Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
linux-2.6.16-rsbac-1.2.6 / rsbac / adf / auth

auth_syscalls.c

Go to the documentation of this file.
00001 /*************************************************** */
00002 /* Rule Set Based Access Control                     */
00003 /* Implementation of the Access Control Decision     */
00004 /* Facility (ADF) - Authentification module          */
00005 /* File: rsbac/adf/auth/syscalls.c                   */
00006 /*                                                   */
00007 /* Author and (c) 1999-2005: Amon Ott <ao@rsbac.org> */
00008 /*                                                   */
00009 /* Last modified: 15/Jul/2005                        */
00010 /*************************************************** */
00011 
00012 #include <linux/string.h>
00013 #include <linux/sched.h>
00014 #include <linux/errno.h>
00015 #include <rsbac/types.h>
00016 #include <rsbac/aci.h>
00017 #include <rsbac/error.h>
00018 #include <rsbac/auth.h>
00019 #include <rsbac/debug.h>
00020 #include <rsbac/helpers.h>
00021 #include <rsbac/adf_main.h>
00022 
00023 /************************************************* */
00024 /*           Global Variables                      */
00025 /************************************************* */
00026 
00027 /************************************************* */
00028 /*          Internal Help functions                */
00029 /************************************************* */
00030 
00031 /************************************************* */
00032 /*          Externally visible functions           */
00033 /************************************************* */
00034 
00035 int rsbac_auth_add_p_cap(
00036          rsbac_list_ta_number_t ta_number,
00037          rsbac_pid_t pid,
00038   enum   rsbac_auth_cap_type_t cap_type,
00039   struct rsbac_auth_cap_range_t cap_range,
00040          rsbac_time_t ttl)
00041   {
00042 /* check only in non-maint mode */
00043 #if !defined(CONFIG_RSBAC_MAINT)
00044 #ifdef CONFIG_RSBAC_SWITCH_AUTH
00045     if(rsbac_switch_auth)
00046 #endif
00047       {
00048         union rsbac_target_id_t       i_tid;
00049         union rsbac_attribute_value_t i_attr_val1;
00050 
00051         /* check auth_may_set_cap of calling process */
00052         i_tid.process = current->pid;
00053         if (rsbac_get_attr(AUTH,
00054                            T_PROCESS,
00055                            i_tid,
00056                            A_auth_may_set_cap,
00057                            &i_attr_val1,
00058                            FALSE))
00059           {
00060             rsbac_ds_get_error("rsbac_auth_add_p_cap()", A_auth_may_set_cap);
00061             return(-RSBAC_EREADFAILED);
00062           }
00063         /* if auth_may_set_cap is not set, then reject */
00064         if (!i_attr_val1.auth_may_set_cap)
00065           {
00066             rsbac_printk(KERN_INFO
00067                    "rsbac_auth_add_p_cap(): adding AUTH cap %u:%u to process %u denied for process %u!\n",
00068                    cap_range.first,
00069                    cap_range.last,
00070                    pid,
00071                    current->pid);
00072             #ifdef CONFIG_RSBAC_SOFTMODE
00073             if(   !rsbac_softmode
00074             #ifdef CONFIG_RSBAC_SOFTMODE_IND
00075                && !rsbac_ind_softmode[AUTH]
00076             #endif
00077               )
00078             #endif
00079               return(-EPERM);
00080           }
00081       }
00082 #endif
00083 
00084     /* OK, check passed. Add the capability. */
00085     if(rsbac_auth_add_to_p_capset(ta_number, pid, cap_type, cap_range, ttl))
00086       {
00087         rsbac_printk(KERN_WARNING
00088                "rsbac_auth_add_p_cap(): rsbac_auth_add_to_p_capset() returned error!\n");
00089         return(-RSBAC_EWRITEFAILED);
00090       }
00091     return 0;
00092   }
00093 
00094 int rsbac_auth_remove_p_cap(
00095          rsbac_list_ta_number_t ta_number,
00096          rsbac_pid_t pid,
00097   enum   rsbac_auth_cap_type_t cap_type,
00098   struct rsbac_auth_cap_range_t cap_range)
00099   {
00100 /* check only in non-maint mode */
00101 #if !defined(CONFIG_RSBAC_MAINT)
00102 #ifdef CONFIG_RSBAC_SWITCH_AUTH
00103     if(rsbac_switch_auth)
00104 #endif
00105       {
00106         union rsbac_target_id_t       i_tid;
00107         union rsbac_attribute_value_t i_attr_val1;
00108 
00109         /* check auth_may_set_cap of calling process */
00110         i_tid.process = current->pid;
00111         if (rsbac_get_attr(AUTH,
00112                            T_PROCESS,
00113                            i_tid,
00114                            A_auth_may_set_cap,
00115                            &i_attr_val1,
00116                            FALSE))
00117           {
00118             rsbac_ds_get_error("rsbac_auth_remove_p_cap()", A_auth_may_set_cap);
00119             return(-RSBAC_EREADFAILED);
00120           }
00121         /* if auth_may_set_cap is not set, then reject */
00122         if (!i_attr_val1.auth_may_set_cap)
00123           {
00124             rsbac_printk(KERN_INFO
00125                    "rsbac_auth_remove_p_cap(): removing AUTH cap %u:%u from process %u denied for process %u!\n",
00126                    cap_range.first,
00127                    cap_range.last,
00128                    pid,
00129                    current->pid);
00130             #ifdef CONFIG_RSBAC_SOFTMODE
00131             if(   !rsbac_softmode
00132             #ifdef CONFIG_RSBAC_SOFTMODE_IND
00133                && !rsbac_ind_softmode[AUTH]
00134             #endif
00135               )
00136             #endif
00137               return(-EPERM);
00138           }
00139       }
00140 #endif
00141 
00142     /* OK, check passed. Try to remove the capability. */
00143     return(rsbac_auth_remove_from_p_capset(ta_number, pid, cap_type, cap_range));
00144   }
00145 
00146 int rsbac_auth_add_f_cap(
00147          rsbac_list_ta_number_t ta_number,
00148          rsbac_auth_file_t file,
00149   enum   rsbac_auth_cap_type_t cap_type,
00150   struct rsbac_auth_cap_range_t cap_range,
00151          rsbac_time_t ttl)
00152   {
00153     /* check has been done in help/syscalls.c: sys_rsbac_auth_add_f_cap */
00154     if(rsbac_auth_add_to_f_capset(ta_number, file, cap_type, cap_range, ttl))
00155       {
00156         rsbac_printk(KERN_WARNING
00157                "rsbac_auth_add_f_cap(): rsbac_auth_add_to_f_capset() returned error!\n");
00158         return(-RSBAC_EWRITEFAILED);
00159       }
00160     return 0;
00161   }
00162 
00163 int rsbac_auth_remove_f_cap(
00164          rsbac_list_ta_number_t ta_number,
00165          rsbac_auth_file_t file,
00166   enum   rsbac_auth_cap_type_t cap_type,
00167   struct rsbac_auth_cap_range_t cap_range)
00168   {
00169     /* check has been done in help/syscalls.c: sys_rsbac_auth_remove_f_cap */
00170     return(rsbac_auth_remove_from_f_capset(ta_number, file, cap_type, cap_range));
00171   }
00172 
00173 /* end of rsbac/adf/auth/syscalls.c */
Generated on Sun May 21 14:30:49 2006 for RSBAC by  doxygen 1.4.2