/linux-2.6.21.1-rsbac-1.3.4/include/rsbac/syscalls.h File Reference

#include <linux/unistd.h>
#include <rsbac/types.h>
#include <rsbac/getname.h>
#include <rsbac/helpers.h>
#include <rsbac/error.h>

Go to the source code of this file.

Data Structures

struct  rsys_check_t
struct  rsys_get_attr_t
struct  rsys_get_attr_n_t
struct  rsys_set_attr_t
struct  rsys_set_attr_n_t
struct  rsys_remove_target_t
struct  rsys_remove_target_n_t
struct  rsys_net_list_all_netdev_t
struct  rsys_net_template_t
struct  rsys_net_list_all_template_t
struct  rsys_switch_t
struct  rsys_get_switch_t
struct  rsys_adf_log_switch_t
struct  rsys_get_adf_log_t
struct  rsys_log_t
struct  rsys_mac_set_curr_level_t
struct  rsys_mac_get_curr_level_t
struct  rsys_mac_get_max_level_t
struct  rsys_mac_get_min_level_t
struct  rsys_mac_add_p_tru_t
struct  rsys_mac_remove_p_tru_t
struct  rsys_mac_add_f_tru_t
struct  rsys_mac_remove_f_tru_t
struct  rsys_mac_get_f_trulist_t
struct  rsys_mac_get_p_trulist_t
struct  rsys_pm_t
struct  rsys_pm_change_current_task_t
struct  rsys_pm_create_file_t
struct  rsys_rc_copy_role_t
struct  rsys_rc_copy_type_t
struct  rsys_rc_get_item_t
struct  rsys_rc_set_item_t
struct  rsys_rc_get_list_t
struct  rsys_rc_change_role_t
struct  rsys_rc_get_eff_rights_n_t
struct  rsys_rc_get_current_role_t
struct  rsys_auth_add_p_cap_t
struct  rsys_auth_remove_p_cap_t
struct  rsys_auth_add_f_cap_t
struct  rsys_auth_remove_f_cap_t
struct  rsys_auth_get_f_caplist_t
struct  rsys_auth_get_p_caplist_t
struct  rsys_acl_t
struct  rsys_acl_n_t
struct  rsys_acl_get_rights_t
struct  rsys_acl_get_rights_n_t
struct  rsys_acl_get_tlist_t
struct  rsys_acl_get_tlist_n_t
struct  rsys_acl_get_mask_t
struct  rsys_acl_get_mask_n_t
struct  rsys_acl_group_t
struct  rsys_reg_t
struct  rsys_jail_t
struct  rsys_init_t
struct  rsys_um_auth_name_t
struct  rsys_um_auth_uid_t
struct  rsys_um_add_user_t
struct  rsys_um_add_group_t
struct  rsys_um_add_gm_t
struct  rsys_um_mod_user_t
struct  rsys_um_mod_group_t
struct  rsys_um_get_user_item_t
struct  rsys_um_get_group_item_t
struct  rsys_um_remove_user_t
struct  rsys_um_remove_group_t
struct  rsys_um_remove_gm_t
struct  rsys_um_user_exists_t
struct  rsys_um_group_exists_t
struct  rsys_um_get_next_user_t
struct  rsys_um_get_user_list_t
struct  rsys_um_get_gm_list_t
struct  rsys_um_get_gm_user_list_t
struct  rsys_um_get_group_list_t
struct  rsys_um_get_uid_t
struct  rsys_um_get_gid_t
struct  rsys_um_set_pass_t
struct  rsys_um_set_pass_name_t
struct  rsys_um_set_group_pass_t
struct  rsys_um_check_account_t
struct  rsys_um_check_account_name_t
struct  rsys_list_ta_begin_t
struct  rsys_list_ta_refresh_t
struct  rsys_list_ta_commit_t
struct  rsys_list_ta_forget_t
struct  rsys_list_all_dev_t
struct  rsys_acl_list_all_dev_t
struct  rsys_list_all_user_t
struct  rsys_acl_list_all_user_t
struct  rsys_list_all_group_t
struct  rsys_acl_list_all_group_t
struct  rsys_list_all_ipc_t
struct  rsys_rc_select_fd_create_type_t
union  rsbac_syscall_arg_t

Enumerations

enum  rsbac_syscall_t {
  RSYS_version, RSYS_stats, RSYS_check, RSYS_get_attr,
  RSYS_get_attr_n, RSYS_set_attr, RSYS_set_attr_n, RSYS_remove_target,
  RSYS_remove_target_n, RSYS_net_list_all_netdev, RSYS_net_template, RSYS_net_list_all_template,
  RSYS_switch, RSYS_get_switch, RSYS_adf_log_switch, RSYS_get_adf_log,
  RSYS_write, RSYS_log, RSYS_mac_set_curr_level, RSYS_mac_get_curr_level,
  RSYS_mac_get_max_level, RSYS_mac_get_min_level, RSYS_mac_add_p_tru, RSYS_mac_remove_p_tru,
  RSYS_mac_add_f_tru, RSYS_mac_remove_f_tru, RSYS_mac_get_f_trulist, RSYS_mac_get_p_trulist,
  RSYS_stats_pm, RSYS_pm, RSYS_pm_change_current_task, RSYS_pm_create_file,
  RSYS_daz_flush_cache, RSYS_rc_copy_role, RSYS_rc_copy_type, RSYS_rc_get_item,
  RSYS_rc_set_item, RSYS_rc_change_role, RSYS_rc_get_eff_rights_n, RSYS_rc_get_list,
  RSYS_auth_add_p_cap, RSYS_auth_remove_p_cap, RSYS_auth_add_f_cap, RSYS_auth_remove_f_cap,
  RSYS_auth_get_f_caplist, RSYS_auth_get_p_caplist, RSYS_acl, RSYS_acl_n,
  RSYS_acl_get_rights, RSYS_acl_get_rights_n, RSYS_acl_get_tlist, RSYS_acl_get_tlist_n,
  RSYS_acl_get_mask, RSYS_acl_get_mask_n, RSYS_acl_group, RSYS_reg,
  RSYS_jail, RSYS_init, RSYS_rc_get_current_role, RSYS_um_auth_name,
  RSYS_um_auth_uid, RSYS_um_add_user, RSYS_um_add_group, RSYS_um_add_gm,
  RSYS_um_mod_user, RSYS_um_mod_group, RSYS_um_get_user_item, RSYS_um_get_group_item,
  RSYS_um_remove_user, RSYS_um_remove_group, RSYS_um_remove_gm, RSYS_um_user_exists,
  RSYS_um_group_exists, RSYS_um_get_next_user, RSYS_um_get_user_list, RSYS_um_get_gm_list,
  RSYS_um_get_gm_user_list, RSYS_um_get_group_list, RSYS_um_get_uid, RSYS_um_get_gid,
  RSYS_um_set_pass, RSYS_um_set_pass_name, RSYS_um_set_group_pass, RSYS_um_check_account,
  RSYS_um_check_account_name, RSYS_list_ta_begin, RSYS_list_ta_refresh, RSYS_list_ta_commit,
  RSYS_list_ta_forget, RSYS_list_all_dev, RSYS_acl_list_all_dev, RSYS_list_all_user,
  RSYS_acl_list_all_user, RSYS_list_all_group, RSYS_acl_list_all_group, RSYS_list_all_ipc,
  RSYS_rc_select_fd_create_type, RSYS_none
}

Functions

int rsbac_version (void)
int rsbac_stats (void)
int rsbac_check (int correct, int check_inode)
int rsbac_write (void)
int rsbac_get_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, int inherit)
int rsbac_get_attr_n (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, char *t_name, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value, int inherit)
int rsbac_set_attr (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, union rsbac_target_id_t *tid, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value)
int rsbac_set_attr_n (rsbac_list_ta_number_t ta_number, enum rsbac_switch_target_t module, enum rsbac_target_t target, char *t_name, enum rsbac_attribute_t attr, union rsbac_attribute_value_t *value)
int rsbac_remove_target (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t *tid)
int rsbac_remove_target_n (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, char *t_name)
int rsbac_net_list_all_netdev (rsbac_list_ta_number_t ta_number, rsbac_netdev_id_t *id_p, u_long maxnum)
int rsbac_net_template (rsbac_list_ta_number_t ta_number, enum rsbac_net_temp_syscall_t call, rsbac_net_temp_id_t id, union rsbac_net_temp_syscall_data_t *data_p)
int rsbac_net_list_all_template (rsbac_list_ta_number_t ta_number, rsbac_net_temp_id_t *id_p, u_long maxnum)
int rsbac_switch (enum rsbac_switch_target_t module, int value)
int rsbac_get_switch (enum rsbac_switch_target_t module, int *value_p, int *switchable_p)
int rsbac_mac_set_curr_level (rsbac_security_level_t level, rsbac_mac_category_vector_t *categories_p)
int rsbac_mac_get_curr_level (rsbac_security_level_t *level_p, rsbac_mac_category_vector_t *categories_p)
int rsbac_mac_get_max_level (rsbac_security_level_t *level_p, rsbac_mac_category_vector_t *categories_p)
int rsbac_mac_get_min_level (rsbac_security_level_t *level_p, rsbac_mac_category_vector_t *categories_p)
int rsbac_mac_add_p_tru (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, rsbac_uid_t uid, rsbac_time_t ttl)
int rsbac_mac_remove_p_tru (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, rsbac_uid_t uid)
int rsbac_mac_add_f_tru (rsbac_list_ta_number_t ta_number, char *filename, rsbac_uid_t uid, rsbac_time_t ttl)
int rsbac_mac_remove_f_tru (rsbac_list_ta_number_t ta_number, char *filename, rsbac_uid_t uid)
int rsbac_mac_get_f_trulist (rsbac_list_ta_number_t ta_number, char *filename, rsbac_uid_t trulist[], rsbac_time_t ttllist[], u_int maxnum)
int rsbac_mac_get_p_trulist (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, rsbac_uid_t trulist[], rsbac_time_t ttllist[], u_int maxnum)
int rsbac_stats_pm (void)
int rsbac_pm (rsbac_list_ta_number_t ta_number, enum rsbac_pm_function_type_t function, union rsbac_pm_function_param_t *param_p, rsbac_pm_tkt_id_t ticket)
int rsbac_pm_change_current_task (rsbac_pm_task_id_t task)
int rsbac_pm_create_file (const char *filename, int mode, rsbac_pm_object_class_id_t object_class)
int rsbac_daz_flush_cache (void)
int rsbac_rc_copy_role (rsbac_list_ta_number_t ta_number, rsbac_rc_role_id_t from_role, rsbac_rc_role_id_t to_role)
int rsbac_rc_copy_type (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, rsbac_rc_type_id_t from_type, rsbac_rc_type_id_t to_type)
int rsbac_rc_get_item (rsbac_list_ta_number_t ta_number, enum rsbac_rc_target_t target, union rsbac_rc_target_id_t *tid_p, union rsbac_rc_target_id_t *subtid_p, enum rsbac_rc_item_t item, union rsbac_rc_item_value_t *value_p, rsbac_time_t *ttl_p)
int rsbac_rc_set_item (rsbac_list_ta_number_t ta_number, enum rsbac_rc_target_t target, union rsbac_rc_target_id_t *tid_p, union rsbac_rc_target_id_t *subtid_p, enum rsbac_rc_item_t item, union rsbac_rc_item_value_t *value_p, rsbac_time_t ttl)
int rsbac_rc_get_list (rsbac_list_ta_number_t ta_number, enum rsbac_rc_target_t target, union rsbac_rc_target_id_t *tid_p, enum rsbac_rc_item_t item, u_int maxnum, __u32 *array_p, rsbac_time_t *ttl_array_p)
int rsbac_rc_change_role (rsbac_rc_role_id_t role, char *pass)
int rsbac_rc_get_eff_rights_n (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, char *t_name, rsbac_rc_request_vector_t *request_vector_p, rsbac_time_t *ttl_p)
int rsbac_rc_get_current_role (rsbac_rc_role_id_t *role_p)
int rsbac_rc_sys_select_fd_create_type (rsbac_rc_type_id_t type)
int rsbac_auth_add_p_cap (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl)
int rsbac_auth_remove_p_cap (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range)
int rsbac_auth_add_f_cap (rsbac_list_ta_number_t ta_number, char *filename, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl)
int rsbac_auth_remove_f_cap (rsbac_list_ta_number_t ta_number, char *filename, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range)
int rsbac_auth_get_f_caplist (rsbac_list_ta_number_t ta_number, char *filename, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t caplist[], rsbac_time_t ttllist[], u_int maxnum)
int rsbac_auth_get_p_caplist (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t caplist[], rsbac_time_t ttllist[], u_int maxnum)
int rsbac_reg (rsbac_reg_handle_t handle, void *arg)
int rsbac_acl (rsbac_list_ta_number_t ta_number, enum rsbac_acl_syscall_type_t call, struct rsbac_acl_syscall_arg_t *arg)
int rsbac_acl_n (rsbac_list_ta_number_t ta_number, enum rsbac_acl_syscall_type_t call, struct rsbac_acl_syscall_n_arg_t *arg)
int rsbac_acl_get_rights (rsbac_list_ta_number_t ta_number, struct rsbac_acl_syscall_arg_t *arg, rsbac_acl_rights_vector_t *rights_p, u_int effective)
int rsbac_acl_get_rights_n (rsbac_list_ta_number_t ta_number, struct rsbac_acl_syscall_n_arg_t *arg, rsbac_acl_rights_vector_t *rights_p, u_int effective)
int rsbac_acl_get_tlist (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t *tid, struct rsbac_acl_entry_t entry_array[], rsbac_time_t ttl_array[], u_int maxnum)
int rsbac_acl_get_tlist_n (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, char *t_name, struct rsbac_acl_entry_t entry_array[], rsbac_time_t ttl_array[], u_int maxnum)
int rsbac_acl_get_mask (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, union rsbac_target_id_t *tid, rsbac_acl_rights_vector_t *mask_p)
int rsbac_acl_get_mask_n (rsbac_list_ta_number_t ta_number, enum rsbac_target_t target, char *t_name, rsbac_acl_rights_vector_t *mask_p)
int rsbac_acl_group (rsbac_list_ta_number_t ta_number, enum rsbac_acl_group_syscall_type_t call, union rsbac_acl_group_syscall_arg_t *arg_p)
int rsbac_jail (rsbac_version_t version, char *path, rsbac_jail_ip_t ip, rsbac_jail_flags_t flags, rsbac_cap_vector_t max_caps, rsbac_jail_scd_vector_t scd_get, rsbac_jail_scd_vector_t scd_modify)
int rsbac_list_all_ipc (rsbac_list_ta_number_t ta_number, struct rsbac_ipc_t *id_p, u_long maxnum)
int rsbac_um_auth_name (char *name, char *pass)
int rsbac_um_auth_uid (rsbac_uid_t uid, char *pass)
int rsbac_um_add_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid, struct rsbac_um_user_entry_t *entry_p, char *pass, rsbac_time_t ttl)
int rsbac_um_add_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid, struct rsbac_um_group_entry_t *entry_p, char *pass, rsbac_time_t ttl)
int rsbac_um_add_gm (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid, rsbac_gid_t gid, rsbac_time_t ttl)
int rsbac_um_mod_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid, enum rsbac_um_mod_t mod, union rsbac_um_mod_data_t *data_p)
int rsbac_um_mod_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid, enum rsbac_um_mod_t mod, union rsbac_um_mod_data_t *data_p)
int rsbac_um_get_user_item (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid, enum rsbac_um_mod_t mod, union rsbac_um_mod_data_t *data_p)
int rsbac_um_get_group_item (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid, enum rsbac_um_mod_t mod, union rsbac_um_mod_data_t *data_p)
int rsbac_um_remove_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid)
int rsbac_um_remove_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid)
int rsbac_um_remove_gm (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid, rsbac_gid_t gid)
int rsbac_um_user_exists (rsbac_list_ta_number_t ta_number, rsbac_uid_t uid)
int rsbac_um_group_exists (rsbac_list_ta_number_t ta_number, rsbac_gid_t gid)
int rsbac_um_get_next_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t old_user, rsbac_uid_t *next_user_p)
int rsbac_um_get_user_list (rsbac_list_ta_number_t ta_number, rsbac_uid_t user_array[], u_int maxnum)
int rsbac_um_get_gm_list (rsbac_list_ta_number_t ta_number, rsbac_uid_t user, rsbac_gid_t group_array[], u_int maxnum)
int rsbac_um_get_gm_user_list (rsbac_list_ta_number_t ta_number, rsbac_gid_t group, rsbac_uid_t user_array[], u_int maxnum)
int rsbac_um_get_group_list (rsbac_list_ta_number_t ta_number, rsbac_gid_t group_array[], u_int maxnum)
int rsbac_um_get_uid (rsbac_list_ta_number_t ta_number, char *name, rsbac_uid_t *uid_p)
int rsbac_um_get_gid (rsbac_list_ta_number_t ta_number, char *name, rsbac_gid_t *gid_p)
int rsbac_um_set_pass (rsbac_uid_t uid, char *old_pass, char *new_pass)
int rsbac_um_set_pass_name (char *name, char *old_pass, char *new_pass)
int rsbac_um_set_group_pass (rsbac_gid_t gid, char *new_pass)
int rsbac_um_check_account (rsbac_uid_t uid)
int rsbac_um_check_account_name (char *name)
int rsbac_list_ta_begin (rsbac_time_t ttl, rsbac_list_ta_number_t *ta_number_p, rsbac_uid_t commit_uid, char *password)
int rsbac_list_ta_refresh (rsbac_time_t ttl, rsbac_list_ta_number_t ta_number, char *password)
int rsbac_list_ta_commit (rsbac_list_ta_number_t ta_number, char *password)
int rsbac_list_ta_forget (rsbac_list_ta_number_t ta_number, char *password)
int rsbac_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t *id_p, u_long maxnum)
int rsbac_acl_list_all_dev (rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t *id_p, u_long maxnum)
int rsbac_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t *id_p, u_long maxnum)
int rsbac_acl_list_all_user (rsbac_list_ta_number_t ta_number, rsbac_uid_t *id_p, u_long maxnum)
int rsbac_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t *id_p, u_long maxnum)
int rsbac_acl_list_all_group (rsbac_list_ta_number_t ta_number, rsbac_gid_t *id_p, u_long maxnum)
int rsbac_adf_log_switch (enum rsbac_adf_request_t request, enum rsbac_target_t target, u_int value)
int rsbac_get_adf_log (enum rsbac_adf_request_t request, enum rsbac_target_t target, u_int *value_p)
int rsbac_log (int type, char *buf, int len)
int rsbac_init (char *root_dev)


Enumeration Type Documentation

enum rsbac_syscall_t

Enumerator:
RSYS_version 
RSYS_stats 
RSYS_check 
RSYS_get_attr 
RSYS_get_attr_n 
RSYS_set_attr 
RSYS_set_attr_n 
RSYS_remove_target 
RSYS_remove_target_n 
RSYS_net_list_all_netdev 
RSYS_net_template 
RSYS_net_list_all_template 
RSYS_switch 
RSYS_get_switch 
RSYS_adf_log_switch 
RSYS_get_adf_log 
RSYS_write 
RSYS_log 
RSYS_mac_set_curr_level 
RSYS_mac_get_curr_level 
RSYS_mac_get_max_level 
RSYS_mac_get_min_level 
RSYS_mac_add_p_tru 
RSYS_mac_remove_p_tru 
RSYS_mac_add_f_tru 
RSYS_mac_remove_f_tru 
RSYS_mac_get_f_trulist 
RSYS_mac_get_p_trulist 
RSYS_stats_pm 
RSYS_pm 
RSYS_pm_change_current_task 
RSYS_pm_create_file 
RSYS_daz_flush_cache 
RSYS_rc_copy_role 
RSYS_rc_copy_type 
RSYS_rc_get_item 
RSYS_rc_set_item 
RSYS_rc_change_role 
RSYS_rc_get_eff_rights_n 
RSYS_rc_get_list 
RSYS_auth_add_p_cap 
RSYS_auth_remove_p_cap 
RSYS_auth_add_f_cap 
RSYS_auth_remove_f_cap 
RSYS_auth_get_f_caplist 
RSYS_auth_get_p_caplist 
RSYS_acl 
RSYS_acl_n 
RSYS_acl_get_rights 
RSYS_acl_get_rights_n 
RSYS_acl_get_tlist 
RSYS_acl_get_tlist_n 
RSYS_acl_get_mask 
RSYS_acl_get_mask_n 
RSYS_acl_group 
RSYS_reg 
RSYS_jail 
RSYS_init 
RSYS_rc_get_current_role 
RSYS_um_auth_name 
RSYS_um_auth_uid 
RSYS_um_add_user 
RSYS_um_add_group 
RSYS_um_add_gm 
RSYS_um_mod_user 
RSYS_um_mod_group 
RSYS_um_get_user_item 
RSYS_um_get_group_item 
RSYS_um_remove_user 
RSYS_um_remove_group 
RSYS_um_remove_gm 
RSYS_um_user_exists 
RSYS_um_group_exists 
RSYS_um_get_next_user 
RSYS_um_get_user_list 
RSYS_um_get_gm_list 
RSYS_um_get_gm_user_list 
RSYS_um_get_group_list 
RSYS_um_get_uid 
RSYS_um_get_gid 
RSYS_um_set_pass 
RSYS_um_set_pass_name 
RSYS_um_set_group_pass 
RSYS_um_check_account 
RSYS_um_check_account_name 
RSYS_list_ta_begin 
RSYS_list_ta_refresh 
RSYS_list_ta_commit 
RSYS_list_ta_forget 
RSYS_list_all_dev 
RSYS_acl_list_all_dev 
RSYS_list_all_user 
RSYS_acl_list_all_user 
RSYS_list_all_group 
RSYS_acl_list_all_group 
RSYS_list_all_ipc 
RSYS_rc_select_fd_create_type 
RSYS_none 

Definition at line 19 of file syscalls.h.

00020   {
00021     RSYS_version,
00022     RSYS_stats,
00023     RSYS_check,
00024     RSYS_get_attr,
00025     RSYS_get_attr_n,
00026     RSYS_set_attr,
00027     RSYS_set_attr_n,
00028     RSYS_remove_target,
00029     RSYS_remove_target_n,
00030     RSYS_net_list_all_netdev,
00031     RSYS_net_template,
00032     RSYS_net_list_all_template,
00033     RSYS_switch,
00034     RSYS_get_switch,
00035     RSYS_adf_log_switch,
00036     RSYS_get_adf_log,
00037     RSYS_write,
00038     RSYS_log,
00039     RSYS_mac_set_curr_level,
00040     RSYS_mac_get_curr_level,
00041     RSYS_mac_get_max_level,
00042     RSYS_mac_get_min_level,
00043     RSYS_mac_add_p_tru,
00044     RSYS_mac_remove_p_tru,
00045     RSYS_mac_add_f_tru,
00046     RSYS_mac_remove_f_tru,
00047     RSYS_mac_get_f_trulist,
00048     RSYS_mac_get_p_trulist,
00049     RSYS_stats_pm,
00050     RSYS_pm,
00051     RSYS_pm_change_current_task,
00052     RSYS_pm_create_file,
00053     RSYS_daz_flush_cache,
00054     RSYS_rc_copy_role,
00055     RSYS_rc_copy_type,
00056     RSYS_rc_get_item,
00057     RSYS_rc_set_item,
00058     RSYS_rc_change_role,
00059     RSYS_rc_get_eff_rights_n,
00060     RSYS_rc_get_list,
00061     RSYS_auth_add_p_cap,
00062     RSYS_auth_remove_p_cap,
00063     RSYS_auth_add_f_cap,
00064     RSYS_auth_remove_f_cap,
00065     RSYS_auth_get_f_caplist,
00066     RSYS_auth_get_p_caplist,
00067     RSYS_acl,
00068     RSYS_acl_n,
00069     RSYS_acl_get_rights,
00070     RSYS_acl_get_rights_n,
00071     RSYS_acl_get_tlist,
00072     RSYS_acl_get_tlist_n,
00073     RSYS_acl_get_mask,
00074     RSYS_acl_get_mask_n,
00075     RSYS_acl_group,
00076     RSYS_reg,
00077     RSYS_jail,
00078     RSYS_init,
00079     RSYS_rc_get_current_role,
00080     RSYS_um_auth_name,
00081     RSYS_um_auth_uid,
00082     RSYS_um_add_user,
00083     RSYS_um_add_group,
00084     RSYS_um_add_gm,
00085     RSYS_um_mod_user,
00086     RSYS_um_mod_group,
00087     RSYS_um_get_user_item,
00088     RSYS_um_get_group_item,
00089     RSYS_um_remove_user,
00090     RSYS_um_remove_group,
00091     RSYS_um_remove_gm,
00092     RSYS_um_user_exists,
00093     RSYS_um_group_exists,
00094     RSYS_um_get_next_user,
00095     RSYS_um_get_user_list,
00096     RSYS_um_get_gm_list,
00097     RSYS_um_get_gm_user_list,
00098     RSYS_um_get_group_list,
00099     RSYS_um_get_uid,
00100     RSYS_um_get_gid,
00101     RSYS_um_set_pass,
00102     RSYS_um_set_pass_name,
00103     RSYS_um_set_group_pass,
00104     RSYS_um_check_account,
00105     RSYS_um_check_account_name,
00106     RSYS_list_ta_begin,
00107     RSYS_list_ta_refresh,
00108     RSYS_list_ta_commit,
00109     RSYS_list_ta_forget,
00110     RSYS_list_all_dev,
00111     RSYS_acl_list_all_dev,
00112     RSYS_list_all_user,
00113     RSYS_acl_list_all_user,
00114     RSYS_list_all_group,
00115     RSYS_acl_list_all_group,
00116     RSYS_list_all_ipc,
00117     RSYS_rc_select_fd_create_type,
00118     RSYS_none
00119   };


Function Documentation

int rsbac_acl ( rsbac_list_ta_number_t  ta_number,
enum rsbac_acl_syscall_type_t  call,
struct rsbac_acl_syscall_arg_t arg 
)

int rsbac_acl_get_mask ( rsbac_list_ta_number_t  ta_number,
enum rsbac_target_t  target,
union rsbac_target_id_t tid,
rsbac_acl_rights_vector_t mask_p 
)

int rsbac_acl_get_mask_n ( rsbac_list_ta_number_t  ta_number,
enum rsbac_target_t  target,
char *  t_name,
rsbac_acl_rights_vector_t mask_p 
)

int rsbac_acl_get_rights ( rsbac_list_ta_number_t  ta_number,
struct rsbac_acl_syscall_arg_t arg,
rsbac_acl_rights_vector_t rights_p,
u_int  effective 
)

int rsbac_acl_get_rights_n ( rsbac_list_ta_number_t  ta_number,
struct rsbac_acl_syscall_n_arg_t arg,
rsbac_acl_rights_vector_t rights_p,
u_int  effective 
)

int rsbac_acl_get_tlist ( rsbac_list_ta_number_t  ta_number,
enum rsbac_target_t  target,
union rsbac_target_id_t tid,
struct rsbac_acl_entry_t  entry_array[],
rsbac_time_t  ttl_array[],
u_int  maxnum 
)

int rsbac_acl_get_tlist_n ( rsbac_list_ta_number_t  ta_number,
enum rsbac_target_t  target,
char *  t_name,
struct rsbac_acl_entry_t  entry_array[],
rsbac_time_t  ttl_array[],
u_int  maxnum 
)

int rsbac_acl_group ( rsbac_list_ta_number_t  ta_number,
enum rsbac_acl_group_syscall_type_t  call,
union rsbac_acl_group_syscall_arg_t arg_p 
)

int rsbac_acl_list_all_dev ( rsbac_list_ta_number_t  ta_number,
struct rsbac_dev_desc_t id_p,
u_long  maxnum 
)

int rsbac_acl_list_all_group ( rsbac_list_ta_number_t  ta_number,
rsbac_gid_t id_p,
u_long  maxnum 
)

int rsbac_acl_list_all_user ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t id_p,
u_long  maxnum 
)

int rsbac_acl_n ( rsbac_list_ta_number_t  ta_number,
enum rsbac_acl_syscall_type_t  call,
struct rsbac_acl_syscall_n_arg_t arg 
)

int rsbac_adf_log_switch ( enum rsbac_adf_request_t  request,
enum rsbac_target_t  target,
u_int  value 
)

int rsbac_auth_add_f_cap ( rsbac_list_ta_number_t  ta_number,
char *  filename,
enum rsbac_auth_cap_type_t  cap_type,
struct rsbac_auth_cap_range_t  cap_range,
rsbac_time_t  ttl 
)

int rsbac_auth_add_p_cap ( rsbac_list_ta_number_t  ta_number,
rsbac_pid_t  pid,
enum rsbac_auth_cap_type_t  cap_type,
struct rsbac_auth_cap_range_t  cap_range,
rsbac_time_t  ttl 
)

Definition at line 35 of file auth_syscalls.c.

References A_auth_may_set_cap, rsbac_attribute_value_t::auth_may_set_cap, FALSE, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_target_id_t::process, rsbac_auth_add_to_p_capset(), RSBAC_EREADFAILED, rsbac_get_attr, rsbac_pr_get_error, rsbac_printk(), SW_AUTH, and T_PROCESS.

Referenced by sys_rsbac_auth_add_p_cap().

00041   {
00042 /* check only in non-maint mode */
00043 #if !defined(CONFIG_RSBAC_MAINT)
00044 #ifdef CONFIG_RSBAC_SWITCH_AUTH
00045     if(rsbac_switch_auth)
00046 #endif
00047       {
00048         union rsbac_target_id_t       i_tid;
00049         union rsbac_attribute_value_t i_attr_val1;
00050 
00051         /* check auth_may_set_cap of calling process */
00052         i_tid.process = current->pid;
00053         if (rsbac_get_attr(SW_AUTH,
00054                            T_PROCESS,
00055                            i_tid,
00056                            A_auth_may_set_cap,
00057                            &i_attr_val1,
00058                            FALSE))
00059           {
00060             rsbac_pr_get_error(A_auth_may_set_cap);
00061             return -RSBAC_EREADFAILED;
00062           }
00063         /* if auth_may_set_cap is not set, then reject */
00064         if (!i_attr_val1.auth_may_set_cap)
00065           {
00066             rsbac_printk(KERN_INFO
00067                    "rsbac_auth_add_p_cap(): adding AUTH cap %u:%u to process %u denied for process %u!\n",
00068                    cap_range.first,
00069                    cap_range.last,
00070                    pid,
00071                    current->pid);
00072             #ifdef CONFIG_RSBAC_SOFTMODE
00073             if(   !rsbac_softmode
00074             #ifdef CONFIG_RSBAC_SOFTMODE_IND
00075                && !rsbac_ind_softmode[SW_AUTH]
00076             #endif
00077               )
00078             #endif
00079               return(-EPERM);
00080           }
00081       }
00082 #endif
00083 
00084     /* OK, check passed. Add the capability. */
00085     return rsbac_auth_add_to_p_capset(ta_number, pid, cap_type, cap_range, ttl);
00086   }

int rsbac_auth_get_f_caplist ( rsbac_list_ta_number_t  ta_number,
char *  filename,
enum rsbac_auth_cap_type_t  cap_type,
struct rsbac_auth_cap_range_t  caplist[],
rsbac_time_t  ttllist[],
u_int  maxnum 
)

int rsbac_auth_get_p_caplist ( rsbac_list_ta_number_t  ta_number,
rsbac_pid_t  pid,
enum rsbac_auth_cap_type_t  cap_type,
struct rsbac_auth_cap_range_t  caplist[],
rsbac_time_t  ttllist[],
u_int  maxnum 
)

int rsbac_auth_remove_f_cap ( rsbac_list_ta_number_t  ta_number,
char *  filename,
enum rsbac_auth_cap_type_t  cap_type,
struct rsbac_auth_cap_range_t  cap_range 
)

int rsbac_auth_remove_p_cap ( rsbac_list_ta_number_t  ta_number,
rsbac_pid_t  pid,
enum rsbac_auth_cap_type_t  cap_type,
struct rsbac_auth_cap_range_t  cap_range 
)

Definition at line 88 of file auth_syscalls.c.

References A_auth_may_set_cap, rsbac_attribute_value_t::auth_may_set_cap, FALSE, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_target_id_t::process, rsbac_auth_remove_from_p_capset(), RSBAC_EREADFAILED, rsbac_get_attr, rsbac_pr_get_error, rsbac_printk(), SW_AUTH, and T_PROCESS.

Referenced by sys_rsbac_auth_remove_p_cap().

00093   {
00094 /* check only in non-maint mode */
00095 #if !defined(CONFIG_RSBAC_MAINT)
00096 #ifdef CONFIG_RSBAC_SWITCH_AUTH
00097     if(rsbac_switch_auth)
00098 #endif
00099       {
00100         union rsbac_target_id_t       i_tid;
00101         union rsbac_attribute_value_t i_attr_val1;
00102 
00103         /* check auth_may_set_cap of calling process */
00104         i_tid.process = current->pid;
00105         if (rsbac_get_attr(SW_AUTH,
00106                            T_PROCESS,
00107                            i_tid,
00108                            A_auth_may_set_cap,
00109                            &i_attr_val1,
00110                            FALSE))
00111           {
00112             rsbac_pr_get_error(A_auth_may_set_cap);
00113             return -RSBAC_EREADFAILED;
00114           }
00115         /* if auth_may_set_cap is not set, then reject */
00116         if (!i_attr_val1.auth_may_set_cap)
00117           {
00118             rsbac_printk(KERN_INFO
00119                    "rsbac_auth_remove_p_cap(): removing AUTH cap %u:%u from process %u denied for process %u!\n",
00120                    cap_range.first,
00121                    cap_range.last,
00122                    pid,
00123                    current->pid);
00124             #ifdef CONFIG_RSBAC_SOFTMODE
00125             if(   !rsbac_softmode
00126             #ifdef CONFIG_RSBAC_SOFTMODE_IND
00127                && !rsbac_ind_softmode[SW_AUTH]
00128             #endif
00129               )
00130             #endif
00131               return(-EPERM);
00132           }
00133       }
00134 #endif
00135 
00136     /* OK, check passed. Try to remove the capability. */
00137     return rsbac_auth_remove_from_p_capset(ta_number, pid, cap_type, cap_range);
00138   }

int rsbac_check ( int  correct,
int  check_inode 
)

int rsbac_daz_flush_cache ( void   ) 

int rsbac_get_adf_log ( enum rsbac_adf_request_t  request,
enum rsbac_target_t  target,
u_int *  value_p 
)

int rsbac_get_attr ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t tid,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value,
int  inherit 
)

int rsbac_get_attr_n ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
char *  t_name,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value,
int  inherit 
)

int rsbac_get_switch ( enum rsbac_switch_target_t  module,
int *  value_p,
int *  switchable_p 
)

int rsbac_init ( char *  root_dev  ) 

int rsbac_jail ( rsbac_version_t  version,
char *  path,
rsbac_jail_ip_t  ip,
rsbac_jail_flags_t  flags,
rsbac_cap_vector_t  max_caps,
rsbac_jail_scd_vector_t  scd_get,
rsbac_jail_scd_vector_t  scd_modify 
)

int rsbac_list_all_dev ( rsbac_list_ta_number_t  ta_number,
struct rsbac_dev_desc_t id_p,
u_long  maxnum 
)

int rsbac_list_all_group ( rsbac_list_ta_number_t  ta_number,
rsbac_gid_t id_p,
u_long  maxnum 
)

int rsbac_list_all_ipc ( rsbac_list_ta_number_t  ta_number,
struct rsbac_ipc_t id_p,
u_long  maxnum 
)

int rsbac_list_all_user ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t id_p,
u_long  maxnum 
)

int rsbac_list_ta_begin ( rsbac_time_t  ttl,
rsbac_list_ta_number_t ta_number_p,
rsbac_uid_t  commit_uid,
char *  password 
)

int rsbac_list_ta_commit ( rsbac_list_ta_number_t  ta_number,
char *  password 
)

int rsbac_list_ta_forget ( rsbac_list_ta_number_t  ta_number,
char *  password 
)

int rsbac_list_ta_refresh ( rsbac_time_t  ttl,
rsbac_list_ta_number_t  ta_number,
char *  password 
)

int rsbac_log ( int  type,
char *  buf,
int  len 
)

Referenced by sys_rsbac_log().

int rsbac_mac_add_f_tru ( rsbac_list_ta_number_t  ta_number,
char *  filename,
rsbac_uid_t  uid,
rsbac_time_t  ttl 
)

int rsbac_mac_add_p_tru ( rsbac_list_ta_number_t  ta_number,
rsbac_pid_t  pid,
rsbac_uid_t  uid,
rsbac_time_t  ttl 
)

Definition at line 558 of file mac_syscalls.c.

References mac_sys_check_role(), RSBAC_EWRITEFAILED, rsbac_mac_add_to_p_truset(), rsbac_printk(), SR_security_officer, and SW_MAC.

Referenced by sys_rsbac_mac_add_p_tru().

00563   {
00564 /* check only in non-maint mode */
00565 #if !defined(CONFIG_RSBAC_MAINT)
00566 #ifdef CONFIG_RSBAC_SWITCH_MAC
00567     if(rsbac_switch_mac)
00568 #endif
00569       {
00570         if(mac_sys_check_role(SR_security_officer))
00571           {
00572             rsbac_printk(KERN_INFO
00573                    "rsbac_mac_add_p_tru(): adding MAC trusted user %u to process %u denied for process %u!\n",
00574                    uid,
00575                    pid,
00576                    current->pid);
00577             #ifdef CONFIG_RSBAC_SOFTMODE
00578             if(   !rsbac_softmode
00579             #ifdef CONFIG_RSBAC_SOFTMODE_IND
00580                && !rsbac_ind_softmode[SW_MAC]
00581             #endif
00582               )
00583             #endif
00584               return(-EPERM);
00585           }
00586       }
00587 #endif
00588 
00589     /* OK, check passed. Add the truability. */
00590     if(rsbac_mac_add_to_p_truset(ta_number, pid, uid, ttl))
00591       {
00592         rsbac_printk(KERN_WARNING
00593                "rsbac_mac_add_p_tru(): rsbac_mac_add_to_p_truset() returned error!\n");
00594         return(-RSBAC_EWRITEFAILED);
00595       }
00596     return 0;
00597   }

int rsbac_mac_get_curr_level ( rsbac_security_level_t level_p,
rsbac_mac_category_vector_t categories_p 
)

Definition at line 443 of file mac_syscalls.c.

References A_current_sec_level, A_mac_curr_categories, A_none, rsbac_attribute_value_t::current_sec_level, FALSE, rsbac_attribute_value_t::mac_categories, rsbac_target_id_t::process, RSBAC_EREADFAILED, rsbac_get_attr, SW_MAC, and T_PROCESS.

Referenced by sys_rsbac_mac_get_curr_level().

00445   {
00446     union rsbac_target_id_t       tid;
00447     union rsbac_attribute_value_t attr_val;
00448 
00449     tid.process = current->pid;
00450     if(level_p)
00451       {
00452         if (rsbac_get_attr(SW_MAC,
00453                            T_PROCESS,
00454                            tid,
00455                            A_current_sec_level,
00456                            &attr_val,
00457                            FALSE))
00458           { /* failed! */
00459             rsbac_ds_get_error("rsbac_mac_get_curr_level", A_none);
00460             return(-RSBAC_EREADFAILED);
00461           }
00462         *level_p = attr_val.current_sec_level;
00463       }
00464     if(categories_p)
00465       {
00466         if (rsbac_get_attr(SW_MAC,
00467                            T_PROCESS,
00468                            tid,
00469                            A_mac_curr_categories,
00470                            &attr_val,
00471                            FALSE))
00472           { /* failed! */
00473             rsbac_ds_get_error("rsbac_mac_get_curr_level", A_none);
00474             return(-RSBAC_EREADFAILED);
00475           }
00476         *categories_p = attr_val.mac_categories;
00477       }
00478     return 0;
00479   }

int rsbac_mac_get_f_trulist ( rsbac_list_ta_number_t  ta_number,
char *  filename,
rsbac_uid_t  trulist[],
rsbac_time_t  ttllist[],
u_int  maxnum 
)

int rsbac_mac_get_max_level ( rsbac_security_level_t level_p,
rsbac_mac_category_vector_t categories_p 
)

Definition at line 481 of file mac_syscalls.c.

References A_mac_categories, A_none, A_security_level, FALSE, rsbac_attribute_value_t::mac_categories, rsbac_target_id_t::process, RSBAC_EREADFAILED, rsbac_get_attr, rsbac_attribute_value_t::security_level, SW_MAC, and T_PROCESS.

Referenced by sys_rsbac_mac_get_max_level().

00483   {
00484     union rsbac_target_id_t       tid;
00485     union rsbac_attribute_value_t attr_val;
00486 
00487     tid.process = current->pid;
00488     if(level_p)
00489       {
00490         if (rsbac_get_attr(SW_MAC,
00491                            T_PROCESS,
00492                            tid,
00493                            A_security_level,
00494                            &attr_val,
00495                            FALSE))
00496           { /* failed! */
00497             rsbac_ds_get_error("rsbac_mac_get_max_level", A_none);
00498             return(-RSBAC_EREADFAILED);
00499           }
00500         *level_p = attr_val.security_level;
00501       }
00502     if(categories_p)
00503       {
00504         if (rsbac_get_attr(SW_MAC,
00505                            T_PROCESS,
00506                            tid,
00507                            A_mac_categories,
00508                            &attr_val,
00509                            FALSE))
00510           { /* failed! */
00511             rsbac_ds_get_error("rsbac_mac_get_max_level", A_none);
00512             return(-RSBAC_EREADFAILED);
00513           }
00514         *categories_p = attr_val.mac_categories;
00515       }
00516     return 0;
00517   }

int rsbac_mac_get_min_level ( rsbac_security_level_t level_p,
rsbac_mac_category_vector_t categories_p 
)

Definition at line 520 of file mac_syscalls.c.

References A_mac_min_categories, A_min_security_level, A_none, FALSE, rsbac_attribute_value_t::mac_categories, rsbac_target_id_t::process, RSBAC_EREADFAILED, rsbac_get_attr, rsbac_attribute_value_t::security_level, SW_MAC, and T_PROCESS.

Referenced by sys_rsbac_mac_get_min_level().

00522   {
00523     union rsbac_target_id_t       tid;
00524     union rsbac_attribute_value_t attr_val;
00525 
00526     tid.process = current->pid;
00527     if(level_p)
00528       {
00529         if (rsbac_get_attr(SW_MAC,
00530                            T_PROCESS,
00531                            tid,
00532                            A_min_security_level,
00533                            &attr_val,
00534                            FALSE))
00535           { /* failed! */
00536             rsbac_ds_get_error("rsbac_mac_get_min_level", A_none);
00537             return(-RSBAC_EREADFAILED);
00538           }
00539         *level_p = attr_val.security_level;
00540       }
00541     if(categories_p)
00542       {
00543         if (rsbac_get_attr(SW_MAC,
00544                            T_PROCESS,
00545                            tid,
00546                            A_mac_min_categories,
00547                            &attr_val,
00548                            FALSE))
00549           { /* failed! */
00550             rsbac_ds_get_error("rsbac_mac_get_min_level", A_none);
00551             return(-RSBAC_EREADFAILED);
00552           }
00553         *categories_p = attr_val.mac_categories;
00554       }
00555     return 0;
00556   }

int rsbac_mac_get_p_trulist ( rsbac_list_ta_number_t  ta_number,
rsbac_pid_t  pid,
rsbac_uid_t  trulist[],
rsbac_time_t  ttllist[],
u_int  maxnum 
)

int rsbac_mac_remove_f_tru ( rsbac_list_ta_number_t  ta_number,
char *  filename,
rsbac_uid_t  uid 
)

int rsbac_mac_remove_p_tru ( rsbac_list_ta_number_t  ta_number,
rsbac_pid_t  pid,
rsbac_uid_t  uid 
)

Definition at line 599 of file mac_syscalls.c.

References mac_sys_check_role(), rsbac_mac_remove_from_p_truset(), rsbac_printk(), SR_security_officer, and SW_MAC.

Referenced by sys_rsbac_mac_remove_p_tru().

00603   {
00604 /* check only in non-maint mode */
00605 #if !defined(CONFIG_RSBAC_MAINT)
00606 #ifdef CONFIG_RSBAC_SWITCH_MAC
00607     if(rsbac_switch_mac)
00608 #endif
00609       {
00610         if(mac_sys_check_role(SR_security_officer))
00611           {
00612             rsbac_printk(KERN_INFO
00613                    "rsbac_mac_remove_p_tru(): removing MAC trusted user %u from process %u denied for process %u!\n",
00614                    uid,
00615                    pid,
00616                    current->pid);
00617             #ifdef CONFIG_RSBAC_SOFTMODE
00618             if(   !rsbac_softmode
00619             #ifdef CONFIG_RSBAC_SOFTMODE_IND
00620                && !rsbac_ind_softmode[SW_MAC]
00621             #endif
00622               )
00623             #endif
00624               return(-EPERM);
00625           }
00626       }
00627 #endif
00628     /* OK, check passed. Try to remove the trusted user */
00629     return(rsbac_mac_remove_from_p_truset(ta_number, pid, uid));
00630   }

int rsbac_mac_set_curr_level ( rsbac_security_level_t  level,
rsbac_mac_category_vector_t categories_p 
)

int rsbac_net_list_all_netdev ( rsbac_list_ta_number_t  ta_number,
rsbac_netdev_id_t id_p,
u_long  maxnum 
)

int rsbac_net_list_all_template ( rsbac_list_ta_number_t  ta_number,
rsbac_net_temp_id_t id_p,
u_long  maxnum 
)

int rsbac_net_template ( rsbac_list_ta_number_t  ta_number,
enum rsbac_net_temp_syscall_t  call,
rsbac_net_temp_id_t  id,
union rsbac_net_temp_syscall_data_t data_p 
)

int rsbac_pm ( rsbac_list_ta_number_t  ta_number,
enum rsbac_pm_function_type_t  function,
union rsbac_pm_function_param_t param_p,
rsbac_pm_tkt_id_t  ticket 
)

int rsbac_pm_change_current_task ( rsbac_pm_task_id_t  task  ) 

Definition at line 2993 of file pm_syscalls.c.

References A_pm_current_task, A_pm_task_set, A_pm_tp, FALSE, rsbac_attribute_value_t::owner, rsbac_attribute_value_t::pm_current_task, rsbac_attribute_value_t::pm_task_set, rsbac_attribute_value_t::pm_tp, rsbac_target_id_t::process, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, RSBAC_EPERM, RSBAC_EREADFAILED, RSBAC_EWRITEFAILED, rsbac_get_attr, rsbac_is_initialized(), rsbac_pm_set_member(), rsbac_printk(), rsbac_set_attr, SW_PM, T_PROCESS, T_USER, and rsbac_target_id_t::user.

Referenced by sys_rsbac_pm_change_current_task().

02994   {
02995     union rsbac_target_id_t          tid;
02996     union rsbac_attribute_value_t    attr_val;
02997     int                              error = 0;
02998     rsbac_uid_t                      owner;
02999     union rsbac_pm_set_id_t          pm_set_id;
03000     union rsbac_pm_set_member_t      pm_set_member;
03001     
03002 /* No processing possible before init (called at boot time) */
03003     if (!rsbac_is_initialized())
03004       return(-RSBAC_ENOTINITIALIZED);
03005 
03006       if(!task)
03007         return(-RSBAC_EINVALIDVALUE);
03008 #ifdef CONFIG_RSBAC_DEBUG
03009     if (rsbac_debug_aef_pm)
03010       rsbac_printk(KERN_DEBUG
03011              "rsbac_pm_change_current_task(): called for task %i!\n",
03012              task);
03013 #endif
03014     /* getting current_tp of calling process from rsbac system */
03015     tid.process = current->pid;
03016     if((error = rsbac_get_attr(SW_PM,T_PROCESS,
03017                                tid,
03018                                A_pm_tp,
03019                                &attr_val,
03020                                FALSE)))
03021       {
03022         rsbac_printk(KERN_WARNING
03023           "rsbac_pm_change_current_task(): rsbac_get_attr() for pm_tp returned error %i",
03024           error);
03025         return(-RSBAC_EREADFAILED);  /* something weird happened */
03026       }
03027     /* changing current_task for a tp is forbidden -> error */
03028     if(attr_val.pm_tp)
03029       {
03030 #ifdef CONFIG_RSBAC_DEBUG
03031         if(rsbac_debug_adf_pm)
03032           rsbac_printk(KERN_DEBUG
03033                  "rsbac_pm_change_current_task(): tried to change current_task for tp-process\n");
03034 #endif
03035         return(-RSBAC_EPERM);
03036       }
03037       
03038     /* Getting basic information about caller */
03039     /* only useful for real process, not idle or init */
03040     if (current->pid > 1)
03041       owner = current->uid;
03042     else  /* caller_pid <= 1  -> kernel or init are always owned by root */
03043       owner = 0;
03044 
03045     /* getting owner's task_set_id (authorized tasks) from rsbac system */
03046     tid.user = owner;
03047     if((error = rsbac_get_attr(SW_PM,T_USER,
03048                                tid,
03049                                A_pm_task_set,
03050                                &attr_val,
03051                                FALSE)))
03052       {
03053         rsbac_printk(KERN_WARNING
03054           "rsbac_pm_change_current_task(): rsbac_get_attr() for pm_task_set returned error %i",
03055           error);
03056         return(-RSBAC_EREADFAILED);  /* something weird happened */
03057       }
03058     
03059     /* if there is no set of authorized tasks for owner: deny */
03060     if(!attr_val.pm_task_set)
03061       {
03062 #ifdef CONFIG_RSBAC_DEBUG
03063         if(rsbac_debug_adf_pm)
03064           rsbac_printk(KERN_DEBUG
03065                  "rsbac_pm_change_current_task(): process owner has no authorized task\n");
03066 #endif
03067         return(-RSBAC_EPERM);
03068       }
03069 
03070     /* check, whether owner is authorized for this task */
03071     pm_set_id.task_set = attr_val.pm_task_set;
03072     pm_set_member.task = task;
03073     if(!rsbac_pm_set_member(0,PS_TASK,pm_set_id,pm_set_member))
03074       {
03075 #ifdef CONFIG_RSBAC_DEBUG
03076         if(rsbac_debug_adf_pm)
03077           rsbac_printk(KERN_DEBUG
03078                  "rsbac_pm_change_current_task(): process owner is not authorized for task\n");
03079 #endif
03080         return(-RSBAC_EPERM);
03081       }
03082       
03083     /* OK, checks are passed. Change current_task for process. */    
03084     tid.process = current->pid;
03085     attr_val.pm_current_task = task;
03086     if((error = rsbac_set_attr(SW_PM,T_PROCESS,
03087                                tid,
03088                                A_pm_current_task,
03089                                attr_val)))
03090       {
03091         rsbac_printk(KERN_WARNING
03092           "rsbac_pm_change_current_task(): rsbac_set_attr() for pm_current_task returned error %i",
03093           error);
03094         return(-RSBAC_EWRITEFAILED);  /* something weird happened */
03095       }
03096     return(0);
03097   }

int rsbac_pm_create_file ( const char *  filename,
int  mode,
rsbac_pm_object_class_id_t  object_class 
)

Definition at line 3099 of file pm_syscalls.c.

References A_pm_current_task, A_pm_object_class, A_pm_tp, FALSE, rsbac_attribute_value_t::pm_current_task, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_tp, rsbac_target_id_t::process, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, RSBAC_ENOTFOUND, RSBAC_EPERM, RSBAC_EREADFAILED, rsbac_get_attr, RSBAC_PM_A_CREATE, RSBAC_PM_DEV_OBJECT_CLASS_ID, rsbac_pm_exists(), rsbac_pm_get_data(), RSBAC_PM_IPC_OBJECT_CLASS_ID, rsbac_pm_set_member(), rsbac_printk(), rsbac_set_attr, SW_PM, T_FILE, and T_PROCESS.

Referenced by sys_rsbac_pm_create_file().

03102   {
03103     union rsbac_target_id_t          tid;
03104     union rsbac_attribute_value_t    attr_val;
03105     union rsbac_attribute_value_t    attr_val2;
03106     union rsbac_pm_target_id_t       pm_tid;
03107     union rsbac_pm_data_value_t      data_val;
03108     union rsbac_pm_data_value_t      data_val2;
03109     int                              error = 0;
03110     union rsbac_pm_set_id_t          pm_set_id;
03111     union rsbac_pm_set_member_t      pm_set_member;
03112   
03113 #ifdef CONFIG_RSBAC_DEBUG
03114     if (rsbac_debug_aef_pm)
03115       rsbac_printk(KERN_DEBUG
03116              "sys_rsbac_pm_create_file(): called with class %i, mode %o!\n",
03117              object_class, mode);
03118 #endif
03119     /* do not allow IPC or DEV class */
03120     if(   (object_class == RSBAC_PM_IPC_OBJECT_CLASS_ID)
03121        || (object_class == RSBAC_PM_DEV_OBJECT_CLASS_ID))
03122       {
03123 #ifdef CONFIG_RSBAC_DEBUG
03124         if(rsbac_debug_adf_pm)
03125           rsbac_printk(KERN_DEBUG
03126                  "rsbac_pm_create_file(): Class-ID is IPC or DEV\n");
03127 #endif
03128         return(-RSBAC_EINVALIDVALUE);
03129       }
03130 
03131     /* is mode for regular file? */
03132     if(mode & ~S_IRWXUGO)
03133       {
03134 #ifdef CONFIG_RSBAC_DEBUG
03135         if(rsbac_debug_adf_pm)
03136           rsbac_printk(KERN_DEBUG
03137                  "rsbac_pm_create_file(): illegal creation mode\n");
03138 #endif
03139         return(-RSBAC_EINVALIDVALUE);
03140       }
03141 
03142     /* does class exist (NIL always exists)? */
03143     if(object_class)
03144       {
03145         pm_tid.object_class = object_class;
03146         if(!rsbac_pm_exists(0,
03147                             PMT_CLASS,
03148                             pm_tid))
03149           {
03150 #ifdef CONFIG_RSBAC_DEBUG
03151             if(rsbac_debug_adf_pm)
03152               rsbac_printk(KERN_DEBUG
03153                      "rsbac_pm_create_file(): non-existent class\n");
03154 #endif
03155             return(-RSBAC_EINVALIDVALUE);
03156           }
03157       }
03158 
03159     /* getting current_task of calling process from rsbac system */
03160     tid.process = current->pid;
03161     if((error = rsbac_get_attr(SW_PM,T_PROCESS,
03162                                tid,
03163                                A_pm_current_task,
03164                                &attr_val,
03165                                FALSE)))
03166       {
03167         rsbac_printk(KERN_WARNING
03168           "rsbac_pm_create_file(): rsbac_get_attr() for pm_current_task returned error %i",
03169           error);
03170         return(-RSBAC_EREADFAILED);  /* something weird happened */
03171       }
03172 
03173     /* getting current_tp of calling process from rsbac system */
03174     if((error = rsbac_get_attr(SW_PM,T_PROCESS,
03175                                tid,
03176                                A_pm_tp,
03177                                &attr_val2,
03178                                FALSE)))
03179       {
03180         rsbac_printk(KERN_WARNING
03181           "rsbac_pm_create_file(): rsbac_get_attr() for pm_tp returned error %i",
03182           error);
03183         return(-RSBAC_EREADFAILED);  /* something weird happened */
03184       }
03185       
03186     /* getting neccessary accesses for task, class, tp from PM-data */
03187     pm_tid.na.task = attr_val.pm_current_task;
03188     pm_tid.na.object_class = object_class;
03189     pm_tid.na.tp = attr_val2.pm_tp;
03190     if((error = rsbac_pm_get_data(0,
03191                                   PMT_NA,
03192                                   pm_tid,
03193                                   PD_accesses,
03194                                   &data_val)))
03195       {
03196         if(   (error != -RSBAC_EINVALIDTARGET)
03197            && (error != -RSBAC_ENOTFOUND)
03198           )
03199           rsbac_printk(KERN_WARNING
03200                  "rsbac_pm_create_file(): rsbac_pm_get_data() for NA/accesses returned error %i",
03201                  error);
03202 #ifdef CONFIG_RSBAC_DEBUG
03203         else if(rsbac_debug_adf_pm)
03204           rsbac_printk(KERN_DEBUG
03205                  "rsbac_pm_create_file(): NA/accesses (%i,%i,%i) not found\n",
03206                  pm_tid.na.task, object_class, pm_tid.na.tp);
03207 #endif
03208         return(-RSBAC_EPERM);  /* deny */
03209       }
03210 
03211     /* is create necessary? if not -> error */
03212     if(!(data_val.accesses & RSBAC_PM_A_CREATE))
03213       {
03214 #ifdef CONFIG_RSBAC_DEBUG
03215         if(rsbac_debug_adf_pm)
03216           rsbac_printk(KERN_DEBUG
03217                  "rsbac_pm_create_file(): create is not necessary\n");
03218 #endif
03219         return(-RSBAC_EPERM);
03220       }
03221 
03222     /* get purpose for current_task */     
03223     pm_tid.task = attr_val.pm_current_task;
03224     if((error = rsbac_pm_get_data(0,
03225                                   PMT_TASK,
03226                                   pm_tid,
03227                                   PD_purpose,
03228                                   &data_val)))
03229       {
03230         if(   (error != -RSBAC_EINVALIDTARGET)
03231            && (error != -RSBAC_ENOTFOUND)
03232           )
03233           rsbac_printk(KERN_WARNING
03234                  "rsbac_pm_create_file(): rsbac_get_data() for TASK/purpose returned error %i",
03235                  error);
03236         return(-RSBAC_EPERM);  /* deny */
03237       }
03238 
03239     /* further checks only, if there is a purpose defined */
03240     if(data_val.purpose)
03241       {
03242         /* get purpose_set_id for class */     
03243         pm_tid.object_class = object_class;
03244         if((error = rsbac_pm_get_data(0,
03245                                       PMT_CLASS,
03246                                       pm_tid,
03247                                       PD_pp_set,
03248                                       &data_val2)))
03249           {
03250             if(   (error == -RSBAC_EINVALIDTARGET)
03251                || (error == -RSBAC_ENOTFOUND)
03252               )
03253               {
03254 #ifdef CONFIG_RSBAC_DEBUG
03255                 if(rsbac_debug_adf_pm)
03256                   rsbac_printk(KERN_DEBUG
03257                          "rsbac_pm_create_file(): non-existent class\n");
03258 #endif
03259                 return(-RSBAC_EINVALIDVALUE);
03260               }
03261             rsbac_printk(KERN_WARNING
03262                    "rsbac_pm_create_file(): rsbac_get_data() for TASK/purpose returned error %i",
03263                    error);
03264             return(-RSBAC_EREADFAILED);  /* deny */
03265           }
03266         /* if there is no purpose set for this class, deny */
03267         if(!data_val2.pp_set)
03268           {
03269 #ifdef CONFIG_RSBAC_DEBUG
03270             if(rsbac_debug_adf_pm)
03271               rsbac_printk(KERN_DEBUG
03272                      "rsbac_pm_create_file(): current_task has purpose, class not\n");
03273 #endif
03274             return(-RSBAC_EPERM);
03275           }
03276       
03277         /* last check: is our task's purpose in the set of purposes for our class? */
03278         pm_set_id.pp_set = data_val2.pp_set;
03279         pm_set_member.pp = data_val.purpose;
03280         if(!rsbac_pm_set_member(0,PS_PP,pm_set_id,pm_set_member))
03281           /* our task's purpose does not match with class purposes -> deny */
03282           {
03283 #ifdef CONFIG_RSBAC_DEBUG
03284             if(rsbac_debug_adf_pm)
03285               rsbac_printk(KERN_DEBUG
03286                      "rsbac_pm_create_file(): purpose of current_task is not in purpose set of class\n");
03287 #endif
03288             return(-RSBAC_EPERM);
03289           }
03290       }
03291 
03292     /* try to create object using standard syscalls, leading to general rsbac */
03293     /* checks via ADF-Request */
03294     /* we are not using sys_creat(), because alpha kernels don't know it */
03295     lock_kernel();
03296     error = sys_open(filename, O_CREAT | O_WRONLY | O_TRUNC, mode);
03297     unlock_kernel();
03298     if (error < 0)
03299       return(error);
03300 
03301     /* setting class for new object */
03302 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
03303     rcu_read_lock();
03304     tid.file.device = current->files->fdt->fd[error]->f_vfsmnt->mnt_sb->s_dev;
03305     tid.file.inode  = current->files->fdt->fd[error]->f_dentry->d_inode->i_ino;
03306     tid.file.dentry_p = current->files->fdt->fd[error]->f_dentry;
03307     rcu_read_unlock();
03308 #else
03309     tid.file.device = current->files->fd[error]->f_dentry->d_inode->i_dev;
03310     tid.file.inode  = current->files->fd[error]->f_dentry->d_inode->i_ino;
03311     tid.file.dentry_p = current->files->fd[error]->f_dentry;
03312 #endif
03313     attr_val.pm_object_class = object_class;
03314     if(rsbac_set_attr(SW_PM,T_FILE,
03315                       tid,
03316                       A_pm_object_class,
03317                       attr_val))
03318       {
03319         rsbac_printk(KERN_WARNING
03320           "rsbac_pm_create_file(): rsbac_set_attr() for pm_object_class returned error");
03321       }
03322     return(error);
03323   }

int rsbac_rc_change_role ( rsbac_rc_role_id_t  role,
char *  pass 
)

int rsbac_rc_copy_role ( rsbac_list_ta_number_t  ta_number,
rsbac_rc_role_id_t  from_role,
rsbac_rc_role_id_t  to_role 
)

Definition at line 2284 of file rc_data_structures.c.

References NULL, RC_role_max_value, role_adr_handle, role_asr_handle, role_dfdc_handle, role_handle, role_rc_handle, role_tcdv_handle, role_tcfd_handle, role_tcgr_handle, role_tcip_handle, role_tcnd_handle, role_tcno_handle, role_tcnt_handle, role_tcpr_handle, role_tcsc_handle, role_tcus_handle, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_list_lol_get_subitem_size(), rsbac_printk(), rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_ta_list_lol_get_all_subdesc_ttl(), rsbac_ta_list_lol_get_all_subitems_ttl(), rsbac_ta_list_lol_remove(), rsbac_ta_list_lol_subadd_ttl(), and rsbac_vfree.

Referenced by rsbac_rc_sys_copy_role().

02287 {
02288         struct rsbac_rc_role_entry_t entry;
02289         rsbac_rc_role_id_t *role_array;
02290         char *item_array;
02291         long count;
02292         u_long i;
02293         int err;
02294 
02295         if (!rsbac_is_initialized()) {
02296                 rsbac_printk(KERN_WARNING "rsbac_rc_copy_role(): RSBAC not initialized\n");
02297                 return (-RSBAC_ENOTINITIALIZED);
02298         }
02299         if ((from_role > RC_role_max_value)
02300             || (to_role > RC_role_max_value)
02301             || (to_role == from_role)
02302             )
02303                 return (-RSBAC_EINVALIDTARGET);
02304 
02305         /* copy */
02306         err =
02307             rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL,
02308                                        &from_role, &entry);
02309         if (err)
02310                 return err;
02311         err =
02312             rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &to_role,
02313                                   &entry);
02314         if (err)
02315                 return err;
02316 
02317         rsbac_ta_list_lol_remove(ta_number, role_rc_handle, &to_role);
02318         count =
02319             rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02320                                                   role_rc_handle,
02321                                                   &from_role,
02322                                                   (void **) &role_array,
02323                                                   NULL);
02324         if (count > 0) {
02325                 for (i = 0; i < count; i++)
02326                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02327                                                      role_rc_handle, 0,
02328                                                      &to_role,
02329                                                      &role_array[i], 0);
02330                 rsbac_vfree(role_array);
02331         }
02332         rsbac_ta_list_lol_remove(ta_number, role_adr_handle, &to_role);
02333         count =
02334             rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02335                                                   role_adr_handle,
02336                                                   &from_role,
02337                                                   (void **) &role_array,
02338                                                   NULL);
02339         if (count > 0) {
02340                 for (i = 0; i < count; i++)
02341                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02342                                                      role_adr_handle, 0,
02343                                                      &to_role,
02344                                                      &role_array[i], 0);
02345                 rsbac_vfree(role_array);
02346         }
02347         rsbac_ta_list_lol_remove(ta_number, role_asr_handle, &to_role);
02348         count =
02349             rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number,
02350                                                   role_asr_handle,
02351                                                   &from_role,
02352                                                   (void **) &role_array,
02353                                                   NULL);
02354         if (count > 0) {
02355                 for (i = 0; i < count; i++)
02356                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02357                                                      role_asr_handle, 0,
02358                                                      &to_role,
02359                                                      &role_array[i], 0);
02360                 rsbac_vfree(role_array);
02361         }
02362         rsbac_ta_list_lol_remove(ta_number, role_dfdc_handle, &to_role);
02363         count =
02364             rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02365                                                    role_dfdc_handle,
02366                                                    &from_role,
02367                                                    (void **) &item_array,
02368                                                    NULL);
02369         if (count > 0) {
02370                 char *tmp = item_array;
02371                 int size =
02372                     rsbac_list_lol_get_subitem_size(role_dfdc_handle);
02373 
02374                 for (i = 0; i < count; i++) {
02375                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02376                                                      role_dfdc_handle, 0,
02377                                                      &to_role, tmp,
02378                                                      tmp +
02379                                                      sizeof
02380                                                      (rsbac_rc_role_id_t));
02381                         tmp += size;
02382                 }
02383                 rsbac_vfree(item_array);
02384         }
02385         rsbac_ta_list_lol_remove(ta_number, role_tcfd_handle, &to_role);
02386         count =
02387             rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02388                                                    role_tcfd_handle,
02389                                                    &from_role,
02390                                                    (void **) &item_array,
02391                                                    NULL);
02392         if (count > 0) {
02393                 char *tmp = item_array;
02394                 int size =
02395                     rsbac_list_lol_get_subitem_size(role_tcfd_handle);
02396 
02397                 for (i = 0; i < count; i++) {
02398                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02399                                                      role_tcfd_handle, 0,
02400                                                      &to_role, tmp,
02401                                                      tmp +
02402                                                      sizeof
02403                                                      (rsbac_rc_role_id_t));
02404                         tmp += size;
02405                 }
02406                 rsbac_vfree(item_array);
02407         }
02408         rsbac_ta_list_lol_remove(ta_number, role_tcdv_handle, &to_role);
02409         count =
02410             rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02411                                                    role_tcdv_handle,
02412                                                    &from_role,
02413                                                    (void **) &item_array,
02414                                                    NULL);
02415         if (count > 0) {
02416                 char *tmp = item_array;
02417                 int size =
02418                     rsbac_list_lol_get_subitem_size(role_tcdv_handle);
02419 
02420                 for (i = 0; i < count; i++) {
02421                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02422                                                      role_tcdv_handle, 0,
02423                                                      &to_role, tmp,
02424                                                      tmp +
02425                                                      sizeof
02426                                                      (rsbac_rc_role_id_t));
02427                         tmp += size;
02428                 }
02429                 rsbac_vfree(item_array);
02430         }
02431         rsbac_ta_list_lol_remove(ta_number, role_tcus_handle, &to_role);
02432         count =
02433             rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02434                                                    role_tcus_handle,
02435                                                    &from_role,
02436                                                    (void **) &item_array,
02437                                                    NULL);
02438         if (count > 0) {
02439                 char *tmp = item_array;
02440                 int size =
02441                     rsbac_list_lol_get_subitem_size(role_tcus_handle);
02442 
02443                 for (i = 0; i < count; i++) {
02444                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02445                                                      role_tcus_handle, 0,
02446                                                      &to_role, tmp,
02447                                                      tmp +
02448                                                      sizeof
02449                                                      (rsbac_rc_role_id_t));
02450                         tmp += size;
02451                 }
02452                 rsbac_vfree(item_array);
02453         }
02454         rsbac_ta_list_lol_remove(ta_number, role_tcpr_handle, &to_role);
02455         count =
02456             rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02457                                                    role_tcpr_handle,
02458                                                    &from_role,
02459                                                    (void **) &item_array,
02460                                                    NULL);
02461         if (count > 0) {
02462                 char *tmp = item_array;
02463                 int size =
02464                     rsbac_list_lol_get_subitem_size(role_tcpr_handle);
02465 
02466                 for (i = 0; i < count; i++) {
02467                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02468                                                      role_tcpr_handle, 0,
02469                                                      &to_role, tmp,
02470                                                      tmp +
02471                                                      sizeof
02472                                                      (rsbac_rc_role_id_t));
02473                         tmp += size;
02474                 }
02475                 rsbac_vfree(item_array);
02476         }
02477         rsbac_ta_list_lol_remove(ta_number, role_tcip_handle, &to_role);
02478         count =
02479             rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02480                                                    role_tcip_handle,
02481                                                    &from_role,
02482                                                    (void **) &item_array,
02483                                                    NULL);
02484         if (count > 0) {
02485                 char *tmp = item_array;
02486                 int size =
02487                     rsbac_list_lol_get_subitem_size(role_tcip_handle);
02488 
02489                 for (i = 0; i < count; i++) {
02490                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02491                                                      role_tcip_handle, 0,
02492                                                      &to_role, tmp,
02493                                                      tmp +
02494                                                      sizeof
02495                                                      (rsbac_rc_role_id_t));
02496                         tmp += size;
02497                 }
02498                 rsbac_vfree(item_array);
02499         }
02500         rsbac_ta_list_lol_remove(ta_number, role_tcsc_handle, &to_role);
02501         count =
02502             rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02503                                                    role_tcsc_handle,
02504                                                    &from_role,
02505                                                    (void **) &item_array,
02506                                                    NULL);
02507         if (count > 0) {
02508                 char *tmp = item_array;
02509                 int size =
02510                     rsbac_list_lol_get_subitem_size(role_tcsc_handle);
02511 
02512                 for (i = 0; i < count; i++) {
02513                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02514                                                      role_tcsc_handle, 0,
02515                                                      &to_role, tmp,
02516                                                      tmp +
02517                                                      sizeof
02518                                                      (rsbac_rc_role_id_t));
02519                         tmp += size;
02520                 }
02521                 rsbac_vfree(item_array);
02522         }
02523         rsbac_ta_list_lol_remove(ta_number, role_tcgr_handle, &to_role);
02524         count =
02525             rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02526                                                    role_tcgr_handle,
02527                                                    &from_role,
02528                                                    (void **) &item_array,
02529                                                    NULL);
02530         if (count > 0) {
02531                 char *tmp = item_array;
02532                 int size =
02533                     rsbac_list_lol_get_subitem_size(role_tcgr_handle);
02534 
02535                 for (i = 0; i < count; i++) {
02536                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02537                                                      role_tcgr_handle, 0,
02538                                                      &to_role, tmp,
02539                                                      tmp +
02540                                                      sizeof
02541                                                      (rsbac_rc_role_id_t));
02542                         tmp += size;
02543                 }
02544                 rsbac_vfree(item_array);
02545         }
02546         rsbac_ta_list_lol_remove(ta_number, role_tcnd_handle, &to_role);
02547         count =
02548             rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02549                                                    role_tcnd_handle,
02550                                                    &from_role,
02551                                                    (void **) &item_array,
02552                                                    NULL);
02553         if (count > 0) {
02554                 char *tmp = item_array;
02555                 int size =
02556                     rsbac_list_lol_get_subitem_size(role_tcnd_handle);
02557 
02558                 for (i = 0; i < count; i++) {
02559                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02560                                                      role_tcnd_handle, 0,
02561                                                      &to_role, tmp,
02562                                                      tmp +
02563                                                      sizeof
02564                                                      (rsbac_rc_role_id_t));
02565                         tmp += size;
02566                 }
02567                 rsbac_vfree(item_array);
02568         }
02569         rsbac_ta_list_lol_remove(ta_number, role_tcnt_handle, &to_role);
02570         count =
02571             rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02572                                                    role_tcnt_handle,
02573                                                    &from_role,
02574                                                    (void **) &item_array,
02575                                                    NULL);
02576         if (count > 0) {
02577                 char *tmp = item_array;
02578                 int size =
02579                     rsbac_list_lol_get_subitem_size(role_tcnt_handle);
02580 
02581                 for (i = 0; i < count; i++) {
02582                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02583                                                      role_tcnt_handle, 0,
02584                                                      &to_role, tmp,
02585                                                      tmp +
02586                                                      sizeof
02587                                                      (rsbac_rc_role_id_t));
02588                         tmp += size;
02589                 }
02590                 rsbac_vfree(item_array);
02591         }
02592         rsbac_ta_list_lol_remove(ta_number, role_tcno_handle, &to_role);
02593         count =
02594             rsbac_ta_list_lol_get_all_subitems_ttl(ta_number,
02595                                                    role_tcno_handle,
02596                                                    &from_role,
02597                                                    (void **) &item_array,
02598                                                    NULL);
02599         if (count > 0) {
02600                 char *tmp = item_array;
02601                 int size =
02602                     rsbac_list_lol_get_subitem_size(role_tcno_handle);
02603 
02604                 for (i = 0; i < count; i++) {
02605                         rsbac_ta_list_lol_subadd_ttl(ta_number,
02606                                                      role_tcno_handle, 0,
02607                                                      &to_role, tmp,
02608                                                      tmp +
02609                                                      sizeof
02610                                                      (rsbac_rc_role_id_t));
02611                         tmp += size;
02612                 }
02613                 rsbac_vfree(item_array);
02614         }
02615         return 0;
02616 }

int rsbac_rc_copy_type ( rsbac_list_ta_number_t  ta_number,
enum rsbac_target_t  target,
rsbac_rc_type_id_t  from_type,
rsbac_rc_type_id_t  to_type 
)

int rsbac_rc_get_current_role ( rsbac_rc_role_id_t role_p  ) 

int rsbac_rc_get_eff_rights_n ( rsbac_list_ta_number_t  ta_number,
enum rsbac_target_t  target,
char *  t_name,
rsbac_rc_request_vector_t request_vector_p,
rsbac_time_t ttl_p 
)

int rsbac_rc_get_item ( rsbac_list_ta_number_t  ta_number,
enum rsbac_rc_target_t  target,
union rsbac_rc_target_id_t tid_p,
union rsbac_rc_target_id_t subtid_p,
enum rsbac_rc_item_t  item,
union rsbac_rc_item_value_t value_p,
rsbac_time_t ttl_p 
)

int rsbac_rc_get_list ( rsbac_list_ta_number_t  ta_number,
enum rsbac_rc_target_t  target,
union rsbac_rc_target_id_t tid_p,
enum rsbac_rc_item_t  item,
u_int  maxnum,
__u32 *  array_p,
rsbac_time_t ttl_array_p 
)

int rsbac_rc_set_item ( rsbac_list_ta_number_t  ta_number,
enum rsbac_rc_target_t  target,
union rsbac_rc_target_id_t tid_p,
union rsbac_rc_target_id_t subtid_p,
enum rsbac_rc_item_t  item,
union rsbac_rc_item_value_t value_p,
rsbac_time_t  ttl 
)

int rsbac_rc_sys_select_fd_create_type ( rsbac_rc_type_id_t  type  ) 

int rsbac_reg ( rsbac_reg_handle_t  handle,
void *  arg 
)

int rsbac_remove_target ( rsbac_list_ta_number_t  ta_number,
enum rsbac_target_t  target,
union rsbac_target_id_t tid 
)

int rsbac_remove_target_n ( rsbac_list_ta_number_t  ta_number,
enum rsbac_target_t  target,
char *  t_name 
)

int rsbac_set_attr ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
union rsbac_target_id_t tid,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value 
)

int rsbac_set_attr_n ( rsbac_list_ta_number_t  ta_number,
enum rsbac_switch_target_t  module,
enum rsbac_target_t  target,
char *  t_name,
enum rsbac_attribute_t  attr,
union rsbac_attribute_value_t value 
)

int rsbac_stats ( void   ) 

Definition at line 8602 of file aci_data_structures.c.

References dev_handles, dev_major_handles, device_head_p, device_list_locks, ipc_handles, KERNEL_VERSION, process_handles, rsbac_adf_request_count, rsbac_adf_set_attr_count, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_count(), rsbac_printk(), rsbac_stats_acl(), rsbac_stats_auth(), rsbac_stats_pm(), rsbac_stats_rc(), T_DEV, T_DIR, T_FIFO, T_FILE, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SCD, T_SYMLINK, T_UNIXSOCK, T_USER, and user_handles.

Referenced by sys_rsbac_stats().

08603 {
08604         struct rsbac_device_list_item_t *device_p;
08605         u_long fd_count = 0, fd_sum = 0;
08606         u_long dev_sum = 0;
08607         u_long ipc_sum = 0;
08608         u_long user_sum = 0;
08609         u_long process_sum = 0;
08610 #if defined(CONFIG_RSBAC_UM)
08611         u_long group_sum = 0;
08612 #endif
08613 #if defined(CONFIG_RSBAC_NET_OBJ)
08614         u_long nettemp_sum = 0;
08615         u_long lnetobj_sum = 0;
08616         u_long rnetobj_sum = 0;
08617 #endif
08618         u_long total_sum = 0;
08619         long tmp_count = 0;
08620 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08621         u_long dflags;
08622 #endif
08623         u_int i;
08624 
08625         if (!rsbac_initialized) {
08626                 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n");
08627                 return (-RSBAC_ENOTINITIALIZED);
08628         }
08629         for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) {
08630 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08631                 rcu_read_lock();
08632 #else
08633                 rsbac_read_lock(&device_list_locks[i], &dflags);
08634 #endif
08635 /*    rsbac_printk(KERN_INFO "rsbac_stats(): currently %u processes working on file/dir aci\n",
08636                      device_list_lock.lock); */
08637                 device_p = rcu_dereference(device_head_p[i])->head;
08638                 while (device_p) {      /* for all sublists */
08639                         fd_count = rsbac_list_count(device_p->handles.gen);
08640                         if (fd_count > 0) {
08641                                 rsbac_printk(", %lu GEN", fd_count);
08642                                 fd_sum += fd_count;
08643                         }
08644 
08645 #if defined(CONFIG_RSBAC_MAC)
08646                         fd_count = rsbac_list_count(device_p->handles.mac);
08647                         if (fd_count > 0) {
08648                                 rsbac_printk(", %lu MAC", fd_count);
08649                                 fd_sum += fd_count;
08650                         }
08651 #endif
08652 
08653 #if defined(CONFIG_RSBAC_PM)
08654                         fd_count = rsbac_list_count(device_p->handles.pm);
08655                         if (fd_count > 0) {
08656                                 rsbac_printk(", %lu PM", fd_count);
08657                                 fd_sum += fd_count;
08658                         }
08659 #endif
08660 
08661 #if defined(CONFIG_RSBAC_DAZ)
08662                         fd_count = rsbac_list_count(device_p->handles.daz);
08663                         if (fd_count > 0) {
08664                                 rsbac_printk(", %lu DAZ", fd_count);
08665                                 fd_sum += fd_count;
08666                         }
08667 #if defined(CONFIG_RSBAC_DAZ_CACHE)
08668                         fd_count = rsbac_list_count(device_p->handles.dazs);
08669                         if (fd_count > 0) {
08670                                 rsbac_printk(", %lu DAZ SCANNED", fd_count);
08671                                 fd_sum += fd_count;
08672                         }
08673 #endif
08674 #endif
08675 
08676 #if defined(CONFIG_RSBAC_FF)
08677                         fd_count = rsbac_list_count(device_p->handles.ff);
08678                         if (fd_count > 0) {
08679                                 rsbac_printk(", %lu FF", fd_count);
08680                                 fd_sum += fd_count;
08681                         }
08682 #endif
08683 
08684 #if defined(CONFIG_RSBAC_RC)
08685                         fd_count = rsbac_list_count(device_p->handles.rc);
08686                         if (fd_count > 0) {
08687                                 rsbac_printk(", %lu RC", fd_count);
08688                                 fd_sum += fd_count;
08689                         }
08690 #endif
08691 
08692 #if defined(CONFIG_RSBAC_AUTH)
08693                         fd_count = rsbac_list_count(device_p->handles.auth);
08694                         if (fd_count > 0) {
08695                                 rsbac_printk(", %lu AUTH", fd_count);
08696                                 fd_sum += fd_count;
08697                         }
08698 #endif
08699 
08700 #if defined(CONFIG_RSBAC_CAP)
08701                         fd_count = rsbac_list_count(device_p->handles.cap);
08702                         if (fd_count > 0) {
08703                                 rsbac_printk(", %lu CAP", fd_count);
08704                                 fd_sum += fd_count;
08705                         }
08706 #endif
08707 #if defined(CONFIG_RSBAC_RES)
08708                         fd_count = rsbac_list_count(device_p->handles.res);
08709                         if (fd_count > 0) {
08710                                 rsbac_printk(", %lu RES", fd_count);
08711                                 fd_sum += fd_count;
08712                         }
08713 #endif
08714 #if defined(CONFIG_RSBAC_PAX)
08715                         fd_count = rsbac_list_count(device_p->handles.pax);
08716                         if (fd_count > 0) {
08717                                 rsbac_printk(", %lu PAX", fd_count);
08718                                 fd_sum += fd_count;
08719                         }
08720 #endif
08721 
08722                         rsbac_printk("\n");
08723                         device_p = device_p->next;
08724                 }
08725                 tmp_count += rcu_dereference(device_head_p[i])->count;
08726 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08727                 rcu_read_unlock();
08728 #else
08729                 rsbac_read_unlock(&device_list_locks[i], &dflags);
08730 #endif
08731         }
08732         rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n",
08733                      tmp_count, fd_sum);
08734         /* free access to device_list_head */
08735         total_sum += fd_sum;
08736 
08737         /* dev lists */
08738         tmp_count = rsbac_list_count(dev_handles.gen);
08739         rsbac_printk(KERN_INFO "DEV items: %lu GEN", tmp_count);
08740         dev_sum += tmp_count;
08741 #if defined(CONFIG_RSBAC_MAC)
08742         tmp_count = rsbac_list_count(dev_handles.mac);
08743         rsbac_printk(", %lu MAC", tmp_count);
08744         dev_sum += tmp_count;
08745 #endif
08746 #if defined(CONFIG_RSBAC_PM)
08747         tmp_count = rsbac_list_count(dev_handles.pm);
08748         rsbac_printk(", %lu PM", tmp_count);
08749         dev_sum += tmp_count;
08750 #endif
08751 #if defined(CONFIG_RSBAC_RC)
08752         tmp_count = rsbac_list_count(dev_major_handles.rc);
08753         rsbac_printk(", %lu major RC", tmp_count);
08754         dev_sum += tmp_count;
08755         tmp_count = rsbac_list_count(dev_handles.rc);
08756         rsbac_printk(", %lu RC", tmp_count);
08757         dev_sum += tmp_count;
08758 #endif
08759         rsbac_printk("\n");
08760         rsbac_printk(KERN_INFO "Sum of %lu DEV items\n", dev_sum);
08761         total_sum += dev_sum;
08762 
08763         /* ipc lists */
08764         rsbac_printk(KERN_INFO "IPC items: no GEN");
08765 #if defined(CONFIG_RSBAC_MAC)
08766         tmp_count = rsbac_list_count(ipc_handles.mac);
08767         rsbac_printk(", %lu MAC", tmp_count);
08768         ipc_sum += tmp_count;
08769 #endif
08770 #if defined(CONFIG_RSBAC_PM)
08771         tmp_count = rsbac_list_count(ipc_handles.pm);
08772         rsbac_printk(", %lu PM", tmp_count);
08773         ipc_sum += tmp_count;
08774 #endif
08775 #if defined(CONFIG_RSBAC_RC)
08776         tmp_count = rsbac_list_count(ipc_handles.rc);
08777         rsbac_printk(", %lu RC", tmp_count);
08778         ipc_sum += tmp_count;
08779 #endif
08780 #if defined(CONFIG_RSBAC_JAIL)
08781         tmp_count = rsbac_list_count(ipc_handles.jail);
08782         rsbac_printk(", %lu JAIL", tmp_count);
08783         ipc_sum += tmp_count;
08784 #endif
08785         rsbac_printk("\n");
08786         rsbac_printk(KERN_INFO "Sum of %lu IPC items\n", ipc_sum);
08787         total_sum += ipc_sum;
08788 
08789         /* user lists */
08790         tmp_count = rsbac_list_count(user_handles.gen);
08791         rsbac_printk(KERN_INFO "USER items: %lu GEN", tmp_count);
08792         user_sum += tmp_count;
08793 #if defined(CONFIG_RSBAC_MAC)
08794         tmp_count = rsbac_list_count(user_handles.mac);
08795         rsbac_printk(", %lu MAC", tmp_count);
08796         user_sum += tmp_count;
08797 #endif
08798 #if defined(CONFIG_RSBAC_PM)
08799         tmp_count = rsbac_list_count(user_handles.pm);
08800         rsbac_printk(", %lu PM", tmp_count);
08801         user_sum += tmp_count;
08802 #endif
08803 #if defined(CONFIG_RSBAC_DAZ)
08804         tmp_count = rsbac_list_count(user_handles.daz);
08805         rsbac_printk(", %lu DAZ", tmp_count);
08806         user_sum += tmp_count;
08807 #endif
08808 #if defined(CONFIG_RSBAC_RC)
08809         tmp_count = rsbac_list_count(user_handles.rc);
08810         rsbac_printk(", %lu RC", tmp_count);
08811         user_sum += tmp_count;
08812 #endif
08813 #if defined(CONFIG_RSBAC_AUTH)
08814         tmp_count = rsbac_list_count(user_handles.auth);
08815         rsbac_printk(", %lu AUTH", tmp_count);
08816         user_sum += tmp_count;
08817 #endif
08818 #if defined(CONFIG_RSBAC_CAP)
08819         tmp_count = rsbac_list_count(user_handles.cap);
08820         rsbac_printk(", %lu CAP", tmp_count);
08821         user_sum += tmp_count;
08822 #endif
08823 #if defined(CONFIG_RSBAC_JAIL)
08824         tmp_count = rsbac_list_count(user_handles.jail);
08825         rsbac_printk(", %lu JAIL", tmp_count);
08826         user_sum += tmp_count;
08827 #endif
08828 #if defined(CONFIG_RSBAC_RES)
08829         tmp_count = rsbac_list_count(user_handles.res);
08830         rsbac_printk(", %lu RES", tmp_count);
08831         user_sum += tmp_count;
08832 #endif
08833 #if defined(CONFIG_RSBAC_PAX)
08834         tmp_count = rsbac_list_count(user_handles.pax);
08835         rsbac_printk(", %lu PAX", tmp_count);
08836         user_sum += tmp_count;
08837 #endif
08838         rsbac_printk("\n");
08839         rsbac_printk(KERN_INFO "Sum of %lu USER items\n", user_sum);
08840         total_sum += user_sum;
08841 
08842         /* process lists */
08843         tmp_count = rsbac_list_count(process_handles.gen);
08844         rsbac_printk(KERN_INFO "PROCESS items: %lu GEN", tmp_count);
08845         process_sum += tmp_count;
08846 #if defined(CONFIG_RSBAC_MAC)
08847         tmp_count = rsbac_list_count(process_handles.mac);
08848         rsbac_printk(", %lu MAC", tmp_count);
08849         process_sum += tmp_count;
08850 #endif
08851 #if defined(CONFIG_RSBAC_PM)
08852         tmp_count = rsbac_list_count(process_handles.pm);
08853         rsbac_printk(", %lu PM", tmp_count);
08854         process_sum += tmp_count;
08855 #endif
08856 #if defined(CONFIG_RSBAC_DAZ)
08857         tmp_count = rsbac_list_count(process_handles.daz);
08858         rsbac_printk(", %lu DAZ", tmp_count);
08859         process_sum += tmp_count;
08860 #endif
08861 #if defined(CONFIG_RSBAC_RC)
08862         tmp_count = rsbac_list_count(process_handles.rc);
08863         rsbac_printk(", %lu RC", tmp_count);
08864         process_sum += tmp_count;
08865 #endif
08866 #if defined(CONFIG_RSBAC_AUTH)
08867         tmp_count = rsbac_list_count(process_handles.auth);
08868         rsbac_printk(", %lu AUTH", tmp_count);
08869         process_sum += tmp_count;
08870 #endif
08871 #if defined(CONFIG_RSBAC_CAP)
08872         tmp_count = rsbac_list_count(process_handles.cap);
08873         rsbac_printk(", %lu CAP", tmp_count);
08874         process_sum += tmp_count;
08875 #endif
08876 #if defined(CONFIG_RSBAC_JAIL)
08877         tmp_count = rsbac_list_count(process_handles.jail);
08878         rsbac_printk(", %lu JAIL", tmp_count);
08879         process_sum += tmp_count;
08880 #endif
08881         rsbac_printk("\n");
08882         rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n", process_sum);
08883         total_sum += process_sum;
08884 
08885 #if defined(CONFIG_RSBAC_UM)
08886         /* group lists */
08887         rsbac_printk(KERN_INFO "GROUP items: ");
08888 #if defined(CONFIG_RSBAC_RC_UM_PROT)
08889         tmp_count = rsbac_list_count(group_handles.rc);
08890         rsbac_printk("%lu RC", tmp_count);
08891         user_sum += tmp_count;
08892 #endif
08893         rsbac_printk("\n");
08894         rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n", group_sum);
08895         total_sum += group_sum;
08896 #endif
08897 
08898 #if defined(CONFIG_RSBAC_NET_OBJ)
08899         /* nettemp lists */
08900         rsbac_printk(KERN_INFO "NETTEMP items: ");
08901 #if defined(CONFIG_RSBAC_MAC)
08902         tmp_count = rsbac_list_count(nettemp_handles.mac);
08903         rsbac_printk("%lu MAC, ", tmp_count);
08904         nettemp_sum += tmp_count;
08905 #endif
08906 #if defined(CONFIG_RSBAC_PM)
08907         tmp_count = rsbac_list_count(nettemp_handles.pm);
08908         rsbac_printk("%lu PM, ", tmp_count);
08909         nettemp_sum += tmp_count;
08910 #endif
08911 #if defined(CONFIG_RSBAC_RC)
08912         tmp_count = rsbac_list_count(nettemp_handles.rc);
08913         rsbac_printk("%lu RC, ", tmp_count);
08914         nettemp_sum += tmp_count;
08915 #endif
08916         rsbac_printk("\n");
08917         rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n", nettemp_sum);
08918         total_sum += nettemp_sum;
08919 
08920         /* local netobj lists */
08921         rsbac_printk(KERN_INFO "Local NETOBJ items:");
08922 #if defined(CONFIG_RSBAC_MAC)
08923         tmp_count = rsbac_list_count(lnetobj_handles.mac);
08924         rsbac_printk(" %lu MAC,", tmp_count);
08925         lnetobj_sum += tmp_count;
08926 #endif
08927 #if defined(CONFIG_RSBAC_PM)
08928         tmp_count = rsbac_list_count(lnetobj_handles.pm);
08929         rsbac_printk(" %lu PM,", tmp_count);
08930         lnetobj_sum += tmp_count;
08931 #endif
08932 #if defined(CONFIG_RSBAC_RC)
08933         tmp_count = rsbac_list_count(lnetobj_handles.rc);
08934         rsbac_printk(" %lu RC", tmp_count);
08935         lnetobj_sum += tmp_count;
08936 #endif
08937         rsbac_printk("\n");
08938         rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n",
08939                      lnetobj_sum);
08940         total_sum += lnetobj_sum;
08941 
08942         /* remote netobj lists */
08943         rsbac_printk(KERN_INFO "Remote NETOBJ items:");
08944 #if defined(CONFIG_RSBAC_MAC)
08945         tmp_count = rsbac_list_count(rnetobj_handles.mac);
08946         rsbac_printk(" %lu MAC,", tmp_count);
08947         rnetobj_sum += tmp_count;
08948 #endif
08949 #if defined(CONFIG_RSBAC_PM)
08950         tmp_count = rsbac_list_count(rnetobj_handles.pm);
08951         rsbac_printk(" %lu PM,", tmp_count);
08952         rnetobj_sum += tmp_count;
08953 #endif
08954 #if defined(CONFIG_RSBAC_RC)
08955         tmp_count = rsbac_list_count(rnetobj_handles.rc);
08956         rsbac_printk(" %lu RC", tmp_count);
08957         rnetobj_sum += tmp_count;
08958 #endif
08959         rsbac_printk("\n");
08960         rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n",
08961                      rnetobj_sum);
08962         total_sum += rnetobj_sum;
08963 #endif                          /* NET_OBJ */
08964 
08965         rsbac_printk(KERN_INFO "Total of %lu registered rsbac-items\n", total_sum);
08966 
08967         rsbac_printk(KERN_INFO "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n",
08968                      rsbac_adf_request_count[T_FILE],
08969                      rsbac_adf_request_count[T_DIR],
08970                      rsbac_adf_request_count[T_FIFO],
08971                      rsbac_adf_request_count[T_SYMLINK],
08972                      rsbac_adf_request_count[T_DEV],
08973                      rsbac_adf_request_count[T_IPC],
08974                      rsbac_adf_request_count[T_SCD],
08975                      rsbac_adf_request_count[T_USER],
08976                      rsbac_adf_request_count[T_PROCESS],
08977                      rsbac_adf_request_count[T_NETDEV],
08978                      rsbac_adf_request_count[T_NETTEMP],
08979                      rsbac_adf_request_count[T_NETOBJ],
08980                      rsbac_adf_request_count[T_UNIXSOCK]);
08981         rsbac_printk(KERN_INFO "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n",
08982                      rsbac_adf_set_attr_count[T_FILE],
08983                      rsbac_adf_set_attr_count[T_DIR],
08984                      rsbac_adf_set_attr_count[T_FIFO],
08985                      rsbac_adf_set_attr_count[T_SYMLINK],
08986                      rsbac_adf_set_attr_count[T_DEV],
08987                      rsbac_adf_set_attr_count[T_IPC],
08988                      rsbac_adf_set_attr_count[T_SCD],
08989                      rsbac_adf_set_attr_count[T_USER],
08990                      rsbac_adf_set_attr_count[T_PROCESS],
08991                      rsbac_adf_set_attr_count[T_NETDEV],
08992                      rsbac_adf_set_attr_count[T_NETTEMP],
08993                      rsbac_adf_set_attr_count[T_NETOBJ],
08994                      rsbac_adf_set_attr_count[T_UNIXSOCK]);
08995 
08996 #if defined(CONFIG_RSBAC_PM)
08997         rsbac_stats_pm();
08998 #endif
08999 #if defined(CONFIG_RSBAC_RC)
09000         rsbac_stats_rc();
09001 #endif
09002 #if defined(CONFIG_RSBAC_AUTH)
09003         rsbac_stats_auth();
09004 #endif
09005 #if defined(CONFIG_RSBAC_ACL)
09006         rsbac_stats_acl();
09007 #endif
09008         return 0;
09009 }

int rsbac_stats_pm ( void   ) 

Definition at line 1494 of file pm_data_structures.c.

References class_handle, cs_handle, in_pp_set_handle, na_handle, out_pp_set_handle, pp_handle, pp_set_handle, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_list_count(), rsbac_list_lol_all_subcount(), rsbac_list_lol_count(), rsbac_printk(), ru_set_handle, task_handle, task_set_handle, tkt_handle, tp_handle, and tp_set_handle.

Referenced by rsbac_stats(), and sys_rsbac_stats_pm().

01495 {
01496         u_long tmp_count;
01497         u_long tmp_member_count;
01498         u_long all_set_count = 0;
01499         u_long all_member_count = 0;
01500         u_long all_count = 0;
01501 
01502         if (!rsbac_is_initialized()) {
01503                 rsbac_printk(KERN_WARNING "rsbac_stats_pm(): RSBAC not initialized\n");
01504                 return (-RSBAC_ENOTINITIALIZED);
01505         }
01506 
01507 /****************/
01508 /* Helper lists */
01509 /****************/
01510 
01511         tmp_count = rsbac_list_lol_count(task_set_handle);
01512         tmp_member_count = rsbac_list_lol_all_subcount(task_set_handle);
01513         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu task-set-items, sum of %lu members\n",
01514                      tmp_count, tmp_member_count);
01515         all_set_count += tmp_count;
01516         all_member_count += tmp_member_count;
01517 
01518         tmp_count = rsbac_list_lol_count(tp_set_handle);
01519         tmp_member_count = rsbac_list_lol_all_subcount(tp_set_handle);
01520         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu tp set items, sum of %lu members\n",
01521                      tmp_count, tmp_member_count);
01522         all_set_count += tmp_count;
01523         all_member_count += tmp_member_count;
01524 
01525         tmp_count = rsbac_list_lol_count(ru_set_handle);
01526         tmp_member_count = rsbac_list_lol_all_subcount(ru_set_handle);
01527         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu ru set items, sum of %lu members\n",
01528                      tmp_count, tmp_member_count);
01529         all_set_count += tmp_count;
01530         all_member_count += tmp_member_count;
01531 
01532         tmp_count = rsbac_list_lol_count(pp_set_handle);
01533         tmp_member_count = rsbac_list_lol_all_subcount(pp_set_handle);
01534         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu pp set items, sum of %lu members\n",
01535                      tmp_count, tmp_member_count);
01536         all_set_count += tmp_count;
01537         all_member_count += tmp_member_count;
01538 
01539         tmp_count = rsbac_list_lol_count(in_pp_set_handle);
01540         tmp_member_count = rsbac_list_lol_all_subcount(in_pp_set_handle);
01541         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu input purpose set items, sum of %lu members\n",
01542                      tmp_count, tmp_member_count);
01543         all_set_count += tmp_count;
01544         all_member_count += tmp_member_count;
01545 
01546         tmp_count = rsbac_list_lol_count(out_pp_set_handle);
01547         tmp_member_count = rsbac_list_lol_all_subcount(out_pp_set_handle);
01548         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu output purpose set items, sum of %lu members\n",
01549                      tmp_count, tmp_member_count);
01550         all_set_count += tmp_count;
01551         all_member_count += tmp_member_count;
01552 
01553         rsbac_printk(KERN_INFO "rsbac_stats_pm(): Total of %lu registered rsbac-pm-set-items, %lu members\n",
01554                      all_set_count, all_member_count);
01555 
01556 /**************/
01557 /* Main lists */
01558 /**************/
01559         tmp_count = rsbac_list_count(task_handle);
01560         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu task items\n",
01561                      tmp_count);
01562         all_count += tmp_count;
01563 
01564         tmp_count = rsbac_list_count(class_handle);
01565         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu class items\n",
01566                      tmp_count);
01567         all_count += tmp_count;
01568 
01569         tmp_count = rsbac_list_count(na_handle);
01570         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu na items\n",
01571                      tmp_count);
01572         all_count += tmp_count;
01573 
01574         tmp_count = rsbac_list_count(cs_handle);
01575         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu cs items\n",
01576                      tmp_count);
01577         all_count += tmp_count;
01578 
01579         tmp_count = rsbac_list_count(tp_handle);
01580         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu tp items\n",
01581                      tmp_count);
01582         all_count += tmp_count;
01583 
01584         tmp_count = rsbac_list_count(pp_handle);
01585         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu pp items\n",
01586                      tmp_count);
01587         all_count += tmp_count;
01588 
01589         tmp_count = rsbac_list_count(tkt_handle);
01590         rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu tkt items\n",
01591                      tmp_count);
01592         all_count += tmp_count;
01593 
01594         rsbac_printk(KERN_INFO "rsbac_stats_pm(): Total of %lu registered rsbac-pm-items\n",
01595                      all_count);
01596         return 0;
01597 }

int rsbac_switch ( enum rsbac_switch_target_t  module,
int  value 
)

int rsbac_um_add_gm ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t  uid,
rsbac_gid_t  gid,
rsbac_time_t  ttl 
)

Definition at line 615 of file um_data_structures.c.

00617 {
00618         if (!rsbac_is_initialized()) {
00619                 rsbac_printk(KERN_WARNING "rsbac_um_add_gm(): RSBAC not initialized\n");
00620                 return (-RSBAC_ENOTINITIALIZED);
00621         }
00622 #ifdef CONFIG_RSBAC_UM_EXCL
00623         if (!rsbac_um_no_excl) {
00624                 if (!rsbac_ta_list_exist
00625                     (ta_number, user_handle, &user)) {
00626                         rsbac_printk(KERN_INFO "rsbac_um_add_gm(): uid %u not known to RSBAC User Management!\n",
00627                                      user);
00628                         return -RSBAC_ENOTFOUND;
00629                 }
00630                 if (!rsbac_ta_list_exist
00631                     (ta_number, group_handle, &group)) {
00632                         rsbac_printk(KERN_INFO "rsbac_um_add_gm(): gid %u not known to RSBAC User Management!\n",
00633                                      group);
00634                         return -RSBAC_ENOTFOUND;
00635                 }
00636         }
00637 #endif
00638         rsbac_pr_debug(aef_um, "pid %u/%.15s: adding user %u group %u\n",
00639                 current->pid, current->comm, user, group);
00640         return rsbac_ta_list_lol_subadd_ttl(ta_number,
00641                                             user_handle,
00642                                             ttl, &user, &group, NULL);
00643 }

int rsbac_um_add_group ( rsbac_list_ta_number_t  ta_number,
rsbac_gid_t  gid,
struct rsbac_um_group_entry_t entry_p,
char *  pass,
rsbac_time_t  ttl 
)

int rsbac_um_add_user ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t  uid,
struct rsbac_um_user_entry_t entry_p,
char *  pass,
rsbac_time_t  ttl 
)

int rsbac_um_auth_name ( char *  name,
char *  pass 
)

int rsbac_um_auth_uid ( rsbac_uid_t  uid,
char *  pass 
)

int rsbac_um_check_account ( rsbac_uid_t  uid  ) 

Definition at line 1434 of file um_data_structures.c.

01435 {
01436         int err;
01437         struct rsbac_um_user_entry_t *entry_p;
01438         u_long curdays;
01439 
01440         entry_p = rsbac_kmalloc(sizeof(*entry_p));
01441         if (!entry_p)
01442                 return -RSBAC_ENOMEM;
01443         err =
01444             rsbac_ta_list_lol_get_data_ttl(0, user_handle,
01445                                            NULL, &uid, entry_p);
01446         if (err)
01447                 goto out_free;
01448 
01449         rsbac_pr_debug(aef_um, "pid %u/%.15s: checking account for user %u\n",
01450                 current->pid, current->comm, uid);
01451         /* check whether account or password has expired */
01452         curdays = RSBAC_CURRENT_TIME / 86400;
01453         if (*((__u32 *) entry_p->pass)
01454             && !entry_p->lastchange) {
01455                 err = -RSBAC_EMUSTCHANGE;
01456                 rsbac_pr_debug(aef_um, "pid %u/%.15s: user %u must change password, "
01457                                "lastchange = 0\n", current->pid, current->comm, uid);
01458                                goto out_free;
01459         }
01460         if ((curdays > entry_p->expire)
01461             && (entry_p->expire != -1)
01462             && (entry_p->expire)
01463             ) {
01464                 err = -RSBAC_EEXPIRED;
01465                 rsbac_pr_debug(aef_um, "pid %u/%.15s: account for user %u has expired\n",
01466                                current->pid, current->comm, uid);
01467                 goto out_free;
01468         }
01469         if ((curdays >
01470              (entry_p->lastchange + entry_p->maxchange +
01471               entry_p->inactive))
01472             && (entry_p->maxchange != -1)
01473             && (entry_p->maxchange)
01474             && (entry_p->inactive != -1)
01475             && (entry_p->inactive)
01476             ) {
01477                 err = -RSBAC_EEXPIRED;
01478                 rsbac_pr_debug(aef_um, "pid %u/%.15s: password for user %u has expired\n",
01479                                current->pid, current->comm, uid);
01480                 goto out_free;
01481         }
01482         if (((entry_p->lastchange + entry_p->maxchange) < curdays)
01483             && entry_p->maxchange && (entry_p->maxchange != -1)
01484             ) {
01485                 err = -RSBAC_EMUSTCHANGE;
01486                 rsbac_pr_debug(aef_um, "pid %u/%.15s: user %u must change password, "
01487                                "lastchange too old\n",
01488                                current->pid, current->comm, uid);
01489                 goto out_free;
01490         }
01491         if ((curdays >
01492              (entry_p->lastchange + entry_p->maxchange -
01493               entry_p->warnchange))
01494             && (entry_p->maxchange != -1)
01495             && (entry_p->warnchange != -1)
01496             && entry_p->maxchange && entry_p->warnchange) {
01497                 err = (entry_p->lastchange + entry_p->maxchange) - curdays;
01498         } else
01499                 err = 0;
01500 
01501       out_free:
01502         rsbac_kfree(entry_p);
01503         return err;
01504 }

int rsbac_um_check_account_name ( char *  name  ) 

int rsbac_um_get_gid ( rsbac_list_ta_number_t  ta_number,
char *  name,
rsbac_gid_t gid_p 
)

Definition at line 498 of file um_data_structures.c.

00500 {
00501         if (!name || !gid_p)
00502                 return -RSBAC_EINVALIDPOINTER;
00503         if (!rsbac_ta_list_get_desc(ta_number,
00504                                     group_handle,
00505                                     gid_p,
00506                                     name, group_name_compare))
00507                 return 0;
00508         else
00509                 return -RSBAC_ENOTFOUND;
00510 }

int rsbac_um_get_gm_list ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t  user,
rsbac_gid_t  group_array[],
u_int  maxnum 
)

int rsbac_um_get_gm_user_list ( rsbac_list_ta_number_t  ta_number,
rsbac_gid_t  group,
rsbac_uid_t  user_array[],
u_int  maxnum 
)

int rsbac_um_get_group_item ( rsbac_list_ta_number_t  ta_number,
rsbac_gid_t  gid,
enum rsbac_um_mod_t  mod,
union rsbac_um_mod_data_t data_p 
)

Definition at line 977 of file um_data_structures.c.

00981 {
00982         int err;
00983         struct rsbac_um_group_entry_t *entry_p;
00984 
00985         if (!rsbac_is_initialized()) {
00986                 rsbac_printk(KERN_WARNING "rsbac_um_get_group_item(): RSBAC not initialized\n");
00987                 return (-RSBAC_ENOTINITIALIZED);
00988         }
00989         if (!data_p)
00990                 return -RSBAC_EINVALIDPOINTER;
00991         if (!rsbac_ta_list_exist
00992             (ta_number, group_handle, &group))
00993                 return -RSBAC_ENOTFOUND;
00994         if (mod == UM_ttl)
00995                 return rsbac_ta_list_get_data_ttl(ta_number,
00996                                                   group_handle,
00997                                                   &data_p->ttl, &group,
00998                                                   NULL);
00999 
01000         entry_p = rsbac_kmalloc(sizeof(*entry_p));
01001         if (!entry_p)
01002                 return -RSBAC_ENOMEM;
01003         err =
01004             rsbac_ta_list_get_data_ttl(ta_number,
01005                                        group_handle,
01006                                        NULL, &group, entry_p);
01007         if (err) {
01008                 rsbac_kfree(entry_p);
01009                 return err;
01010         }
01011         switch (mod) {
01012         case UM_name:
01013                 strcpy(data_p->string, entry_p->name);
01014                 break;
01015 
01016         case UM_pass:
01017                 memcpy(data_p->string, entry_p->pass, RSBAC_UM_PASS_LEN);
01018                 break;
01019 
01020         default:
01021                 rsbac_kfree(entry_p);
01022                 return -RSBAC_EINVALIDREQUEST;
01023         }
01024 
01025         rsbac_kfree(entry_p);
01026         return 0;
01027 }

int rsbac_um_get_group_list ( rsbac_list_ta_number_t  ta_number,
rsbac_gid_t  group_array[],
u_int  maxnum 
)

int rsbac_um_get_next_user ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t  old_user,
rsbac_uid_t next_user_p 
)

Definition at line 1094 of file um_data_structures.c.

01096 {
01097         rsbac_uid_t *old_user_p;
01098 
01099         if (old_user == RSBAC_NO_USER)
01100                 old_user_p = NULL;
01101         else
01102                 old_user_p = &old_user;
01103 
01104         return rsbac_ta_list_lol_get_next_desc(ta_number,
01105                                             user_handle,
01106                                             old_user_p,
01107                                             next_user_p);
01108 }

int rsbac_um_get_uid ( rsbac_list_ta_number_t  ta_number,
char *  name,
rsbac_uid_t uid_p 
)

Definition at line 485 of file um_data_structures.c.

00487 {
00488         if (!name || !uid_p)
00489                 return -RSBAC_EINVALIDPOINTER;
00490         if (!rsbac_ta_list_lol_get_desc(ta_number,
00491                                         user_handle,
00492                                         uid_p, name, name_compare))
00493                 return 0;
00494         else
00495                 return -RSBAC_ENOTFOUND;
00496 }

int rsbac_um_get_user_item ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t  uid,
enum rsbac_um_mod_t  mod,
union rsbac_um_mod_data_t data_p 
)

Definition at line 885 of file um_data_structures.c.

00889 {
00890         int err;
00891         struct rsbac_um_user_entry_t *entry_p;
00892 
00893         if (!rsbac_is_initialized()) {
00894                 rsbac_printk(KERN_WARNING "rsbac_um_get_user_item(): RSBAC not initialized\n");
00895                 return (-RSBAC_ENOTINITIALIZED);
00896         }
00897         if (!data_p)
00898                 return -RSBAC_EINVALIDPOINTER;
00899         if (!rsbac_ta_list_lol_exist
00900             (ta_number, user_handle, &user))
00901                 return -RSBAC_ENOTFOUND;
00902         if (mod == UM_ttl)
00903                 return rsbac_ta_list_lol_get_data_ttl(ta_number,
00904                                                       user_handle,
00905                                                       &data_p->ttl, &user,
00906                                                       NULL);
00907 
00908         entry_p = rsbac_kmalloc(sizeof(*entry_p));
00909         if (!entry_p)
00910                 return -RSBAC_ENOMEM;
00911         err =
00912             rsbac_ta_list_lol_get_data_ttl(ta_number,
00913                                            user_handle,
00914                                            NULL, &user, entry_p);
00915         if (err) {
00916                 rsbac_kfree(entry_p);
00917                 return err;
00918         }
00919         switch (mod) {
00920         case UM_name:
00921                 strcpy(data_p->string, entry_p->name);
00922                 break;
00923 
00924         case UM_pass:
00925                 memcpy(data_p->string, entry_p->pass, RSBAC_UM_PASS_LEN);
00926                 break;
00927 
00928         case UM_fullname:
00929                 strcpy(data_p->string, entry_p->fullname);
00930                 break;
00931 
00932         case UM_homedir:
00933                 strcpy(data_p->string, entry_p->homedir);
00934                 break;
00935 
00936         case UM_shell:
00937                 strcpy(data_p->string, entry_p->shell);
00938                 break;
00939 
00940         case UM_group:
00941                 data_p->group = entry_p->group;
00942                 break;
00943 
00944         case UM_lastchange:
00945                 data_p->days = entry_p->lastchange;
00946                 break;
00947 
00948         case UM_minchange:
00949                 data_p->days = entry_p->minchange;
00950                 break;
00951 
00952         case UM_maxchange:
00953                 data_p->days = entry_p->maxchange;
00954                 break;
00955 
00956         case UM_warnchange:
00957                 data_p->days = entry_p->warnchange;
00958                 break;
00959 
00960         case UM_inactive:
00961                 data_p->days = entry_p->inactive;
00962                 break;
00963 
00964         case UM_expire:
00965                 data_p->days = entry_p->expire;
00966                 break;
00967 
00968         default:
00969                 rsbac_kfree(entry_p);
00970                 return -RSBAC_EINVALIDREQUEST;
00971         }
00972 
00973         rsbac_kfree(entry_p);
00974         return 0;
00975 }

int rsbac_um_get_user_list ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t  user_array[],
u_int  maxnum 
)

int rsbac_um_group_exists ( rsbac_list_ta_number_t  ta_number,
rsbac_gid_t  gid 
)

Definition at line 1037 of file um_data_structures.c.

01039 {
01040         return rsbac_ta_list_exist(ta_number,
01041                                    group_handle,
01042                                    &group);
01043 }

int rsbac_um_mod_group ( rsbac_list_ta_number_t  ta_number,
rsbac_gid_t  gid,
enum rsbac_um_mod_t  mod,
union rsbac_um_mod_data_t data_p 
)

Definition at line 794 of file um_data_structures.c.

00798 {
00799         int err;
00800         struct rsbac_um_group_entry_t *entry_p;
00801 
00802         if (!rsbac_is_initialized()) {
00803                 rsbac_printk(KERN_WARNING "rsbac_um_mod_group(): RSBAC not initialized\n");
00804                 return (-RSBAC_ENOTINITIALIZED);
00805         }
00806         if (!data_p && (mod != UM_pass)
00807             )
00808                 return -RSBAC_EINVALIDPOINTER;
00809         if (!rsbac_ta_list_exist
00810             (ta_number, group_handle, &group))
00811                 return -RSBAC_ENOTFOUND;
00812 
00813         entry_p = rsbac_kmalloc(sizeof(*entry_p));
00814         if (!entry_p)
00815                 return -RSBAC_ENOMEM;
00816         err =
00817             rsbac_ta_list_get_data_ttl(ta_number,
00818                                        group_handle,
00819                                        NULL, &group, entry_p);
00820         if (err) {
00821                 rsbac_kfree(entry_p);
00822                 return err;
00823         }
00824         rsbac_pr_debug(aef_um, "pid %u/%.15s: modifying group %u\n",
00825                 current->pid, current->comm, group);
00826         switch (mod) {
00827         case UM_name:
00828                 {
00829                         rsbac_gid_t tmp_group;
00830 
00831                         if (!rsbac_um_get_gid
00832                             (ta_number, data_p->string, &tmp_group)
00833                             && (tmp_group != group)
00834                             )
00835                                 return -RSBAC_EEXISTS;
00836                         strncpy(entry_p->name, data_p->string,
00837                                 RSBAC_UM_NAME_LEN);
00838                         entry_p->name[RSBAC_UM_NAME_LEN - 1] = 0;
00839                 }
00840                 break;
00841 
00842         case UM_pass:
00843                 if (data_p) {
00844                         __u32 salt;
00845 
00846                         new_salt(&salt);
00847                         err = rsbac_um_hash(data_p->string, salt);
00848                         if (err) {
00849                                 rsbac_kfree(entry_p);
00850                                 return err;
00851                         }
00852                         memcpy(entry_p->pass, &salt, sizeof(salt));
00853                         memcpy(entry_p->pass + sizeof(salt),
00854                                data_p->string,
00855                                RSBAC_UM_PASS_LEN - sizeof(salt));
00856                 } else
00857                         memset(entry_p->pass, 0, RSBAC_UM_PASS_LEN);
00858                 break;
00859 
00860         case UM_cryptpass:
00861                 memcpy(entry_p->pass, data_p->string, RSBAC_UM_PASS_LEN);
00862                 break;
00863 
00864         case UM_ttl:
00865                 err =
00866                     rsbac_ta_list_add_ttl(ta_number,
00867                                           group_handle,
00868                                           data_p->ttl, &group, entry_p);
00869                 rsbac_kfree(entry_p);
00870                 return err;
00871 
00872         default:
00873                 rsbac_kfree(entry_p);
00874                 return -RSBAC_EINVALIDREQUEST;
00875         }
00876 
00877         err =
00878             rsbac_ta_list_add_ttl(ta_number,
00879                                   group_handle,
00880                                   RSBAC_LIST_TTL_KEEP, &group, entry_p);
00881         rsbac_kfree(entry_p);
00882         return err;
00883 }

int rsbac_um_mod_user ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t  uid,
enum rsbac_um_mod_t  mod,
union rsbac_um_mod_data_t data_p 
)

Definition at line 645 of file um_data_structures.c.

00649 {
00650         int err;
00651         struct rsbac_um_user_entry_t *entry_p;
00652 
00653         if (!rsbac_is_initialized()) {
00654                 rsbac_printk(KERN_WARNING "rsbac_um_mod_user(): RSBAC not initialized\n");
00655                 return (-RSBAC_ENOTINITIALIZED);
00656         }
00657         if (!data_p && (mod != UM_pass)
00658             )
00659                 return -RSBAC_EINVALIDPOINTER;
00660         if (!rsbac_ta_list_lol_exist
00661             (ta_number, user_handle, &user))
00662                 return -RSBAC_ENOTFOUND;
00663 
00664         entry_p = rsbac_kmalloc(sizeof(*entry_p));
00665         if (!entry_p)
00666                 return -RSBAC_ENOMEM;
00667         err =
00668             rsbac_ta_list_lol_get_data_ttl(ta_number,
00669                                            user_handle,
00670                                            NULL, &user, entry_p);
00671         if (err) {
00672                 rsbac_kfree(entry_p);
00673                 return err;
00674         }
00675         rsbac_pr_debug(aef_um, "pid %u/%.15s: modifying user %u\n",
00676                 current->pid, current->comm, user);
00677         switch (mod) {
00678         case UM_name:
00679                 {
00680                         rsbac_uid_t tmp_user;
00681 
00682                         if (!rsbac_um_get_uid
00683                             (ta_number, data_p->string, &tmp_user)
00684                             && (tmp_user != user)
00685                             )
00686                                 return -RSBAC_EEXISTS;
00687                         strncpy(entry_p->name, data_p->string,
00688                                 RSBAC_UM_NAME_LEN);
00689                         entry_p->name[RSBAC_UM_NAME_LEN - 1] = 0;
00690                 }
00691                 break;
00692 
00693         case UM_pass:
00694                 if (data_p) {
00695                         __u32 salt;
00696 
00697                         new_salt(&salt);
00698                         err = rsbac_um_hash(data_p->string, salt);
00699                         if (err) {
00700                                 rsbac_kfree(entry_p);
00701                                 return err;
00702                         }
00703                         memcpy(entry_p->pass, &salt, sizeof(salt));
00704                         memcpy(entry_p->pass + sizeof(salt),
00705                                data_p->string,
00706                                RSBAC_UM_PASS_LEN - sizeof(salt));
00707                 } else
00708                         memset(entry_p->pass, 0, RSBAC_UM_PASS_LEN);
00709                 entry_p->lastchange = RSBAC_CURRENT_TIME / 86400;
00710                 break;
00711 
00712         case UM_cryptpass:
00713                 memcpy(entry_p->pass, data_p->string, RSBAC_UM_PASS_LEN);
00714                 break;
00715 
00716         case UM_fullname:
00717                 strncpy(entry_p->fullname, data_p->string,
00718                         RSBAC_UM_FULLNAME_LEN);
00719                 entry_p->fullname[RSBAC_UM_FULLNAME_LEN - 1] = 0;
00720                 break;
00721 
00722         case UM_homedir:
00723                 strncpy(entry_p->homedir, data_p->string,
00724                         RSBAC_UM_HOMEDIR_LEN);
00725                 entry_p->homedir[RSBAC_UM_HOMEDIR_LEN - 1] = 0;
00726                 break;
00727 
00728         case UM_shell:
00729                 strncpy(entry_p->shell, data_p->string,
00730                         RSBAC_UM_SHELL_LEN);
00731                 entry_p->shell[RSBAC_UM_SHELL_LEN - 1] = 0;
00732                 break;
00733 
00734         case UM_group:
00735 #ifdef CONFIG_RSBAC_UM_EXCL
00736                 if (!rsbac_um_no_excl
00737                     && !rsbac_ta_list_exist(ta_number,
00738                                             group_handle,
00739                                             &data_p->group)) {
00740                         rsbac_printk(KERN_INFO "rsbac_um_mod_user(): gid %u not known to RSBAC User Management!\n",
00741                                      data_p->group);
00742                         rsbac_kfree(entry_p);
00743                         return -RSBAC_EINVALIDVALUE;
00744                 }
00745 #endif
00746                 entry_p->group = data_p->group;
00747                 break;
00748 
00749         case UM_lastchange:
00750                 entry_p->lastchange = data_p->days;
00751                 break;
00752 
00753         case UM_minchange:
00754                 entry_p->minchange = data_p->days;
00755                 break;
00756 
00757         case UM_maxchange:
00758                 entry_p->maxchange = data_p->days;
00759                 break;
00760 
00761         case UM_warnchange:
00762                 entry_p->warnchange = data_p->days;
00763                 break;
00764 
00765         case UM_inactive:
00766                 entry_p->inactive = data_p->days;
00767                 break;
00768 
00769         case UM_expire:
00770                 entry_p->expire = data_p->days;
00771                 break;
00772 
00773         case UM_ttl:
00774                 err =
00775                     rsbac_ta_list_lol_add_ttl(ta_number,
00776                                               user_handle,
00777                                               data_p->ttl, &user, entry_p);
00778                 rsbac_kfree(entry_p);
00779                 return err;
00780 
00781         default:
00782                 rsbac_kfree(entry_p);
00783                 return -RSBAC_EINVALIDREQUEST;
00784         }
00785 
00786         err =
00787             rsbac_ta_list_lol_add_ttl(ta_number,
00788                                       user_handle,
00789                                       RSBAC_LIST_TTL_KEEP, &user, entry_p);
00790         rsbac_kfree(entry_p);
00791         return err;
00792 }

int rsbac_um_remove_gm ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t  uid,
rsbac_gid_t  gid 
)

Definition at line 1070 of file um_data_structures.c.

01072 {
01073         if (!rsbac_is_initialized()) {
01074                 rsbac_printk(KERN_WARNING "rsbac_um_remove_gm(): RSBAC not initialized\n");
01075                 return (-RSBAC_ENOTINITIALIZED);
01076         }
01077         rsbac_pr_debug(aef_um, "pid %u/%.15s: removing user %u group %u\n",
01078                 current->pid, current->comm, user, group);
01079         return rsbac_ta_list_lol_subremove(ta_number,
01080                                            user_handle,
01081                                            &user, &group);
01082 }

int rsbac_um_remove_group ( rsbac_list_ta_number_t  ta_number,
rsbac_gid_t  gid 
)

Definition at line 1056 of file um_data_structures.c.

01058 {
01059         if (!rsbac_ta_list_exist
01060             (ta_number, group_handle, &group))
01061                 return -RSBAC_ENOTFOUND;
01062         rsbac_ta_list_lol_subremove_from_all(ta_number,
01063                                              user_handle,
01064                                              &group);
01065         return rsbac_ta_list_remove(ta_number,
01066                                     group_handle,
01067                                     &group);
01068 }

int rsbac_um_remove_user ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t  uid 
)

Definition at line 1045 of file um_data_structures.c.

01047 {
01048         if (!rsbac_ta_list_lol_exist
01049             (ta_number, user_handle, &user))
01050                 return -RSBAC_ENOTFOUND;
01051         return rsbac_ta_list_lol_remove(ta_number,
01052                                         user_handle,
01053                                         &user);
01054 }

int rsbac_um_set_group_pass ( rsbac_gid_t  gid,
char *  new_pass 
)

Definition at line 1399 of file um_data_structures.c.

01400 {
01401         int err;
01402         struct rsbac_um_group_entry_t *entry_p;
01403         __u32 salt;
01404 
01405         entry_p = rsbac_kmalloc(sizeof(*entry_p));
01406         if (!entry_p)
01407                 return -RSBAC_ENOMEM;
01408         err = rsbac_ta_list_get_data_ttl(0, group_handle,
01409                                          NULL, &gid, entry_p);
01410         if (err)
01411                 goto out_free;
01412 
01413         rsbac_pr_debug(aef_um, "pid %u/%.15s: setting password for group %u\n",
01414                 current->pid, current->comm, gid);
01415         if (pass) {
01416                 new_salt(&salt);
01417                 err = rsbac_um_hash(pass, salt);
01418                 if (err)
01419                         goto out_free;
01420                 memcpy(entry_p->pass, &salt, sizeof(salt));
01421                 memcpy(entry_p->pass + sizeof(salt), pass,
01422                        RSBAC_UM_PASS_LEN - sizeof(salt));
01423         } else
01424                 memset(entry_p->pass, 0, RSBAC_UM_PASS_LEN);
01425         err =
01426             rsbac_ta_list_add_ttl(0, group_handle, 0,
01427                                   &gid, entry_p);
01428 
01429       out_free:
01430         rsbac_kfree(entry_p);
01431         return err;
01432 }

int rsbac_um_set_pass ( rsbac_uid_t  uid,
char *  old_pass,
char *  new_pass 
)

int rsbac_um_set_pass_name ( char *  name,
char *  old_pass,
char *  new_pass 
)

int rsbac_um_user_exists ( rsbac_list_ta_number_t  ta_number,
rsbac_uid_t  uid 
)

Definition at line 1029 of file um_data_structures.c.

01031 {
01032         return rsbac_ta_list_lol_exist(ta_number,
01033                                        user_handle,
01034                                        &user);
01035 }

int rsbac_version ( void   ) 

int rsbac_write ( void   ) 

Referenced by rsbac_umount(), and sys_rsbac_write().


Generated on Wed May 16 11:54:03 2007 for RSBAC by  doxygen 1.5.1