/daten/src/linux-2.4.27-rsbac-v1.2.3/include/rsbac/acl.h

Go to the documentation of this file.
00001 /************************************ */ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999,2000: Amon Ott */ 00004 /* API: Data structures */ 00005 /* and functions for Access */ 00006 /* Control Information / ACL */ 00007 /* Last modified: 12/Feb/2000 */ 00008 /************************************ */ 00009 00010 #ifndef __RSBAC_ACL_H 00011 #define __RSBAC_ACL_H 00012 00013 #include <linux/init.h> 00014 #include <rsbac/types.h> 00015 00016 /***************************************************/ 00017 /* General Prototypes */ 00018 /***************************************************/ 00019 00020 /* All functions return 0, if no error occurred, and a negative error code */ 00021 /* otherwise. The error codes are defined in rsbac_error.h. */ 00022 00023 /****************************************************************************/ 00024 /* Initialization, including ACI restoration for all mounted devices from */ 00025 /* disk. After this call, all ACI is kept in memory for performance reasons,*/ 00026 /* but user and file/dir object ACI are written to disk on every change. */ 00027 00028 #ifdef CONFIG_RSBAC_INIT_DELAY 00029 extern int rsbac_init_acl(void); 00030 #else 00031 extern int rsbac_init_acl(void) __init; 00032 #endif 00033 00034 /* mounting and umounting */ 00035 int rsbac_mount_acl(kdev_t kdev); 00036 int rsbac_umount_acl(kdev_t kdev); 00037 00038 /* Some information about the current status is also available */ 00039 extern int rsbac_stats_acl(void); 00040 00041 /* Status checking */ 00042 extern int rsbac_check_acl(int correct, int check_inode); 00043 00044 /************************************************* */ 00045 /* Access functions */ 00046 /************************************************* */ 00047 00048 /* All these procedures handle the spinlocks to protect the targets during */ 00049 /* access. */ 00050 00051 /* rsbac_acl_set_acl_entry 00052 * Set ACL entry for given target and subject to given rights. If entry does 00053 * not exist, it is created, thus cutting the inheritance from default/parent. 00054 */ 00055 00056 int rsbac_acl_set_acl_entry (enum rsbac_target_t target, 00057 union rsbac_target_id_t tid, 00058 enum rsbac_acl_subject_type_t subj_type, 00059 rsbac_acl_subject_id_t subj_id, 00060 rsbac_acl_rights_vector_t rights, 00061 rsbac_time_t ttl); 00062 00063 /* rsbac_acl_remove_acl_entry 00064 * Remove ACL entry for given target and subject. This reactivates the 00065 * inheritance from default/parent. 00066 */ 00067 00068 int rsbac_acl_remove_acl_entry (enum rsbac_target_t target, 00069 union rsbac_target_id_t tid, 00070 enum rsbac_acl_subject_type_t subj_type, 00071 rsbac_acl_subject_id_t subj_id); 00072 00073 /* rsbac_acl_remove_acl 00074 * Remove ACL for given target. For cleanup on delete. 00075 */ 00076 00077 int rsbac_acl_remove_acl (enum rsbac_target_t target, 00078 union rsbac_target_id_t tid); 00079 00080 /* rsbac_acl_add_to_acl_entry 00081 * Add given rights to ACL entry for given target and subject. If entry does 00082 * not exist, behaviour is exactly like rsbac_acl_set_acl_entry. 00083 */ 00084 00085 int rsbac_acl_add_to_acl_entry (enum rsbac_target_t target, 00086 union rsbac_target_id_t tid, 00087 enum rsbac_acl_subject_type_t subj_type, 00088 rsbac_acl_subject_id_t subj_id, 00089 rsbac_acl_rights_vector_t rights, 00090 rsbac_time_t ttl); 00091 00092 /* rsbac_acl_remove_from_acl_entry 00093 * Remove given rights from ACL entry for given target and subject. If entry does 00094 * not exist, nothing happens. 00095 * This function does NOT remove the ACL entry, so removing all rights results in 00096 * NO rights for this subject/target combination! 00097 */ 00098 00099 int rsbac_acl_remove_from_acl_entry(enum rsbac_target_t target, 00100 union rsbac_target_id_t tid, 00101 enum rsbac_acl_subject_type_t subj_type, 00102 rsbac_acl_subject_id_t subj_id, 00103 rsbac_acl_rights_vector_t rights); 00104 00105 /* rsbac_acl_set_mask 00106 * Set inheritance mask for given target to given rights. If item does 00107 * not exist, it is created. 00108 */ 00109 00110 int rsbac_acl_set_mask (enum rsbac_target_t target, 00111 union rsbac_target_id_t tid, 00112 rsbac_acl_rights_vector_t mask); 00113 00114 /* rsbac_acl_get_mask 00115 * Get inheritance mask for given target to given rights. If item does 00116 * not exist, default mask is returned. 00117 */ 00118 00119 int rsbac_acl_get_mask (enum rsbac_target_t target, 00120 union rsbac_target_id_t tid, 00121 rsbac_acl_rights_vector_t * mask_p); 00122 00123 /* rsbac_acl_get_rights 00124 * Get effective rights from ACL entry for given target and subject. 00125 * If entry does not exist, inherited rights are used. If there is no parent, 00126 * the default rights vector for this target type is returned. 00127 * This function does NOT add role or group rights to user rights! 00128 */ 00129 00130 int rsbac_acl_get_rights (enum rsbac_target_t target, 00131 union rsbac_target_id_t tid, 00132 enum rsbac_acl_subject_type_t subj_type, 00133 rsbac_acl_subject_id_t subj_id, 00134 rsbac_acl_rights_vector_t * rights_p, 00135 boolean inherit); 00136 00137 /* rsbac_acl_get_single_right 00138 * Show, whether a right is set for given target and subject. 00139 * If right is not set, it is checked at all parents, unless it has been 00140 * masked out *or* it is SUPERVISOR, CONFIG_RSBAC_ACL_SUPER_FILTER is set 00141 * and supervisor is masked out. 00142 */ 00143 00144 int rsbac_acl_get_single_right (enum rsbac_target_t target, 00145 union rsbac_target_id_t tid, 00146 enum rsbac_acl_subject_type_t subj_type, 00147 rsbac_acl_subject_id_t subj_id, 00148 enum rsbac_adf_request_t right, 00149 boolean * result); 00150 00151 00152 /************************************************************************** */ 00153 /* The rsbac_acl_copy_fd_acl() function copies a file/dir ACL to another */ 00154 /* file/dir ACL. The old ACL of fd2 is erased before copying. */ 00155 00156 int rsbac_acl_copy_fd_acl(struct rsbac_fs_file_t file1, 00157 struct rsbac_fs_file_t file2); 00158 00159 /************************************************************************** */ 00160 /* The rsbac_acl_copy_pp_acl() function copies a process acl to another */ 00161 00162 int rsbac_acl_copy_pp_acl(rsbac_pid_t old_pid, 00163 rsbac_pid_t new_pid); 00164 00165 /************************************************* 00166 * rsbac_acl_get_tlist 00167 * Get subjects from ACL entries for given target. 00168 */ 00169 00170 int rsbac_acl_get_tlist (enum rsbac_target_t target, 00171 union rsbac_target_id_t tid, 00172 struct rsbac_acl_entry_t ** entry_pp, 00173 rsbac_time_t ** ttl_pp); 00174 00175 /************************************************* 00176 * Group management 00177 */ 00178 00179 /* add a group with new id and fill this id into *group_id_p */ 00180 int rsbac_acl_add_group(rsbac_uid_t owner, enum rsbac_acl_group_type_t type, char * name, 00181 rsbac_acl_group_id_t * group_id_p); 00182 00183 int rsbac_acl_change_group( rsbac_acl_group_id_t id, 00184 rsbac_uid_t owner, 00185 enum rsbac_acl_group_type_t type, 00186 char * name); 00187 00188 int rsbac_acl_remove_group(rsbac_acl_group_id_t id); 00189 00190 int rsbac_acl_get_group_entry(rsbac_acl_group_id_t group, struct rsbac_acl_group_entry_t * entry_p); 00191 00192 int rsbac_acl_list_groups(rsbac_uid_t owner, 00193 boolean include_global, 00194 struct rsbac_acl_group_entry_t ** entry_pp); 00195 00196 /* check group existence */ 00197 boolean rsbac_acl_group_exist(rsbac_acl_group_id_t group); 00198 00199 int rsbac_acl_add_group_member(rsbac_acl_group_id_t group, rsbac_uid_t user, rsbac_time_t ttl); 00200 00201 int rsbac_acl_remove_group_member(rsbac_acl_group_id_t group, rsbac_uid_t user); 00202 00203 /* check membership */ 00204 boolean rsbac_acl_group_member(rsbac_acl_group_id_t group, rsbac_uid_t user); 00205 00206 /* build vmalloc'd array of all group memberships of the given user */ 00207 /* returns number of groups or negative error */ 00208 /* Attention: memory deallocation with vfree must be done by caller! */ 00209 int rsbac_acl_get_user_groups(rsbac_uid_t user, 00210 rsbac_acl_group_id_t ** group_pp, 00211 rsbac_time_t ** ttl_pp); 00212 00213 /* Returns number of members or negative error */ 00214 int rsbac_acl_get_group_members(rsbac_acl_group_id_t group, 00215 rsbac_uid_t user_array[], 00216 rsbac_time_t ttl_array[], 00217 int maxnum); 00218 00219 /* Remove subject from all ACLs */ 00220 int rsbac_acl_remove_subject(struct rsbac_acl_entry_desc_t desc); 00221 00222 /*************************************************/ 00223 /* remove user from all groups and from all ACLs */ 00224 int rsbac_acl_remove_user(rsbac_uid_t user); 00225 00226 #endif

Generated on Tue Aug 31 10:05:22 2004 for RSBAC by doxygen 1.3.8