/linux-2.6.21.1-rsbac-1.3.4/include/rsbac/acl_types.h

Go to the documentation of this file.
00001 /************************************ */
00002 /* Rule Set Based Access Control      */
00003 /* Author and (c) 1999-2005:          */
00004 /*   Amon Ott <ao@rsbac.org>          */
00005 /* API: Data types for attributes     */
00006 /*      and standard module calls     */
00007 /* Last modified: 09/Feb/2005         */
00008 /************************************ */
00009 
00010 #ifndef __RSBAC_ACL_TYPES_H
00011 #define __RSBAC_ACL_TYPES_H
00012 
00013 #include <linux/types.h>
00014 
00015 #define RSBAC_ACL_TTL_KEEP RSBAC_LIST_TTL_KEEP
00016 
00017 #define RSBAC_ACL_MAX_MAXNUM 1000000
00018 
00019 enum rsbac_acl_subject_type_t {ACLS_USER, ACLS_ROLE, ACLS_GROUP, ACLS_NONE};
00020 
00021 typedef __u8 rsbac_acl_int_subject_type_t;
00022 typedef __u32 rsbac_acl_subject_id_t;
00023 
00024 #define RSBAC_ACL_GROUP_EVERYONE 0
00025 
00026 #define RSBAC_ACL_ROLE_EVERYROLE 64
00027 
00028 #define RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE 48
00029 #define RSBAC_ACL_SPECIAL_RIGHT_BASE 56
00030 
00031 enum rsbac_acl_special_rights_t
00032   { ACLR_FORWARD = RSBAC_ACL_SPECIAL_RIGHT_BASE,
00033     ACLR_ACCESS_CONTROL,
00034     ACLR_SUPERVISOR,
00035     ACLR_NONE};
00036 
00037 typedef __u64 rsbac_acl_rights_vector_t;
00038 
00039 #define RSBAC_ACL_RIGHTS_VECTOR(x) ((rsbac_acl_rights_vector_t) 1 << (x))
00040 
00041 #define RSBAC_ACL_SPECIAL_RIGHTS_VECTOR (\
00042   ((rsbac_acl_rights_vector_t) 1 << ACLR_FORWARD) | \
00043   ((rsbac_acl_rights_vector_t) 1 << ACLR_ACCESS_CONTROL) | \
00044   ((rsbac_acl_rights_vector_t) 1 << ACLR_SUPERVISOR) \
00045   )
00046 
00047 #define RSBAC_ACL_SUPERVISOR_RIGHT_VECTOR (\
00048   ((rsbac_acl_rights_vector_t) 1 << ACLR_SUPERVISOR) \
00049   )
00050 #define RSBAC_NWS_REQUEST_VECTOR RSBAC_ACL_SUPERVISOR_RIGHT_VECTOR
00051 
00052 #define RSBAC_ACL_ACCESS_CONTROL_RIGHT_VECTOR (\
00053   ((rsbac_acl_rights_vector_t) 1 << ACLR_ACCESS_CONTROL) \
00054   )
00055 #define RSBAC_NWA_REQUEST_VECTOR RSBAC_ACL_ACCESS_CONTROL_RIGHT_VECTOR
00056 
00057 #define RSBAC_ACL_ALL_RIGHTS_VECTOR (RSBAC_ALL_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00058 
00059 #define RSBAC_ACL_DEFAULT_FD_MASK (RSBAC_FD_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00060 #define RSBAC_ACL_DEFAULT_DEV_MASK (RSBAC_DEV_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00061 #define RSBAC_ACL_DEFAULT_SCD_MASK (RSBAC_SCD_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00062 #define RSBAC_ACL_DEFAULT_U_MASK (RSBAC_USER_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00063 #define RSBAC_ACL_DEFAULT_G_MASK (RSBAC_GROUP_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00064 #define RSBAC_ACL_DEFAULT_NETDEV_MASK (RSBAC_NETDEV_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00065 #define RSBAC_ACL_DEFAULT_NETTEMP_MASK (RSBAC_NETTEMP_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00066 #define RSBAC_ACL_DEFAULT_NETOBJ_MASK (RSBAC_NETOBJ_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00067 
00068 #define RSBAC_ACL_USER_RIGHTS_VECTOR (RSBAC_USER_REQUEST_VECTOR \
00069                                       | RSBAC_ACL_RIGHTS_VECTOR(R_DELETE))
00070 
00071 #define RSBAC_ACL_GROUP_RIGHTS_VECTOR RSBAC_GROUP_REQUEST_VECTOR
00072 
00073 #define RSBAC_ACL_GEN_RIGHTS_VECTOR 0
00074 
00075 #define RSBAC_ACL_ACMAN_RIGHTS_VECTOR (\
00076   ((rsbac_acl_rights_vector_t) 1 << ACLR_FORWARD) | \
00077   ((rsbac_acl_rights_vector_t) 1 << ACLR_ACCESS_CONTROL) | \
00078   ((rsbac_acl_rights_vector_t) 1 << ACLR_SUPERVISOR) \
00079   )
00080 
00081 #define RSBAC_ACL_SYSADM_RIGHTS_VECTOR 0
00082 
00083 /*
00084  * System Control Types, including general SCD types
00085  * (start at 32 to allow future SCD types, max is 63)
00086  * (should always be same as in RC model)
00087  */
00088 #define AST_min 32
00089 enum rsbac_acl_scd_type_t{AST_auth_administration = AST_min,
00090                           AST_none};
00091 
00092 /* note: the desc struct must be the same as the beginning of the entry struct! */
00093 struct rsbac_acl_entry_t
00094   {
00095     rsbac_acl_int_subject_type_t subj_type;  /* enum rsbac_acl_subject_type_t */
00096     rsbac_acl_subject_id_t       subj_id;
00097     rsbac_acl_rights_vector_t    rights;
00098   };
00099 
00100 struct rsbac_acl_entry_desc_t
00101   {
00102     rsbac_acl_int_subject_type_t subj_type;  /* enum rsbac_acl_subject_type_t */
00103     rsbac_acl_subject_id_t       subj_id;
00104   };
00105 
00106 enum rsbac_acl_group_type_t {ACLG_GLOBAL, ACLG_PRIVATE, ACLG_NONE};
00107 
00108 typedef __u32 rsbac_acl_group_id_t;
00109 
00110 #define RSBAC_ACL_GROUP_NAMELEN 16
00111 
00112 #define RSBAC_ACL_GROUP_VERSION 2
00113 
00114 struct rsbac_acl_group_entry_t
00115   {
00116          rsbac_acl_group_id_t   id;
00117          rsbac_uid_t            owner;
00118     enum rsbac_acl_group_type_t type;
00119          char                   name[RSBAC_ACL_GROUP_NAMELEN];
00120   };
00121 
00122 /**** syscalls ****/
00123 
00124 enum rsbac_acl_syscall_type_t
00125   {
00126     ACLC_set_acl_entry,
00127     ACLC_remove_acl_entry,
00128     ACLC_remove_acl,
00129     ACLC_add_to_acl_entry,
00130     ACLC_remove_from_acl_entry,
00131     ACLC_set_mask,
00132     ACLC_remove_user,
00133     ACLC_none
00134   };
00135 
00136 struct rsbac_acl_syscall_arg_t
00137   {
00138     enum   rsbac_target_t              target;
00139     union  rsbac_target_id_t           tid;
00140     enum   rsbac_acl_subject_type_t    subj_type;
00141            rsbac_acl_subject_id_t      subj_id;
00142            rsbac_acl_rights_vector_t   rights;
00143            rsbac_time_t                ttl;
00144   };
00145 
00146 struct rsbac_acl_syscall_n_arg_t
00147   {
00148     enum   rsbac_target_t              target;
00149            char                      * name;
00150     enum   rsbac_acl_subject_type_t    subj_type;
00151            rsbac_acl_subject_id_t      subj_id;
00152            rsbac_acl_rights_vector_t   rights;
00153            rsbac_time_t                ttl;
00154   };
00155 
00156 
00157 enum rsbac_acl_group_syscall_type_t
00158   {
00159     ACLGS_add_group,
00160     ACLGS_change_group,
00161     ACLGS_remove_group,
00162     ACLGS_get_group_entry,
00163     ACLGS_list_groups,
00164     ACLGS_add_member,
00165     ACLGS_remove_member,
00166     ACLGS_get_user_groups,
00167     ACLGS_get_group_members,
00168     ACLGS_none
00169   };
00170 
00171 struct rsbac_acl_add_group_arg_t
00172   {
00173     enum rsbac_acl_group_type_t type;
00174     char * name;
00175     rsbac_acl_group_id_t * group_id_p;
00176   };
00177 
00178 struct rsbac_acl_change_group_arg_t
00179   {
00180          rsbac_acl_group_id_t     id;
00181          rsbac_uid_t              owner;
00182     enum rsbac_acl_group_type_t   type;
00183          char                   * name;
00184   };
00185 
00186 struct rsbac_acl_remove_group_arg_t
00187   {
00188     rsbac_acl_group_id_t id;
00189   };
00190 
00191 struct rsbac_acl_get_group_entry_arg_t
00192   {
00193     rsbac_acl_group_id_t id;
00194     struct rsbac_acl_group_entry_t * entry_p;
00195   };
00196 
00197 struct rsbac_acl_list_groups_arg_t
00198   {
00199     rsbac_boolean_t        include_global;
00200     struct rsbac_acl_group_entry_t * group_entry_array;
00201     u_int                  maxnum;
00202   };
00203 
00204 struct rsbac_acl_add_member_arg_t
00205   {
00206     rsbac_acl_group_id_t group;
00207     rsbac_uid_t          user;
00208     rsbac_time_t ttl;
00209   };
00210 
00211 struct rsbac_acl_remove_member_arg_t
00212   {
00213     rsbac_acl_group_id_t group;
00214     rsbac_uid_t          user;
00215   };
00216 
00217 struct rsbac_acl_get_user_groups_arg_t
00218   {
00219     rsbac_uid_t            user;
00220     rsbac_acl_group_id_t * group_array;
00221     rsbac_time_t         * ttl_array;
00222     u_int                  maxnum;
00223   };
00224 
00225 struct rsbac_acl_get_group_members_arg_t
00226   {
00227     rsbac_acl_group_id_t   group;
00228     rsbac_uid_t          * user_array;
00229     rsbac_time_t         * ttl_array;
00230     u_int                  maxnum;
00231   };
00232 
00233 union rsbac_acl_group_syscall_arg_t
00234   {
00235     struct rsbac_acl_add_group_arg_t         add_group;
00236     struct rsbac_acl_change_group_arg_t      change_group;
00237     struct rsbac_acl_remove_group_arg_t      remove_group;
00238     struct rsbac_acl_get_group_entry_arg_t   get_group_entry;
00239     struct rsbac_acl_list_groups_arg_t       list_groups;
00240     struct rsbac_acl_add_member_arg_t        add_member;
00241     struct rsbac_acl_remove_member_arg_t     remove_member;
00242     struct rsbac_acl_get_user_groups_arg_t   get_user_groups;
00243     struct rsbac_acl_get_group_members_arg_t get_group_members;
00244   };
00245 
00246 #endif

Generated on Wed May 16 11:53:27 2007 for RSBAC by  doxygen 1.5.1