00001
00002
00003
00004
00005
00006
00007
00008
00009 #include <rsbac/types.h>
00010 #include <rsbac/aci.h>
00011 #include <rsbac/mac.h>
00012 #include <rsbac/pm.h>
00013 #include <rsbac/auth.h>
00014 #include <rsbac/acl.h>
00015 #include <rsbac/reg.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/debug.h>
00018 #include <rsbac/helpers.h>
00019 #include <rsbac/getname.h>
00020 #include <rsbac/network.h>
00021 #include <asm/semaphore.h>
00022 #include <linux/sched.h>
00023 #include <linux/file.h>
00024 #include <rsbac/rkmem.h>
00025 #include <rsbac/gen_lists.h>
00026 #include <linux/smp_lock.h>
00027 #include <asm/uaccess.h>
00028 #include <linux/delay.h>
00029
00030 #include <rsbac/adf.h>
00031 #include <rsbac/adf_main.h>
00032 #include <rsbac/adf_syshelpers.h>
00033 #include <rsbac/rc.h>
00034 #include <rsbac/um.h>
00035 #include <rsbac/um_types.h>
00036 #include <rsbac/syscalls.h>
00037
00038 #ifdef CONFIG_RSBAC_NET_OBJ
00039 #include <rsbac/network.h>
00040 #endif
00041 #ifdef CONFIG_RSBAC_DAZ
00042 #include <rsbac/daz.h>
00043 #endif
00044
00045 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00046 #include <linux/namei.h>
00047 #endif
00048
00049
00050
00051
00052
00053 extern struct semaphore rsbac_write_sem;
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066 int sys_rsbac_stats(void)
00067 {
00068 union rsbac_target_id_t rsbac_target_id;
00069 union rsbac_attribute_value_t rsbac_attribute_value;
00070
00071 #ifdef CONFIG_RSBAC_DEBUG
00072 if (rsbac_debug_aef)
00073 {
00074 rsbac_printk(KERN_DEBUG "sys_rsbac_stats(): calling ADF\n");
00075 }
00076 #endif
00077 rsbac_target_id.scd = ST_rsbac;
00078 rsbac_attribute_value.dummy = 0;
00079 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00080 current->pid,
00081 T_SCD,
00082 rsbac_target_id,
00083 A_none,
00084 rsbac_attribute_value))
00085 {
00086 return -EPERM;
00087 }
00088
00089 return(rsbac_stats());
00090 };
00091
00092 long sys_sync(void);
00093
00094 int sys_rsbac_check(int correct, int check_inode)
00095 {
00096 union rsbac_target_id_t rsbac_target_id;
00097 union rsbac_attribute_value_t rsbac_attribute_value;
00098 int result;
00099
00100 #ifdef CONFIG_RSBAC_DEBUG
00101 if (rsbac_debug_aef)
00102 {
00103 rsbac_printk(KERN_DEBUG "sys_rsbac_check(): calling ADF\n");
00104 }
00105 #endif
00106 rsbac_target_id.scd = ST_rsbac;
00107 rsbac_attribute_value.dummy = 0;
00108 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00109 current->pid,
00110 T_SCD,
00111 rsbac_target_id,
00112 A_none,
00113 rsbac_attribute_value))
00114 {
00115 return -EPERM;
00116 }
00117
00118 rsbac_printk(KERN_INFO
00119 "sys_rsbac_check(): triggering RSBAC consistency check, correct = %u, check_inode = %u!\n",
00120 correct, check_inode);
00121 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00122
00123 if(check_inode)
00124 {
00125 rsbac_printk(KERN_INFO
00126 "sys_rsbac_check(): syncing disks\n");
00127 sys_sync();
00128 }
00129 #endif
00130
00131 lock_kernel();
00132 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00133
00134 if(check_inode)
00135 down(&rsbac_write_sem);
00136 #endif
00137
00138 result=rsbac_check_lists(correct);
00139
00140
00141 #if defined(CONFIG_RSBAC_ACL)
00142 if(!result)
00143 result=rsbac_check_acl(correct);
00144 #endif
00145 #if defined(CONFIG_RSBAC_REG)
00146 if(!result)
00147 result=rsbac_check_reg(correct, check_inode);
00148 #endif
00149
00150 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00151
00152 if(check_inode)
00153 up(&rsbac_write_sem);
00154 #endif
00155
00156 unlock_kernel();
00157 return(result);
00158 }
00159
00160 int sys_rsbac_write(void)
00161 {
00162 #if defined(CONFIG_RSBAC_AUTO_WRITE)
00163 union rsbac_target_id_t rsbac_target_id;
00164 union rsbac_attribute_value_t rsbac_attribute_value;
00165 int result;
00166
00167 #ifdef CONFIG_RSBAC_DEBUG
00168 if (rsbac_debug_aef)
00169 {
00170 rsbac_printk(KERN_DEBUG "sys_rsbac_write(): calling ADF\n");
00171 }
00172 #endif
00173 rsbac_target_id.scd = ST_rsbac;
00174 rsbac_attribute_value.dummy = 0;
00175 if (!rsbac_adf_request(R_WRITE,
00176 current->pid,
00177 T_SCD,
00178 rsbac_target_id,
00179 A_none,
00180 rsbac_attribute_value))
00181 {
00182 return -EPERM;
00183 }
00184
00185
00186 result = rsbac_write(TRUE);
00187
00188 return result;
00189 #else
00190 return(0);
00191 #endif
00192 };
00193
00194
00195
00196
00197
00198 int sys_rsbac_get_attr(
00199 rsbac_list_ta_number_t ta_number,
00200 enum rsbac_switch_target_t module,
00201 enum rsbac_target_t target,
00202 union rsbac_target_id_t * tid,
00203 enum rsbac_attribute_t attr,
00204 union rsbac_attribute_value_t * value,
00205 int inherit)
00206 {
00207 union rsbac_target_id_t k_tid;
00208 union rsbac_attribute_value_t k_value;
00209 int err = 0;
00210 rsbac_boolean_t i_inherit;
00211
00212 if(module > SW_NONE)
00213 return -RSBAC_EINVALIDMODULE;
00214 if(!tid || (target >= T_NONE))
00215 return -RSBAC_EINVALIDTARGET;
00216 if(!value)
00217 return -RSBAC_EINVALIDPOINTER;
00218 if(attr >= A_none)
00219 return -RSBAC_EINVALIDATTR;
00220
00221 if(module == SW_NONE)
00222 {
00223 module = get_attr_module(attr);
00224 if(module == SW_NONE)
00225 return(-RSBAC_EINVALIDMODULE);
00226 }
00227
00228
00229 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00230 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00231
00232 switch (target) {
00233 case T_FD:
00234 return -RSBAC_EINVALIDTARGET;
00235 case T_FILE:
00236 case T_DIR:
00237 case T_FIFO:
00238 case T_SYMLINK:
00239 case T_UNIXSOCK:
00240 k_tid.file.dentry_p = NULL;
00241 k_tid.dir.dentry_p = NULL;
00242 default:
00243 break;
00244 }
00245
00246 if(inherit)
00247 i_inherit = TRUE;
00248 else
00249 i_inherit = FALSE;
00250
00251 #ifdef CONFIG_RSBAC_NET_OBJ
00252
00253 if( (target == T_NETOBJ)
00254 && ( !k_tid.netobj.sock_p
00255 || k_tid.netobj.remote_addr
00256 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00257 || !k_tid.netobj.sock_p->file
00258 || !k_tid.netobj.sock_p->file->f_dentry
00259 || !k_tid.netobj.sock_p->file->f_dentry->d_inode
00260 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p)
00261 #else
00262 || !k_tid.netobj.sock_p->inode
00263 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p)
00264 #endif
00265 )
00266 )
00267 return -RSBAC_EINVALIDTARGET;
00268 #endif
00269
00270
00271 #ifdef CONFIG_RSBAC_DEBUG
00272 if (rsbac_debug_aef)
00273 {
00274 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): calling ADF\n");
00275 }
00276 #endif
00277 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
00278 current->pid,
00279 target,
00280 k_tid,
00281 attr,
00282 k_value))
00283 {
00284 return -EPERM;
00285 }
00286
00287 err = rsbac_ta_get_attr(ta_number, module, target, k_tid, attr, &k_value, i_inherit);
00288
00289 if(!err)
00290 {
00291 err = rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00292 }
00293 return (err);
00294 }
00295
00296
00297 int sys_rsbac_get_attr_n(
00298 rsbac_list_ta_number_t ta_number,
00299 enum rsbac_switch_target_t module,
00300 enum rsbac_target_t target,
00301 char * t_name,
00302 enum rsbac_attribute_t attr,
00303 union rsbac_attribute_value_t * value,
00304 int inherit)
00305 {
00306 union rsbac_attribute_value_t k_value;
00307 struct dentry * t_dentry;
00308 int err = 0;
00309 union rsbac_target_id_t tid;
00310
00311 rsbac_boolean_t i_inherit;
00312 struct nameidata nd;
00313
00314 if(module > SW_NONE)
00315 return(-RSBAC_EINVALIDMODULE);
00316 if(!t_name || (target >= T_NONE))
00317 return(-RSBAC_EINVALIDTARGET);
00318 if(!value)
00319 return(-RSBAC_EINVALIDPOINTER);
00320 if(attr >= A_none)
00321 return(-RSBAC_EINVALIDATTR);
00322
00323 if(module == SW_NONE)
00324 {
00325 module = get_attr_module(attr);
00326 if(module == SW_NONE)
00327 return(-RSBAC_EINVALIDMODULE);
00328 }
00329
00330 if(inherit)
00331 i_inherit = TRUE;
00332 else
00333 i_inherit = FALSE;
00334
00335
00336 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00337 switch (target) {
00338 case T_FD:
00339 case T_FILE:
00340 case T_DIR:
00341 case T_FIFO:
00342 case T_SYMLINK:
00343 case T_UNIXSOCK:
00344 tid.file.dentry_p = NULL;
00345 tid.dir.dentry_p = NULL;
00346 default:
00347 break;
00348 }
00349
00350
00351 if ((err = user_path_walk_link(t_name, &nd)))
00352 {
00353 #ifdef CONFIG_RSBAC_DEBUG
00354 if (rsbac_debug_aef)
00355 {
00356 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): call to user_path_walk_link() returned %i\n", err);
00357 }
00358 #endif
00359 goto out;
00360 }
00361 t_dentry = nd.dentry;
00362 if (!t_dentry->d_inode)
00363 {
00364 #ifdef CONFIG_RSBAC_DEBUG
00365 if (rsbac_debug_aef)
00366 {
00367 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): file not found\n");
00368 }
00369 #endif
00370 err = -RSBAC_EINVALIDTARGET;
00371 goto out_dput;
00372 }
00373
00374 switch (target)
00375 {
00376
00377 case T_FD:
00378 if(S_ISREG(t_dentry->d_inode->i_mode))
00379 {
00380 target = T_FILE;
00381 }
00382 else
00383 if(S_ISDIR(t_dentry->d_inode->i_mode))
00384 {
00385 target = T_DIR;
00386 }
00387 else
00388 if(S_ISLNK(t_dentry->d_inode->i_mode))
00389 {
00390 target = T_SYMLINK;
00391 }
00392 else
00393 if(S_ISFIFO(t_dentry->d_inode->i_mode))
00394 {
00395 target = T_FIFO;
00396 }
00397 else
00398 if(S_ISBLK(t_dentry->d_inode->i_mode))
00399 {
00400 target = T_FILE;
00401 }
00402 else
00403 if(S_ISCHR(t_dentry->d_inode->i_mode))
00404 {
00405 target = T_FILE;
00406 }
00407 else
00408 if(S_ISSOCK(t_dentry->d_inode->i_mode))
00409 {
00410 target = T_UNIXSOCK;
00411 }
00412 else
00413 {
00414 #ifdef CONFIG_RSBAC_DEBUG
00415 if (rsbac_debug_aef)
00416 {
00417 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no filesystem object\n");
00418 }
00419 #endif
00420 err = -RSBAC_EINVALIDTARGET;
00421 goto out_dput;
00422 }
00423 break;
00424
00425 case T_FILE:
00426 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
00427 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00428 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00429 {
00430 #ifdef CONFIG_RSBAC_DEBUG
00431 if (rsbac_debug_aef)
00432 {
00433 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no file\n");
00434 }
00435 #endif
00436 err = -RSBAC_EINVALIDTARGET;
00437 goto out_dput;
00438 }
00439 break;
00440
00441 case T_DIR:
00442 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00443 {
00444 #ifdef CONFIG_RSBAC_DEBUG
00445 if (rsbac_debug_aef)
00446 {
00447 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dir\n");
00448 }
00449 #endif
00450 err = -RSBAC_EINVALIDTARGET;
00451 goto out_dput;
00452 }
00453 break;
00454
00455 case T_FIFO:
00456
00457 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
00458 {
00459 #ifdef CONFIG_RSBAC_DEBUG
00460 if (rsbac_debug_aef)
00461 {
00462 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no fifo\n");
00463 }
00464 #endif
00465 err = -RSBAC_EINVALIDTARGET;
00466 goto out_dput;
00467 }
00468 break;
00469
00470 case T_UNIXSOCK:
00471
00472 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode)))
00473 {
00474 #ifdef CONFIG_RSBAC_DEBUG
00475 if (rsbac_debug_aef)
00476 {
00477 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no socket\n");
00478 }
00479 #endif
00480 err = -RSBAC_EINVALIDTARGET;
00481 goto out_dput;
00482 }
00483 break;
00484
00485 case T_SYMLINK:
00486 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
00487 {
00488 #ifdef CONFIG_RSBAC_DEBUG
00489 if (rsbac_debug_aef)
00490 {
00491 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no symlink\n");
00492 }
00493 #endif
00494 err = -RSBAC_EINVALIDTARGET;
00495 goto out_dput;
00496 }
00497 break;
00498
00499 case T_DEV:
00500 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
00501 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00502 {
00503 #ifdef CONFIG_RSBAC_DEBUG
00504 if (rsbac_debug_aef)
00505 {
00506 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dev\n");
00507 }
00508 #endif
00509 err = -RSBAC_EINVALIDTARGET;
00510 goto out_dput;
00511 }
00512 break;
00513
00514 default:
00515 err = -RSBAC_EINVALIDTARGET;
00516 goto out_dput;
00517 }
00518
00519 if(target == T_DEV)
00520 {
00521 if(S_ISBLK(t_dentry->d_inode->i_mode))
00522 tid.dev.type = D_block;
00523 else
00524 tid.dev.type = D_char;
00525 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
00526 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
00527 }
00528 else
00529 {
00530
00531 tid.file.device = t_dentry->d_sb->s_dev;
00532 tid.file.inode = t_dentry->d_inode->i_ino;
00533 tid.file.dentry_p = t_dentry;
00534 }
00535
00536 #ifdef CONFIG_RSBAC_DEBUG
00537 if (rsbac_debug_aef)
00538 {
00539 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): calling ADF\n");
00540 }
00541 #endif
00542 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
00543 current->pid,
00544 target,
00545 tid,
00546 attr,
00547 k_value))
00548 {
00549 err = -EPERM;
00550 }
00551 else
00552 {
00553 err = rsbac_ta_get_attr(ta_number, module, target, tid, attr, &k_value, i_inherit);
00554
00555 if(!err)
00556 rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00557 }
00558
00559 out_dput:
00560 path_release(&nd);
00561
00562 out:
00563 return(err);
00564 }
00565
00566
00567
00568 int sys_rsbac_set_attr(
00569 rsbac_list_ta_number_t ta_number,
00570 enum rsbac_switch_target_t module,
00571 enum rsbac_target_t target,
00572 union rsbac_target_id_t * tid,
00573 enum rsbac_attribute_t attr,
00574 union rsbac_attribute_value_t * value)
00575 {
00576 union rsbac_target_id_t k_tid;
00577 union rsbac_attribute_value_t k_value;
00578 int err = 0;
00579 struct task_struct * task_p;
00580
00581 if(module > SW_NONE)
00582 return(-RSBAC_EINVALIDMODULE);
00583 if(!tid || (target >= T_NONE))
00584 return(-RSBAC_EINVALIDTARGET);
00585 if(!value)
00586 return(-RSBAC_EINVALIDPOINTER);
00587 if(attr >= A_none)
00588 return(-RSBAC_EINVALIDATTR);
00589
00590 if(module == SW_NONE)
00591 {
00592 module = get_attr_module(attr);
00593 if(module == SW_NONE)
00594 return(-RSBAC_EINVALIDMODULE);
00595 }
00596 #ifdef CONFIG_RSBAC_FREEZE
00597 if(rsbac_freeze)
00598 {
00599 rsbac_printk(KERN_WARNING
00600 "sys_rsbac_set_attr(): RSBAC configuration frozen, no administration allowed!\n");
00601 return -EPERM;
00602 }
00603 #endif
00604
00605
00606 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00607 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00608
00609
00610 switch(target)
00611 {
00612 case T_PROCESS:
00613 read_lock(&tasklist_lock);
00614 task_p = find_task_by_pid(k_tid.process);
00615 read_unlock(&tasklist_lock);
00616 if(!task_p)
00617 return(-RSBAC_EINVALIDTARGET);
00618 break;
00619
00620 #ifdef CONFIG_RSBAC_NET_OBJ
00621
00622 case T_NETOBJ:
00623 if( !k_tid.netobj.sock_p
00624 || k_tid.netobj.remote_addr
00625 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00626 || !k_tid.netobj.sock_p->file
00627 || !k_tid.netobj.sock_p->file->f_dentry
00628 || !k_tid.netobj.sock_p->file->f_dentry->d_inode
00629 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p)
00630 #else
00631 || !k_tid.netobj.sock_p->inode
00632 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p)
00633 #endif
00634 )
00635 return -RSBAC_EINVALIDTARGET;
00636 #endif
00637
00638
00639 default:
00640 break;
00641 }
00642
00643
00644 #ifdef CONFIG_RSBAC_DEBUG
00645 if (rsbac_debug_aef)
00646 rsbac_printk(KERN_DEBUG
00647 "sys_rsbac_set_attr(): calling ADF\n");
00648 #endif
00649 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00650 current->pid,
00651 target,
00652 k_tid,
00653 attr,
00654 k_value))
00655 {
00656 return -EPERM;
00657 }
00658 err = rsbac_ta_set_attr(ta_number, module, target, k_tid, attr, k_value);
00659 return err;
00660 }
00661
00662 int sys_rsbac_set_attr_n(
00663 rsbac_list_ta_number_t ta_number,
00664 enum rsbac_switch_target_t module,
00665 enum rsbac_target_t target,
00666 char * t_name,
00667 enum rsbac_attribute_t attr,
00668 union rsbac_attribute_value_t * value)
00669 {
00670 struct dentry * t_dentry;
00671 int err = 0;
00672 union rsbac_attribute_value_t k_value;
00673 union rsbac_target_id_t tid;
00674 struct nameidata nd;
00675
00676 if(module > SW_NONE)
00677 return(-RSBAC_EINVALIDMODULE);
00678 if(!t_name || (target >= T_NONE))
00679 return(-RSBAC_EINVALIDTARGET);
00680 if(!value)
00681 return(-RSBAC_EINVALIDPOINTER);
00682 if(attr >= A_none)
00683 return(-RSBAC_EINVALIDATTR);
00684
00685 if(module == SW_NONE)
00686 {
00687 module = get_attr_module(attr);
00688 if(module == SW_NONE)
00689 return(-RSBAC_EINVALIDMODULE);
00690 }
00691
00692 #ifdef CONFIG_RSBAC_FREEZE
00693 if(rsbac_freeze)
00694 {
00695 rsbac_printk(KERN_WARNING
00696 "sys_rsbac_set_attr_n(): RSBAC configuration frozen, no administration allowed!\n");
00697 return -EPERM;
00698 }
00699 #endif
00700
00701 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00702
00703
00704 if ((err = user_path_walk_link(t_name, &nd)))
00705 {
00706 #ifdef CONFIG_RSBAC_DEBUG
00707 if (rsbac_debug_aef)
00708 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): call to user_path_walk_link() returned %i\n", err);
00709 #endif
00710 goto out;
00711 }
00712 t_dentry = nd.dentry;
00713 if (!t_dentry->d_inode)
00714 {
00715 #ifdef CONFIG_RSBAC_DEBUG
00716 if (rsbac_debug_aef)
00717 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): file not found\n");
00718 #endif
00719 err = -RSBAC_EINVALIDTARGET;
00720 goto out_dput;
00721 }
00722
00723 switch (target)
00724 {
00725
00726 case T_FD:
00727 if(S_ISREG(t_dentry->d_inode->i_mode))
00728 {
00729 target = T_FILE;
00730 }
00731 else
00732 if(S_ISDIR(t_dentry->d_inode->i_mode))
00733 {
00734 target = T_DIR;
00735 }
00736 else
00737 if(S_ISLNK(t_dentry->d_inode->i_mode))
00738 {
00739 target = T_SYMLINK;
00740 }
00741 else
00742 if(S_ISFIFO(t_dentry->d_inode->i_mode))
00743 {
00744 target = T_FIFO;
00745 }
00746 else
00747 if(S_ISSOCK(t_dentry->d_inode->i_mode))
00748 {
00749 target = T_UNIXSOCK;
00750 }
00751 else
00752 if(S_ISBLK(t_dentry->d_inode->i_mode))
00753 {
00754 target = T_FILE;
00755 }
00756 else
00757 if(S_ISCHR(t_dentry->d_inode->i_mode))
00758 {
00759 target = T_FILE;
00760 }
00761 else
00762 {
00763 #ifdef CONFIG_RSBAC_DEBUG
00764 if (rsbac_debug_aef)
00765 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no filesystem object\n");
00766 #endif
00767 err = -RSBAC_EINVALIDTARGET;
00768 goto out_dput;
00769 }
00770 break;
00771
00772 case T_FILE:
00773 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
00774 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00775 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00776 {
00777 #ifdef CONFIG_RSBAC_DEBUG
00778 if (rsbac_debug_aef)
00779 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no file\n");
00780 #endif
00781 err = -RSBAC_EINVALIDTARGET;
00782 goto out_dput;
00783 }
00784 break;
00785
00786 case T_DIR:
00787 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00788 {
00789 #ifdef CONFIG_RSBAC_DEBUG
00790 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n");
00791 #endif
00792 err = -RSBAC_EINVALIDTARGET;
00793 goto out_dput;
00794 }
00795 break;
00796
00797 case T_FIFO:
00798
00799 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
00800 {
00801 #ifdef CONFIG_RSBAC_DEBUG
00802 if (rsbac_debug_aef)
00803 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no fifo\n");
00804 #endif
00805 err = -RSBAC_EINVALIDTARGET;
00806 goto out_dput;
00807 }
00808 break;
00809
00810 case T_UNIXSOCK:
00811
00812 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode)))
00813 {
00814 #ifdef CONFIG_RSBAC_DEBUG
00815 if (rsbac_debug_aef)
00816 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no socket\n");
00817 #endif
00818 err = -RSBAC_EINVALIDTARGET;
00819 goto out_dput;
00820 }
00821 break;
00822
00823 case T_SYMLINK:
00824 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
00825 {
00826 #ifdef CONFIG_RSBAC_DEBUG
00827 if (rsbac_debug_aef)
00828 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no symlink\n");
00829 #endif
00830 err = -RSBAC_EINVALIDTARGET;
00831 goto out_dput;
00832 }
00833 break;
00834
00835 case T_DEV:
00836 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
00837 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00838 {
00839 #ifdef CONFIG_RSBAC_DEBUG
00840 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no dev\n");
00841 #endif
00842 err = -RSBAC_EINVALIDTARGET;
00843 goto out_dput;
00844 }
00845 break;
00846
00847 default:
00848 err = -RSBAC_EINVALIDTARGET;
00849 goto out_dput;
00850 }
00851
00852 if(target == T_DEV)
00853 {
00854 if(S_ISBLK(t_dentry->d_inode->i_mode))
00855 tid.dev.type = D_block;
00856 else
00857 tid.dev.type = D_char;
00858 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
00859 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
00860 }
00861 else
00862 {
00863
00864 tid.file.device = t_dentry->d_sb->s_dev;
00865 tid.file.inode = t_dentry->d_inode->i_ino;
00866 tid.file.dentry_p = t_dentry;
00867 }
00868
00869 #ifdef CONFIG_RSBAC_DEBUG
00870 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): calling ADF\n");
00871 #endif
00872 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00873 current->pid,
00874 target,
00875 tid,
00876 attr,
00877 k_value))
00878 {
00879 err = -EPERM;
00880 }
00881 else
00882 {
00883 err = rsbac_ta_set_attr(ta_number, module, target, tid, attr, k_value);
00884 }
00885
00886 out_dput:
00887 path_release(&nd);
00888
00889 out:
00890 return(err);
00891 }
00892
00893
00894
00895 int sys_rsbac_remove_target(
00896 rsbac_list_ta_number_t ta_number,
00897 enum rsbac_target_t target,
00898 union rsbac_target_id_t * tid)
00899 {
00900 union rsbac_target_id_t k_tid;
00901 int err = 0;
00902
00903
00904 union rsbac_attribute_value_t rsbac_attribute_value;
00905
00906 if(!tid || (target >= T_NONE))
00907 return(-RSBAC_EINVALIDTARGET);
00908
00909 #ifdef CONFIG_RSBAC_FREEZE
00910 if(rsbac_freeze)
00911 {
00912 rsbac_printk(KERN_WARNING
00913 "sys_rsbac_remove_target(): RSBAC configuration frozen, no administration allowed!\n");
00914 return -EPERM;
00915 }
00916 #endif
00917
00918
00919 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00920
00921
00922 #ifdef CONFIG_RSBAC_DEBUG
00923 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target(): calling ADF\n");
00924 #endif
00925 rsbac_attribute_value.dummy = 0;
00926 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00927 current->pid,
00928 target,
00929 k_tid,
00930 A_none,
00931 rsbac_attribute_value))
00932 {
00933 return -EPERM;
00934 }
00935 err = rsbac_ta_remove_target(ta_number, target, k_tid);
00936 return (err);
00937 }
00938
00939 int sys_rsbac_remove_target_n(
00940 rsbac_list_ta_number_t ta_number,
00941 enum rsbac_target_t target,
00942 char * t_name)
00943 {
00944 struct dentry * t_dentry;
00945 int err = 0;
00946 union rsbac_target_id_t tid;
00947
00948
00949 union rsbac_attribute_value_t rsbac_attribute_value;
00950
00951
00952
00953 struct nameidata nd;
00954
00955 if(!t_name || (target >= T_NONE))
00956 return(-RSBAC_EINVALIDTARGET);
00957
00958 #ifdef CONFIG_RSBAC_FREEZE
00959 if(rsbac_freeze)
00960 {
00961 rsbac_printk(KERN_WARNING
00962 "sys_rsbac_remove_target_n(): RSBAC configuration frozen, no administration allowed!\n");
00963 return -EPERM;
00964 }
00965 #endif
00966
00967
00968 if ((err = user_path_walk_link(t_name, &nd)))
00969 {
00970 #ifdef CONFIG_RSBAC_DEBUG
00971 if (rsbac_debug_aef)
00972 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): call to user_path_walk_link() returned %i\n", err);
00973 #endif
00974 goto out;
00975 }
00976 t_dentry = nd.dentry;
00977 if (!t_dentry->d_inode)
00978 {
00979 #ifdef CONFIG_RSBAC_DEBUG
00980 if (rsbac_debug_aef)
00981 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): file not found\n");
00982 #endif
00983 err = -RSBAC_EINVALIDTARGET;
00984 goto out_dput;
00985 }
00986
00987 switch (target)
00988 {
00989
00990 case T_FD:
00991 if(S_ISREG(t_dentry->d_inode->i_mode))
00992 {
00993 target = T_FILE;
00994 }
00995 else
00996 if(S_ISDIR(t_dentry->d_inode->i_mode))
00997 {
00998 target = T_DIR;
00999 }
01000 else
01001 if(S_ISLNK(t_dentry->d_inode->i_mode))
01002 {
01003 target = T_SYMLINK;
01004 }
01005 else
01006 if(S_ISFIFO(t_dentry->d_inode->i_mode))
01007 {
01008 target = T_FIFO;
01009 }
01010 else
01011 if(S_ISSOCK(t_dentry->d_inode->i_mode))
01012 {
01013 target = T_UNIXSOCK;
01014 }
01015 else
01016 if(S_ISBLK(t_dentry->d_inode->i_mode))
01017 {
01018 target = T_FILE;
01019 }
01020 else
01021 if(S_ISCHR(t_dentry->d_inode->i_mode))
01022 {
01023 target = T_FILE;
01024 }
01025 else
01026 {
01027 #ifdef CONFIG_RSBAC_DEBUG
01028 if (rsbac_debug_aef)
01029 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no filesystem object\n");
01030 #endif
01031 err = -RSBAC_EINVALIDTARGET;
01032 goto out_dput;
01033 }
01034 break;
01035
01036 case T_FILE:
01037 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
01038 && !(S_ISBLK(t_dentry->d_inode->i_mode))
01039 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
01040 {
01041 #ifdef CONFIG_RSBAC_DEBUG
01042 if (rsbac_debug_aef)
01043 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no file\n");
01044 #endif
01045 err = -RSBAC_EINVALIDTARGET;
01046 goto out_dput;
01047 }
01048 break;
01049
01050 case T_DIR:
01051 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
01052 {
01053 #ifdef CONFIG_RSBAC_DEBUG
01054 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n");
01055 #endif
01056 err = -RSBAC_EINVALIDTARGET;
01057 goto out_dput;
01058 }
01059 break;
01060
01061 case T_FIFO:
01062
01063 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
01064 {
01065 #ifdef CONFIG_RSBAC_DEBUG
01066 if (rsbac_debug_aef)
01067 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no fifo\n");
01068 #endif
01069 err = -RSBAC_EINVALIDTARGET;
01070 goto out_dput;
01071 }
01072 break;
01073
01074 case T_UNIXSOCK:
01075
01076 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode)))
01077 {
01078 #ifdef CONFIG_RSBAC_DEBUG
01079 if (rsbac_debug_aef)
01080 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no socket\n");
01081 #endif
01082 err = -RSBAC_EINVALIDTARGET;
01083 goto out_dput;
01084 }
01085 break;
01086
01087 case T_SYMLINK:
01088 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
01089 {
01090 #ifdef CONFIG_RSBAC_DEBUG
01091 if (rsbac_debug_aef)
01092 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no symlink\n");
01093 #endif
01094 err = -RSBAC_EINVALIDTARGET;
01095 goto out_dput;
01096 }
01097 break;
01098
01099 case T_DEV:
01100 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
01101 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
01102 {
01103 #ifdef CONFIG_RSBAC_DEBUG
01104 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no dev\n");
01105 #endif
01106 err = -RSBAC_EINVALIDTARGET;
01107 goto out_dput;
01108 }
01109 break;
01110
01111 default:
01112 err = -RSBAC_EINVALIDTARGET;
01113 goto out_dput;
01114 }
01115
01116 if(target == T_DEV)
01117 {
01118 if(S_ISBLK(t_dentry->d_inode->i_mode))
01119 tid.dev.type = D_block;
01120 else
01121 tid.dev.type = D_char;
01122 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
01123 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
01124 }
01125 else
01126 {
01127
01128 tid.file.device = t_dentry->d_sb->s_dev;
01129 tid.file.inode = t_dentry->d_inode->i_ino;
01130 tid.file.dentry_p = t_dentry;
01131 }
01132
01133 #ifdef CONFIG_RSBAC_DEBUG
01134 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): calling ADF\n");
01135 #endif
01136 rsbac_attribute_value.dummy = 0;
01137 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
01138 current->pid,
01139 target,
01140 tid,
01141 A_none,
01142 rsbac_attribute_value))
01143 {
01144 err = -EPERM;
01145 }
01146 else
01147 {
01148 err = rsbac_ta_remove_target(ta_number, target, tid);
01149 }
01150
01151 out_dput:
01152 path_release(&nd);
01153
01154 out:
01155 return(err);
01156 }
01157
01158 int sys_rsbac_list_all_dev(
01159 rsbac_list_ta_number_t ta_number,
01160 struct rsbac_dev_desc_t * id_p,
01161 u_long maxnum)
01162 {
01163 int err = 0;
01164 long count;
01165
01166 if(id_p && maxnum)
01167 {
01168 struct rsbac_dev_desc_t * k_id_p = NULL;
01169
01170 count = rsbac_ta_list_all_dev(ta_number, &k_id_p);
01171 if(count <= 0)
01172 return count;
01173 if(count > maxnum)
01174 count = maxnum;
01175
01176 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01177
01178 rsbac_vfree(k_id_p);
01179
01180 if(err)
01181 return err;
01182 else
01183 return count;
01184 }
01185 else
01186 return rsbac_ta_list_all_dev(ta_number, NULL);
01187 }
01188
01189 int sys_rsbac_list_all_user(
01190 rsbac_list_ta_number_t ta_number,
01191 rsbac_uid_t * id_p,
01192 u_long maxnum)
01193 {
01194 int err = 0;
01195 long count;
01196
01197 if(id_p && maxnum)
01198 {
01199 rsbac_uid_t * k_id_p = NULL;
01200
01201 count = rsbac_ta_list_all_user(ta_number, &k_id_p);
01202 if(count <= 0)
01203 return count;
01204 if(count > maxnum)
01205 count = maxnum;
01206
01207 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01208
01209 rsbac_vfree(k_id_p);
01210
01211 if(err)
01212 return err;
01213 else
01214 return count;
01215 }
01216 else
01217 return rsbac_ta_list_all_user(ta_number, NULL);
01218 }
01219
01220 int sys_rsbac_list_all_group(
01221 rsbac_list_ta_number_t ta_number,
01222 rsbac_gid_t * id_p,
01223 u_long maxnum)
01224 {
01225 int err = 0;
01226 long count;
01227
01228 if(id_p && maxnum)
01229 {
01230 rsbac_gid_t * k_id_p = NULL;
01231
01232 count = rsbac_ta_list_all_group(ta_number, &k_id_p);
01233 if(count <= 0)
01234 return count;
01235 if(count > maxnum)
01236 count = maxnum;
01237
01238 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01239
01240 rsbac_vfree(k_id_p);
01241
01242 if(err)
01243 return err;
01244 else
01245 return count;
01246 }
01247 else
01248 return rsbac_ta_list_all_group(ta_number, NULL);
01249 }
01250
01251 int sys_rsbac_list_all_ipc(rsbac_list_ta_number_t ta_number,
01252 struct rsbac_ipc_t * id_p, u_long maxnum)
01253 {
01254 int err = 0;
01255 long count;
01256
01257 if (id_p && maxnum) {
01258 struct rsbac_ipc_t *k_id_p = NULL;
01259
01260 count = rsbac_ta_list_all_ipc(ta_number, &k_id_p);
01261 if (count <= 0)
01262 return count;
01263 if (count > maxnum)
01264 count = maxnum;
01265
01266 err =
01267 rsbac_put_user((u_char *) k_id_p, (u_char *) id_p,
01268 count * sizeof(*k_id_p));
01269
01270 rsbac_vfree(k_id_p);
01271
01272 if (err)
01273 return err;
01274 else
01275 return count;
01276 } else
01277 return rsbac_ta_list_all_ipc(ta_number, NULL);
01278 }
01279
01280 int sys_rsbac_net_list_all_netdev(
01281 rsbac_list_ta_number_t ta_number,
01282 rsbac_netdev_id_t * id_p,
01283 u_long maxnum)
01284 {
01285 #ifdef CONFIG_RSBAC_NET_DEV
01286 int err = 0;
01287 long count;
01288
01289 if(id_p && maxnum)
01290 {
01291 rsbac_netdev_id_t * k_id_p = NULL;
01292
01293 count = rsbac_ta_net_list_all_netdev(ta_number, &k_id_p);
01294 if(count <= 0)
01295 return count;
01296 if(count > maxnum)
01297 count = maxnum;
01298
01299 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01300
01301 rsbac_vfree(k_id_p);
01302
01303 if(err)
01304 return err;
01305 else
01306 return count;
01307 }
01308 else
01309 return rsbac_ta_net_list_all_netdev(ta_number, NULL);
01310
01311 #else
01312 return -RSBAC_EINVALIDREQUEST;
01313 #endif
01314 }
01315
01316 int sys_rsbac_net_template(rsbac_list_ta_number_t ta_number,
01317 enum rsbac_net_temp_syscall_t call,
01318 rsbac_net_temp_id_t id,
01319 union rsbac_net_temp_syscall_data_t *data_p)
01320 {
01321 #ifdef CONFIG_RSBAC_NET_OBJ
01322 union rsbac_net_temp_syscall_data_t k_data;
01323 int err = 0;
01324
01325 #ifndef CONFIG_RSBAC_MAINT
01326 union rsbac_target_id_t i_tid;
01327 union rsbac_attribute_value_t i_attr_val;
01328 #endif
01329
01330 if (!id)
01331 return -RSBAC_EINVALIDVALUE;
01332 if (!data_p)
01333 return -RSBAC_EINVALIDPOINTER;
01334
01335
01336 switch (call) {
01337 case NTS_set_address:
01338 case NTS_set_address_family:
01339 case NTS_set_type:
01340 case NTS_set_protocol:
01341 case NTS_set_netdev:
01342 case NTS_set_ports:
01343 case NTS_set_name:
01344 case NTS_new_template:
01345 case NTS_copy_template:
01346 case NTS_delete_template:
01347 #ifdef CONFIG_RSBAC_FREEZE
01348 if (rsbac_freeze) {
01349 rsbac_printk(KERN_WARNING "sys_rsbac_net_template(): RSBAC configuration frozen, no administration allowed\n");
01350 return -EPERM;
01351 }
01352 #endif
01353 if (call != NTS_delete_template) {
01354 err =
01355 rsbac_get_user((u_char *) & k_data,
01356 (u_char *) data_p,
01357 sizeof(k_data));
01358 if (err)
01359 return err;
01360 }
01361 break;
01362 case NTS_check_id:
01363 case NTS_get_address:
01364 case NTS_get_address_family:
01365 case NTS_get_type:
01366 case NTS_get_protocol:
01367 case NTS_get_netdev:
01368 case NTS_get_ports:
01369 case NTS_get_name:
01370 break;
01371
01372 default:
01373 return -RSBAC_EINVALIDREQUEST;
01374 }
01375
01376 #ifndef CONFIG_RSBAC_MAINT
01377 rsbac_pr_debug(aef, "calling ADF\n");
01378 i_tid.nettemp = id;
01379 i_attr_val.dummy = 0;
01380 switch (call) {
01381 case NTS_new_template:
01382 if (!rsbac_adf_request(R_CREATE,
01383 current->pid,
01384 T_NETTEMP,
01385 i_tid, A_none, i_attr_val))
01386 #ifdef CONFIG_RSBAC_SOFTMODE
01387 if (!rsbac_softmode)
01388 #endif
01389 return -EPERM;
01390 break;
01391
01392 case NTS_copy_template:
01393 if (!rsbac_net_template_exist(id)) {
01394 if (!rsbac_adf_request(R_CREATE,
01395 current->pid,
01396 T_NETTEMP,
01397 i_tid, A_none, i_attr_val))
01398 #ifdef CONFIG_RSBAC_SOFTMODE
01399 if (!rsbac_softmode)
01400 #endif
01401 return -EPERM;
01402 } else {
01403 if (!rsbac_adf_request(R_WRITE,
01404 current->pid,
01405 T_NETTEMP,
01406 i_tid, A_none, i_attr_val))
01407 #ifdef CONFIG_RSBAC_SOFTMODE
01408 if (!rsbac_softmode)
01409 #endif
01410 return -EPERM;
01411 }
01412 i_tid.nettemp = k_data.id;
01413 if (!rsbac_adf_request(R_READ,
01414 current->pid,
01415 T_NETTEMP,
01416 i_tid, A_none, i_attr_val))
01417 #ifdef CONFIG_RSBAC_SOFTMODE
01418 if (!rsbac_softmode)
01419 #endif
01420 return -EPERM;
01421 break;
01422
01423 case NTS_delete_template:
01424 if (!rsbac_adf_request(R_DELETE,
01425 current->pid,
01426 T_NETTEMP,
01427 i_tid, A_none, i_attr_val))
01428 #ifdef CONFIG_RSBAC_SOFTMODE
01429 if (!rsbac_softmode)
01430 #endif
01431 return -EPERM;
01432 break;
01433
01434 case NTS_get_address:
01435 case NTS_get_address_family:
01436 case NTS_get_type:
01437 case NTS_get_protocol:
01438 case NTS_get_netdev:
01439 case NTS_get_ports:
01440 if (!rsbac_adf_request(R_READ,
01441 current->pid,
01442 T_NETTEMP,
01443 i_tid, A_none, i_attr_val))
01444 #ifdef CONFIG_RSBAC_SOFTMODE
01445 if (!rsbac_softmode)
01446 #endif
01447 return -EPERM;
01448 break;
01449
01450 case NTS_set_address:
01451 case NTS_set_address_family:
01452 case NTS_set_type:
01453 case NTS_set_protocol:
01454 case NTS_set_netdev:
01455 case NTS_set_ports:
01456 case NTS_set_name:
01457 if (!rsbac_adf_request(R_WRITE,
01458 current->pid,
01459 T_NETTEMP,
01460 i_tid, A_none, i_attr_val))
01461 #ifdef CONFIG_RSBAC_SOFTMODE
01462 if (!rsbac_softmode)
01463 #endif
01464 return -EPERM;
01465 break;
01466
01467 default:
01468 break;
01469 }
01470 #endif
01471
01472 err = rsbac_ta_net_template(ta_number, call, id, &k_data);
01473 if (!err) {
01474
01475 switch (call) {
01476 case NTS_check_id:
01477 case NTS_get_address:
01478 case NTS_get_address_family:
01479 case NTS_get_type:
01480 case NTS_get_protocol:
01481 case NTS_get_netdev:
01482 case NTS_get_ports:
01483 case NTS_get_name:
01484 err = rsbac_put_user((u_char *) & k_data,
01485 (u_char *) data_p,
01486 sizeof(k_data));
01487 break;
01488 default:
01489 break;
01490 }
01491 }
01492 return err;
01493
01494 #else
01495 return -RSBAC_EINVALIDREQUEST;
01496 #endif
01497 }
01498
01499 int sys_rsbac_net_list_all_template(
01500 rsbac_list_ta_number_t ta_number,
01501 rsbac_net_temp_id_t * id_p,
01502 u_long maxnum)
01503 {
01504 #ifdef CONFIG_RSBAC_NET_OBJ
01505 int err = 0;
01506 int count;
01507 union rsbac_target_id_t i_tid;
01508 union rsbac_attribute_value_t i_attr_val;
01509
01510 i_tid.nettemp = 0;
01511 i_attr_val.dummy = 0;
01512 if (!rsbac_adf_request(R_READ,
01513 current->pid,
01514 T_NETTEMP,
01515 i_tid,
01516 A_none,
01517 i_attr_val))
01518 return -EPERM;
01519 if(id_p && maxnum)
01520 {
01521 rsbac_net_temp_id_t * k_id_p = NULL;
01522
01523 count = rsbac_ta_net_list_all_template(ta_number, &k_id_p);
01524 if(count <= 0)
01525 return count;
01526 if(count > maxnum)
01527 count = maxnum;
01528
01529 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01530
01531 rsbac_vfree(k_id_p);
01532
01533 if(err)
01534 return err;
01535 else
01536 return count;
01537 }
01538 else
01539 return rsbac_ta_net_list_all_template(ta_number, NULL);
01540
01541 #else
01542 return -RSBAC_EINVALIDREQUEST;
01543 #endif
01544 }
01545
01546
01547
01548
01549
01550
01551 int sys_rsbac_switch(enum rsbac_switch_target_t module, int value)
01552 {
01553 #if defined(CONFIG_RSBAC_SWITCH) || defined(CONFIG_RSBAC_SOFTMODE)
01554 union rsbac_target_id_t rsbac_target_id;
01555 union rsbac_attribute_value_t rsbac_attribute_value;
01556 char * switch_name;
01557
01558
01559 if(module >= SW_NONE)
01560 return(-RSBAC_EINVALIDTARGET);
01561 if ( (value < 0)
01562 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01563 || (value > 3)
01564 #else
01565 || (value > 1)
01566 #endif
01567 )
01568 return (-RSBAC_EINVALIDVALUE);
01569
01570 #ifdef CONFIG_RSBAC_SOFTMODE
01571 if( rsbac_softmode_prohibit
01572 && ( ( (value == 1)
01573 && (module == SW_SOFTMODE)
01574 )
01575 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01576 || (value == 3)
01577 #endif
01578 )
01579 )
01580 {
01581 rsbac_printk(KERN_WARNING
01582 "sys_rsbac_switch(): setting of softmode prohibited!\n");
01583 return -EPERM;
01584 }
01585 #endif
01586
01587 #ifdef CONFIG_RSBAC_DEBUG
01588 if (rsbac_debug_aef)
01589 rsbac_printk(KERN_DEBUG "sys_rsbac_switch(): calling ADF\n");
01590 #endif
01591 rsbac_target_id.dummy = 0;
01592 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
01593 if(module == SW_DAC_DISABLE)
01594 {
01595 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01596 if(value > 1)
01597 return -RSBAC_EINVALIDVALUE;
01598 #endif
01599 rsbac_attribute_value.dummy = 0;
01600 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
01601 current->pid,
01602 T_NONE,
01603 rsbac_target_id,
01604 A_none,
01605 rsbac_attribute_value))
01606 {
01607 return -EPERM;
01608 }
01609 }
01610 else
01611 #endif
01612 {
01613 rsbac_attribute_value.switch_target = module;
01614 if (!rsbac_adf_request(R_SWITCH_MODULE,
01615 current->pid,
01616 T_NONE,
01617 rsbac_target_id,
01618 A_switch_target,
01619 rsbac_attribute_value))
01620 {
01621 return -EPERM;
01622 }
01623 }
01624
01625 switch(value)
01626 {
01627 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01628 case 2:
01629 case 3:
01630 rsbac_ind_softmode[module] = value - 2;
01631 break;
01632 #endif
01633
01634 default:
01635 switch (module)
01636 {
01637 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
01638 case SW_DAC_DISABLE: rsbac_dac_disable = value;
01639 break;
01640 #endif
01641 #ifdef CONFIG_RSBAC_SOFTMODE
01642 case SW_SOFTMODE: rsbac_softmode = value;
01643 break;
01644 #endif
01645 #ifdef CONFIG_RSBAC_FREEZE
01646 case SW_FREEZE:
01647 if(rsbac_freeze)
01648 {
01649 rsbac_printk(KERN_WARNING
01650 "sys_rsbac_switch(): RSBAC configuration frozen, no administration allowed!\n");
01651 return -EPERM;
01652 }
01653 rsbac_freeze = value;
01654 break;
01655 #endif
01656 #ifdef CONFIG_RSBAC_SWITCH_MAC
01657 case SW_MAC:
01658 #ifndef CONFIG_RSBAC_SWITCH_ON
01659 if(value)
01660 return -RSBAC_EINVALIDMODULE;
01661 #endif
01662 rsbac_switch_mac = value;
01663 break;
01664 #endif
01665 #ifdef CONFIG_RSBAC_SWITCH_PM
01666 case SW_PM:
01667 #ifndef CONFIG_RSBAC_SWITCH_ON
01668 if(value)
01669 return -RSBAC_EINVALIDMODULE;
01670 #endif
01671 rsbac_switch_pm = value;
01672 break;
01673 #endif
01674 #ifdef CONFIG_RSBAC_SWITCH_DAZ
01675 case SW_DAZ:
01676 rsbac_switch_daz = value;
01677 break;
01678 #endif
01679 #ifdef CONFIG_RSBAC_SWITCH_FF
01680 case SW_FF:
01681 rsbac_switch_ff = value;
01682 break;
01683 #endif
01684 #ifdef CONFIG_RSBAC_SWITCH_RC
01685 case SW_RC:
01686 #ifndef CONFIG_RSBAC_SWITCH_ON
01687 if(value)
01688 return -RSBAC_EINVALIDMODULE;
01689 #endif
01690 rsbac_switch_rc = value;
01691 break;
01692 #endif
01693 #ifdef CONFIG_RSBAC_SWITCH_AUTH
01694 case SW_AUTH:
01695 rsbac_switch_auth = value;
01696 break;
01697 #endif
01698 #ifdef CONFIG_RSBAC_SWITCH_ACL
01699 case SW_ACL:
01700 rsbac_switch_acl = value;
01701 break;
01702 #endif
01703 #ifdef CONFIG_RSBAC_SWITCH_CAP
01704 case SW_CAP:
01705 rsbac_switch_cap = value;
01706 break;
01707 #endif
01708 #ifdef CONFIG_RSBAC_SWITCH_JAIL
01709 case SW_JAIL:
01710 rsbac_switch_jail = value;
01711 break;
01712 #endif
01713 #ifdef CONFIG_RSBAC_SWITCH_RES
01714 case SW_RES:
01715 rsbac_switch_res = value;
01716 break;
01717 #endif
01718 #ifdef CONFIG_RSBAC_SWITCH_PAX
01719 case SW_PAX:
01720 rsbac_switch_pax = value;
01721 break;
01722 #endif
01723 default:
01724 return (-RSBAC_EINVALIDMODULE);
01725 }
01726 }
01727
01728 switch_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01729 if(switch_name)
01730 {
01731 int show_value = value;
01732
01733 get_switch_target_name(switch_name, module);
01734 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01735 switch(value)
01736 {
01737 case 2:
01738 case 3:
01739 strcat(switch_name, " softmode");
01740 show_value -= 2;
01741 break;
01742 default:
01743 break;
01744 }
01745 #endif
01746 rsbac_printk(KERN_WARNING
01747 "sys_rsbac_switch(): user %u switched RSBAC module %s to %i!\n",
01748 current->uid, switch_name, show_value);
01749 rsbac_kfree(switch_name);
01750 }
01751 return 0;
01752 #else
01753 return -RSBAC_EINVALIDREQUEST;
01754 #endif
01755 }
01756
01771 int sys_rsbac_get_switch(enum rsbac_switch_target_t module,
01772 int * value_p,
01773 int * switchable_p)
01774 {
01775 int value = 1;
01776 int switchable = 0;
01777 int allow_softmode = 0;
01778 int err = 0;
01779 union rsbac_target_id_t rsbac_target_id;
01780 union rsbac_attribute_value_t rsbac_attribute_value;
01781
01782 if(module >= SW_NONE)
01783 return -RSBAC_EINVALIDTARGET;
01784
01785 #ifdef CONFIG_RSBAC_DEBUG
01786 if(rsbac_debug_aef)
01787 rsbac_printk(KERN_DEBUG "sys_rsbac_get_switch(): calling ADF\n");
01788 #endif
01789 rsbac_target_id.scd = ST_rsbac;
01790 rsbac_attribute_value.dummy = 0;
01791 if(!rsbac_adf_request(R_GET_STATUS_DATA,
01792 current->pid,
01793 T_SCD,
01794 rsbac_target_id,
01795 A_none,
01796 rsbac_attribute_value))
01797 {
01798 return -EPERM;
01799 }
01800 switch(module)
01801 {
01802 case SW_GEN:
01803 allow_softmode = 0;
01804 switchable = 0;
01805 break;
01806 #ifdef CONFIG_RSBAC_UM
01807 case SW_UM:
01808 allow_softmode = 0;
01809 switchable = 0;
01810 break;
01811 #endif
01812 #ifdef CONFIG_RSBAC_REG
01813 case SW_REG:
01814 allow_softmode = 1;
01815 switchable = 0;
01816 break;
01817 #endif
01818 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
01819 case SW_DAC_DISABLE:
01820 allow_softmode = 0;
01821 value = rsbac_dac_disable;
01822 switchable = 3;
01823 break;
01824 #endif
01825 #ifdef CONFIG_RSBAC_SOFTMODE
01826 case SW_SOFTMODE:
01827 allow_softmode = 0;
01828 value = rsbac_softmode;
01829 switchable = (rsbac_softmode_prohibit?2:3);
01830 break;
01831 #endif
01832 #ifdef CONFIG_RSBAC_FREEZE
01833 case SW_FREEZE:
01834 allow_softmode = 0;
01835 value = rsbac_freeze;
01836 switchable = 1;
01837 break;
01838 #endif
01839 #ifdef CONFIG_RSBAC_MAC
01840 case SW_MAC:
01841 allow_softmode = 1;
01842 #ifdef CONFIG_RSBAC_SWITCH_MAC
01843 value = rsbac_switch_mac;
01844 #ifdef CONFIG_RSBAC_SWITCH_ON
01845 switchable = 3;
01846 #else
01847 switchable = 2;
01848 #endif
01849 #else
01850 switchable = 0;
01851 #endif
01852 break;
01853 #endif
01854 #ifdef CONFIG_RSBAC_PM
01855 case SW_PM:
01856 allow_softmode = 1;
01857 #ifdef CONFIG_RSBAC_SWITCH_PM
01858 value = rsbac_switch_pm;
01859 #ifdef CONFIG_RSBAC_SWITCH_ON
01860 switchable = 3;
01861 #else
01862 switchable = 2;
01863 #endif
01864 #else
01865 switchable = 0;
01866 #endif
01867 break;
01868 #endif
01869 #ifdef CONFIG_RSBAC_DAZ
01870 case SW_DAZ:
01871 allow_softmode = 1;
01872 #ifdef CONFIG_RSBAC_SWICHT_DAZ
01873 value = rsbac_switch_daz;
01874 switchable = 3;
01875 #else
01876 switchable = 0;
01877 #endif
01878 break;
01879 #endif
01880 #ifdef CONFIG_RSBAC_FF
01881 case SW_FF:
01882 allow_softmode = 1;
01883 #ifdef CONFIG_RSBAC_SWITCH_FF
01884 value = rsbac_switch_ff;
01885 switchable = 3;
01886 #else
01887 switchable = 0;
01888 #endif
01889 break;
01890 #endif
01891 #ifdef CONFIG_RSBAC_RC
01892 case SW_RC:
01893 allow_softmode = 1;
01894 #ifdef CONFIG_RSBAC_SWITCH_RC
01895 value = rsbac_switch_rc;
01896 #ifdef CONFIG_RSBAC_SWITCH_ON
01897 switchable = 3;
01898 #else
01899 switchable = 2;
01900 #endif
01901 #else
01902 switchable = 0;
01903 #endif
01904 break;
01905 #endif
01906 #ifdef CONFIG_RSBAC_AUTH
01907 case SW_AUTH:
01908 allow_softmode = 1;
01909 #ifdef CONFIG_RSBAC_SWITCH_AUTH
01910 value = rsbac_switch_auth;
01911 switchable = 3;
01912 #else
01913 switchable = 0;
01914 #endif
01915 break;
01916 #endif
01917 #ifdef CONFIG_RSBAC_ACL
01918 case SW_ACL:
01919 allow_softmode = 1;
01920 #ifdef CONFIG_RSBAC_SWITCH_ACL
01921 value = rsbac_switch_acl;
01922 switchable = 3;
01923 #else
01924 switchable = 0;
01925 #endif
01926 break;
01927 #endif
01928 #ifdef CONFIG_RSBAC_CAP
01929 case SW_CAP:
01930 allow_softmode = 1;
01931 #ifdef CONFIG_RSBAC_SWITCH_CAP
01932 value = rsbac_switch_cap;
01933 switchable = 3;
01934 #else
01935 switchable = 0;
01936 #endif
01937 break;
01938 #endif
01939 #ifdef CONFIG_RSBAC_JAIL
01940 case SW_JAIL:
01941 allow_softmode = 1;
01942 #ifdef CONFIG_RSBAC_SWITCH_JAIL
01943 value = rsbac_switch_jail;
01944 switchable = 3;
01945 #else
01946 switchable = 0;
01947 #endif
01948 break;
01949 #endif
01950 #ifdef CONFIG_RSBAC_RES
01951 case SW_RES:
01952 allow_softmode = 1;
01953 #ifdef CONFIG_RSBAC_SWITCH_RES
01954 value = rsbac_switch_res;
01955 switchable = 3;
01956 #else
01957 switchable = 0;
01958 #endif
01959 break;
01960 #endif
01961 #ifdef CONFIG_RSBAC_PAX
01962 case SW_PAX:
01963 allow_softmode = 1;
01964 #ifdef CONFIG_RSBAC_SWITCH_PAX
01965 value = rsbac_switch_pax;
01966 switchable = 3;
01967 #else
01968 switchable = 0;
01969 #endif
01970 break;
01971 #endif
01972 default:
01973 return -RSBAC_EINVALIDMODULE;
01974 }
01975
01976 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01977 if(allow_softmode) {
01978 value |= rsbac_ind_softmode[module] << 1;
01979 switchable |= (rsbac_softmode_prohibit?2:3) << 2;
01980 }
01981 #endif
01982 if(value_p)
01983 err = rsbac_put_user((u_char *) &value, (u_char *)value_p, sizeof(int));
01984 if(!err && switchable_p)
01985 err = rsbac_put_user((u_char *) &switchable, (u_char *)switchable_p, sizeof(int));
01986 return err;
01987 }
01988
01989
01990
01991 int sys_rsbac_mac_set_curr_level(rsbac_security_level_t level,
01992 rsbac_mac_category_vector_t * categories_p)
01993 {
01994 #ifdef CONFIG_RSBAC_MAC
01995 rsbac_mac_category_vector_t k_categories;
01996 int err;
01997
01998 if(!categories_p)
01999 return -RSBAC_EINVALIDPOINTER;
02000 err = rsbac_get_user((char *) &k_categories, (char *) categories_p, sizeof(k_categories));
02001 if(err)
02002 return err;
02003 return (rsbac_mac_set_curr_level(level, k_categories));
02004 #else
02005 return (-RSBAC_EINVALIDMODULE);
02006 #endif
02007 }
02008
02009 int sys_rsbac_mac_get_curr_level(rsbac_security_level_t * level_p,
02010 rsbac_mac_category_vector_t * categories_p)
02011 {
02012 #ifdef CONFIG_RSBAC_MAC
02013 int err = 0;
02014 rsbac_security_level_t k_level;
02015 rsbac_mac_category_vector_t k_categories;
02016
02017 err = rsbac_mac_get_curr_level(&k_level, &k_categories);
02018 if(err)
02019 return err;
02020 if(level_p)
02021 {
02022 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
02023 if(err)
02024 return err;
02025 }
02026 if(categories_p)
02027 {
02028 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
02029 }
02030 return err;
02031 #else
02032 return (-RSBAC_EINVALIDMODULE);
02033 #endif
02034 }
02035
02036 int sys_rsbac_mac_get_max_level(rsbac_security_level_t * level_p,
02037 rsbac_mac_category_vector_t * categories_p)
02038 {
02039 #ifdef CONFIG_RSBAC_MAC
02040 int err = 0;
02041 rsbac_security_level_t k_level;
02042 rsbac_mac_category_vector_t k_categories;
02043
02044 err = rsbac_mac_get_max_level(&k_level, &k_categories);
02045 if(err)
02046 return err;
02047 if(level_p)
02048 {
02049 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
02050 if(err)
02051 return err;
02052 }
02053 if(categories_p)
02054 {
02055 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
02056 }
02057 return err;
02058 #else
02059 return (-RSBAC_EINVALIDMODULE);
02060 #endif
02061 }
02062
02063 int sys_rsbac_mac_get_min_level(rsbac_security_level_t * level_p,
02064 rsbac_mac_category_vector_t * categories_p)
02065 {
02066 #ifdef CONFIG_RSBAC_MAC
02067 int err = 0;
02068 rsbac_security_level_t k_level;
02069 rsbac_mac_category_vector_t k_categories;
02070
02071 err = rsbac_mac_get_min_level(&k_level, &k_categories);
02072 if(err)
02073 return err;
02074 if(level_p)
02075 {
02076 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
02077 if(err)
02078 return err;
02079 }
02080 if(categories_p)
02081 {
02082 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
02083 }
02084 return err;
02085 #else
02086 return (-RSBAC_EINVALIDMODULE);
02087 #endif
02088 }
02089
02090
02091 int sys_rsbac_mac_add_p_tru(
02092 rsbac_list_ta_number_t ta_number,
02093 rsbac_pid_t pid,
02094 rsbac_uid_t uid,
02095 rsbac_time_t ttl)
02096 {
02097 #if defined(CONFIG_RSBAC_MAC)
02098 struct task_struct * task_p;
02099
02100 #ifdef CONFIG_RSBAC_FREEZE
02101 if(rsbac_freeze)
02102 {
02103 rsbac_printk(KERN_WARNING
02104 "sys_rsbac_mac_add_p_tru(): RSBAC configuration frozen, no administration allowed!\n");
02105 return -EPERM;
02106 }
02107 #endif
02108
02109 read_lock(&tasklist_lock);
02110 task_p = find_task_by_pid(pid);
02111 read_unlock(&tasklist_lock);
02112 if(!task_p)
02113 return(-RSBAC_EINVALIDTARGET);
02114
02115 return(rsbac_mac_add_p_tru(ta_number, pid, uid, ttl));
02116 #else
02117 return (-RSBAC_EINVALIDMODULE);
02118 #endif
02119 }
02120
02121 int sys_rsbac_mac_remove_p_tru(
02122 rsbac_list_ta_number_t ta_number,
02123 rsbac_pid_t pid,
02124 rsbac_uid_t uid)
02125 {
02126 #if defined(CONFIG_RSBAC_MAC)
02127 struct task_struct * task_p;
02128
02129 #ifdef CONFIG_RSBAC_FREEZE
02130 if(rsbac_freeze)
02131 {
02132 rsbac_printk(KERN_WARNING
02133 "sys_rsbac_mac_remove_p_tru(): RSBAC configuration frozen, no administration allowed!\n");
02134 return -EPERM;
02135 }
02136 #endif
02137
02138 read_lock(&tasklist_lock);
02139 task_p = find_task_by_pid(pid);
02140 read_unlock(&tasklist_lock);
02141 if(!task_p)
02142 return(-RSBAC_EINVALIDTARGET);
02143 return(rsbac_mac_remove_p_tru(ta_number, pid, uid));
02144 #else
02145 return (-RSBAC_EINVALIDMODULE);
02146 #endif
02147 }
02148
02149 int sys_rsbac_mac_add_f_tru(
02150 rsbac_list_ta_number_t ta_number,
02151 char * filename,
02152 rsbac_uid_t uid,
02153 rsbac_time_t ttl)
02154 {
02155 #if defined(CONFIG_RSBAC_MAC)
02156 struct dentry * t_dentry;
02157 int err = 0;
02158 enum rsbac_target_t target;
02159 union rsbac_target_id_t tid;
02160
02161 struct nameidata nd;
02162
02163 if(!filename)
02164 return(-RSBAC_EINVALIDTARGET);
02165
02166 #ifdef CONFIG_RSBAC_FREEZE
02167 if(rsbac_freeze)
02168 {
02169 rsbac_printk(KERN_WARNING
02170 "sys_rsbac_mac_add_f_tru(): RSBAC configuration frozen, no administration allowed!\n");
02171 return -EPERM;
02172 }
02173 #endif
02174
02175 if ((err = user_path_walk_link(filename, &nd)))
02176 {
02177 #ifdef CONFIG_RSBAC_DEBUG
02178 if (rsbac_debug_aef_mac)
02179 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_add_f_tru(): call to user_path_walk_link() returned %i\n", err);
02180 #endif
02181 goto out;
02182 }
02183 t_dentry = nd.dentry;
02184 if (!t_dentry->d_inode)
02185 {
02186 err = -RSBAC_EINVALIDTARGET;
02187 goto out_dput;
02188 }
02189
02190 if(S_ISREG(t_dentry->d_inode->i_mode))
02191 target = T_FILE;
02192 else
02193 if(S_ISDIR(t_dentry->d_inode->i_mode))
02194 target = T_DIR;
02195 else
02196 {
02197 err = -RSBAC_EINVALIDTARGET;
02198 goto out_dput;
02199 }
02200 tid.file.device = t_dentry->d_sb->s_dev;
02201 tid.file.inode = t_dentry->d_inode->i_ino;
02202 tid.file.dentry_p = t_dentry;
02203
02204 err = rsbac_mac_add_f_tru(ta_number, tid.file, uid, ttl);
02205
02206 out_dput:
02207 path_release(&nd);
02208 out:
02209 return(err);
02210
02211 #else
02212 return (-RSBAC_EINVALIDMODULE);
02213 #endif
02214 }
02215
02216 int sys_rsbac_mac_remove_f_tru(
02217 rsbac_list_ta_number_t ta_number,
02218 char * filename,
02219 rsbac_uid_t uid)
02220 {
02221 #if defined(CONFIG_RSBAC_MAC)
02222 struct dentry * t_dentry;
02223 int err = 0;
02224 enum rsbac_target_t target;
02225 union rsbac_target_id_t tid;
02226
02227 struct nameidata nd;
02228
02229 if(!filename)
02230 return(-RSBAC_EINVALIDTARGET);
02231
02232 #ifdef CONFIG_RSBAC_FREEZE
02233 if(rsbac_freeze)
02234 {
02235 rsbac_printk(KERN_WARNING
02236 "sys_rsbac_mac_remove_f_tru(): RSBAC configuration frozen, no administration allowed!\n");
02237 return -EPERM;
02238 }
02239 #endif
02240
02241 if ((err = user_path_walk_link(filename, &nd)))
02242 {
02243 #ifdef CONFIG_RSBAC_DEBUG
02244 if (rsbac_debug_aef_mac)
02245 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_remove_f_tru(): call to user_path_walk_link() returned %i\n", err);
02246 #endif
02247 goto out;
02248 }
02249 t_dentry = nd.dentry;
02250 if (!t_dentry->d_inode)
02251 {
02252 err = -RSBAC_EINVALIDTARGET;
02253 goto out_dput;
02254 }
02255
02256 if(S_ISREG(t_dentry->d_inode->i_mode))
02257 target = T_FILE;
02258 else
02259 if(S_ISDIR(t_dentry->d_inode->i_mode))
02260 target = T_DIR;
02261 else
02262 {
02263 err = -RSBAC_EINVALIDTARGET;
02264 goto out_dput;
02265 }
02266 tid.file.device = t_dentry->d_sb->s_dev;
02267 tid.file.inode = t_dentry->d_inode->i_ino;
02268 tid.file.dentry_p = t_dentry;
02269
02270 err = rsbac_mac_remove_f_tru(ta_number, tid.file, uid);
02271
02272 out_dput:
02273 path_release(&nd);
02274 out:
02275 return(err);
02276
02277 #else
02278 return (-RSBAC_EINVALIDMODULE);
02279 #endif
02280 }
02281
02282
02283 int sys_rsbac_mac_get_f_trulist(
02284 rsbac_list_ta_number_t ta_number,
02285 char * filename,
02286 rsbac_uid_t trulist[],
02287 rsbac_time_t ttllist[],
02288 u_int maxnum)
02289 {
02290 #if defined(CONFIG_RSBAC_MAC)
02291 struct dentry * t_dentry;
02292 int err = 0, tmperr = 0;
02293 enum rsbac_target_t target;
02294 union rsbac_target_id_t tid;
02295 rsbac_uid_t * k_trulist;
02296 rsbac_time_t * k_ttllist;
02297
02298 struct nameidata nd;
02299
02300 if(!filename)
02301 return(-RSBAC_EINVALIDTARGET);
02302 if(!trulist)
02303 return(-RSBAC_EINVALIDPOINTER);
02304 if(maxnum <= 0)
02305 return(-RSBAC_EINVALIDVALUE);
02306 if(maxnum > RSBAC_MAC_MAX_MAXNUM)
02307 maxnum = RSBAC_MAC_MAX_MAXNUM;
02308
02309 if ((err = user_path_walk_link(filename, &nd)))
02310 {
02311 #ifdef CONFIG_RSBAC_DEBUG
02312 if (rsbac_debug_aef_mac)
02313 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_get_f_trulist(): call to user_path_walk_link() returned %i\n", err);
02314 #endif
02315 goto out;
02316 }
02317 t_dentry = nd.dentry;
02318 if (!t_dentry->d_inode)
02319 {
02320 err = -RSBAC_EINVALIDTARGET;
02321 goto out_dput;
02322 }
02323
02324 if(S_ISREG(t_dentry->d_inode->i_mode))
02325 target = T_FILE;
02326 else
02327 if(S_ISDIR(t_dentry->d_inode->i_mode))
02328 target = T_DIR;
02329 else
02330 {
02331 err = -RSBAC_EINVALIDTARGET;
02332 goto out_dput;
02333 }
02334 tid.file.device = t_dentry->d_sb->s_dev;
02335 tid.file.inode = t_dentry->d_inode->i_ino;
02336 tid.file.dentry_p = t_dentry;
02337
02338 err = rsbac_mac_get_f_trulist(ta_number, tid.file, &k_trulist, &k_ttllist);
02339 if(err>0)
02340 {
02341 if(err > maxnum)
02342 err = maxnum;
02343 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist,
02344 sizeof(rsbac_uid_t) * err);
02345 if(tmperr < 0)
02346 err = tmperr;
02347 else
02348 {
02349 if(ttllist)
02350 {
02351 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
02352 sizeof(rsbac_time_t) * err);
02353 if(tmperr < 0)
02354 err = tmperr;
02355 }
02356 }
02357 rsbac_vfree(k_trulist);
02358 rsbac_vfree(k_ttllist);
02359 }
02360
02361 out_dput:
02362 path_release(&nd);
02363 out:
02364 return(err);
02365
02366 #else
02367 return (-RSBAC_EINVALIDMODULE);
02368 #endif
02369 }
02370
02371 int sys_rsbac_mac_get_p_trulist(
02372 rsbac_list_ta_number_t ta_number,
02373 rsbac_pid_t pid,
02374 rsbac_uid_t trulist[],
02375 rsbac_time_t ttllist[],
02376 u_int maxnum)
02377 {
02378 #if defined(CONFIG_RSBAC_MAC)
02379 int err = 0, tmperr = 0;
02380 union rsbac_target_id_t tid;
02381 rsbac_uid_t * k_trulist;
02382 rsbac_time_t * k_ttllist;
02383
02384 if(!pid)
02385 return(-RSBAC_EINVALIDTARGET);
02386 if(!trulist)
02387 return(-RSBAC_EINVALIDPOINTER);
02388 if(maxnum <= 0)
02389 return(-RSBAC_EINVALIDVALUE);
02390 if(maxnum > RSBAC_MAC_MAX_MAXNUM)
02391 maxnum = RSBAC_MAC_MAX_MAXNUM;
02392
02393 tid.process = pid;
02394
02395 err = rsbac_mac_get_p_trulist(ta_number, tid.process, &k_trulist, &k_ttllist);
02396 if(err>0)
02397 {
02398 if(err > maxnum)
02399 err = maxnum;
02400 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist,
02401 sizeof(rsbac_uid_t) * err);
02402 if(tmperr < 0)
02403 err = tmperr;
02404 else
02405 {
02406 if(ttllist)
02407 {
02408 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
02409 sizeof(rsbac_time_t) * err);
02410 if(tmperr < 0)
02411 err = tmperr;
02412 }
02413 }
02414 rsbac_vfree(k_trulist);
02415 rsbac_vfree(k_ttllist);
02416 }
02417
02418 return(err);
02419
02420 #else
02421 return (-RSBAC_EINVALIDMODULE);
02422 #endif
02423 }
02424
02425
02426
02427 int sys_rsbac_stats_pm(void)
02428 {
02429 #ifndef CONFIG_RSBAC_PM
02430 return (0);
02431 #else
02432 union rsbac_target_id_t rsbac_target_id;
02433 union rsbac_attribute_value_t rsbac_attribute_value;
02434
02435 #ifdef CONFIG_RSBAC_DEBUG
02436 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): calling ADF\n");
02437 #endif
02438 rsbac_target_id.scd = ST_rsbac;
02439 rsbac_attribute_value.dummy = 0;
02440 if (!rsbac_adf_request(R_GET_STATUS_DATA,
02441 current->pid,
02442 T_SCD,
02443 rsbac_target_id,
02444 A_none,
02445 rsbac_attribute_value))
02446 {
02447 return -EPERM;
02448 }
02449
02450 #ifdef CONFIG_RSBAC_DEBUG
02451 if (rsbac_debug_aef_pm)
02452 rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): getting RSBAC status!\n");
02453 #endif
02454 return(rsbac_stats_pm());
02455 #endif
02456 };
02457
02458 int sys_rsbac_pm(
02459 rsbac_list_ta_number_t ta_number,
02460 enum rsbac_pm_function_type_t function,
02461 union rsbac_pm_function_param_t * param_p,
02462 rsbac_pm_tkt_id_t ticket)
02463 {
02464 #ifndef CONFIG_RSBAC_PM
02465 return (-RSBAC_EINVALIDMODULE);
02466 #else
02467 union rsbac_pm_function_param_t k_param;
02468 int result;
02469
02470 if(function >= PF_none)
02471 return(-RSBAC_EINVALIDREQUEST);
02472 if(!param_p)
02473 return(-RSBAC_EINVALIDPOINTER);
02474 #ifdef CONFIG_RSBAC_DEBUG
02475 if (rsbac_debug_aef_pm)
02476 rsbac_printk(KERN_DEBUG "sys_rsbac_pm(): called for function %i!\n",
02477 function);
02478 #endif
02479
02480 #ifdef CONFIG_RSBAC_FREEZE
02481 if(rsbac_freeze)
02482 {
02483 rsbac_printk(KERN_WARNING
02484 "sys_rsbac_pm(): RSBAC configuration frozen, no administration allowed!\n");
02485 return -EPERM;
02486 }
02487 #endif
02488
02489
02490 rsbac_get_user((u_char *) &k_param, (u_char *) param_p, sizeof(k_param) );
02491
02492 lock_kernel();
02493 result = rsbac_pm(ta_number, function, k_param, ticket);
02494 unlock_kernel();
02495 return result;
02496 #endif
02497 }
02498
02499 int sys_rsbac_pm_change_current_task(rsbac_pm_task_id_t task)
02500 {
02501 #ifndef CONFIG_RSBAC_PM
02502 return (0);
02503 #else
02504 #ifdef CONFIG_RSBAC_DEBUG
02505 if (rsbac_debug_aef_pm)
02506 rsbac_printk(KERN_DEBUG
02507 "sys_rsbac_pm_change_current_task(): called for task %i!\n",
02508 task);
02509 #endif
02510
02511 return(rsbac_pm_change_current_task(task));
02512 #endif
02513 }
02514
02515 int sys_rsbac_pm_create_file(const char * filename,
02516 int mode,
02517 rsbac_pm_object_class_id_t class)
02518 {
02519 #ifndef CONFIG_RSBAC_PM
02520 return (-RSBAC_EINVALIDMODULE);
02521 #else
02522 if(!filename)
02523 return(-RSBAC_EINVALIDPOINTER);
02524 #ifdef CONFIG_RSBAC_DEBUG
02525 if (rsbac_debug_aef_pm)
02526 rsbac_printk(KERN_DEBUG
02527 "sys_rsbac_pm_create_file(): called with class %i!\n",
02528 class);
02529 #endif
02530
02531 return(rsbac_pm_create_file(filename, mode, class));
02532 #endif
02533 }
02534
02535
02536
02537 int sys_rsbac_daz_flush_cache(void)
02538 {
02539 #ifndef CONFIG_RSBAC_DAZ_CACHE
02540 return (0);
02541 #else
02542 #ifndef CONFIG_RSBAC_MAINT
02543 union rsbac_target_id_t i_tid;
02544 union rsbac_attribute_value_t i_attr_val1;
02545
02546
02547 i_tid.user = current->uid;
02548 if (rsbac_get_attr(SW_DAZ,
02549 T_USER,
02550 i_tid,
02551 A_daz_role,
02552 &i_attr_val1,
02553 TRUE))
02554 {
02555 rsbac_printk(KERN_WARNING
02556 "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
02557 return -EPERM;
02558 }
02559
02560 if ( (i_attr_val1.system_role != SR_security_officer)
02561 && (i_attr_val1.system_role != SR_administrator)
02562 )
02563 #ifdef CONFIG_RSBAC_SOFTMODE
02564 if( !rsbac_softmode
02565 #ifdef CONFIG_RSBAC_SOFTMODE_IND
02566 && !rsbac_ind_softmode[SW_DAZ]
02567 #endif
02568 )
02569 #endif
02570 return -EPERM;
02571 #endif
02572
02573 rsbac_printk(KERN_INFO
02574 "sys_rsbac_daz_flush_cache(): flushing DAZuko result cache!\n");
02575
02576 return(rsbac_daz_flush_cache());
02577 #endif
02578 }
02579
02580
02581
02582
02583 int sys_rsbac_rc_copy_role(
02584 rsbac_list_ta_number_t ta_number,
02585 rsbac_rc_role_id_t from_role,
02586 rsbac_rc_role_id_t to_role)
02587 {
02588 #if defined(CONFIG_RSBAC_RC)
02589 if( (from_role > RC_role_max_value)
02590 || (from_role > RC_role_max_value))
02591 return(-RSBAC_EINVALIDVALUE);
02592 #ifdef CONFIG_RSBAC_DEBUG
02593 if (rsbac_debug_aef_rc)
02594 rsbac_printk(KERN_DEBUG
02595 "sys_rsbac_rc_copy_role(): from %i, to %i!\n",
02596 from_role, to_role);
02597 #endif
02598 #ifdef CONFIG_RSBAC_FREEZE
02599 if(rsbac_freeze)
02600 {
02601 rsbac_printk(KERN_WARNING
02602 "sys_rsbac_rc_copy_role(): RSBAC configuration frozen, no administration allowed!\n");
02603 return -EPERM;
02604 }
02605 #endif
02606
02607
02608 return(rsbac_rc_sys_copy_role(ta_number, from_role, to_role));
02609 #else
02610 return (-RSBAC_EINVALIDMODULE);
02611 #endif
02612 }
02613
02614 int sys_rsbac_rc_copy_type(
02615 rsbac_list_ta_number_t ta_number,
02616 enum rsbac_rc_target_t target,
02617 rsbac_rc_type_id_t from_type,
02618 rsbac_rc_type_id_t to_type)
02619 {
02620 #if defined(CONFIG_RSBAC_RC)
02621 if( (from_type > RC_type_max_value)
02622 || (from_type > RC_type_max_value))
02623 return(-RSBAC_EINVALIDVALUE);
02624 #ifdef CONFIG_RSBAC_DEBUG
02625 if (rsbac_debug_aef_rc)
02626 rsbac_printk(KERN_DEBUG
02627 "sys_rsbac_rc_copy_type(): from %i, to %i!\n",
02628 from_type, to_type);
02629 #endif
02630 #ifdef CONFIG_RSBAC_FREEZE
02631 if(rsbac_freeze)
02632 {
02633 rsbac_printk(KERN_WARNING
02634 "sys_rsbac_rc_copy_type(): RSBAC configuration frozen, no administration allowed!\n");
02635 return -EPERM;
02636 }
02637 #endif
02638
02639
02640 return(rsbac_rc_sys_copy_type(ta_number, target, from_type, to_type));
02641 #else
02642 return (-RSBAC_EINVALIDMODULE);
02643 #endif
02644 }
02645
02646
02647 int sys_rsbac_rc_get_item (
02648 rsbac_list_ta_number_t ta_number,
02649 enum rsbac_rc_target_t target,
02650 union rsbac_rc_target_id_t * tid_p,
02651 union rsbac_rc_target_id_t * subtid_p,
02652 enum rsbac_rc_item_t item,
02653 union rsbac_rc_item_value_t * value_p,
02654 rsbac_time_t * ttl_p)
02655 {
02656 #if defined(CONFIG_RSBAC_RC)
02657 union rsbac_rc_target_id_t k_tid;
02658 union rsbac_rc_target_id_t k_subtid;
02659 union rsbac_rc_item_value_t k_value;
02660 rsbac_time_t k_ttl;
02661 int err = 0;
02662
02663 if( (target >= RT_NONE)
02664 || (item >= RI_none))
02665 return(-RSBAC_EINVALIDVALUE);
02666
02667 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02668 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) );
02669 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02670 #ifdef CONFIG_RSBAC_DEBUG
02671 if (rsbac_debug_aef_rc)
02672 rsbac_printk(KERN_DEBUG
02673 "sys_rsbac_rc_get_item(): target %i, item %i!\n",
02674 target, item);
02675 #endif
02676
02677 err = rsbac_rc_sys_get_item(ta_number, target, k_tid, k_subtid,
02678 item, &k_value, &k_ttl);
02679
02680 if(!err)
02681 {
02682 err = rsbac_put_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02683 if(!err && ttl_p)
02684 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) );
02685 }
02686 return (err);
02687 #else
02688 return (-RSBAC_EINVALIDMODULE);
02689 #endif
02690 }
02691
02692
02693 int sys_rsbac_rc_set_item(
02694 rsbac_list_ta_number_t ta_number,
02695 enum rsbac_rc_target_t target,
02696 union rsbac_rc_target_id_t * tid_p,
02697 union rsbac_rc_target_id_t * subtid_p,
02698 enum rsbac_rc_item_t item,
02699 union rsbac_rc_item_value_t * value_p,
02700 rsbac_time_t ttl)
02701 {
02702 #if defined(CONFIG_RSBAC_RC)
02703 union rsbac_rc_target_id_t k_tid;
02704 union rsbac_rc_target_id_t k_subtid;
02705 union rsbac_rc_item_value_t k_value;
02706
02707 if( (target >= RT_NONE)
02708 || (item >= RI_none))
02709 return(-RSBAC_EINVALIDVALUE);
02710
02711 #ifdef CONFIG_RSBAC_FREEZE
02712 if(rsbac_freeze)
02713 {
02714 rsbac_printk(KERN_WARNING
02715 "sys_rsbac_rc_set_item(): RSBAC configuration frozen, no administration allowed!\n");
02716 return -EPERM;
02717 }
02718 #endif
02719
02720
02721 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02722 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) );
02723 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02724 #ifdef CONFIG_RSBAC_DEBUG
02725 if (rsbac_debug_aef_rc)
02726 rsbac_printk(KERN_DEBUG
02727 "sys_rsbac_rc_set_item(): target %i, item %i!\n",
02728 target, item);
02729 #endif
02730
02731 return rsbac_rc_sys_set_item(ta_number, target, k_tid, k_subtid, item, k_value, ttl);
02732 #else
02733 return (-RSBAC_EINVALIDMODULE);
02734 #endif
02735 }
02736
02737 int sys_rsbac_rc_get_list(
02738 rsbac_list_ta_number_t ta_number,
02739 enum rsbac_rc_target_t target,
02740 union rsbac_rc_target_id_t * tid_p,
02741 enum rsbac_rc_item_t item,
02742 u_int maxnum,
02743 __u32 * array_p,
02744 rsbac_time_t * ttl_array_p)
02745 {
02746 #if defined(CONFIG_RSBAC_RC)
02747 union rsbac_rc_target_id_t k_tid;
02748 int err;
02749
02750 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02751 if(array_p)
02752 {
02753 __u32 * k_array_p;
02754 rsbac_time_t * k_ttl_array_p;
02755
02756 if(!maxnum)
02757 return -RSBAC_EINVALIDVALUE;
02758
02759 err = rsbac_rc_get_list(ta_number, target, k_tid, item,
02760 &k_array_p, &k_ttl_array_p);
02761
02762 if(err > 0)
02763 {
02764 int tmperr;
02765
02766 if(err > maxnum)
02767 err = maxnum;
02768 tmperr = rsbac_put_user((u_char *) k_array_p, (u_char *) array_p, err * sizeof(*k_array_p) );
02769 if(tmperr)
02770 err = tmperr;
02771 rsbac_vfree(k_array_p);
02772 if(k_ttl_array_p && ttl_array_p)
02773 {
02774 tmperr = rsbac_put_user((u_char *) k_ttl_array_p, (u_char *) ttl_array_p, err * sizeof(*k_ttl_array_p) );
02775 if(tmperr)
02776 err = tmperr;
02777 }
02778 rsbac_vfree(k_ttl_array_p);
02779 }
02780 return (err);
02781 }
02782 else
02783 return rsbac_rc_get_list(ta_number, target, k_tid, item, NULL, NULL);
02784 #else
02785 return (-RSBAC_EINVALIDMODULE);
02786 #endif
02787 };
02788
02789
02790 int sys_rsbac_rc_change_role (rsbac_rc_role_id_t role, char * pass)
02791 {
02792 #if defined(CONFIG_RSBAC_RC)
02793 if(role > RC_role_max_value)
02794 return(-RSBAC_EINVALIDVALUE);
02795 #ifdef CONFIG_RSBAC_DEBUG
02796 if (rsbac_debug_aef_rc)
02797 rsbac_printk(KERN_DEBUG
02798 "sys_rsbac_rc_change_role(): role %i!\n",
02799 role);
02800 #endif
02801
02802 return rsbac_rc_sys_change_role(role, pass);
02803 #else
02804 return (-RSBAC_EINVALIDMODULE);
02805 #endif
02806 }
02807
02808
02809 int sys_rsbac_rc_get_eff_rights_n(
02810 rsbac_list_ta_number_t ta_number,
02811 enum rsbac_target_t target,
02812 char * t_name,
02813 rsbac_rc_request_vector_t * request_vector_p,
02814 rsbac_time_t * ttl_p)
02815 {
02816 #if defined(CONFIG_RSBAC_RC)
02817 struct dentry * t_dentry;
02818 int err = 0;
02819 rsbac_rc_request_vector_t k_req_vec;
02820 rsbac_time_t k_ttl;
02821 union rsbac_target_id_t tid;
02822
02823 struct nameidata nd;
02824
02825 if(!t_name || (target >= T_NONE))
02826 return(-RSBAC_EINVALIDTARGET);
02827
02828 if ((err = user_path_walk_link(t_name, &nd)))
02829 {
02830 #ifdef CONFIG_RSBAC_DEBUG
02831 if (rsbac_debug_aef_rc)
02832 rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): call to user_path_walk_link() returned %i\n", err);
02833 #endif
02834 goto out;
02835 }
02836 t_dentry = nd.dentry;
02837 if (!t_dentry->d_inode)
02838 {
02839 err = -RSBAC_EINVALIDTARGET;
02840 goto out_dput;
02841 }
02842
02843 switch (target)
02844 {
02845 case T_FD:
02846 if(S_ISREG(t_dentry->d_inode->i_mode))
02847 {
02848 target = T_FILE;
02849 }
02850 else
02851 if(S_ISDIR(t_dentry->d_inode->i_mode))
02852 {
02853 target = T_DIR;
02854 }
02855 else
02856 if(S_ISLNK(t_dentry->d_inode->i_mode))
02857 {
02858 target = T_SYMLINK;
02859 }
02860 else
02861 if(S_ISFIFO(t_dentry->d_inode->i_mode))
02862 {
02863 target = T_FIFO;
02864 }
02865 else
02866 if(S_ISSOCK(t_dentry->d_inode->i_mode))
02867 {
02868 target = T_UNIXSOCK;
02869 }
02870 else
02871 if(S_ISBLK(t_dentry->d_inode->i_mode))
02872 {
02873 target = T_FILE;
02874 }
02875 else
02876 if(S_ISCHR(t_dentry->d_inode->i_mode))
02877 {
02878 target = T_FILE;
02879 }
02880 else
02881 {
02882 #ifdef CONFIG_RSBAC_DEBUG
02883 if (rsbac_debug_aef)
02884 rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): no filesystem object\n");
02885 #endif
02886 err = -RSBAC_EINVALIDTARGET;
02887 goto out_dput;
02888 }
02889 break;
02890
02891 case T_FILE:
02892
02893 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
02894 && !(S_ISBLK(t_dentry->d_inode->i_mode))
02895 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
02896 {
02897 err = -RSBAC_EINVALIDTARGET;
02898 goto out_dput;
02899 }
02900 break;
02901
02902 case T_DIR:
02903 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
02904 {
02905 err = -RSBAC_EINVALIDTARGET;
02906 goto out_dput;
02907 }
02908 break;
02909
02910 case T_FIFO:
02911
02912 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
02913 {
02914 err = -RSBAC_EINVALIDTARGET;
02915 goto out_dput;
02916 }
02917 break;
02918
02919 case T_UNIXSOCK:
02920
02921 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode)))
02922 {
02923 err = -RSBAC_EINVALIDTARGET;
02924 goto out_dput;
02925 }
02926 break;
02927
02928 case T_SYMLINK:
02929
02930 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
02931 {
02932 err = -RSBAC_EINVALIDTARGET;
02933 goto out_dput;
02934 }
02935 break;
02936
02937 case T_DEV:
02938
02939 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
02940 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
02941 {
02942 err = -RSBAC_EINVALIDTARGET;
02943 goto out_dput;
02944 }
02945 break;
02946
02947 default:
02948 err = -RSBAC_EINVALIDTARGET;
02949 goto out_dput;
02950 }
02951
02952 if(target == T_DEV)
02953 {
02954 if(S_ISBLK(t_dentry->d_inode->i_mode))
02955 tid.dev.type = D_block;
02956 else
02957 tid.dev.type = D_char;
02958 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
02959 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
02960 }
02961 else
02962 {
02963
02964 tid.file.device = t_dentry->d_sb->s_dev;
02965 tid.file.inode = t_dentry->d_inode->i_ino;
02966 tid.file.dentry_p = t_dentry;
02967 }
02968 err = rsbac_rc_sys_get_eff_rights(ta_number, target, tid, &k_req_vec, &k_ttl);
02969
02970 if(!err)
02971 {
02972 err = rsbac_put_user((u_char *) &k_req_vec, (u_char *) request_vector_p, sizeof(k_req_vec) );
02973 if(!err && ttl_p)
02974 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) );
02975 }
02976
02977 out_dput:
02978 path_release(&nd);
02979
02980 out:
02981 return(err);
02982 #else
02983 return (-RSBAC_EINVALIDMODULE);
02984 #endif
02985 }
02986
02987
02988 int sys_rsbac_rc_get_current_role (rsbac_rc_role_id_t * role_p)
02989 {
02990 #if defined(CONFIG_RSBAC_RC)
02991 rsbac_rc_role_id_t k_role;
02992 int err;
02993
02994 if(!role_p)
02995 return(-RSBAC_EINVALIDPOINTER);
02996
02997 err = rsbac_rc_sys_get_current_role(&k_role);
02998 if(!err)
02999 {
03000 err = rsbac_put_user((u_char *) &k_role, (u_char *) role_p, sizeof(k_role) );
03001 }
03002 return err;
03003 #else
03004 return (-RSBAC_EINVALIDMODULE);
03005 #endif
03006 }
03007
03008 int sys_rsbac_rc_select_fd_create_type(rsbac_rc_type_id_t type)
03009 {
03010 #if defined(CONFIG_RSBAC_RC)
03011 int err;
03012
03013 err = rsbac_rc_select_fd_create_type(type);
03014
03015 return err;
03016 #else
03017 return (-RSBAC_EINVALIDMODULE);
03018 #endif
03019 }
03020
03021
03022
03023
03024
03025 int sys_rsbac_auth_add_p_cap(
03026 rsbac_list_ta_number_t ta_number,
03027 rsbac_pid_t pid,
03028 enum rsbac_auth_cap_type_t cap_type,
03029 struct rsbac_auth_cap_range_t cap_range,
03030 rsbac_time_t ttl)
03031 {
03032 #if defined(CONFIG_RSBAC_AUTH)
03033 struct task_struct * task_p;
03034
03035 if(cap_type >= ACT_none)
03036 return(-RSBAC_EINVALIDTARGET);
03037 if(cap_range.first > cap_range.last)
03038 return(-RSBAC_EINVALIDVALUE);
03039 if( (cap_range.first > RSBAC_AUTH_MAX_RANGE_UID)
03040 || (cap_range.last > RSBAC_AUTH_MAX_RANGE_UID)
03041 )
03042 return -RSBAC_EINVALIDVALUE;
03043
03044 #ifdef CONFIG_RSBAC_FREEZE
03045 if(rsbac_freeze)
03046 {
03047 rsbac_printk(KERN_WARNING
03048 "sys_rsbac_auth_add_p_cap(): RSBAC configuration frozen, no administration allowed!\n");
03049 return -EPERM;
03050 }
03051 #endif
03052
03053 read_lock(&tasklist_lock);
03054 task_p = find_task_by_pid(pid);
03055 read_unlock(&tasklist_lock);
03056 if(!task_p)
03057 return(-RSBAC_EINVALIDTARGET);
03058
03059
03060
03061 return(rsbac_auth_add_p_cap(ta_number, pid, cap_type, cap_range, ttl));
03062 #else
03063 return (-RSBAC_EINVALIDMODULE);
03064 #endif
03065 }
03066
03067 int sys_rsbac_auth_remove_p_cap(
03068 rsbac_list_ta_number_t ta_number,
03069 rsbac_pid_t pid,
03070 enum rsbac_auth_cap_type_t cap_type,
03071 struct rsbac_auth_cap_range_t cap_range)
03072 {
03073 #if defined(CONFIG_RSBAC_AUTH)
03074 struct task_struct * task_p;
03075
03076 if(cap_type >= ACT_none)
03077 return(-RSBAC_EINVALIDTARGET);
03078 if(cap_range.first > cap_range.last)
03079 return(-RSBAC_EINVALIDVALUE);
03080
03081 #ifdef CONFIG_RSBAC_FREEZE
03082 if(rsbac_freeze)
03083 {
03084 rsbac_printk(KERN_WARNING
03085 "sys_rsbac_auth_remove_p_cap(): RSBAC configuration frozen, no administration allowed!\n");
03086 return -EPERM;
03087 }
03088 #endif
03089
03090 read_lock(&tasklist_lock);
03091 task_p = find_task_by_pid(pid);
03092 read_unlock(&tasklist_lock);
03093 if(!task_p)
03094 return(-RSBAC_EINVALIDTARGET);
03095
03096
03097 return(rsbac_auth_remove_p_cap(ta_number, pid, cap_type, cap_range));
03098 #else
03099 return (-RSBAC_EINVALIDMODULE);
03100 #endif
03101 }
03102
03103 int sys_rsbac_auth_add_f_cap(
03104 rsbac_list_ta_number_t ta_number,
03105 char * filename,
03106 enum rsbac_auth_cap_type_t cap_type,
03107 struct rsbac_auth_cap_range_t cap_range,
03108 rsbac_time_t ttl)
03109 {
03110 #if defined(CONFIG_RSBAC_AUTH)
03111 struct dentry * t_dentry;
03112 int err = 0;
03113 enum rsbac_target_t target;
03114 union rsbac_target_id_t tid;
03115 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03116 union rsbac_attribute_value_t rsbac_attribute_value;
03117 #endif
03118
03119 struct nameidata nd;
03120
03121 if(cap_range.first > cap_range.last)
03122 return(-RSBAC_EINVALIDVALUE);
03123
03124 if(!filename)
03125 return(-RSBAC_EINVALIDTARGET);
03126 if(cap_type >= ACT_none)
03127 return(-RSBAC_EINVALIDTARGET);
03128 if(cap_range.first > cap_range.last)
03129 return(-RSBAC_EINVALIDVALUE);
03130
03131 #ifdef CONFIG_RSBAC_FREEZE
03132 if(rsbac_freeze)
03133 {
03134 rsbac_printk(KERN_WARNING
03135 "sys_rsbac_auth_add_f_cap(): RSBAC configuration frozen, no administration allowed!\n");
03136 return -EPERM;
03137 }
03138 #endif
03139
03140 if ((err = user_path_walk_link(filename, &nd)))
03141 {
03142 #ifdef CONFIG_RSBAC_DEBUG
03143 if (rsbac_debug_aef_auth)
03144 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): call to user_path_walk_link() returned %i\n", err);
03145 #endif
03146 goto out;
03147 }
03148 t_dentry = nd.dentry;
03149 if (!t_dentry->d_inode)
03150 {
03151 err = -RSBAC_EINVALIDTARGET;
03152 goto out_dput;
03153 }
03154
03155 if(S_ISREG(t_dentry->d_inode->i_mode))
03156 target = T_FILE;
03157 else
03158 if(S_ISDIR(t_dentry->d_inode->i_mode))
03159 target = T_DIR;
03160 else
03161 {
03162 err = -RSBAC_EINVALIDTARGET;
03163 goto out_dput;
03164 }
03165 tid.file.device = t_dentry->d_sb->s_dev;
03166 tid.file.inode = t_dentry->d_inode->i_ino;
03167 tid.file.dentry_p = t_dentry;
03168 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03169
03170 #ifdef CONFIG_RSBAC_DEBUG
03171 if (rsbac_debug_aef)
03172 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n");
03173 #endif
03174 rsbac_attribute_value.auth_cap_range = cap_range;
03175 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
03176 current->pid,
03177 target,
03178 tid,
03179 A_auth_add_f_cap,
03180 rsbac_attribute_value))
03181 {
03182 err = -EPERM;
03183 }
03184 else
03185 #endif
03186 err = rsbac_auth_add_f_cap(ta_number, tid.file, cap_type, cap_range, ttl);
03187
03188 out_dput:
03189 path_release(&nd);
03190 out:
03191 return(err);
03192
03193 #else
03194 return (-RSBAC_EINVALIDMODULE);
03195 #endif
03196 };
03197
03198 int sys_rsbac_auth_remove_f_cap(
03199 rsbac_list_ta_number_t ta_number,
03200 char * filename,
03201 enum rsbac_auth_cap_type_t cap_type,
03202 struct rsbac_auth_cap_range_t cap_range)
03203 {
03204 #if defined(CONFIG_RSBAC_AUTH)
03205 struct dentry * t_dentry;
03206 int err = 0;
03207 enum rsbac_target_t target;
03208 union rsbac_target_id_t tid;
03209
03210
03211 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03212 union rsbac_attribute_value_t rsbac_attribute_value;
03213 #endif
03214
03215 struct nameidata nd;
03216
03217 if(!filename)
03218 return(-RSBAC_EINVALIDTARGET);
03219 if(cap_type >= ACT_none)
03220 return(-RSBAC_EINVALIDTARGET);
03221 if(cap_range.first > cap_range.last)
03222 return(-RSBAC_EINVALIDVALUE);
03223
03224 #ifdef CONFIG_RSBAC_FREEZE
03225 if(rsbac_freeze)
03226 {
03227 rsbac_printk(KERN_WARNING
03228 "sys_rsbac_auth_remove_f_cap(): RSBAC configuration frozen, no administration allowed!\n");
03229 return -EPERM;
03230 }
03231 #endif
03232
03233 if ((err = user_path_walk_link(filename, &nd)))
03234 {
03235 #ifdef CONFIG_RSBAC_DEBUG
03236 if (rsbac_debug_aef_auth)
03237 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_remove_f_cap(): call to user_path_walk_link() returned %i\n", err);
03238 #endif
03239 goto out;
03240 }
03241 t_dentry = nd.dentry;
03242 if (!t_dentry->d_inode)
03243 {
03244 err = -RSBAC_EINVALIDTARGET;
03245 goto out_dput;
03246 }
03247
03248 if(S_ISREG(t_dentry->d_inode->i_mode))
03249 target = T_FILE;
03250 else
03251 if(S_ISDIR(t_dentry->d_inode->i_mode))
03252 target = T_DIR;
03253 else
03254 {
03255 err = -RSBAC_EINVALIDTARGET;
03256 goto out_dput;
03257 }
03258 tid.file.device = t_dentry->d_sb->s_dev;
03259 tid.file.inode = t_dentry->d_inode->i_ino;
03260 tid.file.dentry_p = t_dentry;
03261 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03262
03263 #ifdef CONFIG_RSBAC_DEBUG
03264 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n");
03265 #endif
03266 rsbac_attribute_value.auth_cap_range = cap_range;
03267 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
03268 current->pid,
03269 target,
03270 tid,
03271 A_auth_remove_f_cap,
03272 rsbac_attribute_value))
03273 {
03274 err = -EPERM;
03275 }
03276 else
03277 #endif
03278 err = rsbac_auth_remove_f_cap(ta_number, tid.file, cap_type, cap_range);
03279
03280 out_dput:
03281 path_release(&nd);
03282 out:
03283 return(err);
03284
03285 #else
03286 return (-RSBAC_EINVALIDMODULE);
03287 #endif
03288 }
03289
03290
03291 int sys_rsbac_auth_get_f_caplist(
03292 rsbac_list_ta_number_t ta_number,
03293 char * filename,
03294 enum rsbac_auth_cap_type_t cap_type,
03295 struct rsbac_auth_cap_range_t caplist[],
03296 rsbac_time_t ttllist[],
03297 u_int maxnum)
03298 {
03299 #if defined(CONFIG_RSBAC_AUTH)
03300 struct dentry * t_dentry;
03301 int err = 0, tmperr = 0;
03302 enum rsbac_target_t target;
03303 union rsbac_target_id_t tid;
03304 struct rsbac_auth_cap_range_t * k_caplist;
03305 rsbac_time_t * k_ttllist;
03306
03307
03308 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03309 union rsbac_attribute_value_t rsbac_attribute_value;
03310 #endif
03311
03312 struct nameidata nd;
03313
03314 if(!filename)
03315 return(-RSBAC_EINVALIDTARGET);
03316 if(cap_type >= ACT_none)
03317 return(-RSBAC_EINVALIDTARGET);
03318 if(!caplist)
03319 return(-RSBAC_EINVALIDPOINTER);
03320 if(maxnum <= 0)
03321 return(-RSBAC_EINVALIDVALUE);
03322 if(maxnum > RSBAC_AUTH_MAX_MAXNUM)
03323 maxnum = RSBAC_AUTH_MAX_MAXNUM;
03324
03325 if ((err = user_path_walk_link(filename, &nd)))
03326 {
03327 #ifdef CONFIG_RSBAC_DEBUG
03328 if (rsbac_debug_aef_auth)
03329 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): call to user_path_walk_link() returned %i\n", err);
03330 #endif
03331 goto out;
03332 }
03333 t_dentry = nd.dentry;
03334 if (!t_dentry->d_inode)
03335 {
03336 err = -RSBAC_EINVALIDTARGET;
03337 goto out_dput;
03338 }
03339
03340 if(S_ISREG(t_dentry->d_inode->i_mode))
03341 target = T_FILE;
03342 else
03343 if(S_ISDIR(t_dentry->d_inode->i_mode))
03344 target = T_DIR;
03345 else
03346 {
03347 err = -RSBAC_EINVALIDTARGET;
03348 goto out_dput;
03349 }
03350 tid.file.device = t_dentry->d_sb->s_dev;
03351 tid.file.inode = t_dentry->d_inode->i_ino;
03352 tid.file.dentry_p = t_dentry;
03353 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03354
03355 #ifdef CONFIG_RSBAC_DEBUG
03356 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): calling ADF\n");
03357 #endif
03358 rsbac_attribute_value.dummy = 0;
03359 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
03360 current->pid,
03361 target,
03362 tid,
03363 A_auth_get_caplist,
03364 rsbac_attribute_value))
03365 {
03366 err = -EPERM;
03367 goto out_dput;
03368 }
03369 #endif
03370 err = rsbac_auth_get_f_caplist(ta_number, tid.file, cap_type, &k_caplist, &k_ttllist);
03371 if(err>0)
03372 {
03373 if(err > maxnum)
03374 err = maxnum;
03375 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist,
03376 sizeof(struct rsbac_auth_cap_range_t) * err);
03377 if(tmperr < 0)
03378 err = tmperr;
03379 else
03380 {
03381 if(ttllist)
03382 {
03383 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
03384 sizeof(rsbac_time_t) * err);
03385 if(tmperr < 0)
03386 err = tmperr;
03387 }
03388 }
03389 rsbac_vfree(k_caplist);
03390 rsbac_vfree(k_ttllist);
03391 }
03392
03393 out_dput:
03394 path_release(&nd);
03395 out:
03396 return(err);
03397
03398 #else
03399 return (-RSBAC_EINVALIDMODULE);
03400 #endif
03401 }
03402
03403 int sys_rsbac_auth_get_p_caplist(
03404 rsbac_list_ta_number_t ta_number,
03405 rsbac_pid_t pid,
03406 enum rsbac_auth_cap_type_t cap_type,
03407 struct rsbac_auth_cap_range_t caplist[],
03408 rsbac_time_t ttllist[],
03409 u_int maxnum)
03410 {
03411 #if defined(CONFIG_RSBAC_AUTH)
03412 int err = 0, tmperr = 0;
03413 union rsbac_target_id_t tid;
03414 struct rsbac_auth_cap_range_t * k_caplist;
03415 rsbac_time_t * k_ttllist;
03416
03417
03418 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03419 union rsbac_attribute_value_t rsbac_attribute_value;
03420 #endif
03421
03422 if(!pid)
03423 return(-RSBAC_EINVALIDTARGET);
03424 if(cap_type >= ACT_none)
03425 return(-RSBAC_EINVALIDTARGET);
03426 if(!caplist)
03427 return(-RSBAC_EINVALIDPOINTER);
03428 if(maxnum <= 0)
03429 return(-RSBAC_EINVALIDVALUE);
03430 if(maxnum > RSBAC_AUTH_MAX_MAXNUM)
03431 maxnum = RSBAC_AUTH_MAX_MAXNUM;
03432
03433 tid.process = pid;
03434 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03435
03436 #ifdef CONFIG_RSBAC_DEBUG
03437 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_p_caplist(): calling ADF\n");
03438 #endif
03439 rsbac_attribute_value.dummy = 0;
03440 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
03441 current->pid,
03442 T_PROCESS,
03443 tid,
03444 A_auth_get_caplist,
03445 rsbac_attribute_value))
03446 {
03447 return -EPERM;
03448 }
03449 #endif
03450 err = rsbac_auth_get_p_caplist(ta_number, tid.process, cap_type,
03451 &k_caplist, &k_ttllist);
03452 if(err>0)
03453 {
03454 if(err > maxnum)
03455 err = maxnum;
03456 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist,
03457 sizeof(struct rsbac_auth_cap_range_t) * err);
03458 if(tmperr < 0)
03459 err = tmperr;
03460 else
03461 {
03462 if(ttllist)
03463 {
03464 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
03465 sizeof(rsbac_time_t) * err);
03466 if(tmperr < 0)
03467 err = tmperr;
03468 }
03469 }
03470 rsbac_vfree(k_caplist);
03471 rsbac_vfree(k_ttllist);
03472 }
03473
03474 return(err);
03475
03476 #else
03477 return (-RSBAC_EINVALIDMODULE);
03478 #endif
03479 }
03480
03481
03482
03483
03484 int sys_rsbac_reg(rsbac_reg_handle_t handle,
03485 void * arg)
03486 {
03487 #if defined(CONFIG_RSBAC_REG)
03488 return rsbac_reg_syscall(handle, arg);
03489 #else
03490 return (-RSBAC_EINVALIDMODULE);
03491 #endif
03492 }
03493
03494
03495
03496
03497
03498 int sys_rsbac_acl(
03499 rsbac_list_ta_number_t ta_number,
03500 enum rsbac_acl_syscall_type_t call,
03501 struct rsbac_acl_syscall_arg_t * arg)
03502 {
03503 #if defined(CONFIG_RSBAC_ACL)
03504 struct rsbac_acl_syscall_arg_t k_arg;
03505
03506 int err = 0;
03507
03508 if(call >= ACLC_none)
03509 return(-RSBAC_EINVALIDREQUEST);
03510 if(!arg)
03511 return(-RSBAC_EINVALIDPOINTER);
03512
03513
03514 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03515 if(err < 0)
03516 return err;
03517
03518 if(k_arg.target >= T_NONE)
03519 return(-RSBAC_EINVALIDTARGET);
03520
03521
03522
03523 #ifdef CONFIG_RSBAC_FREEZE
03524 if(rsbac_freeze)
03525 {
03526 rsbac_printk(KERN_WARNING
03527 "sys_rsbac_acl(): RSBAC configuration frozen, no administration allowed!\n");
03528 return -EPERM;
03529 }
03530 #endif
03531
03532 if(call != ACLC_set_mask)
03533 {
03534 switch(k_arg.subj_type)
03535 {
03536 case ACLS_USER:
03537 break;
03538 case ACLS_GROUP:
03539 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03540 {
03541 struct rsbac_acl_group_entry_t entry;
03542 rsbac_uid_t caller;
03543
03544 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03545 || rsbac_get_owner(&caller)
03546 || ( (entry.owner != caller)
03547 && (entry.type != ACLG_GLOBAL)
03548 )
03549 )
03550 return(-RSBAC_EINVALIDVALUE);
03551 }
03552 break;
03553 #if defined(CONFIG_RSBAC_RC)
03554 case ACLS_ROLE:
03555 if(k_arg.subj_id > RC_role_max_value)
03556 {
03557 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid role %u!\n", k_arg.subj_id);
03558 return(-RSBAC_EINVALIDVALUE);
03559 }
03560 break;
03561 #endif
03562 default:
03563 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid subject type %u!\n", k_arg.subj_type);
03564 return(-RSBAC_EINVALIDVALUE);
03565 }
03566 if( (call == ACLC_remove_user)
03567 && (k_arg.target != T_USER)
03568 )
03569 return -RSBAC_EINVALIDTARGET;
03570
03571 }
03572
03573
03574 switch(call)
03575 {
03576 case ACLC_set_acl_entry:
03577 err = rsbac_acl_sys_set_acl_entry(ta_number,
03578 k_arg.target,
03579 k_arg.tid,
03580 k_arg.subj_type,
03581 k_arg.subj_id,
03582 k_arg.rights,
03583 k_arg.ttl);
03584 break;
03585 case ACLC_remove_acl_entry:
03586 err = rsbac_acl_sys_remove_acl_entry(ta_number,
03587 k_arg.target,
03588 k_arg.tid,
03589 k_arg.subj_type,
03590 k_arg.subj_id);
03591 break;
03592 case ACLC_remove_acl:
03593 err = rsbac_acl_sys_remove_acl(ta_number,
03594 k_arg.target,
03595 k_arg.tid);
03596 break;
03597 case ACLC_add_to_acl_entry:
03598 err = rsbac_acl_sys_add_to_acl_entry(ta_number,
03599 k_arg.target,
03600 k_arg.tid,
03601 k_arg.subj_type,
03602 k_arg.subj_id,
03603 k_arg.rights,
03604 k_arg.ttl);
03605 break;
03606 case ACLC_remove_from_acl_entry:
03607 err = rsbac_acl_sys_remove_from_acl_entry(ta_number,
03608 k_arg.target,
03609 k_arg.tid,
03610 k_arg.subj_type,
03611 k_arg.subj_id,
03612 k_arg.rights);
03613 break;
03614 case ACLC_set_mask:
03615 err = rsbac_acl_sys_set_mask(ta_number,
03616 k_arg.target,
03617 k_arg.tid,
03618 k_arg.rights);
03619 break;
03620 case ACLC_remove_user:
03621 err = rsbac_acl_sys_remove_user(ta_number,
03622 k_arg.tid.user);
03623 break;
03624
03625 default:
03626 err = -RSBAC_EINVALIDREQUEST;
03627 }
03628 return (err);
03629 #else
03630 return (-RSBAC_EINVALIDMODULE);
03631 #endif
03632 }
03633
03634
03635 int sys_rsbac_acl_n(
03636 rsbac_list_ta_number_t ta_number,
03637 enum rsbac_acl_syscall_type_t call,
03638 struct rsbac_acl_syscall_n_arg_t * arg)
03639 {
03640 #if defined(CONFIG_RSBAC_ACL)
03641 struct dentry * t_dentry = NULL;
03642 int err = 0;
03643 union rsbac_target_id_t tid;
03644 struct rsbac_acl_syscall_n_arg_t k_arg;
03645
03646 struct nameidata nd;
03647
03648 if(call >= ACLC_none)
03649 return(-RSBAC_EINVALIDREQUEST);
03650 if(!arg)
03651 return(-RSBAC_EINVALIDPOINTER);
03652
03653 #ifdef CONFIG_RSBAC_FREEZE
03654 if(rsbac_freeze)
03655 {
03656 rsbac_printk(KERN_WARNING
03657 "sys_rsbac_acl_n(): RSBAC configuration frozen, no administration allowed!\n");
03658 return -EPERM;
03659 }
03660 #endif
03661
03662
03663 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03664 if(err < 0)
03665 return err;
03666
03667 if(k_arg.target >= T_NONE)
03668 return(-RSBAC_EINVALIDTARGET);
03669 if(call != ACLC_set_mask)
03670 {
03671 switch(k_arg.subj_type)
03672 {
03673 case ACLS_USER:
03674 break;
03675 case ACLS_GROUP:
03676 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03677 {
03678 struct rsbac_acl_group_entry_t entry;
03679 rsbac_uid_t caller;
03680
03681 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03682 || rsbac_get_owner(&caller)
03683 || ( (entry.owner != caller)
03684 && (entry.type != ACLG_GLOBAL)
03685 )
03686 )
03687 return(-RSBAC_EINVALIDVALUE);
03688 }
03689 break;
03690 #if defined(CONFIG_RSBAC_RC)
03691 case ACLS_ROLE:
03692 if(k_arg.subj_id > RC_role_max_value)
03693 return(-RSBAC_EINVALIDVALUE);
03694 break;
03695 #endif
03696 default:
03697 return(-RSBAC_EINVALIDVALUE);
03698 }
03699 }
03700
03701 if(k_arg.name)
03702 {
03703
03704 if ((err = user_path_walk_link(k_arg.name, &nd)))
03705 {
03706 #ifdef CONFIG_RSBAC_DEBUG
03707 if (rsbac_debug_aef)
03708 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): call to user_path_walk_link() returned %i\n", err);
03709 #endif
03710 goto out;
03711 }
03712 t_dentry = nd.dentry;
03713 if (!t_dentry->d_inode)
03714 {
03715 #ifdef CONFIG_RSBAC_DEBUG
03716 if (rsbac_debug_aef)
03717 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): file not found\n");
03718 #endif
03719 err = -RSBAC_EINVALIDTARGET;
03720 goto out_dput;
03721 }
03722 tid.file.device = t_dentry->d_sb->s_dev;
03723 tid.file.inode = t_dentry->d_inode->i_ino;
03724 tid.file.dentry_p = t_dentry;
03725 }
03726 else
03727 {
03728 tid.file.device = RSBAC_ZERO_DEV;
03729 tid.file.inode = 0;
03730 tid.file.dentry_p = NULL;
03731 }
03732
03733 switch (k_arg.target)
03734 {
03735 case T_FD:
03736 if(k_arg.name)
03737 {
03738 if(S_ISREG(t_dentry->d_inode->i_mode))
03739 {
03740 k_arg.target = T_FILE;
03741 }
03742 else
03743 if(S_ISDIR(t_dentry->d_inode->i_mode))
03744 {
03745 k_arg.target = T_DIR;
03746 }
03747 else
03748 if(S_ISLNK(t_dentry->d_inode->i_mode))
03749 {
03750 k_arg.target = T_SYMLINK;
03751 }
03752 else
03753 if(S_ISFIFO(t_dentry->d_inode->i_mode))
03754 {
03755 k_arg.target = T_FIFO;
03756 }
03757 else
03758 if(S_ISSOCK(t_dentry->d_inode->i_mode))
03759 {
03760 k_arg.target = T_UNIXSOCK;
03761 }
03762 else
03763 if(S_ISBLK(t_dentry->d_inode->i_mode))
03764 {
03765 k_arg.target = T_FILE;
03766 }
03767 else
03768 if(S_ISCHR(t_dentry->d_inode->i_mode))
03769 {
03770 k_arg.target = T_FILE;
03771 }
03772 else
03773 {
03774 #ifdef CONFIG_RSBAC_DEBUG
03775 if (rsbac_debug_aef)
03776 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): no filesystem object\n");
03777 #endif
03778 err = -RSBAC_EINVALIDTARGET;
03779 goto out_dput;
03780 }
03781 }
03782 else
03783 k_arg.target = T_FILE;
03784 break;
03785
03786 case T_FILE:
03787 if(k_arg.name)
03788 {
03789
03790 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
03791 && !(S_ISBLK(t_dentry->d_inode->i_mode))
03792 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03793 {
03794 err = -RSBAC_EINVALIDTARGET;
03795 goto out_dput;
03796 }
03797 }
03798 break;
03799
03800 case T_DIR:
03801 if(k_arg.name)
03802 {
03803 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
03804 {
03805 err = -RSBAC_EINVALIDTARGET;
03806 goto out_dput;
03807 }
03808 }
03809 break;
03810
03811 case T_FIFO:
03812 if(k_arg.name)
03813 {
03814
03815 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
03816 {
03817 err = -RSBAC_EINVALIDTARGET;
03818 goto out_dput;
03819 }
03820 }
03821 break;
03822
03823 case T_UNIXSOCK:
03824 if(k_arg.name)
03825 {
03826
03827 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode)))
03828 {
03829 err = -RSBAC_EINVALIDTARGET;
03830 goto out_dput;
03831 }
03832 }
03833 break;
03834
03835 case T_SYMLINK:
03836 if(k_arg.name)
03837 {
03838
03839 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
03840 {
03841 err = -RSBAC_EINVALIDTARGET;
03842 goto out_dput;
03843 }
03844 }
03845 break;
03846
03847 case T_DEV:
03848 if(k_arg.name)
03849 {
03850
03851 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
03852 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03853 {
03854 err = -RSBAC_EINVALIDTARGET;
03855 goto out_dput;
03856 }
03857
03858 if(S_ISBLK(t_dentry->d_inode->i_mode))
03859 tid.dev.type = D_block;
03860 else
03861 tid.dev.type = D_char;
03862 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
03863 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
03864 }
03865 else
03866 {
03867 tid.dev = RSBAC_ZERO_DEV_DESC;
03868 }
03869 break;
03870
03871 default:
03872 err = -RSBAC_EINVALIDTARGET;
03873 goto out_dput;
03874 }
03875
03876 switch(call)
03877 {
03878 case ACLC_set_acl_entry:
03879 err = rsbac_acl_sys_set_acl_entry(ta_number,
03880 k_arg.target,
03881 tid,
03882 k_arg.subj_type,
03883 k_arg.subj_id,
03884 k_arg.rights,
03885 k_arg.ttl);
03886 break;
03887 case ACLC_remove_acl_entry:
03888 err = rsbac_acl_sys_remove_acl_entry(ta_number,
03889 k_arg.target,
03890 tid,
03891 k_arg.subj_type,
03892 k_arg.subj_id);
03893 break;
03894 case ACLC_remove_acl:
03895 err = rsbac_acl_sys_remove_acl(ta_number,
03896 k_arg.target,
03897 tid);
03898 break;
03899 case ACLC_add_to_acl_entry:
03900 err = rsbac_acl_sys_add_to_acl_entry(ta_number,
03901 k_arg.target,
03902 tid,
03903 k_arg.subj_type,
03904 k_arg.subj_id,
03905 k_arg.rights,
03906 k_arg.ttl);
03907 break;
03908 case ACLC_remove_from_acl_entry:
03909 err = rsbac_acl_sys_remove_from_acl_entry(ta_number,
03910 k_arg.target,
03911 tid,
03912 k_arg.subj_type,
03913 k_arg.subj_id,
03914 k_arg.rights);
03915 break;
03916 case ACLC_set_mask:
03917 err = rsbac_acl_sys_set_mask(ta_number,
03918 k_arg.target,
03919 tid,
03920 k_arg.rights);
03921 break;
03922
03923 default:
03924 err = -RSBAC_EINVALIDREQUEST;
03925 }
03926
03927 out_dput:
03928 if(k_arg.name)
03929 {
03930 path_release(&nd);
03931 }
03932
03933 out:
03934 return(err);
03935 #else
03936 return (-RSBAC_EINVALIDMODULE);
03937 #endif
03938 }
03939
03940
03941
03942 int sys_rsbac_acl_get_rights(
03943 rsbac_list_ta_number_t ta_number,
03944 struct rsbac_acl_syscall_arg_t * arg,
03945 rsbac_acl_rights_vector_t * rights_p,
03946 u_int effective)
03947 {
03948 #if defined(CONFIG_RSBAC_ACL)
03949 struct rsbac_acl_syscall_arg_t k_arg;
03950 rsbac_acl_rights_vector_t k_rights = 0;
03951 int err = 0;
03952
03953 if(!arg || !rights_p)
03954 return(-RSBAC_EINVALIDPOINTER);
03955
03956 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03957
03958 if(k_arg.target >= T_NONE)
03959 return(-RSBAC_EINVALIDTARGET);
03960
03961
03962 switch(k_arg.subj_type)
03963 {
03964 case ACLS_USER:
03965 break;
03966 case ACLS_GROUP:
03967 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03968 {
03969 struct rsbac_acl_group_entry_t entry;
03970 rsbac_uid_t caller;
03971
03972 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03973 || rsbac_get_owner(&caller)
03974 || ( (entry.owner != caller)
03975 && (entry.type != ACLG_GLOBAL)
03976 )
03977 )
03978 return(-RSBAC_EINVALIDVALUE);
03979 }
03980 break;
03981 case ACLS_ROLE:
03982 #if defined(CONFIG_RSBAC_RC)
03983 if(k_arg.subj_id > RC_role_max_value)
03984 return(-RSBAC_EINVALIDVALUE);
03985 #endif
03986 break;
03987 default:
03988 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): Invalid subject type %u!\n", k_arg.subj_type);
03989 return(-RSBAC_EINVALIDVALUE);
03990 }
03991
03992
03993 err = rsbac_acl_sys_get_rights(ta_number,
03994 k_arg.target,
03995 k_arg.tid,
03996 k_arg.subj_type,
03997 k_arg.subj_id,
03998 &k_rights,
03999 effective);
04000 if(!err)
04001 {
04002 err = rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) );
04003 }
04004 return (err);
04005 #else
04006 return (-RSBAC_EINVALIDMODULE);
04007 #endif
04008 }
04009
04010
04011 int sys_rsbac_acl_get_rights_n(
04012 rsbac_list_ta_number_t ta_number,
04013 struct rsbac_acl_syscall_n_arg_t * arg,
04014 rsbac_acl_rights_vector_t * rights_p,
04015 u_int effective)
04016 {
04017 #if defined(CONFIG_RSBAC_ACL)
04018 struct dentry * t_dentry = NULL;
04019 rsbac_boolean_t need_put = FALSE;
04020 int err = 0;
04021 union rsbac_target_id_t tid;
04022 struct rsbac_acl_syscall_n_arg_t k_arg;
04023 rsbac_acl_rights_vector_t k_rights = 0;
04024
04025 struct nameidata nd;
04026
04027 if(!arg || !rights_p)
04028 return(-RSBAC_EINVALIDPOINTER);
04029
04030 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
04031
04032 if(k_arg.target >= T_NONE)
04033 return(-RSBAC_EINVALIDTARGET);
04034 switch(k_arg.subj_type)
04035 {
04036 case ACLS_USER:
04037 break;
04038 case ACLS_GROUP:
04039 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
04040 {
04041 struct rsbac_acl_group_entry_t entry;
04042 rsbac_uid_t caller;
04043
04044 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
04045 || rsbac_get_owner(&caller)
04046 || ( (entry.owner != caller)
04047 && (entry.type != ACLG_GLOBAL)
04048 )
04049 )
04050 return(-RSBAC_EINVALIDVALUE);
04051 }
04052 break;
04053 case ACLS_ROLE:
04054 #if defined(CONFIG_RSBAC_RC)
04055 if(k_arg.subj_id > RC_role_max_value)
04056 return(-RSBAC_EINVALIDVALUE);
04057 #endif
04058 break;
04059 default:
04060 return(-RSBAC_EINVALIDVALUE);
04061 }
04062
04063 switch (k_arg.target)
04064 {
04065 case T_FD:
04066 case T_FILE:
04067 case T_DIR:
04068 case T_FIFO:
04069 case T_UNIXSOCK:
04070 case T_SYMLINK:
04071 if(k_arg.name)
04072 {
04073 if ((err = user_path_walk_link(k_arg.name, &nd)))
04074 {
04075 #ifdef CONFIG_RSBAC_DEBUG
04076 if (rsbac_debug_aef_acl)
04077 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err);
04078 #endif
04079 goto out;
04080 }
04081 t_dentry = nd.dentry;
04082 need_put = TRUE;
04083 if (!t_dentry->d_inode)
04084 {
04085 err = -RSBAC_EINVALIDTARGET;
04086 goto out_dput;
04087 }
04088
04089 switch(k_arg.target)
04090 {
04091 case T_FD:
04092 if(S_ISREG(t_dentry->d_inode->i_mode))
04093 {
04094 k_arg.target = T_FILE;
04095 }
04096 else
04097 if(S_ISDIR(t_dentry->d_inode->i_mode))
04098 {
04099 k_arg.target = T_DIR;
04100 }
04101 else
04102 if(S_ISLNK(t_dentry->d_inode->i_mode))
04103 {
04104 k_arg.target = T_SYMLINK;
04105 }
04106 else
04107 if(S_ISFIFO(t_dentry->d_inode->i_mode))
04108 {
04109 k_arg.target = T_FIFO;
04110 }
04111 else
04112 if(S_ISSOCK(t_dentry->d_inode->i_mode))
04113 {
04114 k_arg.target = T_UNIXSOCK;
04115 }
04116 else
04117 if(S_ISBLK(t_dentry->d_inode->i_mode))
04118 {
04119 k_arg.target = T_FILE;
04120 }
04121 else
04122 if(S_ISCHR(t_dentry->d_inode->i_mode))
04123 {
04124 k_arg.target = T_FILE;
04125 }
04126 else
04127 {
04128 err = -RSBAC_EINVALIDTARGET;
04129 goto out_dput;
04130 }
04131 break;
04132 case T_FILE:
04133 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
04134 && !(S_ISBLK(t_dentry->d_inode->i_mode))
04135 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04136 {
04137 err = -RSBAC_EINVALIDTARGET;
04138 goto out_dput;
04139 }
04140 break;
04141 case T_DIR:
04142 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
04143 {
04144 err = -RSBAC_EINVALIDTARGET;
04145 goto out_dput;
04146 }
04147 break;
04148 case T_FIFO:
04149
04150 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
04151 {
04152 err = -RSBAC_EINVALIDTARGET;
04153 goto out_dput;
04154 }
04155 break;
04156 case T_UNIXSOCK:
04157 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode)))
04158 {
04159 err = -RSBAC_EINVALIDTARGET;
04160 goto out_dput;
04161 }
04162 break;
04163 case T_SYMLINK:
04164
04165 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
04166 {
04167 err = -RSBAC_EINVALIDTARGET;
04168 goto out_dput;
04169 }
04170 break;
04171 default:
04172 err = -RSBAC_EINVALIDTARGET;
04173 goto out_dput;
04174 }
04175 tid.file.device = t_dentry->d_sb->s_dev;
04176 tid.file.inode = t_dentry->d_inode->i_ino;
04177 tid.file.dentry_p = t_dentry;
04178 }
04179 else
04180 {
04181 if(k_arg.target == T_FD)
04182 k_arg.target = T_FILE;
04183 tid.file.device = RSBAC_ZERO_DEV;
04184 tid.file.inode = 0;
04185 tid.file.dentry_p = NULL;
04186 }
04187 break;
04188
04189 case T_DEV:
04190 if(k_arg.name)
04191 {
04192 if ((err = user_path_walk_link(k_arg.name, &nd)))
04193 {
04194 #ifdef CONFIG_RSBAC_DEBUG
04195 if (rsbac_debug_aef_acl)
04196 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err);
04197 #endif
04198 goto out;
04199 }
04200 t_dentry = nd.dentry;
04201 need_put = TRUE;
04202 if (!t_dentry->d_inode)
04203 {
04204 err = -RSBAC_EINVALIDTARGET;
04205 goto out_dput;
04206 }
04207
04208 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
04209 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04210 {
04211 err = -RSBAC_EINVALIDTARGET;
04212 goto out_dput;
04213 }
04214
04215 if(S_ISBLK(t_dentry->d_inode->i_mode))
04216 tid.dev.type = D_block;
04217 else
04218 tid.dev.type = D_char;
04219 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
04220 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
04221 }
04222 else
04223 {
04224 tid.dev = RSBAC_ZERO_DEV_DESC;
04225 }
04226 break;
04227
04228 default:
04229 return -RSBAC_EINVALIDTARGET;
04230 }
04231
04232
04233 err = rsbac_acl_sys_get_rights(ta_number,
04234 k_arg.target,
04235 tid,
04236 k_arg.subj_type,
04237 k_arg.subj_id,
04238 &k_rights,
04239 effective);
04240
04241 out_dput:
04242 if(need_put)
04243 path_release(&nd);
04244 out:
04245 if(!err)
04246 {
04247 rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) );
04248 }
04249 return(err);
04250 #else
04251 return (-RSBAC_EINVALIDMODULE);
04252 #endif
04253 }
04254
04255
04256
04257 int sys_rsbac_acl_get_tlist (
04258 rsbac_list_ta_number_t ta_number,
04259 enum rsbac_target_t target,
04260 union rsbac_target_id_t * tid,
04261 struct rsbac_acl_entry_t entry_array[],
04262 rsbac_time_t ttl_array[],
04263 u_int maxnum)
04264 {
04265 #if defined(CONFIG_RSBAC_ACL)
04266 union rsbac_target_id_t k_tid;
04267 struct rsbac_acl_entry_t * k_entry_p;
04268 rsbac_time_t * k_ttl_p;
04269 int err = 0;
04270
04271 if(!tid || (target >= T_NONE))
04272 return(-RSBAC_EINVALIDTARGET);
04273 if(!entry_array)
04274 return(-RSBAC_EINVALIDPOINTER);
04275 if(!maxnum)
04276 return(-RSBAC_EINVALIDVALUE);
04277 if(maxnum > RSBAC_ACL_MAX_MAXNUM)
04278 maxnum = RSBAC_ACL_MAX_MAXNUM;
04279
04280
04281 err = rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
04282 if(err)
04283 return err;
04284 switch (target) {
04285 case T_FD:
04286 return -RSBAC_EINVALIDTARGET;
04287 case T_FILE:
04288 case T_DIR:
04289 case T_FIFO:
04290 case T_UNIXSOCK:
04291 case T_SYMLINK:
04292 k_tid.file.dentry_p = NULL;
04293 k_tid.dir.dentry_p = NULL;
04294 default:
04295 break;
04296 }
04297
04298
04299 err = rsbac_acl_sys_get_tlist(ta_number, target, k_tid, &k_entry_p, &k_ttl_p);
04300 if(err>0)
04301 {
04302 if(err > maxnum)
04303 err = maxnum;
04304 rsbac_put_user((u_char *) k_entry_p,
04305 (u_char *) entry_array,
04306 err * sizeof(*k_entry_p) );
04307 if(ttl_array)
04308 {
04309 rsbac_put_user((u_char *) k_ttl_p,
04310 (u_char *) ttl_array,
04311 err * sizeof(*k_ttl_p) );
04312 }
04313 rsbac_vfree(k_entry_p);
04314 rsbac_vfree(k_ttl_p);
04315 }
04316 return (err);
04317 #else
04318 return (-RSBAC_EINVALIDMODULE);
04319 #endif
04320 }
04321
04322 int sys_rsbac_acl_get_tlist_n(
04323 rsbac_list_ta_number_t ta_number,
04324 enum rsbac_target_t target,
04325 char * t_name,
04326 struct rsbac_acl_entry_t entry_array[],
04327 rsbac_time_t ttl_array[],
04328 u_int maxnum)
04329 {
04330 #if defined(CONFIG_RSBAC_ACL)
04331 struct dentry * t_dentry = NULL;
04332 struct rsbac_acl_entry_t * k_entry_p;
04333 rsbac_time_t * k_ttl_p;
04334 rsbac_boolean_t need_put = FALSE;
04335 int err = 0;
04336 union rsbac_target_id_t tid;
04337
04338 struct nameidata nd;
04339
04340 if(target >= T_NONE)
04341 return(-RSBAC_EINVALIDTARGET);
04342 if(!entry_array)
04343 return(-RSBAC_EINVALIDPOINTER);
04344
04345 switch (target)
04346 {
04347 case T_FD:
04348 case T_FILE:
04349 case T_DIR:
04350 case T_FIFO:
04351 case T_UNIXSOCK:
04352 case T_SYMLINK:
04353 if(t_name)
04354 {
04355 if ((err = user_path_walk_link(t_name, &nd)))
04356 {
04357 #ifdef CONFIG_RSBAC_DEBUG
04358 if (rsbac_debug_aef_acl)
04359 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err);
04360 #endif
04361 goto out;
04362 }
04363 t_dentry = nd.dentry;
04364 need_put = TRUE;
04365 if (!t_dentry->d_inode)
04366 {
04367 err = -RSBAC_EINVALIDTARGET;
04368 goto out_dput;
04369 }
04370
04371 switch(target)
04372 {
04373 case T_FD:
04374 if(S_ISREG(t_dentry->d_inode->i_mode))
04375 {
04376 target = T_FILE;
04377 }
04378 else
04379 if(S_ISDIR(t_dentry->d_inode->i_mode))
04380 {
04381 target = T_DIR;
04382 }
04383 else
04384 if(S_ISLNK(t_dentry->d_inode->i_mode))
04385 {
04386 target = T_SYMLINK;
04387 }
04388 else
04389 if(S_ISFIFO(t_dentry->d_inode->i_mode))
04390 {
04391 target = T_FIFO;
04392 }
04393 else
04394 if(S_ISSOCK(t_dentry->d_inode->i_mode))
04395 {
04396 target = T_UNIXSOCK;
04397 }
04398 else
04399 if(S_ISBLK(t_dentry->d_inode->i_mode))
04400 {
04401 target = T_FILE;
04402 }
04403 else
04404 if(S_ISCHR(t_dentry->d_inode->i_mode))
04405 {
04406 target = T_FILE;
04407 }
04408 else
04409 {
04410 err = -RSBAC_EINVALIDTARGET;
04411 goto out_dput;
04412 }
04413 break;
04414 case T_FILE:
04415 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
04416 && !(S_ISBLK(t_dentry->d_inode->i_mode))
04417 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04418 {
04419 err = -RSBAC_EINVALIDTARGET;
04420 goto out_dput;
04421 }
04422 break;
04423 case T_DIR:
04424 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
04425 {
04426 err = -RSBAC_EINVALIDTARGET;
04427 goto out_dput;
04428 }
04429 break;
04430 case T_FIFO:
04431
04432 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
04433 {
04434 err = -RSBAC_EINVALIDTARGET;
04435 goto out_dput;
04436 }
04437 break;
04438 case T_UNIXSOCK:
04439 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode)))
04440 {
04441 err = -RSBAC_EINVALIDTARGET;
04442 goto out_dput;
04443 }
04444 break;
04445 case T_SYMLINK:
04446
04447 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
04448 {
04449 err = -RSBAC_EINVALIDTARGET;
04450 goto out_dput;
04451 }
04452 break;
04453 default:
04454 err = -RSBAC_EINVALIDTARGET;
04455 goto out_dput;
04456 }
04457 tid.file.device = t_dentry->d_sb->s_dev;
04458 tid.file.inode = t_dentry->d_inode->i_ino;
04459 tid.file.dentry_p = t_dentry;
04460 }
04461 else
04462 {
04463 if(target == T_FD)
04464 target = T_FILE;
04465 tid.file.device = RSBAC_ZERO_DEV;
04466 tid.file.inode = 0;
04467 tid.file.dentry_p = NULL;
04468 }
04469 break;
04470
04471 case T_DEV:
04472 if(t_name)
04473 {
04474 if ((err = user_path_walk_link(t_name, &nd)))
04475 {
04476 #ifdef CONFIG_RSBAC_DEBUG
04477 if (rsbac_debug_aef_acl)
04478 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err);
04479 #endif
04480 goto out;
04481 }
04482 t_dentry = nd.dentry;
04483 need_put = TRUE;
04484 if (!t_dentry->d_inode)
04485 {
04486 err = -RSBAC_EINVALIDTARGET;
04487 goto out_dput;
04488 }
04489
04490 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
04491 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04492 {
04493 err = -RSBAC_EINVALIDTARGET;
04494 goto out_dput;
04495 }
04496
04497 if(S_ISBLK(t_dentry->d_inode->i_mode))
04498 tid.dev.type = D_block;
04499 else
04500 tid.dev.type = D_char;
04501 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
04502 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
04503 }
04504 else
04505 {
04506 tid.dev = RSBAC_ZERO_DEV_DESC;
04507 }
04508 break;
04509
04510 default:
04511 return -RSBAC_EINVALIDTARGET;
04512 }
04513
04514 err = rsbac_acl_sys_get_tlist(ta_number, target, tid,
04515 &k_entry_p, &k_ttl_p);
04516
04517 out_dput:
04518 if(need_put)
04519 path_release(&nd);
04520 out:
04521 if(err>0)
04522 {
04523 if(err > maxnum)
04524 err = maxnum;
04525 rsbac_put_user((u_char *) k_entry_p,
04526 (u_char *) entry_array,
04527 err * sizeof(*k_entry_p) );
04528 if(ttl_array)
04529 {
04530 rsbac_put_user((u_char *) k_ttl_p,
04531 (u_char *) ttl_array,
04532 err * sizeof(*k_ttl_p) );
04533 }
04534 rsbac_vfree(k_entry_p);
04535 rsbac_vfree(k_ttl_p);
04536 }
04537 return(err);
04538
04539 #else
04540 return (-RSBAC_EINVALIDMODULE);
04541 #endif
04542 }
04543
04544
04545
04546 int sys_rsbac_acl_get_mask (
04547 rsbac_list_ta_number_t ta_number,
04548 enum rsbac_target_t target,
04549 union rsbac_target_id_t * tid,
04550 rsbac_acl_rights_vector_t * mask_p)
04551 {
04552 #if defined(CONFIG_RSBAC_ACL)
04553 union rsbac_target_id_t k_tid;
04554 rsbac_acl_rights_vector_t k_mask;
04555 int err = 0;
04556
04557 if(!tid || (target >= T_NONE))
04558 return(-RSBAC_EINVALIDTARGET);
04559 if(!mask_p)
04560 return(-RSBAC_EINVALIDPOINTER);
04561
04562
04563 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
04564 switch (target) {
04565 case T_FD:
04566 return -RSBAC_EINVALIDTARGET;
04567 case T_FILE:
04568 case T_DIR:
04569 case T_FIFO:
04570 case T_UNIXSOCK:
04571 case T_SYMLINK:
04572 k_tid.file.dentry_p = NULL;
04573 k_tid.dir.dentry_p = NULL;
04574 default:
04575 break;
04576 }
04577
04578 err = rsbac_acl_sys_get_mask(ta_number, target, k_tid, &k_mask);
04579 if(!err)
04580 {
04581 rsbac_put_user((u_char *) &k_mask,
04582 (u_char *) mask_p,
04583 sizeof(k_mask) );
04584 }
04585 return err;
04586 #else
04587 return -RSBAC_EINVALIDMODULE;
04588 #endif
04589 }
04590
04591 int sys_rsbac_acl_get_mask_n(
04592 rsbac_list_ta_number_t ta_number,
04593 enum rsbac_target_t target,
04594 char * t_name,
04595 rsbac_acl_rights_vector_t * mask_p)
04596 {
04597 #if defined(CONFIG_RSBAC_ACL)
04598 struct dentry * t_dentry = NULL;
04599 rsbac_acl_rights_vector_t k_mask;
04600 rsbac_boolean_t need_put = FALSE;
04601 int err = 0;
04602 union rsbac_target_id_t tid;
04603
04604 struct nameidata nd;
04605
04606 if(target >= T_NONE)
04607 return(-RSBAC_EINVALIDTARGET);
04608 if(!mask_p)
04609 return(-RSBAC_EINVALIDPOINTER);
04610
04611 switch (target)
04612 {
04613 case T_FD:
04614 case T_FILE:
04615 case T_DIR:
04616 case T_FIFO:
04617 case T_UNIXSOCK:
04618 case T_SYMLINK:
04619 if(t_name)
04620 {
04621 if ((err = user_path_walk_link(t_name, &nd)))
04622 {
04623 #ifdef CONFIG_RSBAC_DEBUG
04624 if (rsbac_debug_aef_acl)
04625 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err);
04626 #endif
04627 goto out;
04628 }
04629 t_dentry = nd.dentry;
04630 need_put = TRUE;
04631 if (!t_dentry->d_inode)
04632 {
04633 err = -RSBAC_EINVALIDTARGET;
04634 goto out_dput;
04635 }
04636
04637 switch(target)
04638 {
04639 case T_FD:
04640 if(S_ISREG(t_dentry->d_inode->i_mode))
04641 {
04642 target = T_FILE;
04643 }
04644 else
04645 if(S_ISDIR(t_dentry->d_inode->i_mode))
04646 {
04647 target = T_DIR;
04648 }
04649 else
04650 if(S_ISLNK(t_dentry->d_inode->i_mode))
04651 {
04652 target = T_SYMLINK;
04653 }
04654 else
04655 if(S_ISFIFO(t_dentry->d_inode->i_mode))
04656 {
04657 target = T_FIFO;
04658 }
04659 else
04660 if(S_ISSOCK(t_dentry->d_inode->i_mode))
04661 {
04662 target = T_UNIXSOCK;
04663 }
04664 else
04665 if(S_ISBLK(t_dentry->d_inode->i_mode))
04666 {
04667 target = T_FILE;
04668 }
04669 else
04670 if(S_ISCHR(t_dentry->d_inode->i_mode))
04671 {
04672 target = T_FILE;
04673 }
04674 else
04675 {
04676 err = -RSBAC_EINVALIDTARGET;
04677 goto out_dput;
04678 }
04679 break;
04680 case T_FILE:
04681 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
04682 && !(S_ISBLK(t_dentry->d_inode->i_mode))
04683 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04684 {
04685 err = -RSBAC_EINVALIDTARGET;
04686 goto out_dput;
04687 }
04688 break;
04689 case T_DIR:
04690 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
04691 {
04692 err = -RSBAC_EINVALIDTARGET;
04693 goto out_dput;
04694 }
04695 break;
04696 case T_FIFO:
04697 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
04698 {
04699 err = -RSBAC_EINVALIDTARGET;
04700 goto out_dput;
04701 }
04702 break;
04703 case T_UNIXSOCK:
04704 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode)))
04705 {
04706 err = -RSBAC_EINVALIDTARGET;
04707 goto out_dput;
04708 }
04709 break;
04710 case T_SYMLINK:
04711 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
04712 {
04713 err = -RSBAC_EINVALIDTARGET;
04714 goto out_dput;
04715 }
04716 break;
04717 default:
04718 err = -RSBAC_EINVALIDTARGET;
04719 goto out_dput;
04720 }
04721 tid.file.device = t_dentry->d_sb->s_dev;
04722 tid.file.inode = t_dentry->d_inode->i_ino;
04723 tid.file.dentry_p = t_dentry;
04724 }
04725 else
04726 {
04727 if(target == T_FD)
04728 target = T_FILE;
04729 tid.file.device = RSBAC_ZERO_DEV;
04730 tid.file.inode = 0;
04731 tid.file.dentry_p = NULL;
04732 }
04733 break;
04734
04735 case T_DEV:
04736 if(t_name)
04737 {
04738 if ((err = user_path_walk_link(t_name, &nd)))
04739 {
04740 #ifdef CONFIG_RSBAC_DEBUG
04741 if (rsbac_debug_aef_acl)
04742 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err);
04743 #endif
04744 goto out;
04745 }
04746 t_dentry = nd.dentry;
04747 need_put = TRUE;
04748 if (!t_dentry->d_inode)
04749 {
04750 err = -RSBAC_EINVALIDTARGET;
04751 goto out_dput;
04752 }
04753
04754 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
04755 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04756 {
04757 err = -RSBAC_EINVALIDTARGET;
04758 goto out_dput;
04759 }
04760
04761 if(S_ISBLK(t_dentry->d_inode->i_mode))
04762 tid.dev.type = D_block;
04763 else
04764 tid.dev.type = D_char;
04765 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
04766 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
04767 }
04768 else
04769 {
04770 tid.dev = RSBAC_ZERO_DEV_DESC;
04771 }
04772 break;
04773
04774 default:
04775 return -RSBAC_EINVALIDTARGET;
04776 }
04777
04778 err = rsbac_acl_sys_get_mask(ta_number, target, tid, &k_mask);
04779
04780 out_dput:
04781 if(need_put)
04782 path_release(&nd);
04783 out:
04784 if(!err)
04785 {
04786 rsbac_put_user((u_char *) &k_mask,
04787 (u_char *) mask_p,
04788 sizeof(k_mask) );
04789 }
04790 return(err);
04791
04792 #else
04793 return (-RSBAC_EINVALIDMODULE);
04794 #endif
04795 }
04796
04797
04798
04799 int sys_rsbac_acl_group(
04800 rsbac_list_ta_number_t ta_number,
04801 enum rsbac_acl_group_syscall_type_t call,
04802 union rsbac_acl_group_syscall_arg_t * arg_p)
04803 {
04804 #if defined(CONFIG_RSBAC_ACL)
04805 union rsbac_acl_group_syscall_arg_t k_arg;
04806 int err = 0;
04807
04808 if(call >= ACLGS_none)
04809 return(-RSBAC_EINVALIDREQUEST);
04810 if(!arg_p)
04811 return(-RSBAC_EINVALIDPOINTER);
04812
04813 #ifdef CONFIG_RSBAC_FREEZE
04814 if(rsbac_freeze)
04815 {
04816 switch(call)
04817 {
04818 case ACLGS_add_group:
04819 case ACLGS_change_group:
04820 case ACLGS_remove_group:
04821 case ACLGS_add_member:
04822 case ACLGS_remove_member:
04823 rsbac_printk(KERN_WARNING
04824 "sys_rsbac_acl_group(): RSBAC configuration frozen, no administration allowed!\n");
04825 return -EPERM;
04826
04827 default:
04828 break;
04829 }
04830 }
04831 #endif
04832
04833
04834 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) );
04835
04836
04837 if(err >= 0)
04838 err = rsbac_acl_sys_group(ta_number, call, k_arg);
04839 return (err);
04840 #else
04841 return (-RSBAC_EINVALIDMODULE);
04842 #endif
04843 }
04844
04845 int sys_rsbac_acl_list_all_dev(
04846 rsbac_list_ta_number_t ta_number,
04847 struct rsbac_dev_desc_t * id_p,
04848 u_long maxnum)
04849 {
04850 #if defined(CONFIG_RSBAC_ACL)
04851 int err = 0;
04852 long count;
04853 long count2;
04854
04855 if(id_p && maxnum)
04856 {
04857 struct rsbac_dev_desc_t * k_id_p = NULL;
04858
04859 count = rsbac_acl_list_all_major_dev(ta_number, &k_id_p);
04860 if(count < 0)
04861 return count;
04862 if(count > maxnum)
04863 count = maxnum;
04864
04865 if(count)
04866 {
04867 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
04868 rsbac_vfree(k_id_p);
04869 if(err)
04870 return err;
04871 id_p += count;
04872 maxnum -= count;
04873 if(!maxnum)
04874 return count;
04875 }
04876
04877 count2 = rsbac_acl_list_all_dev(ta_number, &k_id_p);
04878 if(count2 < 0)
04879 return count2;
04880 if(count2 > maxnum)
04881 count2 = maxnum;
04882
04883 if(count2)
04884 {
04885 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count2 * sizeof(*k_id_p) );
04886 rsbac_vfree(k_id_p);
04887 if(err)
04888 return err;
04889 count += count2;
04890 }
04891 return count;
04892 }
04893 else
04894 {
04895 count = rsbac_acl_list_all_major_dev(ta_number, NULL);
04896 if(count < 0)
04897 return count;
04898 count2 = rsbac_acl_list_all_dev(ta_number, NULL);
04899 if(count2 < 0)
04900 return count2;
04901 else
04902 return count + count2;
04903 }
04904 #else
04905 return (-RSBAC_EINVALIDMODULE);
04906 #endif
04907 }
04908
04909 int sys_rsbac_acl_list_all_user(
04910 rsbac_list_ta_number_t ta_number,
04911 rsbac_uid_t * id_p,
04912 u_long maxnum)
04913 {
04914 #if defined(CONFIG_RSBAC_ACL)
04915 int err = 0;
04916 long count;
04917
04918 if(id_p && maxnum)
04919 {
04920 rsbac_uid_t * k_id_p = NULL;
04921
04922 count = rsbac_acl_list_all_user(ta_number, &k_id_p);
04923 if(count < 0)
04924 return count;
04925 if(count > maxnum)
04926 count = maxnum;
04927
04928 if(count)
04929 {
04930 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
04931 rsbac_vfree(k_id_p);
04932 if(err)
04933 return err;
04934 }
04935 return count;
04936 }
04937 else
04938 {
04939 return rsbac_acl_list_all_user(ta_number, NULL);
04940 }
04941 #else
04942 return (-RSBAC_EINVALIDMODULE);
04943 #endif
04944 }
04945
04946 int sys_rsbac_acl_list_all_group(
04947 rsbac_list_ta_number_t ta_number,
04948 rsbac_gid_t * id_p,
04949 u_long maxnum)
04950 {
04951 #ifdef CONFIG_RSBAC_ACL_UM_PROT
04952 int err = 0;
04953 long count;
04954
04955 if(id_p && maxnum)
04956 {
04957 rsbac_gid_t * k_id_p = NULL;
04958
04959 count = rsbac_acl_list_all_group(ta_number, &k_id_p);
04960 if(count < 0)
04961 return count;
04962 if(count > maxnum)
04963 count = maxnum;
04964
04965 if(count)
04966 {
04967 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
04968 rsbac_vfree(k_id_p);
04969 if(err)
04970 return err;
04971 }
04972 return count;
04973 }
04974 else
04975 {
04976 return rsbac_acl_list_all_group(ta_number, NULL);
04977 }
04978 #else
04979 return (-RSBAC_EINVALIDMODULE);
04980 #endif
04981 }
04982
04983
04984
04985 int sys_rsbac_jail(rsbac_version_t version,
04986 char * path,
04987 rsbac_jail_ip_t ip,
04988 rsbac_jail_flags_t flags,
04989 rsbac_cap_vector_t max_caps,
04990 rsbac_jail_scd_vector_t scd_get,
04991 rsbac_jail_scd_vector_t scd_modify)
04992 {
04993 #if defined(CONFIG_RSBAC_JAIL)
04994 return rsbac_jail_sys_jail(version, path, ip, flags,
04995 max_caps, scd_get, scd_modify);
04996 #else
04997 return (-RSBAC_EINVALIDMODULE);
04998 #endif
04999 }
05000
05001
05002
05003 int sys_rsbac_um_auth_name(
05004 char * name,
05005 char * pass)
05006 {
05007 #if defined(CONFIG_RSBAC_UM)
05008 rsbac_uid_t uid;
05009 int err;
05010 char * k_name;
05011 char * k_pass;
05012 union rsbac_target_id_t i_tid;
05013 union rsbac_attribute_value_t i_attr_val;
05014 #ifdef CONFIG_RSBAC_DEBUG
05015 if (rsbac_debug_aef_um)
05016 {
05017 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user\n");
05018 }
05019 #endif
05020 if(!name || !pass)
05021 {
05022 #ifdef CONFIG_RSBAC_DEBUG
05023 if (rsbac_debug_aef_um)
05024 {
05025 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): NULL name or pass\n");
05026 }
05027 #endif
05028 return -RSBAC_EINVALIDPOINTER;
05029 }
05030 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN);
05031 if(!k_name)
05032 return -RSBAC_ENOMEM;
05033 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05034 if(!k_pass)
05035 {
05036 rsbac_kfree(k_name);
05037 return -RSBAC_ENOMEM;
05038 }
05039 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
05040 if(err)
05041 goto out_free;
05042 k_name[RSBAC_UM_NAME_LEN-1] = 0;
05043 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
05044 if(err)
05045 goto out_free;
05046 k_pass[RSBAC_MAXNAMELEN-1] = 0;
05047 #if 0
05048 #ifdef CONFIG_RSBAC_DEBUG
05049 if (rsbac_debug_aef_um)
05050 {
05051 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user %s with pass %s\n",
05052 k_name, k_pass);
05053 }
05054 #endif
05055 #endif
05056 err = rsbac_um_get_uid(0, k_name, &uid);
05057 if(err) {
05058 if(err == -RSBAC_ENOTFOUND) {
05059 err = -EPERM;
05060 ssleep(1);
05061 }
05062 goto out_free;
05063 }
05064
05065 #ifndef CONFIG_RSBAC_MAINT
05066 #ifdef CONFIG_RSBAC_DEBUG
05067 if (rsbac_debug_aef)
05068 {
05069 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): calling ADF\n");
05070 }
05071 #endif
05072 i_tid.user = uid;
05073 i_attr_val.dummy = 0;
05074 if (!rsbac_adf_request(R_AUTHENTICATE,
05075 current->pid,
05076 T_USER,
05077 i_tid,
05078 A_none,
05079 i_attr_val))
05080 {
05081 err = -EPERM;
05082 ssleep(1);
05083 goto out_free;
05084 }
05085 #endif
05086
05087 err = rsbac_um_check_pass(uid, k_pass);
05088 if(err) {
05089 if(err == -RSBAC_ENOTFOUND) {
05090 err = -EPERM;
05091 }
05092 goto out_free;
05093 }
05094
05095 #ifdef CONFIG_RSBAC_AUTH
05096
05097 i_tid.process = current->pid;
05098 i_attr_val.auth_last_auth = uid;
05099 if (rsbac_set_attr(SW_AUTH,
05100 T_PROCESS,
05101 i_tid,
05102 A_auth_last_auth,
05103 i_attr_val))
05104 {
05105 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth);
05106 }
05107 #endif
05108
05109 out_free:
05110 rsbac_kfree(k_name);
05111 memset(k_pass, 0, RSBAC_MAXNAMELEN);
05112 rsbac_kfree(k_pass);
05113 return err;
05114 #else
05115 return (-RSBAC_EINVALIDMODULE);
05116 #endif
05117 }
05118
05119 int sys_rsbac_um_auth_uid(rsbac_uid_t uid,
05120 char * pass)
05121 {
05122 #if defined(CONFIG_RSBAC_UM)
05123 int err;
05124 char * k_pass;
05125 union rsbac_target_id_t i_tid;
05126 union rsbac_attribute_value_t i_attr_val;
05127
05128 if(!pass)
05129 return -RSBAC_EINVALIDPOINTER;
05130 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05131 if(!k_pass)
05132 return -RSBAC_ENOMEM;
05133 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
05134 if(err)
05135 goto out_free;
05136 k_pass[RSBAC_MAXNAMELEN-1] = 0;
05137
05138 #ifdef CONFIG_RSBAC_DEBUG
05139 if (rsbac_debug_aef_um)
05140 {
05141 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_uid(): authenticating user %u with pass %s\n",
05142 uid, k_pass);
05143 }
05144 #endif
05145 #ifndef CONFIG_RSBAC_MAINT
05146 #ifdef CONFIG_RSBAC_DEBUG
05147 if (rsbac_debug_aef)
05148 {
05149 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_uid(): calling ADF\n");
05150 }
05151 #endif
05152 i_tid.user = uid;
05153 i_attr_val.dummy = 0;
05154 if (!rsbac_adf_request(R_AUTHENTICATE,
05155 current->pid,
05156 T_USER,
05157 i_tid,
05158 A_none,
05159 i_attr_val))
05160 {
05161 err = -EPERM;
05162 ssleep(1);
05163 goto out_free;
05164 }
05165 #endif
05166
05167 err = rsbac_um_check_pass(uid, k_pass);
05168 if(err) {
05169 if(err == -RSBAC_ENOTFOUND) {
05170 err = -EPERM;
05171 }
05172 goto out_free;
05173 }
05174
05175 #ifdef CONFIG_RSBAC_AUTH
05176
05177 i_tid.process = current->pid;
05178 i_attr_val.auth_last_auth = uid;
05179 if (rsbac_set_attr(SW_AUTH,
05180 T_PROCESS,
05181 i_tid,
05182 A_auth_last_auth,
05183 i_attr_val))
05184 {
05185 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth);
05186 }
05187 #endif
05188
05189 out_free:
05190 memset(k_pass, 0, RSBAC_MAXNAMELEN);
05191 rsbac_kfree(k_pass);
05192 return err;
05193 #else
05194 return (-RSBAC_EINVALIDMODULE);
05195 #endif
05196 }
05197
05198 int sys_rsbac_um_add_user(
05199 rsbac_list_ta_number_t ta_number,
05200 rsbac_uid_t uid,
05201 struct rsbac_um_user_entry_t * entry_p,
05202 char * pass,
05203 rsbac_time_t ttl)
05204 {
05205 #if defined(CONFIG_RSBAC_UM)
05206 int err;
05207 struct rsbac_um_user_entry_t * k_entry_p;
05208 char * k_pass;
05209 #ifndef CONFIG_RSBAC_MAINT
05210 union rsbac_target_id_t rsbac_target_id;
05211 union rsbac_target_id_t rsbac_new_target_id;
05212 union rsbac_attribute_value_t rsbac_attribute_value;
05213 #endif
05214
05215 if(!entry_p)
05216 return -RSBAC_EINVALIDPOINTER;
05217
05218 #ifdef CONFIG_RSBAC_FREEZE_UM
05219 if(rsbac_freeze)
05220 {
05221 rsbac_printk(KERN_WARNING
05222 "sys_rsbac_um_add_user(): RSBAC configuration frozen, no administration allowed!\n");
05223 return -EPERM;
05224 }
05225 #endif
05226
05227 #ifndef CONFIG_RSBAC_MAINT
05228 #ifdef CONFIG_RSBAC_DEBUG
05229 if (rsbac_debug_aef)
05230 {
05231 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_user(): calling ADF\n");
05232 }
05233 #endif
05234 rsbac_target_id.user = uid;
05235 rsbac_attribute_value.dummy = 0;
05236 if (!rsbac_adf_request(R_CREATE,
05237 current->pid,
05238 T_USER,
05239 rsbac_target_id,
05240 A_none,
05241 rsbac_attribute_value))
05242 {
05243 return -EPERM;
05244 }
05245 #endif
05246
05247 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p));
05248 if(!k_entry_p)
05249 return -RSBAC_ENOMEM;
05250 if(pass)
05251 {
05252 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05253 if(!k_pass)
05254 {
05255 rsbac_kfree(k_entry_p);
05256 return -RSBAC_ENOMEM;
05257 }
05258 }
05259 else
05260 k_pass = NULL;
05261 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p));
05262 if(err)
05263 goto out_free;
05264 if(!k_entry_p->name[0])
05265 {
05266 err = -RSBAC_EINVALIDVALUE;
05267 goto out_free;
05268 }
05269 if(pass)
05270 {
05271 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
05272 if(err)
05273 goto out_free;
05274 k_pass[RSBAC_MAXNAMELEN-1] = 0;
05275 }
05276 err = rsbac_um_add_user(ta_number, &uid, k_entry_p, k_pass, ttl);
05277
05278 #ifndef CONFIG_RSBAC_MAINT
05279
05280 if(!err)
05281 {
05282 rsbac_target_id.user = uid;
05283 rsbac_new_target_id.dummy = 0;
05284 if (rsbac_adf_set_attr(R_CREATE,
05285 current->pid,
05286 T_USER,
05287 rsbac_target_id,
05288 T_NONE,
05289 rsbac_new_target_id,
05290 A_none,
05291 rsbac_attribute_value))
05292 {
05293 rsbac_printk(KERN_WARNING
05294 "sys_rsbac_um_add_user(): rsbac_adf_set_attr() returned error\n");
05295 }
05296 }
05297 #endif
05298
05299 out_free:
05300 rsbac_kfree(k_entry_p);
05301 if(k_pass)
05302 {
05303 memset(k_pass, 0, RSBAC_MAXNAMELEN);
05304 rsbac_kfree(k_pass);
05305 }
05306 return err;
05307 #else
05308 return (-RSBAC_EINVALIDMODULE);
05309 #endif
05310 }
05311
05312 int sys_rsbac_um_add_group(
05313 rsbac_list_ta_number_t ta_number,
05314 rsbac_gid_t gid,
05315 struct rsbac_um_group_entry_t * entry_p,
05316 char * pass,
05317 rsbac_time_t ttl)
05318 {
05319 #if defined(CONFIG_RSBAC_UM)
05320 int err;
05321 struct rsbac_um_group_entry_t * k_entry_p;
05322 char * k_pass;
05323 #ifndef CONFIG_RSBAC_MAINT
05324 union rsbac_target_id_t rsbac_target_id;
05325 union rsbac_target_id_t rsbac_new_target_id;
05326 union rsbac_attribute_value_t rsbac_attribute_value;
05327 #endif
05328
05329 if(!entry_p)
05330 return -RSBAC_EINVALIDPOINTER;
05331
05332 #ifdef CONFIG_RSBAC_FREEZE_UM
05333 if(rsbac_freeze)
05334 {
05335 rsbac_printk(KERN_WARNING
05336 "sys_rsbac_um_add_group(): RSBAC configuration frozen, no administration allowed!\n");
05337 return -EPERM;
05338 }
05339 #endif
05340
05341 #ifndef CONFIG_RSBAC_MAINT
05342 #ifdef CONFIG_RSBAC_DEBUG
05343 if (rsbac_debug_aef)
05344 {
05345 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_group(): calling ADF\n");
05346 }
05347 #endif
05348 rsbac_target_id.group = gid;
05349 rsbac_attribute_value.dummy = 0;
05350 if (!rsbac_adf_request(R_CREATE,
05351 current->pid,
05352 T_GROUP,
05353 rsbac_target_id,
05354 A_none,
05355 rsbac_attribute_value))
05356 {
05357 return -EPERM;
05358 }
05359 #endif
05360
05361 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p));
05362 if(!k_entry_p)
05363 return -RSBAC_ENOMEM;
05364 if(pass)
05365 {
05366 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05367 if(!k_pass)
05368 {
05369 rsbac_kfree(k_entry_p);
05370 return -RSBAC_ENOMEM;
05371 }
05372 }
05373 else
05374 k_pass = NULL;
05375 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p));
05376 if(err)
05377 goto out_free;
05378 if(!k_entry_p->name[0])
05379 {
05380 err = -RSBAC_EINVALIDVALUE;
05381 goto out_free;
05382 }
05383 if(pass)
05384 {
05385 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
05386 if(err)
05387 goto out_free;
05388 k_pass[RSBAC_MAXNAMELEN-1] = 0;
05389 }
05390 err = rsbac_um_add_group(ta_number, &gid, k_entry_p, k_pass, ttl);
05391
05392 #ifndef CONFIG_RSBAC_MAINT
05393
05394 if(!err)
05395 {
05396 rsbac_target_id.group = gid;
05397 rsbac_new_target_id.dummy = 0;
05398 if (rsbac_adf_set_attr(R_CREATE,
05399 current->pid,
05400 T_GROUP,
05401 rsbac_target_id,
05402 T_NONE,
05403 rsbac_new_target_id,
05404 A_none,
05405 rsbac_attribute_value))
05406 {
05407 rsbac_printk(KERN_WARNING
05408 "sys_rsbac_um_add_group(): rsbac_adf_set_attr() returned error\n");
05409 }
05410 }
05411 #endif
05412
05413 out_free:
05414 rsbac_kfree(k_entry_p);
05415 if(k_pass)
05416 {
05417 memset(k_pass, 0, RSBAC_MAXNAMELEN);
05418 rsbac_kfree(k_pass);
05419 }
05420 return err;
05421 #else
05422 return (-RSBAC_EINVALIDMODULE);
05423 #endif
05424 }
05425
05426 int sys_rsbac_um_add_gm(
05427 rsbac_list_ta_number_t ta_number,
05428 rsbac_uid_t user,
05429 rsbac_gid_t group,
05430 rsbac_time_t ttl)
05431 {
05432 #if defined(CONFIG_RSBAC_UM)
05433 #ifndef CONFIG_RSBAC_MAINT
05434 union rsbac_target_id_t rsbac_target_id;
05435 union rsbac_attribute_value_t rsbac_attribute_value;
05436 #endif
05437
05438 #ifdef CONFIG_RSBAC_FREEZE_UM
05439 if(rsbac_freeze)
05440 {
05441 rsbac_printk(KERN_WARNING
05442 "sys_rsbac_um_add_gm(): RSBAC configuration frozen, no administration allowed!\n");
05443 return -EPERM;
05444 }
05445 #endif
05446
05447 #ifndef CONFIG_RSBAC_MAINT
05448 #ifdef CONFIG_RSBAC_DEBUG
05449 if (rsbac_debug_aef)
05450 {
05451 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_gm(): calling ADF\n");
05452 }
05453 #endif
05454 rsbac_target_id.user = user;
05455 rsbac_attribute_value.group = group;
05456 if (!rsbac_adf_request(R_CHANGE_GROUP,
05457 current->pid,
05458 T_USER,
05459 rsbac_target_id,
05460 A_group,
05461 rsbac_attribute_value))
05462 {
05463 return -EPERM;
05464 }
05465 #endif
05466
05467 return rsbac_um_add_gm(ta_number, user, group, ttl);
05468 #else
05469 return (-RSBAC_EINVALIDMODULE);
05470 #endif
05471 }
05472
05473 int sys_rsbac_um_mod_user(
05474 rsbac_list_ta_number_t ta_number,
05475 rsbac_uid_t uid,
05476 enum rsbac_um_mod_t mod,
05477 union rsbac_um_mod_data_t * data_p)
05478 {
05479 #if defined(CONFIG_RSBAC_UM)
05480 int err;
05481 union rsbac_um_mod_data_t * k_data_p;
05482 #ifndef CONFIG_RSBAC_MAINT
05483 enum rsbac_adf_request_t rsbac_request;
05484 union rsbac_target_id_t rsbac_target_id;
05485 enum rsbac_attribute_t rsbac_attribute = A_none;
05486 union rsbac_attribute_value_t rsbac_attribute_value;
05487 #endif
05488
05489 if(mod >= UM_none)
05490 return -RSBAC_EINVALIDREQUEST;
05491 if( !data_p
05492 && (mod != UM_pass)
05493 )
05494 return -RSBAC_EINVALIDPOINTER;
05495
05496 #ifdef CONFIG_RSBAC_FREEZE_UM
05497 if(rsbac_freeze)
05498 {
05499 rsbac_printk(KERN_WARNING
05500 "sys_rsbac_um_mod_user(): RSBAC configuration frozen, no administration allowed!\n");
05501 return -EPERM;
05502 }
05503 #endif
05504
05505 #ifndef CONFIG_RSBAC_MAINT
05506 #ifdef CONFIG_RSBAC_DEBUG
05507 if (rsbac_debug_aef)
05508 {
05509 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_user(): calling ADF\n");
05510 }
05511 #endif
05512 rsbac_attribute_value.dummy = 0;
05513 switch(mod)
05514 {
05515 case UM_name:
05516 rsbac_request = R_RENAME;
05517 break;
05518
05519 case UM_pass:
05520 case UM_cryptpass:
05521 rsbac_request = R_MODIFY_PERMISSIONS_DATA;
05522 break;
05523
05524 case UM_fullname:
05525 rsbac_request = R_WRITE;
05526 break;
05527
05528 case UM_homedir:
05529 rsbac_request = R_WRITE;
05530 break;
05531
05532 case UM_shell:
05533 rsbac_request = R_WRITE;
05534 break;
05535
05536 case UM_group:
05537 rsbac_request = R_CHANGE_GROUP;
05538 rsbac_attribute = A_group;
05539 rsbac_attribute_value.group = data_p->group;
05540 break;
05541
05542 case UM_lastchange:
05543 rsbac_request = R_WRITE;
05544 break;
05545
05546 case UM_minchange:
05547 rsbac_request = R_WRITE;
05548 break;
05549
05550 case UM_maxchange:
05551 rsbac_request = R_WRITE;
05552 break;
05553
05554 case UM_warnchange:
05555 rsbac_request = R_WRITE;
05556 break;
05557
05558 case UM_inactive:
05559 rsbac_request = R_WRITE;
05560 break;
05561
05562 case UM_expire:
05563 rsbac_request = R_WRITE;
05564 break;
05565
05566 case UM_ttl:
05567 rsbac_request = R_DELETE;
05568 break;
05569
05570 default:
05571 return -RSBAC_EINVALIDREQUEST;
05572 }
05573 rsbac_target_id.user = uid;
05574 if (!rsbac_adf_request(rsbac_request,
05575 current->pid,
05576 T_USER,
05577 rsbac_target_id,
05578 rsbac_attribute,
05579 rsbac_attribute_value))
05580 {
05581 return -EPERM;
05582 }
05583 #endif
05584
05585
05586 if(data_p)
05587 {
05588 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05589 if(!k_data_p)
05590 return -RSBAC_ENOMEM;
05591 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p));
05592 if(err)
05593 {
05594 rsbac_kfree(k_data_p);
05595 return err;
05596 }
05597 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0;
05598 }
05599 else
05600 k_data_p = NULL;
05601
05602 err = rsbac_um_mod_user(ta_number, uid, mod, k_data_p);
05603
05604 if(k_data_p)
05605 rsbac_kfree(k_data_p);
05606 return err;
05607 #else
05608 return (-RSBAC_EINVALIDMODULE);
05609 #endif
05610 }
05611
05612 int sys_rsbac_um_mod_group(
05613 rsbac_list_ta_number_t ta_number,
05614 rsbac_gid_t gid,
05615 enum rsbac_um_mod_t mod,
05616 union rsbac_um_mod_data_t * data_p)
05617 {
05618 #if defined(CONFIG_RSBAC_UM)
05619 int err;
05620 union rsbac_um_mod_data_t * k_data_p;
05621 #ifndef CONFIG_RSBAC_MAINT
05622 enum rsbac_adf_request_t rsbac_request;
05623 union rsbac_target_id_t rsbac_target_id;
05624 union rsbac_attribute_value_t rsbac_attribute_value;
05625 #endif
05626
05627 if(mod >= UM_none)
05628 return -RSBAC_EINVALIDREQUEST;
05629 if( !data_p
05630 && (mod != UM_pass)
05631 )
05632 return -RSBAC_EINVALIDPOINTER;
05633
05634 #ifdef CONFIG_RSBAC_FREEZE_UM
05635 if(rsbac_freeze)
05636 {
05637 rsbac_printk(KERN_WARNING
05638 "sys_rsbac_um_mod_group(): RSBAC configuration frozen, no administration allowed!\n");
05639 return -EPERM;
05640 }
05641 #endif
05642
05643 #ifndef CONFIG_RSBAC_MAINT
05644 #ifdef CONFIG_RSBAC_DEBUG
05645 if (rsbac_debug_aef)
05646 {
05647 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_group(): calling ADF\n");
05648 }
05649 #endif
05650 switch(mod)
05651 {
05652 case UM_name:
05653 rsbac_request = R_RENAME;
05654 break;
05655
05656 case UM_pass:
05657 case UM_cryptpass:
05658 rsbac_request = R_MODIFY_PERMISSIONS_DATA;
05659 break;
05660
05661 case UM_ttl:
05662 rsbac_request = R_DELETE;
05663 break;
05664
05665 default:
05666 return -RSBAC_EINVALIDREQUEST;
05667 }
05668 rsbac_target_id.group = gid;
05669 rsbac_attribute_value.dummy = 0;
05670 if (!rsbac_adf_request(rsbac_request,
05671 current->pid,
05672 T_GROUP,
05673 rsbac_target_id,
05674 A_none,
05675 rsbac_attribute_value))
05676 {
05677 return -EPERM;
05678 }
05679 #endif
05680
05681 if(data_p)
05682 {
05683 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05684 if(!k_data_p)
05685 return -RSBAC_ENOMEM;
05686 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p));
05687 if(err)
05688 {
05689 rsbac_kfree(k_data_p);
05690 return err;
05691 }
05692 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0;
05693 }
05694 else
05695 k_data_p = NULL;
05696
05697 err = rsbac_um_mod_group(ta_number, gid, mod, k_data_p);
05698
05699 if(k_data_p)
05700 rsbac_kfree(k_data_p);
05701 return err;
05702 #else
05703 return (-RSBAC_EINVALIDMODULE);
05704 #endif
05705 }
05706
05707 int sys_rsbac_um_get_user_item(
05708 rsbac_list_ta_number_t ta_number,
05709 rsbac_uid_t uid,
05710 enum rsbac_um_mod_t mod,
05711 union rsbac_um_mod_data_t * data_p)
05712 {
05713 #if defined(CONFIG_RSBAC_UM)
05714 int err;
05715 union rsbac_um_mod_data_t * k_data_p;
05716 #ifndef CONFIG_RSBAC_MAINT
05717 enum rsbac_adf_request_t rsbac_request;
05718 union rsbac_target_id_t rsbac_target_id;
05719 union rsbac_attribute_value_t rsbac_attribute_value;
05720 #endif
05721
05722 if(mod >= UM_none)
05723 return -RSBAC_EINVALIDREQUEST;
05724 if(!data_p)
05725 return -RSBAC_EINVALIDPOINTER;
05726
05727 #ifndef CONFIG_RSBAC_MAINT
05728 #ifdef CONFIG_RSBAC_DEBUG
05729 if (rsbac_debug_aef)
05730 {
05731 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_item(): calling ADF\n");
05732 }
05733 #endif
05734 rsbac_attribute_value.dummy = 0;
05735 switch(mod)
05736 {
05737 case UM_name:
05738 rsbac_request = R_SEARCH;
05739 break;
05740
05741 case UM_group:
05742 case UM_fullname:
05743 case UM_homedir:
05744 case UM_shell:
05745 rsbac_request = R_GET_STATUS_DATA;
05746 break;
05747
05748 case UM_pass:
05749 rsbac_request = R_GET_PERMISSIONS_DATA;
05750 break;
05751
05752 case UM_lastchange:
05753 case UM_minchange:
05754 case UM_maxchange:
05755 case UM_warnchange:
05756 case UM_inactive:
05757 case UM_expire:
05758 case UM_ttl:
05759 rsbac_request = R_READ;
05760 break;
05761
05762 default:
05763 return -RSBAC_EINVALIDREQUEST;
05764 }
05765 rsbac_target_id.user = uid;
05766 if (!rsbac_adf_request(rsbac_request,
05767 current->pid,
05768 T_USER,
05769 rsbac_target_id,
05770 A_none,
05771 rsbac_attribute_value))
05772 {
05773 return -EPERM;
05774 }
05775 #endif
05776
05777 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05778 if(!k_data_p)
05779 return -RSBAC_ENOMEM;
05780 memset(k_data_p, 0, sizeof(*k_data_p));
05781
05782 err = rsbac_um_get_user_item(ta_number, uid, mod, k_data_p);
05783 if(!err)
05784 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) );
05785 rsbac_kfree(k_data_p);
05786 return err;
05787 #else
05788 return (-RSBAC_EINVALIDMODULE);
05789 #endif
05790 }
05791
05792 int sys_rsbac_um_get_group_item(
05793 rsbac_list_ta_number_t ta_number,
05794 rsbac_gid_t gid,
05795 enum rsbac_um_mod_t mod,
05796 union rsbac_um_mod_data_t * data_p)
05797 {
05798 #if defined(CONFIG_RSBAC_UM)
05799 int err;
05800 union rsbac_um_mod_data_t * k_data_p;
05801 #ifndef CONFIG_RSBAC_MAINT
05802 enum rsbac_adf_request_t rsbac_request;
05803 union rsbac_target_id_t rsbac_target_id;
05804 union rsbac_attribute_value_t rsbac_attribute_value;
05805 #endif
05806
05807 if(mod >= UM_none)
05808 return -RSBAC_EINVALIDREQUEST;
05809 if(!data_p)
05810 return -RSBAC_EINVALIDPOINTER;
05811
05812 #ifndef CONFIG_RSBAC_MAINT
05813 #ifdef CONFIG_RSBAC_DEBUG
05814 if (rsbac_debug_aef)
05815 {
05816 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_item(): calling ADF\n");
05817 }
05818 #endif
05819 rsbac_attribute_value.dummy = 0;
05820 switch(mod)
05821 {
05822 case UM_name:
05823 rsbac_request = R_SEARCH;
05824 break;
05825
05826 case UM_pass:
05827 rsbac_request = R_GET_PERMISSIONS_DATA;
05828 break;
05829
05830 case UM_ttl:
05831 rsbac_request = R_GET_STATUS_DATA;
05832 break;
05833
05834 default:
05835 return -RSBAC_EINVALIDREQUEST;
05836 }
05837 rsbac_target_id.group = gid;
05838 if (!rsbac_adf_request(rsbac_request,
05839 current->pid,
05840 T_GROUP,
05841 rsbac_target_id,
05842 A_none,
05843 rsbac_attribute_value))
05844 {
05845 return -EPERM;
05846 }
05847 #endif
05848
05849 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05850 if(!k_data_p)
05851 return -RSBAC_ENOMEM;
05852 memset(k_data_p, 0, sizeof(*k_data_p));
05853
05854 err = rsbac_um_get_group_item(ta_number, gid, mod, k_data_p);
05855 if(!err)
05856 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) );
05857 rsbac_kfree(k_data_p);
05858 return err;
05859 #else
05860 return (-RSBAC_EINVALIDMODULE);
05861 #endif
05862 }
05863
05864 int sys_rsbac_um_remove_user(
05865 rsbac_list_ta_number_t ta_number,
05866 rsbac_uid_t uid)
05867 {
05868 #if defined(CONFIG_RSBAC_UM)
05869 int err;
05870 #ifndef CONFIG_RSBAC_MAINT
05871 union rsbac_target_id_t rsbac_target_id;
05872 union rsbac_target_id_t rsbac_new_target_id;
05873 union rsbac_attribute_value_t rsbac_attribute_value;
05874 #endif
05875
05876 #ifdef CONFIG_RSBAC_FREEZE_UM
05877 if(rsbac_freeze)
05878 {
05879 rsbac_printk(KERN_WARNING
05880 "sys_rsbac_um_remove_user(): RSBAC configuration frozen, no administration allowed!\n");
05881 return -EPERM;
05882 }
05883 #endif
05884
05885 #ifndef CONFIG_RSBAC_MAINT
05886 #ifdef CONFIG_RSBAC_DEBUG
05887 if (rsbac_debug_aef)
05888 {
05889 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_user(): calling ADF\n");
05890 }
05891 #endif
05892 rsbac_target_id.user = uid;
05893 rsbac_attribute_value.dummy = 0;
05894 if (!rsbac_adf_request(R_DELETE,
05895 current->pid,
05896 T_USER,
05897 rsbac_target_id,
05898 A_none,
05899 rsbac_attribute_value))
05900 {
05901 return -EPERM;
05902 }
05903 #endif
05904
05905 err = rsbac_um_remove_user(ta_number, uid);
05906
05907 #ifndef CONFIG_RSBAC_MAINT
05908 if(!err)
05909 {
05910 rsbac_new_target_id.dummy = 0;
05911 if (rsbac_adf_set_attr(R_DELETE,
05912 current->pid,
05913 T_USER,
05914 rsbac_target_id,
05915 T_NONE,
05916 rsbac_new_target_id,
05917 A_none,
05918 rsbac_attribute_value))
05919 {
05920 rsbac_printk(KERN_WARNING
05921 "sys_rsbac_um_remove_user(): rsbac_adf_set_attr() returned error");
05922 }
05923 }
05924 #endif
05925 return err;
05926 #else
05927 return (-RSBAC_EINVALIDMODULE);
05928 #endif
05929 }
05930
05931 int sys_rsbac_um_remove_group(
05932 rsbac_list_ta_number_t ta_number,
05933 rsbac_gid_t gid)
05934 {
05935 #if defined(CONFIG_RSBAC_UM)
05936 int err;
05937 #ifndef CONFIG_RSBAC_MAINT
05938 union rsbac_target_id_t rsbac_target_id;
05939 union rsbac_target_id_t rsbac_new_target_id;
05940 union rsbac_attribute_value_t rsbac_attribute_value;
05941 #endif
05942
05943 #ifdef CONFIG_RSBAC_FREEZE_UM
05944 if(rsbac_freeze)
05945 {
05946 rsbac_printk(KERN_WARNING
05947 "sys_rsbac_um_remove_group(): RSBAC configuration frozen, no administration allowed!\n");
05948 return -EPERM;
05949 }
05950 #endif
05951
05952 #ifndef CONFIG_RSBAC_MAINT
05953 #ifdef CONFIG_RSBAC_DEBUG
05954 if (rsbac_debug_aef)
05955 {
05956 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_group(): calling ADF\n");
05957 }
05958 #endif
05959 rsbac_target_id.group = gid;
05960 rsbac_attribute_value.dummy = 0;
05961 if (!rsbac_adf_request(R_DELETE,
05962 current->pid,
05963 T_GROUP,
05964 rsbac_target_id,
05965 A_none,
05966 rsbac_attribute_value))
05967 {
05968 return -EPERM;
05969 }
05970 #endif
05971
05972 err = rsbac_um_remove_group(ta_number, gid);
05973
05974 #ifndef CONFIG_RSBAC_MAINT
05975 if(!err)
05976 {
05977 rsbac_new_target_id.dummy = 0;
05978 if (rsbac_adf_set_attr(R_DELETE,
05979 current->pid,
05980 T_GROUP,
05981 rsbac_target_id,
05982 T_NONE,
05983 rsbac_new_target_id,
05984 A_none,
05985 rsbac_attribute_value))
05986 {
05987 rsbac_printk(KERN_WARNING
05988 "sys_rsbac_um_remove_group(): rsbac_adf_set_attr() returned error");
05989 }
05990 }
05991 #endif
05992 return err;
05993 #else
05994 return (-RSBAC_EINVALIDMODULE);
05995 #endif
05996 }
05997
05998 int sys_rsbac_um_remove_gm(
05999 rsbac_list_ta_number_t ta_number,
06000 rsbac_uid_t user,
06001 rsbac_gid_t group)
06002 {
06003 #if defined(CONFIG_RSBAC_UM)
06004 #ifndef CONFIG_RSBAC_MAINT
06005 union rsbac_target_id_t rsbac_target_id;
06006 union rsbac_attribute_value_t rsbac_attribute_value;
06007 #endif
06008
06009 #ifdef CONFIG_RSBAC_FREEZE_UM
06010 if(rsbac_freeze)
06011 {
06012 rsbac_printk(KERN_WARNING
06013 "sys_rsbac_um_remove_gm(): RSBAC configuration frozen, no administration allowed!\n");
06014 return -EPERM;
06015 }
06016 #endif
06017
06018 #ifndef CONFIG_RSBAC_MAINT
06019 #ifdef CONFIG_RSBAC_DEBUG
06020 if (rsbac_debug_aef)
06021 {
06022 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_gm(): calling ADF\n");
06023 }
06024 #endif
06025 rsbac_target_id.user = user;
06026 rsbac_attribute_value.group = group;
06027 if (!rsbac_adf_request(R_CHANGE_GROUP,
06028 current->pid,
06029 T_USER,
06030 rsbac_target_id,
06031 A_group,
06032 rsbac_attribute_value))
06033 {
06034 return -EPERM;
06035 }
06036 #endif
06037
06038 return rsbac_um_remove_gm(ta_number, user, group);
06039 #else
06040 return (-RSBAC_EINVALIDMODULE);
06041 #endif
06042 }
06043
06044 int sys_rsbac_um_user_exists(
06045 rsbac_list_ta_number_t ta_number,
06046 rsbac_uid_t uid)
06047 {
06048 #if defined(CONFIG_RSBAC_UM)
06049 #ifndef CONFIG_RSBAC_MAINT
06050 union rsbac_target_id_t rsbac_target_id;
06051 union rsbac_attribute_value_t rsbac_attribute_value;
06052 #endif
06053
06054 #ifndef CONFIG_RSBAC_MAINT
06055 #ifdef CONFIG_RSBAC_DEBUG
06056 if (rsbac_debug_aef)
06057 {
06058 rsbac_printk(KERN_DEBUG "sys_rsbac_um_user_exists(): calling ADF\n");
06059 }
06060 #endif
06061 rsbac_target_id.user = uid;
06062 rsbac_attribute_value.dummy = 0;
06063 if (!rsbac_adf_request(R_SEARCH,
06064 current->pid,
06065 T_USER,
06066 rsbac_target_id,
06067 A_none,
06068 rsbac_attribute_value))
06069 {
06070 return -EPERM;
06071 }
06072 #endif
06073
06074 return rsbac_um_user_exists(ta_number, uid);
06075 #else
06076 return (-RSBAC_EINVALIDMODULE);
06077 #endif
06078 }
06079
06080 int sys_rsbac_um_group_exists(
06081 rsbac_list_ta_number_t ta_number,
06082 rsbac_gid_t gid)
06083 {
06084 #if defined(CONFIG_RSBAC_UM)
06085 #ifndef CONFIG_RSBAC_MAINT
06086 union rsbac_target_id_t rsbac_target_id;
06087 union rsbac_attribute_value_t rsbac_attribute_value;
06088 #endif
06089
06090 #ifndef CONFIG_RSBAC_MAINT
06091 #ifdef CONFIG_RSBAC_DEBUG
06092 if (rsbac_debug_aef)
06093 {
06094 rsbac_printk(KERN_DEBUG "sys_rsbac_um_group_exists(): calling ADF\n");
06095 }
06096 #endif
06097 rsbac_target_id.group = gid;
06098 rsbac_attribute_value.dummy = 0;
06099 if (!rsbac_adf_request(R_SEARCH,
06100 current->pid,
06101 T_GROUP,
06102 rsbac_target_id,
06103 A_none,
06104 rsbac_attribute_value))
06105 {
06106 return -EPERM;
06107 }
06108 #endif
06109
06110 return rsbac_um_group_exists(ta_number, gid);
06111 #else
06112 return (-RSBAC_EINVALIDMODULE);
06113 #endif
06114 }
06115
06116 int sys_rsbac_um_get_next_user(
06117 rsbac_list_ta_number_t ta_number,
06118 rsbac_uid_t old_user,
06119 rsbac_uid_t * next_user_p)
06120 {
06121 #if defined(CONFIG_RSBAC_UM)
06122 rsbac_uid_t k_next_user;
06123 int err;
06124 #ifndef CONFIG_RSBAC_MAINT
06125 union rsbac_target_id_t rsbac_target_id;
06126 union rsbac_attribute_value_t rsbac_attribute_value;
06127 #endif
06128
06129 if(!next_user_p)
06130 return -RSBAC_EINVALIDPOINTER;
06131
06132 #ifndef CONFIG_RSBAC_MAINT
06133 #ifdef CONFIG_RSBAC_DEBUG
06134 if (rsbac_debug_aef)
06135 {
06136 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_next_user(): calling ADF\n");
06137 }
06138 #endif
06139 rsbac_target_id.user = old_user;
06140 rsbac_attribute_value.dummy = 0;
06141 if (!rsbac_adf_request(R_SEARCH,
06142 current->pid,
06143 T_USER,
06144 rsbac_target_id,
06145 A_none,
06146 rsbac_attribute_value))
06147 {
06148 return -EPERM;
06149 }
06150 #endif
06151
06152 err = rsbac_um_get_next_user(ta_number, old_user, &k_next_user);
06153 if(!err)
06154 err = rsbac_put_user((char *)&k_next_user, (char *) next_user_p, sizeof(k_next_user));
06155 return err;
06156 #else
06157 return (-RSBAC_EINVALIDMODULE);
06158 #endif
06159 }
06160
06161 int sys_rsbac_um_get_user_list(
06162 rsbac_list_ta_number_t ta_number,
06163 rsbac_uid_t user_array[],
06164 u_int maxnum)
06165 {
06166 #if defined(CONFIG_RSBAC_UM)
06167 long count;
06168 rsbac_uid_t * k_user_array;
06169 #ifndef CONFIG_RSBAC_MAINT
06170 union rsbac_target_id_t rsbac_target_id;
06171 union rsbac_attribute_value_t rsbac_attribute_value;
06172 #endif
06173
06174 if(maxnum > RSBAC_UM_MAX_MAXNUM)
06175 maxnum = RSBAC_UM_MAX_MAXNUM;
06176
06177 #ifndef CONFIG_RSBAC_MAINT
06178 #ifdef CONFIG_RSBAC_DEBUG
06179 if (rsbac_debug_aef)
06180 {
06181 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_list(): calling ADF\n");
06182 }
06183 #endif
06184 rsbac_target_id.user = RSBAC_ALL_USERS;
06185 rsbac_attribute_value.dummy = 0;
06186 if (!rsbac_adf_request(R_SEARCH,
06187 current->pid,
06188 T_USER,
06189 rsbac_target_id,
06190 A_none,
06191 rsbac_attribute_value))
06192 {
06193 return -EPERM;
06194 }
06195 #endif
06196
06197
06198 if(!user_array || !maxnum)
06199 return rsbac_um_get_user_list(ta_number, NULL);
06200
06201 count = rsbac_um_get_user_list(ta_number, &k_user_array);
06202 if(count>0)
06203 {
06204 if(count > maxnum)
06205 count = maxnum;
06206 rsbac_put_user((u_char *) k_user_array,
06207 (u_char *) user_array,
06208 count * sizeof(*k_user_array) );
06209 rsbac_vfree(k_user_array);
06210 }
06211 return count;
06212 #else
06213 return -RSBAC_EINVALIDMODULE;
06214 #endif
06215 };
06216
06217 int sys_rsbac_um_get_gm_list(
06218 rsbac_list_ta_number_t ta_number,
06219 rsbac_uid_t user,
06220 rsbac_gid_t group_array[],
06221 u_int maxnum)
06222 {
06223 #if defined(CONFIG_RSBAC_UM)
06224 long count;
06225 rsbac_gid_t * k_group_array;
06226 #ifndef CONFIG_RSBAC_MAINT
06227 union rsbac_target_id_t rsbac_target_id;
06228 union rsbac_attribute_value_t rsbac_attribute_value;
06229 #endif
06230
06231
06232 if(maxnum > RSBAC_UM_MAX_MAXNUM)
06233 maxnum = RSBAC_UM_MAX_MAXNUM;
06234
06235 #ifndef CONFIG_RSBAC_MAINT
06236 #ifdef CONFIG_RSBAC_DEBUG
06237 if (rsbac_debug_aef)
06238 {
06239 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_list(): calling ADF\n");
06240 }
06241 #endif
06242 rsbac_target_id.user = user;
06243 rsbac_attribute_value.dummy = 0;
06244 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06245 current->pid,
06246 T_USER,
06247 rsbac_target_id,
06248 A_none,
06249 rsbac_attribute_value))
06250 {
06251 return -EPERM;
06252 }
06253 #endif
06254
06255
06256 if(!group_array || !maxnum)
06257 return rsbac_um_get_gm_list(ta_number, user, NULL);
06258
06259 count = rsbac_um_get_gm_list(ta_number, user, &k_group_array);
06260 if(count>0)
06261 {
06262 if(count > maxnum)
06263 count = maxnum;
06264 rsbac_put_user((u_char *) k_group_array,
06265 (u_char *) group_array,
06266 count * sizeof(*k_group_array) );
06267 rsbac_vfree(k_group_array);
06268 }
06269 return count;
06270 #else
06271 return -RSBAC_EINVALIDMODULE;
06272 #endif
06273 };
06274
06275 int sys_rsbac_um_get_gm_user_list(
06276 rsbac_list_ta_number_t ta_number,
06277 rsbac_gid_t group,
06278 rsbac_uid_t user_array[],
06279 u_int maxnum)
06280 {
06281 #if defined(CONFIG_RSBAC_UM)
06282 long count;
06283 rsbac_uid_t * k_user_array;
06284 #ifndef CONFIG_RSBAC_MAINT
06285 union rsbac_target_id_t rsbac_target_id;
06286 union rsbac_attribute_value_t rsbac_attribute_value;
06287 #endif
06288
06289 if(maxnum > RSBAC_UM_MAX_MAXNUM)
06290 maxnum = RSBAC_UM_MAX_MAXNUM;
06291
06292 #ifndef CONFIG_RSBAC_MAINT
06293 #ifdef CONFIG_RSBAC_DEBUG
06294 if (rsbac_debug_aef)
06295 {
06296 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_user_list(): calling ADF\n");
06297 }
06298 #endif
06299 rsbac_target_id.group = group;
06300 rsbac_attribute_value.dummy = 0;
06301 if (!rsbac_adf_request(R_READ,
06302 current->pid,
06303 T_GROUP,
06304 rsbac_target_id,
06305 A_none,
06306 rsbac_attribute_value))
06307 {
06308 return -EPERM;
06309 }
06310 #endif
06311
06312 if(!user_array || !maxnum)
06313 return rsbac_um_get_gm_user_list(ta_number, group, NULL);
06314
06315 count = rsbac_um_get_gm_user_list(ta_number, group, &k_user_array);
06316 if(count>0)
06317 {
06318 if(count > maxnum)
06319 count = maxnum;
06320 rsbac_put_user((u_char *) k_user_array,
06321 (u_char *) user_array,
06322 count * sizeof(*k_user_array) );
06323 rsbac_vfree(k_user_array);
06324 }
06325 return count;
06326 #else
06327 return -RSBAC_EINVALIDMODULE;
06328 #endif
06329 };
06330
06331 int sys_rsbac_um_get_group_list(
06332 rsbac_list_ta_number_t ta_number,
06333 rsbac_gid_t group_array[],
06334 u_int maxnum)
06335 {
06336 #if defined(CONFIG_RSBAC_UM)
06337 long count;
06338 rsbac_gid_t * k_group_array;
06339 #ifndef CONFIG_RSBAC_MAINT
06340 union rsbac_target_id_t rsbac_target_id;
06341 union rsbac_attribute_value_t rsbac_attribute_value;
06342 #endif
06343
06344 if(maxnum > RSBAC_UM_MAX_MAXNUM)
06345 maxnum = RSBAC_UM_MAX_MAXNUM;
06346
06347 #ifndef CONFIG_RSBAC_MAINT
06348 #ifdef CONFIG_RSBAC_DEBUG
06349 if (rsbac_debug_aef)
06350 {
06351 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_list(): calling ADF\n");
06352 }
06353 #endif
06354 rsbac_target_id.group = RSBAC_ALL_USERS;
06355 rsbac_attribute_value.dummy = 0;
06356 if (!rsbac_adf_request(R_SEARCH,
06357 current->pid,
06358 T_GROUP,
06359 rsbac_target_id,
06360 A_none,
06361 rsbac_attribute_value))
06362 {
06363 return -EPERM;
06364 }
06365 #endif
06366
06367
06368 if(!group_array || !maxnum)
06369 return rsbac_um_get_group_list(ta_number, NULL);
06370
06371 count = rsbac_um_get_group_list(ta_number, &k_group_array);
06372 if(count>0)
06373 {
06374 if(count > maxnum)
06375 count = maxnum;
06376 rsbac_put_user((u_char *) k_group_array,
06377 (u_char *) group_array,
06378 count * sizeof(*k_group_array) );
06379 rsbac_vfree(k_group_array);
06380 }
06381 return count;
06382 #else
06383 return -RSBAC_EINVALIDMODULE;
06384 #endif
06385 };
06386
06387
06388
06389 int sys_rsbac_um_get_uid(
06390 rsbac_list_ta_number_t ta_number,
06391 char * name,
06392 rsbac_uid_t * uid_p)
06393 {
06394 #if defined(CONFIG_RSBAC_UM)
06395 rsbac_uid_t k_uid;
06396 int err;
06397 char k_name[RSBAC_UM_NAME_LEN];
06398
06399 if(!name || !uid_p)
06400 return -RSBAC_EINVALIDPOINTER;
06401
06402 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06403 if(err)
06404 return err;
06405 k_name[RSBAC_UM_NAME_LEN-1] = 0;
06406 err = rsbac_um_get_uid(ta_number, k_name, &k_uid);
06407 if(!err)
06408 {
06409 #ifndef CONFIG_RSBAC_MAINT
06410 union rsbac_target_id_t rsbac_target_id;
06411 union rsbac_attribute_value_t rsbac_attribute_value;
06412
06413 #ifdef CONFIG_RSBAC_DEBUG
06414 if (rsbac_debug_aef)
06415 {
06416 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_uid(): calling ADF\n");
06417 }
06418 #endif
06419 rsbac_target_id.user = k_uid;
06420 rsbac_attribute_value.dummy = 0;
06421 if (!rsbac_adf_request(R_SEARCH,
06422 current->pid,
06423 T_USER,
06424 rsbac_target_id,
06425 A_none,
06426 rsbac_attribute_value))
06427 {
06428 err = -EPERM;
06429 }
06430 else
06431 #endif
06432
06433 err = rsbac_put_user((char *)&k_uid, (char *) uid_p, sizeof(k_uid));
06434 }
06435 return err;
06436 #else
06437 return (-RSBAC_EINVALIDMODULE);
06438 #endif
06439 }
06440
06441 int sys_rsbac_um_get_gid(
06442 rsbac_list_ta_number_t ta_number,
06443 char * name,
06444 rsbac_gid_t * gid_p)
06445 {
06446 #if defined(CONFIG_RSBAC_UM)
06447 rsbac_gid_t k_gid;
06448 int err;
06449 char k_name[RSBAC_UM_NAME_LEN];
06450
06451 if(!name || !gid_p)
06452 return -RSBAC_EINVALIDPOINTER;
06453 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06454 if(err)
06455 return err;
06456 k_name[RSBAC_UM_NAME_LEN-1] = 0;
06457 err = rsbac_um_get_gid(ta_number, k_name, &k_gid);
06458 if(!err)
06459 {
06460 #ifndef CONFIG_RSBAC_MAINT
06461 union rsbac_target_id_t rsbac_target_id;
06462 union rsbac_attribute_value_t rsbac_attribute_value;
06463
06464 #ifdef CONFIG_RSBAC_DEBUG
06465 if (rsbac_debug_aef)
06466 {
06467 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gid(): calling ADF\n");
06468 }
06469 #endif
06470 rsbac_target_id.group = k_gid;
06471 rsbac_attribute_value.dummy = 0;
06472 if (!rsbac_adf_request(R_SEARCH,
06473 current->pid,
06474 T_GROUP,
06475 rsbac_target_id,
06476 A_none,
06477 rsbac_attribute_value))
06478 {
06479 err = -EPERM;
06480 }
06481 else
06482 #endif
06483
06484 err = rsbac_put_user((char *)&k_gid, (char *) gid_p, sizeof(k_gid));
06485 }
06486 return err;
06487 #else
06488 return (-RSBAC_EINVALIDMODULE);
06489 #endif
06490 }
06491
06492 int sys_rsbac_um_set_pass(rsbac_uid_t uid,
06493 char * old_pass,
06494 char * new_pass)
06495 {
06496 #if defined(CONFIG_RSBAC_UM)
06497 int err;
06498 char * k_new_pass;
06499
06500 if(!new_pass)
06501 return -RSBAC_EINVALIDPOINTER;
06502 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06503 if(!k_new_pass)
06504 return -RSBAC_ENOMEM;
06505 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN);
06506 if(err)
06507 {
06508 rsbac_kfree(k_new_pass);
06509 return err;
06510 }
06511 k_new_pass[RSBAC_MAXNAMELEN-1] = 0;
06512
06513 if(old_pass && (uid == current->uid))
06514 {
06515 char * k_old_pass;
06516
06517 k_old_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06518 if(!k_old_pass)
06519 {
06520 rsbac_kfree(k_new_pass);
06521 return -RSBAC_ENOMEM;
06522 }
06523 err = rsbac_get_user(k_old_pass, old_pass, RSBAC_MAXNAMELEN);
06524 if(err)
06525 {
06526 rsbac_kfree(k_old_pass);
06527 rsbac_kfree(k_new_pass);
06528 return err;
06529 }
06530 k_old_pass[RSBAC_MAXNAMELEN-1] = 0;
06531 err = rsbac_um_check_pass(uid, k_old_pass);
06532 rsbac_kfree(k_old_pass);
06533 if(err)
06534 {
06535 rsbac_kfree(k_new_pass);
06536 rsbac_printk(KERN_INFO "sys_rsbac_um_set_pass(): old password check failed\n");
06537 return err;
06538 }
06539 err = rsbac_um_good_pass(uid, k_new_pass);
06540 if(err)
06541 {
06542 rsbac_kfree(k_new_pass);
06543 #ifdef CONFIG_RSBAC_DEBUG
06544 if (rsbac_debug_aef_um)
06545 {
06546 rsbac_printk(KERN_DEBUG
06547 "sys_rsbac_um_set_pass(): new password goodness check failed for user %u\n",
06548 uid);
06549 }
06550 #endif
06551 return err;
06552 }
06553 }
06554 else
06555 {
06556 #ifndef CONFIG_RSBAC_MAINT
06557
06558 union rsbac_target_id_t rsbac_target_id;
06559 union rsbac_attribute_value_t rsbac_attribute_value;
06560
06561 #ifdef CONFIG_RSBAC_FREEZE_UM
06562 if(rsbac_freeze)
06563 {
06564 rsbac_printk(KERN_WARNING
06565 "sys_rsbac_um_set_pass(): RSBAC configuration frozen, no administration allowed!\n");
06566 rsbac_kfree(k_new_pass);
06567 return -EPERM;
06568 }
06569 #endif
06570
06571 #ifdef CONFIG_RSBAC_DEBUG
06572 if (rsbac_debug_aef)
06573 {
06574 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass(): calling ADF\n");
06575 }
06576 #endif
06577 rsbac_target_id.user = uid;
06578 rsbac_attribute_value.dummy = 0;
06579 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
06580 current->pid,
06581 T_USER,
06582 rsbac_target_id,
06583 A_none,
06584 rsbac_attribute_value))
06585 {
06586 rsbac_kfree(k_new_pass);
06587 return -EPERM;
06588 }
06589 #endif
06590 }
06591
06592 err = rsbac_um_set_pass(uid, k_new_pass);
06593 rsbac_kfree(k_new_pass);
06594 return err;
06595 #else
06596 return (-RSBAC_EINVALIDMODULE);
06597 #endif
06598 }
06599
06600 int sys_rsbac_um_set_pass_name(char * name,
06601 char * old_pass,
06602 char * new_pass)
06603 {
06604 #if defined(CONFIG_RSBAC_UM)
06605 int err;
06606 rsbac_uid_t uid;
06607 char * k_name;
06608
06609 if(!name || !new_pass)
06610 return -RSBAC_EINVALIDPOINTER;
06611 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN);
06612 if(!k_name)
06613 return -RSBAC_ENOMEM;
06614 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06615 if(err)
06616 {
06617 rsbac_kfree(k_name);
06618 return err;
06619 }
06620 k_name[RSBAC_UM_NAME_LEN-1] = 0;
06621
06622 #ifdef CONFIG_RSBAC_DEBUG
06623 if (rsbac_debug_aef_um)
06624 {
06625 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): user %s\n",
06626 k_name);
06627 }
06628 #endif
06629 err = rsbac_um_get_uid(0, k_name, &uid);
06630 rsbac_kfree(k_name);
06631 if(err)
06632 {
06633 #ifdef CONFIG_RSBAC_DEBUG
06634 if (rsbac_debug_aef_um)
06635 {
06636 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): lookup of user %s failed\n",
06637 k_name);
06638 }
06639 #endif
06640 }
06641 else
06642 err = sys_rsbac_um_set_pass(uid, old_pass, new_pass);
06643
06644 return err;
06645 #else
06646 return (-RSBAC_EINVALIDMODULE);
06647 #endif
06648 }
06649
06650 int sys_rsbac_um_set_group_pass(rsbac_gid_t gid,
06651 char * new_pass)
06652 {
06653 #if defined(CONFIG_RSBAC_UM)
06654 int err;
06655 char * k_new_pass;
06656 #ifndef CONFIG_RSBAC_MAINT
06657 union rsbac_target_id_t rsbac_target_id;
06658 union rsbac_attribute_value_t rsbac_attribute_value;
06659 #endif
06660
06661 #ifdef CONFIG_RSBAC_FREEZE_UM
06662 if(rsbac_freeze)
06663 {
06664 rsbac_printk(KERN_WARNING
06665 "sys_rsbac_um_set_group_pass(): RSBAC configuration frozen, no administration allowed!\n");
06666 return -EPERM;
06667 }
06668 #endif
06669
06670 #ifndef CONFIG_RSBAC_MAINT
06671
06672 #ifdef CONFIG_RSBAC_DEBUG
06673 if (rsbac_debug_aef)
06674 {
06675 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_group_pass(): calling ADF\n");
06676 }
06677 #endif
06678 rsbac_target_id.group = gid;
06679 rsbac_attribute_value.dummy = 0;
06680 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
06681 current->pid,
06682 T_GROUP,
06683 rsbac_target_id,
06684 A_none,
06685 rsbac_attribute_value))
06686 {
06687 return -EPERM;
06688 }
06689 #endif
06690
06691 if(new_pass)
06692 {
06693 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06694 if(!k_new_pass)
06695 return -RSBAC_ENOMEM;
06696 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN);
06697 if(!err)
06698 {
06699 k_new_pass[RSBAC_MAXNAMELEN-1] = 0;
06700 err = rsbac_um_set_group_pass(gid, k_new_pass);
06701 }
06702 rsbac_kfree(k_new_pass);
06703 }
06704 else
06705 {
06706 err = rsbac_um_set_group_pass(gid, NULL);
06707 }
06708 return err;
06709 #else
06710 return (-RSBAC_EINVALIDMODULE);
06711 #endif
06712 }
06713
06714 int sys_rsbac_um_check_account(rsbac_uid_t uid)
06715 {
06716 #if defined(CONFIG_RSBAC_UM)
06717 #ifndef CONFIG_RSBAC_MAINT
06718 union rsbac_target_id_t rsbac_target_id;
06719 union rsbac_attribute_value_t rsbac_attribute_value;
06720 #endif
06721
06722
06723 #ifndef CONFIG_RSBAC_MAINT
06724 #ifdef CONFIG_RSBAC_DEBUG
06725 if (rsbac_debug_aef)
06726 {
06727 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n");
06728 }
06729 #endif
06730 rsbac_target_id.user = uid;
06731 rsbac_attribute_value.dummy = 0;
06732 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06733 current->pid,
06734 T_USER,
06735 rsbac_target_id,
06736 A_none,
06737 rsbac_attribute_value))
06738 {
06739 return -EPERM;
06740 }
06741 #endif
06742
06743 return rsbac_um_check_account(uid);
06744 #else
06745 return (-RSBAC_EINVALIDMODULE);
06746 #endif
06747 }
06748
06749 int sys_rsbac_um_check_account_name(char * name)
06750 {
06751 #if defined(CONFIG_RSBAC_UM)
06752 int err;
06753 rsbac_uid_t uid;
06754 char k_name[RSBAC_UM_NAME_LEN];
06755 #ifndef CONFIG_RSBAC_MAINT
06756 union rsbac_target_id_t rsbac_target_id;
06757 union rsbac_attribute_value_t rsbac_attribute_value;
06758 #endif
06759
06760 if(!name)
06761 return -RSBAC_EINVALIDPOINTER;
06762 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06763 if(err)
06764 return err;
06765 k_name[RSBAC_UM_NAME_LEN-1] = 0;
06766 #ifdef CONFIG_RSBAC_DEBUG
06767 if (rsbac_debug_aef_um)
06768 {
06769 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): checking user %s\n",
06770 k_name);
06771 }
06772 #endif
06773 err = rsbac_um_get_uid(0, k_name, &uid);
06774 if(err)
06775 {
06776 #ifdef CONFIG_RSBAC_DEBUG
06777 if (rsbac_debug_aef_um)
06778 {
06779 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): lookup of user %s failed\n",
06780 k_name);
06781 }
06782 #endif
06783 return err;
06784 }
06785
06786 #ifndef CONFIG_RSBAC_MAINT
06787 #ifdef CONFIG_RSBAC_DEBUG
06788 if (rsbac_debug_aef)
06789 {
06790 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n");
06791 }
06792 #endif
06793 rsbac_target_id.user = uid;
06794 rsbac_attribute_value.dummy = 0;
06795 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06796 current->pid,
06797 T_USER,
06798 rsbac_target_id,
06799 A_none,
06800 rsbac_attribute_value))
06801 {
06802 return -EPERM;
06803 }
06804 #endif
06805
06806 return rsbac_um_check_account(uid);
06807 #else
06808 return (-RSBAC_EINVALIDMODULE);
06809 #endif
06810 }
06811
06812
06813
06814
06815
06816
06817 int sys_rsbac_adf_log_switch(enum rsbac_adf_request_t request,
06818 enum rsbac_target_t target,
06819 u_int value)
06820 {
06821 union rsbac_target_id_t rsbac_target_id;
06822 union rsbac_attribute_value_t rsbac_attribute_value;
06823
06824 if ((value != LL_none) && (value != LL_denied) && (value != LL_full))
06825 return (-RSBAC_EINVALIDVALUE);
06826 if(request >= R_NONE)
06827 return(-RSBAC_EINVALIDREQUEST);
06828 if( (target == T_FD)
06829 || (target > T_NONE)
06830 )
06831 return(-RSBAC_EINVALIDTARGET);
06832
06833 #ifdef CONFIG_RSBAC_FREEZE
06834 if(rsbac_freeze)
06835 {
06836 rsbac_printk(KERN_WARNING
06837 "sys_rsbac_adf_log_switch(): RSBAC configuration frozen, no administration allowed!\n");
06838 return -EPERM;
06839 }
06840 #endif
06841
06842
06843 #ifdef CONFIG_RSBAC_DEBUG
06844 if (rsbac_debug_aef)
06845 rsbac_printk(KERN_DEBUG "sys_rsbac_adf_log_switch(): calling ADF\n");
06846 #endif
06847 rsbac_target_id.dummy = 0;
06848 rsbac_attribute_value.request = target;
06849 if (!rsbac_adf_request(R_SWITCH_LOG,
06850 current->pid,
06851 T_NONE,
06852 rsbac_target_id,
06853 A_request,
06854 rsbac_attribute_value))
06855 {
06856 return -EPERM;
06857 }
06858 #ifdef CONFIG_RSBAC_DEBUG
06859 if (rsbac_debug_aef)
06860 {
06861 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06862 if(request_name)
06863 {
06864 get_request_name(request_name,target);
06865 rsbac_printk(KERN_INFO "sys_rsbac_adf_log_switch(): switching RSBAC module logging for request %s (No. %i) to %i!\n",
06866 request_name, target, value);
06867 rsbac_kfree(request_name);
06868 }
06869 }
06870 #endif
06871 rsbac_adf_log_switch(request,target,value);
06872 return(0);
06873 }
06874
06875 int sys_rsbac_get_adf_log(enum rsbac_adf_request_t request,
06876 enum rsbac_target_t target,
06877 u_int * value_p)
06878 {
06879 union rsbac_target_id_t rsbac_target_id;
06880 union rsbac_attribute_value_t rsbac_attribute_value;
06881 u_int k_value;
06882 int err;
06883
06884 if(request >= R_NONE)
06885 return(-RSBAC_EINVALIDREQUEST);
06886 if( (target == T_FD)
06887 || (target > T_NONE)
06888 )
06889 return(-RSBAC_EINVALIDTARGET);
06890 if(!value_p)
06891 return(-RSBAC_EINVALIDPOINTER);
06892
06893 #ifdef CONFIG_RSBAC_DEBUG
06894 if (rsbac_debug_aef)
06895 rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): calling ADF\n");
06896 #endif
06897 rsbac_target_id.scd = ST_rsbac;
06898 rsbac_attribute_value.request = request;
06899 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06900 current->pid,
06901 T_SCD,
06902 rsbac_target_id,
06903 A_request,
06904 rsbac_attribute_value))
06905 {
06906 return -EPERM;
06907 }
06908 #ifdef CONFIG_RSBAC_DEBUG
06909 if (rsbac_debug_aef)
06910 {
06911 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06912 if(request_name)
06913 {
06914 get_request_name(request_name,target);
06915 rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): getting RSBAC module logging for request %s (No. %i)!\n",
06916 request_name, target);
06917 rsbac_kfree(request_name);
06918 }
06919 }
06920 #endif
06921 err = rsbac_get_adf_log(request, target, &k_value);
06922 if(!err)
06923 {
06924 rsbac_put_user((u_char *) &k_value,
06925 (u_char *) value_p,
06926 sizeof(k_value) );
06927 }
06928 return(err);
06929 }
06930
06931
06932
06933
06934
06935
06936
06937
06938
06939
06940
06941 int sys_rsbac_log(int type,
06942 char * buf,
06943 int len)
06944 {
06945 #if defined(CONFIG_RSBAC_RMSG)
06946
06947 return(rsbac_log(type,buf,len));
06948 #else
06949 return(0);
06950 #endif
06951 }
06952
06953 #if defined(CONFIG_RSBAC_INIT_DELAY)
06954 int sys_rsbac_init(char * path)
06955 {
06956 struct dentry * t_dentry = NULL;
06957 rsbac_boolean_t need_put = FALSE;
06958 int err = 0;
06959
06960 struct nameidata nd;
06961
06962 if(!path)
06963 return rsbac_init(ROOT_DEV);
06964
06965 if ((err = user_path_walk_link(path, &nd)))
06966 {
06967 goto out;
06968 }
06969 t_dentry = nd.dentry;
06970 need_put = TRUE;
06971 if (!t_dentry->d_inode)
06972 {
06973 err = -RSBAC_EINVALIDTARGET;
06974 goto out_dput;
06975 }
06976
06977 if(!S_ISBLK(t_dentry->d_inode->i_mode))
06978 {
06979 err = -RSBAC_EINVALIDTARGET;
06980 goto out_dput;
06981 }
06982 err = rsbac_init(t_dentry->d_sb->s_dev);
06983
06984 out_dput:
06985 if(need_put)
06986 path_release(&nd);
06987 out:
06988 return(err);
06989 }
06990 #endif
06991
06992 #ifdef CONFIG_RSBAC_LIST_TRANS
06993 int sys_rsbac_list_ta_begin(
06994 rsbac_time_t ttl,
06995 rsbac_list_ta_number_t * ta_number_p,
06996 rsbac_uid_t commit_uid,
06997 char * password)
06998 {
06999 int err;
07000 rsbac_list_ta_number_t k_ta_number;
07001 char * k_password = NULL;
07002
07003 if(password)
07004 {
07005 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
07006 if(!k_password)
07007 return -ENOMEM;
07008 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
07009 if(err)
07010 {
07011 rsbac_kfree(k_password);
07012 return err;
07013 }
07014 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
07015 }
07016 err = rsbac_list_ta_begin(ttl, &k_ta_number, commit_uid, k_password);
07017 if(!err)
07018 err = rsbac_put_user((u_char *) &k_ta_number,
07019 (u_char *) ta_number_p,
07020 sizeof(k_ta_number) );
07021 if(k_password)
07022 rsbac_kfree(k_password);
07023 return err;
07024 }
07025
07026 int sys_rsbac_list_ta_refresh(
07027 rsbac_time_t ttl,
07028 rsbac_list_ta_number_t ta_number,
07029 char * password)
07030 {
07031 int err;
07032 char * k_password;
07033
07034 if(password)
07035 {
07036 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
07037 if(!k_password)
07038 return -ENOMEM;
07039 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
07040 if(err)
07041 {
07042 rsbac_kfree(k_password);
07043 return err;
07044 }
07045 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
07046 }
07047 else
07048 k_password = NULL;
07049 err = rsbac_list_ta_refresh(ttl, ta_number, k_password);
07050 if(k_password)
07051 rsbac_kfree(k_password);
07052 return err;
07053 }
07054
07055 int sys_rsbac_list_ta_commit(
07056 rsbac_list_ta_number_t ta_number,
07057 char * password)
07058 {
07059 int err;
07060 char * k_password;
07061
07062 if(password)
07063 {
07064 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
07065 if(!k_password)
07066 return -ENOMEM;
07067 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
07068 if(err)
07069 {
07070 rsbac_kfree(k_password);
07071 return err;
07072 }
07073 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
07074 }
07075 else
07076 k_password = NULL;
07077 err = rsbac_list_ta_commit(ta_number, k_password);
07078 if(k_password)
07079 rsbac_kfree(k_password);
07080 return err;
07081 }
07082
07083 int sys_rsbac_list_ta_forget(
07084 rsbac_list_ta_number_t ta_number,
07085 char * password)
07086 {
07087 int err;
07088 char * k_password;
07089
07090 if(password)
07091 {
07092 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
07093 if(!k_password)
07094 return -ENOMEM;
07095 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
07096 if(err)
07097 {
07098 rsbac_kfree(k_password);
07099 return err;
07100 }
07101 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
07102 }
07103 else
07104 k_password = NULL;
07105 err = rsbac_list_ta_forget(ta_number, k_password);
07106 if(k_password)
07107 rsbac_kfree(k_password);
07108 return err;
07109 }
07110 #endif
07111
07112
07113 #ifdef rsbac_syscall4
07114 asmlinkage int sys_rsbac(int dummy,
07115 rsbac_version_t version,
07116 enum rsbac_syscall_t call,
07117 union rsbac_syscall_arg_t * arg_p)
07118 #else
07119 asmlinkage int sys_rsbac(rsbac_version_t version,
07120 enum rsbac_syscall_t call,
07121 union rsbac_syscall_arg_t * arg_p)
07122 #endif
07123 {
07124 union rsbac_syscall_arg_t k_arg;
07125 int err;
07126
07127 if ( ((version < RSBAC_VERSION_MAKE_NR(1,3,0)) || (version >= RSBAC_VERSION_MAKE_NR(1,4,0)))
07128 && (call != RSYS_version))
07129 return -RSBAC_EINVALIDVERSION;
07130
07131 if(call >= RSYS_none)
07132 return -RSBAC_EINVALIDREQUEST;
07133
07134
07135 if(arg_p)
07136 {
07137 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) );
07138 if(err)
07139 return err;
07140 }
07141 else
07142 {
07143 memset(&k_arg, 0, sizeof(k_arg));
07144 }
07145
07146 switch(call)
07147 {
07148 case RSYS_version:
07149 return RSBAC_VERSION_NR;
07150 case RSYS_stats:
07151 return sys_rsbac_stats();
07152 case RSYS_check:
07153 return sys_rsbac_check(k_arg.check.correct, k_arg.check.check_inode);
07154 case RSYS_get_attr:
07155 return sys_rsbac_get_attr(k_arg.get_attr.ta_number,
07156 k_arg.get_attr.module,
07157 k_arg.get_attr.target,
07158 k_arg.get_attr.tid,
07159 k_arg.get_attr.attr,
07160 k_arg.get_attr.value,
07161 k_arg.get_attr.inherit);
07162 case RSYS_get_attr_n:
07163 return sys_rsbac_get_attr_n(k_arg.get_attr_n.ta_number,
07164 k_arg.get_attr_n.module,
07165 k_arg.get_attr_n.target,
07166 k_arg.get_attr_n.t_name,
07167 k_arg.get_attr_n.attr,
07168 k_arg.get_attr_n.value,
07169 k_arg.get_attr_n.inherit);
07170 case RSYS_set_attr:
07171 return sys_rsbac_set_attr(k_arg.set_attr.ta_number,
07172 k_arg.set_attr.module,
07173 k_arg.set_attr.target,
07174 k_arg.set_attr.tid,
07175 k_arg.set_attr.attr,
07176 k_arg.set_attr.value);
07177 case RSYS_set_attr_n:
07178 return sys_rsbac_set_attr_n(k_arg.set_attr_n.ta_number,
07179 k_arg.set_attr_n.module,
07180 k_arg.set_attr_n.target,
07181 k_arg.set_attr_n.t_name,
07182 k_arg.set_attr_n.attr,
07183 k_arg.set_attr_n.value);
07184 case RSYS_remove_target:
07185 return sys_rsbac_remove_target(k_arg.remove_target.ta_number,
07186 k_arg.remove_target.target,
07187 k_arg.remove_target.tid);
07188 case RSYS_remove_target_n:
07189 return sys_rsbac_remove_target_n(k_arg.remove_target_n.ta_number,
07190 k_arg.remove_target_n.target,
07191 k_arg.remove_target_n.t_name);
07192 case RSYS_net_list_all_netdev:
07193 return sys_rsbac_net_list_all_netdev(k_arg.net_list_all_netdev.ta_number,
07194 k_arg.net_list_all_netdev.id_p,
07195 k_arg.net_list_all_netdev.maxnum);
07196 case RSYS_net_template:
07197 return sys_rsbac_net_template(k_arg.net_template.ta_number,
07198 k_arg.net_template.call,
07199 k_arg.net_template.id,
07200 k_arg.net_template.data_p);
07201 case RSYS_net_list_all_template:
07202 return sys_rsbac_net_list_all_template(k_arg.net_list_all_template.ta_number,
07203 k_arg.net_list_all_template.id_p,
07204 k_arg.net_list_all_template.maxnum);
07205 case RSYS_switch:
07206 return sys_rsbac_switch(k_arg.switch_module.module,
07207 k_arg.switch_module.value);
07208 case RSYS_get_switch:
07209 return sys_rsbac_get_switch(k_arg.get_switch_module.module,
07210 k_arg.get_switch_module.value_p,
07211 k_arg.get_switch_module.switchable_p);
07212 case RSYS_adf_log_switch:
07213 return sys_rsbac_adf_log_switch(k_arg.adf_log_switch.request,
07214 k_arg.adf_log_switch.target,
07215 k_arg.adf_log_switch.value);
07216 case RSYS_get_adf_log:
07217 return sys_rsbac_get_adf_log(k_arg.get_adf_log.request,
07218 k_arg.get_adf_log.target,
07219 k_arg.get_adf_log.value_p);
07220 case RSYS_write:
07221 return sys_rsbac_write();
07222 case RSYS_log:
07223 return sys_rsbac_log(k_arg.log.type,
07224 k_arg.log.buf,
07225 k_arg.log.len);
07226 case RSYS_mac_set_curr_level:
07227 return sys_rsbac_mac_set_curr_level(k_arg.mac_set_curr_level.level,
07228 k_arg.mac_set_curr_level.categories_p);
07229 case RSYS_mac_get_curr_level:
07230 return sys_rsbac_mac_get_curr_level(k_arg.mac_get_curr_level.level_p,
07231 k_arg.mac_get_curr_level.categories_p);
07232 case RSYS_mac_get_max_level:
07233 return sys_rsbac_mac_get_max_level(k_arg.mac_get_max_level.level_p,
07234 k_arg.mac_get_max_level.categories_p);
07235 case RSYS_mac_get_min_level:
07236 return sys_rsbac_mac_get_min_level(k_arg.mac_get_min_level.level_p,
07237 k_arg.mac_get_min_level.categories_p);
07238 case RSYS_mac_add_p_tru:
07239 return sys_rsbac_mac_add_p_tru(k_arg.mac_add_p_tru.ta_number,
07240 k_arg.mac_add_p_tru.pid,
07241 k_arg.mac_add_p_tru.uid,
07242 k_arg.mac_add_p_tru.ttl);
07243 case RSYS_mac_remove_p_tru:
07244 return sys_rsbac_mac_remove_p_tru(k_arg.mac_remove_p_tru.ta_number,
07245 k_arg.mac_remove_p_tru.pid,
07246 k_arg.mac_add_p_tru.uid);
07247 case RSYS_mac_add_f_tru:
07248 return sys_rsbac_mac_add_f_tru(k_arg.mac_add_f_tru.ta_number,
07249 k_arg.mac_add_f_tru.filename,
07250 k_arg.mac_add_p_tru.uid,
07251 k_arg.mac_add_f_tru.ttl);
07252 case RSYS_mac_remove_f_tru:
07253 return sys_rsbac_mac_remove_f_tru(k_arg.mac_remove_f_tru.ta_number,
07254 k_arg.mac_remove_f_tru.filename,
07255 k_arg.mac_remove_f_tru.uid);
07256 case RSYS_mac_get_f_trulist:
07257 return sys_rsbac_mac_get_f_trulist(k_arg.mac_get_f_trulist.ta_number,
07258 k_arg.mac_get_f_trulist.filename,
07259 k_arg.mac_get_f_trulist.trulist,
07260 k_arg.mac_get_f_trulist.ttllist,
07261 k_arg.mac_get_f_trulist.maxnum);
07262 case RSYS_mac_get_p_trulist:
07263 return sys_rsbac_mac_get_p_trulist(k_arg.mac_get_p_trulist.ta_number,
07264 k_arg.mac_get_p_trulist.pid,
07265 k_arg.mac_get_p_trulist.trulist,
07266 k_arg.mac_get_p_trulist.ttllist,
07267 k_arg.mac_get_p_trulist.maxnum);
07268 case RSYS_stats_pm:
07269 return sys_rsbac_stats_pm();
07270 case RSYS_pm:
07271 return sys_rsbac_pm(k_arg.pm.ta_number,
07272 k_arg.pm.function,
07273 k_arg.pm.param_p,
07274 k_arg.pm.ticket);
07275 case RSYS_pm_change_current_task:
07276 return sys_rsbac_pm_change_current_task(k_arg.pm_change_current_task.task);
07277 case RSYS_pm_create_file:
07278 return sys_rsbac_pm_create_file(k_arg.pm_create_file.filename,
07279 k_arg.pm_create_file.mode,
07280 k_arg.pm_create_file.object_class);
07281 case RSYS_daz_flush_cache:
07282 return sys_rsbac_daz_flush_cache();
07283 case RSYS_rc_copy_role:
07284 return sys_rsbac_rc_copy_role(k_arg.rc_copy_role.ta_number,
07285 k_arg.rc_copy_role.from_role,
07286 k_arg.rc_copy_role.to_role);
07287 case RSYS_rc_copy_type:
07288 return sys_rsbac_rc_copy_type(k_arg.rc_copy_type.ta_number,
07289 k_arg.rc_copy_type.target,
07290 k_arg.rc_copy_type.from_type,
07291 k_arg.rc_copy_type.to_type);
07292 case RSYS_rc_get_item:
07293 return sys_rsbac_rc_get_item(k_arg.rc_get_item.ta_number,
07294 k_arg.rc_get_item.target,
07295 k_arg.rc_get_item.tid_p,
07296 k_arg.rc_get_item.subtid_p,
07297 k_arg.rc_get_item.item,
07298 k_arg.rc_get_item.value_p,
07299 k_arg.rc_get_item.ttl_p);
07300 case RSYS_rc_set_item:
07301 return sys_rsbac_rc_set_item(k_arg.rc_set_item.ta_number,
07302 k_arg.rc_set_item.target,
07303 k_arg.rc_set_item.tid_p,
07304 k_arg.rc_set_item.subtid_p,
07305 k_arg.rc_set_item.item,
07306 k_arg.rc_set_item.value_p,
07307 k_arg.rc_set_item.ttl);
07308 case RSYS_rc_change_role:
07309 return sys_rsbac_rc_change_role(k_arg.rc_change_role.role, k_arg.rc_change_role.pass);
07310 case RSYS_rc_get_eff_rights_n:
07311 return sys_rsbac_rc_get_eff_rights_n(k_arg.rc_get_eff_rights_n.ta_number,
07312 k_arg.rc_get_eff_rights_n.target,
07313 k_arg.rc_get_eff_rights_n.t_name,
07314 k_arg.rc_get_eff_rights_n.request_vector_p,
07315 k_arg.rc_get_eff_rights_n.ttl_p);
07316 case RSYS_rc_get_list:
07317 return sys_rsbac_rc_get_list(k_arg.rc_get_list.ta_number,
07318 k_arg.rc_get_list.target,
07319 k_arg.rc_get_list.tid_p,
07320 k_arg.rc_get_list.item,
07321 k_arg.rc_get_list.maxnum,
07322 k_arg.rc_get_list.array_p,
07323 k_arg.rc_get_list.ttl_array_p);
07324 case RSYS_rc_get_current_role:
07325 return sys_rsbac_rc_get_current_role(k_arg.rc_get_current_role.role_p);
07326 case RSYS_rc_select_fd_create_type:
07327 return sys_rsbac_rc_select_fd_create_type(k_arg.rc_select_fd_create_type.type);
07328 case RSYS_auth_add_p_cap:
07329 return sys_rsbac_auth_add_p_cap(k_arg.auth_add_p_cap.ta_number,
07330 k_arg.auth_add_p_cap.pid,
07331 k_arg.auth_add_p_cap.cap_type,
07332 k_arg.auth_add_p_cap.cap_range,
07333 k_arg.auth_add_p_cap.ttl);
07334 case RSYS_auth_remove_p_cap:
07335 return sys_rsbac_auth_remove_p_cap(k_arg.auth_remove_p_cap.ta_number,
07336 k_arg.auth_remove_p_cap.pid,
07337 k_arg.auth_remove_p_cap.cap_type,
07338 k_arg.auth_remove_p_cap.cap_range);
07339 case RSYS_auth_add_f_cap:
07340 return sys_rsbac_auth_add_f_cap(k_arg.auth_add_f_cap.ta_number,
07341 k_arg.auth_add_f_cap.filename,
07342 k_arg.auth_add_f_cap.cap_type,
07343 k_arg.auth_add_f_cap.cap_range,
07344 k_arg.auth_add_f_cap.ttl);
07345 case RSYS_auth_remove_f_cap:
07346 return sys_rsbac_auth_remove_f_cap(k_arg.auth_remove_f_cap.ta_number,
07347 k_arg.auth_remove_f_cap.filename,
07348 k_arg.auth_remove_f_cap.cap_type,
07349 k_arg.auth_remove_f_cap.cap_range);
07350 case RSYS_auth_get_f_caplist:
07351 return sys_rsbac_auth_get_f_caplist(k_arg.auth_get_f_caplist.ta_number,
07352 k_arg.auth_get_f_caplist.filename,
07353 k_arg.auth_get_f_caplist.cap_type,
07354 k_arg.auth_get_f_caplist.caplist,
07355 k_arg.auth_get_f_caplist.ttllist,
07356 k_arg.auth_get_f_caplist.maxnum);
07357 case RSYS_auth_get_p_caplist:
07358 return sys_rsbac_auth_get_p_caplist(k_arg.auth_get_p_caplist.ta_number,
07359 k_arg.auth_get_p_caplist.pid,
07360 k_arg.auth_get_p_caplist.cap_type,
07361 k_arg.auth_get_p_caplist.caplist,
07362 k_arg.auth_get_p_caplist.ttllist,
07363 k_arg.auth_get_p_caplist.maxnum);
07364 case RSYS_acl:
07365 return sys_rsbac_acl(k_arg.acl.ta_number,
07366 k_arg.acl.call,
07367 k_arg.acl.arg);
07368 case RSYS_acl_n:
07369 return sys_rsbac_acl_n(k_arg.acl_n.ta_number,
07370 k_arg.acl_n.call,
07371 k_arg.acl_n.arg);
07372 case RSYS_acl_get_rights:
07373 return sys_rsbac_acl_get_rights(k_arg.acl_get_rights.ta_number,
07374 k_arg.acl_get_rights.arg,
07375 k_arg.acl_get_rights.rights_p,
07376 k_arg.acl_get_rights.effective);
07377 case RSYS_acl_get_rights_n:
07378 return sys_rsbac_acl_get_rights_n(k_arg.acl_get_rights_n.ta_number,
07379 k_arg.acl_get_rights_n.arg,
07380 k_arg.acl_get_rights_n.rights_p,
07381 k_arg.acl_get_rights_n.effective);
07382 case RSYS_acl_get_tlist:
07383 return sys_rsbac_acl_get_tlist(k_arg.acl_get_tlist.ta_number,
07384 k_arg.acl_get_tlist.target,
07385 k_arg.acl_get_tlist.tid,
07386 k_arg.acl_get_tlist.entry_array,
07387 k_arg.acl_get_tlist.ttl_array,
07388 k_arg.acl_get_tlist.maxnum);
07389 case RSYS_acl_get_tlist_n:
07390 return sys_rsbac_acl_get_tlist_n(k_arg.acl_get_tlist_n.ta_number,
07391 k_arg.acl_get_tlist_n.target,
07392 k_arg.acl_get_tlist_n.t_name,
07393 k_arg.acl_get_tlist_n.entry_array,
07394 k_arg.acl_get_tlist_n.ttl_array,
07395 k_arg.acl_get_tlist_n.maxnum);
07396 case RSYS_acl_get_mask:
07397 return sys_rsbac_acl_get_mask(k_arg.acl_get_mask.ta_number,
07398 k_arg.acl_get_mask.target,
07399 k_arg.acl_get_mask.tid,
07400 k_arg.acl_get_mask.mask_p);
07401 case RSYS_acl_get_mask_n:
07402 return sys_rsbac_acl_get_mask_n(k_arg.acl_get_mask_n.ta_number,
07403 k_arg.acl_get_mask_n.target,
07404 k_arg.acl_get_mask_n.t_name,
07405 k_arg.acl_get_mask_n.mask_p);
07406 case RSYS_acl_group:
07407 return sys_rsbac_acl_group(k_arg.acl_group.ta_number,
07408 k_arg.acl_group.call,
07409 k_arg.acl_group.arg_p);
07410 case RSYS_acl_list_all_dev:
07411 return sys_rsbac_acl_list_all_dev(k_arg.acl_list_all_dev.ta_number,
07412 k_arg.acl_list_all_dev.id_p,
07413 k_arg.acl_list_all_dev.maxnum);
07414 case RSYS_acl_list_all_user:
07415 return sys_rsbac_acl_list_all_user(k_arg.acl_list_all_user.ta_number,
07416 k_arg.acl_list_all_user.id_p,
07417 k_arg.acl_list_all_user.maxnum);
07418 case RSYS_acl_list_all_group:
07419 return sys_rsbac_acl_list_all_group(k_arg.acl_list_all_group.ta_number,
07420 k_arg.acl_list_all_group.id_p,
07421 k_arg.acl_list_all_group.maxnum);
07422
07423 case RSYS_reg:
07424 return sys_rsbac_reg(k_arg.reg.handle,
07425 k_arg.reg.arg);
07426 case RSYS_jail:
07427 #ifdef CONFIG_RSBAC_JAIL
07428 return rsbac_jail_sys_jail(k_arg.jail.version,
07429 k_arg.jail.path,
07430 k_arg.jail.ip,
07431 k_arg.jail.flags,
07432 k_arg.jail.max_caps,
07433 k_arg.jail.scd_get,
07434 k_arg.jail.scd_modify);
07435 #else
07436 return -RSBAC_EINVALIDMODULE;
07437 #endif
07438
07439 #if defined(CONFIG_RSBAC_INIT_DELAY)
07440 case RSYS_init:
07441 return sys_rsbac_init(k_arg.init.root_dev);
07442 #endif
07443
07444 case RSYS_um_auth_name:
07445 return sys_rsbac_um_auth_name(k_arg.um_auth_name.name,
07446 k_arg.um_auth_name.pass);
07447 case RSYS_um_auth_uid:
07448 return sys_rsbac_um_auth_uid(k_arg.um_auth_uid.uid,
07449 k_arg.um_auth_uid.pass);
07450 case RSYS_um_add_user:
07451 return sys_rsbac_um_add_user(k_arg.um_add_user.ta_number,
07452 k_arg.um_add_user.uid,
07453 k_arg.um_add_user.entry_p,
07454 k_arg.um_add_user.pass,
07455 k_arg.um_add_user.ttl);
07456 case RSYS_um_add_group:
07457 return sys_rsbac_um_add_group(k_arg.um_add_group.ta_number,
07458 k_arg.um_add_group.gid,
07459 k_arg.um_add_group.entry_p,
07460 k_arg.um_add_group.pass,
07461 k_arg.um_add_group.ttl);
07462 case RSYS_um_add_gm:
07463 return sys_rsbac_um_add_gm(k_arg.um_add_gm.ta_number,
07464 k_arg.um_add_gm.uid,
07465 k_arg.um_add_gm.gid,
07466 k_arg.um_add_gm.ttl);
07467 case RSYS_um_mod_user:
07468 return sys_rsbac_um_mod_user(k_arg.um_mod_user.ta_number,
07469 k_arg.um_mod_user.uid,
07470 k_arg.um_mod_user.mod,
07471 k_arg.um_mod_user.data_p);
07472 case RSYS_um_mod_group:
07473 return sys_rsbac_um_mod_group(k_arg.um_mod_group.ta_number,
07474 k_arg.um_mod_group.gid,
07475 k_arg.um_mod_group.mod,
07476 k_arg.um_mod_group.data_p);
07477 case RSYS_um_get_user_item:
07478 return sys_rsbac_um_get_user_item(k_arg.um_get_user_item.ta_number,
07479 k_arg.um_get_user_item.uid,
07480 k_arg.um_get_user_item.mod,
07481 k_arg.um_get_user_item.data_p);
07482 case RSYS_um_get_group_item:
07483 return sys_rsbac_um_get_group_item(k_arg.um_get_group_item.ta_number,
07484 k_arg.um_get_group_item.gid,
07485 k_arg.um_get_group_item.mod,
07486 k_arg.um_get_group_item.data_p);
07487 case RSYS_um_remove_user:
07488 return sys_rsbac_um_remove_user(k_arg.um_remove_user.ta_number,
07489 k_arg.um_remove_user.uid);
07490 case RSYS_um_remove_group:
07491 return sys_rsbac_um_remove_group(k_arg.um_remove_group.ta_number,
07492 k_arg.um_remove_group.gid);
07493 case RSYS_um_remove_gm:
07494 return sys_rsbac_um_remove_gm(k_arg.um_remove_gm.ta_number,
07495 k_arg.um_remove_gm.uid,
07496 k_arg.um_remove_gm.gid);
07497 case RSYS_um_user_exists:
07498 return sys_rsbac_um_user_exists(k_arg.um_user_exists.ta_number,
07499 k_arg.um_user_exists.uid);
07500 case RSYS_um_get_next_user:
07501 return sys_rsbac_um_get_next_user(k_arg.um_get_next_user.ta_number,
07502 k_arg.um_get_next_user.old_user,
07503 k_arg.um_get_next_user.next_user_p);
07504 case RSYS_um_get_user_list:
07505 return sys_rsbac_um_get_user_list(k_arg.um_get_user_list.ta_number,
07506 k_arg.um_get_user_list.user_array,
07507 k_arg.um_get_user_list.maxnum);
07508 case RSYS_um_group_exists:
07509 return sys_rsbac_um_group_exists(k_arg.um_group_exists.ta_number,
07510 k_arg.um_group_exists.gid);
07511 case RSYS_um_get_gm_list:
07512 return sys_rsbac_um_get_gm_list(k_arg.um_get_gm_list.ta_number,
07513 k_arg.um_get_gm_list.user,
07514 k_arg.um_get_gm_list.group_array,
07515 k_arg.um_get_gm_list.maxnum);
07516 case RSYS_um_get_gm_user_list:
07517 return sys_rsbac_um_get_gm_user_list(k_arg.um_get_gm_user_list.ta_number,
07518 k_arg.um_get_gm_user_list.group,
07519 k_arg.um_get_gm_user_list.user_array,
07520 k_arg.um_get_gm_user_list.maxnum);
07521 case RSYS_um_get_group_list:
07522 return sys_rsbac_um_get_group_list(k_arg.um_get_group_list.ta_number,
07523 k_arg.um_get_group_list.group_array,
07524 k_arg.um_get_group_list.maxnum);
07525 case RSYS_um_get_uid:
07526 return sys_rsbac_um_get_uid(k_arg.um_get_uid.ta_number,
07527 k_arg.um_get_uid.name,
07528 k_arg.um_get_uid.uid_p);
07529 case RSYS_um_get_gid:
07530 return sys_rsbac_um_get_gid(k_arg.um_get_gid.ta_number,
07531 k_arg.um_get_gid.name,
07532 k_arg.um_get_gid.gid_p);
07533 case RSYS_um_set_pass:
07534 return sys_rsbac_um_set_pass(k_arg.um_set_pass.uid,
07535 k_arg.um_set_pass.old_pass,
07536 k_arg.um_set_pass.new_pass);
07537 case RSYS_um_set_pass_name:
07538 return sys_rsbac_um_set_pass_name(k_arg.um_set_pass_name.name,
07539 k_arg.um_set_pass_name.old_pass,
07540 k_arg.um_set_pass_name.new_pass);
07541 case RSYS_um_set_group_pass:
07542 return sys_rsbac_um_set_group_pass(k_arg.um_set_group_pass.gid,
07543 k_arg.um_set_group_pass.new_pass);
07544 case RSYS_um_check_account:
07545 return sys_rsbac_um_check_account(k_arg.um_check_account.uid);
07546 case RSYS_um_check_account_name:
07547 return sys_rsbac_um_check_account_name(k_arg.um_check_account_name.name);
07548
07549 #ifdef CONFIG_RSBAC_LIST_TRANS
07550 case RSYS_list_ta_begin:
07551 return sys_rsbac_list_ta_begin(k_arg.list_ta_begin.ttl,
07552 k_arg.list_ta_begin.ta_number_p,
07553 k_arg.list_ta_begin.commit_uid,
07554 k_arg.list_ta_begin.password);
07555 case RSYS_list_ta_refresh:
07556 return sys_rsbac_list_ta_refresh(k_arg.list_ta_refresh.ttl,
07557 k_arg.list_ta_refresh.ta_number,
07558 k_arg.list_ta_refresh.password);
07559 case RSYS_list_ta_commit:
07560 return sys_rsbac_list_ta_commit(k_arg.list_ta_commit.ta_number,
07561 k_arg.list_ta_commit.password);
07562 case RSYS_list_ta_forget:
07563 return sys_rsbac_list_ta_forget(k_arg.list_ta_forget.ta_number,
07564 k_arg.list_ta_forget.password);
07565 #endif
07566
07567 case RSYS_list_all_dev:
07568 return sys_rsbac_list_all_dev(k_arg.list_all_dev.ta_number,
07569 k_arg.list_all_dev.id_p,
07570 k_arg.list_all_dev.maxnum);
07571 case RSYS_list_all_user:
07572 return sys_rsbac_list_all_user(k_arg.list_all_user.ta_number,
07573 k_arg.list_all_user.id_p,
07574 k_arg.list_all_user.maxnum);
07575 case RSYS_list_all_group:
07576 return sys_rsbac_list_all_group(k_arg.list_all_group.ta_number,
07577 k_arg.list_all_group.id_p,
07578 k_arg.list_all_group.maxnum);
07579 case RSYS_list_all_ipc:
07580 return sys_rsbac_list_all_ipc(k_arg.list_all_ipc.
07581 ta_number,
07582 k_arg.list_all_ipc.id_p,
07583 k_arg.list_all_ipc.maxnum);
07584
07585 default:
07586 return -RSBAC_EINVALIDREQUEST;
07587 }
07588 }
07589
07590
07591