00001 /**************************************/ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2006: */ 00004 /* Amon Ott <ao@rsbac.org> */ 00005 /* Data structures / AUTH */ 00006 /* Last modified: 12/Jan/2006 */ 00007 /**************************************/ 00008 00009 #ifndef __RSBAC_AUTH_DATA_STRUC_H 00010 #define __RSBAC_AUTH_DATA_STRUC_H 00011 00012 #include <linux/types.h> 00013 #include <rsbac/aci.h> 00014 #include <rsbac/types.h> 00015 00016 /**********************************************/ 00017 /* Capability lists */ 00018 /**********************************************/ 00019 00020 #define RSBAC_AUTH_LIST_KEY 626281 00021 00022 #define RSBAC_AUTH_P_LIST_VERSION 1 00023 #define RSBAC_AUTH_P_LIST_NAME "authproc" 00024 #define RSBAC_AUTH_P_EFF_LIST_NAME "authproceff" 00025 #define RSBAC_AUTH_P_FS_LIST_NAME "authprocfs" 00026 #define RSBAC_AUTH_P_GROUP_LIST_NAME "authprocgr" 00027 #define RSBAC_AUTH_P_GROUP_EFF_LIST_NAME "authprocgreff" 00028 #define RSBAC_AUTH_P_GROUP_FS_LIST_NAME "authprocgrfs" 00029 00030 #define RSBAC_AUTH_FD_FILENAME "authfd" 00031 #define RSBAC_AUTH_FD_EFF_FILENAME "authfde" 00032 #define RSBAC_AUTH_FD_FS_FILENAME "authfdf" 00033 #define RSBAC_AUTH_FD_GROUP_FILENAME "authfg" 00034 #define RSBAC_AUTH_FD_GROUP_EFF_FILENAME "authfge" 00035 #define RSBAC_AUTH_FD_GROUP_FS_FILENAME "authfgf" 00036 #define RSBAC_AUTH_FD_OLD_FILENAME "authfd." 00037 #define RSBAC_AUTH_FD_OLD_EFF_FILENAME "authfde." 00038 #define RSBAC_AUTH_FD_OLD_FS_FILENAME "authfdf." 00039 #define RSBAC_AUTH_FD_OLD_GROUP_FILENAME "authfg." 00040 #define RSBAC_AUTH_FD_OLD_GROUP_EFF_FILENAME "authfge." 00041 #define RSBAC_AUTH_FD_OLD_GROUP_FS_FILENAME "authfgf." 00042 #define RSBAC_AUTH_NR_CAP_FD_LISTS 4 00043 #define RSBAC_AUTH_NR_CAP_EFF_FD_LISTS 2 00044 #define RSBAC_AUTH_NR_CAP_FS_FD_LISTS 2 00045 #define RSBAC_AUTH_NR_CAP_GROUP_FD_LISTS 4 00046 #define RSBAC_AUTH_NR_CAP_GROUP_EFF_FD_LISTS 2 00047 #define RSBAC_AUTH_NR_CAP_GROUP_FS_FD_LISTS 2 00048 #define RSBAC_AUTH_FD_LIST_VERSION 1 00049 #define RSBAC_AUTH_FD_EFF_LIST_VERSION 1 00050 #define RSBAC_AUTH_FD_FS_LIST_VERSION 1 00051 #define RSBAC_AUTH_FD_GROUP_LIST_VERSION 1 00052 #define RSBAC_AUTH_FD_GROUP_EFF_LIST_VERSION 1 00053 #define RSBAC_AUTH_FD_GROUP_FS_LIST_VERSION 1 00054 00055 /* The list of devices is also a double linked list, so we define list */ 00056 /* items and a list head. */ 00057 00058 struct rsbac_auth_device_list_item_t { 00059 kdev_t id; /* set to 0 before deletion */ 00060 u_int mount_count; 00061 rsbac_list_handle_t handle; 00062 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 00063 rsbac_list_handle_t eff_handle; 00064 rsbac_list_handle_t fs_handle; 00065 #endif 00066 #ifdef CONFIG_RSBAC_AUTH_GROUP 00067 rsbac_list_handle_t 00068 group_handle; 00069 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 00070 rsbac_list_handle_t 00071 group_eff_handle; 00072 rsbac_list_handle_t 00073 group_fs_handle; 00074 #endif 00075 #endif 00076 struct rsbac_auth_device_list_item_t *prev; 00077 struct rsbac_auth_device_list_item_t *next; 00078 }; 00079 00080 /* To provide consistency we use spinlocks for all list accesses. The */ 00081 /* 'curr' entry is used to avoid repeated lookups for the same item. */ 00082 00083 struct rsbac_auth_device_list_head_t { 00084 struct rsbac_auth_device_list_item_t *head; 00085 struct rsbac_auth_device_list_item_t *tail; 00086 struct rsbac_auth_device_list_item_t *curr; 00087 u_int count; 00088 }; 00089 00090 #endif