00001
00002
00003
00004
00005
00006
00007
00008
00009 #include <rsbac/types.h>
00010 #include <rsbac/aci.h>
00011 #include <rsbac/mac.h>
00012 #include <rsbac/pm.h>
00013 #include <rsbac/auth.h>
00014 #include <rsbac/acl.h>
00015 #include <rsbac/reg.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/debug.h>
00018 #include <rsbac/helpers.h>
00019 #include <rsbac/getname.h>
00020 #include <rsbac/network.h>
00021 #include <asm/semaphore.h>
00022 #include <linux/sched.h>
00023 #include <linux/file.h>
00024 #include <rsbac/rkmem.h>
00025 #include <rsbac/gen_lists.h>
00026 #include <linux/smp_lock.h>
00027 #include <asm/uaccess.h>
00028
00029 #include <rsbac/adf.h>
00030 #include <rsbac/adf_main.h>
00031 #include <rsbac/adf_syshelpers.h>
00032 #include <rsbac/rc.h>
00033 #include <rsbac/um.h>
00034 #include <rsbac/um_types.h>
00035 #include <rsbac/syscalls.h>
00036
00037 #ifdef CONFIG_RSBAC_NET_OBJ
00038 #include <rsbac/network.h>
00039 #endif
00040 #ifdef CONFIG_RSBAC_DAZ
00041 #include <rsbac/daz.h>
00042 #endif
00043
00044 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00045 #include <linux/namei.h>
00046 #endif
00047
00048
00049
00050
00051
00052 extern struct semaphore rsbac_write_sem;
00053
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065 int sys_rsbac_stats(void)
00066 {
00067 union rsbac_target_id_t rsbac_target_id;
00068 union rsbac_attribute_value_t rsbac_attribute_value;
00069
00070 #ifdef CONFIG_RSBAC_DEBUG
00071 if (rsbac_debug_aef)
00072 {
00073 rsbac_printk(KERN_DEBUG "sys_rsbac_stats(): calling ADF\n");
00074 }
00075 #endif
00076 rsbac_target_id.scd = ST_rsbac;
00077 rsbac_attribute_value.dummy = 0;
00078 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00079 current->pid,
00080 T_SCD,
00081 rsbac_target_id,
00082 A_none,
00083 rsbac_attribute_value))
00084 {
00085 return -EPERM;
00086 }
00087
00088 return(rsbac_stats());
00089 };
00090
00091 long sys_sync(void);
00092
00093 int sys_rsbac_check(int correct, int check_inode)
00094 {
00095 union rsbac_target_id_t rsbac_target_id;
00096 union rsbac_attribute_value_t rsbac_attribute_value;
00097 int result;
00098
00099 #ifdef CONFIG_RSBAC_DEBUG
00100 if (rsbac_debug_aef)
00101 {
00102 rsbac_printk(KERN_DEBUG "sys_rsbac_check(): calling ADF\n");
00103 }
00104 #endif
00105 rsbac_target_id.scd = ST_rsbac;
00106 rsbac_attribute_value.dummy = 0;
00107 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00108 current->pid,
00109 T_SCD,
00110 rsbac_target_id,
00111 A_none,
00112 rsbac_attribute_value))
00113 {
00114 return -EPERM;
00115 }
00116
00117 rsbac_printk(KERN_INFO
00118 "sys_rsbac_check(): triggering RSBAC consistency check, correct = %u, check_inode = %u!\n",
00119 correct, check_inode);
00120 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00121
00122 if(check_inode)
00123 {
00124 rsbac_printk(KERN_INFO
00125 "sys_rsbac_check(): syncing disks\n");
00126 sys_sync();
00127 }
00128 #endif
00129
00130 lock_kernel();
00131 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00132
00133 if(check_inode)
00134 down(&rsbac_write_sem);
00135 #endif
00136
00137 result=rsbac_check_lists(correct);
00138
00139
00140 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00141 if(!result)
00142 result = rsbac_check(correct, check_inode);
00143 #if defined(CONFIG_RSBAC_MAC)
00144 if(!result)
00145 result=rsbac_check_mac(correct, check_inode);
00146 #endif
00147 #if defined(CONFIG_RSBAC_AUTH)
00148 if(!result)
00149 result=rsbac_check_auth(correct, check_inode);
00150 #endif
00151 #endif
00152 #if defined(CONFIG_RSBAC_ACL)
00153 if(!result)
00154 result=rsbac_check_acl(correct, check_inode);
00155 #endif
00156 #if defined(CONFIG_RSBAC_REG)
00157 if(!result)
00158 result=rsbac_check_reg(correct, check_inode);
00159 #endif
00160
00161 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00162
00163 if(check_inode)
00164 up(&rsbac_write_sem);
00165 #endif
00166
00167 unlock_kernel();
00168 return(result);
00169 }
00170
00171 int sys_rsbac_write(void)
00172 {
00173 #if defined(CONFIG_RSBAC_AUTO_WRITE)
00174 union rsbac_target_id_t rsbac_target_id;
00175 union rsbac_attribute_value_t rsbac_attribute_value;
00176 int result;
00177
00178 #ifdef CONFIG_RSBAC_DEBUG
00179 if (rsbac_debug_aef)
00180 {
00181 rsbac_printk(KERN_DEBUG "sys_rsbac_write(): calling ADF\n");
00182 }
00183 #endif
00184 rsbac_target_id.scd = ST_rsbac;
00185 rsbac_attribute_value.dummy = 0;
00186 if (!rsbac_adf_request(R_WRITE,
00187 current->pid,
00188 T_SCD,
00189 rsbac_target_id,
00190 A_none,
00191 rsbac_attribute_value))
00192 {
00193 return -EPERM;
00194 }
00195
00196
00197 result = rsbac_write(TRUE);
00198
00199 return result;
00200 #else
00201 return(0);
00202 #endif
00203 };
00204
00205
00206
00207
00208
00209 int sys_rsbac_get_attr(
00210 rsbac_list_ta_number_t ta_number,
00211 enum rsbac_switch_target_t module,
00212 enum rsbac_target_t target,
00213 union rsbac_target_id_t * tid,
00214 enum rsbac_attribute_t attr,
00215 union rsbac_attribute_value_t * value,
00216 int inherit)
00217 {
00218 union rsbac_target_id_t k_tid;
00219 union rsbac_attribute_value_t k_value;
00220 int err = 0;
00221 rsbac_boolean_t i_inherit;
00222
00223 if(module > SW_NONE)
00224 return(-RSBAC_EINVALIDMODULE);
00225 if(!tid || (target >= T_NONE))
00226 return(-RSBAC_EINVALIDTARGET);
00227 if(!value)
00228 return(-RSBAC_EINVALIDVALUE);
00229 if(attr >= A_none)
00230 return(-RSBAC_EINVALIDATTR);
00231
00232 if(module == SW_NONE)
00233 {
00234 module = get_attr_module(attr);
00235 if(module == SW_NONE)
00236 return(-RSBAC_EINVALIDMODULE);
00237 }
00238
00239
00240 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00241 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00242
00243 if(inherit)
00244 i_inherit = TRUE;
00245 else
00246 i_inherit = FALSE;
00247
00248 #ifdef CONFIG_RSBAC_NET_OBJ
00249
00250 if( (target == T_NETOBJ)
00251 && ( !k_tid.netobj.sock_p
00252 || k_tid.netobj.remote_addr
00253 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00254 || !k_tid.netobj.sock_p->file
00255 || !k_tid.netobj.sock_p->file->f_dentry
00256 || !k_tid.netobj.sock_p->file->f_dentry->d_inode
00257 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p)
00258 #else
00259 || !k_tid.netobj.sock_p->inode
00260 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p)
00261 #endif
00262 )
00263 )
00264 return -RSBAC_EINVALIDTARGET;
00265 #endif
00266
00267
00268 #ifdef CONFIG_RSBAC_DEBUG
00269 if (rsbac_debug_aef)
00270 {
00271 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): calling ADF\n");
00272 }
00273 #endif
00274 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
00275 current->pid,
00276 target,
00277 k_tid,
00278 attr,
00279 k_value))
00280 {
00281 return -EPERM;
00282 }
00283
00284 err = rsbac_ta_get_attr(ta_number, module, target, k_tid, attr, &k_value, i_inherit);
00285
00286 if(!err)
00287 {
00288 err = rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00289 }
00290 return (err);
00291 }
00292
00293
00294 int sys_rsbac_get_attr_n(
00295 rsbac_list_ta_number_t ta_number,
00296 enum rsbac_switch_target_t module,
00297 enum rsbac_target_t target,
00298 char * t_name,
00299 enum rsbac_attribute_t attr,
00300 union rsbac_attribute_value_t * value,
00301 int inherit)
00302 {
00303 union rsbac_attribute_value_t k_value;
00304 struct dentry * t_dentry;
00305 int err = 0;
00306 union rsbac_target_id_t tid;
00307
00308 rsbac_boolean_t i_inherit;
00309 struct nameidata nd;
00310
00311 if(module > SW_NONE)
00312 return(-RSBAC_EINVALIDMODULE);
00313 if(!t_name || (target >= T_NONE))
00314 return(-RSBAC_EINVALIDTARGET);
00315 if(!value)
00316 return(-RSBAC_EINVALIDVALUE);
00317 if(attr >= A_none)
00318 return(-RSBAC_EINVALIDATTR);
00319
00320 if(module == SW_NONE)
00321 {
00322 module = get_attr_module(attr);
00323 if(module == SW_NONE)
00324 return(-RSBAC_EINVALIDMODULE);
00325 }
00326
00327 if(inherit)
00328 i_inherit = TRUE;
00329 else
00330 i_inherit = FALSE;
00331
00332
00333 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00334
00335
00336 if ((err = user_path_walk_link(t_name, &nd)))
00337 {
00338 #ifdef CONFIG_RSBAC_DEBUG
00339 if (rsbac_debug_aef)
00340 {
00341 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): call to user_path_walk_link() returned %i\n", err);
00342 }
00343 #endif
00344 goto out;
00345 }
00346 t_dentry = nd.dentry;
00347 if (!t_dentry->d_inode)
00348 {
00349 #ifdef CONFIG_RSBAC_DEBUG
00350 if (rsbac_debug_aef)
00351 {
00352 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): file not found\n");
00353 }
00354 #endif
00355 err = -RSBAC_EINVALIDTARGET;
00356 goto out_dput;
00357 }
00358
00359 switch (target)
00360 {
00361
00362 case T_FD:
00363 if(S_ISREG(t_dentry->d_inode->i_mode))
00364 {
00365 target = T_FILE;
00366 }
00367 else
00368 if(S_ISDIR(t_dentry->d_inode->i_mode))
00369 {
00370 target = T_DIR;
00371 }
00372 else
00373 if(S_ISLNK(t_dentry->d_inode->i_mode))
00374 {
00375 target = T_SYMLINK;
00376 }
00377 else
00378 if(S_ISFIFO(t_dentry->d_inode->i_mode))
00379 {
00380 target = T_FIFO;
00381 }
00382 else
00383 if(S_ISBLK(t_dentry->d_inode->i_mode))
00384 {
00385 target = T_FILE;
00386 }
00387 else
00388 if(S_ISCHR(t_dentry->d_inode->i_mode))
00389 {
00390 target = T_FILE;
00391 }
00392 else
00393 {
00394 #ifdef CONFIG_RSBAC_DEBUG
00395 if (rsbac_debug_aef)
00396 {
00397 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no filesystem object\n");
00398 }
00399 #endif
00400 err = -RSBAC_EINVALIDTARGET;
00401 goto out_dput;
00402 }
00403 break;
00404
00405 case T_FILE:
00406 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
00407 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00408 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00409 {
00410 #ifdef CONFIG_RSBAC_DEBUG
00411 if (rsbac_debug_aef)
00412 {
00413 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no file\n");
00414 }
00415 #endif
00416 err = -RSBAC_EINVALIDTARGET;
00417 goto out_dput;
00418 }
00419 break;
00420
00421 case T_DIR:
00422 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00423 {
00424 #ifdef CONFIG_RSBAC_DEBUG
00425 if (rsbac_debug_aef)
00426 {
00427 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dir\n");
00428 }
00429 #endif
00430 err = -RSBAC_EINVALIDTARGET;
00431 goto out_dput;
00432 }
00433 break;
00434
00435 case T_FIFO:
00436
00437 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
00438 {
00439 #ifdef CONFIG_RSBAC_DEBUG
00440 if (rsbac_debug_aef)
00441 {
00442 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no fifo\n");
00443 }
00444 #endif
00445 err = -RSBAC_EINVALIDTARGET;
00446 goto out_dput;
00447 }
00448 break;
00449
00450 case T_SYMLINK:
00451 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
00452 {
00453 #ifdef CONFIG_RSBAC_DEBUG
00454 if (rsbac_debug_aef)
00455 {
00456 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no symlink\n");
00457 }
00458 #endif
00459 err = -RSBAC_EINVALIDTARGET;
00460 goto out_dput;
00461 }
00462 break;
00463
00464 case T_DEV:
00465 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
00466 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00467 {
00468 #ifdef CONFIG_RSBAC_DEBUG
00469 if (rsbac_debug_aef)
00470 {
00471 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dev\n");
00472 }
00473 #endif
00474 err = -RSBAC_EINVALIDTARGET;
00475 goto out_dput;
00476 }
00477 break;
00478
00479 default:
00480 err = -RSBAC_EINVALIDTARGET;
00481 goto out_dput;
00482 }
00483
00484 if(target == T_DEV)
00485 {
00486 if(S_ISBLK(t_dentry->d_inode->i_mode))
00487 tid.dev.type = D_block;
00488 else
00489 tid.dev.type = D_char;
00490 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
00491 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
00492 }
00493 else
00494 {
00495
00496 tid.file.device = t_dentry->d_sb->s_dev;
00497 tid.file.inode = t_dentry->d_inode->i_ino;
00498 tid.file.dentry_p = t_dentry;
00499 }
00500
00501 #ifdef CONFIG_RSBAC_DEBUG
00502 if (rsbac_debug_aef)
00503 {
00504 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): calling ADF\n");
00505 }
00506 #endif
00507 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
00508 current->pid,
00509 target,
00510 tid,
00511 attr,
00512 k_value))
00513 {
00514 err = -EPERM;
00515 }
00516 else
00517 {
00518 err = rsbac_ta_get_attr(ta_number, module, target, tid, attr, &k_value, i_inherit);
00519
00520 if(!err)
00521 rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00522 }
00523
00524 out_dput:
00525 path_release(&nd);
00526
00527 out:
00528 return(err);
00529 }
00530
00531
00532
00533 int sys_rsbac_set_attr(
00534 rsbac_list_ta_number_t ta_number,
00535 enum rsbac_switch_target_t module,
00536 enum rsbac_target_t target,
00537 union rsbac_target_id_t * tid,
00538 enum rsbac_attribute_t attr,
00539 union rsbac_attribute_value_t * value)
00540 {
00541 union rsbac_target_id_t k_tid;
00542 union rsbac_attribute_value_t k_value;
00543 int err = 0;
00544 struct task_struct * task_p;
00545
00546 if(module > SW_NONE)
00547 return(-RSBAC_EINVALIDMODULE);
00548 if(!tid || (target >= T_NONE))
00549 return(-RSBAC_EINVALIDTARGET);
00550 if(!value)
00551 return(-RSBAC_EINVALIDVALUE);
00552 if(attr >= A_none)
00553 return(-RSBAC_EINVALIDATTR);
00554
00555 if(module == SW_NONE)
00556 {
00557 module = get_attr_module(attr);
00558 if(module == SW_NONE)
00559 return(-RSBAC_EINVALIDMODULE);
00560 }
00561 #ifdef CONFIG_RSBAC_FREEZE
00562 if(rsbac_freeze)
00563 {
00564 rsbac_printk(KERN_WARNING
00565 "sys_rsbac_set_attr(): RSBAC configuration frozen, no administration allowed!\n");
00566 return -EPERM;
00567 }
00568 #endif
00569
00570
00571 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00572 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00573
00574
00575 switch(target)
00576 {
00577 case T_PROCESS:
00578 read_lock(&tasklist_lock);
00579 task_p = find_task_by_pid(k_tid.process);
00580 read_unlock(&tasklist_lock);
00581 if(!task_p)
00582 return(-RSBAC_EINVALIDTARGET);
00583 break;
00584
00585 #ifdef CONFIG_RSBAC_NET_OBJ
00586
00587 case T_NETOBJ:
00588 if( !k_tid.netobj.sock_p
00589 || k_tid.netobj.remote_addr
00590 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00591 || !k_tid.netobj.sock_p->file
00592 || !k_tid.netobj.sock_p->file->f_dentry
00593 || !k_tid.netobj.sock_p->file->f_dentry->d_inode
00594 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p)
00595 #else
00596 || !k_tid.netobj.sock_p->inode
00597 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p)
00598 #endif
00599 )
00600 return -RSBAC_EINVALIDTARGET;
00601 #endif
00602
00603
00604 default:
00605 break;
00606 }
00607
00608
00609 #ifdef CONFIG_RSBAC_DEBUG
00610 if (rsbac_debug_aef)
00611 rsbac_printk(KERN_DEBUG
00612 "sys_rsbac_set_attr(): calling ADF\n");
00613 #endif
00614 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00615 current->pid,
00616 target,
00617 k_tid,
00618 attr,
00619 k_value))
00620 {
00621 return -EPERM;
00622 }
00623 err = rsbac_ta_set_attr(ta_number, module, target, k_tid, attr, k_value);
00624 return err;
00625 }
00626
00627 int sys_rsbac_set_attr_n(
00628 rsbac_list_ta_number_t ta_number,
00629 enum rsbac_switch_target_t module,
00630 enum rsbac_target_t target,
00631 char * t_name,
00632 enum rsbac_attribute_t attr,
00633 union rsbac_attribute_value_t * value)
00634 {
00635 struct dentry * t_dentry;
00636 int err = 0;
00637 union rsbac_attribute_value_t k_value;
00638 union rsbac_target_id_t tid;
00639 struct nameidata nd;
00640
00641 if(module > SW_NONE)
00642 return(-RSBAC_EINVALIDMODULE);
00643 if(!t_name || (target >= T_NONE))
00644 return(-RSBAC_EINVALIDTARGET);
00645 if(!value)
00646 return(-RSBAC_EINVALIDVALUE);
00647 if(attr >= A_none)
00648 return(-RSBAC_EINVALIDATTR);
00649
00650 if(module == SW_NONE)
00651 {
00652 module = get_attr_module(attr);
00653 if(module == SW_NONE)
00654 return(-RSBAC_EINVALIDMODULE);
00655 }
00656
00657 #ifdef CONFIG_RSBAC_FREEZE
00658 if(rsbac_freeze)
00659 {
00660 rsbac_printk(KERN_WARNING
00661 "sys_rsbac_set_attr_n(): RSBAC configuration frozen, no administration allowed!\n");
00662 return -EPERM;
00663 }
00664 #endif
00665
00666 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00667
00668
00669 if ((err = user_path_walk_link(t_name, &nd)))
00670 {
00671 #ifdef CONFIG_RSBAC_DEBUG
00672 if (rsbac_debug_aef)
00673 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): call to user_path_walk_link() returned %i\n", err);
00674 #endif
00675 goto out;
00676 }
00677 t_dentry = nd.dentry;
00678 if (!t_dentry->d_inode)
00679 {
00680 #ifdef CONFIG_RSBAC_DEBUG
00681 if (rsbac_debug_aef)
00682 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): file not found\n");
00683 #endif
00684 err = -RSBAC_EINVALIDTARGET;
00685 goto out_dput;
00686 }
00687
00688 switch (target)
00689 {
00690
00691 case T_FD:
00692 if(S_ISREG(t_dentry->d_inode->i_mode))
00693 {
00694 target = T_FILE;
00695 }
00696 else
00697 if(S_ISDIR(t_dentry->d_inode->i_mode))
00698 {
00699 target = T_DIR;
00700 }
00701 else
00702 if(S_ISLNK(t_dentry->d_inode->i_mode))
00703 {
00704 target = T_SYMLINK;
00705 }
00706 else
00707 if(S_ISFIFO(t_dentry->d_inode->i_mode))
00708 {
00709 target = T_FIFO;
00710 }
00711 else
00712 if(S_ISBLK(t_dentry->d_inode->i_mode))
00713 {
00714 target = T_FILE;
00715 }
00716 else
00717 if(S_ISCHR(t_dentry->d_inode->i_mode))
00718 {
00719 target = T_FILE;
00720 }
00721 else
00722 {
00723 #ifdef CONFIG_RSBAC_DEBUG
00724 if (rsbac_debug_aef)
00725 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no filesystem object\n");
00726 #endif
00727 err = -RSBAC_EINVALIDTARGET;
00728 goto out_dput;
00729 }
00730 break;
00731
00732 case T_FILE:
00733 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
00734 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00735 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00736 {
00737 #ifdef CONFIG_RSBAC_DEBUG
00738 if (rsbac_debug_aef)
00739 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no file\n");
00740 #endif
00741 err = -RSBAC_EINVALIDTARGET;
00742 goto out_dput;
00743 }
00744 break;
00745
00746 case T_DIR:
00747 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00748 {
00749 #ifdef CONFIG_RSBAC_DEBUG
00750 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n");
00751 #endif
00752 err = -RSBAC_EINVALIDTARGET;
00753 goto out_dput;
00754 }
00755 break;
00756
00757 case T_FIFO:
00758
00759 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
00760 {
00761 #ifdef CONFIG_RSBAC_DEBUG
00762 if (rsbac_debug_aef)
00763 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no fifo\n");
00764 #endif
00765 err = -RSBAC_EINVALIDTARGET;
00766 goto out_dput;
00767 }
00768 break;
00769
00770 case T_SYMLINK:
00771 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
00772 {
00773 #ifdef CONFIG_RSBAC_DEBUG
00774 if (rsbac_debug_aef)
00775 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no symlink\n");
00776 #endif
00777 err = -RSBAC_EINVALIDTARGET;
00778 goto out_dput;
00779 }
00780 break;
00781
00782 case T_DEV:
00783 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
00784 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00785 {
00786 #ifdef CONFIG_RSBAC_DEBUG
00787 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no dev\n");
00788 #endif
00789 err = -RSBAC_EINVALIDTARGET;
00790 goto out_dput;
00791 }
00792 break;
00793
00794 default:
00795 err = -RSBAC_EINVALIDTARGET;
00796 goto out_dput;
00797 }
00798
00799 if(target == T_DEV)
00800 {
00801 if(S_ISBLK(t_dentry->d_inode->i_mode))
00802 tid.dev.type = D_block;
00803 else
00804 tid.dev.type = D_char;
00805 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
00806 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
00807 }
00808 else
00809 {
00810
00811 tid.file.device = t_dentry->d_sb->s_dev;
00812 tid.file.inode = t_dentry->d_inode->i_ino;
00813 tid.file.dentry_p = t_dentry;
00814 }
00815
00816 #ifdef CONFIG_RSBAC_DEBUG
00817 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): calling ADF\n");
00818 #endif
00819 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00820 current->pid,
00821 target,
00822 tid,
00823 attr,
00824 k_value))
00825 {
00826 err = -EPERM;
00827 }
00828 else
00829 {
00830 err = rsbac_ta_set_attr(ta_number, module, target, tid, attr, k_value);
00831 }
00832
00833 out_dput:
00834 path_release(&nd);
00835
00836 out:
00837 return(err);
00838 }
00839
00840
00841
00842 int sys_rsbac_remove_target(
00843 rsbac_list_ta_number_t ta_number,
00844 enum rsbac_target_t target,
00845 union rsbac_target_id_t * tid)
00846 {
00847 union rsbac_target_id_t k_tid;
00848 int err = 0;
00849
00850
00851 union rsbac_attribute_value_t rsbac_attribute_value;
00852
00853 if(!tid || (target >= T_NONE))
00854 return(-RSBAC_EINVALIDTARGET);
00855
00856 #ifdef CONFIG_RSBAC_FREEZE
00857 if(rsbac_freeze)
00858 {
00859 rsbac_printk(KERN_WARNING
00860 "sys_rsbac_remove_target(): RSBAC configuration frozen, no administration allowed!\n");
00861 return -EPERM;
00862 }
00863 #endif
00864
00865
00866 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00867
00868
00869 #ifdef CONFIG_RSBAC_DEBUG
00870 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target(): calling ADF\n");
00871 #endif
00872 rsbac_attribute_value.dummy = 0;
00873 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00874 current->pid,
00875 target,
00876 k_tid,
00877 A_none,
00878 rsbac_attribute_value))
00879 {
00880 return -EPERM;
00881 }
00882 err = rsbac_ta_remove_target(ta_number, target, k_tid);
00883 return (err);
00884 }
00885
00886 int sys_rsbac_remove_target_n(
00887 rsbac_list_ta_number_t ta_number,
00888 enum rsbac_target_t target,
00889 char * t_name)
00890 {
00891 struct dentry * t_dentry;
00892 int err = 0;
00893 union rsbac_target_id_t tid;
00894
00895
00896 union rsbac_attribute_value_t rsbac_attribute_value;
00897
00898
00899
00900 struct nameidata nd;
00901
00902 if(!t_name || (target >= T_NONE))
00903 return(-RSBAC_EINVALIDTARGET);
00904
00905 #ifdef CONFIG_RSBAC_FREEZE
00906 if(rsbac_freeze)
00907 {
00908 rsbac_printk(KERN_WARNING
00909 "sys_rsbac_remove_target_n(): RSBAC configuration frozen, no administration allowed!\n");
00910 return -EPERM;
00911 }
00912 #endif
00913
00914
00915 if ((err = user_path_walk_link(t_name, &nd)))
00916 {
00917 #ifdef CONFIG_RSBAC_DEBUG
00918 if (rsbac_debug_aef)
00919 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): call to user_path_walk_link() returned %i\n", err);
00920 #endif
00921 goto out;
00922 }
00923 t_dentry = nd.dentry;
00924 if (!t_dentry->d_inode)
00925 {
00926 #ifdef CONFIG_RSBAC_DEBUG
00927 if (rsbac_debug_aef)
00928 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): file not found\n");
00929 #endif
00930 err = -RSBAC_EINVALIDTARGET;
00931 goto out_dput;
00932 }
00933
00934 switch (target)
00935 {
00936
00937 case T_FD:
00938 if(S_ISREG(t_dentry->d_inode->i_mode))
00939 {
00940 target = T_FILE;
00941 }
00942 else
00943 if(S_ISDIR(t_dentry->d_inode->i_mode))
00944 {
00945 target = T_DIR;
00946 }
00947 else
00948 if(S_ISLNK(t_dentry->d_inode->i_mode))
00949 {
00950 target = T_SYMLINK;
00951 }
00952 else
00953 if(S_ISFIFO(t_dentry->d_inode->i_mode))
00954 {
00955 target = T_FIFO;
00956 }
00957 else
00958 if(S_ISBLK(t_dentry->d_inode->i_mode))
00959 {
00960 target = T_FILE;
00961 }
00962 else
00963 if(S_ISCHR(t_dentry->d_inode->i_mode))
00964 {
00965 target = T_FILE;
00966 }
00967 else
00968 {
00969 #ifdef CONFIG_RSBAC_DEBUG
00970 if (rsbac_debug_aef)
00971 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no filesystem object\n");
00972 #endif
00973 err = -RSBAC_EINVALIDTARGET;
00974 goto out_dput;
00975 }
00976 break;
00977
00978 case T_FILE:
00979 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
00980 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00981 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00982 {
00983 #ifdef CONFIG_RSBAC_DEBUG
00984 if (rsbac_debug_aef)
00985 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no file\n");
00986 #endif
00987 err = -RSBAC_EINVALIDTARGET;
00988 goto out_dput;
00989 }
00990 break;
00991
00992 case T_DIR:
00993 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00994 {
00995 #ifdef CONFIG_RSBAC_DEBUG
00996 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n");
00997 #endif
00998 err = -RSBAC_EINVALIDTARGET;
00999 goto out_dput;
01000 }
01001 break;
01002
01003 case T_FIFO:
01004
01005 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
01006 {
01007 #ifdef CONFIG_RSBAC_DEBUG
01008 if (rsbac_debug_aef)
01009 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no fifo\n");
01010 #endif
01011 err = -RSBAC_EINVALIDTARGET;
01012 goto out_dput;
01013 }
01014 break;
01015
01016 case T_SYMLINK:
01017 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
01018 {
01019 #ifdef CONFIG_RSBAC_DEBUG
01020 if (rsbac_debug_aef)
01021 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no symlink\n");
01022 #endif
01023 err = -RSBAC_EINVALIDTARGET;
01024 goto out_dput;
01025 }
01026 break;
01027
01028 case T_DEV:
01029 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
01030 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
01031 {
01032 #ifdef CONFIG_RSBAC_DEBUG
01033 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no dev\n");
01034 #endif
01035 err = -RSBAC_EINVALIDTARGET;
01036 goto out_dput;
01037 }
01038 break;
01039
01040 default:
01041 err = -RSBAC_EINVALIDTARGET;
01042 goto out_dput;
01043 }
01044
01045 if(target == T_DEV)
01046 {
01047 if(S_ISBLK(t_dentry->d_inode->i_mode))
01048 tid.dev.type = D_block;
01049 else
01050 tid.dev.type = D_char;
01051 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
01052 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
01053 }
01054 else
01055 {
01056
01057 tid.file.device = t_dentry->d_sb->s_dev;
01058 tid.file.inode = t_dentry->d_inode->i_ino;
01059 tid.file.dentry_p = t_dentry;
01060 }
01061
01062 #ifdef CONFIG_RSBAC_DEBUG
01063 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): calling ADF\n");
01064 #endif
01065 rsbac_attribute_value.dummy = 0;
01066 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
01067 current->pid,
01068 target,
01069 tid,
01070 A_none,
01071 rsbac_attribute_value))
01072 {
01073 err = -EPERM;
01074 }
01075 else
01076 {
01077 err = rsbac_ta_remove_target(ta_number, target, tid);
01078 }
01079
01080 out_dput:
01081 path_release(&nd);
01082
01083 out:
01084 return(err);
01085 }
01086
01087 int sys_rsbac_list_all_dev(
01088 rsbac_list_ta_number_t ta_number,
01089 struct rsbac_dev_desc_t * id_p,
01090 u_long maxnum)
01091 {
01092 int err = 0;
01093 long count;
01094
01095 if(id_p && maxnum)
01096 {
01097 struct rsbac_dev_desc_t * k_id_p = NULL;
01098
01099 count = rsbac_ta_list_all_dev(ta_number, &k_id_p);
01100 if(count <= 0)
01101 return count;
01102 if(count > maxnum)
01103 count = maxnum;
01104
01105 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01106
01107 rsbac_vfree(k_id_p);
01108
01109 if(err)
01110 return err;
01111 else
01112 return count;
01113 }
01114 else
01115 return rsbac_ta_list_all_dev(ta_number, NULL);
01116 }
01117
01118 int sys_rsbac_list_all_user(
01119 rsbac_list_ta_number_t ta_number,
01120 rsbac_uid_t * id_p,
01121 u_long maxnum)
01122 {
01123 int err = 0;
01124 long count;
01125
01126 if(id_p && maxnum)
01127 {
01128 rsbac_uid_t * k_id_p = NULL;
01129
01130 count = rsbac_ta_list_all_user(ta_number, &k_id_p);
01131 if(count <= 0)
01132 return count;
01133 if(count > maxnum)
01134 count = maxnum;
01135
01136 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01137
01138 rsbac_vfree(k_id_p);
01139
01140 if(err)
01141 return err;
01142 else
01143 return count;
01144 }
01145 else
01146 return rsbac_ta_list_all_user(ta_number, NULL);
01147 }
01148
01149 int sys_rsbac_list_all_group(
01150 rsbac_list_ta_number_t ta_number,
01151 rsbac_gid_t * id_p,
01152 u_long maxnum)
01153 {
01154 int err = 0;
01155 long count;
01156
01157 if(id_p && maxnum)
01158 {
01159 rsbac_gid_t * k_id_p = NULL;
01160
01161 count = rsbac_ta_list_all_group(ta_number, &k_id_p);
01162 if(count <= 0)
01163 return count;
01164 if(count > maxnum)
01165 count = maxnum;
01166
01167 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01168
01169 rsbac_vfree(k_id_p);
01170
01171 if(err)
01172 return err;
01173 else
01174 return count;
01175 }
01176 else
01177 return rsbac_ta_list_all_group(ta_number, NULL);
01178 }
01179
01180 int sys_rsbac_net_list_all_netdev(
01181 rsbac_list_ta_number_t ta_number,
01182 rsbac_netdev_id_t * id_p,
01183 u_long maxnum)
01184 {
01185 #ifdef CONFIG_RSBAC_NET_DEV
01186 int err = 0;
01187 long count;
01188
01189 if(id_p && maxnum)
01190 {
01191 rsbac_netdev_id_t * k_id_p = NULL;
01192
01193 count = rsbac_ta_net_list_all_netdev(ta_number, &k_id_p);
01194 if(count <= 0)
01195 return count;
01196 if(count > maxnum)
01197 count = maxnum;
01198
01199 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01200
01201 rsbac_vfree(k_id_p);
01202
01203 if(err)
01204 return err;
01205 else
01206 return count;
01207 }
01208 else
01209 return rsbac_ta_net_list_all_netdev(ta_number, NULL);
01210
01211 #else
01212 return -RSBAC_EINVALIDREQUEST;
01213 #endif
01214 }
01215
01216 int sys_rsbac_net_template(
01217 rsbac_list_ta_number_t ta_number,
01218 enum rsbac_net_temp_syscall_t call,
01219 rsbac_net_temp_id_t id,
01220 union rsbac_net_temp_syscall_data_t * data_p)
01221 {
01222 #ifdef CONFIG_RSBAC_NET_OBJ
01223 union rsbac_net_temp_syscall_data_t k_data;
01224 int err = 0;
01225
01226 #ifndef CONFIG_RSBAC_MAINT
01227 union rsbac_target_id_t i_tid;
01228 union rsbac_attribute_value_t i_attr_val;
01229 #endif
01230
01231 if(!id)
01232 return -RSBAC_EINVALIDVALUE;
01233 if(!data_p)
01234 return -RSBAC_EINVALIDPOINTER;
01235
01236
01237 switch(call)
01238 {
01239 case NTS_set_address:
01240 case NTS_set_address_family:
01241 case NTS_set_valid_len:
01242 case NTS_set_type:
01243 case NTS_set_protocol:
01244 case NTS_set_netdev:
01245 case NTS_set_min_port:
01246 case NTS_set_max_port:
01247 case NTS_set_name:
01248 case NTS_new_template:
01249 case NTS_copy_template:
01250 case NTS_delete_template:
01251 #ifdef CONFIG_RSBAC_FREEZE
01252 if(rsbac_freeze)
01253 {
01254 rsbac_printk(KERN_WARNING
01255 "sys_rsbac_net_template(): RSBAC configuration frozen, no administration allowed!\n");
01256 return -EPERM;
01257 }
01258 #endif
01259 if(call != NTS_delete_template)
01260 {
01261 err = rsbac_get_user((u_char *) &k_data, (u_char *) data_p, sizeof(k_data) );
01262 if(err)
01263 return err;
01264 }
01265 break;
01266 case NTS_check_id:
01267 case NTS_get_address:
01268 case NTS_get_address_family:
01269 case NTS_get_valid_len:
01270 case NTS_get_type:
01271 case NTS_get_protocol:
01272 case NTS_get_netdev:
01273 case NTS_get_min_port:
01274 case NTS_get_max_port:
01275 case NTS_get_name:
01276 break;
01277
01278 default:
01279 return -RSBAC_EINVALIDREQUEST;
01280 }
01281
01282 #ifndef CONFIG_RSBAC_MAINT
01283 #ifdef CONFIG_RSBAC_DEBUG
01284 if (rsbac_debug_aef)
01285 rsbac_printk(KERN_DEBUG "sys_rsbac_net_template(): calling ADF\n");
01286 #endif
01287 i_tid.nettemp = id;
01288 i_attr_val.dummy = 0;
01289 switch(call)
01290 {
01291 case NTS_new_template:
01292 if (!rsbac_adf_request(R_CREATE,
01293 current->pid,
01294 T_NETTEMP,
01295 i_tid,
01296 A_none,
01297 i_attr_val))
01298 #ifdef CONFIG_RSBAC_SOFTMODE
01299 if(!rsbac_softmode)
01300 #endif
01301 return -EPERM;
01302 break;
01303
01304 case NTS_copy_template:
01305 if(!rsbac_net_template_exist(id))
01306 {
01307 if(!rsbac_adf_request(R_CREATE,
01308 current->pid,
01309 T_NETTEMP,
01310 i_tid,
01311 A_none,
01312 i_attr_val))
01313 #ifdef CONFIG_RSBAC_SOFTMODE
01314 if(!rsbac_softmode)
01315 #endif
01316 return -EPERM;
01317 }
01318 else
01319 {
01320 if(!rsbac_adf_request(R_WRITE,
01321 current->pid,
01322 T_NETTEMP,
01323 i_tid,
01324 A_none,
01325 i_attr_val))
01326 #ifdef CONFIG_RSBAC_SOFTMODE
01327 if(!rsbac_softmode)
01328 #endif
01329 return -EPERM;
01330 }
01331 i_tid.nettemp = k_data.id;
01332 if (!rsbac_adf_request(R_READ,
01333 current->pid,
01334 T_NETTEMP,
01335 i_tid,
01336 A_none,
01337 i_attr_val))
01338 #ifdef CONFIG_RSBAC_SOFTMODE
01339 if(!rsbac_softmode)
01340 #endif
01341 return -EPERM;
01342 break;
01343
01344 case NTS_delete_template:
01345 if (!rsbac_adf_request(R_DELETE,
01346 current->pid,
01347 T_NETTEMP,
01348 i_tid,
01349 A_none,
01350 i_attr_val))
01351 #ifdef CONFIG_RSBAC_SOFTMODE
01352 if(!rsbac_softmode)
01353 #endif
01354 return -EPERM;
01355 break;
01356
01357 case NTS_get_address:
01358 case NTS_get_address_family:
01359 case NTS_get_valid_len:
01360 case NTS_get_type:
01361 case NTS_get_protocol:
01362 case NTS_get_netdev:
01363 case NTS_get_min_port:
01364 case NTS_get_max_port:
01365 if (!rsbac_adf_request(R_READ,
01366 current->pid,
01367 T_NETTEMP,
01368 i_tid,
01369 A_none,
01370 i_attr_val))
01371 #ifdef CONFIG_RSBAC_SOFTMODE
01372 if(!rsbac_softmode)
01373 #endif
01374 return -EPERM;
01375 break;
01376
01377 case NTS_set_address:
01378 case NTS_set_address_family:
01379 case NTS_set_valid_len:
01380 case NTS_set_type:
01381 case NTS_set_protocol:
01382 case NTS_set_netdev:
01383 case NTS_set_min_port:
01384 case NTS_set_max_port:
01385 case NTS_set_name:
01386 if (!rsbac_adf_request(R_WRITE,
01387 current->pid,
01388 T_NETTEMP,
01389 i_tid,
01390 A_none,
01391 i_attr_val))
01392 #ifdef CONFIG_RSBAC_SOFTMODE
01393 if(!rsbac_softmode)
01394 #endif
01395 return -EPERM;
01396 break;
01397
01398 default:
01399 break;
01400 }
01401 #endif
01402
01403 err = rsbac_ta_net_template(ta_number, call, id, &k_data);
01404 if(!err)
01405 {
01406
01407 switch(call)
01408 {
01409 case NTS_check_id:
01410 case NTS_get_address:
01411 case NTS_get_address_family:
01412 case NTS_get_valid_len:
01413 case NTS_get_type:
01414 case NTS_get_protocol:
01415 case NTS_get_netdev:
01416 case NTS_get_min_port:
01417 case NTS_get_max_port:
01418 case NTS_get_name:
01419 err = rsbac_put_user((u_char *) &k_data, (u_char *) data_p, sizeof(k_data) );
01420 break;
01421 default:
01422 break;
01423 }
01424 }
01425 return err;
01426
01427 #else
01428 return -RSBAC_EINVALIDREQUEST;
01429 #endif
01430 }
01431
01432 int sys_rsbac_net_list_all_template(
01433 rsbac_list_ta_number_t ta_number,
01434 rsbac_net_temp_id_t * id_p,
01435 u_long maxnum)
01436 {
01437 #ifdef CONFIG_RSBAC_NET_OBJ
01438 int err = 0;
01439 int count;
01440 union rsbac_target_id_t i_tid;
01441 union rsbac_attribute_value_t i_attr_val;
01442
01443 i_tid.nettemp = 0;
01444 i_attr_val.dummy = 0;
01445 if (!rsbac_adf_request(R_READ,
01446 current->pid,
01447 T_NETTEMP,
01448 i_tid,
01449 A_none,
01450 i_attr_val))
01451 return -EPERM;
01452 if(id_p && maxnum)
01453 {
01454 rsbac_net_temp_id_t * k_id_p = NULL;
01455
01456 count = rsbac_ta_net_list_all_template(ta_number, &k_id_p);
01457 if(count <= 0)
01458 return count;
01459 if(count > maxnum)
01460 count = maxnum;
01461
01462 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01463
01464 rsbac_vfree(k_id_p);
01465
01466 if(err)
01467 return err;
01468 else
01469 return count;
01470 }
01471 else
01472 return rsbac_ta_net_list_all_template(ta_number, NULL);
01473
01474 #else
01475 return -RSBAC_EINVALIDREQUEST;
01476 #endif
01477 }
01478
01479
01480
01481
01482
01483
01484 int sys_rsbac_switch(enum rsbac_switch_target_t target, int value)
01485 {
01486 #if defined(CONFIG_RSBAC_SWITCH) || defined(CONFIG_RSBAC_SOFTMODE)
01487 union rsbac_target_id_t rsbac_target_id;
01488 union rsbac_attribute_value_t rsbac_attribute_value;
01489 char * switch_name;
01490
01491
01492 if(target >= SW_NONE)
01493 return(-RSBAC_EINVALIDTARGET);
01494 if ( (value < 0)
01495 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01496 || (value > 3)
01497 #else
01498 || (value > 1)
01499 #endif
01500 )
01501 return (-RSBAC_EINVALIDVALUE);
01502
01503 #ifdef CONFIG_RSBAC_SOFTMODE
01504 if( rsbac_softmode_prohibit
01505 && ( ( (value == 1)
01506 && (target == SOFTMODE)
01507 )
01508 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01509 || (value == 3)
01510 #endif
01511 )
01512 )
01513 {
01514 rsbac_printk(KERN_WARNING
01515 "sys_rsbac_switch(): setting of softmode prohibited!\n");
01516 return -EPERM;
01517 }
01518 #endif
01519
01520 #ifdef CONFIG_RSBAC_DEBUG
01521 if (rsbac_debug_aef)
01522 rsbac_printk(KERN_DEBUG "sys_rsbac_switch(): calling ADF\n");
01523 #endif
01524 rsbac_target_id.dummy = 0;
01525 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
01526 if(target == DAC_DISABLE)
01527 {
01528 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01529 if(value > 1)
01530 return -RSBAC_EINVALIDVALUE;
01531 #endif
01532 rsbac_attribute_value.dummy = 0;
01533 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
01534 current->pid,
01535 T_NONE,
01536 rsbac_target_id,
01537 A_none,
01538 rsbac_attribute_value))
01539 {
01540 return -EPERM;
01541 }
01542 }
01543 else
01544 #endif
01545 {
01546 rsbac_attribute_value.switch_target = target;
01547 if (!rsbac_adf_request(R_SWITCH_MODULE,
01548 current->pid,
01549 T_NONE,
01550 rsbac_target_id,
01551 A_switch_target,
01552 rsbac_attribute_value))
01553 {
01554 return -EPERM;
01555 }
01556 }
01557
01558 switch(value)
01559 {
01560 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01561 case 2:
01562 case 3:
01563 rsbac_ind_softmode[target] = value - 2;
01564 break;
01565 #endif
01566
01567 default:
01568 switch (target)
01569 {
01570 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
01571 case DAC_DISABLE: rsbac_dac_disable = value;
01572 break;
01573 #endif
01574 #ifdef CONFIG_RSBAC_SOFTMODE
01575 case SOFTMODE: rsbac_softmode = value;
01576 break;
01577 #endif
01578 #ifdef CONFIG_RSBAC_FREEZE
01579 case FREEZE:
01580 if(rsbac_freeze)
01581 {
01582 rsbac_printk(KERN_WARNING
01583 "sys_rsbac_switch(): RSBAC configuration frozen, no administration allowed!\n");
01584 return -EPERM;
01585 }
01586 rsbac_freeze = value;
01587 break;
01588 #endif
01589 #ifdef CONFIG_RSBAC_SWITCH_MAC
01590 case MAC:
01591 #ifndef CONFIG_RSBAC_SWITCH_ON
01592 if(value)
01593 return -RSBAC_EINVALIDMODULE;
01594 #endif
01595 rsbac_switch_mac = value;
01596 break;
01597 #endif
01598 #ifdef CONFIG_RSBAC_SWITCH_PM
01599 case PM:
01600 #ifndef CONFIG_RSBAC_SWITCH_ON
01601 if(value)
01602 return -RSBAC_EINVALIDMODULE;
01603 #endif
01604 rsbac_switch_pm = value;
01605 break;
01606 #endif
01607 #ifdef CONFIG_RSBAC_SWITCH_DAZ
01608 case DAZ:
01609 rsbac_switch_daz = value;
01610 break;
01611 #endif
01612 #ifdef CONFIG_RSBAC_SWITCH_FF
01613 case FF:
01614 rsbac_switch_ff = value;
01615 break;
01616 #endif
01617 #ifdef CONFIG_RSBAC_SWITCH_RC
01618 case RC:
01619 #ifndef CONFIG_RSBAC_SWITCH_ON
01620 if(value)
01621 return -RSBAC_EINVALIDMODULE;
01622 #endif
01623 rsbac_switch_rc = value;
01624 break;
01625 #endif
01626 #ifdef CONFIG_RSBAC_SWITCH_AUTH
01627 case AUTH:
01628 rsbac_switch_auth = value;
01629 break;
01630 #endif
01631 #ifdef CONFIG_RSBAC_SWITCH_ACL
01632 case ACL:
01633 rsbac_switch_acl = value;
01634 break;
01635 #endif
01636 #ifdef CONFIG_RSBAC_SWITCH_CAP
01637 case CAP:
01638 rsbac_switch_cap = value;
01639 break;
01640 #endif
01641 #ifdef CONFIG_RSBAC_SWITCH_JAIL
01642 case JAIL:
01643 rsbac_switch_jail = value;
01644 break;
01645 #endif
01646 #ifdef CONFIG_RSBAC_SWITCH_RES
01647 case RES:
01648 rsbac_switch_res = value;
01649 break;
01650 #endif
01651 #ifdef CONFIG_RSBAC_SWITCH_PAX
01652 case PAX:
01653 rsbac_switch_pax = value;
01654 break;
01655 #endif
01656 default:
01657 return (-RSBAC_EINVALIDMODULE);
01658 }
01659 }
01660
01661 switch_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01662 if(switch_name)
01663 {
01664 int show_value = value;
01665
01666 get_switch_target_name(switch_name,target);
01667 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01668 switch(value)
01669 {
01670 case 2:
01671 case 3:
01672 strcat(switch_name, " softmode");
01673 show_value -= 2;
01674 break;
01675 default:
01676 break;
01677 }
01678 #endif
01679 rsbac_printk(KERN_WARNING
01680 "sys_rsbac_switch(): user %u switched RSBAC module %s to %i!\n",
01681 current->uid, switch_name, show_value);
01682 rsbac_kfree(switch_name);
01683 }
01684 return 0;
01685 #else
01686 return -RSBAC_EINVALIDREQUEST;
01687 #endif
01688 }
01689
01690
01691
01692 int sys_rsbac_mac_set_curr_level(rsbac_security_level_t level,
01693 rsbac_mac_category_vector_t * categories_p)
01694 {
01695 #ifdef CONFIG_RSBAC_MAC
01696 rsbac_mac_category_vector_t k_categories;
01697 int err;
01698
01699 if(!categories_p)
01700 return -RSBAC_EINVALIDPOINTER;
01701 err = rsbac_get_user((char *) &k_categories, (char *) categories_p, sizeof(k_categories));
01702 if(err)
01703 return err;
01704 return (rsbac_mac_set_curr_level(level, k_categories));
01705 #else
01706 return (-RSBAC_EINVALIDMODULE);
01707 #endif
01708 }
01709
01710 int sys_rsbac_mac_get_curr_level(rsbac_security_level_t * level_p,
01711 rsbac_mac_category_vector_t * categories_p)
01712 {
01713 #ifdef CONFIG_RSBAC_MAC
01714 int err = 0;
01715 rsbac_security_level_t k_level;
01716 rsbac_mac_category_vector_t k_categories;
01717
01718 err = rsbac_mac_get_curr_level(&k_level, &k_categories);
01719 if(err)
01720 return err;
01721 if(level_p)
01722 {
01723 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
01724 if(err)
01725 return err;
01726 }
01727 if(categories_p)
01728 {
01729 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
01730 }
01731 return err;
01732 #else
01733 return (-RSBAC_EINVALIDMODULE);
01734 #endif
01735 }
01736
01737 int sys_rsbac_mac_get_max_level(rsbac_security_level_t * level_p,
01738 rsbac_mac_category_vector_t * categories_p)
01739 {
01740 #ifdef CONFIG_RSBAC_MAC
01741 int err = 0;
01742 rsbac_security_level_t k_level;
01743 rsbac_mac_category_vector_t k_categories;
01744
01745 err = rsbac_mac_get_max_level(&k_level, &k_categories);
01746 if(err)
01747 return err;
01748 if(level_p)
01749 {
01750 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
01751 if(err)
01752 return err;
01753 }
01754 if(categories_p)
01755 {
01756 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
01757 }
01758 return err;
01759 #else
01760 return (-RSBAC_EINVALIDMODULE);
01761 #endif
01762 }
01763
01764 int sys_rsbac_mac_get_min_level(rsbac_security_level_t * level_p,
01765 rsbac_mac_category_vector_t * categories_p)
01766 {
01767 #ifdef CONFIG_RSBAC_MAC
01768 int err = 0;
01769 rsbac_security_level_t k_level;
01770 rsbac_mac_category_vector_t k_categories;
01771
01772 err = rsbac_mac_get_min_level(&k_level, &k_categories);
01773 if(err)
01774 return err;
01775 if(level_p)
01776 {
01777 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
01778 if(err)
01779 return err;
01780 }
01781 if(categories_p)
01782 {
01783 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
01784 }
01785 return err;
01786 #else
01787 return (-RSBAC_EINVALIDMODULE);
01788 #endif
01789 }
01790
01791
01792 int sys_rsbac_mac_add_p_tru(
01793 rsbac_list_ta_number_t ta_number,
01794 rsbac_pid_t pid,
01795 rsbac_uid_t uid,
01796 rsbac_time_t ttl)
01797 {
01798 #if defined(CONFIG_RSBAC_MAC)
01799 struct task_struct * task_p;
01800
01801 #ifdef CONFIG_RSBAC_FREEZE
01802 if(rsbac_freeze)
01803 {
01804 rsbac_printk(KERN_WARNING
01805 "sys_rsbac_mac_add_p_tru(): RSBAC configuration frozen, no administration allowed!\n");
01806 return -EPERM;
01807 }
01808 #endif
01809
01810 read_lock(&tasklist_lock);
01811 task_p = find_task_by_pid(pid);
01812 read_unlock(&tasklist_lock);
01813 if(!task_p)
01814 return(-RSBAC_EINVALIDTARGET);
01815
01816 return(rsbac_mac_add_p_tru(ta_number, pid, uid, ttl));
01817 #else
01818 return (-RSBAC_EINVALIDMODULE);
01819 #endif
01820 }
01821
01822 int sys_rsbac_mac_remove_p_tru(
01823 rsbac_list_ta_number_t ta_number,
01824 rsbac_pid_t pid,
01825 rsbac_uid_t uid)
01826 {
01827 #if defined(CONFIG_RSBAC_MAC)
01828 struct task_struct * task_p;
01829
01830 #ifdef CONFIG_RSBAC_FREEZE
01831 if(rsbac_freeze)
01832 {
01833 rsbac_printk(KERN_WARNING
01834 "sys_rsbac_mac_remove_p_tru(): RSBAC configuration frozen, no administration allowed!\n");
01835 return -EPERM;
01836 }
01837 #endif
01838
01839 read_lock(&tasklist_lock);
01840 task_p = find_task_by_pid(pid);
01841 read_unlock(&tasklist_lock);
01842 if(!task_p)
01843 return(-RSBAC_EINVALIDTARGET);
01844 return(rsbac_mac_remove_p_tru(ta_number, pid, uid));
01845 #else
01846 return (-RSBAC_EINVALIDMODULE);
01847 #endif
01848 }
01849
01850 int sys_rsbac_mac_add_f_tru(
01851 rsbac_list_ta_number_t ta_number,
01852 char * filename,
01853 rsbac_uid_t uid,
01854 rsbac_time_t ttl)
01855 {
01856 #if defined(CONFIG_RSBAC_MAC)
01857 struct dentry * t_dentry;
01858 int err = 0;
01859 enum rsbac_target_t target;
01860 union rsbac_target_id_t tid;
01861
01862 struct nameidata nd;
01863
01864 if(!filename)
01865 return(-RSBAC_EINVALIDTARGET);
01866
01867 #ifdef CONFIG_RSBAC_FREEZE
01868 if(rsbac_freeze)
01869 {
01870 rsbac_printk(KERN_WARNING
01871 "sys_rsbac_mac_add_f_tru(): RSBAC configuration frozen, no administration allowed!\n");
01872 return -EPERM;
01873 }
01874 #endif
01875
01876 if ((err = user_path_walk_link(filename, &nd)))
01877 {
01878 #ifdef CONFIG_RSBAC_DEBUG
01879 if (rsbac_debug_aef_mac)
01880 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_add_f_tru(): call to user_path_walk_link() returned %i\n", err);
01881 #endif
01882 goto out;
01883 }
01884 t_dentry = nd.dentry;
01885 if (!t_dentry->d_inode)
01886 {
01887 err = -RSBAC_EINVALIDTARGET;
01888 goto out_dput;
01889 }
01890
01891 if(S_ISREG(t_dentry->d_inode->i_mode))
01892 target = T_FILE;
01893 else
01894 if(S_ISDIR(t_dentry->d_inode->i_mode))
01895 target = T_DIR;
01896 else
01897 {
01898 err = -RSBAC_EINVALIDTARGET;
01899 goto out_dput;
01900 }
01901 tid.file.device = t_dentry->d_sb->s_dev;
01902 tid.file.inode = t_dentry->d_inode->i_ino;
01903 tid.file.dentry_p = t_dentry;
01904
01905 err = rsbac_mac_add_f_tru(ta_number, tid.file, uid, ttl);
01906
01907 out_dput:
01908 path_release(&nd);
01909 out:
01910 return(err);
01911
01912 #else
01913 return (-RSBAC_EINVALIDMODULE);
01914 #endif
01915 }
01916
01917 int sys_rsbac_mac_remove_f_tru(
01918 rsbac_list_ta_number_t ta_number,
01919 char * filename,
01920 rsbac_uid_t uid)
01921 {
01922 #if defined(CONFIG_RSBAC_MAC)
01923 struct dentry * t_dentry;
01924 int err = 0;
01925 enum rsbac_target_t target;
01926 union rsbac_target_id_t tid;
01927
01928 struct nameidata nd;
01929
01930 if(!filename)
01931 return(-RSBAC_EINVALIDTARGET);
01932
01933 #ifdef CONFIG_RSBAC_FREEZE
01934 if(rsbac_freeze)
01935 {
01936 rsbac_printk(KERN_WARNING
01937 "sys_rsbac_mac_remove_f_tru(): RSBAC configuration frozen, no administration allowed!\n");
01938 return -EPERM;
01939 }
01940 #endif
01941
01942 if ((err = user_path_walk_link(filename, &nd)))
01943 {
01944 #ifdef CONFIG_RSBAC_DEBUG
01945 if (rsbac_debug_aef_mac)
01946 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_remove_f_tru(): call to user_path_walk_link() returned %i\n", err);
01947 #endif
01948 goto out;
01949 }
01950 t_dentry = nd.dentry;
01951 if (!t_dentry->d_inode)
01952 {
01953 err = -RSBAC_EINVALIDTARGET;
01954 goto out_dput;
01955 }
01956
01957 if(S_ISREG(t_dentry->d_inode->i_mode))
01958 target = T_FILE;
01959 else
01960 if(S_ISDIR(t_dentry->d_inode->i_mode))
01961 target = T_DIR;
01962 else
01963 {
01964 err = -RSBAC_EINVALIDTARGET;
01965 goto out_dput;
01966 }
01967 tid.file.device = t_dentry->d_sb->s_dev;
01968 tid.file.inode = t_dentry->d_inode->i_ino;
01969 tid.file.dentry_p = t_dentry;
01970
01971 err = rsbac_mac_remove_f_tru(ta_number, tid.file, uid);
01972
01973 out_dput:
01974 path_release(&nd);
01975 out:
01976 return(err);
01977
01978 #else
01979 return (-RSBAC_EINVALIDMODULE);
01980 #endif
01981 }
01982
01983
01984 int sys_rsbac_mac_get_f_trulist(
01985 rsbac_list_ta_number_t ta_number,
01986 char * filename,
01987 rsbac_uid_t trulist[],
01988 rsbac_time_t ttllist[],
01989 u_int maxnum)
01990 {
01991 #if defined(CONFIG_RSBAC_MAC)
01992 struct dentry * t_dentry;
01993 int err = 0, tmperr = 0;
01994 enum rsbac_target_t target;
01995 union rsbac_target_id_t tid;
01996 rsbac_uid_t * k_trulist;
01997 rsbac_time_t * k_ttllist;
01998
01999 struct nameidata nd;
02000
02001 if(!filename)
02002 return(-RSBAC_EINVALIDTARGET);
02003 if(!trulist)
02004 return(-RSBAC_EINVALIDPOINTER);
02005 if(maxnum <= 0)
02006 return(-RSBAC_EINVALIDVALUE);
02007 if(maxnum > RSBAC_MAC_MAX_MAXNUM)
02008 maxnum = RSBAC_MAC_MAX_MAXNUM;
02009
02010 if ((err = user_path_walk_link(filename, &nd)))
02011 {
02012 #ifdef CONFIG_RSBAC_DEBUG
02013 if (rsbac_debug_aef_mac)
02014 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_get_f_trulist(): call to user_path_walk_link() returned %i\n", err);
02015 #endif
02016 goto out;
02017 }
02018 t_dentry = nd.dentry;
02019 if (!t_dentry->d_inode)
02020 {
02021 err = -RSBAC_EINVALIDTARGET;
02022 goto out_dput;
02023 }
02024
02025 if(S_ISREG(t_dentry->d_inode->i_mode))
02026 target = T_FILE;
02027 else
02028 if(S_ISDIR(t_dentry->d_inode->i_mode))
02029 target = T_DIR;
02030 else
02031 {
02032 err = -RSBAC_EINVALIDTARGET;
02033 goto out_dput;
02034 }
02035 tid.file.device = t_dentry->d_sb->s_dev;
02036 tid.file.inode = t_dentry->d_inode->i_ino;
02037 tid.file.dentry_p = t_dentry;
02038
02039 err = rsbac_mac_get_f_trulist(ta_number, tid.file, &k_trulist, &k_ttllist);
02040 if(err>0)
02041 {
02042 if(err > maxnum)
02043 err = maxnum;
02044 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist,
02045 sizeof(rsbac_uid_t) * err);
02046 if(tmperr < 0)
02047 err = tmperr;
02048 else
02049 {
02050 if(ttllist)
02051 {
02052 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
02053 sizeof(rsbac_time_t) * err);
02054 if(tmperr < 0)
02055 err = tmperr;
02056 }
02057 }
02058 rsbac_vfree(k_trulist);
02059 rsbac_vfree(k_ttllist);
02060 }
02061
02062 out_dput:
02063 path_release(&nd);
02064 out:
02065 return(err);
02066
02067 #else
02068 return (-RSBAC_EINVALIDMODULE);
02069 #endif
02070 }
02071
02072 int sys_rsbac_mac_get_p_trulist(
02073 rsbac_list_ta_number_t ta_number,
02074 rsbac_pid_t pid,
02075 rsbac_uid_t trulist[],
02076 rsbac_time_t ttllist[],
02077 u_int maxnum)
02078 {
02079 #if defined(CONFIG_RSBAC_MAC)
02080 int err = 0, tmperr = 0;
02081 union rsbac_target_id_t tid;
02082 rsbac_uid_t * k_trulist;
02083 rsbac_time_t * k_ttllist;
02084
02085 if(!pid)
02086 return(-RSBAC_EINVALIDTARGET);
02087 if(!trulist)
02088 return(-RSBAC_EINVALIDPOINTER);
02089 if(maxnum <= 0)
02090 return(-RSBAC_EINVALIDVALUE);
02091 if(maxnum > RSBAC_MAC_MAX_MAXNUM)
02092 maxnum = RSBAC_MAC_MAX_MAXNUM;
02093
02094 tid.process = pid;
02095
02096 err = rsbac_mac_get_p_trulist(ta_number, tid.process, &k_trulist, &k_ttllist);
02097 if(err>0)
02098 {
02099 if(err > maxnum)
02100 err = maxnum;
02101 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist,
02102 sizeof(rsbac_uid_t) * err);
02103 if(tmperr < 0)
02104 err = tmperr;
02105 else
02106 {
02107 if(ttllist)
02108 {
02109 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
02110 sizeof(rsbac_time_t) * err);
02111 if(tmperr < 0)
02112 err = tmperr;
02113 }
02114 }
02115 rsbac_vfree(k_trulist);
02116 rsbac_vfree(k_ttllist);
02117 }
02118
02119 return(err);
02120
02121 #else
02122 return (-RSBAC_EINVALIDMODULE);
02123 #endif
02124 }
02125
02126
02127
02128 int sys_rsbac_stats_pm(void)
02129 {
02130 #ifndef CONFIG_RSBAC_PM
02131 return (0);
02132 #else
02133 union rsbac_target_id_t rsbac_target_id;
02134 union rsbac_attribute_value_t rsbac_attribute_value;
02135
02136 #ifdef CONFIG_RSBAC_DEBUG
02137 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): calling ADF\n");
02138 #endif
02139 rsbac_target_id.scd = ST_rsbac;
02140 rsbac_attribute_value.dummy = 0;
02141 if (!rsbac_adf_request(R_GET_STATUS_DATA,
02142 current->pid,
02143 T_SCD,
02144 rsbac_target_id,
02145 A_none,
02146 rsbac_attribute_value))
02147 {
02148 return -EPERM;
02149 }
02150
02151 #ifdef CONFIG_RSBAC_DEBUG
02152 if (rsbac_debug_aef_pm)
02153 rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): getting RSBAC status!\n");
02154 #endif
02155 return(rsbac_stats_pm());
02156 #endif
02157 };
02158
02159 int sys_rsbac_pm(
02160 rsbac_list_ta_number_t ta_number,
02161 enum rsbac_pm_function_type_t function,
02162 union rsbac_pm_function_param_t * param_p,
02163 rsbac_pm_tkt_id_t ticket)
02164 {
02165 #ifndef CONFIG_RSBAC_PM
02166 return (-RSBAC_EINVALIDMODULE);
02167 #else
02168 union rsbac_pm_function_param_t k_param;
02169 int result;
02170
02171 if(function >= PF_none)
02172 return(-RSBAC_EINVALIDREQUEST);
02173 if(!param_p)
02174 return(-RSBAC_EINVALIDPOINTER);
02175 #ifdef CONFIG_RSBAC_DEBUG
02176 if (rsbac_debug_aef_pm)
02177 rsbac_printk(KERN_DEBUG "sys_rsbac_pm(): called for function %i!\n",
02178 function);
02179 #endif
02180
02181 #ifdef CONFIG_RSBAC_FREEZE
02182 if(rsbac_freeze)
02183 {
02184 rsbac_printk(KERN_WARNING
02185 "sys_rsbac_pm(): RSBAC configuration frozen, no administration allowed!\n");
02186 return -EPERM;
02187 }
02188 #endif
02189
02190
02191 rsbac_get_user((u_char *) &k_param, (u_char *) param_p, sizeof(k_param) );
02192
02193 lock_kernel();
02194 result = rsbac_pm(ta_number, function, k_param, ticket);
02195 unlock_kernel();
02196 return result;
02197 #endif
02198 }
02199
02200 int sys_rsbac_pm_change_current_task(rsbac_pm_task_id_t task)
02201 {
02202 #ifndef CONFIG_RSBAC_PM
02203 return (0);
02204 #else
02205 #ifdef CONFIG_RSBAC_DEBUG
02206 if (rsbac_debug_aef_pm)
02207 rsbac_printk(KERN_DEBUG
02208 "sys_rsbac_pm_change_current_task(): called for task %i!\n",
02209 task);
02210 #endif
02211
02212 return(rsbac_pm_change_current_task(task));
02213 #endif
02214 }
02215
02216 int sys_rsbac_pm_create_file(const char * filename,
02217 int mode,
02218 rsbac_pm_object_class_id_t class)
02219 {
02220 #ifndef CONFIG_RSBAC_PM
02221 return (-RSBAC_EINVALIDMODULE);
02222 #else
02223 if(!filename)
02224 return(-RSBAC_EINVALIDPOINTER);
02225 #ifdef CONFIG_RSBAC_DEBUG
02226 if (rsbac_debug_aef_pm)
02227 rsbac_printk(KERN_DEBUG
02228 "sys_rsbac_pm_create_file(): called with class %i!\n",
02229 class);
02230 #endif
02231
02232 return(rsbac_pm_create_file(filename, mode, class));
02233 #endif
02234 }
02235
02236
02237
02238 int sys_rsbac_daz_flush_cache(void)
02239 {
02240 #ifndef CONFIG_RSBAC_DAZ_CACHE
02241 return (0);
02242 #else
02243 #ifndef CONFIG_RSBAC_MAINT
02244 union rsbac_target_id_t i_tid;
02245 union rsbac_attribute_value_t i_attr_val1;
02246
02247
02248 i_tid.user = current->uid;
02249 if (rsbac_get_attr(DAZ,
02250 T_USER,
02251 i_tid,
02252 A_daz_role,
02253 &i_attr_val1,
02254 TRUE))
02255 {
02256 rsbac_printk(KERN_WARNING
02257 "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
02258 return -EPERM;
02259 }
02260
02261 if ( (i_attr_val1.system_role != SR_security_officer)
02262 && (i_attr_val1.system_role != SR_administrator)
02263 )
02264 #ifdef CONFIG_RSBAC_SOFTMODE
02265 if( !rsbac_softmode
02266 #ifdef CONFIG_RSBAC_SOFTMODE_IND
02267 && !rsbac_ind_softmode[DAZ]
02268 #endif
02269 )
02270 #endif
02271 return -EPERM;
02272 #endif
02273
02274 rsbac_printk(KERN_INFO
02275 "sys_rsbac_daz_flush_cache(): flushing DAZuko result cache!\n");
02276
02277 return(rsbac_daz_flush_cache());
02278 #endif
02279 }
02280
02281
02282
02283
02284 int sys_rsbac_rc_copy_role(
02285 rsbac_list_ta_number_t ta_number,
02286 rsbac_rc_role_id_t from_role,
02287 rsbac_rc_role_id_t to_role)
02288 {
02289 #if defined(CONFIG_RSBAC_RC)
02290 if( (from_role > RC_role_max_value)
02291 || (from_role > RC_role_max_value))
02292 return(-RSBAC_EINVALIDVALUE);
02293 #ifdef CONFIG_RSBAC_DEBUG
02294 if (rsbac_debug_aef_rc)
02295 rsbac_printk(KERN_DEBUG
02296 "sys_rsbac_rc_copy_role(): from %i, to %i!\n",
02297 from_role, to_role);
02298 #endif
02299 #ifdef CONFIG_RSBAC_FREEZE
02300 if(rsbac_freeze)
02301 {
02302 rsbac_printk(KERN_WARNING
02303 "sys_rsbac_rc_copy_role(): RSBAC configuration frozen, no administration allowed!\n");
02304 return -EPERM;
02305 }
02306 #endif
02307
02308
02309 return(rsbac_rc_sys_copy_role(ta_number, from_role, to_role));
02310 #else
02311 return (-RSBAC_EINVALIDMODULE);
02312 #endif
02313 }
02314
02315 int sys_rsbac_rc_copy_type(
02316 rsbac_list_ta_number_t ta_number,
02317 enum rsbac_rc_target_t target,
02318 rsbac_rc_type_id_t from_type,
02319 rsbac_rc_type_id_t to_type)
02320 {
02321 #if defined(CONFIG_RSBAC_RC)
02322 if( (from_type > RC_type_max_value)
02323 || (from_type > RC_type_max_value))
02324 return(-RSBAC_EINVALIDVALUE);
02325 #ifdef CONFIG_RSBAC_DEBUG
02326 if (rsbac_debug_aef_rc)
02327 rsbac_printk(KERN_DEBUG
02328 "sys_rsbac_rc_copy_type(): from %i, to %i!\n",
02329 from_type, to_type);
02330 #endif
02331 #ifdef CONFIG_RSBAC_FREEZE
02332 if(rsbac_freeze)
02333 {
02334 rsbac_printk(KERN_WARNING
02335 "sys_rsbac_rc_copy_type(): RSBAC configuration frozen, no administration allowed!\n");
02336 return -EPERM;
02337 }
02338 #endif
02339
02340
02341 return(rsbac_rc_sys_copy_type(ta_number, target, from_type, to_type));
02342 #else
02343 return (-RSBAC_EINVALIDMODULE);
02344 #endif
02345 }
02346
02347
02348 int sys_rsbac_rc_get_item (
02349 rsbac_list_ta_number_t ta_number,
02350 enum rsbac_rc_target_t target,
02351 union rsbac_rc_target_id_t * tid_p,
02352 union rsbac_rc_target_id_t * subtid_p,
02353 enum rsbac_rc_item_t item,
02354 union rsbac_rc_item_value_t * value_p,
02355 rsbac_time_t * ttl_p)
02356 {
02357 #if defined(CONFIG_RSBAC_RC)
02358 union rsbac_rc_target_id_t k_tid;
02359 union rsbac_rc_target_id_t k_subtid;
02360 union rsbac_rc_item_value_t k_value;
02361 rsbac_time_t k_ttl;
02362 int err = 0;
02363
02364 if( (target >= RT_NONE)
02365 || (item >= RI_none))
02366 return(-RSBAC_EINVALIDVALUE);
02367
02368 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02369 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) );
02370 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02371 #ifdef CONFIG_RSBAC_DEBUG
02372 if (rsbac_debug_aef_rc)
02373 rsbac_printk(KERN_DEBUG
02374 "sys_rsbac_rc_get_item(): target %i, item %i!\n",
02375 target, item);
02376 #endif
02377
02378 err = rsbac_rc_sys_get_item(ta_number, target, k_tid, k_subtid,
02379 item, &k_value, &k_ttl);
02380
02381 if(!err)
02382 {
02383 err = rsbac_put_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02384 if(!err && ttl_p)
02385 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) );
02386 }
02387 return (err);
02388 #else
02389 return (-RSBAC_EINVALIDMODULE);
02390 #endif
02391 }
02392
02393
02394 int sys_rsbac_rc_set_item(
02395 rsbac_list_ta_number_t ta_number,
02396 enum rsbac_rc_target_t target,
02397 union rsbac_rc_target_id_t * tid_p,
02398 union rsbac_rc_target_id_t * subtid_p,
02399 enum rsbac_rc_item_t item,
02400 union rsbac_rc_item_value_t * value_p,
02401 rsbac_time_t ttl)
02402 {
02403 #if defined(CONFIG_RSBAC_RC)
02404 union rsbac_rc_target_id_t k_tid;
02405 union rsbac_rc_target_id_t k_subtid;
02406 union rsbac_rc_item_value_t k_value;
02407
02408 if( (target >= RT_NONE)
02409 || (item >= RI_none))
02410 return(-RSBAC_EINVALIDVALUE);
02411
02412 #ifdef CONFIG_RSBAC_FREEZE
02413 if(rsbac_freeze)
02414 {
02415 rsbac_printk(KERN_WARNING
02416 "sys_rsbac_rc_set_item(): RSBAC configuration frozen, no administration allowed!\n");
02417 return -EPERM;
02418 }
02419 #endif
02420
02421
02422 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02423 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) );
02424 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02425 #ifdef CONFIG_RSBAC_DEBUG
02426 if (rsbac_debug_aef_rc)
02427 rsbac_printk(KERN_DEBUG
02428 "sys_rsbac_rc_set_item(): target %i, item %i!\n",
02429 target, item);
02430 #endif
02431
02432 return rsbac_rc_sys_set_item(ta_number, target, k_tid, k_subtid, item, k_value, ttl);
02433 #else
02434 return (-RSBAC_EINVALIDMODULE);
02435 #endif
02436 }
02437
02438 int sys_rsbac_rc_get_list(
02439 rsbac_list_ta_number_t ta_number,
02440 enum rsbac_rc_target_t target,
02441 union rsbac_rc_target_id_t * tid_p,
02442 enum rsbac_rc_item_t item,
02443 u_int maxnum,
02444 __u32 * array_p,
02445 rsbac_time_t * ttl_array_p)
02446 {
02447 #if defined(CONFIG_RSBAC_RC)
02448 union rsbac_rc_target_id_t k_tid;
02449 int err;
02450
02451 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02452 if(array_p)
02453 {
02454 __u32 * k_array_p;
02455 rsbac_time_t * k_ttl_array_p;
02456
02457 if(!maxnum)
02458 return -RSBAC_EINVALIDVALUE;
02459
02460 err = rsbac_rc_get_list(ta_number, target, k_tid, item,
02461 &k_array_p, &k_ttl_array_p);
02462
02463 if(err > 0)
02464 {
02465 int tmperr;
02466
02467 if(err > maxnum)
02468 err = maxnum;
02469 tmperr = rsbac_put_user((u_char *) k_array_p, (u_char *) array_p, err * sizeof(*k_array_p) );
02470 if(tmperr)
02471 err = tmperr;
02472 rsbac_vfree(k_array_p);
02473 if(k_ttl_array_p && ttl_array_p)
02474 {
02475 tmperr = rsbac_put_user((u_char *) k_ttl_array_p, (u_char *) ttl_array_p, err * sizeof(*k_ttl_array_p) );
02476 if(tmperr)
02477 err = tmperr;
02478 }
02479 rsbac_vfree(k_ttl_array_p);
02480 }
02481 return (err);
02482 }
02483 else
02484 return rsbac_rc_get_list(ta_number, target, k_tid, item, NULL, NULL);
02485 #else
02486 return (-RSBAC_EINVALIDMODULE);
02487 #endif
02488 };
02489
02490
02491 int sys_rsbac_rc_change_role (rsbac_rc_role_id_t role)
02492 {
02493 #if defined(CONFIG_RSBAC_RC)
02494 if(role > RC_role_max_value)
02495 return(-RSBAC_EINVALIDVALUE);
02496 #ifdef CONFIG_RSBAC_DEBUG
02497 if (rsbac_debug_aef_rc)
02498 rsbac_printk(KERN_DEBUG
02499 "sys_rsbac_rc_change_role(): role %i!\n",
02500 role);
02501 #endif
02502
02503 return rsbac_rc_sys_change_role(role);
02504 #else
02505 return (-RSBAC_EINVALIDMODULE);
02506 #endif
02507 }
02508
02509
02510 int sys_rsbac_rc_get_eff_rights_n(
02511 rsbac_list_ta_number_t ta_number,
02512 enum rsbac_target_t target,
02513 char * t_name,
02514 rsbac_rc_request_vector_t * request_vector_p,
02515 rsbac_time_t * ttl_p)
02516 {
02517 #if defined(CONFIG_RSBAC_RC)
02518 struct dentry * t_dentry;
02519 int err = 0;
02520 rsbac_rc_request_vector_t k_req_vec;
02521 rsbac_time_t k_ttl;
02522 union rsbac_target_id_t tid;
02523
02524 struct nameidata nd;
02525
02526 if(!t_name || (target >= T_NONE))
02527 return(-RSBAC_EINVALIDTARGET);
02528
02529 if ((err = user_path_walk_link(t_name, &nd)))
02530 {
02531 #ifdef CONFIG_RSBAC_DEBUG
02532 if (rsbac_debug_aef_rc)
02533 rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): call to user_path_walk_link() returned %i\n", err);
02534 #endif
02535 goto out;
02536 }
02537 t_dentry = nd.dentry;
02538 if (!t_dentry->d_inode)
02539 {
02540 err = -RSBAC_EINVALIDTARGET;
02541 goto out_dput;
02542 }
02543
02544 switch (target)
02545 {
02546 case T_FD:
02547 if(S_ISREG(t_dentry->d_inode->i_mode))
02548 {
02549 target = T_FILE;
02550 }
02551 else
02552 if(S_ISDIR(t_dentry->d_inode->i_mode))
02553 {
02554 target = T_DIR;
02555 }
02556 else
02557 if(S_ISLNK(t_dentry->d_inode->i_mode))
02558 {
02559 target = T_SYMLINK;
02560 }
02561 else
02562 if(S_ISFIFO(t_dentry->d_inode->i_mode))
02563 {
02564 target = T_FIFO;
02565 }
02566 else
02567 if(S_ISBLK(t_dentry->d_inode->i_mode))
02568 {
02569 target = T_FILE;
02570 }
02571 else
02572 if(S_ISCHR(t_dentry->d_inode->i_mode))
02573 {
02574 target = T_FILE;
02575 }
02576 else
02577 {
02578 #ifdef CONFIG_RSBAC_DEBUG
02579 if (rsbac_debug_aef)
02580 rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): no filesystem object\n");
02581 #endif
02582 err = -RSBAC_EINVALIDTARGET;
02583 goto out_dput;
02584 }
02585 break;
02586
02587 case T_FILE:
02588
02589 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
02590 && !(S_ISBLK(t_dentry->d_inode->i_mode))
02591 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
02592 {
02593 err = -RSBAC_EINVALIDTARGET;
02594 goto out_dput;
02595 }
02596 break;
02597
02598 case T_DIR:
02599 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
02600 {
02601 err = -RSBAC_EINVALIDTARGET;
02602 goto out_dput;
02603 }
02604 break;
02605
02606 case T_FIFO:
02607
02608 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
02609 {
02610 err = -RSBAC_EINVALIDTARGET;
02611 goto out_dput;
02612 }
02613 break;
02614
02615 case T_SYMLINK:
02616
02617 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
02618 {
02619 err = -RSBAC_EINVALIDTARGET;
02620 goto out_dput;
02621 }
02622 break;
02623
02624 case T_DEV:
02625
02626 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
02627 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
02628 {
02629 err = -RSBAC_EINVALIDTARGET;
02630 goto out_dput;
02631 }
02632 break;
02633
02634 default:
02635 err = -RSBAC_EINVALIDTARGET;
02636 goto out_dput;
02637 }
02638
02639 if(target == T_DEV)
02640 {
02641 if(S_ISBLK(t_dentry->d_inode->i_mode))
02642 tid.dev.type = D_block;
02643 else
02644 tid.dev.type = D_char;
02645 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
02646 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
02647 }
02648 else
02649 {
02650
02651 tid.file.device = t_dentry->d_sb->s_dev;
02652 tid.file.inode = t_dentry->d_inode->i_ino;
02653 tid.file.dentry_p = t_dentry;
02654 }
02655 err = rsbac_rc_sys_get_eff_rights(ta_number, target, tid, &k_req_vec, &k_ttl);
02656
02657 if(!err)
02658 {
02659 err = rsbac_put_user((u_char *) &k_req_vec, (u_char *) request_vector_p, sizeof(k_req_vec) );
02660 if(!err && ttl_p)
02661 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) );
02662 }
02663
02664 out_dput:
02665 path_release(&nd);
02666
02667 out:
02668 return(err);
02669 #else
02670 return (-RSBAC_EINVALIDMODULE);
02671 #endif
02672 }
02673
02674
02675 int sys_rsbac_rc_get_current_role (rsbac_rc_role_id_t * role_p)
02676 {
02677 #if defined(CONFIG_RSBAC_RC)
02678 rsbac_rc_role_id_t k_role;
02679 int err;
02680
02681 if(!role_p)
02682 return(-RSBAC_EINVALIDPOINTER);
02683
02684 err = rsbac_rc_sys_get_current_role(&k_role);
02685 if(!err)
02686 {
02687 err = rsbac_put_user((u_char *) &k_role, (u_char *) role_p, sizeof(k_role) );
02688 }
02689 return err;
02690 #else
02691 return (-RSBAC_EINVALIDMODULE);
02692 #endif
02693 }
02694
02695
02696
02697
02698
02699 int sys_rsbac_auth_add_p_cap(
02700 rsbac_list_ta_number_t ta_number,
02701 rsbac_pid_t pid,
02702 enum rsbac_auth_cap_type_t cap_type,
02703 struct rsbac_auth_cap_range_t cap_range,
02704 rsbac_time_t ttl)
02705 {
02706 #if defined(CONFIG_RSBAC_AUTH)
02707 struct task_struct * task_p;
02708
02709 if(cap_type >= ACT_none)
02710 return(-RSBAC_EINVALIDTARGET);
02711 if(cap_range.first > cap_range.last)
02712 return(-RSBAC_EINVALIDVALUE);
02713 if( (cap_range.first > RSBAC_AUTH_MAX_RANGE_UID)
02714 || (cap_range.last > RSBAC_AUTH_MAX_RANGE_UID)
02715 )
02716 return -RSBAC_EINVALIDVALUE;
02717
02718 #ifdef CONFIG_RSBAC_FREEZE
02719 if(rsbac_freeze)
02720 {
02721 rsbac_printk(KERN_WARNING
02722 "sys_rsbac_auth_add_p_cap(): RSBAC configuration frozen, no administration allowed!\n");
02723 return -EPERM;
02724 }
02725 #endif
02726
02727 read_lock(&tasklist_lock);
02728 task_p = find_task_by_pid(pid);
02729 read_unlock(&tasklist_lock);
02730 if(!task_p)
02731 return(-RSBAC_EINVALIDTARGET);
02732
02733
02734
02735 return(rsbac_auth_add_p_cap(ta_number, pid, cap_type, cap_range, ttl));
02736 #else
02737 return (-RSBAC_EINVALIDMODULE);
02738 #endif
02739 }
02740
02741 int sys_rsbac_auth_remove_p_cap(
02742 rsbac_list_ta_number_t ta_number,
02743 rsbac_pid_t pid,
02744 enum rsbac_auth_cap_type_t cap_type,
02745 struct rsbac_auth_cap_range_t cap_range)
02746 {
02747 #if defined(CONFIG_RSBAC_AUTH)
02748 struct task_struct * task_p;
02749
02750 if(cap_type >= ACT_none)
02751 return(-RSBAC_EINVALIDTARGET);
02752 if(cap_range.first > cap_range.last)
02753 return(-RSBAC_EINVALIDVALUE);
02754
02755 #ifdef CONFIG_RSBAC_FREEZE
02756 if(rsbac_freeze)
02757 {
02758 rsbac_printk(KERN_WARNING
02759 "sys_rsbac_auth_remove_p_cap(): RSBAC configuration frozen, no administration allowed!\n");
02760 return -EPERM;
02761 }
02762 #endif
02763
02764 read_lock(&tasklist_lock);
02765 task_p = find_task_by_pid(pid);
02766 read_unlock(&tasklist_lock);
02767 if(!task_p)
02768 return(-RSBAC_EINVALIDTARGET);
02769
02770
02771 return(rsbac_auth_remove_p_cap(ta_number, pid, cap_type, cap_range));
02772 #else
02773 return (-RSBAC_EINVALIDMODULE);
02774 #endif
02775 }
02776
02777 int sys_rsbac_auth_add_f_cap(
02778 rsbac_list_ta_number_t ta_number,
02779 char * filename,
02780 enum rsbac_auth_cap_type_t cap_type,
02781 struct rsbac_auth_cap_range_t cap_range,
02782 rsbac_time_t ttl)
02783 {
02784 #if defined(CONFIG_RSBAC_AUTH)
02785 struct dentry * t_dentry;
02786 int err = 0;
02787 enum rsbac_target_t target;
02788 union rsbac_target_id_t tid;
02789 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02790 union rsbac_attribute_value_t rsbac_attribute_value;
02791 #endif
02792
02793 struct nameidata nd;
02794
02795 if(cap_range.first > cap_range.last)
02796 return(-RSBAC_EINVALIDVALUE);
02797
02798 if(!filename)
02799 return(-RSBAC_EINVALIDTARGET);
02800 if(cap_type >= ACT_none)
02801 return(-RSBAC_EINVALIDTARGET);
02802 if(cap_range.first > cap_range.last)
02803 return(-RSBAC_EINVALIDVALUE);
02804
02805 #ifdef CONFIG_RSBAC_FREEZE
02806 if(rsbac_freeze)
02807 {
02808 rsbac_printk(KERN_WARNING
02809 "sys_rsbac_auth_add_f_cap(): RSBAC configuration frozen, no administration allowed!\n");
02810 return -EPERM;
02811 }
02812 #endif
02813
02814 if ((err = user_path_walk_link(filename, &nd)))
02815 {
02816 #ifdef CONFIG_RSBAC_DEBUG
02817 if (rsbac_debug_aef_auth)
02818 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): call to user_path_walk_link() returned %i\n", err);
02819 #endif
02820 goto out;
02821 }
02822 t_dentry = nd.dentry;
02823 if (!t_dentry->d_inode)
02824 {
02825 err = -RSBAC_EINVALIDTARGET;
02826 goto out_dput;
02827 }
02828
02829 if(S_ISREG(t_dentry->d_inode->i_mode))
02830 target = T_FILE;
02831 else
02832 if(S_ISDIR(t_dentry->d_inode->i_mode))
02833 target = T_DIR;
02834 else
02835 {
02836 err = -RSBAC_EINVALIDTARGET;
02837 goto out_dput;
02838 }
02839 tid.file.device = t_dentry->d_sb->s_dev;
02840 tid.file.inode = t_dentry->d_inode->i_ino;
02841 tid.file.dentry_p = t_dentry;
02842 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02843
02844 #ifdef CONFIG_RSBAC_DEBUG
02845 if (rsbac_debug_aef)
02846 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n");
02847 #endif
02848 rsbac_attribute_value.auth_cap_range = cap_range;
02849 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
02850 current->pid,
02851 target,
02852 tid,
02853 A_auth_add_f_cap,
02854 rsbac_attribute_value))
02855 {
02856 err = -EPERM;
02857 }
02858 else
02859 #endif
02860 err = rsbac_auth_add_f_cap(ta_number, tid.file, cap_type, cap_range, ttl);
02861
02862 out_dput:
02863 path_release(&nd);
02864 out:
02865 return(err);
02866
02867 #else
02868 return (-RSBAC_EINVALIDMODULE);
02869 #endif
02870 };
02871
02872 int sys_rsbac_auth_remove_f_cap(
02873 rsbac_list_ta_number_t ta_number,
02874 char * filename,
02875 enum rsbac_auth_cap_type_t cap_type,
02876 struct rsbac_auth_cap_range_t cap_range)
02877 {
02878 #if defined(CONFIG_RSBAC_AUTH)
02879 struct dentry * t_dentry;
02880 int err = 0;
02881 enum rsbac_target_t target;
02882 union rsbac_target_id_t tid;
02883
02884
02885 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02886 union rsbac_attribute_value_t rsbac_attribute_value;
02887 #endif
02888
02889 struct nameidata nd;
02890
02891 if(!filename)
02892 return(-RSBAC_EINVALIDTARGET);
02893 if(cap_type >= ACT_none)
02894 return(-RSBAC_EINVALIDTARGET);
02895 if(cap_range.first > cap_range.last)
02896 return(-RSBAC_EINVALIDVALUE);
02897
02898 #ifdef CONFIG_RSBAC_FREEZE
02899 if(rsbac_freeze)
02900 {
02901 rsbac_printk(KERN_WARNING
02902 "sys_rsbac_auth_remove_f_cap(): RSBAC configuration frozen, no administration allowed!\n");
02903 return -EPERM;
02904 }
02905 #endif
02906
02907 if ((err = user_path_walk_link(filename, &nd)))
02908 {
02909 #ifdef CONFIG_RSBAC_DEBUG
02910 if (rsbac_debug_aef_auth)
02911 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_remove_f_cap(): call to user_path_walk_link() returned %i\n", err);
02912 #endif
02913 goto out;
02914 }
02915 t_dentry = nd.dentry;
02916 if (!t_dentry->d_inode)
02917 {
02918 err = -RSBAC_EINVALIDTARGET;
02919 goto out_dput;
02920 }
02921
02922 if(S_ISREG(t_dentry->d_inode->i_mode))
02923 target = T_FILE;
02924 else
02925 if(S_ISDIR(t_dentry->d_inode->i_mode))
02926 target = T_DIR;
02927 else
02928 {
02929 err = -RSBAC_EINVALIDTARGET;
02930 goto out_dput;
02931 }
02932 tid.file.device = t_dentry->d_sb->s_dev;
02933 tid.file.inode = t_dentry->d_inode->i_ino;
02934 tid.file.dentry_p = t_dentry;
02935 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02936
02937 #ifdef CONFIG_RSBAC_DEBUG
02938 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n");
02939 #endif
02940 rsbac_attribute_value.auth_cap_range = cap_range;
02941 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
02942 current->pid,
02943 target,
02944 tid,
02945 A_auth_remove_f_cap,
02946 rsbac_attribute_value))
02947 {
02948 err = -EPERM;
02949 }
02950 else
02951 #endif
02952 err = rsbac_auth_remove_f_cap(ta_number, tid.file, cap_type, cap_range);
02953
02954 out_dput:
02955 path_release(&nd);
02956 out:
02957 return(err);
02958
02959 #else
02960 return (-RSBAC_EINVALIDMODULE);
02961 #endif
02962 }
02963
02964
02965 int sys_rsbac_auth_get_f_caplist(
02966 rsbac_list_ta_number_t ta_number,
02967 char * filename,
02968 enum rsbac_auth_cap_type_t cap_type,
02969 struct rsbac_auth_cap_range_t caplist[],
02970 rsbac_time_t ttllist[],
02971 u_int maxnum)
02972 {
02973 #if defined(CONFIG_RSBAC_AUTH)
02974 struct dentry * t_dentry;
02975 int err = 0, tmperr = 0;
02976 enum rsbac_target_t target;
02977 union rsbac_target_id_t tid;
02978 struct rsbac_auth_cap_range_t * k_caplist;
02979 rsbac_time_t * k_ttllist;
02980
02981
02982 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02983 union rsbac_attribute_value_t rsbac_attribute_value;
02984 #endif
02985
02986 struct nameidata nd;
02987
02988 if(!filename)
02989 return(-RSBAC_EINVALIDTARGET);
02990 if(cap_type >= ACT_none)
02991 return(-RSBAC_EINVALIDTARGET);
02992 if(!caplist)
02993 return(-RSBAC_EINVALIDPOINTER);
02994 if(maxnum <= 0)
02995 return(-RSBAC_EINVALIDVALUE);
02996 if(maxnum > RSBAC_AUTH_MAX_MAXNUM)
02997 maxnum = RSBAC_AUTH_MAX_MAXNUM;
02998
02999 if ((err = user_path_walk_link(filename, &nd)))
03000 {
03001 #ifdef CONFIG_RSBAC_DEBUG
03002 if (rsbac_debug_aef_auth)
03003 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): call to user_path_walk_link() returned %i\n", err);
03004 #endif
03005 goto out;
03006 }
03007 t_dentry = nd.dentry;
03008 if (!t_dentry->d_inode)
03009 {
03010 err = -RSBAC_EINVALIDTARGET;
03011 goto out_dput;
03012 }
03013
03014 if(S_ISREG(t_dentry->d_inode->i_mode))
03015 target = T_FILE;
03016 else
03017 if(S_ISDIR(t_dentry->d_inode->i_mode))
03018 target = T_DIR;
03019 else
03020 {
03021 err = -RSBAC_EINVALIDTARGET;
03022 goto out_dput;
03023 }
03024 tid.file.device = t_dentry->d_sb->s_dev;
03025 tid.file.inode = t_dentry->d_inode->i_ino;
03026 tid.file.dentry_p = t_dentry;
03027 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03028
03029 #ifdef CONFIG_RSBAC_DEBUG
03030 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): calling ADF\n");
03031 #endif
03032 rsbac_attribute_value.dummy = 0;
03033 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
03034 current->pid,
03035 target,
03036 tid,
03037 A_auth_get_caplist,
03038 rsbac_attribute_value))
03039 {
03040 err = -EPERM;
03041 goto out_dput;
03042 }
03043 #endif
03044 err = rsbac_auth_get_f_caplist(ta_number, tid.file, cap_type, &k_caplist, &k_ttllist);
03045 if(err>0)
03046 {
03047 if(err > maxnum)
03048 err = maxnum;
03049 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist,
03050 sizeof(struct rsbac_auth_cap_range_t) * err);
03051 if(tmperr < 0)
03052 err = tmperr;
03053 else
03054 {
03055 if(ttllist)
03056 {
03057 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
03058 sizeof(rsbac_time_t) * err);
03059 if(tmperr < 0)
03060 err = tmperr;
03061 }
03062 }
03063 rsbac_vfree(k_caplist);
03064 rsbac_vfree(k_ttllist);
03065 }
03066
03067 out_dput:
03068 path_release(&nd);
03069 out:
03070 return(err);
03071
03072 #else
03073 return (-RSBAC_EINVALIDMODULE);
03074 #endif
03075 }
03076
03077 int sys_rsbac_auth_get_p_caplist(
03078 rsbac_list_ta_number_t ta_number,
03079 rsbac_pid_t pid,
03080 enum rsbac_auth_cap_type_t cap_type,
03081 struct rsbac_auth_cap_range_t caplist[],
03082 rsbac_time_t ttllist[],
03083 u_int maxnum)
03084 {
03085 #if defined(CONFIG_RSBAC_AUTH)
03086 int err = 0, tmperr = 0;
03087 union rsbac_target_id_t tid;
03088 struct rsbac_auth_cap_range_t * k_caplist;
03089 rsbac_time_t * k_ttllist;
03090
03091
03092 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03093 union rsbac_attribute_value_t rsbac_attribute_value;
03094 #endif
03095
03096 if(!pid)
03097 return(-RSBAC_EINVALIDTARGET);
03098 if(cap_type >= ACT_none)
03099 return(-RSBAC_EINVALIDTARGET);
03100 if(!caplist)
03101 return(-RSBAC_EINVALIDPOINTER);
03102 if(maxnum <= 0)
03103 return(-RSBAC_EINVALIDVALUE);
03104 if(maxnum > RSBAC_AUTH_MAX_MAXNUM)
03105 maxnum = RSBAC_AUTH_MAX_MAXNUM;
03106
03107 tid.process = pid;
03108 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03109
03110 #ifdef CONFIG_RSBAC_DEBUG
03111 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_p_caplist(): calling ADF\n");
03112 #endif
03113 rsbac_attribute_value.dummy = 0;
03114 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
03115 current->pid,
03116 T_PROCESS,
03117 tid,
03118 A_auth_get_caplist,
03119 rsbac_attribute_value))
03120 {
03121 return -EPERM;
03122 }
03123 #endif
03124 err = rsbac_auth_get_p_caplist(ta_number, tid.process, cap_type,
03125 &k_caplist, &k_ttllist);
03126 if(err>0)
03127 {
03128 if(err > maxnum)
03129 err = maxnum;
03130 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist,
03131 sizeof(struct rsbac_auth_cap_range_t) * err);
03132 if(tmperr < 0)
03133 err = tmperr;
03134 else
03135 {
03136 if(ttllist)
03137 {
03138 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
03139 sizeof(rsbac_time_t) * err);
03140 if(tmperr < 0)
03141 err = tmperr;
03142 }
03143 }
03144 rsbac_vfree(k_caplist);
03145 rsbac_vfree(k_ttllist);
03146 }
03147
03148 return(err);
03149
03150 #else
03151 return (-RSBAC_EINVALIDMODULE);
03152 #endif
03153 }
03154
03155
03156
03157
03158 int sys_rsbac_reg(rsbac_reg_handle_t handle,
03159 void * arg)
03160 {
03161 #if defined(CONFIG_RSBAC_REG)
03162 return rsbac_reg_syscall(handle, arg);
03163 #else
03164 return (-RSBAC_EINVALIDMODULE);
03165 #endif
03166 }
03167
03168
03169
03170
03171
03172 int sys_rsbac_acl(
03173 rsbac_list_ta_number_t ta_number,
03174 enum rsbac_acl_syscall_type_t call,
03175 struct rsbac_acl_syscall_arg_t * arg)
03176 {
03177 #if defined(CONFIG_RSBAC_ACL)
03178 struct rsbac_acl_syscall_arg_t k_arg;
03179
03180 int err = 0;
03181
03182 if(call >= ACLC_none)
03183 return(-RSBAC_EINVALIDREQUEST);
03184 if(!arg)
03185 return(-RSBAC_EINVALIDPOINTER);
03186
03187
03188 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03189 if(err < 0)
03190 return err;
03191
03192 if(k_arg.target >= T_NONE)
03193 return(-RSBAC_EINVALIDTARGET);
03194
03195
03196
03197 #ifdef CONFIG_RSBAC_FREEZE
03198 if(rsbac_freeze)
03199 {
03200 rsbac_printk(KERN_WARNING
03201 "sys_rsbac_acl(): RSBAC configuration frozen, no administration allowed!\n");
03202 return -EPERM;
03203 }
03204 #endif
03205
03206 if(call != ACLC_set_mask)
03207 {
03208 switch(k_arg.subj_type)
03209 {
03210 case ACLS_USER:
03211 break;
03212 case ACLS_GROUP:
03213 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03214 {
03215 struct rsbac_acl_group_entry_t entry;
03216 rsbac_uid_t caller;
03217
03218 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03219 || rsbac_get_owner(&caller)
03220 || ( (entry.owner != caller)
03221 && (entry.type != ACLG_GLOBAL)
03222 )
03223 )
03224 return(-RSBAC_EINVALIDVALUE);
03225 }
03226 break;
03227 #if defined(CONFIG_RSBAC_RC)
03228 case ACLS_ROLE:
03229 if(k_arg.subj_id > RC_role_max_value)
03230 {
03231 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid role %u!\n", k_arg.subj_id);
03232 return(-RSBAC_EINVALIDVALUE);
03233 }
03234 break;
03235 #endif
03236 default:
03237 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid subject type %u!\n", k_arg.subj_type);
03238 return(-RSBAC_EINVALIDVALUE);
03239 }
03240 if( (call == ACLC_remove_user)
03241 && (k_arg.target != T_USER)
03242 )
03243 return -RSBAC_EINVALIDTARGET;
03244
03245 }
03246
03247
03248 switch(call)
03249 {
03250 case ACLC_set_acl_entry:
03251 err = rsbac_acl_sys_set_acl_entry(ta_number,
03252 k_arg.target,
03253 k_arg.tid,
03254 k_arg.subj_type,
03255 k_arg.subj_id,
03256 k_arg.rights,
03257 k_arg.ttl);
03258 break;
03259 case ACLC_remove_acl_entry:
03260 err = rsbac_acl_sys_remove_acl_entry(ta_number,
03261 k_arg.target,
03262 k_arg.tid,
03263 k_arg.subj_type,
03264 k_arg.subj_id);
03265 break;
03266 case ACLC_remove_acl:
03267 err = rsbac_acl_sys_remove_acl(ta_number,
03268 k_arg.target,
03269 k_arg.tid);
03270 break;
03271 case ACLC_add_to_acl_entry:
03272 err = rsbac_acl_sys_add_to_acl_entry(ta_number,
03273 k_arg.target,
03274 k_arg.tid,
03275 k_arg.subj_type,
03276 k_arg.subj_id,
03277 k_arg.rights,
03278 k_arg.ttl);
03279 break;
03280 case ACLC_remove_from_acl_entry:
03281 err = rsbac_acl_sys_remove_from_acl_entry(ta_number,
03282 k_arg.target,
03283 k_arg.tid,
03284 k_arg.subj_type,
03285 k_arg.subj_id,
03286 k_arg.rights);
03287 break;
03288 case ACLC_set_mask:
03289 err = rsbac_acl_sys_set_mask(ta_number,
03290 k_arg.target,
03291 k_arg.tid,
03292 k_arg.rights);
03293 break;
03294 case ACLC_remove_user:
03295 err = rsbac_acl_sys_remove_user(ta_number,
03296 k_arg.tid.user);
03297 break;
03298
03299 default:
03300 err = -RSBAC_EINVALIDREQUEST;
03301 }
03302 return (err);
03303 #else
03304 return (-RSBAC_EINVALIDMODULE);
03305 #endif
03306 }
03307
03308
03309 int sys_rsbac_acl_n(
03310 rsbac_list_ta_number_t ta_number,
03311 enum rsbac_acl_syscall_type_t call,
03312 struct rsbac_acl_syscall_n_arg_t * arg)
03313 {
03314 #if defined(CONFIG_RSBAC_ACL)
03315 struct dentry * t_dentry = NULL;
03316 int err = 0;
03317 union rsbac_target_id_t tid;
03318 struct rsbac_acl_syscall_n_arg_t k_arg;
03319
03320 struct nameidata nd;
03321
03322 if(call >= ACLC_none)
03323 return(-RSBAC_EINVALIDREQUEST);
03324 if(!arg)
03325 return(-RSBAC_EINVALIDPOINTER);
03326
03327 #ifdef CONFIG_RSBAC_FREEZE
03328 if(rsbac_freeze)
03329 {
03330 rsbac_printk(KERN_WARNING
03331 "sys_rsbac_acl_n(): RSBAC configuration frozen, no administration allowed!\n");
03332 return -EPERM;
03333 }
03334 #endif
03335
03336
03337 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03338 if(err < 0)
03339 return err;
03340
03341 if(k_arg.target >= T_NONE)
03342 return(-RSBAC_EINVALIDTARGET);
03343 if(call != ACLC_set_mask)
03344 {
03345 switch(k_arg.subj_type)
03346 {
03347 case ACLS_USER:
03348 break;
03349 case ACLS_GROUP:
03350 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03351 {
03352 struct rsbac_acl_group_entry_t entry;
03353 rsbac_uid_t caller;
03354
03355 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03356 || rsbac_get_owner(&caller)
03357 || ( (entry.owner != caller)
03358 && (entry.type != ACLG_GLOBAL)
03359 )
03360 )
03361 return(-RSBAC_EINVALIDVALUE);
03362 }
03363 break;
03364 #if defined(CONFIG_RSBAC_RC)
03365 case ACLS_ROLE:
03366 if(k_arg.subj_id > RC_role_max_value)
03367 return(-RSBAC_EINVALIDVALUE);
03368 break;
03369 #endif
03370 default:
03371 return(-RSBAC_EINVALIDVALUE);
03372 }
03373 }
03374
03375 if(k_arg.name)
03376 {
03377
03378 if ((err = user_path_walk_link(k_arg.name, &nd)))
03379 {
03380 #ifdef CONFIG_RSBAC_DEBUG
03381 if (rsbac_debug_aef)
03382 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): call to user_path_walk_link() returned %i\n", err);
03383 #endif
03384 goto out;
03385 }
03386 t_dentry = nd.dentry;
03387 if (!t_dentry->d_inode)
03388 {
03389 #ifdef CONFIG_RSBAC_DEBUG
03390 if (rsbac_debug_aef)
03391 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): file not found\n");
03392 #endif
03393 err = -RSBAC_EINVALIDTARGET;
03394 goto out_dput;
03395 }
03396 tid.file.device = t_dentry->d_sb->s_dev;
03397 tid.file.inode = t_dentry->d_inode->i_ino;
03398 tid.file.dentry_p = t_dentry;
03399 }
03400 else
03401 {
03402 tid.file.device = RSBAC_ZERO_DEV;
03403 tid.file.inode = 0;
03404 tid.file.dentry_p = NULL;
03405 }
03406
03407 switch (k_arg.target)
03408 {
03409 case T_FD:
03410 if(k_arg.name)
03411 {
03412 if(S_ISREG(t_dentry->d_inode->i_mode))
03413 {
03414 k_arg.target = T_FILE;
03415 }
03416 else
03417 if(S_ISDIR(t_dentry->d_inode->i_mode))
03418 {
03419 k_arg.target = T_DIR;
03420 }
03421 else
03422 if(S_ISLNK(t_dentry->d_inode->i_mode))
03423 {
03424 k_arg.target = T_SYMLINK;
03425 }
03426 else
03427 if(S_ISFIFO(t_dentry->d_inode->i_mode))
03428 {
03429 k_arg.target = T_FIFO;
03430 }
03431 else
03432 if(S_ISBLK(t_dentry->d_inode->i_mode))
03433 {
03434 k_arg.target = T_FILE;
03435 }
03436 else
03437 if(S_ISCHR(t_dentry->d_inode->i_mode))
03438 {
03439 k_arg.target = T_FILE;
03440 }
03441 else
03442 {
03443 #ifdef CONFIG_RSBAC_DEBUG
03444 if (rsbac_debug_aef)
03445 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): no filesystem object\n");
03446 #endif
03447 err = -RSBAC_EINVALIDTARGET;
03448 goto out_dput;
03449 }
03450 }
03451 else
03452 k_arg.target = T_FILE;
03453 break;
03454
03455 case T_FILE:
03456 if(k_arg.name)
03457 {
03458
03459 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
03460 && !(S_ISBLK(t_dentry->d_inode->i_mode))
03461 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03462 {
03463 err = -RSBAC_EINVALIDTARGET;
03464 goto out_dput;
03465 }
03466 }
03467 break;
03468
03469 case T_DIR:
03470 if(k_arg.name)
03471 {
03472 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
03473 {
03474 err = -RSBAC_EINVALIDTARGET;
03475 goto out_dput;
03476 }
03477 }
03478 break;
03479
03480 case T_FIFO:
03481 if(k_arg.name)
03482 {
03483
03484 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
03485 {
03486 err = -RSBAC_EINVALIDTARGET;
03487 goto out_dput;
03488 }
03489 }
03490 break;
03491
03492 case T_SYMLINK:
03493 if(k_arg.name)
03494 {
03495
03496 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
03497 {
03498 err = -RSBAC_EINVALIDTARGET;
03499 goto out_dput;
03500 }
03501 }
03502 break;
03503
03504 case T_DEV:
03505 if(k_arg.name)
03506 {
03507
03508 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
03509 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03510 {
03511 err = -RSBAC_EINVALIDTARGET;
03512 goto out_dput;
03513 }
03514
03515 if(S_ISBLK(t_dentry->d_inode->i_mode))
03516 tid.dev.type = D_block;
03517 else
03518 tid.dev.type = D_char;
03519 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
03520 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
03521 }
03522 else
03523 {
03524 tid.dev = RSBAC_ZERO_DEV_DESC;
03525 }
03526 break;
03527
03528 default:
03529 err = -RSBAC_EINVALIDTARGET;
03530 goto out_dput;
03531 }
03532
03533 switch(call)
03534 {
03535 case ACLC_set_acl_entry:
03536 err = rsbac_acl_sys_set_acl_entry(ta_number,
03537 k_arg.target,
03538 tid,
03539 k_arg.subj_type,
03540 k_arg.subj_id,
03541 k_arg.rights,
03542 k_arg.ttl);
03543 break;
03544 case ACLC_remove_acl_entry:
03545 err = rsbac_acl_sys_remove_acl_entry(ta_number,
03546 k_arg.target,
03547 tid,
03548 k_arg.subj_type,
03549 k_arg.subj_id);
03550 break;
03551 case ACLC_remove_acl:
03552 err = rsbac_acl_sys_remove_acl(ta_number,
03553 k_arg.target,
03554 tid);
03555 break;
03556 case ACLC_add_to_acl_entry:
03557 err = rsbac_acl_sys_add_to_acl_entry(ta_number,
03558 k_arg.target,
03559 tid,
03560 k_arg.subj_type,
03561 k_arg.subj_id,
03562 k_arg.rights,
03563 k_arg.ttl);
03564 break;
03565 case ACLC_remove_from_acl_entry:
03566 err = rsbac_acl_sys_remove_from_acl_entry(ta_number,
03567 k_arg.target,
03568 tid,
03569 k_arg.subj_type,
03570 k_arg.subj_id,
03571 k_arg.rights);
03572 break;
03573 case ACLC_set_mask:
03574 err = rsbac_acl_sys_set_mask(ta_number,
03575 k_arg.target,
03576 tid,
03577 k_arg.rights);
03578 break;
03579
03580 default:
03581 err = -RSBAC_EINVALIDREQUEST;
03582 }
03583
03584 out_dput:
03585 if(k_arg.name)
03586 {
03587 path_release(&nd);
03588 }
03589
03590 out:
03591 return(err);
03592 #else
03593 return (-RSBAC_EINVALIDMODULE);
03594 #endif
03595 }
03596
03597
03598
03599 int sys_rsbac_acl_get_rights(
03600 rsbac_list_ta_number_t ta_number,
03601 struct rsbac_acl_syscall_arg_t * arg,
03602 rsbac_acl_rights_vector_t * rights_p,
03603 u_int effective)
03604 {
03605 #if defined(CONFIG_RSBAC_ACL)
03606 struct rsbac_acl_syscall_arg_t k_arg;
03607 rsbac_acl_rights_vector_t k_rights = 0;
03608 int err = 0;
03609
03610 if(!arg || !rights_p)
03611 return(-RSBAC_EINVALIDPOINTER);
03612
03613 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03614
03615 if(k_arg.target >= T_NONE)
03616 return(-RSBAC_EINVALIDTARGET);
03617
03618
03619 switch(k_arg.subj_type)
03620 {
03621 case ACLS_USER:
03622 break;
03623 case ACLS_GROUP:
03624 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03625 {
03626 struct rsbac_acl_group_entry_t entry;
03627 rsbac_uid_t caller;
03628
03629 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03630 || rsbac_get_owner(&caller)
03631 || ( (entry.owner != caller)
03632 && (entry.type != ACLG_GLOBAL)
03633 )
03634 )
03635 return(-RSBAC_EINVALIDVALUE);
03636 }
03637 break;
03638 case ACLS_ROLE:
03639 #if defined(CONFIG_RSBAC_RC)
03640 if(k_arg.subj_id > RC_role_max_value)
03641 return(-RSBAC_EINVALIDVALUE);
03642 #endif
03643 break;
03644 default:
03645 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): Invalid subject type %u!\n", k_arg.subj_type);
03646 return(-RSBAC_EINVALIDVALUE);
03647 }
03648
03649
03650 err = rsbac_acl_sys_get_rights(ta_number,
03651 k_arg.target,
03652 k_arg.tid,
03653 k_arg.subj_type,
03654 k_arg.subj_id,
03655 &k_rights,
03656 effective);
03657 if(!err)
03658 {
03659 err = rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) );
03660 }
03661 return (err);
03662 #else
03663 return (-RSBAC_EINVALIDMODULE);
03664 #endif
03665 }
03666
03667
03668 int sys_rsbac_acl_get_rights_n(
03669 rsbac_list_ta_number_t ta_number,
03670 struct rsbac_acl_syscall_n_arg_t * arg,
03671 rsbac_acl_rights_vector_t * rights_p,
03672 u_int effective)
03673 {
03674 #if defined(CONFIG_RSBAC_ACL)
03675 struct dentry * t_dentry = NULL;
03676 rsbac_boolean_t need_put = FALSE;
03677 int err = 0;
03678 union rsbac_target_id_t tid;
03679 struct rsbac_acl_syscall_n_arg_t k_arg;
03680 rsbac_acl_rights_vector_t k_rights = 0;
03681
03682 struct nameidata nd;
03683
03684 if(!arg || !rights_p)
03685 return(-RSBAC_EINVALIDPOINTER);
03686
03687 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03688
03689 if(k_arg.target >= T_NONE)
03690 return(-RSBAC_EINVALIDTARGET);
03691 switch(k_arg.subj_type)
03692 {
03693 case ACLS_USER:
03694 break;
03695 case ACLS_GROUP:
03696 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03697 {
03698 struct rsbac_acl_group_entry_t entry;
03699 rsbac_uid_t caller;
03700
03701 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03702 || rsbac_get_owner(&caller)
03703 || ( (entry.owner != caller)
03704 && (entry.type != ACLG_GLOBAL)
03705 )
03706 )
03707 return(-RSBAC_EINVALIDVALUE);
03708 }
03709 break;
03710 case ACLS_ROLE:
03711 #if defined(CONFIG_RSBAC_RC)
03712 if(k_arg.subj_id > RC_role_max_value)
03713 return(-RSBAC_EINVALIDVALUE);
03714 #endif
03715 break;
03716 default:
03717 return(-RSBAC_EINVALIDVALUE);
03718 }
03719
03720 switch (k_arg.target)
03721 {
03722 case T_FD:
03723 case T_FILE:
03724 case T_DIR:
03725 case T_FIFO:
03726 case T_SYMLINK:
03727 if(k_arg.name)
03728 {
03729 if ((err = user_path_walk_link(k_arg.name, &nd)))
03730 {
03731 #ifdef CONFIG_RSBAC_DEBUG
03732 if (rsbac_debug_aef_acl)
03733 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err);
03734 #endif
03735 goto out;
03736 }
03737 t_dentry = nd.dentry;
03738 need_put = TRUE;
03739 if (!t_dentry->d_inode)
03740 {
03741 err = -RSBAC_EINVALIDTARGET;
03742 goto out_dput;
03743 }
03744
03745 switch(k_arg.target)
03746 {
03747 case T_FD:
03748 if(S_ISREG(t_dentry->d_inode->i_mode))
03749 {
03750 k_arg.target = T_FILE;
03751 }
03752 else
03753 if(S_ISDIR(t_dentry->d_inode->i_mode))
03754 {
03755 k_arg.target = T_DIR;
03756 }
03757 else
03758 if(S_ISLNK(t_dentry->d_inode->i_mode))
03759 {
03760 k_arg.target = T_SYMLINK;
03761 }
03762 else
03763 if(S_ISFIFO(t_dentry->d_inode->i_mode))
03764 {
03765 k_arg.target = T_FIFO;
03766 }
03767 else
03768 if(S_ISBLK(t_dentry->d_inode->i_mode))
03769 {
03770 k_arg.target = T_FILE;
03771 }
03772 else
03773 if(S_ISCHR(t_dentry->d_inode->i_mode))
03774 {
03775 k_arg.target = T_FILE;
03776 }
03777 else
03778 {
03779 err = -RSBAC_EINVALIDTARGET;
03780 goto out_dput;
03781 }
03782 break;
03783 case T_FILE:
03784 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
03785 && !(S_ISBLK(t_dentry->d_inode->i_mode))
03786 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03787 {
03788 err = -RSBAC_EINVALIDTARGET;
03789 goto out_dput;
03790 }
03791 break;
03792 case T_DIR:
03793 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
03794 {
03795 err = -RSBAC_EINVALIDTARGET;
03796 goto out_dput;
03797 }
03798 break;
03799 case T_FIFO:
03800
03801 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
03802 {
03803 err = -RSBAC_EINVALIDTARGET;
03804 goto out_dput;
03805 }
03806 break;
03807 case T_SYMLINK:
03808
03809 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
03810 {
03811 err = -RSBAC_EINVALIDTARGET;
03812 goto out_dput;
03813 }
03814 break;
03815 default:
03816 err = -RSBAC_EINVALIDTARGET;
03817 goto out_dput;
03818 }
03819 tid.file.device = t_dentry->d_sb->s_dev;
03820 tid.file.inode = t_dentry->d_inode->i_ino;
03821 tid.file.dentry_p = t_dentry;
03822 }
03823 else
03824 {
03825 if(k_arg.target == T_FD)
03826 k_arg.target = T_FILE;
03827 tid.file.device = RSBAC_ZERO_DEV;
03828 tid.file.inode = 0;
03829 tid.file.dentry_p = NULL;
03830 }
03831 break;
03832
03833 case T_DEV:
03834 if(k_arg.name)
03835 {
03836 if ((err = user_path_walk_link(k_arg.name, &nd)))
03837 {
03838 #ifdef CONFIG_RSBAC_DEBUG
03839 if (rsbac_debug_aef_acl)
03840 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err);
03841 #endif
03842 goto out;
03843 }
03844 t_dentry = nd.dentry;
03845 need_put = TRUE;
03846 if (!t_dentry->d_inode)
03847 {
03848 err = -RSBAC_EINVALIDTARGET;
03849 goto out_dput;
03850 }
03851
03852 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
03853 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03854 {
03855 err = -RSBAC_EINVALIDTARGET;
03856 goto out_dput;
03857 }
03858
03859 if(S_ISBLK(t_dentry->d_inode->i_mode))
03860 tid.dev.type = D_block;
03861 else
03862 tid.dev.type = D_char;
03863 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
03864 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
03865 }
03866 else
03867 {
03868 tid.dev = RSBAC_ZERO_DEV_DESC;
03869 }
03870 break;
03871
03872 default:
03873 return -RSBAC_EINVALIDTARGET;
03874 }
03875
03876
03877 err = rsbac_acl_sys_get_rights(ta_number,
03878 k_arg.target,
03879 tid,
03880 k_arg.subj_type,
03881 k_arg.subj_id,
03882 &k_rights,
03883 effective);
03884
03885 out_dput:
03886 if(need_put)
03887 path_release(&nd);
03888 out:
03889 if(!err)
03890 {
03891 rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) );
03892 }
03893 return(err);
03894 #else
03895 return (-RSBAC_EINVALIDMODULE);
03896 #endif
03897 }
03898
03899
03900
03901 int sys_rsbac_acl_get_tlist (
03902 rsbac_list_ta_number_t ta_number,
03903 enum rsbac_target_t target,
03904 union rsbac_target_id_t * tid,
03905 struct rsbac_acl_entry_t entry_array[],
03906 rsbac_time_t ttl_array[],
03907 u_int maxnum)
03908 {
03909 #if defined(CONFIG_RSBAC_ACL)
03910 union rsbac_target_id_t k_tid;
03911 struct rsbac_acl_entry_t * k_entry_p;
03912 rsbac_time_t * k_ttl_p;
03913 int err = 0;
03914
03915 if(!tid || (target >= T_NONE))
03916 return(-RSBAC_EINVALIDTARGET);
03917 if(!entry_array)
03918 return(-RSBAC_EINVALIDPOINTER);
03919 if(!maxnum)
03920 return(-RSBAC_EINVALIDVALUE);
03921 if(maxnum > RSBAC_ACL_MAX_MAXNUM)
03922 maxnum = RSBAC_ACL_MAX_MAXNUM;
03923
03924
03925 err = rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
03926 if(err)
03927 return err;
03928
03929
03930 err = rsbac_acl_sys_get_tlist(ta_number, target, k_tid, &k_entry_p, &k_ttl_p);
03931 if(err>0)
03932 {
03933 if(err > maxnum)
03934 err = maxnum;
03935 rsbac_put_user((u_char *) k_entry_p,
03936 (u_char *) entry_array,
03937 err * sizeof(*k_entry_p) );
03938 if(ttl_array)
03939 {
03940 rsbac_put_user((u_char *) k_ttl_p,
03941 (u_char *) ttl_array,
03942 err * sizeof(*k_ttl_p) );
03943 }
03944 rsbac_vfree(k_entry_p);
03945 rsbac_vfree(k_ttl_p);
03946 }
03947 return (err);
03948 #else
03949 return (-RSBAC_EINVALIDMODULE);
03950 #endif
03951 }
03952
03953 int sys_rsbac_acl_get_tlist_n(
03954 rsbac_list_ta_number_t ta_number,
03955 enum rsbac_target_t target,
03956 char * t_name,
03957 struct rsbac_acl_entry_t entry_array[],
03958 rsbac_time_t ttl_array[],
03959 u_int maxnum)
03960 {
03961 #if defined(CONFIG_RSBAC_ACL)
03962 struct dentry * t_dentry = NULL;
03963 struct rsbac_acl_entry_t * k_entry_p;
03964 rsbac_time_t * k_ttl_p;
03965 rsbac_boolean_t need_put = FALSE;
03966 int err = 0;
03967 union rsbac_target_id_t tid;
03968
03969 struct nameidata nd;
03970
03971 if(target >= T_NONE)
03972 return(-RSBAC_EINVALIDTARGET);
03973 if(!entry_array)
03974 return(-RSBAC_EINVALIDPOINTER);
03975
03976 switch (target)
03977 {
03978 case T_FD:
03979 case T_FILE:
03980 case T_DIR:
03981 case T_FIFO:
03982 case T_SYMLINK:
03983 if(t_name)
03984 {
03985 if ((err = user_path_walk_link(t_name, &nd)))
03986 {
03987 #ifdef CONFIG_RSBAC_DEBUG
03988 if (rsbac_debug_aef_acl)
03989 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err);
03990 #endif
03991 goto out;
03992 }
03993 t_dentry = nd.dentry;
03994 need_put = TRUE;
03995 if (!t_dentry->d_inode)
03996 {
03997 err = -RSBAC_EINVALIDTARGET;
03998 goto out_dput;
03999 }
04000
04001 switch(target)
04002 {
04003 case T_FD:
04004 if(S_ISREG(t_dentry->d_inode->i_mode))
04005 {
04006 target = T_FILE;
04007 }
04008 else
04009 if(S_ISDIR(t_dentry->d_inode->i_mode))
04010 {
04011 target = T_DIR;
04012 }
04013 else
04014 if(S_ISLNK(t_dentry->d_inode->i_mode))
04015 {
04016 target = T_SYMLINK;
04017 }
04018 else
04019 if(S_ISFIFO(t_dentry->d_inode->i_mode))
04020 {
04021 target = T_FIFO;
04022 }
04023 else
04024 if(S_ISBLK(t_dentry->d_inode->i_mode))
04025 {
04026 target = T_FILE;
04027 }
04028 else
04029 if(S_ISCHR(t_dentry->d_inode->i_mode))
04030 {
04031 target = T_FILE;
04032 }
04033 else
04034 {
04035 err = -RSBAC_EINVALIDTARGET;
04036 goto out_dput;
04037 }
04038 break;
04039 case T_FILE:
04040 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
04041 && !(S_ISBLK(t_dentry->d_inode->i_mode))
04042 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04043 {
04044 err = -RSBAC_EINVALIDTARGET;
04045 goto out_dput;
04046 }
04047 break;
04048 case T_DIR:
04049 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
04050 {
04051 err = -RSBAC_EINVALIDTARGET;
04052 goto out_dput;
04053 }
04054 break;
04055 case T_FIFO:
04056
04057 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
04058 {
04059 err = -RSBAC_EINVALIDTARGET;
04060 goto out_dput;
04061 }
04062 break;
04063 case T_SYMLINK:
04064
04065 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
04066 {
04067 err = -RSBAC_EINVALIDTARGET;
04068 goto out_dput;
04069 }
04070 break;
04071 default:
04072 err = -RSBAC_EINVALIDTARGET;
04073 goto out_dput;
04074 }
04075 tid.file.device = t_dentry->d_sb->s_dev;
04076 tid.file.inode = t_dentry->d_inode->i_ino;
04077 tid.file.dentry_p = t_dentry;
04078 }
04079 else
04080 {
04081 if(target == T_FD)
04082 target = T_FILE;
04083 tid.file.device = RSBAC_ZERO_DEV;
04084 tid.file.inode = 0;
04085 tid.file.dentry_p = NULL;
04086 }
04087 break;
04088
04089 case T_DEV:
04090 if(t_name)
04091 {
04092 if ((err = user_path_walk_link(t_name, &nd)))
04093 {
04094 #ifdef CONFIG_RSBAC_DEBUG
04095 if (rsbac_debug_aef_acl)
04096 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err);
04097 #endif
04098 goto out;
04099 }
04100 t_dentry = nd.dentry;
04101 need_put = TRUE;
04102 if (!t_dentry->d_inode)
04103 {
04104 err = -RSBAC_EINVALIDTARGET;
04105 goto out_dput;
04106 }
04107
04108 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
04109 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04110 {
04111 err = -RSBAC_EINVALIDTARGET;
04112 goto out_dput;
04113 }
04114
04115 if(S_ISBLK(t_dentry->d_inode->i_mode))
04116 tid.dev.type = D_block;
04117 else
04118 tid.dev.type = D_char;
04119 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
04120 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
04121 }
04122 else
04123 {
04124 tid.dev = RSBAC_ZERO_DEV_DESC;
04125 }
04126 break;
04127
04128 default:
04129 return -RSBAC_EINVALIDTARGET;
04130 }
04131
04132 err = rsbac_acl_sys_get_tlist(ta_number, target, tid,
04133 &k_entry_p, &k_ttl_p);
04134
04135 out_dput:
04136 if(need_put)
04137 path_release(&nd);
04138 out:
04139 if(err>0)
04140 {
04141 if(err > maxnum)
04142 err = maxnum;
04143 rsbac_put_user((u_char *) k_entry_p,
04144 (u_char *) entry_array,
04145 err * sizeof(*k_entry_p) );
04146 if(ttl_array)
04147 {
04148 rsbac_put_user((u_char *) k_ttl_p,
04149 (u_char *) ttl_array,
04150 err * sizeof(*k_ttl_p) );
04151 }
04152 rsbac_vfree(k_entry_p);
04153 rsbac_vfree(k_ttl_p);
04154 }
04155 return(err);
04156
04157 #else
04158 return (-RSBAC_EINVALIDMODULE);
04159 #endif
04160 }
04161
04162
04163
04164 int sys_rsbac_acl_get_mask (
04165 rsbac_list_ta_number_t ta_number,
04166 enum rsbac_target_t target,
04167 union rsbac_target_id_t * tid,
04168 rsbac_acl_rights_vector_t * mask_p)
04169 {
04170 #if defined(CONFIG_RSBAC_ACL)
04171 union rsbac_target_id_t k_tid;
04172 rsbac_acl_rights_vector_t k_mask;
04173 int err = 0;
04174
04175 if(!tid || (target >= T_NONE))
04176 return(-RSBAC_EINVALIDTARGET);
04177 if(!mask_p)
04178 return(-RSBAC_EINVALIDPOINTER);
04179
04180
04181 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
04182
04183
04184 err = rsbac_acl_sys_get_mask(ta_number, target, k_tid, &k_mask);
04185 if(!err)
04186 {
04187 rsbac_put_user((u_char *) &k_mask,
04188 (u_char *) mask_p,
04189 sizeof(k_mask) );
04190 }
04191 return err;
04192 #else
04193 return -RSBAC_EINVALIDMODULE;
04194 #endif
04195 }
04196
04197 int sys_rsbac_acl_get_mask_n(
04198 rsbac_list_ta_number_t ta_number,
04199 enum rsbac_target_t target,
04200 char * t_name,
04201 rsbac_acl_rights_vector_t * mask_p)
04202 {
04203 #if defined(CONFIG_RSBAC_ACL)
04204 struct dentry * t_dentry = NULL;
04205 rsbac_acl_rights_vector_t k_mask;
04206 rsbac_boolean_t need_put = FALSE;
04207 int err = 0;
04208 union rsbac_target_id_t tid;
04209
04210 struct nameidata nd;
04211
04212 if(target >= T_NONE)
04213 return(-RSBAC_EINVALIDTARGET);
04214 if(!mask_p)
04215 return(-RSBAC_EINVALIDPOINTER);
04216
04217 switch (target)
04218 {
04219 case T_FD:
04220 case T_FILE:
04221 case T_DIR:
04222 case T_FIFO:
04223 case T_SYMLINK:
04224 if(t_name)
04225 {
04226 if ((err = user_path_walk_link(t_name, &nd)))
04227 {
04228 #ifdef CONFIG_RSBAC_DEBUG
04229 if (rsbac_debug_aef_acl)
04230 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err);
04231 #endif
04232 goto out;
04233 }
04234 t_dentry = nd.dentry;
04235 need_put = TRUE;
04236 if (!t_dentry->d_inode)
04237 {
04238 err = -RSBAC_EINVALIDTARGET;
04239 goto out_dput;
04240 }
04241
04242 switch(target)
04243 {
04244 case T_FD:
04245 if(S_ISREG(t_dentry->d_inode->i_mode))
04246 {
04247 target = T_FILE;
04248 }
04249 else
04250 if(S_ISDIR(t_dentry->d_inode->i_mode))
04251 {
04252 target = T_DIR;
04253 }
04254 else
04255 if(S_ISLNK(t_dentry->d_inode->i_mode))
04256 {
04257 target = T_SYMLINK;
04258 }
04259 else
04260 if(S_ISFIFO(t_dentry->d_inode->i_mode))
04261 {
04262 target = T_FIFO;
04263 }
04264 else
04265 if(S_ISBLK(t_dentry->d_inode->i_mode))
04266 {
04267 target = T_FILE;
04268 }
04269 else
04270 if(S_ISCHR(t_dentry->d_inode->i_mode))
04271 {
04272 target = T_FILE;
04273 }
04274 else
04275 {
04276 err = -RSBAC_EINVALIDTARGET;
04277 goto out_dput;
04278 }
04279 break;
04280 case T_FILE:
04281 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
04282 && !(S_ISBLK(t_dentry->d_inode->i_mode))
04283 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04284 {
04285 err = -RSBAC_EINVALIDTARGET;
04286 goto out_dput;
04287 }
04288 break;
04289 case T_DIR:
04290 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
04291 {
04292 err = -RSBAC_EINVALIDTARGET;
04293 goto out_dput;
04294 }
04295 break;
04296 case T_FIFO:
04297
04298 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
04299 {
04300 err = -RSBAC_EINVALIDTARGET;
04301 goto out_dput;
04302 }
04303 break;
04304 case T_SYMLINK:
04305
04306 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
04307 {
04308 err = -RSBAC_EINVALIDTARGET;
04309 goto out_dput;
04310 }
04311 break;
04312 default:
04313 err = -RSBAC_EINVALIDTARGET;
04314 goto out_dput;
04315 }
04316 tid.file.device = t_dentry->d_sb->s_dev;
04317 tid.file.inode = t_dentry->d_inode->i_ino;
04318 tid.file.dentry_p = t_dentry;
04319 }
04320 else
04321 {
04322 if(target == T_FD)
04323 target = T_FILE;
04324 tid.file.device = RSBAC_ZERO_DEV;
04325 tid.file.inode = 0;
04326 tid.file.dentry_p = NULL;
04327 }
04328 break;
04329
04330 case T_DEV:
04331 if(t_name)
04332 {
04333 if ((err = user_path_walk_link(t_name, &nd)))
04334 {
04335 #ifdef CONFIG_RSBAC_DEBUG
04336 if (rsbac_debug_aef_acl)
04337 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err);
04338 #endif
04339 goto out;
04340 }
04341 t_dentry = nd.dentry;
04342 need_put = TRUE;
04343 if (!t_dentry->d_inode)
04344 {
04345 err = -RSBAC_EINVALIDTARGET;
04346 goto out_dput;
04347 }
04348
04349 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
04350 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04351 {
04352 err = -RSBAC_EINVALIDTARGET;
04353 goto out_dput;
04354 }
04355
04356 if(S_ISBLK(t_dentry->d_inode->i_mode))
04357 tid.dev.type = D_block;
04358 else
04359 tid.dev.type = D_char;
04360 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
04361 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
04362 }
04363 else
04364 {
04365 tid.dev = RSBAC_ZERO_DEV_DESC;
04366 }
04367 break;
04368
04369 default:
04370 return -RSBAC_EINVALIDTARGET;
04371 }
04372
04373 err = rsbac_acl_sys_get_mask(ta_number, target, tid, &k_mask);
04374
04375 out_dput:
04376 if(need_put)
04377 path_release(&nd);
04378 out:
04379 if(!err)
04380 {
04381 rsbac_put_user((u_char *) &k_mask,
04382 (u_char *) mask_p,
04383 sizeof(k_mask) );
04384 }
04385 return(err);
04386
04387 #else
04388 return (-RSBAC_EINVALIDMODULE);
04389 #endif
04390 }
04391
04392
04393
04394 int sys_rsbac_acl_group(
04395 rsbac_list_ta_number_t ta_number,
04396 enum rsbac_acl_group_syscall_type_t call,
04397 union rsbac_acl_group_syscall_arg_t * arg_p)
04398 {
04399 #if defined(CONFIG_RSBAC_ACL)
04400 union rsbac_acl_group_syscall_arg_t k_arg;
04401 int err = 0;
04402
04403 if(call >= ACLGS_none)
04404 return(-RSBAC_EINVALIDREQUEST);
04405 if(!arg_p)
04406 return(-RSBAC_EINVALIDPOINTER);
04407
04408 #ifdef CONFIG_RSBAC_FREEZE
04409 if(rsbac_freeze)
04410 {
04411 switch(call)
04412 {
04413 case ACLGS_add_group:
04414 case ACLGS_change_group:
04415 case ACLGS_remove_group:
04416 case ACLGS_add_member:
04417 case ACLGS_remove_member:
04418 rsbac_printk(KERN_WARNING
04419 "sys_rsbac_acl_group(): RSBAC configuration frozen, no administration allowed!\n");
04420 return -EPERM;
04421
04422 default:
04423 break;
04424 }
04425 }
04426 #endif
04427
04428
04429 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) );
04430
04431
04432 if(err >= 0)
04433 err = rsbac_acl_sys_group(ta_number, call, k_arg);
04434 return (err);
04435 #else
04436 return (-RSBAC_EINVALIDMODULE);
04437 #endif
04438 }
04439
04440 int sys_rsbac_acl_list_all_dev(
04441 rsbac_list_ta_number_t ta_number,
04442 struct rsbac_dev_desc_t * id_p,
04443 u_long maxnum)
04444 {
04445 #if defined(CONFIG_RSBAC_ACL)
04446 int err = 0;
04447 long count;
04448 long count2;
04449
04450 if(id_p && maxnum)
04451 {
04452 struct rsbac_dev_desc_t * k_id_p = NULL;
04453
04454 count = rsbac_acl_list_all_major_dev(ta_number, &k_id_p);
04455 if(count < 0)
04456 return count;
04457 if(count > maxnum)
04458 count = maxnum;
04459
04460 if(count)
04461 {
04462 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
04463 rsbac_vfree(k_id_p);
04464 if(err)
04465 return err;
04466 id_p += count;
04467 maxnum -= count;
04468 if(!maxnum)
04469 return count;
04470 }
04471
04472 count2 = rsbac_acl_list_all_dev(ta_number, &k_id_p);
04473 if(count2 < 0)
04474 return count2;
04475 if(count2 > maxnum)
04476 count2 = maxnum;
04477
04478 if(count2)
04479 {
04480 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count2 * sizeof(*k_id_p) );
04481 rsbac_vfree(k_id_p);
04482 if(err)
04483 return err;
04484 count += count2;
04485 }
04486 return count;
04487 }
04488 else
04489 {
04490 count = rsbac_acl_list_all_major_dev(ta_number, NULL);
04491 if(count < 0)
04492 return count;
04493 count2 = rsbac_acl_list_all_dev(ta_number, NULL);
04494 if(count2 < 0)
04495 return count2;
04496 else
04497 return count + count2;
04498 }
04499 #else
04500 return (-RSBAC_EINVALIDMODULE);
04501 #endif
04502 }
04503
04504 int sys_rsbac_acl_list_all_user(
04505 rsbac_list_ta_number_t ta_number,
04506 rsbac_uid_t * id_p,
04507 u_long maxnum)
04508 {
04509 #if defined(CONFIG_RSBAC_ACL)
04510 int err = 0;
04511 long count;
04512
04513 if(id_p && maxnum)
04514 {
04515 rsbac_uid_t * k_id_p = NULL;
04516
04517 count = rsbac_acl_list_all_user(ta_number, &k_id_p);
04518 if(count < 0)
04519 return count;
04520 if(count > maxnum)
04521 count = maxnum;
04522
04523 if(count)
04524 {
04525 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
04526 rsbac_vfree(k_id_p);
04527 if(err)
04528 return err;
04529 }
04530 return count;
04531 }
04532 else
04533 {
04534 return rsbac_acl_list_all_user(ta_number, NULL);
04535 }
04536 #else
04537 return (-RSBAC_EINVALIDMODULE);
04538 #endif
04539 }
04540
04541 int sys_rsbac_acl_list_all_group(
04542 rsbac_list_ta_number_t ta_number,
04543 rsbac_gid_t * id_p,
04544 u_long maxnum)
04545 {
04546 #ifdef CONFIG_RSBAC_ACL_UM_PROT
04547 int err = 0;
04548 long count;
04549
04550 if(id_p && maxnum)
04551 {
04552 rsbac_gid_t * k_id_p = NULL;
04553
04554 count = rsbac_acl_list_all_group(ta_number, &k_id_p);
04555 if(count < 0)
04556 return count;
04557 if(count > maxnum)
04558 count = maxnum;
04559
04560 if(count)
04561 {
04562 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
04563 rsbac_vfree(k_id_p);
04564 if(err)
04565 return err;
04566 }
04567 return count;
04568 }
04569 else
04570 {
04571 return rsbac_acl_list_all_group(ta_number, NULL);
04572 }
04573 #else
04574 return (-RSBAC_EINVALIDMODULE);
04575 #endif
04576 }
04577
04578
04579
04580 int sys_rsbac_jail(rsbac_version_t version,
04581 char * path,
04582 rsbac_jail_ip_t ip,
04583 rsbac_jail_flags_t flags,
04584 rsbac_cap_vector_t max_caps,
04585 rsbac_jail_scd_vector_t scd_get,
04586 rsbac_jail_scd_vector_t scd_modify)
04587 {
04588 #if defined(CONFIG_RSBAC_JAIL)
04589 return rsbac_jail_sys_jail(version, path, ip, flags,
04590 max_caps, scd_get, scd_modify);
04591 #else
04592 return (-RSBAC_EINVALIDMODULE);
04593 #endif
04594 }
04595
04596
04597
04598 int sys_rsbac_um_auth_name(
04599 char * name,
04600 char * pass)
04601 {
04602 #if defined(CONFIG_RSBAC_UM)
04603 rsbac_uid_t uid;
04604 int err;
04605 char * k_name;
04606 char * k_pass;
04607 union rsbac_target_id_t i_tid;
04608 union rsbac_attribute_value_t i_attr_val;
04609 #ifdef CONFIG_RSBAC_DEBUG
04610 if (rsbac_debug_aef_um)
04611 {
04612 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user\n");
04613 }
04614 #endif
04615 if(!name || !pass)
04616 {
04617 #ifdef CONFIG_RSBAC_DEBUG
04618 if (rsbac_debug_aef_um)
04619 {
04620 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): NULL name or pass\n");
04621 }
04622 #endif
04623 return -RSBAC_EINVALIDPOINTER;
04624 }
04625 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN);
04626 if(!k_name)
04627 return -RSBAC_ENOMEM;
04628 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04629 if(!k_pass)
04630 {
04631 rsbac_kfree(k_name);
04632 return -RSBAC_ENOMEM;
04633 }
04634 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
04635 if(err)
04636 goto out_free;
04637 k_name[RSBAC_UM_NAME_LEN-1] = 0;
04638 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
04639 if(err)
04640 goto out_free;
04641 k_pass[RSBAC_MAXNAMELEN-1] = 0;
04642 #if 0
04643 #ifdef CONFIG_RSBAC_DEBUG
04644 if (rsbac_debug_aef_um)
04645 {
04646 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user %s with pass %s\n",
04647 k_name, k_pass);
04648 }
04649 #endif
04650 #endif
04651 err = rsbac_um_get_uid(0, k_name, &uid);
04652 if(err)
04653 goto out_free;
04654
04655 err = rsbac_um_check_pass(uid, k_pass);
04656 if(err)
04657 goto out_free;
04658
04659 #ifdef CONFIG_RSBAC_AUTH
04660
04661 i_tid.process = current->pid;
04662 i_attr_val.auth_last_auth = uid;
04663 if (rsbac_set_attr(AUTH,
04664 T_PROCESS,
04665 i_tid,
04666 A_auth_last_auth,
04667 i_attr_val))
04668 {
04669 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth);
04670 }
04671 #endif
04672
04673 out_free:
04674 rsbac_kfree(k_name);
04675 memset(k_pass, 0, RSBAC_MAXNAMELEN);
04676 rsbac_kfree(k_pass);
04677 return err;
04678 #else
04679 return (-RSBAC_EINVALIDMODULE);
04680 #endif
04681 }
04682
04683 int sys_rsbac_um_auth_uid(rsbac_uid_t uid,
04684 char * pass)
04685 {
04686 #if defined(CONFIG_RSBAC_UM)
04687 int err;
04688 char * k_pass;
04689 union rsbac_target_id_t i_tid;
04690 union rsbac_attribute_value_t i_attr_val;
04691
04692 if(!pass)
04693 return -RSBAC_EINVALIDPOINTER;
04694 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04695 if(!k_pass)
04696 return -RSBAC_ENOMEM;
04697 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
04698 if(err)
04699 goto out_free;
04700 k_pass[RSBAC_MAXNAMELEN-1] = 0;
04701
04702 #ifdef CONFIG_RSBAC_DEBUG
04703 if (rsbac_debug_aef_um)
04704 {
04705 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_uid(): authenticating user %u with pass %s\n",
04706 uid, k_pass);
04707 }
04708 #endif
04709 err = rsbac_um_check_pass(uid, k_pass);
04710 if(err)
04711 goto out_free;
04712
04713 #ifdef CONFIG_RSBAC_AUTH
04714
04715 i_tid.process = current->pid;
04716 i_attr_val.auth_last_auth = uid;
04717 if (rsbac_set_attr(AUTH,
04718 T_PROCESS,
04719 i_tid,
04720 A_auth_last_auth,
04721 i_attr_val))
04722 {
04723 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth);
04724 }
04725 #endif
04726
04727 out_free:
04728 memset(k_pass, 0, RSBAC_MAXNAMELEN);
04729 rsbac_kfree(k_pass);
04730 return err;
04731 #else
04732 return (-RSBAC_EINVALIDMODULE);
04733 #endif
04734 }
04735
04736 int sys_rsbac_um_add_user(
04737 rsbac_list_ta_number_t ta_number,
04738 rsbac_uid_t uid,
04739 struct rsbac_um_user_entry_t * entry_p,
04740 char * pass,
04741 rsbac_time_t ttl)
04742 {
04743 #if defined(CONFIG_RSBAC_UM)
04744 int err;
04745 struct rsbac_um_user_entry_t * k_entry_p;
04746 char * k_pass;
04747 #ifndef CONFIG_RSBAC_MAINT
04748 union rsbac_target_id_t rsbac_target_id;
04749 union rsbac_target_id_t rsbac_new_target_id;
04750 union rsbac_attribute_value_t rsbac_attribute_value;
04751 #endif
04752
04753 if(!entry_p)
04754 return -RSBAC_EINVALIDPOINTER;
04755
04756 #ifdef CONFIG_RSBAC_FREEZE_UM
04757 if(rsbac_freeze)
04758 {
04759 rsbac_printk(KERN_WARNING
04760 "sys_rsbac_um_add_user(): RSBAC configuration frozen, no administration allowed!\n");
04761 return -EPERM;
04762 }
04763 #endif
04764
04765 #ifndef CONFIG_RSBAC_MAINT
04766 #ifdef CONFIG_RSBAC_DEBUG
04767 if (rsbac_debug_aef)
04768 {
04769 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_user(): calling ADF\n");
04770 }
04771 #endif
04772 rsbac_target_id.user = uid;
04773 rsbac_attribute_value.dummy = 0;
04774 if (!rsbac_adf_request(R_CREATE,
04775 current->pid,
04776 T_USER,
04777 rsbac_target_id,
04778 A_none,
04779 rsbac_attribute_value))
04780 {
04781 return -EPERM;
04782 }
04783 #endif
04784
04785 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p));
04786 if(!k_entry_p)
04787 return -RSBAC_ENOMEM;
04788 if(pass)
04789 {
04790 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04791 if(!k_pass)
04792 {
04793 rsbac_kfree(k_entry_p);
04794 return -RSBAC_ENOMEM;
04795 }
04796 }
04797 else
04798 k_pass = NULL;
04799 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p));
04800 if(err)
04801 goto out_free;
04802 if(!k_entry_p->name[0])
04803 {
04804 err = -RSBAC_EINVALIDVALUE;
04805 goto out_free;
04806 }
04807 if(pass)
04808 {
04809 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
04810 if(err)
04811 goto out_free;
04812 k_pass[RSBAC_MAXNAMELEN-1] = 0;
04813 }
04814 err = rsbac_um_add_user(ta_number, &uid, k_entry_p, k_pass, ttl);
04815
04816 #ifndef CONFIG_RSBAC_MAINT
04817
04818 if(!err)
04819 {
04820 rsbac_target_id.user = uid;
04821 rsbac_new_target_id.dummy = 0;
04822 if (rsbac_adf_set_attr(R_CREATE,
04823 current->pid,
04824 T_USER,
04825 rsbac_target_id,
04826 T_NONE,
04827 rsbac_new_target_id,
04828 A_none,
04829 rsbac_attribute_value))
04830 {
04831 rsbac_printk(KERN_WARNING
04832 "sys_rsbac_um_add_user(): rsbac_adf_set_attr() returned error\n");
04833 }
04834 }
04835 #endif
04836
04837 out_free:
04838 rsbac_kfree(k_entry_p);
04839 if(k_pass)
04840 {
04841 memset(k_pass, 0, RSBAC_MAXNAMELEN);
04842 rsbac_kfree(k_pass);
04843 }
04844 return err;
04845 #else
04846 return (-RSBAC_EINVALIDMODULE);
04847 #endif
04848 }
04849
04850 int sys_rsbac_um_add_group(
04851 rsbac_list_ta_number_t ta_number,
04852 rsbac_gid_t gid,
04853 struct rsbac_um_group_entry_t * entry_p,
04854 char * pass,
04855 rsbac_time_t ttl)
04856 {
04857 #if defined(CONFIG_RSBAC_UM)
04858 int err;
04859 struct rsbac_um_group_entry_t * k_entry_p;
04860 char * k_pass;
04861 #ifndef CONFIG_RSBAC_MAINT
04862 union rsbac_target_id_t rsbac_target_id;
04863 union rsbac_target_id_t rsbac_new_target_id;
04864 union rsbac_attribute_value_t rsbac_attribute_value;
04865 #endif
04866
04867 if(!entry_p)
04868 return -RSBAC_EINVALIDPOINTER;
04869
04870 #ifdef CONFIG_RSBAC_FREEZE_UM
04871 if(rsbac_freeze)
04872 {
04873 rsbac_printk(KERN_WARNING
04874 "sys_rsbac_um_add_group(): RSBAC configuration frozen, no administration allowed!\n");
04875 return -EPERM;
04876 }
04877 #endif
04878
04879 #ifndef CONFIG_RSBAC_MAINT
04880 #ifdef CONFIG_RSBAC_DEBUG
04881 if (rsbac_debug_aef)
04882 {
04883 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_group(): calling ADF\n");
04884 }
04885 #endif
04886 rsbac_target_id.group = gid;
04887 rsbac_attribute_value.dummy = 0;
04888 if (!rsbac_adf_request(R_CREATE,
04889 current->pid,
04890 T_GROUP,
04891 rsbac_target_id,
04892 A_none,
04893 rsbac_attribute_value))
04894 {
04895 return -EPERM;
04896 }
04897 #endif
04898
04899 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p));
04900 if(!k_entry_p)
04901 return -RSBAC_ENOMEM;
04902 if(pass)
04903 {
04904 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04905 if(!k_pass)
04906 {
04907 rsbac_kfree(k_entry_p);
04908 return -RSBAC_ENOMEM;
04909 }
04910 }
04911 else
04912 k_pass = NULL;
04913 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p));
04914 if(err)
04915 goto out_free;
04916 if(!k_entry_p->name[0])
04917 {
04918 err = -RSBAC_EINVALIDVALUE;
04919 goto out_free;
04920 }
04921 if(pass)
04922 {
04923 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
04924 if(err)
04925 goto out_free;
04926 k_pass[RSBAC_MAXNAMELEN-1] = 0;
04927 }
04928 err = rsbac_um_add_group(ta_number, &gid, k_entry_p, k_pass, ttl);
04929
04930 #ifndef CONFIG_RSBAC_MAINT
04931
04932 if(!err)
04933 {
04934 rsbac_target_id.group = gid;
04935 rsbac_new_target_id.dummy = 0;
04936 if (rsbac_adf_set_attr(R_CREATE,
04937 current->pid,
04938 T_GROUP,
04939 rsbac_target_id,
04940 T_NONE,
04941 rsbac_new_target_id,
04942 A_none,
04943 rsbac_attribute_value))
04944 {
04945 rsbac_printk(KERN_WARNING
04946 "sys_rsbac_um_add_group(): rsbac_adf_set_attr() returned error\n");
04947 }
04948 }
04949 #endif
04950
04951 out_free:
04952 rsbac_kfree(k_entry_p);
04953 if(k_pass)
04954 {
04955 memset(k_pass, 0, RSBAC_MAXNAMELEN);
04956 rsbac_kfree(k_pass);
04957 }
04958 return err;
04959 #else
04960 return (-RSBAC_EINVALIDMODULE);
04961 #endif
04962 }
04963
04964 int sys_rsbac_um_add_gm(
04965 rsbac_list_ta_number_t ta_number,
04966 rsbac_uid_t user,
04967 rsbac_gid_t group,
04968 rsbac_time_t ttl)
04969 {
04970 #if defined(CONFIG_RSBAC_UM)
04971 #ifndef CONFIG_RSBAC_MAINT
04972 union rsbac_target_id_t rsbac_target_id;
04973 union rsbac_attribute_value_t rsbac_attribute_value;
04974 #endif
04975
04976 #ifdef CONFIG_RSBAC_FREEZE_UM
04977 if(rsbac_freeze)
04978 {
04979 rsbac_printk(KERN_WARNING
04980 "sys_rsbac_um_add_gm(): RSBAC configuration frozen, no administration allowed!\n");
04981 return -EPERM;
04982 }
04983 #endif
04984
04985 #ifndef CONFIG_RSBAC_MAINT
04986 #ifdef CONFIG_RSBAC_DEBUG
04987 if (rsbac_debug_aef)
04988 {
04989 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_gm(): calling ADF\n");
04990 }
04991 #endif
04992 rsbac_target_id.user = user;
04993 rsbac_attribute_value.group = group;
04994 if (!rsbac_adf_request(R_CHANGE_GROUP,
04995 current->pid,
04996 T_USER,
04997 rsbac_target_id,
04998 A_group,
04999 rsbac_attribute_value))
05000 {
05001 return -EPERM;
05002 }
05003 #endif
05004
05005 return rsbac_um_add_gm(ta_number, user, group, ttl);
05006 #else
05007 return (-RSBAC_EINVALIDMODULE);
05008 #endif
05009 }
05010
05011 int sys_rsbac_um_mod_user(
05012 rsbac_list_ta_number_t ta_number,
05013 rsbac_uid_t uid,
05014 enum rsbac_um_mod_t mod,
05015 union rsbac_um_mod_data_t * data_p)
05016 {
05017 #if defined(CONFIG_RSBAC_UM)
05018 int err;
05019 union rsbac_um_mod_data_t * k_data_p;
05020 #ifndef CONFIG_RSBAC_MAINT
05021 enum rsbac_adf_request_t rsbac_request;
05022 union rsbac_target_id_t rsbac_target_id;
05023 enum rsbac_attribute_t rsbac_attribute = A_none;
05024 union rsbac_attribute_value_t rsbac_attribute_value;
05025 #endif
05026
05027 if(mod >= UM_none)
05028 return -RSBAC_EINVALIDREQUEST;
05029 if( !data_p
05030 && (mod != UM_pass)
05031 )
05032 return -RSBAC_EINVALIDPOINTER;
05033
05034 #ifdef CONFIG_RSBAC_FREEZE_UM
05035 if(rsbac_freeze)
05036 {
05037 rsbac_printk(KERN_WARNING
05038 "sys_rsbac_um_mod_user(): RSBAC configuration frozen, no administration allowed!\n");
05039 return -EPERM;
05040 }
05041 #endif
05042
05043 #ifndef CONFIG_RSBAC_MAINT
05044 #ifdef CONFIG_RSBAC_DEBUG
05045 if (rsbac_debug_aef)
05046 {
05047 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_user(): calling ADF\n");
05048 }
05049 #endif
05050 rsbac_attribute_value.dummy = 0;
05051 switch(mod)
05052 {
05053 case UM_name:
05054 rsbac_request = R_RENAME;
05055 break;
05056
05057 case UM_pass:
05058 case UM_cryptpass:
05059 rsbac_request = R_MODIFY_PERMISSIONS_DATA;
05060 break;
05061
05062 case UM_fullname:
05063 rsbac_request = R_WRITE;
05064 break;
05065
05066 case UM_homedir:
05067 rsbac_request = R_WRITE;
05068 break;
05069
05070 case UM_shell:
05071 rsbac_request = R_WRITE;
05072 break;
05073
05074 case UM_group:
05075 rsbac_request = R_CHANGE_GROUP;
05076 rsbac_attribute = A_group;
05077 rsbac_attribute_value.group = data_p->group;
05078 break;
05079
05080 case UM_lastchange:
05081 rsbac_request = R_WRITE;
05082 break;
05083
05084 case UM_minchange:
05085 rsbac_request = R_WRITE;
05086 break;
05087
05088 case UM_maxchange:
05089 rsbac_request = R_WRITE;
05090 break;
05091
05092 case UM_warnchange:
05093 rsbac_request = R_WRITE;
05094 break;
05095
05096 case UM_inactive:
05097 rsbac_request = R_WRITE;
05098 break;
05099
05100 case UM_expire:
05101 rsbac_request = R_WRITE;
05102 break;
05103
05104 case UM_ttl:
05105 rsbac_request = R_DELETE;
05106 break;
05107
05108 default:
05109 return -RSBAC_EINVALIDREQUEST;
05110 }
05111 rsbac_target_id.user = uid;
05112 if (!rsbac_adf_request(rsbac_request,
05113 current->pid,
05114 T_USER,
05115 rsbac_target_id,
05116 rsbac_attribute,
05117 rsbac_attribute_value))
05118 {
05119 return -EPERM;
05120 }
05121 #endif
05122
05123
05124 if(data_p)
05125 {
05126 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05127 if(!k_data_p)
05128 return -RSBAC_ENOMEM;
05129 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p));
05130 if(err)
05131 {
05132 rsbac_kfree(k_data_p);
05133 return err;
05134 }
05135 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0;
05136 }
05137 else
05138 k_data_p = NULL;
05139
05140 err = rsbac_um_mod_user(ta_number, uid, mod, k_data_p);
05141
05142 if(k_data_p)
05143 rsbac_kfree(k_data_p);
05144 return err;
05145 #else
05146 return (-RSBAC_EINVALIDMODULE);
05147 #endif
05148 }
05149
05150 int sys_rsbac_um_mod_group(
05151 rsbac_list_ta_number_t ta_number,
05152 rsbac_gid_t gid,
05153 enum rsbac_um_mod_t mod,
05154 union rsbac_um_mod_data_t * data_p)
05155 {
05156 #if defined(CONFIG_RSBAC_UM)
05157 int err;
05158 union rsbac_um_mod_data_t * k_data_p;
05159 #ifndef CONFIG_RSBAC_MAINT
05160 enum rsbac_adf_request_t rsbac_request;
05161 union rsbac_target_id_t rsbac_target_id;
05162 union rsbac_attribute_value_t rsbac_attribute_value;
05163 #endif
05164
05165 if(mod >= UM_none)
05166 return -RSBAC_EINVALIDREQUEST;
05167 if( !data_p
05168 && (mod != UM_pass)
05169 )
05170 return -RSBAC_EINVALIDPOINTER;
05171
05172 #ifdef CONFIG_RSBAC_FREEZE_UM
05173 if(rsbac_freeze)
05174 {
05175 rsbac_printk(KERN_WARNING
05176 "sys_rsbac_um_mod_group(): RSBAC configuration frozen, no administration allowed!\n");
05177 return -EPERM;
05178 }
05179 #endif
05180
05181 #ifndef CONFIG_RSBAC_MAINT
05182 #ifdef CONFIG_RSBAC_DEBUG
05183 if (rsbac_debug_aef)
05184 {
05185 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_group(): calling ADF\n");
05186 }
05187 #endif
05188 switch(mod)
05189 {
05190 case UM_name:
05191 rsbac_request = R_RENAME;
05192 break;
05193
05194 case UM_pass:
05195 case UM_cryptpass:
05196 rsbac_request = R_MODIFY_PERMISSIONS_DATA;
05197 break;
05198
05199 case UM_ttl:
05200 rsbac_request = R_DELETE;
05201 break;
05202
05203 default:
05204 return -RSBAC_EINVALIDREQUEST;
05205 }
05206 rsbac_target_id.group = gid;
05207 rsbac_attribute_value.dummy = 0;
05208 if (!rsbac_adf_request(rsbac_request,
05209 current->pid,
05210 T_GROUP,
05211 rsbac_target_id,
05212 A_none,
05213 rsbac_attribute_value))
05214 {
05215 return -EPERM;
05216 }
05217 #endif
05218
05219 if(data_p)
05220 {
05221 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05222 if(!k_data_p)
05223 return -RSBAC_ENOMEM;
05224 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p));
05225 if(err)
05226 {
05227 rsbac_kfree(k_data_p);
05228 return err;
05229 }
05230 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0;
05231 }
05232 else
05233 k_data_p = NULL;
05234
05235 err = rsbac_um_mod_group(ta_number, gid, mod, k_data_p);
05236
05237 if(k_data_p)
05238 rsbac_kfree(k_data_p);
05239 return err;
05240 #else
05241 return (-RSBAC_EINVALIDMODULE);
05242 #endif
05243 }
05244
05245 int sys_rsbac_um_get_user_item(
05246 rsbac_list_ta_number_t ta_number,
05247 rsbac_uid_t uid,
05248 enum rsbac_um_mod_t mod,
05249 union rsbac_um_mod_data_t * data_p)
05250 {
05251 #if defined(CONFIG_RSBAC_UM)
05252 int err;
05253 union rsbac_um_mod_data_t * k_data_p;
05254 #ifndef CONFIG_RSBAC_MAINT
05255 enum rsbac_adf_request_t rsbac_request;
05256 union rsbac_target_id_t rsbac_target_id;
05257 union rsbac_attribute_value_t rsbac_attribute_value;
05258 #endif
05259
05260 if(mod >= UM_none)
05261 return -RSBAC_EINVALIDREQUEST;
05262 if(!data_p)
05263 return -RSBAC_EINVALIDPOINTER;
05264
05265 #ifndef CONFIG_RSBAC_MAINT
05266 #ifdef CONFIG_RSBAC_DEBUG
05267 if (rsbac_debug_aef)
05268 {
05269 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_item(): calling ADF\n");
05270 }
05271 #endif
05272 rsbac_attribute_value.dummy = 0;
05273 switch(mod)
05274 {
05275 case UM_name:
05276 rsbac_request = R_SEARCH;
05277 break;
05278
05279 case UM_group:
05280 case UM_fullname:
05281 case UM_homedir:
05282 case UM_shell:
05283 rsbac_request = R_GET_STATUS_DATA;
05284 break;
05285
05286 case UM_pass:
05287 rsbac_request = R_GET_PERMISSIONS_DATA;
05288 break;
05289
05290 case UM_lastchange:
05291 case UM_minchange:
05292 case UM_maxchange:
05293 case UM_warnchange:
05294 case UM_inactive:
05295 case UM_expire:
05296 case UM_ttl:
05297 rsbac_request = R_READ;
05298 break;
05299
05300 default:
05301 return -RSBAC_EINVALIDREQUEST;
05302 }
05303 rsbac_target_id.user = uid;
05304 if (!rsbac_adf_request(rsbac_request,
05305 current->pid,
05306 T_USER,
05307 rsbac_target_id,
05308 A_none,
05309 rsbac_attribute_value))
05310 {
05311 return -EPERM;
05312 }
05313 #endif
05314
05315 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05316 if(!k_data_p)
05317 return -RSBAC_ENOMEM;
05318 memset(k_data_p, 0, sizeof(*k_data_p));
05319
05320 err = rsbac_um_get_user_item(ta_number, uid, mod, k_data_p);
05321 if(!err)
05322 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) );
05323 rsbac_kfree(k_data_p);
05324 return err;
05325 #else
05326 return (-RSBAC_EINVALIDMODULE);
05327 #endif
05328 }
05329
05330 int sys_rsbac_um_get_group_item(
05331 rsbac_list_ta_number_t ta_number,
05332 rsbac_gid_t gid,
05333 enum rsbac_um_mod_t mod,
05334 union rsbac_um_mod_data_t * data_p)
05335 {
05336 #if defined(CONFIG_RSBAC_UM)
05337 int err;
05338 union rsbac_um_mod_data_t * k_data_p;
05339 #ifndef CONFIG_RSBAC_MAINT
05340 enum rsbac_adf_request_t rsbac_request;
05341 union rsbac_target_id_t rsbac_target_id;
05342 union rsbac_attribute_value_t rsbac_attribute_value;
05343 #endif
05344
05345 if(mod >= UM_none)
05346 return -RSBAC_EINVALIDREQUEST;
05347 if(!data_p)
05348 return -RSBAC_EINVALIDPOINTER;
05349
05350 #ifndef CONFIG_RSBAC_MAINT
05351 #ifdef CONFIG_RSBAC_DEBUG
05352 if (rsbac_debug_aef)
05353 {
05354 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_item(): calling ADF\n");
05355 }
05356 #endif
05357 rsbac_attribute_value.dummy = 0;
05358 switch(mod)
05359 {
05360 case UM_name:
05361 rsbac_request = R_SEARCH;
05362 break;
05363
05364 case UM_pass:
05365 rsbac_request = R_GET_PERMISSIONS_DATA;
05366 break;
05367
05368 case UM_ttl:
05369 rsbac_request = R_GET_STATUS_DATA;
05370 break;
05371
05372 default:
05373 return -RSBAC_EINVALIDREQUEST;
05374 }
05375 rsbac_target_id.group = gid;
05376 if (!rsbac_adf_request(rsbac_request,
05377 current->pid,
05378 T_GROUP,
05379 rsbac_target_id,
05380 A_none,
05381 rsbac_attribute_value))
05382 {
05383 return -EPERM;
05384 }
05385 #endif
05386
05387 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05388 if(!k_data_p)
05389 return -RSBAC_ENOMEM;
05390 memset(k_data_p, 0, sizeof(*k_data_p));
05391
05392 err = rsbac_um_get_group_item(ta_number, gid, mod, k_data_p);
05393 if(!err)
05394 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) );
05395 rsbac_kfree(k_data_p);
05396 return err;
05397 #else
05398 return (-RSBAC_EINVALIDMODULE);
05399 #endif
05400 }
05401
05402 int sys_rsbac_um_remove_user(
05403 rsbac_list_ta_number_t ta_number,
05404 rsbac_uid_t uid)
05405 {
05406 #if defined(CONFIG_RSBAC_UM)
05407 int err;
05408 #ifndef CONFIG_RSBAC_MAINT
05409 union rsbac_target_id_t rsbac_target_id;
05410 union rsbac_target_id_t rsbac_new_target_id;
05411 union rsbac_attribute_value_t rsbac_attribute_value;
05412 #endif
05413
05414 #ifdef CONFIG_RSBAC_FREEZE_UM
05415 if(rsbac_freeze)
05416 {
05417 rsbac_printk(KERN_WARNING
05418 "sys_rsbac_um_remove_user(): RSBAC configuration frozen, no administration allowed!\n");
05419 return -EPERM;
05420 }
05421 #endif
05422
05423 #ifndef CONFIG_RSBAC_MAINT
05424 #ifdef CONFIG_RSBAC_DEBUG
05425 if (rsbac_debug_aef)
05426 {
05427 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_user(): calling ADF\n");
05428 }
05429 #endif
05430 rsbac_target_id.user = uid;
05431 rsbac_attribute_value.dummy = 0;
05432 if (!rsbac_adf_request(R_DELETE,
05433 current->pid,
05434 T_USER,
05435 rsbac_target_id,
05436 A_none,
05437 rsbac_attribute_value))
05438 {
05439 return -EPERM;
05440 }
05441 #endif
05442
05443 err = rsbac_um_remove_user(ta_number, uid);
05444
05445 #ifndef CONFIG_RSBAC_MAINT
05446 if(!err)
05447 {
05448 rsbac_new_target_id.dummy = 0;
05449 if (rsbac_adf_set_attr(R_DELETE,
05450 current->pid,
05451 T_USER,
05452 rsbac_target_id,
05453 T_NONE,
05454 rsbac_new_target_id,
05455 A_none,
05456 rsbac_attribute_value))
05457 {
05458 rsbac_printk(KERN_WARNING
05459 "sys_rsbac_um_remove_user(): rsbac_adf_set_attr() returned error");
05460 }
05461 }
05462 #endif
05463 return err;
05464 #else
05465 return (-RSBAC_EINVALIDMODULE);
05466 #endif
05467 }
05468
05469 int sys_rsbac_um_remove_group(
05470 rsbac_list_ta_number_t ta_number,
05471 rsbac_gid_t gid)
05472 {
05473 #if defined(CONFIG_RSBAC_UM)
05474 int err;
05475 #ifndef CONFIG_RSBAC_MAINT
05476 union rsbac_target_id_t rsbac_target_id;
05477 union rsbac_target_id_t rsbac_new_target_id;
05478 union rsbac_attribute_value_t rsbac_attribute_value;
05479 #endif
05480
05481 #ifdef CONFIG_RSBAC_FREEZE_UM
05482 if(rsbac_freeze)
05483 {
05484 rsbac_printk(KERN_WARNING
05485 "sys_rsbac_um_remove_group(): RSBAC configuration frozen, no administration allowed!\n");
05486 return -EPERM;
05487 }
05488 #endif
05489
05490 #ifndef CONFIG_RSBAC_MAINT
05491 #ifdef CONFIG_RSBAC_DEBUG
05492 if (rsbac_debug_aef)
05493 {
05494 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_group(): calling ADF\n");
05495 }
05496 #endif
05497 rsbac_target_id.group = gid;
05498 rsbac_attribute_value.dummy = 0;
05499 if (!rsbac_adf_request(R_DELETE,
05500 current->pid,
05501 T_GROUP,
05502 rsbac_target_id,
05503 A_none,
05504 rsbac_attribute_value))
05505 {
05506 return -EPERM;
05507 }
05508 #endif
05509
05510 err = rsbac_um_remove_group(ta_number, gid);
05511
05512 #ifndef CONFIG_RSBAC_MAINT
05513 if(!err)
05514 {
05515 rsbac_new_target_id.dummy = 0;
05516 if (rsbac_adf_set_attr(R_DELETE,
05517 current->pid,
05518 T_GROUP,
05519 rsbac_target_id,
05520 T_NONE,
05521 rsbac_new_target_id,
05522 A_none,
05523 rsbac_attribute_value))
05524 {
05525 rsbac_printk(KERN_WARNING
05526 "sys_rsbac_um_remove_group(): rsbac_adf_set_attr() returned error");
05527 }
05528 }
05529 #endif
05530 return err;
05531 #else
05532 return (-RSBAC_EINVALIDMODULE);
05533 #endif
05534 }
05535
05536 int sys_rsbac_um_remove_gm(
05537 rsbac_list_ta_number_t ta_number,
05538 rsbac_uid_t user,
05539 rsbac_gid_t group)
05540 {
05541 #if defined(CONFIG_RSBAC_UM)
05542 #ifndef CONFIG_RSBAC_MAINT
05543 union rsbac_target_id_t rsbac_target_id;
05544 union rsbac_attribute_value_t rsbac_attribute_value;
05545 #endif
05546
05547 #ifdef CONFIG_RSBAC_FREEZE_UM
05548 if(rsbac_freeze)
05549 {
05550 rsbac_printk(KERN_WARNING
05551 "sys_rsbac_um_remove_gm(): RSBAC configuration frozen, no administration allowed!\n");
05552 return -EPERM;
05553 }
05554 #endif
05555
05556 #ifndef CONFIG_RSBAC_MAINT
05557 #ifdef CONFIG_RSBAC_DEBUG
05558 if (rsbac_debug_aef)
05559 {
05560 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_gm(): calling ADF\n");
05561 }
05562 #endif
05563 rsbac_target_id.user = user;
05564 rsbac_attribute_value.group = group;
05565 if (!rsbac_adf_request(R_CHANGE_GROUP,
05566 current->pid,
05567 T_USER,
05568 rsbac_target_id,
05569 A_group,
05570 rsbac_attribute_value))
05571 {
05572 return -EPERM;
05573 }
05574 #endif
05575
05576 return rsbac_um_remove_gm(ta_number, user, group);
05577 #else
05578 return (-RSBAC_EINVALIDMODULE);
05579 #endif
05580 }
05581
05582 int sys_rsbac_um_user_exists(
05583 rsbac_list_ta_number_t ta_number,
05584 rsbac_uid_t uid)
05585 {
05586 #if defined(CONFIG_RSBAC_UM)
05587 #ifndef CONFIG_RSBAC_MAINT
05588 union rsbac_target_id_t rsbac_target_id;
05589 union rsbac_attribute_value_t rsbac_attribute_value;
05590 #endif
05591
05592 #ifndef CONFIG_RSBAC_MAINT
05593 #ifdef CONFIG_RSBAC_DEBUG
05594 if (rsbac_debug_aef)
05595 {
05596 rsbac_printk(KERN_DEBUG "sys_rsbac_um_user_exists(): calling ADF\n");
05597 }
05598 #endif
05599 rsbac_target_id.user = uid;
05600 rsbac_attribute_value.dummy = 0;
05601 if (!rsbac_adf_request(R_SEARCH,
05602 current->pid,
05603 T_USER,
05604 rsbac_target_id,
05605 A_none,
05606 rsbac_attribute_value))
05607 {
05608 return -EPERM;
05609 }
05610 #endif
05611
05612 return rsbac_um_user_exists(ta_number, uid);
05613 #else
05614 return (-RSBAC_EINVALIDMODULE);
05615 #endif
05616 }
05617
05618 int sys_rsbac_um_group_exists(
05619 rsbac_list_ta_number_t ta_number,
05620 rsbac_gid_t gid)
05621 {
05622 #if defined(CONFIG_RSBAC_UM)
05623 #ifndef CONFIG_RSBAC_MAINT
05624 union rsbac_target_id_t rsbac_target_id;
05625 union rsbac_attribute_value_t rsbac_attribute_value;
05626 #endif
05627
05628 #ifndef CONFIG_RSBAC_MAINT
05629 #ifdef CONFIG_RSBAC_DEBUG
05630 if (rsbac_debug_aef)
05631 {
05632 rsbac_printk(KERN_DEBUG "sys_rsbac_um_group_exists(): calling ADF\n");
05633 }
05634 #endif
05635 rsbac_target_id.group = gid;
05636 rsbac_attribute_value.dummy = 0;
05637 if (!rsbac_adf_request(R_SEARCH,
05638 current->pid,
05639 T_GROUP,
05640 rsbac_target_id,
05641 A_none,
05642 rsbac_attribute_value))
05643 {
05644 return -EPERM;
05645 }
05646 #endif
05647
05648 return rsbac_um_group_exists(ta_number, gid);
05649 #else
05650 return (-RSBAC_EINVALIDMODULE);
05651 #endif
05652 }
05653
05654 int sys_rsbac_um_get_next_user(
05655 rsbac_list_ta_number_t ta_number,
05656 rsbac_uid_t old_user,
05657 rsbac_uid_t * next_user_p)
05658 {
05659 #if defined(CONFIG_RSBAC_UM)
05660 rsbac_uid_t k_next_user;
05661 int err;
05662 #ifndef CONFIG_RSBAC_MAINT
05663 union rsbac_target_id_t rsbac_target_id;
05664 union rsbac_attribute_value_t rsbac_attribute_value;
05665 #endif
05666
05667 if(!next_user_p)
05668 return -RSBAC_EINVALIDPOINTER;
05669
05670 #ifndef CONFIG_RSBAC_MAINT
05671 #ifdef CONFIG_RSBAC_DEBUG
05672 if (rsbac_debug_aef)
05673 {
05674 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_next_user(): calling ADF\n");
05675 }
05676 #endif
05677 rsbac_target_id.user = old_user;
05678 rsbac_attribute_value.dummy = 0;
05679 if (!rsbac_adf_request(R_SEARCH,
05680 current->pid,
05681 T_USER,
05682 rsbac_target_id,
05683 A_none,
05684 rsbac_attribute_value))
05685 {
05686 return -EPERM;
05687 }
05688 #endif
05689
05690 err = rsbac_um_get_next_user(ta_number, old_user, &k_next_user);
05691 if(!err)
05692 err = rsbac_put_user((char *)&k_next_user, (char *) next_user_p, sizeof(k_next_user));
05693 return err;
05694 #else
05695 return (-RSBAC_EINVALIDMODULE);
05696 #endif
05697 }
05698
05699 int sys_rsbac_um_get_user_list(
05700 rsbac_list_ta_number_t ta_number,
05701 rsbac_uid_t user_array[],
05702 u_int maxnum)
05703 {
05704 #if defined(CONFIG_RSBAC_UM)
05705 long count;
05706 rsbac_uid_t * k_user_array;
05707 #ifndef CONFIG_RSBAC_MAINT
05708 union rsbac_target_id_t rsbac_target_id;
05709 union rsbac_attribute_value_t rsbac_attribute_value;
05710 #endif
05711
05712 if(maxnum > RSBAC_UM_MAX_MAXNUM)
05713 maxnum = RSBAC_UM_MAX_MAXNUM;
05714
05715 #ifndef CONFIG_RSBAC_MAINT
05716 #ifdef CONFIG_RSBAC_DEBUG
05717 if (rsbac_debug_aef)
05718 {
05719 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_list(): calling ADF\n");
05720 }
05721 #endif
05722 rsbac_target_id.user = RSBAC_ALL_USERS;
05723 rsbac_attribute_value.dummy = 0;
05724 if (!rsbac_adf_request(R_SEARCH,
05725 current->pid,
05726 T_USER,
05727 rsbac_target_id,
05728 A_none,
05729 rsbac_attribute_value))
05730 {
05731 return -EPERM;
05732 }
05733 #endif
05734
05735
05736 if(!user_array || !maxnum)
05737 return rsbac_um_get_user_list(ta_number, NULL);
05738
05739 count = rsbac_um_get_user_list(ta_number, &k_user_array);
05740 if(count>0)
05741 {
05742 if(count > maxnum)
05743 count = maxnum;
05744 rsbac_put_user((u_char *) k_user_array,
05745 (u_char *) user_array,
05746 count * sizeof(*k_user_array) );
05747 rsbac_vfree(k_user_array);
05748 }
05749 return count;
05750 #else
05751 return -RSBAC_EINVALIDMODULE;
05752 #endif
05753 };
05754
05755 int sys_rsbac_um_get_gm_list(
05756 rsbac_list_ta_number_t ta_number,
05757 rsbac_uid_t user,
05758 rsbac_gid_t group_array[],
05759 u_int maxnum)
05760 {
05761 #if defined(CONFIG_RSBAC_UM)
05762 long count;
05763 rsbac_gid_t * k_group_array;
05764 #ifndef CONFIG_RSBAC_MAINT
05765 union rsbac_target_id_t rsbac_target_id;
05766 union rsbac_attribute_value_t rsbac_attribute_value;
05767 #endif
05768
05769
05770 if(maxnum > RSBAC_UM_MAX_MAXNUM)
05771 maxnum = RSBAC_UM_MAX_MAXNUM;
05772
05773 #ifndef CONFIG_RSBAC_MAINT
05774 #ifdef CONFIG_RSBAC_DEBUG
05775 if (rsbac_debug_aef)
05776 {
05777 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_list(): calling ADF\n");
05778 }
05779 #endif
05780 rsbac_target_id.user = user;
05781 rsbac_attribute_value.dummy = 0;
05782 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05783 current->pid,
05784 T_USER,
05785 rsbac_target_id,
05786 A_none,
05787 rsbac_attribute_value))
05788 {
05789 return -EPERM;
05790 }
05791 #endif
05792
05793
05794 if(!group_array || !maxnum)
05795 return rsbac_um_get_gm_list(ta_number, user, NULL);
05796
05797 count = rsbac_um_get_gm_list(ta_number, user, &k_group_array);
05798 if(count>0)
05799 {
05800 if(count > maxnum)
05801 count = maxnum;
05802 rsbac_put_user((u_char *) k_group_array,
05803 (u_char *) group_array,
05804 count * sizeof(*k_group_array) );
05805 rsbac_vfree(k_group_array);
05806 }
05807 return count;
05808 #else
05809 return -RSBAC_EINVALIDMODULE;
05810 #endif
05811 };
05812
05813 int sys_rsbac_um_get_gm_user_list(
05814 rsbac_list_ta_number_t ta_number,
05815 rsbac_gid_t group,
05816 rsbac_uid_t user_array[],
05817 u_int maxnum)
05818 {
05819 #if defined(CONFIG_RSBAC_UM)
05820 long count;
05821 rsbac_uid_t * k_user_array;
05822 #ifndef CONFIG_RSBAC_MAINT
05823 union rsbac_target_id_t rsbac_target_id;
05824 union rsbac_attribute_value_t rsbac_attribute_value;
05825 #endif
05826
05827 if(maxnum > RSBAC_UM_MAX_MAXNUM)
05828 maxnum = RSBAC_UM_MAX_MAXNUM;
05829
05830 #ifndef CONFIG_RSBAC_MAINT
05831 #ifdef CONFIG_RSBAC_DEBUG
05832 if (rsbac_debug_aef)
05833 {
05834 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_user_list(): calling ADF\n");
05835 }
05836 #endif
05837 rsbac_target_id.group = group;
05838 rsbac_attribute_value.dummy = 0;
05839 if (!rsbac_adf_request(R_READ,
05840 current->pid,
05841 T_GROUP,
05842 rsbac_target_id,
05843 A_none,
05844 rsbac_attribute_value))
05845 {
05846 return -EPERM;
05847 }
05848 #endif
05849
05850 if(!user_array || !maxnum)
05851 return rsbac_um_get_gm_user_list(ta_number, group, NULL);
05852
05853 count = rsbac_um_get_gm_user_list(ta_number, group, &k_user_array);
05854 if(count>0)
05855 {
05856 if(count > maxnum)
05857 count = maxnum;
05858 rsbac_put_user((u_char *) k_user_array,
05859 (u_char *) user_array,
05860 count * sizeof(*k_user_array) );
05861 rsbac_vfree(k_user_array);
05862 }
05863 return count;
05864 #else
05865 return -RSBAC_EINVALIDMODULE;
05866 #endif
05867 };
05868
05869 int sys_rsbac_um_get_group_list(
05870 rsbac_list_ta_number_t ta_number,
05871 rsbac_gid_t group_array[],
05872 u_int maxnum)
05873 {
05874 #if defined(CONFIG_RSBAC_UM)
05875 long count;
05876 rsbac_gid_t * k_group_array;
05877 #ifndef CONFIG_RSBAC_MAINT
05878 union rsbac_target_id_t rsbac_target_id;
05879 union rsbac_attribute_value_t rsbac_attribute_value;
05880 #endif
05881
05882 if(maxnum > RSBAC_UM_MAX_MAXNUM)
05883 maxnum = RSBAC_UM_MAX_MAXNUM;
05884
05885 #ifndef CONFIG_RSBAC_MAINT
05886 #ifdef CONFIG_RSBAC_DEBUG
05887 if (rsbac_debug_aef)
05888 {
05889 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_list(): calling ADF\n");
05890 }
05891 #endif
05892 rsbac_target_id.group = RSBAC_ALL_USERS;
05893 rsbac_attribute_value.dummy = 0;
05894 if (!rsbac_adf_request(R_SEARCH,
05895 current->pid,
05896 T_GROUP,
05897 rsbac_target_id,
05898 A_none,
05899 rsbac_attribute_value))
05900 {
05901 return -EPERM;
05902 }
05903 #endif
05904
05905
05906 if(!group_array || !maxnum)
05907 return rsbac_um_get_group_list(ta_number, NULL);
05908
05909 count = rsbac_um_get_group_list(ta_number, &k_group_array);
05910 if(count>0)
05911 {
05912 if(count > maxnum)
05913 count = maxnum;
05914 rsbac_put_user((u_char *) k_group_array,
05915 (u_char *) group_array,
05916 count * sizeof(*k_group_array) );
05917 rsbac_vfree(k_group_array);
05918 }
05919 return count;
05920 #else
05921 return -RSBAC_EINVALIDMODULE;
05922 #endif
05923 };
05924
05925
05926
05927 int sys_rsbac_um_get_uid(
05928 rsbac_list_ta_number_t ta_number,
05929 char * name,
05930 rsbac_uid_t * uid_p)
05931 {
05932 #if defined(CONFIG_RSBAC_UM)
05933 rsbac_uid_t k_uid;
05934 int err;
05935 char k_name[RSBAC_UM_NAME_LEN];
05936
05937 if(!name || !uid_p)
05938 return -RSBAC_EINVALIDPOINTER;
05939
05940 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
05941 if(err)
05942 return err;
05943 k_name[RSBAC_UM_NAME_LEN-1] = 0;
05944 err = rsbac_um_get_uid(ta_number, k_name, &k_uid);
05945 if(!err)
05946 {
05947 #ifndef CONFIG_RSBAC_MAINT
05948 union rsbac_target_id_t rsbac_target_id;
05949 union rsbac_attribute_value_t rsbac_attribute_value;
05950
05951 #ifdef CONFIG_RSBAC_DEBUG
05952 if (rsbac_debug_aef)
05953 {
05954 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_uid(): calling ADF\n");
05955 }
05956 #endif
05957 rsbac_target_id.user = k_uid;
05958 rsbac_attribute_value.dummy = 0;
05959 if (!rsbac_adf_request(R_SEARCH,
05960 current->pid,
05961 T_USER,
05962 rsbac_target_id,
05963 A_none,
05964 rsbac_attribute_value))
05965 {
05966 err = -EPERM;
05967 }
05968 else
05969 #endif
05970
05971 err = rsbac_put_user((char *)&k_uid, (char *) uid_p, sizeof(k_uid));
05972 }
05973 return err;
05974 #else
05975 return (-RSBAC_EINVALIDMODULE);
05976 #endif
05977 }
05978
05979 int sys_rsbac_um_get_gid(
05980 rsbac_list_ta_number_t ta_number,
05981 char * name,
05982 rsbac_gid_t * gid_p)
05983 {
05984 #if defined(CONFIG_RSBAC_UM)
05985 rsbac_gid_t k_gid;
05986 int err;
05987 char k_name[RSBAC_UM_NAME_LEN];
05988
05989 if(!name || !gid_p)
05990 return -RSBAC_EINVALIDPOINTER;
05991 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
05992 if(err)
05993 return err;
05994 k_name[RSBAC_UM_NAME_LEN-1] = 0;
05995 err = rsbac_um_get_gid(ta_number, k_name, &k_gid);
05996 if(!err)
05997 {
05998 #ifndef CONFIG_RSBAC_MAINT
05999 union rsbac_target_id_t rsbac_target_id;
06000 union rsbac_attribute_value_t rsbac_attribute_value;
06001
06002 #ifdef CONFIG_RSBAC_DEBUG
06003 if (rsbac_debug_aef)
06004 {
06005 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gid(): calling ADF\n");
06006 }
06007 #endif
06008 rsbac_target_id.group = k_gid;
06009 rsbac_attribute_value.dummy = 0;
06010 if (!rsbac_adf_request(R_SEARCH,
06011 current->pid,
06012 T_GROUP,
06013 rsbac_target_id,
06014 A_none,
06015 rsbac_attribute_value))
06016 {
06017 err = -EPERM;
06018 }
06019 else
06020 #endif
06021
06022 err = rsbac_put_user((char *)&k_gid, (char *) gid_p, sizeof(k_gid));
06023 }
06024 return err;
06025 #else
06026 return (-RSBAC_EINVALIDMODULE);
06027 #endif
06028 }
06029
06030 int sys_rsbac_um_set_pass(rsbac_uid_t uid,
06031 char * old_pass,
06032 char * new_pass)
06033 {
06034 #if defined(CONFIG_RSBAC_UM)
06035 int err;
06036 char * k_new_pass;
06037
06038 if(!new_pass)
06039 return -RSBAC_EINVALIDPOINTER;
06040 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06041 if(!k_new_pass)
06042 return -RSBAC_ENOMEM;
06043 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN);
06044 if(err)
06045 {
06046 rsbac_kfree(k_new_pass);
06047 return err;
06048 }
06049 k_new_pass[RSBAC_MAXNAMELEN-1] = 0;
06050
06051 if(old_pass && (uid == current->uid))
06052 {
06053 char * k_old_pass;
06054
06055 k_old_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06056 if(!k_old_pass)
06057 {
06058 rsbac_kfree(k_new_pass);
06059 return -RSBAC_ENOMEM;
06060 }
06061 err = rsbac_get_user(k_old_pass, old_pass, RSBAC_MAXNAMELEN);
06062 if(err)
06063 {
06064 rsbac_kfree(k_old_pass);
06065 rsbac_kfree(k_new_pass);
06066 return err;
06067 }
06068 k_old_pass[RSBAC_MAXNAMELEN-1] = 0;
06069 err = rsbac_um_check_pass(uid, k_old_pass);
06070 rsbac_kfree(k_old_pass);
06071 if(err)
06072 {
06073 rsbac_kfree(k_new_pass);
06074 rsbac_printk(KERN_INFO "sys_rsbac_um_set_pass(): old password check failed\n");
06075 return err;
06076 }
06077 err = rsbac_um_good_pass(k_new_pass);
06078 if(err)
06079 {
06080 rsbac_kfree(k_new_pass);
06081 #ifdef CONFIG_RSBAC_DEBUG
06082 if (rsbac_debug_aef_um)
06083 {
06084 rsbac_printk(KERN_DEBUG
06085 "sys_rsbac_um_set_pass(): new password goodness check failed for user %u\n",
06086 uid);
06087 }
06088 #endif
06089 return err;
06090 }
06091 }
06092 else
06093 {
06094 #ifndef CONFIG_RSBAC_MAINT
06095
06096 union rsbac_target_id_t rsbac_target_id;
06097 union rsbac_attribute_value_t rsbac_attribute_value;
06098
06099 #ifdef CONFIG_RSBAC_FREEZE_UM
06100 if(rsbac_freeze)
06101 {
06102 rsbac_printk(KERN_WARNING
06103 "sys_rsbac_um_set_pass(): RSBAC configuration frozen, no administration allowed!\n");
06104 rsbac_kfree(k_new_pass);
06105 return -EPERM;
06106 }
06107 #endif
06108
06109 #ifdef CONFIG_RSBAC_DEBUG
06110 if (rsbac_debug_aef)
06111 {
06112 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass(): calling ADF\n");
06113 }
06114 #endif
06115 rsbac_target_id.user = uid;
06116 rsbac_attribute_value.dummy = 0;
06117 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
06118 current->pid,
06119 T_USER,
06120 rsbac_target_id,
06121 A_none,
06122 rsbac_attribute_value))
06123 {
06124 rsbac_kfree(k_new_pass);
06125 return -EPERM;
06126 }
06127 #endif
06128 }
06129
06130 err = rsbac_um_set_pass(uid, k_new_pass);
06131 rsbac_kfree(k_new_pass);
06132 return err;
06133 #else
06134 return (-RSBAC_EINVALIDMODULE);
06135 #endif
06136 }
06137
06138 int sys_rsbac_um_set_pass_name(char * name,
06139 char * old_pass,
06140 char * new_pass)
06141 {
06142 #if defined(CONFIG_RSBAC_UM)
06143 int err;
06144 rsbac_uid_t uid;
06145 char * k_name;
06146
06147 if(!name || !new_pass)
06148 return -RSBAC_EINVALIDPOINTER;
06149 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN);
06150 if(!k_name)
06151 return -RSBAC_ENOMEM;
06152 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06153 if(err)
06154 {
06155 rsbac_kfree(k_name);
06156 return err;
06157 }
06158 k_name[RSBAC_UM_NAME_LEN-1] = 0;
06159
06160 #ifdef CONFIG_RSBAC_DEBUG
06161 if (rsbac_debug_aef_um)
06162 {
06163 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): user %s\n",
06164 k_name);
06165 }
06166 #endif
06167 err = rsbac_um_get_uid(0, k_name, &uid);
06168 rsbac_kfree(k_name);
06169 if(err)
06170 {
06171 #ifdef CONFIG_RSBAC_DEBUG
06172 if (rsbac_debug_aef_um)
06173 {
06174 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): lookup of user %s failed\n",
06175 k_name);
06176 }
06177 #endif
06178 }
06179 else
06180 err = sys_rsbac_um_set_pass(uid, old_pass, new_pass);
06181
06182 return err;
06183 #else
06184 return (-RSBAC_EINVALIDMODULE);
06185 #endif
06186 }
06187
06188 int sys_rsbac_um_set_group_pass(rsbac_gid_t gid,
06189 char * new_pass)
06190 {
06191 #if defined(CONFIG_RSBAC_UM)
06192 int err;
06193 char * k_new_pass;
06194 #ifndef CONFIG_RSBAC_MAINT
06195 union rsbac_target_id_t rsbac_target_id;
06196 union rsbac_attribute_value_t rsbac_attribute_value;
06197 #endif
06198
06199 #ifdef CONFIG_RSBAC_FREEZE_UM
06200 if(rsbac_freeze)
06201 {
06202 rsbac_printk(KERN_WARNING
06203 "sys_rsbac_um_set_group_pass(): RSBAC configuration frozen, no administration allowed!\n");
06204 return -EPERM;
06205 }
06206 #endif
06207
06208 #ifndef CONFIG_RSBAC_MAINT
06209
06210 #ifdef CONFIG_RSBAC_DEBUG
06211 if (rsbac_debug_aef)
06212 {
06213 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_group_pass(): calling ADF\n");
06214 }
06215 #endif
06216 rsbac_target_id.group = gid;
06217 rsbac_attribute_value.dummy = 0;
06218 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
06219 current->pid,
06220 T_GROUP,
06221 rsbac_target_id,
06222 A_none,
06223 rsbac_attribute_value))
06224 {
06225 return -EPERM;
06226 }
06227 #endif
06228
06229 if(new_pass)
06230 {
06231 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06232 if(!k_new_pass)
06233 return -RSBAC_ENOMEM;
06234 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN);
06235 if(!err)
06236 {
06237 k_new_pass[RSBAC_MAXNAMELEN-1] = 0;
06238 err = rsbac_um_set_group_pass(gid, k_new_pass);
06239 }
06240 rsbac_kfree(k_new_pass);
06241 }
06242 else
06243 {
06244 err = rsbac_um_set_group_pass(gid, NULL);
06245 }
06246 return err;
06247 #else
06248 return (-RSBAC_EINVALIDMODULE);
06249 #endif
06250 }
06251
06252 int sys_rsbac_um_check_account(rsbac_uid_t uid)
06253 {
06254 #if defined(CONFIG_RSBAC_UM)
06255 #ifndef CONFIG_RSBAC_MAINT
06256 union rsbac_target_id_t rsbac_target_id;
06257 union rsbac_attribute_value_t rsbac_attribute_value;
06258 #endif
06259
06260
06261 #ifndef CONFIG_RSBAC_MAINT
06262 #ifdef CONFIG_RSBAC_DEBUG
06263 if (rsbac_debug_aef)
06264 {
06265 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n");
06266 }
06267 #endif
06268 rsbac_target_id.user = uid;
06269 rsbac_attribute_value.dummy = 0;
06270 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06271 current->pid,
06272 T_USER,
06273 rsbac_target_id,
06274 A_none,
06275 rsbac_attribute_value))
06276 {
06277 return -EPERM;
06278 }
06279 #endif
06280
06281 return rsbac_um_check_account(uid);
06282 #else
06283 return (-RSBAC_EINVALIDMODULE);
06284 #endif
06285 }
06286
06287 int sys_rsbac_um_check_account_name(char * name)
06288 {
06289 #if defined(CONFIG_RSBAC_UM)
06290 int err;
06291 rsbac_uid_t uid;
06292 char k_name[RSBAC_UM_NAME_LEN];
06293 #ifndef CONFIG_RSBAC_MAINT
06294 union rsbac_target_id_t rsbac_target_id;
06295 union rsbac_attribute_value_t rsbac_attribute_value;
06296 #endif
06297
06298 if(!name)
06299 return -RSBAC_EINVALIDPOINTER;
06300 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06301 if(err)
06302 return err;
06303 k_name[RSBAC_UM_NAME_LEN-1] = 0;
06304 #ifdef CONFIG_RSBAC_DEBUG
06305 if (rsbac_debug_aef_um)
06306 {
06307 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): checking user %s\n",
06308 k_name);
06309 }
06310 #endif
06311 err = rsbac_um_get_uid(0, k_name, &uid);
06312 if(err)
06313 {
06314 #ifdef CONFIG_RSBAC_DEBUG
06315 if (rsbac_debug_aef_um)
06316 {
06317 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): lookup of user %s failed\n",
06318 k_name);
06319 }
06320 #endif
06321 return err;
06322 }
06323
06324 #ifndef CONFIG_RSBAC_MAINT
06325 #ifdef CONFIG_RSBAC_DEBUG
06326 if (rsbac_debug_aef)
06327 {
06328 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n");
06329 }
06330 #endif
06331 rsbac_target_id.user = uid;
06332 rsbac_attribute_value.dummy = 0;
06333 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06334 current->pid,
06335 T_USER,
06336 rsbac_target_id,
06337 A_none,
06338 rsbac_attribute_value))
06339 {
06340 return -EPERM;
06341 }
06342 #endif
06343
06344 return rsbac_um_check_account(uid);
06345 #else
06346 return (-RSBAC_EINVALIDMODULE);
06347 #endif
06348 }
06349
06350
06351
06352
06353
06354
06355 int sys_rsbac_adf_log_switch(enum rsbac_adf_request_t request,
06356 enum rsbac_target_t target,
06357 u_int value)
06358 {
06359 union rsbac_target_id_t rsbac_target_id;
06360 union rsbac_attribute_value_t rsbac_attribute_value;
06361
06362 if ((value != LL_none) && (value != LL_denied) && (value != LL_full))
06363 return (-RSBAC_EINVALIDVALUE);
06364 if(request >= R_NONE)
06365 return(-RSBAC_EINVALIDREQUEST);
06366 if( (target == T_FD)
06367 || (target > T_NONE)
06368 )
06369 return(-RSBAC_EINVALIDTARGET);
06370
06371 #ifdef CONFIG_RSBAC_FREEZE
06372 if(rsbac_freeze)
06373 {
06374 rsbac_printk(KERN_WARNING
06375 "sys_rsbac_adf_log_switch(): RSBAC configuration frozen, no administration allowed!\n");
06376 return -EPERM;
06377 }
06378 #endif
06379
06380
06381 #ifdef CONFIG_RSBAC_DEBUG
06382 if (rsbac_debug_aef)
06383 rsbac_printk(KERN_DEBUG "sys_rsbac_adf_log_switch(): calling ADF\n");
06384 #endif
06385 rsbac_target_id.dummy = 0;
06386 rsbac_attribute_value.request = target;
06387 if (!rsbac_adf_request(R_SWITCH_LOG,
06388 current->pid,
06389 T_NONE,
06390 rsbac_target_id,
06391 A_request,
06392 rsbac_attribute_value))
06393 {
06394 return -EPERM;
06395 }
06396 #ifdef CONFIG_RSBAC_DEBUG
06397 if (rsbac_debug_aef)
06398 {
06399 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06400 if(request_name)
06401 {
06402 get_request_name(request_name,target);
06403 rsbac_printk(KERN_INFO "sys_rsbac_adf_log_switch(): switching RSBAC module logging for request %s (No. %i) to %i!\n",
06404 request_name, target, value);
06405 rsbac_kfree(request_name);
06406 }
06407 }
06408 #endif
06409 rsbac_adf_log_switch(request,target,value);
06410 return(0);
06411 }
06412
06413 int sys_rsbac_get_adf_log(enum rsbac_adf_request_t request,
06414 enum rsbac_target_t target,
06415 u_int * value_p)
06416 {
06417 union rsbac_target_id_t rsbac_target_id;
06418 union rsbac_attribute_value_t rsbac_attribute_value;
06419 u_int k_value;
06420 int err;
06421
06422 if(request >= R_NONE)
06423 return(-RSBAC_EINVALIDREQUEST);
06424 if( (target == T_FD)
06425 || (target > T_NONE)
06426 )
06427 return(-RSBAC_EINVALIDTARGET);
06428 if(!value_p)
06429 return(-RSBAC_EINVALIDPOINTER);
06430
06431 #ifdef CONFIG_RSBAC_DEBUG
06432 if (rsbac_debug_aef)
06433 rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): calling ADF\n");
06434 #endif
06435 rsbac_target_id.scd = ST_rsbac;
06436 rsbac_attribute_value.request = request;
06437 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06438 current->pid,
06439 T_SCD,
06440 rsbac_target_id,
06441 A_request,
06442 rsbac_attribute_value))
06443 {
06444 return -EPERM;
06445 }
06446 #ifdef CONFIG_RSBAC_DEBUG
06447 if (rsbac_debug_aef)
06448 {
06449 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06450 if(request_name)
06451 {
06452 get_request_name(request_name,target);
06453 rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): getting RSBAC module logging for request %s (No. %i)!\n",
06454 request_name, target);
06455 rsbac_kfree(request_name);
06456 }
06457 }
06458 #endif
06459 err = rsbac_get_adf_log(request, target, &k_value);
06460 if(!err)
06461 {
06462 rsbac_put_user((u_char *) &k_value,
06463 (u_char *) value_p,
06464 sizeof(k_value) );
06465 }
06466 return(err);
06467 }
06468
06469
06470
06471
06472
06473
06474
06475
06476
06477
06478
06479 int sys_rsbac_log(int type,
06480 char * buf,
06481 int len)
06482 {
06483 #if defined(CONFIG_RSBAC_RMSG)
06484
06485 return(rsbac_log(type,buf,len));
06486 #else
06487 return(0);
06488 #endif
06489 }
06490
06491 #if defined(CONFIG_RSBAC_INIT_DELAY)
06492 int sys_rsbac_init(char * path)
06493 {
06494 struct dentry * t_dentry = NULL;
06495 rsbac_boolean_t need_put = FALSE;
06496 int err = 0;
06497
06498 struct nameidata nd;
06499
06500 if(!path)
06501 return rsbac_init(ROOT_DEV);
06502
06503 if ((err = user_path_walk_link(path, &nd)))
06504 {
06505 goto out;
06506 }
06507 t_dentry = nd.dentry;
06508 need_put = TRUE;
06509 if (!t_dentry->d_inode)
06510 {
06511 err = -RSBAC_EINVALIDTARGET;
06512 goto out_dput;
06513 }
06514
06515 if(!S_ISBLK(t_dentry->d_inode->i_mode))
06516 {
06517 err = -RSBAC_EINVALIDTARGET;
06518 goto out_dput;
06519 }
06520 err = rsbac_init(t_dentry->d_sb->s_dev);
06521
06522 out_dput:
06523 if(need_put)
06524 path_release(&nd);
06525 out:
06526 return(err);
06527 }
06528 #endif
06529
06530 #ifdef CONFIG_RSBAC_LIST_TRANS
06531 int sys_rsbac_list_ta_begin(
06532 rsbac_time_t ttl,
06533 rsbac_list_ta_number_t * ta_number_p,
06534 rsbac_uid_t commit_uid,
06535 char * password)
06536 {
06537 int err;
06538 rsbac_list_ta_number_t k_ta_number;
06539 char * k_password = NULL;
06540
06541 if(password)
06542 {
06543 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
06544 if(!k_password)
06545 return -ENOMEM;
06546 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
06547 if(err)
06548 {
06549 rsbac_kfree(k_password);
06550 return err;
06551 }
06552 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
06553 }
06554 err = rsbac_list_ta_begin(ttl, &k_ta_number, commit_uid, k_password);
06555 if(!err)
06556 err = rsbac_put_user((u_char *) &k_ta_number,
06557 (u_char *) ta_number_p,
06558 sizeof(k_ta_number) );
06559 if(k_password)
06560 rsbac_kfree(k_password);
06561 return err;
06562 }
06563
06564 int sys_rsbac_list_ta_refresh(
06565 rsbac_time_t ttl,
06566 rsbac_list_ta_number_t ta_number,
06567 char * password)
06568 {
06569 int err;
06570 char * k_password;
06571
06572 if(password)
06573 {
06574 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
06575 if(!k_password)
06576 return -ENOMEM;
06577 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
06578 if(err)
06579 {
06580 rsbac_kfree(k_password);
06581 return err;
06582 }
06583 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
06584 }
06585 else
06586 k_password = NULL;
06587 err = rsbac_list_ta_refresh(ttl, ta_number, k_password);
06588 if(k_password)
06589 rsbac_kfree(k_password);
06590 return err;
06591 }
06592
06593 int sys_rsbac_list_ta_commit(
06594 rsbac_list_ta_number_t ta_number,
06595 char * password)
06596 {
06597 int err;
06598 char * k_password;
06599
06600 if(password)
06601 {
06602 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
06603 if(!k_password)
06604 return -ENOMEM;
06605 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
06606 if(err)
06607 {
06608 rsbac_kfree(k_password);
06609 return err;
06610 }
06611 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
06612 }
06613 else
06614 k_password = NULL;
06615 err = rsbac_list_ta_commit(ta_number, k_password);
06616 if(k_password)
06617 rsbac_kfree(k_password);
06618 return err;
06619 }
06620
06621 int sys_rsbac_list_ta_forget(
06622 rsbac_list_ta_number_t ta_number,
06623 char * password)
06624 {
06625 int err;
06626 char * k_password;
06627
06628 if(password)
06629 {
06630 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
06631 if(!k_password)
06632 return -ENOMEM;
06633 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
06634 if(err)
06635 {
06636 rsbac_kfree(k_password);
06637 return err;
06638 }
06639 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
06640 }
06641 else
06642 k_password = NULL;
06643 err = rsbac_list_ta_forget(ta_number, k_password);
06644 if(k_password)
06645 rsbac_kfree(k_password);
06646 return err;
06647 }
06648 #endif
06649
06650
06651 #ifdef rsbac_syscall4
06652 asmlinkage int sys_rsbac(int dummy,
06653 rsbac_version_t version,
06654 enum rsbac_syscall_t call,
06655 union rsbac_syscall_arg_t * arg_p)
06656 #else
06657 asmlinkage int sys_rsbac(rsbac_version_t version,
06658 enum rsbac_syscall_t call,
06659 union rsbac_syscall_arg_t * arg_p)
06660 #endif
06661 {
06662 union rsbac_syscall_arg_t k_arg;
06663 int err;
06664
06665 if(version != RSBAC_VERSION_NR)
06666 return -RSBAC_EINVALIDVERSION;
06667
06668 if(call >= RSYS_none)
06669 return -RSBAC_EINVALIDREQUEST;
06670
06671
06672 if(arg_p)
06673 {
06674 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) );
06675 if(err)
06676 return err;
06677 }
06678 else
06679 {
06680 memset(&k_arg, 0, sizeof(k_arg));
06681 }
06682
06683 switch(call)
06684 {
06685 case RSYS_stats:
06686 return sys_rsbac_stats();
06687 case RSYS_check:
06688 return sys_rsbac_check(k_arg.check.correct, k_arg.check.check_inode);
06689 case RSYS_get_attr:
06690 return sys_rsbac_get_attr(k_arg.get_attr.ta_number,
06691 k_arg.get_attr.module,
06692 k_arg.get_attr.target,
06693 k_arg.get_attr.tid,
06694 k_arg.get_attr.attr,
06695 k_arg.get_attr.value,
06696 k_arg.get_attr.inherit);
06697 case RSYS_get_attr_n:
06698 return sys_rsbac_get_attr_n(k_arg.get_attr_n.ta_number,
06699 k_arg.get_attr_n.module,
06700 k_arg.get_attr_n.target,
06701 k_arg.get_attr_n.t_name,
06702 k_arg.get_attr_n.attr,
06703 k_arg.get_attr_n.value,
06704 k_arg.get_attr_n.inherit);
06705 case RSYS_set_attr:
06706 return sys_rsbac_set_attr(k_arg.set_attr.ta_number,
06707 k_arg.set_attr.module,
06708 k_arg.set_attr.target,
06709 k_arg.set_attr.tid,
06710 k_arg.set_attr.attr,
06711 k_arg.set_attr.value);
06712 case RSYS_set_attr_n:
06713 return sys_rsbac_set_attr_n(k_arg.set_attr_n.ta_number,
06714 k_arg.set_attr_n.module,
06715 k_arg.set_attr_n.target,
06716 k_arg.set_attr_n.t_name,
06717 k_arg.set_attr_n.attr,
06718 k_arg.set_attr_n.value);
06719 case RSYS_remove_target:
06720 return sys_rsbac_remove_target(k_arg.remove_target.ta_number,
06721 k_arg.remove_target.target,
06722 k_arg.remove_target.tid);
06723 case RSYS_remove_target_n:
06724 return sys_rsbac_remove_target_n(k_arg.remove_target_n.ta_number,
06725 k_arg.remove_target_n.target,
06726 k_arg.remove_target_n.t_name);
06727 case RSYS_net_list_all_netdev:
06728 return sys_rsbac_net_list_all_netdev(k_arg.net_list_all_netdev.ta_number,
06729 k_arg.net_list_all_netdev.id_p,
06730 k_arg.net_list_all_netdev.maxnum);
06731 case RSYS_net_template:
06732 return sys_rsbac_net_template(k_arg.net_template.ta_number,
06733 k_arg.net_template.call,
06734 k_arg.net_template.id,
06735 k_arg.net_template.data_p);
06736 case RSYS_net_list_all_template:
06737 return sys_rsbac_net_list_all_template(k_arg.net_list_all_template.ta_number,
06738 k_arg.net_list_all_template.id_p,
06739 k_arg.net_list_all_template.maxnum);
06740 case RSYS_switch:
06741 return sys_rsbac_switch(k_arg.switch_module.target,
06742 k_arg.switch_module.value);
06743 case RSYS_adf_log_switch:
06744 return sys_rsbac_adf_log_switch(k_arg.adf_log_switch.request,
06745 k_arg.adf_log_switch.target,
06746 k_arg.adf_log_switch.value);
06747 case RSYS_get_adf_log:
06748 return sys_rsbac_get_adf_log(k_arg.get_adf_log.request,
06749 k_arg.get_adf_log.target,
06750 k_arg.get_adf_log.value_p);
06751 case RSYS_write:
06752 return sys_rsbac_write();
06753 case RSYS_log:
06754 return sys_rsbac_log(k_arg.log.type,
06755 k_arg.log.buf,
06756 k_arg.log.len);
06757 case RSYS_mac_set_curr_level:
06758 return sys_rsbac_mac_set_curr_level(k_arg.mac_set_curr_level.level,
06759 k_arg.mac_set_curr_level.categories_p);
06760 case RSYS_mac_get_curr_level:
06761 return sys_rsbac_mac_get_curr_level(k_arg.mac_get_curr_level.level_p,
06762 k_arg.mac_get_curr_level.categories_p);
06763 case RSYS_mac_get_max_level:
06764 return sys_rsbac_mac_get_max_level(k_arg.mac_get_max_level.level_p,
06765 k_arg.mac_get_max_level.categories_p);
06766 case RSYS_mac_get_min_level:
06767 return sys_rsbac_mac_get_min_level(k_arg.mac_get_min_level.level_p,
06768 k_arg.mac_get_min_level.categories_p);
06769 case RSYS_mac_add_p_tru:
06770 return sys_rsbac_mac_add_p_tru(k_arg.mac_add_p_tru.ta_number,
06771 k_arg.mac_add_p_tru.pid,
06772 k_arg.mac_add_p_tru.uid,
06773 k_arg.mac_add_p_tru.ttl);
06774 case RSYS_mac_remove_p_tru:
06775 return sys_rsbac_mac_remove_p_tru(k_arg.mac_remove_p_tru.ta_number,
06776 k_arg.mac_remove_p_tru.pid,
06777 k_arg.mac_add_p_tru.uid);
06778 case RSYS_mac_add_f_tru:
06779 return sys_rsbac_mac_add_f_tru(k_arg.mac_add_f_tru.ta_number,
06780 k_arg.mac_add_f_tru.filename,
06781 k_arg.mac_add_p_tru.uid,
06782 k_arg.mac_add_f_tru.ttl);
06783 case RSYS_mac_remove_f_tru:
06784 return sys_rsbac_mac_remove_f_tru(k_arg.mac_remove_f_tru.ta_number,
06785 k_arg.mac_remove_f_tru.filename,
06786 k_arg.mac_remove_f_tru.uid);
06787 case RSYS_mac_get_f_trulist:
06788 return sys_rsbac_mac_get_f_trulist(k_arg.mac_get_f_trulist.ta_number,
06789 k_arg.mac_get_f_trulist.filename,
06790 k_arg.mac_get_f_trulist.trulist,
06791 k_arg.mac_get_f_trulist.ttllist,
06792 k_arg.mac_get_f_trulist.maxnum);
06793 case RSYS_mac_get_p_trulist:
06794 return sys_rsbac_mac_get_p_trulist(k_arg.mac_get_p_trulist.ta_number,
06795 k_arg.mac_get_p_trulist.pid,
06796 k_arg.mac_get_p_trulist.trulist,
06797 k_arg.mac_get_p_trulist.ttllist,
06798 k_arg.mac_get_p_trulist.maxnum);
06799 case RSYS_stats_pm:
06800 return sys_rsbac_stats_pm();
06801 case RSYS_pm:
06802 return sys_rsbac_pm(k_arg.pm.ta_number,
06803 k_arg.pm.function,
06804 k_arg.pm.param_p,
06805 k_arg.pm.ticket);
06806 case RSYS_pm_change_current_task:
06807 return sys_rsbac_pm_change_current_task(k_arg.pm_change_current_task.task);
06808 case RSYS_pm_create_file:
06809 return sys_rsbac_pm_create_file(k_arg.pm_create_file.filename,
06810 k_arg.pm_create_file.mode,
06811 k_arg.pm_create_file.object_class);
06812 case RSYS_daz_flush_cache:
06813 return sys_rsbac_daz_flush_cache();
06814 case RSYS_rc_copy_role:
06815 return sys_rsbac_rc_copy_role(k_arg.rc_copy_role.ta_number,
06816 k_arg.rc_copy_role.from_role,
06817 k_arg.rc_copy_role.to_role);
06818 case RSYS_rc_copy_type:
06819 return sys_rsbac_rc_copy_type(k_arg.rc_copy_type.ta_number,
06820 k_arg.rc_copy_type.target,
06821 k_arg.rc_copy_type.from_type,
06822 k_arg.rc_copy_type.to_type);
06823 case RSYS_rc_get_item:
06824 return sys_rsbac_rc_get_item(k_arg.rc_get_item.ta_number,
06825 k_arg.rc_get_item.target,
06826 k_arg.rc_get_item.tid_p,
06827 k_arg.rc_get_item.subtid_p,
06828 k_arg.rc_get_item.item,
06829 k_arg.rc_get_item.value_p,
06830 k_arg.rc_get_item.ttl_p);
06831 case RSYS_rc_set_item:
06832 return sys_rsbac_rc_set_item(k_arg.rc_set_item.ta_number,
06833 k_arg.rc_set_item.target,
06834 k_arg.rc_set_item.tid_p,
06835 k_arg.rc_set_item.subtid_p,
06836 k_arg.rc_set_item.item,
06837 k_arg.rc_set_item.value_p,
06838 k_arg.rc_set_item.ttl);
06839 case RSYS_rc_change_role:
06840 return sys_rsbac_rc_change_role(k_arg.rc_change_role.role);
06841 case RSYS_rc_get_eff_rights_n:
06842 return sys_rsbac_rc_get_eff_rights_n(k_arg.rc_get_eff_rights_n.ta_number,
06843 k_arg.rc_get_eff_rights_n.target,
06844 k_arg.rc_get_eff_rights_n.t_name,
06845 k_arg.rc_get_eff_rights_n.request_vector_p,
06846 k_arg.rc_get_eff_rights_n.ttl_p);
06847 case RSYS_rc_get_list:
06848 return sys_rsbac_rc_get_list(k_arg.rc_get_list.ta_number,
06849 k_arg.rc_get_list.target,
06850 k_arg.rc_get_list.tid_p,
06851 k_arg.rc_get_list.item,
06852 k_arg.rc_get_list.maxnum,
06853 k_arg.rc_get_list.array_p,
06854 k_arg.rc_get_list.ttl_array_p);
06855 case RSYS_rc_get_current_role:
06856 return sys_rsbac_rc_get_current_role(k_arg.rc_get_current_role.role_p);
06857 case RSYS_auth_add_p_cap:
06858 return sys_rsbac_auth_add_p_cap(k_arg.auth_add_p_cap.ta_number,
06859 k_arg.auth_add_p_cap.pid,
06860 k_arg.auth_add_p_cap.cap_type,
06861 k_arg.auth_add_p_cap.cap_range,
06862 k_arg.auth_add_p_cap.ttl);
06863 case RSYS_auth_remove_p_cap:
06864 return sys_rsbac_auth_remove_p_cap(k_arg.auth_remove_p_cap.ta_number,
06865 k_arg.auth_remove_p_cap.pid,
06866 k_arg.auth_remove_p_cap.cap_type,
06867 k_arg.auth_remove_p_cap.cap_range);
06868 case RSYS_auth_add_f_cap:
06869 return sys_rsbac_auth_add_f_cap(k_arg.auth_add_f_cap.ta_number,
06870 k_arg.auth_add_f_cap.filename,
06871 k_arg.auth_add_f_cap.cap_type,
06872 k_arg.auth_add_f_cap.cap_range,
06873 k_arg.auth_add_f_cap.ttl);
06874 case RSYS_auth_remove_f_cap:
06875 return sys_rsbac_auth_remove_f_cap(k_arg.auth_remove_f_cap.ta_number,
06876 k_arg.auth_remove_f_cap.filename,
06877 k_arg.auth_remove_f_cap.cap_type,
06878 k_arg.auth_remove_f_cap.cap_range);
06879 case RSYS_auth_get_f_caplist:
06880 return sys_rsbac_auth_get_f_caplist(k_arg.auth_get_f_caplist.ta_number,
06881 k_arg.auth_get_f_caplist.filename,
06882 k_arg.auth_get_f_caplist.cap_type,
06883 k_arg.auth_get_f_caplist.caplist,
06884 k_arg.auth_get_f_caplist.ttllist,
06885 k_arg.auth_get_f_caplist.maxnum);
06886 case RSYS_auth_get_p_caplist:
06887 return sys_rsbac_auth_get_p_caplist(k_arg.auth_get_p_caplist.ta_number,
06888 k_arg.auth_get_p_caplist.pid,
06889 k_arg.auth_get_p_caplist.cap_type,
06890 k_arg.auth_get_p_caplist.caplist,
06891 k_arg.auth_get_p_caplist.ttllist,
06892 k_arg.auth_get_p_caplist.maxnum);
06893 case RSYS_acl:
06894 return sys_rsbac_acl(k_arg.acl.ta_number,
06895 k_arg.acl.call,
06896 k_arg.acl.arg);
06897 case RSYS_acl_n:
06898 return sys_rsbac_acl_n(k_arg.acl_n.ta_number,
06899 k_arg.acl_n.call,
06900 k_arg.acl_n.arg);
06901 case RSYS_acl_get_rights:
06902 return sys_rsbac_acl_get_rights(k_arg.acl_get_rights.ta_number,
06903 k_arg.acl_get_rights.arg,
06904 k_arg.acl_get_rights.rights_p,
06905 k_arg.acl_get_rights.effective);
06906 case RSYS_acl_get_rights_n:
06907 return sys_rsbac_acl_get_rights_n(k_arg.acl_get_rights_n.ta_number,
06908 k_arg.acl_get_rights_n.arg,
06909 k_arg.acl_get_rights_n.rights_p,
06910 k_arg.acl_get_rights_n.effective);
06911 case RSYS_acl_get_tlist:
06912 return sys_rsbac_acl_get_tlist(k_arg.acl_get_tlist.ta_number,
06913 k_arg.acl_get_tlist.target,
06914 k_arg.acl_get_tlist.tid,
06915 k_arg.acl_get_tlist.entry_array,
06916 k_arg.acl_get_tlist.ttl_array,
06917 k_arg.acl_get_tlist.maxnum);
06918 case RSYS_acl_get_tlist_n:
06919 return sys_rsbac_acl_get_tlist_n(k_arg.acl_get_tlist_n.ta_number,
06920 k_arg.acl_get_tlist_n.target,
06921 k_arg.acl_get_tlist_n.t_name,
06922 k_arg.acl_get_tlist_n.entry_array,
06923 k_arg.acl_get_tlist_n.ttl_array,
06924 k_arg.acl_get_tlist_n.maxnum);
06925 case RSYS_acl_get_mask:
06926 return sys_rsbac_acl_get_mask(k_arg.acl_get_mask.ta_number,
06927 k_arg.acl_get_mask.target,
06928 k_arg.acl_get_mask.tid,
06929 k_arg.acl_get_mask.mask_p);
06930 case RSYS_acl_get_mask_n:
06931 return sys_rsbac_acl_get_mask_n(k_arg.acl_get_mask_n.ta_number,
06932 k_arg.acl_get_mask_n.target,
06933 k_arg.acl_get_mask_n.t_name,
06934 k_arg.acl_get_mask_n.mask_p);
06935 case RSYS_acl_group:
06936 return sys_rsbac_acl_group(k_arg.acl_group.ta_number,
06937 k_arg.acl_group.call,
06938 k_arg.acl_group.arg_p);
06939 case RSYS_acl_list_all_dev:
06940 return sys_rsbac_acl_list_all_dev(k_arg.acl_list_all_dev.ta_number,
06941 k_arg.acl_list_all_dev.id_p,
06942 k_arg.acl_list_all_dev.maxnum);
06943 case RSYS_acl_list_all_user:
06944 return sys_rsbac_acl_list_all_user(k_arg.acl_list_all_user.ta_number,
06945 k_arg.acl_list_all_user.id_p,
06946 k_arg.acl_list_all_user.maxnum);
06947 case RSYS_acl_list_all_group:
06948 return sys_rsbac_acl_list_all_group(k_arg.acl_list_all_group.ta_number,
06949 k_arg.acl_list_all_group.id_p,
06950 k_arg.acl_list_all_group.maxnum);
06951
06952 case RSYS_reg:
06953 return sys_rsbac_reg(k_arg.reg.handle,
06954 k_arg.reg.arg);
06955 case RSYS_jail:
06956 #ifdef CONFIG_RSBAC_JAIL
06957 return rsbac_jail_sys_jail(k_arg.jail.version,
06958 k_arg.jail.path,
06959 k_arg.jail.ip,
06960 k_arg.jail.flags,
06961 k_arg.jail.max_caps,
06962 k_arg.jail.scd_get,
06963 k_arg.jail.scd_modify);
06964 #else
06965 return -RSBAC_EINVALIDMODULE;
06966 #endif
06967
06968 #if defined(CONFIG_RSBAC_INIT_DELAY)
06969 case RSYS_init:
06970 return sys_rsbac_init(k_arg.init.root_dev);
06971 #endif
06972
06973 case RSYS_um_auth_name:
06974 return sys_rsbac_um_auth_name(k_arg.um_auth_name.name,
06975 k_arg.um_auth_name.pass);
06976 case RSYS_um_auth_uid:
06977 return sys_rsbac_um_auth_uid(k_arg.um_auth_uid.uid,
06978 k_arg.um_auth_uid.pass);
06979 case RSYS_um_add_user:
06980 return sys_rsbac_um_add_user(k_arg.um_add_user.ta_number,
06981 k_arg.um_add_user.uid,
06982 k_arg.um_add_user.entry_p,
06983 k_arg.um_add_user.pass,
06984 k_arg.um_add_user.ttl);
06985 case RSYS_um_add_group:
06986 return sys_rsbac_um_add_group(k_arg.um_add_group.ta_number,
06987 k_arg.um_add_group.gid,
06988 k_arg.um_add_group.entry_p,
06989 k_arg.um_add_group.pass,
06990 k_arg.um_add_group.ttl);
06991 case RSYS_um_add_gm:
06992 return sys_rsbac_um_add_gm(k_arg.um_add_gm.ta_number,
06993 k_arg.um_add_gm.uid,
06994 k_arg.um_add_gm.gid,
06995 k_arg.um_add_gm.ttl);
06996 case RSYS_um_mod_user:
06997 return sys_rsbac_um_mod_user(k_arg.um_mod_user.ta_number,
06998 k_arg.um_mod_user.uid,
06999 k_arg.um_mod_user.mod,
07000 k_arg.um_mod_user.data_p);
07001 case RSYS_um_mod_group:
07002 return sys_rsbac_um_mod_group(k_arg.um_mod_group.ta_number,
07003 k_arg.um_mod_group.gid,
07004 k_arg.um_mod_group.mod,
07005 k_arg.um_mod_group.data_p);
07006 case RSYS_um_get_user_item:
07007 return sys_rsbac_um_get_user_item(k_arg.um_get_user_item.ta_number,
07008 k_arg.um_get_user_item.uid,
07009 k_arg.um_get_user_item.mod,
07010 k_arg.um_get_user_item.data_p);
07011 case RSYS_um_get_group_item:
07012 return sys_rsbac_um_get_group_item(k_arg.um_get_group_item.ta_number,
07013 k_arg.um_get_group_item.gid,
07014 k_arg.um_get_group_item.mod,
07015 k_arg.um_get_group_item.data_p);
07016 case RSYS_um_remove_user:
07017 return sys_rsbac_um_remove_user(k_arg.um_remove_user.ta_number,
07018 k_arg.um_remove_user.uid);
07019 case RSYS_um_remove_group:
07020 return sys_rsbac_um_remove_group(k_arg.um_remove_group.ta_number,
07021 k_arg.um_remove_group.gid);
07022 case RSYS_um_remove_gm:
07023 return sys_rsbac_um_remove_gm(k_arg.um_remove_gm.ta_number,
07024 k_arg.um_remove_gm.uid,
07025 k_arg.um_remove_gm.gid);
07026 case RSYS_um_user_exists:
07027 return sys_rsbac_um_user_exists(k_arg.um_user_exists.ta_number,
07028 k_arg.um_user_exists.uid);
07029 case RSYS_um_get_next_user:
07030 return sys_rsbac_um_get_next_user(k_arg.um_get_next_user.ta_number,
07031 k_arg.um_get_next_user.old_user,
07032 k_arg.um_get_next_user.next_user_p);
07033 case RSYS_um_get_user_list:
07034 return sys_rsbac_um_get_user_list(k_arg.um_get_user_list.ta_number,
07035 k_arg.um_get_user_list.user_array,
07036 k_arg.um_get_user_list.maxnum);
07037 case RSYS_um_get_gm_list:
07038 return sys_rsbac_um_get_gm_list(k_arg.um_get_gm_list.ta_number,
07039 k_arg.um_get_gm_list.user,
07040 k_arg.um_get_gm_list.group_array,
07041 k_arg.um_get_gm_list.maxnum);
07042 case RSYS_um_get_gm_user_list:
07043 return sys_rsbac_um_get_gm_user_list(k_arg.um_get_gm_user_list.ta_number,
07044 k_arg.um_get_gm_user_list.group,
07045 k_arg.um_get_gm_user_list.user_array,
07046 k_arg.um_get_gm_user_list.maxnum);
07047 case RSYS_um_get_group_list:
07048 return sys_rsbac_um_get_group_list(k_arg.um_get_group_list.ta_number,
07049 k_arg.um_get_group_list.group_array,
07050 k_arg.um_get_group_list.maxnum);
07051 case RSYS_um_get_uid:
07052 return sys_rsbac_um_get_uid(k_arg.um_get_uid.ta_number,
07053 k_arg.um_get_uid.name,
07054 k_arg.um_get_uid.uid_p);
07055 case RSYS_um_get_gid:
07056 return sys_rsbac_um_get_gid(k_arg.um_get_gid.ta_number,
07057 k_arg.um_get_gid.name,
07058 k_arg.um_get_gid.gid_p);
07059 case RSYS_um_set_pass:
07060 return sys_rsbac_um_set_pass(k_arg.um_set_pass.uid,
07061 k_arg.um_set_pass.old_pass,
07062 k_arg.um_set_pass.new_pass);
07063 case RSYS_um_set_pass_name:
07064 return sys_rsbac_um_set_pass_name(k_arg.um_set_pass_name.name,
07065 k_arg.um_set_pass_name.old_pass,
07066 k_arg.um_set_pass_name.new_pass);
07067 case RSYS_um_set_group_pass:
07068 return sys_rsbac_um_set_group_pass(k_arg.um_set_group_pass.gid,
07069 k_arg.um_set_group_pass.new_pass);
07070 case RSYS_um_check_account:
07071 return sys_rsbac_um_check_account(k_arg.um_check_account.uid);
07072 case RSYS_um_check_account_name:
07073 return sys_rsbac_um_check_account_name(k_arg.um_check_account_name.name);
07074
07075 #ifdef CONFIG_RSBAC_LIST_TRANS
07076 case RSYS_list_ta_begin:
07077 return sys_rsbac_list_ta_begin(k_arg.list_ta_begin.ttl,
07078 k_arg.list_ta_begin.ta_number_p,
07079 k_arg.list_ta_begin.commit_uid,
07080 k_arg.list_ta_begin.password);
07081 case RSYS_list_ta_refresh:
07082 return sys_rsbac_list_ta_refresh(k_arg.list_ta_refresh.ttl,
07083 k_arg.list_ta_refresh.ta_number,
07084 k_arg.list_ta_refresh.password);
07085 case RSYS_list_ta_commit:
07086 return sys_rsbac_list_ta_commit(k_arg.list_ta_commit.ta_number,
07087 k_arg.list_ta_commit.password);
07088 case RSYS_list_ta_forget:
07089 return sys_rsbac_list_ta_forget(k_arg.list_ta_forget.ta_number,
07090 k_arg.list_ta_forget.password);
07091 #endif
07092
07093 case RSYS_list_all_dev:
07094 return sys_rsbac_list_all_dev(k_arg.list_all_dev.ta_number,
07095 k_arg.list_all_dev.id_p,
07096 k_arg.list_all_dev.maxnum);
07097 case RSYS_list_all_user:
07098 return sys_rsbac_list_all_user(k_arg.list_all_user.ta_number,
07099 k_arg.list_all_user.id_p,
07100 k_arg.list_all_user.maxnum);
07101 case RSYS_list_all_group:
07102 return sys_rsbac_list_all_group(k_arg.list_all_group.ta_number,
07103 k_arg.list_all_group.id_p,
07104 k_arg.list_all_group.maxnum);
07105
07106 default:
07107 return -RSBAC_EINVALIDREQUEST;
07108 }
07109 }
07110
07111
07112
