#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/mac.h>
#include <rsbac/pm.h>
#include <rsbac/auth.h>
#include <rsbac/acl.h>
#include <rsbac/reg.h>
#include <rsbac/error.h>
#include <rsbac/debug.h>
#include <rsbac/helpers.h>
#include <rsbac/getname.h>
#include <rsbac/network.h>
#include <asm/semaphore.h>
#include <linux/sched.h>
#include <linux/file.h>
#include <rsbac/rkmem.h>
#include <rsbac/gen_lists.h>
#include <linux/smp_lock.h>
#include <asm/uaccess.h>
#include <linux/delay.h>
#include <rsbac/adf.h>
#include <rsbac/adf_main.h>
#include <rsbac/adf_syshelpers.h>
#include <rsbac/rc.h>
#include <rsbac/um.h>
#include <rsbac/um_types.h>
#include <rsbac/syscalls.h>
#include <linux/namei.h>
Go to the source code of this file.
asmlinkage int sys_rsbac | ( | rsbac_version_t | version, | |
enum rsbac_syscall_t | call, | |||
union rsbac_syscall_arg_t * | arg_p | |||
) |
Definition at line 7119 of file syscalls.c.
References rsbac_syscall_arg_t::acl, rsbac_syscall_arg_t::acl_get_mask, rsbac_syscall_arg_t::acl_get_mask_n, rsbac_syscall_arg_t::acl_get_rights, rsbac_syscall_arg_t::acl_get_rights_n, rsbac_syscall_arg_t::acl_get_tlist, rsbac_syscall_arg_t::acl_get_tlist_n, rsbac_syscall_arg_t::acl_group, rsbac_syscall_arg_t::acl_list_all_dev, rsbac_syscall_arg_t::acl_list_all_group, rsbac_syscall_arg_t::acl_list_all_user, rsbac_syscall_arg_t::acl_n, rsbac_syscall_arg_t::adf_log_switch, rsys_reg_t::arg, rsys_acl_get_rights_n_t::arg, rsys_acl_get_rights_t::arg, rsys_acl_n_t::arg, rsys_acl_t::arg, rsys_acl_group_t::arg_p, rsys_rc_get_list_t::array_p, rsys_set_attr_n_t::attr, rsys_set_attr_t::attr, rsys_get_attr_n_t::attr, rsys_get_attr_t::attr, rsbac_syscall_arg_t::auth_add_f_cap, rsbac_syscall_arg_t::auth_add_p_cap, rsbac_syscall_arg_t::auth_get_f_caplist, rsbac_syscall_arg_t::auth_get_p_caplist, rsbac_syscall_arg_t::auth_remove_f_cap, rsbac_syscall_arg_t::auth_remove_p_cap, rsys_log_t::buf, rsys_acl_group_t::call, rsys_acl_n_t::call, rsys_acl_t::call, rsys_net_template_t::call, rsys_auth_remove_f_cap_t::cap_range, rsys_auth_add_f_cap_t::cap_range, rsys_auth_remove_p_cap_t::cap_range, rsys_auth_add_p_cap_t::cap_range, rsys_auth_get_p_caplist_t::cap_type, rsys_auth_get_f_caplist_t::cap_type, rsys_auth_remove_f_cap_t::cap_type, rsys_auth_add_f_cap_t::cap_type, rsys_auth_remove_p_cap_t::cap_type, rsys_auth_add_p_cap_t::cap_type, rsys_auth_get_p_caplist_t::caplist, rsys_auth_get_f_caplist_t::caplist, rsys_mac_get_min_level_t::categories_p, rsys_mac_get_max_level_t::categories_p, rsys_mac_get_curr_level_t::categories_p, rsys_mac_set_curr_level_t::categories_p, rsbac_syscall_arg_t::check, rsys_check_t::check_inode, rsys_list_ta_begin_t::commit_uid, rsys_check_t::correct, rsys_um_get_group_item_t::data_p, rsys_um_get_user_item_t::data_p, rsys_um_mod_group_t::data_p, rsys_um_mod_user_t::data_p, rsys_net_template_t::data_p, rsys_acl_get_rights_n_t::effective, rsys_acl_get_rights_t::effective, rsys_acl_get_tlist_n_t::entry_array, rsys_acl_get_tlist_t::entry_array, rsys_um_add_group_t::entry_p, rsys_um_add_user_t::entry_p, rsys_auth_get_f_caplist_t::filename, rsys_auth_remove_f_cap_t::filename, rsys_auth_add_f_cap_t::filename, rsys_pm_create_file_t::filename, rsys_mac_get_f_trulist_t::filename, rsys_mac_remove_f_tru_t::filename, rsys_mac_add_f_tru_t::filename, rsys_jail_t::flags, rsys_rc_copy_role_t::from_role, rsys_rc_copy_type_t::from_type, rsys_pm_t::function, rsbac_syscall_arg_t::get_adf_log, rsbac_syscall_arg_t::get_attr, rsbac_syscall_arg_t::get_attr_n, rsbac_syscall_arg_t::get_switch_module, rsys_um_set_group_pass_t::gid, rsys_um_group_exists_t::gid, rsys_um_remove_gm_t::gid, rsys_um_remove_group_t::gid, rsys_um_get_group_item_t::gid, rsys_um_mod_group_t::gid, rsys_um_add_gm_t::gid, rsys_um_add_group_t::gid, rsys_um_get_gid_t::gid_p, rsys_um_get_gm_user_list_t::group, rsys_um_get_group_list_t::group_array, rsys_um_get_gm_list_t::group_array, rsys_reg_t::handle, rsys_net_template_t::id, rsys_list_all_ipc_t::id_p, rsys_list_all_group_t::id_p, rsys_list_all_user_t::id_p, rsys_list_all_dev_t::id_p, rsys_acl_list_all_group_t::id_p, rsys_acl_list_all_user_t::id_p, rsys_acl_list_all_dev_t::id_p, rsys_net_list_all_template_t::id_p, rsys_net_list_all_netdev_t::id_p, rsys_get_attr_n_t::inherit, rsys_get_attr_t::inherit, rsbac_syscall_arg_t::init, rsys_jail_t::ip, rsys_rc_get_list_t::item, rsys_rc_set_item_t::item, rsys_rc_get_item_t::item, rsbac_syscall_arg_t::jail, rsys_log_t::len, rsys_mac_set_curr_level_t::level, rsys_mac_get_min_level_t::level_p, rsys_mac_get_max_level_t::level_p, rsys_mac_get_curr_level_t::level_p, rsbac_syscall_arg_t::list_all_dev, rsbac_syscall_arg_t::list_all_group, rsbac_syscall_arg_t::list_all_ipc, rsbac_syscall_arg_t::list_all_user, rsbac_syscall_arg_t::list_ta_begin, rsbac_syscall_arg_t::list_ta_commit, rsbac_syscall_arg_t::list_ta_forget, rsbac_syscall_arg_t::list_ta_refresh, rsbac_syscall_arg_t::log, rsbac_syscall_arg_t::mac_add_f_tru, rsbac_syscall_arg_t::mac_add_p_tru, rsbac_syscall_arg_t::mac_get_curr_level, rsbac_syscall_arg_t::mac_get_f_trulist, rsbac_syscall_arg_t::mac_get_max_level, rsbac_syscall_arg_t::mac_get_min_level, rsbac_syscall_arg_t::mac_get_p_trulist, rsbac_syscall_arg_t::mac_remove_f_tru, rsbac_syscall_arg_t::mac_remove_p_tru, rsbac_syscall_arg_t::mac_set_curr_level, rsys_acl_get_mask_n_t::mask_p, rsys_acl_get_mask_t::mask_p, rsys_jail_t::max_caps, rsys_list_all_ipc_t::maxnum, rsys_list_all_group_t::maxnum, rsys_list_all_user_t::maxnum, rsys_list_all_dev_t::maxnum, rsys_um_get_group_list_t::maxnum, rsys_um_get_gm_user_list_t::maxnum, rsys_um_get_gm_list_t::maxnum, rsys_um_get_user_list_t::maxnum, rsys_acl_list_all_group_t::maxnum, rsys_acl_list_all_user_t::maxnum, rsys_acl_list_all_dev_t::maxnum, rsys_acl_get_tlist_n_t::maxnum, rsys_acl_get_tlist_t::maxnum, rsys_auth_get_p_caplist_t::maxnum, rsys_auth_get_f_caplist_t::maxnum, rsys_rc_get_list_t::maxnum, rsys_mac_get_p_trulist_t::maxnum, rsys_mac_get_f_trulist_t::maxnum, rsys_net_list_all_template_t::maxnum, rsys_net_list_all_netdev_t::maxnum, rsys_um_get_group_item_t::mod, rsys_um_get_user_item_t::mod, rsys_um_mod_group_t::mod, rsys_um_mod_user_t::mod, rsys_pm_create_file_t::mode, rsys_get_switch_t::module, rsys_switch_t::module, rsys_set_attr_n_t::module, rsys_set_attr_t::module, rsys_get_attr_n_t::module, rsys_get_attr_t::module, rsys_um_check_account_name_t::name, rsys_um_set_pass_name_t::name, rsys_um_get_gid_t::name, rsys_um_get_uid_t::name, rsys_um_auth_name_t::name, rsbac_syscall_arg_t::net_list_all_netdev, rsbac_syscall_arg_t::net_list_all_template, rsbac_syscall_arg_t::net_template, rsys_um_set_group_pass_t::new_pass, rsys_um_set_pass_name_t::new_pass, rsys_um_set_pass_t::new_pass, rsys_um_get_next_user_t::next_user_p, rsys_pm_create_file_t::object_class, rsys_um_set_pass_name_t::old_pass, rsys_um_set_pass_t::old_pass, rsys_um_get_next_user_t::old_user, rsys_pm_t::param_p, rsys_um_add_group_t::pass, rsys_um_add_user_t::pass, rsys_um_auth_uid_t::pass, rsys_um_auth_name_t::pass, rsys_rc_change_role_t::pass, rsys_list_ta_forget_t::password, rsys_list_ta_commit_t::password, rsys_list_ta_refresh_t::password, rsys_list_ta_begin_t::password, rsys_jail_t::path, rsys_auth_get_p_caplist_t::pid, rsys_auth_remove_p_cap_t::pid, rsys_auth_add_p_cap_t::pid, rsys_mac_get_p_trulist_t::pid, rsys_mac_remove_p_tru_t::pid, rsys_mac_add_p_tru_t::pid, rsbac_syscall_arg_t::pm, rsbac_syscall_arg_t::pm_change_current_task, rsbac_syscall_arg_t::pm_create_file, rsbac_syscall_arg_t::rc_change_role, rsbac_syscall_arg_t::rc_copy_role, rsbac_syscall_arg_t::rc_copy_type, rsbac_syscall_arg_t::rc_get_current_role, rsbac_syscall_arg_t::rc_get_eff_rights_n, rsbac_syscall_arg_t::rc_get_item, rsbac_syscall_arg_t::rc_get_list, rsbac_syscall_arg_t::rc_select_fd_create_type, rsbac_syscall_arg_t::rc_set_item, rsbac_syscall_arg_t::reg, rsbac_syscall_arg_t::remove_target, rsbac_syscall_arg_t::remove_target_n, rsys_get_adf_log_t::request, rsys_adf_log_switch_t::request, rsys_rc_get_eff_rights_n_t::request_vector_p, rsys_acl_get_rights_n_t::rights_p, rsys_acl_get_rights_t::rights_p, rsys_rc_change_role_t::role, rsys_rc_get_current_role_t::role_p, rsys_init_t::root_dev, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDVERSION, rsbac_jail_sys_jail(), RSBAC_VERSION_MAKE_NR, RSBAC_VERSION_NR, RSYS_acl, RSYS_acl_get_mask, RSYS_acl_get_mask_n, RSYS_acl_get_rights, RSYS_acl_get_rights_n, RSYS_acl_get_tlist, RSYS_acl_get_tlist_n, RSYS_acl_group, RSYS_acl_list_all_dev, RSYS_acl_list_all_group, RSYS_acl_list_all_user, RSYS_acl_n, RSYS_adf_log_switch, RSYS_auth_add_f_cap, RSYS_auth_add_p_cap, RSYS_auth_get_f_caplist, RSYS_auth_get_p_caplist, RSYS_auth_remove_f_cap, RSYS_auth_remove_p_cap, RSYS_check, RSYS_daz_flush_cache, RSYS_get_adf_log, RSYS_get_attr, RSYS_get_attr_n, RSYS_get_switch, RSYS_init, RSYS_jail, RSYS_list_all_dev, RSYS_list_all_group, RSYS_list_all_ipc, RSYS_list_all_user, RSYS_list_ta_begin, RSYS_list_ta_commit, RSYS_list_ta_forget, RSYS_list_ta_refresh, RSYS_log, RSYS_mac_add_f_tru, RSYS_mac_add_p_tru, RSYS_mac_get_curr_level, RSYS_mac_get_f_trulist, RSYS_mac_get_max_level, RSYS_mac_get_min_level, RSYS_mac_get_p_trulist, RSYS_mac_remove_f_tru, RSYS_mac_remove_p_tru, RSYS_mac_set_curr_level, RSYS_net_list_all_netdev, RSYS_net_list_all_template, RSYS_net_template, RSYS_none, RSYS_pm, RSYS_pm_change_current_task, RSYS_pm_create_file, RSYS_rc_change_role, RSYS_rc_copy_role, RSYS_rc_copy_type, RSYS_rc_get_current_role, RSYS_rc_get_eff_rights_n, RSYS_rc_get_item, RSYS_rc_get_list, RSYS_rc_select_fd_create_type, RSYS_rc_set_item, RSYS_reg, RSYS_remove_target, RSYS_remove_target_n, RSYS_set_attr, RSYS_set_attr_n, RSYS_stats, RSYS_stats_pm, RSYS_switch, RSYS_um_add_gm, RSYS_um_add_group, RSYS_um_add_user, RSYS_um_auth_name, RSYS_um_auth_uid, RSYS_um_check_account, RSYS_um_check_account_name, RSYS_um_get_gid, RSYS_um_get_gm_list, RSYS_um_get_gm_user_list, RSYS_um_get_group_item, RSYS_um_get_group_list, RSYS_um_get_next_user, RSYS_um_get_uid, RSYS_um_get_user_item, RSYS_um_get_user_list, RSYS_um_group_exists, RSYS_um_mod_group, RSYS_um_mod_user, RSYS_um_remove_gm, RSYS_um_remove_group, RSYS_um_remove_user, RSYS_um_set_group_pass, RSYS_um_set_pass, RSYS_um_set_pass_name, RSYS_um_user_exists, RSYS_version, RSYS_write, rsys_jail_t::scd_get, rsys_jail_t::scd_modify, rsbac_syscall_arg_t::set_attr, rsbac_syscall_arg_t::set_attr_n, rsys_rc_set_item_t::subtid_p, rsys_rc_get_item_t::subtid_p, rsbac_syscall_arg_t::switch_module, rsys_get_switch_t::switchable_p, sys_rsbac_acl(), sys_rsbac_acl_get_mask(), sys_rsbac_acl_get_mask_n(), sys_rsbac_acl_get_rights(), sys_rsbac_acl_get_rights_n(), sys_rsbac_acl_get_tlist(), sys_rsbac_acl_get_tlist_n(), sys_rsbac_acl_group(), sys_rsbac_acl_list_all_dev(), sys_rsbac_acl_list_all_group(), sys_rsbac_acl_list_all_user(), sys_rsbac_acl_n(), sys_rsbac_adf_log_switch(), sys_rsbac_auth_add_f_cap(), sys_rsbac_auth_add_p_cap(), sys_rsbac_auth_get_f_caplist(), sys_rsbac_auth_get_p_caplist(), sys_rsbac_auth_remove_f_cap(), sys_rsbac_auth_remove_p_cap(), sys_rsbac_check(), sys_rsbac_daz_flush_cache(), sys_rsbac_get_adf_log(), sys_rsbac_get_attr(), sys_rsbac_get_attr_n(), sys_rsbac_get_switch(), sys_rsbac_list_all_dev(), sys_rsbac_list_all_group(), sys_rsbac_list_all_ipc(), sys_rsbac_list_all_user(), sys_rsbac_log(), sys_rsbac_mac_add_f_tru(), sys_rsbac_mac_add_p_tru(), sys_rsbac_mac_get_curr_level(), sys_rsbac_mac_get_f_trulist(), sys_rsbac_mac_get_max_level(), sys_rsbac_mac_get_min_level(), sys_rsbac_mac_get_p_trulist(), sys_rsbac_mac_remove_f_tru(), sys_rsbac_mac_remove_p_tru(), sys_rsbac_mac_set_curr_level(), sys_rsbac_net_list_all_netdev(), sys_rsbac_net_list_all_template(), sys_rsbac_net_template(), sys_rsbac_pm(), sys_rsbac_pm_change_current_task(), sys_rsbac_pm_create_file(), sys_rsbac_rc_change_role(), sys_rsbac_rc_copy_role(), sys_rsbac_rc_copy_type(), sys_rsbac_rc_get_current_role(), sys_rsbac_rc_get_eff_rights_n(), sys_rsbac_rc_get_item(), sys_rsbac_rc_get_list(), sys_rsbac_rc_select_fd_create_type(), sys_rsbac_rc_set_item(), sys_rsbac_reg(), sys_rsbac_remove_target(), sys_rsbac_remove_target_n(), sys_rsbac_set_attr(), sys_rsbac_set_attr_n(), sys_rsbac_stats(), sys_rsbac_stats_pm(), sys_rsbac_switch(), sys_rsbac_um_add_gm(), sys_rsbac_um_add_group(), sys_rsbac_um_add_user(), sys_rsbac_um_auth_name(), sys_rsbac_um_auth_uid(), sys_rsbac_um_check_account(), sys_rsbac_um_check_account_name(), sys_rsbac_um_get_gid(), sys_rsbac_um_get_gm_list(), sys_rsbac_um_get_gm_user_list(), sys_rsbac_um_get_group_item(), sys_rsbac_um_get_group_list(), sys_rsbac_um_get_next_user(), sys_rsbac_um_get_uid(), sys_rsbac_um_get_user_item(), sys_rsbac_um_get_user_list(), sys_rsbac_um_group_exists(), sys_rsbac_um_mod_group(), sys_rsbac_um_mod_user(), sys_rsbac_um_remove_gm(), sys_rsbac_um_remove_group(), sys_rsbac_um_remove_user(), sys_rsbac_um_set_group_pass(), sys_rsbac_um_set_pass(), sys_rsbac_um_set_pass_name(), sys_rsbac_um_user_exists(), sys_rsbac_write(), rsys_acl_get_mask_n_t::t_name, rsys_acl_get_tlist_n_t::t_name, rsys_rc_get_eff_rights_n_t::t_name, rsys_remove_target_n_t::t_name, rsys_set_attr_n_t::t_name, rsys_get_attr_n_t::t_name, rsys_list_all_group_t::ta_number, rsys_list_all_user_t::ta_number, rsys_list_all_dev_t::ta_number, rsys_list_ta_forget_t::ta_number, rsys_list_ta_commit_t::ta_number, rsys_list_ta_refresh_t::ta_number, rsys_um_get_gid_t::ta_number, rsys_um_get_uid_t::ta_number, rsys_um_get_group_list_t::ta_number, rsys_um_get_gm_user_list_t::ta_number, rsys_um_get_gm_list_t::ta_number, rsys_um_group_exists_t::ta_number, rsys_um_get_user_list_t::ta_number, rsys_um_get_next_user_t::ta_number, rsys_um_user_exists_t::ta_number, rsys_um_remove_gm_t::ta_number, rsys_um_remove_group_t::ta_number, rsys_um_remove_user_t::ta_number, rsys_um_get_group_item_t::ta_number, rsys_um_get_user_item_t::ta_number, rsys_um_mod_group_t::ta_number, rsys_um_mod_user_t::ta_number, rsys_um_add_gm_t::ta_number, rsys_um_add_group_t::ta_number, rsys_um_add_user_t::ta_number, rsys_acl_list_all_group_t::ta_number, rsys_acl_list_all_user_t::ta_number, rsys_acl_list_all_dev_t::ta_number, rsys_acl_group_t::ta_number, rsys_acl_get_mask_n_t::ta_number, rsys_acl_get_mask_t::ta_number, rsys_acl_get_tlist_n_t::ta_number, rsys_acl_get_tlist_t::ta_number, rsys_acl_get_rights_n_t::ta_number, rsys_acl_get_rights_t::ta_number, rsys_acl_n_t::ta_number, rsys_acl_t::ta_number, rsys_auth_get_p_caplist_t::ta_number, rsys_auth_get_f_caplist_t::ta_number, rsys_auth_remove_f_cap_t::ta_number, rsys_auth_add_f_cap_t::ta_number, rsys_auth_remove_p_cap_t::ta_number, rsys_auth_add_p_cap_t::ta_number, rsys_rc_get_list_t::ta_number, rsys_rc_get_eff_rights_n_t::ta_number, rsys_rc_set_item_t::ta_number, rsys_rc_get_item_t::ta_number, rsys_rc_copy_type_t::ta_number, rsys_rc_copy_role_t::ta_number, rsys_pm_t::ta_number, rsys_mac_get_p_trulist_t::ta_number, rsys_mac_get_f_trulist_t::ta_number, rsys_mac_remove_f_tru_t::ta_number, rsys_mac_add_f_tru_t::ta_number, rsys_mac_remove_p_tru_t::ta_number, rsys_mac_add_p_tru_t::ta_number, rsys_net_list_all_template_t::ta_number, rsys_net_template_t::ta_number, rsys_net_list_all_netdev_t::ta_number, rsys_remove_target_n_t::ta_number, rsys_remove_target_t::ta_number, rsys_set_attr_n_t::ta_number, rsys_set_attr_t::ta_number, rsys_get_attr_n_t::ta_number, rsys_get_attr_t::ta_number, rsys_list_ta_begin_t::ta_number_p, rsys_acl_get_mask_n_t::target, rsys_acl_get_mask_t::target, rsys_acl_get_tlist_n_t::target, rsys_acl_get_tlist_t::target, rsys_rc_get_list_t::target, rsys_rc_get_eff_rights_n_t::target, rsys_rc_set_item_t::target, rsys_rc_get_item_t::target, rsys_rc_copy_type_t::target, rsys_get_adf_log_t::target, rsys_adf_log_switch_t::target, rsys_remove_target_n_t::target, rsys_remove_target_t::target, rsys_set_attr_n_t::target, rsys_set_attr_t::target, rsys_get_attr_n_t::target, rsys_get_attr_t::target, rsys_pm_change_current_task_t::task, rsys_pm_t::ticket, rsys_acl_get_mask_t::tid, rsys_acl_get_tlist_t::tid, rsys_remove_target_t::tid, rsys_set_attr_t::tid, rsys_get_attr_t::tid, rsys_rc_get_list_t::tid_p, rsys_rc_set_item_t::tid_p, rsys_rc_get_item_t::tid_p, rsys_rc_copy_role_t::to_role, rsys_rc_copy_type_t::to_type, rsys_mac_get_p_trulist_t::trulist, rsys_mac_get_f_trulist_t::trulist, rsys_list_ta_refresh_t::ttl, rsys_list_ta_begin_t::ttl, rsys_um_add_gm_t::ttl, rsys_um_add_group_t::ttl, rsys_um_add_user_t::ttl, rsys_auth_add_f_cap_t::ttl, rsys_auth_add_p_cap_t::ttl, rsys_rc_set_item_t::ttl, rsys_mac_add_f_tru_t::ttl, rsys_mac_add_p_tru_t::ttl, rsys_acl_get_tlist_n_t::ttl_array, rsys_acl_get_tlist_t::ttl_array, rsys_rc_get_list_t::ttl_array_p, rsys_rc_get_eff_rights_n_t::ttl_p, rsys_rc_get_item_t::ttl_p, rsys_auth_get_p_caplist_t::ttllist, rsys_auth_get_f_caplist_t::ttllist, rsys_mac_get_p_trulist_t::ttllist, rsys_mac_get_f_trulist_t::ttllist, rsys_rc_select_fd_create_type_t::type, rsys_log_t::type, rsys_um_check_account_t::uid, rsys_um_set_pass_t::uid, rsys_um_user_exists_t::uid, rsys_um_remove_gm_t::uid, rsys_um_remove_user_t::uid, rsys_um_get_user_item_t::uid, rsys_um_mod_user_t::uid, rsys_um_add_gm_t::uid, rsys_um_add_user_t::uid, rsys_um_auth_uid_t::uid, rsys_mac_remove_f_tru_t::uid, rsys_mac_add_p_tru_t::uid, rsys_um_get_uid_t::uid_p, rsbac_syscall_arg_t::um_add_gm, rsbac_syscall_arg_t::um_add_group, rsbac_syscall_arg_t::um_add_user, rsbac_syscall_arg_t::um_auth_name, rsbac_syscall_arg_t::um_auth_uid, rsbac_syscall_arg_t::um_check_account, rsbac_syscall_arg_t::um_check_account_name, rsbac_syscall_arg_t::um_get_gid, rsbac_syscall_arg_t::um_get_gm_list, rsbac_syscall_arg_t::um_get_gm_user_list, rsbac_syscall_arg_t::um_get_group_item, rsbac_syscall_arg_t::um_get_group_list, rsbac_syscall_arg_t::um_get_next_user, rsbac_syscall_arg_t::um_get_uid, rsbac_syscall_arg_t::um_get_user_item, rsbac_syscall_arg_t::um_get_user_list, rsbac_syscall_arg_t::um_group_exists, rsbac_syscall_arg_t::um_mod_group, rsbac_syscall_arg_t::um_mod_user, rsbac_syscall_arg_t::um_remove_gm, rsbac_syscall_arg_t::um_remove_group, rsbac_syscall_arg_t::um_remove_user, rsbac_syscall_arg_t::um_set_group_pass, rsbac_syscall_arg_t::um_set_pass, rsbac_syscall_arg_t::um_set_pass_name, rsbac_syscall_arg_t::um_user_exists, rsys_um_get_gm_list_t::user, rsys_um_get_gm_user_list_t::user_array, rsys_um_get_user_list_t::user_array, rsys_adf_log_switch_t::value, rsys_switch_t::value, rsys_set_attr_n_t::value, rsys_set_attr_t::value, rsys_get_attr_n_t::value, rsys_get_attr_t::value, rsys_rc_set_item_t::value_p, rsys_rc_get_item_t::value_p, rsys_get_adf_log_t::value_p, rsys_get_switch_t::value_p, and rsys_jail_t::version.
07123 { 07124 union rsbac_syscall_arg_t k_arg; 07125 int err; 07126 07127 if ( ((version < RSBAC_VERSION_MAKE_NR(1,3,0)) || (version >= RSBAC_VERSION_MAKE_NR(1,4,0))) 07128 && (call != RSYS_version)) 07129 return -RSBAC_EINVALIDVERSION; 07130 07131 if(call >= RSYS_none) 07132 return -RSBAC_EINVALIDREQUEST; 07133 07134 /* get values from user space */ 07135 if(arg_p) 07136 { 07137 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) ); 07138 if(err) 07139 return err; 07140 } 07141 else 07142 { 07143 memset(&k_arg, 0, sizeof(k_arg)); 07144 } 07145 07146 switch(call) 07147 { 07148 case RSYS_version: 07149 return RSBAC_VERSION_NR; 07150 case RSYS_stats: 07151 return sys_rsbac_stats(); 07152 case RSYS_check: 07153 return sys_rsbac_check(k_arg.check.correct, k_arg.check.check_inode); 07154 case RSYS_get_attr: 07155 return sys_rsbac_get_attr(k_arg.get_attr.ta_number, 07156 k_arg.get_attr.module, 07157 k_arg.get_attr.target, 07158 k_arg.get_attr.tid, 07159 k_arg.get_attr.attr, 07160 k_arg.get_attr.value, 07161 k_arg.get_attr.inherit); 07162 case RSYS_get_attr_n: 07163 return sys_rsbac_get_attr_n(k_arg.get_attr_n.ta_number, 07164 k_arg.get_attr_n.module, 07165 k_arg.get_attr_n.target, 07166 k_arg.get_attr_n.t_name, 07167 k_arg.get_attr_n.attr, 07168 k_arg.get_attr_n.value, 07169 k_arg.get_attr_n.inherit); 07170 case RSYS_set_attr: 07171 return sys_rsbac_set_attr(k_arg.set_attr.ta_number, 07172 k_arg.set_attr.module, 07173 k_arg.set_attr.target, 07174 k_arg.set_attr.tid, 07175 k_arg.set_attr.attr, 07176 k_arg.set_attr.value); 07177 case RSYS_set_attr_n: 07178 return sys_rsbac_set_attr_n(k_arg.set_attr_n.ta_number, 07179 k_arg.set_attr_n.module, 07180 k_arg.set_attr_n.target, 07181 k_arg.set_attr_n.t_name, 07182 k_arg.set_attr_n.attr, 07183 k_arg.set_attr_n.value); 07184 case RSYS_remove_target: 07185 return sys_rsbac_remove_target(k_arg.remove_target.ta_number, 07186 k_arg.remove_target.target, 07187 k_arg.remove_target.tid); 07188 case RSYS_remove_target_n: 07189 return sys_rsbac_remove_target_n(k_arg.remove_target_n.ta_number, 07190 k_arg.remove_target_n.target, 07191 k_arg.remove_target_n.t_name); 07192 case RSYS_net_list_all_netdev: 07193 return sys_rsbac_net_list_all_netdev(k_arg.net_list_all_netdev.ta_number, 07194 k_arg.net_list_all_netdev.id_p, 07195 k_arg.net_list_all_netdev.maxnum); 07196 case RSYS_net_template: 07197 return sys_rsbac_net_template(k_arg.net_template.ta_number, 07198 k_arg.net_template.call, 07199 k_arg.net_template.id, 07200 k_arg.net_template.data_p); 07201 case RSYS_net_list_all_template: 07202 return sys_rsbac_net_list_all_template(k_arg.net_list_all_template.ta_number, 07203 k_arg.net_list_all_template.id_p, 07204 k_arg.net_list_all_template.maxnum); 07205 case RSYS_switch: 07206 return sys_rsbac_switch(k_arg.switch_module.module, 07207 k_arg.switch_module.value); 07208 case RSYS_get_switch: 07209 return sys_rsbac_get_switch(k_arg.get_switch_module.module, 07210 k_arg.get_switch_module.value_p, 07211 k_arg.get_switch_module.switchable_p); 07212 case RSYS_adf_log_switch: 07213 return sys_rsbac_adf_log_switch(k_arg.adf_log_switch.request, 07214 k_arg.adf_log_switch.target, 07215 k_arg.adf_log_switch.value); 07216 case RSYS_get_adf_log: 07217 return sys_rsbac_get_adf_log(k_arg.get_adf_log.request, 07218 k_arg.get_adf_log.target, 07219 k_arg.get_adf_log.value_p); 07220 case RSYS_write: 07221 return sys_rsbac_write(); 07222 case RSYS_log: 07223 return sys_rsbac_log(k_arg.log.type, 07224 k_arg.log.buf, 07225 k_arg.log.len); 07226 case RSYS_mac_set_curr_level: 07227 return sys_rsbac_mac_set_curr_level(k_arg.mac_set_curr_level.level, 07228 k_arg.mac_set_curr_level.categories_p); 07229 case RSYS_mac_get_curr_level: 07230 return sys_rsbac_mac_get_curr_level(k_arg.mac_get_curr_level.level_p, 07231 k_arg.mac_get_curr_level.categories_p); 07232 case RSYS_mac_get_max_level: 07233 return sys_rsbac_mac_get_max_level(k_arg.mac_get_max_level.level_p, 07234 k_arg.mac_get_max_level.categories_p); 07235 case RSYS_mac_get_min_level: 07236 return sys_rsbac_mac_get_min_level(k_arg.mac_get_min_level.level_p, 07237 k_arg.mac_get_min_level.categories_p); 07238 case RSYS_mac_add_p_tru: 07239 return sys_rsbac_mac_add_p_tru(k_arg.mac_add_p_tru.ta_number, 07240 k_arg.mac_add_p_tru.pid, 07241 k_arg.mac_add_p_tru.uid, 07242 k_arg.mac_add_p_tru.ttl); 07243 case RSYS_mac_remove_p_tru: 07244 return sys_rsbac_mac_remove_p_tru(k_arg.mac_remove_p_tru.ta_number, 07245 k_arg.mac_remove_p_tru.pid, 07246 k_arg.mac_add_p_tru.uid); 07247 case RSYS_mac_add_f_tru: 07248 return sys_rsbac_mac_add_f_tru(k_arg.mac_add_f_tru.ta_number, 07249 k_arg.mac_add_f_tru.filename, 07250 k_arg.mac_add_p_tru.uid, 07251 k_arg.mac_add_f_tru.ttl); 07252 case RSYS_mac_remove_f_tru: 07253 return sys_rsbac_mac_remove_f_tru(k_arg.mac_remove_f_tru.ta_number, 07254 k_arg.mac_remove_f_tru.filename, 07255 k_arg.mac_remove_f_tru.uid); 07256 case RSYS_mac_get_f_trulist: 07257 return sys_rsbac_mac_get_f_trulist(k_arg.mac_get_f_trulist.ta_number, 07258 k_arg.mac_get_f_trulist.filename, 07259 k_arg.mac_get_f_trulist.trulist, 07260 k_arg.mac_get_f_trulist.ttllist, 07261 k_arg.mac_get_f_trulist.maxnum); 07262 case RSYS_mac_get_p_trulist: 07263 return sys_rsbac_mac_get_p_trulist(k_arg.mac_get_p_trulist.ta_number, 07264 k_arg.mac_get_p_trulist.pid, 07265 k_arg.mac_get_p_trulist.trulist, 07266 k_arg.mac_get_p_trulist.ttllist, 07267 k_arg.mac_get_p_trulist.maxnum); 07268 case RSYS_stats_pm: 07269 return sys_rsbac_stats_pm(); 07270 case RSYS_pm: 07271 return sys_rsbac_pm(k_arg.pm.ta_number, 07272 k_arg.pm.function, 07273 k_arg.pm.param_p, 07274 k_arg.pm.ticket); 07275 case RSYS_pm_change_current_task: 07276 return sys_rsbac_pm_change_current_task(k_arg.pm_change_current_task.task); 07277 case RSYS_pm_create_file: 07278 return sys_rsbac_pm_create_file(k_arg.pm_create_file.filename, 07279 k_arg.pm_create_file.mode, 07280 k_arg.pm_create_file.object_class); 07281 case RSYS_daz_flush_cache: 07282 return sys_rsbac_daz_flush_cache(); 07283 case RSYS_rc_copy_role: 07284 return sys_rsbac_rc_copy_role(k_arg.rc_copy_role.ta_number, 07285 k_arg.rc_copy_role.from_role, 07286 k_arg.rc_copy_role.to_role); 07287 case RSYS_rc_copy_type: 07288 return sys_rsbac_rc_copy_type(k_arg.rc_copy_type.ta_number, 07289 k_arg.rc_copy_type.target, 07290 k_arg.rc_copy_type.from_type, 07291 k_arg.rc_copy_type.to_type); 07292 case RSYS_rc_get_item: 07293 return sys_rsbac_rc_get_item(k_arg.rc_get_item.ta_number, 07294 k_arg.rc_get_item.target, 07295 k_arg.rc_get_item.tid_p, 07296 k_arg.rc_get_item.subtid_p, 07297 k_arg.rc_get_item.item, 07298 k_arg.rc_get_item.value_p, 07299 k_arg.rc_get_item.ttl_p); 07300 case RSYS_rc_set_item: 07301 return sys_rsbac_rc_set_item(k_arg.rc_set_item.ta_number, 07302 k_arg.rc_set_item.target, 07303 k_arg.rc_set_item.tid_p, 07304 k_arg.rc_set_item.subtid_p, 07305 k_arg.rc_set_item.item, 07306 k_arg.rc_set_item.value_p, 07307 k_arg.rc_set_item.ttl); 07308 case RSYS_rc_change_role: 07309 return sys_rsbac_rc_change_role(k_arg.rc_change_role.role, k_arg.rc_change_role.pass); 07310 case RSYS_rc_get_eff_rights_n: 07311 return sys_rsbac_rc_get_eff_rights_n(k_arg.rc_get_eff_rights_n.ta_number, 07312 k_arg.rc_get_eff_rights_n.target, 07313 k_arg.rc_get_eff_rights_n.t_name, 07314 k_arg.rc_get_eff_rights_n.request_vector_p, 07315 k_arg.rc_get_eff_rights_n.ttl_p); 07316 case RSYS_rc_get_list: 07317 return sys_rsbac_rc_get_list(k_arg.rc_get_list.ta_number, 07318 k_arg.rc_get_list.target, 07319 k_arg.rc_get_list.tid_p, 07320 k_arg.rc_get_list.item, 07321 k_arg.rc_get_list.maxnum, 07322 k_arg.rc_get_list.array_p, 07323 k_arg.rc_get_list.ttl_array_p); 07324 case RSYS_rc_get_current_role: 07325 return sys_rsbac_rc_get_current_role(k_arg.rc_get_current_role.role_p); 07326 case RSYS_rc_select_fd_create_type: 07327 return sys_rsbac_rc_select_fd_create_type(k_arg.rc_select_fd_create_type.type); 07328 case RSYS_auth_add_p_cap: 07329 return sys_rsbac_auth_add_p_cap(k_arg.auth_add_p_cap.ta_number, 07330 k_arg.auth_add_p_cap.pid, 07331 k_arg.auth_add_p_cap.cap_type, 07332 k_arg.auth_add_p_cap.cap_range, 07333 k_arg.auth_add_p_cap.ttl); 07334 case RSYS_auth_remove_p_cap: 07335 return sys_rsbac_auth_remove_p_cap(k_arg.auth_remove_p_cap.ta_number, 07336 k_arg.auth_remove_p_cap.pid, 07337 k_arg.auth_remove_p_cap.cap_type, 07338 k_arg.auth_remove_p_cap.cap_range); 07339 case RSYS_auth_add_f_cap: 07340 return sys_rsbac_auth_add_f_cap(k_arg.auth_add_f_cap.ta_number, 07341 k_arg.auth_add_f_cap.filename, 07342 k_arg.auth_add_f_cap.cap_type, 07343 k_arg.auth_add_f_cap.cap_range, 07344 k_arg.auth_add_f_cap.ttl); 07345 case RSYS_auth_remove_f_cap: 07346 return sys_rsbac_auth_remove_f_cap(k_arg.auth_remove_f_cap.ta_number, 07347 k_arg.auth_remove_f_cap.filename, 07348 k_arg.auth_remove_f_cap.cap_type, 07349 k_arg.auth_remove_f_cap.cap_range); 07350 case RSYS_auth_get_f_caplist: 07351 return sys_rsbac_auth_get_f_caplist(k_arg.auth_get_f_caplist.ta_number, 07352 k_arg.auth_get_f_caplist.filename, 07353 k_arg.auth_get_f_caplist.cap_type, 07354 k_arg.auth_get_f_caplist.caplist, 07355 k_arg.auth_get_f_caplist.ttllist, 07356 k_arg.auth_get_f_caplist.maxnum); 07357 case RSYS_auth_get_p_caplist: 07358 return sys_rsbac_auth_get_p_caplist(k_arg.auth_get_p_caplist.ta_number, 07359 k_arg.auth_get_p_caplist.pid, 07360 k_arg.auth_get_p_caplist.cap_type, 07361 k_arg.auth_get_p_caplist.caplist, 07362 k_arg.auth_get_p_caplist.ttllist, 07363 k_arg.auth_get_p_caplist.maxnum); 07364 case RSYS_acl: 07365 return sys_rsbac_acl(k_arg.acl.ta_number, 07366 k_arg.acl.call, 07367 k_arg.acl.arg); 07368 case RSYS_acl_n: 07369 return sys_rsbac_acl_n(k_arg.acl_n.ta_number, 07370 k_arg.acl_n.call, 07371 k_arg.acl_n.arg); 07372 case RSYS_acl_get_rights: 07373 return sys_rsbac_acl_get_rights(k_arg.acl_get_rights.ta_number, 07374 k_arg.acl_get_rights.arg, 07375 k_arg.acl_get_rights.rights_p, 07376 k_arg.acl_get_rights.effective); 07377 case RSYS_acl_get_rights_n: 07378 return sys_rsbac_acl_get_rights_n(k_arg.acl_get_rights_n.ta_number, 07379 k_arg.acl_get_rights_n.arg, 07380 k_arg.acl_get_rights_n.rights_p, 07381 k_arg.acl_get_rights_n.effective); 07382 case RSYS_acl_get_tlist: 07383 return sys_rsbac_acl_get_tlist(k_arg.acl_get_tlist.ta_number, 07384 k_arg.acl_get_tlist.target, 07385 k_arg.acl_get_tlist.tid, 07386 k_arg.acl_get_tlist.entry_array, 07387 k_arg.acl_get_tlist.ttl_array, 07388 k_arg.acl_get_tlist.maxnum); 07389 case RSYS_acl_get_tlist_n: 07390 return sys_rsbac_acl_get_tlist_n(k_arg.acl_get_tlist_n.ta_number, 07391 k_arg.acl_get_tlist_n.target, 07392 k_arg.acl_get_tlist_n.t_name, 07393 k_arg.acl_get_tlist_n.entry_array, 07394 k_arg.acl_get_tlist_n.ttl_array, 07395 k_arg.acl_get_tlist_n.maxnum); 07396 case RSYS_acl_get_mask: 07397 return sys_rsbac_acl_get_mask(k_arg.acl_get_mask.ta_number, 07398 k_arg.acl_get_mask.target, 07399 k_arg.acl_get_mask.tid, 07400 k_arg.acl_get_mask.mask_p); 07401 case RSYS_acl_get_mask_n: 07402 return sys_rsbac_acl_get_mask_n(k_arg.acl_get_mask_n.ta_number, 07403 k_arg.acl_get_mask_n.target, 07404 k_arg.acl_get_mask_n.t_name, 07405 k_arg.acl_get_mask_n.mask_p); 07406 case RSYS_acl_group: 07407 return sys_rsbac_acl_group(k_arg.acl_group.ta_number, 07408 k_arg.acl_group.call, 07409 k_arg.acl_group.arg_p); 07410 case RSYS_acl_list_all_dev: 07411 return sys_rsbac_acl_list_all_dev(k_arg.acl_list_all_dev.ta_number, 07412 k_arg.acl_list_all_dev.id_p, 07413 k_arg.acl_list_all_dev.maxnum); 07414 case RSYS_acl_list_all_user: 07415 return sys_rsbac_acl_list_all_user(k_arg.acl_list_all_user.ta_number, 07416 k_arg.acl_list_all_user.id_p, 07417 k_arg.acl_list_all_user.maxnum); 07418 case RSYS_acl_list_all_group: 07419 return sys_rsbac_acl_list_all_group(k_arg.acl_list_all_group.ta_number, 07420 k_arg.acl_list_all_group.id_p, 07421 k_arg.acl_list_all_group.maxnum); 07422 07423 case RSYS_reg: 07424 return sys_rsbac_reg(k_arg.reg.handle, 07425 k_arg.reg.arg); 07426 case RSYS_jail: 07427 #ifdef CONFIG_RSBAC_JAIL 07428 return rsbac_jail_sys_jail(k_arg.jail.version, 07429 k_arg.jail.path, 07430 k_arg.jail.ip, 07431 k_arg.jail.flags, 07432 k_arg.jail.max_caps, 07433 k_arg.jail.scd_get, 07434 k_arg.jail.scd_modify); 07435 #else 07436 return -RSBAC_EINVALIDMODULE; 07437 #endif 07438 07439 #if defined(CONFIG_RSBAC_INIT_DELAY) 07440 case RSYS_init: 07441 return sys_rsbac_init(k_arg.init.root_dev); 07442 #endif 07443 07444 case RSYS_um_auth_name: 07445 return sys_rsbac_um_auth_name(k_arg.um_auth_name.name, 07446 k_arg.um_auth_name.pass); 07447 case RSYS_um_auth_uid: 07448 return sys_rsbac_um_auth_uid(k_arg.um_auth_uid.uid, 07449 k_arg.um_auth_uid.pass); 07450 case RSYS_um_add_user: 07451 return sys_rsbac_um_add_user(k_arg.um_add_user.ta_number, 07452 k_arg.um_add_user.uid, 07453 k_arg.um_add_user.entry_p, 07454 k_arg.um_add_user.pass, 07455 k_arg.um_add_user.ttl); 07456 case RSYS_um_add_group: 07457 return sys_rsbac_um_add_group(k_arg.um_add_group.ta_number, 07458 k_arg.um_add_group.gid, 07459 k_arg.um_add_group.entry_p, 07460 k_arg.um_add_group.pass, 07461 k_arg.um_add_group.ttl); 07462 case RSYS_um_add_gm: 07463 return sys_rsbac_um_add_gm(k_arg.um_add_gm.ta_number, 07464 k_arg.um_add_gm.uid, 07465 k_arg.um_add_gm.gid, 07466 k_arg.um_add_gm.ttl); 07467 case RSYS_um_mod_user: 07468 return sys_rsbac_um_mod_user(k_arg.um_mod_user.ta_number, 07469 k_arg.um_mod_user.uid, 07470 k_arg.um_mod_user.mod, 07471 k_arg.um_mod_user.data_p); 07472 case RSYS_um_mod_group: 07473 return sys_rsbac_um_mod_group(k_arg.um_mod_group.ta_number, 07474 k_arg.um_mod_group.gid, 07475 k_arg.um_mod_group.mod, 07476 k_arg.um_mod_group.data_p); 07477 case RSYS_um_get_user_item: 07478 return sys_rsbac_um_get_user_item(k_arg.um_get_user_item.ta_number, 07479 k_arg.um_get_user_item.uid, 07480 k_arg.um_get_user_item.mod, 07481 k_arg.um_get_user_item.data_p); 07482 case RSYS_um_get_group_item: 07483 return sys_rsbac_um_get_group_item(k_arg.um_get_group_item.ta_number, 07484 k_arg.um_get_group_item.gid, 07485 k_arg.um_get_group_item.mod, 07486 k_arg.um_get_group_item.data_p); 07487 case RSYS_um_remove_user: 07488 return sys_rsbac_um_remove_user(k_arg.um_remove_user.ta_number, 07489 k_arg.um_remove_user.uid); 07490 case RSYS_um_remove_group: 07491 return sys_rsbac_um_remove_group(k_arg.um_remove_group.ta_number, 07492 k_arg.um_remove_group.gid); 07493 case RSYS_um_remove_gm: 07494 return sys_rsbac_um_remove_gm(k_arg.um_remove_gm.ta_number, 07495 k_arg.um_remove_gm.uid, 07496 k_arg.um_remove_gm.gid); 07497 case RSYS_um_user_exists: 07498 return sys_rsbac_um_user_exists(k_arg.um_user_exists.ta_number, 07499 k_arg.um_user_exists.uid); 07500 case RSYS_um_get_next_user: 07501 return sys_rsbac_um_get_next_user(k_arg.um_get_next_user.ta_number, 07502 k_arg.um_get_next_user.old_user, 07503 k_arg.um_get_next_user.next_user_p); 07504 case RSYS_um_get_user_list: 07505 return sys_rsbac_um_get_user_list(k_arg.um_get_user_list.ta_number, 07506 k_arg.um_get_user_list.user_array, 07507 k_arg.um_get_user_list.maxnum); 07508 case RSYS_um_group_exists: 07509 return sys_rsbac_um_group_exists(k_arg.um_group_exists.ta_number, 07510 k_arg.um_group_exists.gid); 07511 case RSYS_um_get_gm_list: 07512 return sys_rsbac_um_get_gm_list(k_arg.um_get_gm_list.ta_number, 07513 k_arg.um_get_gm_list.user, 07514 k_arg.um_get_gm_list.group_array, 07515 k_arg.um_get_gm_list.maxnum); 07516 case RSYS_um_get_gm_user_list: 07517 return sys_rsbac_um_get_gm_user_list(k_arg.um_get_gm_user_list.ta_number, 07518 k_arg.um_get_gm_user_list.group, 07519 k_arg.um_get_gm_user_list.user_array, 07520 k_arg.um_get_gm_user_list.maxnum); 07521 case RSYS_um_get_group_list: 07522 return sys_rsbac_um_get_group_list(k_arg.um_get_group_list.ta_number, 07523 k_arg.um_get_group_list.group_array, 07524 k_arg.um_get_group_list.maxnum); 07525 case RSYS_um_get_uid: 07526 return sys_rsbac_um_get_uid(k_arg.um_get_uid.ta_number, 07527 k_arg.um_get_uid.name, 07528 k_arg.um_get_uid.uid_p); 07529 case RSYS_um_get_gid: 07530 return sys_rsbac_um_get_gid(k_arg.um_get_gid.ta_number, 07531 k_arg.um_get_gid.name, 07532 k_arg.um_get_gid.gid_p); 07533 case RSYS_um_set_pass: 07534 return sys_rsbac_um_set_pass(k_arg.um_set_pass.uid, 07535 k_arg.um_set_pass.old_pass, 07536 k_arg.um_set_pass.new_pass); 07537 case RSYS_um_set_pass_name: 07538 return sys_rsbac_um_set_pass_name(k_arg.um_set_pass_name.name, 07539 k_arg.um_set_pass_name.old_pass, 07540 k_arg.um_set_pass_name.new_pass); 07541 case RSYS_um_set_group_pass: 07542 return sys_rsbac_um_set_group_pass(k_arg.um_set_group_pass.gid, 07543 k_arg.um_set_group_pass.new_pass); 07544 case RSYS_um_check_account: 07545 return sys_rsbac_um_check_account(k_arg.um_check_account.uid); 07546 case RSYS_um_check_account_name: 07547 return sys_rsbac_um_check_account_name(k_arg.um_check_account_name.name); 07548 07549 #ifdef CONFIG_RSBAC_LIST_TRANS 07550 case RSYS_list_ta_begin: 07551 return sys_rsbac_list_ta_begin(k_arg.list_ta_begin.ttl, 07552 k_arg.list_ta_begin.ta_number_p, 07553 k_arg.list_ta_begin.commit_uid, 07554 k_arg.list_ta_begin.password); 07555 case RSYS_list_ta_refresh: 07556 return sys_rsbac_list_ta_refresh(k_arg.list_ta_refresh.ttl, 07557 k_arg.list_ta_refresh.ta_number, 07558 k_arg.list_ta_refresh.password); 07559 case RSYS_list_ta_commit: 07560 return sys_rsbac_list_ta_commit(k_arg.list_ta_commit.ta_number, 07561 k_arg.list_ta_commit.password); 07562 case RSYS_list_ta_forget: 07563 return sys_rsbac_list_ta_forget(k_arg.list_ta_forget.ta_number, 07564 k_arg.list_ta_forget.password); 07565 #endif 07566 07567 case RSYS_list_all_dev: 07568 return sys_rsbac_list_all_dev(k_arg.list_all_dev.ta_number, 07569 k_arg.list_all_dev.id_p, 07570 k_arg.list_all_dev.maxnum); 07571 case RSYS_list_all_user: 07572 return sys_rsbac_list_all_user(k_arg.list_all_user.ta_number, 07573 k_arg.list_all_user.id_p, 07574 k_arg.list_all_user.maxnum); 07575 case RSYS_list_all_group: 07576 return sys_rsbac_list_all_group(k_arg.list_all_group.ta_number, 07577 k_arg.list_all_group.id_p, 07578 k_arg.list_all_group.maxnum); 07579 case RSYS_list_all_ipc: 07580 return sys_rsbac_list_all_ipc(k_arg.list_all_ipc. 07581 ta_number, 07582 k_arg.list_all_ipc.id_p, 07583 k_arg.list_all_ipc.maxnum); 07584 07585 default: 07586 return -RSBAC_EINVALIDREQUEST; 07587 } 07588 }
int sys_rsbac_acl | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_acl_syscall_type_t | call, | |||
struct rsbac_acl_syscall_arg_t * | arg | |||
) |
Definition at line 3498 of file syscalls.c.
References ACLC_add_to_acl_entry, ACLC_none, ACLC_remove_acl, ACLC_remove_acl_entry, ACLC_remove_from_acl_entry, ACLC_remove_user, ACLC_set_acl_entry, ACLC_set_mask, ACLG_GLOBAL, ACLS_GROUP, ACLS_ROLE, ACLS_USER, rsbac_acl_group_entry_t::owner, RC_role_max_value, rsbac_acl_get_group_entry(), RSBAC_ACL_GROUP_EVERYONE, rsbac_acl_sys_add_to_acl_entry(), rsbac_acl_sys_remove_acl(), rsbac_acl_sys_remove_acl_entry(), rsbac_acl_sys_remove_from_acl_entry(), rsbac_acl_sys_remove_user(), rsbac_acl_sys_set_acl_entry(), rsbac_acl_sys_set_mask(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), T_NONE, T_USER, and rsbac_acl_group_entry_t::type.
Referenced by sys_rsbac().
03502 { 03503 #if defined(CONFIG_RSBAC_ACL) 03504 struct rsbac_acl_syscall_arg_t k_arg; 03505 /* union rsbac_target_id_t i_tid; */ 03506 int err = 0; 03507 03508 if(call >= ACLC_none) 03509 return(-RSBAC_EINVALIDREQUEST); 03510 if(!arg) 03511 return(-RSBAC_EINVALIDPOINTER); 03512 03513 /* get values from user space */ 03514 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) ); 03515 if(err < 0) 03516 return err; 03517 03518 if(k_arg.target >= T_NONE) 03519 return(-RSBAC_EINVALIDTARGET); 03520 /* rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): target = %u, call = %u, subj_type = %u, subj_id = %u!\n", 03521 k_arg.target, call, k_arg.subj_type, k_arg.subj_id); */ 03522 03523 #ifdef CONFIG_RSBAC_FREEZE 03524 if(rsbac_freeze) 03525 { 03526 rsbac_printk(KERN_WARNING 03527 "sys_rsbac_acl(): RSBAC configuration frozen, no administration allowed!\n"); 03528 return -EPERM; 03529 } 03530 #endif 03531 03532 if(call != ACLC_set_mask) 03533 { 03534 switch(k_arg.subj_type) 03535 { 03536 case ACLS_USER: 03537 break; 03538 case ACLS_GROUP: 03539 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE) 03540 { 03541 struct rsbac_acl_group_entry_t entry; 03542 rsbac_uid_t caller; 03543 03544 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry) 03545 || rsbac_get_owner(&caller) 03546 || ( (entry.owner != caller) 03547 && (entry.type != ACLG_GLOBAL) 03548 ) 03549 ) 03550 return(-RSBAC_EINVALIDVALUE); 03551 } 03552 break; 03553 #if defined(CONFIG_RSBAC_RC) 03554 case ACLS_ROLE: 03555 if(k_arg.subj_id > RC_role_max_value) 03556 { 03557 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid role %u!\n", k_arg.subj_id); 03558 return(-RSBAC_EINVALIDVALUE); 03559 } 03560 break; 03561 #endif 03562 default: 03563 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid subject type %u!\n", k_arg.subj_type); 03564 return(-RSBAC_EINVALIDVALUE); 03565 } 03566 if( (call == ACLC_remove_user) 03567 && (k_arg.target != T_USER) 03568 ) 03569 return -RSBAC_EINVALIDTARGET; 03570 03571 } 03572 03573 /* call acl function */ 03574 switch(call) 03575 { 03576 case ACLC_set_acl_entry: 03577 err = rsbac_acl_sys_set_acl_entry(ta_number, 03578 k_arg.target, 03579 k_arg.tid, 03580 k_arg.subj_type, 03581 k_arg.subj_id, 03582 k_arg.rights, 03583 k_arg.ttl); 03584 break; 03585 case ACLC_remove_acl_entry: 03586 err = rsbac_acl_sys_remove_acl_entry(ta_number, 03587 k_arg.target, 03588 k_arg.tid, 03589 k_arg.subj_type, 03590 k_arg.subj_id); 03591 break; 03592 case ACLC_remove_acl: 03593 err = rsbac_acl_sys_remove_acl(ta_number, 03594 k_arg.target, 03595 k_arg.tid); 03596 break; 03597 case ACLC_add_to_acl_entry: 03598 err = rsbac_acl_sys_add_to_acl_entry(ta_number, 03599 k_arg.target, 03600 k_arg.tid, 03601 k_arg.subj_type, 03602 k_arg.subj_id, 03603 k_arg.rights, 03604 k_arg.ttl); 03605 break; 03606 case ACLC_remove_from_acl_entry: 03607 err = rsbac_acl_sys_remove_from_acl_entry(ta_number, 03608 k_arg.target, 03609 k_arg.tid, 03610 k_arg.subj_type, 03611 k_arg.subj_id, 03612 k_arg.rights); 03613 break; 03614 case ACLC_set_mask: 03615 err = rsbac_acl_sys_set_mask(ta_number, 03616 k_arg.target, 03617 k_arg.tid, 03618 k_arg.rights); 03619 break; 03620 case ACLC_remove_user: 03621 err = rsbac_acl_sys_remove_user(ta_number, 03622 k_arg.tid.user); 03623 break; 03624 03625 default: 03626 err = -RSBAC_EINVALIDREQUEST; 03627 } 03628 return (err); 03629 #else 03630 return (-RSBAC_EINVALIDMODULE); 03631 #endif 03632 } /* end of sys_rsbac_acl() */
int sys_rsbac_acl_get_mask | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid, | |||
rsbac_acl_rights_vector_t * | mask_p | |||
) |
Definition at line 4546 of file syscalls.c.
References NULL, rsbac_acl_sys_get_mask(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, and T_UNIXSOCK.
Referenced by sys_rsbac().
04551 { 04552 #if defined(CONFIG_RSBAC_ACL) 04553 union rsbac_target_id_t k_tid; 04554 rsbac_acl_rights_vector_t k_mask; 04555 int err = 0; 04556 04557 if(!tid || (target >= T_NONE)) 04558 return(-RSBAC_EINVALIDTARGET); 04559 if(!mask_p) 04560 return(-RSBAC_EINVALIDPOINTER); 04561 04562 /* get values from user space */ 04563 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 04564 switch (target) { 04565 case T_FD: 04566 return -RSBAC_EINVALIDTARGET; 04567 case T_FILE: 04568 case T_DIR: 04569 case T_FIFO: 04570 case T_UNIXSOCK: 04571 case T_SYMLINK: 04572 k_tid.file.dentry_p = NULL; 04573 k_tid.dir.dentry_p = NULL; 04574 default: 04575 break; 04576 } 04577 /* call acl function */ 04578 err = rsbac_acl_sys_get_mask(ta_number, target, k_tid, &k_mask); 04579 if(!err) 04580 { 04581 rsbac_put_user((u_char *) &k_mask, 04582 (u_char *) mask_p, 04583 sizeof(k_mask) ); 04584 } 04585 return err; 04586 #else 04587 return -RSBAC_EINVALIDMODULE; 04588 #endif 04589 } /* end of sys_rsbac_acl_get_mask() */
int sys_rsbac_acl_get_mask_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
char * | t_name, | |||
rsbac_acl_rights_vector_t * | mask_p | |||
) |
Definition at line 4591 of file syscalls.c.
References D_block, D_char, rsbac_target_id_t::dev, FALSE, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_acl_sys_get_mask(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, rsbac_printk(), RSBAC_ZERO_DEV_DESC, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, T_UNIXSOCK, TRUE, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
04596 { 04597 #if defined(CONFIG_RSBAC_ACL) 04598 struct dentry * t_dentry = NULL; 04599 rsbac_acl_rights_vector_t k_mask; 04600 rsbac_boolean_t need_put = FALSE; 04601 int err = 0; 04602 union rsbac_target_id_t tid; 04603 04604 struct nameidata nd; 04605 04606 if(target >= T_NONE) 04607 return(-RSBAC_EINVALIDTARGET); 04608 if(!mask_p) 04609 return(-RSBAC_EINVALIDPOINTER); 04610 04611 switch (target) 04612 { 04613 case T_FD: 04614 case T_FILE: 04615 case T_DIR: 04616 case T_FIFO: 04617 case T_UNIXSOCK: 04618 case T_SYMLINK: 04619 if(t_name) 04620 { 04621 if ((err = user_path_walk_link(t_name, &nd))) 04622 { 04623 #ifdef CONFIG_RSBAC_DEBUG 04624 if (rsbac_debug_aef_acl) 04625 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err); 04626 #endif 04627 goto out; 04628 } 04629 t_dentry = nd.dentry; 04630 need_put = TRUE; 04631 if (!t_dentry->d_inode) 04632 { 04633 err = -RSBAC_EINVALIDTARGET; 04634 goto out_dput; 04635 } 04636 /* is inode of type file, symlink or block/char device? */ 04637 switch(target) 04638 { 04639 case T_FD: 04640 if(S_ISREG(t_dentry->d_inode->i_mode)) 04641 { 04642 target = T_FILE; 04643 } 04644 else 04645 if(S_ISDIR(t_dentry->d_inode->i_mode)) 04646 { 04647 target = T_DIR; 04648 } 04649 else 04650 if(S_ISLNK(t_dentry->d_inode->i_mode)) 04651 { 04652 target = T_SYMLINK; 04653 } 04654 else 04655 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 04656 { 04657 target = T_FIFO; 04658 } 04659 else 04660 if(S_ISSOCK(t_dentry->d_inode->i_mode)) 04661 { 04662 target = T_UNIXSOCK; 04663 } 04664 else 04665 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04666 { 04667 target = T_FILE; 04668 } 04669 else 04670 if(S_ISCHR(t_dentry->d_inode->i_mode)) 04671 { 04672 target = T_FILE; 04673 } 04674 else 04675 { /* This is no file or device */ 04676 err = -RSBAC_EINVALIDTARGET; 04677 goto out_dput; 04678 } 04679 break; 04680 case T_FILE: 04681 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 04682 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 04683 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04684 { /* This is no file or device */ 04685 err = -RSBAC_EINVALIDTARGET; 04686 goto out_dput; 04687 } 04688 break; 04689 case T_DIR: 04690 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 04691 { /* This is no dir */ 04692 err = -RSBAC_EINVALIDTARGET; 04693 goto out_dput; 04694 } 04695 break; 04696 case T_FIFO: 04697 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 04698 { /* This is no fifo */ 04699 err = -RSBAC_EINVALIDTARGET; 04700 goto out_dput; 04701 } 04702 break; 04703 case T_UNIXSOCK: 04704 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode))) 04705 { 04706 err = -RSBAC_EINVALIDTARGET; 04707 goto out_dput; 04708 } 04709 break; 04710 case T_SYMLINK: 04711 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 04712 { /* This is no symlink */ 04713 err = -RSBAC_EINVALIDTARGET; 04714 goto out_dput; 04715 } 04716 break; 04717 default: 04718 err = -RSBAC_EINVALIDTARGET; 04719 goto out_dput; 04720 } 04721 tid.file.device = t_dentry->d_sb->s_dev; 04722 tid.file.inode = t_dentry->d_inode->i_ino; 04723 tid.file.dentry_p = t_dentry; 04724 } 04725 else 04726 { 04727 if(target == T_FD) 04728 target = T_FILE; 04729 tid.file.device = RSBAC_ZERO_DEV; 04730 tid.file.inode = 0; 04731 tid.file.dentry_p = NULL; 04732 } 04733 break; 04734 04735 case T_DEV: 04736 if(t_name) 04737 { 04738 if ((err = user_path_walk_link(t_name, &nd))) 04739 { 04740 #ifdef CONFIG_RSBAC_DEBUG 04741 if (rsbac_debug_aef_acl) 04742 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err); 04743 #endif 04744 goto out; 04745 } 04746 t_dentry = nd.dentry; 04747 need_put = TRUE; 04748 if (!t_dentry->d_inode) 04749 { 04750 err = -RSBAC_EINVALIDTARGET; 04751 goto out_dput; 04752 } 04753 /* is inode of type block/char device? */ 04754 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 04755 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04756 { /* This is no file or device */ 04757 err = -RSBAC_EINVALIDTARGET; 04758 goto out_dput; 04759 } 04760 /* fill target id and call internal function */ 04761 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04762 tid.dev.type = D_block; 04763 else 04764 tid.dev.type = D_char; 04765 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 04766 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 04767 } 04768 else 04769 { 04770 tid.dev = RSBAC_ZERO_DEV_DESC; 04771 } 04772 break; 04773 04774 default: 04775 return -RSBAC_EINVALIDTARGET; 04776 } 04777 /* call ACL function */ 04778 err = rsbac_acl_sys_get_mask(ta_number, target, tid, &k_mask); 04779 04780 out_dput: 04781 if(need_put) 04782 path_release(&nd); 04783 out: 04784 if(!err) 04785 { 04786 rsbac_put_user((u_char *) &k_mask, 04787 (u_char *) mask_p, 04788 sizeof(k_mask) ); 04789 } 04790 return(err); 04791 04792 #else 04793 return (-RSBAC_EINVALIDMODULE); 04794 #endif 04795 } /* end of sys_rsbac_acl_get_mask_n() */
int sys_rsbac_acl_get_rights | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_acl_syscall_arg_t * | arg, | |||
rsbac_acl_rights_vector_t * | rights_p, | |||
u_int | effective | |||
) |
Definition at line 3942 of file syscalls.c.
References ACLG_GLOBAL, ACLS_GROUP, ACLS_ROLE, ACLS_USER, rsbac_acl_group_entry_t::owner, RC_role_max_value, rsbac_acl_get_group_entry(), RSBAC_ACL_GROUP_EVERYONE, rsbac_acl_sys_get_rights(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), T_NONE, and rsbac_acl_group_entry_t::type.
Referenced by sys_rsbac().
03947 { 03948 #if defined(CONFIG_RSBAC_ACL) 03949 struct rsbac_acl_syscall_arg_t k_arg; 03950 rsbac_acl_rights_vector_t k_rights = 0; 03951 int err = 0; 03952 03953 if(!arg || !rights_p) 03954 return(-RSBAC_EINVALIDPOINTER); 03955 /* get values from user space */ 03956 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) ); 03957 03958 if(k_arg.target >= T_NONE) 03959 return(-RSBAC_EINVALIDTARGET); 03960 /* printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): target = %u, subj_type = %u, subj_id = %u!\n", 03961 k_arg.target, k_arg.subj_type, k_arg.subj_id); */ 03962 switch(k_arg.subj_type) 03963 { 03964 case ACLS_USER: 03965 break; 03966 case ACLS_GROUP: 03967 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE) 03968 { 03969 struct rsbac_acl_group_entry_t entry; 03970 rsbac_uid_t caller; 03971 03972 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry) 03973 || rsbac_get_owner(&caller) 03974 || ( (entry.owner != caller) 03975 && (entry.type != ACLG_GLOBAL) 03976 ) 03977 ) 03978 return(-RSBAC_EINVALIDVALUE); 03979 } 03980 break; 03981 case ACLS_ROLE: 03982 #if defined(CONFIG_RSBAC_RC) 03983 if(k_arg.subj_id > RC_role_max_value) 03984 return(-RSBAC_EINVALIDVALUE); 03985 #endif 03986 break; 03987 default: 03988 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): Invalid subject type %u!\n", k_arg.subj_type); 03989 return(-RSBAC_EINVALIDVALUE); 03990 } 03991 03992 /* call acl function */ 03993 err = rsbac_acl_sys_get_rights(ta_number, 03994 k_arg.target, 03995 k_arg.tid, 03996 k_arg.subj_type, 03997 k_arg.subj_id, 03998 &k_rights, 03999 effective); 04000 if(!err) 04001 { 04002 err = rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) ); 04003 } 04004 return (err); 04005 #else 04006 return (-RSBAC_EINVALIDMODULE); 04007 #endif 04008 } /* end of sys_rsbac_acl_get_rights() */
int sys_rsbac_acl_get_rights_n | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_acl_syscall_n_arg_t * | arg, | |||
rsbac_acl_rights_vector_t * | rights_p, | |||
u_int | effective | |||
) |
Definition at line 4011 of file syscalls.c.
References ACLG_GLOBAL, ACLS_GROUP, ACLS_ROLE, ACLS_USER, D_block, D_char, rsbac_target_id_t::dev, FALSE, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_acl_group_entry_t::owner, RC_role_max_value, rsbac_acl_get_group_entry(), RSBAC_ACL_GROUP_EVERYONE, rsbac_acl_sys_get_rights(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), RSBAC_ZERO_DEV_DESC, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, T_UNIXSOCK, TRUE, rsbac_dev_desc_t::type, and rsbac_acl_group_entry_t::type.
Referenced by sys_rsbac().
04016 { 04017 #if defined(CONFIG_RSBAC_ACL) 04018 struct dentry * t_dentry = NULL; 04019 rsbac_boolean_t need_put = FALSE; 04020 int err = 0; 04021 union rsbac_target_id_t tid; 04022 struct rsbac_acl_syscall_n_arg_t k_arg; 04023 rsbac_acl_rights_vector_t k_rights = 0; 04024 04025 struct nameidata nd; 04026 04027 if(!arg || !rights_p) 04028 return(-RSBAC_EINVALIDPOINTER); 04029 /* get values from user space */ 04030 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) ); 04031 04032 if(k_arg.target >= T_NONE) 04033 return(-RSBAC_EINVALIDTARGET); 04034 switch(k_arg.subj_type) 04035 { 04036 case ACLS_USER: 04037 break; 04038 case ACLS_GROUP: 04039 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE) 04040 { 04041 struct rsbac_acl_group_entry_t entry; 04042 rsbac_uid_t caller; 04043 04044 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry) 04045 || rsbac_get_owner(&caller) 04046 || ( (entry.owner != caller) 04047 && (entry.type != ACLG_GLOBAL) 04048 ) 04049 ) 04050 return(-RSBAC_EINVALIDVALUE); 04051 } 04052 break; 04053 case ACLS_ROLE: 04054 #if defined(CONFIG_RSBAC_RC) 04055 if(k_arg.subj_id > RC_role_max_value) 04056 return(-RSBAC_EINVALIDVALUE); 04057 #endif 04058 break; 04059 default: 04060 return(-RSBAC_EINVALIDVALUE); 04061 } 04062 04063 switch (k_arg.target) 04064 { 04065 case T_FD: 04066 case T_FILE: 04067 case T_DIR: 04068 case T_FIFO: 04069 case T_UNIXSOCK: 04070 case T_SYMLINK: 04071 if(k_arg.name) 04072 { 04073 if ((err = user_path_walk_link(k_arg.name, &nd))) 04074 { 04075 #ifdef CONFIG_RSBAC_DEBUG 04076 if (rsbac_debug_aef_acl) 04077 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err); 04078 #endif 04079 goto out; 04080 } 04081 t_dentry = nd.dentry; 04082 need_put = TRUE; 04083 if (!t_dentry->d_inode) 04084 { 04085 err = -RSBAC_EINVALIDTARGET; 04086 goto out_dput; 04087 } 04088 /* is inode of type file, symlink or block/char device? */ 04089 switch(k_arg.target) 04090 { 04091 case T_FD: 04092 if(S_ISREG(t_dentry->d_inode->i_mode)) 04093 { 04094 k_arg.target = T_FILE; 04095 } 04096 else 04097 if(S_ISDIR(t_dentry->d_inode->i_mode)) 04098 { 04099 k_arg.target = T_DIR; 04100 } 04101 else 04102 if(S_ISLNK(t_dentry->d_inode->i_mode)) 04103 { 04104 k_arg.target = T_SYMLINK; 04105 } 04106 else 04107 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 04108 { 04109 k_arg.target = T_FIFO; 04110 } 04111 else 04112 if(S_ISSOCK(t_dentry->d_inode->i_mode)) 04113 { 04114 k_arg.target = T_UNIXSOCK; 04115 } 04116 else 04117 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04118 { 04119 k_arg.target = T_FILE; 04120 } 04121 else 04122 if(S_ISCHR(t_dentry->d_inode->i_mode)) 04123 { 04124 k_arg.target = T_FILE; 04125 } 04126 else 04127 { /* This is no file or device */ 04128 err = -RSBAC_EINVALIDTARGET; 04129 goto out_dput; 04130 } 04131 break; 04132 case T_FILE: 04133 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 04134 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 04135 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04136 { /* This is no file or device */ 04137 err = -RSBAC_EINVALIDTARGET; 04138 goto out_dput; 04139 } 04140 break; 04141 case T_DIR: 04142 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 04143 { /* This is no dir */ 04144 err = -RSBAC_EINVALIDTARGET; 04145 goto out_dput; 04146 } 04147 break; 04148 case T_FIFO: 04149 /* is inode of type fifo? */ 04150 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 04151 { /* This is no fifo */ 04152 err = -RSBAC_EINVALIDTARGET; 04153 goto out_dput; 04154 } 04155 break; 04156 case T_UNIXSOCK: 04157 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode))) 04158 { 04159 err = -RSBAC_EINVALIDTARGET; 04160 goto out_dput; 04161 } 04162 break; 04163 case T_SYMLINK: 04164 /* is inode of type symlink? */ 04165 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 04166 { /* This is no symlink */ 04167 err = -RSBAC_EINVALIDTARGET; 04168 goto out_dput; 04169 } 04170 break; 04171 default: 04172 err = -RSBAC_EINVALIDTARGET; 04173 goto out_dput; 04174 } 04175 tid.file.device = t_dentry->d_sb->s_dev; 04176 tid.file.inode = t_dentry->d_inode->i_ino; 04177 tid.file.dentry_p = t_dentry; 04178 } 04179 else 04180 { 04181 if(k_arg.target == T_FD) 04182 k_arg.target = T_FILE; 04183 tid.file.device = RSBAC_ZERO_DEV; 04184 tid.file.inode = 0; 04185 tid.file.dentry_p = NULL; 04186 } 04187 break; 04188 04189 case T_DEV: 04190 if(k_arg.name) 04191 { 04192 if ((err = user_path_walk_link(k_arg.name, &nd))) 04193 { 04194 #ifdef CONFIG_RSBAC_DEBUG 04195 if (rsbac_debug_aef_acl) 04196 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err); 04197 #endif 04198 goto out; 04199 } 04200 t_dentry = nd.dentry; 04201 need_put = TRUE; 04202 if (!t_dentry->d_inode) 04203 { 04204 err = -RSBAC_EINVALIDTARGET; 04205 goto out_dput; 04206 } 04207 /* is inode of type file, symlink or block/char device? */ 04208 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 04209 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04210 { /* This is no file or device */ 04211 err = -RSBAC_EINVALIDTARGET; 04212 goto out_dput; 04213 } 04214 /* fill target id and call internal function */ 04215 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04216 tid.dev.type = D_block; 04217 else 04218 tid.dev.type = D_char; 04219 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 04220 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 04221 } 04222 else 04223 { 04224 tid.dev = RSBAC_ZERO_DEV_DESC; 04225 } 04226 break; 04227 04228 default: 04229 return -RSBAC_EINVALIDTARGET; 04230 } 04231 04232 /* call acl function */ 04233 err = rsbac_acl_sys_get_rights(ta_number, 04234 k_arg.target, 04235 tid, 04236 k_arg.subj_type, 04237 k_arg.subj_id, 04238 &k_rights, 04239 effective); 04240 04241 out_dput: 04242 if(need_put) 04243 path_release(&nd); 04244 out: 04245 if(!err) 04246 { 04247 rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) ); 04248 } 04249 return(err); 04250 #else 04251 return (-RSBAC_EINVALIDMODULE); 04252 #endif 04253 } /* end of sys_rsbac_acl_get_rights_n() */
int sys_rsbac_acl_get_tlist | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid, | |||
struct rsbac_acl_entry_t | entry_array[], | |||
rsbac_time_t | ttl_array[], | |||
u_int | maxnum | |||
) |
Definition at line 4257 of file syscalls.c.
References NULL, RSBAC_ACL_MAX_MAXNUM, rsbac_acl_sys_get_tlist(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_vfree, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, and T_UNIXSOCK.
Referenced by sys_rsbac().
04264 { 04265 #if defined(CONFIG_RSBAC_ACL) 04266 union rsbac_target_id_t k_tid; 04267 struct rsbac_acl_entry_t * k_entry_p; 04268 rsbac_time_t * k_ttl_p; 04269 int err = 0; 04270 04271 if(!tid || (target >= T_NONE)) 04272 return(-RSBAC_EINVALIDTARGET); 04273 if(!entry_array) 04274 return(-RSBAC_EINVALIDPOINTER); 04275 if(!maxnum) 04276 return(-RSBAC_EINVALIDVALUE); 04277 if(maxnum > RSBAC_ACL_MAX_MAXNUM) 04278 maxnum = RSBAC_ACL_MAX_MAXNUM; 04279 04280 /* get values from user space */ 04281 err = rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 04282 if(err) 04283 return err; 04284 switch (target) { 04285 case T_FD: 04286 return -RSBAC_EINVALIDTARGET; 04287 case T_FILE: 04288 case T_DIR: 04289 case T_FIFO: 04290 case T_UNIXSOCK: 04291 case T_SYMLINK: 04292 k_tid.file.dentry_p = NULL; 04293 k_tid.dir.dentry_p = NULL; 04294 default: 04295 break; 04296 } 04297 04298 /* call acl function */ 04299 err = rsbac_acl_sys_get_tlist(ta_number, target, k_tid, &k_entry_p, &k_ttl_p); 04300 if(err>0) 04301 { 04302 if(err > maxnum) 04303 err = maxnum; 04304 rsbac_put_user((u_char *) k_entry_p, 04305 (u_char *) entry_array, 04306 err * sizeof(*k_entry_p) ); 04307 if(ttl_array) 04308 { 04309 rsbac_put_user((u_char *) k_ttl_p, 04310 (u_char *) ttl_array, 04311 err * sizeof(*k_ttl_p) ); 04312 } 04313 rsbac_vfree(k_entry_p); 04314 rsbac_vfree(k_ttl_p); 04315 } 04316 return (err); 04317 #else 04318 return (-RSBAC_EINVALIDMODULE); 04319 #endif 04320 } /* end of sys_rsbac_acl_get_tlist() */
int sys_rsbac_acl_get_tlist_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
char * | t_name, | |||
struct rsbac_acl_entry_t | entry_array[], | |||
rsbac_time_t | ttl_array[], | |||
u_int | maxnum | |||
) |
Definition at line 4322 of file syscalls.c.
References D_block, D_char, rsbac_target_id_t::dev, FALSE, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_acl_sys_get_tlist(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_vfree, RSBAC_ZERO_DEV_DESC, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, T_UNIXSOCK, TRUE, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
04329 { 04330 #if defined(CONFIG_RSBAC_ACL) 04331 struct dentry * t_dentry = NULL; 04332 struct rsbac_acl_entry_t * k_entry_p; 04333 rsbac_time_t * k_ttl_p; 04334 rsbac_boolean_t need_put = FALSE; 04335 int err = 0; 04336 union rsbac_target_id_t tid; 04337 04338 struct nameidata nd; 04339 04340 if(target >= T_NONE) 04341 return(-RSBAC_EINVALIDTARGET); 04342 if(!entry_array) 04343 return(-RSBAC_EINVALIDPOINTER); 04344 04345 switch (target) 04346 { 04347 case T_FD: 04348 case T_FILE: 04349 case T_DIR: 04350 case T_FIFO: 04351 case T_UNIXSOCK: 04352 case T_SYMLINK: 04353 if(t_name) 04354 { 04355 if ((err = user_path_walk_link(t_name, &nd))) 04356 { 04357 #ifdef CONFIG_RSBAC_DEBUG 04358 if (rsbac_debug_aef_acl) 04359 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err); 04360 #endif 04361 goto out; 04362 } 04363 t_dentry = nd.dentry; 04364 need_put = TRUE; 04365 if (!t_dentry->d_inode) 04366 { 04367 err = -RSBAC_EINVALIDTARGET; 04368 goto out_dput; 04369 } 04370 /* is inode of type file, symlink or block/char device? */ 04371 switch(target) 04372 { 04373 case T_FD: 04374 if(S_ISREG(t_dentry->d_inode->i_mode)) 04375 { 04376 target = T_FILE; 04377 } 04378 else 04379 if(S_ISDIR(t_dentry->d_inode->i_mode)) 04380 { 04381 target = T_DIR; 04382 } 04383 else 04384 if(S_ISLNK(t_dentry->d_inode->i_mode)) 04385 { 04386 target = T_SYMLINK; 04387 } 04388 else 04389 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 04390 { 04391 target = T_FIFO; 04392 } 04393 else 04394 if(S_ISSOCK(t_dentry->d_inode->i_mode)) 04395 { 04396 target = T_UNIXSOCK; 04397 } 04398 else 04399 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04400 { 04401 target = T_FILE; 04402 } 04403 else 04404 if(S_ISCHR(t_dentry->d_inode->i_mode)) 04405 { 04406 target = T_FILE; 04407 } 04408 else 04409 { /* This is no file or device */ 04410 err = -RSBAC_EINVALIDTARGET; 04411 goto out_dput; 04412 } 04413 break; 04414 case T_FILE: 04415 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 04416 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 04417 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04418 { /* This is no file or device */ 04419 err = -RSBAC_EINVALIDTARGET; 04420 goto out_dput; 04421 } 04422 break; 04423 case T_DIR: 04424 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 04425 { /* This is no dir */ 04426 err = -RSBAC_EINVALIDTARGET; 04427 goto out_dput; 04428 } 04429 break; 04430 case T_FIFO: 04431 /* is inode of type fifo? */ 04432 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 04433 { /* This is no fifo */ 04434 err = -RSBAC_EINVALIDTARGET; 04435 goto out_dput; 04436 } 04437 break; 04438 case T_UNIXSOCK: 04439 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode))) 04440 { 04441 err = -RSBAC_EINVALIDTARGET; 04442 goto out_dput; 04443 } 04444 break; 04445 case T_SYMLINK: 04446 /* is inode of type symlink? */ 04447 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 04448 { /* This is no symlink */ 04449 err = -RSBAC_EINVALIDTARGET; 04450 goto out_dput; 04451 } 04452 break; 04453 default: 04454 err = -RSBAC_EINVALIDTARGET; 04455 goto out_dput; 04456 } 04457 tid.file.device = t_dentry->d_sb->s_dev; 04458 tid.file.inode = t_dentry->d_inode->i_ino; 04459 tid.file.dentry_p = t_dentry; 04460 } 04461 else 04462 { 04463 if(target == T_FD) 04464 target = T_FILE; 04465 tid.file.device = RSBAC_ZERO_DEV; 04466 tid.file.inode = 0; 04467 tid.file.dentry_p = NULL; 04468 } 04469 break; 04470 04471 case T_DEV: 04472 if(t_name) 04473 { 04474 if ((err = user_path_walk_link(t_name, &nd))) 04475 { 04476 #ifdef CONFIG_RSBAC_DEBUG 04477 if (rsbac_debug_aef_acl) 04478 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err); 04479 #endif 04480 goto out; 04481 } 04482 t_dentry = nd.dentry; 04483 need_put = TRUE; 04484 if (!t_dentry->d_inode) 04485 { 04486 err = -RSBAC_EINVALIDTARGET; 04487 goto out_dput; 04488 } 04489 /* is inode of type file, symlink or block/char device? */ 04490 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 04491 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 04492 { /* This is no file or device */ 04493 err = -RSBAC_EINVALIDTARGET; 04494 goto out_dput; 04495 } 04496 /* fill target id and call internal function */ 04497 if(S_ISBLK(t_dentry->d_inode->i_mode)) 04498 tid.dev.type = D_block; 04499 else 04500 tid.dev.type = D_char; 04501 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 04502 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 04503 } 04504 else 04505 { 04506 tid.dev = RSBAC_ZERO_DEV_DESC; 04507 } 04508 break; 04509 04510 default: 04511 return -RSBAC_EINVALIDTARGET; 04512 } 04513 /* call ACL function */ 04514 err = rsbac_acl_sys_get_tlist(ta_number, target, tid, 04515 &k_entry_p, &k_ttl_p); 04516 04517 out_dput: 04518 if(need_put) 04519 path_release(&nd); 04520 out: 04521 if(err>0) 04522 { 04523 if(err > maxnum) 04524 err = maxnum; 04525 rsbac_put_user((u_char *) k_entry_p, 04526 (u_char *) entry_array, 04527 err * sizeof(*k_entry_p) ); 04528 if(ttl_array) 04529 { 04530 rsbac_put_user((u_char *) k_ttl_p, 04531 (u_char *) ttl_array, 04532 err * sizeof(*k_ttl_p) ); 04533 } 04534 rsbac_vfree(k_entry_p); 04535 rsbac_vfree(k_ttl_p); 04536 } 04537 return(err); 04538 04539 #else 04540 return (-RSBAC_EINVALIDMODULE); 04541 #endif 04542 } /* end of sys_rsbac_acl_get_tlist_n() */
int sys_rsbac_acl_group | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_acl_group_syscall_type_t | call, | |||
union rsbac_acl_group_syscall_arg_t * | arg_p | |||
) |
Definition at line 4799 of file syscalls.c.
References ACLGS_add_group, ACLGS_add_member, ACLGS_change_group, ACLGS_none, ACLGS_remove_group, ACLGS_remove_member, rsbac_acl_sys_group(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, and rsbac_printk().
Referenced by sys_rsbac().
04803 { 04804 #if defined(CONFIG_RSBAC_ACL) 04805 union rsbac_acl_group_syscall_arg_t k_arg; 04806 int err = 0; 04807 04808 if(call >= ACLGS_none) 04809 return(-RSBAC_EINVALIDREQUEST); 04810 if(!arg_p) 04811 return(-RSBAC_EINVALIDPOINTER); 04812 04813 #ifdef CONFIG_RSBAC_FREEZE 04814 if(rsbac_freeze) 04815 { 04816 switch(call) 04817 { 04818 case ACLGS_add_group: 04819 case ACLGS_change_group: 04820 case ACLGS_remove_group: 04821 case ACLGS_add_member: 04822 case ACLGS_remove_member: 04823 rsbac_printk(KERN_WARNING 04824 "sys_rsbac_acl_group(): RSBAC configuration frozen, no administration allowed!\n"); 04825 return -EPERM; 04826 04827 default: 04828 break; 04829 } 04830 } 04831 #endif 04832 04833 /* get values from user space */ 04834 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) ); 04835 04836 /* call acl function */ 04837 if(err >= 0) 04838 err = rsbac_acl_sys_group(ta_number, call, k_arg); 04839 return (err); 04840 #else 04841 return (-RSBAC_EINVALIDMODULE); 04842 #endif 04843 } /* end of sys_rsbac_acl() */
int sys_rsbac_acl_list_all_dev | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_dev_desc_t * | id_p, | |||
u_long | maxnum | |||
) |
Definition at line 4845 of file syscalls.c.
References NULL, rsbac_acl_list_all_dev(), rsbac_acl_list_all_major_dev(), RSBAC_EINVALIDMODULE, and rsbac_vfree.
Referenced by sys_rsbac().
04849 { 04850 #if defined(CONFIG_RSBAC_ACL) 04851 int err = 0; 04852 long count; 04853 long count2; 04854 04855 if(id_p && maxnum) 04856 { 04857 struct rsbac_dev_desc_t * k_id_p = NULL; 04858 04859 count = rsbac_acl_list_all_major_dev(ta_number, &k_id_p); 04860 if(count < 0) 04861 return count; 04862 if(count > maxnum) 04863 count = maxnum; 04864 04865 if(count) 04866 { 04867 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 04868 rsbac_vfree(k_id_p); 04869 if(err) 04870 return err; 04871 id_p += count; 04872 maxnum -= count; 04873 if(!maxnum) 04874 return count; 04875 } 04876 04877 count2 = rsbac_acl_list_all_dev(ta_number, &k_id_p); 04878 if(count2 < 0) 04879 return count2; 04880 if(count2 > maxnum) 04881 count2 = maxnum; 04882 04883 if(count2) 04884 { 04885 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count2 * sizeof(*k_id_p) ); 04886 rsbac_vfree(k_id_p); 04887 if(err) 04888 return err; 04889 count += count2; 04890 } 04891 return count; 04892 } 04893 else 04894 { 04895 count = rsbac_acl_list_all_major_dev(ta_number, NULL); 04896 if(count < 0) 04897 return count; 04898 count2 = rsbac_acl_list_all_dev(ta_number, NULL); 04899 if(count2 < 0) 04900 return count2; 04901 else 04902 return count + count2; 04903 } 04904 #else 04905 return (-RSBAC_EINVALIDMODULE); 04906 #endif 04907 }
int sys_rsbac_acl_list_all_group | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t * | id_p, | |||
u_long | maxnum | |||
) |
Definition at line 4946 of file syscalls.c.
References NULL, rsbac_acl_list_all_group(), RSBAC_EINVALIDMODULE, and rsbac_vfree.
Referenced by sys_rsbac().
04950 { 04951 #ifdef CONFIG_RSBAC_ACL_UM_PROT 04952 int err = 0; 04953 long count; 04954 04955 if(id_p && maxnum) 04956 { 04957 rsbac_gid_t * k_id_p = NULL; 04958 04959 count = rsbac_acl_list_all_group(ta_number, &k_id_p); 04960 if(count < 0) 04961 return count; 04962 if(count > maxnum) 04963 count = maxnum; 04964 04965 if(count) 04966 { 04967 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 04968 rsbac_vfree(k_id_p); 04969 if(err) 04970 return err; 04971 } 04972 return count; 04973 } 04974 else 04975 { 04976 return rsbac_acl_list_all_group(ta_number, NULL); 04977 } 04978 #else 04979 return (-RSBAC_EINVALIDMODULE); 04980 #endif 04981 }
int sys_rsbac_acl_list_all_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t * | id_p, | |||
u_long | maxnum | |||
) |
Definition at line 4909 of file syscalls.c.
References NULL, rsbac_acl_list_all_user(), RSBAC_EINVALIDMODULE, and rsbac_vfree.
Referenced by sys_rsbac().
04913 { 04914 #if defined(CONFIG_RSBAC_ACL) 04915 int err = 0; 04916 long count; 04917 04918 if(id_p && maxnum) 04919 { 04920 rsbac_uid_t * k_id_p = NULL; 04921 04922 count = rsbac_acl_list_all_user(ta_number, &k_id_p); 04923 if(count < 0) 04924 return count; 04925 if(count > maxnum) 04926 count = maxnum; 04927 04928 if(count) 04929 { 04930 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 04931 rsbac_vfree(k_id_p); 04932 if(err) 04933 return err; 04934 } 04935 return count; 04936 } 04937 else 04938 { 04939 return rsbac_acl_list_all_user(ta_number, NULL); 04940 } 04941 #else 04942 return (-RSBAC_EINVALIDMODULE); 04943 #endif 04944 }
int sys_rsbac_acl_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_acl_syscall_type_t | call, | |||
struct rsbac_acl_syscall_n_arg_t * | arg | |||
) |
Definition at line 3635 of file syscalls.c.
References ACLC_add_to_acl_entry, ACLC_none, ACLC_remove_acl, ACLC_remove_acl_entry, ACLC_remove_from_acl_entry, ACLC_set_acl_entry, ACLC_set_mask, ACLG_GLOBAL, ACLS_GROUP, ACLS_ROLE, ACLS_USER, D_block, D_char, rsbac_target_id_t::dev, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, rsbac_acl_group_entry_t::owner, RC_role_max_value, rsbac_acl_get_group_entry(), RSBAC_ACL_GROUP_EVERYONE, rsbac_acl_sys_add_to_acl_entry(), rsbac_acl_sys_remove_acl(), rsbac_acl_sys_remove_acl_entry(), rsbac_acl_sys_remove_from_acl_entry(), rsbac_acl_sys_set_acl_entry(), rsbac_acl_sys_set_mask(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), RSBAC_ZERO_DEV_DESC, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, T_UNIXSOCK, rsbac_dev_desc_t::type, and rsbac_acl_group_entry_t::type.
Referenced by sys_rsbac().
03639 { 03640 #if defined(CONFIG_RSBAC_ACL) 03641 struct dentry * t_dentry = NULL; 03642 int err = 0; 03643 union rsbac_target_id_t tid; 03644 struct rsbac_acl_syscall_n_arg_t k_arg; 03645 03646 struct nameidata nd; 03647 03648 if(call >= ACLC_none) 03649 return(-RSBAC_EINVALIDREQUEST); 03650 if(!arg) 03651 return(-RSBAC_EINVALIDPOINTER); 03652 03653 #ifdef CONFIG_RSBAC_FREEZE 03654 if(rsbac_freeze) 03655 { 03656 rsbac_printk(KERN_WARNING 03657 "sys_rsbac_acl_n(): RSBAC configuration frozen, no administration allowed!\n"); 03658 return -EPERM; 03659 } 03660 #endif 03661 03662 /* get values from user space */ 03663 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) ); 03664 if(err < 0) 03665 return err; 03666 03667 if(k_arg.target >= T_NONE) 03668 return(-RSBAC_EINVALIDTARGET); 03669 if(call != ACLC_set_mask) 03670 { 03671 switch(k_arg.subj_type) 03672 { 03673 case ACLS_USER: 03674 break; 03675 case ACLS_GROUP: 03676 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE) 03677 { 03678 struct rsbac_acl_group_entry_t entry; 03679 rsbac_uid_t caller; 03680 03681 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry) 03682 || rsbac_get_owner(&caller) 03683 || ( (entry.owner != caller) 03684 && (entry.type != ACLG_GLOBAL) 03685 ) 03686 ) 03687 return(-RSBAC_EINVALIDVALUE); 03688 } 03689 break; 03690 #if defined(CONFIG_RSBAC_RC) 03691 case ACLS_ROLE: 03692 if(k_arg.subj_id > RC_role_max_value) 03693 return(-RSBAC_EINVALIDVALUE); 03694 break; 03695 #endif 03696 default: 03697 return(-RSBAC_EINVALIDVALUE); 03698 } 03699 } 03700 03701 if(k_arg.name) 03702 { 03703 /* lookup filename */ 03704 if ((err = user_path_walk_link(k_arg.name, &nd))) 03705 { 03706 #ifdef CONFIG_RSBAC_DEBUG 03707 if (rsbac_debug_aef) 03708 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): call to user_path_walk_link() returned %i\n", err); 03709 #endif 03710 goto out; 03711 } 03712 t_dentry = nd.dentry; 03713 if (!t_dentry->d_inode) 03714 { 03715 #ifdef CONFIG_RSBAC_DEBUG 03716 if (rsbac_debug_aef) 03717 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): file not found\n"); 03718 #endif 03719 err = -RSBAC_EINVALIDTARGET; 03720 goto out_dput; 03721 } 03722 tid.file.device = t_dentry->d_sb->s_dev; 03723 tid.file.inode = t_dentry->d_inode->i_ino; 03724 tid.file.dentry_p = t_dentry; 03725 } 03726 else 03727 { 03728 tid.file.device = RSBAC_ZERO_DEV; 03729 tid.file.inode = 0; 03730 tid.file.dentry_p = NULL; 03731 } 03732 03733 switch (k_arg.target) 03734 { 03735 case T_FD: 03736 if(k_arg.name) 03737 { 03738 if(S_ISREG(t_dentry->d_inode->i_mode)) 03739 { 03740 k_arg.target = T_FILE; 03741 } 03742 else 03743 if(S_ISDIR(t_dentry->d_inode->i_mode)) 03744 { 03745 k_arg.target = T_DIR; 03746 } 03747 else 03748 if(S_ISLNK(t_dentry->d_inode->i_mode)) 03749 { 03750 k_arg.target = T_SYMLINK; 03751 } 03752 else 03753 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 03754 { 03755 k_arg.target = T_FIFO; 03756 } 03757 else 03758 if(S_ISSOCK(t_dentry->d_inode->i_mode)) 03759 { 03760 k_arg.target = T_UNIXSOCK; 03761 } 03762 else 03763 if(S_ISBLK(t_dentry->d_inode->i_mode)) 03764 { 03765 k_arg.target = T_FILE; 03766 } 03767 else 03768 if(S_ISCHR(t_dentry->d_inode->i_mode)) 03769 { 03770 k_arg.target = T_FILE; 03771 } 03772 else 03773 { 03774 #ifdef CONFIG_RSBAC_DEBUG 03775 if (rsbac_debug_aef) 03776 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_n(): no filesystem object\n"); 03777 #endif 03778 err = -RSBAC_EINVALIDTARGET; 03779 goto out_dput; 03780 } 03781 } 03782 else 03783 k_arg.target = T_FILE; 03784 break; 03785 03786 case T_FILE: 03787 if(k_arg.name) 03788 { 03789 /* is inode of type file, symlink or block/char device? */ 03790 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 03791 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 03792 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 03793 { /* This is no file or device */ 03794 err = -RSBAC_EINVALIDTARGET; 03795 goto out_dput; 03796 } 03797 } 03798 break; 03799 03800 case T_DIR: 03801 if(k_arg.name) 03802 { 03803 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 03804 { /* This is no dir */ 03805 err = -RSBAC_EINVALIDTARGET; 03806 goto out_dput; 03807 } 03808 } 03809 break; 03810 03811 case T_FIFO: 03812 if(k_arg.name) 03813 { 03814 /* is inode of type fifo? */ 03815 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 03816 { /* This is no file or device */ 03817 err = -RSBAC_EINVALIDTARGET; 03818 goto out_dput; 03819 } 03820 } 03821 break; 03822 03823 case T_UNIXSOCK: 03824 if(k_arg.name) 03825 { 03826 /* is inode of type fifo? */ 03827 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode))) 03828 { 03829 err = -RSBAC_EINVALIDTARGET; 03830 goto out_dput; 03831 } 03832 } 03833 break; 03834 03835 case T_SYMLINK: 03836 if(k_arg.name) 03837 { 03838 /* is inode of type symlink? */ 03839 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 03840 { /* This is no file or device */ 03841 err = -RSBAC_EINVALIDTARGET; 03842 goto out_dput; 03843 } 03844 } 03845 break; 03846 03847 case T_DEV: 03848 if(k_arg.name) 03849 { 03850 /* is inode of type block/char device? */ 03851 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 03852 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 03853 { /* This is no file or device */ 03854 err = -RSBAC_EINVALIDTARGET; 03855 goto out_dput; 03856 } 03857 /* fill target id and call internal function */ 03858 if(S_ISBLK(t_dentry->d_inode->i_mode)) 03859 tid.dev.type = D_block; 03860 else 03861 tid.dev.type = D_char; 03862 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 03863 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 03864 } 03865 else 03866 { 03867 tid.dev = RSBAC_ZERO_DEV_DESC; 03868 } 03869 break; 03870 03871 default: 03872 err = -RSBAC_EINVALIDTARGET; 03873 goto out_dput; 03874 } 03875 /* call acl function */ 03876 switch(call) 03877 { 03878 case ACLC_set_acl_entry: 03879 err = rsbac_acl_sys_set_acl_entry(ta_number, 03880 k_arg.target, 03881 tid, 03882 k_arg.subj_type, 03883 k_arg.subj_id, 03884 k_arg.rights, 03885 k_arg.ttl); 03886 break; 03887 case ACLC_remove_acl_entry: 03888 err = rsbac_acl_sys_remove_acl_entry(ta_number, 03889 k_arg.target, 03890 tid, 03891 k_arg.subj_type, 03892 k_arg.subj_id); 03893 break; 03894 case ACLC_remove_acl: 03895 err = rsbac_acl_sys_remove_acl(ta_number, 03896 k_arg.target, 03897 tid); 03898 break; 03899 case ACLC_add_to_acl_entry: 03900 err = rsbac_acl_sys_add_to_acl_entry(ta_number, 03901 k_arg.target, 03902 tid, 03903 k_arg.subj_type, 03904 k_arg.subj_id, 03905 k_arg.rights, 03906 k_arg.ttl); 03907 break; 03908 case ACLC_remove_from_acl_entry: 03909 err = rsbac_acl_sys_remove_from_acl_entry(ta_number, 03910 k_arg.target, 03911 tid, 03912 k_arg.subj_type, 03913 k_arg.subj_id, 03914 k_arg.rights); 03915 break; 03916 case ACLC_set_mask: 03917 err = rsbac_acl_sys_set_mask(ta_number, 03918 k_arg.target, 03919 tid, 03920 k_arg.rights); 03921 break; 03922 03923 default: 03924 err = -RSBAC_EINVALIDREQUEST; 03925 } 03926 03927 out_dput: 03928 if(k_arg.name) 03929 { 03930 path_release(&nd); 03931 } 03932 03933 out: 03934 return(err); 03935 #else 03936 return (-RSBAC_EINVALIDMODULE); 03937 #endif 03938 } /* end of sys_rsbac_acl_n() */
int sys_rsbac_adf_log_switch | ( | enum rsbac_adf_request_t | request, | |
enum rsbac_target_t | target, | |||
u_int | value | |||
) |
Definition at line 6817 of file syscalls.c.
References rsbac_target_id_t::dummy, get_request_name(), LL_denied, LL_full, LL_none, R_NONE, R_SWITCH_LOG, rsbac_adf_log_switch(), rsbac_adf_request(), RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), T_FD, and T_NONE.
Referenced by sys_rsbac().
06820 { 06821 union rsbac_target_id_t rsbac_target_id; 06822 union rsbac_attribute_value_t rsbac_attribute_value; 06823 06824 if ((value != LL_none) && (value != LL_denied) && (value != LL_full)) 06825 return (-RSBAC_EINVALIDVALUE); 06826 if(request >= R_NONE) 06827 return(-RSBAC_EINVALIDREQUEST); 06828 if( (target == T_FD) 06829 || (target > T_NONE) 06830 ) 06831 return(-RSBAC_EINVALIDTARGET); 06832 06833 #ifdef CONFIG_RSBAC_FREEZE 06834 if(rsbac_freeze) 06835 { 06836 rsbac_printk(KERN_WARNING 06837 "sys_rsbac_adf_log_switch(): RSBAC configuration frozen, no administration allowed!\n"); 06838 return -EPERM; 06839 } 06840 #endif 06841 06842 /* call ADF */ 06843 #ifdef CONFIG_RSBAC_DEBUG 06844 if (rsbac_debug_aef) 06845 rsbac_printk(KERN_DEBUG "sys_rsbac_adf_log_switch(): calling ADF\n"); 06846 #endif 06847 rsbac_target_id.dummy = 0; 06848 rsbac_attribute_value.request = target; 06849 if (!rsbac_adf_request(R_SWITCH_LOG, 06850 current->pid, 06851 T_NONE, 06852 rsbac_target_id, 06853 A_request, 06854 rsbac_attribute_value)) 06855 { 06856 return -EPERM; 06857 } 06858 #ifdef CONFIG_RSBAC_DEBUG 06859 if (rsbac_debug_aef) 06860 { 06861 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06862 if(request_name) 06863 { 06864 get_request_name(request_name,target); 06865 rsbac_printk(KERN_INFO "sys_rsbac_adf_log_switch(): switching RSBAC module logging for request %s (No. %i) to %i!\n", 06866 request_name, target, value); 06867 rsbac_kfree(request_name); 06868 } 06869 } 06870 #endif 06871 rsbac_adf_log_switch(request,target,value); 06872 return(0); 06873 }
int sys_rsbac_auth_add_f_cap | ( | rsbac_list_ta_number_t | ta_number, | |
char * | filename, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 3103 of file syscalls.c.
References ACT_none, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), rsbac_auth_add_f_cap(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), T_DIR, and T_FILE.
Referenced by sys_rsbac().
03109 { 03110 #if defined(CONFIG_RSBAC_AUTH) 03111 struct dentry * t_dentry; 03112 int err = 0; 03113 enum rsbac_target_t target; 03114 union rsbac_target_id_t tid; 03115 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03116 union rsbac_attribute_value_t rsbac_attribute_value; 03117 #endif 03118 03119 struct nameidata nd; 03120 03121 if(cap_range.first > cap_range.last) 03122 return(-RSBAC_EINVALIDVALUE); 03123 03124 if(!filename) 03125 return(-RSBAC_EINVALIDTARGET); 03126 if(cap_type >= ACT_none) 03127 return(-RSBAC_EINVALIDTARGET); 03128 if(cap_range.first > cap_range.last) 03129 return(-RSBAC_EINVALIDVALUE); 03130 03131 #ifdef CONFIG_RSBAC_FREEZE 03132 if(rsbac_freeze) 03133 { 03134 rsbac_printk(KERN_WARNING 03135 "sys_rsbac_auth_add_f_cap(): RSBAC configuration frozen, no administration allowed!\n"); 03136 return -EPERM; 03137 } 03138 #endif 03139 03140 if ((err = user_path_walk_link(filename, &nd))) 03141 { 03142 #ifdef CONFIG_RSBAC_DEBUG 03143 if (rsbac_debug_aef_auth) 03144 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): call to user_path_walk_link() returned %i\n", err); 03145 #endif 03146 goto out; 03147 } 03148 t_dentry = nd.dentry; 03149 if (!t_dentry->d_inode) 03150 { 03151 err = -RSBAC_EINVALIDTARGET; 03152 goto out_dput; 03153 } 03154 /* is inode of type file? */ 03155 if(S_ISREG(t_dentry->d_inode->i_mode)) 03156 target = T_FILE; 03157 else 03158 if(S_ISDIR(t_dentry->d_inode->i_mode)) 03159 target = T_DIR; 03160 else 03161 { /* This is no file or dir */ 03162 err = -RSBAC_EINVALIDTARGET; 03163 goto out_dput; 03164 } 03165 tid.file.device = t_dentry->d_sb->s_dev; 03166 tid.file.inode = t_dentry->d_inode->i_ino; 03167 tid.file.dentry_p = t_dentry; 03168 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03169 /* call ADF */ 03170 #ifdef CONFIG_RSBAC_DEBUG 03171 if (rsbac_debug_aef) 03172 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n"); 03173 #endif 03174 rsbac_attribute_value.auth_cap_range = cap_range; 03175 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 03176 current->pid, 03177 target, 03178 tid, 03179 A_auth_add_f_cap, 03180 rsbac_attribute_value)) 03181 { 03182 err = -EPERM; 03183 } 03184 else 03185 #endif 03186 err = rsbac_auth_add_f_cap(ta_number, tid.file, cap_type, cap_range, ttl); 03187 03188 out_dput: 03189 path_release(&nd); 03190 out: 03191 return(err); 03192 03193 #else 03194 return (-RSBAC_EINVALIDMODULE); 03195 #endif 03196 };
int sys_rsbac_auth_add_p_cap | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 3025 of file syscalls.c.
References ACT_none, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_auth_add_p_cap(), RSBAC_AUTH_MAX_RANGE_UID, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, and rsbac_printk().
Referenced by sys_rsbac().
03031 { 03032 #if defined(CONFIG_RSBAC_AUTH) 03033 struct task_struct * task_p; 03034 03035 if(cap_type >= ACT_none) 03036 return(-RSBAC_EINVALIDTARGET); 03037 if(cap_range.first > cap_range.last) 03038 return(-RSBAC_EINVALIDVALUE); 03039 if( (cap_range.first > RSBAC_AUTH_MAX_RANGE_UID) 03040 || (cap_range.last > RSBAC_AUTH_MAX_RANGE_UID) 03041 ) 03042 return -RSBAC_EINVALIDVALUE; 03043 03044 #ifdef CONFIG_RSBAC_FREEZE 03045 if(rsbac_freeze) 03046 { 03047 rsbac_printk(KERN_WARNING 03048 "sys_rsbac_auth_add_p_cap(): RSBAC configuration frozen, no administration allowed!\n"); 03049 return -EPERM; 03050 } 03051 #endif 03052 03053 read_lock(&tasklist_lock); 03054 task_p = find_task_by_pid(pid); 03055 read_unlock(&tasklist_lock); 03056 if(!task_p) 03057 return(-RSBAC_EINVALIDTARGET); 03058 03059 /* call auth function and return its result */ 03060 /* permission checking is done there */ 03061 return(rsbac_auth_add_p_cap(ta_number, pid, cap_type, cap_range, ttl)); 03062 #else 03063 return (-RSBAC_EINVALIDMODULE); 03064 #endif 03065 }
int sys_rsbac_auth_get_f_caplist | ( | rsbac_list_ta_number_t | ta_number, | |
char * | filename, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | caplist[], | |||
rsbac_time_t | ttllist[], | |||
u_int | maxnum | |||
) |
Definition at line 3291 of file syscalls.c.
References ACT_none, rsbac_attribute_value_t::dummy, R_READ_ATTRIBUTE, rsbac_adf_request(), rsbac_auth_get_f_caplist(), RSBAC_AUTH_MAX_MAXNUM, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_vfree, T_DIR, and T_FILE.
Referenced by sys_rsbac().
03298 { 03299 #if defined(CONFIG_RSBAC_AUTH) 03300 struct dentry * t_dentry; 03301 int err = 0, tmperr = 0; 03302 enum rsbac_target_t target; 03303 union rsbac_target_id_t tid; 03304 struct rsbac_auth_cap_range_t * k_caplist; 03305 rsbac_time_t * k_ttllist; 03306 03307 /* for adf_request */ 03308 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03309 union rsbac_attribute_value_t rsbac_attribute_value; 03310 #endif 03311 03312 struct nameidata nd; 03313 03314 if(!filename) 03315 return(-RSBAC_EINVALIDTARGET); 03316 if(cap_type >= ACT_none) 03317 return(-RSBAC_EINVALIDTARGET); 03318 if(!caplist) 03319 return(-RSBAC_EINVALIDPOINTER); 03320 if(maxnum <= 0) 03321 return(-RSBAC_EINVALIDVALUE); 03322 if(maxnum > RSBAC_AUTH_MAX_MAXNUM) 03323 maxnum = RSBAC_AUTH_MAX_MAXNUM; 03324 03325 if ((err = user_path_walk_link(filename, &nd))) 03326 { 03327 #ifdef CONFIG_RSBAC_DEBUG 03328 if (rsbac_debug_aef_auth) 03329 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): call to user_path_walk_link() returned %i\n", err); 03330 #endif 03331 goto out; 03332 } 03333 t_dentry = nd.dentry; 03334 if (!t_dentry->d_inode) 03335 { 03336 err = -RSBAC_EINVALIDTARGET; 03337 goto out_dput; 03338 } 03339 /* is inode of type file or dir? */ 03340 if(S_ISREG(t_dentry->d_inode->i_mode)) 03341 target = T_FILE; 03342 else 03343 if(S_ISDIR(t_dentry->d_inode->i_mode)) 03344 target = T_DIR; 03345 else 03346 { /* This is no file or dir */ 03347 err = -RSBAC_EINVALIDTARGET; 03348 goto out_dput; 03349 } 03350 tid.file.device = t_dentry->d_sb->s_dev; 03351 tid.file.inode = t_dentry->d_inode->i_ino; 03352 tid.file.dentry_p = t_dentry; 03353 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03354 /* call ADF */ 03355 #ifdef CONFIG_RSBAC_DEBUG 03356 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): calling ADF\n"); 03357 #endif 03358 rsbac_attribute_value.dummy = 0; 03359 if (!rsbac_adf_request(R_READ_ATTRIBUTE, 03360 current->pid, 03361 target, 03362 tid, 03363 A_auth_get_caplist, 03364 rsbac_attribute_value)) 03365 { 03366 err = -EPERM; 03367 goto out_dput; 03368 } 03369 #endif 03370 err = rsbac_auth_get_f_caplist(ta_number, tid.file, cap_type, &k_caplist, &k_ttllist); 03371 if(err>0) 03372 { 03373 if(err > maxnum) 03374 err = maxnum; 03375 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist, 03376 sizeof(struct rsbac_auth_cap_range_t) * err); 03377 if(tmperr < 0) 03378 err = tmperr; 03379 else 03380 { 03381 if(ttllist) 03382 { 03383 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist, 03384 sizeof(rsbac_time_t) * err); 03385 if(tmperr < 0) 03386 err = tmperr; 03387 } 03388 } 03389 rsbac_vfree(k_caplist); 03390 rsbac_vfree(k_ttllist); 03391 } 03392 03393 out_dput: 03394 path_release(&nd); 03395 out: 03396 return(err); 03397 03398 #else 03399 return (-RSBAC_EINVALIDMODULE); 03400 #endif 03401 }
int sys_rsbac_auth_get_p_caplist | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | caplist[], | |||
rsbac_time_t | ttllist[], | |||
u_int | maxnum | |||
) |
Definition at line 3403 of file syscalls.c.
References ACT_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::process, R_READ_ATTRIBUTE, rsbac_adf_request(), rsbac_auth_get_p_caplist(), RSBAC_AUTH_MAX_MAXNUM, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_vfree, and T_PROCESS.
Referenced by sys_rsbac().
03410 { 03411 #if defined(CONFIG_RSBAC_AUTH) 03412 int err = 0, tmperr = 0; 03413 union rsbac_target_id_t tid; 03414 struct rsbac_auth_cap_range_t * k_caplist; 03415 rsbac_time_t * k_ttllist; 03416 03417 /* for adf_request */ 03418 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03419 union rsbac_attribute_value_t rsbac_attribute_value; 03420 #endif 03421 03422 if(!pid) 03423 return(-RSBAC_EINVALIDTARGET); 03424 if(cap_type >= ACT_none) 03425 return(-RSBAC_EINVALIDTARGET); 03426 if(!caplist) 03427 return(-RSBAC_EINVALIDPOINTER); 03428 if(maxnum <= 0) 03429 return(-RSBAC_EINVALIDVALUE); 03430 if(maxnum > RSBAC_AUTH_MAX_MAXNUM) 03431 maxnum = RSBAC_AUTH_MAX_MAXNUM; 03432 03433 tid.process = pid; 03434 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03435 /* call ADF */ 03436 #ifdef CONFIG_RSBAC_DEBUG 03437 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_get_p_caplist(): calling ADF\n"); 03438 #endif 03439 rsbac_attribute_value.dummy = 0; 03440 if (!rsbac_adf_request(R_READ_ATTRIBUTE, 03441 current->pid, 03442 T_PROCESS, 03443 tid, 03444 A_auth_get_caplist, 03445 rsbac_attribute_value)) 03446 { 03447 return -EPERM; 03448 } 03449 #endif 03450 err = rsbac_auth_get_p_caplist(ta_number, tid.process, cap_type, 03451 &k_caplist, &k_ttllist); 03452 if(err>0) 03453 { 03454 if(err > maxnum) 03455 err = maxnum; 03456 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist, 03457 sizeof(struct rsbac_auth_cap_range_t) * err); 03458 if(tmperr < 0) 03459 err = tmperr; 03460 else 03461 { 03462 if(ttllist) 03463 { 03464 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist, 03465 sizeof(rsbac_time_t) * err); 03466 if(tmperr < 0) 03467 err = tmperr; 03468 } 03469 } 03470 rsbac_vfree(k_caplist); 03471 rsbac_vfree(k_ttllist); 03472 } 03473 03474 return(err); 03475 03476 #else 03477 return (-RSBAC_EINVALIDMODULE); 03478 #endif 03479 }
int sys_rsbac_auth_remove_f_cap | ( | rsbac_list_ta_number_t | ta_number, | |
char * | filename, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range | |||
) |
Definition at line 3198 of file syscalls.c.
References ACT_none, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), rsbac_auth_remove_f_cap(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_printk(), T_DIR, and T_FILE.
Referenced by sys_rsbac().
03203 { 03204 #if defined(CONFIG_RSBAC_AUTH) 03205 struct dentry * t_dentry; 03206 int err = 0; 03207 enum rsbac_target_t target; 03208 union rsbac_target_id_t tid; 03209 03210 /* for adf_request */ 03211 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03212 union rsbac_attribute_value_t rsbac_attribute_value; 03213 #endif 03214 03215 struct nameidata nd; 03216 03217 if(!filename) 03218 return(-RSBAC_EINVALIDTARGET); 03219 if(cap_type >= ACT_none) 03220 return(-RSBAC_EINVALIDTARGET); 03221 if(cap_range.first > cap_range.last) 03222 return(-RSBAC_EINVALIDVALUE); 03223 03224 #ifdef CONFIG_RSBAC_FREEZE 03225 if(rsbac_freeze) 03226 { 03227 rsbac_printk(KERN_WARNING 03228 "sys_rsbac_auth_remove_f_cap(): RSBAC configuration frozen, no administration allowed!\n"); 03229 return -EPERM; 03230 } 03231 #endif 03232 03233 if ((err = user_path_walk_link(filename, &nd))) 03234 { 03235 #ifdef CONFIG_RSBAC_DEBUG 03236 if (rsbac_debug_aef_auth) 03237 rsbac_printk(KERN_DEBUG "sys_rsbac_auth_remove_f_cap(): call to user_path_walk_link() returned %i\n", err); 03238 #endif 03239 goto out; 03240 } 03241 t_dentry = nd.dentry; 03242 if (!t_dentry->d_inode) 03243 { 03244 err = -RSBAC_EINVALIDTARGET; 03245 goto out_dput; 03246 } 03247 /* is inode of type file or dir? */ 03248 if(S_ISREG(t_dentry->d_inode->i_mode)) 03249 target = T_FILE; 03250 else 03251 if(S_ISDIR(t_dentry->d_inode->i_mode)) 03252 target = T_DIR; 03253 else 03254 { /* This is no file or dir */ 03255 err = -RSBAC_EINVALIDTARGET; 03256 goto out_dput; 03257 } 03258 tid.file.device = t_dentry->d_sb->s_dev; 03259 tid.file.inode = t_dentry->d_inode->i_ino; 03260 tid.file.dentry_p = t_dentry; 03261 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT) 03262 /* call ADF */ 03263 #ifdef CONFIG_RSBAC_DEBUG 03264 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n"); 03265 #endif 03266 rsbac_attribute_value.auth_cap_range = cap_range; 03267 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 03268 current->pid, 03269 target, 03270 tid, 03271 A_auth_remove_f_cap, 03272 rsbac_attribute_value)) 03273 { 03274 err = -EPERM; 03275 } 03276 else 03277 #endif 03278 err = rsbac_auth_remove_f_cap(ta_number, tid.file, cap_type, cap_range); 03279 03280 out_dput: 03281 path_release(&nd); 03282 out: 03283 return(err); 03284 03285 #else 03286 return (-RSBAC_EINVALIDMODULE); 03287 #endif 03288 }
int sys_rsbac_auth_remove_p_cap | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range | |||
) |
Definition at line 3067 of file syscalls.c.
References ACT_none, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_auth_remove_p_cap(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, and rsbac_printk().
Referenced by sys_rsbac().
03072 { 03073 #if defined(CONFIG_RSBAC_AUTH) 03074 struct task_struct * task_p; 03075 03076 if(cap_type >= ACT_none) 03077 return(-RSBAC_EINVALIDTARGET); 03078 if(cap_range.first > cap_range.last) 03079 return(-RSBAC_EINVALIDVALUE); 03080 03081 #ifdef CONFIG_RSBAC_FREEZE 03082 if(rsbac_freeze) 03083 { 03084 rsbac_printk(KERN_WARNING 03085 "sys_rsbac_auth_remove_p_cap(): RSBAC configuration frozen, no administration allowed!\n"); 03086 return -EPERM; 03087 } 03088 #endif 03089 03090 read_lock(&tasklist_lock); 03091 task_p = find_task_by_pid(pid); 03092 read_unlock(&tasklist_lock); 03093 if(!task_p) 03094 return(-RSBAC_EINVALIDTARGET); 03095 /* call auth function and return its result */ 03096 /* permission checking is done there */ 03097 return(rsbac_auth_remove_p_cap(ta_number, pid, cap_type, cap_range)); 03098 #else 03099 return (-RSBAC_EINVALIDMODULE); 03100 #endif 03101 }
int sys_rsbac_check | ( | int | correct, | |
int | check_inode | |||
) |
Definition at line 94 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), rsbac_check_acl(), rsbac_check_lists(), rsbac_check_reg(), rsbac_printk(), rsbac_write_sem, rsbac_target_id_t::scd, ST_rsbac, sys_sync(), and T_SCD.
Referenced by sys_rsbac().
00095 { 00096 union rsbac_target_id_t rsbac_target_id; 00097 union rsbac_attribute_value_t rsbac_attribute_value; 00098 int result; 00099 00100 #ifdef CONFIG_RSBAC_DEBUG 00101 if (rsbac_debug_aef) 00102 { 00103 rsbac_printk(KERN_DEBUG "sys_rsbac_check(): calling ADF\n"); 00104 } 00105 #endif 00106 rsbac_target_id.scd = ST_rsbac; 00107 rsbac_attribute_value.dummy = 0; 00108 if (!rsbac_adf_request(R_GET_STATUS_DATA, 00109 current->pid, 00110 T_SCD, 00111 rsbac_target_id, 00112 A_none, 00113 rsbac_attribute_value)) 00114 { 00115 return -EPERM; 00116 } 00117 00118 rsbac_printk(KERN_INFO 00119 "sys_rsbac_check(): triggering RSBAC consistency check, correct = %u, check_inode = %u!\n", 00120 correct, check_inode); 00121 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 00122 /* Sync to be sure */ 00123 if(check_inode) 00124 { 00125 rsbac_printk(KERN_INFO 00126 "sys_rsbac_check(): syncing disks\n"); 00127 sys_sync(); 00128 } 00129 #endif 00130 00131 lock_kernel(); 00132 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 00133 /* rsbac write blocking */ 00134 if(check_inode) 00135 down(&rsbac_write_sem); 00136 #endif 00137 00138 result=rsbac_check_lists(correct); 00139 00140 /* call other checks */ 00141 #if defined(CONFIG_RSBAC_ACL) 00142 if(!result) 00143 result=rsbac_check_acl(correct); 00144 #endif 00145 #if defined(CONFIG_RSBAC_REG) 00146 if(!result) 00147 result=rsbac_check_reg(correct, check_inode); 00148 #endif 00149 00150 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 00151 /* release write blocking */ 00152 if(check_inode) 00153 up(&rsbac_write_sem); 00154 #endif 00155 00156 unlock_kernel(); 00157 return(result); 00158 }
int sys_rsbac_daz_flush_cache | ( | void | ) |
Definition at line 2537 of file syscalls.c.
References A_daz_role, rsbac_daz_flush_cache(), rsbac_get_attr, rsbac_printk(), SR_administrator, SR_security_officer, SW_DAZ, rsbac_attribute_value_t::system_role, T_USER, TRUE, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
02538 { 02539 #ifndef CONFIG_RSBAC_DAZ_CACHE 02540 return (0); 02541 #else 02542 #ifndef CONFIG_RSBAC_MAINT 02543 union rsbac_target_id_t i_tid; 02544 union rsbac_attribute_value_t i_attr_val1; 02545 02546 /* Security Officer or admin? */ 02547 i_tid.user = current->uid; 02548 if (rsbac_get_attr(SW_DAZ, 02549 T_USER, 02550 i_tid, 02551 A_daz_role, 02552 &i_attr_val1, 02553 TRUE)) 02554 { 02555 rsbac_printk(KERN_WARNING 02556 "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n"); 02557 return -EPERM; 02558 } 02559 /* if not sec_officer or admin, deny */ 02560 if ( (i_attr_val1.system_role != SR_security_officer) 02561 && (i_attr_val1.system_role != SR_administrator) 02562 ) 02563 #ifdef CONFIG_RSBAC_SOFTMODE 02564 if( !rsbac_softmode 02565 #ifdef CONFIG_RSBAC_SOFTMODE_IND 02566 && !rsbac_ind_softmode[SW_DAZ] 02567 #endif 02568 ) 02569 #endif 02570 return -EPERM; 02571 #endif 02572 02573 rsbac_printk(KERN_INFO 02574 "sys_rsbac_daz_flush_cache(): flushing DAZuko result cache!\n"); 02575 02576 return(rsbac_daz_flush_cache()); 02577 #endif 02578 }
int sys_rsbac_get_adf_log | ( | enum rsbac_adf_request_t | request, | |
enum rsbac_target_t | target, | |||
u_int * | value_p | |||
) |
Definition at line 6875 of file syscalls.c.
References get_request_name(), R_GET_STATUS_DATA, R_NONE, rsbac_adf_request(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, rsbac_get_adf_log(), rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_target_id_t::scd, ST_rsbac, T_FD, T_NONE, and T_SCD.
Referenced by sys_rsbac().
06878 { 06879 union rsbac_target_id_t rsbac_target_id; 06880 union rsbac_attribute_value_t rsbac_attribute_value; 06881 u_int k_value; 06882 int err; 06883 06884 if(request >= R_NONE) 06885 return(-RSBAC_EINVALIDREQUEST); 06886 if( (target == T_FD) 06887 || (target > T_NONE) 06888 ) 06889 return(-RSBAC_EINVALIDTARGET); 06890 if(!value_p) 06891 return(-RSBAC_EINVALIDPOINTER); 06892 /* call ADF */ 06893 #ifdef CONFIG_RSBAC_DEBUG 06894 if (rsbac_debug_aef) 06895 rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): calling ADF\n"); 06896 #endif 06897 rsbac_target_id.scd = ST_rsbac; 06898 rsbac_attribute_value.request = request; 06899 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06900 current->pid, 06901 T_SCD, 06902 rsbac_target_id, 06903 A_request, 06904 rsbac_attribute_value)) 06905 { 06906 return -EPERM; 06907 } 06908 #ifdef CONFIG_RSBAC_DEBUG 06909 if (rsbac_debug_aef) 06910 { 06911 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06912 if(request_name) 06913 { 06914 get_request_name(request_name,target); 06915 rsbac_printk(KERN_DEBUG "sys_rsbac_get_adf_log(): getting RSBAC module logging for request %s (No. %i)!\n", 06916 request_name, target); 06917 rsbac_kfree(request_name); 06918 } 06919 } 06920 #endif 06921 err = rsbac_get_adf_log(request, target, &k_value); 06922 if(!err) 06923 { 06924 rsbac_put_user((u_char *) &k_value, 06925 (u_char *) value_p, 06926 sizeof(k_value) ); 06927 } 06928 return(err); 06929 }
int sys_rsbac_get_attr | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value, | |||
int | inherit | |||
) |
Definition at line 198 of file syscalls.c.
References A_none, FALSE, get_attr_module(), KERNEL_VERSION, NULL, R_READ_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_ta_get_attr(), SW_NONE, T_DIR, T_FD, T_FIFO, T_FILE, T_NETOBJ, T_NONE, T_SYMLINK, T_UNIXSOCK, and TRUE.
Referenced by sys_rsbac().
00206 { 00207 union rsbac_target_id_t k_tid; 00208 union rsbac_attribute_value_t k_value; 00209 int err = 0; 00210 rsbac_boolean_t i_inherit; 00211 00212 if(module > SW_NONE) 00213 return -RSBAC_EINVALIDMODULE; 00214 if(!tid || (target >= T_NONE)) 00215 return -RSBAC_EINVALIDTARGET; 00216 if(!value) 00217 return -RSBAC_EINVALIDPOINTER; 00218 if(attr >= A_none) 00219 return -RSBAC_EINVALIDATTR; 00220 00221 if(module == SW_NONE) 00222 { 00223 module = get_attr_module(attr); 00224 if(module == SW_NONE) 00225 return(-RSBAC_EINVALIDMODULE); 00226 } 00227 00228 /* get values from user space */ 00229 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 00230 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00231 00232 switch (target) { 00233 case T_FD: 00234 return -RSBAC_EINVALIDTARGET; 00235 case T_FILE: 00236 case T_DIR: 00237 case T_FIFO: 00238 case T_SYMLINK: 00239 case T_UNIXSOCK: 00240 k_tid.file.dentry_p = NULL; 00241 k_tid.dir.dentry_p = NULL; 00242 default: 00243 break; 00244 } 00245 00246 if(inherit) 00247 i_inherit = TRUE; 00248 else 00249 i_inherit = FALSE; 00250 00251 #ifdef CONFIG_RSBAC_NET_OBJ 00252 /* sanity check before using pointer */ 00253 if( (target == T_NETOBJ) 00254 && ( !k_tid.netobj.sock_p 00255 || k_tid.netobj.remote_addr 00256 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00257 || !k_tid.netobj.sock_p->file 00258 || !k_tid.netobj.sock_p->file->f_dentry 00259 || !k_tid.netobj.sock_p->file->f_dentry->d_inode 00260 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p) 00261 #else 00262 || !k_tid.netobj.sock_p->inode 00263 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p) 00264 #endif 00265 ) 00266 ) 00267 return -RSBAC_EINVALIDTARGET; 00268 #endif 00269 00270 /* call ADF */ 00271 #ifdef CONFIG_RSBAC_DEBUG 00272 if (rsbac_debug_aef) 00273 { 00274 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): calling ADF\n"); 00275 } 00276 #endif 00277 if (!rsbac_adf_request(R_READ_ATTRIBUTE, 00278 current->pid, 00279 target, 00280 k_tid, 00281 attr, 00282 k_value)) 00283 { 00284 return -EPERM; 00285 } 00286 00287 err = rsbac_ta_get_attr(ta_number, module, target, k_tid, attr, &k_value, i_inherit); 00288 /* put result value to user space */ 00289 if(!err) 00290 { 00291 err = rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00292 } 00293 return (err); 00294 } /* end of sys_rsbac_get_attr() */
int sys_rsbac_get_attr_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
char * | t_name, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value, | |||
int | inherit | |||
) |
Definition at line 297 of file syscalls.c.
References A_none, D_block, D_char, rsbac_target_id_t::dev, FALSE, get_attr_module(), rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, NULL, R_READ_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_ta_get_attr(), SW_NONE, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, T_UNIXSOCK, TRUE, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
00305 { 00306 union rsbac_attribute_value_t k_value; 00307 struct dentry * t_dentry; 00308 int err = 0; 00309 union rsbac_target_id_t tid; 00310 /* struct passwd * user_description_p; */ 00311 rsbac_boolean_t i_inherit; 00312 struct nameidata nd; 00313 00314 if(module > SW_NONE) 00315 return(-RSBAC_EINVALIDMODULE); 00316 if(!t_name || (target >= T_NONE)) 00317 return(-RSBAC_EINVALIDTARGET); 00318 if(!value) 00319 return(-RSBAC_EINVALIDPOINTER); 00320 if(attr >= A_none) 00321 return(-RSBAC_EINVALIDATTR); 00322 00323 if(module == SW_NONE) 00324 { 00325 module = get_attr_module(attr); 00326 if(module == SW_NONE) 00327 return(-RSBAC_EINVALIDMODULE); 00328 } 00329 00330 if(inherit) 00331 i_inherit = TRUE; 00332 else 00333 i_inherit = FALSE; 00334 00335 /* get values from user space */ 00336 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00337 switch (target) { 00338 case T_FD: 00339 case T_FILE: 00340 case T_DIR: 00341 case T_FIFO: 00342 case T_SYMLINK: 00343 case T_UNIXSOCK: 00344 tid.file.dentry_p = NULL; 00345 tid.dir.dentry_p = NULL; 00346 default: 00347 break; 00348 } 00349 00350 /* lookup filename */ 00351 if ((err = user_path_walk_link(t_name, &nd))) 00352 { 00353 #ifdef CONFIG_RSBAC_DEBUG 00354 if (rsbac_debug_aef) 00355 { 00356 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): call to user_path_walk_link() returned %i\n", err); 00357 } 00358 #endif 00359 goto out; 00360 } 00361 t_dentry = nd.dentry; 00362 if (!t_dentry->d_inode) 00363 { 00364 #ifdef CONFIG_RSBAC_DEBUG 00365 if (rsbac_debug_aef) 00366 { 00367 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): file not found\n"); 00368 } 00369 #endif 00370 err = -RSBAC_EINVALIDTARGET; 00371 goto out_dput; 00372 } 00373 00374 switch (target) 00375 { 00376 /* is inode of right type? */ 00377 case T_FD: 00378 if(S_ISREG(t_dentry->d_inode->i_mode)) 00379 { 00380 target = T_FILE; 00381 } 00382 else 00383 if(S_ISDIR(t_dentry->d_inode->i_mode)) 00384 { 00385 target = T_DIR; 00386 } 00387 else 00388 if(S_ISLNK(t_dentry->d_inode->i_mode)) 00389 { 00390 target = T_SYMLINK; 00391 } 00392 else 00393 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 00394 { 00395 target = T_FIFO; 00396 } 00397 else 00398 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00399 { 00400 target = T_FILE; 00401 } 00402 else 00403 if(S_ISCHR(t_dentry->d_inode->i_mode)) 00404 { 00405 target = T_FILE; 00406 } 00407 else 00408 if(S_ISSOCK(t_dentry->d_inode->i_mode)) 00409 { 00410 target = T_UNIXSOCK; 00411 } 00412 else 00413 { 00414 #ifdef CONFIG_RSBAC_DEBUG 00415 if (rsbac_debug_aef) 00416 { 00417 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no filesystem object\n"); 00418 } 00419 #endif 00420 err = -RSBAC_EINVALIDTARGET; 00421 goto out_dput; 00422 } 00423 break; 00424 00425 case T_FILE: 00426 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 00427 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 00428 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00429 { 00430 #ifdef CONFIG_RSBAC_DEBUG 00431 if (rsbac_debug_aef) 00432 { 00433 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no file\n"); 00434 } 00435 #endif 00436 err = -RSBAC_EINVALIDTARGET; 00437 goto out_dput; 00438 } 00439 break; 00440 00441 case T_DIR: 00442 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 00443 { 00444 #ifdef CONFIG_RSBAC_DEBUG 00445 if (rsbac_debug_aef) 00446 { 00447 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dir\n"); 00448 } 00449 #endif 00450 err = -RSBAC_EINVALIDTARGET; 00451 goto out_dput; 00452 } 00453 break; 00454 00455 case T_FIFO: 00456 /* is inode of type fifo? */ 00457 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 00458 { 00459 #ifdef CONFIG_RSBAC_DEBUG 00460 if (rsbac_debug_aef) 00461 { 00462 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no fifo\n"); 00463 } 00464 #endif 00465 err = -RSBAC_EINVALIDTARGET; 00466 goto out_dput; 00467 } 00468 break; 00469 00470 case T_UNIXSOCK: 00471 /* is inode of type socket? */ 00472 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode))) 00473 { 00474 #ifdef CONFIG_RSBAC_DEBUG 00475 if (rsbac_debug_aef) 00476 { 00477 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no socket\n"); 00478 } 00479 #endif 00480 err = -RSBAC_EINVALIDTARGET; 00481 goto out_dput; 00482 } 00483 break; 00484 00485 case T_SYMLINK: 00486 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 00487 { 00488 #ifdef CONFIG_RSBAC_DEBUG 00489 if (rsbac_debug_aef) 00490 { 00491 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no symlink\n"); 00492 } 00493 #endif 00494 err = -RSBAC_EINVALIDTARGET; 00495 goto out_dput; 00496 } 00497 break; 00498 00499 case T_DEV: 00500 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 00501 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00502 { 00503 #ifdef CONFIG_RSBAC_DEBUG 00504 if (rsbac_debug_aef) 00505 { 00506 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dev\n"); 00507 } 00508 #endif 00509 err = -RSBAC_EINVALIDTARGET; 00510 goto out_dput; 00511 } 00512 break; 00513 00514 default: 00515 err = -RSBAC_EINVALIDTARGET; 00516 goto out_dput; 00517 } 00518 00519 if(target == T_DEV) 00520 { 00521 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00522 tid.dev.type = D_block; 00523 else 00524 tid.dev.type = D_char; 00525 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 00526 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 00527 } 00528 else 00529 { 00530 /* fill target id and call internal function */ 00531 tid.file.device = t_dentry->d_sb->s_dev; 00532 tid.file.inode = t_dentry->d_inode->i_ino; 00533 tid.file.dentry_p = t_dentry; 00534 } 00535 /* call ADF */ 00536 #ifdef CONFIG_RSBAC_DEBUG 00537 if (rsbac_debug_aef) 00538 { 00539 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): calling ADF\n"); 00540 } 00541 #endif 00542 if (!rsbac_adf_request(R_READ_ATTRIBUTE, 00543 current->pid, 00544 target, 00545 tid, 00546 attr, 00547 k_value)) 00548 { 00549 err = -EPERM; 00550 } 00551 else 00552 { 00553 err = rsbac_ta_get_attr(ta_number, module, target, tid, attr, &k_value, i_inherit); 00554 /* put result value to user space */ 00555 if(!err) 00556 rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00557 } 00558 00559 out_dput: 00560 path_release(&nd); 00561 00562 out: 00563 return(err); 00564 } /* end of sys_rsbac_get_attr_n() */
int sys_rsbac_get_switch | ( | enum rsbac_switch_target_t | module, | |
int * | value_p, | |||
int * | switchable_p | |||
) |
sys_rsbac_get_switch - get the module status (is switchable ? is softmodable ?)
: the target module : 0: module is enabled 1: module is softmodded : 0: module can be turned on 1: module can be turned off 2: softmode can be turned on, but not off 3: softmode can be turned on or off
Returns 0 on success
Definition at line 1771 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_target_id_t::scd, ST_rsbac, SW_ACL, SW_AUTH, SW_CAP, SW_DAC_DISABLE, SW_DAZ, SW_FF, SW_FREEZE, SW_GEN, SW_JAIL, SW_MAC, SW_NONE, SW_PAX, SW_PM, SW_RC, SW_REG, SW_RES, SW_SOFTMODE, SW_UM, and T_SCD.
Referenced by sys_rsbac().
01774 { 01775 int value = 1; // default if module exists and RSBAC_SWITCH is not compiled 01776 int switchable = 0; 01777 int allow_softmode = 0; 01778 int err = 0; 01779 union rsbac_target_id_t rsbac_target_id; 01780 union rsbac_attribute_value_t rsbac_attribute_value; 01781 01782 if(module >= SW_NONE) 01783 return -RSBAC_EINVALIDTARGET; 01784 01785 #ifdef CONFIG_RSBAC_DEBUG 01786 if(rsbac_debug_aef) 01787 rsbac_printk(KERN_DEBUG "sys_rsbac_get_switch(): calling ADF\n"); 01788 #endif 01789 rsbac_target_id.scd = ST_rsbac; 01790 rsbac_attribute_value.dummy = 0; 01791 if(!rsbac_adf_request(R_GET_STATUS_DATA, 01792 current->pid, 01793 T_SCD, 01794 rsbac_target_id, 01795 A_none, 01796 rsbac_attribute_value)) 01797 { 01798 return -EPERM; 01799 } 01800 switch(module) 01801 { 01802 case SW_GEN: 01803 allow_softmode = 0; 01804 switchable = 0; 01805 break; 01806 #ifdef CONFIG_RSBAC_UM 01807 case SW_UM: 01808 allow_softmode = 0; 01809 switchable = 0; 01810 break; 01811 #endif 01812 #ifdef CONFIG_RSBAC_REG 01813 case SW_REG: 01814 allow_softmode = 1; 01815 switchable = 0; 01816 break; 01817 #endif 01818 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL 01819 case SW_DAC_DISABLE: 01820 allow_softmode = 0; 01821 value = rsbac_dac_disable; 01822 switchable = 3; 01823 break; 01824 #endif 01825 #ifdef CONFIG_RSBAC_SOFTMODE 01826 case SW_SOFTMODE: 01827 allow_softmode = 0; 01828 value = rsbac_softmode; 01829 switchable = (rsbac_softmode_prohibit?2:3); 01830 break; 01831 #endif 01832 #ifdef CONFIG_RSBAC_FREEZE 01833 case SW_FREEZE: 01834 allow_softmode = 0; 01835 value = rsbac_freeze; 01836 switchable = 1; 01837 break; 01838 #endif 01839 #ifdef CONFIG_RSBAC_MAC 01840 case SW_MAC: 01841 allow_softmode = 1; 01842 #ifdef CONFIG_RSBAC_SWITCH_MAC 01843 value = rsbac_switch_mac; 01844 #ifdef CONFIG_RSBAC_SWITCH_ON 01845 switchable = 3; 01846 #else 01847 switchable = 2; 01848 #endif 01849 #else 01850 switchable = 0; 01851 #endif 01852 break; 01853 #endif 01854 #ifdef CONFIG_RSBAC_PM 01855 case SW_PM: 01856 allow_softmode = 1; 01857 #ifdef CONFIG_RSBAC_SWITCH_PM 01858 value = rsbac_switch_pm; 01859 #ifdef CONFIG_RSBAC_SWITCH_ON 01860 switchable = 3; 01861 #else 01862 switchable = 2; 01863 #endif 01864 #else 01865 switchable = 0; 01866 #endif 01867 break; 01868 #endif 01869 #ifdef CONFIG_RSBAC_DAZ 01870 case SW_DAZ: 01871 allow_softmode = 1; 01872 #ifdef CONFIG_RSBAC_SWICHT_DAZ 01873 value = rsbac_switch_daz; 01874 switchable = 3; 01875 #else 01876 switchable = 0; 01877 #endif 01878 break; 01879 #endif 01880 #ifdef CONFIG_RSBAC_FF 01881 case SW_FF: 01882 allow_softmode = 1; 01883 #ifdef CONFIG_RSBAC_SWITCH_FF 01884 value = rsbac_switch_ff; 01885 switchable = 3; 01886 #else 01887 switchable = 0; 01888 #endif 01889 break; 01890 #endif 01891 #ifdef CONFIG_RSBAC_RC 01892 case SW_RC: 01893 allow_softmode = 1; 01894 #ifdef CONFIG_RSBAC_SWITCH_RC 01895 value = rsbac_switch_rc; 01896 #ifdef CONFIG_RSBAC_SWITCH_ON 01897 switchable = 3; 01898 #else 01899 switchable = 2; 01900 #endif 01901 #else 01902 switchable = 0; 01903 #endif 01904 break; 01905 #endif 01906 #ifdef CONFIG_RSBAC_AUTH 01907 case SW_AUTH: 01908 allow_softmode = 1; 01909 #ifdef CONFIG_RSBAC_SWITCH_AUTH 01910 value = rsbac_switch_auth; 01911 switchable = 3; 01912 #else 01913 switchable = 0; 01914 #endif 01915 break; 01916 #endif 01917 #ifdef CONFIG_RSBAC_ACL 01918 case SW_ACL: 01919 allow_softmode = 1; 01920 #ifdef CONFIG_RSBAC_SWITCH_ACL 01921 value = rsbac_switch_acl; 01922 switchable = 3; 01923 #else 01924 switchable = 0; 01925 #endif 01926 break; 01927 #endif 01928 #ifdef CONFIG_RSBAC_CAP 01929 case SW_CAP: 01930 allow_softmode = 1; 01931 #ifdef CONFIG_RSBAC_SWITCH_CAP 01932 value = rsbac_switch_cap; 01933 switchable = 3; 01934 #else 01935 switchable = 0; 01936 #endif 01937 break; 01938 #endif 01939 #ifdef CONFIG_RSBAC_JAIL 01940 case SW_JAIL: 01941 allow_softmode = 1; 01942 #ifdef CONFIG_RSBAC_SWITCH_JAIL 01943 value = rsbac_switch_jail; 01944 switchable = 3; 01945 #else 01946 switchable = 0; 01947 #endif 01948 break; 01949 #endif 01950 #ifdef CONFIG_RSBAC_RES 01951 case SW_RES: 01952 allow_softmode = 1; 01953 #ifdef CONFIG_RSBAC_SWITCH_RES 01954 value = rsbac_switch_res; 01955 switchable = 3; 01956 #else 01957 switchable = 0; 01958 #endif 01959 break; 01960 #endif 01961 #ifdef CONFIG_RSBAC_PAX 01962 case SW_PAX: 01963 allow_softmode = 1; 01964 #ifdef CONFIG_RSBAC_SWITCH_PAX 01965 value = rsbac_switch_pax; 01966 switchable = 3; 01967 #else 01968 switchable = 0; 01969 #endif 01970 break; 01971 #endif 01972 default: 01973 return -RSBAC_EINVALIDMODULE; 01974 } 01975 01976 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01977 if(allow_softmode) { 01978 value |= rsbac_ind_softmode[module] << 1; 01979 switchable |= (rsbac_softmode_prohibit?2:3) << 2; 01980 } 01981 #endif 01982 if(value_p) 01983 err = rsbac_put_user((u_char *) &value, (u_char *)value_p, sizeof(int)); 01984 if(!err && switchable_p) 01985 err = rsbac_put_user((u_char *) &switchable, (u_char *)switchable_p, sizeof(int)); 01986 return err; 01987 }
int sys_rsbac_jail | ( | rsbac_version_t | version, | |
char * | path, | |||
rsbac_jail_ip_t | ip, | |||
rsbac_jail_flags_t | flags, | |||
rsbac_cap_vector_t | max_caps, | |||
rsbac_jail_scd_vector_t | scd_get, | |||
rsbac_jail_scd_vector_t | scd_modify | |||
) |
Definition at line 4985 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_jail_sys_jail().
04992 { 04993 #if defined(CONFIG_RSBAC_JAIL) 04994 return rsbac_jail_sys_jail(version, path, ip, flags, 04995 max_caps, scd_get, scd_modify); 04996 #else 04997 return (-RSBAC_EINVALIDMODULE); 04998 #endif 04999 }
int sys_rsbac_list_all_dev | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_dev_desc_t * | id_p, | |||
u_long | maxnum | |||
) |
Definition at line 1158 of file syscalls.c.
References NULL, rsbac_ta_list_all_dev(), and rsbac_vfree.
Referenced by sys_rsbac().
01162 { 01163 int err = 0; 01164 long count; 01165 01166 if(id_p && maxnum) 01167 { 01168 struct rsbac_dev_desc_t * k_id_p = NULL; 01169 01170 count = rsbac_ta_list_all_dev(ta_number, &k_id_p); 01171 if(count <= 0) 01172 return count; 01173 if(count > maxnum) 01174 count = maxnum; 01175 01176 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01177 01178 rsbac_vfree(k_id_p); 01179 01180 if(err) 01181 return err; 01182 else 01183 return count; 01184 } 01185 else 01186 return rsbac_ta_list_all_dev(ta_number, NULL); 01187 }
int sys_rsbac_list_all_group | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t * | id_p, | |||
u_long | maxnum | |||
) |
Definition at line 1220 of file syscalls.c.
References NULL, rsbac_ta_list_all_group(), and rsbac_vfree.
Referenced by sys_rsbac().
01224 { 01225 int err = 0; 01226 long count; 01227 01228 if(id_p && maxnum) 01229 { 01230 rsbac_gid_t * k_id_p = NULL; 01231 01232 count = rsbac_ta_list_all_group(ta_number, &k_id_p); 01233 if(count <= 0) 01234 return count; 01235 if(count > maxnum) 01236 count = maxnum; 01237 01238 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01239 01240 rsbac_vfree(k_id_p); 01241 01242 if(err) 01243 return err; 01244 else 01245 return count; 01246 } 01247 else 01248 return rsbac_ta_list_all_group(ta_number, NULL); 01249 }
int sys_rsbac_list_all_ipc | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_ipc_t * | id_p, | |||
u_long | maxnum | |||
) |
Definition at line 1251 of file syscalls.c.
References NULL, rsbac_ta_list_all_ipc(), and rsbac_vfree.
Referenced by sys_rsbac().
01253 { 01254 int err = 0; 01255 long count; 01256 01257 if (id_p && maxnum) { 01258 struct rsbac_ipc_t *k_id_p = NULL; 01259 01260 count = rsbac_ta_list_all_ipc(ta_number, &k_id_p); 01261 if (count <= 0) 01262 return count; 01263 if (count > maxnum) 01264 count = maxnum; 01265 01266 err = 01267 rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, 01268 count * sizeof(*k_id_p)); 01269 01270 rsbac_vfree(k_id_p); 01271 01272 if (err) 01273 return err; 01274 else 01275 return count; 01276 } else 01277 return rsbac_ta_list_all_ipc(ta_number, NULL); 01278 }
int sys_rsbac_list_all_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t * | id_p, | |||
u_long | maxnum | |||
) |
Definition at line 1189 of file syscalls.c.
References NULL, rsbac_ta_list_all_user(), and rsbac_vfree.
Referenced by sys_rsbac().
01193 { 01194 int err = 0; 01195 long count; 01196 01197 if(id_p && maxnum) 01198 { 01199 rsbac_uid_t * k_id_p = NULL; 01200 01201 count = rsbac_ta_list_all_user(ta_number, &k_id_p); 01202 if(count <= 0) 01203 return count; 01204 if(count > maxnum) 01205 count = maxnum; 01206 01207 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01208 01209 rsbac_vfree(k_id_p); 01210 01211 if(err) 01212 return err; 01213 else 01214 return count; 01215 } 01216 else 01217 return rsbac_ta_list_all_user(ta_number, NULL); 01218 }
int sys_rsbac_log | ( | int | type, | |
char * | buf, | |||
int | len | |||
) |
Definition at line 6941 of file syscalls.c.
References rsbac_log().
Referenced by sys_rsbac().
06944 { 06945 #if defined(CONFIG_RSBAC_RMSG) 06946 /* lock_kernel is done in rsbac_log */ 06947 return(rsbac_log(type,buf,len)); 06948 #else 06949 return(0); 06950 #endif /* RMSG */ 06951 }
int sys_rsbac_mac_add_f_tru | ( | rsbac_list_ta_number_t | ta_number, | |
char * | filename, | |||
rsbac_uid_t | uid, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 2149 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_mac_add_f_tru(), rsbac_printk(), T_DIR, and T_FILE.
Referenced by sys_rsbac().
02154 { 02155 #if defined(CONFIG_RSBAC_MAC) 02156 struct dentry * t_dentry; 02157 int err = 0; 02158 enum rsbac_target_t target; 02159 union rsbac_target_id_t tid; 02160 02161 struct nameidata nd; 02162 02163 if(!filename) 02164 return(-RSBAC_EINVALIDTARGET); 02165 02166 #ifdef CONFIG_RSBAC_FREEZE 02167 if(rsbac_freeze) 02168 { 02169 rsbac_printk(KERN_WARNING 02170 "sys_rsbac_mac_add_f_tru(): RSBAC configuration frozen, no administration allowed!\n"); 02171 return -EPERM; 02172 } 02173 #endif 02174 02175 if ((err = user_path_walk_link(filename, &nd))) 02176 { 02177 #ifdef CONFIG_RSBAC_DEBUG 02178 if (rsbac_debug_aef_mac) 02179 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_add_f_tru(): call to user_path_walk_link() returned %i\n", err); 02180 #endif 02181 goto out; 02182 } 02183 t_dentry = nd.dentry; 02184 if (!t_dentry->d_inode) 02185 { 02186 err = -RSBAC_EINVALIDTARGET; 02187 goto out_dput; 02188 } 02189 /* is inode of type file? */ 02190 if(S_ISREG(t_dentry->d_inode->i_mode)) 02191 target = T_FILE; 02192 else 02193 if(S_ISDIR(t_dentry->d_inode->i_mode)) 02194 target = T_DIR; 02195 else 02196 { /* This is no file or dir */ 02197 err = -RSBAC_EINVALIDTARGET; 02198 goto out_dput; 02199 } 02200 tid.file.device = t_dentry->d_sb->s_dev; 02201 tid.file.inode = t_dentry->d_inode->i_ino; 02202 tid.file.dentry_p = t_dentry; 02203 02204 err = rsbac_mac_add_f_tru(ta_number, tid.file, uid, ttl); 02205 02206 out_dput: 02207 path_release(&nd); 02208 out: 02209 return(err); 02210 02211 #else 02212 return (-RSBAC_EINVALIDMODULE); 02213 #endif 02214 }
int sys_rsbac_mac_add_p_tru | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
rsbac_uid_t | uid, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 2091 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_mac_add_p_tru(), and rsbac_printk().
Referenced by sys_rsbac().
02096 { 02097 #if defined(CONFIG_RSBAC_MAC) 02098 struct task_struct * task_p; 02099 02100 #ifdef CONFIG_RSBAC_FREEZE 02101 if(rsbac_freeze) 02102 { 02103 rsbac_printk(KERN_WARNING 02104 "sys_rsbac_mac_add_p_tru(): RSBAC configuration frozen, no administration allowed!\n"); 02105 return -EPERM; 02106 } 02107 #endif 02108 02109 read_lock(&tasklist_lock); 02110 task_p = find_task_by_pid(pid); 02111 read_unlock(&tasklist_lock); 02112 if(!task_p) 02113 return(-RSBAC_EINVALIDTARGET); 02114 02115 return(rsbac_mac_add_p_tru(ta_number, pid, uid, ttl)); 02116 #else 02117 return (-RSBAC_EINVALIDMODULE); 02118 #endif 02119 }
int sys_rsbac_mac_get_curr_level | ( | rsbac_security_level_t * | level_p, | |
rsbac_mac_category_vector_t * | categories_p | |||
) |
Definition at line 2009 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_mac_get_curr_level().
Referenced by sys_rsbac().
02011 { 02012 #ifdef CONFIG_RSBAC_MAC 02013 int err = 0; 02014 rsbac_security_level_t k_level; 02015 rsbac_mac_category_vector_t k_categories; 02016 02017 err = rsbac_mac_get_curr_level(&k_level, &k_categories); 02018 if(err) 02019 return err; 02020 if(level_p) 02021 { 02022 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level)); 02023 if(err) 02024 return err; 02025 } 02026 if(categories_p) 02027 { 02028 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories)); 02029 } 02030 return err; 02031 #else 02032 return (-RSBAC_EINVALIDMODULE); 02033 #endif 02034 }
int sys_rsbac_mac_get_f_trulist | ( | rsbac_list_ta_number_t | ta_number, | |
char * | filename, | |||
rsbac_uid_t | trulist[], | |||
rsbac_time_t | ttllist[], | |||
u_int | maxnum | |||
) |
Definition at line 2283 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_mac_get_f_trulist(), RSBAC_MAC_MAX_MAXNUM, rsbac_printk(), rsbac_vfree, T_DIR, and T_FILE.
Referenced by sys_rsbac().
02289 { 02290 #if defined(CONFIG_RSBAC_MAC) 02291 struct dentry * t_dentry; 02292 int err = 0, tmperr = 0; 02293 enum rsbac_target_t target; 02294 union rsbac_target_id_t tid; 02295 rsbac_uid_t * k_trulist; 02296 rsbac_time_t * k_ttllist; 02297 02298 struct nameidata nd; 02299 02300 if(!filename) 02301 return(-RSBAC_EINVALIDTARGET); 02302 if(!trulist) 02303 return(-RSBAC_EINVALIDPOINTER); 02304 if(maxnum <= 0) 02305 return(-RSBAC_EINVALIDVALUE); 02306 if(maxnum > RSBAC_MAC_MAX_MAXNUM) 02307 maxnum = RSBAC_MAC_MAX_MAXNUM; 02308 02309 if ((err = user_path_walk_link(filename, &nd))) 02310 { 02311 #ifdef CONFIG_RSBAC_DEBUG 02312 if (rsbac_debug_aef_mac) 02313 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_get_f_trulist(): call to user_path_walk_link() returned %i\n", err); 02314 #endif 02315 goto out; 02316 } 02317 t_dentry = nd.dentry; 02318 if (!t_dentry->d_inode) 02319 { 02320 err = -RSBAC_EINVALIDTARGET; 02321 goto out_dput; 02322 } 02323 /* is inode of type file or dir? */ 02324 if(S_ISREG(t_dentry->d_inode->i_mode)) 02325 target = T_FILE; 02326 else 02327 if(S_ISDIR(t_dentry->d_inode->i_mode)) 02328 target = T_DIR; 02329 else 02330 { /* This is no file or dir */ 02331 err = -RSBAC_EINVALIDTARGET; 02332 goto out_dput; 02333 } 02334 tid.file.device = t_dentry->d_sb->s_dev; 02335 tid.file.inode = t_dentry->d_inode->i_ino; 02336 tid.file.dentry_p = t_dentry; 02337 02338 err = rsbac_mac_get_f_trulist(ta_number, tid.file, &k_trulist, &k_ttllist); 02339 if(err>0) 02340 { 02341 if(err > maxnum) 02342 err = maxnum; 02343 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist, 02344 sizeof(rsbac_uid_t) * err); 02345 if(tmperr < 0) 02346 err = tmperr; 02347 else 02348 { 02349 if(ttllist) 02350 { 02351 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist, 02352 sizeof(rsbac_time_t) * err); 02353 if(tmperr < 0) 02354 err = tmperr; 02355 } 02356 } 02357 rsbac_vfree(k_trulist); 02358 rsbac_vfree(k_ttllist); 02359 } 02360 02361 out_dput: 02362 path_release(&nd); 02363 out: 02364 return(err); 02365 02366 #else 02367 return (-RSBAC_EINVALIDMODULE); 02368 #endif 02369 }
int sys_rsbac_mac_get_max_level | ( | rsbac_security_level_t * | level_p, | |
rsbac_mac_category_vector_t * | categories_p | |||
) |
Definition at line 2036 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_mac_get_max_level().
Referenced by sys_rsbac().
02038 { 02039 #ifdef CONFIG_RSBAC_MAC 02040 int err = 0; 02041 rsbac_security_level_t k_level; 02042 rsbac_mac_category_vector_t k_categories; 02043 02044 err = rsbac_mac_get_max_level(&k_level, &k_categories); 02045 if(err) 02046 return err; 02047 if(level_p) 02048 { 02049 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level)); 02050 if(err) 02051 return err; 02052 } 02053 if(categories_p) 02054 { 02055 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories)); 02056 } 02057 return err; 02058 #else 02059 return (-RSBAC_EINVALIDMODULE); 02060 #endif 02061 }
int sys_rsbac_mac_get_min_level | ( | rsbac_security_level_t * | level_p, | |
rsbac_mac_category_vector_t * | categories_p | |||
) |
Definition at line 2063 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_mac_get_min_level().
Referenced by sys_rsbac().
02065 { 02066 #ifdef CONFIG_RSBAC_MAC 02067 int err = 0; 02068 rsbac_security_level_t k_level; 02069 rsbac_mac_category_vector_t k_categories; 02070 02071 err = rsbac_mac_get_min_level(&k_level, &k_categories); 02072 if(err) 02073 return err; 02074 if(level_p) 02075 { 02076 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level)); 02077 if(err) 02078 return err; 02079 } 02080 if(categories_p) 02081 { 02082 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories)); 02083 } 02084 return err; 02085 #else 02086 return (-RSBAC_EINVALIDMODULE); 02087 #endif 02088 }
int sys_rsbac_mac_get_p_trulist | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
rsbac_uid_t | trulist[], | |||
rsbac_time_t | ttllist[], | |||
u_int | maxnum | |||
) |
Definition at line 2371 of file syscalls.c.
References rsbac_target_id_t::process, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_mac_get_p_trulist(), RSBAC_MAC_MAX_MAXNUM, and rsbac_vfree.
Referenced by sys_rsbac().
02377 { 02378 #if defined(CONFIG_RSBAC_MAC) 02379 int err = 0, tmperr = 0; 02380 union rsbac_target_id_t tid; 02381 rsbac_uid_t * k_trulist; 02382 rsbac_time_t * k_ttllist; 02383 02384 if(!pid) 02385 return(-RSBAC_EINVALIDTARGET); 02386 if(!trulist) 02387 return(-RSBAC_EINVALIDPOINTER); 02388 if(maxnum <= 0) 02389 return(-RSBAC_EINVALIDVALUE); 02390 if(maxnum > RSBAC_MAC_MAX_MAXNUM) 02391 maxnum = RSBAC_MAC_MAX_MAXNUM; 02392 02393 tid.process = pid; 02394 02395 err = rsbac_mac_get_p_trulist(ta_number, tid.process, &k_trulist, &k_ttllist); 02396 if(err>0) 02397 { 02398 if(err > maxnum) 02399 err = maxnum; 02400 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist, 02401 sizeof(rsbac_uid_t) * err); 02402 if(tmperr < 0) 02403 err = tmperr; 02404 else 02405 { 02406 if(ttllist) 02407 { 02408 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist, 02409 sizeof(rsbac_time_t) * err); 02410 if(tmperr < 0) 02411 err = tmperr; 02412 } 02413 } 02414 rsbac_vfree(k_trulist); 02415 rsbac_vfree(k_ttllist); 02416 } 02417 02418 return(err); 02419 02420 #else 02421 return (-RSBAC_EINVALIDMODULE); 02422 #endif 02423 }
int sys_rsbac_mac_remove_f_tru | ( | rsbac_list_ta_number_t | ta_number, | |
char * | filename, | |||
rsbac_uid_t | uid | |||
) |
Definition at line 2216 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_mac_remove_f_tru(), rsbac_printk(), T_DIR, and T_FILE.
Referenced by sys_rsbac().
02220 { 02221 #if defined(CONFIG_RSBAC_MAC) 02222 struct dentry * t_dentry; 02223 int err = 0; 02224 enum rsbac_target_t target; 02225 union rsbac_target_id_t tid; 02226 02227 struct nameidata nd; 02228 02229 if(!filename) 02230 return(-RSBAC_EINVALIDTARGET); 02231 02232 #ifdef CONFIG_RSBAC_FREEZE 02233 if(rsbac_freeze) 02234 { 02235 rsbac_printk(KERN_WARNING 02236 "sys_rsbac_mac_remove_f_tru(): RSBAC configuration frozen, no administration allowed!\n"); 02237 return -EPERM; 02238 } 02239 #endif 02240 02241 if ((err = user_path_walk_link(filename, &nd))) 02242 { 02243 #ifdef CONFIG_RSBAC_DEBUG 02244 if (rsbac_debug_aef_mac) 02245 rsbac_printk(KERN_DEBUG "sys_rsbac_mac_remove_f_tru(): call to user_path_walk_link() returned %i\n", err); 02246 #endif 02247 goto out; 02248 } 02249 t_dentry = nd.dentry; 02250 if (!t_dentry->d_inode) 02251 { 02252 err = -RSBAC_EINVALIDTARGET; 02253 goto out_dput; 02254 } 02255 /* is inode of type file or dir? */ 02256 if(S_ISREG(t_dentry->d_inode->i_mode)) 02257 target = T_FILE; 02258 else 02259 if(S_ISDIR(t_dentry->d_inode->i_mode)) 02260 target = T_DIR; 02261 else 02262 { /* This is no file or dir */ 02263 err = -RSBAC_EINVALIDTARGET; 02264 goto out_dput; 02265 } 02266 tid.file.device = t_dentry->d_sb->s_dev; 02267 tid.file.inode = t_dentry->d_inode->i_ino; 02268 tid.file.dentry_p = t_dentry; 02269 02270 err = rsbac_mac_remove_f_tru(ta_number, tid.file, uid); 02271 02272 out_dput: 02273 path_release(&nd); 02274 out: 02275 return(err); 02276 02277 #else 02278 return (-RSBAC_EINVALIDMODULE); 02279 #endif 02280 }
int sys_rsbac_mac_remove_p_tru | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
rsbac_uid_t | uid | |||
) |
Definition at line 2121 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_mac_remove_p_tru(), and rsbac_printk().
Referenced by sys_rsbac().
02125 { 02126 #if defined(CONFIG_RSBAC_MAC) 02127 struct task_struct * task_p; 02128 02129 #ifdef CONFIG_RSBAC_FREEZE 02130 if(rsbac_freeze) 02131 { 02132 rsbac_printk(KERN_WARNING 02133 "sys_rsbac_mac_remove_p_tru(): RSBAC configuration frozen, no administration allowed!\n"); 02134 return -EPERM; 02135 } 02136 #endif 02137 02138 read_lock(&tasklist_lock); 02139 task_p = find_task_by_pid(pid); 02140 read_unlock(&tasklist_lock); 02141 if(!task_p) 02142 return(-RSBAC_EINVALIDTARGET); 02143 return(rsbac_mac_remove_p_tru(ta_number, pid, uid)); 02144 #else 02145 return (-RSBAC_EINVALIDMODULE); 02146 #endif 02147 }
int sys_rsbac_mac_set_curr_level | ( | rsbac_security_level_t | level, | |
rsbac_mac_category_vector_t * | categories_p | |||
) |
Definition at line 1991 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, and rsbac_mac_set_curr_level().
Referenced by sys_rsbac().
01993 { 01994 #ifdef CONFIG_RSBAC_MAC 01995 rsbac_mac_category_vector_t k_categories; 01996 int err; 01997 01998 if(!categories_p) 01999 return -RSBAC_EINVALIDPOINTER; 02000 err = rsbac_get_user((char *) &k_categories, (char *) categories_p, sizeof(k_categories)); 02001 if(err) 02002 return err; 02003 return (rsbac_mac_set_curr_level(level, k_categories)); 02004 #else 02005 return (-RSBAC_EINVALIDMODULE); 02006 #endif 02007 }
int sys_rsbac_net_list_all_netdev | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_netdev_id_t * | id_p, | |||
u_long | maxnum | |||
) |
Definition at line 1280 of file syscalls.c.
References NULL, RSBAC_EINVALIDREQUEST, rsbac_ta_net_list_all_netdev(), and rsbac_vfree.
Referenced by sys_rsbac().
01284 { 01285 #ifdef CONFIG_RSBAC_NET_DEV 01286 int err = 0; 01287 long count; 01288 01289 if(id_p && maxnum) 01290 { 01291 rsbac_netdev_id_t * k_id_p = NULL; 01292 01293 count = rsbac_ta_net_list_all_netdev(ta_number, &k_id_p); 01294 if(count <= 0) 01295 return count; 01296 if(count > maxnum) 01297 count = maxnum; 01298 01299 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01300 01301 rsbac_vfree(k_id_p); 01302 01303 if(err) 01304 return err; 01305 else 01306 return count; 01307 } 01308 else 01309 return rsbac_ta_net_list_all_netdev(ta_number, NULL); 01310 01311 #else 01312 return -RSBAC_EINVALIDREQUEST; 01313 #endif /* CONFIG_RSBAC_NET_DEV */ 01314 }
int sys_rsbac_net_list_all_template | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_net_temp_id_t * | id_p, | |||
u_long | maxnum | |||
) |
Definition at line 1499 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::nettemp, NULL, R_READ, rsbac_adf_request(), RSBAC_EINVALIDREQUEST, rsbac_ta_net_list_all_template(), rsbac_vfree, and T_NETTEMP.
Referenced by sys_rsbac().
01503 { 01504 #ifdef CONFIG_RSBAC_NET_OBJ 01505 int err = 0; 01506 int count; 01507 union rsbac_target_id_t i_tid; 01508 union rsbac_attribute_value_t i_attr_val; 01509 01510 i_tid.nettemp = 0; 01511 i_attr_val.dummy = 0; 01512 if (!rsbac_adf_request(R_READ, 01513 current->pid, 01514 T_NETTEMP, 01515 i_tid, 01516 A_none, 01517 i_attr_val)) 01518 return -EPERM; 01519 if(id_p && maxnum) 01520 { 01521 rsbac_net_temp_id_t * k_id_p = NULL; 01522 01523 count = rsbac_ta_net_list_all_template(ta_number, &k_id_p); 01524 if(count <= 0) 01525 return count; 01526 if(count > maxnum) 01527 count = maxnum; 01528 01529 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) ); 01530 01531 rsbac_vfree(k_id_p); 01532 01533 if(err) 01534 return err; 01535 else 01536 return count; 01537 } 01538 else 01539 return rsbac_ta_net_list_all_template(ta_number, NULL); 01540 01541 #else 01542 return -RSBAC_EINVALIDREQUEST; 01543 #endif /* CONFIG_RSBAC_NET_OBJ */ 01544 }
int sys_rsbac_net_template | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_net_temp_syscall_t | call, | |||
rsbac_net_temp_id_t | id, | |||
union rsbac_net_temp_syscall_data_t * | data_p | |||
) |
Definition at line 1316 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_net_temp_syscall_data_t::id, rsbac_target_id_t::nettemp, NTS_check_id, NTS_copy_template, NTS_delete_template, NTS_get_address, NTS_get_address_family, NTS_get_name, NTS_get_netdev, NTS_get_ports, NTS_get_protocol, NTS_get_type, NTS_new_template, NTS_set_address, NTS_set_address_family, NTS_set_name, NTS_set_netdev, NTS_set_ports, NTS_set_protocol, NTS_set_type, R_CREATE, R_DELETE, R_READ, R_WRITE, rsbac_adf_request(), RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDVALUE, rsbac_net_template_exist(), rsbac_pr_debug, rsbac_printk(), rsbac_ta_net_template(), and T_NETTEMP.
Referenced by sys_rsbac().
01320 { 01321 #ifdef CONFIG_RSBAC_NET_OBJ 01322 union rsbac_net_temp_syscall_data_t k_data; 01323 int err = 0; 01324 /* for adf_request */ 01325 #ifndef CONFIG_RSBAC_MAINT 01326 union rsbac_target_id_t i_tid; 01327 union rsbac_attribute_value_t i_attr_val; 01328 #endif 01329 01330 if (!id) 01331 return -RSBAC_EINVALIDVALUE; 01332 if (!data_p) 01333 return -RSBAC_EINVALIDPOINTER; 01334 01335 /* get data values from user space */ 01336 switch (call) { 01337 case NTS_set_address: 01338 case NTS_set_address_family: 01339 case NTS_set_type: 01340 case NTS_set_protocol: 01341 case NTS_set_netdev: 01342 case NTS_set_ports: 01343 case NTS_set_name: 01344 case NTS_new_template: 01345 case NTS_copy_template: 01346 case NTS_delete_template: 01347 #ifdef CONFIG_RSBAC_FREEZE 01348 if (rsbac_freeze) { 01349 rsbac_printk(KERN_WARNING "sys_rsbac_net_template(): RSBAC configuration frozen, no administration allowed\n"); 01350 return -EPERM; 01351 } 01352 #endif 01353 if (call != NTS_delete_template) { 01354 err = 01355 rsbac_get_user((u_char *) & k_data, 01356 (u_char *) data_p, 01357 sizeof(k_data)); 01358 if (err) 01359 return err; 01360 } 01361 break; 01362 case NTS_check_id: 01363 case NTS_get_address: 01364 case NTS_get_address_family: 01365 case NTS_get_type: 01366 case NTS_get_protocol: 01367 case NTS_get_netdev: 01368 case NTS_get_ports: 01369 case NTS_get_name: 01370 break; 01371 01372 default: 01373 return -RSBAC_EINVALIDREQUEST; 01374 } 01375 01376 #ifndef CONFIG_RSBAC_MAINT 01377 rsbac_pr_debug(aef, "calling ADF\n"); 01378 i_tid.nettemp = id; 01379 i_attr_val.dummy = 0; 01380 switch (call) { 01381 case NTS_new_template: 01382 if (!rsbac_adf_request(R_CREATE, 01383 current->pid, 01384 T_NETTEMP, 01385 i_tid, A_none, i_attr_val)) 01386 #ifdef CONFIG_RSBAC_SOFTMODE 01387 if (!rsbac_softmode) 01388 #endif 01389 return -EPERM; 01390 break; 01391 01392 case NTS_copy_template: 01393 if (!rsbac_net_template_exist(id)) { 01394 if (!rsbac_adf_request(R_CREATE, 01395 current->pid, 01396 T_NETTEMP, 01397 i_tid, A_none, i_attr_val)) 01398 #ifdef CONFIG_RSBAC_SOFTMODE 01399 if (!rsbac_softmode) 01400 #endif 01401 return -EPERM; 01402 } else { 01403 if (!rsbac_adf_request(R_WRITE, 01404 current->pid, 01405 T_NETTEMP, 01406 i_tid, A_none, i_attr_val)) 01407 #ifdef CONFIG_RSBAC_SOFTMODE 01408 if (!rsbac_softmode) 01409 #endif 01410 return -EPERM; 01411 } 01412 i_tid.nettemp = k_data.id; 01413 if (!rsbac_adf_request(R_READ, 01414 current->pid, 01415 T_NETTEMP, 01416 i_tid, A_none, i_attr_val)) 01417 #ifdef CONFIG_RSBAC_SOFTMODE 01418 if (!rsbac_softmode) 01419 #endif 01420 return -EPERM; 01421 break; 01422 01423 case NTS_delete_template: 01424 if (!rsbac_adf_request(R_DELETE, 01425 current->pid, 01426 T_NETTEMP, 01427 i_tid, A_none, i_attr_val)) 01428 #ifdef CONFIG_RSBAC_SOFTMODE 01429 if (!rsbac_softmode) 01430 #endif 01431 return -EPERM; 01432 break; 01433 01434 case NTS_get_address: 01435 case NTS_get_address_family: 01436 case NTS_get_type: 01437 case NTS_get_protocol: 01438 case NTS_get_netdev: 01439 case NTS_get_ports: 01440 if (!rsbac_adf_request(R_READ, 01441 current->pid, 01442 T_NETTEMP, 01443 i_tid, A_none, i_attr_val)) 01444 #ifdef CONFIG_RSBAC_SOFTMODE 01445 if (!rsbac_softmode) 01446 #endif 01447 return -EPERM; 01448 break; 01449 01450 case NTS_set_address: 01451 case NTS_set_address_family: 01452 case NTS_set_type: 01453 case NTS_set_protocol: 01454 case NTS_set_netdev: 01455 case NTS_set_ports: 01456 case NTS_set_name: 01457 if (!rsbac_adf_request(R_WRITE, 01458 current->pid, 01459 T_NETTEMP, 01460 i_tid, A_none, i_attr_val)) 01461 #ifdef CONFIG_RSBAC_SOFTMODE 01462 if (!rsbac_softmode) 01463 #endif 01464 return -EPERM; 01465 break; 01466 01467 default: 01468 break; 01469 } 01470 #endif /* !MAINT */ 01471 01472 err = rsbac_ta_net_template(ta_number, call, id, &k_data); 01473 if (!err) { 01474 /* put data values to user space */ 01475 switch (call) { 01476 case NTS_check_id: 01477 case NTS_get_address: 01478 case NTS_get_address_family: 01479 case NTS_get_type: 01480 case NTS_get_protocol: 01481 case NTS_get_netdev: 01482 case NTS_get_ports: 01483 case NTS_get_name: 01484 err = rsbac_put_user((u_char *) & k_data, 01485 (u_char *) data_p, 01486 sizeof(k_data)); 01487 break; 01488 default: 01489 break; 01490 } 01491 } 01492 return err; 01493 01494 #else 01495 return -RSBAC_EINVALIDREQUEST; 01496 #endif /* NET_OBJ */ 01497 }
int sys_rsbac_pm | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_pm_function_type_t | function, | |||
union rsbac_pm_function_param_t * | param_p, | |||
rsbac_pm_tkt_id_t | ticket | |||
) |
Definition at line 2458 of file syscalls.c.
References PF_none, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, rsbac_pm(), and rsbac_printk().
Referenced by sys_rsbac().
02463 { 02464 #ifndef CONFIG_RSBAC_PM 02465 return (-RSBAC_EINVALIDMODULE); 02466 #else 02467 union rsbac_pm_function_param_t k_param; 02468 int result; 02469 02470 if(function >= PF_none) 02471 return(-RSBAC_EINVALIDREQUEST); 02472 if(!param_p) 02473 return(-RSBAC_EINVALIDPOINTER); 02474 #ifdef CONFIG_RSBAC_DEBUG 02475 if (rsbac_debug_aef_pm) 02476 rsbac_printk(KERN_DEBUG "sys_rsbac_pm(): called for function %i!\n", 02477 function); 02478 #endif 02479 02480 #ifdef CONFIG_RSBAC_FREEZE 02481 if(rsbac_freeze) 02482 { 02483 rsbac_printk(KERN_WARNING 02484 "sys_rsbac_pm(): RSBAC configuration frozen, no administration allowed!\n"); 02485 return -EPERM; 02486 } 02487 #endif 02488 02489 /* get parameters from user space */ 02490 rsbac_get_user((u_char *) &k_param, (u_char *) param_p, sizeof(k_param) ); 02491 /* call pm function and return its result */ 02492 lock_kernel(); 02493 result = rsbac_pm(ta_number, function, k_param, ticket); 02494 unlock_kernel(); 02495 return result; 02496 #endif 02497 }
int sys_rsbac_pm_change_current_task | ( | rsbac_pm_task_id_t | task | ) |
Definition at line 2499 of file syscalls.c.
References rsbac_pm_change_current_task(), and rsbac_printk().
Referenced by sys_rsbac().
02500 { 02501 #ifndef CONFIG_RSBAC_PM 02502 return (0); 02503 #else 02504 #ifdef CONFIG_RSBAC_DEBUG 02505 if (rsbac_debug_aef_pm) 02506 rsbac_printk(KERN_DEBUG 02507 "sys_rsbac_pm_change_current_task(): called for task %i!\n", 02508 task); 02509 #endif 02510 /* call pm function and return its result */ 02511 return(rsbac_pm_change_current_task(task)); 02512 #endif 02513 }
int sys_rsbac_pm_create_file | ( | const char * | filename, | |
int | mode, | |||
rsbac_pm_object_class_id_t | class | |||
) |
Definition at line 2515 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_pm_create_file(), and rsbac_printk().
Referenced by sys_rsbac().
02518 { 02519 #ifndef CONFIG_RSBAC_PM 02520 return (-RSBAC_EINVALIDMODULE); 02521 #else 02522 if(!filename) 02523 return(-RSBAC_EINVALIDPOINTER); 02524 #ifdef CONFIG_RSBAC_DEBUG 02525 if (rsbac_debug_aef_pm) 02526 rsbac_printk(KERN_DEBUG 02527 "sys_rsbac_pm_create_file(): called with class %i!\n", 02528 class); 02529 #endif 02530 /* call pm function and return its result */ 02531 return(rsbac_pm_create_file(filename, mode, class)); 02532 #endif 02533 }
int sys_rsbac_rc_change_role | ( | rsbac_rc_role_id_t | role, | |
char * | pass | |||
) |
Definition at line 2790 of file syscalls.c.
References RC_role_max_value, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), and rsbac_rc_sys_change_role().
Referenced by sys_rsbac().
02791 { 02792 #if defined(CONFIG_RSBAC_RC) 02793 if(role > RC_role_max_value) 02794 return(-RSBAC_EINVALIDVALUE); 02795 #ifdef CONFIG_RSBAC_DEBUG 02796 if (rsbac_debug_aef_rc) 02797 rsbac_printk(KERN_DEBUG 02798 "sys_rsbac_rc_change_role(): role %i!\n", 02799 role); 02800 #endif 02801 /* call rc function and return its result */ 02802 return rsbac_rc_sys_change_role(role, pass); 02803 #else 02804 return (-RSBAC_EINVALIDMODULE); 02805 #endif 02806 }
int sys_rsbac_rc_copy_role | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_rc_role_id_t | from_role, | |||
rsbac_rc_role_id_t | to_role | |||
) |
Definition at line 2583 of file syscalls.c.
References RC_role_max_value, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), and rsbac_rc_sys_copy_role().
Referenced by sys_rsbac().
02587 { 02588 #if defined(CONFIG_RSBAC_RC) 02589 if( (from_role > RC_role_max_value) 02590 || (from_role > RC_role_max_value)) 02591 return(-RSBAC_EINVALIDVALUE); 02592 #ifdef CONFIG_RSBAC_DEBUG 02593 if (rsbac_debug_aef_rc) 02594 rsbac_printk(KERN_DEBUG 02595 "sys_rsbac_rc_copy_role(): from %i, to %i!\n", 02596 from_role, to_role); 02597 #endif 02598 #ifdef CONFIG_RSBAC_FREEZE 02599 if(rsbac_freeze) 02600 { 02601 rsbac_printk(KERN_WARNING 02602 "sys_rsbac_rc_copy_role(): RSBAC configuration frozen, no administration allowed!\n"); 02603 return -EPERM; 02604 } 02605 #endif 02606 02607 /* call rc function and return its result */ 02608 return(rsbac_rc_sys_copy_role(ta_number, from_role, to_role)); 02609 #else 02610 return (-RSBAC_EINVALIDMODULE); 02611 #endif 02612 }
int sys_rsbac_rc_copy_type | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_rc_target_t | target, | |||
rsbac_rc_type_id_t | from_type, | |||
rsbac_rc_type_id_t | to_type | |||
) |
Definition at line 2614 of file syscalls.c.
References RC_type_max_value, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), and rsbac_rc_sys_copy_type().
Referenced by sys_rsbac().
02619 { 02620 #if defined(CONFIG_RSBAC_RC) 02621 if( (from_type > RC_type_max_value) 02622 || (from_type > RC_type_max_value)) 02623 return(-RSBAC_EINVALIDVALUE); 02624 #ifdef CONFIG_RSBAC_DEBUG 02625 if (rsbac_debug_aef_rc) 02626 rsbac_printk(KERN_DEBUG 02627 "sys_rsbac_rc_copy_type(): from %i, to %i!\n", 02628 from_type, to_type); 02629 #endif 02630 #ifdef CONFIG_RSBAC_FREEZE 02631 if(rsbac_freeze) 02632 { 02633 rsbac_printk(KERN_WARNING 02634 "sys_rsbac_rc_copy_type(): RSBAC configuration frozen, no administration allowed!\n"); 02635 return -EPERM; 02636 } 02637 #endif 02638 02639 /* call rc function and return its result */ 02640 return(rsbac_rc_sys_copy_type(ta_number, target, from_type, to_type)); 02641 #else 02642 return (-RSBAC_EINVALIDMODULE); 02643 #endif 02644 }
int sys_rsbac_rc_get_current_role | ( | rsbac_rc_role_id_t * | role_p | ) |
Definition at line 2988 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, and rsbac_rc_sys_get_current_role().
Referenced by sys_rsbac().
02989 { 02990 #if defined(CONFIG_RSBAC_RC) 02991 rsbac_rc_role_id_t k_role; 02992 int err; 02993 02994 if(!role_p) 02995 return(-RSBAC_EINVALIDPOINTER); 02996 /* call rc function and return its result */ 02997 err = rsbac_rc_sys_get_current_role(&k_role); 02998 if(!err) 02999 { 03000 err = rsbac_put_user((u_char *) &k_role, (u_char *) role_p, sizeof(k_role) ); 03001 } 03002 return err; 03003 #else 03004 return (-RSBAC_EINVALIDMODULE); 03005 #endif 03006 }
int sys_rsbac_rc_get_eff_rights_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
char * | t_name, | |||
rsbac_rc_request_vector_t * | request_vector_p, | |||
rsbac_time_t * | ttl_p | |||
) |
Definition at line 2809 of file syscalls.c.
References D_block, D_char, rsbac_target_id_t::dev, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_rc_sys_get_eff_rights(), T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, T_UNIXSOCK, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
02815 { 02816 #if defined(CONFIG_RSBAC_RC) 02817 struct dentry * t_dentry; 02818 int err = 0; 02819 rsbac_rc_request_vector_t k_req_vec; 02820 rsbac_time_t k_ttl; 02821 union rsbac_target_id_t tid; 02822 02823 struct nameidata nd; 02824 02825 if(!t_name || (target >= T_NONE)) 02826 return(-RSBAC_EINVALIDTARGET); 02827 02828 if ((err = user_path_walk_link(t_name, &nd))) 02829 { 02830 #ifdef CONFIG_RSBAC_DEBUG 02831 if (rsbac_debug_aef_rc) 02832 rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): call to user_path_walk_link() returned %i\n", err); 02833 #endif 02834 goto out; 02835 } 02836 t_dentry = nd.dentry; 02837 if (!t_dentry->d_inode) 02838 { 02839 err = -RSBAC_EINVALIDTARGET; 02840 goto out_dput; 02841 } 02842 02843 switch (target) 02844 { 02845 case T_FD: 02846 if(S_ISREG(t_dentry->d_inode->i_mode)) 02847 { 02848 target = T_FILE; 02849 } 02850 else 02851 if(S_ISDIR(t_dentry->d_inode->i_mode)) 02852 { 02853 target = T_DIR; 02854 } 02855 else 02856 if(S_ISLNK(t_dentry->d_inode->i_mode)) 02857 { 02858 target = T_SYMLINK; 02859 } 02860 else 02861 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 02862 { 02863 target = T_FIFO; 02864 } 02865 else 02866 if(S_ISSOCK(t_dentry->d_inode->i_mode)) 02867 { 02868 target = T_UNIXSOCK; 02869 } 02870 else 02871 if(S_ISBLK(t_dentry->d_inode->i_mode)) 02872 { 02873 target = T_FILE; 02874 } 02875 else 02876 if(S_ISCHR(t_dentry->d_inode->i_mode)) 02877 { 02878 target = T_FILE; 02879 } 02880 else 02881 { 02882 #ifdef CONFIG_RSBAC_DEBUG 02883 if (rsbac_debug_aef) 02884 rsbac_printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): no filesystem object\n"); 02885 #endif 02886 err = -RSBAC_EINVALIDTARGET; 02887 goto out_dput; 02888 } 02889 break; 02890 02891 case T_FILE: 02892 /* is inode of type file, symlink or block/char device? */ 02893 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 02894 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 02895 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 02896 { /* This is no file or device */ 02897 err = -RSBAC_EINVALIDTARGET; 02898 goto out_dput; 02899 } 02900 break; 02901 02902 case T_DIR: 02903 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 02904 { /* This is no file */ 02905 err = -RSBAC_EINVALIDTARGET; 02906 goto out_dput; 02907 } 02908 break; 02909 02910 case T_FIFO: 02911 /* is inode of type fifo? */ 02912 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 02913 { /* This is no file or device */ 02914 err = -RSBAC_EINVALIDTARGET; 02915 goto out_dput; 02916 } 02917 break; 02918 02919 case T_UNIXSOCK: 02920 /* is inode of type fifo? */ 02921 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode))) 02922 { 02923 err = -RSBAC_EINVALIDTARGET; 02924 goto out_dput; 02925 } 02926 break; 02927 02928 case T_SYMLINK: 02929 /* is inode of type symlink? */ 02930 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 02931 { /* This is no file or device */ 02932 err = -RSBAC_EINVALIDTARGET; 02933 goto out_dput; 02934 } 02935 break; 02936 02937 case T_DEV: 02938 /* is inode of type block/char device? */ 02939 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 02940 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 02941 { /* This is no dev */ 02942 err = -RSBAC_EINVALIDTARGET; 02943 goto out_dput; 02944 } 02945 break; 02946 02947 default: 02948 err = -RSBAC_EINVALIDTARGET; 02949 goto out_dput; 02950 } 02951 02952 if(target == T_DEV) 02953 { 02954 if(S_ISBLK(t_dentry->d_inode->i_mode)) 02955 tid.dev.type = D_block; 02956 else 02957 tid.dev.type = D_char; 02958 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 02959 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 02960 } 02961 else 02962 { 02963 /* fill target id and call internal function */ 02964 tid.file.device = t_dentry->d_sb->s_dev; 02965 tid.file.inode = t_dentry->d_inode->i_ino; 02966 tid.file.dentry_p = t_dentry; 02967 } 02968 err = rsbac_rc_sys_get_eff_rights(ta_number, target, tid, &k_req_vec, &k_ttl); 02969 /* put result value to user space */ 02970 if(!err) 02971 { 02972 err = rsbac_put_user((u_char *) &k_req_vec, (u_char *) request_vector_p, sizeof(k_req_vec) ); 02973 if(!err && ttl_p) 02974 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) ); 02975 } 02976 02977 out_dput: 02978 path_release(&nd); 02979 02980 out: 02981 return(err); 02982 #else 02983 return (-RSBAC_EINVALIDMODULE); 02984 #endif 02985 }
int sys_rsbac_rc_get_item | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_rc_target_t | target, | |||
union rsbac_rc_target_id_t * | tid_p, | |||
union rsbac_rc_target_id_t * | subtid_p, | |||
enum rsbac_rc_item_t | item, | |||
union rsbac_rc_item_value_t * | value_p, | |||
rsbac_time_t * | ttl_p | |||
) |
Definition at line 2647 of file syscalls.c.
References RI_none, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_rc_sys_get_item(), and RT_NONE.
Referenced by sys_rsbac().
02655 { 02656 #if defined(CONFIG_RSBAC_RC) 02657 union rsbac_rc_target_id_t k_tid; 02658 union rsbac_rc_target_id_t k_subtid; 02659 union rsbac_rc_item_value_t k_value; 02660 rsbac_time_t k_ttl; 02661 int err = 0; 02662 02663 if( (target >= RT_NONE) 02664 || (item >= RI_none)) 02665 return(-RSBAC_EINVALIDVALUE); 02666 /* get values from user space */ 02667 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) ); 02668 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) ); 02669 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) ); 02670 #ifdef CONFIG_RSBAC_DEBUG 02671 if (rsbac_debug_aef_rc) 02672 rsbac_printk(KERN_DEBUG 02673 "sys_rsbac_rc_get_item(): target %i, item %i!\n", 02674 target, item); 02675 #endif 02676 /* call rc function and return its result */ 02677 err = rsbac_rc_sys_get_item(ta_number, target, k_tid, k_subtid, 02678 item, &k_value, &k_ttl); 02679 /* put result value to user space */ 02680 if(!err) 02681 { 02682 err = rsbac_put_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) ); 02683 if(!err && ttl_p) 02684 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) ); 02685 } 02686 return (err); 02687 #else 02688 return (-RSBAC_EINVALIDMODULE); 02689 #endif 02690 }
int sys_rsbac_rc_get_list | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_rc_target_t | target, | |||
union rsbac_rc_target_id_t * | tid_p, | |||
enum rsbac_rc_item_t | item, | |||
u_int | maxnum, | |||
__u32 * | array_p, | |||
rsbac_time_t * | ttl_array_p | |||
) |
Definition at line 2737 of file syscalls.c.
References NULL, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_rc_get_list(), and rsbac_vfree.
Referenced by sys_rsbac().
02745 { 02746 #if defined(CONFIG_RSBAC_RC) 02747 union rsbac_rc_target_id_t k_tid; 02748 int err; 02749 02750 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) ); 02751 if(array_p) 02752 { 02753 __u32 * k_array_p; 02754 rsbac_time_t * k_ttl_array_p; 02755 02756 if(!maxnum) 02757 return -RSBAC_EINVALIDVALUE; 02758 /* call rc function and return its result */ 02759 err = rsbac_rc_get_list(ta_number, target, k_tid, item, 02760 &k_array_p, &k_ttl_array_p); 02761 /* put result value to user space */ 02762 if(err > 0) 02763 { 02764 int tmperr; 02765 02766 if(err > maxnum) 02767 err = maxnum; 02768 tmperr = rsbac_put_user((u_char *) k_array_p, (u_char *) array_p, err * sizeof(*k_array_p) ); 02769 if(tmperr) 02770 err = tmperr; 02771 rsbac_vfree(k_array_p); 02772 if(k_ttl_array_p && ttl_array_p) 02773 { 02774 tmperr = rsbac_put_user((u_char *) k_ttl_array_p, (u_char *) ttl_array_p, err * sizeof(*k_ttl_array_p) ); 02775 if(tmperr) 02776 err = tmperr; 02777 } 02778 rsbac_vfree(k_ttl_array_p); 02779 } 02780 return (err); 02781 } 02782 else 02783 return rsbac_rc_get_list(ta_number, target, k_tid, item, NULL, NULL); 02784 #else 02785 return (-RSBAC_EINVALIDMODULE); 02786 #endif 02787 };
int sys_rsbac_rc_select_fd_create_type | ( | rsbac_rc_type_id_t | type | ) |
Definition at line 3008 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_rc_select_fd_create_type().
Referenced by sys_rsbac().
03009 { 03010 #if defined(CONFIG_RSBAC_RC) 03011 int err; 03012 03013 err = rsbac_rc_select_fd_create_type(type); 03014 03015 return err; 03016 #else 03017 return (-RSBAC_EINVALIDMODULE); 03018 #endif 03019 }
int sys_rsbac_rc_set_item | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_rc_target_t | target, | |||
union rsbac_rc_target_id_t * | tid_p, | |||
union rsbac_rc_target_id_t * | subtid_p, | |||
enum rsbac_rc_item_t | item, | |||
union rsbac_rc_item_value_t * | value_p, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 2693 of file syscalls.c.
References RI_none, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDVALUE, rsbac_printk(), rsbac_rc_sys_set_item(), and RT_NONE.
Referenced by sys_rsbac().
02701 { 02702 #if defined(CONFIG_RSBAC_RC) 02703 union rsbac_rc_target_id_t k_tid; 02704 union rsbac_rc_target_id_t k_subtid; 02705 union rsbac_rc_item_value_t k_value; 02706 02707 if( (target >= RT_NONE) 02708 || (item >= RI_none)) 02709 return(-RSBAC_EINVALIDVALUE); 02710 02711 #ifdef CONFIG_RSBAC_FREEZE 02712 if(rsbac_freeze) 02713 { 02714 rsbac_printk(KERN_WARNING 02715 "sys_rsbac_rc_set_item(): RSBAC configuration frozen, no administration allowed!\n"); 02716 return -EPERM; 02717 } 02718 #endif 02719 02720 /* get values from user space */ 02721 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) ); 02722 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) ); 02723 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) ); 02724 #ifdef CONFIG_RSBAC_DEBUG 02725 if (rsbac_debug_aef_rc) 02726 rsbac_printk(KERN_DEBUG 02727 "sys_rsbac_rc_set_item(): target %i, item %i!\n", 02728 target, item); 02729 #endif 02730 /* call rc function and return its result */ 02731 return rsbac_rc_sys_set_item(ta_number, target, k_tid, k_subtid, item, k_value, ttl); 02732 #else 02733 return (-RSBAC_EINVALIDMODULE); 02734 #endif 02735 }
int sys_rsbac_reg | ( | rsbac_reg_handle_t | handle, | |
void * | arg | |||
) |
Definition at line 3484 of file syscalls.c.
References RSBAC_EINVALIDMODULE, and rsbac_reg_syscall().
Referenced by sys_rsbac().
03486 { 03487 #if defined(CONFIG_RSBAC_REG) 03488 return rsbac_reg_syscall(handle, arg); 03489 #else 03490 return (-RSBAC_EINVALIDMODULE); 03491 #endif 03492 }
int sys_rsbac_remove_target | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid | |||
) |
Definition at line 895 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_ta_remove_target(), and T_NONE.
Referenced by sys_rsbac().
00899 { 00900 union rsbac_target_id_t k_tid; 00901 int err = 0; 00902 00903 /* for adf_request */ 00904 union rsbac_attribute_value_t rsbac_attribute_value; 00905 00906 if(!tid || (target >= T_NONE)) 00907 return(-RSBAC_EINVALIDTARGET); 00908 00909 #ifdef CONFIG_RSBAC_FREEZE 00910 if(rsbac_freeze) 00911 { 00912 rsbac_printk(KERN_WARNING 00913 "sys_rsbac_remove_target(): RSBAC configuration frozen, no administration allowed!\n"); 00914 return -EPERM; 00915 } 00916 #endif 00917 00918 /* get values from user space */ 00919 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 00920 00921 /* call ADF */ 00922 #ifdef CONFIG_RSBAC_DEBUG 00923 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target(): calling ADF\n"); 00924 #endif 00925 rsbac_attribute_value.dummy = 0; 00926 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 00927 current->pid, 00928 target, 00929 k_tid, 00930 A_none, 00931 rsbac_attribute_value)) 00932 { 00933 return -EPERM; 00934 } 00935 err = rsbac_ta_remove_target(ta_number, target, k_tid); 00936 return (err); 00937 } /* end of sys_rsbac_remove_target() */
int sys_rsbac_remove_target_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
char * | t_name | |||
) |
Definition at line 939 of file syscalls.c.
References A_none, D_block, D_char, rsbac_target_id_t::dev, rsbac_attribute_value_t::dummy, rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_ta_remove_target(), T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, T_UNIXSOCK, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
00943 { 00944 struct dentry * t_dentry; 00945 int err = 0; 00946 union rsbac_target_id_t tid; 00947 00948 /* for adf_request */ 00949 union rsbac_attribute_value_t rsbac_attribute_value; 00950 00951 /* struct passwd * user_description_p; */ 00952 00953 struct nameidata nd; 00954 00955 if(!t_name || (target >= T_NONE)) 00956 return(-RSBAC_EINVALIDTARGET); 00957 00958 #ifdef CONFIG_RSBAC_FREEZE 00959 if(rsbac_freeze) 00960 { 00961 rsbac_printk(KERN_WARNING 00962 "sys_rsbac_remove_target_n(): RSBAC configuration frozen, no administration allowed!\n"); 00963 return -EPERM; 00964 } 00965 #endif 00966 00967 /* lookup filename */ 00968 if ((err = user_path_walk_link(t_name, &nd))) 00969 { 00970 #ifdef CONFIG_RSBAC_DEBUG 00971 if (rsbac_debug_aef) 00972 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): call to user_path_walk_link() returned %i\n", err); 00973 #endif 00974 goto out; 00975 } 00976 t_dentry = nd.dentry; 00977 if (!t_dentry->d_inode) 00978 { 00979 #ifdef CONFIG_RSBAC_DEBUG 00980 if (rsbac_debug_aef) 00981 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): file not found\n"); 00982 #endif 00983 err = -RSBAC_EINVALIDTARGET; 00984 goto out_dput; 00985 } 00986 00987 switch (target) 00988 { 00989 /* is inode of right type? */ 00990 case T_FD: 00991 if(S_ISREG(t_dentry->d_inode->i_mode)) 00992 { 00993 target = T_FILE; 00994 } 00995 else 00996 if(S_ISDIR(t_dentry->d_inode->i_mode)) 00997 { 00998 target = T_DIR; 00999 } 01000 else 01001 if(S_ISLNK(t_dentry->d_inode->i_mode)) 01002 { 01003 target = T_SYMLINK; 01004 } 01005 else 01006 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 01007 { 01008 target = T_FIFO; 01009 } 01010 else 01011 if(S_ISSOCK(t_dentry->d_inode->i_mode)) 01012 { 01013 target = T_UNIXSOCK; 01014 } 01015 else 01016 if(S_ISBLK(t_dentry->d_inode->i_mode)) 01017 { 01018 target = T_FILE; 01019 } 01020 else 01021 if(S_ISCHR(t_dentry->d_inode->i_mode)) 01022 { 01023 target = T_FILE; 01024 } 01025 else 01026 { 01027 #ifdef CONFIG_RSBAC_DEBUG 01028 if (rsbac_debug_aef) 01029 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no filesystem object\n"); 01030 #endif 01031 err = -RSBAC_EINVALIDTARGET; 01032 goto out_dput; 01033 } 01034 break; 01035 01036 case T_FILE: 01037 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 01038 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 01039 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 01040 { 01041 #ifdef CONFIG_RSBAC_DEBUG 01042 if (rsbac_debug_aef) 01043 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no file\n"); 01044 #endif 01045 err = -RSBAC_EINVALIDTARGET; 01046 goto out_dput; 01047 } 01048 break; 01049 01050 case T_DIR: 01051 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 01052 { 01053 #ifdef CONFIG_RSBAC_DEBUG 01054 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n"); 01055 #endif 01056 err = -RSBAC_EINVALIDTARGET; 01057 goto out_dput; 01058 } 01059 break; 01060 01061 case T_FIFO: 01062 /* is inode of type fifo? */ 01063 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 01064 { 01065 #ifdef CONFIG_RSBAC_DEBUG 01066 if (rsbac_debug_aef) 01067 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no fifo\n"); 01068 #endif 01069 err = -RSBAC_EINVALIDTARGET; 01070 goto out_dput; 01071 } 01072 break; 01073 01074 case T_UNIXSOCK: 01075 /* is inode of type fifo? */ 01076 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode))) 01077 { 01078 #ifdef CONFIG_RSBAC_DEBUG 01079 if (rsbac_debug_aef) 01080 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no socket\n"); 01081 #endif 01082 err = -RSBAC_EINVALIDTARGET; 01083 goto out_dput; 01084 } 01085 break; 01086 01087 case T_SYMLINK: 01088 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 01089 { 01090 #ifdef CONFIG_RSBAC_DEBUG 01091 if (rsbac_debug_aef) 01092 rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no symlink\n"); 01093 #endif 01094 err = -RSBAC_EINVALIDTARGET; 01095 goto out_dput; 01096 } 01097 break; 01098 01099 case T_DEV: 01100 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 01101 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 01102 { 01103 #ifdef CONFIG_RSBAC_DEBUG 01104 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no dev\n"); 01105 #endif 01106 err = -RSBAC_EINVALIDTARGET; 01107 goto out_dput; 01108 } 01109 break; 01110 01111 default: 01112 err = -RSBAC_EINVALIDTARGET; 01113 goto out_dput; 01114 } 01115 01116 if(target == T_DEV) 01117 { 01118 if(S_ISBLK(t_dentry->d_inode->i_mode)) 01119 tid.dev.type = D_block; 01120 else 01121 tid.dev.type = D_char; 01122 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 01123 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 01124 } 01125 else 01126 { 01127 /* fill target id and call internal function */ 01128 tid.file.device = t_dentry->d_sb->s_dev; 01129 tid.file.inode = t_dentry->d_inode->i_ino; 01130 tid.file.dentry_p = t_dentry; 01131 } 01132 /* call ADF */ 01133 #ifdef CONFIG_RSBAC_DEBUG 01134 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_remove_target_n(): calling ADF\n"); 01135 #endif 01136 rsbac_attribute_value.dummy = 0; 01137 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 01138 current->pid, 01139 target, 01140 tid, 01141 A_none, 01142 rsbac_attribute_value)) 01143 { 01144 err = -EPERM; 01145 } 01146 else 01147 { 01148 err = rsbac_ta_remove_target(ta_number, target, tid); 01149 } 01150 01151 out_dput: 01152 path_release(&nd); 01153 01154 out: 01155 return(err); 01156 } /* end of sys_rsbac_remove_target_n() */
int sys_rsbac_set_attr | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value | |||
) |
Definition at line 568 of file syscalls.c.
References A_none, get_attr_module(), KERNEL_VERSION, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_ta_set_attr(), SW_NONE, T_NETOBJ, T_NONE, and T_PROCESS.
Referenced by sys_rsbac().
00575 { 00576 union rsbac_target_id_t k_tid; 00577 union rsbac_attribute_value_t k_value; 00578 int err = 0; 00579 struct task_struct * task_p; 00580 00581 if(module > SW_NONE) 00582 return(-RSBAC_EINVALIDMODULE); 00583 if(!tid || (target >= T_NONE)) 00584 return(-RSBAC_EINVALIDTARGET); 00585 if(!value) 00586 return(-RSBAC_EINVALIDPOINTER); 00587 if(attr >= A_none) 00588 return(-RSBAC_EINVALIDATTR); 00589 00590 if(module == SW_NONE) 00591 { 00592 module = get_attr_module(attr); 00593 if(module == SW_NONE) 00594 return(-RSBAC_EINVALIDMODULE); 00595 } 00596 #ifdef CONFIG_RSBAC_FREEZE 00597 if(rsbac_freeze) 00598 { 00599 rsbac_printk(KERN_WARNING 00600 "sys_rsbac_set_attr(): RSBAC configuration frozen, no administration allowed!\n"); 00601 return -EPERM; 00602 } 00603 #endif 00604 00605 /* get values from user space */ 00606 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) ); 00607 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00608 00609 00610 switch(target) 00611 { 00612 case T_PROCESS: 00613 read_lock(&tasklist_lock); 00614 task_p = find_task_by_pid(k_tid.process); 00615 read_unlock(&tasklist_lock); 00616 if(!task_p) 00617 return(-RSBAC_EINVALIDTARGET); 00618 break; 00619 00620 #ifdef CONFIG_RSBAC_NET_OBJ 00621 /* sanity check before using pointer */ 00622 case T_NETOBJ: 00623 if( !k_tid.netobj.sock_p 00624 || k_tid.netobj.remote_addr 00625 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 00626 || !k_tid.netobj.sock_p->file 00627 || !k_tid.netobj.sock_p->file->f_dentry 00628 || !k_tid.netobj.sock_p->file->f_dentry->d_inode 00629 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p) 00630 #else 00631 || !k_tid.netobj.sock_p->inode 00632 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p) 00633 #endif 00634 ) 00635 return -RSBAC_EINVALIDTARGET; 00636 #endif 00637 00638 00639 default: 00640 break; 00641 } 00642 00643 /* call ADF */ 00644 #ifdef CONFIG_RSBAC_DEBUG 00645 if (rsbac_debug_aef) 00646 rsbac_printk(KERN_DEBUG 00647 "sys_rsbac_set_attr(): calling ADF\n"); 00648 #endif 00649 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 00650 current->pid, 00651 target, 00652 k_tid, 00653 attr, 00654 k_value)) 00655 { 00656 return -EPERM; 00657 } 00658 err = rsbac_ta_set_attr(ta_number, module, target, k_tid, attr, k_value); 00659 return err; 00660 } /* end of sys_rsbac_set_attr() */
int sys_rsbac_set_attr_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
char * | t_name, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value | |||
) |
Definition at line 662 of file syscalls.c.
References A_none, D_block, D_char, rsbac_target_id_t::dev, get_attr_module(), rsbac_dev_desc_t::major, rsbac_dev_desc_t::minor, R_MODIFY_ATTRIBUTE, rsbac_adf_request(), RSBAC_EINVALIDATTR, RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDTARGET, rsbac_printk(), rsbac_ta_set_attr(), SW_NONE, T_DEV, T_DIR, T_FD, T_FIFO, T_FILE, T_NONE, T_SYMLINK, T_UNIXSOCK, and rsbac_dev_desc_t::type.
Referenced by sys_rsbac().
00669 { 00670 struct dentry * t_dentry; 00671 int err = 0; 00672 union rsbac_attribute_value_t k_value; 00673 union rsbac_target_id_t tid; 00674 struct nameidata nd; 00675 00676 if(module > SW_NONE) 00677 return(-RSBAC_EINVALIDMODULE); 00678 if(!t_name || (target >= T_NONE)) 00679 return(-RSBAC_EINVALIDTARGET); 00680 if(!value) 00681 return(-RSBAC_EINVALIDPOINTER); 00682 if(attr >= A_none) 00683 return(-RSBAC_EINVALIDATTR); 00684 00685 if(module == SW_NONE) 00686 { 00687 module = get_attr_module(attr); 00688 if(module == SW_NONE) 00689 return(-RSBAC_EINVALIDMODULE); 00690 } 00691 00692 #ifdef CONFIG_RSBAC_FREEZE 00693 if(rsbac_freeze) 00694 { 00695 rsbac_printk(KERN_WARNING 00696 "sys_rsbac_set_attr_n(): RSBAC configuration frozen, no administration allowed!\n"); 00697 return -EPERM; 00698 } 00699 #endif 00700 /* get values from user space */ 00701 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) ); 00702 00703 /* lookup filename */ 00704 if ((err = user_path_walk_link(t_name, &nd))) 00705 { 00706 #ifdef CONFIG_RSBAC_DEBUG 00707 if (rsbac_debug_aef) 00708 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): call to user_path_walk_link() returned %i\n", err); 00709 #endif 00710 goto out; 00711 } 00712 t_dentry = nd.dentry; 00713 if (!t_dentry->d_inode) 00714 { 00715 #ifdef CONFIG_RSBAC_DEBUG 00716 if (rsbac_debug_aef) 00717 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): file not found\n"); 00718 #endif 00719 err = -RSBAC_EINVALIDTARGET; 00720 goto out_dput; 00721 } 00722 00723 switch (target) 00724 { 00725 /* is inode of right type? */ 00726 case T_FD: 00727 if(S_ISREG(t_dentry->d_inode->i_mode)) 00728 { 00729 target = T_FILE; 00730 } 00731 else 00732 if(S_ISDIR(t_dentry->d_inode->i_mode)) 00733 { 00734 target = T_DIR; 00735 } 00736 else 00737 if(S_ISLNK(t_dentry->d_inode->i_mode)) 00738 { 00739 target = T_SYMLINK; 00740 } 00741 else 00742 if(S_ISFIFO(t_dentry->d_inode->i_mode)) 00743 { 00744 target = T_FIFO; 00745 } 00746 else 00747 if(S_ISSOCK(t_dentry->d_inode->i_mode)) 00748 { 00749 target = T_UNIXSOCK; 00750 } 00751 else 00752 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00753 { 00754 target = T_FILE; 00755 } 00756 else 00757 if(S_ISCHR(t_dentry->d_inode->i_mode)) 00758 { 00759 target = T_FILE; 00760 } 00761 else 00762 { 00763 #ifdef CONFIG_RSBAC_DEBUG 00764 if (rsbac_debug_aef) 00765 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no filesystem object\n"); 00766 #endif 00767 err = -RSBAC_EINVALIDTARGET; 00768 goto out_dput; 00769 } 00770 break; 00771 00772 case T_FILE: 00773 if ( !(S_ISREG(t_dentry->d_inode->i_mode)) 00774 && !(S_ISBLK(t_dentry->d_inode->i_mode)) 00775 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00776 { 00777 #ifdef CONFIG_RSBAC_DEBUG 00778 if (rsbac_debug_aef) 00779 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no file\n"); 00780 #endif 00781 err = -RSBAC_EINVALIDTARGET; 00782 goto out_dput; 00783 } 00784 break; 00785 00786 case T_DIR: 00787 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) ) 00788 { 00789 #ifdef CONFIG_RSBAC_DEBUG 00790 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n"); 00791 #endif 00792 err = -RSBAC_EINVALIDTARGET; 00793 goto out_dput; 00794 } 00795 break; 00796 00797 case T_FIFO: 00798 /* is inode of type fifo? */ 00799 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode))) 00800 { 00801 #ifdef CONFIG_RSBAC_DEBUG 00802 if (rsbac_debug_aef) 00803 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no fifo\n"); 00804 #endif 00805 err = -RSBAC_EINVALIDTARGET; 00806 goto out_dput; 00807 } 00808 break; 00809 00810 case T_UNIXSOCK: 00811 /* is inode of type fifo? */ 00812 if ( !(S_ISSOCK(t_dentry->d_inode->i_mode))) 00813 { 00814 #ifdef CONFIG_RSBAC_DEBUG 00815 if (rsbac_debug_aef) 00816 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no socket\n"); 00817 #endif 00818 err = -RSBAC_EINVALIDTARGET; 00819 goto out_dput; 00820 } 00821 break; 00822 00823 case T_SYMLINK: 00824 if ( !(S_ISLNK(t_dentry->d_inode->i_mode))) 00825 { 00826 #ifdef CONFIG_RSBAC_DEBUG 00827 if (rsbac_debug_aef) 00828 rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no symlink\n"); 00829 #endif 00830 err = -RSBAC_EINVALIDTARGET; 00831 goto out_dput; 00832 } 00833 break; 00834 00835 case T_DEV: 00836 if ( !(S_ISBLK(t_dentry->d_inode->i_mode)) 00837 && !(S_ISCHR(t_dentry->d_inode->i_mode)) ) 00838 { 00839 #ifdef CONFIG_RSBAC_DEBUG 00840 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no dev\n"); 00841 #endif 00842 err = -RSBAC_EINVALIDTARGET; 00843 goto out_dput; 00844 } 00845 break; 00846 00847 default: 00848 err = -RSBAC_EINVALIDTARGET; 00849 goto out_dput; 00850 } 00851 00852 if(target == T_DEV) 00853 { 00854 if(S_ISBLK(t_dentry->d_inode->i_mode)) 00855 tid.dev.type = D_block; 00856 else 00857 tid.dev.type = D_char; 00858 tid.dev.major = RSBAC_MAJOR(t_dentry->d_inode->i_rdev); 00859 tid.dev.minor = RSBAC_MINOR(t_dentry->d_inode->i_rdev); 00860 } 00861 else 00862 { 00863 /* fill target id and call internal function */ 00864 tid.file.device = t_dentry->d_sb->s_dev; 00865 tid.file.inode = t_dentry->d_inode->i_ino; 00866 tid.file.dentry_p = t_dentry; 00867 } 00868 /* call ADF */ 00869 #ifdef CONFIG_RSBAC_DEBUG 00870 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_set_attr_n(): calling ADF\n"); 00871 #endif 00872 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE, 00873 current->pid, 00874 target, 00875 tid, 00876 attr, 00877 k_value)) 00878 { 00879 err = -EPERM; 00880 } 00881 else 00882 { 00883 err = rsbac_ta_set_attr(ta_number, module, target, tid, attr, k_value); 00884 } 00885 00886 out_dput: 00887 path_release(&nd); 00888 00889 out: 00890 return(err); 00891 } /* end of sys_rsbac_set_attr_n() */
int sys_rsbac_stats | ( | void | ) |
Definition at line 66 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), rsbac_printk(), rsbac_stats(), rsbac_target_id_t::scd, ST_rsbac, and T_SCD.
Referenced by sys_rsbac().
00067 { 00068 union rsbac_target_id_t rsbac_target_id; 00069 union rsbac_attribute_value_t rsbac_attribute_value; 00070 00071 #ifdef CONFIG_RSBAC_DEBUG 00072 if (rsbac_debug_aef) 00073 { 00074 rsbac_printk(KERN_DEBUG "sys_rsbac_stats(): calling ADF\n"); 00075 } 00076 #endif 00077 rsbac_target_id.scd = ST_rsbac; 00078 rsbac_attribute_value.dummy = 0; 00079 if (!rsbac_adf_request(R_GET_STATUS_DATA, 00080 current->pid, 00081 T_SCD, 00082 rsbac_target_id, 00083 A_none, 00084 rsbac_attribute_value)) 00085 { 00086 return -EPERM; 00087 } 00088 00089 return(rsbac_stats()); 00090 };
int sys_rsbac_stats_pm | ( | void | ) |
Definition at line 2427 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), rsbac_printk(), rsbac_stats_pm(), rsbac_target_id_t::scd, ST_rsbac, and T_SCD.
Referenced by sys_rsbac().
02428 { 02429 #ifndef CONFIG_RSBAC_PM 02430 return (0); 02431 #else 02432 union rsbac_target_id_t rsbac_target_id; 02433 union rsbac_attribute_value_t rsbac_attribute_value; 02434 02435 #ifdef CONFIG_RSBAC_DEBUG 02436 if (rsbac_debug_aef) rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): calling ADF\n"); 02437 #endif 02438 rsbac_target_id.scd = ST_rsbac; 02439 rsbac_attribute_value.dummy = 0; 02440 if (!rsbac_adf_request(R_GET_STATUS_DATA, 02441 current->pid, 02442 T_SCD, 02443 rsbac_target_id, 02444 A_none, 02445 rsbac_attribute_value)) 02446 { 02447 return -EPERM; 02448 } 02449 02450 #ifdef CONFIG_RSBAC_DEBUG 02451 if (rsbac_debug_aef_pm) 02452 rsbac_printk(KERN_DEBUG "sys_rsbac_stats_pm(): getting RSBAC status!\n"); 02453 #endif 02454 return(rsbac_stats_pm()); 02455 #endif 02456 };
int sys_rsbac_switch | ( | enum rsbac_switch_target_t | module, | |
int | value | |||
) |
Definition at line 1551 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::dummy, get_switch_target_name(), R_MODIFY_PERMISSIONS_DATA, R_SWITCH_MODULE, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDREQUEST, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), SW_ACL, SW_AUTH, SW_CAP, SW_DAC_DISABLE, SW_DAZ, SW_FF, SW_FREEZE, SW_JAIL, SW_MAC, SW_NONE, SW_PAX, SW_PM, SW_RC, SW_RES, SW_SOFTMODE, and T_NONE.
Referenced by sys_rsbac().
01552 { 01553 #if defined(CONFIG_RSBAC_SWITCH) || defined(CONFIG_RSBAC_SOFTMODE) 01554 union rsbac_target_id_t rsbac_target_id; 01555 union rsbac_attribute_value_t rsbac_attribute_value; 01556 char * switch_name; 01557 01558 /* call ADF */ 01559 if(module >= SW_NONE) 01560 return(-RSBAC_EINVALIDTARGET); 01561 if ( (value < 0) 01562 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01563 || (value > 3) 01564 #else 01565 || (value > 1) 01566 #endif 01567 ) 01568 return (-RSBAC_EINVALIDVALUE); 01569 01570 #ifdef CONFIG_RSBAC_SOFTMODE 01571 if( rsbac_softmode_prohibit 01572 && ( ( (value == 1) 01573 && (module == SW_SOFTMODE) 01574 ) 01575 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01576 || (value == 3) 01577 #endif 01578 ) 01579 ) 01580 { 01581 rsbac_printk(KERN_WARNING 01582 "sys_rsbac_switch(): setting of softmode prohibited!\n"); 01583 return -EPERM; 01584 } 01585 #endif 01586 01587 #ifdef CONFIG_RSBAC_DEBUG 01588 if (rsbac_debug_aef) 01589 rsbac_printk(KERN_DEBUG "sys_rsbac_switch(): calling ADF\n"); 01590 #endif 01591 rsbac_target_id.dummy = 0; 01592 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE 01593 if(module == SW_DAC_DISABLE) 01594 { 01595 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01596 if(value > 1) 01597 return -RSBAC_EINVALIDVALUE; 01598 #endif 01599 rsbac_attribute_value.dummy = 0; 01600 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA, 01601 current->pid, 01602 T_NONE, 01603 rsbac_target_id, 01604 A_none, 01605 rsbac_attribute_value)) 01606 { 01607 return -EPERM; 01608 } 01609 } 01610 else 01611 #endif 01612 { 01613 rsbac_attribute_value.switch_target = module; 01614 if (!rsbac_adf_request(R_SWITCH_MODULE, 01615 current->pid, 01616 T_NONE, 01617 rsbac_target_id, 01618 A_switch_target, 01619 rsbac_attribute_value)) 01620 { 01621 return -EPERM; 01622 } 01623 } 01624 01625 switch(value) 01626 { 01627 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01628 case 2: 01629 case 3: 01630 rsbac_ind_softmode[module] = value - 2; 01631 break; 01632 #endif 01633 01634 default: 01635 switch (module) 01636 { 01637 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL 01638 case SW_DAC_DISABLE: rsbac_dac_disable = value; 01639 break; 01640 #endif 01641 #ifdef CONFIG_RSBAC_SOFTMODE 01642 case SW_SOFTMODE: rsbac_softmode = value; 01643 break; 01644 #endif 01645 #ifdef CONFIG_RSBAC_FREEZE 01646 case SW_FREEZE: 01647 if(rsbac_freeze) 01648 { 01649 rsbac_printk(KERN_WARNING 01650 "sys_rsbac_switch(): RSBAC configuration frozen, no administration allowed!\n"); 01651 return -EPERM; 01652 } 01653 rsbac_freeze = value; 01654 break; 01655 #endif 01656 #ifdef CONFIG_RSBAC_SWITCH_MAC 01657 case SW_MAC: 01658 #ifndef CONFIG_RSBAC_SWITCH_ON 01659 if(value) 01660 return -RSBAC_EINVALIDMODULE; 01661 #endif 01662 rsbac_switch_mac = value; 01663 break; 01664 #endif 01665 #ifdef CONFIG_RSBAC_SWITCH_PM 01666 case SW_PM: 01667 #ifndef CONFIG_RSBAC_SWITCH_ON 01668 if(value) 01669 return -RSBAC_EINVALIDMODULE; 01670 #endif 01671 rsbac_switch_pm = value; 01672 break; 01673 #endif 01674 #ifdef CONFIG_RSBAC_SWITCH_DAZ 01675 case SW_DAZ: 01676 rsbac_switch_daz = value; 01677 break; 01678 #endif 01679 #ifdef CONFIG_RSBAC_SWITCH_FF 01680 case SW_FF: 01681 rsbac_switch_ff = value; 01682 break; 01683 #endif 01684 #ifdef CONFIG_RSBAC_SWITCH_RC 01685 case SW_RC: 01686 #ifndef CONFIG_RSBAC_SWITCH_ON 01687 if(value) 01688 return -RSBAC_EINVALIDMODULE; 01689 #endif 01690 rsbac_switch_rc = value; 01691 break; 01692 #endif 01693 #ifdef CONFIG_RSBAC_SWITCH_AUTH 01694 case SW_AUTH: 01695 rsbac_switch_auth = value; 01696 break; 01697 #endif 01698 #ifdef CONFIG_RSBAC_SWITCH_ACL 01699 case SW_ACL: 01700 rsbac_switch_acl = value; 01701 break; 01702 #endif 01703 #ifdef CONFIG_RSBAC_SWITCH_CAP 01704 case SW_CAP: 01705 rsbac_switch_cap = value; 01706 break; 01707 #endif 01708 #ifdef CONFIG_RSBAC_SWITCH_JAIL 01709 case SW_JAIL: 01710 rsbac_switch_jail = value; 01711 break; 01712 #endif 01713 #ifdef CONFIG_RSBAC_SWITCH_RES 01714 case SW_RES: 01715 rsbac_switch_res = value; 01716 break; 01717 #endif 01718 #ifdef CONFIG_RSBAC_SWITCH_PAX 01719 case SW_PAX: 01720 rsbac_switch_pax = value; 01721 break; 01722 #endif 01723 default: 01724 return (-RSBAC_EINVALIDMODULE); 01725 } 01726 } 01727 01728 switch_name = rsbac_kmalloc(RSBAC_MAXNAMELEN); 01729 if(switch_name) 01730 { 01731 int show_value = value; 01732 01733 get_switch_target_name(switch_name, module); 01734 #ifdef CONFIG_RSBAC_SOFTMODE_IND 01735 switch(value) 01736 { 01737 case 2: 01738 case 3: 01739 strcat(switch_name, " softmode"); 01740 show_value -= 2; 01741 break; 01742 default: 01743 break; 01744 } 01745 #endif 01746 rsbac_printk(KERN_WARNING 01747 "sys_rsbac_switch(): user %u switched RSBAC module %s to %i!\n", 01748 current->uid, switch_name, show_value); 01749 rsbac_kfree(switch_name); 01750 } 01751 return 0; 01752 #else 01753 return -RSBAC_EINVALIDREQUEST; 01754 #endif /* SWITCH || SOFTMODE*/ 01755 }
int sys_rsbac_um_add_gm | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | user, | |||
rsbac_gid_t | group, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 5426 of file syscalls.c.
References R_CHANGE_GROUP, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_add_gm(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05431 { 05432 #if defined(CONFIG_RSBAC_UM) 05433 #ifndef CONFIG_RSBAC_MAINT 05434 union rsbac_target_id_t rsbac_target_id; 05435 union rsbac_attribute_value_t rsbac_attribute_value; 05436 #endif 05437 05438 #ifdef CONFIG_RSBAC_FREEZE_UM 05439 if(rsbac_freeze) 05440 { 05441 rsbac_printk(KERN_WARNING 05442 "sys_rsbac_um_add_gm(): RSBAC configuration frozen, no administration allowed!\n"); 05443 return -EPERM; 05444 } 05445 #endif 05446 05447 #ifndef CONFIG_RSBAC_MAINT 05448 #ifdef CONFIG_RSBAC_DEBUG 05449 if (rsbac_debug_aef) 05450 { 05451 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_gm(): calling ADF\n"); 05452 } 05453 #endif 05454 rsbac_target_id.user = user; 05455 rsbac_attribute_value.group = group; 05456 if (!rsbac_adf_request(R_CHANGE_GROUP, 05457 current->pid, 05458 T_USER, 05459 rsbac_target_id, 05460 A_group, 05461 rsbac_attribute_value)) 05462 { 05463 return -EPERM; 05464 } 05465 #endif /* MAINT */ 05466 05467 return rsbac_um_add_gm(ta_number, user, group, ttl); 05468 #else 05469 return (-RSBAC_EINVALIDMODULE); 05470 #endif 05471 }
int sys_rsbac_um_add_group | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | gid, | |||
struct rsbac_um_group_entry_t * | entry_p, | |||
char * | pass, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 5312 of file syscalls.c.
References A_none, rsbac_target_id_t::dummy, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_CREATE, rsbac_adf_request(), rsbac_adf_set_attr(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDVALUE, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_add_group(), T_GROUP, and T_NONE.
Referenced by sys_rsbac().
05318 { 05319 #if defined(CONFIG_RSBAC_UM) 05320 int err; 05321 struct rsbac_um_group_entry_t * k_entry_p; 05322 char * k_pass; 05323 #ifndef CONFIG_RSBAC_MAINT 05324 union rsbac_target_id_t rsbac_target_id; 05325 union rsbac_target_id_t rsbac_new_target_id; 05326 union rsbac_attribute_value_t rsbac_attribute_value; 05327 #endif 05328 05329 if(!entry_p) 05330 return -RSBAC_EINVALIDPOINTER; 05331 05332 #ifdef CONFIG_RSBAC_FREEZE_UM 05333 if(rsbac_freeze) 05334 { 05335 rsbac_printk(KERN_WARNING 05336 "sys_rsbac_um_add_group(): RSBAC configuration frozen, no administration allowed!\n"); 05337 return -EPERM; 05338 } 05339 #endif 05340 05341 #ifndef CONFIG_RSBAC_MAINT 05342 #ifdef CONFIG_RSBAC_DEBUG 05343 if (rsbac_debug_aef) 05344 { 05345 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_group(): calling ADF\n"); 05346 } 05347 #endif 05348 rsbac_target_id.group = gid; 05349 rsbac_attribute_value.dummy = 0; 05350 if (!rsbac_adf_request(R_CREATE, 05351 current->pid, 05352 T_GROUP, 05353 rsbac_target_id, 05354 A_none, 05355 rsbac_attribute_value)) 05356 { 05357 return -EPERM; 05358 } 05359 #endif /* MAINT */ 05360 05361 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p)); 05362 if(!k_entry_p) 05363 return -RSBAC_ENOMEM; 05364 if(pass) 05365 { 05366 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 05367 if(!k_pass) 05368 { 05369 rsbac_kfree(k_entry_p); 05370 return -RSBAC_ENOMEM; 05371 } 05372 } 05373 else 05374 k_pass = NULL; 05375 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p)); 05376 if(err) 05377 goto out_free; 05378 if(!k_entry_p->name[0]) 05379 { 05380 err = -RSBAC_EINVALIDVALUE; 05381 goto out_free; 05382 } 05383 if(pass) 05384 { 05385 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN); 05386 if(err) 05387 goto out_free; 05388 k_pass[RSBAC_MAXNAMELEN-1] = 0; 05389 } 05390 err = rsbac_um_add_group(ta_number, &gid, k_entry_p, k_pass, ttl); 05391 05392 #ifndef CONFIG_RSBAC_MAINT 05393 /* RSBAC: notify ADF of new group */ 05394 if(!err) 05395 { 05396 rsbac_target_id.group = gid; 05397 rsbac_new_target_id.dummy = 0; 05398 if (rsbac_adf_set_attr(R_CREATE, 05399 current->pid, 05400 T_GROUP, 05401 rsbac_target_id, 05402 T_NONE, 05403 rsbac_new_target_id, 05404 A_none, 05405 rsbac_attribute_value)) 05406 { 05407 rsbac_printk(KERN_WARNING 05408 "sys_rsbac_um_add_group(): rsbac_adf_set_attr() returned error\n"); 05409 } 05410 } 05411 #endif 05412 05413 out_free: 05414 rsbac_kfree(k_entry_p); 05415 if(k_pass) 05416 { 05417 memset(k_pass, 0, RSBAC_MAXNAMELEN); 05418 rsbac_kfree(k_pass); 05419 } 05420 return err; 05421 #else 05422 return (-RSBAC_EINVALIDMODULE); 05423 #endif 05424 }
int sys_rsbac_um_add_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | uid, | |||
struct rsbac_um_user_entry_t * | entry_p, | |||
char * | pass, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 5198 of file syscalls.c.
References A_none, rsbac_target_id_t::dummy, rsbac_attribute_value_t::dummy, NULL, R_CREATE, rsbac_adf_request(), rsbac_adf_set_attr(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDVALUE, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_add_user(), T_NONE, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05204 { 05205 #if defined(CONFIG_RSBAC_UM) 05206 int err; 05207 struct rsbac_um_user_entry_t * k_entry_p; 05208 char * k_pass; 05209 #ifndef CONFIG_RSBAC_MAINT 05210 union rsbac_target_id_t rsbac_target_id; 05211 union rsbac_target_id_t rsbac_new_target_id; 05212 union rsbac_attribute_value_t rsbac_attribute_value; 05213 #endif 05214 05215 if(!entry_p) 05216 return -RSBAC_EINVALIDPOINTER; 05217 05218 #ifdef CONFIG_RSBAC_FREEZE_UM 05219 if(rsbac_freeze) 05220 { 05221 rsbac_printk(KERN_WARNING 05222 "sys_rsbac_um_add_user(): RSBAC configuration frozen, no administration allowed!\n"); 05223 return -EPERM; 05224 } 05225 #endif 05226 05227 #ifndef CONFIG_RSBAC_MAINT 05228 #ifdef CONFIG_RSBAC_DEBUG 05229 if (rsbac_debug_aef) 05230 { 05231 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_user(): calling ADF\n"); 05232 } 05233 #endif 05234 rsbac_target_id.user = uid; 05235 rsbac_attribute_value.dummy = 0; 05236 if (!rsbac_adf_request(R_CREATE, 05237 current->pid, 05238 T_USER, 05239 rsbac_target_id, 05240 A_none, 05241 rsbac_attribute_value)) 05242 { 05243 return -EPERM; 05244 } 05245 #endif /* MAINT */ 05246 05247 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p)); 05248 if(!k_entry_p) 05249 return -RSBAC_ENOMEM; 05250 if(pass) 05251 { 05252 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 05253 if(!k_pass) 05254 { 05255 rsbac_kfree(k_entry_p); 05256 return -RSBAC_ENOMEM; 05257 } 05258 } 05259 else 05260 k_pass = NULL; 05261 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p)); 05262 if(err) 05263 goto out_free; 05264 if(!k_entry_p->name[0]) 05265 { 05266 err = -RSBAC_EINVALIDVALUE; 05267 goto out_free; 05268 } 05269 if(pass) 05270 { 05271 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN); 05272 if(err) 05273 goto out_free; 05274 k_pass[RSBAC_MAXNAMELEN-1] = 0; 05275 } 05276 err = rsbac_um_add_user(ta_number, &uid, k_entry_p, k_pass, ttl); 05277 05278 #ifndef CONFIG_RSBAC_MAINT 05279 /* RSBAC: notify ADF of new user */ 05280 if(!err) 05281 { 05282 rsbac_target_id.user = uid; 05283 rsbac_new_target_id.dummy = 0; 05284 if (rsbac_adf_set_attr(R_CREATE, 05285 current->pid, 05286 T_USER, 05287 rsbac_target_id, 05288 T_NONE, 05289 rsbac_new_target_id, 05290 A_none, 05291 rsbac_attribute_value)) 05292 { 05293 rsbac_printk(KERN_WARNING 05294 "sys_rsbac_um_add_user(): rsbac_adf_set_attr() returned error\n"); 05295 } 05296 } 05297 #endif 05298 05299 out_free: 05300 rsbac_kfree(k_entry_p); 05301 if(k_pass) 05302 { 05303 memset(k_pass, 0, RSBAC_MAXNAMELEN); 05304 rsbac_kfree(k_pass); 05305 } 05306 return err; 05307 #else 05308 return (-RSBAC_EINVALIDMODULE); 05309 #endif 05310 }
int sys_rsbac_um_auth_name | ( | char * | name, | |
char * | pass | |||
) |
Definition at line 5003 of file syscalls.c.
References A_auth_last_auth, A_none, rsbac_attribute_value_t::auth_last_auth, rsbac_attribute_value_t::dummy, rsbac_target_id_t::process, R_AUTHENTICATE, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_ENOTFOUND, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_set_attr, rsbac_um_check_pass(), rsbac_um_get_uid(), RSBAC_UM_NAME_LEN, SW_AUTH, T_PROCESS, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05006 { 05007 #if defined(CONFIG_RSBAC_UM) 05008 rsbac_uid_t uid; 05009 int err; 05010 char * k_name; 05011 char * k_pass; 05012 union rsbac_target_id_t i_tid; 05013 union rsbac_attribute_value_t i_attr_val; 05014 #ifdef CONFIG_RSBAC_DEBUG 05015 if (rsbac_debug_aef_um) 05016 { 05017 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user\n"); 05018 } 05019 #endif 05020 if(!name || !pass) 05021 { 05022 #ifdef CONFIG_RSBAC_DEBUG 05023 if (rsbac_debug_aef_um) 05024 { 05025 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): NULL name or pass\n"); 05026 } 05027 #endif 05028 return -RSBAC_EINVALIDPOINTER; 05029 } 05030 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN); 05031 if(!k_name) 05032 return -RSBAC_ENOMEM; 05033 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 05034 if(!k_pass) 05035 { 05036 rsbac_kfree(k_name); 05037 return -RSBAC_ENOMEM; 05038 } 05039 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 05040 if(err) 05041 goto out_free; 05042 k_name[RSBAC_UM_NAME_LEN-1] = 0; 05043 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN); 05044 if(err) 05045 goto out_free; 05046 k_pass[RSBAC_MAXNAMELEN-1] = 0; 05047 #if 0 05048 #ifdef CONFIG_RSBAC_DEBUG 05049 if (rsbac_debug_aef_um) 05050 { 05051 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user %s with pass %s\n", 05052 k_name, k_pass); 05053 } 05054 #endif 05055 #endif 05056 err = rsbac_um_get_uid(0, k_name, &uid); 05057 if(err) { 05058 if(err == -RSBAC_ENOTFOUND) { 05059 err = -EPERM; 05060 ssleep(1); 05061 } 05062 goto out_free; 05063 } 05064 05065 #ifndef CONFIG_RSBAC_MAINT 05066 #ifdef CONFIG_RSBAC_DEBUG 05067 if (rsbac_debug_aef) 05068 { 05069 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): calling ADF\n"); 05070 } 05071 #endif 05072 i_tid.user = uid; 05073 i_attr_val.dummy = 0; 05074 if (!rsbac_adf_request(R_AUTHENTICATE, 05075 current->pid, 05076 T_USER, 05077 i_tid, 05078 A_none, 05079 i_attr_val)) 05080 { 05081 err = -EPERM; 05082 ssleep(1); 05083 goto out_free; 05084 } 05085 #endif /* MAINT */ 05086 05087 err = rsbac_um_check_pass(uid, k_pass); 05088 if(err) { 05089 if(err == -RSBAC_ENOTFOUND) { 05090 err = -EPERM; 05091 } 05092 goto out_free; 05093 } 05094 05095 #ifdef CONFIG_RSBAC_AUTH 05096 /* set auth_last_auth for this process */ 05097 i_tid.process = current->pid; 05098 i_attr_val.auth_last_auth = uid; 05099 if (rsbac_set_attr(SW_AUTH, 05100 T_PROCESS, 05101 i_tid, 05102 A_auth_last_auth, 05103 i_attr_val)) 05104 { 05105 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth); 05106 } 05107 #endif /* AUTH */ 05108 05109 out_free: 05110 rsbac_kfree(k_name); 05111 memset(k_pass, 0, RSBAC_MAXNAMELEN); 05112 rsbac_kfree(k_pass); 05113 return err; 05114 #else 05115 return (-RSBAC_EINVALIDMODULE); 05116 #endif 05117 }
int sys_rsbac_um_auth_uid | ( | rsbac_uid_t | uid, | |
char * | pass | |||
) |
Definition at line 5119 of file syscalls.c.
References A_auth_last_auth, A_none, rsbac_attribute_value_t::auth_last_auth, rsbac_attribute_value_t::dummy, rsbac_target_id_t::process, R_AUTHENTICATE, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, RSBAC_ENOTFOUND, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_set_attr, rsbac_um_check_pass(), SW_AUTH, T_PROCESS, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05121 { 05122 #if defined(CONFIG_RSBAC_UM) 05123 int err; 05124 char * k_pass; 05125 union rsbac_target_id_t i_tid; 05126 union rsbac_attribute_value_t i_attr_val; 05127 05128 if(!pass) 05129 return -RSBAC_EINVALIDPOINTER; 05130 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 05131 if(!k_pass) 05132 return -RSBAC_ENOMEM; 05133 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN); 05134 if(err) 05135 goto out_free; 05136 k_pass[RSBAC_MAXNAMELEN-1] = 0; 05137 05138 #ifdef CONFIG_RSBAC_DEBUG 05139 if (rsbac_debug_aef_um) 05140 { 05141 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_uid(): authenticating user %u with pass %s\n", 05142 uid, k_pass); 05143 } 05144 #endif 05145 #ifndef CONFIG_RSBAC_MAINT 05146 #ifdef CONFIG_RSBAC_DEBUG 05147 if (rsbac_debug_aef) 05148 { 05149 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_uid(): calling ADF\n"); 05150 } 05151 #endif 05152 i_tid.user = uid; 05153 i_attr_val.dummy = 0; 05154 if (!rsbac_adf_request(R_AUTHENTICATE, 05155 current->pid, 05156 T_USER, 05157 i_tid, 05158 A_none, 05159 i_attr_val)) 05160 { 05161 err = -EPERM; 05162 ssleep(1); 05163 goto out_free; 05164 } 05165 #endif /* MAINT */ 05166 05167 err = rsbac_um_check_pass(uid, k_pass); 05168 if(err) { 05169 if(err == -RSBAC_ENOTFOUND) { 05170 err = -EPERM; 05171 } 05172 goto out_free; 05173 } 05174 05175 #ifdef CONFIG_RSBAC_AUTH 05176 /* set auth_last_auth for this process */ 05177 i_tid.process = current->pid; 05178 i_attr_val.auth_last_auth = uid; 05179 if (rsbac_set_attr(SW_AUTH, 05180 T_PROCESS, 05181 i_tid, 05182 A_auth_last_auth, 05183 i_attr_val)) 05184 { 05185 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth); 05186 } 05187 #endif /* AUTH */ 05188 05189 out_free: 05190 memset(k_pass, 0, RSBAC_MAXNAMELEN); 05191 rsbac_kfree(k_pass); 05192 return err; 05193 #else 05194 return (-RSBAC_EINVALIDMODULE); 05195 #endif 05196 }
int sys_rsbac_um_check_account | ( | rsbac_uid_t | uid | ) |
Definition at line 6714 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_check_account(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
06715 { 06716 #if defined(CONFIG_RSBAC_UM) 06717 #ifndef CONFIG_RSBAC_MAINT 06718 union rsbac_target_id_t rsbac_target_id; 06719 union rsbac_attribute_value_t rsbac_attribute_value; 06720 #endif 06721 06722 06723 #ifndef CONFIG_RSBAC_MAINT 06724 #ifdef CONFIG_RSBAC_DEBUG 06725 if (rsbac_debug_aef) 06726 { 06727 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n"); 06728 } 06729 #endif 06730 rsbac_target_id.user = uid; 06731 rsbac_attribute_value.dummy = 0; 06732 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06733 current->pid, 06734 T_USER, 06735 rsbac_target_id, 06736 A_none, 06737 rsbac_attribute_value)) 06738 { 06739 return -EPERM; 06740 } 06741 #endif /* MAINT */ 06742 06743 return rsbac_um_check_account(uid); 06744 #else 06745 return (-RSBAC_EINVALIDMODULE); 06746 #endif 06747 }
int sys_rsbac_um_check_account_name | ( | char * | name | ) |
Definition at line 6749 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_printk(), rsbac_um_check_account(), rsbac_um_get_uid(), RSBAC_UM_NAME_LEN, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
06750 { 06751 #if defined(CONFIG_RSBAC_UM) 06752 int err; 06753 rsbac_uid_t uid; 06754 char k_name[RSBAC_UM_NAME_LEN]; 06755 #ifndef CONFIG_RSBAC_MAINT 06756 union rsbac_target_id_t rsbac_target_id; 06757 union rsbac_attribute_value_t rsbac_attribute_value; 06758 #endif 06759 06760 if(!name) 06761 return -RSBAC_EINVALIDPOINTER; 06762 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 06763 if(err) 06764 return err; 06765 k_name[RSBAC_UM_NAME_LEN-1] = 0; 06766 #ifdef CONFIG_RSBAC_DEBUG 06767 if (rsbac_debug_aef_um) 06768 { 06769 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): checking user %s\n", 06770 k_name); 06771 } 06772 #endif 06773 err = rsbac_um_get_uid(0, k_name, &uid); 06774 if(err) 06775 { 06776 #ifdef CONFIG_RSBAC_DEBUG 06777 if (rsbac_debug_aef_um) 06778 { 06779 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): lookup of user %s failed\n", 06780 k_name); 06781 } 06782 #endif 06783 return err; 06784 } 06785 06786 #ifndef CONFIG_RSBAC_MAINT 06787 #ifdef CONFIG_RSBAC_DEBUG 06788 if (rsbac_debug_aef) 06789 { 06790 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n"); 06791 } 06792 #endif 06793 rsbac_target_id.user = uid; 06794 rsbac_attribute_value.dummy = 0; 06795 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06796 current->pid, 06797 T_USER, 06798 rsbac_target_id, 06799 A_none, 06800 rsbac_attribute_value)) 06801 { 06802 return -EPERM; 06803 } 06804 #endif /* MAINT */ 06805 06806 return rsbac_um_check_account(uid); 06807 #else 06808 return (-RSBAC_EINVALIDMODULE); 06809 #endif 06810 }
int sys_rsbac_um_get_gid | ( | rsbac_list_ta_number_t | ta_number, | |
char * | name, | |||
rsbac_gid_t * | gid_p | |||
) |
Definition at line 6441 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_printk(), rsbac_um_get_gid(), RSBAC_UM_NAME_LEN, and T_GROUP.
Referenced by sys_rsbac().
06445 { 06446 #if defined(CONFIG_RSBAC_UM) 06447 rsbac_gid_t k_gid; 06448 int err; 06449 char k_name[RSBAC_UM_NAME_LEN]; 06450 06451 if(!name || !gid_p) 06452 return -RSBAC_EINVALIDPOINTER; 06453 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 06454 if(err) 06455 return err; 06456 k_name[RSBAC_UM_NAME_LEN-1] = 0; 06457 err = rsbac_um_get_gid(ta_number, k_name, &k_gid); 06458 if(!err) 06459 { 06460 #ifndef CONFIG_RSBAC_MAINT 06461 union rsbac_target_id_t rsbac_target_id; 06462 union rsbac_attribute_value_t rsbac_attribute_value; 06463 06464 #ifdef CONFIG_RSBAC_DEBUG 06465 if (rsbac_debug_aef) 06466 { 06467 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gid(): calling ADF\n"); 06468 } 06469 #endif 06470 rsbac_target_id.group = k_gid; 06471 rsbac_attribute_value.dummy = 0; 06472 if (!rsbac_adf_request(R_SEARCH, 06473 current->pid, 06474 T_GROUP, 06475 rsbac_target_id, 06476 A_none, 06477 rsbac_attribute_value)) 06478 { 06479 err = -EPERM; 06480 } 06481 else 06482 #endif /* MAINT */ 06483 06484 err = rsbac_put_user((char *)&k_gid, (char *) gid_p, sizeof(k_gid)); 06485 } 06486 return err; 06487 #else 06488 return (-RSBAC_EINVALIDMODULE); 06489 #endif 06490 }
int sys_rsbac_um_get_gm_list | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | user, | |||
rsbac_gid_t | group_array[], | |||
u_int | maxnum | |||
) |
Definition at line 6217 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, NULL, R_GET_STATUS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_get_gm_list(), RSBAC_UM_MAX_MAXNUM, rsbac_vfree, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
06222 { 06223 #if defined(CONFIG_RSBAC_UM) 06224 long count; 06225 rsbac_gid_t * k_group_array; 06226 #ifndef CONFIG_RSBAC_MAINT 06227 union rsbac_target_id_t rsbac_target_id; 06228 union rsbac_attribute_value_t rsbac_attribute_value; 06229 #endif 06230 06231 06232 if(maxnum > RSBAC_UM_MAX_MAXNUM) 06233 maxnum = RSBAC_UM_MAX_MAXNUM; 06234 06235 #ifndef CONFIG_RSBAC_MAINT 06236 #ifdef CONFIG_RSBAC_DEBUG 06237 if (rsbac_debug_aef) 06238 { 06239 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_list(): calling ADF\n"); 06240 } 06241 #endif 06242 rsbac_target_id.user = user; 06243 rsbac_attribute_value.dummy = 0; 06244 if (!rsbac_adf_request(R_GET_STATUS_DATA, 06245 current->pid, 06246 T_USER, 06247 rsbac_target_id, 06248 A_none, 06249 rsbac_attribute_value)) 06250 { 06251 return -EPERM; 06252 } 06253 #endif /* MAINT */ 06254 06255 /* count only */ 06256 if(!group_array || !maxnum) 06257 return rsbac_um_get_gm_list(ta_number, user, NULL); 06258 06259 count = rsbac_um_get_gm_list(ta_number, user, &k_group_array); 06260 if(count>0) 06261 { 06262 if(count > maxnum) 06263 count = maxnum; 06264 rsbac_put_user((u_char *) k_group_array, 06265 (u_char *) group_array, 06266 count * sizeof(*k_group_array) ); 06267 rsbac_vfree(k_group_array); 06268 } 06269 return count; 06270 #else 06271 return -RSBAC_EINVALIDMODULE; 06272 #endif 06273 }; /* end of sys_rsbac_um_get_group_list() */
int sys_rsbac_um_get_gm_user_list | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | group, | |||
rsbac_uid_t | user_array[], | |||
u_int | maxnum | |||
) |
Definition at line 6275 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_READ, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_get_gm_user_list(), RSBAC_UM_MAX_MAXNUM, rsbac_vfree, and T_GROUP.
Referenced by sys_rsbac().
06280 { 06281 #if defined(CONFIG_RSBAC_UM) 06282 long count; 06283 rsbac_uid_t * k_user_array; 06284 #ifndef CONFIG_RSBAC_MAINT 06285 union rsbac_target_id_t rsbac_target_id; 06286 union rsbac_attribute_value_t rsbac_attribute_value; 06287 #endif 06288 06289 if(maxnum > RSBAC_UM_MAX_MAXNUM) 06290 maxnum = RSBAC_UM_MAX_MAXNUM; 06291 06292 #ifndef CONFIG_RSBAC_MAINT 06293 #ifdef CONFIG_RSBAC_DEBUG 06294 if (rsbac_debug_aef) 06295 { 06296 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_user_list(): calling ADF\n"); 06297 } 06298 #endif 06299 rsbac_target_id.group = group; 06300 rsbac_attribute_value.dummy = 0; 06301 if (!rsbac_adf_request(R_READ, 06302 current->pid, 06303 T_GROUP, 06304 rsbac_target_id, 06305 A_none, 06306 rsbac_attribute_value)) 06307 { 06308 return -EPERM; 06309 } 06310 #endif /* MAINT */ 06311 /* count number of all users */ 06312 if(!user_array || !maxnum) 06313 return rsbac_um_get_gm_user_list(ta_number, group, NULL); 06314 06315 count = rsbac_um_get_gm_user_list(ta_number, group, &k_user_array); 06316 if(count>0) 06317 { 06318 if(count > maxnum) 06319 count = maxnum; 06320 rsbac_put_user((u_char *) k_user_array, 06321 (u_char *) user_array, 06322 count * sizeof(*k_user_array) ); 06323 rsbac_vfree(k_user_array); 06324 } 06325 return count; 06326 #else 06327 return -RSBAC_EINVALIDMODULE; 06328 #endif 06329 }; /* end of sys_rsbac_um_get_group_list() */
int sys_rsbac_um_get_group_item | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | gid, | |||
enum rsbac_um_mod_t | mod, | |||
union rsbac_um_mod_data_t * | data_p | |||
) |
Definition at line 5792 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, R_GET_PERMISSIONS_DATA, R_GET_STATUS_DATA, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), rsbac_printk(), rsbac_um_get_group_item(), T_GROUP, UM_name, UM_none, UM_pass, and UM_ttl.
Referenced by sys_rsbac().
05797 { 05798 #if defined(CONFIG_RSBAC_UM) 05799 int err; 05800 union rsbac_um_mod_data_t * k_data_p; 05801 #ifndef CONFIG_RSBAC_MAINT 05802 enum rsbac_adf_request_t rsbac_request; 05803 union rsbac_target_id_t rsbac_target_id; 05804 union rsbac_attribute_value_t rsbac_attribute_value; 05805 #endif 05806 05807 if(mod >= UM_none) 05808 return -RSBAC_EINVALIDREQUEST; 05809 if(!data_p) 05810 return -RSBAC_EINVALIDPOINTER; 05811 05812 #ifndef CONFIG_RSBAC_MAINT 05813 #ifdef CONFIG_RSBAC_DEBUG 05814 if (rsbac_debug_aef) 05815 { 05816 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_item(): calling ADF\n"); 05817 } 05818 #endif 05819 rsbac_attribute_value.dummy = 0; 05820 switch(mod) 05821 { 05822 case UM_name: 05823 rsbac_request = R_SEARCH; 05824 break; 05825 05826 case UM_pass: 05827 rsbac_request = R_GET_PERMISSIONS_DATA; 05828 break; 05829 05830 case UM_ttl: 05831 rsbac_request = R_GET_STATUS_DATA; 05832 break; 05833 05834 default: 05835 return -RSBAC_EINVALIDREQUEST; 05836 } 05837 rsbac_target_id.group = gid; 05838 if (!rsbac_adf_request(rsbac_request, 05839 current->pid, 05840 T_GROUP, 05841 rsbac_target_id, 05842 A_none, 05843 rsbac_attribute_value)) 05844 { 05845 return -EPERM; 05846 } 05847 #endif /* MAINT */ 05848 05849 k_data_p = rsbac_kmalloc(sizeof(*k_data_p)); 05850 if(!k_data_p) 05851 return -RSBAC_ENOMEM; 05852 memset(k_data_p, 0, sizeof(*k_data_p)); 05853 05854 err = rsbac_um_get_group_item(ta_number, gid, mod, k_data_p); 05855 if(!err) 05856 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) ); 05857 rsbac_kfree(k_data_p); 05858 return err; 05859 #else 05860 return (-RSBAC_EINVALIDMODULE); 05861 #endif 05862 }
int sys_rsbac_um_get_group_list | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | group_array[], | |||
u_int | maxnum | |||
) |
Definition at line 6331 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_SEARCH, rsbac_adf_request(), RSBAC_ALL_USERS, RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_get_group_list(), RSBAC_UM_MAX_MAXNUM, rsbac_vfree, and T_GROUP.
Referenced by sys_rsbac().
06335 { 06336 #if defined(CONFIG_RSBAC_UM) 06337 long count; 06338 rsbac_gid_t * k_group_array; 06339 #ifndef CONFIG_RSBAC_MAINT 06340 union rsbac_target_id_t rsbac_target_id; 06341 union rsbac_attribute_value_t rsbac_attribute_value; 06342 #endif 06343 06344 if(maxnum > RSBAC_UM_MAX_MAXNUM) 06345 maxnum = RSBAC_UM_MAX_MAXNUM; 06346 06347 #ifndef CONFIG_RSBAC_MAINT 06348 #ifdef CONFIG_RSBAC_DEBUG 06349 if (rsbac_debug_aef) 06350 { 06351 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_list(): calling ADF\n"); 06352 } 06353 #endif 06354 rsbac_target_id.group = RSBAC_ALL_USERS; 06355 rsbac_attribute_value.dummy = 0; 06356 if (!rsbac_adf_request(R_SEARCH, 06357 current->pid, 06358 T_GROUP, 06359 rsbac_target_id, 06360 A_none, 06361 rsbac_attribute_value)) 06362 { 06363 return -EPERM; 06364 } 06365 #endif /* MAINT */ 06366 06367 /* count only */ 06368 if(!group_array || !maxnum) 06369 return rsbac_um_get_group_list(ta_number, NULL); 06370 06371 count = rsbac_um_get_group_list(ta_number, &k_group_array); 06372 if(count>0) 06373 { 06374 if(count > maxnum) 06375 count = maxnum; 06376 rsbac_put_user((u_char *) k_group_array, 06377 (u_char *) group_array, 06378 count * sizeof(*k_group_array) ); 06379 rsbac_vfree(k_group_array); 06380 } 06381 return count; 06382 #else 06383 return -RSBAC_EINVALIDMODULE; 06384 #endif 06385 }; /* end of sys_rsbac_um_get_group_list() */
int sys_rsbac_um_get_next_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | old_user, | |||
rsbac_uid_t * | next_user_p | |||
) |
Definition at line 6116 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_printk(), rsbac_um_get_next_user(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
06120 { 06121 #if defined(CONFIG_RSBAC_UM) 06122 rsbac_uid_t k_next_user; 06123 int err; 06124 #ifndef CONFIG_RSBAC_MAINT 06125 union rsbac_target_id_t rsbac_target_id; 06126 union rsbac_attribute_value_t rsbac_attribute_value; 06127 #endif 06128 06129 if(!next_user_p) 06130 return -RSBAC_EINVALIDPOINTER; 06131 06132 #ifndef CONFIG_RSBAC_MAINT 06133 #ifdef CONFIG_RSBAC_DEBUG 06134 if (rsbac_debug_aef) 06135 { 06136 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_next_user(): calling ADF\n"); 06137 } 06138 #endif 06139 rsbac_target_id.user = old_user; 06140 rsbac_attribute_value.dummy = 0; 06141 if (!rsbac_adf_request(R_SEARCH, 06142 current->pid, 06143 T_USER, 06144 rsbac_target_id, 06145 A_none, 06146 rsbac_attribute_value)) 06147 { 06148 return -EPERM; 06149 } 06150 #endif /* MAINT */ 06151 06152 err = rsbac_um_get_next_user(ta_number, old_user, &k_next_user); 06153 if(!err) 06154 err = rsbac_put_user((char *)&k_next_user, (char *) next_user_p, sizeof(k_next_user)); 06155 return err; 06156 #else 06157 return (-RSBAC_EINVALIDMODULE); 06158 #endif 06159 }
int sys_rsbac_um_get_uid | ( | rsbac_list_ta_number_t | ta_number, | |
char * | name, | |||
rsbac_uid_t * | uid_p | |||
) |
Definition at line 6389 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, rsbac_printk(), rsbac_um_get_uid(), RSBAC_UM_NAME_LEN, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
06393 { 06394 #if defined(CONFIG_RSBAC_UM) 06395 rsbac_uid_t k_uid; 06396 int err; 06397 char k_name[RSBAC_UM_NAME_LEN]; 06398 06399 if(!name || !uid_p) 06400 return -RSBAC_EINVALIDPOINTER; 06401 06402 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 06403 if(err) 06404 return err; 06405 k_name[RSBAC_UM_NAME_LEN-1] = 0; 06406 err = rsbac_um_get_uid(ta_number, k_name, &k_uid); 06407 if(!err) 06408 { 06409 #ifndef CONFIG_RSBAC_MAINT 06410 union rsbac_target_id_t rsbac_target_id; 06411 union rsbac_attribute_value_t rsbac_attribute_value; 06412 06413 #ifdef CONFIG_RSBAC_DEBUG 06414 if (rsbac_debug_aef) 06415 { 06416 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_uid(): calling ADF\n"); 06417 } 06418 #endif 06419 rsbac_target_id.user = k_uid; 06420 rsbac_attribute_value.dummy = 0; 06421 if (!rsbac_adf_request(R_SEARCH, 06422 current->pid, 06423 T_USER, 06424 rsbac_target_id, 06425 A_none, 06426 rsbac_attribute_value)) 06427 { 06428 err = -EPERM; 06429 } 06430 else 06431 #endif /* MAINT */ 06432 06433 err = rsbac_put_user((char *)&k_uid, (char *) uid_p, sizeof(k_uid)); 06434 } 06435 return err; 06436 #else 06437 return (-RSBAC_EINVALIDMODULE); 06438 #endif 06439 }
int sys_rsbac_um_get_user_item | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | uid, | |||
enum rsbac_um_mod_t | mod, | |||
union rsbac_um_mod_data_t * | data_p | |||
) |
Definition at line 5707 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_GET_PERMISSIONS_DATA, R_GET_STATUS_DATA, R_READ, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), rsbac_printk(), rsbac_um_get_user_item(), T_USER, UM_expire, UM_fullname, UM_group, UM_homedir, UM_inactive, UM_lastchange, UM_maxchange, UM_minchange, UM_name, UM_none, UM_pass, UM_shell, UM_ttl, UM_warnchange, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05712 { 05713 #if defined(CONFIG_RSBAC_UM) 05714 int err; 05715 union rsbac_um_mod_data_t * k_data_p; 05716 #ifndef CONFIG_RSBAC_MAINT 05717 enum rsbac_adf_request_t rsbac_request; 05718 union rsbac_target_id_t rsbac_target_id; 05719 union rsbac_attribute_value_t rsbac_attribute_value; 05720 #endif 05721 05722 if(mod >= UM_none) 05723 return -RSBAC_EINVALIDREQUEST; 05724 if(!data_p) 05725 return -RSBAC_EINVALIDPOINTER; 05726 05727 #ifndef CONFIG_RSBAC_MAINT 05728 #ifdef CONFIG_RSBAC_DEBUG 05729 if (rsbac_debug_aef) 05730 { 05731 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_item(): calling ADF\n"); 05732 } 05733 #endif 05734 rsbac_attribute_value.dummy = 0; 05735 switch(mod) 05736 { 05737 case UM_name: 05738 rsbac_request = R_SEARCH; 05739 break; 05740 05741 case UM_group: 05742 case UM_fullname: 05743 case UM_homedir: 05744 case UM_shell: 05745 rsbac_request = R_GET_STATUS_DATA; 05746 break; 05747 05748 case UM_pass: 05749 rsbac_request = R_GET_PERMISSIONS_DATA; 05750 break; 05751 05752 case UM_lastchange: 05753 case UM_minchange: 05754 case UM_maxchange: 05755 case UM_warnchange: 05756 case UM_inactive: 05757 case UM_expire: 05758 case UM_ttl: 05759 rsbac_request = R_READ; 05760 break; 05761 05762 default: 05763 return -RSBAC_EINVALIDREQUEST; 05764 } 05765 rsbac_target_id.user = uid; 05766 if (!rsbac_adf_request(rsbac_request, 05767 current->pid, 05768 T_USER, 05769 rsbac_target_id, 05770 A_none, 05771 rsbac_attribute_value)) 05772 { 05773 return -EPERM; 05774 } 05775 #endif /* MAINT */ 05776 05777 k_data_p = rsbac_kmalloc(sizeof(*k_data_p)); 05778 if(!k_data_p) 05779 return -RSBAC_ENOMEM; 05780 memset(k_data_p, 0, sizeof(*k_data_p)); 05781 05782 err = rsbac_um_get_user_item(ta_number, uid, mod, k_data_p); 05783 if(!err) 05784 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) ); 05785 rsbac_kfree(k_data_p); 05786 return err; 05787 #else 05788 return (-RSBAC_EINVALIDMODULE); 05789 #endif 05790 }
int sys_rsbac_um_get_user_list | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | user_array[], | |||
u_int | maxnum | |||
) |
Definition at line 6161 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, NULL, R_SEARCH, rsbac_adf_request(), RSBAC_ALL_USERS, RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_get_user_list(), RSBAC_UM_MAX_MAXNUM, rsbac_vfree, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
06165 { 06166 #if defined(CONFIG_RSBAC_UM) 06167 long count; 06168 rsbac_uid_t * k_user_array; 06169 #ifndef CONFIG_RSBAC_MAINT 06170 union rsbac_target_id_t rsbac_target_id; 06171 union rsbac_attribute_value_t rsbac_attribute_value; 06172 #endif 06173 06174 if(maxnum > RSBAC_UM_MAX_MAXNUM) 06175 maxnum = RSBAC_UM_MAX_MAXNUM; 06176 06177 #ifndef CONFIG_RSBAC_MAINT 06178 #ifdef CONFIG_RSBAC_DEBUG 06179 if (rsbac_debug_aef) 06180 { 06181 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_list(): calling ADF\n"); 06182 } 06183 #endif 06184 rsbac_target_id.user = RSBAC_ALL_USERS; 06185 rsbac_attribute_value.dummy = 0; 06186 if (!rsbac_adf_request(R_SEARCH, 06187 current->pid, 06188 T_USER, 06189 rsbac_target_id, 06190 A_none, 06191 rsbac_attribute_value)) 06192 { 06193 return -EPERM; 06194 } 06195 #endif /* MAINT */ 06196 06197 /* count only */ 06198 if(!user_array || !maxnum) 06199 return rsbac_um_get_user_list(ta_number, NULL); 06200 06201 count = rsbac_um_get_user_list(ta_number, &k_user_array); 06202 if(count>0) 06203 { 06204 if(count > maxnum) 06205 count = maxnum; 06206 rsbac_put_user((u_char *) k_user_array, 06207 (u_char *) user_array, 06208 count * sizeof(*k_user_array) ); 06209 rsbac_vfree(k_user_array); 06210 } 06211 return count; 06212 #else 06213 return -RSBAC_EINVALIDMODULE; 06214 #endif 06215 }; /* end of sys_rsbac_um_get_user_list() */
int sys_rsbac_um_group_exists | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | gid | |||
) |
Definition at line 6080 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_group_exists(), and T_GROUP.
Referenced by sys_rsbac().
06083 { 06084 #if defined(CONFIG_RSBAC_UM) 06085 #ifndef CONFIG_RSBAC_MAINT 06086 union rsbac_target_id_t rsbac_target_id; 06087 union rsbac_attribute_value_t rsbac_attribute_value; 06088 #endif 06089 06090 #ifndef CONFIG_RSBAC_MAINT 06091 #ifdef CONFIG_RSBAC_DEBUG 06092 if (rsbac_debug_aef) 06093 { 06094 rsbac_printk(KERN_DEBUG "sys_rsbac_um_group_exists(): calling ADF\n"); 06095 } 06096 #endif 06097 rsbac_target_id.group = gid; 06098 rsbac_attribute_value.dummy = 0; 06099 if (!rsbac_adf_request(R_SEARCH, 06100 current->pid, 06101 T_GROUP, 06102 rsbac_target_id, 06103 A_none, 06104 rsbac_attribute_value)) 06105 { 06106 return -EPERM; 06107 } 06108 #endif /* MAINT */ 06109 06110 return rsbac_um_group_exists(ta_number, gid); 06111 #else 06112 return (-RSBAC_EINVALIDMODULE); 06113 #endif 06114 }
int sys_rsbac_um_mod_group | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | gid, | |||
enum rsbac_um_mod_t | mod, | |||
union rsbac_um_mod_data_t * | data_p | |||
) |
Definition at line 5612 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_DELETE, R_MODIFY_PERMISSIONS_DATA, R_RENAME, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_mod_group(), T_GROUP, UM_cryptpass, UM_name, UM_none, UM_pass, and UM_ttl.
Referenced by sys_rsbac().
05617 { 05618 #if defined(CONFIG_RSBAC_UM) 05619 int err; 05620 union rsbac_um_mod_data_t * k_data_p; 05621 #ifndef CONFIG_RSBAC_MAINT 05622 enum rsbac_adf_request_t rsbac_request; 05623 union rsbac_target_id_t rsbac_target_id; 05624 union rsbac_attribute_value_t rsbac_attribute_value; 05625 #endif 05626 05627 if(mod >= UM_none) 05628 return -RSBAC_EINVALIDREQUEST; 05629 if( !data_p 05630 && (mod != UM_pass) 05631 ) 05632 return -RSBAC_EINVALIDPOINTER; 05633 05634 #ifdef CONFIG_RSBAC_FREEZE_UM 05635 if(rsbac_freeze) 05636 { 05637 rsbac_printk(KERN_WARNING 05638 "sys_rsbac_um_mod_group(): RSBAC configuration frozen, no administration allowed!\n"); 05639 return -EPERM; 05640 } 05641 #endif 05642 05643 #ifndef CONFIG_RSBAC_MAINT 05644 #ifdef CONFIG_RSBAC_DEBUG 05645 if (rsbac_debug_aef) 05646 { 05647 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_group(): calling ADF\n"); 05648 } 05649 #endif 05650 switch(mod) 05651 { 05652 case UM_name: 05653 rsbac_request = R_RENAME; 05654 break; 05655 05656 case UM_pass: 05657 case UM_cryptpass: 05658 rsbac_request = R_MODIFY_PERMISSIONS_DATA; 05659 break; 05660 05661 case UM_ttl: 05662 rsbac_request = R_DELETE; 05663 break; 05664 05665 default: 05666 return -RSBAC_EINVALIDREQUEST; 05667 } 05668 rsbac_target_id.group = gid; 05669 rsbac_attribute_value.dummy = 0; 05670 if (!rsbac_adf_request(rsbac_request, 05671 current->pid, 05672 T_GROUP, 05673 rsbac_target_id, 05674 A_none, 05675 rsbac_attribute_value)) 05676 { 05677 return -EPERM; 05678 } 05679 #endif /* MAINT */ 05680 05681 if(data_p) 05682 { 05683 k_data_p = rsbac_kmalloc(sizeof(*k_data_p)); 05684 if(!k_data_p) 05685 return -RSBAC_ENOMEM; 05686 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p)); 05687 if(err) 05688 { 05689 rsbac_kfree(k_data_p); 05690 return err; 05691 } 05692 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0; 05693 } 05694 else 05695 k_data_p = NULL; 05696 05697 err = rsbac_um_mod_group(ta_number, gid, mod, k_data_p); 05698 05699 if(k_data_p) 05700 rsbac_kfree(k_data_p); 05701 return err; 05702 #else 05703 return (-RSBAC_EINVALIDMODULE); 05704 #endif 05705 }
int sys_rsbac_um_mod_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | uid, | |||
enum rsbac_um_mod_t | mod, | |||
union rsbac_um_mod_data_t * | data_p | |||
) |
Definition at line 5473 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_um_mod_data_t::group, NULL, R_CHANGE_GROUP, R_DELETE, R_MODIFY_PERMISSIONS_DATA, R_RENAME, R_WRITE, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_EINVALIDREQUEST, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_mod_user(), T_USER, UM_cryptpass, UM_expire, UM_fullname, UM_group, UM_homedir, UM_inactive, UM_lastchange, UM_maxchange, UM_minchange, UM_name, UM_none, UM_pass, UM_shell, UM_ttl, UM_warnchange, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05478 { 05479 #if defined(CONFIG_RSBAC_UM) 05480 int err; 05481 union rsbac_um_mod_data_t * k_data_p; 05482 #ifndef CONFIG_RSBAC_MAINT 05483 enum rsbac_adf_request_t rsbac_request; 05484 union rsbac_target_id_t rsbac_target_id; 05485 enum rsbac_attribute_t rsbac_attribute = A_none; 05486 union rsbac_attribute_value_t rsbac_attribute_value; 05487 #endif 05488 05489 if(mod >= UM_none) 05490 return -RSBAC_EINVALIDREQUEST; 05491 if( !data_p 05492 && (mod != UM_pass) 05493 ) 05494 return -RSBAC_EINVALIDPOINTER; 05495 05496 #ifdef CONFIG_RSBAC_FREEZE_UM 05497 if(rsbac_freeze) 05498 { 05499 rsbac_printk(KERN_WARNING 05500 "sys_rsbac_um_mod_user(): RSBAC configuration frozen, no administration allowed!\n"); 05501 return -EPERM; 05502 } 05503 #endif 05504 05505 #ifndef CONFIG_RSBAC_MAINT 05506 #ifdef CONFIG_RSBAC_DEBUG 05507 if (rsbac_debug_aef) 05508 { 05509 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_user(): calling ADF\n"); 05510 } 05511 #endif 05512 rsbac_attribute_value.dummy = 0; 05513 switch(mod) 05514 { 05515 case UM_name: 05516 rsbac_request = R_RENAME; 05517 break; 05518 05519 case UM_pass: 05520 case UM_cryptpass: 05521 rsbac_request = R_MODIFY_PERMISSIONS_DATA; 05522 break; 05523 05524 case UM_fullname: 05525 rsbac_request = R_WRITE; 05526 break; 05527 05528 case UM_homedir: 05529 rsbac_request = R_WRITE; 05530 break; 05531 05532 case UM_shell: 05533 rsbac_request = R_WRITE; 05534 break; 05535 05536 case UM_group: 05537 rsbac_request = R_CHANGE_GROUP; 05538 rsbac_attribute = A_group; 05539 rsbac_attribute_value.group = data_p->group; 05540 break; 05541 05542 case UM_lastchange: 05543 rsbac_request = R_WRITE; 05544 break; 05545 05546 case UM_minchange: 05547 rsbac_request = R_WRITE; 05548 break; 05549 05550 case UM_maxchange: 05551 rsbac_request = R_WRITE; 05552 break; 05553 05554 case UM_warnchange: 05555 rsbac_request = R_WRITE; 05556 break; 05557 05558 case UM_inactive: 05559 rsbac_request = R_WRITE; 05560 break; 05561 05562 case UM_expire: 05563 rsbac_request = R_WRITE; 05564 break; 05565 05566 case UM_ttl: 05567 rsbac_request = R_DELETE; 05568 break; 05569 05570 default: 05571 return -RSBAC_EINVALIDREQUEST; 05572 } 05573 rsbac_target_id.user = uid; 05574 if (!rsbac_adf_request(rsbac_request, 05575 current->pid, 05576 T_USER, 05577 rsbac_target_id, 05578 rsbac_attribute, 05579 rsbac_attribute_value)) 05580 { 05581 return -EPERM; 05582 } 05583 #endif /* MAINT */ 05584 05585 05586 if(data_p) 05587 { 05588 k_data_p = rsbac_kmalloc(sizeof(*k_data_p)); 05589 if(!k_data_p) 05590 return -RSBAC_ENOMEM; 05591 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p)); 05592 if(err) 05593 { 05594 rsbac_kfree(k_data_p); 05595 return err; 05596 } 05597 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0; 05598 } 05599 else 05600 k_data_p = NULL; 05601 05602 err = rsbac_um_mod_user(ta_number, uid, mod, k_data_p); 05603 05604 if(k_data_p) 05605 rsbac_kfree(k_data_p); 05606 return err; 05607 #else 05608 return (-RSBAC_EINVALIDMODULE); 05609 #endif 05610 }
int sys_rsbac_um_remove_gm | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | user, | |||
rsbac_gid_t | group | |||
) |
Definition at line 5998 of file syscalls.c.
References R_CHANGE_GROUP, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_remove_gm(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
06002 { 06003 #if defined(CONFIG_RSBAC_UM) 06004 #ifndef CONFIG_RSBAC_MAINT 06005 union rsbac_target_id_t rsbac_target_id; 06006 union rsbac_attribute_value_t rsbac_attribute_value; 06007 #endif 06008 06009 #ifdef CONFIG_RSBAC_FREEZE_UM 06010 if(rsbac_freeze) 06011 { 06012 rsbac_printk(KERN_WARNING 06013 "sys_rsbac_um_remove_gm(): RSBAC configuration frozen, no administration allowed!\n"); 06014 return -EPERM; 06015 } 06016 #endif 06017 06018 #ifndef CONFIG_RSBAC_MAINT 06019 #ifdef CONFIG_RSBAC_DEBUG 06020 if (rsbac_debug_aef) 06021 { 06022 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_gm(): calling ADF\n"); 06023 } 06024 #endif 06025 rsbac_target_id.user = user; 06026 rsbac_attribute_value.group = group; 06027 if (!rsbac_adf_request(R_CHANGE_GROUP, 06028 current->pid, 06029 T_USER, 06030 rsbac_target_id, 06031 A_group, 06032 rsbac_attribute_value)) 06033 { 06034 return -EPERM; 06035 } 06036 #endif /* MAINT */ 06037 06038 return rsbac_um_remove_gm(ta_number, user, group); 06039 #else 06040 return (-RSBAC_EINVALIDMODULE); 06041 #endif 06042 }
int sys_rsbac_um_remove_group | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | gid | |||
) |
Definition at line 5931 of file syscalls.c.
References A_none, rsbac_target_id_t::dummy, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, R_DELETE, rsbac_adf_request(), rsbac_adf_set_attr(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_remove_group(), T_GROUP, and T_NONE.
Referenced by sys_rsbac().
05934 { 05935 #if defined(CONFIG_RSBAC_UM) 05936 int err; 05937 #ifndef CONFIG_RSBAC_MAINT 05938 union rsbac_target_id_t rsbac_target_id; 05939 union rsbac_target_id_t rsbac_new_target_id; 05940 union rsbac_attribute_value_t rsbac_attribute_value; 05941 #endif 05942 05943 #ifdef CONFIG_RSBAC_FREEZE_UM 05944 if(rsbac_freeze) 05945 { 05946 rsbac_printk(KERN_WARNING 05947 "sys_rsbac_um_remove_group(): RSBAC configuration frozen, no administration allowed!\n"); 05948 return -EPERM; 05949 } 05950 #endif 05951 05952 #ifndef CONFIG_RSBAC_MAINT 05953 #ifdef CONFIG_RSBAC_DEBUG 05954 if (rsbac_debug_aef) 05955 { 05956 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_group(): calling ADF\n"); 05957 } 05958 #endif 05959 rsbac_target_id.group = gid; 05960 rsbac_attribute_value.dummy = 0; 05961 if (!rsbac_adf_request(R_DELETE, 05962 current->pid, 05963 T_GROUP, 05964 rsbac_target_id, 05965 A_none, 05966 rsbac_attribute_value)) 05967 { 05968 return -EPERM; 05969 } 05970 #endif /* MAINT */ 05971 05972 err = rsbac_um_remove_group(ta_number, gid); 05973 05974 #ifndef CONFIG_RSBAC_MAINT 05975 if(!err) 05976 { 05977 rsbac_new_target_id.dummy = 0; 05978 if (rsbac_adf_set_attr(R_DELETE, 05979 current->pid, 05980 T_GROUP, 05981 rsbac_target_id, 05982 T_NONE, 05983 rsbac_new_target_id, 05984 A_none, 05985 rsbac_attribute_value)) 05986 { 05987 rsbac_printk(KERN_WARNING 05988 "sys_rsbac_um_remove_group(): rsbac_adf_set_attr() returned error"); 05989 } 05990 } 05991 #endif 05992 return err; 05993 #else 05994 return (-RSBAC_EINVALIDMODULE); 05995 #endif 05996 }
int sys_rsbac_um_remove_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | uid | |||
) |
Definition at line 5864 of file syscalls.c.
References A_none, rsbac_target_id_t::dummy, rsbac_attribute_value_t::dummy, R_DELETE, rsbac_adf_request(), rsbac_adf_set_attr(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_remove_user(), T_NONE, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
05867 { 05868 #if defined(CONFIG_RSBAC_UM) 05869 int err; 05870 #ifndef CONFIG_RSBAC_MAINT 05871 union rsbac_target_id_t rsbac_target_id; 05872 union rsbac_target_id_t rsbac_new_target_id; 05873 union rsbac_attribute_value_t rsbac_attribute_value; 05874 #endif 05875 05876 #ifdef CONFIG_RSBAC_FREEZE_UM 05877 if(rsbac_freeze) 05878 { 05879 rsbac_printk(KERN_WARNING 05880 "sys_rsbac_um_remove_user(): RSBAC configuration frozen, no administration allowed!\n"); 05881 return -EPERM; 05882 } 05883 #endif 05884 05885 #ifndef CONFIG_RSBAC_MAINT 05886 #ifdef CONFIG_RSBAC_DEBUG 05887 if (rsbac_debug_aef) 05888 { 05889 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_user(): calling ADF\n"); 05890 } 05891 #endif 05892 rsbac_target_id.user = uid; 05893 rsbac_attribute_value.dummy = 0; 05894 if (!rsbac_adf_request(R_DELETE, 05895 current->pid, 05896 T_USER, 05897 rsbac_target_id, 05898 A_none, 05899 rsbac_attribute_value)) 05900 { 05901 return -EPERM; 05902 } 05903 #endif /* MAINT */ 05904 05905 err = rsbac_um_remove_user(ta_number, uid); 05906 05907 #ifndef CONFIG_RSBAC_MAINT 05908 if(!err) 05909 { 05910 rsbac_new_target_id.dummy = 0; 05911 if (rsbac_adf_set_attr(R_DELETE, 05912 current->pid, 05913 T_USER, 05914 rsbac_target_id, 05915 T_NONE, 05916 rsbac_new_target_id, 05917 A_none, 05918 rsbac_attribute_value)) 05919 { 05920 rsbac_printk(KERN_WARNING 05921 "sys_rsbac_um_remove_user(): rsbac_adf_set_attr() returned error"); 05922 } 05923 } 05924 #endif 05925 return err; 05926 #else 05927 return (-RSBAC_EINVALIDMODULE); 05928 #endif 05929 }
int sys_rsbac_um_set_group_pass | ( | rsbac_gid_t | gid, | |
char * | new_pass | |||
) |
Definition at line 6650 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, rsbac_target_id_t::group, NULL, R_MODIFY_PERMISSIONS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_set_group_pass(), and T_GROUP.
Referenced by sys_rsbac().
06652 { 06653 #if defined(CONFIG_RSBAC_UM) 06654 int err; 06655 char * k_new_pass; 06656 #ifndef CONFIG_RSBAC_MAINT 06657 union rsbac_target_id_t rsbac_target_id; 06658 union rsbac_attribute_value_t rsbac_attribute_value; 06659 #endif 06660 06661 #ifdef CONFIG_RSBAC_FREEZE_UM 06662 if(rsbac_freeze) 06663 { 06664 rsbac_printk(KERN_WARNING 06665 "sys_rsbac_um_set_group_pass(): RSBAC configuration frozen, no administration allowed!\n"); 06666 return -EPERM; 06667 } 06668 #endif 06669 06670 #ifndef CONFIG_RSBAC_MAINT 06671 /* check admin rights here */ 06672 #ifdef CONFIG_RSBAC_DEBUG 06673 if (rsbac_debug_aef) 06674 { 06675 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_group_pass(): calling ADF\n"); 06676 } 06677 #endif 06678 rsbac_target_id.group = gid; 06679 rsbac_attribute_value.dummy = 0; 06680 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA, 06681 current->pid, 06682 T_GROUP, 06683 rsbac_target_id, 06684 A_none, 06685 rsbac_attribute_value)) 06686 { 06687 return -EPERM; 06688 } 06689 #endif /* MAINT */ 06690 06691 if(new_pass) 06692 { 06693 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06694 if(!k_new_pass) 06695 return -RSBAC_ENOMEM; 06696 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN); 06697 if(!err) 06698 { 06699 k_new_pass[RSBAC_MAXNAMELEN-1] = 0; 06700 err = rsbac_um_set_group_pass(gid, k_new_pass); 06701 } 06702 rsbac_kfree(k_new_pass); 06703 } 06704 else 06705 { 06706 err = rsbac_um_set_group_pass(gid, NULL); 06707 } 06708 return err; 06709 #else 06710 return (-RSBAC_EINVALIDMODULE); 06711 #endif 06712 }
int sys_rsbac_um_set_pass | ( | rsbac_uid_t | uid, | |
char * | old_pass, | |||
char * | new_pass | |||
) |
Definition at line 6492 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_MODIFY_PERMISSIONS_DATA, rsbac_adf_request(), RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), RSBAC_MAXNAMELEN, rsbac_printk(), rsbac_um_check_pass(), rsbac_um_good_pass(), rsbac_um_set_pass(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac(), and sys_rsbac_um_set_pass_name().
06495 { 06496 #if defined(CONFIG_RSBAC_UM) 06497 int err; 06498 char * k_new_pass; 06499 06500 if(!new_pass) 06501 return -RSBAC_EINVALIDPOINTER; 06502 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06503 if(!k_new_pass) 06504 return -RSBAC_ENOMEM; 06505 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN); 06506 if(err) 06507 { 06508 rsbac_kfree(k_new_pass); 06509 return err; 06510 } 06511 k_new_pass[RSBAC_MAXNAMELEN-1] = 0; 06512 06513 if(old_pass && (uid == current->uid)) 06514 { 06515 char * k_old_pass; 06516 06517 k_old_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN); 06518 if(!k_old_pass) 06519 { 06520 rsbac_kfree(k_new_pass); 06521 return -RSBAC_ENOMEM; 06522 } 06523 err = rsbac_get_user(k_old_pass, old_pass, RSBAC_MAXNAMELEN); 06524 if(err) 06525 { 06526 rsbac_kfree(k_old_pass); 06527 rsbac_kfree(k_new_pass); 06528 return err; 06529 } 06530 k_old_pass[RSBAC_MAXNAMELEN-1] = 0; 06531 err = rsbac_um_check_pass(uid, k_old_pass); 06532 rsbac_kfree(k_old_pass); 06533 if(err) 06534 { 06535 rsbac_kfree(k_new_pass); 06536 rsbac_printk(KERN_INFO "sys_rsbac_um_set_pass(): old password check failed\n"); 06537 return err; 06538 } 06539 err = rsbac_um_good_pass(uid, k_new_pass); 06540 if(err) 06541 { 06542 rsbac_kfree(k_new_pass); 06543 #ifdef CONFIG_RSBAC_DEBUG 06544 if (rsbac_debug_aef_um) 06545 { 06546 rsbac_printk(KERN_DEBUG 06547 "sys_rsbac_um_set_pass(): new password goodness check failed for user %u\n", 06548 uid); 06549 } 06550 #endif 06551 return err; 06552 } 06553 } 06554 else 06555 { 06556 #ifndef CONFIG_RSBAC_MAINT 06557 /* check admin rights here */ 06558 union rsbac_target_id_t rsbac_target_id; 06559 union rsbac_attribute_value_t rsbac_attribute_value; 06560 06561 #ifdef CONFIG_RSBAC_FREEZE_UM 06562 if(rsbac_freeze) 06563 { 06564 rsbac_printk(KERN_WARNING 06565 "sys_rsbac_um_set_pass(): RSBAC configuration frozen, no administration allowed!\n"); 06566 rsbac_kfree(k_new_pass); 06567 return -EPERM; 06568 } 06569 #endif 06570 06571 #ifdef CONFIG_RSBAC_DEBUG 06572 if (rsbac_debug_aef) 06573 { 06574 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass(): calling ADF\n"); 06575 } 06576 #endif 06577 rsbac_target_id.user = uid; 06578 rsbac_attribute_value.dummy = 0; 06579 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA, 06580 current->pid, 06581 T_USER, 06582 rsbac_target_id, 06583 A_none, 06584 rsbac_attribute_value)) 06585 { 06586 rsbac_kfree(k_new_pass); 06587 return -EPERM; 06588 } 06589 #endif /* MAINT */ 06590 } 06591 06592 err = rsbac_um_set_pass(uid, k_new_pass); 06593 rsbac_kfree(k_new_pass); 06594 return err; 06595 #else 06596 return (-RSBAC_EINVALIDMODULE); 06597 #endif 06598 }
int sys_rsbac_um_set_pass_name | ( | char * | name, | |
char * | old_pass, | |||
char * | new_pass | |||
) |
Definition at line 6600 of file syscalls.c.
References RSBAC_EINVALIDMODULE, RSBAC_EINVALIDPOINTER, RSBAC_ENOMEM, rsbac_kfree(), rsbac_kmalloc(), rsbac_printk(), rsbac_um_get_uid(), RSBAC_UM_NAME_LEN, and sys_rsbac_um_set_pass().
Referenced by sys_rsbac().
06603 { 06604 #if defined(CONFIG_RSBAC_UM) 06605 int err; 06606 rsbac_uid_t uid; 06607 char * k_name; 06608 06609 if(!name || !new_pass) 06610 return -RSBAC_EINVALIDPOINTER; 06611 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN); 06612 if(!k_name) 06613 return -RSBAC_ENOMEM; 06614 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN); 06615 if(err) 06616 { 06617 rsbac_kfree(k_name); 06618 return err; 06619 } 06620 k_name[RSBAC_UM_NAME_LEN-1] = 0; 06621 06622 #ifdef CONFIG_RSBAC_DEBUG 06623 if (rsbac_debug_aef_um) 06624 { 06625 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): user %s\n", 06626 k_name); 06627 } 06628 #endif 06629 err = rsbac_um_get_uid(0, k_name, &uid); 06630 rsbac_kfree(k_name); 06631 if(err) 06632 { 06633 #ifdef CONFIG_RSBAC_DEBUG 06634 if (rsbac_debug_aef_um) 06635 { 06636 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): lookup of user %s failed\n", 06637 k_name); 06638 } 06639 #endif 06640 } 06641 else 06642 err = sys_rsbac_um_set_pass(uid, old_pass, new_pass); 06643 06644 return err; 06645 #else 06646 return (-RSBAC_EINVALIDMODULE); 06647 #endif 06648 }
int sys_rsbac_um_user_exists | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | uid | |||
) |
Definition at line 6044 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_SEARCH, rsbac_adf_request(), RSBAC_EINVALIDMODULE, rsbac_printk(), rsbac_um_user_exists(), T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac().
06047 { 06048 #if defined(CONFIG_RSBAC_UM) 06049 #ifndef CONFIG_RSBAC_MAINT 06050 union rsbac_target_id_t rsbac_target_id; 06051 union rsbac_attribute_value_t rsbac_attribute_value; 06052 #endif 06053 06054 #ifndef CONFIG_RSBAC_MAINT 06055 #ifdef CONFIG_RSBAC_DEBUG 06056 if (rsbac_debug_aef) 06057 { 06058 rsbac_printk(KERN_DEBUG "sys_rsbac_um_user_exists(): calling ADF\n"); 06059 } 06060 #endif 06061 rsbac_target_id.user = uid; 06062 rsbac_attribute_value.dummy = 0; 06063 if (!rsbac_adf_request(R_SEARCH, 06064 current->pid, 06065 T_USER, 06066 rsbac_target_id, 06067 A_none, 06068 rsbac_attribute_value)) 06069 { 06070 return -EPERM; 06071 } 06072 #endif /* MAINT */ 06073 06074 return rsbac_um_user_exists(ta_number, uid); 06075 #else 06076 return (-RSBAC_EINVALIDMODULE); 06077 #endif 06078 }
int sys_rsbac_write | ( | void | ) |
Definition at line 160 of file syscalls.c.
References A_none, rsbac_attribute_value_t::dummy, R_WRITE, rsbac_adf_request(), rsbac_printk(), rsbac_write(), rsbac_target_id_t::scd, ST_rsbac, T_SCD, and TRUE.
Referenced by sys_rsbac().
00161 { 00162 #if defined(CONFIG_RSBAC_AUTO_WRITE) 00163 union rsbac_target_id_t rsbac_target_id; 00164 union rsbac_attribute_value_t rsbac_attribute_value; 00165 int result; 00166 00167 #ifdef CONFIG_RSBAC_DEBUG 00168 if (rsbac_debug_aef) 00169 { 00170 rsbac_printk(KERN_DEBUG "sys_rsbac_write(): calling ADF\n"); 00171 } 00172 #endif 00173 rsbac_target_id.scd = ST_rsbac; 00174 rsbac_attribute_value.dummy = 0; 00175 if (!rsbac_adf_request(R_WRITE, 00176 current->pid, 00177 T_SCD, 00178 rsbac_target_id, 00179 A_none, 00180 rsbac_attribute_value)) 00181 { 00182 return -EPERM; 00183 } 00184 00185 /* lock_kernel(); -> rsbac_write(need_lock) */ 00186 result = rsbac_write(TRUE); 00187 /* unlock_kernel(); */ 00188 return result; 00189 #else 00190 return(0); 00191 #endif /* CONFIG_RSBAC_AUTO_WRITE */ 00192 };
long sys_sync | ( | void | ) |
Referenced by sys_rsbac_check().
struct semaphore rsbac_write_sem |
Referenced by rsbac_get_super_block(), rsbac_mount(), rsbac_umount(), sys_rsbac_check(), and write_info().