Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
daten / src / rsbac / linux-2.4.31-rsbac-v1.2.4 / include / rsbac

acl_types.h

Go to the documentation of this file.
00001 /************************************ */
00002 /* Rule Set Based Access Control      */
00003 /* Author and (c) 1999-2005:          */
00004 /*   Amon Ott <ao@rsbac.org>          */
00005 /* API: Data types for attributes     */
00006 /*      and standard module calls     */
00007 /* Last modified: 09/Feb/2005         */
00008 /************************************ */
00009 
00010 #ifndef __RSBAC_ACL_TYPES_H
00011 #define __RSBAC_ACL_TYPES_H
00012 
00013 #include <linux/types.h>
00014 
00015 #define RSBAC_ACL_TTL_KEEP RSBAC_LIST_TTL_KEEP;
00016 
00017 #define RSBAC_ACL_MAX_MAXNUM 1000000
00018 
00019 enum rsbac_acl_subject_type_t {ACLS_USER, ACLS_ROLE, ACLS_GROUP, ACLS_NONE};
00020 
00021 typedef __u8 rsbac_acl_int_subject_type_t;
00022 typedef __u32 rsbac_acl_subject_id_t;
00023 
00024 #define RSBAC_ACL_GROUP_EVERYONE 0
00025 
00026 #define RSBAC_ACL_ROLE_EVERYROLE 64
00027 
00028 #define RSBAC_ACL_ROLE_EVERYROLE 64
00029 
00030 #define RSBAC_ACL_OLD_SPECIAL_RIGHT_BASE 48
00031 #define RSBAC_ACL_SPECIAL_RIGHT_BASE 56
00032 
00033 enum rsbac_acl_special_rights_t
00034   { ACLR_FORWARD = RSBAC_ACL_SPECIAL_RIGHT_BASE,
00035     ACLR_ACCESS_CONTROL,
00036     ACLR_SUPERVISOR,
00037     ACLR_NONE};
00038 
00039 typedef __u64 rsbac_acl_rights_vector_t;
00040 
00041 #define RSBAC_ACL_RIGHTS_VECTOR(x) ((rsbac_acl_rights_vector_t) 1 << (x))
00042 
00043 #define RSBAC_ACL_SPECIAL_RIGHTS_VECTOR (\
00044   ((rsbac_acl_rights_vector_t) 1 << ACLR_FORWARD) | \
00045   ((rsbac_acl_rights_vector_t) 1 << ACLR_ACCESS_CONTROL) | \
00046   ((rsbac_acl_rights_vector_t) 1 << ACLR_SUPERVISOR) \
00047   )
00048 
00049 #define RSBAC_ACL_SUPERVISOR_RIGHT_VECTOR (\
00050   ((rsbac_acl_rights_vector_t) 1 << ACLR_SUPERVISOR) \
00051   )
00052 #define RSBAC_NWS_REQUEST_VECTOR RSBAC_ACL_SUPERVISOR_RIGHT_VECTOR
00053 
00054 #define RSBAC_ACL_ACCESS_CONTROL_RIGHT_VECTOR (\
00055   ((rsbac_acl_rights_vector_t) 1 << ACLR_ACCESS_CONTROL) \
00056   )
00057 #define RSBAC_NWA_REQUEST_VECTOR RSBAC_ACL_ACCESS_CONTROL_RIGHT_VECTOR
00058 
00059 #define RSBAC_ACL_ALL_RIGHTS_VECTOR (RSBAC_ALL_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00060 
00061 #define RSBAC_ACL_DEFAULT_FD_MASK (RSBAC_FD_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00062 #define RSBAC_ACL_DEFAULT_DEV_MASK (RSBAC_DEV_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00063 #define RSBAC_ACL_DEFAULT_SCD_MASK (RSBAC_SCD_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00064 #define RSBAC_ACL_DEFAULT_U_MASK (RSBAC_USER_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00065 #define RSBAC_ACL_DEFAULT_G_MASK (RSBAC_GROUP_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00066 #define RSBAC_ACL_DEFAULT_NETDEV_MASK (RSBAC_NETDEV_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00067 #define RSBAC_ACL_DEFAULT_NETTEMP_MASK (RSBAC_NETTEMP_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00068 #define RSBAC_ACL_DEFAULT_NETOBJ_MASK (RSBAC_NETOBJ_REQUEST_VECTOR | RSBAC_ACL_SPECIAL_RIGHTS_VECTOR)
00069 
00070 #define RSBAC_ACL_USER_RIGHTS_VECTOR (RSBAC_USER_REQUEST_VECTOR \
00071                                       | RSBAC_ACL_RIGHTS_VECTOR(R_DELETE))
00072 
00073 #define RSBAC_ACL_GROUP_RIGHTS_VECTOR RSBAC_GROUP_REQUEST_VECTOR
00074 
00075 #define RSBAC_ACL_GEN_RIGHTS_VECTOR 0
00076 
00077 #define RSBAC_ACL_ACMAN_RIGHTS_VECTOR (\
00078   ((rsbac_acl_rights_vector_t) 1 << ACLR_FORWARD) | \
00079   ((rsbac_acl_rights_vector_t) 1 << ACLR_ACCESS_CONTROL) | \
00080   ((rsbac_acl_rights_vector_t) 1 << ACLR_SUPERVISOR) \
00081   )
00082 
00083 #define RSBAC_ACL_SYSADM_RIGHTS_VECTOR 0
00084 
00085 /*
00086  * System Control Types, including general SCD types
00087  * (start at 32 to allow future SCD types, max is 63)
00088  * (should always be same as in RC model)
00089  */
00090 #define AST_min 32
00091 enum rsbac_acl_scd_type_t{AST_auth_administration = AST_min,
00092                           AST_none};
00093 
00094 /* note: the desc struct must be the same as the beginning of the entry struct! */
00095 struct rsbac_acl_entry_t
00096   {
00097     rsbac_acl_int_subject_type_t subj_type;  /* enum rsbac_acl_subject_type_t */
00098     rsbac_acl_subject_id_t       subj_id;
00099     rsbac_acl_rights_vector_t    rights;
00100   };
00101 
00102 struct rsbac_acl_entry_desc_t
00103   {
00104     rsbac_acl_int_subject_type_t subj_type;  /* enum rsbac_acl_subject_type_t */
00105     rsbac_acl_subject_id_t       subj_id;
00106   };
00107 
00108 enum rsbac_acl_group_type_t {ACLG_GLOBAL, ACLG_PRIVATE, ACLG_NONE};
00109 
00110 typedef __u32 rsbac_acl_group_id_t;
00111 
00112 #define RSBAC_ACL_GROUP_NAMELEN 16
00113 
00114 #define RSBAC_ACL_GROUP_VERSION 2
00115 
00116 struct rsbac_acl_group_entry_t
00117   {
00118          rsbac_acl_group_id_t   id;
00119          rsbac_uid_t            owner;
00120     enum rsbac_acl_group_type_t type;
00121          char                   name[RSBAC_ACL_GROUP_NAMELEN];
00122   };
00123 
00124 /**** syscalls ****/
00125 
00126 enum rsbac_acl_syscall_type_t
00127   {
00128     ACLC_set_acl_entry,
00129     ACLC_remove_acl_entry,
00130     ACLC_remove_acl,
00131     ACLC_add_to_acl_entry,
00132     ACLC_remove_from_acl_entry,
00133     ACLC_set_mask,
00134     ACLC_remove_user,
00135     ACLC_none
00136   };
00137 
00138 struct rsbac_acl_syscall_arg_t
00139   {
00140     enum   rsbac_target_t              target;
00141     union  rsbac_target_id_t           tid;
00142     enum   rsbac_acl_subject_type_t    subj_type;
00143            rsbac_acl_subject_id_t      subj_id;
00144            rsbac_acl_rights_vector_t   rights;
00145            rsbac_time_t                ttl;
00146   };
00147 
00148 struct rsbac_acl_syscall_n_arg_t
00149   {
00150     enum   rsbac_target_t              target;
00151            char                      * name;
00152     enum   rsbac_acl_subject_type_t    subj_type;
00153            rsbac_acl_subject_id_t      subj_id;
00154            rsbac_acl_rights_vector_t   rights;
00155            rsbac_time_t                ttl;
00156   };
00157 
00158 
00159 enum rsbac_acl_group_syscall_type_t
00160   {
00161     ACLGS_add_group,
00162     ACLGS_change_group,
00163     ACLGS_remove_group,
00164     ACLGS_get_group_entry,
00165     ACLGS_list_groups,
00166     ACLGS_add_member,
00167     ACLGS_remove_member,
00168     ACLGS_get_user_groups,
00169     ACLGS_get_group_members,
00170     ACLGS_none
00171   };
00172 
00173 struct rsbac_acl_add_group_arg_t
00174   {
00175     enum rsbac_acl_group_type_t type;
00176     char * name;
00177     rsbac_acl_group_id_t * group_id_p;
00178   };
00179 
00180 struct rsbac_acl_change_group_arg_t
00181   {
00182          rsbac_acl_group_id_t     id;
00183          rsbac_uid_t              owner;
00184     enum rsbac_acl_group_type_t   type;
00185          char                   * name;
00186   };
00187 
00188 struct rsbac_acl_remove_group_arg_t
00189   {
00190     rsbac_acl_group_id_t id;
00191   };
00192 
00193 struct rsbac_acl_get_group_entry_arg_t
00194   {
00195     rsbac_acl_group_id_t id;
00196     struct rsbac_acl_group_entry_t * entry_p;
00197   };
00198 
00199 struct rsbac_acl_list_groups_arg_t
00200   {
00201     rsbac_boolean_t        include_global;
00202     struct rsbac_acl_group_entry_t * group_entry_array;
00203     u_int                  maxnum;
00204   };
00205 
00206 struct rsbac_acl_add_member_arg_t
00207   {
00208     rsbac_acl_group_id_t group;
00209     rsbac_uid_t          user;
00210     rsbac_time_t ttl;
00211   };
00212 
00213 struct rsbac_acl_remove_member_arg_t
00214   {
00215     rsbac_acl_group_id_t group;
00216     rsbac_uid_t          user;
00217   };
00218 
00219 struct rsbac_acl_get_user_groups_arg_t
00220   {
00221     rsbac_uid_t            user;
00222     rsbac_acl_group_id_t * group_array;
00223     rsbac_time_t         * ttl_array;
00224     u_int                  maxnum;
00225   };
00226 
00227 struct rsbac_acl_get_group_members_arg_t
00228   {
00229     rsbac_acl_group_id_t   group;
00230     rsbac_uid_t          * user_array;
00231     rsbac_time_t         * ttl_array;
00232     u_int                  maxnum;
00233   };
00234 
00235 union rsbac_acl_group_syscall_arg_t
00236   {
00237     struct rsbac_acl_add_group_arg_t         add_group;
00238     struct rsbac_acl_change_group_arg_t      change_group;
00239     struct rsbac_acl_remove_group_arg_t      remove_group;
00240     struct rsbac_acl_get_group_entry_arg_t   get_group_entry;
00241     struct rsbac_acl_list_groups_arg_t       list_groups;
00242     struct rsbac_acl_add_member_arg_t        add_member;
00243     struct rsbac_acl_remove_member_arg_t     remove_member;
00244     struct rsbac_acl_get_user_groups_arg_t   get_user_groups;
00245     struct rsbac_acl_get_group_members_arg_t get_group_members;
00246   };
00247 
00248 #endif
Generated on Fri Jun 17 09:45:18 2005 for RSBAC by  doxygen 1.4.2