/daten/src/linux-2.4.27-rsbac-v1.2.3/include/rsbac/auth.h

Go to the documentation of this file.
00001 /************************************ */ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2003: */ 00004 /* Amon Ott <ao@rsbac.org> */ 00005 /* API: Data structures */ 00006 /* and functions for Access */ 00007 /* Control Information / AUTH */ 00008 /* Last modified: 16/Jan/2003 */ 00009 /************************************ */ 00010 00011 #ifndef __RSBAC_AUTH_H 00012 #define __RSBAC_AUTH_H 00013 00014 #include <linux/init.h> 00015 #include <rsbac/types.h> 00016 00017 /***************************************************/ 00018 /* General Prototypes */ 00019 /***************************************************/ 00020 00021 /* All functions return 0, if no error occurred, and a negative error code */ 00022 /* otherwise. The error codes are defined in rsbac_error.h. */ 00023 00024 /****************************************************************************/ 00025 /* Initialization, including ACI restoration for all mounted devices from */ 00026 /* disk. After this call, all ACI is kept in memory for performance reasons,*/ 00027 /* but user and file/dir object ACI are written to disk on every change. */ 00028 00029 #ifdef CONFIG_RSBAC_INIT_DELAY 00030 extern int rsbac_init_auth(void); 00031 #else 00032 extern int rsbac_init_auth(void) __init; 00033 #endif 00034 00035 /* mounting and umounting */ 00036 int rsbac_mount_auth(kdev_t kdev); 00037 int rsbac_umount_auth(kdev_t kdev); 00038 00039 /* Some information about the current status is also available */ 00040 extern int rsbac_stats_auth(void); 00041 00042 /* Status checking */ 00043 extern int rsbac_check_auth(int correct, int check_inode); 00044 00045 /* RSBAC attribute saving to disk can be triggered from outside 00046 * param: call lock_kernel() before writing? 00047 */ 00048 #if defined(CONFIG_RSBAC_MAINT) || defined(CONFIG_RSBAC_AUTO_WRITE) 00049 extern int rsbac_write_auth(boolean); 00050 #endif /* CONFIG_RSBAC_AUTO_WRITE */ 00051 00052 /************************************************* */ 00053 /* Access functions */ 00054 /************************************************* */ 00055 00056 /* All these procedures handle the semaphores to protect the targets during */ 00057 /* access. */ 00058 /* Trying to access a never created or removed set returns an error! */ 00059 00060 /* rsbac_auth_add_to_p_capset */ 00061 /* Add a set member to a set sublist. Set behaviour: also returns success, */ 00062 /* if member was already in set! */ 00063 00064 int rsbac_auth_add_to_p_capset(rsbac_pid_t pid, 00065 enum rsbac_auth_cap_type_t cap_type, 00066 struct rsbac_auth_cap_range_t cap_range, 00067 rsbac_time_t ttl); 00068 00069 int rsbac_auth_add_to_f_capset(rsbac_auth_file_t file, 00070 enum rsbac_auth_cap_type_t cap_type, 00071 struct rsbac_auth_cap_range_t cap_range, 00072 rsbac_time_t ttl); 00073 00074 /* rsbac_auth_remove_from_p_capset */ 00075 /* Remove a set member from a sublist. Set behaviour: Returns no error, if */ 00076 /* member is not in list. */ 00077 00078 int rsbac_auth_remove_from_p_capset(rsbac_pid_t pid, 00079 enum rsbac_auth_cap_type_t cap_type, 00080 struct rsbac_auth_cap_range_t cap_range); 00081 00082 int rsbac_auth_remove_from_f_capset(rsbac_auth_file_t file, 00083 enum rsbac_auth_cap_type_t cap_type, 00084 struct rsbac_auth_cap_range_t cap_range); 00085 00086 /* rsbac_auth_clear_p_capset */ 00087 /* Remove all set members from a sublist. Set behaviour: Returns no error, */ 00088 /* if list is empty. */ 00089 00090 int rsbac_auth_clear_p_capset(rsbac_pid_t pid, 00091 enum rsbac_auth_cap_type_t cap_type); 00092 00093 int rsbac_auth_clear_f_capset(rsbac_auth_file_t file, 00094 enum rsbac_auth_cap_type_t cap_type); 00095 00096 /* rsbac_auth_p_capset_member */ 00097 /* Return truth value, whether member is in set */ 00098 00099 boolean rsbac_auth_p_capset_member(rsbac_pid_t pid, 00100 enum rsbac_auth_cap_type_t cap_type, 00101 rsbac_uid_t member); 00102 00103 /* rsbac_auth_remove_p_capset */ 00104 /* Remove a full set. After this call the given id can only be used for */ 00105 /* creating a new set, anything else returns an error. */ 00106 /* To empty an existing set use rsbac_auth_clear_p_capset. */ 00107 00108 int rsbac_auth_remove_p_capsets(rsbac_pid_t pid); 00109 00110 int rsbac_auth_remove_f_capsets(rsbac_auth_file_t file); 00111 00112 /* rsbac_auth_copy_fp_capset */ 00113 /* copy a file capset to a process capset */ 00114 int rsbac_auth_copy_fp_capset(rsbac_auth_file_t file, 00115 rsbac_pid_t p_cap_set_id); 00116 00117 /* rsbac_auth_copy_pp_capset */ 00118 /* copy a process capset to another process capset */ 00119 int rsbac_auth_copy_pp_capset(rsbac_pid_t old_p_set_id, 00120 rsbac_pid_t new_p_set_id); 00121 00122 /* rsbac_auth_get_f_caplist */ 00123 /* copy a file/dir capset to an array of length 2 * maxnum (first+last), */ 00124 /* returns number of caps copied */ 00125 int rsbac_auth_get_f_caplist(rsbac_auth_file_t file, 00126 enum rsbac_auth_cap_type_t cap_type, 00127 struct rsbac_auth_cap_range_t **caplist_p, 00128 rsbac_time_t **ttllist_p); 00129 00130 /* rsbac_auth_get_p_caplist */ 00131 /* copy a process capset to an array of length 2 * maxnum (first+last), */ 00132 /* returns number of caps copied */ 00133 int rsbac_auth_get_p_caplist(rsbac_pid_t file, 00134 enum rsbac_auth_cap_type_t cap_type, 00135 struct rsbac_auth_cap_range_t **caplist_p, 00136 rsbac_time_t **ttllist_p); 00137 00138 #endif

Generated on Tue Aug 31 10:05:22 2004 for RSBAC by doxygen 1.3.8