#include <linux/unistd.h>
#include <rsbac/types.h>
#include <rsbac/getname.h>
#include <rsbac/helpers.h>
#include <rsbac/error.h>
Go to the source code of this file.
enum rsbac_syscall_t |
Definition at line 19 of file syscalls.h.
00020 { 00021 RSYS_version, 00022 RSYS_stats, 00023 RSYS_check, 00024 RSYS_get_attr, 00025 RSYS_get_attr_n, 00026 RSYS_set_attr, 00027 RSYS_set_attr_n, 00028 RSYS_remove_target, 00029 RSYS_remove_target_n, 00030 RSYS_net_list_all_netdev, 00031 RSYS_net_template, 00032 RSYS_net_list_all_template, 00033 RSYS_switch, 00034 RSYS_get_switch, 00035 RSYS_adf_log_switch, 00036 RSYS_get_adf_log, 00037 RSYS_write, 00038 RSYS_log, 00039 RSYS_mac_set_curr_level, 00040 RSYS_mac_get_curr_level, 00041 RSYS_mac_get_max_level, 00042 RSYS_mac_get_min_level, 00043 RSYS_mac_add_p_tru, 00044 RSYS_mac_remove_p_tru, 00045 RSYS_mac_add_f_tru, 00046 RSYS_mac_remove_f_tru, 00047 RSYS_mac_get_f_trulist, 00048 RSYS_mac_get_p_trulist, 00049 RSYS_stats_pm, 00050 RSYS_pm, 00051 RSYS_pm_change_current_task, 00052 RSYS_pm_create_file, 00053 RSYS_daz_flush_cache, 00054 RSYS_rc_copy_role, 00055 RSYS_rc_copy_type, 00056 RSYS_rc_get_item, 00057 RSYS_rc_set_item, 00058 RSYS_rc_change_role, 00059 RSYS_rc_get_eff_rights_n, 00060 RSYS_rc_get_list, 00061 RSYS_auth_add_p_cap, 00062 RSYS_auth_remove_p_cap, 00063 RSYS_auth_add_f_cap, 00064 RSYS_auth_remove_f_cap, 00065 RSYS_auth_get_f_caplist, 00066 RSYS_auth_get_p_caplist, 00067 RSYS_acl, 00068 RSYS_acl_n, 00069 RSYS_acl_get_rights, 00070 RSYS_acl_get_rights_n, 00071 RSYS_acl_get_tlist, 00072 RSYS_acl_get_tlist_n, 00073 RSYS_acl_get_mask, 00074 RSYS_acl_get_mask_n, 00075 RSYS_acl_group, 00076 RSYS_reg, 00077 RSYS_jail, 00078 RSYS_init, 00079 RSYS_rc_get_current_role, 00080 RSYS_um_auth_name, 00081 RSYS_um_auth_uid, 00082 RSYS_um_add_user, 00083 RSYS_um_add_group, 00084 RSYS_um_add_gm, 00085 RSYS_um_mod_user, 00086 RSYS_um_mod_group, 00087 RSYS_um_get_user_item, 00088 RSYS_um_get_group_item, 00089 RSYS_um_remove_user, 00090 RSYS_um_remove_group, 00091 RSYS_um_remove_gm, 00092 RSYS_um_user_exists, 00093 RSYS_um_group_exists, 00094 RSYS_um_get_next_user, 00095 RSYS_um_get_user_list, 00096 RSYS_um_get_gm_list, 00097 RSYS_um_get_gm_user_list, 00098 RSYS_um_get_group_list, 00099 RSYS_um_get_uid, 00100 RSYS_um_get_gid, 00101 RSYS_um_set_pass, 00102 RSYS_um_set_pass_name, 00103 RSYS_um_set_group_pass, 00104 RSYS_um_check_account, 00105 RSYS_um_check_account_name, 00106 RSYS_list_ta_begin, 00107 RSYS_list_ta_refresh, 00108 RSYS_list_ta_commit, 00109 RSYS_list_ta_forget, 00110 RSYS_list_all_dev, 00111 RSYS_acl_list_all_dev, 00112 RSYS_list_all_user, 00113 RSYS_acl_list_all_user, 00114 RSYS_list_all_group, 00115 RSYS_acl_list_all_group, 00116 RSYS_list_all_ipc, 00117 RSYS_rc_select_fd_create_type, 00118 RSYS_none 00119 };
int rsbac_acl | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_acl_syscall_type_t | call, | |||
struct rsbac_acl_syscall_arg_t * | arg | |||
) |
int rsbac_acl_get_mask | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid, | |||
rsbac_acl_rights_vector_t * | mask_p | |||
) |
int rsbac_acl_get_mask_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
char * | t_name, | |||
rsbac_acl_rights_vector_t * | mask_p | |||
) |
int rsbac_acl_get_rights | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_acl_syscall_arg_t * | arg, | |||
rsbac_acl_rights_vector_t * | rights_p, | |||
u_int | effective | |||
) |
int rsbac_acl_get_rights_n | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_acl_syscall_n_arg_t * | arg, | |||
rsbac_acl_rights_vector_t * | rights_p, | |||
u_int | effective | |||
) |
int rsbac_acl_get_tlist | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid, | |||
struct rsbac_acl_entry_t | entry_array[], | |||
rsbac_time_t | ttl_array[], | |||
u_int | maxnum | |||
) |
int rsbac_acl_get_tlist_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
char * | t_name, | |||
struct rsbac_acl_entry_t | entry_array[], | |||
rsbac_time_t | ttl_array[], | |||
u_int | maxnum | |||
) |
int rsbac_acl_group | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_acl_group_syscall_type_t | call, | |||
union rsbac_acl_group_syscall_arg_t * | arg_p | |||
) |
int rsbac_acl_list_all_dev | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_dev_desc_t * | id_p, | |||
u_long | maxnum | |||
) |
int rsbac_acl_list_all_group | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t * | id_p, | |||
u_long | maxnum | |||
) |
int rsbac_acl_list_all_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t * | id_p, | |||
u_long | maxnum | |||
) |
int rsbac_acl_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_acl_syscall_type_t | call, | |||
struct rsbac_acl_syscall_n_arg_t * | arg | |||
) |
int rsbac_adf_log_switch | ( | enum rsbac_adf_request_t | request, | |
enum rsbac_target_t | target, | |||
u_int | value | |||
) |
int rsbac_auth_add_f_cap | ( | rsbac_list_ta_number_t | ta_number, | |
char * | filename, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range, | |||
rsbac_time_t | ttl | |||
) |
int rsbac_auth_add_p_cap | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 35 of file auth_syscalls.c.
References A_auth_may_set_cap, rsbac_attribute_value_t::auth_may_set_cap, FALSE, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_target_id_t::process, rsbac_auth_add_to_p_capset(), RSBAC_EREADFAILED, rsbac_get_attr, rsbac_pr_get_error, rsbac_printk(), SW_AUTH, and T_PROCESS.
Referenced by sys_rsbac_auth_add_p_cap().
00041 { 00042 /* check only in non-maint mode */ 00043 #if !defined(CONFIG_RSBAC_MAINT) 00044 #ifdef CONFIG_RSBAC_SWITCH_AUTH 00045 if(rsbac_switch_auth) 00046 #endif 00047 { 00048 union rsbac_target_id_t i_tid; 00049 union rsbac_attribute_value_t i_attr_val1; 00050 00051 /* check auth_may_set_cap of calling process */ 00052 i_tid.process = current->pid; 00053 if (rsbac_get_attr(SW_AUTH, 00054 T_PROCESS, 00055 i_tid, 00056 A_auth_may_set_cap, 00057 &i_attr_val1, 00058 FALSE)) 00059 { 00060 rsbac_pr_get_error(A_auth_may_set_cap); 00061 return -RSBAC_EREADFAILED; 00062 } 00063 /* if auth_may_set_cap is not set, then reject */ 00064 if (!i_attr_val1.auth_may_set_cap) 00065 { 00066 rsbac_printk(KERN_INFO 00067 "rsbac_auth_add_p_cap(): adding AUTH cap %u:%u to process %u denied for process %u!\n", 00068 cap_range.first, 00069 cap_range.last, 00070 pid, 00071 current->pid); 00072 #ifdef CONFIG_RSBAC_SOFTMODE 00073 if( !rsbac_softmode 00074 #ifdef CONFIG_RSBAC_SOFTMODE_IND 00075 && !rsbac_ind_softmode[SW_AUTH] 00076 #endif 00077 ) 00078 #endif 00079 return(-EPERM); 00080 } 00081 } 00082 #endif 00083 00084 /* OK, check passed. Add the capability. */ 00085 return rsbac_auth_add_to_p_capset(ta_number, pid, cap_type, cap_range, ttl); 00086 }
int rsbac_auth_get_f_caplist | ( | rsbac_list_ta_number_t | ta_number, | |
char * | filename, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | caplist[], | |||
rsbac_time_t | ttllist[], | |||
u_int | maxnum | |||
) |
int rsbac_auth_get_p_caplist | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | caplist[], | |||
rsbac_time_t | ttllist[], | |||
u_int | maxnum | |||
) |
int rsbac_auth_remove_f_cap | ( | rsbac_list_ta_number_t | ta_number, | |
char * | filename, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range | |||
) |
int rsbac_auth_remove_p_cap | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
enum rsbac_auth_cap_type_t | cap_type, | |||
struct rsbac_auth_cap_range_t | cap_range | |||
) |
Definition at line 88 of file auth_syscalls.c.
References A_auth_may_set_cap, rsbac_attribute_value_t::auth_may_set_cap, FALSE, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_target_id_t::process, rsbac_auth_remove_from_p_capset(), RSBAC_EREADFAILED, rsbac_get_attr, rsbac_pr_get_error, rsbac_printk(), SW_AUTH, and T_PROCESS.
Referenced by sys_rsbac_auth_remove_p_cap().
00093 { 00094 /* check only in non-maint mode */ 00095 #if !defined(CONFIG_RSBAC_MAINT) 00096 #ifdef CONFIG_RSBAC_SWITCH_AUTH 00097 if(rsbac_switch_auth) 00098 #endif 00099 { 00100 union rsbac_target_id_t i_tid; 00101 union rsbac_attribute_value_t i_attr_val1; 00102 00103 /* check auth_may_set_cap of calling process */ 00104 i_tid.process = current->pid; 00105 if (rsbac_get_attr(SW_AUTH, 00106 T_PROCESS, 00107 i_tid, 00108 A_auth_may_set_cap, 00109 &i_attr_val1, 00110 FALSE)) 00111 { 00112 rsbac_pr_get_error(A_auth_may_set_cap); 00113 return -RSBAC_EREADFAILED; 00114 } 00115 /* if auth_may_set_cap is not set, then reject */ 00116 if (!i_attr_val1.auth_may_set_cap) 00117 { 00118 rsbac_printk(KERN_INFO 00119 "rsbac_auth_remove_p_cap(): removing AUTH cap %u:%u from process %u denied for process %u!\n", 00120 cap_range.first, 00121 cap_range.last, 00122 pid, 00123 current->pid); 00124 #ifdef CONFIG_RSBAC_SOFTMODE 00125 if( !rsbac_softmode 00126 #ifdef CONFIG_RSBAC_SOFTMODE_IND 00127 && !rsbac_ind_softmode[SW_AUTH] 00128 #endif 00129 ) 00130 #endif 00131 return(-EPERM); 00132 } 00133 } 00134 #endif 00135 00136 /* OK, check passed. Try to remove the capability. */ 00137 return rsbac_auth_remove_from_p_capset(ta_number, pid, cap_type, cap_range); 00138 }
int rsbac_check | ( | int | correct, | |
int | check_inode | |||
) |
int rsbac_daz_flush_cache | ( | void | ) |
int rsbac_get_adf_log | ( | enum rsbac_adf_request_t | request, | |
enum rsbac_target_t | target, | |||
u_int * | value_p | |||
) |
int rsbac_get_attr | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value, | |||
int | inherit | |||
) |
int rsbac_get_attr_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
char * | t_name, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value, | |||
int | inherit | |||
) |
int rsbac_get_switch | ( | enum rsbac_switch_target_t | module, | |
int * | value_p, | |||
int * | switchable_p | |||
) |
int rsbac_init | ( | char * | root_dev | ) |
int rsbac_jail | ( | rsbac_version_t | version, | |
char * | path, | |||
rsbac_jail_ip_t | ip, | |||
rsbac_jail_flags_t | flags, | |||
rsbac_cap_vector_t | max_caps, | |||
rsbac_jail_scd_vector_t | scd_get, | |||
rsbac_jail_scd_vector_t | scd_modify | |||
) |
int rsbac_list_all_dev | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_dev_desc_t * | id_p, | |||
u_long | maxnum | |||
) |
int rsbac_list_all_group | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t * | id_p, | |||
u_long | maxnum | |||
) |
int rsbac_list_all_ipc | ( | rsbac_list_ta_number_t | ta_number, | |
struct rsbac_ipc_t * | id_p, | |||
u_long | maxnum | |||
) |
int rsbac_list_all_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t * | id_p, | |||
u_long | maxnum | |||
) |
int rsbac_list_ta_begin | ( | rsbac_time_t | ttl, | |
rsbac_list_ta_number_t * | ta_number_p, | |||
rsbac_uid_t | commit_uid, | |||
char * | password | |||
) |
int rsbac_list_ta_commit | ( | rsbac_list_ta_number_t | ta_number, | |
char * | password | |||
) |
int rsbac_list_ta_forget | ( | rsbac_list_ta_number_t | ta_number, | |
char * | password | |||
) |
int rsbac_list_ta_refresh | ( | rsbac_time_t | ttl, | |
rsbac_list_ta_number_t | ta_number, | |||
char * | password | |||
) |
int rsbac_log | ( | int | type, | |
char * | buf, | |||
int | len | |||
) |
Referenced by sys_rsbac_log().
int rsbac_mac_add_f_tru | ( | rsbac_list_ta_number_t | ta_number, | |
char * | filename, | |||
rsbac_uid_t | uid, | |||
rsbac_time_t | ttl | |||
) |
int rsbac_mac_add_p_tru | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
rsbac_uid_t | uid, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 558 of file mac_syscalls.c.
References mac_sys_check_role(), RSBAC_EWRITEFAILED, rsbac_mac_add_to_p_truset(), rsbac_printk(), SR_security_officer, and SW_MAC.
Referenced by sys_rsbac_mac_add_p_tru().
00563 { 00564 /* check only in non-maint mode */ 00565 #if !defined(CONFIG_RSBAC_MAINT) 00566 #ifdef CONFIG_RSBAC_SWITCH_MAC 00567 if(rsbac_switch_mac) 00568 #endif 00569 { 00570 if(mac_sys_check_role(SR_security_officer)) 00571 { 00572 rsbac_printk(KERN_INFO 00573 "rsbac_mac_add_p_tru(): adding MAC trusted user %u to process %u denied for process %u!\n", 00574 uid, 00575 pid, 00576 current->pid); 00577 #ifdef CONFIG_RSBAC_SOFTMODE 00578 if( !rsbac_softmode 00579 #ifdef CONFIG_RSBAC_SOFTMODE_IND 00580 && !rsbac_ind_softmode[SW_MAC] 00581 #endif 00582 ) 00583 #endif 00584 return(-EPERM); 00585 } 00586 } 00587 #endif 00588 00589 /* OK, check passed. Add the truability. */ 00590 if(rsbac_mac_add_to_p_truset(ta_number, pid, uid, ttl)) 00591 { 00592 rsbac_printk(KERN_WARNING 00593 "rsbac_mac_add_p_tru(): rsbac_mac_add_to_p_truset() returned error!\n"); 00594 return(-RSBAC_EWRITEFAILED); 00595 } 00596 return 0; 00597 }
int rsbac_mac_get_curr_level | ( | rsbac_security_level_t * | level_p, | |
rsbac_mac_category_vector_t * | categories_p | |||
) |
Definition at line 443 of file mac_syscalls.c.
References A_current_sec_level, A_mac_curr_categories, A_none, rsbac_attribute_value_t::current_sec_level, FALSE, rsbac_attribute_value_t::mac_categories, rsbac_target_id_t::process, RSBAC_EREADFAILED, rsbac_get_attr, SW_MAC, and T_PROCESS.
Referenced by sys_rsbac_mac_get_curr_level().
00445 { 00446 union rsbac_target_id_t tid; 00447 union rsbac_attribute_value_t attr_val; 00448 00449 tid.process = current->pid; 00450 if(level_p) 00451 { 00452 if (rsbac_get_attr(SW_MAC, 00453 T_PROCESS, 00454 tid, 00455 A_current_sec_level, 00456 &attr_val, 00457 FALSE)) 00458 { /* failed! */ 00459 rsbac_ds_get_error("rsbac_mac_get_curr_level", A_none); 00460 return(-RSBAC_EREADFAILED); 00461 } 00462 *level_p = attr_val.current_sec_level; 00463 } 00464 if(categories_p) 00465 { 00466 if (rsbac_get_attr(SW_MAC, 00467 T_PROCESS, 00468 tid, 00469 A_mac_curr_categories, 00470 &attr_val, 00471 FALSE)) 00472 { /* failed! */ 00473 rsbac_ds_get_error("rsbac_mac_get_curr_level", A_none); 00474 return(-RSBAC_EREADFAILED); 00475 } 00476 *categories_p = attr_val.mac_categories; 00477 } 00478 return 0; 00479 }
int rsbac_mac_get_f_trulist | ( | rsbac_list_ta_number_t | ta_number, | |
char * | filename, | |||
rsbac_uid_t | trulist[], | |||
rsbac_time_t | ttllist[], | |||
u_int | maxnum | |||
) |
int rsbac_mac_get_max_level | ( | rsbac_security_level_t * | level_p, | |
rsbac_mac_category_vector_t * | categories_p | |||
) |
Definition at line 481 of file mac_syscalls.c.
References A_mac_categories, A_none, A_security_level, FALSE, rsbac_attribute_value_t::mac_categories, rsbac_target_id_t::process, RSBAC_EREADFAILED, rsbac_get_attr, rsbac_attribute_value_t::security_level, SW_MAC, and T_PROCESS.
Referenced by sys_rsbac_mac_get_max_level().
00483 { 00484 union rsbac_target_id_t tid; 00485 union rsbac_attribute_value_t attr_val; 00486 00487 tid.process = current->pid; 00488 if(level_p) 00489 { 00490 if (rsbac_get_attr(SW_MAC, 00491 T_PROCESS, 00492 tid, 00493 A_security_level, 00494 &attr_val, 00495 FALSE)) 00496 { /* failed! */ 00497 rsbac_ds_get_error("rsbac_mac_get_max_level", A_none); 00498 return(-RSBAC_EREADFAILED); 00499 } 00500 *level_p = attr_val.security_level; 00501 } 00502 if(categories_p) 00503 { 00504 if (rsbac_get_attr(SW_MAC, 00505 T_PROCESS, 00506 tid, 00507 A_mac_categories, 00508 &attr_val, 00509 FALSE)) 00510 { /* failed! */ 00511 rsbac_ds_get_error("rsbac_mac_get_max_level", A_none); 00512 return(-RSBAC_EREADFAILED); 00513 } 00514 *categories_p = attr_val.mac_categories; 00515 } 00516 return 0; 00517 }
int rsbac_mac_get_min_level | ( | rsbac_security_level_t * | level_p, | |
rsbac_mac_category_vector_t * | categories_p | |||
) |
Definition at line 520 of file mac_syscalls.c.
References A_mac_min_categories, A_min_security_level, A_none, FALSE, rsbac_attribute_value_t::mac_categories, rsbac_target_id_t::process, RSBAC_EREADFAILED, rsbac_get_attr, rsbac_attribute_value_t::security_level, SW_MAC, and T_PROCESS.
Referenced by sys_rsbac_mac_get_min_level().
00522 { 00523 union rsbac_target_id_t tid; 00524 union rsbac_attribute_value_t attr_val; 00525 00526 tid.process = current->pid; 00527 if(level_p) 00528 { 00529 if (rsbac_get_attr(SW_MAC, 00530 T_PROCESS, 00531 tid, 00532 A_min_security_level, 00533 &attr_val, 00534 FALSE)) 00535 { /* failed! */ 00536 rsbac_ds_get_error("rsbac_mac_get_min_level", A_none); 00537 return(-RSBAC_EREADFAILED); 00538 } 00539 *level_p = attr_val.security_level; 00540 } 00541 if(categories_p) 00542 { 00543 if (rsbac_get_attr(SW_MAC, 00544 T_PROCESS, 00545 tid, 00546 A_mac_min_categories, 00547 &attr_val, 00548 FALSE)) 00549 { /* failed! */ 00550 rsbac_ds_get_error("rsbac_mac_get_min_level", A_none); 00551 return(-RSBAC_EREADFAILED); 00552 } 00553 *categories_p = attr_val.mac_categories; 00554 } 00555 return 0; 00556 }
int rsbac_mac_get_p_trulist | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
rsbac_uid_t | trulist[], | |||
rsbac_time_t | ttllist[], | |||
u_int | maxnum | |||
) |
int rsbac_mac_remove_f_tru | ( | rsbac_list_ta_number_t | ta_number, | |
char * | filename, | |||
rsbac_uid_t | uid | |||
) |
int rsbac_mac_remove_p_tru | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_pid_t | pid, | |||
rsbac_uid_t | uid | |||
) |
Definition at line 599 of file mac_syscalls.c.
References mac_sys_check_role(), rsbac_mac_remove_from_p_truset(), rsbac_printk(), SR_security_officer, and SW_MAC.
Referenced by sys_rsbac_mac_remove_p_tru().
00603 { 00604 /* check only in non-maint mode */ 00605 #if !defined(CONFIG_RSBAC_MAINT) 00606 #ifdef CONFIG_RSBAC_SWITCH_MAC 00607 if(rsbac_switch_mac) 00608 #endif 00609 { 00610 if(mac_sys_check_role(SR_security_officer)) 00611 { 00612 rsbac_printk(KERN_INFO 00613 "rsbac_mac_remove_p_tru(): removing MAC trusted user %u from process %u denied for process %u!\n", 00614 uid, 00615 pid, 00616 current->pid); 00617 #ifdef CONFIG_RSBAC_SOFTMODE 00618 if( !rsbac_softmode 00619 #ifdef CONFIG_RSBAC_SOFTMODE_IND 00620 && !rsbac_ind_softmode[SW_MAC] 00621 #endif 00622 ) 00623 #endif 00624 return(-EPERM); 00625 } 00626 } 00627 #endif 00628 /* OK, check passed. Try to remove the trusted user */ 00629 return(rsbac_mac_remove_from_p_truset(ta_number, pid, uid)); 00630 }
int rsbac_mac_set_curr_level | ( | rsbac_security_level_t | level, | |
rsbac_mac_category_vector_t * | categories_p | |||
) |
int rsbac_net_list_all_netdev | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_netdev_id_t * | id_p, | |||
u_long | maxnum | |||
) |
int rsbac_net_list_all_template | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_net_temp_id_t * | id_p, | |||
u_long | maxnum | |||
) |
int rsbac_net_template | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_net_temp_syscall_t | call, | |||
rsbac_net_temp_id_t | id, | |||
union rsbac_net_temp_syscall_data_t * | data_p | |||
) |
int rsbac_pm | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_pm_function_type_t | function, | |||
union rsbac_pm_function_param_t * | param_p, | |||
rsbac_pm_tkt_id_t | ticket | |||
) |
int rsbac_pm_change_current_task | ( | rsbac_pm_task_id_t | task | ) |
Definition at line 2993 of file pm_syscalls.c.
References A_pm_current_task, A_pm_task_set, A_pm_tp, FALSE, rsbac_attribute_value_t::owner, rsbac_attribute_value_t::pm_current_task, rsbac_attribute_value_t::pm_task_set, rsbac_attribute_value_t::pm_tp, rsbac_target_id_t::process, RSBAC_EINVALIDVALUE, RSBAC_ENOTINITIALIZED, RSBAC_EPERM, RSBAC_EREADFAILED, RSBAC_EWRITEFAILED, rsbac_get_attr, rsbac_is_initialized(), rsbac_pm_set_member(), rsbac_printk(), rsbac_set_attr, SW_PM, T_PROCESS, T_USER, and rsbac_target_id_t::user.
Referenced by sys_rsbac_pm_change_current_task().
02994 { 02995 union rsbac_target_id_t tid; 02996 union rsbac_attribute_value_t attr_val; 02997 int error = 0; 02998 rsbac_uid_t owner; 02999 union rsbac_pm_set_id_t pm_set_id; 03000 union rsbac_pm_set_member_t pm_set_member; 03001 03002 /* No processing possible before init (called at boot time) */ 03003 if (!rsbac_is_initialized()) 03004 return(-RSBAC_ENOTINITIALIZED); 03005 03006 if(!task) 03007 return(-RSBAC_EINVALIDVALUE); 03008 #ifdef CONFIG_RSBAC_DEBUG 03009 if (rsbac_debug_aef_pm) 03010 rsbac_printk(KERN_DEBUG 03011 "rsbac_pm_change_current_task(): called for task %i!\n", 03012 task); 03013 #endif 03014 /* getting current_tp of calling process from rsbac system */ 03015 tid.process = current->pid; 03016 if((error = rsbac_get_attr(SW_PM,T_PROCESS, 03017 tid, 03018 A_pm_tp, 03019 &attr_val, 03020 FALSE))) 03021 { 03022 rsbac_printk(KERN_WARNING 03023 "rsbac_pm_change_current_task(): rsbac_get_attr() for pm_tp returned error %i", 03024 error); 03025 return(-RSBAC_EREADFAILED); /* something weird happened */ 03026 } 03027 /* changing current_task for a tp is forbidden -> error */ 03028 if(attr_val.pm_tp) 03029 { 03030 #ifdef CONFIG_RSBAC_DEBUG 03031 if(rsbac_debug_adf_pm) 03032 rsbac_printk(KERN_DEBUG 03033 "rsbac_pm_change_current_task(): tried to change current_task for tp-process\n"); 03034 #endif 03035 return(-RSBAC_EPERM); 03036 } 03037 03038 /* Getting basic information about caller */ 03039 /* only useful for real process, not idle or init */ 03040 if (current->pid > 1) 03041 owner = current->uid; 03042 else /* caller_pid <= 1 -> kernel or init are always owned by root */ 03043 owner = 0; 03044 03045 /* getting owner's task_set_id (authorized tasks) from rsbac system */ 03046 tid.user = owner; 03047 if((error = rsbac_get_attr(SW_PM,T_USER, 03048 tid, 03049 A_pm_task_set, 03050 &attr_val, 03051 FALSE))) 03052 { 03053 rsbac_printk(KERN_WARNING 03054 "rsbac_pm_change_current_task(): rsbac_get_attr() for pm_task_set returned error %i", 03055 error); 03056 return(-RSBAC_EREADFAILED); /* something weird happened */ 03057 } 03058 03059 /* if there is no set of authorized tasks for owner: deny */ 03060 if(!attr_val.pm_task_set) 03061 { 03062 #ifdef CONFIG_RSBAC_DEBUG 03063 if(rsbac_debug_adf_pm) 03064 rsbac_printk(KERN_DEBUG 03065 "rsbac_pm_change_current_task(): process owner has no authorized task\n"); 03066 #endif 03067 return(-RSBAC_EPERM); 03068 } 03069 03070 /* check, whether owner is authorized for this task */ 03071 pm_set_id.task_set = attr_val.pm_task_set; 03072 pm_set_member.task = task; 03073 if(!rsbac_pm_set_member(0,PS_TASK,pm_set_id,pm_set_member)) 03074 { 03075 #ifdef CONFIG_RSBAC_DEBUG 03076 if(rsbac_debug_adf_pm) 03077 rsbac_printk(KERN_DEBUG 03078 "rsbac_pm_change_current_task(): process owner is not authorized for task\n"); 03079 #endif 03080 return(-RSBAC_EPERM); 03081 } 03082 03083 /* OK, checks are passed. Change current_task for process. */ 03084 tid.process = current->pid; 03085 attr_val.pm_current_task = task; 03086 if((error = rsbac_set_attr(SW_PM,T_PROCESS, 03087 tid, 03088 A_pm_current_task, 03089 attr_val))) 03090 { 03091 rsbac_printk(KERN_WARNING 03092 "rsbac_pm_change_current_task(): rsbac_set_attr() for pm_current_task returned error %i", 03093 error); 03094 return(-RSBAC_EWRITEFAILED); /* something weird happened */ 03095 } 03096 return(0); 03097 }
int rsbac_pm_create_file | ( | const char * | filename, | |
int | mode, | |||
rsbac_pm_object_class_id_t | object_class | |||
) |
Definition at line 3099 of file pm_syscalls.c.
References A_pm_current_task, A_pm_object_class, A_pm_tp, FALSE, rsbac_attribute_value_t::pm_current_task, rsbac_attribute_value_t::pm_object_class, rsbac_attribute_value_t::pm_tp, rsbac_target_id_t::process, RSBAC_EINVALIDTARGET, RSBAC_EINVALIDVALUE, RSBAC_ENOTFOUND, RSBAC_EPERM, RSBAC_EREADFAILED, rsbac_get_attr, RSBAC_PM_A_CREATE, RSBAC_PM_DEV_OBJECT_CLASS_ID, rsbac_pm_exists(), rsbac_pm_get_data(), RSBAC_PM_IPC_OBJECT_CLASS_ID, rsbac_pm_set_member(), rsbac_printk(), rsbac_set_attr, SW_PM, T_FILE, and T_PROCESS.
Referenced by sys_rsbac_pm_create_file().
03102 { 03103 union rsbac_target_id_t tid; 03104 union rsbac_attribute_value_t attr_val; 03105 union rsbac_attribute_value_t attr_val2; 03106 union rsbac_pm_target_id_t pm_tid; 03107 union rsbac_pm_data_value_t data_val; 03108 union rsbac_pm_data_value_t data_val2; 03109 int error = 0; 03110 union rsbac_pm_set_id_t pm_set_id; 03111 union rsbac_pm_set_member_t pm_set_member; 03112 03113 #ifdef CONFIG_RSBAC_DEBUG 03114 if (rsbac_debug_aef_pm) 03115 rsbac_printk(KERN_DEBUG 03116 "sys_rsbac_pm_create_file(): called with class %i, mode %o!\n", 03117 object_class, mode); 03118 #endif 03119 /* do not allow IPC or DEV class */ 03120 if( (object_class == RSBAC_PM_IPC_OBJECT_CLASS_ID) 03121 || (object_class == RSBAC_PM_DEV_OBJECT_CLASS_ID)) 03122 { 03123 #ifdef CONFIG_RSBAC_DEBUG 03124 if(rsbac_debug_adf_pm) 03125 rsbac_printk(KERN_DEBUG 03126 "rsbac_pm_create_file(): Class-ID is IPC or DEV\n"); 03127 #endif 03128 return(-RSBAC_EINVALIDVALUE); 03129 } 03130 03131 /* is mode for regular file? */ 03132 if(mode & ~S_IRWXUGO) 03133 { 03134 #ifdef CONFIG_RSBAC_DEBUG 03135 if(rsbac_debug_adf_pm) 03136 rsbac_printk(KERN_DEBUG 03137 "rsbac_pm_create_file(): illegal creation mode\n"); 03138 #endif 03139 return(-RSBAC_EINVALIDVALUE); 03140 } 03141 03142 /* does class exist (NIL always exists)? */ 03143 if(object_class) 03144 { 03145 pm_tid.object_class = object_class; 03146 if(!rsbac_pm_exists(0, 03147 PMT_CLASS, 03148 pm_tid)) 03149 { 03150 #ifdef CONFIG_RSBAC_DEBUG 03151 if(rsbac_debug_adf_pm) 03152 rsbac_printk(KERN_DEBUG 03153 "rsbac_pm_create_file(): non-existent class\n"); 03154 #endif 03155 return(-RSBAC_EINVALIDVALUE); 03156 } 03157 } 03158 03159 /* getting current_task of calling process from rsbac system */ 03160 tid.process = current->pid; 03161 if((error = rsbac_get_attr(SW_PM,T_PROCESS, 03162 tid, 03163 A_pm_current_task, 03164 &attr_val, 03165 FALSE))) 03166 { 03167 rsbac_printk(KERN_WARNING 03168 "rsbac_pm_create_file(): rsbac_get_attr() for pm_current_task returned error %i", 03169 error); 03170 return(-RSBAC_EREADFAILED); /* something weird happened */ 03171 } 03172 03173 /* getting current_tp of calling process from rsbac system */ 03174 if((error = rsbac_get_attr(SW_PM,T_PROCESS, 03175 tid, 03176 A_pm_tp, 03177 &attr_val2, 03178 FALSE))) 03179 { 03180 rsbac_printk(KERN_WARNING 03181 "rsbac_pm_create_file(): rsbac_get_attr() for pm_tp returned error %i", 03182 error); 03183 return(-RSBAC_EREADFAILED); /* something weird happened */ 03184 } 03185 03186 /* getting neccessary accesses for task, class, tp from PM-data */ 03187 pm_tid.na.task = attr_val.pm_current_task; 03188 pm_tid.na.object_class = object_class; 03189 pm_tid.na.tp = attr_val2.pm_tp; 03190 if((error = rsbac_pm_get_data(0, 03191 PMT_NA, 03192 pm_tid, 03193 PD_accesses, 03194 &data_val))) 03195 { 03196 if( (error != -RSBAC_EINVALIDTARGET) 03197 && (error != -RSBAC_ENOTFOUND) 03198 ) 03199 rsbac_printk(KERN_WARNING 03200 "rsbac_pm_create_file(): rsbac_pm_get_data() for NA/accesses returned error %i", 03201 error); 03202 #ifdef CONFIG_RSBAC_DEBUG 03203 else if(rsbac_debug_adf_pm) 03204 rsbac_printk(KERN_DEBUG 03205 "rsbac_pm_create_file(): NA/accesses (%i,%i,%i) not found\n", 03206 pm_tid.na.task, object_class, pm_tid.na.tp); 03207 #endif 03208 return(-RSBAC_EPERM); /* deny */ 03209 } 03210 03211 /* is create necessary? if not -> error */ 03212 if(!(data_val.accesses & RSBAC_PM_A_CREATE)) 03213 { 03214 #ifdef CONFIG_RSBAC_DEBUG 03215 if(rsbac_debug_adf_pm) 03216 rsbac_printk(KERN_DEBUG 03217 "rsbac_pm_create_file(): create is not necessary\n"); 03218 #endif 03219 return(-RSBAC_EPERM); 03220 } 03221 03222 /* get purpose for current_task */ 03223 pm_tid.task = attr_val.pm_current_task; 03224 if((error = rsbac_pm_get_data(0, 03225 PMT_TASK, 03226 pm_tid, 03227 PD_purpose, 03228 &data_val))) 03229 { 03230 if( (error != -RSBAC_EINVALIDTARGET) 03231 && (error != -RSBAC_ENOTFOUND) 03232 ) 03233 rsbac_printk(KERN_WARNING 03234 "rsbac_pm_create_file(): rsbac_get_data() for TASK/purpose returned error %i", 03235 error); 03236 return(-RSBAC_EPERM); /* deny */ 03237 } 03238 03239 /* further checks only, if there is a purpose defined */ 03240 if(data_val.purpose) 03241 { 03242 /* get purpose_set_id for class */ 03243 pm_tid.object_class = object_class; 03244 if((error = rsbac_pm_get_data(0, 03245 PMT_CLASS, 03246 pm_tid, 03247 PD_pp_set, 03248 &data_val2))) 03249 { 03250 if( (error == -RSBAC_EINVALIDTARGET) 03251 || (error == -RSBAC_ENOTFOUND) 03252 ) 03253 { 03254 #ifdef CONFIG_RSBAC_DEBUG 03255 if(rsbac_debug_adf_pm) 03256 rsbac_printk(KERN_DEBUG 03257 "rsbac_pm_create_file(): non-existent class\n"); 03258 #endif 03259 return(-RSBAC_EINVALIDVALUE); 03260 } 03261 rsbac_printk(KERN_WARNING 03262 "rsbac_pm_create_file(): rsbac_get_data() for TASK/purpose returned error %i", 03263 error); 03264 return(-RSBAC_EREADFAILED); /* deny */ 03265 } 03266 /* if there is no purpose set for this class, deny */ 03267 if(!data_val2.pp_set) 03268 { 03269 #ifdef CONFIG_RSBAC_DEBUG 03270 if(rsbac_debug_adf_pm) 03271 rsbac_printk(KERN_DEBUG 03272 "rsbac_pm_create_file(): current_task has purpose, class not\n"); 03273 #endif 03274 return(-RSBAC_EPERM); 03275 } 03276 03277 /* last check: is our task's purpose in the set of purposes for our class? */ 03278 pm_set_id.pp_set = data_val2.pp_set; 03279 pm_set_member.pp = data_val.purpose; 03280 if(!rsbac_pm_set_member(0,PS_PP,pm_set_id,pm_set_member)) 03281 /* our task's purpose does not match with class purposes -> deny */ 03282 { 03283 #ifdef CONFIG_RSBAC_DEBUG 03284 if(rsbac_debug_adf_pm) 03285 rsbac_printk(KERN_DEBUG 03286 "rsbac_pm_create_file(): purpose of current_task is not in purpose set of class\n"); 03287 #endif 03288 return(-RSBAC_EPERM); 03289 } 03290 } 03291 03292 /* try to create object using standard syscalls, leading to general rsbac */ 03293 /* checks via ADF-Request */ 03294 /* we are not using sys_creat(), because alpha kernels don't know it */ 03295 lock_kernel(); 03296 error = sys_open(filename, O_CREAT | O_WRONLY | O_TRUNC, mode); 03297 unlock_kernel(); 03298 if (error < 0) 03299 return(error); 03300 03301 /* setting class for new object */ 03302 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 03303 rcu_read_lock(); 03304 tid.file.device = current->files->fdt->fd[error]->f_vfsmnt->mnt_sb->s_dev; 03305 tid.file.inode = current->files->fdt->fd[error]->f_dentry->d_inode->i_ino; 03306 tid.file.dentry_p = current->files->fdt->fd[error]->f_dentry; 03307 rcu_read_unlock(); 03308 #else 03309 tid.file.device = current->files->fd[error]->f_dentry->d_inode->i_dev; 03310 tid.file.inode = current->files->fd[error]->f_dentry->d_inode->i_ino; 03311 tid.file.dentry_p = current->files->fd[error]->f_dentry; 03312 #endif 03313 attr_val.pm_object_class = object_class; 03314 if(rsbac_set_attr(SW_PM,T_FILE, 03315 tid, 03316 A_pm_object_class, 03317 attr_val)) 03318 { 03319 rsbac_printk(KERN_WARNING 03320 "rsbac_pm_create_file(): rsbac_set_attr() for pm_object_class returned error"); 03321 } 03322 return(error); 03323 }
int rsbac_rc_change_role | ( | rsbac_rc_role_id_t | role, | |
char * | pass | |||
) |
int rsbac_rc_copy_role | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_rc_role_id_t | from_role, | |||
rsbac_rc_role_id_t | to_role | |||
) |
Definition at line 2284 of file rc_data_structures.c.
References NULL, RC_role_max_value, role_adr_handle, role_asr_handle, role_dfdc_handle, role_handle, role_rc_handle, role_tcdv_handle, role_tcfd_handle, role_tcgr_handle, role_tcip_handle, role_tcnd_handle, role_tcno_handle, role_tcnt_handle, role_tcpr_handle, role_tcsc_handle, role_tcus_handle, RSBAC_EINVALIDTARGET, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_list_lol_get_subitem_size(), rsbac_printk(), rsbac_ta_list_add_ttl(), rsbac_ta_list_get_data_ttl(), rsbac_ta_list_lol_get_all_subdesc_ttl(), rsbac_ta_list_lol_get_all_subitems_ttl(), rsbac_ta_list_lol_remove(), rsbac_ta_list_lol_subadd_ttl(), and rsbac_vfree.
Referenced by rsbac_rc_sys_copy_role().
02287 { 02288 struct rsbac_rc_role_entry_t entry; 02289 rsbac_rc_role_id_t *role_array; 02290 char *item_array; 02291 long count; 02292 u_long i; 02293 int err; 02294 02295 if (!rsbac_is_initialized()) { 02296 rsbac_printk(KERN_WARNING "rsbac_rc_copy_role(): RSBAC not initialized\n"); 02297 return (-RSBAC_ENOTINITIALIZED); 02298 } 02299 if ((from_role > RC_role_max_value) 02300 || (to_role > RC_role_max_value) 02301 || (to_role == from_role) 02302 ) 02303 return (-RSBAC_EINVALIDTARGET); 02304 02305 /* copy */ 02306 err = 02307 rsbac_ta_list_get_data_ttl(ta_number, role_handle, NULL, 02308 &from_role, &entry); 02309 if (err) 02310 return err; 02311 err = 02312 rsbac_ta_list_add_ttl(ta_number, role_handle, 0, &to_role, 02313 &entry); 02314 if (err) 02315 return err; 02316 02317 rsbac_ta_list_lol_remove(ta_number, role_rc_handle, &to_role); 02318 count = 02319 rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 02320 role_rc_handle, 02321 &from_role, 02322 (void **) &role_array, 02323 NULL); 02324 if (count > 0) { 02325 for (i = 0; i < count; i++) 02326 rsbac_ta_list_lol_subadd_ttl(ta_number, 02327 role_rc_handle, 0, 02328 &to_role, 02329 &role_array[i], 0); 02330 rsbac_vfree(role_array); 02331 } 02332 rsbac_ta_list_lol_remove(ta_number, role_adr_handle, &to_role); 02333 count = 02334 rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 02335 role_adr_handle, 02336 &from_role, 02337 (void **) &role_array, 02338 NULL); 02339 if (count > 0) { 02340 for (i = 0; i < count; i++) 02341 rsbac_ta_list_lol_subadd_ttl(ta_number, 02342 role_adr_handle, 0, 02343 &to_role, 02344 &role_array[i], 0); 02345 rsbac_vfree(role_array); 02346 } 02347 rsbac_ta_list_lol_remove(ta_number, role_asr_handle, &to_role); 02348 count = 02349 rsbac_ta_list_lol_get_all_subdesc_ttl(ta_number, 02350 role_asr_handle, 02351 &from_role, 02352 (void **) &role_array, 02353 NULL); 02354 if (count > 0) { 02355 for (i = 0; i < count; i++) 02356 rsbac_ta_list_lol_subadd_ttl(ta_number, 02357 role_asr_handle, 0, 02358 &to_role, 02359 &role_array[i], 0); 02360 rsbac_vfree(role_array); 02361 } 02362 rsbac_ta_list_lol_remove(ta_number, role_dfdc_handle, &to_role); 02363 count = 02364 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02365 role_dfdc_handle, 02366 &from_role, 02367 (void **) &item_array, 02368 NULL); 02369 if (count > 0) { 02370 char *tmp = item_array; 02371 int size = 02372 rsbac_list_lol_get_subitem_size(role_dfdc_handle); 02373 02374 for (i = 0; i < count; i++) { 02375 rsbac_ta_list_lol_subadd_ttl(ta_number, 02376 role_dfdc_handle, 0, 02377 &to_role, tmp, 02378 tmp + 02379 sizeof 02380 (rsbac_rc_role_id_t)); 02381 tmp += size; 02382 } 02383 rsbac_vfree(item_array); 02384 } 02385 rsbac_ta_list_lol_remove(ta_number, role_tcfd_handle, &to_role); 02386 count = 02387 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02388 role_tcfd_handle, 02389 &from_role, 02390 (void **) &item_array, 02391 NULL); 02392 if (count > 0) { 02393 char *tmp = item_array; 02394 int size = 02395 rsbac_list_lol_get_subitem_size(role_tcfd_handle); 02396 02397 for (i = 0; i < count; i++) { 02398 rsbac_ta_list_lol_subadd_ttl(ta_number, 02399 role_tcfd_handle, 0, 02400 &to_role, tmp, 02401 tmp + 02402 sizeof 02403 (rsbac_rc_role_id_t)); 02404 tmp += size; 02405 } 02406 rsbac_vfree(item_array); 02407 } 02408 rsbac_ta_list_lol_remove(ta_number, role_tcdv_handle, &to_role); 02409 count = 02410 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02411 role_tcdv_handle, 02412 &from_role, 02413 (void **) &item_array, 02414 NULL); 02415 if (count > 0) { 02416 char *tmp = item_array; 02417 int size = 02418 rsbac_list_lol_get_subitem_size(role_tcdv_handle); 02419 02420 for (i = 0; i < count; i++) { 02421 rsbac_ta_list_lol_subadd_ttl(ta_number, 02422 role_tcdv_handle, 0, 02423 &to_role, tmp, 02424 tmp + 02425 sizeof 02426 (rsbac_rc_role_id_t)); 02427 tmp += size; 02428 } 02429 rsbac_vfree(item_array); 02430 } 02431 rsbac_ta_list_lol_remove(ta_number, role_tcus_handle, &to_role); 02432 count = 02433 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02434 role_tcus_handle, 02435 &from_role, 02436 (void **) &item_array, 02437 NULL); 02438 if (count > 0) { 02439 char *tmp = item_array; 02440 int size = 02441 rsbac_list_lol_get_subitem_size(role_tcus_handle); 02442 02443 for (i = 0; i < count; i++) { 02444 rsbac_ta_list_lol_subadd_ttl(ta_number, 02445 role_tcus_handle, 0, 02446 &to_role, tmp, 02447 tmp + 02448 sizeof 02449 (rsbac_rc_role_id_t)); 02450 tmp += size; 02451 } 02452 rsbac_vfree(item_array); 02453 } 02454 rsbac_ta_list_lol_remove(ta_number, role_tcpr_handle, &to_role); 02455 count = 02456 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02457 role_tcpr_handle, 02458 &from_role, 02459 (void **) &item_array, 02460 NULL); 02461 if (count > 0) { 02462 char *tmp = item_array; 02463 int size = 02464 rsbac_list_lol_get_subitem_size(role_tcpr_handle); 02465 02466 for (i = 0; i < count; i++) { 02467 rsbac_ta_list_lol_subadd_ttl(ta_number, 02468 role_tcpr_handle, 0, 02469 &to_role, tmp, 02470 tmp + 02471 sizeof 02472 (rsbac_rc_role_id_t)); 02473 tmp += size; 02474 } 02475 rsbac_vfree(item_array); 02476 } 02477 rsbac_ta_list_lol_remove(ta_number, role_tcip_handle, &to_role); 02478 count = 02479 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02480 role_tcip_handle, 02481 &from_role, 02482 (void **) &item_array, 02483 NULL); 02484 if (count > 0) { 02485 char *tmp = item_array; 02486 int size = 02487 rsbac_list_lol_get_subitem_size(role_tcip_handle); 02488 02489 for (i = 0; i < count; i++) { 02490 rsbac_ta_list_lol_subadd_ttl(ta_number, 02491 role_tcip_handle, 0, 02492 &to_role, tmp, 02493 tmp + 02494 sizeof 02495 (rsbac_rc_role_id_t)); 02496 tmp += size; 02497 } 02498 rsbac_vfree(item_array); 02499 } 02500 rsbac_ta_list_lol_remove(ta_number, role_tcsc_handle, &to_role); 02501 count = 02502 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02503 role_tcsc_handle, 02504 &from_role, 02505 (void **) &item_array, 02506 NULL); 02507 if (count > 0) { 02508 char *tmp = item_array; 02509 int size = 02510 rsbac_list_lol_get_subitem_size(role_tcsc_handle); 02511 02512 for (i = 0; i < count; i++) { 02513 rsbac_ta_list_lol_subadd_ttl(ta_number, 02514 role_tcsc_handle, 0, 02515 &to_role, tmp, 02516 tmp + 02517 sizeof 02518 (rsbac_rc_role_id_t)); 02519 tmp += size; 02520 } 02521 rsbac_vfree(item_array); 02522 } 02523 rsbac_ta_list_lol_remove(ta_number, role_tcgr_handle, &to_role); 02524 count = 02525 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02526 role_tcgr_handle, 02527 &from_role, 02528 (void **) &item_array, 02529 NULL); 02530 if (count > 0) { 02531 char *tmp = item_array; 02532 int size = 02533 rsbac_list_lol_get_subitem_size(role_tcgr_handle); 02534 02535 for (i = 0; i < count; i++) { 02536 rsbac_ta_list_lol_subadd_ttl(ta_number, 02537 role_tcgr_handle, 0, 02538 &to_role, tmp, 02539 tmp + 02540 sizeof 02541 (rsbac_rc_role_id_t)); 02542 tmp += size; 02543 } 02544 rsbac_vfree(item_array); 02545 } 02546 rsbac_ta_list_lol_remove(ta_number, role_tcnd_handle, &to_role); 02547 count = 02548 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02549 role_tcnd_handle, 02550 &from_role, 02551 (void **) &item_array, 02552 NULL); 02553 if (count > 0) { 02554 char *tmp = item_array; 02555 int size = 02556 rsbac_list_lol_get_subitem_size(role_tcnd_handle); 02557 02558 for (i = 0; i < count; i++) { 02559 rsbac_ta_list_lol_subadd_ttl(ta_number, 02560 role_tcnd_handle, 0, 02561 &to_role, tmp, 02562 tmp + 02563 sizeof 02564 (rsbac_rc_role_id_t)); 02565 tmp += size; 02566 } 02567 rsbac_vfree(item_array); 02568 } 02569 rsbac_ta_list_lol_remove(ta_number, role_tcnt_handle, &to_role); 02570 count = 02571 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02572 role_tcnt_handle, 02573 &from_role, 02574 (void **) &item_array, 02575 NULL); 02576 if (count > 0) { 02577 char *tmp = item_array; 02578 int size = 02579 rsbac_list_lol_get_subitem_size(role_tcnt_handle); 02580 02581 for (i = 0; i < count; i++) { 02582 rsbac_ta_list_lol_subadd_ttl(ta_number, 02583 role_tcnt_handle, 0, 02584 &to_role, tmp, 02585 tmp + 02586 sizeof 02587 (rsbac_rc_role_id_t)); 02588 tmp += size; 02589 } 02590 rsbac_vfree(item_array); 02591 } 02592 rsbac_ta_list_lol_remove(ta_number, role_tcno_handle, &to_role); 02593 count = 02594 rsbac_ta_list_lol_get_all_subitems_ttl(ta_number, 02595 role_tcno_handle, 02596 &from_role, 02597 (void **) &item_array, 02598 NULL); 02599 if (count > 0) { 02600 char *tmp = item_array; 02601 int size = 02602 rsbac_list_lol_get_subitem_size(role_tcno_handle); 02603 02604 for (i = 0; i < count; i++) { 02605 rsbac_ta_list_lol_subadd_ttl(ta_number, 02606 role_tcno_handle, 0, 02607 &to_role, tmp, 02608 tmp + 02609 sizeof 02610 (rsbac_rc_role_id_t)); 02611 tmp += size; 02612 } 02613 rsbac_vfree(item_array); 02614 } 02615 return 0; 02616 }
int rsbac_rc_copy_type | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
rsbac_rc_type_id_t | from_type, | |||
rsbac_rc_type_id_t | to_type | |||
) |
int rsbac_rc_get_current_role | ( | rsbac_rc_role_id_t * | role_p | ) |
int rsbac_rc_get_eff_rights_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
char * | t_name, | |||
rsbac_rc_request_vector_t * | request_vector_p, | |||
rsbac_time_t * | ttl_p | |||
) |
int rsbac_rc_get_item | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_rc_target_t | target, | |||
union rsbac_rc_target_id_t * | tid_p, | |||
union rsbac_rc_target_id_t * | subtid_p, | |||
enum rsbac_rc_item_t | item, | |||
union rsbac_rc_item_value_t * | value_p, | |||
rsbac_time_t * | ttl_p | |||
) |
int rsbac_rc_get_list | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_rc_target_t | target, | |||
union rsbac_rc_target_id_t * | tid_p, | |||
enum rsbac_rc_item_t | item, | |||
u_int | maxnum, | |||
__u32 * | array_p, | |||
rsbac_time_t * | ttl_array_p | |||
) |
int rsbac_rc_set_item | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_rc_target_t | target, | |||
union rsbac_rc_target_id_t * | tid_p, | |||
union rsbac_rc_target_id_t * | subtid_p, | |||
enum rsbac_rc_item_t | item, | |||
union rsbac_rc_item_value_t * | value_p, | |||
rsbac_time_t | ttl | |||
) |
int rsbac_rc_sys_select_fd_create_type | ( | rsbac_rc_type_id_t | type | ) |
int rsbac_reg | ( | rsbac_reg_handle_t | handle, | |
void * | arg | |||
) |
int rsbac_remove_target | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid | |||
) |
int rsbac_remove_target_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_target_t | target, | |||
char * | t_name | |||
) |
int rsbac_set_attr | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
union rsbac_target_id_t * | tid, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value | |||
) |
int rsbac_set_attr_n | ( | rsbac_list_ta_number_t | ta_number, | |
enum rsbac_switch_target_t | module, | |||
enum rsbac_target_t | target, | |||
char * | t_name, | |||
enum rsbac_attribute_t | attr, | |||
union rsbac_attribute_value_t * | value | |||
) |
int rsbac_stats | ( | void | ) |
Definition at line 8602 of file aci_data_structures.c.
References dev_handles, dev_major_handles, device_head_p, device_list_locks, ipc_handles, KERNEL_VERSION, process_handles, rsbac_adf_request_count, rsbac_adf_set_attr_count, RSBAC_ENOTINITIALIZED, rsbac_initialized, rsbac_list_count(), rsbac_printk(), rsbac_stats_acl(), rsbac_stats_auth(), rsbac_stats_pm(), rsbac_stats_rc(), T_DEV, T_DIR, T_FIFO, T_FILE, T_IPC, T_NETDEV, T_NETOBJ, T_NETTEMP, T_PROCESS, T_SCD, T_SYMLINK, T_UNIXSOCK, T_USER, and user_handles.
Referenced by sys_rsbac_stats().
08603 { 08604 struct rsbac_device_list_item_t *device_p; 08605 u_long fd_count = 0, fd_sum = 0; 08606 u_long dev_sum = 0; 08607 u_long ipc_sum = 0; 08608 u_long user_sum = 0; 08609 u_long process_sum = 0; 08610 #if defined(CONFIG_RSBAC_UM) 08611 u_long group_sum = 0; 08612 #endif 08613 #if defined(CONFIG_RSBAC_NET_OBJ) 08614 u_long nettemp_sum = 0; 08615 u_long lnetobj_sum = 0; 08616 u_long rnetobj_sum = 0; 08617 #endif 08618 u_long total_sum = 0; 08619 long tmp_count = 0; 08620 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0) 08621 u_long dflags; 08622 #endif 08623 u_int i; 08624 08625 if (!rsbac_initialized) { 08626 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n"); 08627 return (-RSBAC_ENOTINITIALIZED); 08628 } 08629 for (i = 0; i < RSBAC_NR_DEVICE_LISTS; i++) { 08630 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08631 rcu_read_lock(); 08632 #else 08633 rsbac_read_lock(&device_list_locks[i], &dflags); 08634 #endif 08635 /* rsbac_printk(KERN_INFO "rsbac_stats(): currently %u processes working on file/dir aci\n", 08636 device_list_lock.lock); */ 08637 device_p = rcu_dereference(device_head_p[i])->head; 08638 while (device_p) { /* for all sublists */ 08639 fd_count = rsbac_list_count(device_p->handles.gen); 08640 if (fd_count > 0) { 08641 rsbac_printk(", %lu GEN", fd_count); 08642 fd_sum += fd_count; 08643 } 08644 08645 #if defined(CONFIG_RSBAC_MAC) 08646 fd_count = rsbac_list_count(device_p->handles.mac); 08647 if (fd_count > 0) { 08648 rsbac_printk(", %lu MAC", fd_count); 08649 fd_sum += fd_count; 08650 } 08651 #endif 08652 08653 #if defined(CONFIG_RSBAC_PM) 08654 fd_count = rsbac_list_count(device_p->handles.pm); 08655 if (fd_count > 0) { 08656 rsbac_printk(", %lu PM", fd_count); 08657 fd_sum += fd_count; 08658 } 08659 #endif 08660 08661 #if defined(CONFIG_RSBAC_DAZ) 08662 fd_count = rsbac_list_count(device_p->handles.daz); 08663 if (fd_count > 0) { 08664 rsbac_printk(", %lu DAZ", fd_count); 08665 fd_sum += fd_count; 08666 } 08667 #if defined(CONFIG_RSBAC_DAZ_CACHE) 08668 fd_count = rsbac_list_count(device_p->handles.dazs); 08669 if (fd_count > 0) { 08670 rsbac_printk(", %lu DAZ SCANNED", fd_count); 08671 fd_sum += fd_count; 08672 } 08673 #endif 08674 #endif 08675 08676 #if defined(CONFIG_RSBAC_FF) 08677 fd_count = rsbac_list_count(device_p->handles.ff); 08678 if (fd_count > 0) { 08679 rsbac_printk(", %lu FF", fd_count); 08680 fd_sum += fd_count; 08681 } 08682 #endif 08683 08684 #if defined(CONFIG_RSBAC_RC) 08685 fd_count = rsbac_list_count(device_p->handles.rc); 08686 if (fd_count > 0) { 08687 rsbac_printk(", %lu RC", fd_count); 08688 fd_sum += fd_count; 08689 } 08690 #endif 08691 08692 #if defined(CONFIG_RSBAC_AUTH) 08693 fd_count = rsbac_list_count(device_p->handles.auth); 08694 if (fd_count > 0) { 08695 rsbac_printk(", %lu AUTH", fd_count); 08696 fd_sum += fd_count; 08697 } 08698 #endif 08699 08700 #if defined(CONFIG_RSBAC_CAP) 08701 fd_count = rsbac_list_count(device_p->handles.cap); 08702 if (fd_count > 0) { 08703 rsbac_printk(", %lu CAP", fd_count); 08704 fd_sum += fd_count; 08705 } 08706 #endif 08707 #if defined(CONFIG_RSBAC_RES) 08708 fd_count = rsbac_list_count(device_p->handles.res); 08709 if (fd_count > 0) { 08710 rsbac_printk(", %lu RES", fd_count); 08711 fd_sum += fd_count; 08712 } 08713 #endif 08714 #if defined(CONFIG_RSBAC_PAX) 08715 fd_count = rsbac_list_count(device_p->handles.pax); 08716 if (fd_count > 0) { 08717 rsbac_printk(", %lu PAX", fd_count); 08718 fd_sum += fd_count; 08719 } 08720 #endif 08721 08722 rsbac_printk("\n"); 08723 device_p = device_p->next; 08724 } 08725 tmp_count += rcu_dereference(device_head_p[i])->count; 08726 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0) 08727 rcu_read_unlock(); 08728 #else 08729 rsbac_read_unlock(&device_list_locks[i], &dflags); 08730 #endif 08731 } 08732 rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n", 08733 tmp_count, fd_sum); 08734 /* free access to device_list_head */ 08735 total_sum += fd_sum; 08736 08737 /* dev lists */ 08738 tmp_count = rsbac_list_count(dev_handles.gen); 08739 rsbac_printk(KERN_INFO "DEV items: %lu GEN", tmp_count); 08740 dev_sum += tmp_count; 08741 #if defined(CONFIG_RSBAC_MAC) 08742 tmp_count = rsbac_list_count(dev_handles.mac); 08743 rsbac_printk(", %lu MAC", tmp_count); 08744 dev_sum += tmp_count; 08745 #endif 08746 #if defined(CONFIG_RSBAC_PM) 08747 tmp_count = rsbac_list_count(dev_handles.pm); 08748 rsbac_printk(", %lu PM", tmp_count); 08749 dev_sum += tmp_count; 08750 #endif 08751 #if defined(CONFIG_RSBAC_RC) 08752 tmp_count = rsbac_list_count(dev_major_handles.rc); 08753 rsbac_printk(", %lu major RC", tmp_count); 08754 dev_sum += tmp_count; 08755 tmp_count = rsbac_list_count(dev_handles.rc); 08756 rsbac_printk(", %lu RC", tmp_count); 08757 dev_sum += tmp_count; 08758 #endif 08759 rsbac_printk("\n"); 08760 rsbac_printk(KERN_INFO "Sum of %lu DEV items\n", dev_sum); 08761 total_sum += dev_sum; 08762 08763 /* ipc lists */ 08764 rsbac_printk(KERN_INFO "IPC items: no GEN"); 08765 #if defined(CONFIG_RSBAC_MAC) 08766 tmp_count = rsbac_list_count(ipc_handles.mac); 08767 rsbac_printk(", %lu MAC", tmp_count); 08768 ipc_sum += tmp_count; 08769 #endif 08770 #if defined(CONFIG_RSBAC_PM) 08771 tmp_count = rsbac_list_count(ipc_handles.pm); 08772 rsbac_printk(", %lu PM", tmp_count); 08773 ipc_sum += tmp_count; 08774 #endif 08775 #if defined(CONFIG_RSBAC_RC) 08776 tmp_count = rsbac_list_count(ipc_handles.rc); 08777 rsbac_printk(", %lu RC", tmp_count); 08778 ipc_sum += tmp_count; 08779 #endif 08780 #if defined(CONFIG_RSBAC_JAIL) 08781 tmp_count = rsbac_list_count(ipc_handles.jail); 08782 rsbac_printk(", %lu JAIL", tmp_count); 08783 ipc_sum += tmp_count; 08784 #endif 08785 rsbac_printk("\n"); 08786 rsbac_printk(KERN_INFO "Sum of %lu IPC items\n", ipc_sum); 08787 total_sum += ipc_sum; 08788 08789 /* user lists */ 08790 tmp_count = rsbac_list_count(user_handles.gen); 08791 rsbac_printk(KERN_INFO "USER items: %lu GEN", tmp_count); 08792 user_sum += tmp_count; 08793 #if defined(CONFIG_RSBAC_MAC) 08794 tmp_count = rsbac_list_count(user_handles.mac); 08795 rsbac_printk(", %lu MAC", tmp_count); 08796 user_sum += tmp_count; 08797 #endif 08798 #if defined(CONFIG_RSBAC_PM) 08799 tmp_count = rsbac_list_count(user_handles.pm); 08800 rsbac_printk(", %lu PM", tmp_count); 08801 user_sum += tmp_count; 08802 #endif 08803 #if defined(CONFIG_RSBAC_DAZ) 08804 tmp_count = rsbac_list_count(user_handles.daz); 08805 rsbac_printk(", %lu DAZ", tmp_count); 08806 user_sum += tmp_count; 08807 #endif 08808 #if defined(CONFIG_RSBAC_RC) 08809 tmp_count = rsbac_list_count(user_handles.rc); 08810 rsbac_printk(", %lu RC", tmp_count); 08811 user_sum += tmp_count; 08812 #endif 08813 #if defined(CONFIG_RSBAC_AUTH) 08814 tmp_count = rsbac_list_count(user_handles.auth); 08815 rsbac_printk(", %lu AUTH", tmp_count); 08816 user_sum += tmp_count; 08817 #endif 08818 #if defined(CONFIG_RSBAC_CAP) 08819 tmp_count = rsbac_list_count(user_handles.cap); 08820 rsbac_printk(", %lu CAP", tmp_count); 08821 user_sum += tmp_count; 08822 #endif 08823 #if defined(CONFIG_RSBAC_JAIL) 08824 tmp_count = rsbac_list_count(user_handles.jail); 08825 rsbac_printk(", %lu JAIL", tmp_count); 08826 user_sum += tmp_count; 08827 #endif 08828 #if defined(CONFIG_RSBAC_RES) 08829 tmp_count = rsbac_list_count(user_handles.res); 08830 rsbac_printk(", %lu RES", tmp_count); 08831 user_sum += tmp_count; 08832 #endif 08833 #if defined(CONFIG_RSBAC_PAX) 08834 tmp_count = rsbac_list_count(user_handles.pax); 08835 rsbac_printk(", %lu PAX", tmp_count); 08836 user_sum += tmp_count; 08837 #endif 08838 rsbac_printk("\n"); 08839 rsbac_printk(KERN_INFO "Sum of %lu USER items\n", user_sum); 08840 total_sum += user_sum; 08841 08842 /* process lists */ 08843 tmp_count = rsbac_list_count(process_handles.gen); 08844 rsbac_printk(KERN_INFO "PROCESS items: %lu GEN", tmp_count); 08845 process_sum += tmp_count; 08846 #if defined(CONFIG_RSBAC_MAC) 08847 tmp_count = rsbac_list_count(process_handles.mac); 08848 rsbac_printk(", %lu MAC", tmp_count); 08849 process_sum += tmp_count; 08850 #endif 08851 #if defined(CONFIG_RSBAC_PM) 08852 tmp_count = rsbac_list_count(process_handles.pm); 08853 rsbac_printk(", %lu PM", tmp_count); 08854 process_sum += tmp_count; 08855 #endif 08856 #if defined(CONFIG_RSBAC_DAZ) 08857 tmp_count = rsbac_list_count(process_handles.daz); 08858 rsbac_printk(", %lu DAZ", tmp_count); 08859 process_sum += tmp_count; 08860 #endif 08861 #if defined(CONFIG_RSBAC_RC) 08862 tmp_count = rsbac_list_count(process_handles.rc); 08863 rsbac_printk(", %lu RC", tmp_count); 08864 process_sum += tmp_count; 08865 #endif 08866 #if defined(CONFIG_RSBAC_AUTH) 08867 tmp_count = rsbac_list_count(process_handles.auth); 08868 rsbac_printk(", %lu AUTH", tmp_count); 08869 process_sum += tmp_count; 08870 #endif 08871 #if defined(CONFIG_RSBAC_CAP) 08872 tmp_count = rsbac_list_count(process_handles.cap); 08873 rsbac_printk(", %lu CAP", tmp_count); 08874 process_sum += tmp_count; 08875 #endif 08876 #if defined(CONFIG_RSBAC_JAIL) 08877 tmp_count = rsbac_list_count(process_handles.jail); 08878 rsbac_printk(", %lu JAIL", tmp_count); 08879 process_sum += tmp_count; 08880 #endif 08881 rsbac_printk("\n"); 08882 rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n", process_sum); 08883 total_sum += process_sum; 08884 08885 #if defined(CONFIG_RSBAC_UM) 08886 /* group lists */ 08887 rsbac_printk(KERN_INFO "GROUP items: "); 08888 #if defined(CONFIG_RSBAC_RC_UM_PROT) 08889 tmp_count = rsbac_list_count(group_handles.rc); 08890 rsbac_printk("%lu RC", tmp_count); 08891 user_sum += tmp_count; 08892 #endif 08893 rsbac_printk("\n"); 08894 rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n", group_sum); 08895 total_sum += group_sum; 08896 #endif 08897 08898 #if defined(CONFIG_RSBAC_NET_OBJ) 08899 /* nettemp lists */ 08900 rsbac_printk(KERN_INFO "NETTEMP items: "); 08901 #if defined(CONFIG_RSBAC_MAC) 08902 tmp_count = rsbac_list_count(nettemp_handles.mac); 08903 rsbac_printk("%lu MAC, ", tmp_count); 08904 nettemp_sum += tmp_count; 08905 #endif 08906 #if defined(CONFIG_RSBAC_PM) 08907 tmp_count = rsbac_list_count(nettemp_handles.pm); 08908 rsbac_printk("%lu PM, ", tmp_count); 08909 nettemp_sum += tmp_count; 08910 #endif 08911 #if defined(CONFIG_RSBAC_RC) 08912 tmp_count = rsbac_list_count(nettemp_handles.rc); 08913 rsbac_printk("%lu RC, ", tmp_count); 08914 nettemp_sum += tmp_count; 08915 #endif 08916 rsbac_printk("\n"); 08917 rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n", nettemp_sum); 08918 total_sum += nettemp_sum; 08919 08920 /* local netobj lists */ 08921 rsbac_printk(KERN_INFO "Local NETOBJ items:"); 08922 #if defined(CONFIG_RSBAC_MAC) 08923 tmp_count = rsbac_list_count(lnetobj_handles.mac); 08924 rsbac_printk(" %lu MAC,", tmp_count); 08925 lnetobj_sum += tmp_count; 08926 #endif 08927 #if defined(CONFIG_RSBAC_PM) 08928 tmp_count = rsbac_list_count(lnetobj_handles.pm); 08929 rsbac_printk(" %lu PM,", tmp_count); 08930 lnetobj_sum += tmp_count; 08931 #endif 08932 #if defined(CONFIG_RSBAC_RC) 08933 tmp_count = rsbac_list_count(lnetobj_handles.rc); 08934 rsbac_printk(" %lu RC", tmp_count); 08935 lnetobj_sum += tmp_count; 08936 #endif 08937 rsbac_printk("\n"); 08938 rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n", 08939 lnetobj_sum); 08940 total_sum += lnetobj_sum; 08941 08942 /* remote netobj lists */ 08943 rsbac_printk(KERN_INFO "Remote NETOBJ items:"); 08944 #if defined(CONFIG_RSBAC_MAC) 08945 tmp_count = rsbac_list_count(rnetobj_handles.mac); 08946 rsbac_printk(" %lu MAC,", tmp_count); 08947 rnetobj_sum += tmp_count; 08948 #endif 08949 #if defined(CONFIG_RSBAC_PM) 08950 tmp_count = rsbac_list_count(rnetobj_handles.pm); 08951 rsbac_printk(" %lu PM,", tmp_count); 08952 rnetobj_sum += tmp_count; 08953 #endif 08954 #if defined(CONFIG_RSBAC_RC) 08955 tmp_count = rsbac_list_count(rnetobj_handles.rc); 08956 rsbac_printk(" %lu RC", tmp_count); 08957 rnetobj_sum += tmp_count; 08958 #endif 08959 rsbac_printk("\n"); 08960 rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n", 08961 rnetobj_sum); 08962 total_sum += rnetobj_sum; 08963 #endif /* NET_OBJ */ 08964 08965 rsbac_printk(KERN_INFO "Total of %lu registered rsbac-items\n", total_sum); 08966 08967 rsbac_printk(KERN_INFO "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n", 08968 rsbac_adf_request_count[T_FILE], 08969 rsbac_adf_request_count[T_DIR], 08970 rsbac_adf_request_count[T_FIFO], 08971 rsbac_adf_request_count[T_SYMLINK], 08972 rsbac_adf_request_count[T_DEV], 08973 rsbac_adf_request_count[T_IPC], 08974 rsbac_adf_request_count[T_SCD], 08975 rsbac_adf_request_count[T_USER], 08976 rsbac_adf_request_count[T_PROCESS], 08977 rsbac_adf_request_count[T_NETDEV], 08978 rsbac_adf_request_count[T_NETTEMP], 08979 rsbac_adf_request_count[T_NETOBJ], 08980 rsbac_adf_request_count[T_UNIXSOCK]); 08981 rsbac_printk(KERN_INFO "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, unixsock: %lu\n", 08982 rsbac_adf_set_attr_count[T_FILE], 08983 rsbac_adf_set_attr_count[T_DIR], 08984 rsbac_adf_set_attr_count[T_FIFO], 08985 rsbac_adf_set_attr_count[T_SYMLINK], 08986 rsbac_adf_set_attr_count[T_DEV], 08987 rsbac_adf_set_attr_count[T_IPC], 08988 rsbac_adf_set_attr_count[T_SCD], 08989 rsbac_adf_set_attr_count[T_USER], 08990 rsbac_adf_set_attr_count[T_PROCESS], 08991 rsbac_adf_set_attr_count[T_NETDEV], 08992 rsbac_adf_set_attr_count[T_NETTEMP], 08993 rsbac_adf_set_attr_count[T_NETOBJ], 08994 rsbac_adf_set_attr_count[T_UNIXSOCK]); 08995 08996 #if defined(CONFIG_RSBAC_PM) 08997 rsbac_stats_pm(); 08998 #endif 08999 #if defined(CONFIG_RSBAC_RC) 09000 rsbac_stats_rc(); 09001 #endif 09002 #if defined(CONFIG_RSBAC_AUTH) 09003 rsbac_stats_auth(); 09004 #endif 09005 #if defined(CONFIG_RSBAC_ACL) 09006 rsbac_stats_acl(); 09007 #endif 09008 return 0; 09009 }
int rsbac_stats_pm | ( | void | ) |
Definition at line 1494 of file pm_data_structures.c.
References class_handle, cs_handle, in_pp_set_handle, na_handle, out_pp_set_handle, pp_handle, pp_set_handle, RSBAC_ENOTINITIALIZED, rsbac_is_initialized(), rsbac_list_count(), rsbac_list_lol_all_subcount(), rsbac_list_lol_count(), rsbac_printk(), ru_set_handle, task_handle, task_set_handle, tkt_handle, tp_handle, and tp_set_handle.
Referenced by rsbac_stats(), and sys_rsbac_stats_pm().
01495 { 01496 u_long tmp_count; 01497 u_long tmp_member_count; 01498 u_long all_set_count = 0; 01499 u_long all_member_count = 0; 01500 u_long all_count = 0; 01501 01502 if (!rsbac_is_initialized()) { 01503 rsbac_printk(KERN_WARNING "rsbac_stats_pm(): RSBAC not initialized\n"); 01504 return (-RSBAC_ENOTINITIALIZED); 01505 } 01506 01507 /****************/ 01508 /* Helper lists */ 01509 /****************/ 01510 01511 tmp_count = rsbac_list_lol_count(task_set_handle); 01512 tmp_member_count = rsbac_list_lol_all_subcount(task_set_handle); 01513 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu task-set-items, sum of %lu members\n", 01514 tmp_count, tmp_member_count); 01515 all_set_count += tmp_count; 01516 all_member_count += tmp_member_count; 01517 01518 tmp_count = rsbac_list_lol_count(tp_set_handle); 01519 tmp_member_count = rsbac_list_lol_all_subcount(tp_set_handle); 01520 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu tp set items, sum of %lu members\n", 01521 tmp_count, tmp_member_count); 01522 all_set_count += tmp_count; 01523 all_member_count += tmp_member_count; 01524 01525 tmp_count = rsbac_list_lol_count(ru_set_handle); 01526 tmp_member_count = rsbac_list_lol_all_subcount(ru_set_handle); 01527 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu ru set items, sum of %lu members\n", 01528 tmp_count, tmp_member_count); 01529 all_set_count += tmp_count; 01530 all_member_count += tmp_member_count; 01531 01532 tmp_count = rsbac_list_lol_count(pp_set_handle); 01533 tmp_member_count = rsbac_list_lol_all_subcount(pp_set_handle); 01534 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu pp set items, sum of %lu members\n", 01535 tmp_count, tmp_member_count); 01536 all_set_count += tmp_count; 01537 all_member_count += tmp_member_count; 01538 01539 tmp_count = rsbac_list_lol_count(in_pp_set_handle); 01540 tmp_member_count = rsbac_list_lol_all_subcount(in_pp_set_handle); 01541 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu input purpose set items, sum of %lu members\n", 01542 tmp_count, tmp_member_count); 01543 all_set_count += tmp_count; 01544 all_member_count += tmp_member_count; 01545 01546 tmp_count = rsbac_list_lol_count(out_pp_set_handle); 01547 tmp_member_count = rsbac_list_lol_all_subcount(out_pp_set_handle); 01548 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu output purpose set items, sum of %lu members\n", 01549 tmp_count, tmp_member_count); 01550 all_set_count += tmp_count; 01551 all_member_count += tmp_member_count; 01552 01553 rsbac_printk(KERN_INFO "rsbac_stats_pm(): Total of %lu registered rsbac-pm-set-items, %lu members\n", 01554 all_set_count, all_member_count); 01555 01556 /**************/ 01557 /* Main lists */ 01558 /**************/ 01559 tmp_count = rsbac_list_count(task_handle); 01560 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu task items\n", 01561 tmp_count); 01562 all_count += tmp_count; 01563 01564 tmp_count = rsbac_list_count(class_handle); 01565 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu class items\n", 01566 tmp_count); 01567 all_count += tmp_count; 01568 01569 tmp_count = rsbac_list_count(na_handle); 01570 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu na items\n", 01571 tmp_count); 01572 all_count += tmp_count; 01573 01574 tmp_count = rsbac_list_count(cs_handle); 01575 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu cs items\n", 01576 tmp_count); 01577 all_count += tmp_count; 01578 01579 tmp_count = rsbac_list_count(tp_handle); 01580 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu tp items\n", 01581 tmp_count); 01582 all_count += tmp_count; 01583 01584 tmp_count = rsbac_list_count(pp_handle); 01585 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu pp items\n", 01586 tmp_count); 01587 all_count += tmp_count; 01588 01589 tmp_count = rsbac_list_count(tkt_handle); 01590 rsbac_printk(KERN_INFO "rsbac_stats_pm(): %lu tkt items\n", 01591 tmp_count); 01592 all_count += tmp_count; 01593 01594 rsbac_printk(KERN_INFO "rsbac_stats_pm(): Total of %lu registered rsbac-pm-items\n", 01595 all_count); 01596 return 0; 01597 }
int rsbac_switch | ( | enum rsbac_switch_target_t | module, | |
int | value | |||
) |
int rsbac_um_add_gm | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | uid, | |||
rsbac_gid_t | gid, | |||
rsbac_time_t | ttl | |||
) |
Definition at line 615 of file um_data_structures.c.
00617 { 00618 if (!rsbac_is_initialized()) { 00619 rsbac_printk(KERN_WARNING "rsbac_um_add_gm(): RSBAC not initialized\n"); 00620 return (-RSBAC_ENOTINITIALIZED); 00621 } 00622 #ifdef CONFIG_RSBAC_UM_EXCL 00623 if (!rsbac_um_no_excl) { 00624 if (!rsbac_ta_list_exist 00625 (ta_number, user_handle, &user)) { 00626 rsbac_printk(KERN_INFO "rsbac_um_add_gm(): uid %u not known to RSBAC User Management!\n", 00627 user); 00628 return -RSBAC_ENOTFOUND; 00629 } 00630 if (!rsbac_ta_list_exist 00631 (ta_number, group_handle, &group)) { 00632 rsbac_printk(KERN_INFO "rsbac_um_add_gm(): gid %u not known to RSBAC User Management!\n", 00633 group); 00634 return -RSBAC_ENOTFOUND; 00635 } 00636 } 00637 #endif 00638 rsbac_pr_debug(aef_um, "pid %u/%.15s: adding user %u group %u\n", 00639 current->pid, current->comm, user, group); 00640 return rsbac_ta_list_lol_subadd_ttl(ta_number, 00641 user_handle, 00642 ttl, &user, &group, NULL); 00643 }
int rsbac_um_add_group | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | gid, | |||
struct rsbac_um_group_entry_t * | entry_p, | |||
char * | pass, | |||
rsbac_time_t | ttl | |||
) |
int rsbac_um_add_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | uid, | |||
struct rsbac_um_user_entry_t * | entry_p, | |||
char * | pass, | |||
rsbac_time_t | ttl | |||
) |
int rsbac_um_auth_name | ( | char * | name, | |
char * | pass | |||
) |
int rsbac_um_auth_uid | ( | rsbac_uid_t | uid, | |
char * | pass | |||
) |
int rsbac_um_check_account | ( | rsbac_uid_t | uid | ) |
Definition at line 1434 of file um_data_structures.c.
01435 { 01436 int err; 01437 struct rsbac_um_user_entry_t *entry_p; 01438 u_long curdays; 01439 01440 entry_p = rsbac_kmalloc(sizeof(*entry_p)); 01441 if (!entry_p) 01442 return -RSBAC_ENOMEM; 01443 err = 01444 rsbac_ta_list_lol_get_data_ttl(0, user_handle, 01445 NULL, &uid, entry_p); 01446 if (err) 01447 goto out_free; 01448 01449 rsbac_pr_debug(aef_um, "pid %u/%.15s: checking account for user %u\n", 01450 current->pid, current->comm, uid); 01451 /* check whether account or password has expired */ 01452 curdays = RSBAC_CURRENT_TIME / 86400; 01453 if (*((__u32 *) entry_p->pass) 01454 && !entry_p->lastchange) { 01455 err = -RSBAC_EMUSTCHANGE; 01456 rsbac_pr_debug(aef_um, "pid %u/%.15s: user %u must change password, " 01457 "lastchange = 0\n", current->pid, current->comm, uid); 01458 goto out_free; 01459 } 01460 if ((curdays > entry_p->expire) 01461 && (entry_p->expire != -1) 01462 && (entry_p->expire) 01463 ) { 01464 err = -RSBAC_EEXPIRED; 01465 rsbac_pr_debug(aef_um, "pid %u/%.15s: account for user %u has expired\n", 01466 current->pid, current->comm, uid); 01467 goto out_free; 01468 } 01469 if ((curdays > 01470 (entry_p->lastchange + entry_p->maxchange + 01471 entry_p->inactive)) 01472 && (entry_p->maxchange != -1) 01473 && (entry_p->maxchange) 01474 && (entry_p->inactive != -1) 01475 && (entry_p->inactive) 01476 ) { 01477 err = -RSBAC_EEXPIRED; 01478 rsbac_pr_debug(aef_um, "pid %u/%.15s: password for user %u has expired\n", 01479 current->pid, current->comm, uid); 01480 goto out_free; 01481 } 01482 if (((entry_p->lastchange + entry_p->maxchange) < curdays) 01483 && entry_p->maxchange && (entry_p->maxchange != -1) 01484 ) { 01485 err = -RSBAC_EMUSTCHANGE; 01486 rsbac_pr_debug(aef_um, "pid %u/%.15s: user %u must change password, " 01487 "lastchange too old\n", 01488 current->pid, current->comm, uid); 01489 goto out_free; 01490 } 01491 if ((curdays > 01492 (entry_p->lastchange + entry_p->maxchange - 01493 entry_p->warnchange)) 01494 && (entry_p->maxchange != -1) 01495 && (entry_p->warnchange != -1) 01496 && entry_p->maxchange && entry_p->warnchange) { 01497 err = (entry_p->lastchange + entry_p->maxchange) - curdays; 01498 } else 01499 err = 0; 01500 01501 out_free: 01502 rsbac_kfree(entry_p); 01503 return err; 01504 }
int rsbac_um_check_account_name | ( | char * | name | ) |
int rsbac_um_get_gid | ( | rsbac_list_ta_number_t | ta_number, | |
char * | name, | |||
rsbac_gid_t * | gid_p | |||
) |
Definition at line 498 of file um_data_structures.c.
00500 { 00501 if (!name || !gid_p) 00502 return -RSBAC_EINVALIDPOINTER; 00503 if (!rsbac_ta_list_get_desc(ta_number, 00504 group_handle, 00505 gid_p, 00506 name, group_name_compare)) 00507 return 0; 00508 else 00509 return -RSBAC_ENOTFOUND; 00510 }
int rsbac_um_get_gm_list | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | user, | |||
rsbac_gid_t | group_array[], | |||
u_int | maxnum | |||
) |
int rsbac_um_get_gm_user_list | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | group, | |||
rsbac_uid_t | user_array[], | |||
u_int | maxnum | |||
) |
int rsbac_um_get_group_item | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | gid, | |||
enum rsbac_um_mod_t | mod, | |||
union rsbac_um_mod_data_t * | data_p | |||
) |
Definition at line 977 of file um_data_structures.c.
00981 { 00982 int err; 00983 struct rsbac_um_group_entry_t *entry_p; 00984 00985 if (!rsbac_is_initialized()) { 00986 rsbac_printk(KERN_WARNING "rsbac_um_get_group_item(): RSBAC not initialized\n"); 00987 return (-RSBAC_ENOTINITIALIZED); 00988 } 00989 if (!data_p) 00990 return -RSBAC_EINVALIDPOINTER; 00991 if (!rsbac_ta_list_exist 00992 (ta_number, group_handle, &group)) 00993 return -RSBAC_ENOTFOUND; 00994 if (mod == UM_ttl) 00995 return rsbac_ta_list_get_data_ttl(ta_number, 00996 group_handle, 00997 &data_p->ttl, &group, 00998 NULL); 00999 01000 entry_p = rsbac_kmalloc(sizeof(*entry_p)); 01001 if (!entry_p) 01002 return -RSBAC_ENOMEM; 01003 err = 01004 rsbac_ta_list_get_data_ttl(ta_number, 01005 group_handle, 01006 NULL, &group, entry_p); 01007 if (err) { 01008 rsbac_kfree(entry_p); 01009 return err; 01010 } 01011 switch (mod) { 01012 case UM_name: 01013 strcpy(data_p->string, entry_p->name); 01014 break; 01015 01016 case UM_pass: 01017 memcpy(data_p->string, entry_p->pass, RSBAC_UM_PASS_LEN); 01018 break; 01019 01020 default: 01021 rsbac_kfree(entry_p); 01022 return -RSBAC_EINVALIDREQUEST; 01023 } 01024 01025 rsbac_kfree(entry_p); 01026 return 0; 01027 }
int rsbac_um_get_group_list | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | group_array[], | |||
u_int | maxnum | |||
) |
int rsbac_um_get_next_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | old_user, | |||
rsbac_uid_t * | next_user_p | |||
) |
Definition at line 1094 of file um_data_structures.c.
01096 { 01097 rsbac_uid_t *old_user_p; 01098 01099 if (old_user == RSBAC_NO_USER) 01100 old_user_p = NULL; 01101 else 01102 old_user_p = &old_user; 01103 01104 return rsbac_ta_list_lol_get_next_desc(ta_number, 01105 user_handle, 01106 old_user_p, 01107 next_user_p); 01108 }
int rsbac_um_get_uid | ( | rsbac_list_ta_number_t | ta_number, | |
char * | name, | |||
rsbac_uid_t * | uid_p | |||
) |
Definition at line 485 of file um_data_structures.c.
00487 { 00488 if (!name || !uid_p) 00489 return -RSBAC_EINVALIDPOINTER; 00490 if (!rsbac_ta_list_lol_get_desc(ta_number, 00491 user_handle, 00492 uid_p, name, name_compare)) 00493 return 0; 00494 else 00495 return -RSBAC_ENOTFOUND; 00496 }
int rsbac_um_get_user_item | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | uid, | |||
enum rsbac_um_mod_t | mod, | |||
union rsbac_um_mod_data_t * | data_p | |||
) |
Definition at line 885 of file um_data_structures.c.
00889 { 00890 int err; 00891 struct rsbac_um_user_entry_t *entry_p; 00892 00893 if (!rsbac_is_initialized()) { 00894 rsbac_printk(KERN_WARNING "rsbac_um_get_user_item(): RSBAC not initialized\n"); 00895 return (-RSBAC_ENOTINITIALIZED); 00896 } 00897 if (!data_p) 00898 return -RSBAC_EINVALIDPOINTER; 00899 if (!rsbac_ta_list_lol_exist 00900 (ta_number, user_handle, &user)) 00901 return -RSBAC_ENOTFOUND; 00902 if (mod == UM_ttl) 00903 return rsbac_ta_list_lol_get_data_ttl(ta_number, 00904 user_handle, 00905 &data_p->ttl, &user, 00906 NULL); 00907 00908 entry_p = rsbac_kmalloc(sizeof(*entry_p)); 00909 if (!entry_p) 00910 return -RSBAC_ENOMEM; 00911 err = 00912 rsbac_ta_list_lol_get_data_ttl(ta_number, 00913 user_handle, 00914 NULL, &user, entry_p); 00915 if (err) { 00916 rsbac_kfree(entry_p); 00917 return err; 00918 } 00919 switch (mod) { 00920 case UM_name: 00921 strcpy(data_p->string, entry_p->name); 00922 break; 00923 00924 case UM_pass: 00925 memcpy(data_p->string, entry_p->pass, RSBAC_UM_PASS_LEN); 00926 break; 00927 00928 case UM_fullname: 00929 strcpy(data_p->string, entry_p->fullname); 00930 break; 00931 00932 case UM_homedir: 00933 strcpy(data_p->string, entry_p->homedir); 00934 break; 00935 00936 case UM_shell: 00937 strcpy(data_p->string, entry_p->shell); 00938 break; 00939 00940 case UM_group: 00941 data_p->group = entry_p->group; 00942 break; 00943 00944 case UM_lastchange: 00945 data_p->days = entry_p->lastchange; 00946 break; 00947 00948 case UM_minchange: 00949 data_p->days = entry_p->minchange; 00950 break; 00951 00952 case UM_maxchange: 00953 data_p->days = entry_p->maxchange; 00954 break; 00955 00956 case UM_warnchange: 00957 data_p->days = entry_p->warnchange; 00958 break; 00959 00960 case UM_inactive: 00961 data_p->days = entry_p->inactive; 00962 break; 00963 00964 case UM_expire: 00965 data_p->days = entry_p->expire; 00966 break; 00967 00968 default: 00969 rsbac_kfree(entry_p); 00970 return -RSBAC_EINVALIDREQUEST; 00971 } 00972 00973 rsbac_kfree(entry_p); 00974 return 0; 00975 }
int rsbac_um_get_user_list | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | user_array[], | |||
u_int | maxnum | |||
) |
int rsbac_um_group_exists | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | gid | |||
) |
Definition at line 1037 of file um_data_structures.c.
01039 { 01040 return rsbac_ta_list_exist(ta_number, 01041 group_handle, 01042 &group); 01043 }
int rsbac_um_mod_group | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | gid, | |||
enum rsbac_um_mod_t | mod, | |||
union rsbac_um_mod_data_t * | data_p | |||
) |
Definition at line 794 of file um_data_structures.c.
00798 { 00799 int err; 00800 struct rsbac_um_group_entry_t *entry_p; 00801 00802 if (!rsbac_is_initialized()) { 00803 rsbac_printk(KERN_WARNING "rsbac_um_mod_group(): RSBAC not initialized\n"); 00804 return (-RSBAC_ENOTINITIALIZED); 00805 } 00806 if (!data_p && (mod != UM_pass) 00807 ) 00808 return -RSBAC_EINVALIDPOINTER; 00809 if (!rsbac_ta_list_exist 00810 (ta_number, group_handle, &group)) 00811 return -RSBAC_ENOTFOUND; 00812 00813 entry_p = rsbac_kmalloc(sizeof(*entry_p)); 00814 if (!entry_p) 00815 return -RSBAC_ENOMEM; 00816 err = 00817 rsbac_ta_list_get_data_ttl(ta_number, 00818 group_handle, 00819 NULL, &group, entry_p); 00820 if (err) { 00821 rsbac_kfree(entry_p); 00822 return err; 00823 } 00824 rsbac_pr_debug(aef_um, "pid %u/%.15s: modifying group %u\n", 00825 current->pid, current->comm, group); 00826 switch (mod) { 00827 case UM_name: 00828 { 00829 rsbac_gid_t tmp_group; 00830 00831 if (!rsbac_um_get_gid 00832 (ta_number, data_p->string, &tmp_group) 00833 && (tmp_group != group) 00834 ) 00835 return -RSBAC_EEXISTS; 00836 strncpy(entry_p->name, data_p->string, 00837 RSBAC_UM_NAME_LEN); 00838 entry_p->name[RSBAC_UM_NAME_LEN - 1] = 0; 00839 } 00840 break; 00841 00842 case UM_pass: 00843 if (data_p) { 00844 __u32 salt; 00845 00846 new_salt(&salt); 00847 err = rsbac_um_hash(data_p->string, salt); 00848 if (err) { 00849 rsbac_kfree(entry_p); 00850 return err; 00851 } 00852 memcpy(entry_p->pass, &salt, sizeof(salt)); 00853 memcpy(entry_p->pass + sizeof(salt), 00854 data_p->string, 00855 RSBAC_UM_PASS_LEN - sizeof(salt)); 00856 } else 00857 memset(entry_p->pass, 0, RSBAC_UM_PASS_LEN); 00858 break; 00859 00860 case UM_cryptpass: 00861 memcpy(entry_p->pass, data_p->string, RSBAC_UM_PASS_LEN); 00862 break; 00863 00864 case UM_ttl: 00865 err = 00866 rsbac_ta_list_add_ttl(ta_number, 00867 group_handle, 00868 data_p->ttl, &group, entry_p); 00869 rsbac_kfree(entry_p); 00870 return err; 00871 00872 default: 00873 rsbac_kfree(entry_p); 00874 return -RSBAC_EINVALIDREQUEST; 00875 } 00876 00877 err = 00878 rsbac_ta_list_add_ttl(ta_number, 00879 group_handle, 00880 RSBAC_LIST_TTL_KEEP, &group, entry_p); 00881 rsbac_kfree(entry_p); 00882 return err; 00883 }
int rsbac_um_mod_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | uid, | |||
enum rsbac_um_mod_t | mod, | |||
union rsbac_um_mod_data_t * | data_p | |||
) |
Definition at line 645 of file um_data_structures.c.
00649 { 00650 int err; 00651 struct rsbac_um_user_entry_t *entry_p; 00652 00653 if (!rsbac_is_initialized()) { 00654 rsbac_printk(KERN_WARNING "rsbac_um_mod_user(): RSBAC not initialized\n"); 00655 return (-RSBAC_ENOTINITIALIZED); 00656 } 00657 if (!data_p && (mod != UM_pass) 00658 ) 00659 return -RSBAC_EINVALIDPOINTER; 00660 if (!rsbac_ta_list_lol_exist 00661 (ta_number, user_handle, &user)) 00662 return -RSBAC_ENOTFOUND; 00663 00664 entry_p = rsbac_kmalloc(sizeof(*entry_p)); 00665 if (!entry_p) 00666 return -RSBAC_ENOMEM; 00667 err = 00668 rsbac_ta_list_lol_get_data_ttl(ta_number, 00669 user_handle, 00670 NULL, &user, entry_p); 00671 if (err) { 00672 rsbac_kfree(entry_p); 00673 return err; 00674 } 00675 rsbac_pr_debug(aef_um, "pid %u/%.15s: modifying user %u\n", 00676 current->pid, current->comm, user); 00677 switch (mod) { 00678 case UM_name: 00679 { 00680 rsbac_uid_t tmp_user; 00681 00682 if (!rsbac_um_get_uid 00683 (ta_number, data_p->string, &tmp_user) 00684 && (tmp_user != user) 00685 ) 00686 return -RSBAC_EEXISTS; 00687 strncpy(entry_p->name, data_p->string, 00688 RSBAC_UM_NAME_LEN); 00689 entry_p->name[RSBAC_UM_NAME_LEN - 1] = 0; 00690 } 00691 break; 00692 00693 case UM_pass: 00694 if (data_p) { 00695 __u32 salt; 00696 00697 new_salt(&salt); 00698 err = rsbac_um_hash(data_p->string, salt); 00699 if (err) { 00700 rsbac_kfree(entry_p); 00701 return err; 00702 } 00703 memcpy(entry_p->pass, &salt, sizeof(salt)); 00704 memcpy(entry_p->pass + sizeof(salt), 00705 data_p->string, 00706 RSBAC_UM_PASS_LEN - sizeof(salt)); 00707 } else 00708 memset(entry_p->pass, 0, RSBAC_UM_PASS_LEN); 00709 entry_p->lastchange = RSBAC_CURRENT_TIME / 86400; 00710 break; 00711 00712 case UM_cryptpass: 00713 memcpy(entry_p->pass, data_p->string, RSBAC_UM_PASS_LEN); 00714 break; 00715 00716 case UM_fullname: 00717 strncpy(entry_p->fullname, data_p->string, 00718 RSBAC_UM_FULLNAME_LEN); 00719 entry_p->fullname[RSBAC_UM_FULLNAME_LEN - 1] = 0; 00720 break; 00721 00722 case UM_homedir: 00723 strncpy(entry_p->homedir, data_p->string, 00724 RSBAC_UM_HOMEDIR_LEN); 00725 entry_p->homedir[RSBAC_UM_HOMEDIR_LEN - 1] = 0; 00726 break; 00727 00728 case UM_shell: 00729 strncpy(entry_p->shell, data_p->string, 00730 RSBAC_UM_SHELL_LEN); 00731 entry_p->shell[RSBAC_UM_SHELL_LEN - 1] = 0; 00732 break; 00733 00734 case UM_group: 00735 #ifdef CONFIG_RSBAC_UM_EXCL 00736 if (!rsbac_um_no_excl 00737 && !rsbac_ta_list_exist(ta_number, 00738 group_handle, 00739 &data_p->group)) { 00740 rsbac_printk(KERN_INFO "rsbac_um_mod_user(): gid %u not known to RSBAC User Management!\n", 00741 data_p->group); 00742 rsbac_kfree(entry_p); 00743 return -RSBAC_EINVALIDVALUE; 00744 } 00745 #endif 00746 entry_p->group = data_p->group; 00747 break; 00748 00749 case UM_lastchange: 00750 entry_p->lastchange = data_p->days; 00751 break; 00752 00753 case UM_minchange: 00754 entry_p->minchange = data_p->days; 00755 break; 00756 00757 case UM_maxchange: 00758 entry_p->maxchange = data_p->days; 00759 break; 00760 00761 case UM_warnchange: 00762 entry_p->warnchange = data_p->days; 00763 break; 00764 00765 case UM_inactive: 00766 entry_p->inactive = data_p->days; 00767 break; 00768 00769 case UM_expire: 00770 entry_p->expire = data_p->days; 00771 break; 00772 00773 case UM_ttl: 00774 err = 00775 rsbac_ta_list_lol_add_ttl(ta_number, 00776 user_handle, 00777 data_p->ttl, &user, entry_p); 00778 rsbac_kfree(entry_p); 00779 return err; 00780 00781 default: 00782 rsbac_kfree(entry_p); 00783 return -RSBAC_EINVALIDREQUEST; 00784 } 00785 00786 err = 00787 rsbac_ta_list_lol_add_ttl(ta_number, 00788 user_handle, 00789 RSBAC_LIST_TTL_KEEP, &user, entry_p); 00790 rsbac_kfree(entry_p); 00791 return err; 00792 }
int rsbac_um_remove_gm | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | uid, | |||
rsbac_gid_t | gid | |||
) |
Definition at line 1070 of file um_data_structures.c.
01072 { 01073 if (!rsbac_is_initialized()) { 01074 rsbac_printk(KERN_WARNING "rsbac_um_remove_gm(): RSBAC not initialized\n"); 01075 return (-RSBAC_ENOTINITIALIZED); 01076 } 01077 rsbac_pr_debug(aef_um, "pid %u/%.15s: removing user %u group %u\n", 01078 current->pid, current->comm, user, group); 01079 return rsbac_ta_list_lol_subremove(ta_number, 01080 user_handle, 01081 &user, &group); 01082 }
int rsbac_um_remove_group | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_gid_t | gid | |||
) |
Definition at line 1056 of file um_data_structures.c.
01058 { 01059 if (!rsbac_ta_list_exist 01060 (ta_number, group_handle, &group)) 01061 return -RSBAC_ENOTFOUND; 01062 rsbac_ta_list_lol_subremove_from_all(ta_number, 01063 user_handle, 01064 &group); 01065 return rsbac_ta_list_remove(ta_number, 01066 group_handle, 01067 &group); 01068 }
int rsbac_um_remove_user | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | uid | |||
) |
Definition at line 1045 of file um_data_structures.c.
01047 { 01048 if (!rsbac_ta_list_lol_exist 01049 (ta_number, user_handle, &user)) 01050 return -RSBAC_ENOTFOUND; 01051 return rsbac_ta_list_lol_remove(ta_number, 01052 user_handle, 01053 &user); 01054 }
int rsbac_um_set_group_pass | ( | rsbac_gid_t | gid, | |
char * | new_pass | |||
) |
Definition at line 1399 of file um_data_structures.c.
01400 { 01401 int err; 01402 struct rsbac_um_group_entry_t *entry_p; 01403 __u32 salt; 01404 01405 entry_p = rsbac_kmalloc(sizeof(*entry_p)); 01406 if (!entry_p) 01407 return -RSBAC_ENOMEM; 01408 err = rsbac_ta_list_get_data_ttl(0, group_handle, 01409 NULL, &gid, entry_p); 01410 if (err) 01411 goto out_free; 01412 01413 rsbac_pr_debug(aef_um, "pid %u/%.15s: setting password for group %u\n", 01414 current->pid, current->comm, gid); 01415 if (pass) { 01416 new_salt(&salt); 01417 err = rsbac_um_hash(pass, salt); 01418 if (err) 01419 goto out_free; 01420 memcpy(entry_p->pass, &salt, sizeof(salt)); 01421 memcpy(entry_p->pass + sizeof(salt), pass, 01422 RSBAC_UM_PASS_LEN - sizeof(salt)); 01423 } else 01424 memset(entry_p->pass, 0, RSBAC_UM_PASS_LEN); 01425 err = 01426 rsbac_ta_list_add_ttl(0, group_handle, 0, 01427 &gid, entry_p); 01428 01429 out_free: 01430 rsbac_kfree(entry_p); 01431 return err; 01432 }
int rsbac_um_set_pass | ( | rsbac_uid_t | uid, | |
char * | old_pass, | |||
char * | new_pass | |||
) |
int rsbac_um_set_pass_name | ( | char * | name, | |
char * | old_pass, | |||
char * | new_pass | |||
) |
int rsbac_um_user_exists | ( | rsbac_list_ta_number_t | ta_number, | |
rsbac_uid_t | uid | |||
) |
Definition at line 1029 of file um_data_structures.c.
01031 { 01032 return rsbac_ta_list_lol_exist(ta_number, 01033 user_handle, 01034 &user); 01035 }
int rsbac_version | ( | void | ) |
int rsbac_write | ( | void | ) |
Referenced by rsbac_umount(), and sys_rsbac_write().