN_INFO "syslog_rate_reset: resetting syslog_count at %u, next message is %u\n",
01718              syslog_count, log_seq);
01719     syslog_count = 0;
01720     mod_timer(&rsbac_syslog_rate_timer, jiffies + HZ);
01721   }
01722 #endif
01723 
01724 EXPORT_SYMBOL(rsbac_printk);
01725 int rsbac_printk(const char *fmt, ...)
01726 {
01727         va_list args;
01728         int printed_len;
01729         char *p;
01730         static char buf[2048];
01731         static int log_level_unknown = 1;
01732         char *k;
01733 #if defined(CONFIG_RSBAC_LOG_REMOTE)
01734         static u_int remote_log_seq = 0;
01735         static int remote_log_level_unknown = 1;
01736 #endif
01737 
01738 #if defined(CONFIG_RSBAC_RMSG)
01739         if (oops_in_progress) {
01740                 /* If a crash is occurring, make sure we can't deadlock */
01741                 spin_lock_init(&rsbac_log_lock);
01742         }
01743 
01744         spin_lock(&rsbac_log_lock);
01745 #endif
01746 
01747         /* Emit the output into the temporary buffer */
01748         va_start(args, fmt);
01749         printed_len = vsnprintf(buf + 14, sizeof(buf) - 14, fmt, args);
01750         va_end(args);
01751         if(printed_len <= 0)
01752           {
01753 #if defined(CONFIG_RSBAC_RMSG)
01754             spin_unlock(&rsbac_log_lock);
01755 #endif
01756             return printed_len;
01757           }
01758 
01759         /*
01760          * Copy the output into log_buf.  If the caller didn't provide
01761          * appropriate log level tags, we insert them here
01762          */
01763         k = buf+14;
01764         for (p = buf + 14; *p; p++) {
01765                 if (log_level_unknown) {
01766                         if (p[0] != '<' || p[1] < '0' || p[1] > '7' || p[2] != '>') {
01767                                 p -= 14;
01768                                 p[0] = '<';
01769                                 p[1] = RSBAC_DEF_MESS_LOGLEVEL + '0';
01770                                 p[2] = '>';
01771                                 sprintf(p + 3, "%010u", log_seq++);
01772                                 p[13] = '|';
01773                         } else {
01774                                 p -= 11;
01775                                 p[0] = '<';
01776                                 p[1] = p[12];
01777                                 p[2] = '>';
01778                                 sprintf(p + 3, "%010u", log_seq++);
01779                                 p[13] = '|';
01780                         }
01781                         k = p;
01782                         log_level_unknown = 0;
01783                 }
01784                 #if defined(CONFIG_RSBAC_RMSG)
01785                 emit_log_char(*p);
01786                 #endif
01787                 if (*p == '\n')
01788                   {
01789                     #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01790                     if (!rsbac_nosyslog)
01791                     #endif
01792                     {
01793                       #ifdef CONFIG_RSBAC_SYSLOG_RATE
01794                       syslog_count++;
01795                       if(syslog_count < rsbac_syslog_rate)
01796                       #endif
01797                         printk(k);
01798                       #ifdef CONFIG_RSBAC_SYSLOG_RATE
01799                       else
01800                         if(syslog_count == rsbac_syslog_rate)
01801                           printk(KERN_INFO "rsbac_printk: Applying syslog rate limit at count %u, message %u!\n",
01802                                  syslog_count, log_seq - 1);
01803                       #endif
01804                     }
01805 
01806                     log_level_unknown = 1;
01807                   }
01808         }
01809         /* if the line was incomplete, spit out the rest to printk */
01810         if(   !log_level_unknown
01811            #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01812            && !rsbac_nosyslog
01813            #endif
01814           )
01815           printk(k);
01816 
01817 #if defined(CONFIG_RSBAC_RMSG)
01818         spin_unlock(&rsbac_log_lock);
01819         wake_up_interruptible(&rlog_wait);
01820 
01821 #if defined(CONFIG_RSBAC_LOG_REMOTE)
01822         if (oops_in_progress) {
01823                 /* If a crash is occurring, make sure we can't deadlock */
01824                 spin_lock_init(&rsbac_log_remote_lock);
01825         }
01826 
01827         /* This stops the holder of console_sem just where we want him */
01828         spin_lock(&rsbac_log_remote_lock);
01829 
01830         /* Emit the output into the temporary buffer */
01831         va_start(args, fmt);
01832         printed_len = vsnprintf(buf + 14, sizeof(buf) - 14, fmt, args);
01833         va_end(args);
01834 
01835         /*
01836          * Copy the output into log_buf.  If the caller didn't provide
01837          * appropriate log level tags, we insert them here
01838          */
01839         for (p = buf + 14; *p; p++) {
01840                 if (remote_log_level_unknown) {
01841                         if (p[0] != '<' || p[1] < '0' || p[1] > '7' || p[2] != '>') {
01842                                 p -= 14;
01843                                 p[0] = '<';
01844                                 p[1] = RSBAC_DEF_MESS_LOGLEVEL + '0';
01845                                 p[2] = '>';
01846                                 sprintf(p + 3, "%010u", remote_log_seq++);
01847                                 p[13] = '|';
01848                         } else {
01849                                 p -= 11;
01850                                 p[0] = '<';
01851                                 p[1] = p[12];
01852                                 p[2] = '>';
01853                                 sprintf(p + 3, "%010u", remote_log_seq++);
01854                                 p[13] = '|';
01855                         }
01856                         remote_log_level_unknown = 0;
01857                 }
01858                 emit_remote_log_char(*p);
01859                 if (*p == '\n')
01860                         remote_log_level_unknown = 1;
01861         }
01862         spin_unlock(&rsbac_log_remote_lock);
01863 #ifdef CONFIG_RSBAC_LOG_REMOTE_SYNC
01864         wake_up_interruptible(&rsbaclogd_wait);
01865 #endif
01866 #endif /* RMSG_LOG_REMOTE */
01867 #endif /* RMSG */
01868 
01869         return printed_len;
01870 }
01871 
01872 #if defined(CONFIG_RSBAC_RMSG)
01873 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
01874 static int rmsg_open(struct inode * inode, struct file * file)
01875 {
01876         return rsbac_log(1,NULL,0);
01877 }
01878 
01879 static int rmsg_release(struct inode * inode, struct file * file)
01880 {
01881         (void) rsbac_log(0,NULL,0);
01882         return 0;
01883 }
01884 
01885 static ssize_t rmsg_read(struct file * file, char * buf,
01886                          size_t count, loff_t *ppos)
01887 {
01888         return rsbac_log(2,buf,count);
01889 }
01890 
01891 static unsigned int rmsg_poll(struct file *file, poll_table * wait)
01892 {
01893         poll_wait(file, &rlog_wait, wait);
01894         if (rsbac_log(9, 0, 0))
01895                 return POLLIN | POLLRDNORM;
01896         return 0;
01897 }
01898 
01899 static struct file_operations proc_rmsg_operations = {
01900         .read = rmsg_read,
01901         .poll = rmsg_poll,      /* rmsg_poll */
01902         .open = rmsg_open,
01903         .release = rmsg_release
01904 };
01905 
01906 #endif /* PROC */
01907 #endif /* RMSG */
01908 
01909 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
01910 #ifndef PROC_BLOCK_SIZE
01911 #define PROC_BLOCK_SIZE (3*1024)  /* 4K page size but our output routines use some slack for overruns */
01912 #endif
01913 
01914 static int
01915 log_levels_proc_info(char *buffer, char **start, off_t offset, int length)
01916 {
01917   int len = 0;
01918   int i,j;
01919   off_t pos   = 0;
01920   off_t begin = 0;
01921   char * name;
01922   char * name2;
01923 
01924   union rsbac_target_id_t       rsbac_target_id;
01925   union rsbac_attribute_value_t rsbac_attribute_value;
01926 
01927   if (!rsbac_is_initialized())
01928     return (-ENOSYS);
01929 
01930 #ifdef CONFIG_RSBAC_DEBUG
01931   if (rsbac_debug_aef)
01932     {
01933       rsbac_printk(KERN_DEBUG "log_levels_proc_info(): calling ADF\n");
01934     }
01935 #endif
01936   rsbac_target_id.scd = ST_rsbac;
01937   rsbac_attribute_value.dummy = 0;
01938   if (!rsbac_adf_request(R_GET_STATUS_DATA,
01939                          current->pid,
01940                          T_SCD,
01941                          rsbac_target_id,
01942                          A_none,
01943                          rsbac_attribute_value))
01944     {
01945       return -EPERM;
01946     }
01947 
01948   name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01949   if(!name)
01950     return -ENOMEM;
01951   name2 = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01952   if(!name2)
01953     {
01954       rsbac_kfree(name);
01955       return -ENOMEM;
01956     }
01957     
01958   len += sprintf(buffer, "RSBAC Log Levels\n----------------\n");
01959   len += sprintf(buffer+len, "Name\t\t\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tNETT_NT\tNONE\n");
01960 
01961   for (i = 0; i<R_NONE; i++)
01962     {
01963       len += sprintf(buffer + len, "%-23s",
01964                      get_request_name(name, i));
01965       for(j = 0; j<=T_NONE; j++)
01966         {
01967           if(j != T_FD)
01968             len += sprintf(buffer + len, "\t%u",
01969                            rsbac_log_levels[i][j]);
01970         }
01971       len += sprintf(buffer + len, "\n");
01972       pos = begin + len;
01973       if (pos < offset)
01974         {
01975           len = 0;
01976           begin = pos;
01977         }
01978       if (pos > offset+length)
01979         break;
01980     }
01981 
01982   *start = buffer + (offset - begin);
01983   len -= (offset - begin);
01984   
01985   if (len > length)
01986     len = length;
01987   rsbac_kfree(name);
01988   rsbac_kfree(name2);
01989 
01990   return len;
01991 }
01992 
01993 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
01994 static int log_levels_proc_write(struct file * file, const char * buf,
01995                                      u_long count, void *ppos)
01996 #else
01997 static int log_levels_proc_write(struct file * file, const char __user * buf,
01998                                      unsigned long count, void *ppos)
01999 #endif
02000 {
02001     ssize_t err;
02002     char * k_buf;
02003     char * p;
02004     unsigned int log_level;
02005     char rname[RSBAC_MAXNAMELEN];
02006     int i,j;
02007 
02008     union rsbac_target_id_t       rsbac_target_id;
02009     union rsbac_attribute_value_t rsbac_attribute_value;
02010 
02011     if(count > PROC_BLOCK_SIZE) {
02012         return(-EOVERFLOW);
02013     }
02014 
02015     if (!(k_buf = (char *) __get_free_page(GFP_KERNEL)))
02016       return(-ENOMEM);
02017     err = copy_from_user(k_buf, buf, count);
02018     if(err < 0)
02019       return err;
02020 
02021   err = count;
02022   if(count < 15 || strncmp("log_levels", k_buf, 10))
02023     {
02024       goto out;
02025     }
02026   if (!rsbac_is_initialized())
02027     {
02028       err = -ENOSYS;
02029       goto out;
02030     }
02031 
02032     /*
02033      * Usage: echo "log_levels request #N" > /proc/rsbac_info/log_levels
02034      *   to set log level for request to given value
02035      */
02036     for(i=0; i<R_NONE; i++)
02037       {
02038         get_request_name(rname,i);
02039         if(!strncmp(rname, k_buf + 11, strlen(rname))) 
02040           {
02041 #ifdef CONFIG_RSBAC_DEBUG
02042             if (rsbac_debug_aef)
02043               {
02044                 rsbac_printk(KERN_DEBUG "log_levels_proc_write(): calling ADF\n");
02045               }
02046 #endif
02047             rsbac_target_id.dummy = 0;
02048             rsbac_attribute_value.request = i;
02049             if (!rsbac_adf_request(R_SWITCH_LOG,
02050                                    current->pid,
02051                                    T_NONE,
02052                                    rsbac_target_id,
02053                                    A_request,
02054                                    rsbac_attribute_value))
02055               {
02056                 err = -EPERM;
02057                 goto out;
02058               }
02059             p = k_buf + 11 + strlen(rname)+1;
02060 
02061             if( *p == '\0' )
02062               goto out;
02063 
02064             log_level = simple_strtoul(p, NULL, 0);
02065             /* only accept 0 or 1 */
02066             if(   (log_level == LL_none)
02067                || (log_level == LL_denied)
02068                || (log_level == LL_full)
02069               )
02070               {
02071                 rsbac_printk(KERN_INFO
02072                        "log_levels_proc_write(): setting %s log level for all target types to %u\n",
02073                        rname, log_level);
02074                 for(j = 0; j<=T_NONE; j++)
02075                   {
02076                     rsbac_log_levels[i][j] = log_level;
02077                   }
02078                 err = count;
02079                 goto out;
02080               }
02081             else
02082               {
02083                 rsbac_printk(KERN_INFO
02084                        "log_levels_proc_write(): rejecting invalid log level (should be %u, %u or %u)\n",
02085                        LL_none, LL_denied, LL_full);
02086                 goto out;
02087               }
02088           }
02089       }
02090 
02091 out:
02092   free_page((ulong) k_buf);
02093   return(err);
02094   }
02095 
02096 
02097 static int
02098 debug_proc_info(char *buffer, char **start, off_t offset, int length)
02099 {
02100   int len = 0;
02101   off_t pos   = 0;
02102   off_t begin = 0;
02103 
02104   union rsbac_target_id_t       rsbac_target_id;
02105   union rsbac_attribute_value_t rsbac_attribute_value;
02106 
02107   if (!rsbac_is_initialized())
02108     return (-ENOSYS);
02109 
02110 #ifdef CONFIG_RSBAC_DEBUG
02111   if (rsbac_debug_aef)
02112     {
02113       rsbac_printk(KERN_DEBUG "debug_proc_info(): calling ADF\n");
02114     }
02115 #endif
02116   rsbac_target_id.scd = ST_rsbac;
02117   rsbac_attribute_value.dummy = 0;
02118   if (!rsbac_adf_request(R_GET_STATUS_DATA,
02119                          current->pid,
02120                          T_SCD,
02121                          rsbac_target_id,
02122                          A_none,
02123                          rsbac_attribute_value))
02124     {
02125       return -EPERM;
02126     }
02127   len += sprintf(buffer, "RSBAC Debug Settings\n--------------------\n");
02128 
02129 #ifdef CONFIG_RSBAC_SOFTMODE
02130   len += sprintf(buffer + len, "rsbac_softmode is %i\n",
02131                  rsbac_softmode);
02132   pos = begin + len;
02133   if (pos < offset)
02134     {
02135       len = 0;
02136       begin = pos;
02137     }
02138   if (pos > offset+length)
02139     goto out;
02140   len += sprintf(buffer + len, "rsbac_softmode_prohibit is %i\n",
02141                  rsbac_softmode_prohibit);
02142   pos = begin + len;
02143   if (pos < offset)
02144     {
02145       len = 0;
02146       begin = pos;
02147     }
02148   if (pos > offset+length)
02149     goto out;
02150 #ifdef CONFIG_RSBAC_SOFTMODE_IND
02151 #ifdef CONFIG_RSBAC_MAC
02152   len += sprintf(buffer + len, "rsbac_ind_softmode[MAC] is %i\n",
02153                  rsbac_ind_softmode[MAC]);
02154 #endif
02155 #ifdef CONFIG_RSBAC_PM
02156   len += sprintf(buffer + len, "rsbac_ind_softmode[PM] is %i\n",
02157                  rsbac_ind_softmode[PM]);
02158 #endif
02159 #ifdef CONFIG_RSBAC_DAZ
02160   len += sprintf(buffer + len, "rsbac_ind_softmode[DAZ] is %i\n",
02161                  rsbac_ind_softmode[DAZ]);
02162 #endif
02163 #ifdef CONFIG_RSBAC_FF
02164   len += sprintf(buffer + len, "rsbac_ind_softmode[FF] is %i\n",
02165                  rsbac_ind_softmode[FF]);
02166 #endif
02167 #ifdef CONFIG_RSBAC_RC
02168   len += sprintf(buffer + len, "rsbac_ind_softmode[RC] is %i\n",
02169                  rsbac_ind_softmode[RC]);
02170 #endif
02171 #ifdef CONFIG_RSBAC_AUTH
02172   len += sprintf(buffer + len, "rsbac_ind_softmode[AUTH] is %i\n",
02173                  rsbac_ind_softmode[AUTH]);
02174 #endif
02175 #ifdef CONFIG_RSBAC_REG
02176   len += sprintf(buffer + len, "rsbac_ind_softmode[REG] is %i\n",
02177                  rsbac_ind_softmode[REG]);
02178 #endif
02179 #ifdef CONFIG_RSBAC_ACL
02180   len += sprintf(buffer + len, "rsbac_ind_softmode[ACL] is %i\n",
02181                  rsbac_ind_softmode[ACL]);
02182 #endif
02183 #ifdef CONFIG_RSBAC_CAP
02184   len += sprintf(buffer + len, "rsbac_ind_softmode[CAP] is %i\n",
02185                  rsbac_ind_softmode[CAP]);
02186 #endif
02187 #ifdef CONFIG_RSBAC_JAIL
02188   len += sprintf(buffer + len, "rsbac_ind_softmode[JAIL] is %i\n",
02189                  rsbac_ind_softmode[JAIL]);
02190 #endif
02191 #ifdef CONFIG_RSBAC_RES
02192   len += sprintf(buffer + len, "rsbac_ind_softmode[RES] is %i\n",
02193                  rsbac_ind_softmode[RES]);
02194 #endif
02195   pos = begin + len;
02196   if (pos < offset)
02197     {
02198       len = 0;
02199       begin = pos;
02200     }
02201   if (pos > offset+length)
02202     goto out;
02203 
02204 #endif
02205 #endif
02206 #ifdef CONFIG_RSBAC_FREEZE
02207   len += sprintf(buffer + len, "rsbac_freeze is %i\n",
02208                  rsbac_freeze);
02209   pos = begin + len;
02210   if (pos < offset)
02211     {
02212       len = 0;
02213       begin = pos;
02214     }
02215   if (pos > offset+length)
02216     goto out;
02217 #endif
02218 #if defined(CONFIG_RSBAC_DAZ_CACHE)
02219   /* RSBAC: DAZ - set cache ttl */
02220   len += sprintf(buffer + len, "rsbac_daz_ttl is %u\n",
02221                  rsbac_daz_get_ttl());
02222   pos = begin + len;
02223   if (pos < offset)
02224     {
02225       len = 0;
02226       begin = pos;
02227     }
02228   if (pos > offset+length)
02229     goto out;
02230 #endif
02231 #ifdef CONFIG_RSBAC_CAP_PROC_HIDE
02232   len += sprintf(buffer + len, "rsbac_cap_process_hiding is %i\n",
02233                  rsbac_cap_process_hiding);
02234   pos = begin + len;
02235   if (pos < offset)
02236     {
02237       len = 0;
02238       begin = pos;
02239     }
02240   if (pos > offset+length)
02241     goto out;
02242 #endif
02243 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
02244   len += sprintf(buffer + len, "rsbac_cap_log_missing is %i\n",
02245                  rsbac_cap_log_missing);
02246   pos = begin + len;
02247   if (pos < offset)
02248     {
02249       len = 0;
02250       begin = pos;
02251     }
02252   if (pos > offset+length)
02253     goto out;
02254 #endif
02255 #ifdef CONFIG_RSBAC_JAIL_LOG_MISSING
02256   len += sprintf(buffer + len, "rsbac_jail_log_missing is %i\n",
02257                  rsbac_jail_log_missing);
02258   pos = begin + len;
02259   if (pos < offset)
02260     {
02261       len = 0;
02262       begin = pos;
02263     }
02264   if (pos > offset+length)
02265     goto out;
02266 #endif
02267 
02268 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
02269   len += sprintf(buffer + len, "rsbac_dac_disable is %i\n",
02270                  rsbac_dac_disable);
02271   pos = begin + len;
02272   if (pos < offset)
02273     {
02274       len = 0;
02275       begin = pos;
02276     }
02277   if (pos > offset+length)
02278     goto out;
02279 #endif
02280 
02281 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02282   len += sprintf(buffer + len, "rsbac_nosyslog is %i\n",
02283                  rsbac_nosyslog);
02284   pos = begin + len;
02285   if (pos < offset)
02286     {
02287       len = 0;
02288       begin = pos;
02289     }
02290   if (pos > offset+length)
02291     goto out;
02292 #endif
02293 
02294 #ifdef CONFIG_RSBAC_SYSLOG_RATE
02295   len += sprintf(buffer + len, "rsbac_syslog_rate is %u\n",
02296                  rsbac_syslog_rate);
02297   pos = begin + len;
02298   if (pos < offset)
02299     {
02300       len = 0;
02301       begin = pos;
02302     }
02303   if (pos > offset+length)
02304     goto out;
02305 #endif
02306 
02307 #if defined(CONFIG_RSBAC_LOG_REMOTE)
02308   len += sprintf(buffer + len, "rsbac_log_remote_addr is %u.%u.%u.%u\n",
02309                  NIPQUAD(rsbac_log_remote_addr));
02310   pos = begin + len;
02311   if (pos < offset)
02312     {
02313       len = 0;
02314       begin = pos;
02315     }
02316   if (pos > offset+length)
02317     goto out;
02318   len += sprintf(buffer + len, "rsbac_log_remote_port is %u\n",
02319                  ntohs(rsbac_log_remote_port));
02320   pos = begin + len;
02321   if (pos < offset)
02322     {
02323       len = 0;
02324       begin = pos;
02325     }
02326   if (pos > offset+length)
02327     goto out;
02328 #endif
02329 
02330 #ifdef CONFIG_RSBAC_INIT_DELAY
02331   len += sprintf(buffer + len, "rsbac_no_delay_init is %i\n",
02332                  rsbac_no_delay_init);
02333   pos = begin + len;
02334   if (pos < offset)
02335     {
02336       len = 0;
02337       begin = pos;
02338     }
02339   if (pos > offset+length)
02340     goto out;
02341   len += sprintf(buffer + len, "rsbac_delayed_root is %02u:%02u\n",
02342                  RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root));
02343   pos = begin + len;
02344   if (pos < offset)
02345     {
02346       len = 0;
02347       begin = pos;
02348     }
02349   if (pos > offset+length)
02350     goto out;
02351 #endif
02352 
02353 #if defined(CONFIG_RSBAC_UM_EXCL)
02354   len += sprintf(buffer + len, "rsbac_um_no_excl is %i\n",
02355                  rsbac_um_no_excl);
02356   pos = begin + len;
02357   if (pos < offset)
02358     {
02359       len = 0;
02360       begin = pos;
02361     }
02362   if (pos > offset+length)
02363     goto out;
02364 #endif
02365 
02366 #if defined(CONFIG_RSBAC_AUTH)
02367   len += sprintf(buffer + len, "rsbac_auth_enable_login is %i\n",
02368                  rsbac_auth_enable_login);
02369   pos = begin + len;
02370   if (pos < offset)
02371     {
02372       len = 0;
02373       begin = pos;
02374     }
02375   if (pos > offset+length)
02376     goto out;
02377 
02378 #if defined(CONFIG_RSBAC_AUTH_LEARN)
02379   len += sprintf(buffer + len, "rsbac_auth_learn is %i\n",
02380                  rsbac_auth_learn);
02381   pos = begin + len;
02382   if (pos < offset)
02383     {
02384       len = 0;
02385       begin = pos;
02386     }
02387   if (pos > offset+length)
02388     goto out;
02389 #endif
02390 #endif
02391 
02392 #if defined(CONFIG_RSBAC_ACL_LEARN)
02393   len += sprintf(buffer + len, "rsbac_acl_learn_fd is %i\n",
02394                  rsbac_acl_learn_fd);
02395   pos = begin + len;
02396   if (pos < offset)
02397     {
02398       len = 0;
02399       begin = pos;
02400     }
02401   if (pos > offset+length)
02402     goto out;
02403 #endif
02404 
02405   len += sprintf(buffer + len, "rsbac_no_defaults is %i\n",
02406                  rsbac_no_defaults);
02407   pos = begin + len;
02408   if (pos < offset)
02409     {
02410       len = 0;
02411       begin = pos;
02412     }
02413   if (pos > offset+length)
02414     goto out;
02415 
02416 #ifdef CONFIG_RSBAC_DEBUG
02417   len += sprintf(buffer + len, "rsbac_debug_write is %i\n",
02418                  rsbac_debug_write);
02419   pos = begin + len;
02420   if (pos < offset)
02421     {
02422       len = 0;
02423       begin = pos;
02424     }
02425   if (pos > offset+length)
02426     goto out;
02427 
02428   len += sprintf(buffer + len, "rsbac_debug_stack is %i\n",
02429                  rsbac_debug_stack);
02430   pos = begin + len;
02431   if (pos < offset)
02432     {
02433       len = 0;
02434       begin = pos;
02435     }
02436   if (pos > offset+length)
02437     goto out;
02438 
02439   len += sprintf(buffer + len, "rsbac_debug_lists is %i\n",
02440                  rsbac_debug_lists);
02441   pos = begin + len;
02442   if (pos < offset)
02443     {
02444       len = 0;
02445       begin = pos;
02446     }
02447   if (pos > offset+length)
02448     goto out;
02449 
02450   len += sprintf(buffer + len, "rsbac_debug_ds is %i\n",
02451                  rsbac_debug_ds);
02452   pos = begin + len;
02453   if (pos < offset)
02454     {
02455       len = 0;
02456       begin = pos;
02457     }
02458   if (pos > offset+length)
02459     goto out;
02460 
02461   len += sprintf(buffer + len, "rsbac_debug_aef is %i\n",
02462                  rsbac_debug_aef);
02463   pos = begin + len;
02464   if (pos < offset)
02465     {
02466       len = 0;
02467       begin = pos;
02468     }
02469   if (pos > offset+length)
02470     goto out;
02471 
02472   len += sprintf(buffer + len, "rsbac_debug_no_write is %i\n",
02473                  rsbac_debug_no_write);
02474   pos = begin + len;
02475   if (pos < offset)
02476     {
02477       len = 0;
02478       begin = pos;
02479     }
02480   if (pos > offset+length)
02481     goto out;
02482 
02483 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
02484 /* Boolean debug switch for REG */
02485   len += sprintf(buffer + len, "rsbac_debug_reg is %i\n",
02486                  rsbac_debug_reg);
02487   pos = begin + len;
02488   if (pos < offset)
02489     {
02490       len = 0;
02491       begin = pos;
02492     }
02493   if (pos > offset+length)
02494     goto out;
02495 #endif
02496 
02497 #if defined(CONFIG_RSBAC_NET)
02498 /* Boolean debug switch for NET data structures */
02499   len += sprintf(buffer + len, "rsbac_debug_ds_net is %i\n",
02500                  rsbac_debug_ds_net);
02501   pos = begin + len;
02502   if (pos < offset)
02503     {
02504       len = 0;
02505       begin = pos;
02506     }
02507   if (pos > offset+length)
02508     goto out;
02509 
02510 /* Boolean debug switch for NET syscalls / AEF */
02511   len += sprintf(buffer + len, "rsbac_debug_aef_net is %i\n",
02512                  rsbac_debug_aef_net);
02513   pos = begin + len;
02514   if (pos < offset)
02515     {
02516       len = 0;
02517       begin = pos;
02518     }
02519   if (pos > offset+length)
02520     goto out;
02521 
02522 /* Boolean debug switch for NET decisions / ADF */
02523   len += sprintf(buffer + len, "rsbac_debug_adf_net is %i\n",
02524                  rsbac_debug_adf_net);
02525   pos = begin + len;
02526   if (pos < offset)
02527     {
02528       len = 0;
02529       begin = pos;
02530     }
02531   if (pos > offset+length)
02532     goto out;
02533 #endif
02534 
02535 #if defined(CONFIG_RSBAC_MAC)
02536 /* Boolean debug switch for MAC data structures */
02537   len += sprintf(buffer + len, "rsbac_debug_ds_mac is %i\n",
02538                  rsbac_debug_ds_mac);
02539   pos = begin + len;
02540   if (pos < offset)
02541     {
02542       len = 0;
02543       begin = pos;
02544     }
02545   if (pos > offset+length)
02546     goto out;
02547 
02548 /* Boolean debug switch for MAC syscalls / AEF */
02549   len += sprintf(buffer + len, "rsbac_debug_aef_mac is %i\n",
02550                  rsbac_debug_aef_mac);
02551   pos = begin + len;
02552   if (pos < offset)
02553     {
02554       len = 0;
02555       begin = pos;
02556     }
02557   if (pos > offset+length)
02558     goto out;
02559 
02560 /* Boolean debug switch for MAC decisions / ADF */
02561   len += sprintf(buffer + len, "rsbac_debug_adf_mac is %i\n",
02562                  rsbac_debug_adf_mac);
02563   pos = begin + len;
02564   if (pos < offset)
02565     {
02566       len = 0;
02567       begin = pos;
02568     }
02569   if (pos > offset+length)
02570     goto out;
02571 #endif
02572 
02573 #if defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_PM_MAINT)
02574 /* Boolean debug switch for PM data structures */
02575   len += sprintf(buffer + len, "rsbac_debug_ds_pm is %i\n",
02576                  rsbac_debug_ds_pm);
02577   pos = begin + len;
02578   if (pos < offset)
02579     {
02580       len = 0;
02581       begin = pos;
02582     }
02583   if (pos > offset+length)
02584     goto out;
02585 
02586 /* Boolean debug switch for PM syscalls / AEF */
02587   len += sprintf(buffer + len, "rsbac_debug_aef_pm is %i\n",
02588                  rsbac_debug_aef_pm);
02589   pos = begin + len;
02590   if (pos < offset)
02591     {
02592       len = 0;
02593       begin = pos;
02594     }
02595   if (pos > offset+length)
02596     goto out;
02597 
02598 /* Boolean debug switch for PM decisions / ADF */
02599   len += sprintf(buffer + len, "rsbac_debug_adf_pm is %i\n",
02600                  rsbac_debug_adf_pm);
02601   pos = begin + len;
02602   if (pos < offset)
02603     {
02604       len = 0;
02605       begin = pos;
02606     }
02607   if (pos > offset+length)
02608     goto out;
02609 #endif
02610 
02611 #if defined(CONFIG_RSBAC_DAZ)
02612 /* Boolean debug switch for DAZ decisions / ADF */
02613   len += sprintf(buffer + len, "rsbac_debug_adf_daz is %i\n",
02614                  rsbac_debug_adf_daz);
02615   pos = begin + len;
02616   if (pos < offset)
02617     {
02618       len = 0;
02619       begin = pos;
02620     }
02621   if (pos > offset+length)
02622     goto out;
02623 #endif
02624 
02625 #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
02626 /* Boolean debug switch for RC data structures */
02627   len += sprintf(buffer + len, "rsbac_debug_ds_rc is %i\n",
02628                  rsbac_debug_ds_rc);
02629   pos = begin + len;
02630   if (pos < offset)
02631     {
02632       len = 0;
02633       begin = pos;
02634     }
02635   if (pos > offset+length)
02636     goto out;
02637 
02638 /* Boolean debug switch for RC syscalls / AEF */
02639   len += sprintf(buffer + len, "rsbac_debug_aef_rc is %i\n",
02640                  rsbac_debug_aef_rc);
02641   pos = begin + len;
02642   if (pos < offset)
02643     {
02644       len = 0;
02645       begin = pos;
02646     }
02647   if (pos > offset+length)
02648     goto out;
02649 
02650 /* Boolean debug switch for RC decisions / ADF */
02651   len += sprintf(buffer + len, "rsbac_debug_adf_rc is %i\n",
02652                  rsbac_debug_adf_rc);
02653   pos = begin + len;
02654   if (pos < offset)
02655     {
02656       len = 0;
02657       begin = pos;
02658     }
02659   if (pos > offset+length)
02660     goto out;
02661 #endif
02662 
02663 #if defined(CONFIG_RSBAC_AUTH)
02664 /* Boolean debug switch for AUTH data structures */
02665   len += sprintf(buffer + len, "rsbac_debug_ds_auth is %i\n",
02666                  rsbac_debug_ds_auth);
02667   pos = begin + len;
02668   if (pos < offset)
02669     {
02670       len = 0;
02671       begin = pos;
02672     }
02673   if (pos > offset+length)
02674     goto out;
02675 
02676 /* Boolean debug switch for AUTH syscalls / AEF */
02677   len += sprintf(buffer + len, "rsbac_debug_aef_auth is %i\n",
02678                  rsbac_debug_aef_auth);
02679   pos = begin + len;
02680   if (pos < offset)
02681     {
02682       len = 0;
02683       begin = pos;
02684     }
02685   if (pos > offset+length)
02686     goto out;
02687 
02688 /* Boolean debug switch for AUTH decisions / ADF */
02689   len += sprintf(buffer + len, "rsbac_debug_adf_auth is %i\n",
02690                  rsbac_debug_adf_auth);
02691   pos = begin + len;
02692   if (pos < offset)
02693     {
02694       len = 0;
02695       begin = pos;
02696     }
02697   if (pos > offset+length)
02698     goto out;
02699 #endif
02700 
02701 #if defined(CONFIG_RSBAC_ACL)
02702 /* Boolean debug switch for ACL data structures */
02703   len += sprintf(buffer + len, "rsbac_debug_ds_acl is %i\n",
02704                  rsbac_debug_ds_acl);
02705   pos = begin + len;
02706   if (pos < offset)
02707     {
02708       len = 0;
02709       begin = pos;
02710     }
02711   if (pos > offset+length)
02712     goto out;
02713 
02714 /* Boolean debug switch for ACL syscalls / AEF */
02715   len += sprintf(buffer + len, "rsbac_debug_aef_acl is %i\n",
02716                  rsbac_debug_aef_acl);
02717   pos = begin + len;
02718   if (pos < offset)
02719     {
02720       len = 0;
02721       begin = pos;
02722     }
02723   if (pos > offset+length)
02724     goto out;
02725 
02726 /* Boolean debug switch for ACL decisions / ADF */
02727   len += sprintf(buffer + len, "rsbac_debug_adf_acl is %i\n",
02728                  rsbac_debug_adf_acl);
02729   pos = begin + len;
02730   if (pos < offset)
02731     {
02732       len = 0;
02733       begin = pos;
02734     }
02735   if (pos > offset+length)
02736     goto out;
02737 #endif
02738 
02739 #if defined(CONFIG_RSBAC_JAIL)
02740 /* Boolean debug switch for JAIL syscalls / AEF */
02741   len += sprintf(buffer + len, "rsbac_debug_aef_jail is %i\n",
02742                  rsbac_debug_aef_jail);
02743   pos = begin + len;
02744   if (pos < offset)
02745     {
02746       len = 0;
02747       begin = pos;
02748     }
02749   if (pos > offset+length)
02750     goto out;
02751 
02752 /* Boolean debug switch for JAIL decisions / ADF */
02753   len += sprintf(buffer + len, "rsbac_debug_adf_jail is %i\n",
02754                  rsbac_debug_adf_jail);
02755   pos = begin + len;
02756   if (pos < offset)
02757     {
02758       len = 0;
02759       begin = pos;
02760     }
02761   if (pos > offset+length)
02762     goto out;
02763 #endif
02764 
02765 #if defined(CONFIG_RSBAC_PAX)
02766 /* Boolean debug switch for PAX decisions / ADF */
02767   len += sprintf(buffer + len, "rsbac_debug_adf_pax is %i\n",
02768                  rsbac_debug_adf_pax);
02769   pos = begin + len;
02770   if (pos < offset)
02771     {
02772       len = 0;
02773       begin = pos;
02774     }
02775   if (pos > offset+length)
02776     goto out;
02777 #endif
02778 
02779 #if defined(CONFIG_RSBAC_UM)
02780 /* Boolean debug switch for UM data structures */
02781   len += sprintf(buffer + len, "rsbac_debug_ds_um is %i\n",
02782                  rsbac_debug_ds_um);
02783   pos = begin + len;
02784   if (pos < offset)
02785     {
02786       len = 0;
02787       begin = pos;
02788     }
02789   if (pos > offset+length)
02790     goto out;
02791 
02792 /* Boolean debug switch for UM syscalls / AEF */
02793   len += sprintf(buffer + len, "rsbac_debug_aef_um is %i\n",
02794                  rsbac_debug_aef_um);
02795   pos = begin + len;
02796   if (pos < offset)
02797     {
02798       len = 0;
02799       begin = pos;
02800     }
02801   if (pos > offset+length)
02802     goto out;
02803 
02804 /* Boolean debug switch for UM decisions / ADF */
02805   len += sprintf(buffer + len, "rsbac_debug_adf_um is %i\n",
02806                  rsbac_debug_adf_um);
02807   pos = begin + len;
02808   if (pos < offset)
02809     {
02810       len = 0;
02811       begin = pos;
02812     }
02813   if (pos > offset+length)
02814     goto out;
02815 #endif
02816 
02817 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
02818   len += sprintf(buffer + len, "rsbac_debug_auto is %i\n",
02819                  rsbac_debug_auto);
02820   pos = begin + len;
02821   if (pos < offset)
02822     {
02823       len = 0;
02824       begin = pos;
02825     }
02826   if (pos > offset+length)
02827     goto out;
02828 #endif /* CONFIG_RSBAC_AUTO_WRITE > 0 */
02829 #endif /* DEBUG */
02830 
02831 out:
02832   *start = buffer + (offset - begin);
02833   len -= (offset - begin);
02834   
02835   if (len > length)
02836     len = length;
02837   return len;
02838 }
02839 
02840 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02841 static int debug_proc_write(struct file * file, const char * buf,
02842                                 u_long count, void *ppos)
02843 #else
02844 static int debug_proc_write(struct file * file, const char __user * buf,
02845                                 unsigned long count, void *data)
02846 #endif
02847 {
02848     ssize_t err;
02849     char * k_buf;
02850     char * p;
02851     unsigned int debug_level;
02852 #ifdef CONFIG_RSBAC_SOFTMODE_IND
02853     enum rsbac_switch_target_t sw_target;
02854 #endif
02855 
02856     union rsbac_target_id_t       rsbac_target_id;
02857     union rsbac_attribute_value_t rsbac_attribute_value;
02858 
02859     if(count > PROC_BLOCK_SIZE) {
02860         return(-EOVERFLOW);
02861     }
02862     if(count < 10)
02863       return -EINVAL;
02864 
02865     if (!(k_buf = (char *) __get_free_page(GFP_KERNEL)))
02866       return(-ENOMEM);
02867     err = copy_from_user(k_buf, buf, count);
02868     if(err < 0)
02869       return err;
02870 
02871   err = count;
02872 
02873   if(!strncmp("debug", k_buf, 5))
02874     {
02875       p = k_buf + 6;
02876     }
02877   else
02878   if(!strncmp("rsbac_debug", k_buf, 11))
02879     {
02880       p = k_buf + 12;
02881     }
02882   else
02883     goto out;
02884 
02885   if (!rsbac_is_initialized())
02886     {
02887       err = -ENOSYS;
02888       goto out;
02889     }
02890     if(count < 10)
02891       return -EINVAL;
02892 
02893 
02894 #ifdef CONFIG_RSBAC_SOFTMODE
02895 #ifdef CONFIG_RSBAC_SOFTMODE_IND
02896 /* Boolean switch for RSBAC individual soft mode */
02897     /*
02898      * Usage: echo "debug ind_softmode modname #N" > /proc/rsbac_info/debug
02899      *   to set rsbac_ind_softmode[module] to given value
02900      */
02901     if(!strncmp("ind_softmode", k_buf + 6, 12)) 
02902       {
02903         char tmp[20];
02904 
02905         p += 13;
02906 
02907         if( *p == '\0' )
02908           goto out;
02909 
02910         sw_target = get_switch_target_nr(p);
02911         if(sw_target == SW_NONE)
02912           goto out;
02913         get_switch_target_name(tmp, sw_target);
02914         p += strlen(tmp)+1;
02915         if( *p == '\0' )
02916           goto out;
02917         debug_level = simple_strtoul(p, NULL, 0);
02918         /* only accept 0 or 1 */
02919         if(!debug_level || (debug_level == 1))
02920           {
02921             if(debug_level && rsbac_softmode_prohibit)
02922               {
02923                 rsbac_printk(KERN_WARNING
02924                              "debug_proc_write(): setting of softmode prohibited!\n");
02925                 err = -EPERM;
02926                 goto out;
02927               }
02928 #if defined(CONFIG_RSBAC_DEBUG)
02929             if (rsbac_debug_aef)
02930               {
02931                 rsbac_printk(KERN_DEBUG "debug_proc_write(): calling ADF for switching\n");
02932               }
02933 #endif
02934             rsbac_target_id.dummy = 0;
02935             rsbac_attribute_value.switch_target = sw_target;
02936             if (!rsbac_adf_request(R_SWITCH_MODULE,
02937                                    current->pid,
02938                                    T_NONE,
02939                                    rsbac_target_id,
02940                                    A_switch_target,
02941                                    rsbac_attribute_value))
02942               {
02943                 err = -EPERM;
02944                 goto out;
02945               }
02946             rsbac_printk(KERN_INFO
02947                    "debug_proc_write(): setting rsbac_ind_softmode[%s] to %u\n",
02948                    tmp,
02949                    debug_level);
02950             rsbac_ind_softmode[sw_target] = debug_level;
02951             err = count;
02952             goto out;
02953           }
02954         else
02955           {
02956             rsbac_printk(KERN_INFO
02957                    "debug_proc_write(): rejecting invalid ind_softmode value (should be 0 or 1)\n");
02958             err = -EINVAL;
02959             goto out;
02960           }
02961       }
02962 #endif
02963 
02964 /* Boolean switch for RSBAC soft mode prohibit */
02965     /*
02966      * Usage: echo "debug softmode_prohibit #N" > /proc/rsbac_info/debug
02967      *   to set rsbac_softmode to given value
02968      */
02969     if(!strncmp("softmode_prohibit", k_buf + 6, 17)) 
02970       {
02971         p += 18;
02972 
02973         if( *p == '\0' )
02974           goto out;
02975 
02976         debug_level = simple_strtoul(p, NULL, 0);
02977         /* only accept 0 or 1 */
02978         if(!debug_level || (debug_level == 1))
02979           {
02980             if(!debug_level && rsbac_softmode_prohibit)
02981               {
02982                 rsbac_printk(KERN_WARNING
02983                              "debug_proc_write(): setting of softmode prohibited!\n");
02984                 err = -EPERM;
02985                 goto out;
02986               }
02987 #if defined(CONFIG_RSBAC_DEBUG)
02988             if (rsbac_debug_aef)
02989               {
02990                 rsbac_printk(KERN_DEBUG "debug_proc_write(): calling ADF for softmode\n");
02991               }
02992 #endif
02993             rsbac_target_id.dummy = 0;
02994             rsbac_attribute_value.switch_target = SOFTMODE;
02995             if (!rsbac_adf_request(R_SWITCH_MODULE,
02996                                    current->pid,
02997                                    T_NONE,
02998                                    rsbac_target_id,
02999                                    A_switch_target,
03000                                    rsbac_attribute_value))
03001               {
03002                 err = -EPERM;
03003                 goto out;
03004               }
03005             rsbac_printk(KERN_INFO
03006                    "debug_proc_write(): setting rsbac_softmode_prohibit to %u\n",
03007                    debug_level);
03008             rsbac_softmode_prohibit = debug_level;
03009             err = count;
03010             goto out;
03011           }
03012         else
03013           {
03014             rsbac_printk(KERN_INFO
03015                    "debug_proc_write(): rejecting invalid softmode_prohibit value (should be 0 or 1)\n");
03016             err = -EINVAL;
03017             goto out;
03018           }
03019       }
03020 /* Boolean switch for RSBAC soft mode */
03021     /*
03022      * Usage: echo "debug softmode #N" > /proc/rsbac_info/debug
03023      *   to set rsbac_softmode to given value
03024      */
03025     if(!strncmp("softmode", k_buf + 6, 8)) 
03026       {
03027         p += 9;
03028 
03029         if( *p == '\0' )
03030           goto out;
03031 
03032         debug_level = simple_strtoul(p, NULL, 0);
03033         /* only accept 0 or 1 */
03034         if(!debug_level || (debug_level == 1))
03035           {
03036             if(debug_level && rsbac_softmode_prohibit)
03037               {
03038                 rsbac_printk(KERN_WARNING
03039                              "debug_proc_write(): setting of softmode prohibited!\n");
03040                 err = -EPERM;
03041                 goto out;
03042               }
03043 #if defined(CONFIG_RSBAC_DEBUG)
03044             if (rsbac_debug_aef)
03045               {
03046                 rsbac_printk(KERN_DEBUG "debug_proc_write(): calling ADF for softmode\n");
03047               }
03048 #endif
03049             rsbac_target_id.dummy = 0;
03050             rsbac_attribute_value.switch_target = SOFTMODE;
03051             if (!rsbac_adf_request(R_SWITCH_MODULE,
03052                                    current->pid,
03053                                    T_NONE,
03054                                    rsbac_target_id,
03055                                    A_switch_target,
03056                                    rsbac_attribute_value))
03057               {
03058                 err = -EPERM;
03059                 goto out;
03060               }
03061             rsbac_printk(KERN_INFO
03062                    "debug_proc_write(): setting rsbac_softmode to %u\n",
03063                    debug_level);
03064             rsbac_softmode = debug_level;
03065             err = count;
03066             goto out;
03067           }
03068         else
03069           {
03070             rsbac_printk(KERN_INFO
03071                    "debug_proc_write(): rejecting invalid softmode value (should be 0 or 1)\n");
03072             err = -EINVAL;
03073             goto out;
03074           }
03075       }
03076 #endif
03077 
03078 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
03079 /* Boolean switch for disabling Linux DAC */
03080     /*
03081      * Usage: echo "debug dac_disable #N" > /proc/rsbac_info/debug
03082      *   to set dac_disable to given value
03083      */
03084     if(!strncmp("dac_disable", k_buf + 6, 11)) 
03085       {
03086         p += 12;
03087 
03088         if( *p == '\0' )
03089           goto out;
03090 
03091         debug_level = simple_strtoul(p, NULL, 0);
03092         /* only accept 0 or 1 */
03093         if(!debug_level || (debug_level == 1))
03094           {
03095 #if defined(CONFIG_RSBAC_DEBUG)
03096             if (rsbac_debug_aef)
03097               {
03098                 rsbac_printk(KERN_DEBUG "debug_proc_write(): calling ADF for dac_disable\n");
03099               }
03100 #endif
03101             rsbac_target_id.dummy = 0;
03102             rsbac_attribute_value.dummy = 0;
03103             if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
03104                                    current->pid,
03105                                    T_NONE,
03106                                    rsbac_target_id,
03107                                    A_none,
03108                                    rsbac_attribute_value))
03109               {
03110                 err = -EPERM;
03111                 goto out;
03112               }
03113             rsbac_printk(KERN_INFO
03114                    "debug_proc_write(): setting rsbac_dac_disable to %u\n",
03115                    debug_level);
03116             rsbac_dac_disable = debug_level;
03117             err = count;
03118             goto out;
03119           }
03120         else
03121           {
03122             rsbac_printk(KERN_INFO
03123                    "debug_proc_write(): rejecting invalid dac_disabled value (should be 0 or 1)\n");
03124             err = -EINVAL;
03125             goto out;
03126           }
03127       }
03128 #endif
03129 
03130 #ifdef CONFIG_RSBAC_FREEZE
03131 /* Boolean switch to enable freezing */
03132     /*
03133      * Usage: echo "debug freeze #N" > /proc/rsbac_info/debug
03134      *   to set freeze to given value
03135      */
03136     if(!strncmp("freeze", k_buf + 6, 6)) 
03137       {
03138         p += 7;
03139 
03140         if( *p == '\0' )
03141           goto out;
03142 
03143         debug_level = simple_strtoul(p, NULL, 0);
03144         /* only accept 0 or 1 */
03145         if(!debug_level || (debug_level == 1))
03146           {
03147             if(!debug_level && rsbac_freeze)
03148               {
03149                 rsbac_printk(KERN_WARNING
03150                              "debug_proc_write(): RSBAC configuration frozen, no administration allowed!\n");
03151                 err = -EPERM;
03152                 goto out;
03153               }
03154 
03155 #if defined(CONFIG_RSBAC_DEBUG)
03156             if (rsbac_debug_aef)
03157               {
03158                 rsbac_printk(KERN_DEBUG "debug_proc_write(): calling ADF for freeze\n");
03159               }
03160 #endif
03161             rsbac_target_id.dummy = 0;
03162             rsbac_attribute_value.switch_target = FREEZE;
03163             if (!rsbac_adf_request(R_SWITCH_MODULE,
03164                                    current->pid,
03165                                    T_NONE,
03166                                    rsbac_target_id,
03167                                    A_switch_target,
03168                                    rsbac_attribute_value))
03169               {
03170                 err = -EPERM;
03171                 goto out;
03172               }
03173             rsbac_printk(KERN_INFO
03174                    "debug_proc_write(): setting rsbac_freeze to %u\n",
03175                    debug_level);
03176             rsbac_freeze = debug_level;
03177             err = count;
03178             goto out;
03179           }
03180         else
03181           {
03182             rsbac_printk(KERN_INFO
03183                    "debug_proc_write(): rejecting invalid freeze value (should be 0 or 1)\n");
03184             err = -EINVAL;
03185             goto out;
03186           }
03187       }
03188 #endif
03189 
03190 #ifdef CONFIG_RSBAC_DAZ_CACHE
03191 /* Set DAZ cache ttl */
03192     /*
03193      * Usage: echo "debug daz_ttl #n" > /proc/rsbac_info/debug
03194      *   to set daz cache ttl to given value
03195      */
03196     if(!strncmp("daz_ttl", k_buf + 6, 7)) 
03197       {
03198         rsbac_time_t tmp_ttl;
03199 #ifndef CONFIG_RSBAC_MAINT
03200         union rsbac_target_id_t       i_tid;
03201         union rsbac_attribute_value_t i_attr_val1;
03202 #endif
03203 
03204         p += 8;
03205         if( *p == '\0' )
03206           goto out;
03207 
03208         tmp_ttl = simple_strtoul(p, NULL, 0);
03209 #if defined(CONFIG_RSBAC_DEBUG)
03210             if (rsbac_debug_aef)
03211               {
03212                 rsbac_printk(KERN_DEBUG "debug_proc_write(): calling ADF for daz_ttl\n");
03213               }
03214 #endif
03215 #ifndef CONFIG_RSBAC_MAINT
03216         /* Security Officer? */
03217         i_tid.user = current->uid;
03218         if (rsbac_get_attr(DAZ,
03219                            T_USER,
03220                            i_tid,
03221                            A_daz_role,
03222                            &i_attr_val1,
03223                            TRUE))
03224           {
03225             rsbac_printk(KERN_WARNING
03226                          "debug_proc_write(): rsbac_get_attr() returned error!\n");
03227             return -EPERM;
03228           }
03229         /* if not sec_officer or admin, deny */
03230         if (i_attr_val1.system_role != SR_security_officer)
03231           #ifdef CONFIG_RSBAC_SOFTMODE
03232           if(   !rsbac_softmode
03233           #ifdef CONFIG_RSBAC_SOFTMODE_IND
03234              && !rsbac_ind_softmode[DAZ]
03235           #endif
03236             )
03237           #endif
03238           return -EPERM;
03239 #endif
03240             rsbac_printk(KERN_INFO
03241                    "debug_proc_write(): setting rsbac_daz_ttl to %u\n",
03242                    tmp_ttl);
03243             rsbac_daz_set_ttl(tmp_ttl);
03244             err = count;
03245             goto out;
03246       }
03247 #endif
03248 
03249 #if defined(CONFIG_RSBAC_LOG_REMOTE)
03250 /* Set remote address for remote logging */
03251     /*
03252      * Usage: echo "debug log_remote_addr a.b.c.d" > /proc/rsbac_info/debug
03253      *   to set log_remote_addr to given value
03254      */
03255     if(!strncmp("log_remote_addr", k_buf + 6, 15)) 
03256       {
03257         __u32 tmp_addr;
03258         char * tmp;
03259 
03260         p += 16;
03261         if( *p == '\0' )
03262           goto out;
03263 
03264         tmp=p;
03265         while(*tmp)
03266           {
03267             if(   (*tmp != '.')
03268                && (   (*tmp < '0')
03269                    || (*tmp > '9')
03270                   )
03271               )
03272               {
03273                 *tmp = 0;
03274                 break;
03275               }
03276             tmp++;
03277           }
03278         err = rsbac_net_str_to_inet(p, &tmp_addr);
03279         if(!err)
03280           {
03281 #if defined(CONFIG_RSBAC_DEBUG)
03282             if (rsbac_debug_aef)
03283               {
03284                 rsbac_printk(KERN_DEBUG "debug_proc_write(): calling ADF for remote_log_addr\n");
03285               }
03286 #endif
03287             rsbac_target_id.scd = ST_rsbac_remote_log;
03288             rsbac_attribute_value.dummy = 0;
03289             if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
03290                                    current->pid,
03291                                    T_SCD,
03292                                    rsbac_target_id,
03293                                    A_none,
03294                                    rsbac_attribute_value))
03295               {
03296                 err = -EPERM;
03297                 goto out;
03298               }
03299             rsbac_printk(KERN_INFO
03300                    "debug_proc_write(): setting rsbac_log_remote_addr to %u.%u.%u.%u\n",
03301                    NIPQUAD(tmp_addr));
03302             rsbac_log_remote_addr = tmp_addr;
03303             err = count;
03304             goto out;
03305           }
03306         else
03307           {
03308             char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
03309 
03310             if(tmp)
03311               {
03312                 get_error_name(tmp, err);
03313                 rsbac_printk(KERN_INFO
03314                              "debug_proc_write(): converting remote socket address %s failed with error %s, exiting!\n",
03315                              p,
03316                              tmp);
03317                 rsbac_kfree(tmp);
03318               }
03319             err = -EINVAL;
03320             goto out;
03321           }
03322       }
03323 /* Set remote port for remote logging */
03324     /*
03325      * Usage: echo "debug log_remote_port #n" > /proc/rsbac_info/debug
03326      *   to set log_remote_port to given value
03327      */
03328     if(!strncmp("log_remote_port", k_buf + 6, 15)) 
03329       {
03330         __u16 tmp_port;
03331 
03332         p += 16;
03333         if( *p == '\0' )
03334           goto out;
03335 
03336         tmp_port = simple_strtoul(p, NULL, 0);
03337 #if defined(CONFIG_RSBAC_DEBUG)
03338             if (rsbac_debug_aef)
03339               {
03340                 rsbac_printk(KERN_DEBUG "debug_proc_write(): calling ADF for remote_log_port\n");
03341               }
03342 #endif
03343             rsbac_target_id.scd = ST_rsbac_remote_log;
03344             rsbac_attribute_value.dummy = 0;
03345             if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
03346                                    current->pid,
03347                                    T_SCD,
03348                                    rsbac_target_id,
03349                                    A_none,
03350                                    rsbac_attribute_value))
03351               {
03352                 err = -EPERM;
03353                 goto out;
03354               }
03355             rsbac_printk(KERN_INFO
03356                    "debug_proc_write(): setting rsbac_log_remote_port to %u\n",
03357                    tmp_port);
03358             rsbac_log_remote_port = htons(tmp_port);
03359             err = count;
03360             goto out;
03361       }
03362 #endif
03363 
03364 #ifdef CONFIG_RSBAC_SYSLOG_RATE
03365 /* Set syslog rate limit */
03366     /*
03367      * Usage: echo "debug syslog_rate #n" > /proc/rsbac_info/debug
03368      *   to set rate limit to given value
03369      */
03370     if(!strncmp("syslog_rate", k_buf + 6, 11)) 
03371       {
03372         u_int tmp_rate;
03373 
03374         p += 12;
03375         if( *p == '\0' )
03376           goto out;
03377 
03378         tmp_rate = simple_strtoul(p, NULL, 0);
03379 #if defined(CONFIG_RSBAC_DEBUG)
03380             if (rsbac_debug_aef)
03381               {
03382                 rsbac_printk(KERN_DEBUG "debug_proc_write(): calling ADF for syslog_rate\n");
03383               }
03384 #endif
03385             rsbac_target_id.scd = ST_rsbac;
03386             rsbac_attribute_value.dummy = 0;
03387             if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
03388                                    current->pid,
03389                                    T_SCD,
03390                                    rsbac_target_id,
03391                                    A_none,
03392                                    rsbac_attribute_value))
03393               {
03394                 err = -EPERM;
03395                 goto out;
03396               }
03397             rsbac_printk(KERN_INFO
03398                    "debug_proc_write(): setting rsbac_syslog_rate to %u\n",
03399                    tmp_rate);
03400             rsbac_syslog_rate = tmp_rate;
03401             err = count;
03402             goto out;
03403       }
03404 #endif
03405 
03406 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03407 /* Boolean switch for disabling logging to syslog */
03408     /*
03409      * Usage: echo "debug nosyslog #N" > /proc/rsbac_info/debug
03410      *   to set rsbac_nosyslog to given value
03411      */
03412     if(!strncmp("nosyslog", k_buf + 6, 8)) 
03413       {
03414         p += 9;
03415 
03416         if( *p == '\0' )
03417           goto out;
03418 
03419         debug_level = simple_strtoul(p, NULL, 0);
03420         /* only accept 0 or 1 */
03421         if(!debug_level || (debug_level == 1))
03422           {
03423 #if defined(CONFIG_RSBAC_DEBUG)
03424             if (rsbac_debug_aef)
03425               {
03426                 rsbac_printk(KERN_DEBUG "debug_proc_write(): calling ADF for nosyslog\n");
03427               }
03428 #endif
03429             rsbac_target_id.dummy = 0;
03430             rsbac_attribute_value.dummy = 0;
03431             if (!rsbac_adf_request(R_SWITCH_LOG,
03432                                    current->pid,
03433                                    T_NONE,
03434                                    rsbac_target_id,
03435                                    A_none,
03436                                    rsbac_attribute_value))
03437               {
03438                 err = -EPERM;
03439                 goto out;
03440               }
03441             rsbac_printk(KERN_INFO
03442                    "debug_proc_write(): setting rsbac_nosyslog to %u\n",
03443                    debug_level);
03444             rsbac_nosyslog = debug_level;
03445             err = count;
03446             goto out;
03447           }
03448         else
03449           {
03450             rsbac_printk(KERN_INFO
03451                    "debug_proc_write(): rejecting invalid nosyslog value (should be 0 or 1)\n");
03452             err = -EINVAL;
03453             goto out;
03454           }
03455       }
03456 #endif
03457 
03458 #if defined(CONFIG_RSBAC_AUTH_LEARN)
03459 /* Boolean switch for AUTH learning mode */
03460     /*
03461      * Usage: echo "debug auth_learn #N" > /proc/rsbac_info/debug
03462      *   to set rsbac_auth_learn to given value
03463      */
03464     if(!strncmp("auth_learn", k_buf + 6, 10)) 
03465       {
03466         p += 11;
03467 
03468         if( *p == '\0' )
03469             goto out;
03470 
03471         debug_level = simple_strtoul(p, NULL, 0);
03472         /* only accept 0 or 1 */
03473         if(!debug_level || (debug_level == 1))
03474           {
03475             rsbac_target_id.dummy = 0;
03476             rsbac_attribute_value.auth_learn = debug_level;
03477             if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
03478                                    current->pid,
03479                                    T_NONE,
03480                                    rsbac_target_id,
03481                                    A_auth_learn,
03482                                    rsbac_attribute_value))
03483               {
03484                 err = -EPERM;
03485                 goto out;
03486               }
03487             rsbac_printk(KERN_INFO
03488                    "debug_proc_write(): setting rsbac_auth_learn to %u\n",
03489                    debug_level);
03490             rsbac_auth_learn = debug_level;
03491             err = count;
03492             goto out;
03493           }
03494         else
03495           {
03496             goto out_inv;
03497           }
03498       }
03499 #endif
03500 
03501 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
03502 /* Boolean switch for CAP logging of missing caps */
03503     /*
03504      * Usage: echo "debug cap_log_missing #N" > /proc/rsbac_info/debug
03505      *   to set rsbac_cap_log_missing to given value
03506      */
03507     if(!strncmp("cap_log_missing", k_buf + 6, 15)) 
03508       {
03509         p += 16;
03510 
03511         if( *p == '\0' )
03512             goto out;
03513 
03514         debug_level = simple_strtoul(p, NULL, 0);
03515         /* only accept 0 or 1 */
03516         if(!debug_level || (debug_level == 1))
03517           {
03518             rsbac_target_id.scd = ST_rsbac;
03519             rsbac_attribute_value.dummy = 0;
03520             if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
03521                                    current->pid,
03522                                    T_SCD,
03523                                    rsbac_target_id,
03524                                    A_none,
03525                                    rsbac_attribute_value))
03526               {
03527                 err = -EPERM;
03528                 goto out;
03529               }
03530             rsbac_printk(KERN_INFO
03531                    "debug_proc_write(): setting rsbac_cap_log_missing to %u\n",
03532                    debug_level);
03533             rsbac_cap_log_missing = debug_level;
03534             err = count;
03535             goto out;
03536           }
03537         else
03538           {
03539             goto out_inv;
03540           }
03541       }
03542 #endif
03543 
03544 #ifdef CONFIG_RSBAC_JAIL_LOG_MISSING
03545 /* Boolean switch for JAIL logging of missing caps */
03546     /*
03547      * Usage: echo "debug jail_log_missing #N" > /proc/rsbac_info/debug
03548      *   to set rsbac_jail_log_missing to given value
03549      */
03550     if(!strncmp("jail_log_missing", k_buf + 6, 16)) 
03551       {
03552         p += 17;
03553 
03554         if( *p == '\0' )
03555             goto out;
03556 
03557         debug_level = simple_strtoul(p, NULL, 0);
03558         /* only accept 0 or 1 */
03559         if(!debug_level || (debug_level == 1))
03560           {
03561             rsbac_target_id.scd = ST_rsbac;
03562             rsbac_attribute_value.dummy = 0;
03563             if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
03564                                    current->pid,
03565                                    T_SCD,
03566                                    rsbac_target_id,
03567                                    A_none,
03568                                    rsbac_attribute_value))
03569               {
03570                 err = -EPERM;
03571                 goto out;
03572               }
03573             rsbac_printk(KERN_INFO
03574                    "debug_proc_write(): setting rsbac_jail_log_missing to %u\n",
03575                    debug_level);
03576             rsbac_jail_log_missing = debug_level;
03577             err = count;
03578             goto out;
03579           }
03580         else
03581           {
03582             goto out_inv;
03583           }
03584       }
03585 #endif
03586 
03587 
03588 #if defined(CONFIG_RSBAC_ACL_LEARN)
03589 /* Boolean switch for ACL FD learning mode */
03590     /*
03591      * Usage: echo "debug acl_learn_fd #N" > /proc/rsbac_info/debug
03592      *   to set rsbac_acl_learn_fd to given value
03593      */
03594     if(!strncmp("acl_learn_fd", k_buf + 6, 12)) 
03595       {
03596         p += 13;
03597 
03598         if( *p == '\0' )
03599             goto out;
03600 
03601         debug_level = simple_strtoul(p, NULL, 0);
03602         /* only accept 0 or 1 */
03603         if(!debug_level || (debug_level == 1))
03604           {
03605             /* use default acls */
03606             rsbac_target_id.file.device = RSBAC_ZERO_DEV;
03607             rsbac_target_id.file.inode = 0;
03608             rsbac_target_id.file.dentry_p = NULL;
03609 
03610             if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
03611                                    current->pid,
03612                                    T_FILE,
03613                                    rsbac_target_id,
03614                                    A_acl_learn,
03615                                    rsbac_attribute_value))
03616               {
03617                 err = -EPERM;
03618                 goto out;
03619               }
03620             rsbac_printk(KERN_INFO
03621                    "debug_proc_write(): setting rsbac_acl_learn_fd to %u\n",
03622                    debug_level);
03623             rsbac_acl_learn_fd = debug_level;
03624             err = count;
03625             goto out;
03626           }
03627         else
03628           {
03629             goto out_inv;
03630           }
03631       }
03632 #endif
03633 
03634 #if defined(CONFIG_RSBAC_DEBUG)
03635     if (rsbac_debug_aef)
03636       {
03637         rsbac_printk(KERN_DEBUG "debug_proc_write(): calling ADF\n");
03638       }
03639     rsbac_target_id.scd = ST_rsbac;
03640     rsbac_attribute_value.dummy = 0;
03641     if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
03642                            current->pid,
03643                            T_SCD,
03644                            rsbac_target_id,
03645                            A_none,
03646                            rsbac_attribute_value))
03647       {
03648         err = -EPERM;
03649         goto out;
03650       }
03651 
03652 #if defined(CONFIG_RSBAC_NET)
03653 /* Boolean debug switch for NET data structures */
03654     /*
03655      * Usage: echo "debug ds_net #N" > /proc/rsbac_info/debug
03656      *   to set rsbac_debug_ds_net to given value
03657      */
03658     if(!strncmp("ds_net", k_buf + 6, 6)) 
03659       {
03660         p += 7;
03661 
03662         if( *p == '\0' )
03663           goto out;
03664 
03665         debug_level = simple_strtoul(p, NULL, 0);
03666         /* only accept 0 or 1 */
03667         if(!debug_level || (debug_level == 1))
03668           {
03669             rsbac_printk(KERN_INFO
03670                    "debug_proc_write(): setting rsbac_debug_ds_net to %u\n",
03671                    debug_level);
03672             rsbac_debug_ds_net = debug_level;
03673             err = count;
03674             goto out;
03675           }
03676         else
03677           {
03678             goto out_inv;
03679           }
03680       }
03681 /* Boolean debug switch for NET syscalls / AEF */
03682     /*
03683      * Usage: echo "debug aef_net #N" > /proc/rsbac_info/debug
03684      *   to set rsbac_debug_aef_net to given value
03685      */
03686     if(!strncmp("aef_net", k_buf + 6, 7)) 
03687       {
03688         p += 8;
03689 
03690         if( *p == '\0' )
03691             goto out;
03692 
03693         debug_level = simple_strtoul(p, NULL, 0);
03694         /* only accept 0 or 1 */
03695         if(!debug_level || (debug_level == 1))
03696           {
03697             rsbac_printk(KERN_INFO
03698                    "debug_proc_write(): setting rsbac_debug_aef_net to %u\n",
03699                    debug_level);
03700             rsbac_debug_aef_net = debug_level;
03701             err = count;
03702             goto out;
03703           }
03704         else
03705           {
03706             goto out_inv;
03707           }
03708       }
03709 
03710 /* Boolean debug switch for NET decisions / ADF */
03711     /*
03712      * Usage: echo "debug adf_net #N" > /proc/rsbac_info/debug
03713      *   to set rsbac_debug_adf_net to given value
03714      */
03715     if(!strncmp("adf_net", k_buf + 6, 7)) 
03716       {
03717         p += 8;
03718 
03719         if( *p == '\0' )
03720             goto out;
03721 
03722         debug_level = simple_strtoul(p, NULL, 0);
03723         /* only accept 0 or 1 */
03724         if(!debug_level || (debug_level == 1))
03725           {
03726             rsbac_printk(KERN_INFO
03727                    "debug_proc_write(): setting rsbac_debug_adf_net to %u\n",
03728                    debug_level);
03729             rsbac_debug_adf_net = debug_level;
03730             err = count;
03731             goto out;
03732           }
03733         else
03734           {
03735             goto out_inv;
03736           }
03737       }
03738 #endif
03739 
03740 #if defined(CONFIG_RSBAC_MAC)
03741 /* Boolean debug switch for MAC data structures */
03742     /*
03743      * Usage: echo "debug ds_mac #N" > /proc/rsbac_info/debug
03744      *   to set rsbac_debug_ds_mac to given value
03745      */
03746     if(!strncmp("ds_mac", k_buf + 6, 6)) 
03747       {
03748         p += 7;
03749 
03750         if( *p == '\0' )
03751           goto out;
03752 
03753         debug_level = simple_strtoul(p, NULL, 0);
03754         /* only accept 0 or 1 */
03755         if(!debug_level || (debug_level == 1))
03756           {
03757             rsbac_printk(KERN_INFO
03758                    "debug_proc_write(): setting rsbac_debug_ds_mac to %u\n",
03759                    debug_level);
03760             rsbac_debug_ds_mac = debug_level;
03761             err = count;
03762             goto out;
03763           }
03764         else
03765           {
03766             goto out_inv;
03767           }
03768       }
03769 /* Boolean debug switch for MAC syscalls / AEF */
03770     /*
03771      * Usage: echo "debug aef_mac #N" > /proc/rsbac_info/debug
03772      *   to set rsbac_debug_aef_mac to given value
03773      */
03774     if(!strncmp("aef_mac", k_buf + 6, 7)) 
03775       {
03776         p += 8;
03777 
03778         if( *p == '\0' )
03779             goto out;
03780 
03781         debug_level = simple_strtoul(p, NULL, 0);
03782         /* only accept 0 or 1 */
03783         if(!debug_level || (debug_level == 1))
03784           {
03785             rsbac_printk(KERN_INFO
03786                    "debug_proc_write(): setting rsbac_debug_aef_mac to %u\n",
03787                    debug_level);
03788             rsbac_debug_aef_mac = debug_level;
03789             err = count;
03790             goto out;
03791           }
03792         else
03793           {
03794             goto out_inv;
03795           }
03796       }
03797 
03798 /* Boolean debug switch for MAC decisions / ADF */
03799     /*
03800      * Usage: echo "debug adf_mac #N" > /proc/rsbac_info/debug
03801      *   to set rsbac_debug_adf_mac to given value
03802      */
03803     if(!strncmp("adf_mac", k_buf + 6, 7)) 
03804       {
03805         p += 8;
03806 
03807         if( *p == '\0' )
03808             goto out;
03809 
03810         debug_level = simple_strtoul(p, NULL, 0);
03811         /* only accept 0 or 1 */
03812         if(!debug_level || (debug_level == 1))
03813           {
03814             rsbac_printk(KERN_INFO
03815                    "debug_proc_write(): setting rsbac_debug_adf_mac to %u\n",
03816                    debug_level);
03817             rsbac_debug_adf_mac = debug_level;
03818             err = count;
03819             goto out;
03820           }
03821         else
03822           {
03823             goto out_inv;
03824           }
03825       }
03826 #endif
03827 
03828 #if defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_PM_MAINT)
03829 /* Boolean debug switch for PM data structures */
03830     /*
03831      * Usage: echo "debug ds_pm #N" > /proc/rsbac_info/debug
03832      *   to set rsbac_debug_ds_pm to given value
03833      */
03834     if(!strncmp("ds_pm", k_buf + 6, 5)) 
03835       {
03836         p += 6;
03837 
03838         if( *p == '\0' )
03839           goto out;
03840 
03841         debug_level = simple_strtoul(p, NULL, 0);
03842         /* only accept 0 or 1 */
03843         if(!debug_level || (debug_level == 1))
03844           {
03845             rsbac_printk(KERN_INFO
03846                    "debug_proc_write(): setting rsbac_debug_ds_pm to %u\n",
03847                    debug_level);
03848             rsbac_debug_ds_pm = debug_level;
03849             err = count;
03850             goto out;
03851           }
03852         else
03853           {
03854             goto out_inv;
03855           }
03856       }
03857 /* Boolean debug switch for PM syscalls / AEF */
03858     /*
03859      * Usage: echo "debug aef_pm #N" > /proc/rsbac_info/debug
03860      *   to set rsbac_debug_aef_pm to given value
03861      */
03862     if(!strncmp("aef_pm", k_buf + 6, 6)) 
03863       {
03864         p += 7;
03865 
03866         if( *p == '\0' )
03867             goto out;
03868 
03869         debug_level = simple_strtoul(p, NULL, 0);
03870         /* only accept 0 or 1 */
03871         if(!debug_level || (debug_level == 1))
03872           {
03873             rsbac_printk(KERN_INFO
03874                    "debug_proc_write(): setting rsbac_debug_aef_pm to %u\n",
03875                    debug_level);
03876             rsbac_debug_aef_pm = debug_level;
03877             err = count;
03878             goto out;
03879           }
03880         else
03881           {
03882             goto out_inv;
03883           }
03884       }
03885 
03886 /* Boolean debug switch for PM decisions / ADF */
03887     /*
03888      * Usage: echo "debug adf_pm #N" > /proc/rsbac_info/debug
03889      *   to set rsbac_debug_adf_pm to given value
03890      */
03891     if(!strncmp("adf_pm", k_buf + 6, 6)) 
03892       {
03893         p += 7;
03894 
03895         if( *p == '\0' )
03896             goto out;
03897 
03898         debug_level = simple_strtoul(p, NULL, 0);
03899         /* only accept 0 or 1 */
03900         if(!debug_level || (debug_level == 1))
03901           {
03902             rsbac_printk(KERN_INFO
03903                    "debug_proc_write(): setting rsbac_debug_adf_pm to %u\n",
03904                    debug_level);
03905             rsbac_debug_adf_pm = debug_level;
03906             err = count;
03907             goto out;
03908           }
03909         else
03910           {
03911             goto out_inv;
03912           }
03913       }
03914 #endif
03915 
03916 #if defined(CONFIG_RSBAC_DAZ)
03917 /* Boolean debug switch for DAZ decisions / ADF */
03918     /*
03919      * Usage: echo "debug adf_daz #N" > /proc/rsbac_info/debug
03920      *   to set rsbac_debug_adf_daz to given value
03921      */
03922     if(!strncmp("adf_daz", k_buf + 6, 7)) 
03923       {
03924         p += 8;
03925 
03926         if( *p == '\0' )
03927             goto out;
03928 
03929         debug_level = simple_strtoul(p, NULL, 0);
03930         /* only accept 0 or 1 */
03931         if(!debug_level || (debug_level == 1))
03932           {
03933             rsbac_printk(KERN_INFO
03934                    "debug_proc_write(): setting rsbac_debug_adf_daz to %u\n",
03935                    debug_level);
03936             rsbac_debug_adf_daz = debug_level;
03937             err = count;
03938             goto out;
03939           }
03940         else
03941           {
03942             goto out_inv;
03943           }
03944       }
03945 #endif
03946 
03947 #if defined(CONFIG_RSBAC_RC) || defined(CONFIG_RSBAC_RC_MAINT)
03948 /* Boolean debug switch for RC data structures */
03949     /*
03950      * Usage: echo "debug ds_rc #N" > /proc/rsbac_info/debug
03951      *   to set rsbac_debug_ds_rc to given value
03952      */
03953     if(!strncmp("ds_rc", k_buf + 6, 5)) 
03954       {
03955         p += 6;
03956 
03957         if( *p == '\0' )
03958             goto out;
03959 
03960         debug_level = simple_strtoul(p, NULL, 0);
03961         /* only accept 0 or 1 */
03962         if(!debug_level || (debug_level == 1))
03963           {
03964             rsbac_printk(KERN_INFO
03965                    "debug_proc_write(): setting rsbac_debug_ds_rc to %u\n",
03966                    debug_level);
03967             rsbac_debug_ds_rc = debug_level;
03968             err = count;
03969             goto out;
03970           }
03971         else
03972           {
03973             goto out_inv;
03974           }
03975       }
03976 /* Boolean debug switch for RC syscalls / AEF */
03977     /*
03978      * Usage: echo "debug aef_rc #N" > /proc/rsbac_info/debug
03979      *   to set rsbac_debug_aef_rc to given value
03980      */
03981     if(!strncmp("aef_rc", k_buf + 6, 6)) 
03982       {
03983         p += 7;
03984 
03985         if( *p == '\0' )
03986             goto out;
03987 
03988         debug_level = simple_strtoul(p, NULL, 0);
03989         /* only accept 0 or 1 */
03990         if(!debug_level || (debug_level == 1))
03991           {
03992             rsbac_printk(KERN_INFO
03993                    "debug_proc_write(): setting rsbac_debug_aef_rc to %u\n",
03994                    debug_level);
03995             rsbac_debug_aef_rc = debug_level;
03996             err = count;
03997             goto out;
03998           }
03999         else
04000           {
04001             goto out_inv;
04002           }
04003       }
04004 
04005 /* Boolean debug switch for RC decisions / ADF */
04006     /*
04007      * Usage: echo "debug adf_rc #N" > /proc/rsbac_info/debug
04008      *   to set rsbac_debug_adf_rc to given value
04009      */
04010     if(!strncmp("adf_rc", k_buf + 6, 6)) 
04011       {
04012         p += 7;
04013 
04014         if( *p == '\0' )
04015             goto out;
04016 
04017         debug_level = simple_strtoul(p, NULL, 0);
04018         /* only accept 0 or 1 */
04019         if(!debug_level || (debug_level == 1))
04020           {
04021             rsbac_printk(KERN_INFO
04022                    "debug_proc_write(): setting rsbac_debug_adf_rc to %u\n",
04023                    debug_level);
04024             rsbac_debug_adf_rc = debug_level;
04025             err = count;
04026             goto out;
04027           }
04028         else
04029           {
04030             goto out_inv;
04031           }
04032       }
04033 #endif
04034 
04035 #if defined(CONFIG_RSBAC_AUTH)
04036 /* Boolean debug switch for AUTH data structures */
04037     /*
04038      * Usage: echo "debug ds_auth #N" > /proc/rsbac_info/debug
04039      *   to set rsbac_debug_ds_auth to given value
04040      */
04041     if(!strncmp("ds_auth", k_buf + 6, 7)) 
04042       {
04043         p += 8;
04044 
04045         if( *p == '\0' )
04046             goto out;
04047 
04048         debug_level = simple_strtoul(p, NULL, 0);
04049         /* only accept 0 or 1 */
04050         if(!debug_level || (debug_level == 1))
04051           {
04052             rsbac_printk(KERN_INFO
04053                    "debug_proc_write(): setting rsbac_debug_ds_auth to %u\n",
04054                    debug_level);
04055             rsbac_debug_ds_auth = debug_level;
04056             err = count;
04057             goto out;
04058           }
04059         else
04060           {
04061             goto out_inv;
04062           }
04063       }
04064 /* Boolean debug switch for AUTH syscalls / AEF */
04065     /*
04066      * Usage: echo "debug aef_auth #N" > /proc/rsbac_info/debug
04067      *   to set rsbac_debug_aef_auth to given value
04068      */
04069     if(!strncmp("aef_auth", k_buf + 6, 8)) 
04070       {
04071         p += 9;
04072 
04073         if( *p == '\0' )
04074             goto out;
04075 
04076         debug_level = simple_strtoul(p, NULL, 0);
04077         /* only accept 0 or 1 */
04078         if(!debug_level || (debug_level == 1))
04079           {
04080             rsbac_printk(KERN_INFO
04081                    "debug_proc_write(): setting rsbac_debug_aef_auth to %u\n",
04082                    debug_level);
04083             rsbac_debug_aef_auth = debug_level;
04084             err = count;
04085             goto out;
04086           }
04087         else
04088           {
04089             goto out_inv;
04090           }
04091       }
04092 
04093 /* Boolean debug switch for AUTH decisions / ADF */
04094     /*
04095      * Usage: echo "debug adf_auth #N" > /proc/rsbac_info/debug
04096      *   to set rsbac_debug_adf_auth to given value
04097      */
04098     if(!strncmp("adf_auth", k_buf + 6, 8)) 
04099       {
04100         p += 9;
04101 
04102         if( *p == '\0' )
04103             goto out;
04104 
04105         debug_level = simple_strtoul(p, NULL, 0);
04106         /* only accept 0 or 1 */
04107         if(!debug_level || (debug_level == 1))
04108           {
04109             rsbac_printk(KERN_INFO
04110                    "debug_proc_write(): setting rsbac_debug_adf_auth to %u\n",
04111                    debug_level);
04112             rsbac_debug_adf_auth = debug_level;
04113             err = count;
04114             goto out;
04115           }
04116         else
04117           {
04118             goto out_inv;
04119           }
04120       }
04121 
04122 #endif
04123 
04124 #if defined(CONFIG_RSBAC_REG) || defined(CONFIG_RSBAC_REG_MAINT)
04125 /* Boolean debug switch for REG */
04126     /*
04127      * Usage: echo "debug reg #N" > /proc/rsbac_info/debug
04128      *   to set rsbac_debug_reg to given value
04129      */
04130     if(!strncmp("reg", k_buf + 6, 3)) 
04131       {
04132         p += 3;
04133 
04134         if( *p == '\0' )
04135             goto out;
04136 
04137         debug_level = simple_strtoul(p, NULL, 0);
04138         /* only accept 0 or 1 */
04139         if(!debug_level || (debug_level == 1))
04140           {
04141             rsbac_printk(KERN_INFO
04142                    "debug_proc_write(): setting rsbac_debug_reg to %u\n",
04143                    debug_level);
04144             rsbac_debug_reg = debug_level;
04145             err = count;
04146             goto out;
04147           }
04148         else
04149           {
04150             goto out_inv;
04151           }
04152       }
04153 #endif
04154 
04155 #if defined(CONFIG_RSBAC_ACL)
04156 /* Boolean debug switch for ACL data structures */
04157     /*
04158      * Usage: echo "debug ds_acl #N" > /proc/rsbac_info/debug
04159      *   to set rsbac_debug_ds_acl to given value
04160      */
04161     if(!strncmp("ds_acl", k_buf + 6, 6)) 
04162       {
04163         p += 7;
04164 
04165         if( *p == '\0' )
04166             goto out;
04167 
04168         debug_level = simple_strtoul(p, NULL, 0);
04169         /* only accept 0 or 1 */
04170         if(!debug_level || (debug_level == 1))
04171           {
04172             rsbac_printk(KERN_INFO
04173                    "debug_proc_write(): setting rsbac_debug_ds_acl to %u\n",
04174                    debug_level);
04175             rsbac_debug_ds_acl = debug_level;
04176             err = count;
04177             goto out;
04178           }
04179         else
04180           {
04181             goto out_inv;
04182           }
04183       }
04184 /* Boolean debug switch for ACL syscalls / AEF */
04185     /*
04186      * Usage: echo "debug aef_acl #N" > /proc/rsbac_info/debug
04187      *   to set rsbac_debug_aef_acl to given value
04188      */
04189     if(!strncmp("aef_acl", k_buf + 6, 7)) 
04190       {
04191         p += 8;
04192 
04193         if( *p == '\0' )
04194             goto out;
04195 
04196         debug_level = simple_strtoul(p, NULL, 0);
04197         /* only accept 0 or 1 */
04198         if(!debug_level || (debug_level == 1))
04199           {
04200             rsbac_printk(KERN_INFO
04201                    "debug_proc_write(): setting rsbac_debug_aef_acl to %u\n",
04202                    debug_level);
04203             rsbac_debug_aef_acl = debug_level;
04204             err = count;
04205             goto out;
04206           }
04207         else
04208           {
04209             goto out_inv;
04210           }
04211       }
04212 
04213 /* Boolean debug switch for ACL decisions / ADF */
04214     /*
04215      * Usage: echo "debug adf_acl #N" > /proc/rsbac_info/debug
04216      *   to set rsbac_debug_adf_acl to given value
04217      */
04218     if(!strncmp("adf_acl", k_buf + 6, 7)) 
04219       {
04220         p += 8;
04221 
04222         if( *p == '\0' )
04223             goto out;
04224 
04225         debug_level = simple_strtoul(p, NULL, 0);
04226         /* only accept 0 or 1 */
04227         if(!debug_level || (debug_level == 1))
04228           {
04229             rsbac_printk(KERN_INFO
04230                    "debug_proc_write(): setting rsbac_debug_adf_acl to %u\n",
04231                    debug_level);
04232             rsbac_debug_adf_acl = debug_level;
04233             err = count;
04234             goto out;
04235           }
04236         else
04237           {
04238             goto out_inv;
04239           }
04240       }
04241 #endif
04242 
04243 #if defined(CONFIG_RSBAC_JAIL)
04244 /* Boolean debug switch for JAIL syscalls / AEF */
04245     /*
04246      * Usage: echo "debug aef_jail #N" > /proc/rsbac_info/debug
04247      *   to set rsbac_debug_aef_jail to given value
04248      */
04249     if(!strncmp("aef_jail", k_buf + 6, 8)) 
04250       {
04251         p += 9;
04252 
04253         if( *p == '\0' )
04254             goto out;
04255 
04256         debug_level = simple_strtoul(p, NULL, 0);
04257         /* only accept 0 or 1 */
04258         if(!debug_level || (debug_level == 1))
04259           {
04260             rsbac_printk(KERN_INFO
04261                    "debug_proc_write(): setting rsbac_debug_aef_jail to %u\n",
04262                    debug_level);
04263             rsbac_debug_aef_jail = debug_level;
04264             err = count;
04265             goto out;
04266           }
04267         else
04268           {
04269             goto out_inv;
04270           }
04271       }
04272 
04273 /* Boolean debug switch for JAIL decisions / ADF */
04274     /*
04275      * Usage: echo "debug adf_jail #N" > /proc/rsbac_info/debug
04276      *   to set rsbac_debug_adf_jail to given value
04277      */
04278     if(!strncmp("adf_jail", k_buf + 6, 8)) 
04279       {
04280         p += 9;
04281 
04282         if( *p == '\0' )
04283             goto out;
04284 
04285         debug_level = simple_strtoul(p, NULL, 0);
04286         /* only accept 0 or 1 */
04287         if(!debug_level || (debug_level == 1))
04288           {
04289             rsbac_printk(KERN_INFO
04290                    "debug_proc_write(): setting rsbac_debug_adf_jail to %u\n",
04291                    debug_level);
04292             rsbac_debug_adf_jail = debug_level;
04293             err = count;
04294             goto out;
04295           }
04296         else
04297           {
04298             goto out_inv;
04299           }
04300       }
04301 #endif
04302 
04303 #if defined(CONFIG_RSBAC_PAX)
04304 /* Boolean debug switch for PAX decisions / ADF */
04305     /*
04306      * Usage: echo "debug adf_pax #N" > /proc/rsbac_info/debug
04307      *   to set rsbac_debug_adf_pax to given value
04308      */
04309     if(!strncmp("adf_pax", k_buf + 6, 7)) 
04310       {
04311         p += 8;
04312 
04313         if( *p == '\0' )
04314             goto out;
04315 
04316         debug_level = simple_strtoul(p, NULL, 0);
04317         /* only accept 0 or 1 */
04318         if(!debug_level || (debug_level == 1))
04319           {
04320             rsbac_printk(KERN_INFO
04321                    "debug_proc_write(): setting rsbac_debug_adf_pax to %u\n",
04322                    debug_level);
04323             rsbac_debug_adf_pax = debug_level;
04324             err = count;
04325             goto out;
04326           }
04327         else
04328           {
04329             goto out_inv;
04330           }
04331       }
04332 #endif
04333 
04334 #if defined(CONFIG_RSBAC_UM)
04335 /* Boolean debug switch for UM data structures */
04336     /*
04337      * Usage: echo "debug ds_um #N" > /proc/rsbac_info/debug
04338      *   to set rsbac_debug_ds_um to given value
04339      */
04340     if(!strncmp("ds_um", k_buf + 6, 5)) 
04341       {
04342         p += 6;
04343 
04344         if( *p == '\0' )
04345           goto out;
04346 
04347         debug_level = simple_strtoul(p, NULL, 0);
04348         /* only accept 0 or 1 */
04349         if(!debug_level || (debug_level == 1))
04350           {
04351             rsbac_printk(KERN_INFO
04352                    "debug_proc_write(): setting rsbac_debug_ds_um to %u\n",
04353                    debug_level);
04354             rsbac_debug_ds_um = debug_level;
04355             err = count;
04356             goto out;
04357           }
04358         else
04359           {
04360             goto out_inv;
04361           }
04362       }
04363 /* Boolean debug switch for UM syscalls / AEF */
04364     /*
04365      * Usage: echo "debug aef_um #N" > /proc/rsbac_info/debug
04366      *   to set rsbac_debug_aef_um to given value
04367      */
04368     if(!strncmp("aef_um", k_buf + 6, 6)) 
04369       {
04370         p += 7;
04371 
04372         if( *p == '\0' )
04373             goto out;
04374 
04375         debug_level = simple_strtoul(p, NULL, 0);
04376         /* only accept 0 or 1 */
04377         if(!debug_level || (debug_level == 1))
04378           {
04379             rsbac_printk(KERN_INFO
04380                    "debug_proc_write(): setting rsbac_debug_aef_um to %u\n",
04381                    debug_level);
04382             rsbac_debug_aef_um = debug_level;
04383             err = count;
04384             goto out;
04385           }
04386         else
04387           {
04388             goto out_inv;
04389           }
04390       }
04391 
04392 /* Boolean debug switch for UM decisions / ADF */
04393     /*
04394      * Usage: echo "debug adf_um #N" > /proc/rsbac_info/debug
04395      *   to set rsbac_debug_adf_um to given value
04396      */
04397     if(!strncmp("adf_um", k_buf + 6, 6)) 
04398       {
04399         p += 7;
04400 
04401         if( *p == '\0' )
04402             goto out;
04403 
04404         debug_level = simple_strtoul(p, NULL, 0);
04405         /* only accept 0 or 1 */
04406         if(!debug_level || (debug_level == 1))
04407           {
04408             rsbac_printk(KERN_INFO
04409                    "debug_proc_write(): setting rsbac_debug_adf_um to %u\n",
04410                    debug_level);
04411             rsbac_debug_adf_um = debug_level;
04412             err = count;
04413             goto out;
04414           }
04415         else
04416           {
04417             goto out_inv;
04418           }
04419       }
04420 #endif
04421 
04422     /*
04423      * Usage: echo "debug ds #N" > /proc/rsbac_info/debug
04424      *   to set rsbac_debug_ds to given value
04425      */
04426     if(!strncmp("ds", k_buf + 6, 2)) 
04427       {
04428         p += 3;
04429 
04430         if( *p == '\0' )
04431             goto out;
04432 
04433         debug_level = simple_strtoul(p, NULL, 0);
04434         /* only accept 0 or 1 */
04435         if(!debug_level || (debug_level == 1))
04436           {
04437             rsbac_printk(KERN_INFO
04438                    "debug_proc_write(): setting rsbac_debug_ds to %u\n",
04439                    debug_level);
04440             rsbac_debug_ds = debug_level;
04441             err = count;
04442             goto out;
04443           }
04444         else
04445           {
04446             goto out_inv;
04447           }
04448       }
04449 
04450     /*
04451      * Usage: echo "debug write #N" > /proc/rsbac_info/debug
04452      *   to set rsbac_debug_write to given value
04453      */
04454     if(!strncmp("write", k_buf + 6, 5)) 
04455       {
04456         p += 6;
04457 
04458         if( *p == '\0' )
04459             goto out;
04460 
04461         debug_level = simple_strtoul(p, NULL, 0);
04462         /* only accept 0 or 1 */
04463         if(!debug_level || (debug_level == 1))
04464           {
04465             rsbac_printk(KERN_INFO
04466                    "debug_proc_write(): setting rsbac_debug_write to %u\n",
04467                    debug_level);
04468             rsbac_debug_write = debug_level;
04469             err = count;
04470             goto out;
04471           }
04472         else
04473           {
04474             goto out_inv;
04475           }
04476       }
04477 
04478     /*
04479      * Usage: echo "debug stack #N" > /proc/rsbac_info/debug
04480      *   to set rsbac_debug_stack to given value
04481      */
04482     if(!strncmp("stack", k_buf + 6, 5)) 
04483       {
04484         p += 6;
04485 
04486         if( *p == '\0' )
04487             goto out;
04488 
04489         debug_level = simple_strtoul(p, NULL, 0);
04490         /* only accept 0 or 1 */
04491         if(!debug_level || (debug_level == 1))
04492           {
04493             rsbac_printk(KERN_INFO
04494                    "debug_proc_write(): setting rsbac_debug_stack to %u\n",
04495                    debug_level);
04496             rsbac_debug_stack = debug_level;
04497             err = count;
04498             goto out;
04499           }
04500         else
04501           {
04502             goto out_inv;
04503           }
04504       }
04505 
04506     /*
04507      * Usage: echo "debug lists #N" > /proc/rsbac_info/debug
04508      *   to set rsbac_debug_lists to given value
04509      */
04510     if(!strncmp("lists", k_buf + 6, 5)) 
04511       {
04512         p += 6;
04513 
04514         if( *p == '\0' )
04515             goto out;
04516 
04517         debug_level = simple_strtoul(p, NULL, 0);
04518         /* only accept 0 or 1 */
04519         if(!debug_level || (debug_level == 1))
04520           {
04521             rsbac_printk(KERN_INFO
04522                    "debug_proc_write(): setting rsbac_debug_lists to %u\n",
04523                    debug_level);
04524             rsbac_debug_lists = debug_level;
04525             err = count;
04526             goto out;
04527           }
04528         else
04529           {
04530             goto out_inv;
04531           }
04532       }
04533 
04534     /* Boolean debug switch for AEF */
04535     /*
04536      * Usage: echo "debug aef #N" > /proc/rsbac_info/debug
04537      *   to set rsbac_debug_aef to given value
04538      */
04539     if(!strncmp("aef", k_buf + 6, 3)) 
04540       {
04541         p += 4;
04542 
04543         if( *p == '\0' )
04544             goto out;
04545 
04546         debug_level = simple_strtoul(p, NULL, 0);
04547         /* only accept 0 or 1 */
04548         if(!debug_level || (debug_level == 1))
04549           {
04550             rsbac_printk(KERN_INFO
04551                    "debug_proc_write(): setting rsbac_debug_aef to %u\n",
04552                    debug_level);
04553             rsbac_debug_aef = debug_level;
04554             err = count;
04555             goto out;
04556           }
04557         else
04558           {
04559             goto out_inv;
04560           }
04561       }
04562 
04563 /* Boolean debug switch for NO_WRITE */
04564     /*
04565      * Usage: echo "debug no_write #N" > /proc/rsbac_info/debug
04566      *   to set rsbac_debug_no_write to given value
04567      */
04568     if(!strncmp("no_write", k_buf + 6, 8)) 
04569       {
04570         p += 9;
04571 
04572         if( *p == '\0' )
04573             goto out;
04574 
04575         debug_level = simple_strtoul(p, NULL, 0);
04576         /* only accept 0 or 1 */
04577         if(!debug_level || (debug_level == 1))
04578           {
04579             rsbac_printk(KERN_INFO
04580                    "debug_proc_write(): setting rsbac_debug_no_write to %u\n",
04581                    debug_level);
04582             rsbac_debug_no_write = debug_level;
04583             err = count;
04584             goto out;
04585           }
04586         else
04587           {
04588             goto out_inv;
04589           }
04590       }
04591 
04592 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
04593     /*
04594      * Usage: echo "debug auto #N" > /proc/rsbac_info/debug
04595      *   to set rsbac_debug_auto to given value
04596      */
04597     if(!strncmp("auto", k_buf + 6, 4)) 
04598       {
04599         p += 5;
04600 
04601         if( *p == '\0' )
04602             goto out;
04603 
04604         debug_level = simple_strtoul(p, NULL, 0);
04605         /* only accept 0 or 1 */
04606         if(!debug_level || (debug_level == 1))
04607           {
04608             rsbac_printk(KERN_INFO
04609                    "debug_proc_write(): setting rsbac_debug_auto to %u\n",
04610                    debug_level);
04611             rsbac_debug_auto = debug_level;
04612             err = count;
04613             goto out;
04614           }
04615         else
04616           {
04617             goto out_inv;
04618           }
04619       }
04620 #endif /* CONFIG_RSBAC_AUTO_WRITE > 0 */
04621 #endif /* DEBUG */
04622 
04623 out:
04624   free_page((ulong) k_buf);
04625   return(err);
04626 
04627 out_inv:
04628     rsbac_printk(KERN_INFO
04629                  "debug_proc_write(): rejecting invalid debug level (should be 0 or 1)\n");
04630     err = -EINVAL;
04631     goto out;
04632   }
04633 #endif /* defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS) */
04634 
04635 #if defined(CONFIG_RSBAC_LOG_REMOTE)
04636 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
04637 /* declare net functions */
04638 long sys_socket(int family, int type, int protocol);
04639 long sys_bind(int fd, struct sockaddr *umyaddr, int addrlen);
04640 long sys_sendto(int fd, void * buff, size_t len, unsigned flags,
04641                 struct sockaddr *addr, int addr_len);
04642 #endif
04643 
04644 #ifndef CONFIG_RSBAC_LOG_REMOTE_SYNC
04645 /* rsbac kernel timer for auto-write */
04646 static void wakeup_rsbaclogd(u_long dummy)
04647   {
04648     wake_up(&rsbaclogd_wait);
04649   }
04650 #endif
04651 
04652 /* rsbac kernel daemon for remote logging */
04653 static int rsbaclogd(void * dummy)
04654   {
04655     struct task_struct *tsk = current;
04656     int err;
04657     int i;
04658     char c;
04659     int sock_fd;
04660     struct sockaddr_in addr;
04661     char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04662     static char remote_send_buf[REMOTE_SEND_BUF_LEN];
04663     mm_segment_t oldfs;
04664 
04665     rsbac_printk(KERN_INFO "rsbaclogd(): Initializing.\n");
04666 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
04667     daemonize("rsbaclogd");
04668 #else
04669     tsk->session = 1;
04670     tsk->pgrp = 1;
04671     strcpy(tsk->comm, "rsbaclogd");
04672 #endif
04673 /*    lock_kernel(); */
04674 
04675 #ifdef CONFIG_RSBAC_DEBUG
04676     rsbac_printk(KERN_DEBUG "rsbaclogd(): Setting auto timer.\n");
04677 #endif
04678 #ifndef CONFIG_RSBAC_LOG_REMOTE_SYNC
04679     init_timer(&rsbac_log_remote_timer);
04680     rsbac_log_remote_timer.function = wakeup_rsbaclogd;
04681     rsbac_log_remote_timer.data = 0;
04682     rsbac_log_remote_timer.expires = jiffies + rsbac_log_remote_interval;
04683     add_timer(&rsbac_log_remote_timer);
04684 #endif
04685     interruptible_sleep_on(&rsbaclogd_wait);
04686 
04687     /* create a socket */
04688     sock_fd = sys_socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
04689     if(sock_fd < 0)
04690       {
04691         rsbac_printk(KERN_WARNING
04692                "rsbaclogd(): creating local log socket failed with error %s, exiting!\n",
04693                get_error_name(tmp, sock_fd));
04694         rsbaclogd_pid = 0;
04695         return -RSBAC_EWRITEFAILED;
04696       }
04697     /* bind local address */
04698     addr.sin_family = PF_INET;
04699     addr.sin_port = htons(CONFIG_RSBAC_LOG_LOCAL_PORT);
04700     err = rsbac_net_str_to_inet(CONFIG_RSBAC_LOG_LOCAL_ADDR,
04701                                 &addr.sin_addr.s_addr);
04702     if(err < 0)
04703       {
04704         rsbac_printk(KERN_WARNING
04705                "rsbaclogd(): converting local socket address %s failed with error %s, exiting!\n",
04706                CONFIG_RSBAC_LOG_LOCAL_ADDR,
04707                get_error_name(tmp, err));
04708         sys_close(sock_fd);
04709         rsbaclogd_pid = 0;
04710         return -RSBAC_EINVALIDVALUE;
04711       }
04712     /* change data segment - sys_bind reads address from user space */
04713     oldfs = get_fs();
04714     set_fs(KERNEL_DS);
04715     err = sys_bind(sock_fd, (struct sockaddr *)&addr, sizeof(addr));
04716     set_fs(oldfs);
04717     if(err < 0)
04718       {
04719         rsbac_printk(KERN_WARNING
04720                "rsbaclogd(): binding local socket address %u.%u.%u.%u:%u failed with error %s, exiting!\n",
04721                NIPQUAD(addr.sin_addr.s_addr),
04722                CONFIG_RSBAC_LOG_LOCAL_PORT,
04723                get_error_name(tmp, err));
04724         sys_close(sock_fd);
04725         rsbaclogd_pid = 0;
04726         return -RSBAC_EWRITEFAILED;
04727       }
04728 #ifdef CONFIG_RSBAC_DEBUG
04729     if(rsbac_debug_stack)
04730       {
04731         unsigned long * n = (unsigned long *) (current+1);
04732 
04733         while (!*n)
04734           n++;
04735         rsbac_printk(KERN_DEBUG "rsbaclogd: free stack: %lu\n",
04736                (unsigned long) n - (unsigned long)(current+1));
04737       }
04738 #endif
04739     for(;;)
04740       {
04741         /* wait */
04742 #ifndef CONFIG_RSBAC_LOG_REMOTE_SYNC
04743         /* set new timer (only, if not woken up by rsbac_printk()) */
04744         mod_timer(&rsbac_log_remote_timer, jiffies + rsbac_log_remote_interval);
04745 #endif
04746         interruptible_sleep_on(&rsbaclogd_wait);
04747         /* sleep */
04748 
04749 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
04750         /* Unblock all signals. */
04751         flush_signals(tsk);
04752         spin_lock_irq(&tsk->sighand->siglock);
04753         flush_signal_handlers(tsk, 1);
04754         sigemptyset(&tsk->blocked);
04755         recalc_sigpending();
04756         spin_unlock_irq(&tsk->sighand->siglock);
04757 #else
04758         spin_lock_irq(&tsk->sigmask_lock);
04759         flush_signals(tsk);
04760         sigfillset(&tsk->blocked);
04761         recalc_sigpending(tsk);
04762         spin_unlock_irq(&tsk->sigmask_lock);
04763 #endif
04764 /*
04765 #ifdef CONFIG_RSBAC_DEBUG
04766         if (rsbac_debug_auto)
04767           {
04768             rsbac_printk(KERN_DEBUG
04769                    "rsbacd(): calling rsbac_write()\n");
04770           }
04771 #endif
04772 */
04773 
04774         /* Do nothing without remote address */
04775         if(!rsbac_log_remote_addr || !rsbac_log_remote_port)
04776           continue;
04777 
04778         while(remote_log_start != remote_log_end)
04779           {
04780             /* Target address might have changed */
04781             addr.sin_family = PF_INET;
04782             addr.sin_port = rsbac_log_remote_port;
04783             addr.sin_addr.s_addr = rsbac_log_remote_addr;
04784             i = 0;
04785             c = 0;
04786             spin_lock(&rsbac_log_remote_lock);
04787             while (   (remote_log_start != remote_log_end)
04788                    && (i < sizeof(remote_send_buf))
04789                    && (c != '\n')
04790                   )
04791               {
04792                 c = REMOTE_RLOG_BUF(remote_log_start);
04793                 remote_log_start++;
04794                 remote_logged_chars--;
04795                 remote_send_buf[i] = c;
04796 //                spin_unlock_irq(&rsbac_log_remote_lock);
04797                 i++;
04798 //                spin_lock_irq(&rsbac_log_remote_lock);
04799               }
04800             spin_unlock(&rsbac_log_remote_lock);
04801 
04802             /* change data segment - sys_sendto reads data and address from user space */
04803             oldfs = get_fs();
04804             set_fs(KERNEL_DS);
04805             err = sys_sendto(sock_fd,
04806                              remote_send_buf,
04807                              i,
04808                              MSG_DONTWAIT,
04809                              (struct sockaddr *)&addr,
04810                              sizeof(addr));
04811             set_fs(oldfs);
04812             if(   (err < 0)
04813 //               && (err != -EPERM)
04814               )
04815               {
04816                 rsbac_printk(KERN_WARNING
04817                        "rsbaclogd(): sending to remote socket address %u.%u.%u.%u:%u failed with error %i!\n",
04818                        NIPQUAD(addr.sin_addr.s_addr),
04819                        CONFIG_RSBAC_LOG_REMOTE_PORT,
04820                        err);
04821                 continue;
04822               }
04823           }
04824       }
04825   }
04826 #endif
04827 
04828 static int ll_conv(
04829         void * old_desc,
04830         void * old_data,
04831         void * new_desc,
04832         void * new_data)
04833   {
04834     rsbac_log_entry_t     * new_aci = new_data;
04835     rsbac_old_log_entry_t * old_aci = old_data;
04836     int i;
04837 
04838     memcpy(new_desc, old_desc, sizeof(rsbac_adf_request_int_t));
04839     for(i=0; i < T_NONE - 1; i++)
04840       (*new_aci)[i] = (*old_aci)[i];
04841     (*new_aci)[T_NONE - 1] = LL_denied;
04842     (*new_aci)[T_NONE] = (*old_aci)[T_NONE - 1];
04843     return 0;
04844   }
04845 
04846 rsbac_list_conv_function_t * ll_get_conv(rsbac_version_t old_version)
04847   {
04848     switch(old_version)
04849       {
04850         case RSBAC_LOG_LEVEL_OLD_VERSION:
04851           return ll_conv;
04852         default:
04853           return NULL;
04854       }
04855   }
04856 
04857 
04858 /********************************/
04859 /*             Init             */
04860 /********************************/
04861 
04862 #ifdef CONFIG_RSBAC_INIT_DELAY
04863 inline void rsbac_init_debug(void)
04864 #else
04865 inline void __init rsbac_init_debug(void)
04866 #endif
04867   {
04868     int i;
04869     #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
04870     struct proc_dir_entry * tmp_entry_p;
04871     #endif
04872     
04873     if (!debug_initialized)
04874       {
04875         struct rsbac_list_info_t * info_p;
04876         int tmperr;
04877         rsbac_enum_t * def_data_p;
04878 
04879         rsbac_printk(KERN_INFO "rsbac_init_debug(): Initializing\n");
04880         info_p = rsbac_kmalloc(sizeof(*info_p));
04881         if(!info_p)
04882           {
04883             memset(rsbac_log_levels, LL_denied, sizeof(rsbac_log_levels));
04884             return;
04885           }
04886         def_data_p = rsbac_kmalloc(sizeof(rsbac_log_entry_t));
04887         if(!def_data_p)
04888           {
04889             memset(rsbac_log_levels, LL_denied, sizeof(rsbac_log_levels));
04890             rsbac_kfree(info_p);
04891             return;
04892           }
04893         /* register log_levels list */
04894         for(i=0; i<=T_NONE; i++)
04895           def_data_p[i] = LL_denied;
04896         info_p->version = RSBAC_LOG_LEVEL_VERSION;
04897         info_p->key = RSBAC_LOG_LEVEL_KEY;
04898         info_p->desc_size = sizeof(rsbac_adf_request_int_t);
04899         info_p->data_size = sizeof(rsbac_log_entry_t);
04900         info_p->max_age = 0;
04901         tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
04902                                      &log_levels_handle,
04903                                      info_p,
04904                                      RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
04905                                      NULL,
04906                                      ll_get_conv,
04907                                      def_data_p,
04908                                      RSBAC_LOG_LEVEL_LIST_NAME,
04909                                      RSBAC_AUTO_DEV);
04910         if(tmperr)
04911           {
04912             char * tmp;
04913 
04914             tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04915             if(tmp)
04916               {
04917                 rsbac_printk(KERN_WARNING
04918                        "rsbac_init_debug(): registering log levels list ll failed with error %s!\n",
04919                        get_error_name(tmp, tmperr));
04920                 rsbac_kfree(tmp);
04921               }
04922             memset(rsbac_log_levels, LL_denied, sizeof(rsbac_log_levels));
04923           }
04924         else
04925           {
04926             rsbac_adf_request_int_t req;
04927 
04928             for(req = 0; req < R_NONE; req++)
04929               rsbac_list_get_data(log_levels_handle, &req, rsbac_log_levels[req]);
04930           }
04931 
04932         #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
04933         tmp_entry_p = create_proc_entry("log_levels",
04934                                         S_IFREG | S_IRUGO | S_IWUGO,
04935                                         proc_rsbac_root_p);
04936         if(tmp_entry_p)
04937           {
04938             tmp_entry_p->get_info = log_levels_proc_info;
04939             tmp_entry_p->write_proc = log_levels_proc_write;
04940           }
04941 
04942         tmp_entry_p = create_proc_entry("debug",
04943                                         S_IFREG | S_IRUGO | S_IWUGO,
04944                                         proc_rsbac_root_p);
04945         if(tmp_entry_p)
04946           {
04947             tmp_entry_p->get_info = debug_proc_info;
04948             tmp_entry_p->write_proc = debug_proc_write;
04949           }
04950 
04951         #if defined(CONFIG_RSBAC_RMSG)
04952         tmp_entry_p = create_proc_entry("rmsg",
04953                                         S_IFREG | S_IRUGO,
04954                                         proc_rsbac_root_p);
04955         if(tmp_entry_p)
04956           {
04957             tmp_entry_p->proc_fops = &proc_rmsg_operations;
04958           }
04959         #endif
04960         #endif
04961 
04962         #if defined(CONFIG_RSBAC_LOG_REMOTE)
04963         /* Start rsbac logging thread for auto write */
04964         if(!rsbac_log_remote_port)
04965           rsbac_log_remote_port = htons(CONFIG_RSBAC_LOG_REMOTE_PORT);
04966         tmperr = rsbac_net_str_to_inet(rsbac_log_remote_addr_string,
04967                                     &rsbac_log_remote_addr);
04968         if(tmperr < 0)
04969           {
04970             char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04971 
04972             if(tmp)
04973               {
04974                 get_error_name(tmp, tmperr);
04975                 rsbac_printk(KERN_WARNING
04976                              "rsbac_init_debug(): converting remote socket address %s failed with error %s, exiting!\n",
04977                              rsbac_log_remote_addr_string,
04978                              tmp);
04979                 rsbac_log_remote_addr = 0;
04980                 rsbac_kfree(tmp);
04981               }
04982           }
04983         rsbaclogd_pid = kernel_thread(rsbaclogd, NULL, 0);
04984         rsbac_printk(KERN_INFO "rsbac_init_debug(): Started rsbaclogd thread with pid %u\n",
04985                rsbaclogd_pid);
04986         #endif
04987 
04988         #ifdef CONFIG_RSBAC_SYSLOG_RATE
04989         init_timer(&rsbac_syslog_rate_timer);
04990         rsbac_syslog_rate_timer.function = syslog_rate_reset;
04991         rsbac_syslog_rate_timer.data = 0;
04992         rsbac_syslog_rate_timer.expires = jiffies + HZ;
04993         add_timer(&rsbac_syslog_rate_timer);
04994         #endif
04995 
04996         debug_initialized = TRUE;
04997       }
04998 
04999     #ifdef CONFIG_RSBAC_SOFTMODE
05000     if(rsbac_softmode)
05001       rsbac_printk(KERN_DEBUG "rsbac_softmode is set\n");
05002     if(rsbac_softmode_prohibit)
05003       rsbac_printk(KERN_DEBUG "rsbac_softmode_prohibit is set\n");
05004     #endif
05005     #ifdef CONFIG_RSBAC_FREEZE
05006     if(rsbac_freeze)
05007       rsbac_printk(KERN_DEBUG "rsbac_freeze is set\n");
05008     #endif
05009     #if defined(CONFIG_RSBAC_UM_EXCL)
05010     if(rsbac_um_no_excl)
05011       rsbac_printk(KERN_DEBUG "rsbac_um_no_excl is set\n");
05012     #endif
05013     #if defined(CONFIG_RSBAC_DAZ_CACHE)
05014     rsbac_printk(KERN_DEBUG "rsbac_daz_ttl is %u\n",
05015                  rsbac_daz_get_ttl());
05016     #endif
05017     #if defined(CONFIG_RSBAC_AUTH_LEARN)
05018     if(rsbac_auth_learn)
05019       rsbac_printk(KERN_DEBUG "rsbac_auth_learn is set\n");
05020     #endif
05021     #if defined(CONFIG_RSBAC_ACL_LEARN)
05022     if(rsbac_acl_learn_fd)
05023       rsbac_printk(KERN_DEBUG "rsbac_acl_learn_fd is set\n");
05024     #endif
05025     #ifdef CONFIG_RSBAC_CAP_PROC_HIDE
05026     if(rsbac_cap_process_hiding)
05027       rsbac_printk(KERN_DEBUG "rsbac_cap_process_hiding is set\n");
05028     #endif
05029     #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
05030     if(rsbac_cap_log_missing)
05031       rsbac_printk(KERN_DEBUG "rsbac_cap_log_missing is set\n");
05032     #endif
05033     #ifdef CONFIG_RSBAC_JAIL_LOG_MISSING
05034     if(rsbac_jail_log_missing)
05035       rsbac_printk(KERN_DEBUG "rsbac_jail_log_missing is set\n");
05036     #endif
05037     #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
05038     if(rsbac_dac_disable)
05039       rsbac_printk(KERN_DEBUG "rsbac_dac_disable is set\n");
05040     #endif
05041     #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05042     if(rsbac_nosyslog)
05043       rsbac_printk(KERN_DEBUG "rsbac_nosyslog is set\n");
05044     #endif
05045     #ifdef CONFIG_RSBAC_SYSLOG_RATE
05046     if(rsbac_syslog_rate != CONFIG_RSBAC_SYSLOG_RATE_DEF)
05047       rsbac_printk(KERN_DEBUG "rsbac_syslog_rate is %u\n",
05048                    rsbac_syslog_rate);
05049     #endif
05050     #ifdef CONFIG_RSBAC_INIT_DELAY
05051     if(rsbac_no_delay_init)
05052       rsbac_printk(KERN_DEBUG "rsbac_no_delay_init is set\n");
05053 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
05054     if(rsbac_delayed_root_str[0])
05055       rsbac_printk(KERN_DEBUG "rsbac_delayed_root is %s\n",
05056              rsbac_delayed_root_str);
05057 #else
05058     if(rsbac_delayed_root)
05059       rsbac_printk(KERN_DEBUG "rsbac_delayed_root is %02u:%02u\n",
05060              MAJOR(rsbac_delayed_root), MINOR(rsbac_delayed_root));
05061 #endif
05062     #endif
05063     if(rsbac_no_defaults)
05064       rsbac_printk(KERN_DEBUG "rsbac_no_defaults is set\n");
05065 
05066 #if defined(CONFIG_RSBAC_DEBUG)
05067     if(rsbac_debug_ds)
05068       rsbac_printk(KERN_DEBUG "rsbac_debug_ds is set\n");
05069     if(rsbac_debug_write)
05070       rsbac_printk(KERN_DEBUG "rsbac_debug_write is set\n");
05071     if(rsbac_debug_no_write)
05072       rsbac_printk(KERN_DEBUG "rsbac_debug_no_write is set\n");
05073     if(rsbac_debug_stack)
05074       rsbac_printk(KERN_DEBUG "rsbac_debug_stack is set\n");
05075     if(rsbac_debug_lists)
05076       rsbac_printk(KERN_DEBUG "rsbac_debug_lists is set\n");
05077     if(rsbac_debug_aef)
05078       rsbac_printk(KERN_DEBUG "rsbac_debug_aef is set\n");
05079     if(rsbac_debug_adf_default != 1)
05080       rsbac_printk(KERN_DEBUG "rsbac_debug_adf_default is set to %i\n",
05081              rsbac_debug_adf_default);
05082 
05083     #if defined(CONFIG_RSBAC_REG)
05084     if(rsbac_debug_reg)
05085       rsbac_printk(KERN_DEBUG "rsbac_debug_reg is set\n");
05086     #endif
05087 
05088     #if defined(CONFIG_RSBAC_NET)
05089     if(rsbac_debug_ds_net)
05090       rsbac_printk(KERN_DEBUG "rsbac_debug_ds_net is set\n");
05091     if(rsbac_debug_aef_net)
05092       rsbac_printk(KERN_DEBUG "rsbac_debug_aef_net is set\n");
05093     if(rsbac_debug_adf_net)
05094       rsbac_printk(KERN_DEBUG "rsbac_debug_adf_net is set\n");
05095     #endif
05096 
05097     #if defined(CONFIG_RSBAC_MAC)
05098     if(rsbac_debug_ds_mac)
05099       rsbac_printk(KERN_DEBUG "rsbac_debug_ds_mac is set\n");
05100     if(rsbac_debug_aef_mac)
05101       rsbac_printk(KERN_DEBUG "rsbac_debug_aef_mac is set\n");
05102     if(rsbac_debug_adf_mac)
05103       rsbac_printk(KERN_DEBUG "rsbac_debug_adf_mac is set\n");
05104     #endif
05105 
05106     #if defined(CONFIG_RSBAC_PM)
05107     if(rsbac_debug_ds_pm)
05108       rsbac_printk(KERN_DEBUG "rsbac_debug_ds_pm is set\n");
05109     if(rsbac_debug_aef_pm)
05110       rsbac_printk(KERN_DEBUG "rsbac_debug_aef_pm is set\n");
05111     if(rsbac_debug_adf_pm)
05112       rsbac_printk(KERN_DEBUG "rsbac_debug_adf_pm is set\n");
05113     #endif
05114 
05115     #if defined(CONFIG_RSBAC_DAZ)
05116     if(rsbac_debug_adf_daz)
05117       rsbac_printk(KERN_DEBUG "rsbac_debug_adf_daz is set\n");
05118     #endif
05119 
05120     #if defined(CONFIG_RSBAC_RC)
05121     if(rsbac_debug_ds_rc)
05122       rsbac_printk(KERN_DEBUG "rsbac_debug_ds_rc is set\n");
05123     if(rsbac_debug_aef_rc)
05124       rsbac_printk(KERN_DEBUG "rsbac_debug_aef_rc is set\n");
05125     if(rsbac_debug_adf_rc)
05126       rsbac_printk(KERN_DEBUG "rsbac_debug_adf_rc is set\n");
05127     #endif
05128 
05129     #if defined(CONFIG_RSBAC_AUTH)
05130     if(rsbac_debug_ds_auth)
05131       rsbac_printk(KERN_DEBUG "rsbac_debug_ds_auth is set\n");
05132     if(rsbac_debug_aef_auth)
05133       rsbac_printk(KERN_DEBUG "rsbac_debug_aef_auth is set\n");
05134     if(rsbac_debug_adf_auth)
05135       rsbac_printk(KERN_DEBUG "rsbac_debug_adf_auth is set\n");
05136     #endif
05137 
05138     #if defined(CONFIG_RSBAC_ACL)
05139     if(rsbac_debug_ds_acl)
05140       rsbac_printk(KERN_DEBUG "rsbac_debug_ds_acl is set\n");
05141     if(rsbac_debug_aef_acl)
05142       rsbac_printk(KERN_DEBUG "rsbac_debug_aef_acl is set\n");
05143     if(rsbac_debug_adf_acl)
05144       rsbac_printk(KERN_DEBUG "rsbac_debug_adf_acl is set\n");
05145     #endif
05146 
05147     #if defined(CONFIG_RSBAC_JAIL)
05148     if(rsbac_debug_aef_jail)
05149       rsbac_printk(KERN_DEBUG "rsbac_debug_aef_jail is set\n");
05150     if(rsbac_debug_adf_jail)
05151       rsbac_printk(KERN_DEBUG "rsbac_debug_adf_jail is set\n");
05152     #endif
05153 
05154     #if defined(CONFIG_RSBAC_PAX)
05155     if(rsbac_debug_adf_pax)
05156       rsbac_printk(KERN_DEBUG "rsbac_debug_adf_pax is set\n");
05157     #endif
05158 
05159     #if defined(CONFIG_RSBAC_UM)
05160     if(rsbac_debug_ds_um)
05161       rsbac_printk(KERN_DEBUG "rsbac_debug_ds_um is set\n");
05162     if(rsbac_debug_aef_um)
05163       rsbac_printk(KERN_DEBUG "rsbac_debug_aef_um is set\n");
05164     if(rsbac_debug_adf_um)
05165       rsbac_printk(KERN_DEBUG "rsbac_debug_adf_um is set\n");
05166     #endif
05167 
05168     #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
05169     if(rsbac_debug_auto)
05170       rsbac_printk(KERN_DEBUG "rsbac_debug_auto is set\n");
05171     #endif
05172 #endif /* DEBUG */
05173 
05174   }
05175