linux-2.6.16-rsbac-1.2.6 / rsbac / help

syscalls.c File Reference

#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/mac.h>
#include <rsbac/pm.h>
#include <rsbac/auth.h>
#include <rsbac/acl.h>
#include <rsbac/reg.h>
#include <rsbac/error.h>
#include <rsbac/debug.h>
#include <rsbac/helpers.h>
#include <rsbac/getname.h>
#include <rsbac/network.h>
#include <asm/semaphore.h>
#include <linux/sched.h>
#include <linux/file.h>
#include <rsbac/rkmem.h>
#include <rsbac/gen_lists.h>
#include <linux/smp_lock.h>
#include <asm/uaccess.h>
#include <rsbac/adf.h>
#include <rsbac/adf_main.h>
#include <rsbac/adf_syshelpers.h>
#include <rsbac/rc.h>
#include <rsbac/um.h>
#include <rsbac/um_types.h>
#include <rsbac/syscalls.h>
#include <linux/namei.h>

Function Documentation

int sys_rsbac_acl ( rsbac_list_ta_number_t ta_number,

enum rsbac_acl_syscall_type_t call,

struct rsbac_acl_syscall_arg_t * arg

)

Definition at line 3172 of file syscalls.c.
References ACLC_add_to_acl_entry, ACLC_none, ACLC_remove_acl, ACLC_remove_acl_entry, ACLC_remove_from_acl_entry, ACLC_remove_user, ACLC_set_acl_entry, ACLC_set_mask, ACLG_GLOBAL, ACLS_GROUP, ACLS_ROLE, ACLS_USER, rsbac_acl_group_entry_t::owner, RC_role_max_value, rsbac_acl_get_group_entry(), RSBAC_ACL_GROUP_EVERYONE, rsbac_acl_sys_add_to_acl_entry(), rsbac_acl_sys_remove_acl(), rsbac_acl_sys_remove_acl_entry(), rsbac_acl_sys_remove_from_acl_entry(), rsbac_acl_sys_remove_user(), rsbac_acl_sys_set_acl_entry(), rsbac_acl_sys_set_mask(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), T_NONE, T_USER, and rsbac_acl_group_entry_t::type.
Referenced by sys_rsbac().
03176 { 03177 #if defined(CONFIG_RSBAC_ACL) 03178 struct rsbac_acl_syscall_arg_t k_arg; 03179 /* union rsbac_target_id_t i_tid; */ 03180 int err = 0; 03181 03182 if(call >= ACLC_none) 03183 return(-RSBAC_EINVALIDREQUEST); 03184 if(!arg) 03185 return(-RSBAC_EINVALIDPOINTER); 03186 03187 /* get values from user space */ 03188 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) ); 03189 if(err < 0) 03190 return err; 03191 03192 if(k_arg.target >= T_NONE) 03193 return(-RSBAC_EINVALIDTARGET); 03194 /* rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): target = %u, call = %u, subj_type = %u, subj_id = %u!\n", 03195 k_arg.target, call, k_arg.subj_type, k_arg.subj_id); */ 03196 03197 #ifdef CONFIG_RSBAC_FREEZE 03198 if(rsbac_freeze) 03199 { 03200 rsbac_printk(KERN_WARNING 03201 "sys_rsbac_acl(): RSBAC configuration frozen, no administration allowed!\n"); 03202 return -EPERM; 03203 } 03204 #endif 03205 03206 if(call != ACLC_set_mask) 03207 { 03208 switch(k_arg.subj_type) 03209 { 03210 case ACLS_USER: 03211 break; 03212 case ACLS_GROUP: 03213 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE) 03214 { 03215 struct rsbac_acl_group_entry_t entry; 03216 rsbac_uid_t caller; 03217 03218 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry) 03219 || rsbac_get_owner(&caller) 03220 || ( (entry.owner != caller) 03221 && (entry.type != ACLG_GLOBAL) 03222 ) 03223 ) 03224 return(-RSBAC_EINVALIDVALUE); 03225 } 03226 break; 03227 #if defined(CONFIG_RSBAC_RC) 03228 case ACLS_ROLE: 03229 if(k_arg.subj_id > RC_role_max_value) 03230 { 03231 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid role %u!\n", k_arg.subj_id); 03232 return(-RSBAC_EINVALIDVALUE); 03233 } 03234 break; 03235 #endif 03236 default: 03237 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid subject type %u!\n", k_arg.subj_type); 03238 return(-RSBAC_EINVALIDVALUE); 03239 } 03240 if( (call == ACLC_remove_user) 03241 && (k_arg.target != T_USER) 03242 ) 03243 return -RSBAC_EINVALIDTARGET; 03244 03245 } 03246 03247 /* call acl function */ 03248 switch(call) 03249 { 03250 case ACLC_set_acl_entry: 03251 err = rsbac_acl_sys_set_acl_entry(ta_number, 03252 k_arg.target, 03253 k_arg.tid, 03254 k_arg.subj_type, 03255 k_arg.subj_id, 03256 k_arg.rights, 03257 k_arg.ttl); 03258 break; 03259 case ACLC_remove_acl_entry: 03260 err = rsbac_acl_sys_remove_acl_entry(ta_number, 03261 k_arg.target, 03262 k_arg.tid, 03263 k_arg.subj_type, 03264 k_arg.subj_id); 03265 break; 03266 case ACLC_remove_acl: 03267 err = rsbac_acl_sys_remove_acl(ta_number, 03268 k_arg.target, 03269 k_arg.tid); 03270 break; 03271 case ACLC_add_to_acl_entry: 03272 err = rsbac_acl_sys_add_to_acl_entry(ta_number, 03273 k_arg.target, 03274 k_arg.tid, 03275 k_arg.subj_type, 03276 k_arg.subj_id, 03277 k_arg.rights, 03278 k_arg.ttl); 03279 break; 03280 case ACLC_remove_from_acl_entry: 03281 err = rsbac_acl_sys_remove_from_acl_entry(ta_number, 03282 k_arg.target, 03283 k_arg.tid, 03284 k_arg.subj_type, 03285 k_arg.subj_id, 03286 k_arg.rights); 03287 break; 03288 case ACLC_set_mask: 03289 err = rsbac_acl_sys_set_mask(ta_number, 03290 k_arg.target, 03291 k_arg.tid, 03292 k_arg.rights); 03293 break; 03294 case ACLC_remove_user: 03295 err = rsbac_acl_sys_remove_user(ta_number, 03296 k_arg.tid.user); 03297 break; 03298 03299 default: 03300 err = -RSBAC_EINVALIDREQUEST; 03301 } 03302 return (err); 03303 #else 03304 return (-RSBAC_EINVALIDMODULE); 03305 #endif 03306 } /* end of sys_rsbac_acl() */

int sys_rsbac_acl_get_mask ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

union rsbac_target_id_t * tid,

rsbac_acl_rights_vector_t * mask_p

)

Definition at line 4164 of file syscalls.c.
References rsbac_acl_sys_get_mask(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, and T_NONE.
Referenced by sys_rsbac().
04169 { 04170 #if defined(CONFIG_RSBAC_ACL) 04171 union rsbac_target_id_t k_tid; 04172 rsbac_acl_rights_vector_t k_mask; 04173 int err = 0; 04174 04175 if(!tid || (target >= T_NONE)) 04176 return(-RSBAC_EINVALIDTARGET); 04177 if(!mask_p) 04178 return(-RSBAC_EINVALIDPOINTER); 04179 04180 /* get values from user space */ 04181 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 04182 04183 /* call acl function */ 04184 err = rsbac_acl_sys_get_mask(ta_number, target, k_tid, &k_mask); 04185 if(!err) 04186 { 04187 rsbac_put_user((u_char *) &k_mask, 04188 (u_char *) mask_p, 04189 sizeof(k_mask) ); 04190 } 04191 return err; 04192 #else 04193 return -RSBAC_EINVALIDMODULE; 04194 #endif 04195 } /* end of sys_rsbac_acl_get_mask() */

int sys_rsbac_acl_get_mask_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

char * t_name,

rsbac_acl_rights_vector_t * mask_p

)

Definition at line 4197 of file syscalls.c.
References D_block, D_char, rsbac_target_id_t::dev, FALSE, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_acl_sys_get_mask(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, rsbac_printk(), RSBAC_ZERO_DEV_DESC, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, TRUE, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
04202 { 04203 #if defined(CONFIG_RSBAC_ACL) 04204 struct dentry * t_dentry = NULL; 04205 rsbac_acl_rights_vector_t k_mask; 04206 rsbac_boolean_t need_put = FALSE; 04207 int err = 0; 04208 union rsbac_target_id_t tid; 04209 04210 struct nameidata nd; 04211 04212 if(target >= T_NONE) 04213 return(-RSBAC_EINVALIDTARGET); 04214 if(!mask_p) 04215 return(-RSBAC_EINVALIDPOINTER); 04216 04217 switch (target) 04218 { 04219 case T_FD: 04220 case T_FILE: 04221 case T_DIR: 04222 case T_FIFO: 04223 case T_SYMLINK: 04224 if(t_name) 04225 { 04226 if ((err = user_path_walk_link(t_name, &nd))) 04227 { 04228 #ifdef CONFIG_RSBAC_DEBUG 04229 if (rsbac_debug_aef_acl) 04230 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err); 04231 #endif 04232 goto out; 04233 } 04234 t_dentry = nd.dentry; 04235 need_put = TRUE; 04236 if (!t_dentry->d_inode) 04237 { 04238 err = -RSBAC_EINVALIDTARGET; 04239 goto out_dput; 04240 } 04241 /* is inode of type file, symlink or block/char device? */ 04242 switch(target) 04243 { 04244 case T_FD: 04245 if(S_ISREG(t_dentry->d_inode->i_mode)) 04246 { 04247 target = T_FILE; 04248 } 04249 else 04250 if(S_ISDIR(t_dentry->d_inode->i_mode)) 04251 { 04252 target = T_DIR; 04253 } 04254 else 04255 if(S_ISLNK(t_dentry->d_inode->i_mode)) 04256 { 04257 target = T_SYMLINK; 04258 } 04259 else 04260 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 04261 { 04262 target = T_FIFO; 04263 } 04264 else 04265 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04266 { 04267 target = T_FILE; 04268 } 04269 else 04270 if(S_ISCHR(t_dentry->d_inode->i_mode)) 04271 { 04272 target = T_FILE; 04273 } 04274 else 04275 { /* This is no file or device */ 04276 err = -RSBAC_EINVALIDTARGET; 04277 goto out_dput; 04278 } 04279 break; 04280 case T_FILE: 04281 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 04282 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 04283 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04284 { /* This is no file or device */ 04285 err = -RSBAC_EINVALIDTARGET; 04286 goto out_dput; 04287 } 04288 break; 04289 case T_DIR: 04290 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 04291 { /* This is no dir */ 04292 err = -RSBAC_EINVALIDTARGET; 04293 goto out_dput; 04294 } 04295 break; 04296 case T_FIFO: 04297 /* is inode of type fifo? */ 04298 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 04299 { /* This is no fifo */ 04300 err = -RSBAC_EINVALIDTARGET; 04301 goto out_dput; 04302 } 04303 break; 04304 case T_SYMLINK: 04305 /* is inode of type symlink? */ 04306 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 04307 { /* This is no symlink */ 04308 err = -RSBAC_EINVALIDTARGET; 04309 goto out_dput; 04310 } 04311 break; 04312 default: 04313 err = -RSBAC_EINVALIDTARGET; 04314 goto out_dput; 04315 } 04316 tid.file.device = t_dentry->d_sb->s_dev; 04317 tid.file.inode = t_dentry->d_inode->i_ino; 04318 tid.file.dentry_p = t_dentry; 04319 } 04320 else 04321 { 04322 if(target == T_FD) 04323 target = T_FILE; 04324 tid.file.device = RSBAC_ZERO_DEV; 04325 tid.file.inode = 0; 04326 tid.file.dentry_p = NULL; 04327 } 04328 break; 04329 04330 case T_DEV: 04331 if(t_name) 04332 { 04333 if ((err = user_path_walk_link(t_name, &nd))) 04334 { 04335 #ifdef CONFIG_RSBAC_DEBUG 04336 if (rsbac_debug_aef_acl) 04337 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err); 04338 #endif 04339 goto out; 04340 } 04341 t_dentry = nd.dentry; 04342 need_put = TRUE; 04343 if (!t_dentry->d_inode) 04344 { 04345 err = -RSBAC_EINVALIDTARGET; 04346 goto out_dput; 04347 } 04348 /* is inode of type block/char device? */ 04349 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 04350 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04351 { /* This is no file or device */ 04352 err = -RSBAC_EINVALIDTARGET; 04353 goto out_dput; 04354 } 04355 /* fill target id and call internal function */ 04356 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04357 tid.dev.type = D_block; 04358 else 04359 tid.dev.type = D_char; 04360 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 04361 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 04362 } 04363 else 04364 { 04365 tid.dev = RSBAC_ZERO_DEV_DESC; 04366 } 04367 break; 04368 04369 default: 04370 return -RSBAC_EINVALIDTARGET; 04371 } 04372 /* call ACL function */ 04373 err = rsbac_acl_sys_get_mask(ta_number, target, tid, &k_mask); 04374 04375 out_dput: 04376 if(need_put) 04377 path_release(&nd); 04378 out: 04379 if(!err) 04380 { 04381 rsbac_put_user((u_char *) &k_mask, 04382 (u_char *) mask_p, 04383 sizeof(k_mask) ); 04384 } 04385 return(err); 04386 04387 #else 04388 return (-RSBAC_EINVALIDMODULE); 04389 #endif 04390 } /* end of sys_rsbac_acl_get_mask_n() */

int sys_rsbac_acl_get_rights ( rsbac_list_ta_number_t ta_number,

struct rsbac_acl_syscall_arg_t * arg,

rsbac_acl_rights_vector_t * rights_p,

u_int effective

)

Definition at line 3599 of file syscalls.c.
References ACLG_GLOBAL, ACLS_GROUP, ACLS_ROLE, ACLS_USER, rsbac_acl_group_entry_t::owner, RC_role_max_value, rsbac_acl_get_group_entry(), RSBAC_ACL_GROUP_EVERYONE, rsbac_acl_sys_get_rights(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), T_NONE, and rsbac_acl_group_entry_t::type.
Referenced by sys_rsbac().
03604 { 03605 #if defined(CONFIG_RSBAC_ACL) 03606 struct rsbac_acl_syscall_arg_t k_arg; 03607 rsbac_acl_rights_vector_t k_rights = 0; 03608 int err = 0; 03609 03610 if(!arg || !rights_p) 03611 return(-RSBAC_EINVALIDPOINTER); 03612 /* get values from user space */ 03613 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) ); 03614 03615 if(k_arg.target >= T_NONE) 03616 return(-RSBAC_EINVALIDTARGET); 03617 /* printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): target = %u, subj_type = %u, subj_id = %u!\n", 03618 k_arg.target, k_arg.subj_type, k_arg.subj_id); */ 03619 switch(k_arg.subj_type) 03620 { 03621 case ACLS_USER: 03622 break; 03623 case ACLS_GROUP: 03624 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE) 03625 { 03626 struct rsbac_acl_group_entry_t entry; 03627 rsbac_uid_t caller; 03628 03629 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry) 03630 || rsbac_get_owner(&caller) 03631 || ( (entry.owner != caller) 03632 && (entry.type != ACLG_GLOBAL) 03633 ) 03634 ) 03635 return(-RSBAC_EINVALIDVALUE); 03636 } 03637 break; 03638 case ACLS_ROLE: 03639 #if defined(CONFIG_RSBAC_RC) 03640 if(k_arg.subj_id > RC_role_max_value) 03641 return(-RSBAC_EINVALIDVALUE); 03642 #endif 03643 break; 03644 default: 03645 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): Invalid subject type %u!\n", k_arg.subj_type); 03646 return(-RSBAC_EINVALIDVALUE); 03647 } 03648 03649 /* call acl function */ 03650 err = rsbac_acl_sys_get_rights(ta_number, 03651 k_arg.target, 03652 k_arg.tid, 03653 k_arg.subj_type, 03654 k_arg.subj_id, 03655 &k_rights, 03656 effective); 03657 if(!err) 03658 { 03659 err = rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) ); 03660 } 03661 return (err); 03662 #else 03663 return (-RSBAC_EINVALIDMODULE); 03664 #endif 03665 } /* end of sys_rsbac_acl_get_rights() */

int sys_rsbac_acl_get_rights_n ( rsbac_list_ta_number_t ta_number,

struct rsbac_acl_syscall_n_arg_t * arg,

rsbac_acl_rights_vector_t * rights_p,

u_int effective

)

Definition at line 3668 of file syscalls.c.
References ACLG_GLOBAL, ACLS_GROUP, ACLS_ROLE, ACLS_USER, D_block, D_char, rsbac_target_id_t::dev, FALSE, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_acl_group_entry_t::owner, RC_role_max_value, rsbac_acl_get_group_entry(), RSBAC_ACL_GROUP_EVERYONE, rsbac_acl_sys_get_rights(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), RSBAC_ZERO_DEV_DESC, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, TRUE, rsbac_dev_desc_t::type, and rsbac_acl_group_entry_t::type.
Referenced by sys_rsbac().
03673 { 03674 #if defined(CONFIG_RSBAC_ACL) 03675 struct dentry * t_dentry = NULL; 03676 rsbac_boolean_t need_put = FALSE; 03677 int err = 0; 03678 union rsbac_target_id_t tid; 03679 struct rsbac_acl_syscall_n_arg_t k_arg; 03680 rsbac_acl_rights_vector_t k_rights = 0; 03681 03682 struct nameidata nd; 03683 03684 if(!arg || !rights_p) 03685 return(-RSBAC_EINVALIDPOINTER); 03686 /* get values from user space */ 03687 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) ); 03688 03689 if(k_arg.target >= T_NONE) 03690 return(-RSBAC_EINVALIDTARGET); 03691 switch(k_arg.subj_type) 03692 { 03693 case ACLS_USER: 03694 break; 03695 case ACLS_GROUP: 03696 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE) 03697 { 03698 struct rsbac_acl_group_entry_t entry; 03699 rsbac_uid_t caller; 03700 03701 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry) 03702 || rsbac_get_owner(&caller) 03703 || ( (entry.owner != caller) 03704 && (entry.type != ACLG_GLOBAL) 03705 ) 03706 ) 03707 return(-RSBAC_EINVALIDVALUE); 03708 } 03709 break; 03710 case ACLS_ROLE: 03711 #if defined(CONFIG_RSBAC_RC) 03712 if(k_arg.subj_id > RC_role_max_value) 03713 return(-RSBAC_EINVALIDVALUE); 03714 #endif 03715 break; 03716 default: 03717 return(-RSBAC_EINVALIDVALUE); 03718 } 03719 03720 switch (k_arg.target) 03721 { 03722 case T_FD: 03723 case T_FILE: 03724 case T_DIR: 03725 case T_FIFO: 03726 case T_SYMLINK: 03727 if(k_arg.name) 03728 { 03729 if ((err = user_path_walk_link(k_arg.name, &nd))) 03730 { 03731 #ifdef CONFIG_RSBAC_DEBUG 03732 if (rsbac_debug_aef_acl) 03733 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err); 03734 #endif 03735 goto out; 03736 } 03737 t_dentry = nd.dentry; 03738 need_put = TRUE; 03739 if (!t_dentry->d_inode) 03740 { 03741 err = -RSBAC_EINVALIDTARGET; 03742 goto out_dput; 03743 } 03744 /* is inode of type file, symlink or block/char device? */ 03745 switch(k_arg.target) 03746 { 03747 case T_FD: 03748 if(S_ISREG(t_dentry->d_inode->i_mode)) 03749 { 03750 k_arg.target = T_FILE; 03751 } 03752 else 03753 if(S_ISDIR(t_dentry->d_inode->i_mode)) 03754 { 03755 k_arg.target = T_DIR; 03756 } 03757 else 03758 if(S_ISLNK(t_dentry->d_inode->i_mode)) 03759 { 03760 k_arg.target = T_SYMLINK; 03761 } 03762 else 03763 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 03764 { 03765 k_arg.target = T_FIFO; 03766 } 03767 else 03768 if(S_ISBLK(t_dentry->d_inode->i_mode)) 03769 { 03770 k_arg.target = T_FILE; 03771 } 03772 else 03773 if(S_ISCHR(t_dentry->d_inode->i_mode)) 03774 { 03775 k_arg.target = T_FILE; 03776 } 03777 else 03778 { /* This is no file or device */ 03779 err = -RSBAC_EINVALIDTARGET; 03780 goto out_dput; 03781 } 03782 break; 03783 case T_FILE: 03784 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 03785 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 03786 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 03787 { /* This is no file or device */ 03788 err = -RSBAC_EINVALIDTARGET; 03789 goto out_dput; 03790 } 03791 break; 03792 case T_DIR: 03793 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 03794 { /* This is no dir */ 03795 err = -RSBAC_EINVALIDTARGET; 03796 goto out_dput; 03797 } 03798 break; 03799 case T_FIFO: 03800 /* is inode of type fifo? */ 03801 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 03802 { /* This is no fifo */ 03803 err = -RSBAC_EINVALIDTARGET; 03804 goto out_dput; 03805 } 03806 break; 03807 case T_SYMLINK: 03808 /* is inode of type symlink? */ 03809 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 03810 { /* This is no symlink */ 03811 err = -RSBAC_EINVALIDTARGET; 03812 goto out_dput; 03813 } 03814 break; 03815 default: 03816 err = -RSBAC_EINVALIDTARGET; 03817 goto out_dput; 03818 } 03819 tid.file.device = t_dentry->d_sb->s_dev; 03820 tid.file.inode = t_dentry->d_inode->i_ino; 03821 tid.file.dentry_p = t_dentry; 03822 } 03823 else 03824 { 03825 if(k_arg.target == T_FD) 03826 k_arg.target = T_FILE; 03827 tid.file.device = RSBAC_ZERO_DEV; 03828 tid.file.inode = 0; 03829 tid.file.dentry_p = NULL; 03830 } 03831 break; 03832 03833 case T_DEV: 03834 if(k_arg.name) 03835 { 03836 if ((err = user_path_walk_link(k_arg.name, &nd))) 03837 { 03838 #ifdef CONFIG_RSBAC_DEBUG 03839 if (rsbac_debug_aef_acl) 03840 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err); 03841 #endif 03842 goto out; 03843 } 03844 t_dentry = nd.dentry; 03845 need_put = TRUE; 03846 if (!t_dentry->d_inode) 03847 { 03848 err = -RSBAC_EINVALIDTARGET; 03849 goto out_dput; 03850 } 03851 /* is inode of type file, symlink or block/char device? */ 03852 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 03853 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 03854 { /* This is no file or device */ 03855 err = -RSBAC_EINVALIDTARGET; 03856 goto out_dput; 03857 } 03858 /* fill target id and call internal function */ 03859 if(S_ISBLK(t_dentry->d_inode->i_mode)) 03860 tid.dev.type = D_block; 03861 else 03862 tid.dev.type = D_char; 03863 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 03864 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 03865 } 03866 else 03867 { 03868 tid.dev = RSBAC_ZERO_DEV_DESC; 03869 } 03870 break; 03871 03872 default: 03873 return -RSBAC_EINVALIDTARGET; 03874 } 03875 03876 /* call acl function */ 03877 err = rsbac_acl_sys_get_rights(ta_number, 03878 k_arg.target, 03879 tid, 03880 k_arg.subj_type, 03881 k_arg.subj_id, 03882 &k_rights, 03883 effective); 03884 03885 out_dput: 03886 if(need_put) 03887 path_release(&nd); 03888 out: 03889 if(!err) 03890 { 03891 rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) ); 03892 } 03893 return(err); 03894 #else 03895 return (-RSBAC_EINVALIDMODULE); 03896 #endif 03897 } /* end of sys_rsbac_acl_get_rights_n() */

int sys_rsbac_acl_get_tlist ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

union rsbac_target_id_t * tid,

struct rsbac_acl_entry_t entry_array[],

rsbac_time_t ttl_array[],

u_int maxnum

)

Definition at line 3901 of file syscalls.c.
References RSBAC_ACL_MAX_MAXNUM, rsbac_acl_sys_get_tlist(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_vfree, and T_NONE.
Referenced by sys_rsbac().
03908 { 03909 #if defined(CONFIG_RSBAC_ACL) 03910 union rsbac_target_id_t k_tid; 03911 struct rsbac_acl_entry_t * k_entry_p; 03912 rsbac_time_t * k_ttl_p; 03913 int err = 0; 03914 03915 if(!tid || (target >= T_NONE)) 03916 return(-RSBAC_EINVALIDTARGET); 03917 if(!entry_array) 03918 return(-RSBAC_EINVALIDPOINTER); 03919 if(!maxnum) 03920 return(-RSBAC_EINVALIDVALUE); 03921 if(maxnum > RSBAC_ACL_MAX_MAXNUM) 03922 maxnum = RSBAC_ACL_MAX_MAXNUM; 03923 03924 /* get values from user space */ 03925 err = rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 03926 if(err) 03927 return err; 03928 03929 /* call acl function */ 03930 err = rsbac_acl_sys_get_tlist(ta_number, target, k_tid, &k_entry_p, &k_ttl_p); 03931 if(err>0) 03932 { 03933 if(err > maxnum) 03934 err = maxnum; 03935 rsbac_put_user((u_char *) k_entry_p, 03936 (u_char *) entry_array, 03937 err * sizeof(*k_entry_p) ); 03938 if(ttl_array) 03939 { 03940 rsbac_put_user((u_char *) k_ttl_p, 03941 (u_char *) ttl_array, 03942 err * sizeof(*k_ttl_p) ); 03943 } 03944 rsbac_vfree(k_entry_p); 03945 rsbac_vfree(k_ttl_p); 03946 } 03947 return (err); 03948 #else 03949 return (-RSBAC_EINVALIDMODULE); 03950 #endif 03951 } /* end of sys_rsbac_acl_get_tlist() */

int sys_rsbac_acl_get_tlist_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

char * t_name,

struct rsbac_acl_entry_t entry_array[],

rsbac_time_t ttl_array[],

u_int maxnum

)

Definition at line 3953 of file syscalls.c.
References D_block, D_char, rsbac_target_id_t::dev, FALSE, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_acl_sys_get_tlist(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_vfree, RSBAC_ZERO_DEV_DESC, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, TRUE, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
03960 { 03961 #if defined(CONFIG_RSBAC_ACL) 03962 struct dentry * t_dentry = NULL; 03963 struct rsbac_acl_entry_t * k_entry_p; 03964 rsbac_time_t * k_ttl_p; 03965 rsbac_boolean_t need_put = FALSE; 03966 int err = 0; 03967 union rsbac_target_id_t tid; 03968 03969 struct nameidata nd; 03970 03971 if(target >= T_NONE) 03972 return(-RSBAC_EINVALIDTARGET); 03973 if(!entry_array) 03974 return(-RSBAC_EINVALIDPOINTER); 03975 03976 switch (target) 03977 { 03978 case T_FD: 03979 case T_FILE: 03980 case T_DIR: 03981 case T_FIFO: 03982 case T_SYMLINK: 03983 if(t_name) 03984 { 03985 if ((err = user_path_walk_link(t_name, &nd))) 03986 { 03987 #ifdef CONFIG_RSBAC_DEBUG 03988 if (rsbac_debug_aef_acl) 03989 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err); 03990 #endif 03991 goto out; 03992 } 03993 t_dentry = nd.dentry; 03994 need_put = TRUE; 03995 if (!t_dentry->d_inode) 03996 { 03997 err = -RSBAC_EINVALIDTARGET; 03998 goto out_dput; 03999 } 04000 /* is inode of type file, symlink or block/char device? */ 04001 switch(target) 04002 { 04003 case T_FD: 04004 if(S_ISREG(t_dentry->d_inode->i_mode)) 04005 { 04006 target = T_FILE; 04007 } 04008 else 04009 if(S_ISDIR(t_dentry->d_inode->i_mode)) 04010 { 04011 target = T_DIR; 04012 } 04013 else 04014 if(S_ISLNK(t_dentry->d_inode->i_mode)) 04015 { 04016 target = T_SYMLINK; 04017 } 04018 else 04019 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 04020 { 04021 target = T_FIFO; 04022 } 04023 else 04024 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04025 { 04026 target = T_FILE; 04027 } 04028 else 04029 if(S_ISCHR(t_dentry->d_inode->i_mode)) 04030 { 04031 target = T_FILE; 04032 } 04033 else 04034 { /* This is no file or device */ 04035 err = -RSBAC_EINVALIDTARGET; 04036 goto out_dput; 04037 } 04038 break; 04039 case T_FILE: 04040 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 04041 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 04042 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04043 { /* This is no file or device */ 04044 err = -RSBAC_EINVALIDTARGET; 04045 goto out_dput; 04046 } 04047 break; 04048 case T_DIR: 04049 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 04050 { /* This is no dir */ 04051 err = -RSBAC_EINVALIDTARGET; 04052 goto out_dput; 04053 } 04054 break; 04055 case T_FIFO: 04056 /* is inode of type fifo? */ 04057 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 04058 { /* This is no fifo */ 04059 err = -RSBAC_EINVALIDTARGET; 04060 goto out_dput; 04061 } 04062 break; 04063 case T_SYMLINK: 04064 /* is inode of type symlink? */ 04065 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 04066 { /* This is no symlink */ 04067 err = -RSBAC_EINVALIDTARGET; 04068 goto out_dput; 04069 } 04070 break; 04071 default: 04072 err = -RSBAC_EINVALIDTARGET; 04073 goto out_dput; 04074 } 04075 tid.file.device = t_dentry->d_sb->s_dev; 04076 tid.file.inode = t_dentry->d_inode->i_ino; 04077 tid.file.dentry_p = t_dentry; 04078 } 04079 else 04080 { 04081 if(target == T_FD) 04082 target = T_FILE; 04083 tid.file.device = RSBAC_ZERO_DEV; 04084 tid.file.inode = 0; 04085 tid.file.dentry_p = NULL; 04086 } 04087 break; 04088 04089 case T_DEV: 04090 if(t_name) 04091 { 04092 if ((err = user_path_walk_link(t_name, &nd))) 04093 { 04094 #ifdef CONFIG_RSBAC_DEBUG 04095 if (rsbac_debug_aef_acl) 04096 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err); 04097 #endif 04098 goto out; 04099 } 04100 t_dentry = nd.dentry; 04101 need_put = TRUE; 04102 if (!t_dentry->d_inode) 04103 { 04104 err = -RSBAC_EINVALIDTARGET; 04105 goto out_dput; 04106 } 04107 /* is inode of type file, symlink or block/char device? */ 04108 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 04109 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04110 { /* This is no file or device */ 04111 err = -RSBAC_EINVALIDTARGET; 04112 goto out_dput; 04113 } 04114 /* fill target id and call internal function */ 04115 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04116 tid.dev.type = D_block; 04117 else 04118 tid.dev.type = D_char; 04119 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 04120 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 04121 } 04122 else 04123 { 04124 tid.dev = RSBAC_ZERO_DEV_DESC; 04125 } 04126 break; 04127 04128 default: 04129 return -RSBAC_EINVALIDTARGET; 04130 } 04131 /* call ACL function */ 04132 err = rsbac_acl_sys_get_tlist(ta_number, target, tid, 04133 &k_entry_p, &k_ttl_p); 04134 04135 out_dput: 04136 if(need_put) 04137 path_release(&nd); 04138 out: 04139 if(err>0) 04140 { 04141 if(err > maxnum) 04142 err = maxnum; 04143 rsbac_put_user((u_char *) k_entry_p, 04144 (u_char *) entry_array, 04145 err * sizeof(*k_entry_p) ); 04146 if(ttl_array) 04147 { 04148 rsbac_put_user((u_char *) k_ttl_p, 04149 (u_char *) ttl_array, 04150 err * sizeof(*k_ttl_p) ); 04151 } 04152 rsbac_vfree(k_entry_p); 04153 rsbac_vfree(k_ttl_p); 04154 } 04155 return(err); 04156 04157 #else 04158 return (-RSBAC_EINVALIDMODULE); 04159 #endif 04160 } /* end of sys_rsbac_acl_get_tlist_n() */

int sys_rsbac_acl_group ( rsbac_list_ta_number_t ta_number,

enum rsbac_acl_group_syscall_type_t call,

union rsbac_acl_group_syscall_arg_t * arg_p

)

Definition at line 4394 of file syscalls.c.
References ACLGS_add_group, ACLGS_add_member, ACLGS_change_group, ACLGS_none, ACLGS_remove_group, ACLGS_remove_member, rsbac_acl_sys_group(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, and rsbac_printk().
Referenced by sys_rsbac().
04398 { 04399 #if defined(CONFIG_RSBAC_ACL) 04400 union rsbac_acl_group_syscall_arg_t k_arg; 04401 int err = 0; 04402 04403 if(call >= ACLGS_none) 04404 return(-RSBAC_EINVALIDREQUEST); 04405 if(!arg_p) 04406 return(-RSBAC_EINVALIDPOINTER); 04407 04408 #ifdef CONFIG_RSBAC_FREEZE 04409 if(rsbac_freeze) 04410 { 04411 switch(call) 04412 { 04413 case ACLGS_add_group: 04414 case ACLGS_change_group: 04415 case ACLGS_remove_group: 04416 case ACLGS_add_member: 04417 case ACLGS_remove_member: 04418 rsbac_printk(KERN_WARNING 04419 "sys_rsbac_acl_group(): RSBAC configuration frozen, no administration allowed!\n"); 04420 return -EPERM; 04421 04422 default: 04423 break; 04424 } 04425 } 04426 #endif 04427 04428 /* get values from user space */ 04429 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) ); 04430 04431 /* call acl function */ 04432 if(err >= 0) 04433 err = rsbac_acl_sys_group(ta_number, call, k_arg); 04434 return (err); 04435 #else 04436 return (-RSBAC_EINVALIDMODULE); 04437 #endif 04438 } /* end of sys_rsbac_acl() */

int sys_rsbac_acl_list_all_dev ( rsbac_list_ta_number_t ta_number,

struct rsbac_dev_desc_t * id_p,

u_long maxnum

)

Definition at line 4440 of file syscalls.c.
References NULL, rsbac_acl_list_all_dev(), rsbac_acl_list_all_major_dev(), RSBAC_EINVALIDMODULE, and rsbac_vfree.
Referenced by sys_rsbac().
04444 { 04445 #if defined(CONFIG_RSBAC_ACL) 04446 int err = 0; 04447 long count; 04448 long count2; 04449 04450 if(id_p && maxnum) 04451 { 04452 struct rsbac_dev_desc_t * k_id_p = NULL; 04453 04454 count = rsbac_acl_list_all_major_dev(ta_number, &k_id_p); 04455 if(count < 0) 04456 return count; 04457 if(count > maxnum) 04458 count = maxnum; 04459 04460 if(count) 04461 { 04462 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 04463 rsbac_vfree(k_id_p); 04464 if(err) 04465 return err; 04466 id_p += count; 04467 maxnum -= count; 04468 if(!maxnum) 04469 return count; 04470 } 04471 04472 count2 = rsbac_acl_list_all_dev(ta_number, &k_id_p); 04473 if(count2 < 0) 04474 return count2; 04475 if(count2 > maxnum) 04476 count2 = maxnum; 04477 04478 if(count2) 04479 { 04480 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count2 * sizeof(*k_id_p) ); 04481 rsbac_vfree(k_id_p); 04482 if(err) 04483 return err; 04484 count += count2; 04485 } 04486 return count; 04487 } 04488 else 04489 { 04490 count = rsbac_acl_list_all_major_dev(ta_number, NULL); 04491 if(count < 0) 04492 return count; 04493 count2 = rsbac_acl_list_all_dev(ta_number, NULL); 04494 if(count2 < 0) 04495 return count2; 04496 else 04497 return count + count2; 04498 } 04499 #else 04500 return (-RSBAC_EINVALIDMODULE); 04501 #endif 04502 }

int sys_rsbac_acl_list_all_group ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t * id_p,

u_long maxnum

)

Definition at line 4541 of file syscalls.c.
References NULL, rsbac_acl_list_all_group(), RSBAC_EINVALIDMODULE, and rsbac_vfree.
Referenced by sys_rsbac().
04545 { 04546 #ifdef CONFIG_RSBAC_ACL_UM_PROT 04547 int err = 0; 04548 long count; 04549 04550 if(id_p && maxnum) 04551 { 04552 rsbac_gid_t * k_id_p = NULL; 04553 04554 count = rsbac_acl_list_all_group(ta_number, &k_id_p); 04555 if(count < 0) 04556 return count; 04557 if(count > maxnum) 04558 count = maxnum; 04559 04560 if(count) 04561 { 04562 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 04563 rsbac_vfree(k_id_p); 04564 if(err) 04565 return err; 04566 } 04567 return count; 04568 } 04569 else 04570 { 04571 return rsbac_acl_list_all_group(ta_number, NULL); 04572 } 04573 #else 04574 return (-RSBAC_EINVALIDMODULE); 04575 #endif 04576 }

int sys_rsbac_acl_list_all_user ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t * id_p,

u_long maxnum

)

Definition at line 4504 of file syscalls.c.
References NULL, rsbac_acl_list_all_user(), RSBAC_EINVALIDMODULE, and rsbac_vfree.
Referenced by sys_rsbac().
04508 { 04509 #if defined(CONFIG_RSBAC_ACL) 04510 int err = 0; 04511 long count; 04512 04513 if(id_p && maxnum) 04514 { 04515 rsbac_uid_t * k_id_p = NULL; 04516 04517 count = rsbac_acl_list_all_user(ta_number, &k_id_p); 04518 if(count < 0) 04519 return count; 04520 if(count > maxnum) 04521 count = maxnum; 04522 04523 if(count) 04524 { 04525 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 04526 rsbac_vfree(k_id_p); 04527 if(err) 04528 return err; 04529 } 04530 return count; 04531 } 04532 else 04533 { 04534 return rsbac_acl_list_all_user(ta_number, NULL); 04535 } 04536 #else 04537 return (-RSBAC_EINVALIDMODULE); 04538 #endif 04539 }

int sys_rsbac_acl_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_acl_syscall_type_t call,

struct rsbac_acl_syscall_n_arg_t * arg

)

Definition at line 3309 of file syscalls.c.
References ACLC_add_to_acl_entry, ACLC_none, ACLC_remove_acl, ACLC_remove_acl_entry, ACLC_remove_from_acl_entry, ACLC_set_acl_entry, ACLC_set_mask, ACLG_GLOBAL, ACLS_GROUP, ACLS_ROLE, ACLS_USER, D_block, D_char, rsbac_target_id_t::dev, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_acl_group_entry_t::owner, RC_role_max_value, rsbac_acl_get_group_entry(), RSBAC_ACL_GROUP_EVERYONE, rsbac_acl_sys_add_to_acl_entry(), rsbac_acl_sys_remove_acl(), rsbac_acl_sys_remove_acl_entry(), rsbac_acl_sys_remove_from_acl_entry(), rsbac_acl_sys_set_acl_entry(), rsbac_acl_sys_set_mask(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), RSBAC_ZERO_DEV_DESC, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, rsbac_dev_desc_t::type, and rsbac_acl_group_entry_t::type.
Referenced by sys_rsbac().
03313 { 03314 #if defined(CONFIG_RSBAC_ACL) 03315 struct dentry * t_dentry = NULL; 03316 int err = 0; 03317 union rsbac_target_id_t tid; 03318 struct rsbac_acl_syscall_n_arg_t k_arg; 03319 03320 struct nameidata nd; 03321 03322 if(call >= ACLC_none) 03323 return(-RSBAC_EINVALIDREQUEST); 03324 if(!arg) 03325 return(-RSBAC_EINVALIDPOINTER); 03326 03327 #ifdef CONFIG_RSBAC_FREEZE 03328 if(rsbac_freeze) 03329 { 03330 rsbac_printk(KERN_WARNING 03331 "sys_rsbac_acl_n(): RSBAC configuration frozen, no administration allowed!\n"); 03332 return -EPERM; 03333 } 03334 #endif 03335 03336 /* get values from user space */ 03337 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) ); 03338 if(err < 0) 03339 return err; 03340 03341 if(k_arg.target >= T_NONE) 03342 return(-RSBAC_EINVALIDTARGET); 03343 if(call != ACLC_set_mask) 03344 { 03345 switch(k_arg.subj_type) 03346 { 03347 case ACLS_USER: 03348 break; 03349 case ACLS_GROUP: 03350 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE) 03351 { 03352 struct rsbac_acl_group_entry_t entry; 03353 rsbac_uid_t caller; 03354 03355 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry) 03356 || rsbac_get_owner(&caller) 03357 || ( (entry.owner != caller) 03358 && (entry.type != ACLG_GLOBAL) 03359 ) 03360 ) 03361 return(-RSBAC_EINVALIDVALUE); 03362 } 03363 break; 03364 #if defined(CONFIG_RSBAC_RC) 03365 case ACLS_ROLE: 03366 if(k_arg.subj_id > RC_role_max_value) 03367 return(-RSBAC_EINVALIDVALUE); 03368 break; 03369 #endif 03370 default: 03371 return(-RSBAC_EINVALIDVALUE); 03372 } 03373 } 03374 03375 if(k_arg.name) 03376 { 03377 /* lookup filename */ 03378 if ((err = user_path_walk_link(k_arg.name, &nd))) 03379 { 03380 #ifdef CONFIG_RSBAC_DEBUG 03381 if (rsbac_debug_aef) 03382 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): call to user_path_walk_link() returned %i\n", err); 03383 #endif 03384 goto out; 03385 } 03386 t_dentry = nd.dentry; 03387 if (!t_dentry->d_inode) 03388 { 03389 #ifdef CONFIG_RSBAC_DEBUG 03390 if (rsbac_debug_aef) 03391 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): file not found\n"); 03392 #endif 03393 err = -RSBAC_EINVALIDTARGET; 03394 goto out_dput; 03395 } 03396 tid.file.device = t_dentry->d_sb->s_dev; 03397 tid.file.inode = t_dentry->d_inode->i_ino; 03398 tid.file.dentry_p = t_dentry; 03399 } 03400 else 03401 { 03402 tid.file.device = RSBAC_ZERO_DEV; 03403 tid.file.inode = 0; 03404 tid.file.dentry_p = NULL; 03405 } 03406 03407 switch (k_arg.target) 03408 { 03409 case T_FD: 03410 if(k_arg.name) 03411 { 03412 if(S_ISREG(t_dentry->d_inode->i_mode)) 03413 { 03414 k_arg.target = T_FILE; 03415 } 03416 else 03417 if(S_ISDIR(t_dentry->d_inode->i_mode)) 03418 { 03419 k_arg.target = T_DIR; 03420 } 03421 else 03422 if(S_ISLNK(t_dentry->d_inode->i_mode)) 03423 { 03424 k_arg.target = T_SYMLINK; 03425 } 03426 else 03427 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 03428 { 03429 k_arg.target = T_FIFO; 03430 } 03431 else 03432 if(S_ISBLK(t_dentry->d_inode->i_mode)) 03433 { 03434 k_arg.target = T_FILE; 03435 } 03436 else 03437 if(S_ISCHR(t_dentry->d_inode->i_mode)) 03438 { 03439 k_arg.target = T_FILE; 03440 } 03441 else 03442 { 03443 #ifdef CONFIG_RSBAC_DEBUG 03444 if (rsbac_debug_aef) 03445 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): no filesystem object\n"); 03446 #endif 03447 err = -RSBAC_EINVALIDTARGET; 03448 goto out_dput; 03449 } 03450 } 03451 else 03452 k_arg.target = T_FILE; 03453 break; 03454 03455 case T_FILE: 03456 if(k_arg.name) 03457 { 03458 /* is inode of type file, symlink or block/char device? */ 03459 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 03460 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 03461 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 03462 { /* This is no file or device */ 03463 err = -RSBAC_EINVALIDTARGET; 03464 goto out_dput; 03465 } 03466 } 03467 break; 03468 03469 case T_DIR: 03470 if(k_arg.name) 03471 { 03472 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 03473 { /* This is no dir */ 03474 err = -RSBAC_EINVALIDTARGET; 03475 goto out_dput; 03476 } 03477 } 03478 break; 03479 03480 case T_FIFO: 03481 if(k_arg.name) 03482 { 03483 /* is inode of type fifo? */ 03484 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 03485 { /* This is no file or device */ 03486 err = -RSBAC_EINVALIDTARGET; 03487 goto out_dput; 03488 } 03489 } 03490 break; 03491 03492 case T_SYMLINK: 03493 if(k_arg.name) 03494 { 03495 /* is inode of type symlink? */ 03496 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 03497 { /* This is no file or device */ 03498 err = -RSBAC_EINVALIDTARGET; 03499 goto out_dput; 03500 } 03501 } 03502 break; 03503 03504 case T_DEV: 03505 if(k_arg.name) 03506 { 03507 /* is inode of type block/char device? */ 03508 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 03509 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 03510 { /* This is no file or device */ 03511 err = -RSBAC_EINVALIDTARGET; 03512 goto out_dput; 03513 } 03514 /* fill target id and call internal function */ 03515 if(S_ISBLK(t_dentry->d_inode->i_mode)) 03516 tid.dev.type = D_block; 03517 else 03518 tid.dev.type = D_char; 03519 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 03520 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 03521 } 03522 else 03523 { 03524 tid.dev = RSBAC_ZERO_DEV_DESC; 03525 } 03526 break; 03527 03528 default: 03529 err = -RSBAC_EINVALIDTARGET; 03530 goto out_dput; 03531 } 03532 /* call acl function */ 03533 switch(call) 03534 { 03535 case ACLC_set_acl_entry: 03536 err = rsbac_acl_sys_set_acl_entry(ta_number, 03537 k_arg.target, 03538 tid, 03539 k_arg.subj_type, 03540 k_arg.subj_id, 03541 k_arg.rights, 03542 k_arg.ttl); 03543 break; 03544 case ACLC_remove_acl_entry: 03545 err = rsbac_acl_sys_remove_acl_entry(ta_number, 03546 k_arg.target, 03547 tid, 03548 k_arg.subj_type, 03549 k_arg.subj_id); 03550 break; 03551 case ACLC_remove_acl: 03552 err = rsbac_acl_sys_remove_acl(ta_number, 03553 k_arg.target, 03554 tid); 03555 break; 03556 case ACLC_add_to_acl_entry: 03557 err = rsbac_acl_sys_add_to_acl_entry(ta_number, 03558 k_arg.target, 03559 tid, 03560 k_arg.subj_type, 03561 k_arg.subj_id, 03562 k_arg.rights, 03563 k_arg.ttl); 03564 break; 03565 case ACLC_remove_from_acl_entry: 03566 err = rsbac_acl_sys_remove_from_acl_entry(ta_number, 03567 k_arg.target, 03568 tid, 03569 k_arg.subj_type, 03570 k_arg.subj_id, 03571 k_arg.rights); 03572 break; 03573 case ACLC_set_mask: 03574 err = rsbac_acl_sys_set_mask(ta_number, 03575 k_arg.target, 03576 tid, 03577 k_arg.rights); 03578 break; 03579 03580 default: 03581 err = -RSBAC_EINVALIDREQUEST; 03582 } 03583 03584 out_dput: 03585 if(k_arg.name) 03586 { 03587 path_release(&nd); 03588 } 03589 03590 out: 03591 return(err); 03592 #else 03593 return (-RSBAC_EINVALIDMODULE); 03594 #endif 03595 } /* end of sys_rsbac_acl_n() */

int sys_rsbac_adf_log_switch ( enum rsbac_adf_request_t request,

enum rsbac_target_t target,

u_int value

)

Definition at line 6355 of file syscalls.c.
References rsbac_target_id_t::dummy, get_request_name(), LL_denied, LL_full, LL_none, R_NONE, R_SWITCH_LOG, rsbac_adf_log_switch(), rsbac_adf_request(), RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), T_FD, and T_NONE.
Referenced by sys_rsbac().
06358 { 06359 union rsbac_target_id_t rsbac_target_id; 06360 union rsbac_attribute_value_t rsbac_attribute_value; 06361 06362 if ((value != LL_none) && (value != LL_denied) && (value != LL_full)) 06363 return (-RSBAC_EINVALIDVALUE); 06364 if(request >= R_NONE) 06365 return(-RSBAC_EINVALIDREQUEST); 06366 if( (target == T_FD) 06367 || (target > T_NONE) 06368 ) 06369 return(-RSBAC_EINVALIDTARGET); 06370 06371 #ifdef CONFIG_RSBAC_FREEZE 06372 if(rsbac_freeze) 06373 { 06374 rsbac_printk(KERN_WARNING 06375 "sys_rsbac_adf_log_switch(): RSBAC configuration frozen, no administration allowed!\n"); 06376 return -EPERM; 06377 } 06378 #endif 06379 06380 /* call ADF */ 06381 #ifdef CONFIG_RSBAC_DEBUG 06382 if (rsbac_debug_aef) 06383 rsbac_printk(KERN_DEBUG "sys_rsbac_adf_log_switch(): calling ADF\n"); 06384 #endif 06385 rsbac_target_id.dummy = 0; 06386 rsbac_attribute_value.request = target; 06387 if (!rsbac_adf_request(R_SWITCH_LOG, 06388 current->pid, 06389 T_NONE, 06390 rsbac_target_id, 06391 A_request, 06392 rsbac_attribute_value)) 06393 { 06394 return -EPERM; 06395 } 06396 #ifdef CONFIG_RSBAC_DEBUG 06397 if (rsbac_debug_aef) 06398 { 06399 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06400 if(request_name) 06401 { 06402 get_request_name(request_name,target); 06403 rsbac_printk(KERN_INFO "sys_rsbac_adf_log_switch(): switching RSBAC module logging for request %s (No. %i) to %i!\n", 06404 request_name, target, value); 06405 rsbac_kfree(request_name); 06406 } 06407 } 06408 #endif 06409 rsbac_adf_log_switch(request,target,value); 06410 return(0); 06411 }

int sys_rsbac_auth_add_f_cap ( rsbac_list_ta_number_t ta_number,

char * filename,

enum rsbac_auth_cap_type_t cap_type,

struct rsbac_auth_cap_range_t cap_range,

rsbac_time_t ttl

)

Definition at line 2777 of file syscalls.c.
References ACT_none, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), rsbac_auth_add_f_cap(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), T_DIR, and T_FILE.
Referenced by sys_rsbac().
02783 { 02784 #if defined(CONFIG_RSBAC_AUTH) 02785 struct dentry * t_dentry; 02786 int err = 0; 02787 enum rsbac_target_t target; 02788 union rsbac_target_id_t tid; 02789 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 02790 union rsbac_attribute_value_t rsbac_attribute_value; 02791 #endif 02792 02793 struct nameidata nd; 02794 02795 if(cap_range.first > cap_range.last) 02796 return(-RSBAC_EINVALIDVALUE); 02797 02798 if(!filename) 02799 return(-RSBAC_EINVALIDTARGET); 02800 if(cap_type >= ACT_none) 02801 return(-RSBAC_EINVALIDTARGET); 02802 if(cap_range.first > cap_range.last) 02803 return(-RSBAC_EINVALIDVALUE); 02804 02805 #ifdef CONFIG_RSBAC_FREEZE 02806 if(rsbac_freeze) 02807 { 02808 rsbac_printk(KERN_WARNING 02809 "sys_rsbac_auth_add_f_cap(): RSBAC configuration frozen, no administration allowed!\n"); 02810 return -EPERM; 02811 } 02812 #endif 02813 02814 if ((err = user_path_walk_link(filename, &nd))) 02815 { 02816 #ifdef CONFIG_RSBAC_DEBUG 02817 if (rsbac_debug_aef_auth) 02818 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): call to user_path_walk_link() returned %i\n", err); 02819 #endif 02820 goto out; 02821 } 02822 t_dentry = nd.dentry; 02823 if (!t_dentry->d_inode) 02824 { 02825 err = -RSBAC_EINVALIDTARGET; 02826 goto out_dput; 02827 } 02828 /* is inode of type file? */ 02829 if(S_ISREG(t_dentry->d_inode->i_mode)) 02830 target = T_FILE; 02831 else 02832 if(S_ISDIR(t_dentry->d_inode->i_mode)) 02833 target = T_DIR; 02834 else 02835 { /* This is no file or dir */ 02836 err = -RSBAC_EINVALIDTARGET; 02837 goto out_dput; 02838 } 02839 tid.file.device = t_dentry->d_sb->s_dev; 02840 tid.file.inode = t_dentry->d_inode->i_ino; 02841 tid.file.dentry_p = t_dentry; 02842 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 02843 /* call ADF */ 02844 #ifdef CONFIG_RSBAC_DEBUG 02845 if (rsbac_debug_aef) 02846 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n"); 02847 #endif 02848 rsbac_attribute_value.auth_cap_range = cap_range; 02849 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 02850 current->pid, 02851 target, 02852 tid, 02853 A_auth_add_f_cap, 02854 rsbac_attribute_value)) 02855 { 02856 err = -EPERM; 02857 } 02858 else 02859 #endif 02860 err = rsbac_auth_add_f_cap(ta_number, tid.file, cap_type, cap_range, ttl); 02861 02862 out_dput: 02863 path_release(&nd); 02864 out: 02865 return(err); 02866 02867 #else 02868 return (-RSBAC_EINVALIDMODULE); 02869 #endif 02870 };

int sys_rsbac_auth_add_p_cap ( rsbac_list_ta_number_t ta_number,

rsbac_pid_t pid,

enum rsbac_auth_cap_type_t cap_type,

struct rsbac_auth_cap_range_t cap_range,

rsbac_time_t ttl

)

Definition at line 2699 of file syscalls.c.
References ACT_none, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_auth_add_p_cap(), RSBAC_AUTH_MAX_RANGE_UID, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, and rsbac_printk().
Referenced by sys_rsbac().
02705 { 02706 #if defined(CONFIG_RSBAC_AUTH) 02707 struct task_struct * task_p; 02708 02709 if(cap_type >= ACT_none) 02710 return(-RSBAC_EINVALIDTARGET); 02711 if(cap_range.first > cap_range.last) 02712 return(-RSBAC_EINVALIDVALUE); 02713 if( (cap_range.first > RSBAC_AUTH_MAX_RANGE_UID) 02714 || (cap_range.last > RSBAC_AUTH_MAX_RANGE_UID) 02715 ) 02716 return -RSBAC_EINVALIDVALUE; 02717 02718 #ifdef CONFIG_RSBAC_FREEZE 02719 if(rsbac_freeze) 02720 { 02721 rsbac_printk(KERN_WARNING 02722 "sys_rsbac_auth_add_p_cap(): RSBAC configuration frozen, no administration allowed!\n"); 02723 return -EPERM; 02724 } 02725 #endif 02726 02727 read_lock(&tasklist_lock); 02728 task_p = find_task_by_pid(pid); 02729 read_unlock(&tasklist_lock); 02730 if(!task_p) 02731 return(-RSBAC_EINVALIDTARGET); 02732 02733 /* call auth function and return its result */ 02734 /* permission checking is done there */ 02735 return(rsbac_auth_add_p_cap(ta_number, pid, cap_type, cap_range, ttl)); 02736 #else 02737 return (-RSBAC_EINVALIDMODULE); 02738 #endif 02739 }

int sys_rsbac_auth_get_f_caplist ( rsbac_list_ta_number_t ta_number,

char * filename,

enum rsbac_auth_cap_type_t cap_type,

struct rsbac_auth_cap_range_t caplist[],

rsbac_time_t ttllist[],

u_int maxnum

)

Definition at line 2965 of file syscalls.c.
References ACT_none, rsbac_attribute_value_t::dummy, R_READ_ATTRIBUTE, rsbac_adf_request(), rsbac_auth_get_f_caplist(), RSBAC_AUTH_MAX_MAXNUM, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_vfree, T_DIR, and T_FILE.
Referenced by sys_rsbac().
02972 { 02973 #if defined(CONFIG_RSBAC_AUTH) 02974 struct dentry * t_dentry; 02975 int err = 0, tmperr = 0; 02976 enum rsbac_target_t target; 02977 union rsbac_target_id_t tid; 02978 struct rsbac_auth_cap_range_t * k_caplist; 02979 rsbac_time_t * k_ttllist; 02980 02981 /* for adf_request */ 02982 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 02983 union rsbac_attribute_value_t rsbac_attribute_value; 02984 #endif 02985 02986 struct nameidata nd; 02987 02988 if(!filename) 02989 return(-RSBAC_EINVALIDTARGET); 02990 if(cap_type >= ACT_none) 02991 return(-RSBAC_EINVALIDTARGET); 02992 if(!caplist) 02993 return(-RSBAC_EINVALIDPOINTER); 02994 if(maxnum <= 0) 02995 return(-RSBAC_EINVALIDVALUE); 02996 if(maxnum > RSBAC_AUTH_MAX_MAXNUM) 02997 maxnum = RSBAC_AUTH_MAX_MAXNUM; 02998 02999 if ((err = user_path_walk_link(filename, &nd))) 03000 { 03001 #ifdef CONFIG_RSBAC_DEBUG 03002 if (rsbac_debug_aef_auth) 03003 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): call to user_path_walk_link() returned %i\n", err); 03004 #endif 03005 goto out; 03006 } 03007 t_dentry = nd.dentry; 03008 if (!t_dentry->d_inode) 03009 { 03010 err = -RSBAC_EINVALIDTARGET; 03011 goto out_dput; 03012 } 03013 /* is inode of type file or dir? */ 03014 if(S_ISREG(t_dentry->d_inode->i_mode)) 03015 target = T_FILE; 03016 else 03017 if(S_ISDIR(t_dentry->d_inode->i_mode)) 03018 target = T_DIR; 03019 else 03020 { /* This is no file or dir */ 03021 err = -RSBAC_EINVALIDTARGET; 03022 goto out_dput; 03023 } 03024 tid.file.device = t_dentry->d_sb->s_dev; 03025 tid.file.inode = t_dentry->d_inode->i_ino; 03026 tid.file.dentry_p = t_dentry; 03027 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03028 /* call ADF */ 03029 #ifdef CONFIG_RSBAC_DEBUG 03030 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): calling ADF\n"); 03031 #endif 03032 rsbac_attribute_value.dummy = 0; 03033 if (!rsbac_adf_request(R_READ_ATTRIBUTE, 03034 current->pid, 03035 target, 03036 tid, 03037 A_auth_get_caplist, 03038 rsbac_attribute_value)) 03039 { 03040 err = -EPERM; 03041 goto out_dput; 03042 } 03043 #endif 03044 err = rsbac_auth_get_f_caplist(ta_number, tid.file, cap_type, &k_caplist, &k_ttllist); 03045 if(err>0) 03046 { 03047 if(err > maxnum) 03048 err = maxnum; 03049 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist, 03050 sizeof(struct rsbac_auth_cap_range_t) * err); 03051 if(tmperr < 0) 03052 err = tmperr; 03053 else 03054 { 03055 if(ttllist) 03056 { 03057 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist, 03058 sizeof(rsbac_time_t) * err); 03059 if(tmperr < 0) 03060 err = tmperr; 03061 } 03062 } 03063 rsbac_vfree(k_caplist); 03064 rsbac_vfree(k_ttllist); 03065 } 03066 03067 out_dput: 03068 path_release(&nd); 03069 out: 03070 return(err); 03071 03072 #else 03073 return (-RSBAC_EINVALIDMODULE); 03074 #endif 03075 }

int sys_rsbac_auth_get_p_caplist ( rsbac_list_ta_number_t ta_number,

rsbac_pid_t pid,

enum rsbac_auth_cap_type_t cap_type,

struct rsbac_auth_cap_range_t caplist[],

rsbac_time_t ttllist[],

u_int maxnum

)

Definition at line 3077 of file syscalls.c.
References ACT_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::process, R_READ_ATTRIBUTE, rsbac_adf_request(), rsbac_auth_get_p_caplist(), RSBAC_AUTH_MAX_MAXNUM, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_vfree, and T_PROCESS.
Referenced by sys_rsbac().
03084 { 03085 #if defined(CONFIG_RSBAC_AUTH) 03086 int err = 0, tmperr = 0; 03087 union rsbac_target_id_t tid; 03088 struct rsbac_auth_cap_range_t * k_caplist; 03089 rsbac_time_t * k_ttllist; 03090 03091 /* for adf_request */ 03092 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03093 union rsbac_attribute_value_t rsbac_attribute_value; 03094 #endif 03095 03096 if(!pid) 03097 return(-RSBAC_EINVALIDTARGET); 03098 if(cap_type >= ACT_none) 03099 return(-RSBAC_EINVALIDTARGET); 03100 if(!caplist) 03101 return(-RSBAC_EINVALIDPOINTER); 03102 if(maxnum <= 0) 03103 return(-RSBAC_EINVALIDVALUE); 03104 if(maxnum > RSBAC_AUTH_MAX_MAXNUM) 03105 maxnum = RSBAC_AUTH_MAX_MAXNUM; 03106 03107 tid.process = pid; 03108 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03109 /* call ADF */ 03110 #ifdef CONFIG_RSBAC_DEBUG 03111 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_p_caplist(): calling ADF\n"); 03112 #endif 03113 rsbac_attribute_value.dummy = 0; 03114 if (!rsbac_adf_request(R_READ_ATTRIBUTE, 03115 current->pid, 03116 T_PROCESS, 03117 tid, 03118 A_auth_get_caplist, 03119 rsbac_attribute_value)) 03120 { 03121 return -EPERM; 03122 } 03123 #endif 03124 err = rsbac_auth_get_p_caplist(ta_number, tid.process, cap_type, 03125 &k_caplist, &k_ttllist); 03126 if(err>0) 03127 { 03128 if(err > maxnum) 03129 err = maxnum; 03130 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist, 03131 sizeof(struct rsbac_auth_cap_range_t) * err); 03132 if(tmperr < 0) 03133 err = tmperr; 03134 else 03135 { 03136 if(ttllist) 03137 { 03138 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist, 03139 sizeof(rsbac_time_t) * err); 03140 if(tmperr < 0) 03141 err = tmperr; 03142 } 03143 } 03144 rsbac_vfree(k_caplist); 03145 rsbac_vfree(k_ttllist); 03146 } 03147 03148 return(err); 03149 03150 #else 03151 return (-RSBAC_EINVALIDMODULE); 03152 #endif 03153 }

int sys_rsbac_auth_remove_f_cap ( rsbac_list_ta_number_t ta_number,

char * filename,

enum rsbac_auth_cap_type_t cap_type,

struct rsbac_auth_cap_range_t cap_range

)

Definition at line 2872 of file syscalls.c.
References ACT_none, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), rsbac_auth_remove_f_cap(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), T_DIR, and T_FILE.
Referenced by sys_rsbac().
02877 { 02878 #if defined(CONFIG_RSBAC_AUTH) 02879 struct dentry * t_dentry; 02880 int err = 0; 02881 enum rsbac_target_t target; 02882 union rsbac_target_id_t tid; 02883 02884 /* for adf_request */ 02885 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 02886 union rsbac_attribute_value_t rsbac_attribute_value; 02887 #endif 02888 02889 struct nameidata nd; 02890 02891 if(!filename) 02892 return(-RSBAC_EINVALIDTARGET); 02893 if(cap_type >= ACT_none) 02894 return(-RSBAC_EINVALIDTARGET); 02895 if(cap_range.first > cap_range.last) 02896 return(-RSBAC_EINVALIDVALUE); 02897 02898 #ifdef CONFIG_RSBAC_FREEZE 02899 if(rsbac_freeze) 02900 { 02901 rsbac_printk(KERN_WARNING 02902 "sys_rsbac_auth_remove_f_cap(): RSBAC configuration frozen, no administration allowed!\n"); 02903 return -EPERM; 02904 } 02905 #endif 02906 02907 if ((err = user_path_walk_link(filename, &nd))) 02908 { 02909 #ifdef CONFIG_RSBAC_DEBUG 02910 if (rsbac_debug_aef_auth) 02911 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_remove_f_cap(): call to user_path_walk_link() returned %i\n", err); 02912 #endif 02913 goto out; 02914 } 02915 t_dentry = nd.dentry; 02916 if (!t_dentry->d_inode) 02917 { 02918 err = -RSBAC_EINVALIDTARGET; 02919 goto out_dput; 02920 } 02921 /* is inode of type file or dir? */ 02922 if(S_ISREG(t_dentry->d_inode->i_mode)) 02923 target = T_FILE; 02924 else 02925 if(S_ISDIR(t_dentry->d_inode->i_mode)) 02926 target = T_DIR; 02927 else 02928 { /* This is no file or dir */ 02929 err = -RSBAC_EINVALIDTARGET; 02930 goto out_dput; 02931 } 02932 tid.file.device = t_dentry->d_sb->s_dev; 02933 tid.file.inode = t_dentry->d_inode->i_ino; 02934 tid.file.dentry_p = t_dentry; 02935 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 02936 /* call ADF */ 02937 #ifdef CONFIG_RSBAC_DEBUG 02938 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n"); 02939 #endif 02940 rsbac_attribute_value.auth_cap_range = cap_range; 02941 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 02942 current->pid, 02943 target, 02944 tid, 02945 A_auth_remove_f_cap, 02946 rsbac_attribute_value)) 02947 { 02948 err = -EPERM; 02949 } 02950 else 02951 #endif 02952 err = rsbac_auth_remove_f_cap(ta_number, tid.file, cap_type, cap_range); 02953 02954 out_dput: 02955 path_release(&nd); 02956 out: 02957 return(err); 02958 02959 #else 02960 return (-RSBAC_EINVALIDMODULE); 02961 #endif 02962 }

int sys_rsbac_auth_remove_p_cap ( rsbac_list_ta_number_t ta_number,

rsbac_pid_t pid,

enum rsbac_auth_cap_type_t cap_type,

struct rsbac_auth_cap_range_t cap_range

)

Definition at line 2741 of file syscalls.c.
References ACT_none, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_auth_remove_p_cap(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, and rsbac_printk().
Referenced by sys_rsbac().
02746 { 02747 #if defined(CONFIG_RSBAC_AUTH) 02748 struct task_struct * task_p; 02749 02750 if(cap_type >= ACT_none) 02751 return(-RSBAC_EINVALIDTARGET); 02752 if(cap_range.first > cap_range.last) 02753 return(-RSBAC_EINVALIDVALUE); 02754 02755 #ifdef CONFIG_RSBAC_FREEZE 02756 if(rsbac_freeze) 02757 { 02758 rsbac_printk(KERN_WARNING 02759 "sys_rsbac_auth_remove_p_cap(): RSBAC configuration frozen, no administration allowed!\n"); 02760 return -EPERM; 02761 } 02762 #endif 02763 02764 read_lock(&tasklist_lock); 02765 task_p = find_task_by_pid(pid); 02766 read_unlock(&tasklist_lock); 02767 if(!task_p) 02768 return(-RSBAC_EINVALIDTARGET); 02769 /* call auth function and return its result */ 02770 /* permission checking is done there */ 02771 return(rsbac_auth_remove_p_cap(ta_number, pid, cap_type, cap_range)); 02772 #else 02773 return (-RSBAC_EINVALIDMODULE); 02774 #endif 02775 }

int sys_rsbac_check ( int correct,

int check_inode

)

Definition at line 93 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), rsbac_check(), rsbac_check_acl(), rsbac_check_auth(), rsbac_check_lists(), rsbac_check_mac(), rsbac_check_reg(), rsbac_printk(), rsbac_write_sem, rsbac_target_id_t::scd, ST_rsbac, sys_sync(), and T_SCD.
Referenced by sys_rsbac().
00094 { 00095 union rsbac_target_id_t rsbac_target_id; 00096 union rsbac_attribute_value_t rsbac_attribute_value; 00097 int result; 00098 00099 #ifdef CONFIG_RSBAC_DEBUG 00100 if (rsbac_debug_aef) 00101 { 00102 rsbac_printk(KERN_DEBUG "sys_rsbac_check(): calling ADF\n"); 00103 } 00104 #endif 00105 rsbac_target_id.scd = ST_rsbac; 00106 rsbac_attribute_value.dummy = 0; 00107 if (!rsbac_adf_request(R_GET_STATUS_DATA, 00108 current->pid, 00109 T_SCD, 00110 rsbac_target_id, 00111 A_none, 00112 rsbac_attribute_value)) 00113 { 00114 return -EPERM; 00115 } 00116 00117 rsbac_printk(KERN_INFO 00118 "sys_rsbac_check(): triggering RSBAC consistency check, correct = %u, check_inode = %u!\n", 00119 correct, check_inode); 00120 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 00121 /* Sync to be sure */ 00122 if(check_inode) 00123 { 00124 rsbac_printk(KERN_INFO 00125 "sys_rsbac_check(): syncing disks\n"); 00126 sys_sync(); 00127 } 00128 #endif 00129 00130 lock_kernel(); 00131 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 00132 /* rsbac write blocking */ 00133 if(check_inode) 00134 down(&rsbac_write_sem); 00135 #endif 00136 00137 result=rsbac_check_lists(correct); 00138 00139 /* call other checks */ 00140 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 00141 if(!result) 00142 result = rsbac_check(correct, check_inode); 00143 #if defined(CONFIG_RSBAC_MAC) 00144 if(!result) 00145 result=rsbac_check_mac(correct, check_inode); 00146 #endif 00147 #if defined(CONFIG_RSBAC_AUTH) 00148 if(!result) 00149 result=rsbac_check_auth(correct, check_inode); 00150 #endif 00151 #endif 00152 #if defined(CONFIG_RSBAC_ACL) 00153 if(!result) 00154 result=rsbac_check_acl(correct, check_inode); 00155 #endif 00156 #if defined(CONFIG_RSBAC_REG) 00157 if(!result) 00158 result=rsbac_check_reg(correct, check_inode); 00159 #endif 00160 00161 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 00162 /* release write blocking */ 00163 if(check_inode) 00164 up(&rsbac_write_sem); 00165 #endif 00166 00167 unlock_kernel(); 00168 return(result); 00169 }

int sys_rsbac_daz_flush_cache ( void )

Definition at line 2238 of file syscalls.c.
References A_daz_role, DAZ, rsbac_daz_flush_cache(), rsbac_get_attr, rsbac_printk(), SR_administrator, SR_security_officer, rsbac_attribute_value_t::system_role, T_USER, TRUE, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
02239 { 02240 #ifndef CONFIG_RSBAC_DAZ_CACHE 02241 return (0); 02242 #else 02243 #ifndef CONFIG_RSBAC_MAINT 02244 union rsbac_target_id_t i_tid; 02245 union rsbac_attribute_value_t i_attr_val1; 02246 02247 /* Security Officer or admin? */ 02248 i_tid.user = current->uid; 02249 if (rsbac_get_attr(DAZ, 02250 T_USER, 02251 i_tid, 02252 A_daz_role, 02253 &i_attr_val1, 02254 TRUE)) 02255 { 02256 rsbac_printk(KERN_WARNING 02257 "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n"); 02258 return -EPERM; 02259 } 02260 /* if not sec_officer or admin, deny */ 02261 if ( (i_attr_val1.system_role != SR_security_officer) 02262 && (i_attr_val1.system_role != SR_administrator) 02263 ) 02264 #ifdef CONFIG_RSBAC_SOFTMODE 02265 if( !rsbac_softmode 02266 #ifdef CONFIG_RSBAC_SOFTMODE_IND 02267 && !rsbac_ind_softmode[DAZ] 02268 #endif 02269 ) 02270 #endif 02271 return -EPERM; 02272 #endif 02273 02274 rsbac_printk(KERN_INFO 02275 "sys_rsbac_daz_flush_cache(): flushing DAZuko result cache!\n"); 02276 02277 return(rsbac_daz_flush_cache()); 02278 #endif 02279 }

int sys_rsbac_get_adf_log ( enum rsbac_adf_request_t request,

enum rsbac_target_t target,

u_int * value_p

)

Definition at line 6413 of file syscalls.c.
References get_request_name(), R_GET_STATUS_DATA, R_NONE, rsbac_adf_request(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, rsbac_get_adf_log(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_target_id_t::scd, ST_rsbac, T_FD, T_NONE, and T_SCD.
Referenced by sys_rsbac().
06416 { 06417 union rsbac_target_id_t rsbac_target_id; 06418 union rsbac_attribute_value_t rsbac_attribute_value; 06419 u_int k_value; 06420 int err; 06421 06422 if(request >= R_NONE) 06423 return(-RSBAC_EINVALIDREQUEST); 06424 if( (target == T_FD) 06425 || (target > T_NONE) 06426 ) 06427 return(-RSBAC_EINVALIDTARGET); 06428 if(!value_p) 06429 return(-RSBAC_EINVALIDPOINTER); 06430 /* call ADF */ 06431 #ifdef CONFIG_RSBAC_DEBUG 06432 if (rsbac_debug_aef) 06433 rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): calling ADF\n"); 06434 #endif 06435 rsbac_target_id.scd = ST_rsbac; 06436 rsbac_attribute_value.request = request; 06437 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06438 current->pid, 06439 T_SCD, 06440 rsbac_target_id, 06441 A_request, 06442 rsbac_attribute_value)) 06443 { 06444 return -EPERM; 06445 } 06446 #ifdef CONFIG_RSBAC_DEBUG 06447 if (rsbac_debug_aef) 06448 { 06449 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06450 if(request_name) 06451 { 06452 get_request_name(request_name,target); 06453 rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): getting RSBAC module logging for request %s (No. %i)!\n", 06454 request_name, target); 06455 rsbac_kfree(request_name); 06456 } 06457 } 06458 #endif 06459 err = rsbac_get_adf_log(request, target, &k_value); 06460 if(!err) 06461 { 06462 rsbac_put_user((u_char *) &k_value, 06463 (u_char *) value_p, 06464 sizeof(k_value) ); 06465 } 06466 return(err); 06467 }

int sys_rsbac_get_attr ( rsbac_list_ta_number_t ta_number,

enum rsbac_switch_target_t module,

enum rsbac_target_t target,

union rsbac_target_id_t * tid,

enum rsbac_attribute_t attr,

union rsbac_attribute_value_t * value,

int inherit

)

Definition at line 209 of file syscalls.c.
References A_none, FALSE, get_attr_module(), R_READ_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_ta_get_attr(), SW_NONE, T_NETOBJ, T_NONE, and TRUE.
Referenced by sys_rsbac().
00217 { 00218 union rsbac_target_id_t k_tid; 00219 union rsbac_attribute_value_t k_value; 00220 int err = 0; 00221 rsbac_boolean_t i_inherit; 00222 00223 if(module > SW_NONE) 00224 return(-RSBAC_EINVALIDMODULE); 00225 if(!tid || (target >= T_NONE)) 00226 return(-RSBAC_EINVALIDTARGET); 00227 if(!value) 00228 return(-RSBAC_EINVALIDVALUE); 00229 if(attr >= A_none) 00230 return(-RSBAC_EINVALIDATTR); 00231 00232 if(module == SW_NONE) 00233 { 00234 module = get_attr_module(attr); 00235 if(module == SW_NONE) 00236 return(-RSBAC_EINVALIDMODULE); 00237 } 00238 00239 /* get values from user space */ 00240 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 00241 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00242 00243 if(inherit) 00244 i_inherit = TRUE; 00245 else 00246 i_inherit = FALSE; 00247 00248 #ifdef CONFIG_RSBAC_NET_OBJ 00249 /* sanity check before using pointer */ 00250 if( (target == T_NETOBJ) 00251 && ( !k_tid.netobj.sock_p 00252 || k_tid.netobj.remote_addr 00253 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00254 || !k_tid.netobj.sock_p->file 00255 || !k_tid.netobj.sock_p->file->f_dentry 00256 || !k_tid.netobj.sock_p->file->f_dentry->d_inode 00257 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p) 00258 #else 00259 || !k_tid.netobj.sock_p->inode 00260 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p) 00261 #endif 00262 ) 00263 ) 00264 return -RSBAC_EINVALIDTARGET; 00265 #endif 00266 00267 /* call ADF */ 00268 #ifdef CONFIG_RSBAC_DEBUG 00269 if (rsbac_debug_aef) 00270 { 00271 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): calling ADF\n"); 00272 } 00273 #endif 00274 if (!rsbac_adf_request(R_READ_ATTRIBUTE, 00275 current->pid, 00276 target, 00277 k_tid, 00278 attr, 00279 k_value)) 00280 { 00281 return -EPERM; 00282 } 00283 00284 err = rsbac_ta_get_attr(ta_number, module, target, k_tid, attr, &k_value, i_inherit); 00285 /* put result value to user space */ 00286 if(!err) 00287 { 00288 err = rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00289 } 00290 return (err); 00291 } /* end of sys_rsbac_get_attr() */

int sys_rsbac_get_attr_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_switch_target_t module,

enum rsbac_target_t target,

char * t_name,

enum rsbac_attribute_t attr,

union rsbac_attribute_value_t * value,

int inherit

)

Definition at line 294 of file syscalls.c.
References A_none, D_block, D_char, rsbac_target_id_t::dev, FALSE, get_attr_module(), rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, R_READ_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_ta_get_attr(), SW_NONE, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, TRUE, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
00302 { 00303 union rsbac_attribute_value_t k_value; 00304 struct dentry * t_dentry; 00305 int err = 0; 00306 union rsbac_target_id_t tid; 00307 /* struct passwd * user_description_p; */ 00308 rsbac_boolean_t i_inherit; 00309 struct nameidata nd; 00310 00311 if(module > SW_NONE) 00312 return(-RSBAC_EINVALIDMODULE); 00313 if(!t_name || (target >= T_NONE)) 00314 return(-RSBAC_EINVALIDTARGET); 00315 if(!value) 00316 return(-RSBAC_EINVALIDVALUE); 00317 if(attr >= A_none) 00318 return(-RSBAC_EINVALIDATTR); 00319 00320 if(module == SW_NONE) 00321 { 00322 module = get_attr_module(attr); 00323 if(module == SW_NONE) 00324 return(-RSBAC_EINVALIDMODULE); 00325 } 00326 00327 if(inherit) 00328 i_inherit = TRUE; 00329 else 00330 i_inherit = FALSE; 00331 00332 /* get values from user space */ 00333 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00334 00335 /* lookup filename */ 00336 if ((err = user_path_walk_link(t_name, &nd))) 00337 { 00338 #ifdef CONFIG_RSBAC_DEBUG 00339 if (rsbac_debug_aef) 00340 { 00341 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): call to user_path_walk_link() returned %i\n", err); 00342 } 00343 #endif 00344 goto out; 00345 } 00346 t_dentry = nd.dentry; 00347 if (!t_dentry->d_inode) 00348 { 00349 #ifdef CONFIG_RSBAC_DEBUG 00350 if (rsbac_debug_aef) 00351 { 00352 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): file not found\n"); 00353 } 00354 #endif 00355 err = -RSBAC_EINVALIDTARGET; 00356 goto out_dput; 00357 } 00358 00359 switch (target) 00360 { 00361 /* is inode of right type? */ 00362 case T_FD: 00363 if(S_ISREG(t_dentry->d_inode->i_mode)) 00364 { 00365 target = T_FILE; 00366 } 00367 else 00368 if(S_ISDIR(t_dentry->d_inode->i_mode)) 00369 { 00370 target = T_DIR; 00371 } 00372 else 00373 if(S_ISLNK(t_dentry->d_inode->i_mode)) 00374 { 00375 target = T_SYMLINK; 00376 } 00377 else 00378 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 00379 { 00380 target = T_FIFO; 00381 } 00382 else 00383 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00384 { 00385 target = T_FILE; 00386 } 00387 else 00388 if(S_ISCHR(t_dentry->d_inode->i_mode)) 00389 { 00390 target = T_FILE; 00391 } 00392 else 00393 { 00394 #ifdef CONFIG_RSBAC_DEBUG 00395 if (rsbac_debug_aef) 00396 { 00397 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no filesystem object\n"); 00398 } 00399 #endif 00400 err = -RSBAC_EINVALIDTARGET; 00401 goto out_dput; 00402 } 00403 break; 00404 00405 case T_FILE: 00406 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 00407 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 00408 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00409 { 00410 #ifdef CONFIG_RSBAC_DEBUG 00411 if (rsbac_debug_aef) 00412 { 00413 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no file\n"); 00414 } 00415 #endif 00416 err = -RSBAC_EINVALIDTARGET; 00417 goto out_dput; 00418 } 00419 break; 00420 00421 case T_DIR: 00422 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 00423 { 00424 #ifdef CONFIG_RSBAC_DEBUG 00425 if (rsbac_debug_aef) 00426 { 00427 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dir\n"); 00428 } 00429 #endif 00430 err = -RSBAC_EINVALIDTARGET; 00431 goto out_dput; 00432 } 00433 break; 00434 00435 case T_FIFO: 00436 /* is inode of type fifo? */ 00437 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 00438 { 00439 #ifdef CONFIG_RSBAC_DEBUG 00440 if (rsbac_debug_aef) 00441 { 00442 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no fifo\n"); 00443 } 00444 #endif 00445 err = -RSBAC_EINVALIDTARGET; 00446 goto out_dput; 00447 } 00448 break; 00449 00450 case T_SYMLINK: 00451 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 00452 { 00453 #ifdef CONFIG_RSBAC_DEBUG 00454 if (rsbac_debug_aef) 00455 { 00456 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no symlink\n"); 00457 } 00458 #endif 00459 err = -RSBAC_EINVALIDTARGET; 00460 goto out_dput; 00461 } 00462 break; 00463 00464 case T_DEV: 00465 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 00466 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00467 { 00468 #ifdef CONFIG_RSBAC_DEBUG 00469 if (rsbac_debug_aef) 00470 { 00471 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dev\n"); 00472 } 00473 #endif 00474 err = -RSBAC_EINVALIDTARGET; 00475 goto out_dput; 00476 } 00477 break; 00478 00479 default: 00480 err = -RSBAC_EINVALIDTARGET; 00481 goto out_dput; 00482 } 00483 00484 if(target == T_DEV) 00485 { 00486 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00487 tid.dev.type = D_block; 00488 else 00489 tid.dev.type = D_char; 00490 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 00491 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 00492 } 00493 else 00494 { 00495 /* fill target id and call internal function */ 00496 tid.file.device = t_dentry->d_sb->s_dev; 00497 tid.file.inode = t_dentry->d_inode->i_ino; 00498 tid.file.dentry_p = t_dentry; 00499 } 00500 /* call ADF */ 00501 #ifdef CONFIG_RSBAC_DEBUG 00502 if (rsbac_debug_aef) 00503 { 00504 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): calling ADF\n"); 00505 } 00506 #endif 00507 if (!rsbac_adf_request(R_READ_ATTRIBUTE, 00508 current->pid, 00509 target, 00510 tid, 00511 attr, 00512 k_value)) 00513 { 00514 err = -EPERM; 00515 } 00516 else 00517 { 00518 err = rsbac_ta_get_attr(ta_number, module, target, tid, attr, &k_value, i_inherit); 00519 /* put result value to user space */ 00520 if(!err) 00521 rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00522 } 00523 00524 out_dput: 00525 path_release(&nd); 00526 00527 out: 00528 return(err); 00529 } /* end of sys_rsbac_get_attr_n() */

int sys_rsbac_jail ( rsbac_version_t version,

char * path,

rsbac_jail_ip_t ip,

rsbac_jail_flags_t flags,

rsbac_cap_vector_t max_caps,

rsbac_jail_scd_vector_t scd_get,

rsbac_jail_scd_vector_t scd_modify

)

Definition at line 4580 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_jail_sys_jail().
04587 { 04588 #if defined(CONFIG_RSBAC_JAIL) 04589 return rsbac_jail_sys_jail(version, path, ip, flags, 04590 max_caps, scd_get, scd_modify); 04591 #else 04592 return (-RSBAC_EINVALIDMODULE); 04593 #endif 04594 }

int sys_rsbac_list_all_dev ( rsbac_list_ta_number_t ta_number,

struct rsbac_dev_desc_t * id_p,

u_long maxnum

)

Definition at line 1087 of file syscalls.c.
References NULL, rsbac_ta_list_all_dev(), and rsbac_vfree.
Referenced by sys_rsbac().
01091 { 01092 int err = 0; 01093 long count; 01094 01095 if(id_p && maxnum) 01096 { 01097 struct rsbac_dev_desc_t * k_id_p = NULL; 01098 01099 count = rsbac_ta_list_all_dev(ta_number, &k_id_p); 01100 if(count <= 0) 01101 return count; 01102 if(count > maxnum) 01103 count = maxnum; 01104 01105 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01106 01107 rsbac_vfree(k_id_p); 01108 01109 if(err) 01110 return err; 01111 else 01112 return count; 01113 } 01114 else 01115 return rsbac_ta_list_all_dev(ta_number, NULL); 01116 }

int sys_rsbac_list_all_group ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t * id_p,

u_long maxnum

)

Definition at line 1149 of file syscalls.c.
References NULL, rsbac_ta_list_all_group(), and rsbac_vfree.
Referenced by sys_rsbac().
01153 { 01154 int err = 0; 01155 long count; 01156 01157 if(id_p && maxnum) 01158 { 01159 rsbac_gid_t * k_id_p = NULL; 01160 01161 count = rsbac_ta_list_all_group(ta_number, &k_id_p); 01162 if(count <= 0) 01163 return count; 01164 if(count > maxnum) 01165 count = maxnum; 01166 01167 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01168 01169 rsbac_vfree(k_id_p); 01170 01171 if(err) 01172 return err; 01173 else 01174 return count; 01175 } 01176 else 01177 return rsbac_ta_list_all_group(ta_number, NULL); 01178 }

int sys_rsbac_list_all_user ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t * id_p,

u_long maxnum

)

Definition at line 1118 of file syscalls.c.
References NULL, rsbac_ta_list_all_user(), and rsbac_vfree.
Referenced by sys_rsbac().
01122 { 01123 int err = 0; 01124 long count; 01125 01126 if(id_p && maxnum) 01127 { 01128 rsbac_uid_t * k_id_p = NULL; 01129 01130 count = rsbac_ta_list_all_user(ta_number, &k_id_p); 01131 if(count <= 0) 01132 return count; 01133 if(count > maxnum) 01134 count = maxnum; 01135 01136 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01137 01138 rsbac_vfree(k_id_p); 01139 01140 if(err) 01141 return err; 01142 else 01143 return count; 01144 } 01145 else 01146 return rsbac_ta_list_all_user(ta_number, NULL); 01147 }

int sys_rsbac_log ( int type,

char * buf,

int len

)

Definition at line 6479 of file syscalls.c.
References rsbac_log().
Referenced by sys_rsbac().
06482 { 06483 #if defined(CONFIG_RSBAC_RMSG) 06484 /* lock_kernel is done in rsbac_log */ 06485 return(rsbac_log(type,buf,len)); 06486 #else 06487 return(0); 06488 #endif /* RMSG */ 06489 }

int sys_rsbac_mac_add_f_tru ( rsbac_list_ta_number_t ta_number,

char * filename,

rsbac_uid_t uid,

rsbac_time_t ttl

)

Definition at line 1850 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_mac_add_f_tru(), rsbac_printk(), T_DIR, and T_FILE.
Referenced by sys_rsbac().
01855 { 01856 #if defined(CONFIG_RSBAC_MAC) 01857 struct dentry * t_dentry; 01858 int err = 0; 01859 enum rsbac_target_t target; 01860 union rsbac_target_id_t tid; 01861 01862 struct nameidata nd; 01863 01864 if(!filename) 01865 return(-RSBAC_EINVALIDTARGET); 01866 01867 #ifdef CONFIG_RSBAC_FREEZE 01868 if(rsbac_freeze) 01869 { 01870 rsbac_printk(KERN_WARNING 01871 "sys_rsbac_mac_add_f_tru(): RSBAC configuration frozen, no administration allowed!\n"); 01872 return -EPERM; 01873 } 01874 #endif 01875 01876 if ((err = user_path_walk_link(filename, &nd))) 01877 { 01878 #ifdef CONFIG_RSBAC_DEBUG 01879 if (rsbac_debug_aef_mac) 01880 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_add_f_tru(): call to user_path_walk_link() returned %i\n", err); 01881 #endif 01882 goto out; 01883 } 01884 t_dentry = nd.dentry; 01885 if (!t_dentry->d_inode) 01886 { 01887 err = -RSBAC_EINVALIDTARGET; 01888 goto out_dput; 01889 } 01890 /* is inode of type file? */ 01891 if(S_ISREG(t_dentry->d_inode->i_mode)) 01892 target = T_FILE; 01893 else 01894 if(S_ISDIR(t_dentry->d_inode->i_mode)) 01895 target = T_DIR; 01896 else 01897 { /* This is no file or dir */ 01898 err = -RSBAC_EINVALIDTARGET; 01899 goto out_dput; 01900 } 01901 tid.file.device = t_dentry->d_sb->s_dev; 01902 tid.file.inode = t_dentry->d_inode->i_ino; 01903 tid.file.dentry_p = t_dentry; 01904 01905 err = rsbac_mac_add_f_tru(ta_number, tid.file, uid, ttl); 01906 01907 out_dput: 01908 path_release(&nd); 01909 out: 01910 return(err); 01911 01912 #else 01913 return (-RSBAC_EINVALIDMODULE); 01914 #endif 01915 }

int sys_rsbac_mac_add_p_tru ( rsbac_list_ta_number_t ta_number,

rsbac_pid_t pid,

rsbac_uid_t uid,

rsbac_time_t ttl

)

Definition at line 1792 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_mac_add_p_tru(), and rsbac_printk().
Referenced by sys_rsbac().
01797 { 01798 #if defined(CONFIG_RSBAC_MAC) 01799 struct task_struct * task_p; 01800 01801 #ifdef CONFIG_RSBAC_FREEZE 01802 if(rsbac_freeze) 01803 { 01804 rsbac_printk(KERN_WARNING 01805 "sys_rsbac_mac_add_p_tru(): RSBAC configuration frozen, no administration allowed!\n"); 01806 return -EPERM; 01807 } 01808 #endif 01809 01810 read_lock(&tasklist_lock); 01811 task_p = find_task_by_pid(pid); 01812 read_unlock(&tasklist_lock); 01813 if(!task_p) 01814 return(-RSBAC_EINVALIDTARGET); 01815 01816 return(rsbac_mac_add_p_tru(ta_number, pid, uid, ttl)); 01817 #else 01818 return (-RSBAC_EINVALIDMODULE); 01819 #endif 01820 }

int sys_rsbac_mac_get_curr_level ( rsbac_security_level_t * level_p,

rsbac_mac_category_vector_t * categories_p

)

Definition at line 1710 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_mac_get_curr_level().
Referenced by sys_rsbac().
01712 { 01713 #ifdef CONFIG_RSBAC_MAC 01714 int err = 0; 01715 rsbac_security_level_t k_level; 01716 rsbac_mac_category_vector_t k_categories; 01717 01718 err = rsbac_mac_get_curr_level(&k_level, &k_categories); 01719 if(err) 01720 return err; 01721 if(level_p) 01722 { 01723 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level)); 01724 if(err) 01725 return err; 01726 } 01727 if(categories_p) 01728 { 01729 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories)); 01730 } 01731 return err; 01732 #else 01733 return (-RSBAC_EINVALIDMODULE); 01734 #endif 01735 }

int sys_rsbac_mac_get_f_trulist ( rsbac_list_ta_number_t ta_number,

char * filename,

rsbac_uid_t trulist[],

rsbac_time_t ttllist[],

u_int maxnum

)

Definition at line 1984 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_mac_get_f_trulist(), RSBAC_MAC_MAX_MAXNUM, rsbac_printk(), rsbac_vfree, T_DIR, and T_FILE.
Referenced by sys_rsbac().
01990 { 01991 #if defined(CONFIG_RSBAC_MAC) 01992 struct dentry * t_dentry; 01993 int err = 0, tmperr = 0; 01994 enum rsbac_target_t target; 01995 union rsbac_target_id_t tid; 01996 rsbac_uid_t * k_trulist; 01997 rsbac_time_t * k_ttllist; 01998 01999 struct nameidata nd; 02000 02001 if(!filename) 02002 return(-RSBAC_EINVALIDTARGET); 02003 if(!trulist) 02004 return(-RSBAC_EINVALIDPOINTER); 02005 if(maxnum <= 0) 02006 return(-RSBAC_EINVALIDVALUE); 02007 if(maxnum > RSBAC_MAC_MAX_MAXNUM) 02008 maxnum = RSBAC_MAC_MAX_MAXNUM; 02009 02010 if ((err = user_path_walk_link(filename, &nd))) 02011 { 02012 #ifdef CONFIG_RSBAC_DEBUG 02013 if (rsbac_debug_aef_mac) 02014 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_get_f_trulist(): call to user_path_walk_link() returned %i\n", err); 02015 #endif 02016 goto out; 02017 } 02018 t_dentry = nd.dentry; 02019 if (!t_dentry->d_inode) 02020 { 02021 err = -RSBAC_EINVALIDTARGET; 02022 goto out_dput; 02023 } 02024 /* is inode of type file or dir? */ 02025 if(S_ISREG(t_dentry->d_inode->i_mode)) 02026 target = T_FILE; 02027 else 02028 if(S_ISDIR(t_dentry->d_inode->i_mode)) 02029 target = T_DIR; 02030 else 02031 { /* This is no file or dir */ 02032 err = -RSBAC_EINVALIDTARGET; 02033 goto out_dput; 02034 } 02035 tid.file.device = t_dentry->d_sb->s_dev; 02036 tid.file.inode = t_dentry->d_inode->i_ino; 02037 tid.file.dentry_p = t_dentry; 02038 02039 err = rsbac_mac_get_f_trulist(ta_number, tid.file, &k_trulist, &k_ttllist); 02040 if(err>0) 02041 { 02042 if(err > maxnum) 02043 err = maxnum; 02044 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist, 02045 sizeof(rsbac_uid_t) * err); 02046 if(tmperr < 0) 02047 err = tmperr; 02048 else 02049 { 02050 if(ttllist) 02051 { 02052 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist, 02053 sizeof(rsbac_time_t) * err); 02054 if(tmperr < 0) 02055 err = tmperr; 02056 } 02057 } 02058 rsbac_vfree(k_trulist); 02059 rsbac_vfree(k_ttllist); 02060 } 02061 02062 out_dput: 02063 path_release(&nd); 02064 out: 02065 return(err); 02066 02067 #else 02068 return (-RSBAC_EINVALIDMODULE); 02069 #endif 02070 }

int sys_rsbac_mac_get_max_level ( rsbac_security_level_t * level_p,

rsbac_mac_category_vector_t * categories_p

)

Definition at line 1737 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_mac_get_max_level().
Referenced by sys_rsbac().
01739 { 01740 #ifdef CONFIG_RSBAC_MAC 01741 int err = 0; 01742 rsbac_security_level_t k_level; 01743 rsbac_mac_category_vector_t k_categories; 01744 01745 err = rsbac_mac_get_max_level(&k_level, &k_categories); 01746 if(err) 01747 return err; 01748 if(level_p) 01749 { 01750 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level)); 01751 if(err) 01752 return err; 01753 } 01754 if(categories_p) 01755 { 01756 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories)); 01757 } 01758 return err; 01759 #else 01760 return (-RSBAC_EINVALIDMODULE); 01761 #endif 01762 }

int sys_rsbac_mac_get_min_level ( rsbac_security_level_t * level_p,

rsbac_mac_category_vector_t * categories_p

)

Definition at line 1764 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_mac_get_min_level().
Referenced by sys_rsbac().
01766 { 01767 #ifdef CONFIG_RSBAC_MAC 01768 int err = 0; 01769 rsbac_security_level_t k_level; 01770 rsbac_mac_category_vector_t k_categories; 01771 01772 err = rsbac_mac_get_min_level(&k_level, &k_categories); 01773 if(err) 01774 return err; 01775 if(level_p) 01776 { 01777 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level)); 01778 if(err) 01779 return err; 01780 } 01781 if(categories_p) 01782 { 01783 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories)); 01784 } 01785 return err; 01786 #else 01787 return (-RSBAC_EINVALIDMODULE); 01788 #endif 01789 }

int sys_rsbac_mac_get_p_trulist ( rsbac_list_ta_number_t ta_number,

rsbac_pid_t pid,

rsbac_uid_t trulist[],

rsbac_time_t ttllist[],

u_int maxnum

)

Definition at line 2072 of file syscalls.c.
References rsbac_target_id_t::process, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_mac_get_p_trulist(), RSBAC_MAC_MAX_MAXNUM, and rsbac_vfree.
Referenced by sys_rsbac().
02078 { 02079 #if defined(CONFIG_RSBAC_MAC) 02080 int err = 0, tmperr = 0; 02081 union rsbac_target_id_t tid; 02082 rsbac_uid_t * k_trulist; 02083 rsbac_time_t * k_ttllist; 02084 02085 if(!pid) 02086 return(-RSBAC_EINVALIDTARGET); 02087 if(!trulist) 02088 return(-RSBAC_EINVALIDPOINTER); 02089 if(maxnum <= 0) 02090 return(-RSBAC_EINVALIDVALUE); 02091 if(maxnum > RSBAC_MAC_MAX_MAXNUM) 02092 maxnum = RSBAC_MAC_MAX_MAXNUM; 02093 02094 tid.process = pid; 02095 02096 err = rsbac_mac_get_p_trulist(ta_number, tid.process, &k_trulist, &k_ttllist); 02097 if(err>0) 02098 { 02099 if(err > maxnum) 02100 err = maxnum; 02101 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist, 02102 sizeof(rsbac_uid_t) * err); 02103 if(tmperr < 0) 02104 err = tmperr; 02105 else 02106 { 02107 if(ttllist) 02108 { 02109 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist, 02110 sizeof(rsbac_time_t) * err); 02111 if(tmperr < 0) 02112 err = tmperr; 02113 } 02114 } 02115 rsbac_vfree(k_trulist); 02116 rsbac_vfree(k_ttllist); 02117 } 02118 02119 return(err); 02120 02121 #else 02122 return (-RSBAC_EINVALIDMODULE); 02123 #endif 02124 }

int sys_rsbac_mac_remove_f_tru ( rsbac_list_ta_number_t ta_number,

char * filename,

rsbac_uid_t uid

)

Definition at line 1917 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_mac_remove_f_tru(), rsbac_printk(), T_DIR, and T_FILE.
Referenced by sys_rsbac().
01921 { 01922 #if defined(CONFIG_RSBAC_MAC) 01923 struct dentry * t_dentry; 01924 int err = 0; 01925 enum rsbac_target_t target; 01926 union rsbac_target_id_t tid; 01927 01928 struct nameidata nd; 01929 01930 if(!filename) 01931 return(-RSBAC_EINVALIDTARGET); 01932 01933 #ifdef CONFIG_RSBAC_FREEZE 01934 if(rsbac_freeze) 01935 { 01936 rsbac_printk(KERN_WARNING 01937 "sys_rsbac_mac_remove_f_tru(): RSBAC configuration frozen, no administration allowed!\n"); 01938 return -EPERM; 01939 } 01940 #endif 01941 01942 if ((err = user_path_walk_link(filename, &nd))) 01943 { 01944 #ifdef CONFIG_RSBAC_DEBUG 01945 if (rsbac_debug_aef_mac) 01946 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_remove_f_tru(): call to user_path_walk_link() returned %i\n", err); 01947 #endif 01948 goto out; 01949 } 01950 t_dentry = nd.dentry; 01951 if (!t_dentry->d_inode) 01952 { 01953 err = -RSBAC_EINVALIDTARGET; 01954 goto out_dput; 01955 } 01956 /* is inode of type file or dir? */ 01957 if(S_ISREG(t_dentry->d_inode->i_mode)) 01958 target = T_FILE; 01959 else 01960 if(S_ISDIR(t_dentry->d_inode->i_mode)) 01961 target = T_DIR; 01962 else 01963 { /* This is no file or dir */ 01964 err = -RSBAC_EINVALIDTARGET; 01965 goto out_dput; 01966 } 01967 tid.file.device = t_dentry->d_sb->s_dev; 01968 tid.file.inode = t_dentry->d_inode->i_ino; 01969 tid.file.dentry_p = t_dentry; 01970 01971 err = rsbac_mac_remove_f_tru(ta_number, tid.file, uid); 01972 01973 out_dput: 01974 path_release(&nd); 01975 out: 01976 return(err); 01977 01978 #else 01979 return (-RSBAC_EINVALIDMODULE); 01980 #endif 01981 }

int sys_rsbac_mac_remove_p_tru ( rsbac_list_ta_number_t ta_number,

rsbac_pid_t pid,

rsbac_uid_t uid

)

Definition at line 1822 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_mac_remove_p_tru(), and rsbac_printk().
Referenced by sys_rsbac().
01826 { 01827 #if defined(CONFIG_RSBAC_MAC) 01828 struct task_struct * task_p; 01829 01830 #ifdef CONFIG_RSBAC_FREEZE 01831 if(rsbac_freeze) 01832 { 01833 rsbac_printk(KERN_WARNING 01834 "sys_rsbac_mac_remove_p_tru(): RSBAC configuration frozen, no administration allowed!\n"); 01835 return -EPERM; 01836 } 01837 #endif 01838 01839 read_lock(&tasklist_lock); 01840 task_p = find_task_by_pid(pid); 01841 read_unlock(&tasklist_lock); 01842 if(!task_p) 01843 return(-RSBAC_EINVALIDTARGET); 01844 return(rsbac_mac_remove_p_tru(ta_number, pid, uid)); 01845 #else 01846 return (-RSBAC_EINVALIDMODULE); 01847 #endif 01848 }

int sys_rsbac_mac_set_curr_level ( rsbac_security_level_t level,

rsbac_mac_category_vector_t * categories_p

)

Definition at line 1692 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, and rsbac_mac_set_curr_level().
Referenced by sys_rsbac().
01694 { 01695 #ifdef CONFIG_RSBAC_MAC 01696 rsbac_mac_category_vector_t k_categories; 01697 int err; 01698 01699 if(!categories_p) 01700 return -RSBAC_EINVALIDPOINTER; 01701 err = rsbac_get_user((char *) &k_categories, (char *) categories_p, sizeof(k_categories)); 01702 if(err) 01703 return err; 01704 return (rsbac_mac_set_curr_level(level, k_categories)); 01705 #else 01706 return (-RSBAC_EINVALIDMODULE); 01707 #endif 01708 }

int sys_rsbac_net_list_all_netdev ( rsbac_list_ta_number_t ta_number,

rsbac_netdev_id_t * id_p,

u_long maxnum

)

Definition at line 1180 of file syscalls.c.
References NULL, RSBAC_EINVALIDREQUEST, rsbac_ta_net_list_all_netdev(), and rsbac_vfree.
Referenced by sys_rsbac().
01184 { 01185 #ifdef CONFIG_RSBAC_NET_DEV 01186 int err = 0; 01187 long count; 01188 01189 if(id_p && maxnum) 01190 { 01191 rsbac_netdev_id_t * k_id_p = NULL; 01192 01193 count = rsbac_ta_net_list_all_netdev(ta_number, &k_id_p); 01194 if(count <= 0) 01195 return count; 01196 if(count > maxnum) 01197 count = maxnum; 01198 01199 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01200 01201 rsbac_vfree(k_id_p); 01202 01203 if(err) 01204 return err; 01205 else 01206 return count; 01207 } 01208 else 01209 return rsbac_ta_net_list_all_netdev(ta_number, NULL); 01210 01211 #else 01212 return -RSBAC_EINVALIDREQUEST; 01213 #endif /* CONFIG_RSBAC_NET_DEV */ 01214 }

int sys_rsbac_net_list_all_template ( rsbac_list_ta_number_t ta_number,

rsbac_net_temp_id_t * id_p,

u_long maxnum

)

Definition at line 1432 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::nettemp, NULL, R_READ, rsbac_adf_request(), RSBAC_EINVALIDREQUEST, rsbac_ta_net_list_all_template(), rsbac_vfree, and T_NETTEMP.
Referenced by sys_rsbac().
01436 { 01437 #ifdef CONFIG_RSBAC_NET_OBJ 01438 int err = 0; 01439 int count; 01440 union rsbac_target_id_t i_tid; 01441 union rsbac_attribute_value_t i_attr_val; 01442 01443 i_tid.nettemp = 0; 01444 i_attr_val.dummy = 0; 01445 if (!rsbac_adf_request(R_READ, 01446 current->pid, 01447 T_NETTEMP, 01448 i_tid, 01449 A_none, 01450 i_attr_val)) 01451 return -EPERM; 01452 if(id_p && maxnum) 01453 { 01454 rsbac_net_temp_id_t * k_id_p = NULL; 01455 01456 count = rsbac_ta_net_list_all_template(ta_number, &k_id_p); 01457 if(count <= 0) 01458 return count; 01459 if(count > maxnum) 01460 count = maxnum; 01461 01462 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01463 01464 rsbac_vfree(k_id_p); 01465 01466 if(err) 01467 return err; 01468 else 01469 return count; 01470 } 01471 else 01472 return rsbac_ta_net_list_all_template(ta_number, NULL); 01473 01474 #else 01475 return -RSBAC_EINVALIDREQUEST; 01476 #endif /* CONFIG_RSBAC_NET_OBJ */ 01477 }

int sys_rsbac_net_template ( rsbac_list_ta_number_t ta_number,

enum rsbac_net_temp_syscall_t call,

rsbac_net_temp_id_t id,

union rsbac_net_temp_syscall_data_t * data_p

)

Definition at line 1216 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_net_temp_syscall_data_t::id, rsbac_target_id_t::nettemp, NTS_check_id, NTS_copy_template, NTS_delete_template, NTS_get_address, NTS_get_address_family, NTS_get_max_port, NTS_get_min_port, NTS_get_name, NTS_get_netdev, NTS_get_protocol, NTS_get_type, NTS_get_valid_len, NTS_new_template, NTS_set_address, NTS_set_address_family, NTS_set_max_port, NTS_set_min_port, NTS_set_name, NTS_set_netdev, NTS_set_protocol, NTS_set_type, NTS_set_valid_len, R_CREATE, R_DELETE, R_READ, R_WRITE, rsbac_adf_request(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDVALUE, rsbac_net_template_exist(), rsbac_printk(), rsbac_ta_net_template(), and T_NETTEMP.
Referenced by sys_rsbac().
01221 { 01222 #ifdef CONFIG_RSBAC_NET_OBJ 01223 union rsbac_net_temp_syscall_data_t k_data; 01224 int err = 0; 01225 /* for adf_request */ 01226 #ifndef CONFIG_RSBAC_MAINT 01227 union rsbac_target_id_t i_tid; 01228 union rsbac_attribute_value_t i_attr_val; 01229 #endif 01230 01231 if(!id) 01232 return -RSBAC_EINVALIDVALUE; 01233 if(!data_p) 01234 return -RSBAC_EINVALIDPOINTER; 01235 01236 /* get data values from user space */ 01237 switch(call) 01238 { 01239 case NTS_set_address: 01240 case NTS_set_address_family: 01241 case NTS_set_valid_len: 01242 case NTS_set_type: 01243 case NTS_set_protocol: 01244 case NTS_set_netdev: 01245 case NTS_set_min_port: 01246 case NTS_set_max_port: 01247 case NTS_set_name: 01248 case NTS_new_template: 01249 case NTS_copy_template: 01250 case NTS_delete_template: 01251 #ifdef CONFIG_RSBAC_FREEZE 01252 if(rsbac_freeze) 01253 { 01254 rsbac_printk(KERN_WARNING 01255 "sys_rsbac_net_template(): RSBAC configuration frozen, no administration allowed!\n"); 01256 return -EPERM; 01257 } 01258 #endif 01259 if(call != NTS_delete_template) 01260 { 01261 err = rsbac_get_user((u_char *) &k_data, (u_char *) data_p, sizeof(k_data) ); 01262 if(err) 01263 return err; 01264 } 01265 break; 01266 case NTS_check_id: 01267 case NTS_get_address: 01268 case NTS_get_address_family: 01269 case NTS_get_valid_len: 01270 case NTS_get_type: 01271 case NTS_get_protocol: 01272 case NTS_get_netdev: 01273 case NTS_get_min_port: 01274 case NTS_get_max_port: 01275 case NTS_get_name: 01276 break; 01277 01278 default: 01279 return -RSBAC_EINVALIDREQUEST; 01280 } 01281 01282 #ifndef CONFIG_RSBAC_MAINT 01283 #ifdef CONFIG_RSBAC_DEBUG 01284 if (rsbac_debug_aef) 01285 rsbac_printk(KERN_DEBUG "sys_rsbac_net_template(): calling ADF\n"); 01286 #endif 01287 i_tid.nettemp = id; 01288 i_attr_val.dummy = 0; 01289 switch(call) 01290 { 01291 case NTS_new_template: 01292 if (!rsbac_adf_request(R_CREATE, 01293 current->pid, 01294 T_NETTEMP, 01295 i_tid, 01296 A_none, 01297 i_attr_val)) 01298 #ifdef CONFIG_RSBAC_SOFTMODE 01299 if(!rsbac_softmode) 01300 #endif 01301 return -EPERM; 01302 break; 01303 01304 case NTS_copy_template: 01305 if(!rsbac_net_template_exist(id)) 01306 { 01307 if(!rsbac_adf_request(R_CREATE, 01308 current->pid, 01309 T_NETTEMP, 01310 i_tid, 01311 A_none, 01312 i_attr_val)) 01313 #ifdef CONFIG_RSBAC_SOFTMODE 01314 if(!rsbac_softmode) 01315 #endif 01316 return -EPERM; 01317 } 01318 else 01319 { 01320 if(!rsbac_adf_request(R_WRITE, 01321 current->pid, 01322 T_NETTEMP, 01323 i_tid, 01324 A_none, 01325 i_attr_val)) 01326 #ifdef CONFIG_RSBAC_SOFTMODE 01327 if(!rsbac_softmode) 01328 #endif 01329 return -EPERM; 01330 } 01331 i_tid.nettemp = k_data.id; 01332 if (!rsbac_adf_request(R_READ, 01333 current->pid, 01334 T_NETTEMP, 01335 i_tid, 01336 A_none, 01337 i_attr_val)) 01338 #ifdef CONFIG_RSBAC_SOFTMODE 01339 if(!rsbac_softmode) 01340 #endif 01341 return -EPERM; 01342 break; 01343 01344 case NTS_delete_template: 01345 if (!rsbac_adf_request(R_DELETE, 01346 current->pid, 01347 T_NETTEMP, 01348 i_tid, 01349 A_none, 01350 i_attr_val)) 01351 #ifdef CONFIG_RSBAC_SOFTMODE 01352 if(!rsbac_softmode) 01353 #endif 01354 return -EPERM; 01355 break; 01356 01357 case NTS_get_address: 01358 case NTS_get_address_family: 01359 case NTS_get_valid_len: 01360 case NTS_get_type: 01361 case NTS_get_protocol: 01362 case NTS_get_netdev: 01363 case NTS_get_min_port: 01364 case NTS_get_max_port: 01365 if (!rsbac_adf_request(R_READ, 01366 current->pid, 01367 T_NETTEMP, 01368 i_tid, 01369 A_none, 01370 i_attr_val)) 01371 #ifdef CONFIG_RSBAC_SOFTMODE 01372 if(!rsbac_softmode) 01373 #endif 01374 return -EPERM; 01375 break; 01376 01377 case NTS_set_address: 01378 case NTS_set_address_family: 01379 case NTS_set_valid_len: 01380 case NTS_set_type: 01381 case NTS_set_protocol: 01382 case NTS_set_netdev: 01383 case NTS_set_min_port: 01384 case NTS_set_max_port: 01385 case NTS_set_name: 01386 if (!rsbac_adf_request(R_WRITE, 01387 current->pid, 01388 T_NETTEMP, 01389 i_tid, 01390 A_none, 01391 i_attr_val)) 01392 #ifdef CONFIG_RSBAC_SOFTMODE 01393 if(!rsbac_softmode) 01394 #endif 01395 return -EPERM; 01396 break; 01397 01398 default: 01399 break; 01400 } 01401 #endif /* !MAINT */ 01402 01403 err = rsbac_ta_net_template(ta_number, call, id, &k_data); 01404 if(!err) 01405 { 01406 /* put data values to user space */ 01407 switch(call) 01408 { 01409 case NTS_check_id: 01410 case NTS_get_address: 01411 case NTS_get_address_family: 01412 case NTS_get_valid_len: 01413 case NTS_get_type: 01414 case NTS_get_protocol: 01415 case NTS_get_netdev: 01416 case NTS_get_min_port: 01417 case NTS_get_max_port: 01418 case NTS_get_name: 01419 err = rsbac_put_user((u_char *) &k_data, (u_char *) data_p, sizeof(k_data) ); 01420 break; 01421 default: 01422 break; 01423 } 01424 } 01425 return err; 01426 01427 #else 01428 return -RSBAC_EINVALIDREQUEST; 01429 #endif /* NET_OBJ */ 01430 }

int sys_rsbac_pm ( rsbac_list_ta_number_t ta_number,

enum rsbac_pm_function_type_t function,

union rsbac_pm_function_param_t * param_p,

rsbac_pm_tkt_id_t ticket

)

Definition at line 2159 of file syscalls.c.
References PF_none, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, rsbac_pm(), and rsbac_printk().
Referenced by sys_rsbac().
02164 { 02165 #ifndef CONFIG_RSBAC_PM 02166 return (-RSBAC_EINVALIDMODULE); 02167 #else 02168 union rsbac_pm_function_param_t k_param; 02169 int result; 02170 02171 if(function >= PF_none) 02172 return(-RSBAC_EINVALIDREQUEST); 02173 if(!param_p) 02174 return(-RSBAC_EINVALIDPOINTER); 02175 #ifdef CONFIG_RSBAC_DEBUG 02176 if (rsbac_debug_aef_pm) 02177 rsbac_printk(KERN_DEBUG "sys_rsbac_pm(): called for function %i!\n", 02178 function); 02179 #endif 02180 02181 #ifdef CONFIG_RSBAC_FREEZE 02182 if(rsbac_freeze) 02183 { 02184 rsbac_printk(KERN_WARNING 02185 "sys_rsbac_pm(): RSBAC configuration frozen, no administration allowed!\n"); 02186 return -EPERM; 02187 } 02188 #endif 02189 02190 /* get parameters from user space */ 02191 rsbac_get_user((u_char *) &k_param, (u_char *) param_p, sizeof(k_param) ); 02192 /* call pm function and return its result */ 02193 lock_kernel(); 02194 result = rsbac_pm(ta_number, function, k_param, ticket); 02195 unlock_kernel(); 02196 return result; 02197 #endif 02198 }

int sys_rsbac_pm_change_current_task ( rsbac_pm_task_id_t task )

Definition at line 2200 of file syscalls.c.
References rsbac_pm_change_current_task(), and rsbac_printk().
Referenced by sys_rsbac().
02201 { 02202 #ifndef CONFIG_RSBAC_PM 02203 return (0); 02204 #else 02205 #ifdef CONFIG_RSBAC_DEBUG 02206 if (rsbac_debug_aef_pm) 02207 rsbac_printk(KERN_DEBUG 02208 "sys_rsbac_pm_change_current_task(): called for task %i!\n", 02209 task); 02210 #endif 02211 /* call pm function and return its result */ 02212 return(rsbac_pm_change_current_task(task)); 02213 #endif 02214 }

int sys_rsbac_pm_create_file ( const char * filename,

int mode,

rsbac_pm_object_class_id_t class

)

Definition at line 2216 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_pm_create_file(), and rsbac_printk().
Referenced by sys_rsbac().
02219 { 02220 #ifndef CONFIG_RSBAC_PM 02221 return (-RSBAC_EINVALIDMODULE); 02222 #else 02223 if(!filename) 02224 return(-RSBAC_EINVALIDPOINTER); 02225 #ifdef CONFIG_RSBAC_DEBUG 02226 if (rsbac_debug_aef_pm) 02227 rsbac_printk(KERN_DEBUG 02228 "sys_rsbac_pm_create_file(): called with class %i!\n", 02229 class); 02230 #endif 02231 /* call pm function and return its result */ 02232 return(rsbac_pm_create_file(filename, mode, class)); 02233 #endif 02234 }

int sys_rsbac_rc_change_role ( rsbac_rc_role_id_t role )

Definition at line 2491 of file syscalls.c.
References RC_role_max_value, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), and rsbac_rc_sys_change_role().
Referenced by sys_rsbac().
02492 { 02493 #if defined(CONFIG_RSBAC_RC) 02494 if(role > RC_role_max_value) 02495 return(-RSBAC_EINVALIDVALUE); 02496 #ifdef CONFIG_RSBAC_DEBUG 02497 if (rsbac_debug_aef_rc) 02498 rsbac_printk(KERN_DEBUG 02499 "sys_rsbac_rc_change_role(): role %i!\n", 02500 role); 02501 #endif 02502 /* call rc function and return its result */ 02503 return rsbac_rc_sys_change_role(role); 02504 #else 02505 return (-RSBAC_EINVALIDMODULE); 02506 #endif 02507 }

int sys_rsbac_rc_copy_role ( rsbac_list_ta_number_t ta_number,

rsbac_rc_role_id_t from_role,

rsbac_rc_role_id_t to_role

)

Definition at line 2284 of file syscalls.c.
References RC_role_max_value, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), and rsbac_rc_sys_copy_role().
Referenced by sys_rsbac().
02288 { 02289 #if defined(CONFIG_RSBAC_RC) 02290 if( (from_role > RC_role_max_value) 02291 || (from_role > RC_role_max_value)) 02292 return(-RSBAC_EINVALIDVALUE); 02293 #ifdef CONFIG_RSBAC_DEBUG 02294 if (rsbac_debug_aef_rc) 02295 rsbac_printk(KERN_DEBUG 02296 "sys_rsbac_rc_copy_role(): from %i, to %i!\n", 02297 from_role, to_role); 02298 #endif 02299 #ifdef CONFIG_RSBAC_FREEZE 02300 if(rsbac_freeze) 02301 { 02302 rsbac_printk(KERN_WARNING 02303 "sys_rsbac_rc_copy_role(): RSBAC configuration frozen, no administration allowed!\n"); 02304 return -EPERM; 02305 } 02306 #endif 02307 02308 /* call rc function and return its result */ 02309 return(rsbac_rc_sys_copy_role(ta_number, from_role, to_role)); 02310 #else 02311 return (-RSBAC_EINVALIDMODULE); 02312 #endif 02313 }

int sys_rsbac_rc_copy_type ( rsbac_list_ta_number_t ta_number,

enum rsbac_rc_target_t target,

rsbac_rc_type_id_t from_type,

rsbac_rc_type_id_t to_type

)

Definition at line 2315 of file syscalls.c.
References RC_type_max_value, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), and rsbac_rc_sys_copy_type().
Referenced by sys_rsbac().
02320 { 02321 #if defined(CONFIG_RSBAC_RC) 02322 if( (from_type > RC_type_max_value) 02323 || (from_type > RC_type_max_value)) 02324 return(-RSBAC_EINVALIDVALUE); 02325 #ifdef CONFIG_RSBAC_DEBUG 02326 if (rsbac_debug_aef_rc) 02327 rsbac_printk(KERN_DEBUG 02328 "sys_rsbac_rc_copy_type(): from %i, to %i!\n", 02329 from_type, to_type); 02330 #endif 02331 #ifdef CONFIG_RSBAC_FREEZE 02332 if(rsbac_freeze) 02333 { 02334 rsbac_printk(KERN_WARNING 02335 "sys_rsbac_rc_copy_type(): RSBAC configuration frozen, no administration allowed!\n"); 02336 return -EPERM; 02337 } 02338 #endif 02339 02340 /* call rc function and return its result */ 02341 return(rsbac_rc_sys_copy_type(ta_number, target, from_type, to_type)); 02342 #else 02343 return (-RSBAC_EINVALIDMODULE); 02344 #endif 02345 }

int sys_rsbac_rc_get_current_role ( rsbac_rc_role_id_t * role_p )

Definition at line 2675 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, and rsbac_rc_sys_get_current_role().
Referenced by sys_rsbac().
02676 { 02677 #if defined(CONFIG_RSBAC_RC) 02678 rsbac_rc_role_id_t k_role; 02679 int err; 02680 02681 if(!role_p) 02682 return(-RSBAC_EINVALIDPOINTER); 02683 /* call rc function and return its result */ 02684 err = rsbac_rc_sys_get_current_role(&k_role); 02685 if(!err) 02686 { 02687 err = rsbac_put_user((u_char *) &k_role, (u_char *) role_p, sizeof(k_role) ); 02688 } 02689 return err; 02690 #else 02691 return (-RSBAC_EINVALIDMODULE); 02692 #endif 02693 }

int sys_rsbac_rc_get_eff_rights_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

char * t_name,

rsbac_rc_request_vector_t * request_vector_p,

rsbac_time_t * ttl_p

)

Definition at line 2510 of file syscalls.c.
References D_block, D_char, rsbac_target_id_t::dev, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_rc_sys_get_eff_rights(), T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
02516 { 02517 #if defined(CONFIG_RSBAC_RC) 02518 struct dentry * t_dentry; 02519 int err = 0; 02520 rsbac_rc_request_vector_t k_req_vec; 02521 rsbac_time_t k_ttl; 02522 union rsbac_target_id_t tid; 02523 02524 struct nameidata nd; 02525 02526 if(!t_name || (target >= T_NONE)) 02527 return(-RSBAC_EINVALIDTARGET); 02528 02529 if ((err = user_path_walk_link(t_name, &nd))) 02530 { 02531 #ifdef CONFIG_RSBAC_DEBUG 02532 if (rsbac_debug_aef_rc) 02533 rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): call to user_path_walk_link() returned %i\n", err); 02534 #endif 02535 goto out; 02536 } 02537 t_dentry = nd.dentry; 02538 if (!t_dentry->d_inode) 02539 { 02540 err = -RSBAC_EINVALIDTARGET; 02541 goto out_dput; 02542 } 02543 02544 switch (target) 02545 { 02546 case T_FD: 02547 if(S_ISREG(t_dentry->d_inode->i_mode)) 02548 { 02549 target = T_FILE; 02550 } 02551 else 02552 if(S_ISDIR(t_dentry->d_inode->i_mode)) 02553 { 02554 target = T_DIR; 02555 } 02556 else 02557 if(S_ISLNK(t_dentry->d_inode->i_mode)) 02558 { 02559 target = T_SYMLINK; 02560 } 02561 else 02562 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 02563 { 02564 target = T_FIFO; 02565 } 02566 else 02567 if(S_ISBLK(t_dentry->d_inode->i_mode)) 02568 { 02569 target = T_FILE; 02570 } 02571 else 02572 if(S_ISCHR(t_dentry->d_inode->i_mode)) 02573 { 02574 target = T_FILE; 02575 } 02576 else 02577 { 02578 #ifdef CONFIG_RSBAC_DEBUG 02579 if (rsbac_debug_aef) 02580 rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): no filesystem object\n"); 02581 #endif 02582 err = -RSBAC_EINVALIDTARGET; 02583 goto out_dput; 02584 } 02585 break; 02586 02587 case T_FILE: 02588 /* is inode of type file, symlink or block/char device? */ 02589 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 02590 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 02591 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 02592 { /* This is no file or device */ 02593 err = -RSBAC_EINVALIDTARGET; 02594 goto out_dput; 02595 } 02596 break; 02597 02598 case T_DIR: 02599 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 02600 { /* This is no file */ 02601 err = -RSBAC_EINVALIDTARGET; 02602 goto out_dput; 02603 } 02604 break; 02605 02606 case T_FIFO: 02607 /* is inode of type fifo? */ 02608 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 02609 { /* This is no file or device */ 02610 err = -RSBAC_EINVALIDTARGET; 02611 goto out_dput; 02612 } 02613 break; 02614 02615 case T_SYMLINK: 02616 /* is inode of type symlink? */ 02617 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 02618 { /* This is no file or device */ 02619 err = -RSBAC_EINVALIDTARGET; 02620 goto out_dput; 02621 } 02622 break; 02623 02624 case T_DEV: 02625 /* is inode of type block/char device? */ 02626 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 02627 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 02628 { /* This is no dev */ 02629 err = -RSBAC_EINVALIDTARGET; 02630 goto out_dput; 02631 } 02632 break; 02633 02634 default: 02635 err = -RSBAC_EINVALIDTARGET; 02636 goto out_dput; 02637 } 02638 02639 if(target == T_DEV) 02640 { 02641 if(S_ISBLK(t_dentry->d_inode->i_mode)) 02642 tid.dev.type = D_block; 02643 else 02644 tid.dev.type = D_char; 02645 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 02646 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 02647 } 02648 else 02649 { 02650 /* fill target id and call internal function */ 02651 tid.file.device = t_dentry->d_sb->s_dev; 02652 tid.file.inode = t_dentry->d_inode->i_ino; 02653 tid.file.dentry_p = t_dentry; 02654 } 02655 err = rsbac_rc_sys_get_eff_rights(ta_number, target, tid, &k_req_vec, &k_ttl); 02656 /* put result value to user space */ 02657 if(!err) 02658 { 02659 err = rsbac_put_user((u_char *) &k_req_vec, (u_char *) request_vector_p, sizeof(k_req_vec) ); 02660 if(!err && ttl_p) 02661 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) ); 02662 } 02663 02664 out_dput: 02665 path_release(&nd); 02666 02667 out: 02668 return(err); 02669 #else 02670 return (-RSBAC_EINVALIDMODULE); 02671 #endif 02672 }

int sys_rsbac_rc_get_item ( rsbac_list_ta_number_t ta_number,

enum rsbac_rc_target_t target,

union rsbac_rc_target_id_t * tid_p,

union rsbac_rc_target_id_t * subtid_p,

enum rsbac_rc_item_t item,

union rsbac_rc_item_value_t * value_p,

rsbac_time_t * ttl_p

)

Definition at line 2348 of file syscalls.c.
References RI_none, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_rc_sys_get_item(), and RT_NONE.
Referenced by sys_rsbac().
02356 { 02357 #if defined(CONFIG_RSBAC_RC) 02358 union rsbac_rc_target_id_t k_tid; 02359 union rsbac_rc_target_id_t k_subtid; 02360 union rsbac_rc_item_value_t k_value; 02361 rsbac_time_t k_ttl; 02362 int err = 0; 02363 02364 if( (target >= RT_NONE) 02365 || (item >= RI_none)) 02366 return(-RSBAC_EINVALIDVALUE); 02367 /* get values from user space */ 02368 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) ); 02369 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) ); 02370 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) ); 02371 #ifdef CONFIG_RSBAC_DEBUG 02372 if (rsbac_debug_aef_rc) 02373 rsbac_printk(KERN_DEBUG 02374 "sys_rsbac_rc_get_item(): target %i, item %i!\n", 02375 target, item); 02376 #endif 02377 /* call rc function and return its result */ 02378 err = rsbac_rc_sys_get_item(ta_number, target, k_tid, k_subtid, 02379 item, &k_value, &k_ttl); 02380 /* put result value to user space */ 02381 if(!err) 02382 { 02383 err = rsbac_put_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) ); 02384 if(!err && ttl_p) 02385 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) ); 02386 } 02387 return (err); 02388 #else 02389 return (-RSBAC_EINVALIDMODULE); 02390 #endif 02391 }

int sys_rsbac_rc_get_list ( rsbac_list_ta_number_t ta_number,

enum rsbac_rc_target_t target,

union rsbac_rc_target_id_t * tid_p,

enum rsbac_rc_item_t item,

u_int maxnum,

__u32 * array_p,

rsbac_time_t * ttl_array_p

)

Definition at line 2438 of file syscalls.c.
References NULL, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_rc_get_list(), and rsbac_vfree.
Referenced by sys_rsbac().
02446 { 02447 #if defined(CONFIG_RSBAC_RC) 02448 union rsbac_rc_target_id_t k_tid; 02449 int err; 02450 02451 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) ); 02452 if(array_p) 02453 { 02454 __u32 * k_array_p; 02455 rsbac_time_t * k_ttl_array_p; 02456 02457 if(!maxnum) 02458 return -RSBAC_EINVALIDVALUE; 02459 /* call rc function and return its result */ 02460 err = rsbac_rc_get_list(ta_number, target, k_tid, item, 02461 &k_array_p, &k_ttl_array_p); 02462 /* put result value to user space */ 02463 if(err > 0) 02464 { 02465 int tmperr; 02466 02467 if(err > maxnum) 02468 err = maxnum; 02469 tmperr = rsbac_put_user((u_char *) k_array_p, (u_char *) array_p, err * sizeof(*k_array_p) ); 02470 if(tmperr) 02471 err = tmperr; 02472 rsbac_vfree(k_array_p); 02473 if(k_ttl_array_p && ttl_array_p) 02474 { 02475 tmperr = rsbac_put_user((u_char *) k_ttl_array_p, (u_char *) ttl_array_p, err * sizeof(*k_ttl_array_p) ); 02476 if(tmperr) 02477 err = tmperr; 02478 } 02479 rsbac_vfree(k_ttl_array_p); 02480 } 02481 return (err); 02482 } 02483 else 02484 return rsbac_rc_get_list(ta_number, target, k_tid, item, NULL, NULL); 02485 #else 02486 return (-RSBAC_EINVALIDMODULE); 02487 #endif 02488 };

int sys_rsbac_rc_set_item ( rsbac_list_ta_number_t ta_number,

enum rsbac_rc_target_t target,

union rsbac_rc_target_id_t * tid_p,

union rsbac_rc_target_id_t * subtid_p,

enum rsbac_rc_item_t item,

union rsbac_rc_item_value_t * value_p,

rsbac_time_t ttl

)

Definition at line 2394 of file syscalls.c.
References RI_none, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_rc_sys_set_item(), and RT_NONE.
Referenced by sys_rsbac().
02402 { 02403 #if defined(CONFIG_RSBAC_RC) 02404 union rsbac_rc_target_id_t k_tid; 02405 union rsbac_rc_target_id_t k_subtid; 02406 union rsbac_rc_item_value_t k_value; 02407 02408 if( (target >= RT_NONE) 02409 || (item >= RI_none)) 02410 return(-RSBAC_EINVALIDVALUE); 02411 02412 #ifdef CONFIG_RSBAC_FREEZE 02413 if(rsbac_freeze) 02414 { 02415 rsbac_printk(KERN_WARNING 02416 "sys_rsbac_rc_set_item(): RSBAC configuration frozen, no administration allowed!\n"); 02417 return -EPERM; 02418 } 02419 #endif 02420 02421 /* get values from user space */ 02422 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) ); 02423 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) ); 02424 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) ); 02425 #ifdef CONFIG_RSBAC_DEBUG 02426 if (rsbac_debug_aef_rc) 02427 rsbac_printk(KERN_DEBUG 02428 "sys_rsbac_rc_set_item(): target %i, item %i!\n", 02429 target, item); 02430 #endif 02431 /* call rc function and return its result */ 02432 return rsbac_rc_sys_set_item(ta_number, target, k_tid, k_subtid, item, k_value, ttl); 02433 #else 02434 return (-RSBAC_EINVALIDMODULE); 02435 #endif 02436 }

int sys_rsbac_reg ( rsbac_reg_handle_t handle,

void * arg

)

Definition at line 3158 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_reg_syscall().
Referenced by sys_rsbac().
03160 { 03161 #if defined(CONFIG_RSBAC_REG) 03162 return rsbac_reg_syscall(handle, arg); 03163 #else 03164 return (-RSBAC_EINVALIDMODULE); 03165 #endif 03166 }

int sys_rsbac_remove_target ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

union rsbac_target_id_t * tid

)

Definition at line 842 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_ta_remove_target(), and T_NONE.
Referenced by sys_rsbac().
00846 { 00847 union rsbac_target_id_t k_tid; 00848 int err = 0; 00849 00850 /* for adf_request */ 00851 union rsbac_attribute_value_t rsbac_attribute_value; 00852 00853 if(!tid || (target >= T_NONE)) 00854 return(-RSBAC_EINVALIDTARGET); 00855 00856 #ifdef CONFIG_RSBAC_FREEZE 00857 if(rsbac_freeze) 00858 { 00859 rsbac_printk(KERN_WARNING 00860 "sys_rsbac_remove_target(): RSBAC configuration frozen, no administration allowed!\n"); 00861 return -EPERM; 00862 } 00863 #endif 00864 00865 /* get values from user space */ 00866 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 00867 00868 /* call ADF */ 00869 #ifdef CONFIG_RSBAC_DEBUG 00870 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target(): calling ADF\n"); 00871 #endif 00872 rsbac_attribute_value.dummy = 0; 00873 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 00874 current->pid, 00875 target, 00876 k_tid, 00877 A_none, 00878 rsbac_attribute_value)) 00879 { 00880 return -EPERM; 00881 } 00882 err = rsbac_ta_remove_target(ta_number, target, k_tid); 00883 return (err); 00884 } /* end of sys_rsbac_remove_target() */

int sys_rsbac_remove_target_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_target_t target,

char * t_name

)

Definition at line 886 of file syscalls.c.
References A_none, D_block, D_char, rsbac_target_id_t::dev, rsbac_attribute_value_t::dummy, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_ta_remove_target(), T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
00890 { 00891 struct dentry * t_dentry; 00892 int err = 0; 00893 union rsbac_target_id_t tid; 00894 00895 /* for adf_request */ 00896 union rsbac_attribute_value_t rsbac_attribute_value; 00897 00898 /* struct passwd * user_description_p; */ 00899 00900 struct nameidata nd; 00901 00902 if(!t_name || (target >= T_NONE)) 00903 return(-RSBAC_EINVALIDTARGET); 00904 00905 #ifdef CONFIG_RSBAC_FREEZE 00906 if(rsbac_freeze) 00907 { 00908 rsbac_printk(KERN_WARNING 00909 "sys_rsbac_remove_target_n(): RSBAC configuration frozen, no administration allowed!\n"); 00910 return -EPERM; 00911 } 00912 #endif 00913 00914 /* lookup filename */ 00915 if ((err = user_path_walk_link(t_name, &nd))) 00916 { 00917 #ifdef CONFIG_RSBAC_DEBUG 00918 if (rsbac_debug_aef) 00919 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): call to user_path_walk_link() returned %i\n", err); 00920 #endif 00921 goto out; 00922 } 00923 t_dentry = nd.dentry; 00924 if (!t_dentry->d_inode) 00925 { 00926 #ifdef CONFIG_RSBAC_DEBUG 00927 if (rsbac_debug_aef) 00928 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): file not found\n"); 00929 #endif 00930 err = -RSBAC_EINVALIDTARGET; 00931 goto out_dput; 00932 } 00933 00934 switch (target) 00935 { 00936 /* is inode of right type? */ 00937 case T_FD: 00938 if(S_ISREG(t_dentry->d_inode->i_mode)) 00939 { 00940 target = T_FILE; 00941 } 00942 else 00943 if(S_ISDIR(t_dentry->d_inode->i_mode)) 00944 { 00945 target = T_DIR; 00946 } 00947 else 00948 if(S_ISLNK(t_dentry->d_inode->i_mode)) 00949 { 00950 target = T_SYMLINK; 00951 } 00952 else 00953 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 00954 { 00955 target = T_FIFO; 00956 } 00957 else 00958 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00959 { 00960 target = T_FILE; 00961 } 00962 else 00963 if(S_ISCHR(t_dentry->d_inode->i_mode)) 00964 { 00965 target = T_FILE; 00966 } 00967 else 00968 { 00969 #ifdef CONFIG_RSBAC_DEBUG 00970 if (rsbac_debug_aef) 00971 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no filesystem object\n"); 00972 #endif 00973 err = -RSBAC_EINVALIDTARGET; 00974 goto out_dput; 00975 } 00976 break; 00977 00978 case T_FILE: 00979 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 00980 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 00981 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00982 { 00983 #ifdef CONFIG_RSBAC_DEBUG 00984 if (rsbac_debug_aef) 00985 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no file\n"); 00986 #endif 00987 err = -RSBAC_EINVALIDTARGET; 00988 goto out_dput; 00989 } 00990 break; 00991 00992 case T_DIR: 00993 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 00994 { 00995 #ifdef CONFIG_RSBAC_DEBUG 00996 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n"); 00997 #endif 00998 err = -RSBAC_EINVALIDTARGET; 00999 goto out_dput; 01000 } 01001 break; 01002 01003 case T_FIFO: 01004 /* is inode of type fifo? */ 01005 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 01006 { 01007 #ifdef CONFIG_RSBAC_DEBUG 01008 if (rsbac_debug_aef) 01009 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no fifo\n"); 01010 #endif 01011 err = -RSBAC_EINVALIDTARGET; 01012 goto out_dput; 01013 } 01014 break; 01015 01016 case T_SYMLINK: 01017 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 01018 { 01019 #ifdef CONFIG_RSBAC_DEBUG 01020 if (rsbac_debug_aef) 01021 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no symlink\n"); 01022 #endif 01023 err = -RSBAC_EINVALIDTARGET; 01024 goto out_dput; 01025 } 01026 break; 01027 01028 case T_DEV: 01029 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 01030 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 01031 { 01032 #ifdef CONFIG_RSBAC_DEBUG 01033 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no dev\n"); 01034 #endif 01035 err = -RSBAC_EINVALIDTARGET; 01036 goto out_dput; 01037 } 01038 break; 01039 01040 default: 01041 err = -RSBAC_EINVALIDTARGET; 01042 goto out_dput; 01043 } 01044 01045 if(target == T_DEV) 01046 { 01047 if(S_ISBLK(t_dentry->d_inode->i_mode)) 01048 tid.dev.type = D_block; 01049 else 01050 tid.dev.type = D_char; 01051 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 01052 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 01053 } 01054 else 01055 { 01056 /* fill target id and call internal function */ 01057 tid.file.device = t_dentry->d_sb->s_dev; 01058 tid.file.inode = t_dentry->d_inode->i_ino; 01059 tid.file.dentry_p = t_dentry; 01060 } 01061 /* call ADF */ 01062 #ifdef CONFIG_RSBAC_DEBUG 01063 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): calling ADF\n"); 01064 #endif 01065 rsbac_attribute_value.dummy = 0; 01066 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 01067 current->pid, 01068 target, 01069 tid, 01070 A_none, 01071 rsbac_attribute_value)) 01072 { 01073 err = -EPERM; 01074 } 01075 else 01076 { 01077 err = rsbac_ta_remove_target(ta_number, target, tid); 01078 } 01079 01080 out_dput: 01081 path_release(&nd); 01082 01083 out: 01084 return(err); 01085 } /* end of sys_rsbac_remove_target_n() */

int sys_rsbac_set_attr ( rsbac_list_ta_number_t ta_number,

enum rsbac_switch_target_t module,

enum rsbac_target_t target,

union rsbac_target_id_t * tid,

enum rsbac_attribute_t attr,

union rsbac_attribute_value_t * value

)

Definition at line 533 of file syscalls.c.
References A_none, get_attr_module(), R_MODIFY_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_ta_set_attr(), SW_NONE, T_NETOBJ, T_NONE, and T_PROCESS.
Referenced by sys_rsbac().
00540 { 00541 union rsbac_target_id_t k_tid; 00542 union rsbac_attribute_value_t k_value; 00543 int err = 0; 00544 struct task_struct * task_p; 00545 00546 if(module > SW_NONE) 00547 return(-RSBAC_EINVALIDMODULE); 00548 if(!tid || (target >= T_NONE)) 00549 return(-RSBAC_EINVALIDTARGET); 00550 if(!value) 00551 return(-RSBAC_EINVALIDVALUE); 00552 if(attr >= A_none) 00553 return(-RSBAC_EINVALIDATTR); 00554 00555 if(module == SW_NONE) 00556 { 00557 module = get_attr_module(attr); 00558 if(module == SW_NONE) 00559 return(-RSBAC_EINVALIDMODULE); 00560 } 00561 #ifdef CONFIG_RSBAC_FREEZE 00562 if(rsbac_freeze) 00563 { 00564 rsbac_printk(KERN_WARNING 00565 "sys_rsbac_set_attr(): RSBAC configuration frozen, no administration allowed!\n"); 00566 return -EPERM; 00567 } 00568 #endif 00569 00570 /* get values from user space */ 00571 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 00572 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00573 00574 00575 switch(target) 00576 { 00577 case T_PROCESS: 00578 read_lock(&tasklist_lock); 00579 task_p = find_task_by_pid(k_tid.process); 00580 read_unlock(&tasklist_lock); 00581 if(!task_p) 00582 return(-RSBAC_EINVALIDTARGET); 00583 break; 00584 00585 #ifdef CONFIG_RSBAC_NET_OBJ 00586 /* sanity check before using pointer */ 00587 case T_NETOBJ: 00588 if( !k_tid.netobj.sock_p 00589 || k_tid.netobj.remote_addr 00590 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00591 || !k_tid.netobj.sock_p->file 00592 || !k_tid.netobj.sock_p->file->f_dentry 00593 || !k_tid.netobj.sock_p->file->f_dentry->d_inode 00594 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p) 00595 #else 00596 || !k_tid.netobj.sock_p->inode 00597 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p) 00598 #endif 00599 ) 00600 return -RSBAC_EINVALIDTARGET; 00601 #endif 00602 00603 00604 default: 00605 break; 00606 } 00607 00608 /* call ADF */ 00609 #ifdef CONFIG_RSBAC_DEBUG 00610 if (rsbac_debug_aef) 00611 rsbac_printk(KERN_DEBUG 00612 "sys_rsbac_set_attr(): calling ADF\n"); 00613 #endif 00614 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 00615 current->pid, 00616 target, 00617 k_tid, 00618 attr, 00619 k_value)) 00620 { 00621 return -EPERM; 00622 } 00623 err = rsbac_ta_set_attr(ta_number, module, target, k_tid, attr, k_value); 00624 return err; 00625 } /* end of sys_rsbac_set_attr() */

int sys_rsbac_set_attr_n ( rsbac_list_ta_number_t ta_number,

enum rsbac_switch_target_t module,

enum rsbac_target_t target,

char * t_name,

enum rsbac_attribute_t attr,

union rsbac_attribute_value_t * value

)

Definition at line 627 of file syscalls.c.
References A_none, D_block, D_char, rsbac_target_id_t::dev, get_attr_module(), rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_ta_set_attr(), SW_NONE, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
00634 { 00635 struct dentry * t_dentry; 00636 int err = 0; 00637 union rsbac_attribute_value_t k_value; 00638 union rsbac_target_id_t tid; 00639 struct nameidata nd; 00640 00641 if(module > SW_NONE) 00642 return(-RSBAC_EINVALIDMODULE); 00643 if(!t_name || (target >= T_NONE)) 00644 return(-RSBAC_EINVALIDTARGET); 00645 if(!value) 00646 return(-RSBAC_EINVALIDVALUE); 00647 if(attr >= A_none) 00648 return(-RSBAC_EINVALIDATTR); 00649 00650 if(module == SW_NONE) 00651 { 00652 module = get_attr_module(attr); 00653 if(module == SW_NONE) 00654 return(-RSBAC_EINVALIDMODULE); 00655 } 00656 00657 #ifdef CONFIG_RSBAC_FREEZE 00658 if(rsbac_freeze) 00659 { 00660 rsbac_printk(KERN_WARNING 00661 "sys_rsbac_set_attr_n(): RSBAC configuration frozen, no administration allowed!\n"); 00662 return -EPERM; 00663 } 00664 #endif 00665 /* get values from user space */ 00666 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00667 00668 /* lookup filename */ 00669 if ((err = user_path_walk_link(t_name, &nd))) 00670 { 00671 #ifdef CONFIG_RSBAC_DEBUG 00672 if (rsbac_debug_aef) 00673 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): call to user_path_walk_link() returned %i\n", err); 00674 #endif 00675 goto out; 00676 } 00677 t_dentry = nd.dentry; 00678 if (!t_dentry->d_inode) 00679 { 00680 #ifdef CONFIG_RSBAC_DEBUG 00681 if (rsbac_debug_aef) 00682 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): file not found\n"); 00683 #endif 00684 err = -RSBAC_EINVALIDTARGET; 00685 goto out_dput; 00686 } 00687 00688 switch (target) 00689 { 00690 /* is inode of right type? */ 00691 case T_FD: 00692 if(S_ISREG(t_dentry->d_inode->i_mode)) 00693 { 00694 target = T_FILE; 00695 } 00696 else 00697 if(S_ISDIR(t_dentry->d_inode->i_mode)) 00698 { 00699 target = T_DIR; 00700 } 00701 else 00702 if(S_ISLNK(t_dentry->d_inode->i_mode)) 00703 { 00704 target = T_SYMLINK; 00705 } 00706 else 00707 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 00708 { 00709 target = T_FIFO; 00710 } 00711 else 00712 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00713 { 00714 target = T_FILE; 00715 } 00716 else 00717 if(S_ISCHR(t_dentry->d_inode->i_mode)) 00718 { 00719 target = T_FILE; 00720 } 00721 else 00722 { 00723 #ifdef CONFIG_RSBAC_DEBUG 00724 if (rsbac_debug_aef) 00725 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no filesystem object\n"); 00726 #endif 00727 err = -RSBAC_EINVALIDTARGET; 00728 goto out_dput; 00729 } 00730 break; 00731 00732 case T_FILE: 00733 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 00734 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 00735 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00736 { 00737 #ifdef CONFIG_RSBAC_DEBUG 00738 if (rsbac_debug_aef) 00739 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no file\n"); 00740 #endif 00741 err = -RSBAC_EINVALIDTARGET; 00742 goto out_dput; 00743 } 00744 break; 00745 00746 case T_DIR: 00747 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 00748 { 00749 #ifdef CONFIG_RSBAC_DEBUG 00750 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n"); 00751 #endif 00752 err = -RSBAC_EINVALIDTARGET; 00753 goto out_dput; 00754 } 00755 break; 00756 00757 case T_FIFO: 00758 /* is inode of type fifo? */ 00759 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 00760 { 00761 #ifdef CONFIG_RSBAC_DEBUG 00762 if (rsbac_debug_aef) 00763 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no fifo\n"); 00764 #endif 00765 err = -RSBAC_EINVALIDTARGET; 00766 goto out_dput; 00767 } 00768 break; 00769 00770 case T_SYMLINK: 00771 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 00772 { 00773 #ifdef CONFIG_RSBAC_DEBUG 00774 if (rsbac_debug_aef) 00775 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no symlink\n"); 00776 #endif 00777 err = -RSBAC_EINVALIDTARGET; 00778 goto out_dput; 00779 } 00780 break; 00781 00782 case T_DEV: 00783 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 00784 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00785 { 00786 #ifdef CONFIG_RSBAC_DEBUG 00787 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no dev\n"); 00788 #endif 00789 err = -RSBAC_EINVALIDTARGET; 00790 goto out_dput; 00791 } 00792 break; 00793 00794 default: 00795 err = -RSBAC_EINVALIDTARGET; 00796 goto out_dput; 00797 } 00798 00799 if(target == T_DEV) 00800 { 00801 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00802 tid.dev.type = D_block; 00803 else 00804 tid.dev.type = D_char; 00805 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 00806 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 00807 } 00808 else 00809 { 00810 /* fill target id and call internal function */ 00811 tid.file.device = t_dentry->d_sb->s_dev; 00812 tid.file.inode = t_dentry->d_inode->i_ino; 00813 tid.file.dentry_p = t_dentry; 00814 } 00815 /* call ADF */ 00816 #ifdef CONFIG_RSBAC_DEBUG 00817 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): calling ADF\n"); 00818 #endif 00819 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 00820 current->pid, 00821 target, 00822 tid, 00823 attr, 00824 k_value)) 00825 { 00826 err = -EPERM; 00827 } 00828 else 00829 { 00830 err = rsbac_ta_set_attr(ta_number, module, target, tid, attr, k_value); 00831 } 00832 00833 out_dput: 00834 path_release(&nd); 00835 00836 out: 00837 return(err); 00838 } /* end of sys_rsbac_set_attr_n() */

int sys_rsbac_stats ( void )

Definition at line 65 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), rsbac_printk(), rsbac_stats(), rsbac_target_id_t::scd, ST_rsbac, and T_SCD.
Referenced by sys_rsbac().
00066 { 00067 union rsbac_target_id_t rsbac_target_id; 00068 union rsbac_attribute_value_t rsbac_attribute_value; 00069 00070 #ifdef CONFIG_RSBAC_DEBUG 00071 if (rsbac_debug_aef) 00072 { 00073 rsbac_printk(KERN_DEBUG "sys_rsbac_stats(): calling ADF\n"); 00074 } 00075 #endif 00076 rsbac_target_id.scd = ST_rsbac; 00077 rsbac_attribute_value.dummy = 0; 00078 if (!rsbac_adf_request(R_GET_STATUS_DATA, 00079 current->pid, 00080 T_SCD, 00081 rsbac_target_id, 00082 A_none, 00083 rsbac_attribute_value)) 00084 { 00085 return -EPERM; 00086 } 00087 00088 return(rsbac_stats()); 00089 };

int sys_rsbac_stats_pm ( void )

Definition at line 2128 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), rsbac_printk(), rsbac_stats_pm(), rsbac_target_id_t::scd, ST_rsbac, and T_SCD.
Referenced by sys_rsbac().
02129 { 02130 #ifndef CONFIG_RSBAC_PM 02131 return (0); 02132 #else 02133 union rsbac_target_id_t rsbac_target_id; 02134 union rsbac_attribute_value_t rsbac_attribute_value; 02135 02136 #ifdef CONFIG_RSBAC_DEBUG 02137 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): calling ADF\n"); 02138 #endif 02139 rsbac_target_id.scd = ST_rsbac; 02140 rsbac_attribute_value.dummy = 0; 02141 if (!rsbac_adf_request(R_GET_STATUS_DATA, 02142 current->pid, 02143 T_SCD, 02144 rsbac_target_id, 02145 A_none, 02146 rsbac_attribute_value)) 02147 { 02148 return -EPERM; 02149 } 02150 02151 #ifdef CONFIG_RSBAC_DEBUG 02152 if (rsbac_debug_aef_pm) 02153 rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): getting RSBAC status!\n"); 02154 #endif 02155 return(rsbac_stats_pm()); 02156 #endif 02157 };

int sys_rsbac_switch ( enum rsbac_switch_target_t target,

int value

)

Definition at line 1484 of file syscalls.c.
References A_none, ACL, AUTH, CAP, DAC_DISABLE, DAZ, rsbac_attribute_value_t::dummy, rsbac_target_id_t::dummy, FF, FREEZE, get_switch_target_name(), JAIL, MAC, PAX, PM, R_MODIFY_PERMISSIONS_DATA, R_SWITCH_MODULE, RC, RES, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), SOFTMODE, SW_NONE, and T_NONE.
Referenced by sys_rsbac().
01485 { 01486 #if defined(CONFIG_RSBAC_SWITCH) || defined(CONFIG_RSBAC_SOFTMODE) 01487 union rsbac_target_id_t rsbac_target_id; 01488 union rsbac_attribute_value_t rsbac_attribute_value; 01489 char * switch_name; 01490 01491 /* call ADF */ 01492 if(target >= SW_NONE) 01493 return(-RSBAC_EINVALIDTARGET); 01494 if ( (value < 0) 01495 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01496 || (value > 3) 01497 #else 01498 || (value > 1) 01499 #endif 01500 ) 01501 return (-RSBAC_EINVALIDVALUE); 01502 01503 #ifdef CONFIG_RSBAC_SOFTMODE 01504 if( rsbac_softmode_prohibit 01505 && ( ( (value == 1) 01506 && (target == SOFTMODE) 01507 ) 01508 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01509 || (value == 3) 01510 #endif 01511 ) 01512 ) 01513 { 01514 rsbac_printk(KERN_WARNING 01515 "sys_rsbac_switch(): setting of softmode prohibited!\n"); 01516 return -EPERM; 01517 } 01518 #endif 01519 01520 #ifdef CONFIG_RSBAC_DEBUG 01521 if (rsbac_debug_aef) 01522 rsbac_printk(KERN_DEBUG "sys_rsbac_switch(): calling ADF\n"); 01523 #endif 01524 rsbac_target_id.dummy = 0; 01525 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE 01526 if(target == DAC_DISABLE) 01527 { 01528 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01529 if(value > 1) 01530 return -RSBAC_EINVALIDVALUE; 01531 #endif 01532 rsbac_attribute_value.dummy = 0; 01533 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA, 01534 current->pid, 01535 T_NONE, 01536 rsbac_target_id, 01537 A_none, 01538 rsbac_attribute_value)) 01539 { 01540 return -EPERM; 01541 } 01542 } 01543 else 01544 #endif 01545 { 01546 rsbac_attribute_value.switch_target = target; 01547 if (!rsbac_adf_request(R_SWITCH_MODULE, 01548 current->pid, 01549 T_NONE, 01550 rsbac_target_id, 01551 A_switch_target, 01552 rsbac_attribute_value)) 01553 { 01554 return -EPERM; 01555 } 01556 } 01557 01558 switch(value) 01559 { 01560 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01561 case 2: 01562 case 3: 01563 rsbac_ind_softmode[target] = value - 2; 01564 break; 01565 #endif 01566 01567 default: 01568 switch (target) 01569 { 01570 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL 01571 case DAC_DISABLE: rsbac_dac_disable = value; 01572 break; 01573 #endif 01574 #ifdef CONFIG_RSBAC_SOFTMODE 01575 case SOFTMODE: rsbac_softmode = value; 01576 break; 01577 #endif 01578 #ifdef CONFIG_RSBAC_FREEZE 01579 case FREEZE: 01580 if(rsbac_freeze) 01581 { 01582 rsbac_printk(KERN_WARNING 01583 "sys_rsbac_switch(): RSBAC configuration frozen, no administration allowed!\n"); 01584 return -EPERM; 01585 } 01586 rsbac_freeze = value; 01587 break; 01588 #endif 01589 #ifdef CONFIG_RSBAC_SWITCH_MAC 01590 case MAC: 01591 #ifndef CONFIG_RSBAC_SWITCH_ON 01592 if(value) 01593 return -RSBAC_EINVALIDMODULE; 01594 #endif 01595 rsbac_switch_mac = value; 01596 break; 01597 #endif 01598 #ifdef CONFIG_RSBAC_SWITCH_PM 01599 case PM: 01600 #ifndef CONFIG_RSBAC_SWITCH_ON 01601 if(value) 01602 return -RSBAC_EINVALIDMODULE; 01603 #endif 01604 rsbac_switch_pm = value; 01605 break; 01606 #endif 01607 #ifdef CONFIG_RSBAC_SWITCH_DAZ 01608 case DAZ: 01609 rsbac_switch_daz = value; 01610 break; 01611 #endif 01612 #ifdef CONFIG_RSBAC_SWITCH_FF 01613 case FF: 01614 rsbac_switch_ff = value; 01615 break; 01616 #endif 01617 #ifdef CONFIG_RSBAC_SWITCH_RC 01618 case RC: 01619 #ifndef CONFIG_RSBAC_SWITCH_ON 01620 if(value) 01621 return -RSBAC_EINVALIDMODULE; 01622 #endif 01623 rsbac_switch_rc = value; 01624 break; 01625 #endif 01626 #ifdef CONFIG_RSBAC_SWITCH_AUTH 01627 case AUTH: 01628 rsbac_switch_auth = value; 01629 break; 01630 #endif 01631 #ifdef CONFIG_RSBAC_SWITCH_ACL 01632 case ACL: 01633 rsbac_switch_acl = value; 01634 break; 01635 #endif 01636 #ifdef CONFIG_RSBAC_SWITCH_CAP 01637 case CAP: 01638 rsbac_switch_cap = value; 01639 break; 01640 #endif 01641 #ifdef CONFIG_RSBAC_SWITCH_JAIL 01642 case JAIL: 01643 rsbac_switch_jail = value; 01644 break; 01645 #endif 01646 #ifdef CONFIG_RSBAC_SWITCH_RES 01647 case RES: 01648 rsbac_switch_res = value; 01649 break; 01650 #endif 01651 #ifdef CONFIG_RSBAC_SWITCH_PAX 01652 case PAX: 01653 rsbac_switch_pax = value; 01654 break; 01655 #endif 01656 default: 01657 return (-RSBAC_EINVALIDMODULE); 01658 } 01659 } 01660 01661 switch_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01662 if(switch_name) 01663 { 01664 int show_value = value; 01665 01666 get_switch_target_name(switch_name,target); 01667 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01668 switch(value) 01669 { 01670 case 2: 01671 case 3: 01672 strcat(switch_name, " softmode"); 01673 show_value -= 2; 01674 break; 01675 default: 01676 break; 01677 } 01678 #endif 01679 rsbac_printk(KERN_WARNING 01680 "sys_rsbac_switch(): user %u switched RSBAC module %s to %i!\n", 01681 current->uid, switch_name, show_value); 01682 rsbac_kfree(switch_name); 01683 } 01684 return 0; 01685 #else 01686 return -RSBAC_EINVALIDREQUEST; 01687 #endif /* SWITCH || SOFTMODE*/ 01688 }

int sys_rsbac_um_add_gm ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t user,

rsbac_gid_t group,

rsbac_time_t ttl

)

Definition at line 4964 of file syscalls.c.
References R_CHANGE_GROUP, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_add_gm(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
04969 { 04970 #if defined(CONFIG_RSBAC_UM) 04971 #ifndef CONFIG_RSBAC_MAINT 04972 union rsbac_target_id_t rsbac_target_id; 04973 union rsbac_attribute_value_t rsbac_attribute_value; 04974 #endif 04975 04976 #ifdef CONFIG_RSBAC_FREEZE_UM 04977 if(rsbac_freeze) 04978 { 04979 rsbac_printk(KERN_WARNING 04980 "sys_rsbac_um_add_gm(): RSBAC configuration frozen, no administration allowed!\n"); 04981 return -EPERM; 04982 } 04983 #endif 04984 04985 #ifndef CONFIG_RSBAC_MAINT 04986 #ifdef CONFIG_RSBAC_DEBUG 04987 if (rsbac_debug_aef) 04988 { 04989 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_gm(): calling ADF\n"); 04990 } 04991 #endif 04992 rsbac_target_id.user = user; 04993 rsbac_attribute_value.group = group; 04994 if (!rsbac_adf_request(R_CHANGE_GROUP, 04995 current->pid, 04996 T_USER, 04997 rsbac_target_id, 04998 A_group, 04999 rsbac_attribute_value)) 05000 { 05001 return -EPERM; 05002 } 05003 #endif /* MAINT */ 05004 05005 return rsbac_um_add_gm(ta_number, user, group, ttl); 05006 #else 05007 return (-RSBAC_EINVALIDMODULE); 05008 #endif 05009 }

int sys_rsbac_um_add_group ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t gid,

struct rsbac_um_group_entry_t * entry_p,

char * pass,

rsbac_time_t ttl

)

Definition at line 4850 of file syscalls.c.
References A_none, rsbac_target_id_t::dummy, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_CREATE, rsbac_adf_request(), rsbac_adf_set_attr(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDVALUE, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_add_group(), T_GROUP, and T_NONE.
Referenced by sys_rsbac().
04856 { 04857 #if defined(CONFIG_RSBAC_UM) 04858 int err; 04859 struct rsbac_um_group_entry_t * k_entry_p; 04860 char * k_pass; 04861 #ifndef CONFIG_RSBAC_MAINT 04862 union rsbac_target_id_t rsbac_target_id; 04863 union rsbac_target_id_t rsbac_new_target_id; 04864 union rsbac_attribute_value_t rsbac_attribute_value; 04865 #endif 04866 04867 if(!entry_p) 04868 return -RSBAC_EINVALIDPOINTER; 04869 04870 #ifdef CONFIG_RSBAC_FREEZE_UM 04871 if(rsbac_freeze) 04872 { 04873 rsbac_printk(KERN_WARNING 04874 "sys_rsbac_um_add_group(): RSBAC configuration frozen, no administration allowed!\n"); 04875 return -EPERM; 04876 } 04877 #endif 04878 04879 #ifndef CONFIG_RSBAC_MAINT 04880 #ifdef CONFIG_RSBAC_DEBUG 04881 if (rsbac_debug_aef) 04882 { 04883 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_group(): calling ADF\n"); 04884 } 04885 #endif 04886 rsbac_target_id.group = gid; 04887 rsbac_attribute_value.dummy = 0; 04888 if (!rsbac_adf_request(R_CREATE, 04889 current->pid, 04890 T_GROUP, 04891 rsbac_target_id, 04892 A_none, 04893 rsbac_attribute_value)) 04894 { 04895 return -EPERM; 04896 } 04897 #endif /* MAINT */ 04898 04899 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p)); 04900 if(!k_entry_p) 04901 return -RSBAC_ENOMEM; 04902 if(pass) 04903 { 04904 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 04905 if(!k_pass) 04906 { 04907 rsbac_kfree(k_entry_p); 04908 return -RSBAC_ENOMEM; 04909 } 04910 } 04911 else 04912 k_pass = NULL; 04913 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p)); 04914 if(err) 04915 goto out_free; 04916 if(!k_entry_p->name[0]) 04917 { 04918 err = -RSBAC_EINVALIDVALUE; 04919 goto out_free; 04920 } 04921 if(pass) 04922 { 04923 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN); 04924 if(err) 04925 goto out_free; 04926 k_pass[RSBAC_MAXNAMELEN-1] = 0; 04927 } 04928 err = rsbac_um_add_group(ta_number, &gid, k_entry_p, k_pass, ttl); 04929 04930 #ifndef CONFIG_RSBAC_MAINT 04931 /* RSBAC: notify ADF of new group */ 04932 if(!err) 04933 { 04934 rsbac_target_id.group = gid; 04935 rsbac_new_target_id.dummy = 0; 04936 if (rsbac_adf_set_attr(R_CREATE, 04937 current->pid, 04938 T_GROUP, 04939 rsbac_target_id, 04940 T_NONE, 04941 rsbac_new_target_id, 04942 A_none, 04943 rsbac_attribute_value)) 04944 { 04945 rsbac_printk(KERN_WARNING 04946 "sys_rsbac_um_add_group(): rsbac_adf_set_attr() returned error\n"); 04947 } 04948 } 04949 #endif 04950 04951 out_free: 04952 rsbac_kfree(k_entry_p); 04953 if(k_pass) 04954 { 04955 memset(k_pass, 0, RSBAC_MAXNAMELEN); 04956 rsbac_kfree(k_pass); 04957 } 04958 return err; 04959 #else 04960 return (-RSBAC_EINVALIDMODULE); 04961 #endif 04962 }

int sys_rsbac_um_add_user ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t uid,

struct rsbac_um_user_entry_t * entry_p,

char * pass,

rsbac_time_t ttl

)

Definition at line 4736 of file syscalls.c.
References A_none, rsbac_target_id_t::dummy, rsbac_attribute_value_t::dummy, NULL, R_CREATE, rsbac_adf_request(), rsbac_adf_set_attr(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDVALUE, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_add_user(), T_NONE, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
04742 { 04743 #if defined(CONFIG_RSBAC_UM) 04744 int err; 04745 struct rsbac_um_user_entry_t * k_entry_p; 04746 char * k_pass; 04747 #ifndef CONFIG_RSBAC_MAINT 04748 union rsbac_target_id_t rsbac_target_id; 04749 union rsbac_target_id_t rsbac_new_target_id; 04750 union rsbac_attribute_value_t rsbac_attribute_value; 04751 #endif 04752 04753 if(!entry_p) 04754 return -RSBAC_EINVALIDPOINTER; 04755 04756 #ifdef CONFIG_RSBAC_FREEZE_UM 04757 if(rsbac_freeze) 04758 { 04759 rsbac_printk(KERN_WARNING 04760 "sys_rsbac_um_add_user(): RSBAC configuration frozen, no administration allowed!\n"); 04761 return -EPERM; 04762 } 04763 #endif 04764 04765 #ifndef CONFIG_RSBAC_MAINT 04766 #ifdef CONFIG_RSBAC_DEBUG 04767 if (rsbac_debug_aef) 04768 { 04769 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_user(): calling ADF\n"); 04770 } 04771 #endif 04772 rsbac_target_id.user = uid; 04773 rsbac_attribute_value.dummy = 0; 04774 if (!rsbac_adf_request(R_CREATE, 04775 current->pid, 04776 T_USER, 04777 rsbac_target_id, 04778 A_none, 04779 rsbac_attribute_value)) 04780 { 04781 return -EPERM; 04782 } 04783 #endif /* MAINT */ 04784 04785 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p)); 04786 if(!k_entry_p) 04787 return -RSBAC_ENOMEM; 04788 if(pass) 04789 { 04790 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 04791 if(!k_pass) 04792 { 04793 rsbac_kfree(k_entry_p); 04794 return -RSBAC_ENOMEM; 04795 } 04796 } 04797 else 04798 k_pass = NULL; 04799 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p)); 04800 if(err) 04801 goto out_free; 04802 if(!k_entry_p->name[0]) 04803 { 04804 err = -RSBAC_EINVALIDVALUE; 04805 goto out_free; 04806 } 04807 if(pass) 04808 { 04809 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN); 04810 if(err) 04811 goto out_free; 04812 k_pass[RSBAC_MAXNAMELEN-1] = 0; 04813 } 04814 err = rsbac_um_add_user(ta_number, &uid, k_entry_p, k_pass, ttl); 04815 04816 #ifndef CONFIG_RSBAC_MAINT 04817 /* RSBAC: notify ADF of new user */ 04818 if(!err) 04819 { 04820 rsbac_target_id.user = uid; 04821 rsbac_new_target_id.dummy = 0; 04822 if (rsbac_adf_set_attr(R_CREATE, 04823 current->pid, 04824 T_USER, 04825 rsbac_target_id, 04826 T_NONE, 04827 rsbac_new_target_id, 04828 A_none, 04829 rsbac_attribute_value)) 04830 { 04831 rsbac_printk(KERN_WARNING 04832 "sys_rsbac_um_add_user(): rsbac_adf_set_attr() returned error\n"); 04833 } 04834 } 04835 #endif 04836 04837 out_free: 04838 rsbac_kfree(k_entry_p); 04839 if(k_pass) 04840 { 04841 memset(k_pass, 0, RSBAC_MAXNAMELEN); 04842 rsbac_kfree(k_pass); 04843 } 04844 return err; 04845 #else 04846 return (-RSBAC_EINVALIDMODULE); 04847 #endif 04848 }

int sys_rsbac_um_auth_name ( char * name,

char * pass

)

Definition at line 4598 of file syscalls.c.
References A_auth_last_auth, AUTH, rsbac_attribute_value_t::auth_last_auth, rsbac_target_id_t::process, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_set_attr, rsbac_um_check_pass(), rsbac_um_get_uid(), RSBAC_UM_NAME_LEN, and T_PROCESS.
Referenced by sys_rsbac().
04601 { 04602 #if defined(CONFIG_RSBAC_UM) 04603 rsbac_uid_t uid; 04604 int err; 04605 char * k_name; 04606 char * k_pass; 04607 union rsbac_target_id_t i_tid; 04608 union rsbac_attribute_value_t i_attr_val; 04609 #ifdef CONFIG_RSBAC_DEBUG 04610 if (rsbac_debug_aef_um) 04611 { 04612 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user\n"); 04613 } 04614 #endif 04615 if(!name || !pass) 04616 { 04617 #ifdef CONFIG_RSBAC_DEBUG 04618 if (rsbac_debug_aef_um) 04619 { 04620 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): NULL name or pass\n"); 04621 } 04622 #endif 04623 return -RSBAC_EINVALIDPOINTER; 04624 } 04625 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN); 04626 if(!k_name) 04627 return -RSBAC_ENOMEM; 04628 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 04629 if(!k_pass) 04630 { 04631 rsbac_kfree(k_name); 04632 return -RSBAC_ENOMEM; 04633 } 04634 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 04635 if(err) 04636 goto out_free; 04637 k_name[RSBAC_UM_NAME_LEN-1] = 0; 04638 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN); 04639 if(err) 04640 goto out_free; 04641 k_pass[RSBAC_MAXNAMELEN-1] = 0; 04642 #if 0 04643 #ifdef CONFIG_RSBAC_DEBUG 04644 if (rsbac_debug_aef_um) 04645 { 04646 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user %s with pass %s\n", 04647 k_name, k_pass); 04648 } 04649 #endif 04650 #endif 04651 err = rsbac_um_get_uid(0, k_name, &uid); 04652 if(err) 04653 goto out_free; 04654 04655 err = rsbac_um_check_pass(uid, k_pass); 04656 if(err) 04657 goto out_free; 04658 04659 #ifdef CONFIG_RSBAC_AUTH 04660 /* set auth_last_auth for this process */ 04661 i_tid.process = current->pid; 04662 i_attr_val.auth_last_auth = uid; 04663 if (rsbac_set_attr(AUTH, 04664 T_PROCESS, 04665 i_tid, 04666 A_auth_last_auth, 04667 i_attr_val)) 04668 { 04669 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth); 04670 } 04671 #endif /* AUTH */ 04672 04673 out_free: 04674 rsbac_kfree(k_name); 04675 memset(k_pass, 0, RSBAC_MAXNAMELEN); 04676 rsbac_kfree(k_pass); 04677 return err; 04678 #else 04679 return (-RSBAC_EINVALIDMODULE); 04680 #endif 04681 }

int sys_rsbac_um_auth_uid ( rsbac_uid_t uid,

char * pass

)

Definition at line 4683 of file syscalls.c.
References A_auth_last_auth, AUTH, rsbac_attribute_value_t::auth_last_auth, rsbac_target_id_t::process, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_set_attr, rsbac_um_check_pass(), and T_PROCESS.
Referenced by sys_rsbac().
04685 { 04686 #if defined(CONFIG_RSBAC_UM) 04687 int err; 04688 char * k_pass; 04689 union rsbac_target_id_t i_tid; 04690 union rsbac_attribute_value_t i_attr_val; 04691 04692 if(!pass) 04693 return -RSBAC_EINVALIDPOINTER; 04694 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 04695 if(!k_pass) 04696 return -RSBAC_ENOMEM; 04697 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN); 04698 if(err) 04699 goto out_free; 04700 k_pass[RSBAC_MAXNAMELEN-1] = 0; 04701 04702 #ifdef CONFIG_RSBAC_DEBUG 04703 if (rsbac_debug_aef_um) 04704 { 04705 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_uid(): authenticating user %u with pass %s\n", 04706 uid, k_pass); 04707 } 04708 #endif 04709 err = rsbac_um_check_pass(uid, k_pass); 04710 if(err) 04711 goto out_free; 04712 04713 #ifdef CONFIG_RSBAC_AUTH 04714 /* set auth_last_auth for this process */ 04715 i_tid.process = current->pid; 04716 i_attr_val.auth_last_auth = uid; 04717 if (rsbac_set_attr(AUTH, 04718 T_PROCESS, 04719 i_tid, 04720 A_auth_last_auth, 04721 i_attr_val)) 04722 { 04723 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth); 04724 } 04725 #endif /* AUTH */ 04726 04727 out_free: 04728 memset(k_pass, 0, RSBAC_MAXNAMELEN); 04729 rsbac_kfree(k_pass); 04730 return err; 04731 #else 04732 return (-RSBAC_EINVALIDMODULE); 04733 #endif 04734 }

int sys_rsbac_um_check_account ( rsbac_uid_t uid )

Definition at line 6252 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_check_account(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
06253 { 06254 #if defined(CONFIG_RSBAC_UM) 06255 #ifndef CONFIG_RSBAC_MAINT 06256 union rsbac_target_id_t rsbac_target_id; 06257 union rsbac_attribute_value_t rsbac_attribute_value; 06258 #endif 06259 06260 06261 #ifndef CONFIG_RSBAC_MAINT 06262 #ifdef CONFIG_RSBAC_DEBUG 06263 if (rsbac_debug_aef) 06264 { 06265 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n"); 06266 } 06267 #endif 06268 rsbac_target_id.user = uid; 06269 rsbac_attribute_value.dummy = 0; 06270 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06271 current->pid, 06272 T_USER, 06273 rsbac_target_id, 06274 A_none, 06275 rsbac_attribute_value)) 06276 { 06277 return -EPERM; 06278 } 06279 #endif /* MAINT */ 06280 06281 return rsbac_um_check_account(uid); 06282 #else 06283 return (-RSBAC_EINVALIDMODULE); 06284 #endif 06285 }

int sys_rsbac_um_check_account_name ( char * name )

Definition at line 6287 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_printk(), rsbac_um_check_account(), rsbac_um_get_uid(), RSBAC_UM_NAME_LEN, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
06288 { 06289 #if defined(CONFIG_RSBAC_UM) 06290 int err; 06291 rsbac_uid_t uid; 06292 char k_name[RSBAC_UM_NAME_LEN]; 06293 #ifndef CONFIG_RSBAC_MAINT 06294 union rsbac_target_id_t rsbac_target_id; 06295 union rsbac_attribute_value_t rsbac_attribute_value; 06296 #endif 06297 06298 if(!name) 06299 return -RSBAC_EINVALIDPOINTER; 06300 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 06301 if(err) 06302 return err; 06303 k_name[RSBAC_UM_NAME_LEN-1] = 0; 06304 #ifdef CONFIG_RSBAC_DEBUG 06305 if (rsbac_debug_aef_um) 06306 { 06307 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): checking user %s\n", 06308 k_name); 06309 } 06310 #endif 06311 err = rsbac_um_get_uid(0, k_name, &uid); 06312 if(err) 06313 { 06314 #ifdef CONFIG_RSBAC_DEBUG 06315 if (rsbac_debug_aef_um) 06316 { 06317 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): lookup of user %s failed\n", 06318 k_name); 06319 } 06320 #endif 06321 return err; 06322 } 06323 06324 #ifndef CONFIG_RSBAC_MAINT 06325 #ifdef CONFIG_RSBAC_DEBUG 06326 if (rsbac_debug_aef) 06327 { 06328 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n"); 06329 } 06330 #endif 06331 rsbac_target_id.user = uid; 06332 rsbac_attribute_value.dummy = 0; 06333 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06334 current->pid, 06335 T_USER, 06336 rsbac_target_id, 06337 A_none, 06338 rsbac_attribute_value)) 06339 { 06340 return -EPERM; 06341 } 06342 #endif /* MAINT */ 06343 06344 return rsbac_um_check_account(uid); 06345 #else 06346 return (-RSBAC_EINVALIDMODULE); 06347 #endif 06348 }

int sys_rsbac_um_get_gid ( rsbac_list_ta_number_t ta_number,

char * name,

rsbac_gid_t * gid_p

)

Definition at line 5979 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_printk(), rsbac_um_get_gid(), RSBAC_UM_NAME_LEN, and T_GROUP.
Referenced by sys_rsbac().
05983 { 05984 #if defined(CONFIG_RSBAC_UM) 05985 rsbac_gid_t k_gid; 05986 int err; 05987 char k_name[RSBAC_UM_NAME_LEN]; 05988 05989 if(!name || !gid_p) 05990 return -RSBAC_EINVALIDPOINTER; 05991 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 05992 if(err) 05993 return err; 05994 k_name[RSBAC_UM_NAME_LEN-1] = 0; 05995 err = rsbac_um_get_gid(ta_number, k_name, &k_gid); 05996 if(!err) 05997 { 05998 #ifndef CONFIG_RSBAC_MAINT 05999 union rsbac_target_id_t rsbac_target_id; 06000 union rsbac_attribute_value_t rsbac_attribute_value; 06001 06002 #ifdef CONFIG_RSBAC_DEBUG 06003 if (rsbac_debug_aef) 06004 { 06005 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gid(): calling ADF\n"); 06006 } 06007 #endif 06008 rsbac_target_id.group = k_gid; 06009 rsbac_attribute_value.dummy = 0; 06010 if (!rsbac_adf_request(R_SEARCH, 06011 current->pid, 06012 T_GROUP, 06013 rsbac_target_id, 06014 A_none, 06015 rsbac_attribute_value)) 06016 { 06017 err = -EPERM; 06018 } 06019 else 06020 #endif /* MAINT */ 06021 06022 err = rsbac_put_user((char *)&k_gid, (char *) gid_p, sizeof(k_gid)); 06023 } 06024 return err; 06025 #else 06026 return (-RSBAC_EINVALIDMODULE); 06027 #endif 06028 }

int sys_rsbac_um_get_gm_list ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t user,

rsbac_gid_t group_array[],

u_int maxnum

)

Definition at line 5755 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, NULL, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_get_gm_list(), RSBAC_UM_MAX_MAXNUM, rsbac_vfree, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05760 { 05761 #if defined(CONFIG_RSBAC_UM) 05762 long count; 05763 rsbac_gid_t * k_group_array; 05764 #ifndef CONFIG_RSBAC_MAINT 05765 union rsbac_target_id_t rsbac_target_id; 05766 union rsbac_attribute_value_t rsbac_attribute_value; 05767 #endif 05768 05769 05770 if(maxnum > RSBAC_UM_MAX_MAXNUM) 05771 maxnum = RSBAC_UM_MAX_MAXNUM; 05772 05773 #ifndef CONFIG_RSBAC_MAINT 05774 #ifdef CONFIG_RSBAC_DEBUG 05775 if (rsbac_debug_aef) 05776 { 05777 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_list(): calling ADF\n"); 05778 } 05779 #endif 05780 rsbac_target_id.user = user; 05781 rsbac_attribute_value.dummy = 0; 05782 if (!rsbac_adf_request(R_GET_STATUS_DATA, 05783 current->pid, 05784 T_USER, 05785 rsbac_target_id, 05786 A_none, 05787 rsbac_attribute_value)) 05788 { 05789 return -EPERM; 05790 } 05791 #endif /* MAINT */ 05792 05793 /* count only */ 05794 if(!group_array || !maxnum) 05795 return rsbac_um_get_gm_list(ta_number, user, NULL); 05796 05797 count = rsbac_um_get_gm_list(ta_number, user, &k_group_array); 05798 if(count>0) 05799 { 05800 if(count > maxnum) 05801 count = maxnum; 05802 rsbac_put_user((u_char *) k_group_array, 05803 (u_char *) group_array, 05804 count * sizeof(*k_group_array) ); 05805 rsbac_vfree(k_group_array); 05806 } 05807 return count; 05808 #else 05809 return -RSBAC_EINVALIDMODULE; 05810 #endif 05811 }; /* end of sys_rsbac_um_get_group_list() */

int sys_rsbac_um_get_gm_user_list ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t group,

rsbac_uid_t user_array[],

u_int maxnum

)

Definition at line 5813 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_READ, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_get_gm_user_list(), RSBAC_UM_MAX_MAXNUM, rsbac_vfree, and T_GROUP.
Referenced by sys_rsbac().
05818 { 05819 #if defined(CONFIG_RSBAC_UM) 05820 long count; 05821 rsbac_uid_t * k_user_array; 05822 #ifndef CONFIG_RSBAC_MAINT 05823 union rsbac_target_id_t rsbac_target_id; 05824 union rsbac_attribute_value_t rsbac_attribute_value; 05825 #endif 05826 05827 if(maxnum > RSBAC_UM_MAX_MAXNUM) 05828 maxnum = RSBAC_UM_MAX_MAXNUM; 05829 05830 #ifndef CONFIG_RSBAC_MAINT 05831 #ifdef CONFIG_RSBAC_DEBUG 05832 if (rsbac_debug_aef) 05833 { 05834 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_user_list(): calling ADF\n"); 05835 } 05836 #endif 05837 rsbac_target_id.group = group; 05838 rsbac_attribute_value.dummy = 0; 05839 if (!rsbac_adf_request(R_READ, 05840 current->pid, 05841 T_GROUP, 05842 rsbac_target_id, 05843 A_none, 05844 rsbac_attribute_value)) 05845 { 05846 return -EPERM; 05847 } 05848 #endif /* MAINT */ 05849 /* count number of all users */ 05850 if(!user_array || !maxnum) 05851 return rsbac_um_get_gm_user_list(ta_number, group, NULL); 05852 05853 count = rsbac_um_get_gm_user_list(ta_number, group, &k_user_array); 05854 if(count>0) 05855 { 05856 if(count > maxnum) 05857 count = maxnum; 05858 rsbac_put_user((u_char *) k_user_array, 05859 (u_char *) user_array, 05860 count * sizeof(*k_user_array) ); 05861 rsbac_vfree(k_user_array); 05862 } 05863 return count; 05864 #else 05865 return -RSBAC_EINVALIDMODULE; 05866 #endif 05867 }; /* end of sys_rsbac_um_get_group_list() */

int sys_rsbac_um_get_group_item ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t gid,

enum rsbac_um_mod_t mod,

union rsbac_um_mod_data_t * data_p

)

Definition at line 5330 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, R_GET_PERMISSIONS_DATA, R_GET_STATUS_DATA, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), rsbac_printk(), rsbac_um_get_group_item(), T_GROUP, UM_name, UM_none, UM_pass, and UM_ttl.
Referenced by sys_rsbac().
05335 { 05336 #if defined(CONFIG_RSBAC_UM) 05337 int err; 05338 union rsbac_um_mod_data_t * k_data_p; 05339 #ifndef CONFIG_RSBAC_MAINT 05340 enum rsbac_adf_request_t rsbac_request; 05341 union rsbac_target_id_t rsbac_target_id; 05342 union rsbac_attribute_value_t rsbac_attribute_value; 05343 #endif 05344 05345 if(mod >= UM_none) 05346 return -RSBAC_EINVALIDREQUEST; 05347 if(!data_p) 05348 return -RSBAC_EINVALIDPOINTER; 05349 05350 #ifndef CONFIG_RSBAC_MAINT 05351 #ifdef CONFIG_RSBAC_DEBUG 05352 if (rsbac_debug_aef) 05353 { 05354 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_item(): calling ADF\n"); 05355 } 05356 #endif 05357 rsbac_attribute_value.dummy = 0; 05358 switch(mod) 05359 { 05360 case UM_name: 05361 rsbac_request = R_SEARCH; 05362 break; 05363 05364 case UM_pass: 05365 rsbac_request = R_GET_PERMISSIONS_DATA; 05366 break; 05367 05368 case UM_ttl: 05369 rsbac_request = R_GET_STATUS_DATA; 05370 break; 05371 05372 default: 05373 return -RSBAC_EINVALIDREQUEST; 05374 } 05375 rsbac_target_id.group = gid; 05376 if (!rsbac_adf_request(rsbac_request, 05377 current->pid, 05378 T_GROUP, 05379 rsbac_target_id, 05380 A_none, 05381 rsbac_attribute_value)) 05382 { 05383 return -EPERM; 05384 } 05385 #endif /* MAINT */ 05386 05387 k_data_p = rsbac_kmalloc(sizeof(*k_data_p)); 05388 if(!k_data_p) 05389 return -RSBAC_ENOMEM; 05390 memset(k_data_p, 0, sizeof(*k_data_p)); 05391 05392 err = rsbac_um_get_group_item(ta_number, gid, mod, k_data_p); 05393 if(!err) 05394 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) ); 05395 rsbac_kfree(k_data_p); 05396 return err; 05397 #else 05398 return (-RSBAC_EINVALIDMODULE); 05399 #endif 05400 }

int sys_rsbac_um_get_group_list ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t group_array[],

u_int maxnum

)

Definition at line 5869 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_SEARCH, rsbac_adf_request(), RSBAC_ALL_USERS, RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_get_group_list(), RSBAC_UM_MAX_MAXNUM, rsbac_vfree, and T_GROUP.
Referenced by sys_rsbac().
05873 { 05874 #if defined(CONFIG_RSBAC_UM) 05875 long count; 05876 rsbac_gid_t * k_group_array; 05877 #ifndef CONFIG_RSBAC_MAINT 05878 union rsbac_target_id_t rsbac_target_id; 05879 union rsbac_attribute_value_t rsbac_attribute_value; 05880 #endif 05881 05882 if(maxnum > RSBAC_UM_MAX_MAXNUM) 05883 maxnum = RSBAC_UM_MAX_MAXNUM; 05884 05885 #ifndef CONFIG_RSBAC_MAINT 05886 #ifdef CONFIG_RSBAC_DEBUG 05887 if (rsbac_debug_aef) 05888 { 05889 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_list(): calling ADF\n"); 05890 } 05891 #endif 05892 rsbac_target_id.group = RSBAC_ALL_USERS; 05893 rsbac_attribute_value.dummy = 0; 05894 if (!rsbac_adf_request(R_SEARCH, 05895 current->pid, 05896 T_GROUP, 05897 rsbac_target_id, 05898 A_none, 05899 rsbac_attribute_value)) 05900 { 05901 return -EPERM; 05902 } 05903 #endif /* MAINT */ 05904 05905 /* count only */ 05906 if(!group_array || !maxnum) 05907 return rsbac_um_get_group_list(ta_number, NULL); 05908 05909 count = rsbac_um_get_group_list(ta_number, &k_group_array); 05910 if(count>0) 05911 { 05912 if(count > maxnum) 05913 count = maxnum; 05914 rsbac_put_user((u_char *) k_group_array, 05915 (u_char *) group_array, 05916 count * sizeof(*k_group_array) ); 05917 rsbac_vfree(k_group_array); 05918 } 05919 return count; 05920 #else 05921 return -RSBAC_EINVALIDMODULE; 05922 #endif 05923 }; /* end of sys_rsbac_um_get_group_list() */

int sys_rsbac_um_get_next_user ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t old_user,

rsbac_uid_t * next_user_p

)

Definition at line 5654 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_printk(), rsbac_um_get_next_user(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05658 { 05659 #if defined(CONFIG_RSBAC_UM) 05660 rsbac_uid_t k_next_user; 05661 int err; 05662 #ifndef CONFIG_RSBAC_MAINT 05663 union rsbac_target_id_t rsbac_target_id; 05664 union rsbac_attribute_value_t rsbac_attribute_value; 05665 #endif 05666 05667 if(!next_user_p) 05668 return -RSBAC_EINVALIDPOINTER; 05669 05670 #ifndef CONFIG_RSBAC_MAINT 05671 #ifdef CONFIG_RSBAC_DEBUG 05672 if (rsbac_debug_aef) 05673 { 05674 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_next_user(): calling ADF\n"); 05675 } 05676 #endif 05677 rsbac_target_id.user = old_user; 05678 rsbac_attribute_value.dummy = 0; 05679 if (!rsbac_adf_request(R_SEARCH, 05680 current->pid, 05681 T_USER, 05682 rsbac_target_id, 05683 A_none, 05684 rsbac_attribute_value)) 05685 { 05686 return -EPERM; 05687 } 05688 #endif /* MAINT */ 05689 05690 err = rsbac_um_get_next_user(ta_number, old_user, &k_next_user); 05691 if(!err) 05692 err = rsbac_put_user((char *)&k_next_user, (char *) next_user_p, sizeof(k_next_user)); 05693 return err; 05694 #else 05695 return (-RSBAC_EINVALIDMODULE); 05696 #endif 05697 }

int sys_rsbac_um_get_uid ( rsbac_list_ta_number_t ta_number,

char * name,

rsbac_uid_t * uid_p

)

Definition at line 5927 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_printk(), rsbac_um_get_uid(), RSBAC_UM_NAME_LEN, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05931 { 05932 #if defined(CONFIG_RSBAC_UM) 05933 rsbac_uid_t k_uid; 05934 int err; 05935 char k_name[RSBAC_UM_NAME_LEN]; 05936 05937 if(!name || !uid_p) 05938 return -RSBAC_EINVALIDPOINTER; 05939 05940 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 05941 if(err) 05942 return err; 05943 k_name[RSBAC_UM_NAME_LEN-1] = 0; 05944 err = rsbac_um_get_uid(ta_number, k_name, &k_uid); 05945 if(!err) 05946 { 05947 #ifndef CONFIG_RSBAC_MAINT 05948 union rsbac_target_id_t rsbac_target_id; 05949 union rsbac_attribute_value_t rsbac_attribute_value; 05950 05951 #ifdef CONFIG_RSBAC_DEBUG 05952 if (rsbac_debug_aef) 05953 { 05954 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_uid(): calling ADF\n"); 05955 } 05956 #endif 05957 rsbac_target_id.user = k_uid; 05958 rsbac_attribute_value.dummy = 0; 05959 if (!rsbac_adf_request(R_SEARCH, 05960 current->pid, 05961 T_USER, 05962 rsbac_target_id, 05963 A_none, 05964 rsbac_attribute_value)) 05965 { 05966 err = -EPERM; 05967 } 05968 else 05969 #endif /* MAINT */ 05970 05971 err = rsbac_put_user((char *)&k_uid, (char *) uid_p, sizeof(k_uid)); 05972 } 05973 return err; 05974 #else 05975 return (-RSBAC_EINVALIDMODULE); 05976 #endif 05977 }

int sys_rsbac_um_get_user_item ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t uid,

enum rsbac_um_mod_t mod,

union rsbac_um_mod_data_t * data_p

)

Definition at line 5245 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_PERMISSIONS_DATA, R_GET_STATUS_DATA, R_READ, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), rsbac_printk(), rsbac_um_get_user_item(), T_USER, UM_expire, UM_fullname, UM_group, UM_homedir, UM_inactive, UM_lastchange, UM_maxchange, UM_minchange, UM_name, UM_none, UM_pass, UM_shell, UM_ttl, UM_warnchange, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05250 { 05251 #if defined(CONFIG_RSBAC_UM) 05252 int err; 05253 union rsbac_um_mod_data_t * k_data_p; 05254 #ifndef CONFIG_RSBAC_MAINT 05255 enum rsbac_adf_request_t rsbac_request; 05256 union rsbac_target_id_t rsbac_target_id; 05257 union rsbac_attribute_value_t rsbac_attribute_value; 05258 #endif 05259 05260 if(mod >= UM_none) 05261 return -RSBAC_EINVALIDREQUEST; 05262 if(!data_p) 05263 return -RSBAC_EINVALIDPOINTER; 05264 05265 #ifndef CONFIG_RSBAC_MAINT 05266 #ifdef CONFIG_RSBAC_DEBUG 05267 if (rsbac_debug_aef) 05268 { 05269 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_item(): calling ADF\n"); 05270 } 05271 #endif 05272 rsbac_attribute_value.dummy = 0; 05273 switch(mod) 05274 { 05275 case UM_name: 05276 rsbac_request = R_SEARCH; 05277 break; 05278 05279 case UM_group: 05280 case UM_fullname: 05281 case UM_homedir: 05282 case UM_shell: 05283 rsbac_request = R_GET_STATUS_DATA; 05284 break; 05285 05286 case UM_pass: 05287 rsbac_request = R_GET_PERMISSIONS_DATA; 05288 break; 05289 05290 case UM_lastchange: 05291 case UM_minchange: 05292 case UM_maxchange: 05293 case UM_warnchange: 05294 case UM_inactive: 05295 case UM_expire: 05296 case UM_ttl: 05297 rsbac_request = R_READ; 05298 break; 05299 05300 default: 05301 return -RSBAC_EINVALIDREQUEST; 05302 } 05303 rsbac_target_id.user = uid; 05304 if (!rsbac_adf_request(rsbac_request, 05305 current->pid, 05306 T_USER, 05307 rsbac_target_id, 05308 A_none, 05309 rsbac_attribute_value)) 05310 { 05311 return -EPERM; 05312 } 05313 #endif /* MAINT */ 05314 05315 k_data_p = rsbac_kmalloc(sizeof(*k_data_p)); 05316 if(!k_data_p) 05317 return -RSBAC_ENOMEM; 05318 memset(k_data_p, 0, sizeof(*k_data_p)); 05319 05320 err = rsbac_um_get_user_item(ta_number, uid, mod, k_data_p); 05321 if(!err) 05322 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) ); 05323 rsbac_kfree(k_data_p); 05324 return err; 05325 #else 05326 return (-RSBAC_EINVALIDMODULE); 05327 #endif 05328 }

int sys_rsbac_um_get_user_list ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t user_array[],

u_int maxnum

)

Definition at line 5699 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, NULL, R_SEARCH, rsbac_adf_request(), RSBAC_ALL_USERS, RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_get_user_list(), RSBAC_UM_MAX_MAXNUM, rsbac_vfree, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05703 { 05704 #if defined(CONFIG_RSBAC_UM) 05705 long count; 05706 rsbac_uid_t * k_user_array; 05707 #ifndef CONFIG_RSBAC_MAINT 05708 union rsbac_target_id_t rsbac_target_id; 05709 union rsbac_attribute_value_t rsbac_attribute_value; 05710 #endif 05711 05712 if(maxnum > RSBAC_UM_MAX_MAXNUM) 05713 maxnum = RSBAC_UM_MAX_MAXNUM; 05714 05715 #ifndef CONFIG_RSBAC_MAINT 05716 #ifdef CONFIG_RSBAC_DEBUG 05717 if (rsbac_debug_aef) 05718 { 05719 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_list(): calling ADF\n"); 05720 } 05721 #endif 05722 rsbac_target_id.user = RSBAC_ALL_USERS; 05723 rsbac_attribute_value.dummy = 0; 05724 if (!rsbac_adf_request(R_SEARCH, 05725 current->pid, 05726 T_USER, 05727 rsbac_target_id, 05728 A_none, 05729 rsbac_attribute_value)) 05730 { 05731 return -EPERM; 05732 } 05733 #endif /* MAINT */ 05734 05735 /* count only */ 05736 if(!user_array || !maxnum) 05737 return rsbac_um_get_user_list(ta_number, NULL); 05738 05739 count = rsbac_um_get_user_list(ta_number, &k_user_array); 05740 if(count>0) 05741 { 05742 if(count > maxnum) 05743 count = maxnum; 05744 rsbac_put_user((u_char *) k_user_array, 05745 (u_char *) user_array, 05746 count * sizeof(*k_user_array) ); 05747 rsbac_vfree(k_user_array); 05748 } 05749 return count; 05750 #else 05751 return -RSBAC_EINVALIDMODULE; 05752 #endif 05753 }; /* end of sys_rsbac_um_get_user_list() */

int sys_rsbac_um_group_exists ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t gid

)

Definition at line 5618 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_group_exists(), and T_GROUP.
05621 { 05622 #if defined(CONFIG_RSBAC_UM) 05623 #ifndef CONFIG_RSBAC_MAINT 05624 union rsbac_target_id_t rsbac_target_id; 05625 union rsbac_attribute_value_t rsbac_attribute_value; 05626 #endif 05627 05628 #ifndef CONFIG_RSBAC_MAINT 05629 #ifdef CONFIG_RSBAC_DEBUG 05630 if (rsbac_debug_aef) 05631 { 05632 rsbac_printk(KERN_DEBUG "sys_rsbac_um_group_exists(): calling ADF\n"); 05633 } 05634 #endif 05635 rsbac_target_id.group = gid; 05636 rsbac_attribute_value.dummy = 0; 05637 if (!rsbac_adf_request(R_SEARCH, 05638 current->pid, 05639 T_GROUP, 05640 rsbac_target_id, 05641 A_none, 05642 rsbac_attribute_value)) 05643 { 05644 return -EPERM; 05645 } 05646 #endif /* MAINT */ 05647 05648 return rsbac_um_group_exists(ta_number, gid); 05649 #else 05650 return (-RSBAC_EINVALIDMODULE); 05651 #endif 05652 }

int sys_rsbac_um_mod_group ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t gid,

enum rsbac_um_mod_t mod,

union rsbac_um_mod_data_t * data_p

)

Definition at line 5150 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_DELETE, R_MODIFY_PERMISSIONS_DATA, R_RENAME, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_mod_group(), T_GROUP, UM_cryptpass, UM_name, UM_none, UM_pass, and UM_ttl.
Referenced by sys_rsbac().
05155 { 05156 #if defined(CONFIG_RSBAC_UM) 05157 int err; 05158 union rsbac_um_mod_data_t * k_data_p; 05159 #ifndef CONFIG_RSBAC_MAINT 05160 enum rsbac_adf_request_t rsbac_request; 05161 union rsbac_target_id_t rsbac_target_id; 05162 union rsbac_attribute_value_t rsbac_attribute_value; 05163 #endif 05164 05165 if(mod >= UM_none) 05166 return -RSBAC_EINVALIDREQUEST; 05167 if( !data_p 05168 && (mod != UM_pass) 05169 ) 05170 return -RSBAC_EINVALIDPOINTER; 05171 05172 #ifdef CONFIG_RSBAC_FREEZE_UM 05173 if(rsbac_freeze) 05174 { 05175 rsbac_printk(KERN_WARNING 05176 "sys_rsbac_um_mod_group(): RSBAC configuration frozen, no administration allowed!\n"); 05177 return -EPERM; 05178 } 05179 #endif 05180 05181 #ifndef CONFIG_RSBAC_MAINT 05182 #ifdef CONFIG_RSBAC_DEBUG 05183 if (rsbac_debug_aef) 05184 { 05185 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_group(): calling ADF\n"); 05186 } 05187 #endif 05188 switch(mod) 05189 { 05190 case UM_name: 05191 rsbac_request = R_RENAME; 05192 break; 05193 05194 case UM_pass: 05195 case UM_cryptpass: 05196 rsbac_request = R_MODIFY_PERMISSIONS_DATA; 05197 break; 05198 05199 case UM_ttl: 05200 rsbac_request = R_DELETE; 05201 break; 05202 05203 default: 05204 return -RSBAC_EINVALIDREQUEST; 05205 } 05206 rsbac_target_id.group = gid; 05207 rsbac_attribute_value.dummy = 0; 05208 if (!rsbac_adf_request(rsbac_request, 05209 current->pid, 05210 T_GROUP, 05211 rsbac_target_id, 05212 A_none, 05213 rsbac_attribute_value)) 05214 { 05215 return -EPERM; 05216 } 05217 #endif /* MAINT */ 05218 05219 if(data_p) 05220 { 05221 k_data_p = rsbac_kmalloc(sizeof(*k_data_p)); 05222 if(!k_data_p) 05223 return -RSBAC_ENOMEM; 05224 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p)); 05225 if(err) 05226 { 05227 rsbac_kfree(k_data_p); 05228 return err; 05229 } 05230 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0; 05231 } 05232 else 05233 k_data_p = NULL; 05234 05235 err = rsbac_um_mod_group(ta_number, gid, mod, k_data_p); 05236 05237 if(k_data_p) 05238 rsbac_kfree(k_data_p); 05239 return err; 05240 #else 05241 return (-RSBAC_EINVALIDMODULE); 05242 #endif 05243 }

int sys_rsbac_um_mod_user ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t uid,

enum rsbac_um_mod_t mod,

union rsbac_um_mod_data_t * data_p

)

Definition at line 5011 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_um_mod_data_t::group, NULL, R_CHANGE_GROUP, R_DELETE, R_MODIFY_PERMISSIONS_DATA, R_RENAME, R_WRITE, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_mod_user(), T_USER, UM_cryptpass, UM_expire, UM_fullname, UM_group, UM_homedir, UM_inactive, UM_lastchange, UM_maxchange, UM_minchange, UM_name, UM_none, UM_pass, UM_shell, UM_ttl, UM_warnchange, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05016 { 05017 #if defined(CONFIG_RSBAC_UM) 05018 int err; 05019 union rsbac_um_mod_data_t * k_data_p; 05020 #ifndef CONFIG_RSBAC_MAINT 05021 enum rsbac_adf_request_t rsbac_request; 05022 union rsbac_target_id_t rsbac_target_id; 05023 enum rsbac_attribute_t rsbac_attribute = A_none; 05024 union rsbac_attribute_value_t rsbac_attribute_value; 05025 #endif 05026 05027 if(mod >= UM_none) 05028 return -RSBAC_EINVALIDREQUEST; 05029 if( !data_p 05030 && (mod != UM_pass) 05031 ) 05032 return -RSBAC_EINVALIDPOINTER; 05033 05034 #ifdef CONFIG_RSBAC_FREEZE_UM 05035 if(rsbac_freeze) 05036 { 05037 rsbac_printk(KERN_WARNING 05038 "sys_rsbac_um_mod_user(): RSBAC configuration frozen, no administration allowed!\n"); 05039 return -EPERM; 05040 } 05041 #endif 05042 05043 #ifndef CONFIG_RSBAC_MAINT 05044 #ifdef CONFIG_RSBAC_DEBUG 05045 if (rsbac_debug_aef) 05046 { 05047 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_user(): calling ADF\n"); 05048 } 05049 #endif 05050 rsbac_attribute_value.dummy = 0; 05051 switch(mod) 05052 { 05053 case UM_name: 05054 rsbac_request = R_RENAME; 05055 break; 05056 05057 case UM_pass: 05058 case UM_cryptpass: 05059 rsbac_request = R_MODIFY_PERMISSIONS_DATA; 05060 break; 05061 05062 case UM_fullname: 05063 rsbac_request = R_WRITE; 05064 break; 05065 05066 case UM_homedir: 05067 rsbac_request = R_WRITE; 05068 break; 05069 05070 case UM_shell: 05071 rsbac_request = R_WRITE; 05072 break; 05073 05074 case UM_group: 05075 rsbac_request = R_CHANGE_GROUP; 05076 rsbac_attribute = A_group; 05077 rsbac_attribute_value.group = data_p->group; 05078 break; 05079 05080 case UM_lastchange: 05081 rsbac_request = R_WRITE; 05082 break; 05083 05084 case UM_minchange: 05085 rsbac_request = R_WRITE; 05086 break; 05087 05088 case UM_maxchange: 05089 rsbac_request = R_WRITE; 05090 break; 05091 05092 case UM_warnchange: 05093 rsbac_request = R_WRITE; 05094 break; 05095 05096 case UM_inactive: 05097 rsbac_request = R_WRITE; 05098 break; 05099 05100 case UM_expire: 05101 rsbac_request = R_WRITE; 05102 break; 05103 05104 case UM_ttl: 05105 rsbac_request = R_DELETE; 05106 break; 05107 05108 default: 05109 return -RSBAC_EINVALIDREQUEST; 05110 } 05111 rsbac_target_id.user = uid; 05112 if (!rsbac_adf_request(rsbac_request, 05113 current->pid, 05114 T_USER, 05115 rsbac_target_id, 05116 rsbac_attribute, 05117 rsbac_attribute_value)) 05118 { 05119 return -EPERM; 05120 } 05121 #endif /* MAINT */ 05122 05123 05124 if(data_p) 05125 { 05126 k_data_p = rsbac_kmalloc(sizeof(*k_data_p)); 05127 if(!k_data_p) 05128 return -RSBAC_ENOMEM; 05129 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p)); 05130 if(err) 05131 { 05132 rsbac_kfree(k_data_p); 05133 return err; 05134 } 05135 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0; 05136 } 05137 else 05138 k_data_p = NULL; 05139 05140 err = rsbac_um_mod_user(ta_number, uid, mod, k_data_p); 05141 05142 if(k_data_p) 05143 rsbac_kfree(k_data_p); 05144 return err; 05145 #else 05146 return (-RSBAC_EINVALIDMODULE); 05147 #endif 05148 }

int sys_rsbac_um_remove_gm ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t user,

rsbac_gid_t group

)

Definition at line 5536 of file syscalls.c.
References R_CHANGE_GROUP, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_remove_gm(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05540 { 05541 #if defined(CONFIG_RSBAC_UM) 05542 #ifndef CONFIG_RSBAC_MAINT 05543 union rsbac_target_id_t rsbac_target_id; 05544 union rsbac_attribute_value_t rsbac_attribute_value; 05545 #endif 05546 05547 #ifdef CONFIG_RSBAC_FREEZE_UM 05548 if(rsbac_freeze) 05549 { 05550 rsbac_printk(KERN_WARNING 05551 "sys_rsbac_um_remove_gm(): RSBAC configuration frozen, no administration allowed!\n"); 05552 return -EPERM; 05553 } 05554 #endif 05555 05556 #ifndef CONFIG_RSBAC_MAINT 05557 #ifdef CONFIG_RSBAC_DEBUG 05558 if (rsbac_debug_aef) 05559 { 05560 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_gm(): calling ADF\n"); 05561 } 05562 #endif 05563 rsbac_target_id.user = user; 05564 rsbac_attribute_value.group = group; 05565 if (!rsbac_adf_request(R_CHANGE_GROUP, 05566 current->pid, 05567 T_USER, 05568 rsbac_target_id, 05569 A_group, 05570 rsbac_attribute_value)) 05571 { 05572 return -EPERM; 05573 } 05574 #endif /* MAINT */ 05575 05576 return rsbac_um_remove_gm(ta_number, user, group); 05577 #else 05578 return (-RSBAC_EINVALIDMODULE); 05579 #endif 05580 }

int sys_rsbac_um_remove_group ( rsbac_list_ta_number_t ta_number,

rsbac_gid_t gid

)

Definition at line 5469 of file syscalls.c.
References A_none, rsbac_target_id_t::dummy, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, R_DELETE, rsbac_adf_request(), rsbac_adf_set_attr(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_remove_group(), T_GROUP, and T_NONE.
Referenced by sys_rsbac().
05472 { 05473 #if defined(CONFIG_RSBAC_UM) 05474 int err; 05475 #ifndef CONFIG_RSBAC_MAINT 05476 union rsbac_target_id_t rsbac_target_id; 05477 union rsbac_target_id_t rsbac_new_target_id; 05478 union rsbac_attribute_value_t rsbac_attribute_value; 05479 #endif 05480 05481 #ifdef CONFIG_RSBAC_FREEZE_UM 05482 if(rsbac_freeze) 05483 { 05484 rsbac_printk(KERN_WARNING 05485 "sys_rsbac_um_remove_group(): RSBAC configuration frozen, no administration allowed!\n"); 05486 return -EPERM; 05487 } 05488 #endif 05489 05490 #ifndef CONFIG_RSBAC_MAINT 05491 #ifdef CONFIG_RSBAC_DEBUG 05492 if (rsbac_debug_aef) 05493 { 05494 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_group(): calling ADF\n"); 05495 } 05496 #endif 05497 rsbac_target_id.group = gid; 05498 rsbac_attribute_value.dummy = 0; 05499 if (!rsbac_adf_request(R_DELETE, 05500 current->pid, 05501 T_GROUP, 05502 rsbac_target_id, 05503 A_none, 05504 rsbac_attribute_value)) 05505 { 05506 return -EPERM; 05507 } 05508 #endif /* MAINT */ 05509 05510 err = rsbac_um_remove_group(ta_number, gid); 05511 05512 #ifndef CONFIG_RSBAC_MAINT 05513 if(!err) 05514 { 05515 rsbac_new_target_id.dummy = 0; 05516 if (rsbac_adf_set_attr(R_DELETE, 05517 current->pid, 05518 T_GROUP, 05519 rsbac_target_id, 05520 T_NONE, 05521 rsbac_new_target_id, 05522 A_none, 05523 rsbac_attribute_value)) 05524 { 05525 rsbac_printk(KERN_WARNING 05526 "sys_rsbac_um_remove_group(): rsbac_adf_set_attr() returned error"); 05527 } 05528 } 05529 #endif 05530 return err; 05531 #else 05532 return (-RSBAC_EINVALIDMODULE); 05533 #endif 05534 }

int sys_rsbac_um_remove_user ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t uid

)

Definition at line 5402 of file syscalls.c.
References A_none, rsbac_target_id_t::dummy, rsbac_attribute_value_t::dummy, R_DELETE, rsbac_adf_request(), rsbac_adf_set_attr(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_remove_user(), T_NONE, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05405 { 05406 #if defined(CONFIG_RSBAC_UM) 05407 int err; 05408 #ifndef CONFIG_RSBAC_MAINT 05409 union rsbac_target_id_t rsbac_target_id; 05410 union rsbac_target_id_t rsbac_new_target_id; 05411 union rsbac_attribute_value_t rsbac_attribute_value; 05412 #endif 05413 05414 #ifdef CONFIG_RSBAC_FREEZE_UM 05415 if(rsbac_freeze) 05416 { 05417 rsbac_printk(KERN_WARNING 05418 "sys_rsbac_um_remove_user(): RSBAC configuration frozen, no administration allowed!\n"); 05419 return -EPERM; 05420 } 05421 #endif 05422 05423 #ifndef CONFIG_RSBAC_MAINT 05424 #ifdef CONFIG_RSBAC_DEBUG 05425 if (rsbac_debug_aef) 05426 { 05427 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_user(): calling ADF\n"); 05428 } 05429 #endif 05430 rsbac_target_id.user = uid; 05431 rsbac_attribute_value.dummy = 0; 05432 if (!rsbac_adf_request(R_DELETE, 05433 current->pid, 05434 T_USER, 05435 rsbac_target_id, 05436 A_none, 05437 rsbac_attribute_value)) 05438 { 05439 return -EPERM; 05440 } 05441 #endif /* MAINT */ 05442 05443 err = rsbac_um_remove_user(ta_number, uid); 05444 05445 #ifndef CONFIG_RSBAC_MAINT 05446 if(!err) 05447 { 05448 rsbac_new_target_id.dummy = 0; 05449 if (rsbac_adf_set_attr(R_DELETE, 05450 current->pid, 05451 T_USER, 05452 rsbac_target_id, 05453 T_NONE, 05454 rsbac_new_target_id, 05455 A_none, 05456 rsbac_attribute_value)) 05457 { 05458 rsbac_printk(KERN_WARNING 05459 "sys_rsbac_um_remove_user(): rsbac_adf_set_attr() returned error"); 05460 } 05461 } 05462 #endif 05463 return err; 05464 #else 05465 return (-RSBAC_EINVALIDMODULE); 05466 #endif 05467 }

int sys_rsbac_um_set_group_pass ( rsbac_gid_t gid,

char * new_pass

)

Definition at line 6188 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_MODIFY_PERMISSIONS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_set_group_pass(), and T_GROUP.
Referenced by sys_rsbac().
06190 { 06191 #if defined(CONFIG_RSBAC_UM) 06192 int err; 06193 char * k_new_pass; 06194 #ifndef CONFIG_RSBAC_MAINT 06195 union rsbac_target_id_t rsbac_target_id; 06196 union rsbac_attribute_value_t rsbac_attribute_value; 06197 #endif 06198 06199 #ifdef CONFIG_RSBAC_FREEZE_UM 06200 if(rsbac_freeze) 06201 { 06202 rsbac_printk(KERN_WARNING 06203 "sys_rsbac_um_set_group_pass(): RSBAC configuration frozen, no administration allowed!\n"); 06204 return -EPERM; 06205 } 06206 #endif 06207 06208 #ifndef CONFIG_RSBAC_MAINT 06209 /* check admin rights here */ 06210 #ifdef CONFIG_RSBAC_DEBUG 06211 if (rsbac_debug_aef) 06212 { 06213 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_group_pass(): calling ADF\n"); 06214 } 06215 #endif 06216 rsbac_target_id.group = gid; 06217 rsbac_attribute_value.dummy = 0; 06218 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA, 06219 current->pid, 06220 T_GROUP, 06221 rsbac_target_id, 06222 A_none, 06223 rsbac_attribute_value)) 06224 { 06225 return -EPERM; 06226 } 06227 #endif /* MAINT */ 06228 06229 if(new_pass) 06230 { 06231 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06232 if(!k_new_pass) 06233 return -RSBAC_ENOMEM; 06234 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN); 06235 if(!err) 06236 { 06237 k_new_pass[RSBAC_MAXNAMELEN-1] = 0; 06238 err = rsbac_um_set_group_pass(gid, k_new_pass); 06239 } 06240 rsbac_kfree(k_new_pass); 06241 } 06242 else 06243 { 06244 err = rsbac_um_set_group_pass(gid, NULL); 06245 } 06246 return err; 06247 #else 06248 return (-RSBAC_EINVALIDMODULE); 06249 #endif 06250 }

int sys_rsbac_um_set_pass ( rsbac_uid_t uid,

char * old_pass,

char * new_pass

)

Definition at line 6030 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_MODIFY_PERMISSIONS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_check_pass(), rsbac_um_good_pass(), rsbac_um_set_pass(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac(), and sys_rsbac_um_set_pass_name().
06033 { 06034 #if defined(CONFIG_RSBAC_UM) 06035 int err; 06036 char * k_new_pass; 06037 06038 if(!new_pass) 06039 return -RSBAC_EINVALIDPOINTER; 06040 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06041 if(!k_new_pass) 06042 return -RSBAC_ENOMEM; 06043 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN); 06044 if(err) 06045 { 06046 rsbac_kfree(k_new_pass); 06047 return err; 06048 } 06049 k_new_pass[RSBAC_MAXNAMELEN-1] = 0; 06050 06051 if(old_pass && (uid == current->uid)) 06052 { 06053 char * k_old_pass; 06054 06055 k_old_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06056 if(!k_old_pass) 06057 { 06058 rsbac_kfree(k_new_pass); 06059 return -RSBAC_ENOMEM; 06060 } 06061 err = rsbac_get_user(k_old_pass, old_pass, RSBAC_MAXNAMELEN); 06062 if(err) 06063 { 06064 rsbac_kfree(k_old_pass); 06065 rsbac_kfree(k_new_pass); 06066 return err; 06067 } 06068 k_old_pass[RSBAC_MAXNAMELEN-1] = 0; 06069 err = rsbac_um_check_pass(uid, k_old_pass); 06070 rsbac_kfree(k_old_pass); 06071 if(err) 06072 { 06073 rsbac_kfree(k_new_pass); 06074 rsbac_printk(KERN_INFO "sys_rsbac_um_set_pass(): old password check failed\n"); 06075 return err; 06076 } 06077 err = rsbac_um_good_pass(k_new_pass); 06078 if(err) 06079 { 06080 rsbac_kfree(k_new_pass); 06081 #ifdef CONFIG_RSBAC_DEBUG 06082 if (rsbac_debug_aef_um) 06083 { 06084 rsbac_printk(KERN_DEBUG 06085 "sys_rsbac_um_set_pass(): new password goodness check failed for user %u\n", 06086 uid); 06087 } 06088 #endif 06089 return err; 06090 } 06091 } 06092 else 06093 { 06094 #ifndef CONFIG_RSBAC_MAINT 06095 /* check admin rights here */ 06096 union rsbac_target_id_t rsbac_target_id; 06097 union rsbac_attribute_value_t rsbac_attribute_value; 06098 06099 #ifdef CONFIG_RSBAC_FREEZE_UM 06100 if(rsbac_freeze) 06101 { 06102 rsbac_printk(KERN_WARNING 06103 "sys_rsbac_um_set_pass(): RSBAC configuration frozen, no administration allowed!\n"); 06104 rsbac_kfree(k_new_pass); 06105 return -EPERM; 06106 } 06107 #endif 06108 06109 #ifdef CONFIG_RSBAC_DEBUG 06110 if (rsbac_debug_aef) 06111 { 06112 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass(): calling ADF\n"); 06113 } 06114 #endif 06115 rsbac_target_id.user = uid; 06116 rsbac_attribute_value.dummy = 0; 06117 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA, 06118 current->pid, 06119 T_USER, 06120 rsbac_target_id, 06121 A_none, 06122 rsbac_attribute_value)) 06123 { 06124 rsbac_kfree(k_new_pass); 06125 return -EPERM; 06126 } 06127 #endif /* MAINT */ 06128 } 06129 06130 err = rsbac_um_set_pass(uid, k_new_pass); 06131 rsbac_kfree(k_new_pass); 06132 return err; 06133 #else 06134 return (-RSBAC_EINVALIDMODULE); 06135 #endif 06136 }

int sys_rsbac_um_set_pass_name ( char * name,

char * old_pass,

char * new_pass

)

Definition at line 6138 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), rsbac_printk(), rsbac_um_get_uid(), RSBAC_UM_NAME_LEN, and sys_rsbac_um_set_pass().
Referenced by sys_rsbac().
06141 { 06142 #if defined(CONFIG_RSBAC_UM) 06143 int err; 06144 rsbac_uid_t uid; 06145 char * k_name; 06146 06147 if(!name || !new_pass) 06148 return -RSBAC_EINVALIDPOINTER; 06149 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN); 06150 if(!k_name) 06151 return -RSBAC_ENOMEM; 06152 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 06153 if(err) 06154 { 06155 rsbac_kfree(k_name); 06156 return err; 06157 } 06158 k_name[RSBAC_UM_NAME_LEN-1] = 0; 06159 06160 #ifdef CONFIG_RSBAC_DEBUG 06161 if (rsbac_debug_aef_um) 06162 { 06163 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): user %s\n", 06164 k_name); 06165 } 06166 #endif 06167 err = rsbac_um_get_uid(0, k_name, &uid); 06168 rsbac_kfree(k_name); 06169 if(err) 06170 { 06171 #ifdef CONFIG_RSBAC_DEBUG 06172 if (rsbac_debug_aef_um) 06173 { 06174 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): lookup of user %s failed\n", 06175 k_name); 06176 } 06177 #endif 06178 } 06179 else 06180 err = sys_rsbac_um_set_pass(uid, old_pass, new_pass); 06181 06182 return err; 06183 #else 06184 return (-RSBAC_EINVALIDMODULE); 06185 #endif 06186 }

int sys_rsbac_um_user_exists ( rsbac_list_ta_number_t ta_number,

rsbac_uid_t uid

)

Definition at line 5582 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_user_exists(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05585 { 05586 #if defined(CONFIG_RSBAC_UM) 05587 #ifndef CONFIG_RSBAC_MAINT 05588 union rsbac_target_id_t rsbac_target_id; 05589 union rsbac_attribute_value_t rsbac_attribute_value; 05590 #endif 05591 05592 #ifndef CONFIG_RSBAC_MAINT 05593 #ifdef CONFIG_RSBAC_DEBUG 05594 if (rsbac_debug_aef) 05595 { 05596 rsbac_printk(KERN_DEBUG "sys_rsbac_um_user_exists(): calling ADF\n"); 05597 } 05598 #endif 05599 rsbac_target_id.user = uid; 05600 rsbac_attribute_value.dummy = 0; 05601 if (!rsbac_adf_request(R_SEARCH, 05602 current->pid, 05603 T_USER, 05604 rsbac_target_id, 05605 A_none, 05606 rsbac_attribute_value)) 05607 { 05608 return -EPERM; 05609 } 05610 #endif /* MAINT */ 05611 05612 return rsbac_um_user_exists(ta_number, uid); 05613 #else 05614 return (-RSBAC_EINVALIDMODULE); 05615 #endif 05616 }

int sys_rsbac_write ( void )

Definition at line 171 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_WRITE, rsbac_adf_request(), rsbac_printk(), rsbac_write(), rsbac_target_id_t::scd, ST_rsbac, T_SCD, and TRUE.
Referenced by sys_rsbac().
00172 { 00173 #if defined(CONFIG_RSBAC_AUTO_WRITE) 00174 union rsbac_target_id_t rsbac_target_id; 00175 union rsbac_attribute_value_t rsbac_attribute_value; 00176 int result; 00177 00178 #ifdef CONFIG_RSBAC_DEBUG 00179 if (rsbac_debug_aef) 00180 { 00181 rsbac_printk(KERN_DEBUG "sys_rsbac_write(): calling ADF\n"); 00182 } 00183 #endif 00184 rsbac_target_id.scd = ST_rsbac; 00185 rsbac_attribute_value.dummy = 0; 00186 if (!rsbac_adf_request(R_WRITE, 00187 current->pid, 00188 T_SCD, 00189 rsbac_target_id, 00190 A_none, 00191 rsbac_attribute_value)) 00192 { 00193 return -EPERM; 00194 } 00195 00196 /* lock_kernel(); -> rsbac_write(need_lock) */ 00197 result = rsbac_write(TRUE); 00198 /* unlock_kernel(); */ 00199 return result; 00200 #else 00201 return(0); 00202 #endif /* CONFIG_RSBAC_AUTO_WRITE */ 00203 };

long sys_sync ( void )

Referenced by sys_rsbac_check().

Variable Documentation

struct semaphore rsbac_write_sem

Referenced by rsbac_get_super_block(), rsbac_mount(), rsbac_umount(), sys_rsbac_check(), and write_info().

Generated on Sun May 21 14:31:08 2006 for RSBAC by

1.4.2


Functions
int	sys_rsbac_stats (void)
long	sys_sync (void)
int	sys_rsbac_check (int correct, int check_inode)
int	sys_rsbac_write (void)
int	sys_rsbac_get_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value, int inherit)
int	sys_rsbac_get_attr_n (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, char t_name, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value, int inherit)
int	sys_rsbac_set_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value)
int	sys_rsbac_set_attr_n (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, char t_name, enum rsbac_attribute_t attr, union rsbac_attribute_value_t value)
int	sys_rsbac_remove_target (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t *tid)
int	sys_rsbac_remove_target_n (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, char *t_name)
int	sys_rsbac_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t *id_p, u_long maxnum)
int	sys_rsbac_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t *id_p, u_long maxnum)
int	sys_rsbac_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t *id_p, u_long maxnum)
int	sys_rsbac_net_list_all_netdev (rsbac_list_ta_number_t ta_number, rsbac_netdev_id_t *id_p, u_long maxnum)
int	sys_rsbac_net_template (rsbac_list_ta_number_t ta_number, enum rsbac_net_temp_syscall_t call, rsbac_net_temp_id_t id, union rsbac_net_temp_syscall_data_t *data_p)
int	sys_rsbac_net_list_all_template (rsbac_list_ta_number_t ta_number, rsbac_net_temp_id_t *id_p, u_long maxnum)
int	sys_rsbac_switch (enum rsbac_switch_target_t target, int value)
int	sys_rsbac_mac_set_curr_level (rsbac_security_level_t level, rsbac_mac_category_vector_t *categories_p)
int	sys_rsbac_mac_get_curr_level (rsbac_security_level_t level_p, rsbac_mac_category_vector_t categories_p)
int	sys_rsbac_mac_get_max_level (rsbac_security_level_t level_p, rsbac_mac_category_vector_t categories_p)
int	sys_rsbac_mac_get_min_level (rsbac_security_level_t level_p, rsbac_mac_category_vector_t categories_p)
int	sys_rsbac_mac_add_p_tru (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, rsbac_uid_t uid, rsbac_time_t ttl)
int	sys_rsbac_mac_remove_p_tru (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, rsbac_uid_t uid)
int	sys_rsbac_mac_add_f_tru (rsbac_list_ta_number_t ta_number, char *filename, rsbac_uid_t uid, rsbac_time_t ttl)
int	sys_rsbac_mac_remove_f_tru (rsbac_list_ta_number_t ta_number, char *filename, rsbac_uid_t uid)
int	sys_rsbac_mac_get_f_trulist (rsbac_list_ta_number_t ta_number, char *filename, rsbac_uid_t trulist[], rsbac_time_t ttllist[], u_int maxnum)
int	sys_rsbac_mac_get_p_trulist (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, rsbac_uid_t trulist[], rsbac_time_t ttllist[], u_int maxnum)
int	sys_rsbac_stats_pm (void)
int	sys_rsbac_pm (rsbac_list_ta_number_t ta_number, enum rsbac_pm_function_type_t function, union rsbac_pm_function_param_t *param_p, rsbac_pm_tkt_id_t ticket)
int	sys_rsbac_pm_change_current_task (rsbac_pm_task_id_t task)
int	sys_rsbac_pm_create_file (const char *filename, int mode, rsbac_pm_object_class_id_t class)
int	sys_rsbac_daz_flush_cache (void)
int	sys_rsbac_rc_copy_role (rsbac_list_ta_number_t ta_number, rsbac_rc_role_id_t from_role, rsbac_rc_role_id_t to_role)
int	sys_rsbac_rc_copy_type (rsbac_list_ta_number_t ta_number, enum rsbac_rc_target_t target, rsbac_rc_type_id_t from_type, rsbac_rc_type_id_t to_type)
int	sys_rsbac_rc_get_item (rsbac_list_ta_number_t ta_number, enum rsbac_rc_target_t target, union rsbac_rc_target_id_t tid_p, union rsbac_rc_target_id_t subtid_p, enum rsbac_rc_item_t item, union rsbac_rc_item_value_t value_p, rsbac_time_t ttl_p)
int	sys_rsbac_rc_set_item (rsbac_list_ta_number_t ta_number, enum rsbac_rc_target_t target, union rsbac_rc_target_id_t tid_p, union rsbac_rc_target_id_t subtid_p, enum rsbac_rc_item_t item, union rsbac_rc_item_value_t *value_p, rsbac_time_t ttl)
int	sys_rsbac_rc_get_list (rsbac_list_ta_number_t ta_number, enum rsbac_rc_target_t target, union rsbac_rc_target_id_t tid_p, enum rsbac_rc_item_t item, u_int maxnum, __u32 array_p, rsbac_time_t *ttl_array_p)
int	sys_rsbac_rc_change_role (rsbac_rc_role_id_t role)
int	sys_rsbac_rc_get_eff_rights_n (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, char t_name, rsbac_rc_request_vector_t request_vector_p, rsbac_time_t *ttl_p)
int	sys_rsbac_rc_get_current_role (rsbac_rc_role_id_t *role_p)
int	sys_rsbac_auth_add_p_cap (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl)
int	sys_rsbac_auth_remove_p_cap (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range)
int	sys_rsbac_auth_add_f_cap (rsbac_list_ta_number_t ta_number, char *filename, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl)
int	sys_rsbac_auth_remove_f_cap (rsbac_list_ta_number_t ta_number, char *filename, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range)
int	sys_rsbac_auth_get_f_caplist (rsbac_list_ta_number_t ta_number, char *filename, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t caplist[], rsbac_time_t ttllist[], u_int maxnum)
int	sys_rsbac_auth_get_p_caplist (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t caplist[], rsbac_time_t ttllist[], u_int maxnum)
int	sys_rsbac_reg (rsbac_reg_handle_t handle, void *arg)
int	sys_rsbac_acl (rsbac_list_ta_number_t ta_number, enum rsbac_acl_syscall_type_t call, struct rsbac_acl_syscall_arg_t *arg)
int	sys_rsbac_acl_n (rsbac_list_ta_number_t ta_number, enum rsbac_acl_syscall_type_t call, struct rsbac_acl_syscall_n_arg_t *arg)
int	sys_rsbac_acl_get_rights (rsbac_list_ta_number_t ta_number, struct rsbac_acl_syscall_arg_t arg, rsbac_acl_rights_vector_t rights_p, u_int effective)
int	sys_rsbac_acl_get_rights_n (rsbac_list_ta_number_t ta_number, struct rsbac_acl_syscall_n_arg_t arg, rsbac_acl_rights_vector_t rights_p, u_int effective)
int	sys_rsbac_acl_get_tlist (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t *tid, struct rsbac_acl_entry_t entry_array[], rsbac_time_t ttl_array[], u_int maxnum)
int	sys_rsbac_acl_get_tlist_n (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, char *t_name, struct rsbac_acl_entry_t entry_array[], rsbac_time_t ttl_array[], u_int maxnum)
int	sys_rsbac_acl_get_mask (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t tid, rsbac_acl_rights_vector_t mask_p)
int	sys_rsbac_acl_get_mask_n (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, char t_name, rsbac_acl_rights_vector_t mask_p)
int	sys_rsbac_acl_group (rsbac_list_ta_number_t ta_number, enum rsbac_acl_group_syscall_type_t call, union rsbac_acl_group_syscall_arg_t *arg_p)
int	sys_rsbac_acl_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t *id_p, u_long maxnum)
int	sys_rsbac_acl_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t *id_p, u_long maxnum)
int	sys_rsbac_acl_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t *id_p, u_long maxnum)
int	sys_rsbac_jail (rsbac_version_t version, char *path, rsbac_jail_ip_t ip, rsbac_jail_flags_t flags, rsbac_cap_vector_t max_caps, rsbac_jail_scd_vector_t scd_get, rsbac_jail_scd_vector_t scd_modify)
int	sys_rsbac_um_auth_name (char name, char pass)
int	sys_rsbac_um_auth_uid (rsbac_uid_t uid, char *pass)
int	sys_rsbac_um_add_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid, struct rsbac_um_user_entry_t entry_p, char pass, rsbac_time_t ttl)
int	sys_rsbac_um_add_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid, struct rsbac_um_group_entry_t entry_p, char pass, rsbac_time_t ttl)
int	sys_rsbac_um_add_gm (rsbac_list_ta_number_t ta_number, rsbac_uid_t user, rsbac_gid_t group, rsbac_time_t ttl)
int	sys_rsbac_um_mod_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid, enum rsbac_um_mod_t mod, union rsbac_um_mod_data_t *data_p)
int	sys_rsbac_um_mod_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid, enum rsbac_um_mod_t mod, union rsbac_um_mod_data_t *data_p)
int	sys_rsbac_um_get_user_item (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid, enum rsbac_um_mod_t mod, union rsbac_um_mod_data_t *data_p)
int	sys_rsbac_um_get_group_item (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid, enum rsbac_um_mod_t mod, union rsbac_um_mod_data_t *data_p)
int	sys_rsbac_um_remove_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid)
int	sys_rsbac_um_remove_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid)
int	sys_rsbac_um_remove_gm (rsbac_list_ta_number_t ta_number, rsbac_uid_t user, rsbac_gid_t group)
int	sys_rsbac_um_user_exists (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid)
int	sys_rsbac_um_group_exists (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid)
int	sys_rsbac_um_get_next_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t old_user, rsbac_uid_t *next_user_p)
int	sys_rsbac_um_get_user_list (rsbac_list_ta_number_t ta_number, rsbac_uid_t user_array[], u_int maxnum)
int	sys_rsbac_um_get_gm_list (rsbac_list_ta_number_t ta_number, rsbac_uid_t user, rsbac_gid_t group_array[], u_int maxnum)
int	sys_rsbac_um_get_gm_user_list (rsbac_list_ta_number_t ta_number, rsbac_gid_t group, rsbac_uid_t user_array[], u_int maxnum)
int	sys_rsbac_um_get_group_list (rsbac_list_ta_number_t ta_number, rsbac_gid_t group_array[], u_int maxnum)
int	sys_rsbac_um_get_uid (rsbac_list_ta_number_t ta_number, char name, rsbac_uid_t uid_p)
int	sys_rsbac_um_get_gid (rsbac_list_ta_number_t ta_number, char name, rsbac_gid_t gid_p)
int	sys_rsbac_um_set_pass (rsbac_uid_t uid, char old_pass, char new_pass)
int	sys_rsbac_um_set_pass_name (char name, char old_pass, char *new_pass)
int	sys_rsbac_um_set_group_pass (rsbac_gid_t gid, char *new_pass)
int	sys_rsbac_um_check_account (rsbac_uid_t uid)
int	sys_rsbac_um_check_account_name (char *name)
int	sys_rsbac_adf_log_switch (enum rsbac_adf_request_t request, enum rsbac_target_t target, u_int value)
int	sys_rsbac_get_adf_log (enum rsbac_adf_request_t request, enum rsbac_target_t target, u_int *value_p)
int	sys_rsbac_log (int type, char *buf, int len)
asmlinkage int	sys_rsbac (rsbac_version_t version, enum rsbac_syscall_t call, union rsbac_syscall_arg_t *arg_p)
Variables
semaphore	rsbac_write_sem

syscalls.c File Reference

Functions

Variables

Function Documentation

Variable Documentation