/daten/src/linux-2.4.27-rsbac-v1.2.3/include/rsbac/acl_types.h

Go to the documentation of this file.
00001 /************************************ */ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2001: */ 00004 /* Amon Ott <ao@rsbac.org> */ 00005 /* API: Data types for attributes */ 00006 /* and standard module calls */ 00007 /* Last modified: 07/Aug/2001 */ 00008 /************************************ */ 00009 00010 #ifndef __RSBAC_ACL_TYPES_H 00011 #define __RSBAC_ACL_TYPES_H 00012 00013 #include <linux/types.h> 00014 00015 #define RSBAC_ACL_TTL_KEEP RSBAC_LIST_TTL_KEEP; 00016 00017 #define RSBAC_ACL_MAX_MAXNUM 1000000 00018 00019 enum rsbac_acl_subject_type_t {ACLS_USER, ACLS_ROLE, ACLS_GROUP, ACLS_NONE}; 00020 00021 typedef __u8 rsbac_acl_int_subject_type_t; 00022 typedef __u32 rsbac_acl_subject_id_t; 00023 00024 #define RSBAC_ACL_GROUP_EVERYONE 0 00025 00026 #define RSBAC_ACL_ROLE_EVERYROLE 64 00027 00028 #define RSBAC_ACL_ROLE_EVERYROLE 64 00029 00030 #define RSBAC_ACL_SPECIAL_RIGHT_BASE 48 00031 00032 enum rsbac_acl_special_rights_t 00033 { ACLR_FORWARD = RSBAC_ACL_SPECIAL_RIGHT_BASE, 00034 ACLR_ACCESS_CONTROL, 00035 ACLR_SUPERVISOR, 00036 ACLR_NONE}; 00037 00038 typedef __u64 rsbac_acl_rights_vector_t; 00039 00040 #define RSBAC_ACL_RIGHTS_VECTOR(x) ((rsbac_acl_rights_vector_t) 1 << (x)) 00041 00042 #define RSBAC_ACL_SPECIAL_RIGHTS_VECTOR (\ 00043 ((rsbac_acl_rights_vector_t) 1 << ACLR_FORWARD) | \ 00044 ((rsbac_acl_rights_vector_t) 1 << ACLR_ACCESS_CONTROL) | \ 00045 ((rsbac_acl_rights_vector_t) 1 << ACLR_SUPERVISOR) \ 00046 ) 00047 00048 #define RSBAC_ACL_SUPERVISOR_RIGHT_VECTOR (\ 00049 ((rsbac_acl_rights_vector_t) 1 << ACLR_SUPERVISOR) \ 00050 ) 00051 #define RSBAC_NWS_REQUEST_VECTOR RSBAC_ACL_SUPERVISOR_RIGHT_VECTOR 00052 00053 #define RSBAC_ACL_ACCESS_CONTROL_RIGHT_VECTOR (\ 00054 ((rsbac_acl_rights_vector_t) 1 << ACLR_ACCESS_CONTROL) \ 00055 ) 00056 #define RSBAC_NWA_REQUEST_VECTOR RSBAC_ACL_ACCESS_CONTROL_RIGHT_VECTOR 00057 00058 #define RSBAC_ACL_ALL_RIGHTS_VECTOR (RSBAC_ALL_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR) 00059 00060 #define RSBAC_ACL_DEFAULT_FD_MASK (RSBAC_FD_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR) 00061 #define RSBAC_ACL_DEFAULT_DEV_MASK (RSBAC_DEV_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR) 00062 #define RSBAC_ACL_DEFAULT_SCD_MASK (RSBAC_SCD_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR) 00063 #define RSBAC_ACL_DEFAULT_NETDEV_MASK (RSBAC_NETDEV_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR) 00064 #define RSBAC_ACL_DEFAULT_NETTEMP_MASK (RSBAC_NETTEMP_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR) 00065 #define RSBAC_ACL_DEFAULT_NETOBJ_MASK (RSBAC_NETOBJ_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR) 00066 00067 #define RSBAC_ACL_USER_RIGHTS_VECTOR (RSBAC_USER_REQUEST_VECTOR \ 00068 | RSBAC_ACL_RIGHTS_VECTOR(R_DELETE)) 00069 00070 #define RSBAC_ACL_GEN_RIGHTS_VECTOR 0 00071 00072 #define RSBAC_ACL_ACMAN_RIGHTS_VECTOR (\ 00073 ((rsbac_acl_rights_vector_t) 1 << ACLR_FORWARD) | \ 00074 ((rsbac_acl_rights_vector_t) 1 << ACLR_ACCESS_CONTROL) | \ 00075 ((rsbac_acl_rights_vector_t) 1 << ACLR_SUPERVISOR) \ 00076 ) 00077 00078 #define RSBAC_ACL_SYSADM_RIGHTS_VECTOR 0 00079 00080 /* 00081 * System Control Types, including general SCD types 00082 * (start at 32 to allow future SCD types, max is 63) 00083 * (should always be same as in RC model) 00084 */ 00085 #define AST_min 32 00086 enum rsbac_acl_scd_type_t{AST_auth_administration = AST_min, 00087 AST_none}; 00088 00089 /* note: the desc struct must be the same as the beginning of the entry struct! */ 00090 struct rsbac_acl_entry_t 00091 { 00092 rsbac_acl_int_subject_type_t subj_type; /* enum rsbac_acl_subject_type_t */ 00093 rsbac_acl_subject_id_t subj_id; 00094 rsbac_acl_rights_vector_t rights; 00095 }; 00096 00097 struct rsbac_acl_entry_desc_t 00098 { 00099 rsbac_acl_int_subject_type_t subj_type; /* enum rsbac_acl_subject_type_t */ 00100 rsbac_acl_subject_id_t subj_id; 00101 }; 00102 00103 enum rsbac_acl_group_type_t {ACLG_GLOBAL, ACLG_PRIVATE, ACLG_NONE}; 00104 00105 typedef __u32 rsbac_acl_group_id_t; 00106 00107 #define RSBAC_ACL_GROUP_NAMELEN 16 00108 00109 #define RSBAC_ACL_GROUP_VERSION 2 00110 00111 struct rsbac_acl_group_entry_t 00112 { 00113 rsbac_acl_group_id_t id; 00114 rsbac_uid_t owner; 00115 enum rsbac_acl_group_type_t type; 00116 char name[RSBAC_ACL_GROUP_NAMELEN]; 00117 }; 00118 00119 /**** syscalls ****/ 00120 00121 enum rsbac_acl_syscall_type_t 00122 { 00123 ACLC_set_acl_entry, 00124 ACLC_remove_acl_entry, 00125 ACLC_remove_acl, 00126 ACLC_add_to_acl_entry, 00127 ACLC_remove_from_acl_entry, 00128 ACLC_set_mask, 00129 ACLC_remove_user, 00130 ACLC_none 00131 }; 00132 00133 struct rsbac_acl_syscall_arg_t 00134 { 00135 enum rsbac_target_t target; 00136 union rsbac_target_id_t tid; 00137 enum rsbac_acl_subject_type_t subj_type; 00138 rsbac_acl_subject_id_t subj_id; 00139 rsbac_acl_rights_vector_t rights; 00140 rsbac_time_t ttl; 00141 }; 00142 00143 struct rsbac_acl_syscall_n_arg_t 00144 { 00145 enum rsbac_target_t target; 00146 char * name; 00147 enum rsbac_acl_subject_type_t subj_type; 00148 rsbac_acl_subject_id_t subj_id; 00149 rsbac_acl_rights_vector_t rights; 00150 rsbac_time_t ttl; 00151 }; 00152 00153 00154 enum rsbac_acl_group_syscall_type_t 00155 { 00156 ACLGS_add_group, 00157 ACLGS_change_group, 00158 ACLGS_remove_group, 00159 ACLGS_get_group_entry, 00160 ACLGS_list_groups, 00161 ACLGS_add_member, 00162 ACLGS_remove_member, 00163 ACLGS_get_user_groups, 00164 ACLGS_get_group_members, 00165 ACLGS_none 00166 }; 00167 00168 struct rsbac_acl_add_group_arg_t 00169 { 00170 enum rsbac_acl_group_type_t type; 00171 char * name; 00172 rsbac_acl_group_id_t * group_id_p; 00173 }; 00174 00175 struct rsbac_acl_change_group_arg_t 00176 { 00177 rsbac_acl_group_id_t id; 00178 rsbac_uid_t owner; 00179 enum rsbac_acl_group_type_t type; 00180 char * name; 00181 }; 00182 00183 struct rsbac_acl_remove_group_arg_t 00184 { 00185 rsbac_acl_group_id_t id; 00186 }; 00187 00188 struct rsbac_acl_get_group_entry_arg_t 00189 { 00190 rsbac_acl_group_id_t id; 00191 struct rsbac_acl_group_entry_t * entry_p; 00192 }; 00193 00194 struct rsbac_acl_list_groups_arg_t 00195 { 00196 boolean include_global; 00197 struct rsbac_acl_group_entry_t * group_entry_array; 00198 u_int maxnum; 00199 }; 00200 00201 struct rsbac_acl_add_member_arg_t 00202 { 00203 rsbac_acl_group_id_t group; 00204 rsbac_uid_t user; 00205 rsbac_time_t ttl; 00206 }; 00207 00208 struct rsbac_acl_remove_member_arg_t 00209 { 00210 rsbac_acl_group_id_t group; 00211 rsbac_uid_t user; 00212 }; 00213 00214 struct rsbac_acl_get_user_groups_arg_t 00215 { 00216 rsbac_uid_t user; 00217 rsbac_acl_group_id_t * group_array; 00218 rsbac_time_t * ttl_array; 00219 u_int maxnum; 00220 }; 00221 00222 struct rsbac_acl_get_group_members_arg_t 00223 { 00224 rsbac_acl_group_id_t group; 00225 rsbac_uid_t * user_array; 00226 rsbac_time_t * ttl_array; 00227 u_int maxnum; 00228 }; 00229 00230 union rsbac_acl_group_syscall_arg_t 00231 { 00232 struct rsbac_acl_add_group_arg_t add_group; 00233 struct rsbac_acl_change_group_arg_t change_group; 00234 struct rsbac_acl_remove_group_arg_t remove_group; 00235 struct rsbac_acl_get_group_entry_arg_t get_group_entry; 00236 struct rsbac_acl_list_groups_arg_t list_groups; 00237 struct rsbac_acl_add_member_arg_t add_member; 00238 struct rsbac_acl_remove_member_arg_t remove_member; 00239 struct rsbac_acl_get_user_groups_arg_t get_user_groups; 00240 struct rsbac_acl_get_group_members_arg_t get_group_members; 00241 }; 00242 00243 #endif

Generated on Tue Aug 31 10:05:22 2004 for RSBAC by doxygen 1.3.8