/linux-2.6.21.1-rsbac-1.3.4/rsbac/help/syscalls.c

Go to the documentation of this file.
00001 /*************************************************** */
00002 /* Rule Set Based Access Control                     */
00003 /* Implementation of RSBAC general system calls      */
00004 /* Author and (C) 1999-2007: Amon Ott <ao@rsbac.org> */
00005 /*                                                   */
00006 /* Last modified: 01/Feb/2007                        */
00007 /*************************************************** */
00008 
00009 #include <rsbac/types.h>
00010 #include <rsbac/aci.h>
00011 #include <rsbac/mac.h>
00012 #include <rsbac/pm.h>
00013 #include <rsbac/auth.h>
00014 #include <rsbac/acl.h>
00015 #include <rsbac/reg.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/debug.h>
00018 #include <rsbac/helpers.h>
00019 #include <rsbac/getname.h>
00020 #include <rsbac/network.h>
00021 #include <asm/semaphore.h>
00022 #include <linux/sched.h>
00023 #include <linux/file.h>
00024 #include <rsbac/rkmem.h>
00025 #include <rsbac/gen_lists.h>
00026 #include <linux/smp_lock.h>
00027 #include <asm/uaccess.h>
00028 #include <linux/delay.h>
00029 
00030 #include <rsbac/adf.h>
00031 #include <rsbac/adf_main.h>
00032 #include <rsbac/adf_syshelpers.h>
00033 #include <rsbac/rc.h>
00034 #include <rsbac/um.h>
00035 #include <rsbac/um_types.h>
00036 #include <rsbac/syscalls.h>
00037 
00038 #ifdef CONFIG_RSBAC_NET_OBJ
00039 #include <rsbac/network.h>
00040 #endif
00041 #ifdef CONFIG_RSBAC_DAZ
00042 #include <rsbac/daz.h>
00043 #endif
00044 
00045 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00046 #include <linux/namei.h>
00047 #endif
00048 
00049 /************************************************************************** */
00050 /*                          Global Variables                                */
00051 /************************************************************************** */
00052 
00053 extern struct semaphore rsbac_write_sem;
00054 
00055 /************************************************* */
00056 /*              Declarations                       */
00057 /************************************************* */
00058 
00059 /************************************************* */
00060 /*              General functions                  */
00061 /************************************************* */
00062 
00063 /* All functions return 0, if no error occurred, and a negative error code  */
00064 /* otherwise. The error codes are defined in rsbac/error.h.                 */
00065 
00066 int sys_rsbac_stats(void)
00067   {
00068     union rsbac_target_id_t       rsbac_target_id;
00069     union rsbac_attribute_value_t rsbac_attribute_value;
00070 
00071 #ifdef CONFIG_RSBAC_DEBUG
00072     if (rsbac_debug_aef)
00073       {
00074         rsbac_printk(KERN_DEBUG "sys_rsbac_stats(): calling ADF\n");
00075       }
00076 #endif
00077     rsbac_target_id.scd = ST_rsbac;
00078     rsbac_attribute_value.dummy = 0;
00079     if (!rsbac_adf_request(R_GET_STATUS_DATA,
00080                            current->pid,
00081                            T_SCD,
00082                            rsbac_target_id,
00083                            A_none,
00084                            rsbac_attribute_value))
00085       {
00086         return -EPERM;
00087       }
00088 
00089     return(rsbac_stats());
00090   };
00091 
00092 long sys_sync(void);
00093 
00094 int sys_rsbac_check(int correct, int check_inode)
00095   {
00096     union rsbac_target_id_t       rsbac_target_id;
00097     union rsbac_attribute_value_t rsbac_attribute_value;
00098     int result;
00099 
00100 #ifdef CONFIG_RSBAC_DEBUG
00101     if (rsbac_debug_aef)
00102       {
00103         rsbac_printk(KERN_DEBUG "sys_rsbac_check(): calling ADF\n");
00104       }
00105 #endif
00106     rsbac_target_id.scd = ST_rsbac;
00107     rsbac_attribute_value.dummy = 0;
00108     if (!rsbac_adf_request(R_GET_STATUS_DATA,
00109                            current->pid,
00110                            T_SCD,
00111                            rsbac_target_id,
00112                            A_none,
00113                            rsbac_attribute_value))
00114       {
00115         return -EPERM;
00116       }
00117 
00118     rsbac_printk(KERN_INFO
00119            "sys_rsbac_check(): triggering RSBAC consistency check, correct = %u, check_inode = %u!\n",
00120            correct, check_inode);
00121 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00122     /* Sync to be sure */
00123     if(check_inode)
00124       {
00125         rsbac_printk(KERN_INFO
00126                      "sys_rsbac_check(): syncing disks\n");
00127         sys_sync();
00128       }
00129 #endif
00130 
00131     lock_kernel();
00132 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00133     /* rsbac write blocking */
00134     if(check_inode)
00135       down(&rsbac_write_sem);
00136 #endif
00137 
00138     result=rsbac_check_lists(correct);
00139 
00140     /* call other checks */
00141     #if defined(CONFIG_RSBAC_ACL)
00142     if(!result)
00143       result=rsbac_check_acl(correct);
00144     #endif
00145     #if defined(CONFIG_RSBAC_REG)
00146     if(!result)
00147       result=rsbac_check_reg(correct, check_inode);
00148     #endif
00149 
00150 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
00151     /* release write blocking */
00152     if(check_inode)
00153       up(&rsbac_write_sem);
00154 #endif
00155 
00156     unlock_kernel();
00157     return(result);
00158   }
00159 
00160 int sys_rsbac_write(void)
00161   {
00162 #if defined(CONFIG_RSBAC_AUTO_WRITE)
00163     union rsbac_target_id_t       rsbac_target_id;
00164     union rsbac_attribute_value_t rsbac_attribute_value;
00165     int result;
00166 
00167 #ifdef CONFIG_RSBAC_DEBUG
00168     if (rsbac_debug_aef)
00169       {
00170         rsbac_printk(KERN_DEBUG "sys_rsbac_write(): calling ADF\n");
00171       }
00172 #endif
00173     rsbac_target_id.scd = ST_rsbac;
00174     rsbac_attribute_value.dummy = 0;
00175     if (!rsbac_adf_request(R_WRITE,
00176                            current->pid,
00177                            T_SCD,
00178                            rsbac_target_id,
00179                            A_none,
00180                            rsbac_attribute_value))
00181       {
00182         return -EPERM;
00183       }
00184 
00185 /*    lock_kernel(); -> rsbac_write(need_lock) */
00186     result = rsbac_write(TRUE);
00187 /*    unlock_kernel(); */
00188     return result;
00189 #else
00190     return(0);
00191 #endif /* CONFIG_RSBAC_AUTO_WRITE */
00192   };
00193 
00194 /************************************************* */
00195 /*               Attribute functions               */
00196 /************************************************* */
00197 
00198 int sys_rsbac_get_attr(
00199   rsbac_list_ta_number_t ta_number,
00200   enum rsbac_switch_target_t module,
00201   enum rsbac_target_t target,
00202   union rsbac_target_id_t * tid,
00203   enum rsbac_attribute_t attr,
00204   union rsbac_attribute_value_t * value,
00205   int inherit)
00206     { 
00207       union rsbac_target_id_t k_tid;
00208       union rsbac_attribute_value_t k_value;
00209       int   err = 0;
00210       rsbac_boolean_t i_inherit;
00211 
00212       if(module > SW_NONE)
00213         return -RSBAC_EINVALIDMODULE;
00214       if(!tid || (target >= T_NONE))
00215         return -RSBAC_EINVALIDTARGET;
00216       if(!value)
00217         return -RSBAC_EINVALIDPOINTER;
00218       if(attr >= A_none)
00219         return -RSBAC_EINVALIDATTR;
00220 
00221       if(module == SW_NONE)
00222         {
00223           module = get_attr_module(attr);
00224           if(module == SW_NONE)
00225             return(-RSBAC_EINVALIDMODULE);
00226         }
00227 
00228       /* get values from user space */
00229       rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00230       rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00231 
00232        switch (target) {
00233                case T_FD:
00234                        return -RSBAC_EINVALIDTARGET;
00235                case T_FILE:
00236                case T_DIR:
00237                case T_FIFO:
00238                case T_SYMLINK:
00239                case T_UNIXSOCK:
00240                        k_tid.file.dentry_p = NULL;
00241                        k_tid.dir.dentry_p = NULL;
00242                default:
00243                        break;
00244        }
00245 
00246       if(inherit)
00247         i_inherit = TRUE;
00248       else
00249         i_inherit = FALSE;
00250 
00251 #ifdef CONFIG_RSBAC_NET_OBJ
00252       /* sanity check before using pointer */
00253       if(   (target == T_NETOBJ)
00254          && (   !k_tid.netobj.sock_p
00255              || k_tid.netobj.remote_addr
00256 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00257              || !k_tid.netobj.sock_p->file
00258              || !k_tid.netobj.sock_p->file->f_dentry
00259              || !k_tid.netobj.sock_p->file->f_dentry->d_inode
00260              || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p)
00261 #else
00262              || !k_tid.netobj.sock_p->inode
00263              || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p)
00264 #endif
00265             )
00266         )
00267         return -RSBAC_EINVALIDTARGET;
00268 #endif
00269 
00270       /* call ADF */
00271 #ifdef CONFIG_RSBAC_DEBUG
00272       if (rsbac_debug_aef)
00273         {
00274           rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): calling ADF\n");
00275         }
00276 #endif
00277       if (!rsbac_adf_request(R_READ_ATTRIBUTE,
00278                              current->pid,
00279                              target,
00280                              k_tid,
00281                              attr,
00282                              k_value))
00283         {
00284           return -EPERM;
00285         }
00286 
00287       err = rsbac_ta_get_attr(ta_number, module, target, k_tid, attr, &k_value, i_inherit);
00288       /* put result value to user space */
00289       if(!err)
00290         {
00291           err = rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00292         }
00293       return (err);
00294     }      /* end of sys_rsbac_get_attr() */
00295 
00296 
00297 int sys_rsbac_get_attr_n(
00298   rsbac_list_ta_number_t ta_number,
00299   enum rsbac_switch_target_t module,
00300   enum rsbac_target_t target,
00301   char * t_name,
00302   enum rsbac_attribute_t attr,
00303   union rsbac_attribute_value_t * value,
00304   int inherit)
00305     { 
00306       union rsbac_attribute_value_t k_value;
00307       struct dentry * t_dentry;
00308       int     err = 0;
00309       union rsbac_target_id_t tid;
00310 /*    struct passwd * user_description_p; */
00311       rsbac_boolean_t i_inherit;
00312       struct nameidata nd;
00313 
00314       if(module > SW_NONE)
00315         return(-RSBAC_EINVALIDMODULE);
00316       if(!t_name || (target >= T_NONE))
00317         return(-RSBAC_EINVALIDTARGET);
00318       if(!value)
00319         return(-RSBAC_EINVALIDPOINTER);
00320       if(attr >= A_none)
00321         return(-RSBAC_EINVALIDATTR);
00322 
00323       if(module == SW_NONE)
00324         {
00325           module = get_attr_module(attr);
00326           if(module == SW_NONE)
00327             return(-RSBAC_EINVALIDMODULE);
00328         }
00329 
00330       if(inherit)
00331         i_inherit = TRUE;
00332       else
00333         i_inherit = FALSE;
00334 
00335       /* get values from user space */
00336       rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00337       switch (target) {
00338                case T_FD:
00339                case T_FILE:
00340                case T_DIR:
00341                case T_FIFO:
00342                case T_SYMLINK:
00343                case T_UNIXSOCK:
00344                        tid.file.dentry_p = NULL;
00345                        tid.dir.dentry_p = NULL;
00346                default:
00347                        break;
00348        }
00349       
00350       /* lookup filename */
00351       if ((err = user_path_walk_link(t_name, &nd)))
00352         {
00353 #ifdef CONFIG_RSBAC_DEBUG
00354           if (rsbac_debug_aef)
00355             {
00356               rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): call to user_path_walk_link() returned %i\n", err);
00357             }
00358 #endif
00359           goto out;
00360         }
00361       t_dentry = nd.dentry;
00362       if (!t_dentry->d_inode)
00363         {
00364 #ifdef CONFIG_RSBAC_DEBUG
00365           if (rsbac_debug_aef)
00366             {
00367               rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): file not found\n");
00368             }
00369 #endif
00370           err = -RSBAC_EINVALIDTARGET;
00371           goto out_dput;
00372         }
00373 
00374       switch (target)
00375         {
00376           /* is inode of right type? */
00377           case T_FD:
00378             if(S_ISREG(t_dentry->d_inode->i_mode))
00379               {
00380                 target = T_FILE;
00381               }
00382             else
00383             if(S_ISDIR(t_dentry->d_inode->i_mode))
00384               {
00385                 target = T_DIR;
00386               }
00387             else
00388             if(S_ISLNK(t_dentry->d_inode->i_mode))
00389               {
00390                 target = T_SYMLINK;
00391               }
00392             else
00393             if(S_ISFIFO(t_dentry->d_inode->i_mode))
00394               {
00395                 target = T_FIFO;
00396               }
00397             else
00398             if(S_ISBLK(t_dentry->d_inode->i_mode))
00399               {
00400                 target = T_FILE;
00401               }
00402             else
00403             if(S_ISCHR(t_dentry->d_inode->i_mode))
00404               {
00405                 target = T_FILE;
00406               }
00407             else
00408             if(S_ISSOCK(t_dentry->d_inode->i_mode))
00409               {
00410                 target = T_UNIXSOCK;
00411               }
00412             else
00413               {
00414 #ifdef CONFIG_RSBAC_DEBUG
00415                 if (rsbac_debug_aef)
00416                   {
00417                     rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no filesystem object\n");
00418                   }
00419 #endif
00420                 err = -RSBAC_EINVALIDTARGET;
00421                 goto out_dput;
00422               }
00423             break;
00424 
00425           case T_FILE:
00426             if (   !(S_ISREG(t_dentry->d_inode->i_mode))
00427                 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00428                 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00429               {
00430 #ifdef CONFIG_RSBAC_DEBUG
00431                 if (rsbac_debug_aef)
00432                   {
00433                     rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no file\n");
00434                   }
00435 #endif
00436                 err = -RSBAC_EINVALIDTARGET;
00437                 goto out_dput;
00438               }
00439             break;
00440 
00441           case T_DIR:
00442             if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00443               {
00444 #ifdef CONFIG_RSBAC_DEBUG
00445                 if (rsbac_debug_aef)
00446                   {
00447                     rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dir\n");
00448                   }
00449 #endif
00450                 err = -RSBAC_EINVALIDTARGET;
00451                 goto out_dput;
00452               }
00453             break;
00454 
00455           case T_FIFO:
00456             /* is inode of type fifo? */
00457             if (   !(S_ISFIFO(t_dentry->d_inode->i_mode)))
00458               {
00459 #ifdef CONFIG_RSBAC_DEBUG
00460                 if (rsbac_debug_aef)
00461                   {
00462                     rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no fifo\n");
00463                   }
00464 #endif
00465                 err = -RSBAC_EINVALIDTARGET;
00466                 goto out_dput;
00467               }
00468             break;
00469 
00470           case T_UNIXSOCK:
00471             /* is inode of type socket? */
00472             if (   !(S_ISSOCK(t_dentry->d_inode->i_mode)))
00473               {
00474 #ifdef CONFIG_RSBAC_DEBUG
00475                 if (rsbac_debug_aef)
00476                   {
00477                     rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no socket\n");
00478                   }
00479 #endif
00480                 err = -RSBAC_EINVALIDTARGET;
00481                 goto out_dput;
00482               }
00483             break;
00484 
00485           case T_SYMLINK:
00486             if (   !(S_ISLNK(t_dentry->d_inode->i_mode)))
00487               {
00488 #ifdef CONFIG_RSBAC_DEBUG
00489                 if (rsbac_debug_aef)
00490                   {
00491                     rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no symlink\n");
00492                   }
00493 #endif
00494                 err = -RSBAC_EINVALIDTARGET;
00495                 goto out_dput;
00496               }
00497             break;
00498 
00499           case T_DEV:
00500             if (   !(S_ISBLK(t_dentry->d_inode->i_mode))
00501                 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00502               {
00503 #ifdef CONFIG_RSBAC_DEBUG
00504                 if (rsbac_debug_aef)
00505                   {
00506                     rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dev\n");
00507                   }
00508 #endif
00509                 err = -RSBAC_EINVALIDTARGET;
00510                 goto out_dput;
00511               }
00512             break;
00513 
00514           default:
00515             err = -RSBAC_EINVALIDTARGET;
00516             goto out_dput;
00517         }
00518 
00519       if(target == T_DEV)
00520         {
00521           if(S_ISBLK(t_dentry->d_inode->i_mode))
00522             tid.dev.type = D_block;
00523           else
00524             tid.dev.type = D_char;
00525           tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
00526           tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
00527         }
00528       else
00529         {
00530           /* fill target id and call internal function */
00531           tid.file.device = t_dentry->d_sb->s_dev;
00532           tid.file.inode  = t_dentry->d_inode->i_ino;
00533           tid.file.dentry_p = t_dentry;
00534         }
00535       /* call ADF */
00536 #ifdef CONFIG_RSBAC_DEBUG
00537       if (rsbac_debug_aef)
00538         {
00539           rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): calling ADF\n");
00540         }
00541 #endif
00542       if (!rsbac_adf_request(R_READ_ATTRIBUTE,
00543                              current->pid,
00544                              target,
00545                              tid,
00546                              attr,
00547                              k_value))
00548         {
00549           err = -EPERM;
00550         }
00551       else
00552         {
00553           err = rsbac_ta_get_attr(ta_number, module, target, tid, attr, &k_value, i_inherit);
00554           /* put result value to user space */
00555           if(!err)
00556             rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00557         }
00558 
00559 out_dput:
00560       path_release(&nd);
00561 
00562 out:
00563       return(err);
00564     }      /* end of sys_rsbac_get_attr_n() */
00565 
00566 /************************************************************************** */
00567 
00568 int sys_rsbac_set_attr(
00569   rsbac_list_ta_number_t ta_number,
00570   enum rsbac_switch_target_t module,
00571   enum rsbac_target_t target,
00572   union rsbac_target_id_t * tid,
00573   enum rsbac_attribute_t attr,
00574   union rsbac_attribute_value_t * value)
00575     { 
00576       union rsbac_target_id_t k_tid;
00577       union rsbac_attribute_value_t k_value;
00578       int   err = 0;
00579       struct task_struct * task_p;
00580       
00581       if(module > SW_NONE)
00582         return(-RSBAC_EINVALIDMODULE);
00583       if(!tid || (target >= T_NONE))
00584         return(-RSBAC_EINVALIDTARGET);
00585       if(!value)
00586         return(-RSBAC_EINVALIDPOINTER);
00587       if(attr >= A_none)
00588         return(-RSBAC_EINVALIDATTR);
00589 
00590       if(module == SW_NONE)
00591         {
00592           module = get_attr_module(attr);
00593           if(module == SW_NONE)
00594             return(-RSBAC_EINVALIDMODULE);
00595         }
00596 #ifdef CONFIG_RSBAC_FREEZE
00597       if(rsbac_freeze)
00598         {
00599           rsbac_printk(KERN_WARNING
00600                        "sys_rsbac_set_attr(): RSBAC configuration frozen, no administration allowed!\n");
00601           return -EPERM;
00602         }
00603 #endif
00604         
00605       /* get values from user space */
00606       rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00607       rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00608 
00609 
00610       switch(target)
00611         {
00612           case T_PROCESS:
00613             read_lock(&tasklist_lock);
00614             task_p = find_task_by_pid(k_tid.process);
00615             read_unlock(&tasklist_lock);
00616             if(!task_p)
00617               return(-RSBAC_EINVALIDTARGET);
00618             break;
00619 
00620 #ifdef CONFIG_RSBAC_NET_OBJ
00621             /* sanity check before using pointer */
00622           case T_NETOBJ:
00623             if(   !k_tid.netobj.sock_p
00624                || k_tid.netobj.remote_addr
00625 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00626                || !k_tid.netobj.sock_p->file
00627                || !k_tid.netobj.sock_p->file->f_dentry
00628                || !k_tid.netobj.sock_p->file->f_dentry->d_inode
00629                || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p)
00630 #else
00631                || !k_tid.netobj.sock_p->inode
00632                || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p)
00633 #endif
00634               )
00635               return -RSBAC_EINVALIDTARGET;
00636 #endif
00637 
00638 
00639           default:
00640             break;
00641         }
00642       
00643       /* call ADF */
00644 #ifdef CONFIG_RSBAC_DEBUG
00645       if (rsbac_debug_aef)
00646         rsbac_printk(KERN_DEBUG
00647                "sys_rsbac_set_attr(): calling ADF\n");
00648 #endif
00649       if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00650                              current->pid,
00651                              target,
00652                              k_tid,
00653                              attr,
00654                              k_value))
00655         {
00656           return -EPERM;
00657         }
00658       err = rsbac_ta_set_attr(ta_number, module, target, k_tid, attr, k_value);
00659       return err;
00660     }      /* end of sys_rsbac_set_attr() */
00661 
00662 int sys_rsbac_set_attr_n(
00663   rsbac_list_ta_number_t ta_number,
00664   enum rsbac_switch_target_t module,
00665   enum rsbac_target_t target,
00666   char * t_name,
00667   enum rsbac_attribute_t attr,
00668   union rsbac_attribute_value_t * value)
00669     {
00670       struct dentry * t_dentry;
00671       int     err = 0;
00672       union rsbac_attribute_value_t k_value;
00673       union rsbac_target_id_t  tid;
00674       struct nameidata nd;
00675 
00676       if(module > SW_NONE)
00677         return(-RSBAC_EINVALIDMODULE);
00678       if(!t_name || (target >= T_NONE))
00679         return(-RSBAC_EINVALIDTARGET);
00680       if(!value)
00681         return(-RSBAC_EINVALIDPOINTER);
00682       if(attr >= A_none)
00683         return(-RSBAC_EINVALIDATTR);
00684         
00685       if(module == SW_NONE)
00686         {
00687           module = get_attr_module(attr);
00688           if(module == SW_NONE)
00689             return(-RSBAC_EINVALIDMODULE);
00690         }
00691 
00692 #ifdef CONFIG_RSBAC_FREEZE
00693       if(rsbac_freeze)
00694         {
00695           rsbac_printk(KERN_WARNING
00696                        "sys_rsbac_set_attr_n(): RSBAC configuration frozen, no administration allowed!\n");
00697           return -EPERM;
00698         }
00699 #endif
00700       /* get values from user space */
00701       rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00702 
00703       /* lookup filename */
00704       if ((err = user_path_walk_link(t_name, &nd)))
00705         {
00706 #ifdef CONFIG_RSBAC_DEBUG
00707           if (rsbac_debug_aef)
00708             rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): call to user_path_walk_link() returned %i\n", err);
00709 #endif
00710           goto out;
00711         }
00712       t_dentry = nd.dentry;
00713       if (!t_dentry->d_inode)
00714         {
00715 #ifdef CONFIG_RSBAC_DEBUG
00716           if (rsbac_debug_aef)
00717             rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): file not found\n");
00718 #endif
00719           err = -RSBAC_EINVALIDTARGET;
00720           goto out_dput;
00721         }
00722 
00723       switch (target)
00724         {
00725           /* is inode of right type? */
00726           case T_FD:
00727             if(S_ISREG(t_dentry->d_inode->i_mode))
00728               {
00729                 target = T_FILE;
00730               }
00731             else
00732             if(S_ISDIR(t_dentry->d_inode->i_mode))
00733               {
00734                 target = T_DIR;
00735               }
00736             else
00737             if(S_ISLNK(t_dentry->d_inode->i_mode))
00738               {
00739                 target = T_SYMLINK;
00740               }
00741             else
00742             if(S_ISFIFO(t_dentry->d_inode->i_mode))
00743               {
00744                 target = T_FIFO;
00745               }
00746             else
00747             if(S_ISSOCK(t_dentry->d_inode->i_mode))
00748               {
00749                 target = T_UNIXSOCK;
00750               }
00751             else
00752             if(S_ISBLK(t_dentry->d_inode->i_mode))
00753               {
00754                 target = T_FILE;
00755               }
00756             else
00757             if(S_ISCHR(t_dentry->d_inode->i_mode))
00758               {
00759                 target = T_FILE;
00760               }
00761             else
00762               {
00763 #ifdef CONFIG_RSBAC_DEBUG
00764                 if (rsbac_debug_aef)
00765                   rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no filesystem object\n");
00766 #endif
00767                 err = -RSBAC_EINVALIDTARGET;
00768                 goto out_dput;
00769               }
00770             break;
00771 
00772           case T_FILE:
00773             if (   !(S_ISREG(t_dentry->d_inode->i_mode))
00774                 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00775                 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00776               {
00777 #ifdef CONFIG_RSBAC_DEBUG
00778                 if (rsbac_debug_aef)
00779                   rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no file\n");
00780 #endif
00781                 err = -RSBAC_EINVALIDTARGET;
00782                 goto out_dput;
00783               }
00784             break;
00785 
00786           case T_DIR:
00787             if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00788               {
00789 #ifdef CONFIG_RSBAC_DEBUG
00790                 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n");
00791 #endif
00792                 err = -RSBAC_EINVALIDTARGET;
00793                 goto out_dput;
00794               }
00795             break;
00796 
00797           case T_FIFO:
00798             /* is inode of type fifo? */
00799             if (   !(S_ISFIFO(t_dentry->d_inode->i_mode)))
00800               {
00801 #ifdef CONFIG_RSBAC_DEBUG
00802                 if (rsbac_debug_aef)
00803                   rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no fifo\n");
00804 #endif
00805                 err = -RSBAC_EINVALIDTARGET;
00806                 goto out_dput;
00807               }
00808             break;
00809 
00810           case T_UNIXSOCK:
00811             /* is inode of type fifo? */
00812             if (   !(S_ISSOCK(t_dentry->d_inode->i_mode)))
00813               {
00814 #ifdef CONFIG_RSBAC_DEBUG
00815                 if (rsbac_debug_aef)
00816                   rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no socket\n");
00817 #endif
00818                 err = -RSBAC_EINVALIDTARGET;
00819                 goto out_dput;
00820               }
00821             break;
00822 
00823           case T_SYMLINK:
00824             if (   !(S_ISLNK(t_dentry->d_inode->i_mode)))
00825               {
00826 #ifdef CONFIG_RSBAC_DEBUG
00827                 if (rsbac_debug_aef)
00828                   rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no symlink\n");
00829 #endif
00830                 err = -RSBAC_EINVALIDTARGET;
00831                 goto out_dput;
00832               }
00833             break;
00834 
00835           case T_DEV:
00836             if (   !(S_ISBLK(t_dentry->d_inode->i_mode))
00837                 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00838               {
00839 #ifdef CONFIG_RSBAC_DEBUG
00840                 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no dev\n");
00841 #endif
00842                 err = -RSBAC_EINVALIDTARGET;
00843                 goto out_dput;
00844               }
00845             break;
00846 
00847           default:
00848             err = -RSBAC_EINVALIDTARGET;
00849             goto out_dput;
00850         }
00851 
00852       if(target == T_DEV)
00853         {
00854           if(S_ISBLK(t_dentry->d_inode->i_mode))
00855             tid.dev.type = D_block;
00856           else
00857             tid.dev.type = D_char;
00858           tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
00859           tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
00860         }
00861       else
00862         {
00863           /* fill target id and call internal function */
00864           tid.file.device = t_dentry->d_sb->s_dev;
00865           tid.file.inode  = t_dentry->d_inode->i_ino;
00866           tid.file.dentry_p = t_dentry;
00867         }
00868       /* call ADF */
00869 #ifdef CONFIG_RSBAC_DEBUG
00870       if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): calling ADF\n");
00871 #endif
00872       if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00873                              current->pid,
00874                              target,
00875                              tid,
00876                              attr,
00877                              k_value))
00878         {
00879           err = -EPERM;
00880         }
00881       else
00882         {
00883           err = rsbac_ta_set_attr(ta_number, module, target, tid, attr, k_value);
00884         }
00885 
00886 out_dput:
00887       path_release(&nd);
00888 
00889 out:
00890       return(err);
00891     }      /* end of sys_rsbac_set_attr_n() */
00892 
00893 /************************************************************************** */
00894 
00895 int sys_rsbac_remove_target(
00896   rsbac_list_ta_number_t ta_number,
00897   enum rsbac_target_t target,
00898   union rsbac_target_id_t * tid)
00899     { 
00900       union rsbac_target_id_t k_tid;
00901       int   err = 0;
00902 
00903       /* for adf_request */
00904       union rsbac_attribute_value_t rsbac_attribute_value;
00905       
00906       if(!tid || (target >= T_NONE))
00907         return(-RSBAC_EINVALIDTARGET);
00908         
00909 #ifdef CONFIG_RSBAC_FREEZE
00910       if(rsbac_freeze)
00911         {
00912           rsbac_printk(KERN_WARNING
00913                        "sys_rsbac_remove_target(): RSBAC configuration frozen, no administration allowed!\n");
00914           return -EPERM;
00915         }
00916 #endif
00917 
00918       /* get values from user space */
00919       rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00920 
00921       /* call ADF */
00922 #ifdef CONFIG_RSBAC_DEBUG
00923       if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target(): calling ADF\n");
00924 #endif
00925       rsbac_attribute_value.dummy = 0;
00926       if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00927                              current->pid,
00928                              target,
00929                              k_tid,
00930                              A_none,
00931                              rsbac_attribute_value))
00932         {
00933           return -EPERM;
00934         }
00935       err = rsbac_ta_remove_target(ta_number, target, k_tid);
00936       return (err);
00937     }      /* end of sys_rsbac_remove_target() */
00938 
00939 int sys_rsbac_remove_target_n(
00940   rsbac_list_ta_number_t ta_number,
00941   enum rsbac_target_t target,
00942   char * t_name)
00943     { 
00944       struct dentry * t_dentry;
00945       int     err = 0;
00946       union rsbac_target_id_t  tid;
00947 
00948       /* for adf_request */
00949       union rsbac_attribute_value_t rsbac_attribute_value;
00950 
00951 /*    struct passwd * user_description_p; */
00952       
00953       struct nameidata nd;
00954 
00955       if(!t_name || (target >= T_NONE))
00956         return(-RSBAC_EINVALIDTARGET);
00957 
00958 #ifdef CONFIG_RSBAC_FREEZE
00959       if(rsbac_freeze)
00960         {
00961           rsbac_printk(KERN_WARNING
00962                        "sys_rsbac_remove_target_n(): RSBAC configuration frozen, no administration allowed!\n");
00963           return -EPERM;
00964         }
00965 #endif
00966 
00967       /* lookup filename */
00968       if ((err = user_path_walk_link(t_name, &nd)))
00969         {
00970 #ifdef CONFIG_RSBAC_DEBUG
00971           if (rsbac_debug_aef)
00972             rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): call to user_path_walk_link() returned %i\n", err);
00973 #endif
00974           goto out;
00975         }
00976       t_dentry = nd.dentry;
00977       if (!t_dentry->d_inode)
00978         {
00979 #ifdef CONFIG_RSBAC_DEBUG
00980           if (rsbac_debug_aef)
00981             rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): file not found\n");
00982 #endif
00983           err = -RSBAC_EINVALIDTARGET;
00984           goto out_dput;
00985         }
00986 
00987       switch (target)
00988         {
00989           /* is inode of right type? */
00990           case T_FD:
00991             if(S_ISREG(t_dentry->d_inode->i_mode))
00992               {
00993                 target = T_FILE;
00994               }
00995             else
00996             if(S_ISDIR(t_dentry->d_inode->i_mode))
00997               {
00998                 target = T_DIR;
00999               }
01000             else
01001             if(S_ISLNK(t_dentry->d_inode->i_mode))
01002               {
01003                 target = T_SYMLINK;
01004               }
01005             else
01006             if(S_ISFIFO(t_dentry->d_inode->i_mode))
01007               {
01008                 target = T_FIFO;
01009               }
01010             else
01011             if(S_ISSOCK(t_dentry->d_inode->i_mode))
01012               {
01013                 target = T_UNIXSOCK;
01014               }
01015             else
01016             if(S_ISBLK(t_dentry->d_inode->i_mode))
01017               {
01018                 target = T_FILE;
01019               }
01020             else
01021             if(S_ISCHR(t_dentry->d_inode->i_mode))
01022               {
01023                 target = T_FILE;
01024               }
01025             else
01026               {
01027 #ifdef CONFIG_RSBAC_DEBUG
01028                 if (rsbac_debug_aef)
01029                   rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no filesystem object\n");
01030 #endif
01031                 err = -RSBAC_EINVALIDTARGET;
01032                 goto out_dput;
01033               }
01034             break;
01035 
01036           case T_FILE:
01037             if (   !(S_ISREG(t_dentry->d_inode->i_mode))
01038                 && !(S_ISBLK(t_dentry->d_inode->i_mode))
01039                 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
01040               {
01041 #ifdef CONFIG_RSBAC_DEBUG
01042                 if (rsbac_debug_aef)
01043                   rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no file\n");
01044 #endif
01045                 err = -RSBAC_EINVALIDTARGET;
01046                 goto out_dput;
01047               }
01048             break;
01049 
01050           case T_DIR:
01051             if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
01052               {
01053 #ifdef CONFIG_RSBAC_DEBUG
01054                 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n");
01055 #endif
01056                 err = -RSBAC_EINVALIDTARGET;
01057                 goto out_dput;
01058               }
01059             break;
01060 
01061           case T_FIFO:
01062             /* is inode of type fifo? */
01063             if (   !(S_ISFIFO(t_dentry->d_inode->i_mode)))
01064               {
01065 #ifdef CONFIG_RSBAC_DEBUG
01066                 if (rsbac_debug_aef)
01067                   rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no fifo\n");
01068 #endif
01069                 err = -RSBAC_EINVALIDTARGET;
01070                 goto out_dput;
01071               }
01072             break;
01073 
01074           case T_UNIXSOCK:
01075             /* is inode of type fifo? */
01076             if (   !(S_ISSOCK(t_dentry->d_inode->i_mode)))
01077               {
01078 #ifdef CONFIG_RSBAC_DEBUG
01079                 if (rsbac_debug_aef)
01080                   rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no socket\n");
01081 #endif
01082                 err = -RSBAC_EINVALIDTARGET;
01083                 goto out_dput;
01084               }
01085             break;
01086 
01087           case T_SYMLINK:
01088             if (   !(S_ISLNK(t_dentry->d_inode->i_mode)))
01089               {
01090 #ifdef CONFIG_RSBAC_DEBUG
01091                 if (rsbac_debug_aef)
01092                   rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no symlink\n");
01093 #endif
01094                 err = -RSBAC_EINVALIDTARGET;
01095                 goto out_dput;
01096               }
01097             break;
01098 
01099           case T_DEV:
01100             if (   !(S_ISBLK(t_dentry->d_inode->i_mode))
01101                 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
01102               {
01103 #ifdef CONFIG_RSBAC_DEBUG
01104                 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no dev\n");
01105 #endif
01106                 err = -RSBAC_EINVALIDTARGET;
01107                 goto out_dput;
01108               }
01109             break;
01110 
01111           default:
01112             err = -RSBAC_EINVALIDTARGET;
01113             goto out_dput;
01114         }
01115 
01116       if(target == T_DEV)
01117         {
01118           if(S_ISBLK(t_dentry->d_inode->i_mode))
01119             tid.dev.type = D_block;
01120           else
01121             tid.dev.type = D_char;
01122           tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
01123           tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
01124         }
01125       else
01126         {
01127           /* fill target id and call internal function */
01128           tid.file.device = t_dentry->d_sb->s_dev;
01129           tid.file.inode  = t_dentry->d_inode->i_ino;
01130           tid.file.dentry_p = t_dentry;
01131         }
01132       /* call ADF */
01133 #ifdef CONFIG_RSBAC_DEBUG
01134       if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): calling ADF\n");
01135 #endif
01136       rsbac_attribute_value.dummy = 0;
01137       if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
01138                              current->pid,
01139                              target,
01140                              tid,
01141                              A_none,
01142                              rsbac_attribute_value))
01143         {
01144           err = -EPERM;
01145         }
01146       else
01147         {
01148           err = rsbac_ta_remove_target(ta_number, target, tid);
01149         }
01150 
01151 out_dput:
01152       path_release(&nd);
01153 
01154 out:
01155       return(err);
01156     }      /* end of sys_rsbac_remove_target_n() */
01157 
01158 int sys_rsbac_list_all_dev(
01159   rsbac_list_ta_number_t ta_number,
01160   struct rsbac_dev_desc_t * id_p,
01161   u_long maxnum)
01162   {
01163     int err = 0;
01164     long count;
01165 
01166     if(id_p && maxnum)
01167       {
01168         struct rsbac_dev_desc_t * k_id_p = NULL;
01169 
01170         count = rsbac_ta_list_all_dev(ta_number, &k_id_p);
01171         if(count <= 0)
01172           return count;
01173         if(count > maxnum)
01174           count = maxnum;
01175 
01176         err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01177 
01178         rsbac_vfree(k_id_p);
01179 
01180         if(err)
01181           return err;
01182         else
01183           return count;
01184       }
01185     else
01186       return rsbac_ta_list_all_dev(ta_number, NULL);
01187   }
01188 
01189 int sys_rsbac_list_all_user(
01190   rsbac_list_ta_number_t ta_number,
01191   rsbac_uid_t * id_p,
01192   u_long maxnum)
01193   {
01194     int err = 0;
01195     long count;
01196 
01197     if(id_p && maxnum)
01198       {
01199         rsbac_uid_t * k_id_p = NULL;
01200 
01201         count = rsbac_ta_list_all_user(ta_number, &k_id_p);
01202         if(count <= 0)
01203           return count;
01204         if(count > maxnum)
01205           count = maxnum;
01206 
01207         err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01208 
01209         rsbac_vfree(k_id_p);
01210 
01211         if(err)
01212           return err;
01213         else
01214           return count;
01215       }
01216     else
01217       return rsbac_ta_list_all_user(ta_number, NULL);
01218   }
01219 
01220 int sys_rsbac_list_all_group(
01221   rsbac_list_ta_number_t ta_number,
01222   rsbac_gid_t * id_p,
01223   u_long maxnum)
01224   {
01225     int err = 0;
01226     long count;
01227 
01228     if(id_p && maxnum)
01229       {
01230         rsbac_gid_t * k_id_p = NULL;
01231 
01232         count = rsbac_ta_list_all_group(ta_number, &k_id_p);
01233         if(count <= 0)
01234           return count;
01235         if(count > maxnum)
01236           count = maxnum;
01237 
01238         err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01239 
01240         rsbac_vfree(k_id_p);
01241 
01242         if(err)
01243           return err;
01244         else
01245           return count;
01246       }
01247     else
01248       return rsbac_ta_list_all_group(ta_number, NULL);
01249   }
01250 
01251 int sys_rsbac_list_all_ipc(rsbac_list_ta_number_t ta_number,
01252                            struct rsbac_ipc_t * id_p, u_long maxnum)
01253 {
01254         int err = 0;
01255         long count;
01256 
01257         if (id_p && maxnum) {
01258                 struct rsbac_ipc_t *k_id_p = NULL;
01259 
01260                 count = rsbac_ta_list_all_ipc(ta_number, &k_id_p);
01261                 if (count <= 0)
01262                         return count;
01263                 if (count > maxnum)
01264                         count = maxnum;
01265 
01266                 err =
01267                     rsbac_put_user((u_char *) k_id_p, (u_char *) id_p,
01268                                    count * sizeof(*k_id_p));
01269 
01270                 rsbac_vfree(k_id_p);
01271 
01272                 if (err)
01273                         return err;
01274                 else
01275                         return count;
01276         } else
01277                 return rsbac_ta_list_all_ipc(ta_number, NULL);
01278 }
01279 
01280 int sys_rsbac_net_list_all_netdev(
01281   rsbac_list_ta_number_t ta_number,
01282   rsbac_netdev_id_t * id_p,
01283   u_long maxnum)
01284   {
01285 #ifdef CONFIG_RSBAC_NET_DEV
01286     int err = 0;
01287     long count;
01288 
01289     if(id_p && maxnum)
01290       {
01291         rsbac_netdev_id_t * k_id_p = NULL;
01292 
01293         count = rsbac_ta_net_list_all_netdev(ta_number, &k_id_p);
01294         if(count <= 0)
01295           return count;
01296         if(count > maxnum)
01297           count = maxnum;
01298 
01299         err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01300 
01301         rsbac_vfree(k_id_p);
01302 
01303         if(err)
01304           return err;
01305         else
01306           return count;
01307       }
01308     else
01309       return rsbac_ta_net_list_all_netdev(ta_number, NULL);
01310 
01311 #else
01312     return -RSBAC_EINVALIDREQUEST;
01313 #endif /* CONFIG_RSBAC_NET_DEV */
01314   }
01315 
01316 int sys_rsbac_net_template(rsbac_list_ta_number_t ta_number,
01317                            enum rsbac_net_temp_syscall_t call,
01318                            rsbac_net_temp_id_t id,
01319                            union rsbac_net_temp_syscall_data_t *data_p)
01320 {
01321 #ifdef CONFIG_RSBAC_NET_OBJ
01322         union rsbac_net_temp_syscall_data_t k_data;
01323         int err = 0;
01324         /* for adf_request */
01325 #ifndef CONFIG_RSBAC_MAINT
01326         union rsbac_target_id_t i_tid;
01327         union rsbac_attribute_value_t i_attr_val;
01328 #endif
01329 
01330         if (!id)
01331                 return -RSBAC_EINVALIDVALUE;
01332         if (!data_p)
01333                 return -RSBAC_EINVALIDPOINTER;
01334 
01335         /* get data values from user space */
01336         switch (call) {
01337         case NTS_set_address:
01338         case NTS_set_address_family:
01339         case NTS_set_type:
01340         case NTS_set_protocol:
01341         case NTS_set_netdev:
01342         case NTS_set_ports:
01343         case NTS_set_name:
01344         case NTS_new_template:
01345         case NTS_copy_template:
01346         case NTS_delete_template:
01347 #ifdef CONFIG_RSBAC_FREEZE
01348                 if (rsbac_freeze) {
01349                         rsbac_printk(KERN_WARNING "sys_rsbac_net_template(): RSBAC configuration frozen, no administration allowed\n");
01350                         return -EPERM;
01351                 }
01352 #endif
01353                 if (call != NTS_delete_template) {
01354                         err =
01355                             rsbac_get_user((u_char *) & k_data,
01356                                            (u_char *) data_p,
01357                                            sizeof(k_data));
01358                         if (err)
01359                                 return err;
01360                 }
01361                 break;
01362         case NTS_check_id:
01363         case NTS_get_address:
01364         case NTS_get_address_family:
01365         case NTS_get_type:
01366         case NTS_get_protocol:
01367         case NTS_get_netdev:
01368         case NTS_get_ports:
01369         case NTS_get_name:
01370                 break;
01371 
01372         default:
01373                 return -RSBAC_EINVALIDREQUEST;
01374         }
01375 
01376 #ifndef CONFIG_RSBAC_MAINT
01377         rsbac_pr_debug(aef, "calling ADF\n");
01378         i_tid.nettemp = id;
01379         i_attr_val.dummy = 0;
01380         switch (call) {
01381         case NTS_new_template:
01382                 if (!rsbac_adf_request(R_CREATE,
01383                                        current->pid,
01384                                        T_NETTEMP,
01385                                        i_tid, A_none, i_attr_val))
01386 #ifdef CONFIG_RSBAC_SOFTMODE
01387                         if (!rsbac_softmode)
01388 #endif
01389                                 return -EPERM;
01390                 break;
01391 
01392         case NTS_copy_template:
01393                 if (!rsbac_net_template_exist(id)) {
01394                         if (!rsbac_adf_request(R_CREATE,
01395                                                current->pid,
01396                                                T_NETTEMP,
01397                                                i_tid, A_none, i_attr_val))
01398 #ifdef CONFIG_RSBAC_SOFTMODE
01399                                 if (!rsbac_softmode)
01400 #endif
01401                                         return -EPERM;
01402                 } else {
01403                         if (!rsbac_adf_request(R_WRITE,
01404                                                current->pid,
01405                                                T_NETTEMP,
01406                                                i_tid, A_none, i_attr_val))
01407 #ifdef CONFIG_RSBAC_SOFTMODE
01408                                 if (!rsbac_softmode)
01409 #endif
01410                                         return -EPERM;
01411                 }
01412                 i_tid.nettemp = k_data.id;
01413                 if (!rsbac_adf_request(R_READ,
01414                                        current->pid,
01415                                        T_NETTEMP,
01416                                        i_tid, A_none, i_attr_val))
01417 #ifdef CONFIG_RSBAC_SOFTMODE
01418                         if (!rsbac_softmode)
01419 #endif
01420                                 return -EPERM;
01421                 break;
01422 
01423         case NTS_delete_template:
01424                 if (!rsbac_adf_request(R_DELETE,
01425                                        current->pid,
01426                                        T_NETTEMP,
01427                                        i_tid, A_none, i_attr_val))
01428 #ifdef CONFIG_RSBAC_SOFTMODE
01429                         if (!rsbac_softmode)
01430 #endif
01431                                 return -EPERM;
01432                 break;
01433 
01434         case NTS_get_address:
01435         case NTS_get_address_family:
01436         case NTS_get_type:
01437         case NTS_get_protocol:
01438         case NTS_get_netdev:
01439         case NTS_get_ports:
01440                 if (!rsbac_adf_request(R_READ,
01441                                        current->pid,
01442                                        T_NETTEMP,
01443                                        i_tid, A_none, i_attr_val))
01444 #ifdef CONFIG_RSBAC_SOFTMODE
01445                         if (!rsbac_softmode)
01446 #endif
01447                                 return -EPERM;
01448                 break;
01449 
01450         case NTS_set_address:
01451         case NTS_set_address_family:
01452         case NTS_set_type:
01453         case NTS_set_protocol:
01454         case NTS_set_netdev:
01455         case NTS_set_ports:
01456         case NTS_set_name:
01457                 if (!rsbac_adf_request(R_WRITE,
01458                                        current->pid,
01459                                        T_NETTEMP,
01460                                        i_tid, A_none, i_attr_val))
01461 #ifdef CONFIG_RSBAC_SOFTMODE
01462                         if (!rsbac_softmode)
01463 #endif
01464                                 return -EPERM;
01465                 break;
01466 
01467         default:
01468                 break;
01469         }
01470 #endif                          /* !MAINT */
01471 
01472         err = rsbac_ta_net_template(ta_number, call, id, &k_data);
01473         if (!err) {
01474                 /* put data values to user space */
01475                 switch (call) {
01476                 case NTS_check_id:
01477                 case NTS_get_address:
01478                 case NTS_get_address_family:
01479                 case NTS_get_type:
01480                 case NTS_get_protocol:
01481                 case NTS_get_netdev:
01482                 case NTS_get_ports:
01483                 case NTS_get_name:
01484                         err = rsbac_put_user((u_char *) & k_data,
01485                                            (u_char *) data_p,
01486                                            sizeof(k_data));
01487                         break;
01488                 default:
01489                         break;
01490                 }
01491         }
01492         return err;
01493 
01494 #else
01495         return -RSBAC_EINVALIDREQUEST;
01496 #endif                          /* NET_OBJ */
01497 }
01498 
01499 int sys_rsbac_net_list_all_template(
01500   rsbac_list_ta_number_t ta_number,
01501   rsbac_net_temp_id_t * id_p,
01502   u_long maxnum)
01503   {
01504 #ifdef CONFIG_RSBAC_NET_OBJ
01505     int err = 0;
01506     int count;
01507     union rsbac_target_id_t i_tid;
01508     union rsbac_attribute_value_t i_attr_val;
01509 
01510     i_tid.nettemp = 0;
01511     i_attr_val.dummy = 0;
01512     if (!rsbac_adf_request(R_READ,
01513                            current->pid,
01514                            T_NETTEMP,
01515                            i_tid,
01516                            A_none,
01517                            i_attr_val))
01518       return -EPERM;
01519     if(id_p && maxnum)
01520       {
01521         rsbac_net_temp_id_t * k_id_p = NULL;
01522 
01523         count = rsbac_ta_net_list_all_template(ta_number, &k_id_p);
01524         if(count <= 0)
01525           return count;
01526         if(count > maxnum)
01527           count = maxnum;
01528 
01529         err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01530 
01531         rsbac_vfree(k_id_p);
01532 
01533         if(err)
01534           return err;
01535         else
01536           return count;
01537       }
01538     else
01539       return rsbac_ta_net_list_all_template(ta_number, NULL);
01540 
01541 #else
01542     return -RSBAC_EINVALIDREQUEST;
01543 #endif /* CONFIG_RSBAC_NET_OBJ */
01544   }
01545 
01546 
01547 /************************************************* */
01548 /*                 ADF functions                   */
01549 /************************************************* */
01550 
01551 int sys_rsbac_switch(enum rsbac_switch_target_t module, int value)
01552   {
01553 #if defined(CONFIG_RSBAC_SWITCH) || defined(CONFIG_RSBAC_SOFTMODE)
01554     union rsbac_target_id_t       rsbac_target_id;
01555     union rsbac_attribute_value_t rsbac_attribute_value;
01556     char                         * switch_name;
01557   
01558     /* call ADF */
01559     if(module >= SW_NONE)
01560       return(-RSBAC_EINVALIDTARGET);
01561     if (   (value < 0)
01562 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01563         || (value > 3)
01564 #else
01565         || (value > 1)
01566 #endif
01567        )
01568       return (-RSBAC_EINVALIDVALUE);
01569 
01570 #ifdef CONFIG_RSBAC_SOFTMODE
01571     if(   rsbac_softmode_prohibit
01572        && (   (   (value == 1)
01573                && (module == SW_SOFTMODE)
01574               )
01575 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01576            || (value == 3)
01577 #endif
01578           )
01579       )
01580       {
01581         rsbac_printk(KERN_WARNING
01582                      "sys_rsbac_switch(): setting of softmode prohibited!\n");
01583         return -EPERM;
01584       }
01585 #endif
01586 
01587 #ifdef CONFIG_RSBAC_DEBUG
01588     if (rsbac_debug_aef)
01589       rsbac_printk(KERN_DEBUG "sys_rsbac_switch(): calling ADF\n");
01590 #endif
01591     rsbac_target_id.dummy = 0;
01592 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
01593     if(module == SW_DAC_DISABLE)
01594       {
01595 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01596         if(value > 1)
01597           return -RSBAC_EINVALIDVALUE;
01598 #endif
01599         rsbac_attribute_value.dummy = 0;
01600         if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
01601                                current->pid,
01602                                T_NONE,
01603                                rsbac_target_id,
01604                                A_none,
01605                                rsbac_attribute_value))
01606           {
01607             return -EPERM;
01608           }
01609       }
01610     else
01611 #endif
01612       {
01613         rsbac_attribute_value.switch_target = module;
01614         if (!rsbac_adf_request(R_SWITCH_MODULE,
01615                                current->pid,
01616                                T_NONE,
01617                                rsbac_target_id,
01618                                A_switch_target,
01619                                rsbac_attribute_value))
01620           {
01621             return -EPERM;
01622           }
01623       }
01624 
01625     switch(value)
01626       {
01627 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01628         case 2:
01629         case 3:
01630           rsbac_ind_softmode[module] = value - 2;
01631           break;
01632 #endif
01633 
01634         default:
01635           switch (module)
01636             {
01637 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
01638               case SW_DAC_DISABLE: rsbac_dac_disable = value;
01639                    break;
01640 #endif
01641 #ifdef CONFIG_RSBAC_SOFTMODE
01642               case SW_SOFTMODE: rsbac_softmode = value;
01643                   break;
01644 #endif
01645 #ifdef CONFIG_RSBAC_FREEZE
01646               case SW_FREEZE:
01647                   if(rsbac_freeze)
01648                     {
01649                       rsbac_printk(KERN_WARNING
01650                                    "sys_rsbac_switch(): RSBAC configuration frozen, no administration allowed!\n");
01651                       return -EPERM;
01652                     }
01653                   rsbac_freeze = value;
01654                   break;
01655 #endif
01656 #ifdef CONFIG_RSBAC_SWITCH_MAC
01657               case SW_MAC:
01658 #ifndef CONFIG_RSBAC_SWITCH_ON
01659                   if(value)
01660                     return -RSBAC_EINVALIDMODULE;
01661 #endif
01662                   rsbac_switch_mac = value;
01663                   break;
01664 #endif
01665 #ifdef CONFIG_RSBAC_SWITCH_PM
01666               case SW_PM:
01667 #ifndef CONFIG_RSBAC_SWITCH_ON
01668                   if(value)
01669                     return -RSBAC_EINVALIDMODULE;
01670 #endif
01671                   rsbac_switch_pm = value;
01672                   break;
01673 #endif
01674 #ifdef CONFIG_RSBAC_SWITCH_DAZ
01675               case SW_DAZ:
01676                   rsbac_switch_daz = value;
01677                   break;
01678 #endif
01679 #ifdef CONFIG_RSBAC_SWITCH_FF
01680               case SW_FF:
01681                   rsbac_switch_ff = value;
01682                   break;
01683 #endif
01684 #ifdef CONFIG_RSBAC_SWITCH_RC
01685               case SW_RC:
01686 #ifndef CONFIG_RSBAC_SWITCH_ON
01687                   if(value)
01688                     return -RSBAC_EINVALIDMODULE;
01689 #endif
01690                   rsbac_switch_rc = value;
01691                   break;
01692 #endif
01693 #ifdef CONFIG_RSBAC_SWITCH_AUTH
01694               case SW_AUTH:
01695                   rsbac_switch_auth = value;
01696                   break;
01697 #endif
01698 #ifdef CONFIG_RSBAC_SWITCH_ACL
01699               case SW_ACL:
01700                   rsbac_switch_acl = value;
01701                   break;
01702 #endif
01703 #ifdef CONFIG_RSBAC_SWITCH_CAP
01704               case SW_CAP:
01705                   rsbac_switch_cap = value;
01706                   break;
01707 #endif
01708 #ifdef CONFIG_RSBAC_SWITCH_JAIL
01709               case SW_JAIL:
01710                   rsbac_switch_jail = value;
01711                   break;
01712 #endif
01713 #ifdef CONFIG_RSBAC_SWITCH_RES
01714               case SW_RES:
01715                   rsbac_switch_res = value;
01716                   break;
01717 #endif
01718 #ifdef CONFIG_RSBAC_SWITCH_PAX
01719               case SW_PAX:
01720                   rsbac_switch_pax = value;
01721                   break;
01722 #endif
01723               default:
01724                 return (-RSBAC_EINVALIDMODULE);
01725             }
01726       }
01727 
01728     switch_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01729     if(switch_name)
01730       {
01731         int show_value = value;
01732 
01733         get_switch_target_name(switch_name, module);
01734 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01735         switch(value)
01736           {
01737             case 2:
01738             case 3:
01739               strcat(switch_name, " softmode");
01740               show_value -= 2;
01741               break;
01742             default:
01743               break;
01744           }
01745 #endif
01746         rsbac_printk(KERN_WARNING
01747                "sys_rsbac_switch(): user %u switched RSBAC module %s to %i!\n",
01748                current->uid, switch_name, show_value);
01749         rsbac_kfree(switch_name);
01750       }
01751     return 0;
01752 #else
01753     return -RSBAC_EINVALIDREQUEST;
01754 #endif /* SWITCH || SOFTMODE*/
01755   }
01756 
01771 int sys_rsbac_get_switch(enum rsbac_switch_target_t module,
01772                         int * value_p,
01773                         int * switchable_p)
01774 {
01775         int                           value = 1; // default if module exists and RSBAC_SWITCH is not compiled
01776         int                           switchable = 0;
01777         int                           allow_softmode = 0;
01778         int                           err = 0;
01779         union rsbac_target_id_t       rsbac_target_id;
01780         union rsbac_attribute_value_t rsbac_attribute_value;
01781 
01782         if(module >= SW_NONE)
01783                 return -RSBAC_EINVALIDTARGET;
01784 
01785 #ifdef CONFIG_RSBAC_DEBUG
01786         if(rsbac_debug_aef)
01787                 rsbac_printk(KERN_DEBUG "sys_rsbac_get_switch(): calling ADF\n");
01788 #endif
01789         rsbac_target_id.scd = ST_rsbac;
01790         rsbac_attribute_value.dummy = 0;
01791         if(!rsbac_adf_request(R_GET_STATUS_DATA,
01792                                 current->pid,
01793                                 T_SCD,
01794                                 rsbac_target_id,
01795                                 A_none,
01796                                 rsbac_attribute_value))
01797         {
01798                 return -EPERM;
01799         }
01800         switch(module)
01801         {
01802                 case SW_GEN:
01803                         allow_softmode = 0;
01804                         switchable = 0;
01805                         break;
01806 #ifdef CONFIG_RSBAC_UM
01807                 case SW_UM:
01808                         allow_softmode = 0;
01809                         switchable = 0;
01810                         break;
01811 #endif
01812 #ifdef CONFIG_RSBAC_REG
01813                 case SW_REG:
01814                         allow_softmode = 1;
01815                         switchable = 0;
01816                         break;
01817 #endif
01818 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
01819                 case SW_DAC_DISABLE:
01820                         allow_softmode = 0;
01821                         value = rsbac_dac_disable;
01822                         switchable = 3;
01823                         break;
01824 #endif
01825 #ifdef CONFIG_RSBAC_SOFTMODE
01826                 case SW_SOFTMODE:
01827                         allow_softmode = 0;
01828                         value = rsbac_softmode;
01829                         switchable = (rsbac_softmode_prohibit?2:3);
01830                         break;
01831 #endif
01832 #ifdef CONFIG_RSBAC_FREEZE
01833                 case SW_FREEZE:
01834                         allow_softmode = 0;
01835                         value = rsbac_freeze;
01836                         switchable = 1;
01837                         break;
01838 #endif
01839 #ifdef CONFIG_RSBAC_MAC
01840                 case SW_MAC:
01841                         allow_softmode = 1;
01842 #ifdef CONFIG_RSBAC_SWITCH_MAC
01843                         value = rsbac_switch_mac;
01844 #ifdef CONFIG_RSBAC_SWITCH_ON
01845                         switchable = 3;
01846 #else
01847                         switchable = 2;
01848 #endif
01849 #else
01850                         switchable = 0;
01851 #endif
01852                         break;
01853 #endif
01854 #ifdef CONFIG_RSBAC_PM
01855                 case SW_PM:
01856                         allow_softmode = 1;
01857 #ifdef CONFIG_RSBAC_SWITCH_PM
01858                         value = rsbac_switch_pm;
01859 #ifdef CONFIG_RSBAC_SWITCH_ON
01860                         switchable = 3;
01861 #else
01862                         switchable = 2;
01863 #endif
01864 #else
01865                         switchable = 0;
01866 #endif
01867                         break;
01868 #endif
01869 #ifdef CONFIG_RSBAC_DAZ
01870                 case SW_DAZ:
01871                         allow_softmode = 1;
01872 #ifdef CONFIG_RSBAC_SWICHT_DAZ
01873                         value = rsbac_switch_daz;
01874                         switchable = 3;
01875 #else
01876                         switchable = 0;
01877 #endif
01878                         break;
01879 #endif
01880 #ifdef CONFIG_RSBAC_FF
01881                 case SW_FF:
01882                         allow_softmode = 1;
01883 #ifdef CONFIG_RSBAC_SWITCH_FF
01884                         value = rsbac_switch_ff;
01885                         switchable = 3;
01886 #else
01887                         switchable = 0;
01888 #endif
01889                         break;
01890 #endif
01891 #ifdef CONFIG_RSBAC_RC
01892                 case SW_RC:
01893                         allow_softmode = 1;
01894 #ifdef CONFIG_RSBAC_SWITCH_RC
01895                         value = rsbac_switch_rc;
01896 #ifdef CONFIG_RSBAC_SWITCH_ON
01897                         switchable = 3;
01898 #else
01899                         switchable = 2;
01900 #endif
01901 #else
01902                         switchable = 0;
01903 #endif
01904                         break;
01905 #endif
01906 #ifdef CONFIG_RSBAC_AUTH
01907                 case SW_AUTH:
01908                         allow_softmode = 1;
01909 #ifdef CONFIG_RSBAC_SWITCH_AUTH
01910                         value = rsbac_switch_auth;
01911                         switchable = 3;
01912 #else
01913                         switchable = 0;
01914 #endif
01915                         break;
01916 #endif
01917 #ifdef CONFIG_RSBAC_ACL
01918                 case SW_ACL:
01919                         allow_softmode = 1;
01920 #ifdef CONFIG_RSBAC_SWITCH_ACL
01921                         value = rsbac_switch_acl;
01922                         switchable = 3;
01923 #else
01924                         switchable = 0;
01925 #endif
01926                         break;
01927 #endif
01928 #ifdef CONFIG_RSBAC_CAP
01929                 case SW_CAP:
01930                         allow_softmode = 1;
01931 #ifdef CONFIG_RSBAC_SWITCH_CAP
01932                         value = rsbac_switch_cap;
01933                         switchable = 3;
01934 #else
01935                         switchable = 0;
01936 #endif
01937                         break;
01938 #endif
01939 #ifdef CONFIG_RSBAC_JAIL
01940                 case SW_JAIL:
01941                         allow_softmode = 1;
01942 #ifdef CONFIG_RSBAC_SWITCH_JAIL
01943                         value = rsbac_switch_jail;
01944                         switchable = 3;
01945 #else
01946                         switchable = 0;
01947 #endif
01948                         break;
01949 #endif
01950 #ifdef CONFIG_RSBAC_RES
01951                 case SW_RES:
01952                         allow_softmode = 1;
01953 #ifdef CONFIG_RSBAC_SWITCH_RES
01954                         value = rsbac_switch_res;
01955                         switchable = 3;
01956 #else
01957                         switchable = 0;
01958 #endif
01959                         break;
01960 #endif
01961 #ifdef CONFIG_RSBAC_PAX
01962                 case SW_PAX:
01963                         allow_softmode = 1;
01964 #ifdef CONFIG_RSBAC_SWITCH_PAX
01965                         value = rsbac_switch_pax;
01966                         switchable = 3;
01967 #else
01968                         switchable = 0;
01969 #endif
01970                         break;
01971 #endif
01972                 default:
01973                         return -RSBAC_EINVALIDMODULE;
01974         }
01975 
01976 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01977         if(allow_softmode) {
01978                 value |= rsbac_ind_softmode[module] << 1;
01979                 switchable |= (rsbac_softmode_prohibit?2:3) << 2;
01980         }
01981 #endif
01982         if(value_p)
01983                 err = rsbac_put_user((u_char *) &value, (u_char *)value_p, sizeof(int));
01984         if(!err && switchable_p)
01985                 err = rsbac_put_user((u_char *) &switchable, (u_char *)switchable_p, sizeof(int));
01986         return err;
01987 }
01988 
01989 /************** MAC ***************/
01990 
01991 int sys_rsbac_mac_set_curr_level(rsbac_security_level_t level,
01992                                  rsbac_mac_category_vector_t * categories_p)
01993   {
01994 #ifdef CONFIG_RSBAC_MAC
01995     rsbac_mac_category_vector_t k_categories;
01996     int err;
01997 
01998     if(!categories_p)
01999       return -RSBAC_EINVALIDPOINTER;
02000     err = rsbac_get_user((char *) &k_categories, (char *) categories_p, sizeof(k_categories));
02001     if(err)
02002       return err;
02003     return (rsbac_mac_set_curr_level(level, k_categories));
02004 #else
02005     return (-RSBAC_EINVALIDMODULE);
02006 #endif
02007   }
02008 
02009 int sys_rsbac_mac_get_curr_level(rsbac_security_level_t * level_p,
02010                                  rsbac_mac_category_vector_t * categories_p)
02011   {
02012 #ifdef CONFIG_RSBAC_MAC
02013     int err = 0;
02014     rsbac_security_level_t k_level;
02015     rsbac_mac_category_vector_t k_categories;
02016 
02017     err = rsbac_mac_get_curr_level(&k_level, &k_categories);
02018     if(err)
02019       return err;
02020     if(level_p)
02021       {
02022         err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
02023         if(err)
02024           return err;
02025       }
02026     if(categories_p)
02027       {
02028         err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
02029       }
02030     return err;
02031 #else
02032     return (-RSBAC_EINVALIDMODULE);
02033 #endif
02034   }
02035 
02036 int sys_rsbac_mac_get_max_level(rsbac_security_level_t * level_p,
02037                                 rsbac_mac_category_vector_t * categories_p)
02038   {
02039 #ifdef CONFIG_RSBAC_MAC
02040     int err = 0;
02041     rsbac_security_level_t k_level;
02042     rsbac_mac_category_vector_t k_categories;
02043 
02044     err = rsbac_mac_get_max_level(&k_level, &k_categories);
02045     if(err)
02046       return err;
02047     if(level_p)
02048       {
02049         err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
02050         if(err)
02051           return err;
02052       }
02053     if(categories_p)
02054       {
02055         err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
02056       }
02057     return err;
02058 #else
02059     return (-RSBAC_EINVALIDMODULE);
02060 #endif
02061   }
02062 
02063 int sys_rsbac_mac_get_min_level(rsbac_security_level_t * level_p,
02064                                 rsbac_mac_category_vector_t * categories_p)
02065   {
02066 #ifdef CONFIG_RSBAC_MAC
02067     int err = 0;
02068     rsbac_security_level_t k_level;
02069     rsbac_mac_category_vector_t k_categories;
02070 
02071     err = rsbac_mac_get_min_level(&k_level, &k_categories);
02072     if(err)
02073       return err;
02074     if(level_p)
02075       {
02076         err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
02077         if(err)
02078           return err;
02079       }
02080     if(categories_p)
02081       {
02082         err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
02083       }
02084     return err;
02085 #else
02086     return (-RSBAC_EINVALIDMODULE);
02087 #endif
02088   }
02089 
02090 /* Provide means for adding and removing of capabilities */
02091 int sys_rsbac_mac_add_p_tru(
02092   rsbac_list_ta_number_t ta_number,
02093   rsbac_pid_t pid,
02094   rsbac_uid_t uid,
02095   rsbac_time_t ttl)
02096   {
02097 #if defined(CONFIG_RSBAC_MAC)
02098     struct task_struct * task_p;
02099 
02100 #ifdef CONFIG_RSBAC_FREEZE
02101     if(rsbac_freeze)
02102       {
02103         rsbac_printk(KERN_WARNING
02104                      "sys_rsbac_mac_add_p_tru(): RSBAC configuration frozen, no administration allowed!\n");
02105         return -EPERM;
02106       }
02107 #endif
02108 
02109     read_lock(&tasklist_lock);
02110     task_p = find_task_by_pid(pid);
02111     read_unlock(&tasklist_lock);
02112     if(!task_p)
02113       return(-RSBAC_EINVALIDTARGET);
02114 
02115     return(rsbac_mac_add_p_tru(ta_number, pid, uid, ttl));
02116 #else
02117     return (-RSBAC_EINVALIDMODULE);
02118 #endif    
02119   }
02120 
02121 int sys_rsbac_mac_remove_p_tru(
02122   rsbac_list_ta_number_t ta_number,
02123   rsbac_pid_t pid,
02124   rsbac_uid_t uid)
02125   {
02126 #if defined(CONFIG_RSBAC_MAC)
02127     struct task_struct * task_p;
02128 
02129 #ifdef CONFIG_RSBAC_FREEZE
02130     if(rsbac_freeze)
02131       {
02132         rsbac_printk(KERN_WARNING
02133                      "sys_rsbac_mac_remove_p_tru(): RSBAC configuration frozen, no administration allowed!\n");
02134         return -EPERM;
02135       }
02136 #endif
02137 
02138     read_lock(&tasklist_lock);
02139     task_p = find_task_by_pid(pid);
02140     read_unlock(&tasklist_lock);
02141     if(!task_p)
02142       return(-RSBAC_EINVALIDTARGET);
02143     return(rsbac_mac_remove_p_tru(ta_number, pid, uid));
02144 #else
02145     return (-RSBAC_EINVALIDMODULE);
02146 #endif    
02147   }
02148 
02149 int sys_rsbac_mac_add_f_tru(
02150   rsbac_list_ta_number_t ta_number,
02151   char * filename,
02152   rsbac_uid_t uid,
02153   rsbac_time_t ttl)
02154   {
02155 #if defined(CONFIG_RSBAC_MAC)
02156     struct dentry * t_dentry;
02157     int     err = 0;
02158     enum  rsbac_target_t     target;
02159     union rsbac_target_id_t  tid;
02160 
02161     struct nameidata nd;
02162 
02163     if(!filename)
02164       return(-RSBAC_EINVALIDTARGET);
02165 
02166 #ifdef CONFIG_RSBAC_FREEZE
02167     if(rsbac_freeze)
02168       {
02169         rsbac_printk(KERN_WARNING
02170                      "sys_rsbac_mac_add_f_tru(): RSBAC configuration frozen, no administration allowed!\n");
02171         return -EPERM;
02172       }
02173 #endif
02174 
02175     if ((err = user_path_walk_link(filename, &nd)))
02176       {
02177 #ifdef CONFIG_RSBAC_DEBUG
02178         if (rsbac_debug_aef_mac)
02179           rsbac_printk(KERN_DEBUG "sys_rsbac_mac_add_f_tru(): call to user_path_walk_link() returned %i\n", err);
02180 #endif
02181         goto out;
02182       }
02183     t_dentry = nd.dentry;
02184     if (!t_dentry->d_inode)
02185       {
02186         err = -RSBAC_EINVALIDTARGET;
02187         goto out_dput;
02188       }
02189     /* is inode of type file? */
02190     if(S_ISREG(t_dentry->d_inode->i_mode))
02191       target = T_FILE;
02192     else
02193     if(S_ISDIR(t_dentry->d_inode->i_mode))
02194       target = T_DIR;
02195     else
02196       { /* This is no file or dir */
02197         err = -RSBAC_EINVALIDTARGET;
02198         goto out_dput;
02199       }
02200     tid.file.device = t_dentry->d_sb->s_dev;
02201     tid.file.inode  = t_dentry->d_inode->i_ino;
02202     tid.file.dentry_p = t_dentry;
02203 
02204     err = rsbac_mac_add_f_tru(ta_number, tid.file, uid, ttl);
02205 
02206 out_dput:
02207     path_release(&nd);
02208 out:
02209     return(err);
02210 
02211 #else
02212     return (-RSBAC_EINVALIDMODULE);
02213 #endif    
02214   }
02215 
02216 int sys_rsbac_mac_remove_f_tru(
02217   rsbac_list_ta_number_t ta_number,
02218   char * filename,
02219   rsbac_uid_t uid)
02220   {
02221 #if defined(CONFIG_RSBAC_MAC)
02222     struct dentry * t_dentry;
02223     int     err = 0;
02224     enum  rsbac_target_t     target;
02225     union rsbac_target_id_t  tid;
02226 
02227     struct nameidata nd;
02228 
02229     if(!filename)
02230       return(-RSBAC_EINVALIDTARGET);
02231 
02232 #ifdef CONFIG_RSBAC_FREEZE
02233     if(rsbac_freeze)
02234       {
02235         rsbac_printk(KERN_WARNING
02236                      "sys_rsbac_mac_remove_f_tru(): RSBAC configuration frozen, no administration allowed!\n");
02237         return -EPERM;
02238       }
02239 #endif
02240 
02241     if ((err = user_path_walk_link(filename, &nd)))
02242       {
02243 #ifdef CONFIG_RSBAC_DEBUG
02244         if (rsbac_debug_aef_mac)
02245           rsbac_printk(KERN_DEBUG "sys_rsbac_mac_remove_f_tru(): call to user_path_walk_link() returned %i\n", err);
02246 #endif
02247         goto out;
02248       }
02249     t_dentry = nd.dentry;
02250     if (!t_dentry->d_inode)
02251       {
02252         err = -RSBAC_EINVALIDTARGET;
02253         goto out_dput;
02254       }
02255     /* is inode of type file or dir? */
02256     if(S_ISREG(t_dentry->d_inode->i_mode))
02257       target = T_FILE;
02258     else
02259     if(S_ISDIR(t_dentry->d_inode->i_mode))
02260       target = T_DIR;
02261     else
02262       { /* This is no file or dir */
02263         err = -RSBAC_EINVALIDTARGET;
02264         goto out_dput;
02265       }
02266     tid.file.device = t_dentry->d_sb->s_dev;
02267     tid.file.inode  = t_dentry->d_inode->i_ino;
02268     tid.file.dentry_p = t_dentry;
02269 
02270     err = rsbac_mac_remove_f_tru(ta_number, tid.file, uid);
02271 
02272 out_dput:
02273     path_release(&nd);
02274 out:
02275     return(err);
02276 
02277 #else
02278     return (-RSBAC_EINVALIDMODULE);
02279 #endif    
02280   }
02281 
02282 /* trulist must have space for maxnum rsbac_uid_t entries! */
02283 int sys_rsbac_mac_get_f_trulist(
02284   rsbac_list_ta_number_t ta_number,
02285   char * filename,
02286   rsbac_uid_t trulist[],
02287   rsbac_time_t ttllist[],
02288   u_int maxnum)
02289   {
02290 #if defined(CONFIG_RSBAC_MAC)
02291     struct dentry * t_dentry;
02292     int     err = 0, tmperr = 0;
02293     enum  rsbac_target_t     target;
02294     union rsbac_target_id_t  tid;
02295     rsbac_uid_t * k_trulist;
02296     rsbac_time_t * k_ttllist;
02297 
02298     struct nameidata nd;
02299 
02300     if(!filename)
02301       return(-RSBAC_EINVALIDTARGET);
02302     if(!trulist)
02303       return(-RSBAC_EINVALIDPOINTER);
02304     if(maxnum <= 0)
02305       return(-RSBAC_EINVALIDVALUE);
02306     if(maxnum > RSBAC_MAC_MAX_MAXNUM)
02307       maxnum = RSBAC_MAC_MAX_MAXNUM;
02308 
02309     if ((err = user_path_walk_link(filename, &nd)))
02310       {
02311 #ifdef CONFIG_RSBAC_DEBUG
02312         if (rsbac_debug_aef_mac)
02313           rsbac_printk(KERN_DEBUG "sys_rsbac_mac_get_f_trulist(): call to user_path_walk_link() returned %i\n", err);
02314 #endif
02315         goto out;
02316       }
02317     t_dentry = nd.dentry;
02318     if (!t_dentry->d_inode)
02319       {
02320         err = -RSBAC_EINVALIDTARGET;
02321         goto out_dput;
02322       }
02323     /* is inode of type file or dir? */
02324     if(S_ISREG(t_dentry->d_inode->i_mode))
02325       target = T_FILE;
02326     else
02327     if(S_ISDIR(t_dentry->d_inode->i_mode))
02328       target = T_DIR;
02329     else
02330       { /* This is no file or dir */
02331         err = -RSBAC_EINVALIDTARGET;
02332         goto out_dput;
02333       }
02334     tid.file.device = t_dentry->d_sb->s_dev;
02335     tid.file.inode  = t_dentry->d_inode->i_ino;
02336     tid.file.dentry_p = t_dentry;
02337 
02338     err = rsbac_mac_get_f_trulist(ta_number, tid.file, &k_trulist, &k_ttllist);
02339     if(err>0)
02340       {
02341         if(err > maxnum)
02342           err = maxnum;
02343         tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist,
02344                                 sizeof(rsbac_uid_t) * err);
02345         if(tmperr < 0)
02346           err = tmperr;
02347         else
02348           {
02349             if(ttllist)
02350               {
02351                 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
02352                                         sizeof(rsbac_time_t) * err);
02353                 if(tmperr < 0)
02354                   err = tmperr;
02355               }
02356           }
02357         rsbac_vfree(k_trulist);
02358         rsbac_vfree(k_ttllist);
02359       }
02360 
02361 out_dput:
02362     path_release(&nd);
02363 out:
02364     return(err);
02365 
02366 #else
02367     return (-RSBAC_EINVALIDMODULE);
02368 #endif    
02369   }
02370 
02371 int sys_rsbac_mac_get_p_trulist(
02372   rsbac_list_ta_number_t ta_number,
02373   rsbac_pid_t pid,
02374   rsbac_uid_t trulist[],
02375   rsbac_time_t ttllist[],
02376   u_int maxnum)
02377   {
02378 #if defined(CONFIG_RSBAC_MAC)
02379     int     err = 0, tmperr = 0;
02380     union rsbac_target_id_t  tid;
02381     rsbac_uid_t * k_trulist;
02382     rsbac_time_t * k_ttllist;
02383 
02384     if(!pid)
02385       return(-RSBAC_EINVALIDTARGET);
02386     if(!trulist)
02387       return(-RSBAC_EINVALIDPOINTER);
02388     if(maxnum <= 0)
02389       return(-RSBAC_EINVALIDVALUE);
02390     if(maxnum > RSBAC_MAC_MAX_MAXNUM)
02391       maxnum = RSBAC_MAC_MAX_MAXNUM;
02392 
02393     tid.process = pid;
02394 
02395     err = rsbac_mac_get_p_trulist(ta_number, tid.process, &k_trulist, &k_ttllist);
02396     if(err>0)
02397       {
02398         if(err > maxnum)
02399           err = maxnum;
02400         tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist,
02401                                 sizeof(rsbac_uid_t) * err);
02402         if(tmperr < 0)
02403           err = tmperr;
02404         else
02405           {
02406             if(ttllist)
02407               {
02408                 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
02409                                         sizeof(rsbac_time_t) * err);
02410                 if(tmperr < 0)
02411                   err = tmperr;
02412               }
02413           }
02414         rsbac_vfree(k_trulist);
02415         rsbac_vfree(k_ttllist);
02416       }
02417 
02418     return(err);
02419 
02420 #else
02421     return (-RSBAC_EINVALIDMODULE);
02422 #endif    
02423   }
02424 
02425 /************** PM ***************/
02426 
02427 int sys_rsbac_stats_pm(void)
02428   {
02429 #ifndef CONFIG_RSBAC_PM
02430     return (0);
02431 #else
02432     union rsbac_target_id_t       rsbac_target_id;
02433     union rsbac_attribute_value_t rsbac_attribute_value;
02434 
02435 #ifdef CONFIG_RSBAC_DEBUG
02436     if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): calling ADF\n");
02437 #endif
02438     rsbac_target_id.scd = ST_rsbac;
02439     rsbac_attribute_value.dummy = 0;
02440     if (!rsbac_adf_request(R_GET_STATUS_DATA,
02441                            current->pid,
02442                            T_SCD,
02443                            rsbac_target_id,
02444                            A_none,
02445                            rsbac_attribute_value))
02446       {
02447         return -EPERM;
02448       }
02449 
02450 #ifdef CONFIG_RSBAC_DEBUG
02451     if (rsbac_debug_aef_pm)
02452       rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): getting RSBAC status!\n");
02453 #endif
02454     return(rsbac_stats_pm());
02455 #endif
02456   };
02457 
02458 int sys_rsbac_pm(
02459   rsbac_list_ta_number_t ta_number,
02460   enum  rsbac_pm_function_type_t    function,
02461   union rsbac_pm_function_param_t * param_p,
02462         rsbac_pm_tkt_id_t           ticket)
02463   {
02464 #ifndef CONFIG_RSBAC_PM
02465     return (-RSBAC_EINVALIDMODULE);
02466 #else
02467     union  rsbac_pm_function_param_t k_param;
02468     int result;
02469     
02470     if(function >= PF_none)
02471       return(-RSBAC_EINVALIDREQUEST);
02472     if(!param_p)
02473       return(-RSBAC_EINVALIDPOINTER);
02474 #ifdef CONFIG_RSBAC_DEBUG
02475     if (rsbac_debug_aef_pm)
02476       rsbac_printk(KERN_DEBUG "sys_rsbac_pm(): called for function %i!\n",
02477              function);
02478 #endif
02479 
02480 #ifdef CONFIG_RSBAC_FREEZE
02481     if(rsbac_freeze)
02482       {
02483         rsbac_printk(KERN_WARNING
02484                      "sys_rsbac_pm(): RSBAC configuration frozen, no administration allowed!\n");
02485         return -EPERM;
02486       }
02487 #endif
02488 
02489     /* get parameters from user space */
02490     rsbac_get_user((u_char *) &k_param, (u_char *) param_p, sizeof(k_param) );
02491     /* call pm function and return its result */
02492     lock_kernel();
02493     result = rsbac_pm(ta_number, function, k_param, ticket);
02494     unlock_kernel();
02495     return result;
02496 #endif    
02497   }
02498 
02499 int sys_rsbac_pm_change_current_task(rsbac_pm_task_id_t task)
02500   {
02501 #ifndef CONFIG_RSBAC_PM
02502     return (0);
02503 #else
02504 #ifdef CONFIG_RSBAC_DEBUG
02505     if (rsbac_debug_aef_pm)
02506       rsbac_printk(KERN_DEBUG
02507              "sys_rsbac_pm_change_current_task(): called for task %i!\n",
02508              task);
02509 #endif
02510     /* call pm function and return its result */
02511     return(rsbac_pm_change_current_task(task));
02512 #endif    
02513   }
02514 
02515 int sys_rsbac_pm_create_file(const char * filename,
02516                                         int mode,
02517                                         rsbac_pm_object_class_id_t class)
02518   {
02519 #ifndef CONFIG_RSBAC_PM
02520     return (-RSBAC_EINVALIDMODULE);
02521 #else
02522     if(!filename)
02523       return(-RSBAC_EINVALIDPOINTER);
02524 #ifdef CONFIG_RSBAC_DEBUG
02525     if (rsbac_debug_aef_pm)
02526       rsbac_printk(KERN_DEBUG
02527              "sys_rsbac_pm_create_file(): called with class %i!\n",
02528              class);
02529 #endif
02530     /* call pm function and return its result */
02531     return(rsbac_pm_create_file(filename, mode, class));
02532 #endif    
02533   }
02534 
02535 /************** DAZ ***************/
02536 
02537 int sys_rsbac_daz_flush_cache(void)
02538   {
02539 #ifndef CONFIG_RSBAC_DAZ_CACHE
02540     return (0);
02541 #else
02542 #ifndef CONFIG_RSBAC_MAINT
02543     union rsbac_target_id_t       i_tid;
02544     union rsbac_attribute_value_t i_attr_val1;
02545 
02546     /* Security Officer or admin? */
02547     i_tid.user = current->uid;
02548     if (rsbac_get_attr(SW_DAZ,
02549                        T_USER,
02550                        i_tid,
02551                        A_daz_role,
02552                        &i_attr_val1,
02553                        TRUE))
02554       {
02555         rsbac_printk(KERN_WARNING
02556                      "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
02557         return -EPERM;
02558       }
02559     /* if not sec_officer or admin, deny */
02560     if (   (i_attr_val1.system_role != SR_security_officer)
02561         && (i_attr_val1.system_role != SR_administrator)
02562        )
02563       #ifdef CONFIG_RSBAC_SOFTMODE
02564       if(   !rsbac_softmode
02565       #ifdef CONFIG_RSBAC_SOFTMODE_IND
02566          && !rsbac_ind_softmode[SW_DAZ]
02567       #endif
02568         )
02569       #endif
02570       return -EPERM;
02571 #endif
02572 
02573     rsbac_printk(KERN_INFO
02574            "sys_rsbac_daz_flush_cache(): flushing DAZuko result cache!\n");
02575 
02576     return(rsbac_daz_flush_cache());
02577 #endif
02578   }
02579 
02580 
02581 /************** RC ***************/
02582 
02583 int sys_rsbac_rc_copy_role(
02584   rsbac_list_ta_number_t ta_number,
02585   rsbac_rc_role_id_t from_role,
02586   rsbac_rc_role_id_t to_role)
02587   {
02588 #if defined(CONFIG_RSBAC_RC)
02589     if(   (from_role > RC_role_max_value)
02590        || (from_role > RC_role_max_value))
02591       return(-RSBAC_EINVALIDVALUE);
02592 #ifdef CONFIG_RSBAC_DEBUG
02593     if (rsbac_debug_aef_rc)
02594       rsbac_printk(KERN_DEBUG
02595              "sys_rsbac_rc_copy_role(): from %i, to %i!\n",
02596              from_role, to_role);
02597 #endif
02598 #ifdef CONFIG_RSBAC_FREEZE
02599     if(rsbac_freeze)
02600       {
02601         rsbac_printk(KERN_WARNING
02602                      "sys_rsbac_rc_copy_role(): RSBAC configuration frozen, no administration allowed!\n");
02603         return -EPERM;
02604       }
02605 #endif
02606 
02607     /* call rc function and return its result */
02608     return(rsbac_rc_sys_copy_role(ta_number, from_role, to_role));
02609 #else
02610     return (-RSBAC_EINVALIDMODULE);
02611 #endif    
02612   }
02613 
02614 int sys_rsbac_rc_copy_type(
02615         rsbac_list_ta_number_t ta_number,
02616   enum  rsbac_rc_target_t      target,
02617         rsbac_rc_type_id_t     from_type,
02618         rsbac_rc_type_id_t     to_type)
02619   {
02620 #if defined(CONFIG_RSBAC_RC)
02621     if(   (from_type > RC_type_max_value)
02622        || (from_type > RC_type_max_value))
02623       return(-RSBAC_EINVALIDVALUE);
02624 #ifdef CONFIG_RSBAC_DEBUG
02625     if (rsbac_debug_aef_rc)
02626       rsbac_printk(KERN_DEBUG
02627              "sys_rsbac_rc_copy_type(): from %i, to %i!\n",
02628              from_type, to_type);
02629 #endif
02630 #ifdef CONFIG_RSBAC_FREEZE
02631     if(rsbac_freeze)
02632       {
02633         rsbac_printk(KERN_WARNING
02634                      "sys_rsbac_rc_copy_type(): RSBAC configuration frozen, no administration allowed!\n");
02635         return -EPERM;
02636       }
02637 #endif
02638 
02639     /* call rc function and return its result */
02640     return(rsbac_rc_sys_copy_type(ta_number, target, from_type, to_type));
02641 #else
02642     return (-RSBAC_EINVALIDMODULE);
02643 #endif    
02644   }
02645 
02646 /* Getting values */
02647 int sys_rsbac_rc_get_item (
02648         rsbac_list_ta_number_t  ta_number,
02649   enum  rsbac_rc_target_t       target,
02650   union rsbac_rc_target_id_t  * tid_p,
02651   union rsbac_rc_target_id_t  * subtid_p,
02652   enum  rsbac_rc_item_t         item,
02653   union rsbac_rc_item_value_t * value_p,
02654         rsbac_time_t          * ttl_p)
02655   {
02656 #if defined(CONFIG_RSBAC_RC)
02657     union rsbac_rc_target_id_t  k_tid;
02658     union rsbac_rc_target_id_t  k_subtid;
02659     union rsbac_rc_item_value_t k_value;
02660           rsbac_time_t          k_ttl;
02661     int err = 0;
02662 
02663     if(   (target >= RT_NONE)
02664        || (item >= RI_none))
02665       return(-RSBAC_EINVALIDVALUE);
02666     /* get values from user space */
02667     rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02668     rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) );
02669     rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02670 #ifdef CONFIG_RSBAC_DEBUG
02671     if (rsbac_debug_aef_rc)
02672       rsbac_printk(KERN_DEBUG
02673              "sys_rsbac_rc_get_item(): target %i, item %i!\n",
02674              target, item);
02675 #endif
02676     /* call rc function and return its result */
02677     err = rsbac_rc_sys_get_item(ta_number, target, k_tid, k_subtid,
02678                                 item, &k_value, &k_ttl);
02679     /* put result value to user space */
02680     if(!err)
02681       {
02682         err = rsbac_put_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02683         if(!err && ttl_p)
02684           err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) );
02685       }
02686     return (err);
02687 #else
02688     return (-RSBAC_EINVALIDMODULE);
02689 #endif    
02690   }
02691 
02692 /* Setting values */
02693 int sys_rsbac_rc_set_item(
02694   rsbac_list_ta_number_t        ta_number,
02695   enum  rsbac_rc_target_t       target,
02696   union rsbac_rc_target_id_t  * tid_p,
02697   union rsbac_rc_target_id_t  * subtid_p,
02698   enum  rsbac_rc_item_t         item,
02699   union rsbac_rc_item_value_t * value_p,
02700         rsbac_time_t            ttl)
02701   {
02702 #if defined(CONFIG_RSBAC_RC)
02703     union rsbac_rc_target_id_t  k_tid;
02704     union rsbac_rc_target_id_t  k_subtid;
02705     union rsbac_rc_item_value_t k_value;
02706 
02707     if(   (target >= RT_NONE)
02708        || (item >= RI_none))
02709       return(-RSBAC_EINVALIDVALUE);
02710 
02711 #ifdef CONFIG_RSBAC_FREEZE
02712     if(rsbac_freeze)
02713       {
02714         rsbac_printk(KERN_WARNING
02715                      "sys_rsbac_rc_set_item(): RSBAC configuration frozen, no administration allowed!\n");
02716         return -EPERM;
02717       }
02718 #endif
02719 
02720     /* get values from user space */
02721     rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02722     rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) );
02723     rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02724 #ifdef CONFIG_RSBAC_DEBUG
02725     if (rsbac_debug_aef_rc)
02726       rsbac_printk(KERN_DEBUG
02727              "sys_rsbac_rc_set_item(): target %i, item %i!\n",
02728              target, item);
02729 #endif
02730     /* call rc function and return its result */
02731     return rsbac_rc_sys_set_item(ta_number, target, k_tid, k_subtid, item, k_value, ttl);
02732 #else
02733     return (-RSBAC_EINVALIDMODULE);
02734 #endif    
02735   }
02736 
02737 int sys_rsbac_rc_get_list(
02738         rsbac_list_ta_number_t ta_number,
02739   enum  rsbac_rc_target_t      target,
02740   union rsbac_rc_target_id_t * tid_p,
02741   enum  rsbac_rc_item_t        item,
02742         u_int                  maxnum,
02743         __u32                * array_p,
02744         rsbac_time_t         * ttl_array_p)
02745   {
02746 #if defined(CONFIG_RSBAC_RC)
02747     union rsbac_rc_target_id_t  k_tid;
02748     int err;
02749 
02750     rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02751     if(array_p)
02752       {
02753         __u32 * k_array_p;
02754         rsbac_time_t * k_ttl_array_p;
02755 
02756         if(!maxnum)
02757           return -RSBAC_EINVALIDVALUE;
02758         /* call rc function and return its result */
02759         err = rsbac_rc_get_list(ta_number, target, k_tid, item,
02760                                 &k_array_p, &k_ttl_array_p);
02761         /* put result value to user space */
02762         if(err > 0)
02763           {
02764             int tmperr;
02765 
02766             if(err > maxnum)
02767               err = maxnum;
02768             tmperr = rsbac_put_user((u_char *) k_array_p, (u_char *) array_p, err * sizeof(*k_array_p) );
02769             if(tmperr)
02770               err = tmperr;
02771             rsbac_vfree(k_array_p);
02772             if(k_ttl_array_p && ttl_array_p)
02773               {
02774                 tmperr = rsbac_put_user((u_char *) k_ttl_array_p, (u_char *) ttl_array_p, err * sizeof(*k_ttl_array_p) );
02775                 if(tmperr)
02776                   err = tmperr;
02777               }
02778             rsbac_vfree(k_ttl_array_p);
02779           }
02780         return (err);
02781       }
02782     else
02783       return rsbac_rc_get_list(ta_number, target, k_tid, item, NULL, NULL);
02784 #else
02785     return (-RSBAC_EINVALIDMODULE);
02786 #endif    
02787   };
02788 
02789 /* Set own role */
02790 int sys_rsbac_rc_change_role (rsbac_rc_role_id_t role, char * pass)
02791   {
02792 #if defined(CONFIG_RSBAC_RC)
02793     if(role > RC_role_max_value)
02794       return(-RSBAC_EINVALIDVALUE);
02795 #ifdef CONFIG_RSBAC_DEBUG
02796     if (rsbac_debug_aef_rc)
02797       rsbac_printk(KERN_DEBUG
02798              "sys_rsbac_rc_change_role(): role %i!\n",
02799              role);
02800 #endif
02801     /* call rc function and return its result */
02802     return rsbac_rc_sys_change_role(role, pass);
02803 #else
02804     return (-RSBAC_EINVALIDMODULE);
02805 #endif    
02806   }
02807 
02808 /* Getting own effective rights */
02809 int sys_rsbac_rc_get_eff_rights_n(
02810         rsbac_list_ta_number_t      ta_number,
02811   enum  rsbac_target_t              target,
02812         char                      * t_name,
02813         rsbac_rc_request_vector_t * request_vector_p,
02814         rsbac_time_t              * ttl_p)
02815   {
02816 #if defined(CONFIG_RSBAC_RC)
02817       struct dentry * t_dentry;
02818       int     err = 0;
02819       rsbac_rc_request_vector_t k_req_vec;
02820       rsbac_time_t          k_ttl;
02821       union rsbac_target_id_t  tid;
02822 
02823       struct nameidata nd;
02824 
02825       if(!t_name || (target >= T_NONE))
02826         return(-RSBAC_EINVALIDTARGET);
02827 
02828       if ((err = user_path_walk_link(t_name, &nd)))
02829         {
02830 #ifdef CONFIG_RSBAC_DEBUG
02831           if (rsbac_debug_aef_rc)
02832             rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): call to user_path_walk_link() returned %i\n", err);
02833 #endif
02834           goto out;
02835         }
02836       t_dentry = nd.dentry;
02837       if (!t_dentry->d_inode)
02838         {
02839           err = -RSBAC_EINVALIDTARGET;
02840           goto out_dput;
02841         }
02842         
02843       switch (target)
02844         {
02845           case T_FD:
02846             if(S_ISREG(t_dentry->d_inode->i_mode))
02847               {
02848                 target = T_FILE;
02849               }
02850             else
02851             if(S_ISDIR(t_dentry->d_inode->i_mode))
02852               {
02853                 target = T_DIR;
02854               }
02855             else
02856             if(S_ISLNK(t_dentry->d_inode->i_mode))
02857               {
02858                 target = T_SYMLINK;
02859               }
02860             else
02861             if(S_ISFIFO(t_dentry->d_inode->i_mode))
02862               {
02863                 target = T_FIFO;
02864               }
02865             else
02866             if(S_ISSOCK(t_dentry->d_inode->i_mode))
02867               {
02868                 target = T_UNIXSOCK;
02869               }
02870             else
02871             if(S_ISBLK(t_dentry->d_inode->i_mode))
02872               {
02873                 target = T_FILE;
02874               }
02875             else
02876             if(S_ISCHR(t_dentry->d_inode->i_mode))
02877               {
02878                 target = T_FILE;
02879               }
02880             else
02881               {
02882 #ifdef CONFIG_RSBAC_DEBUG
02883                 if (rsbac_debug_aef)
02884                   rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): no filesystem object\n");
02885 #endif
02886                 err = -RSBAC_EINVALIDTARGET;
02887                 goto out_dput;
02888               }
02889             break;
02890 
02891           case T_FILE:
02892             /* is inode of type file, symlink or block/char device? */
02893             if (   !(S_ISREG(t_dentry->d_inode->i_mode))
02894                 && !(S_ISBLK(t_dentry->d_inode->i_mode))
02895                 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
02896               { /* This is no file or device */
02897                 err = -RSBAC_EINVALIDTARGET;
02898                 goto out_dput;
02899               }
02900             break;
02901 
02902           case T_DIR:
02903             if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
02904               { /* This is no file */
02905                 err = -RSBAC_EINVALIDTARGET;
02906                 goto out_dput;
02907               }
02908             break;
02909 
02910           case T_FIFO:
02911             /* is inode of type fifo? */
02912             if (   !(S_ISFIFO(t_dentry->d_inode->i_mode)))
02913               { /* This is no file or device */
02914                 err = -RSBAC_EINVALIDTARGET;
02915                 goto out_dput;
02916               }
02917             break;
02918 
02919           case T_UNIXSOCK:
02920             /* is inode of type fifo? */
02921             if (   !(S_ISSOCK(t_dentry->d_inode->i_mode)))
02922               {
02923                 err = -RSBAC_EINVALIDTARGET;
02924                 goto out_dput;
02925               }
02926             break;
02927 
02928           case T_SYMLINK:
02929             /* is inode of type symlink? */
02930             if (   !(S_ISLNK(t_dentry->d_inode->i_mode)))
02931               { /* This is no file or device */
02932                 err = -RSBAC_EINVALIDTARGET;
02933                 goto out_dput;
02934               }
02935             break;
02936 
02937           case T_DEV:
02938             /* is inode of type block/char device? */
02939             if (   !(S_ISBLK(t_dentry->d_inode->i_mode))
02940                 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
02941               { /* This is no dev */
02942                 err = -RSBAC_EINVALIDTARGET;
02943                 goto out_dput;
02944               }
02945             break;
02946 
02947           default:
02948             err = -RSBAC_EINVALIDTARGET;
02949             goto out_dput;
02950         }
02951 
02952       if(target == T_DEV)
02953         {
02954           if(S_ISBLK(t_dentry->d_inode->i_mode))
02955             tid.dev.type = D_block;
02956           else
02957             tid.dev.type = D_char;
02958           tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
02959           tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
02960         }
02961       else
02962         {
02963           /* fill target id and call internal function */
02964           tid.file.device = t_dentry->d_sb->s_dev;
02965           tid.file.inode  = t_dentry->d_inode->i_ino;
02966           tid.file.dentry_p = t_dentry;
02967         }
02968       err = rsbac_rc_sys_get_eff_rights(ta_number, target, tid, &k_req_vec, &k_ttl);
02969       /* put result value to user space */
02970       if(!err)
02971         {
02972           err = rsbac_put_user((u_char *) &k_req_vec, (u_char *) request_vector_p, sizeof(k_req_vec) );
02973           if(!err && ttl_p)
02974             err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) );
02975         }
02976 
02977   out_dput:
02978       path_release(&nd);
02979 
02980   out:
02981       return(err);
02982 #else
02983     return (-RSBAC_EINVALIDMODULE);
02984 #endif    
02985   }
02986 
02987 /* Get current process role */
02988 int sys_rsbac_rc_get_current_role (rsbac_rc_role_id_t * role_p)
02989   {
02990 #if defined(CONFIG_RSBAC_RC)
02991     rsbac_rc_role_id_t k_role;
02992     int err;
02993 
02994     if(!role_p)
02995       return(-RSBAC_EINVALIDPOINTER);
02996     /* call rc function and return its result */
02997     err = rsbac_rc_sys_get_current_role(&k_role);
02998     if(!err)
02999       {
03000         err = rsbac_put_user((u_char *) &k_role, (u_char *) role_p, sizeof(k_role) );
03001       }
03002     return err;
03003 #else
03004     return (-RSBAC_EINVALIDMODULE);
03005 #endif    
03006   }
03007 
03008 int sys_rsbac_rc_select_fd_create_type(rsbac_rc_type_id_t type)
03009 {
03010 #if defined(CONFIG_RSBAC_RC)
03011         int err;
03012 
03013         err = rsbac_rc_select_fd_create_type(type);
03014 
03015         return err;
03016 #else
03017         return (-RSBAC_EINVALIDMODULE);
03018 #endif
03019 }
03020 
03021 
03022 /************** AUTH ***************/
03023 
03024 /* Provide means for adding and removing of capabilities */
03025 int sys_rsbac_auth_add_p_cap(
03026          rsbac_list_ta_number_t ta_number,
03027          rsbac_pid_t pid,
03028   enum   rsbac_auth_cap_type_t cap_type,
03029   struct rsbac_auth_cap_range_t cap_range,
03030          rsbac_time_t ttl)
03031   {
03032 #if defined(CONFIG_RSBAC_AUTH)
03033     struct task_struct * task_p;
03034 
03035     if(cap_type >= ACT_none)
03036       return(-RSBAC_EINVALIDTARGET);
03037     if(cap_range.first > cap_range.last)
03038       return(-RSBAC_EINVALIDVALUE);
03039     if(   (cap_range.first > RSBAC_AUTH_MAX_RANGE_UID)
03040        || (cap_range.last > RSBAC_AUTH_MAX_RANGE_UID)
03041       )
03042       return -RSBAC_EINVALIDVALUE;
03043 
03044 #ifdef CONFIG_RSBAC_FREEZE
03045     if(rsbac_freeze)
03046       {
03047         rsbac_printk(KERN_WARNING
03048                      "sys_rsbac_auth_add_p_cap(): RSBAC configuration frozen, no administration allowed!\n");
03049         return -EPERM;
03050       }
03051 #endif
03052 
03053     read_lock(&tasklist_lock);
03054     task_p = find_task_by_pid(pid);
03055     read_unlock(&tasklist_lock);
03056     if(!task_p)
03057       return(-RSBAC_EINVALIDTARGET);
03058 
03059     /* call auth function and return its result */
03060     /* permission checking is done there */
03061     return(rsbac_auth_add_p_cap(ta_number, pid, cap_type, cap_range, ttl));
03062 #else
03063     return (-RSBAC_EINVALIDMODULE);
03064 #endif    
03065   }
03066 
03067 int sys_rsbac_auth_remove_p_cap(
03068          rsbac_list_ta_number_t ta_number,
03069          rsbac_pid_t pid,
03070   enum   rsbac_auth_cap_type_t cap_type,
03071   struct rsbac_auth_cap_range_t cap_range)
03072   {
03073 #if defined(CONFIG_RSBAC_AUTH)
03074     struct task_struct * task_p;
03075 
03076     if(cap_type >= ACT_none)
03077       return(-RSBAC_EINVALIDTARGET);
03078     if(cap_range.first > cap_range.last)
03079       return(-RSBAC_EINVALIDVALUE);
03080 
03081 #ifdef CONFIG_RSBAC_FREEZE
03082     if(rsbac_freeze)
03083       {
03084         rsbac_printk(KERN_WARNING
03085                      "sys_rsbac_auth_remove_p_cap(): RSBAC configuration frozen, no administration allowed!\n");
03086         return -EPERM;
03087       }
03088 #endif
03089 
03090     read_lock(&tasklist_lock);
03091     task_p = find_task_by_pid(pid);
03092     read_unlock(&tasklist_lock);
03093     if(!task_p)
03094       return(-RSBAC_EINVALIDTARGET);
03095     /* call auth function and return its result */
03096     /* permission checking is done there */
03097     return(rsbac_auth_remove_p_cap(ta_number, pid, cap_type, cap_range));
03098 #else
03099     return (-RSBAC_EINVALIDMODULE);
03100 #endif    
03101   }
03102 
03103 int sys_rsbac_auth_add_f_cap(
03104          rsbac_list_ta_number_t   ta_number,
03105          char                   * filename,
03106   enum   rsbac_auth_cap_type_t    cap_type,
03107   struct rsbac_auth_cap_range_t   cap_range,
03108          rsbac_time_t             ttl)
03109   {
03110 #if defined(CONFIG_RSBAC_AUTH)
03111     struct dentry * t_dentry;
03112     int     err = 0;
03113     enum  rsbac_target_t     target;
03114     union rsbac_target_id_t  tid;
03115 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03116     union rsbac_attribute_value_t rsbac_attribute_value;
03117 #endif
03118 
03119     struct nameidata nd;
03120 
03121     if(cap_range.first > cap_range.last)
03122       return(-RSBAC_EINVALIDVALUE);
03123 
03124     if(!filename)
03125       return(-RSBAC_EINVALIDTARGET);
03126     if(cap_type >= ACT_none)
03127       return(-RSBAC_EINVALIDTARGET);
03128     if(cap_range.first > cap_range.last)
03129       return(-RSBAC_EINVALIDVALUE);
03130 
03131 #ifdef CONFIG_RSBAC_FREEZE
03132     if(rsbac_freeze)
03133       {
03134         rsbac_printk(KERN_WARNING
03135                      "sys_rsbac_auth_add_f_cap(): RSBAC configuration frozen, no administration allowed!\n");
03136         return -EPERM;
03137       }
03138 #endif
03139 
03140     if ((err = user_path_walk_link(filename, &nd)))
03141       {
03142 #ifdef CONFIG_RSBAC_DEBUG
03143         if (rsbac_debug_aef_auth)
03144           rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): call to user_path_walk_link() returned %i\n", err);
03145 #endif
03146         goto out;
03147       }
03148     t_dentry = nd.dentry;
03149     if (!t_dentry->d_inode)
03150       {
03151         err = -RSBAC_EINVALIDTARGET;
03152         goto out_dput;
03153       }
03154     /* is inode of type file? */
03155     if(S_ISREG(t_dentry->d_inode->i_mode))
03156       target = T_FILE;
03157     else
03158     if(S_ISDIR(t_dentry->d_inode->i_mode))
03159       target = T_DIR;
03160     else
03161       { /* This is no file or dir */
03162         err = -RSBAC_EINVALIDTARGET;
03163         goto out_dput;
03164       }
03165     tid.file.device = t_dentry->d_sb->s_dev;
03166     tid.file.inode  = t_dentry->d_inode->i_ino;
03167     tid.file.dentry_p = t_dentry;
03168 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03169     /* call ADF */
03170 #ifdef CONFIG_RSBAC_DEBUG
03171     if (rsbac_debug_aef)
03172       rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n");
03173 #endif
03174     rsbac_attribute_value.auth_cap_range = cap_range;
03175     if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
03176                            current->pid,
03177                            target,
03178                            tid,
03179                            A_auth_add_f_cap,
03180                            rsbac_attribute_value))
03181       {
03182         err = -EPERM;
03183       }
03184     else
03185 #endif
03186       err = rsbac_auth_add_f_cap(ta_number, tid.file, cap_type, cap_range, ttl);
03187 
03188 out_dput:
03189     path_release(&nd);
03190 out:
03191     return(err);
03192 
03193 #else
03194     return (-RSBAC_EINVALIDMODULE);
03195 #endif    
03196   };
03197 
03198 int sys_rsbac_auth_remove_f_cap(
03199          rsbac_list_ta_number_t   ta_number,
03200          char                   * filename,
03201   enum   rsbac_auth_cap_type_t    cap_type,
03202   struct rsbac_auth_cap_range_t   cap_range)
03203   {
03204 #if defined(CONFIG_RSBAC_AUTH)
03205     struct dentry * t_dentry;
03206     int     err = 0;
03207     enum  rsbac_target_t     target;
03208     union rsbac_target_id_t  tid;
03209 
03210     /* for adf_request */
03211 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03212     union rsbac_attribute_value_t rsbac_attribute_value;
03213 #endif
03214 
03215     struct nameidata nd;
03216 
03217     if(!filename)
03218       return(-RSBAC_EINVALIDTARGET);
03219     if(cap_type >= ACT_none)
03220       return(-RSBAC_EINVALIDTARGET);
03221     if(cap_range.first > cap_range.last)
03222       return(-RSBAC_EINVALIDVALUE);
03223 
03224 #ifdef CONFIG_RSBAC_FREEZE
03225     if(rsbac_freeze)
03226       {
03227         rsbac_printk(KERN_WARNING
03228                      "sys_rsbac_auth_remove_f_cap(): RSBAC configuration frozen, no administration allowed!\n");
03229         return -EPERM;
03230       }
03231 #endif
03232 
03233     if ((err = user_path_walk_link(filename, &nd)))
03234       {
03235 #ifdef CONFIG_RSBAC_DEBUG
03236         if (rsbac_debug_aef_auth)
03237           rsbac_printk(KERN_DEBUG "sys_rsbac_auth_remove_f_cap(): call to user_path_walk_link() returned %i\n", err);
03238 #endif
03239         goto out;
03240       }
03241     t_dentry = nd.dentry;
03242     if (!t_dentry->d_inode)
03243       {
03244         err = -RSBAC_EINVALIDTARGET;
03245         goto out_dput;
03246       }
03247     /* is inode of type file or dir? */
03248     if(S_ISREG(t_dentry->d_inode->i_mode))
03249       target = T_FILE;
03250     else
03251     if(S_ISDIR(t_dentry->d_inode->i_mode))
03252       target = T_DIR;
03253     else
03254       { /* This is no file or dir */
03255         err = -RSBAC_EINVALIDTARGET;
03256         goto out_dput;
03257       }
03258     tid.file.device = t_dentry->d_sb->s_dev;
03259     tid.file.inode  = t_dentry->d_inode->i_ino;
03260     tid.file.dentry_p = t_dentry;
03261 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03262     /* call ADF */
03263 #ifdef CONFIG_RSBAC_DEBUG
03264     if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n");
03265 #endif
03266     rsbac_attribute_value.auth_cap_range = cap_range;
03267     if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
03268                            current->pid,
03269                            target,
03270                            tid,
03271                            A_auth_remove_f_cap,
03272                            rsbac_attribute_value))
03273       {
03274         err = -EPERM;
03275       }
03276     else
03277 #endif
03278       err = rsbac_auth_remove_f_cap(ta_number, tid.file, cap_type, cap_range);
03279 
03280 out_dput:
03281     path_release(&nd);
03282 out:
03283     return(err);
03284 
03285 #else
03286     return (-RSBAC_EINVALIDMODULE);
03287 #endif    
03288   }
03289 
03290 /* caplist must have space for maxnum auth_cap_range entries - first and last each! */
03291 int sys_rsbac_auth_get_f_caplist(
03292          rsbac_list_ta_number_t   ta_number,
03293          char                   * filename,
03294   enum   rsbac_auth_cap_type_t    cap_type,
03295   struct rsbac_auth_cap_range_t   caplist[],
03296          rsbac_time_t             ttllist[],
03297          u_int                    maxnum)
03298   {
03299 #if defined(CONFIG_RSBAC_AUTH)
03300     struct dentry * t_dentry;
03301     int     err = 0, tmperr = 0;
03302     enum  rsbac_target_t     target;
03303     union rsbac_target_id_t  tid;
03304     struct rsbac_auth_cap_range_t * k_caplist;
03305     rsbac_time_t * k_ttllist;
03306 
03307     /* for adf_request */
03308 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03309     union rsbac_attribute_value_t rsbac_attribute_value;
03310 #endif
03311 
03312     struct nameidata nd;
03313 
03314     if(!filename)
03315       return(-RSBAC_EINVALIDTARGET);
03316     if(cap_type >= ACT_none)
03317       return(-RSBAC_EINVALIDTARGET);
03318     if(!caplist)
03319       return(-RSBAC_EINVALIDPOINTER);
03320     if(maxnum <= 0)
03321       return(-RSBAC_EINVALIDVALUE);
03322     if(maxnum > RSBAC_AUTH_MAX_MAXNUM)
03323       maxnum = RSBAC_AUTH_MAX_MAXNUM;
03324 
03325     if ((err = user_path_walk_link(filename, &nd)))
03326       {
03327 #ifdef CONFIG_RSBAC_DEBUG
03328         if (rsbac_debug_aef_auth)
03329           rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): call to user_path_walk_link() returned %i\n", err);
03330 #endif
03331         goto out;
03332       }
03333     t_dentry = nd.dentry;
03334     if (!t_dentry->d_inode)
03335       {
03336         err = -RSBAC_EINVALIDTARGET;
03337         goto out_dput;
03338       }
03339     /* is inode of type file or dir? */
03340     if(S_ISREG(t_dentry->d_inode->i_mode))
03341       target = T_FILE;
03342     else
03343     if(S_ISDIR(t_dentry->d_inode->i_mode))
03344       target = T_DIR;
03345     else
03346       { /* This is no file or dir */
03347         err = -RSBAC_EINVALIDTARGET;
03348         goto out_dput;
03349       }
03350     tid.file.device = t_dentry->d_sb->s_dev;
03351     tid.file.inode  = t_dentry->d_inode->i_ino;
03352     tid.file.dentry_p = t_dentry;
03353 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03354     /* call ADF */
03355 #ifdef CONFIG_RSBAC_DEBUG
03356     if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): calling ADF\n");
03357 #endif
03358     rsbac_attribute_value.dummy = 0;
03359     if (!rsbac_adf_request(R_READ_ATTRIBUTE,
03360                            current->pid,
03361                            target,
03362                            tid,
03363                            A_auth_get_caplist,
03364                            rsbac_attribute_value))
03365       {
03366         err = -EPERM;
03367         goto out_dput;
03368       }
03369 #endif
03370     err = rsbac_auth_get_f_caplist(ta_number, tid.file, cap_type, &k_caplist, &k_ttllist);
03371     if(err>0)
03372       {
03373         if(err > maxnum)
03374           err = maxnum;
03375         tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist,
03376                                 sizeof(struct rsbac_auth_cap_range_t) * err);
03377         if(tmperr < 0)
03378           err = tmperr;
03379         else
03380           {
03381             if(ttllist)
03382               {
03383                 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
03384                                         sizeof(rsbac_time_t) * err);
03385                 if(tmperr < 0)
03386                   err = tmperr;
03387               }
03388           }
03389         rsbac_vfree(k_caplist);
03390         rsbac_vfree(k_ttllist);
03391       }
03392 
03393 out_dput:
03394     path_release(&nd);
03395 out:
03396     return(err);
03397 
03398 #else
03399     return (-RSBAC_EINVALIDMODULE);
03400 #endif    
03401   }
03402 
03403 int sys_rsbac_auth_get_p_caplist(
03404          rsbac_list_ta_number_t ta_number,
03405          rsbac_pid_t            pid,
03406   enum   rsbac_auth_cap_type_t  cap_type,
03407   struct rsbac_auth_cap_range_t caplist[],
03408          rsbac_time_t           ttllist[],
03409          u_int                  maxnum)
03410   {
03411 #if defined(CONFIG_RSBAC_AUTH)
03412     int     err = 0, tmperr = 0;
03413     union rsbac_target_id_t  tid;
03414     struct rsbac_auth_cap_range_t * k_caplist;
03415     rsbac_time_t * k_ttllist;
03416 
03417     /* for adf_request */
03418 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03419     union rsbac_attribute_value_t rsbac_attribute_value;
03420 #endif
03421 
03422     if(!pid)
03423       return(-RSBAC_EINVALIDTARGET);
03424     if(cap_type >= ACT_none)
03425       return(-RSBAC_EINVALIDTARGET);
03426     if(!caplist)
03427       return(-RSBAC_EINVALIDPOINTER);
03428     if(maxnum <= 0)
03429       return(-RSBAC_EINVALIDVALUE);
03430     if(maxnum > RSBAC_AUTH_MAX_MAXNUM)
03431       maxnum = RSBAC_AUTH_MAX_MAXNUM;
03432 
03433     tid.process = pid;
03434 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03435     /* call ADF */
03436 #ifdef CONFIG_RSBAC_DEBUG
03437     if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_p_caplist(): calling ADF\n");
03438 #endif
03439     rsbac_attribute_value.dummy = 0;
03440     if (!rsbac_adf_request(R_READ_ATTRIBUTE,
03441                            current->pid,
03442                            T_PROCESS,
03443                            tid,
03444                            A_auth_get_caplist,
03445                            rsbac_attribute_value))
03446       {
03447         return -EPERM;
03448       }
03449 #endif
03450     err = rsbac_auth_get_p_caplist(ta_number, tid.process, cap_type,
03451                                    &k_caplist, &k_ttllist);
03452     if(err>0)
03453       {
03454         if(err > maxnum)
03455           err = maxnum;
03456         tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist,
03457                                 sizeof(struct rsbac_auth_cap_range_t) * err);
03458         if(tmperr < 0)
03459           err = tmperr;
03460         else
03461           {
03462             if(ttllist)
03463               {
03464                 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
03465                                         sizeof(rsbac_time_t) * err);
03466                 if(tmperr < 0)
03467                   err = tmperr;
03468               }
03469           }
03470         rsbac_vfree(k_caplist);
03471         rsbac_vfree(k_ttllist);
03472       }
03473 
03474     return(err);
03475 
03476 #else
03477     return (-RSBAC_EINVALIDMODULE);
03478 #endif    
03479   }
03480 
03481 /**********************************/
03482 /************** REG ***************/
03483 
03484 int sys_rsbac_reg(rsbac_reg_handle_t handle,
03485                              void * arg)
03486   {
03487 #if defined(CONFIG_RSBAC_REG)
03488     return rsbac_reg_syscall(handle, arg);
03489 #else
03490     return (-RSBAC_EINVALIDMODULE);
03491 #endif
03492   }
03493 
03494 
03495 /**********************************/
03496 /************** ACL ***************/
03497 
03498 int sys_rsbac_acl(
03499          rsbac_list_ta_number_t     ta_number,
03500   enum   rsbac_acl_syscall_type_t   call,
03501   struct rsbac_acl_syscall_arg_t  * arg)
03502     { 
03503 #if defined(CONFIG_RSBAC_ACL)
03504       struct rsbac_acl_syscall_arg_t k_arg;
03505 /*      union rsbac_target_id_t i_tid; */
03506       int   err = 0;
03507       
03508       if(call >= ACLC_none)
03509         return(-RSBAC_EINVALIDREQUEST);
03510       if(!arg)
03511         return(-RSBAC_EINVALIDPOINTER);
03512 
03513       /* get values from user space */
03514       err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03515       if(err < 0)
03516         return err;
03517 
03518       if(k_arg.target >= T_NONE)
03519         return(-RSBAC_EINVALIDTARGET);
03520 /*      rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): target = %u, call = %u, subj_type = %u, subj_id = %u!\n",
03521              k_arg.target, call, k_arg.subj_type, k_arg.subj_id); */
03522 
03523 #ifdef CONFIG_RSBAC_FREEZE
03524       if(rsbac_freeze)
03525         {
03526           rsbac_printk(KERN_WARNING
03527                        "sys_rsbac_acl(): RSBAC configuration frozen, no administration allowed!\n");
03528           return -EPERM;
03529         }
03530 #endif
03531 
03532       if(call != ACLC_set_mask)
03533         {
03534           switch(k_arg.subj_type)
03535             {
03536               case ACLS_USER:
03537                 break;
03538               case ACLS_GROUP:
03539                 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03540                   {
03541                     struct rsbac_acl_group_entry_t entry;
03542                            rsbac_uid_t caller;
03543 
03544                     if(   rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03545                        || rsbac_get_owner(&caller)
03546                        || (   (entry.owner != caller)
03547                            && (entry.type != ACLG_GLOBAL)
03548                           )
03549                       )
03550                       return(-RSBAC_EINVALIDVALUE);
03551                   }
03552                 break;
03553               #if defined(CONFIG_RSBAC_RC)
03554               case ACLS_ROLE:
03555                 if(k_arg.subj_id > RC_role_max_value)
03556                   {
03557                     rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid role %u!\n", k_arg.subj_id);
03558                     return(-RSBAC_EINVALIDVALUE);
03559                   }
03560                 break;
03561               #endif
03562               default:
03563                 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid subject type %u!\n", k_arg.subj_type);
03564                 return(-RSBAC_EINVALIDVALUE);
03565             }
03566           if(   (call == ACLC_remove_user)
03567              && (k_arg.target != T_USER)
03568             )
03569             return -RSBAC_EINVALIDTARGET;
03570           
03571         }
03572         
03573       /* call acl function */
03574       switch(call)
03575         {
03576           case ACLC_set_acl_entry:
03577             err = rsbac_acl_sys_set_acl_entry(ta_number,
03578                                               k_arg.target,
03579                                               k_arg.tid,
03580                                               k_arg.subj_type,
03581                                               k_arg.subj_id,
03582                                               k_arg.rights,
03583                                               k_arg.ttl);
03584             break;
03585           case ACLC_remove_acl_entry:
03586             err = rsbac_acl_sys_remove_acl_entry(ta_number,
03587                                                  k_arg.target,
03588                                                  k_arg.tid,
03589                                                  k_arg.subj_type,
03590                                                  k_arg.subj_id);
03591             break;
03592           case ACLC_remove_acl:
03593             err = rsbac_acl_sys_remove_acl(ta_number,
03594                                            k_arg.target,
03595                                            k_arg.tid);
03596             break;
03597           case ACLC_add_to_acl_entry:
03598             err = rsbac_acl_sys_add_to_acl_entry(ta_number,
03599                                                  k_arg.target,
03600                                                  k_arg.tid,
03601                                                  k_arg.subj_type,
03602                                                  k_arg.subj_id,
03603                                                  k_arg.rights,
03604                                                  k_arg.ttl);
03605             break;
03606           case ACLC_remove_from_acl_entry:
03607             err = rsbac_acl_sys_remove_from_acl_entry(ta_number,
03608                                                       k_arg.target,
03609                                                       k_arg.tid,
03610                                                       k_arg.subj_type,
03611                                                       k_arg.subj_id,
03612                                                       k_arg.rights);
03613             break;
03614           case ACLC_set_mask:
03615             err = rsbac_acl_sys_set_mask(ta_number,
03616                                          k_arg.target,
03617                                          k_arg.tid,
03618                                          k_arg.rights);
03619             break;
03620           case ACLC_remove_user:
03621             err = rsbac_acl_sys_remove_user(ta_number,
03622                                             k_arg.tid.user);
03623             break;
03624 
03625           default:
03626             err = -RSBAC_EINVALIDREQUEST;
03627         }
03628       return (err);
03629 #else
03630       return (-RSBAC_EINVALIDMODULE);
03631 #endif    
03632     }      /* end of sys_rsbac_acl() */
03633 
03634 
03635 int sys_rsbac_acl_n(
03636          rsbac_list_ta_number_t      ta_number,
03637   enum   rsbac_acl_syscall_type_t    call,
03638   struct rsbac_acl_syscall_n_arg_t * arg)
03639     {
03640 #if defined(CONFIG_RSBAC_ACL)
03641       struct dentry * t_dentry = NULL;
03642       int     err = 0;
03643       union rsbac_target_id_t  tid;
03644       struct rsbac_acl_syscall_n_arg_t k_arg;
03645 
03646       struct nameidata nd;
03647 
03648       if(call >= ACLC_none)
03649         return(-RSBAC_EINVALIDREQUEST);
03650       if(!arg)
03651         return(-RSBAC_EINVALIDPOINTER);
03652 
03653 #ifdef CONFIG_RSBAC_FREEZE
03654       if(rsbac_freeze)
03655         {
03656           rsbac_printk(KERN_WARNING
03657                        "sys_rsbac_acl_n(): RSBAC configuration frozen, no administration allowed!\n");
03658           return -EPERM;
03659         }
03660 #endif
03661 
03662       /* get values from user space */
03663       err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03664       if(err < 0)
03665         return err;
03666 
03667       if(k_arg.target >= T_NONE)
03668         return(-RSBAC_EINVALIDTARGET);
03669       if(call != ACLC_set_mask)
03670         {
03671           switch(k_arg.subj_type)
03672             {
03673               case ACLS_USER:
03674                 break;
03675               case ACLS_GROUP:
03676                 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03677                   {
03678                     struct rsbac_acl_group_entry_t entry;
03679                            rsbac_uid_t caller;
03680 
03681                     if(   rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03682                        || rsbac_get_owner(&caller)
03683                        || (   (entry.owner != caller)
03684                            && (entry.type != ACLG_GLOBAL)
03685                           )
03686                       )
03687                       return(-RSBAC_EINVALIDVALUE);
03688                   }
03689                 break;
03690               #if defined(CONFIG_RSBAC_RC)
03691               case ACLS_ROLE:
03692                 if(k_arg.subj_id > RC_role_max_value)
03693                   return(-RSBAC_EINVALIDVALUE);
03694                 break;
03695               #endif
03696               default:
03697                 return(-RSBAC_EINVALIDVALUE);
03698             }
03699         }
03700         
03701       if(k_arg.name)
03702         {
03703           /* lookup filename */
03704           if ((err = user_path_walk_link(k_arg.name, &nd)))
03705             {
03706 #ifdef CONFIG_RSBAC_DEBUG
03707               if (rsbac_debug_aef)
03708                 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): call to user_path_walk_link() returned %i\n", err);
03709 #endif
03710               goto out;
03711             }
03712           t_dentry = nd.dentry;
03713           if (!t_dentry->d_inode)
03714             {
03715 #ifdef CONFIG_RSBAC_DEBUG
03716               if (rsbac_debug_aef)
03717                 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): file not found\n");
03718 #endif
03719               err = -RSBAC_EINVALIDTARGET;
03720               goto out_dput;
03721             }
03722           tid.file.device = t_dentry->d_sb->s_dev;
03723           tid.file.inode  = t_dentry->d_inode->i_ino;
03724           tid.file.dentry_p = t_dentry;
03725         }
03726       else
03727         {
03728           tid.file.device = RSBAC_ZERO_DEV;
03729           tid.file.inode  = 0;
03730           tid.file.dentry_p = NULL;
03731         }
03732 
03733       switch (k_arg.target)
03734         {
03735           case T_FD:
03736             if(k_arg.name)
03737               {
03738                 if(S_ISREG(t_dentry->d_inode->i_mode))
03739                   {
03740                     k_arg.target = T_FILE;
03741                   }
03742                 else
03743                 if(S_ISDIR(t_dentry->d_inode->i_mode))
03744                   {
03745                     k_arg.target = T_DIR;
03746                   }
03747                 else
03748                 if(S_ISLNK(t_dentry->d_inode->i_mode))
03749                   {
03750                     k_arg.target = T_SYMLINK;
03751                   }
03752                 else
03753                 if(S_ISFIFO(t_dentry->d_inode->i_mode))
03754                   {
03755                     k_arg.target = T_FIFO;
03756                   }
03757                 else
03758                 if(S_ISSOCK(t_dentry->d_inode->i_mode))
03759                   {
03760                     k_arg.target = T_UNIXSOCK;
03761                   }
03762                 else
03763                 if(S_ISBLK(t_dentry->d_inode->i_mode))
03764                   {
03765                     k_arg.target = T_FILE;
03766                   }
03767                 else
03768                 if(S_ISCHR(t_dentry->d_inode->i_mode))
03769                   {
03770                     k_arg.target = T_FILE;
03771                   }
03772                 else
03773                   {
03774 #ifdef CONFIG_RSBAC_DEBUG
03775                     if (rsbac_debug_aef)
03776                       rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): no filesystem object\n");
03777 #endif
03778                     err = -RSBAC_EINVALIDTARGET;
03779                     goto out_dput;
03780                   }
03781               }
03782             else
03783               k_arg.target = T_FILE;
03784             break;
03785 
03786           case T_FILE:
03787             if(k_arg.name)
03788               {
03789                 /* is inode of type file, symlink or block/char device? */
03790                 if (   !(S_ISREG(t_dentry->d_inode->i_mode))
03791                     && !(S_ISBLK(t_dentry->d_inode->i_mode))
03792                     && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03793                   { /* This is no file or device */
03794                     err = -RSBAC_EINVALIDTARGET;
03795                     goto out_dput;
03796                   }
03797               }
03798             break;
03799 
03800           case T_DIR:
03801             if(k_arg.name)
03802               {
03803                 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
03804                   { /* This is no dir */
03805                     err = -RSBAC_EINVALIDTARGET;
03806                     goto out_dput;
03807                   }
03808               }
03809             break;
03810 
03811           case T_FIFO:
03812             if(k_arg.name)
03813               {
03814                 /* is inode of type fifo? */
03815                 if (   !(S_ISFIFO(t_dentry->d_inode->i_mode)))
03816                   { /* This is no file or device */
03817                     err = -RSBAC_EINVALIDTARGET;
03818                     goto out_dput;
03819                   }
03820               }
03821             break;
03822 
03823           case T_UNIXSOCK:
03824             if(k_arg.name)
03825               {
03826                 /* is inode of type fifo? */
03827                 if (   !(S_ISSOCK(t_dentry->d_inode->i_mode)))
03828                   {
03829                     err = -RSBAC_EINVALIDTARGET;
03830                     goto out_dput;
03831                   }
03832               }
03833             break;
03834 
03835           case T_SYMLINK:
03836             if(k_arg.name)
03837               {
03838                 /* is inode of type symlink? */
03839                 if (   !(S_ISLNK(t_dentry->d_inode->i_mode)))
03840                   { /* This is no file or device */
03841                     err = -RSBAC_EINVALIDTARGET;
03842                     goto out_dput;
03843                   }
03844               }
03845             break;
03846 
03847           case T_DEV:
03848             if(k_arg.name)
03849               {
03850                 /* is inode of type block/char device? */
03851                 if (   !(S_ISBLK(t_dentry->d_inode->i_mode))
03852                     && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03853                   { /* This is no file or device */
03854                     err = -RSBAC_EINVALIDTARGET;
03855                     goto out_dput;
03856                   }
03857                 /* fill target id and call internal function */
03858                 if(S_ISBLK(t_dentry->d_inode->i_mode))
03859                   tid.dev.type = D_block;
03860                 else
03861                   tid.dev.type = D_char;
03862                 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
03863                 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
03864               }
03865             else
03866               {
03867                 tid.dev = RSBAC_ZERO_DEV_DESC;
03868               }
03869             break;
03870 
03871           default:
03872             err = -RSBAC_EINVALIDTARGET;
03873             goto out_dput;
03874         }
03875       /* call acl function */
03876       switch(call)
03877         {
03878           case ACLC_set_acl_entry:
03879             err = rsbac_acl_sys_set_acl_entry(ta_number,
03880                                               k_arg.target,
03881                                               tid,
03882                                               k_arg.subj_type,
03883                                               k_arg.subj_id,
03884                                               k_arg.rights,
03885                                               k_arg.ttl);
03886             break;
03887           case ACLC_remove_acl_entry:
03888             err = rsbac_acl_sys_remove_acl_entry(ta_number,
03889                                                  k_arg.target,
03890                                                  tid,
03891                                                  k_arg.subj_type,
03892                                                  k_arg.subj_id);
03893             break;
03894           case ACLC_remove_acl:
03895             err = rsbac_acl_sys_remove_acl(ta_number,
03896                                            k_arg.target,
03897                                            tid);
03898             break;
03899           case ACLC_add_to_acl_entry:
03900             err = rsbac_acl_sys_add_to_acl_entry(ta_number,
03901                                                  k_arg.target,
03902                                                  tid,
03903                                                  k_arg.subj_type,
03904                                                  k_arg.subj_id,
03905                                                  k_arg.rights,
03906                                                  k_arg.ttl);
03907             break;
03908           case ACLC_remove_from_acl_entry:
03909             err = rsbac_acl_sys_remove_from_acl_entry(ta_number,
03910                                                       k_arg.target,
03911                                                       tid,
03912                                                       k_arg.subj_type,
03913                                                       k_arg.subj_id,
03914                                                       k_arg.rights);
03915             break;
03916           case ACLC_set_mask:
03917             err = rsbac_acl_sys_set_mask(ta_number,
03918                                          k_arg.target,
03919                                          tid,
03920                                          k_arg.rights);
03921             break;
03922 
03923           default:
03924             err = -RSBAC_EINVALIDREQUEST;
03925         }
03926 
03927 out_dput:
03928       if(k_arg.name)
03929         {
03930           path_release(&nd);
03931         }
03932 
03933 out:
03934       return(err);
03935 #else
03936       return (-RSBAC_EINVALIDMODULE);
03937 #endif    
03938     }      /* end of sys_rsbac_acl_n() */
03939 
03940 /************************************************************************** */
03941 
03942 int sys_rsbac_acl_get_rights(
03943          rsbac_list_ta_number_t      ta_number,
03944   struct rsbac_acl_syscall_arg_t   * arg,
03945          rsbac_acl_rights_vector_t * rights_p,
03946          u_int                       effective)
03947     { 
03948 #if defined(CONFIG_RSBAC_ACL)
03949       struct rsbac_acl_syscall_arg_t k_arg;
03950       rsbac_acl_rights_vector_t k_rights = 0;
03951       int   err = 0;
03952       
03953       if(!arg || !rights_p)
03954         return(-RSBAC_EINVALIDPOINTER);
03955       /* get values from user space */
03956       rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03957 
03958       if(k_arg.target >= T_NONE)
03959         return(-RSBAC_EINVALIDTARGET);
03960 /*      printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): target = %u, subj_type = %u, subj_id = %u!\n",
03961              k_arg.target, k_arg.subj_type, k_arg.subj_id); */
03962       switch(k_arg.subj_type)
03963         {
03964           case ACLS_USER:
03965             break;
03966           case ACLS_GROUP:
03967             if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03968               {
03969                 struct rsbac_acl_group_entry_t entry;
03970                        rsbac_uid_t caller;
03971 
03972                 if(   rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03973                    || rsbac_get_owner(&caller)
03974                    || (   (entry.owner != caller)
03975                        && (entry.type != ACLG_GLOBAL)
03976                       )
03977                   )
03978                   return(-RSBAC_EINVALIDVALUE);
03979               }
03980             break;
03981           case ACLS_ROLE:
03982           #if defined(CONFIG_RSBAC_RC)
03983             if(k_arg.subj_id > RC_role_max_value)
03984               return(-RSBAC_EINVALIDVALUE);
03985           #endif
03986             break;
03987           default:
03988             rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): Invalid subject type %u!\n", k_arg.subj_type);
03989             return(-RSBAC_EINVALIDVALUE);
03990         }
03991 
03992       /* call acl function */
03993       err = rsbac_acl_sys_get_rights(ta_number,
03994                                      k_arg.target,
03995                                      k_arg.tid,
03996                                      k_arg.subj_type,
03997                                      k_arg.subj_id,
03998                                      &k_rights,
03999                                      effective);
04000       if(!err)
04001         {
04002           err = rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) );
04003         }
04004       return (err);
04005 #else
04006     return (-RSBAC_EINVALIDMODULE);
04007 #endif    
04008     }      /* end of sys_rsbac_acl_get_rights() */
04009 
04010 
04011 int sys_rsbac_acl_get_rights_n(
04012          rsbac_list_ta_number_t      ta_number,
04013   struct rsbac_acl_syscall_n_arg_t * arg,
04014          rsbac_acl_rights_vector_t * rights_p,
04015          u_int                       effective)
04016     {
04017 #if defined(CONFIG_RSBAC_ACL)
04018       struct dentry * t_dentry = NULL;
04019       rsbac_boolean_t need_put = FALSE;
04020       int     err = 0;
04021       union rsbac_target_id_t  tid;
04022       struct rsbac_acl_syscall_n_arg_t k_arg;
04023       rsbac_acl_rights_vector_t k_rights = 0;
04024       
04025       struct nameidata nd;
04026 
04027       if(!arg || !rights_p)
04028         return(-RSBAC_EINVALIDPOINTER);
04029       /* get values from user space */
04030       rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
04031 
04032       if(k_arg.target >= T_NONE)
04033         return(-RSBAC_EINVALIDTARGET);
04034       switch(k_arg.subj_type)
04035         {
04036           case ACLS_USER:
04037             break;
04038           case ACLS_GROUP:
04039             if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
04040               {
04041                 struct rsbac_acl_group_entry_t entry;
04042                        rsbac_uid_t caller;
04043 
04044                 if(   rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
04045                    || rsbac_get_owner(&caller)
04046                    || (   (entry.owner != caller)
04047                        && (entry.type != ACLG_GLOBAL)
04048                       )
04049                   )
04050                   return(-RSBAC_EINVALIDVALUE);
04051               }
04052             break;
04053           case ACLS_ROLE:
04054           #if defined(CONFIG_RSBAC_RC)
04055             if(k_arg.subj_id > RC_role_max_value)
04056               return(-RSBAC_EINVALIDVALUE);
04057           #endif
04058             break;
04059           default:
04060             return(-RSBAC_EINVALIDVALUE);
04061         }
04062         
04063       switch (k_arg.target)
04064         {
04065           case T_FD:
04066           case T_FILE:
04067           case T_DIR:
04068           case T_FIFO:
04069           case T_UNIXSOCK:
04070           case T_SYMLINK:
04071             if(k_arg.name)
04072               {
04073                 if ((err = user_path_walk_link(k_arg.name, &nd)))
04074                   {
04075 #ifdef CONFIG_RSBAC_DEBUG
04076                     if (rsbac_debug_aef_acl)
04077                       rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err);
04078 #endif
04079                     goto out;
04080                    }
04081                 t_dentry = nd.dentry;
04082                 need_put = TRUE;
04083                 if (!t_dentry->d_inode)
04084                   {
04085                     err = -RSBAC_EINVALIDTARGET;
04086                     goto out_dput;
04087                   }
04088                 /* is inode of type file, symlink or block/char device? */
04089                 switch(k_arg.target)
04090                   {
04091                     case T_FD:
04092                       if(S_ISREG(t_dentry->d_inode->i_mode))
04093                         {
04094                           k_arg.target = T_FILE;
04095                         }
04096                       else
04097                       if(S_ISDIR(t_dentry->d_inode->i_mode))
04098                         {
04099                           k_arg.target = T_DIR;
04100                         }
04101                       else
04102                       if(S_ISLNK(t_dentry->d_inode->i_mode))
04103                         {
04104                           k_arg.target = T_SYMLINK;
04105                         }
04106                       else
04107                       if(S_ISFIFO(t_dentry->d_inode->i_mode))
04108                         {
04109                           k_arg.target = T_FIFO;
04110                         }
04111                       else
04112                       if(S_ISSOCK(t_dentry->d_inode->i_mode))
04113                         {
04114                           k_arg.target = T_UNIXSOCK;
04115                         }
04116                       else
04117                       if(S_ISBLK(t_dentry->d_inode->i_mode))
04118                         {
04119                           k_arg.target = T_FILE;
04120                         }
04121                       else
04122                       if(S_ISCHR(t_dentry->d_inode->i_mode))
04123                         {
04124                           k_arg.target = T_FILE;
04125                         }
04126                       else
04127                         { /* This is no file or device */
04128                           err = -RSBAC_EINVALIDTARGET;
04129                           goto out_dput;
04130                         }
04131                       break;
04132                     case T_FILE:
04133                       if (   !(S_ISREG(t_dentry->d_inode->i_mode))
04134                           && !(S_ISBLK(t_dentry->d_inode->i_mode))
04135                           && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04136                         { /* This is no file or device */
04137                           err = -RSBAC_EINVALIDTARGET;
04138                           goto out_dput;
04139                         }
04140                       break;
04141                     case T_DIR:
04142                       if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
04143                         { /* This is no dir */
04144                           err = -RSBAC_EINVALIDTARGET;
04145                           goto out_dput;
04146                         }
04147                       break;
04148                     case T_FIFO:
04149                       /* is inode of type fifo? */
04150                       if (   !(S_ISFIFO(t_dentry->d_inode->i_mode)))
04151                         { /* This is no fifo */
04152                           err = -RSBAC_EINVALIDTARGET;
04153                           goto out_dput;
04154                         }
04155                       break;
04156                     case T_UNIXSOCK:
04157                       if (   !(S_ISSOCK(t_dentry->d_inode->i_mode)))
04158                         {
04159                           err = -RSBAC_EINVALIDTARGET;
04160                           goto out_dput;
04161                         }
04162                       break;
04163                     case T_SYMLINK:
04164                       /* is inode of type symlink? */
04165                       if (   !(S_ISLNK(t_dentry->d_inode->i_mode)))
04166                         { /* This is no symlink */
04167                           err = -RSBAC_EINVALIDTARGET;
04168                           goto out_dput;
04169                         }
04170                       break;
04171                     default:
04172                       err = -RSBAC_EINVALIDTARGET;
04173                       goto out_dput;
04174                   }
04175                 tid.file.device = t_dentry->d_sb->s_dev;
04176                 tid.file.inode  = t_dentry->d_inode->i_ino;
04177                 tid.file.dentry_p = t_dentry;
04178               }
04179             else
04180               {
04181                 if(k_arg.target == T_FD)
04182                   k_arg.target = T_FILE;
04183                 tid.file.device = RSBAC_ZERO_DEV;
04184                 tid.file.inode  = 0;
04185                 tid.file.dentry_p = NULL;
04186               }
04187             break;
04188 
04189           case T_DEV:
04190             if(k_arg.name)
04191               {
04192                 if ((err = user_path_walk_link(k_arg.name, &nd)))
04193                   {
04194 #ifdef CONFIG_RSBAC_DEBUG
04195                     if (rsbac_debug_aef_acl)
04196                       rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err);
04197 #endif
04198                     goto out;
04199                    }
04200                 t_dentry = nd.dentry;
04201                 need_put = TRUE;
04202                 if (!t_dentry->d_inode)
04203                   {
04204                     err = -RSBAC_EINVALIDTARGET;
04205                     goto out_dput;
04206                   }
04207                 /* is inode of type file, symlink or block/char device? */
04208                 if (   !(S_ISBLK(t_dentry->d_inode->i_mode))
04209                     && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04210                   { /* This is no file or device */
04211                     err = -RSBAC_EINVALIDTARGET;
04212                     goto out_dput;
04213                   }
04214                 /* fill target id and call internal function */
04215                 if(S_ISBLK(t_dentry->d_inode->i_mode))
04216                   tid.dev.type = D_block;
04217                 else
04218                   tid.dev.type = D_char;
04219                 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
04220                 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
04221               }
04222             else
04223               {
04224                 tid.dev = RSBAC_ZERO_DEV_DESC;
04225               }
04226             break;
04227 
04228           default:
04229             return -RSBAC_EINVALIDTARGET;
04230         }
04231 
04232       /* call acl function */
04233       err = rsbac_acl_sys_get_rights(ta_number,
04234                                      k_arg.target,
04235                                      tid,
04236                                      k_arg.subj_type,
04237                                      k_arg.subj_id,
04238                                      &k_rights,
04239                                      effective);
04240 
04241 out_dput:
04242       if(need_put)
04243         path_release(&nd);
04244 out:
04245       if(!err)
04246         {
04247           rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) );
04248         }
04249       return(err);
04250 #else
04251     return (-RSBAC_EINVALIDMODULE);
04252 #endif    
04253     }      /* end of sys_rsbac_acl_get_rights_n() */
04254 
04255 /************************************************************************** */
04256 
04257 int sys_rsbac_acl_get_tlist (
04258          rsbac_list_ta_number_t      ta_number,
04259   enum   rsbac_target_t              target,
04260   union  rsbac_target_id_t         * tid,
04261   struct rsbac_acl_entry_t           entry_array[],
04262          rsbac_time_t                ttl_array[],
04263          u_int                       maxnum)
04264     { 
04265 #if defined(CONFIG_RSBAC_ACL)
04266       union  rsbac_target_id_t   k_tid;
04267       struct rsbac_acl_entry_t * k_entry_p;
04268              rsbac_time_t      * k_ttl_p;
04269              int   err = 0;
04270 
04271       if(!tid || (target >= T_NONE))
04272         return(-RSBAC_EINVALIDTARGET);
04273       if(!entry_array)
04274         return(-RSBAC_EINVALIDPOINTER);
04275       if(!maxnum)
04276         return(-RSBAC_EINVALIDVALUE);
04277       if(maxnum > RSBAC_ACL_MAX_MAXNUM)
04278         maxnum = RSBAC_ACL_MAX_MAXNUM;
04279 
04280       /* get values from user space */
04281       err = rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
04282       if(err)
04283         return err;
04284       switch (target) {
04285               case T_FD:
04286                       return -RSBAC_EINVALIDTARGET;
04287               case T_FILE:
04288               case T_DIR:
04289               case T_FIFO:
04290               case T_UNIXSOCK:
04291               case T_SYMLINK:
04292                       k_tid.file.dentry_p = NULL;
04293                       k_tid.dir.dentry_p = NULL;
04294               default:
04295                       break;
04296       }
04297 
04298       /* call acl function */
04299       err = rsbac_acl_sys_get_tlist(ta_number, target, k_tid, &k_entry_p, &k_ttl_p);
04300       if(err>0)
04301         {
04302           if(err > maxnum)
04303             err = maxnum;
04304           rsbac_put_user((u_char *) k_entry_p,
04305                          (u_char *) entry_array,
04306                          err * sizeof(*k_entry_p) );
04307           if(ttl_array)
04308             {
04309               rsbac_put_user((u_char *) k_ttl_p,
04310                              (u_char *) ttl_array,
04311                              err * sizeof(*k_ttl_p) );
04312             }
04313           rsbac_vfree(k_entry_p);
04314           rsbac_vfree(k_ttl_p);
04315         }
04316       return (err);
04317 #else
04318     return (-RSBAC_EINVALIDMODULE);
04319 #endif    
04320     }      /* end of sys_rsbac_acl_get_tlist() */
04321 
04322 int sys_rsbac_acl_get_tlist_n(
04323          rsbac_list_ta_number_t   ta_number,
04324   enum   rsbac_target_t           target,
04325          char                   * t_name,
04326   struct rsbac_acl_entry_t        entry_array[],
04327          rsbac_time_t             ttl_array[],
04328          u_int                    maxnum)
04329     {
04330 #if defined(CONFIG_RSBAC_ACL)
04331       struct dentry * t_dentry = NULL;
04332       struct rsbac_acl_entry_t * k_entry_p;
04333       rsbac_time_t * k_ttl_p;
04334       rsbac_boolean_t need_put = FALSE;
04335       int     err = 0;
04336       union rsbac_target_id_t  tid;
04337       
04338       struct nameidata nd;
04339         
04340       if(target >= T_NONE)
04341         return(-RSBAC_EINVALIDTARGET);
04342       if(!entry_array)
04343         return(-RSBAC_EINVALIDPOINTER);
04344 
04345       switch (target)
04346         {
04347           case T_FD:
04348           case T_FILE:
04349           case T_DIR:
04350           case T_FIFO:
04351           case T_UNIXSOCK:
04352           case T_SYMLINK:
04353             if(t_name)
04354               {
04355                 if ((err = user_path_walk_link(t_name, &nd)))
04356                   {
04357 #ifdef CONFIG_RSBAC_DEBUG
04358                     if (rsbac_debug_aef_acl)
04359                       rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err);
04360 #endif
04361                     goto out;
04362                    }
04363                 t_dentry = nd.dentry;
04364                 need_put = TRUE;
04365                 if (!t_dentry->d_inode)
04366                   {
04367                     err = -RSBAC_EINVALIDTARGET;
04368                     goto out_dput;
04369                   }
04370                 /* is inode of type file, symlink or block/char device? */
04371                 switch(target)
04372                   {
04373                     case T_FD:
04374                       if(S_ISREG(t_dentry->d_inode->i_mode))
04375                         {
04376                           target = T_FILE;
04377                         }
04378                       else
04379                       if(S_ISDIR(t_dentry->d_inode->i_mode))
04380                         {
04381                           target = T_DIR;
04382                         }
04383                       else
04384                       if(S_ISLNK(t_dentry->d_inode->i_mode))
04385                         {
04386                           target = T_SYMLINK;
04387                         }
04388                       else
04389                       if(S_ISFIFO(t_dentry->d_inode->i_mode))
04390                         {
04391                           target = T_FIFO;
04392                         }
04393                       else
04394                       if(S_ISSOCK(t_dentry->d_inode->i_mode))
04395                         {
04396                           target = T_UNIXSOCK;
04397                         }
04398                       else
04399                       if(S_ISBLK(t_dentry->d_inode->i_mode))
04400                         {
04401                           target = T_FILE;
04402                         }
04403                       else
04404                       if(S_ISCHR(t_dentry->d_inode->i_mode))
04405                         {
04406                           target = T_FILE;
04407                         }
04408                       else
04409                         { /* This is no file or device */
04410                           err = -RSBAC_EINVALIDTARGET;
04411                           goto out_dput;
04412                         }
04413                       break;
04414                     case T_FILE:
04415                       if (   !(S_ISREG(t_dentry->d_inode->i_mode))
04416                           && !(S_ISBLK(t_dentry->d_inode->i_mode))
04417                           && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04418                         { /* This is no file or device */
04419                           err = -RSBAC_EINVALIDTARGET;
04420                           goto out_dput;
04421                         }
04422                       break;
04423                     case T_DIR:
04424                       if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
04425                         { /* This is no dir */
04426                           err = -RSBAC_EINVALIDTARGET;
04427                           goto out_dput;
04428                         }
04429                       break;
04430                     case T_FIFO:
04431                       /* is inode of type fifo? */
04432                       if (   !(S_ISFIFO(t_dentry->d_inode->i_mode)))
04433                         { /* This is no fifo */
04434                           err = -RSBAC_EINVALIDTARGET;
04435                           goto out_dput;
04436                         }
04437                       break;
04438                     case T_UNIXSOCK:
04439                       if (   !(S_ISSOCK(t_dentry->d_inode->i_mode)))
04440                         {
04441                           err = -RSBAC_EINVALIDTARGET;
04442                           goto out_dput;
04443                         }
04444                       break;
04445                     case T_SYMLINK:
04446                       /* is inode of type symlink? */
04447                       if (   !(S_ISLNK(t_dentry->d_inode->i_mode)))
04448                         { /* This is no symlink */
04449                           err = -RSBAC_EINVALIDTARGET;
04450                           goto out_dput;
04451                         }
04452                       break;
04453                     default:
04454                       err = -RSBAC_EINVALIDTARGET;
04455                       goto out_dput;
04456                   }
04457                 tid.file.device = t_dentry->d_sb->s_dev;
04458                 tid.file.inode  = t_dentry->d_inode->i_ino;
04459                 tid.file.dentry_p = t_dentry;
04460               }
04461             else
04462               {
04463                 if(target == T_FD)
04464                   target = T_FILE;
04465                 tid.file.device = RSBAC_ZERO_DEV;
04466                 tid.file.inode  = 0;
04467                 tid.file.dentry_p = NULL;
04468               }
04469             break;
04470 
04471           case T_DEV:
04472             if(t_name)
04473               {
04474                 if ((err = user_path_walk_link(t_name, &nd)))
04475                   {
04476 #ifdef CONFIG_RSBAC_DEBUG
04477                     if (rsbac_debug_aef_acl)
04478                       rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err);
04479 #endif
04480                     goto out;
04481                    }
04482                 t_dentry = nd.dentry;
04483                 need_put = TRUE;
04484                 if (!t_dentry->d_inode)
04485                   {
04486                     err = -RSBAC_EINVALIDTARGET;
04487                     goto out_dput;
04488                   }
04489                 /* is inode of type file, symlink or block/char device? */
04490                 if (   !(S_ISBLK(t_dentry->d_inode->i_mode))
04491                     && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04492                   { /* This is no file or device */
04493                     err = -RSBAC_EINVALIDTARGET;
04494                     goto out_dput;
04495                   }
04496                 /* fill target id and call internal function */
04497                 if(S_ISBLK(t_dentry->d_inode->i_mode))
04498                   tid.dev.type = D_block;
04499                 else
04500                   tid.dev.type = D_char;
04501                 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
04502                 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
04503               }
04504             else
04505               {
04506                 tid.dev = RSBAC_ZERO_DEV_DESC;
04507               }
04508             break;
04509 
04510           default:
04511             return -RSBAC_EINVALIDTARGET;
04512         }
04513       /* call ACL function */
04514       err = rsbac_acl_sys_get_tlist(ta_number, target, tid,
04515                                     &k_entry_p, &k_ttl_p);
04516 
04517 out_dput:
04518       if(need_put)
04519         path_release(&nd);
04520 out:
04521       if(err>0)
04522         {
04523           if(err > maxnum)
04524             err = maxnum;
04525           rsbac_put_user((u_char *) k_entry_p,
04526                          (u_char *) entry_array,
04527                          err * sizeof(*k_entry_p) );
04528           if(ttl_array)
04529             {
04530               rsbac_put_user((u_char *) k_ttl_p,
04531                              (u_char *) ttl_array,
04532                              err * sizeof(*k_ttl_p) );
04533             }
04534           rsbac_vfree(k_entry_p);
04535           rsbac_vfree(k_ttl_p);
04536         }
04537       return(err);
04538 
04539 #else
04540     return (-RSBAC_EINVALIDMODULE);
04541 #endif    
04542     }      /* end of sys_rsbac_acl_get_tlist_n() */
04543 
04544 /************************************************************************** */
04545 
04546 int sys_rsbac_acl_get_mask (
04547          rsbac_list_ta_number_t      ta_number,
04548   enum   rsbac_target_t              target,
04549   union  rsbac_target_id_t         * tid,
04550          rsbac_acl_rights_vector_t * mask_p)
04551     { 
04552 #if defined(CONFIG_RSBAC_ACL)
04553       union  rsbac_target_id_t k_tid;
04554              rsbac_acl_rights_vector_t k_mask;
04555              int   err = 0;
04556       
04557       if(!tid || (target >= T_NONE))
04558         return(-RSBAC_EINVALIDTARGET);
04559       if(!mask_p)
04560         return(-RSBAC_EINVALIDPOINTER);
04561 
04562       /* get values from user space */
04563       rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
04564       switch (target) {
04565               case T_FD:
04566                       return -RSBAC_EINVALIDTARGET;
04567               case T_FILE:
04568               case T_DIR:
04569               case T_FIFO:
04570               case T_UNIXSOCK:
04571               case T_SYMLINK:
04572                       k_tid.file.dentry_p = NULL;
04573                       k_tid.dir.dentry_p = NULL;
04574               default:
04575                       break;
04576       }
04577       /* call acl function */
04578       err = rsbac_acl_sys_get_mask(ta_number, target, k_tid, &k_mask);
04579       if(!err)
04580         {
04581           rsbac_put_user((u_char *) &k_mask,
04582                          (u_char *) mask_p,
04583                          sizeof(k_mask) );
04584         }
04585       return err;
04586 #else
04587     return -RSBAC_EINVALIDMODULE;
04588 #endif    
04589     }      /* end of sys_rsbac_acl_get_mask() */
04590 
04591 int sys_rsbac_acl_get_mask_n(
04592        rsbac_list_ta_number_t      ta_number,
04593   enum rsbac_target_t              target,
04594        char                      * t_name,
04595        rsbac_acl_rights_vector_t * mask_p)
04596     {
04597 #if defined(CONFIG_RSBAC_ACL)
04598       struct dentry * t_dentry = NULL;
04599       rsbac_acl_rights_vector_t k_mask;
04600       rsbac_boolean_t need_put = FALSE;
04601       int     err = 0;
04602       union rsbac_target_id_t  tid;
04603 
04604       struct nameidata nd;
04605 
04606       if(target >= T_NONE)
04607         return(-RSBAC_EINVALIDTARGET);
04608       if(!mask_p)
04609         return(-RSBAC_EINVALIDPOINTER);
04610 
04611       switch (target)
04612         {
04613           case T_FD:
04614           case T_FILE:
04615           case T_DIR:
04616           case T_FIFO:
04617           case T_UNIXSOCK:
04618           case T_SYMLINK:
04619             if(t_name)
04620               {
04621                 if ((err = user_path_walk_link(t_name, &nd)))
04622                   {
04623 #ifdef CONFIG_RSBAC_DEBUG
04624                     if (rsbac_debug_aef_acl)
04625                       rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err);
04626 #endif
04627                     goto out;
04628                    }
04629                 t_dentry = nd.dentry;
04630                 need_put = TRUE;
04631                 if (!t_dentry->d_inode)
04632                   {
04633                     err = -RSBAC_EINVALIDTARGET;
04634                     goto out_dput;
04635                   }
04636                 /* is inode of type file, symlink or block/char device? */
04637                 switch(target)
04638                   {
04639                     case T_FD:
04640                       if(S_ISREG(t_dentry->d_inode->i_mode))
04641                         {
04642                           target = T_FILE;
04643                         }
04644                       else
04645                       if(S_ISDIR(t_dentry->d_inode->i_mode))
04646                         {
04647                           target = T_DIR;
04648                         }
04649                       else
04650                       if(S_ISLNK(t_dentry->d_inode->i_mode))
04651                         {
04652                           target = T_SYMLINK;
04653                         }
04654                       else
04655                       if(S_ISFIFO(t_dentry->d_inode->i_mode))
04656                         {
04657                           target = T_FIFO;
04658                         }
04659                       else
04660                       if(S_ISSOCK(t_dentry->d_inode->i_mode))
04661                         {
04662                           target = T_UNIXSOCK;
04663                         }
04664                       else
04665                       if(S_ISBLK(t_dentry->d_inode->i_mode))
04666                         {
04667                           target = T_FILE;
04668                         }
04669                       else
04670                       if(S_ISCHR(t_dentry->d_inode->i_mode))
04671                         {
04672                           target = T_FILE;
04673                         }
04674                       else
04675                         { /* This is no file or device */
04676                           err = -RSBAC_EINVALIDTARGET;
04677                           goto out_dput;
04678                         }
04679                       break;
04680                     case T_FILE:
04681                       if (   !(S_ISREG(t_dentry->d_inode->i_mode))
04682                           && !(S_ISBLK(t_dentry->d_inode->i_mode))
04683                           && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04684                         { /* This is no file or device */
04685                           err = -RSBAC_EINVALIDTARGET;
04686                           goto out_dput;
04687                         }
04688                       break;
04689                     case T_DIR:
04690                       if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
04691                         { /* This is no dir */
04692                           err = -RSBAC_EINVALIDTARGET;
04693                           goto out_dput;
04694                         }
04695                       break;
04696                     case T_FIFO:
04697                       if (   !(S_ISFIFO(t_dentry->d_inode->i_mode)))
04698                         { /* This is no fifo */
04699                           err = -RSBAC_EINVALIDTARGET;
04700                           goto out_dput;
04701                         }
04702                       break;
04703                     case T_UNIXSOCK:
04704                       if (   !(S_ISSOCK(t_dentry->d_inode->i_mode)))
04705                         {
04706                           err = -RSBAC_EINVALIDTARGET;
04707                           goto out_dput;
04708                         }
04709                       break;
04710                     case T_SYMLINK:
04711                       if (   !(S_ISLNK(t_dentry->d_inode->i_mode)))
04712                         { /* This is no symlink */
04713                           err = -RSBAC_EINVALIDTARGET;
04714                           goto out_dput;
04715                         }
04716                       break;
04717                     default:
04718                       err = -RSBAC_EINVALIDTARGET;
04719                       goto out_dput;
04720                   }
04721                 tid.file.device = t_dentry->d_sb->s_dev;
04722                 tid.file.inode  = t_dentry->d_inode->i_ino;
04723                 tid.file.dentry_p = t_dentry;
04724               }
04725             else
04726               {
04727                 if(target == T_FD)
04728                   target = T_FILE;
04729                 tid.file.device = RSBAC_ZERO_DEV;
04730                 tid.file.inode  = 0;
04731                 tid.file.dentry_p = NULL;
04732               }
04733             break;
04734 
04735           case T_DEV:
04736             if(t_name)
04737               {
04738                 if ((err = user_path_walk_link(t_name, &nd)))
04739                   {
04740 #ifdef CONFIG_RSBAC_DEBUG
04741                     if (rsbac_debug_aef_acl)
04742                       rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err);
04743 #endif
04744                     goto out;
04745                    }
04746                 t_dentry = nd.dentry;
04747                 need_put = TRUE;
04748                 if (!t_dentry->d_inode)
04749                   {
04750                     err = -RSBAC_EINVALIDTARGET;
04751                     goto out_dput;
04752                   }
04753                 /* is inode of type block/char device? */
04754                 if (   !(S_ISBLK(t_dentry->d_inode->i_mode))
04755                     && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04756                   { /* This is no file or device */
04757                     err = -RSBAC_EINVALIDTARGET;
04758                     goto out_dput;
04759                   }
04760                 /* fill target id and call internal function */
04761                 if(S_ISBLK(t_dentry->d_inode->i_mode))
04762                   tid.dev.type = D_block;
04763                 else
04764                   tid.dev.type = D_char;
04765                 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev);
04766                 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev);
04767               }
04768             else
04769               {
04770                 tid.dev = RSBAC_ZERO_DEV_DESC;
04771               }
04772             break;
04773 
04774           default:
04775             return -RSBAC_EINVALIDTARGET;
04776         }
04777       /* call ACL function */
04778       err = rsbac_acl_sys_get_mask(ta_number, target, tid, &k_mask);
04779 
04780 out_dput:
04781       if(need_put)
04782         path_release(&nd);
04783 out:
04784       if(!err)
04785         {
04786           rsbac_put_user((u_char *) &k_mask,
04787                          (u_char *) mask_p,
04788                          sizeof(k_mask) );
04789         }
04790       return(err);
04791 
04792 #else
04793     return (-RSBAC_EINVALIDMODULE);
04794 #endif    
04795     }      /* end of sys_rsbac_acl_get_mask_n() */
04796 
04797 /********  ACL groups *********/
04798 
04799 int sys_rsbac_acl_group(
04800         rsbac_list_ta_number_t           ta_number,
04801   enum  rsbac_acl_group_syscall_type_t   call,
04802   union rsbac_acl_group_syscall_arg_t  * arg_p)
04803     { 
04804 #if defined(CONFIG_RSBAC_ACL)
04805       union rsbac_acl_group_syscall_arg_t k_arg;
04806       int   err = 0;
04807 
04808       if(call >= ACLGS_none)
04809         return(-RSBAC_EINVALIDREQUEST);
04810       if(!arg_p)
04811         return(-RSBAC_EINVALIDPOINTER);
04812 
04813 #ifdef CONFIG_RSBAC_FREEZE
04814       if(rsbac_freeze)
04815         {
04816           switch(call)
04817             {
04818               case ACLGS_add_group:
04819               case ACLGS_change_group:
04820               case ACLGS_remove_group:
04821               case ACLGS_add_member:
04822               case ACLGS_remove_member:
04823                 rsbac_printk(KERN_WARNING
04824                              "sys_rsbac_acl_group(): RSBAC configuration frozen, no administration allowed!\n");
04825                 return -EPERM;
04826 
04827               default:
04828                 break;
04829             }
04830         }
04831 #endif
04832 
04833       /* get values from user space */
04834       err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) );
04835 
04836       /* call acl function */
04837       if(err >= 0)
04838         err = rsbac_acl_sys_group(ta_number, call, k_arg);
04839       return (err);
04840 #else
04841     return (-RSBAC_EINVALIDMODULE);
04842 #endif    
04843     }      /* end of sys_rsbac_acl() */
04844 
04845 int sys_rsbac_acl_list_all_dev(
04846   rsbac_list_ta_number_t ta_number,
04847   struct rsbac_dev_desc_t * id_p,
04848   u_long maxnum)
04849   {
04850 #if defined(CONFIG_RSBAC_ACL)
04851     int err = 0;
04852     long count;
04853     long count2;
04854 
04855     if(id_p && maxnum)
04856       {
04857         struct rsbac_dev_desc_t * k_id_p = NULL;
04858 
04859         count = rsbac_acl_list_all_major_dev(ta_number, &k_id_p);
04860         if(count < 0)
04861           return count;
04862         if(count > maxnum)
04863           count = maxnum;
04864 
04865         if(count)
04866           {
04867             err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
04868             rsbac_vfree(k_id_p);
04869             if(err)
04870               return err;
04871             id_p += count;
04872             maxnum -= count;
04873             if(!maxnum)
04874               return count;
04875           }
04876 
04877         count2 = rsbac_acl_list_all_dev(ta_number, &k_id_p);
04878         if(count2 < 0)
04879           return count2;
04880         if(count2 > maxnum)
04881           count2 = maxnum;
04882 
04883         if(count2)
04884           {
04885             err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count2 * sizeof(*k_id_p) );
04886             rsbac_vfree(k_id_p);
04887             if(err)
04888               return err;
04889             count += count2;
04890           }
04891         return count;
04892       }
04893     else
04894       {
04895         count = rsbac_acl_list_all_major_dev(ta_number, NULL);
04896         if(count < 0)
04897           return count;
04898         count2 = rsbac_acl_list_all_dev(ta_number, NULL);
04899         if(count2 < 0)
04900           return count2;
04901         else
04902           return count + count2;
04903       }
04904 #else
04905     return (-RSBAC_EINVALIDMODULE);
04906 #endif    
04907   }
04908 
04909 int sys_rsbac_acl_list_all_user(
04910   rsbac_list_ta_number_t ta_number,
04911   rsbac_uid_t * id_p,
04912   u_long maxnum)
04913   {
04914 #if defined(CONFIG_RSBAC_ACL)
04915     int err = 0;
04916     long count;
04917 
04918     if(id_p && maxnum)
04919       {
04920         rsbac_uid_t * k_id_p = NULL;
04921 
04922         count = rsbac_acl_list_all_user(ta_number, &k_id_p);
04923         if(count < 0)
04924           return count;
04925         if(count > maxnum)
04926           count = maxnum;
04927 
04928         if(count)
04929           {
04930             err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
04931             rsbac_vfree(k_id_p);
04932             if(err)
04933               return err;
04934           }
04935         return count;
04936       }
04937     else
04938       {
04939         return rsbac_acl_list_all_user(ta_number, NULL);
04940       }
04941 #else
04942     return (-RSBAC_EINVALIDMODULE);
04943 #endif    
04944   }
04945 
04946 int sys_rsbac_acl_list_all_group(
04947   rsbac_list_ta_number_t ta_number,
04948   rsbac_gid_t * id_p,
04949   u_long maxnum)
04950   {
04951 #ifdef CONFIG_RSBAC_ACL_UM_PROT
04952     int err = 0;
04953     long count;
04954 
04955     if(id_p && maxnum)
04956       {
04957         rsbac_gid_t * k_id_p = NULL;
04958 
04959         count = rsbac_acl_list_all_group(ta_number, &k_id_p);
04960         if(count < 0)
04961           return count;
04962         if(count > maxnum)
04963           count = maxnum;
04964 
04965         if(count)
04966           {
04967             err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
04968             rsbac_vfree(k_id_p);
04969             if(err)
04970               return err;
04971           }
04972         return count;
04973       }
04974     else
04975       {
04976         return rsbac_acl_list_all_group(ta_number, NULL);
04977       }
04978 #else
04979     return (-RSBAC_EINVALIDMODULE);
04980 #endif    
04981   }
04982 
04983 /********  JAIL *********/
04984 
04985 int sys_rsbac_jail(rsbac_version_t version,
04986                    char * path,
04987                    rsbac_jail_ip_t ip,
04988                    rsbac_jail_flags_t flags,
04989                    rsbac_cap_vector_t max_caps,
04990                    rsbac_jail_scd_vector_t scd_get,
04991                    rsbac_jail_scd_vector_t scd_modify)
04992     { 
04993 #if defined(CONFIG_RSBAC_JAIL)
04994       return rsbac_jail_sys_jail(version, path, ip, flags,
04995                                  max_caps, scd_get, scd_modify);
04996 #else
04997     return (-RSBAC_EINVALIDMODULE);
04998 #endif    
04999     }
05000 
05001 /********  UM *********/
05002 
05003 int sys_rsbac_um_auth_name(
05004   char * name,
05005   char * pass)
05006     { 
05007 #if defined(CONFIG_RSBAC_UM)
05008       rsbac_uid_t uid;
05009       int err;
05010       char * k_name;
05011       char * k_pass;
05012       union rsbac_target_id_t i_tid;
05013       union rsbac_attribute_value_t i_attr_val;
05014 #ifdef CONFIG_RSBAC_DEBUG
05015       if (rsbac_debug_aef_um)
05016         {
05017           rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user\n");
05018         }
05019 #endif
05020       if(!name || !pass)
05021         {
05022 #ifdef CONFIG_RSBAC_DEBUG
05023           if (rsbac_debug_aef_um)
05024             {
05025               rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): NULL name or pass\n");
05026             }
05027 #endif
05028           return -RSBAC_EINVALIDPOINTER;
05029         }
05030       k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN);
05031       if(!k_name)
05032         return -RSBAC_ENOMEM;
05033       k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05034       if(!k_pass)
05035         {
05036           rsbac_kfree(k_name);
05037           return -RSBAC_ENOMEM;
05038         }
05039       err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
05040       if(err)
05041         goto out_free;
05042       k_name[RSBAC_UM_NAME_LEN-1] = 0;
05043       err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
05044       if(err)
05045         goto out_free;
05046       k_pass[RSBAC_MAXNAMELEN-1] = 0;
05047 #if 0
05048 #ifdef CONFIG_RSBAC_DEBUG
05049       if (rsbac_debug_aef_um)
05050         {
05051           rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user %s with pass %s\n",
05052                        k_name, k_pass);
05053       }
05054 #endif
05055 #endif
05056       err = rsbac_um_get_uid(0, k_name, &uid);
05057       if(err) {
05058         if(err == -RSBAC_ENOTFOUND) {
05059           err = -EPERM;
05060           ssleep(1);
05061         }
05062         goto out_free;
05063       }
05064 
05065 #ifndef CONFIG_RSBAC_MAINT
05066 #ifdef CONFIG_RSBAC_DEBUG
05067     if (rsbac_debug_aef)
05068       {
05069         rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): calling ADF\n");
05070       }
05071 #endif
05072     i_tid.user = uid;
05073     i_attr_val.dummy = 0;
05074     if (!rsbac_adf_request(R_AUTHENTICATE,
05075                            current->pid,
05076                            T_USER,
05077                            i_tid,
05078                            A_none,
05079                            i_attr_val))
05080       {
05081         err = -EPERM;
05082         ssleep(1);
05083         goto out_free;
05084       }
05085 #endif /* MAINT */
05086 
05087       err = rsbac_um_check_pass(uid, k_pass);
05088       if(err) {
05089         if(err == -RSBAC_ENOTFOUND) {
05090           err = -EPERM;
05091         }
05092         goto out_free;
05093       }
05094 
05095 #ifdef CONFIG_RSBAC_AUTH
05096       /* set auth_last_auth for this process */
05097       i_tid.process = current->pid;
05098       i_attr_val.auth_last_auth = uid;
05099       if (rsbac_set_attr(SW_AUTH,
05100                          T_PROCESS,
05101                          i_tid,
05102                          A_auth_last_auth,
05103                          i_attr_val))
05104         {
05105           rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth);
05106         }
05107 #endif /* AUTH */
05108 
05109 out_free:
05110       rsbac_kfree(k_name);
05111       memset(k_pass, 0, RSBAC_MAXNAMELEN);
05112       rsbac_kfree(k_pass);
05113       return err;
05114 #else
05115     return (-RSBAC_EINVALIDMODULE);
05116 #endif    
05117     }
05118 
05119 int sys_rsbac_um_auth_uid(rsbac_uid_t uid,
05120                           char * pass)
05121     { 
05122 #if defined(CONFIG_RSBAC_UM)
05123       int err;
05124       char * k_pass;
05125       union rsbac_target_id_t i_tid;
05126       union rsbac_attribute_value_t i_attr_val;
05127 
05128       if(!pass)
05129         return -RSBAC_EINVALIDPOINTER;
05130       k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05131       if(!k_pass)
05132         return -RSBAC_ENOMEM;
05133       err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
05134       if(err)
05135         goto out_free;
05136       k_pass[RSBAC_MAXNAMELEN-1] = 0;
05137 
05138 #ifdef CONFIG_RSBAC_DEBUG
05139       if (rsbac_debug_aef_um)
05140         {
05141           rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_uid(): authenticating user %u with pass %s\n",
05142                        uid, k_pass);
05143       }
05144 #endif
05145 #ifndef CONFIG_RSBAC_MAINT
05146 #ifdef CONFIG_RSBAC_DEBUG
05147     if (rsbac_debug_aef)
05148       {
05149         rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_uid(): calling ADF\n");
05150       }
05151 #endif
05152     i_tid.user = uid;
05153     i_attr_val.dummy = 0;
05154     if (!rsbac_adf_request(R_AUTHENTICATE,
05155                            current->pid,
05156                            T_USER,
05157                            i_tid,
05158                            A_none,
05159                            i_attr_val))
05160       {
05161         err = -EPERM;
05162         ssleep(1);
05163         goto out_free;
05164       }
05165 #endif /* MAINT */
05166 
05167       err = rsbac_um_check_pass(uid, k_pass);
05168       if(err) {
05169         if(err == -RSBAC_ENOTFOUND) {
05170           err = -EPERM;
05171         }
05172         goto out_free;
05173       }
05174 
05175 #ifdef CONFIG_RSBAC_AUTH
05176       /* set auth_last_auth for this process */
05177       i_tid.process = current->pid;
05178       i_attr_val.auth_last_auth = uid;
05179       if (rsbac_set_attr(SW_AUTH,
05180                          T_PROCESS,
05181                          i_tid,
05182                          A_auth_last_auth,
05183                          i_attr_val))
05184         {
05185           rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth);
05186         }
05187 #endif /* AUTH */
05188 
05189 out_free:
05190       memset(k_pass, 0, RSBAC_MAXNAMELEN);
05191       rsbac_kfree(k_pass);
05192       return err;
05193 #else
05194     return (-RSBAC_EINVALIDMODULE);
05195 #endif    
05196     }
05197 
05198 int sys_rsbac_um_add_user(
05199   rsbac_list_ta_number_t ta_number,
05200   rsbac_uid_t uid,
05201   struct rsbac_um_user_entry_t * entry_p,
05202   char * pass,
05203   rsbac_time_t ttl)
05204     { 
05205 #if defined(CONFIG_RSBAC_UM)
05206       int err;
05207       struct rsbac_um_user_entry_t * k_entry_p;
05208       char * k_pass;
05209 #ifndef CONFIG_RSBAC_MAINT
05210     union rsbac_target_id_t       rsbac_target_id;
05211     union rsbac_target_id_t       rsbac_new_target_id;
05212     union rsbac_attribute_value_t rsbac_attribute_value;
05213 #endif
05214 
05215       if(!entry_p)
05216         return -RSBAC_EINVALIDPOINTER;
05217 
05218 #ifdef CONFIG_RSBAC_FREEZE_UM
05219       if(rsbac_freeze)
05220         {
05221           rsbac_printk(KERN_WARNING
05222                        "sys_rsbac_um_add_user(): RSBAC configuration frozen, no administration allowed!\n");
05223           return -EPERM;
05224         }
05225 #endif
05226 
05227 #ifndef CONFIG_RSBAC_MAINT
05228 #ifdef CONFIG_RSBAC_DEBUG
05229     if (rsbac_debug_aef)
05230       {
05231         rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_user(): calling ADF\n");
05232       }
05233 #endif
05234     rsbac_target_id.user = uid;
05235     rsbac_attribute_value.dummy = 0;
05236     if (!rsbac_adf_request(R_CREATE,
05237                            current->pid,
05238                            T_USER,
05239                            rsbac_target_id,
05240                            A_none,
05241                            rsbac_attribute_value))
05242       {
05243         return -EPERM;
05244       }
05245 #endif /* MAINT */
05246 
05247       k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p));
05248       if(!k_entry_p)
05249         return -RSBAC_ENOMEM;
05250       if(pass)
05251         {
05252           k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05253           if(!k_pass)
05254             {
05255               rsbac_kfree(k_entry_p);
05256               return -RSBAC_ENOMEM;
05257             }
05258         }
05259       else
05260         k_pass = NULL;
05261       err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p));
05262       if(err)
05263         goto out_free;
05264       if(!k_entry_p->name[0])
05265         {
05266           err = -RSBAC_EINVALIDVALUE;
05267           goto out_free;
05268         }
05269       if(pass)
05270         {
05271           err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
05272           if(err)
05273             goto out_free;
05274           k_pass[RSBAC_MAXNAMELEN-1] = 0;
05275         }
05276       err = rsbac_um_add_user(ta_number, &uid, k_entry_p, k_pass, ttl);
05277 
05278 #ifndef CONFIG_RSBAC_MAINT
05279       /* RSBAC: notify ADF of new user */
05280       if(!err)
05281         {
05282           rsbac_target_id.user = uid;
05283           rsbac_new_target_id.dummy = 0;
05284           if (rsbac_adf_set_attr(R_CREATE,
05285                                  current->pid,
05286                                  T_USER,
05287                                  rsbac_target_id,
05288                                  T_NONE,
05289                                  rsbac_new_target_id,
05290                                  A_none,
05291                                  rsbac_attribute_value))
05292             {
05293               rsbac_printk(KERN_WARNING
05294                            "sys_rsbac_um_add_user(): rsbac_adf_set_attr() returned error\n");
05295             }
05296         }
05297 #endif
05298 
05299 out_free:
05300       rsbac_kfree(k_entry_p);
05301       if(k_pass)
05302         {
05303           memset(k_pass, 0, RSBAC_MAXNAMELEN);
05304           rsbac_kfree(k_pass);
05305         }
05306       return err;
05307 #else
05308     return (-RSBAC_EINVALIDMODULE);
05309 #endif    
05310     }
05311 
05312 int sys_rsbac_um_add_group(
05313   rsbac_list_ta_number_t ta_number,
05314   rsbac_gid_t gid,
05315   struct rsbac_um_group_entry_t * entry_p,
05316   char * pass,
05317   rsbac_time_t ttl)
05318     { 
05319 #if defined(CONFIG_RSBAC_UM)
05320       int err;
05321       struct rsbac_um_group_entry_t * k_entry_p;
05322       char * k_pass;
05323 #ifndef CONFIG_RSBAC_MAINT
05324     union rsbac_target_id_t       rsbac_target_id;
05325     union rsbac_target_id_t       rsbac_new_target_id;
05326     union rsbac_attribute_value_t rsbac_attribute_value;
05327 #endif
05328 
05329     if(!entry_p)
05330       return -RSBAC_EINVALIDPOINTER;
05331 
05332 #ifdef CONFIG_RSBAC_FREEZE_UM
05333     if(rsbac_freeze)
05334       {
05335         rsbac_printk(KERN_WARNING
05336                      "sys_rsbac_um_add_group(): RSBAC configuration frozen, no administration allowed!\n");
05337         return -EPERM;
05338       }
05339 #endif
05340 
05341 #ifndef CONFIG_RSBAC_MAINT
05342 #ifdef CONFIG_RSBAC_DEBUG
05343     if (rsbac_debug_aef)
05344       {
05345         rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_group(): calling ADF\n");
05346       }
05347 #endif
05348     rsbac_target_id.group = gid;
05349     rsbac_attribute_value.dummy = 0;
05350     if (!rsbac_adf_request(R_CREATE,
05351                            current->pid,
05352                            T_GROUP,
05353                            rsbac_target_id,
05354                            A_none,
05355                            rsbac_attribute_value))
05356       {
05357         return -EPERM;
05358       }
05359 #endif /* MAINT */
05360 
05361       k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p));
05362       if(!k_entry_p)
05363         return -RSBAC_ENOMEM;
05364       if(pass)
05365         {
05366           k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05367           if(!k_pass)
05368             {
05369               rsbac_kfree(k_entry_p);
05370               return -RSBAC_ENOMEM;
05371             }
05372         }
05373       else
05374         k_pass = NULL;
05375       err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p));
05376       if(err)
05377         goto out_free;
05378       if(!k_entry_p->name[0])
05379         {
05380           err = -RSBAC_EINVALIDVALUE;
05381           goto out_free;
05382         }
05383       if(pass)
05384         {
05385           err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
05386           if(err)
05387             goto out_free;
05388           k_pass[RSBAC_MAXNAMELEN-1] = 0;
05389         }
05390       err = rsbac_um_add_group(ta_number, &gid, k_entry_p, k_pass, ttl);
05391 
05392 #ifndef CONFIG_RSBAC_MAINT
05393       /* RSBAC: notify ADF of new group */
05394       if(!err)
05395         {
05396           rsbac_target_id.group = gid;
05397           rsbac_new_target_id.dummy = 0;
05398           if (rsbac_adf_set_attr(R_CREATE,
05399                                  current->pid,
05400                                  T_GROUP,
05401                                  rsbac_target_id,
05402                                  T_NONE,
05403                                  rsbac_new_target_id,
05404                                  A_none,
05405                                  rsbac_attribute_value))
05406             {
05407               rsbac_printk(KERN_WARNING
05408                            "sys_rsbac_um_add_group(): rsbac_adf_set_attr() returned error\n");
05409             }
05410         }
05411 #endif
05412 
05413 out_free:
05414       rsbac_kfree(k_entry_p);
05415       if(k_pass)
05416         {
05417           memset(k_pass, 0, RSBAC_MAXNAMELEN);
05418           rsbac_kfree(k_pass);
05419         }
05420       return err;
05421 #else
05422     return (-RSBAC_EINVALIDMODULE);
05423 #endif    
05424     }
05425 
05426 int sys_rsbac_um_add_gm(
05427   rsbac_list_ta_number_t ta_number,
05428   rsbac_uid_t user,
05429   rsbac_gid_t group,
05430   rsbac_time_t ttl)
05431   {
05432 #if defined(CONFIG_RSBAC_UM)
05433 #ifndef CONFIG_RSBAC_MAINT
05434     union rsbac_target_id_t       rsbac_target_id;
05435     union rsbac_attribute_value_t rsbac_attribute_value;
05436 #endif
05437 
05438 #ifdef CONFIG_RSBAC_FREEZE_UM
05439     if(rsbac_freeze)
05440       {
05441         rsbac_printk(KERN_WARNING
05442                      "sys_rsbac_um_add_gm(): RSBAC configuration frozen, no administration allowed!\n");
05443         return -EPERM;
05444       }
05445 #endif
05446 
05447 #ifndef CONFIG_RSBAC_MAINT
05448 #ifdef CONFIG_RSBAC_DEBUG
05449     if (rsbac_debug_aef)
05450       {
05451         rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_gm(): calling ADF\n");
05452       }
05453 #endif
05454     rsbac_target_id.user = user;
05455     rsbac_attribute_value.group = group;
05456     if (!rsbac_adf_request(R_CHANGE_GROUP,
05457                            current->pid,
05458                            T_USER,
05459                            rsbac_target_id,
05460                            A_group,
05461                            rsbac_attribute_value))
05462       {
05463         return -EPERM;
05464       }
05465 #endif /* MAINT */
05466 
05467     return rsbac_um_add_gm(ta_number, user, group, ttl);
05468 #else
05469     return (-RSBAC_EINVALIDMODULE);
05470 #endif    
05471   }
05472 
05473 int sys_rsbac_um_mod_user(
05474   rsbac_list_ta_number_t ta_number,
05475   rsbac_uid_t uid,
05476   enum rsbac_um_mod_t mod,
05477   union rsbac_um_mod_data_t * data_p)
05478     { 
05479 #if defined(CONFIG_RSBAC_UM)
05480       int err;
05481       union rsbac_um_mod_data_t * k_data_p;
05482 #ifndef CONFIG_RSBAC_MAINT
05483     enum  rsbac_adf_request_t     rsbac_request;
05484     union rsbac_target_id_t       rsbac_target_id;
05485     enum  rsbac_attribute_t       rsbac_attribute = A_none;
05486     union rsbac_attribute_value_t rsbac_attribute_value;
05487 #endif
05488 
05489       if(mod >= UM_none)
05490         return -RSBAC_EINVALIDREQUEST;
05491       if(   !data_p
05492          && (mod != UM_pass)
05493         )
05494         return -RSBAC_EINVALIDPOINTER;
05495 
05496 #ifdef CONFIG_RSBAC_FREEZE_UM
05497     if(rsbac_freeze)
05498       {
05499         rsbac_printk(KERN_WARNING
05500                      "sys_rsbac_um_mod_user(): RSBAC configuration frozen, no administration allowed!\n");
05501         return -EPERM;
05502       }
05503 #endif
05504 
05505 #ifndef CONFIG_RSBAC_MAINT
05506 #ifdef CONFIG_RSBAC_DEBUG
05507     if (rsbac_debug_aef)
05508       {
05509         rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_user(): calling ADF\n");
05510       }
05511 #endif
05512     rsbac_attribute_value.dummy = 0;
05513     switch(mod)
05514       {
05515         case UM_name:
05516           rsbac_request = R_RENAME;
05517           break;
05518 
05519         case UM_pass:
05520         case UM_cryptpass:
05521           rsbac_request = R_MODIFY_PERMISSIONS_DATA;
05522           break;
05523 
05524         case UM_fullname:
05525           rsbac_request = R_WRITE;
05526           break;
05527 
05528         case UM_homedir:
05529           rsbac_request = R_WRITE;
05530           break;
05531 
05532         case UM_shell:
05533           rsbac_request = R_WRITE;
05534           break;
05535 
05536         case UM_group:
05537           rsbac_request = R_CHANGE_GROUP;
05538           rsbac_attribute = A_group;
05539           rsbac_attribute_value.group = data_p->group;
05540           break;
05541 
05542         case UM_lastchange:
05543           rsbac_request = R_WRITE;
05544           break;
05545 
05546         case UM_minchange:
05547           rsbac_request = R_WRITE;
05548           break;
05549 
05550         case UM_maxchange:
05551           rsbac_request = R_WRITE;
05552           break;
05553 
05554         case UM_warnchange:
05555           rsbac_request = R_WRITE;
05556           break;
05557 
05558         case UM_inactive:
05559           rsbac_request = R_WRITE;
05560           break;
05561 
05562         case UM_expire:
05563           rsbac_request = R_WRITE;
05564           break;
05565 
05566         case UM_ttl:
05567           rsbac_request = R_DELETE;
05568           break;
05569 
05570         default:
05571           return -RSBAC_EINVALIDREQUEST;
05572       }
05573     rsbac_target_id.user = uid;
05574     if (!rsbac_adf_request(rsbac_request,
05575                            current->pid,
05576                            T_USER,
05577                            rsbac_target_id,
05578                            rsbac_attribute,
05579                            rsbac_attribute_value))
05580       {
05581         return -EPERM;
05582       }
05583 #endif /* MAINT */
05584 
05585 
05586       if(data_p)
05587         {
05588           k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05589           if(!k_data_p)
05590             return -RSBAC_ENOMEM;
05591           err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p));
05592           if(err)
05593             {
05594               rsbac_kfree(k_data_p);
05595               return err;
05596             }
05597           k_data_p->string[RSBAC_MAXNAMELEN-1] = 0;
05598         }
05599       else
05600         k_data_p = NULL;
05601 
05602       err = rsbac_um_mod_user(ta_number, uid, mod, k_data_p);
05603 
05604       if(k_data_p)
05605         rsbac_kfree(k_data_p);
05606       return err;
05607 #else
05608     return (-RSBAC_EINVALIDMODULE);
05609 #endif    
05610     }
05611 
05612 int sys_rsbac_um_mod_group(
05613   rsbac_list_ta_number_t ta_number,
05614   rsbac_gid_t gid,
05615   enum rsbac_um_mod_t mod,
05616   union rsbac_um_mod_data_t * data_p)
05617     { 
05618 #if defined(CONFIG_RSBAC_UM)
05619       int err;
05620       union rsbac_um_mod_data_t * k_data_p;
05621 #ifndef CONFIG_RSBAC_MAINT
05622     enum  rsbac_adf_request_t     rsbac_request;
05623     union rsbac_target_id_t       rsbac_target_id;
05624     union rsbac_attribute_value_t rsbac_attribute_value;
05625 #endif
05626 
05627       if(mod >= UM_none)
05628         return -RSBAC_EINVALIDREQUEST;
05629       if(   !data_p
05630          && (mod != UM_pass)
05631         )
05632         return -RSBAC_EINVALIDPOINTER;
05633 
05634 #ifdef CONFIG_RSBAC_FREEZE_UM
05635     if(rsbac_freeze)
05636       {
05637         rsbac_printk(KERN_WARNING
05638                      "sys_rsbac_um_mod_group(): RSBAC configuration frozen, no administration allowed!\n");
05639         return -EPERM;
05640       }
05641 #endif
05642 
05643 #ifndef CONFIG_RSBAC_MAINT
05644 #ifdef CONFIG_RSBAC_DEBUG
05645     if (rsbac_debug_aef)
05646       {
05647         rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_group(): calling ADF\n");
05648       }
05649 #endif
05650     switch(mod)
05651       {
05652         case UM_name:
05653           rsbac_request = R_RENAME;
05654           break;
05655 
05656         case UM_pass:
05657         case UM_cryptpass:
05658           rsbac_request = R_MODIFY_PERMISSIONS_DATA;
05659           break;
05660 
05661         case UM_ttl:
05662           rsbac_request = R_DELETE;
05663           break;
05664 
05665         default:
05666           return -RSBAC_EINVALIDREQUEST;
05667       }
05668     rsbac_target_id.group = gid;
05669     rsbac_attribute_value.dummy = 0;
05670     if (!rsbac_adf_request(rsbac_request,
05671                            current->pid,
05672                            T_GROUP,
05673                            rsbac_target_id,
05674                            A_none,
05675                            rsbac_attribute_value))
05676       {
05677         return -EPERM;
05678       }
05679 #endif /* MAINT */
05680 
05681       if(data_p)
05682         {
05683           k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05684           if(!k_data_p)
05685             return -RSBAC_ENOMEM;
05686           err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p));
05687           if(err)
05688             {
05689               rsbac_kfree(k_data_p);
05690               return err;
05691             }
05692           k_data_p->string[RSBAC_MAXNAMELEN-1] = 0;
05693         }
05694       else
05695         k_data_p = NULL;
05696 
05697       err = rsbac_um_mod_group(ta_number, gid, mod, k_data_p);
05698 
05699       if(k_data_p)
05700         rsbac_kfree(k_data_p);
05701       return err;
05702 #else
05703     return (-RSBAC_EINVALIDMODULE);
05704 #endif    
05705     }
05706 
05707 int sys_rsbac_um_get_user_item(
05708   rsbac_list_ta_number_t ta_number,
05709   rsbac_uid_t uid,
05710   enum rsbac_um_mod_t mod,
05711   union rsbac_um_mod_data_t * data_p)
05712     { 
05713 #if defined(CONFIG_RSBAC_UM)
05714       int err;
05715       union rsbac_um_mod_data_t * k_data_p;
05716 #ifndef CONFIG_RSBAC_MAINT
05717     enum  rsbac_adf_request_t     rsbac_request;
05718     union rsbac_target_id_t       rsbac_target_id;
05719     union rsbac_attribute_value_t rsbac_attribute_value;
05720 #endif
05721 
05722       if(mod >= UM_none)
05723         return -RSBAC_EINVALIDREQUEST;
05724       if(!data_p)
05725         return -RSBAC_EINVALIDPOINTER;
05726 
05727 #ifndef CONFIG_RSBAC_MAINT
05728 #ifdef CONFIG_RSBAC_DEBUG
05729     if (rsbac_debug_aef)
05730       {
05731         rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_item(): calling ADF\n");
05732       }
05733 #endif
05734     rsbac_attribute_value.dummy = 0;
05735     switch(mod)
05736       {
05737         case UM_name:
05738           rsbac_request = R_SEARCH;
05739           break;
05740 
05741         case UM_group:
05742         case UM_fullname:
05743         case UM_homedir:
05744         case UM_shell:
05745           rsbac_request = R_GET_STATUS_DATA;
05746           break;
05747 
05748         case UM_pass:
05749           rsbac_request = R_GET_PERMISSIONS_DATA;
05750           break;
05751 
05752         case UM_lastchange:
05753         case UM_minchange:
05754         case UM_maxchange:
05755         case UM_warnchange:
05756         case UM_inactive:
05757         case UM_expire:
05758         case UM_ttl:
05759           rsbac_request = R_READ;
05760           break;
05761 
05762         default:
05763           return -RSBAC_EINVALIDREQUEST;
05764       }
05765     rsbac_target_id.user = uid;
05766     if (!rsbac_adf_request(rsbac_request,
05767                            current->pid,
05768                            T_USER,
05769                            rsbac_target_id,
05770                            A_none,
05771                            rsbac_attribute_value))
05772       {
05773         return -EPERM;
05774       }
05775 #endif /* MAINT */
05776 
05777       k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05778       if(!k_data_p)
05779         return -RSBAC_ENOMEM;
05780       memset(k_data_p, 0, sizeof(*k_data_p));
05781 
05782       err = rsbac_um_get_user_item(ta_number, uid, mod, k_data_p);
05783       if(!err)
05784         err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) );
05785       rsbac_kfree(k_data_p);
05786       return err;
05787 #else
05788     return (-RSBAC_EINVALIDMODULE);
05789 #endif    
05790     }
05791 
05792 int sys_rsbac_um_get_group_item(
05793   rsbac_list_ta_number_t ta_number,
05794   rsbac_gid_t gid,
05795   enum rsbac_um_mod_t mod,
05796   union rsbac_um_mod_data_t * data_p)
05797     { 
05798 #if defined(CONFIG_RSBAC_UM)
05799       int err;
05800       union rsbac_um_mod_data_t * k_data_p;
05801 #ifndef CONFIG_RSBAC_MAINT
05802     enum  rsbac_adf_request_t     rsbac_request;
05803     union rsbac_target_id_t       rsbac_target_id;
05804     union rsbac_attribute_value_t rsbac_attribute_value;
05805 #endif
05806 
05807       if(mod >= UM_none)
05808         return -RSBAC_EINVALIDREQUEST;
05809       if(!data_p)
05810         return -RSBAC_EINVALIDPOINTER;
05811 
05812 #ifndef CONFIG_RSBAC_MAINT
05813 #ifdef CONFIG_RSBAC_DEBUG
05814     if (rsbac_debug_aef)
05815       {
05816         rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_item(): calling ADF\n");
05817       }
05818 #endif
05819     rsbac_attribute_value.dummy = 0;
05820     switch(mod)
05821       {
05822         case UM_name:
05823           rsbac_request = R_SEARCH;
05824           break;
05825 
05826         case UM_pass:
05827           rsbac_request = R_GET_PERMISSIONS_DATA;
05828           break;
05829 
05830         case UM_ttl:
05831           rsbac_request = R_GET_STATUS_DATA;
05832           break;
05833 
05834         default:
05835           return -RSBAC_EINVALIDREQUEST;
05836       }
05837     rsbac_target_id.group = gid;
05838     if (!rsbac_adf_request(rsbac_request,
05839                            current->pid,
05840                            T_GROUP,
05841                            rsbac_target_id,
05842                            A_none,
05843                            rsbac_attribute_value))
05844       {
05845         return -EPERM;
05846       }
05847 #endif /* MAINT */
05848 
05849       k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05850       if(!k_data_p)
05851         return -RSBAC_ENOMEM;
05852       memset(k_data_p, 0, sizeof(*k_data_p));
05853 
05854       err = rsbac_um_get_group_item(ta_number, gid, mod, k_data_p);
05855       if(!err)
05856         err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) );
05857       rsbac_kfree(k_data_p);
05858       return err;
05859 #else
05860     return (-RSBAC_EINVALIDMODULE);
05861 #endif    
05862     }
05863 
05864 int sys_rsbac_um_remove_user(
05865   rsbac_list_ta_number_t ta_number,
05866   rsbac_uid_t uid)
05867   { 
05868 #if defined(CONFIG_RSBAC_UM)
05869     int err;
05870 #ifndef CONFIG_RSBAC_MAINT
05871     union rsbac_target_id_t       rsbac_target_id;
05872     union rsbac_target_id_t       rsbac_new_target_id;
05873     union rsbac_attribute_value_t rsbac_attribute_value;
05874 #endif
05875 
05876 #ifdef CONFIG_RSBAC_FREEZE_UM
05877     if(rsbac_freeze)
05878       {
05879         rsbac_printk(KERN_WARNING
05880                      "sys_rsbac_um_remove_user(): RSBAC configuration frozen, no administration allowed!\n");
05881         return -EPERM;
05882       }
05883 #endif
05884 
05885 #ifndef CONFIG_RSBAC_MAINT
05886 #ifdef CONFIG_RSBAC_DEBUG
05887     if (rsbac_debug_aef)
05888       {
05889         rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_user(): calling ADF\n");
05890       }
05891 #endif
05892     rsbac_target_id.user = uid;
05893     rsbac_attribute_value.dummy = 0;
05894     if (!rsbac_adf_request(R_DELETE,
05895                            current->pid,
05896                            T_USER,
05897                            rsbac_target_id,
05898                            A_none,
05899                            rsbac_attribute_value))
05900       {
05901         return -EPERM;
05902       }
05903 #endif /* MAINT */
05904 
05905     err = rsbac_um_remove_user(ta_number, uid);
05906 
05907 #ifndef CONFIG_RSBAC_MAINT
05908     if(!err)
05909       {
05910         rsbac_new_target_id.dummy = 0;
05911         if (rsbac_adf_set_attr(R_DELETE,
05912                                current->pid,
05913                                T_USER,
05914                                rsbac_target_id,
05915                                T_NONE,
05916                                rsbac_new_target_id,
05917                                A_none,
05918                                rsbac_attribute_value))
05919           {
05920             rsbac_printk(KERN_WARNING
05921                          "sys_rsbac_um_remove_user(): rsbac_adf_set_attr() returned error");
05922           }
05923       }
05924 #endif
05925     return err;
05926 #else
05927     return (-RSBAC_EINVALIDMODULE);
05928 #endif    
05929   }
05930 
05931 int sys_rsbac_um_remove_group(
05932   rsbac_list_ta_number_t ta_number,
05933   rsbac_gid_t gid)
05934   { 
05935 #if defined(CONFIG_RSBAC_UM)
05936     int err;
05937 #ifndef CONFIG_RSBAC_MAINT
05938     union rsbac_target_id_t       rsbac_target_id;
05939     union rsbac_target_id_t       rsbac_new_target_id;
05940     union rsbac_attribute_value_t rsbac_attribute_value;
05941 #endif
05942 
05943 #ifdef CONFIG_RSBAC_FREEZE_UM
05944     if(rsbac_freeze)
05945       {
05946         rsbac_printk(KERN_WARNING
05947                      "sys_rsbac_um_remove_group(): RSBAC configuration frozen, no administration allowed!\n");
05948         return -EPERM;
05949       }
05950 #endif
05951 
05952 #ifndef CONFIG_RSBAC_MAINT
05953 #ifdef CONFIG_RSBAC_DEBUG
05954     if (rsbac_debug_aef)
05955       {
05956         rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_group(): calling ADF\n");
05957       }
05958 #endif
05959     rsbac_target_id.group = gid;
05960     rsbac_attribute_value.dummy = 0;
05961     if (!rsbac_adf_request(R_DELETE,
05962                            current->pid,
05963                            T_GROUP,
05964                            rsbac_target_id,
05965                            A_none,
05966                            rsbac_attribute_value))
05967       {
05968         return -EPERM;
05969       }
05970 #endif /* MAINT */
05971 
05972     err = rsbac_um_remove_group(ta_number, gid);
05973 
05974 #ifndef CONFIG_RSBAC_MAINT
05975     if(!err)
05976       {
05977         rsbac_new_target_id.dummy = 0;
05978         if (rsbac_adf_set_attr(R_DELETE,
05979                                current->pid,
05980                                T_GROUP,
05981                                rsbac_target_id,
05982                                T_NONE,
05983                                rsbac_new_target_id,
05984                                A_none,
05985                                rsbac_attribute_value))
05986           {
05987             rsbac_printk(KERN_WARNING
05988                          "sys_rsbac_um_remove_group(): rsbac_adf_set_attr() returned error");
05989           }
05990       }
05991 #endif
05992     return err;
05993 #else
05994     return (-RSBAC_EINVALIDMODULE);
05995 #endif    
05996   }
05997 
05998 int sys_rsbac_um_remove_gm(
05999   rsbac_list_ta_number_t ta_number,
06000   rsbac_uid_t user,
06001   rsbac_gid_t group)
06002   {
06003 #if defined(CONFIG_RSBAC_UM)
06004 #ifndef CONFIG_RSBAC_MAINT
06005     union rsbac_target_id_t       rsbac_target_id;
06006     union rsbac_attribute_value_t rsbac_attribute_value;
06007 #endif
06008 
06009 #ifdef CONFIG_RSBAC_FREEZE_UM
06010     if(rsbac_freeze)
06011       {
06012         rsbac_printk(KERN_WARNING
06013                      "sys_rsbac_um_remove_gm(): RSBAC configuration frozen, no administration allowed!\n");
06014         return -EPERM;
06015       }
06016 #endif
06017 
06018 #ifndef CONFIG_RSBAC_MAINT
06019 #ifdef CONFIG_RSBAC_DEBUG
06020     if (rsbac_debug_aef)
06021       {
06022         rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_gm(): calling ADF\n");
06023       }
06024 #endif
06025     rsbac_target_id.user = user;
06026     rsbac_attribute_value.group = group;
06027     if (!rsbac_adf_request(R_CHANGE_GROUP,
06028                            current->pid,
06029                            T_USER,
06030                            rsbac_target_id,
06031                            A_group,
06032                            rsbac_attribute_value))
06033       {
06034         return -EPERM;
06035       }
06036 #endif /* MAINT */
06037 
06038     return rsbac_um_remove_gm(ta_number, user, group);
06039 #else
06040     return (-RSBAC_EINVALIDMODULE);
06041 #endif    
06042   }
06043 
06044 int sys_rsbac_um_user_exists(
06045   rsbac_list_ta_number_t ta_number,
06046   rsbac_uid_t uid)
06047     { 
06048 #if defined(CONFIG_RSBAC_UM)
06049 #ifndef CONFIG_RSBAC_MAINT
06050     union rsbac_target_id_t       rsbac_target_id;
06051     union rsbac_attribute_value_t rsbac_attribute_value;
06052 #endif
06053 
06054 #ifndef CONFIG_RSBAC_MAINT
06055 #ifdef CONFIG_RSBAC_DEBUG
06056     if (rsbac_debug_aef)
06057       {
06058         rsbac_printk(KERN_DEBUG "sys_rsbac_um_user_exists(): calling ADF\n");
06059       }
06060 #endif
06061     rsbac_target_id.user = uid;
06062     rsbac_attribute_value.dummy = 0;
06063     if (!rsbac_adf_request(R_SEARCH,
06064                            current->pid,
06065                            T_USER,
06066                            rsbac_target_id,
06067                            A_none,
06068                            rsbac_attribute_value))
06069       {
06070         return -EPERM;
06071       }
06072 #endif /* MAINT */
06073 
06074       return rsbac_um_user_exists(ta_number, uid);
06075 #else
06076     return (-RSBAC_EINVALIDMODULE);
06077 #endif    
06078     }
06079 
06080 int sys_rsbac_um_group_exists(
06081   rsbac_list_ta_number_t ta_number,
06082   rsbac_gid_t gid)
06083     { 
06084 #if defined(CONFIG_RSBAC_UM)
06085 #ifndef CONFIG_RSBAC_MAINT
06086     union rsbac_target_id_t       rsbac_target_id;
06087     union rsbac_attribute_value_t rsbac_attribute_value;
06088 #endif
06089 
06090 #ifndef CONFIG_RSBAC_MAINT
06091 #ifdef CONFIG_RSBAC_DEBUG
06092     if (rsbac_debug_aef)
06093       {
06094         rsbac_printk(KERN_DEBUG "sys_rsbac_um_group_exists(): calling ADF\n");
06095       }
06096 #endif
06097     rsbac_target_id.group = gid;
06098     rsbac_attribute_value.dummy = 0;
06099     if (!rsbac_adf_request(R_SEARCH,
06100                            current->pid,
06101                            T_GROUP,
06102                            rsbac_target_id,
06103                            A_none,
06104                            rsbac_attribute_value))
06105       {
06106         return -EPERM;
06107       }
06108 #endif /* MAINT */
06109 
06110       return rsbac_um_group_exists(ta_number, gid);
06111 #else
06112     return (-RSBAC_EINVALIDMODULE);
06113 #endif    
06114     }
06115 
06116 int sys_rsbac_um_get_next_user(
06117   rsbac_list_ta_number_t ta_number,
06118   rsbac_uid_t old_user,
06119   rsbac_uid_t * next_user_p)
06120     {
06121 #if defined(CONFIG_RSBAC_UM)
06122       rsbac_uid_t k_next_user;
06123       int err;
06124 #ifndef CONFIG_RSBAC_MAINT
06125     union rsbac_target_id_t       rsbac_target_id;
06126     union rsbac_attribute_value_t rsbac_attribute_value;
06127 #endif
06128 
06129       if(!next_user_p)
06130         return -RSBAC_EINVALIDPOINTER;
06131 
06132 #ifndef CONFIG_RSBAC_MAINT
06133 #ifdef CONFIG_RSBAC_DEBUG
06134     if (rsbac_debug_aef)
06135       {
06136         rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_next_user(): calling ADF\n");
06137       }
06138 #endif
06139     rsbac_target_id.user = old_user;
06140     rsbac_attribute_value.dummy = 0;
06141     if (!rsbac_adf_request(R_SEARCH,
06142                            current->pid,
06143                            T_USER,
06144                            rsbac_target_id,
06145                            A_none,
06146                            rsbac_attribute_value))
06147       {
06148         return -EPERM;
06149       }
06150 #endif /* MAINT */
06151 
06152       err = rsbac_um_get_next_user(ta_number, old_user, &k_next_user);
06153       if(!err)
06154         err = rsbac_put_user((char *)&k_next_user, (char *) next_user_p, sizeof(k_next_user));
06155       return err;
06156 #else
06157     return (-RSBAC_EINVALIDMODULE);
06158 #endif    
06159     }
06160 
06161 int sys_rsbac_um_get_user_list(
06162   rsbac_list_ta_number_t ta_number,
06163   rsbac_uid_t user_array[],
06164   u_int       maxnum)
06165     { 
06166 #if defined(CONFIG_RSBAC_UM)
06167       long count;
06168       rsbac_uid_t * k_user_array;
06169 #ifndef CONFIG_RSBAC_MAINT
06170     union rsbac_target_id_t       rsbac_target_id;
06171     union rsbac_attribute_value_t rsbac_attribute_value;
06172 #endif
06173 
06174       if(maxnum > RSBAC_UM_MAX_MAXNUM)
06175         maxnum = RSBAC_UM_MAX_MAXNUM;
06176 
06177 #ifndef CONFIG_RSBAC_MAINT
06178 #ifdef CONFIG_RSBAC_DEBUG
06179     if (rsbac_debug_aef)
06180       {
06181         rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_list(): calling ADF\n");
06182       }
06183 #endif
06184     rsbac_target_id.user = RSBAC_ALL_USERS;
06185     rsbac_attribute_value.dummy = 0;
06186     if (!rsbac_adf_request(R_SEARCH,
06187                            current->pid,
06188                            T_USER,
06189                            rsbac_target_id,
06190                            A_none,
06191                            rsbac_attribute_value))
06192       {
06193         return -EPERM;
06194       }
06195 #endif /* MAINT */
06196 
06197       /* count only */
06198       if(!user_array || !maxnum)
06199         return rsbac_um_get_user_list(ta_number, NULL);
06200 
06201       count = rsbac_um_get_user_list(ta_number, &k_user_array);
06202       if(count>0)
06203         {
06204           if(count > maxnum)
06205             count = maxnum;
06206           rsbac_put_user((u_char *) k_user_array,
06207                          (u_char *) user_array,
06208                          count * sizeof(*k_user_array) );
06209           rsbac_vfree(k_user_array);
06210         }
06211       return count;
06212 #else
06213     return -RSBAC_EINVALIDMODULE;
06214 #endif    
06215     };      /* end of sys_rsbac_um_get_user_list() */
06216 
06217 int sys_rsbac_um_get_gm_list(
06218   rsbac_list_ta_number_t ta_number,
06219   rsbac_uid_t user,
06220   rsbac_gid_t group_array[],
06221   u_int       maxnum)
06222     { 
06223 #if defined(CONFIG_RSBAC_UM)
06224       long count;
06225       rsbac_gid_t * k_group_array;
06226 #ifndef CONFIG_RSBAC_MAINT
06227     union rsbac_target_id_t       rsbac_target_id;
06228     union rsbac_attribute_value_t rsbac_attribute_value;
06229 #endif
06230 
06231 
06232       if(maxnum > RSBAC_UM_MAX_MAXNUM)
06233         maxnum = RSBAC_UM_MAX_MAXNUM;
06234 
06235 #ifndef CONFIG_RSBAC_MAINT
06236 #ifdef CONFIG_RSBAC_DEBUG
06237     if (rsbac_debug_aef)
06238       {
06239         rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_list(): calling ADF\n");
06240       }
06241 #endif
06242     rsbac_target_id.user = user;
06243     rsbac_attribute_value.dummy = 0;
06244     if (!rsbac_adf_request(R_GET_STATUS_DATA,
06245                            current->pid,
06246                            T_USER,
06247                            rsbac_target_id,
06248                            A_none,
06249                            rsbac_attribute_value))
06250       {
06251         return -EPERM;
06252       }
06253 #endif /* MAINT */
06254 
06255       /* count only */
06256       if(!group_array || !maxnum)
06257         return rsbac_um_get_gm_list(ta_number, user, NULL);
06258 
06259       count = rsbac_um_get_gm_list(ta_number, user, &k_group_array);
06260       if(count>0)
06261         {
06262           if(count > maxnum)
06263             count = maxnum;
06264           rsbac_put_user((u_char *) k_group_array,
06265                          (u_char *) group_array,
06266                          count * sizeof(*k_group_array) );
06267           rsbac_vfree(k_group_array);
06268         }
06269       return count;
06270 #else
06271     return -RSBAC_EINVALIDMODULE;
06272 #endif    
06273     };      /* end of sys_rsbac_um_get_group_list() */
06274 
06275 int sys_rsbac_um_get_gm_user_list(
06276   rsbac_list_ta_number_t ta_number,
06277   rsbac_gid_t group,
06278   rsbac_uid_t user_array[],
06279   u_int       maxnum)
06280     { 
06281 #if defined(CONFIG_RSBAC_UM)
06282       long count;
06283       rsbac_uid_t * k_user_array;
06284 #ifndef CONFIG_RSBAC_MAINT
06285     union rsbac_target_id_t       rsbac_target_id;
06286     union rsbac_attribute_value_t rsbac_attribute_value;
06287 #endif
06288 
06289       if(maxnum > RSBAC_UM_MAX_MAXNUM)
06290         maxnum = RSBAC_UM_MAX_MAXNUM;
06291 
06292 #ifndef CONFIG_RSBAC_MAINT
06293 #ifdef CONFIG_RSBAC_DEBUG
06294     if (rsbac_debug_aef)
06295       {
06296         rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_user_list(): calling ADF\n");
06297       }
06298 #endif
06299     rsbac_target_id.group = group;
06300     rsbac_attribute_value.dummy = 0;
06301     if (!rsbac_adf_request(R_READ,
06302                            current->pid,
06303                            T_GROUP,
06304                            rsbac_target_id,
06305                            A_none,
06306                            rsbac_attribute_value))
06307       {
06308         return -EPERM;
06309       }
06310 #endif /* MAINT */
06311       /* count number of all users */
06312       if(!user_array || !maxnum)
06313         return rsbac_um_get_gm_user_list(ta_number, group, NULL);
06314 
06315       count = rsbac_um_get_gm_user_list(ta_number, group, &k_user_array);
06316       if(count>0)
06317         {
06318           if(count > maxnum)
06319             count = maxnum;
06320           rsbac_put_user((u_char *) k_user_array,
06321                          (u_char *) user_array,
06322                          count * sizeof(*k_user_array) );
06323           rsbac_vfree(k_user_array);
06324         }
06325       return count;
06326 #else
06327     return -RSBAC_EINVALIDMODULE;
06328 #endif    
06329     };      /* end of sys_rsbac_um_get_group_list() */
06330 
06331 int sys_rsbac_um_get_group_list(
06332   rsbac_list_ta_number_t ta_number,
06333   rsbac_gid_t group_array[],
06334   u_int       maxnum)
06335     { 
06336 #if defined(CONFIG_RSBAC_UM)
06337       long count;
06338       rsbac_gid_t * k_group_array;
06339 #ifndef CONFIG_RSBAC_MAINT
06340       union rsbac_target_id_t       rsbac_target_id;
06341       union rsbac_attribute_value_t rsbac_attribute_value;
06342 #endif
06343 
06344       if(maxnum > RSBAC_UM_MAX_MAXNUM)
06345         maxnum = RSBAC_UM_MAX_MAXNUM;
06346 
06347 #ifndef CONFIG_RSBAC_MAINT
06348 #ifdef CONFIG_RSBAC_DEBUG
06349     if (rsbac_debug_aef)
06350       {
06351         rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_list(): calling ADF\n");
06352       }
06353 #endif
06354     rsbac_target_id.group = RSBAC_ALL_USERS;
06355     rsbac_attribute_value.dummy = 0;
06356     if (!rsbac_adf_request(R_SEARCH,
06357                            current->pid,
06358                            T_GROUP,
06359                            rsbac_target_id,
06360                            A_none,
06361                            rsbac_attribute_value))
06362       {
06363         return -EPERM;
06364       }
06365 #endif /* MAINT */
06366 
06367       /* count only */
06368       if(!group_array || !maxnum)
06369         return rsbac_um_get_group_list(ta_number, NULL);
06370 
06371       count = rsbac_um_get_group_list(ta_number, &k_group_array);
06372       if(count>0)
06373         {
06374           if(count > maxnum)
06375             count = maxnum;
06376           rsbac_put_user((u_char *) k_group_array,
06377                          (u_char *) group_array,
06378                          count * sizeof(*k_group_array) );
06379           rsbac_vfree(k_group_array);
06380         }
06381       return count;
06382 #else
06383     return -RSBAC_EINVALIDMODULE;
06384 #endif    
06385     };      /* end of sys_rsbac_um_get_group_list() */
06386 
06387 
06388 
06389 int sys_rsbac_um_get_uid(
06390   rsbac_list_ta_number_t ta_number,
06391   char * name,
06392   rsbac_uid_t * uid_p)
06393     { 
06394 #if defined(CONFIG_RSBAC_UM)
06395       rsbac_uid_t k_uid;
06396       int err;
06397       char k_name[RSBAC_UM_NAME_LEN];
06398 
06399       if(!name || !uid_p)
06400         return -RSBAC_EINVALIDPOINTER;
06401 
06402       err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06403       if(err)
06404         return err;
06405       k_name[RSBAC_UM_NAME_LEN-1] = 0;
06406       err = rsbac_um_get_uid(ta_number, k_name, &k_uid);
06407       if(!err)
06408         {
06409 #ifndef CONFIG_RSBAC_MAINT
06410           union rsbac_target_id_t       rsbac_target_id;
06411           union rsbac_attribute_value_t rsbac_attribute_value;
06412 
06413 #ifdef CONFIG_RSBAC_DEBUG
06414           if (rsbac_debug_aef)
06415             {
06416               rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_uid(): calling ADF\n");
06417             }
06418 #endif
06419           rsbac_target_id.user = k_uid;
06420           rsbac_attribute_value.dummy = 0;
06421           if (!rsbac_adf_request(R_SEARCH,
06422                                  current->pid,
06423                                  T_USER,
06424                                  rsbac_target_id,
06425                                  A_none,
06426                                  rsbac_attribute_value))
06427             {
06428               err = -EPERM;
06429             }
06430           else
06431 #endif /* MAINT */
06432 
06433           err = rsbac_put_user((char *)&k_uid, (char *) uid_p, sizeof(k_uid));
06434         }
06435       return err;
06436 #else
06437     return (-RSBAC_EINVALIDMODULE);
06438 #endif    
06439     }
06440 
06441 int sys_rsbac_um_get_gid(
06442   rsbac_list_ta_number_t ta_number,
06443   char * name,
06444   rsbac_gid_t * gid_p)
06445     { 
06446 #if defined(CONFIG_RSBAC_UM)
06447       rsbac_gid_t k_gid;
06448       int err;
06449       char k_name[RSBAC_UM_NAME_LEN];
06450 
06451       if(!name || !gid_p)
06452         return -RSBAC_EINVALIDPOINTER;
06453       err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06454       if(err)
06455         return err;
06456       k_name[RSBAC_UM_NAME_LEN-1] = 0;
06457       err = rsbac_um_get_gid(ta_number, k_name, &k_gid);
06458       if(!err)
06459         {
06460 #ifndef CONFIG_RSBAC_MAINT
06461           union rsbac_target_id_t       rsbac_target_id;
06462           union rsbac_attribute_value_t rsbac_attribute_value;
06463 
06464 #ifdef CONFIG_RSBAC_DEBUG
06465           if (rsbac_debug_aef)
06466             {
06467               rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gid(): calling ADF\n");
06468             }
06469 #endif
06470           rsbac_target_id.group = k_gid;
06471           rsbac_attribute_value.dummy = 0;
06472           if (!rsbac_adf_request(R_SEARCH,
06473                                  current->pid,
06474                                  T_GROUP,
06475                                  rsbac_target_id,
06476                                  A_none,
06477                                  rsbac_attribute_value))
06478             {
06479               err = -EPERM;
06480             }
06481           else
06482 #endif /* MAINT */
06483 
06484           err = rsbac_put_user((char *)&k_gid, (char *) gid_p, sizeof(k_gid));
06485         }
06486       return err;
06487 #else
06488     return (-RSBAC_EINVALIDMODULE);
06489 #endif    
06490     }
06491 
06492 int sys_rsbac_um_set_pass(rsbac_uid_t uid,
06493                           char * old_pass,
06494                           char * new_pass)
06495     { 
06496 #if defined(CONFIG_RSBAC_UM)
06497       int err;
06498       char * k_new_pass;
06499 
06500       if(!new_pass)
06501         return -RSBAC_EINVALIDPOINTER;
06502       k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06503       if(!k_new_pass)
06504         return -RSBAC_ENOMEM;
06505       err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN);
06506       if(err)
06507         {
06508           rsbac_kfree(k_new_pass);
06509           return err;
06510         }
06511       k_new_pass[RSBAC_MAXNAMELEN-1] = 0;
06512 
06513       if(old_pass && (uid == current->uid))
06514         {
06515           char * k_old_pass;
06516 
06517           k_old_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06518           if(!k_old_pass)
06519             {
06520               rsbac_kfree(k_new_pass);
06521               return -RSBAC_ENOMEM;
06522             }
06523           err = rsbac_get_user(k_old_pass, old_pass, RSBAC_MAXNAMELEN);
06524           if(err)
06525             {
06526               rsbac_kfree(k_old_pass);
06527               rsbac_kfree(k_new_pass);
06528               return err;
06529             }
06530           k_old_pass[RSBAC_MAXNAMELEN-1] = 0;
06531           err = rsbac_um_check_pass(uid, k_old_pass);
06532           rsbac_kfree(k_old_pass);
06533           if(err)
06534             {
06535               rsbac_kfree(k_new_pass);
06536               rsbac_printk(KERN_INFO "sys_rsbac_um_set_pass(): old password check failed\n");
06537               return err;
06538             }
06539           err = rsbac_um_good_pass(uid, k_new_pass);
06540           if(err)
06541             {
06542               rsbac_kfree(k_new_pass);
06543 #ifdef CONFIG_RSBAC_DEBUG
06544               if (rsbac_debug_aef_um)
06545                 {
06546                   rsbac_printk(KERN_DEBUG
06547                                "sys_rsbac_um_set_pass(): new password goodness check failed for user %u\n",
06548                                uid);
06549                 }
06550 #endif
06551               return err;
06552             }
06553         }
06554       else
06555         {
06556 #ifndef CONFIG_RSBAC_MAINT
06557           /* check admin rights here */
06558           union rsbac_target_id_t       rsbac_target_id;
06559           union rsbac_attribute_value_t rsbac_attribute_value;
06560 
06561 #ifdef CONFIG_RSBAC_FREEZE_UM
06562           if(rsbac_freeze)
06563             {
06564               rsbac_printk(KERN_WARNING
06565                            "sys_rsbac_um_set_pass(): RSBAC configuration frozen, no administration allowed!\n");
06566               rsbac_kfree(k_new_pass);
06567               return -EPERM;
06568             }
06569 #endif
06570 
06571 #ifdef CONFIG_RSBAC_DEBUG
06572           if (rsbac_debug_aef)
06573             {
06574               rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass(): calling ADF\n");
06575             }
06576 #endif
06577           rsbac_target_id.user = uid;
06578           rsbac_attribute_value.dummy = 0;
06579           if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
06580                                  current->pid,
06581                                  T_USER,
06582                                  rsbac_target_id,
06583                                  A_none,
06584                                  rsbac_attribute_value))
06585             {
06586               rsbac_kfree(k_new_pass);
06587               return -EPERM;
06588             }
06589 #endif /* MAINT */
06590         }
06591 
06592       err = rsbac_um_set_pass(uid, k_new_pass);
06593       rsbac_kfree(k_new_pass);
06594       return err;
06595 #else
06596     return (-RSBAC_EINVALIDMODULE);
06597 #endif    
06598     }
06599 
06600 int sys_rsbac_um_set_pass_name(char * name,
06601                                char * old_pass,
06602                                char * new_pass)
06603     {
06604 #if defined(CONFIG_RSBAC_UM)
06605       int err;
06606       rsbac_uid_t uid;
06607       char * k_name;
06608 
06609       if(!name || !new_pass)
06610         return -RSBAC_EINVALIDPOINTER;
06611       k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN);
06612       if(!k_name)
06613         return -RSBAC_ENOMEM;
06614       err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06615       if(err)
06616         {
06617           rsbac_kfree(k_name);
06618           return err;
06619         }
06620       k_name[RSBAC_UM_NAME_LEN-1] = 0;
06621 
06622 #ifdef CONFIG_RSBAC_DEBUG
06623       if (rsbac_debug_aef_um)
06624         {
06625           rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): user %s\n",
06626                        k_name);
06627       }
06628 #endif
06629       err = rsbac_um_get_uid(0, k_name, &uid);
06630       rsbac_kfree(k_name);
06631       if(err)
06632         {
06633 #ifdef CONFIG_RSBAC_DEBUG
06634           if (rsbac_debug_aef_um)
06635             {
06636               rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): lookup of user %s failed\n",
06637                            k_name);
06638             }
06639 #endif
06640         }
06641       else
06642         err = sys_rsbac_um_set_pass(uid, old_pass, new_pass);
06643 
06644       return err;
06645 #else
06646     return (-RSBAC_EINVALIDMODULE);
06647 #endif    
06648     }
06649 
06650 int sys_rsbac_um_set_group_pass(rsbac_gid_t gid,
06651                                 char * new_pass)
06652     { 
06653 #if defined(CONFIG_RSBAC_UM)
06654       int err;
06655       char * k_new_pass;
06656 #ifndef CONFIG_RSBAC_MAINT
06657       union rsbac_target_id_t       rsbac_target_id;
06658       union rsbac_attribute_value_t rsbac_attribute_value;
06659 #endif
06660 
06661 #ifdef CONFIG_RSBAC_FREEZE_UM
06662       if(rsbac_freeze)
06663         {
06664           rsbac_printk(KERN_WARNING
06665                        "sys_rsbac_um_set_group_pass(): RSBAC configuration frozen, no administration allowed!\n");
06666           return -EPERM;
06667         }
06668 #endif
06669 
06670 #ifndef CONFIG_RSBAC_MAINT
06671       /* check admin rights here */
06672 #ifdef CONFIG_RSBAC_DEBUG
06673       if (rsbac_debug_aef)
06674         {
06675           rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_group_pass(): calling ADF\n");
06676         }
06677 #endif
06678       rsbac_target_id.group = gid;
06679       rsbac_attribute_value.dummy = 0;
06680       if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
06681                              current->pid,
06682                              T_GROUP,
06683                              rsbac_target_id,
06684                              A_none,
06685                              rsbac_attribute_value))
06686         {
06687           return -EPERM;
06688         }
06689 #endif /* MAINT */
06690 
06691       if(new_pass)
06692         {
06693           k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06694           if(!k_new_pass)
06695             return -RSBAC_ENOMEM;
06696           err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN);
06697           if(!err)
06698             {
06699               k_new_pass[RSBAC_MAXNAMELEN-1] = 0;
06700               err = rsbac_um_set_group_pass(gid, k_new_pass);
06701             }
06702           rsbac_kfree(k_new_pass);
06703         }
06704       else
06705         {
06706           err = rsbac_um_set_group_pass(gid, NULL);
06707         }
06708       return err;
06709 #else
06710     return (-RSBAC_EINVALIDMODULE);
06711 #endif    
06712     }
06713 
06714 int sys_rsbac_um_check_account(rsbac_uid_t uid)
06715     { 
06716 #if defined(CONFIG_RSBAC_UM)
06717 #ifndef CONFIG_RSBAC_MAINT
06718       union rsbac_target_id_t       rsbac_target_id;
06719       union rsbac_attribute_value_t rsbac_attribute_value;
06720 #endif
06721 
06722 
06723 #ifndef CONFIG_RSBAC_MAINT
06724 #ifdef CONFIG_RSBAC_DEBUG
06725     if (rsbac_debug_aef)
06726       {
06727         rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n");
06728       }
06729 #endif
06730     rsbac_target_id.user = uid;
06731     rsbac_attribute_value.dummy = 0;
06732     if (!rsbac_adf_request(R_GET_STATUS_DATA,
06733                            current->pid,
06734                            T_USER,
06735                            rsbac_target_id,
06736                            A_none,
06737                            rsbac_attribute_value))
06738       {
06739         return -EPERM;
06740       }
06741 #endif /* MAINT */
06742 
06743       return rsbac_um_check_account(uid);
06744 #else
06745       return (-RSBAC_EINVALIDMODULE);
06746 #endif    
06747     }
06748 
06749 int sys_rsbac_um_check_account_name(char * name)
06750     { 
06751 #if defined(CONFIG_RSBAC_UM)
06752       int err;
06753       rsbac_uid_t uid;
06754       char k_name[RSBAC_UM_NAME_LEN];
06755 #ifndef CONFIG_RSBAC_MAINT
06756       union rsbac_target_id_t       rsbac_target_id;
06757       union rsbac_attribute_value_t rsbac_attribute_value;
06758 #endif
06759 
06760       if(!name)
06761         return -RSBAC_EINVALIDPOINTER;
06762       err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06763       if(err)
06764         return err;
06765       k_name[RSBAC_UM_NAME_LEN-1] = 0;
06766 #ifdef CONFIG_RSBAC_DEBUG
06767       if (rsbac_debug_aef_um)
06768         {
06769           rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): checking user %s\n",
06770                        k_name);
06771       }
06772 #endif
06773       err = rsbac_um_get_uid(0, k_name, &uid);
06774       if(err)
06775         {
06776 #ifdef CONFIG_RSBAC_DEBUG
06777           if (rsbac_debug_aef_um)
06778             {
06779               rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): lookup of user %s failed\n",
06780                            k_name);
06781       }
06782 #endif
06783           return err;
06784         }
06785 
06786 #ifndef CONFIG_RSBAC_MAINT
06787 #ifdef CONFIG_RSBAC_DEBUG
06788     if (rsbac_debug_aef)
06789       {
06790         rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n");
06791       }
06792 #endif
06793     rsbac_target_id.user = uid;
06794     rsbac_attribute_value.dummy = 0;
06795     if (!rsbac_adf_request(R_GET_STATUS_DATA,
06796                            current->pid,
06797                            T_USER,
06798                            rsbac_target_id,
06799                            A_none,
06800                            rsbac_attribute_value))
06801       {
06802         return -EPERM;
06803       }
06804 #endif /* MAINT */
06805 
06806       return rsbac_um_check_account(uid);
06807 #else
06808       return (-RSBAC_EINVALIDMODULE);
06809 #endif    
06810     }
06811 
06812 
06813 /************************************************* */
06814 /*             DEBUG/LOG functions                 */
06815 /************************************************* */
06816 
06817 int sys_rsbac_adf_log_switch(enum rsbac_adf_request_t request,
06818                              enum rsbac_target_t      target,
06819                              u_int                    value)
06820   {
06821     union rsbac_target_id_t       rsbac_target_id;
06822     union rsbac_attribute_value_t rsbac_attribute_value;
06823 
06824     if ((value != LL_none) && (value != LL_denied) && (value != LL_full))
06825       return (-RSBAC_EINVALIDVALUE);
06826     if(request >= R_NONE)
06827       return(-RSBAC_EINVALIDREQUEST);
06828     if(   (target == T_FD)
06829        || (target > T_NONE)
06830       )
06831       return(-RSBAC_EINVALIDTARGET);
06832 
06833 #ifdef CONFIG_RSBAC_FREEZE
06834       if(rsbac_freeze)
06835         {
06836           rsbac_printk(KERN_WARNING
06837                        "sys_rsbac_adf_log_switch(): RSBAC configuration frozen, no administration allowed!\n");
06838           return -EPERM;
06839         }
06840 #endif
06841 
06842     /* call ADF */
06843 #ifdef CONFIG_RSBAC_DEBUG
06844     if (rsbac_debug_aef)
06845       rsbac_printk(KERN_DEBUG "sys_rsbac_adf_log_switch(): calling ADF\n");
06846 #endif
06847     rsbac_target_id.dummy = 0;
06848     rsbac_attribute_value.request = target;
06849     if (!rsbac_adf_request(R_SWITCH_LOG,
06850                            current->pid,
06851                            T_NONE,
06852                            rsbac_target_id,
06853                            A_request,
06854                            rsbac_attribute_value))
06855              {
06856                return -EPERM;
06857              }
06858 #ifdef CONFIG_RSBAC_DEBUG
06859     if (rsbac_debug_aef)
06860       {
06861         char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06862         if(request_name)
06863           {
06864             get_request_name(request_name,target);
06865             rsbac_printk(KERN_INFO "sys_rsbac_adf_log_switch(): switching RSBAC module logging for request %s (No. %i) to %i!\n",
06866                    request_name, target, value);
06867             rsbac_kfree(request_name);
06868           }
06869       }
06870 #endif
06871     rsbac_adf_log_switch(request,target,value);
06872     return(0);
06873   }
06874 
06875 int sys_rsbac_get_adf_log(enum rsbac_adf_request_t   request,
06876                           enum rsbac_target_t        target,
06877                           u_int                    * value_p)
06878   {
06879     union rsbac_target_id_t       rsbac_target_id;
06880     union rsbac_attribute_value_t rsbac_attribute_value;
06881     u_int k_value;
06882     int err;
06883 
06884     if(request >= R_NONE)
06885       return(-RSBAC_EINVALIDREQUEST);
06886     if(   (target == T_FD)
06887        || (target > T_NONE)
06888       )
06889       return(-RSBAC_EINVALIDTARGET);
06890     if(!value_p)
06891       return(-RSBAC_EINVALIDPOINTER);
06892     /* call ADF */
06893 #ifdef CONFIG_RSBAC_DEBUG
06894     if (rsbac_debug_aef)
06895       rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): calling ADF\n");
06896 #endif
06897     rsbac_target_id.scd = ST_rsbac;
06898     rsbac_attribute_value.request = request;
06899     if (!rsbac_adf_request(R_GET_STATUS_DATA,
06900                            current->pid,
06901                            T_SCD,
06902                            rsbac_target_id,
06903                            A_request,
06904                            rsbac_attribute_value))
06905              {
06906                return -EPERM;
06907              }
06908 #ifdef CONFIG_RSBAC_DEBUG
06909     if (rsbac_debug_aef)
06910       {
06911         char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06912         if(request_name)
06913           {
06914             get_request_name(request_name,target);
06915             rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): getting RSBAC module logging for request %s (No. %i)!\n",
06916                    request_name, target);
06917             rsbac_kfree(request_name);
06918           }
06919       }
06920 #endif
06921     err = rsbac_get_adf_log(request, target, &k_value);
06922     if(!err)
06923       {
06924         rsbac_put_user((u_char *) &k_value,
06925                        (u_char *) value_p,
06926                        sizeof(k_value) );
06927       }
06928     return(err);
06929   }
06930 
06931 /*
06932  * Commands to sys_rsbac_log:
06933  *
06934  *      0 -- Close the log.  Currently a NOP.
06935  *      1 -- Open the log. Currently a NOP.
06936  *      2 -- Read from the log.
06937  *      3 -- Read up to the last 4k of messages in the ring buffer.
06938  *      4 -- Read and clear last 4k of messages in the ring buffer
06939  *      5 -- Clear ring buffer.
06940  */
06941 int sys_rsbac_log(int type,
06942                              char * buf,
06943                              int len)
06944   {
06945 #if defined(CONFIG_RSBAC_RMSG)
06946     /* lock_kernel is done in rsbac_log */
06947     return(rsbac_log(type,buf,len));
06948 #else
06949     return(0);
06950 #endif /* RMSG */
06951   }
06952 
06953 #if defined(CONFIG_RSBAC_INIT_DELAY)
06954 int sys_rsbac_init(char * path)
06955   {
06956     struct dentry * t_dentry = NULL;
06957     rsbac_boolean_t need_put = FALSE;
06958     int     err = 0;
06959 
06960     struct nameidata nd;
06961 
06962     if(!path)
06963       return rsbac_init(ROOT_DEV);
06964 
06965     if ((err = user_path_walk_link(path, &nd)))
06966       {
06967         goto out;
06968       }
06969     t_dentry = nd.dentry;
06970     need_put = TRUE;
06971     if (!t_dentry->d_inode)
06972       {
06973         err = -RSBAC_EINVALIDTARGET;
06974         goto out_dput;
06975       }
06976     /* is inode of type file, symlink or block/char device? */
06977     if(!S_ISBLK(t_dentry->d_inode->i_mode))
06978       { /* This is no file or device */
06979         err = -RSBAC_EINVALIDTARGET;
06980         goto out_dput;
06981       }
06982     err = rsbac_init(t_dentry->d_sb->s_dev);
06983 
06984 out_dput:
06985       if(need_put)
06986         path_release(&nd);
06987 out:
06988       return(err);
06989   }
06990 #endif
06991 
06992 #ifdef CONFIG_RSBAC_LIST_TRANS
06993 int sys_rsbac_list_ta_begin(
06994   rsbac_time_t ttl,
06995   rsbac_list_ta_number_t * ta_number_p,
06996   rsbac_uid_t commit_uid,
06997   char * password)
06998   {
06999     int err;
07000     rsbac_list_ta_number_t k_ta_number;
07001     char * k_password = NULL;
07002 
07003     if(password)
07004       {
07005         k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
07006         if(!k_password)
07007           return -ENOMEM;
07008         err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
07009         if(err)
07010           {
07011             rsbac_kfree(k_password);
07012             return err;
07013           }
07014         k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
07015       }
07016     err = rsbac_list_ta_begin(ttl, &k_ta_number, commit_uid, k_password);
07017     if(!err)
07018       err = rsbac_put_user((u_char *) &k_ta_number,
07019                            (u_char *) ta_number_p,
07020                            sizeof(k_ta_number) );
07021     if(k_password)
07022       rsbac_kfree(k_password);
07023     return err;
07024   }
07025 
07026 int sys_rsbac_list_ta_refresh(
07027   rsbac_time_t ttl,
07028   rsbac_list_ta_number_t ta_number,
07029   char * password)
07030   {
07031     int err;
07032     char * k_password;
07033 
07034     if(password)
07035       {
07036         k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
07037         if(!k_password)
07038           return -ENOMEM;
07039         err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
07040         if(err)
07041           {
07042             rsbac_kfree(k_password);
07043             return err;
07044           }
07045         k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
07046       }
07047     else
07048       k_password = NULL;
07049     err = rsbac_list_ta_refresh(ttl, ta_number, k_password);
07050     if(k_password)
07051       rsbac_kfree(k_password);
07052     return err;
07053   }
07054 
07055 int sys_rsbac_list_ta_commit(
07056   rsbac_list_ta_number_t ta_number,
07057   char * password)
07058   {
07059     int err;
07060     char * k_password;
07061 
07062     if(password)
07063       {
07064         k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
07065         if(!k_password)
07066           return -ENOMEM;
07067         err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
07068         if(err)
07069           {
07070             rsbac_kfree(k_password);
07071             return err;
07072           }
07073         k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
07074       }
07075     else
07076       k_password = NULL;
07077     err = rsbac_list_ta_commit(ta_number, k_password);
07078     if(k_password)
07079       rsbac_kfree(k_password);
07080     return err;
07081   }
07082 
07083 int sys_rsbac_list_ta_forget(
07084   rsbac_list_ta_number_t ta_number,
07085   char * password)
07086   {
07087     int err;
07088     char * k_password;
07089 
07090     if(password)
07091       {
07092         k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
07093         if(!k_password)
07094           return -ENOMEM;
07095         err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
07096         if(err)
07097           {
07098             rsbac_kfree(k_password);
07099             return err;
07100           }
07101         k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
07102       }
07103     else
07104       k_password = NULL;
07105     err = rsbac_list_ta_forget(ta_number, k_password);
07106     if(k_password)
07107       rsbac_kfree(k_password);
07108     return err;
07109   }
07110 #endif
07111 
07112 /* Big dispatcher for all syscalls */
07113 #ifdef rsbac_syscall4
07114 asmlinkage int sys_rsbac(int dummy,
07115                          rsbac_version_t version,
07116                          enum  rsbac_syscall_t call,
07117                          union rsbac_syscall_arg_t * arg_p)
07118 #else
07119 asmlinkage int sys_rsbac(rsbac_version_t version,
07120                          enum  rsbac_syscall_t call,
07121                          union rsbac_syscall_arg_t * arg_p)
07122 #endif
07123   {
07124     union rsbac_syscall_arg_t k_arg;
07125     int err;
07126 
07127     if (   ((version < RSBAC_VERSION_MAKE_NR(1,3,0)) || (version >= RSBAC_VERSION_MAKE_NR(1,4,0)))
07128         && (call != RSYS_version))
07129       return -RSBAC_EINVALIDVERSION;
07130 
07131     if(call >= RSYS_none)
07132       return -RSBAC_EINVALIDREQUEST;
07133 
07134     /* get values from user space */
07135     if(arg_p)
07136       {
07137         err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) );
07138         if(err)
07139           return err;
07140       }
07141     else
07142       {
07143         memset(&k_arg, 0, sizeof(k_arg));
07144       }
07145 
07146     switch(call)
07147       {
07148         case RSYS_version:
07149           return RSBAC_VERSION_NR;
07150         case RSYS_stats:
07151           return sys_rsbac_stats();
07152         case RSYS_check:
07153           return sys_rsbac_check(k_arg.check.correct, k_arg.check.check_inode);
07154         case RSYS_get_attr:
07155           return sys_rsbac_get_attr(k_arg.get_attr.ta_number,
07156                                     k_arg.get_attr.module,
07157                                     k_arg.get_attr.target,
07158                                     k_arg.get_attr.tid,
07159                                     k_arg.get_attr.attr,
07160                                     k_arg.get_attr.value,
07161                                     k_arg.get_attr.inherit);
07162         case RSYS_get_attr_n:
07163           return sys_rsbac_get_attr_n(k_arg.get_attr_n.ta_number,
07164                                       k_arg.get_attr_n.module,
07165                                       k_arg.get_attr_n.target,
07166                                       k_arg.get_attr_n.t_name,
07167                                       k_arg.get_attr_n.attr,
07168                                       k_arg.get_attr_n.value,
07169                                       k_arg.get_attr_n.inherit);
07170         case RSYS_set_attr:
07171           return sys_rsbac_set_attr(k_arg.set_attr.ta_number,
07172                                     k_arg.set_attr.module,
07173                                     k_arg.set_attr.target,
07174                                     k_arg.set_attr.tid,
07175                                     k_arg.set_attr.attr,
07176                                     k_arg.set_attr.value);
07177         case RSYS_set_attr_n:
07178           return sys_rsbac_set_attr_n(k_arg.set_attr_n.ta_number,
07179                                       k_arg.set_attr_n.module,
07180                                       k_arg.set_attr_n.target,
07181                                       k_arg.set_attr_n.t_name,
07182                                       k_arg.set_attr_n.attr,
07183                                       k_arg.set_attr_n.value);
07184         case RSYS_remove_target:
07185           return sys_rsbac_remove_target(k_arg.remove_target.ta_number,
07186                                          k_arg.remove_target.target,
07187                                          k_arg.remove_target.tid);
07188         case RSYS_remove_target_n:
07189           return sys_rsbac_remove_target_n(k_arg.remove_target_n.ta_number,
07190                                            k_arg.remove_target_n.target,
07191                                            k_arg.remove_target_n.t_name);
07192         case RSYS_net_list_all_netdev:
07193           return sys_rsbac_net_list_all_netdev(k_arg.net_list_all_netdev.ta_number,
07194                                                k_arg.net_list_all_netdev.id_p,
07195                                                k_arg.net_list_all_netdev.maxnum);
07196         case RSYS_net_template:
07197           return sys_rsbac_net_template(k_arg.net_template.ta_number,
07198                                         k_arg.net_template.call,
07199                                         k_arg.net_template.id,
07200                                         k_arg.net_template.data_p);
07201         case RSYS_net_list_all_template:
07202           return sys_rsbac_net_list_all_template(k_arg.net_list_all_template.ta_number,
07203                                                  k_arg.net_list_all_template.id_p,
07204                                                  k_arg.net_list_all_template.maxnum);
07205         case RSYS_switch:
07206           return sys_rsbac_switch(k_arg.switch_module.module,
07207                                   k_arg.switch_module.value);
07208         case RSYS_get_switch:
07209           return sys_rsbac_get_switch(k_arg.get_switch_module.module,
07210                                         k_arg.get_switch_module.value_p,
07211                                         k_arg.get_switch_module.switchable_p);
07212         case RSYS_adf_log_switch:
07213           return sys_rsbac_adf_log_switch(k_arg.adf_log_switch.request,
07214                                           k_arg.adf_log_switch.target,
07215                                           k_arg.adf_log_switch.value);
07216         case RSYS_get_adf_log:
07217           return sys_rsbac_get_adf_log(k_arg.get_adf_log.request,
07218                                        k_arg.get_adf_log.target,
07219                                        k_arg.get_adf_log.value_p);
07220         case RSYS_write:
07221           return sys_rsbac_write();
07222         case RSYS_log:
07223           return sys_rsbac_log(k_arg.log.type,
07224                                k_arg.log.buf,
07225                                k_arg.log.len);
07226         case RSYS_mac_set_curr_level:
07227           return sys_rsbac_mac_set_curr_level(k_arg.mac_set_curr_level.level,
07228                                               k_arg.mac_set_curr_level.categories_p);
07229         case RSYS_mac_get_curr_level:
07230           return sys_rsbac_mac_get_curr_level(k_arg.mac_get_curr_level.level_p,
07231                                               k_arg.mac_get_curr_level.categories_p);
07232         case RSYS_mac_get_max_level:
07233           return sys_rsbac_mac_get_max_level(k_arg.mac_get_max_level.level_p,
07234                                              k_arg.mac_get_max_level.categories_p);
07235         case RSYS_mac_get_min_level:
07236           return sys_rsbac_mac_get_min_level(k_arg.mac_get_min_level.level_p,
07237                                              k_arg.mac_get_min_level.categories_p);
07238         case RSYS_mac_add_p_tru:
07239           return sys_rsbac_mac_add_p_tru(k_arg.mac_add_p_tru.ta_number,
07240                                          k_arg.mac_add_p_tru.pid,
07241                                          k_arg.mac_add_p_tru.uid,
07242                                          k_arg.mac_add_p_tru.ttl);
07243         case RSYS_mac_remove_p_tru:
07244           return sys_rsbac_mac_remove_p_tru(k_arg.mac_remove_p_tru.ta_number,
07245                                             k_arg.mac_remove_p_tru.pid,
07246                                             k_arg.mac_add_p_tru.uid);
07247         case RSYS_mac_add_f_tru:
07248           return sys_rsbac_mac_add_f_tru(k_arg.mac_add_f_tru.ta_number,
07249                                          k_arg.mac_add_f_tru.filename,
07250                                          k_arg.mac_add_p_tru.uid,
07251                                          k_arg.mac_add_f_tru.ttl);
07252         case RSYS_mac_remove_f_tru:
07253           return sys_rsbac_mac_remove_f_tru(k_arg.mac_remove_f_tru.ta_number,
07254                                           k_arg.mac_remove_f_tru.filename,
07255                                           k_arg.mac_remove_f_tru.uid);
07256         case RSYS_mac_get_f_trulist:
07257           return sys_rsbac_mac_get_f_trulist(k_arg.mac_get_f_trulist.ta_number,
07258                                               k_arg.mac_get_f_trulist.filename,
07259                                               k_arg.mac_get_f_trulist.trulist,
07260                                               k_arg.mac_get_f_trulist.ttllist,
07261                                               k_arg.mac_get_f_trulist.maxnum);
07262         case RSYS_mac_get_p_trulist:
07263           return sys_rsbac_mac_get_p_trulist(k_arg.mac_get_p_trulist.ta_number,
07264                                              k_arg.mac_get_p_trulist.pid,
07265                                              k_arg.mac_get_p_trulist.trulist,
07266                                              k_arg.mac_get_p_trulist.ttllist,
07267                                              k_arg.mac_get_p_trulist.maxnum);
07268         case RSYS_stats_pm:
07269           return sys_rsbac_stats_pm();
07270         case RSYS_pm:
07271           return sys_rsbac_pm(k_arg.pm.ta_number,
07272                               k_arg.pm.function,
07273                               k_arg.pm.param_p,
07274                               k_arg.pm.ticket);
07275         case RSYS_pm_change_current_task:
07276           return sys_rsbac_pm_change_current_task(k_arg.pm_change_current_task.task);
07277         case RSYS_pm_create_file:
07278           return sys_rsbac_pm_create_file(k_arg.pm_create_file.filename,
07279                                           k_arg.pm_create_file.mode,
07280                                           k_arg.pm_create_file.object_class);
07281         case RSYS_daz_flush_cache:
07282           return sys_rsbac_daz_flush_cache();
07283         case RSYS_rc_copy_role:
07284           return sys_rsbac_rc_copy_role(k_arg.rc_copy_role.ta_number,
07285                                         k_arg.rc_copy_role.from_role,
07286                                         k_arg.rc_copy_role.to_role);
07287         case RSYS_rc_copy_type:
07288           return sys_rsbac_rc_copy_type(k_arg.rc_copy_type.ta_number,
07289                                         k_arg.rc_copy_type.target,
07290                                         k_arg.rc_copy_type.from_type,
07291                                         k_arg.rc_copy_type.to_type);
07292         case RSYS_rc_get_item:
07293           return sys_rsbac_rc_get_item(k_arg.rc_get_item.ta_number,
07294                                        k_arg.rc_get_item.target,
07295                                        k_arg.rc_get_item.tid_p,
07296                                        k_arg.rc_get_item.subtid_p,
07297                                        k_arg.rc_get_item.item,
07298                                        k_arg.rc_get_item.value_p,
07299                                        k_arg.rc_get_item.ttl_p);
07300         case RSYS_rc_set_item:
07301           return sys_rsbac_rc_set_item(k_arg.rc_set_item.ta_number,
07302                                        k_arg.rc_set_item.target,
07303                                        k_arg.rc_set_item.tid_p,
07304                                        k_arg.rc_set_item.subtid_p,
07305                                        k_arg.rc_set_item.item,
07306                                        k_arg.rc_set_item.value_p,
07307                                        k_arg.rc_set_item.ttl);
07308         case RSYS_rc_change_role:
07309           return sys_rsbac_rc_change_role(k_arg.rc_change_role.role, k_arg.rc_change_role.pass);
07310         case RSYS_rc_get_eff_rights_n:
07311           return sys_rsbac_rc_get_eff_rights_n(k_arg.rc_get_eff_rights_n.ta_number,
07312                                                k_arg.rc_get_eff_rights_n.target,
07313                                                k_arg.rc_get_eff_rights_n.t_name,
07314                                                k_arg.rc_get_eff_rights_n.request_vector_p,
07315                                                k_arg.rc_get_eff_rights_n.ttl_p);
07316         case RSYS_rc_get_list:
07317           return sys_rsbac_rc_get_list(k_arg.rc_get_list.ta_number,
07318                                        k_arg.rc_get_list.target,
07319                                        k_arg.rc_get_list.tid_p,
07320                                        k_arg.rc_get_list.item,
07321                                        k_arg.rc_get_list.maxnum,
07322                                        k_arg.rc_get_list.array_p,
07323                                        k_arg.rc_get_list.ttl_array_p);
07324         case RSYS_rc_get_current_role:
07325           return sys_rsbac_rc_get_current_role(k_arg.rc_get_current_role.role_p);
07326         case RSYS_rc_select_fd_create_type:
07327                 return sys_rsbac_rc_select_fd_create_type(k_arg.rc_select_fd_create_type.type);
07328         case RSYS_auth_add_p_cap:
07329           return sys_rsbac_auth_add_p_cap(k_arg.auth_add_p_cap.ta_number,
07330                                           k_arg.auth_add_p_cap.pid,
07331                                           k_arg.auth_add_p_cap.cap_type,
07332                                           k_arg.auth_add_p_cap.cap_range,
07333                                           k_arg.auth_add_p_cap.ttl);
07334         case RSYS_auth_remove_p_cap:
07335           return sys_rsbac_auth_remove_p_cap(k_arg.auth_remove_p_cap.ta_number,
07336                                              k_arg.auth_remove_p_cap.pid,
07337                                              k_arg.auth_remove_p_cap.cap_type,
07338                                              k_arg.auth_remove_p_cap.cap_range);
07339         case RSYS_auth_add_f_cap:
07340           return sys_rsbac_auth_add_f_cap(k_arg.auth_add_f_cap.ta_number,
07341                                           k_arg.auth_add_f_cap.filename,
07342                                           k_arg.auth_add_f_cap.cap_type,
07343                                           k_arg.auth_add_f_cap.cap_range,
07344                                           k_arg.auth_add_f_cap.ttl);
07345         case RSYS_auth_remove_f_cap:
07346           return sys_rsbac_auth_remove_f_cap(k_arg.auth_remove_f_cap.ta_number,
07347                                              k_arg.auth_remove_f_cap.filename,
07348                                              k_arg.auth_remove_f_cap.cap_type,
07349                                              k_arg.auth_remove_f_cap.cap_range);
07350         case RSYS_auth_get_f_caplist:
07351           return sys_rsbac_auth_get_f_caplist(k_arg.auth_get_f_caplist.ta_number,
07352                                               k_arg.auth_get_f_caplist.filename,
07353                                               k_arg.auth_get_f_caplist.cap_type,
07354                                               k_arg.auth_get_f_caplist.caplist,
07355                                               k_arg.auth_get_f_caplist.ttllist,
07356                                               k_arg.auth_get_f_caplist.maxnum);
07357         case RSYS_auth_get_p_caplist:
07358           return sys_rsbac_auth_get_p_caplist(k_arg.auth_get_p_caplist.ta_number,
07359                                               k_arg.auth_get_p_caplist.pid,
07360                                               k_arg.auth_get_p_caplist.cap_type,
07361                                               k_arg.auth_get_p_caplist.caplist,
07362                                               k_arg.auth_get_p_caplist.ttllist,
07363                                               k_arg.auth_get_p_caplist.maxnum);
07364         case RSYS_acl:
07365           return sys_rsbac_acl(k_arg.acl.ta_number,
07366                                k_arg.acl.call,
07367                                k_arg.acl.arg);
07368         case RSYS_acl_n:
07369           return sys_rsbac_acl_n(k_arg.acl_n.ta_number,
07370                                  k_arg.acl_n.call,
07371                                  k_arg.acl_n.arg);
07372         case RSYS_acl_get_rights:
07373           return sys_rsbac_acl_get_rights(k_arg.acl_get_rights.ta_number,
07374                                           k_arg.acl_get_rights.arg,
07375                                           k_arg.acl_get_rights.rights_p,
07376                                           k_arg.acl_get_rights.effective);
07377         case RSYS_acl_get_rights_n:
07378           return sys_rsbac_acl_get_rights_n(k_arg.acl_get_rights_n.ta_number,
07379                                             k_arg.acl_get_rights_n.arg,
07380                                             k_arg.acl_get_rights_n.rights_p,
07381                                             k_arg.acl_get_rights_n.effective);
07382         case RSYS_acl_get_tlist:
07383           return sys_rsbac_acl_get_tlist(k_arg.acl_get_tlist.ta_number,
07384                                          k_arg.acl_get_tlist.target,
07385                                          k_arg.acl_get_tlist.tid,
07386                                          k_arg.acl_get_tlist.entry_array,
07387                                          k_arg.acl_get_tlist.ttl_array,
07388                                          k_arg.acl_get_tlist.maxnum);
07389         case RSYS_acl_get_tlist_n:
07390           return sys_rsbac_acl_get_tlist_n(k_arg.acl_get_tlist_n.ta_number,
07391                                            k_arg.acl_get_tlist_n.target,
07392                                            k_arg.acl_get_tlist_n.t_name,
07393                                            k_arg.acl_get_tlist_n.entry_array,
07394                                            k_arg.acl_get_tlist_n.ttl_array,
07395                                            k_arg.acl_get_tlist_n.maxnum);
07396         case RSYS_acl_get_mask:
07397           return sys_rsbac_acl_get_mask(k_arg.acl_get_mask.ta_number,
07398                                         k_arg.acl_get_mask.target,
07399                                         k_arg.acl_get_mask.tid,
07400                                         k_arg.acl_get_mask.mask_p);
07401         case RSYS_acl_get_mask_n:
07402           return sys_rsbac_acl_get_mask_n(k_arg.acl_get_mask_n.ta_number,
07403                                           k_arg.acl_get_mask_n.target,
07404                                           k_arg.acl_get_mask_n.t_name,
07405                                           k_arg.acl_get_mask_n.mask_p);
07406         case RSYS_acl_group:
07407           return sys_rsbac_acl_group(k_arg.acl_group.ta_number,
07408                                      k_arg.acl_group.call,
07409                                      k_arg.acl_group.arg_p);
07410         case RSYS_acl_list_all_dev:
07411           return sys_rsbac_acl_list_all_dev(k_arg.acl_list_all_dev.ta_number,
07412                                             k_arg.acl_list_all_dev.id_p,
07413                                             k_arg.acl_list_all_dev.maxnum);
07414         case RSYS_acl_list_all_user:
07415           return sys_rsbac_acl_list_all_user(k_arg.acl_list_all_user.ta_number,
07416                                              k_arg.acl_list_all_user.id_p,
07417                                              k_arg.acl_list_all_user.maxnum);
07418         case RSYS_acl_list_all_group:
07419           return sys_rsbac_acl_list_all_group(k_arg.acl_list_all_group.ta_number,
07420                                               k_arg.acl_list_all_group.id_p,
07421                                               k_arg.acl_list_all_group.maxnum);
07422 
07423         case RSYS_reg:
07424           return sys_rsbac_reg(k_arg.reg.handle,
07425                                k_arg.reg.arg);
07426         case RSYS_jail:
07427 #ifdef CONFIG_RSBAC_JAIL
07428           return rsbac_jail_sys_jail(k_arg.jail.version,
07429                                      k_arg.jail.path,
07430                                      k_arg.jail.ip,
07431                                      k_arg.jail.flags,
07432                                      k_arg.jail.max_caps,
07433                                      k_arg.jail.scd_get,
07434                                      k_arg.jail.scd_modify);
07435 #else
07436           return -RSBAC_EINVALIDMODULE;
07437 #endif
07438 
07439 #if defined(CONFIG_RSBAC_INIT_DELAY)
07440         case RSYS_init:
07441           return sys_rsbac_init(k_arg.init.root_dev);
07442 #endif
07443 
07444         case RSYS_um_auth_name:
07445           return sys_rsbac_um_auth_name(k_arg.um_auth_name.name,
07446                                         k_arg.um_auth_name.pass);
07447         case RSYS_um_auth_uid:
07448           return sys_rsbac_um_auth_uid(k_arg.um_auth_uid.uid,
07449                                        k_arg.um_auth_uid.pass);
07450         case RSYS_um_add_user:
07451           return sys_rsbac_um_add_user(k_arg.um_add_user.ta_number,
07452                                        k_arg.um_add_user.uid,
07453                                        k_arg.um_add_user.entry_p,
07454                                        k_arg.um_add_user.pass,
07455                                        k_arg.um_add_user.ttl);
07456         case RSYS_um_add_group:
07457           return sys_rsbac_um_add_group(k_arg.um_add_group.ta_number,
07458                                         k_arg.um_add_group.gid,
07459                                         k_arg.um_add_group.entry_p,
07460                                         k_arg.um_add_group.pass,
07461                                         k_arg.um_add_group.ttl);
07462         case RSYS_um_add_gm:
07463           return sys_rsbac_um_add_gm(k_arg.um_add_gm.ta_number,
07464                                      k_arg.um_add_gm.uid,
07465                                      k_arg.um_add_gm.gid,
07466                                      k_arg.um_add_gm.ttl);
07467         case RSYS_um_mod_user:
07468           return sys_rsbac_um_mod_user(k_arg.um_mod_user.ta_number,
07469                                        k_arg.um_mod_user.uid,
07470                                        k_arg.um_mod_user.mod,
07471                                        k_arg.um_mod_user.data_p);
07472         case RSYS_um_mod_group:
07473           return sys_rsbac_um_mod_group(k_arg.um_mod_group.ta_number,
07474                                         k_arg.um_mod_group.gid,
07475                                         k_arg.um_mod_group.mod,
07476                                         k_arg.um_mod_group.data_p);
07477         case RSYS_um_get_user_item:
07478           return sys_rsbac_um_get_user_item(k_arg.um_get_user_item.ta_number,
07479                                             k_arg.um_get_user_item.uid,
07480                                             k_arg.um_get_user_item.mod,
07481                                             k_arg.um_get_user_item.data_p);
07482         case RSYS_um_get_group_item:
07483           return sys_rsbac_um_get_group_item(k_arg.um_get_group_item.ta_number,
07484                                              k_arg.um_get_group_item.gid,
07485                                              k_arg.um_get_group_item.mod,
07486                                              k_arg.um_get_group_item.data_p);
07487         case RSYS_um_remove_user:
07488           return sys_rsbac_um_remove_user(k_arg.um_remove_user.ta_number,
07489                                           k_arg.um_remove_user.uid);
07490         case RSYS_um_remove_group:
07491           return sys_rsbac_um_remove_group(k_arg.um_remove_group.ta_number,
07492                                            k_arg.um_remove_group.gid);
07493         case RSYS_um_remove_gm:
07494           return sys_rsbac_um_remove_gm(k_arg.um_remove_gm.ta_number,
07495                                         k_arg.um_remove_gm.uid,
07496                                         k_arg.um_remove_gm.gid);
07497         case RSYS_um_user_exists:
07498           return sys_rsbac_um_user_exists(k_arg.um_user_exists.ta_number,
07499                                           k_arg.um_user_exists.uid);
07500         case RSYS_um_get_next_user:
07501           return sys_rsbac_um_get_next_user(k_arg.um_get_next_user.ta_number,
07502                                             k_arg.um_get_next_user.old_user,
07503                                             k_arg.um_get_next_user.next_user_p);
07504         case RSYS_um_get_user_list:
07505           return sys_rsbac_um_get_user_list(k_arg.um_get_user_list.ta_number,
07506                                             k_arg.um_get_user_list.user_array,
07507                                             k_arg.um_get_user_list.maxnum);
07508         case RSYS_um_group_exists:
07509           return sys_rsbac_um_group_exists(k_arg.um_group_exists.ta_number,
07510                                           k_arg.um_group_exists.gid);
07511         case RSYS_um_get_gm_list:
07512           return sys_rsbac_um_get_gm_list(k_arg.um_get_gm_list.ta_number,
07513                                           k_arg.um_get_gm_list.user,
07514                                           k_arg.um_get_gm_list.group_array,
07515                                           k_arg.um_get_gm_list.maxnum);
07516         case RSYS_um_get_gm_user_list:
07517           return sys_rsbac_um_get_gm_user_list(k_arg.um_get_gm_user_list.ta_number,
07518                                                k_arg.um_get_gm_user_list.group,
07519                                                k_arg.um_get_gm_user_list.user_array,
07520                                                k_arg.um_get_gm_user_list.maxnum);
07521         case RSYS_um_get_group_list:
07522           return sys_rsbac_um_get_group_list(k_arg.um_get_group_list.ta_number,
07523                                              k_arg.um_get_group_list.group_array,
07524                                              k_arg.um_get_group_list.maxnum);
07525         case RSYS_um_get_uid:
07526           return sys_rsbac_um_get_uid(k_arg.um_get_uid.ta_number,
07527                                       k_arg.um_get_uid.name,
07528                                       k_arg.um_get_uid.uid_p);
07529         case RSYS_um_get_gid:
07530           return sys_rsbac_um_get_gid(k_arg.um_get_gid.ta_number,
07531                                       k_arg.um_get_gid.name,
07532                                       k_arg.um_get_gid.gid_p);
07533         case RSYS_um_set_pass:
07534           return sys_rsbac_um_set_pass(k_arg.um_set_pass.uid,
07535                                        k_arg.um_set_pass.old_pass,
07536                                        k_arg.um_set_pass.new_pass);
07537         case RSYS_um_set_pass_name:
07538           return sys_rsbac_um_set_pass_name(k_arg.um_set_pass_name.name,
07539                                        k_arg.um_set_pass_name.old_pass,
07540                                        k_arg.um_set_pass_name.new_pass);
07541         case RSYS_um_set_group_pass:
07542           return sys_rsbac_um_set_group_pass(k_arg.um_set_group_pass.gid,
07543                                              k_arg.um_set_group_pass.new_pass);
07544         case RSYS_um_check_account:
07545           return sys_rsbac_um_check_account(k_arg.um_check_account.uid);
07546         case RSYS_um_check_account_name:
07547           return sys_rsbac_um_check_account_name(k_arg.um_check_account_name.name);
07548 
07549 #ifdef CONFIG_RSBAC_LIST_TRANS
07550         case RSYS_list_ta_begin:
07551           return sys_rsbac_list_ta_begin(k_arg.list_ta_begin.ttl,
07552                                          k_arg.list_ta_begin.ta_number_p,
07553                                          k_arg.list_ta_begin.commit_uid,
07554                                          k_arg.list_ta_begin.password);
07555         case RSYS_list_ta_refresh:
07556           return sys_rsbac_list_ta_refresh(k_arg.list_ta_refresh.ttl,
07557                                            k_arg.list_ta_refresh.ta_number,
07558                                            k_arg.list_ta_refresh.password);
07559         case RSYS_list_ta_commit:
07560           return sys_rsbac_list_ta_commit(k_arg.list_ta_commit.ta_number,
07561                                           k_arg.list_ta_commit.password);
07562         case RSYS_list_ta_forget:
07563           return sys_rsbac_list_ta_forget(k_arg.list_ta_forget.ta_number,
07564                                           k_arg.list_ta_forget.password);
07565 #endif
07566 
07567         case RSYS_list_all_dev:
07568           return sys_rsbac_list_all_dev(k_arg.list_all_dev.ta_number,
07569                                         k_arg.list_all_dev.id_p,
07570                                         k_arg.list_all_dev.maxnum);
07571         case RSYS_list_all_user:
07572           return sys_rsbac_list_all_user(k_arg.list_all_user.ta_number,
07573                                          k_arg.list_all_user.id_p,
07574                                          k_arg.list_all_user.maxnum);
07575         case RSYS_list_all_group:
07576           return sys_rsbac_list_all_group(k_arg.list_all_group.ta_number,
07577                                           k_arg.list_all_group.id_p,
07578                                           k_arg.list_all_group.maxnum);
07579         case RSYS_list_all_ipc:
07580                 return sys_rsbac_list_all_ipc(k_arg.list_all_ipc.
07581                                                ta_number,
07582                                                k_arg.list_all_ipc.id_p,
07583                                                k_arg.list_all_ipc.maxnum);
07584 
07585         default:
07586           return -RSBAC_EINVALIDREQUEST;
07587       }
07588   }
07589 
07590 
07591 /* end of syscalls.c */

Generated on Wed May 16 11:53:50 2007 for RSBAC by  doxygen 1.5.1