/linux-2.6.21.1-rsbac-1.3.4/rsbac/adf/auth/auth_syscalls.c File Reference

#include <linux/string.h>
#include <linux/sched.h>
#include <linux/errno.h>
#include <rsbac/types.h>
#include <rsbac/aci.h>
#include <rsbac/error.h>
#include <rsbac/auth.h>
#include <rsbac/debug.h>
#include <rsbac/helpers.h>
#include <rsbac/adf_main.h>

Go to the source code of this file.

Functions

int rsbac_auth_add_p_cap (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl)
int rsbac_auth_remove_p_cap (rsbac_list_ta_number_t ta_number, rsbac_pid_t pid, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range)
int rsbac_auth_add_f_cap (rsbac_list_ta_number_t ta_number, rsbac_auth_file_t file, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range, rsbac_time_t ttl)
int rsbac_auth_remove_f_cap (rsbac_list_ta_number_t ta_number, rsbac_auth_file_t file, enum rsbac_auth_cap_type_t cap_type, struct rsbac_auth_cap_range_t cap_range)


Function Documentation

int rsbac_auth_add_f_cap ( rsbac_list_ta_number_t  ta_number,
rsbac_auth_file_t  file,
enum rsbac_auth_cap_type_t  cap_type,
struct rsbac_auth_cap_range_t  cap_range,
rsbac_time_t  ttl 
)

Definition at line 140 of file auth_syscalls.c.

References rsbac_auth_add_to_f_capset().

Referenced by sys_rsbac_auth_add_f_cap().

00146   {
00147     /* check has been done in help/syscalls.c: sys_rsbac_auth_add_f_cap */
00148     return rsbac_auth_add_to_f_capset(ta_number, file, cap_type, cap_range, ttl);
00149   }

int rsbac_auth_add_p_cap ( rsbac_list_ta_number_t  ta_number,
rsbac_pid_t  pid,
enum rsbac_auth_cap_type_t  cap_type,
struct rsbac_auth_cap_range_t  cap_range,
rsbac_time_t  ttl 
)

Definition at line 35 of file auth_syscalls.c.

References A_auth_may_set_cap, rsbac_attribute_value_t::auth_may_set_cap, FALSE, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_target_id_t::process, rsbac_auth_add_to_p_capset(), RSBAC_EREADFAILED, rsbac_get_attr, rsbac_pr_get_error, rsbac_printk(), SW_AUTH, and T_PROCESS.

Referenced by sys_rsbac_auth_add_p_cap().

00041   {
00042 /* check only in non-maint mode */
00043 #if !defined(CONFIG_RSBAC_MAINT)
00044 #ifdef CONFIG_RSBAC_SWITCH_AUTH
00045     if(rsbac_switch_auth)
00046 #endif
00047       {
00048         union rsbac_target_id_t       i_tid;
00049         union rsbac_attribute_value_t i_attr_val1;
00050 
00051         /* check auth_may_set_cap of calling process */
00052         i_tid.process = current->pid;
00053         if (rsbac_get_attr(SW_AUTH,
00054                            T_PROCESS,
00055                            i_tid,
00056                            A_auth_may_set_cap,
00057                            &i_attr_val1,
00058                            FALSE))
00059           {
00060             rsbac_pr_get_error(A_auth_may_set_cap);
00061             return -RSBAC_EREADFAILED;
00062           }
00063         /* if auth_may_set_cap is not set, then reject */
00064         if (!i_attr_val1.auth_may_set_cap)
00065           {
00066             rsbac_printk(KERN_INFO
00067                    "rsbac_auth_add_p_cap(): adding AUTH cap %u:%u to process %u denied for process %u!\n",
00068                    cap_range.first,
00069                    cap_range.last,
00070                    pid,
00071                    current->pid);
00072             #ifdef CONFIG_RSBAC_SOFTMODE
00073             if(   !rsbac_softmode
00074             #ifdef CONFIG_RSBAC_SOFTMODE_IND
00075                && !rsbac_ind_softmode[SW_AUTH]
00076             #endif
00077               )
00078             #endif
00079               return(-EPERM);
00080           }
00081       }
00082 #endif
00083 
00084     /* OK, check passed. Add the capability. */
00085     return rsbac_auth_add_to_p_capset(ta_number, pid, cap_type, cap_range, ttl);
00086   }

int rsbac_auth_remove_f_cap ( rsbac_list_ta_number_t  ta_number,
rsbac_auth_file_t  file,
enum rsbac_auth_cap_type_t  cap_type,
struct rsbac_auth_cap_range_t  cap_range 
)

Definition at line 151 of file auth_syscalls.c.

References rsbac_auth_remove_from_f_capset().

Referenced by sys_rsbac_auth_remove_f_cap().

00156   {
00157     /* check has been done in help/syscalls.c: sys_rsbac_auth_remove_f_cap */
00158     return rsbac_auth_remove_from_f_capset(ta_number, file, cap_type, cap_range);
00159   }

int rsbac_auth_remove_p_cap ( rsbac_list_ta_number_t  ta_number,
rsbac_pid_t  pid,
enum rsbac_auth_cap_type_t  cap_type,
struct rsbac_auth_cap_range_t  cap_range 
)

Definition at line 88 of file auth_syscalls.c.

References A_auth_may_set_cap, rsbac_attribute_value_t::auth_may_set_cap, FALSE, rsbac_auth_cap_range_t::first, rsbac_auth_cap_range_t::last, rsbac_target_id_t::process, rsbac_auth_remove_from_p_capset(), RSBAC_EREADFAILED, rsbac_get_attr, rsbac_pr_get_error, rsbac_printk(), SW_AUTH, and T_PROCESS.

Referenced by sys_rsbac_auth_remove_p_cap().

00093   {
00094 /* check only in non-maint mode */
00095 #if !defined(CONFIG_RSBAC_MAINT)
00096 #ifdef CONFIG_RSBAC_SWITCH_AUTH
00097     if(rsbac_switch_auth)
00098 #endif
00099       {
00100         union rsbac_target_id_t       i_tid;
00101         union rsbac_attribute_value_t i_attr_val1;
00102 
00103         /* check auth_may_set_cap of calling process */
00104         i_tid.process = current->pid;
00105         if (rsbac_get_attr(SW_AUTH,
00106                            T_PROCESS,
00107                            i_tid,
00108                            A_auth_may_set_cap,
00109                            &i_attr_val1,
00110                            FALSE))
00111           {
00112             rsbac_pr_get_error(A_auth_may_set_cap);
00113             return -RSBAC_EREADFAILED;
00114           }
00115         /* if auth_may_set_cap is not set, then reject */
00116         if (!i_attr_val1.auth_may_set_cap)
00117           {
00118             rsbac_printk(KERN_INFO
00119                    "rsbac_auth_remove_p_cap(): removing AUTH cap %u:%u from process %u denied for process %u!\n",
00120                    cap_range.first,
00121                    cap_range.last,
00122                    pid,
00123                    current->pid);
00124             #ifdef CONFIG_RSBAC_SOFTMODE
00125             if(   !rsbac_softmode
00126             #ifdef CONFIG_RSBAC_SOFTMODE_IND
00127                && !rsbac_ind_softmode[SW_AUTH]
00128             #endif
00129               )
00130             #endif
00131               return(-EPERM);
00132           }
00133       }
00134 #endif
00135 
00136     /* OK, check passed. Try to remove the capability. */
00137     return rsbac_auth_remove_from_p_capset(ta_number, pid, cap_type, cap_range);
00138   }


Generated on Wed May 16 11:54:07 2007 for RSBAC by  doxygen 1.5.1