Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
daten / src / rsbac / linux-2.4.31-rsbac-v1.2.4 / rsbac / adf / auth

auth_main.c

Go to the documentation of this file.
00001 /**************************************************** */
00002 /* Rule Set Based Access Control                      */
00003 /* Implementation of the Access Control Decision      */
00004 /* Facility (ADF) - Authorization module              */
00005 /* File: rsbac/adf/auth/main.c                        */
00006 /*                                                    */
00007 /* Author and (c) 1999-2005: Amon Ott <ao@rsbac.org>  */
00008 /*                                                    */
00009 /* Last modified: 27/Jan/2005                         */
00010 /**************************************************** */
00011 
00012 #include <linux/string.h>
00013 #include <rsbac/types.h>
00014 #include <rsbac/aci.h>
00015 #include <rsbac/auth.h>
00016 #include <rsbac/adf_main.h>
00017 #include <rsbac/error.h>
00018 #include <rsbac/helpers.h>
00019 #include <rsbac/getname.h>
00020 #include <rsbac/debug.h>
00021 
00022 /************************************************* */
00023 /*           Global Variables                      */
00024 /************************************************* */
00025 
00026 /************************************************* */
00027 /*          Internal Help functions                */
00028 /************************************************* */
00029 
00030 static int  rsbac_replace_auth_cap(rsbac_pid_t caller_pid,
00031                                    enum rsbac_auth_cap_type_t cap_type,
00032                                    rsbac_uid_t from,
00033                                    rsbac_uid_t to)
00034   {
00035     if(rsbac_auth_p_capset_member(caller_pid, cap_type, from))
00036       {
00037         struct rsbac_auth_cap_range_t cap_range;
00038 
00039         /* remove it and set cap for 'to' */
00040         cap_range.first = to;
00041         cap_range.last  = to;
00042         if (rsbac_auth_add_to_p_capset(0, caller_pid, cap_type, cap_range, 0))
00043           {
00044             printk(KERN_WARNING
00045                    "rsbac_adf_set_attr_auth(): rsbac_auth_add_to_p_capset() returned error!\n");
00046             return(-RSBAC_EWRITEFAILED);
00047           }
00048         cap_range.first = from;
00049         cap_range.last  = from;
00050         if (rsbac_auth_remove_from_p_capset(0, caller_pid, cap_type, cap_range))
00051           {
00052             printk(KERN_WARNING
00053                    "rsbac_adf_set_attr_auth(): rsbac_auth_remove_from_p_capset() returned error!\n");
00054             return(-RSBAC_EWRITEFAILED);
00055           }
00056       }
00057     return 0; /* success */
00058   }
00059 
00060 /************************************************* */
00061 /*          Externally visible functions           */
00062 /************************************************* */
00063 
00064 enum rsbac_adf_req_ret_t
00065    rsbac_adf_request_auth (enum  rsbac_adf_request_t     request,
00066                                 rsbac_pid_t             caller_pid,
00067                           enum  rsbac_target_t          target,
00068                           union rsbac_target_id_t       tid,
00069                           enum  rsbac_attribute_t       attr,
00070                           union rsbac_attribute_value_t attr_val,
00071                                 rsbac_uid_t             owner)
00072   {
00073     enum  rsbac_adf_req_ret_t result = DO_NOT_CARE;
00074     union rsbac_attribute_value_t i_attr_val1;
00075     union rsbac_target_id_t       i_tid;
00076     #if defined(CONFIG_RSBAC_AUTH_AUTH_PROT) || defined(CONFIG_RSBAC_AUTH_UM_PROT)
00077     int err=0;
00078     #endif
00079 
00080     switch (request)
00081       {
00082 #if defined(CONFIG_RSBAC_AUTH_UM_PROT) || defined(CONFIG_RSBAC_AUTH_GROUP)
00083         case R_CHANGE_GROUP:
00084             switch(target)
00085               {
00086 #if defined(CONFIG_RSBAC_AUTH_UM_PROT)
00087                 case T_USER:
00088                 case T_GROUP:
00089                   /* Security Officer? */
00090                   i_tid.user = owner;
00091                   if (rsbac_get_attr(AUTH,
00092                                      T_USER,
00093                                      i_tid,
00094                                      A_auth_role,
00095                                      &i_attr_val1,
00096                                      TRUE))
00097                     {
00098                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_role);
00099                       return(NOT_GRANTED);
00100                     }
00101                   /* if sec_officer, then grant */
00102                   if (i_attr_val1.system_role == SR_security_officer)
00103                     return(GRANTED);
00104                   else
00105                     return(NOT_GRANTED);
00106 #endif /* AUTH_UM_PROT */
00107 
00108 #if defined(CONFIG_RSBAC_AUTH_GROUP)
00109                 case T_PROCESS:
00110                   if(attr != A_group)
00111                     return(UNDEFINED);
00112                   /* check auth_may_setuid of process */
00113                   if (rsbac_get_attr(AUTH,
00114                                      T_PROCESS,
00115                                      tid,
00116                                      A_auth_may_setuid,
00117                                      &i_attr_val1,
00118                                      FALSE))
00119                     {
00120                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_may_setuid);
00121                       return(NOT_GRANTED);
00122                     }
00123                   /* if auth_may_setuid is full or and_gid, then grant */
00124                   if(   (i_attr_val1.auth_may_setuid == AMS_full)
00125                      || (i_attr_val1.auth_may_setuid == AMS_last_auth_and_gid)
00126                     )
00127                     return(GRANTED);
00128 
00129                   /* check, if the target uid is in capset, grant, if yes, deny, if not. */
00130                   if(rsbac_auth_p_capset_member(caller_pid, ACT_group_real, attr_val.group))
00131                     return(GRANTED);
00132                   else
00133                     return(NOT_GRANTED);
00134 #endif /* AUTH_GROUP */
00135 
00136                 /* We do not care about */
00137                 /* all other cases */
00138                 default:
00139                   return(DO_NOT_CARE);
00140               }
00141 #endif /* AUTH_UM_PROT || AUTH_GROUP */
00142 
00143 #if defined(CONFIG_RSBAC_AUTH_UM_PROT)
00144         case R_CREATE:
00145         case R_DELETE:
00146         case R_GET_PERMISSIONS_DATA:
00147         case R_RENAME:
00148         case R_WRITE:
00149             switch(target)
00150               {
00151                 case T_USER:
00152                 case T_GROUP:
00153                   /* Security Officer? */
00154                   i_tid.user = owner;
00155                   if (rsbac_get_attr(AUTH,
00156                                      T_USER,
00157                                      i_tid,
00158                                      A_auth_role,
00159                                      &i_attr_val1,
00160                                      TRUE))
00161                     {
00162                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_role);
00163                       return(NOT_GRANTED);
00164                     }
00165                   /* if sec_officer, then grant */
00166                   if (i_attr_val1.system_role == SR_security_officer)
00167                     return(GRANTED);
00168                   else
00169                     return(NOT_GRANTED);
00170                 /* We do not care about */
00171                 /* all other cases */
00172                 default: return(DO_NOT_CARE);
00173               }
00174 #endif
00175 
00176         case R_CHANGE_OWNER:
00177             switch(target)
00178               {
00179                 case T_PROCESS:
00180                   if(attr != A_owner)
00181                     return(UNDEFINED);
00182                   /* check auth_may_setuid of process */
00183                   if (rsbac_get_attr(AUTH,
00184                                      T_PROCESS,
00185                                      tid,
00186                                      A_auth_may_setuid,
00187                                      &i_attr_val1,
00188                                      FALSE))
00189                     {
00190                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_may_setuid);
00191                       return(NOT_GRANTED);
00192                     }
00193                   switch(i_attr_val1.auth_may_setuid)
00194                     {
00195                       case AMS_off:
00196                         break;
00197                       case AMS_full:
00198                         return(GRANTED);
00199                       case AMS_last_auth_only:
00200                       case AMS_last_auth_and_gid:
00201                         if(attr_val.owner == RSBAC_NO_USER)
00202                           return NOT_GRANTED;
00203                         if (rsbac_get_attr(AUTH,
00204                                            T_PROCESS,
00205                                            tid,
00206                                            A_auth_last_auth,
00207                                            &i_attr_val1,
00208                                            FALSE))
00209                           {
00210                             rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_last_auth);
00211                             return(NOT_GRANTED);
00212                           }
00213                         if(i_attr_val1.auth_last_auth == attr_val.owner)
00214                           return GRANTED;
00215                         break;
00216 
00217                       default:
00218 #ifdef CONFIG_RSBAC_RMSG
00219                         rsbac_printk(KERN_INFO
00220                                      "rsbac_adf_request_auth(): auth_may_setuid of process %u has an invalid value!\n",
00221                                      tid.process);
00222 #endif
00223 #ifndef CONFIG_RSBAC_RMSG_EXCL
00224                         printk(KERN_INFO
00225                                "rsbac_adf_request_auth(): auth_may_setuid of process %u has an invalid value!\n",
00226                                tid.process);
00227 #endif
00228                         return NOT_GRANTED;
00229                     }
00230                   /* check, if the target uid is in capset, grant, if yes, deny, if not. */
00231                   if(rsbac_auth_p_capset_member(caller_pid, ACT_real, attr_val.owner))
00232                     return(GRANTED);
00233                   else
00234                     return(NOT_GRANTED);
00235 
00236                 /* all other cases are not checked */
00237                 default:
00238                   return(DO_NOT_CARE);
00239               }
00240 
00241 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
00242         case R_CHANGE_DAC_EFF_OWNER:
00243             switch(target)
00244               {
00245                 case T_PROCESS:
00246                   if(attr != A_owner)
00247                     return(UNDEFINED);
00248                   if(attr_val.owner == owner)
00249                     return DO_NOT_CARE;
00250                   /* check auth_may_setuid of process */
00251                   if (rsbac_get_attr(AUTH,
00252                                      T_PROCESS,
00253                                      tid,
00254                                      A_auth_may_setuid,
00255                                      &i_attr_val1,
00256                                      FALSE))
00257                     {
00258                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_may_setuid);
00259                       return(NOT_GRANTED);
00260                     }
00261                   switch(i_attr_val1.auth_may_setuid)
00262                     {
00263                       case AMS_off:
00264                         break;
00265                       case AMS_full:
00266                         return(GRANTED);
00267                       case AMS_last_auth_only:
00268                       case AMS_last_auth_and_gid:
00269                         if(attr_val.owner == RSBAC_NO_USER)
00270                           return NOT_GRANTED;
00271                         if (rsbac_get_attr(AUTH,
00272                                            T_PROCESS,
00273                                            tid,
00274                                            A_auth_last_auth,
00275                                            &i_attr_val1,
00276                                            FALSE))
00277                           {
00278                             rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_last_auth);
00279                             return(NOT_GRANTED);
00280                           }
00281                         if(i_attr_val1.auth_last_auth == attr_val.owner)
00282                           return GRANTED;
00283                         break;
00284 
00285                       default:
00286 #ifdef CONFIG_RSBAC_RMSG
00287                         rsbac_printk(KERN_INFO
00288                                      "rsbac_adf_request_auth(): auth_may_setuid of process %u has an invalid value!\n",
00289                                      tid.process);
00290 #endif
00291 #ifndef CONFIG_RSBAC_RMSG_EXCL
00292                         printk(KERN_INFO
00293                                "rsbac_adf_request_auth(): auth_may_setuid of process %u has an invalid value!\n",
00294                                tid.process);
00295 #endif
00296                         return NOT_GRANTED;
00297                     }
00298                   /* check, if the target uid is in capset, grant, if yes, deny, if not. */
00299                   if(rsbac_auth_p_capset_member(caller_pid, ACT_eff, attr_val.owner))
00300                     return(GRANTED);
00301                   else
00302                     return(NOT_GRANTED);
00303 
00304                 /* all other cases are not checked */
00305                 default:
00306                   return(DO_NOT_CARE);
00307               }
00308         case R_CHANGE_DAC_FS_OWNER:
00309             switch(target)
00310               {
00311                 case T_PROCESS:
00312                   if(attr != A_owner)
00313                     return(UNDEFINED);
00314                   if(attr_val.owner == owner)
00315                     return DO_NOT_CARE;
00316                   /* check auth_may_setuid of process */
00317                   if (rsbac_get_attr(AUTH,
00318                                      T_PROCESS,
00319                                      tid,
00320                                      A_auth_may_setuid,
00321                                      &i_attr_val1,
00322                                      FALSE))
00323                     {
00324                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_may_setuid);
00325                       return(NOT_GRANTED);
00326                     }
00327                   switch(i_attr_val1.auth_may_setuid)
00328                     {
00329                       case AMS_off:
00330                         break;
00331                       case AMS_full:
00332                         return(GRANTED);
00333                       case AMS_last_auth_only:
00334                       case AMS_last_auth_and_gid:
00335                         if(attr_val.owner == RSBAC_NO_USER)
00336                           return NOT_GRANTED;
00337                         if (rsbac_get_attr(AUTH,
00338                                            T_PROCESS,
00339                                            tid,
00340                                            A_auth_last_auth,
00341                                            &i_attr_val1,
00342                                            FALSE))
00343                           {
00344                             rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_last_auth);
00345                             return(NOT_GRANTED);
00346                           }
00347                         if(i_attr_val1.auth_last_auth == attr_val.owner)
00348                           return GRANTED;
00349                         break;
00350 
00351                       default:
00352 #ifdef CONFIG_RSBAC_RMSG
00353                         rsbac_printk(KERN_INFO
00354                                      "rsbac_adf_request_auth(): auth_may_setuid of process %u has an invalid value!\n",
00355                                      tid.process);
00356 #endif
00357 #ifndef CONFIG_RSBAC_RMSG_EXCL
00358                         printk(KERN_INFO
00359                                "rsbac_adf_request_auth(): auth_may_setuid of process %u has an invalid value!\n",
00360                                tid.process);
00361 #endif
00362                         return NOT_GRANTED;
00363                     }
00364                   /* check, if the target uid is in capset, grant, if yes, deny, if not. */
00365                   if(rsbac_auth_p_capset_member(caller_pid, ACT_fs, attr_val.owner))
00366                     return(GRANTED);
00367                   else
00368                     return(NOT_GRANTED);
00369 
00370                 /* all other cases are not checked */
00371                 default:
00372                   return(DO_NOT_CARE);
00373               }
00374 #endif
00375 
00376 #ifdef CONFIG_RSBAC_AUTH_GROUP
00377 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
00378         case R_CHANGE_DAC_EFF_GROUP:
00379             switch(target)
00380               {
00381                 case T_PROCESS:
00382                   if(attr != A_group)
00383                     return(UNDEFINED);
00384                   if(attr_val.group == current->gid)
00385                     return DO_NOT_CARE;
00386                   /* check auth_may_setuid of process */
00387                   if (rsbac_get_attr(AUTH,
00388                                      T_PROCESS,
00389                                      tid,
00390                                      A_auth_may_setuid,
00391                                      &i_attr_val1,
00392                                      FALSE))
00393                     {
00394                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_may_setuid);
00395                       return(NOT_GRANTED);
00396                     }
00397                   /* if auth_may_setuid is set, then grant */
00398                   if(   (i_attr_val1.auth_may_setuid == AMS_full)
00399                      || (i_attr_val1.auth_may_setuid == AMS_last_auth_and_gid)
00400                     )
00401                     return(GRANTED);
00402 
00403                   /* check, if the target uid is in capset, grant, if yes, deny, if not. */
00404                   if(rsbac_auth_p_capset_member(caller_pid, ACT_group_eff, attr_val.group))
00405                     return(GRANTED);
00406                   else
00407                     return(NOT_GRANTED);
00408 
00409                 /* all other cases are not checked */
00410                 default:
00411                   return(DO_NOT_CARE);
00412               }
00413         case R_CHANGE_DAC_FS_GROUP:
00414             switch(target)
00415               {
00416                 case T_PROCESS:
00417                   if(attr != A_group)
00418                     return(UNDEFINED);
00419                   if(attr_val.group == current->gid)
00420                     return DO_NOT_CARE;
00421                   /* check auth_may_setuid of process */
00422                   if (rsbac_get_attr(AUTH,
00423                                      T_PROCESS,
00424                                      tid,
00425                                      A_auth_may_setuid,
00426                                      &i_attr_val1,
00427                                      FALSE))
00428                     {
00429                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_may_setuid);
00430                       return(NOT_GRANTED);
00431                     }
00432                   /* if auth_may_setuid is set, then grant */
00433                   if(   (i_attr_val1.auth_may_setuid == AMS_full)
00434                      || (i_attr_val1.auth_may_setuid == AMS_last_auth_and_gid)
00435                     )
00436                     return(GRANTED);
00437 
00438                   /* check, if the target uid is in capset, grant, if yes, deny, if not. */
00439                   if(rsbac_auth_p_capset_member(caller_pid, ACT_group_fs, attr_val.group))
00440                     return(GRANTED);
00441                   else
00442                     return(NOT_GRANTED);
00443 
00444                 /* all other cases are not checked */
00445                 default:
00446                   return(DO_NOT_CARE);
00447               }
00448 #endif
00449 #endif /* AUTH_GROUP */
00450 
00451         case R_MODIFY_ATTRIBUTE:
00452             switch(attr)
00453               {
00454                 /* Only protect itself, if asked to by configuration */
00455                 #ifdef CONFIG_RSBAC_AUTH_AUTH_PROT
00456                 case A_system_role:
00457                 case A_auth_role:
00458                 case A_auth_may_setuid:
00459                 case A_auth_may_set_cap:
00460                 case A_auth_start_uid:
00461                 case A_auth_learn:
00462                 case A_auth_program_file:
00463                 case A_auth_add_f_cap:
00464                 case A_auth_remove_f_cap:
00465                 /* All attributes (remove target!) */
00466                 case A_none:
00467                   /* Security Officer? */
00468                   i_tid.user = owner;
00469                   if (rsbac_get_attr(AUTH,
00470                                      T_USER,
00471                                      i_tid,
00472                                      A_auth_role,
00473                                      &i_attr_val1,
00474                                      TRUE))
00475                     {
00476                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_role);
00477                       return(NOT_GRANTED);
00478                     }
00479                   /* if sec_officer, then grant */
00480                   if (i_attr_val1.system_role == SR_security_officer)
00481                     return(GRANTED);
00482                   else
00483                     return(NOT_GRANTED);
00484                 #endif
00485 
00486                 case A_auth_last_auth:
00487                   if(target != T_PROCESS)
00488                     return DO_NOT_CARE;
00489                   /* check auth_may_set_cap of calling process */
00490                   i_tid.process = current->pid;
00491                   if (rsbac_get_attr(AUTH,
00492                                      T_PROCESS,
00493                                      i_tid,
00494                                      A_auth_may_set_cap,
00495                                      &i_attr_val1,
00496                                      FALSE))
00497                     {
00498                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_may_set_cap);
00499                       return(-RSBAC_EREADFAILED);
00500                     }
00501                   /* if auth_may_set_cap is not set, then reject */
00502                   if (!i_attr_val1.auth_may_set_cap)
00503                     {
00504 #ifdef CONFIG_RSBAC_RMSG
00505                       rsbac_printk(KERN_INFO
00506                                    "rsbac_adf_request_auth(): changing auth_last_auth of process %u to %u denied for process %u!\n",
00507                                    tid.process,
00508                                    attr_val.auth_last_auth,
00509                                    current->pid);
00510 #endif
00511 #ifndef CONFIG_RSBAC_RMSG_EXCL
00512                       printk(KERN_INFO
00513                              "rsbac_adf_request_auth(): changing auth_last_auth of process %u to %u denied for process %u!\n",
00514                              tid.process,
00515                              attr_val.auth_last_auth,
00516                              current->pid);
00517 #endif
00518                       return NOT_GRANTED;
00519                     }
00520 
00521                 default:
00522                   return(DO_NOT_CARE);
00523               }
00524 
00525 /* Only protect itself, if asked to by configuration */
00526 #ifdef CONFIG_RSBAC_AUTH_AUTH_PROT
00527         case R_GET_STATUS_DATA:
00528             switch(target)
00529               {
00530                 case T_SCD:
00531                   /* target rsbaclog? only for secoff */
00532                   if (tid.scd != ST_rsbaclog)
00533                     return(GRANTED);
00534                   /* Secoff or Auditor? */
00535                   i_tid.user = owner;
00536                   if ((err=rsbac_get_attr(AUTH,
00537                                      T_USER,
00538                                      i_tid,
00539                                      A_auth_role,
00540                                      &i_attr_val1,
00541                                      TRUE)))
00542                     {
00543                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_role);
00544                       return(NOT_GRANTED);
00545                     }
00546                   /* grant only for secoff */
00547                   if (   (i_attr_val1.system_role == SR_security_officer)
00548                       || (i_attr_val1.system_role == SR_auditor)
00549                      )
00550                     return(GRANTED);
00551                   else
00552                     return(NOT_GRANTED);
00553 
00554                 default:
00555                   return(DO_NOT_CARE);
00556                };
00557 
00558         case R_MODIFY_PERMISSIONS_DATA:
00559             switch(target)
00560               {
00561                 case T_SCD:
00562                   #ifdef CONFIG_RSBAC_USER_MOD_IOPERM
00563                   if(tid.scd == ST_ioports)
00564                     return GRANTED;
00565                   #endif
00566                   /* fall through */
00567                 #if defined(CONFIG_RSBAC_AUTH_UM_PROT)
00568                 case T_USER:
00569                 case T_GROUP:
00570                 #endif
00571                   /* Security Officer? */
00572                   i_tid.user = owner;
00573                   if (rsbac_get_attr(AUTH,
00574                                      T_USER,
00575                                      i_tid,
00576                                      A_auth_role,
00577                                      &i_attr_val1,
00578                                      TRUE))
00579                     {
00580                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_role);
00581                       return(NOT_GRANTED);
00582                     }
00583                   /* if sec_officer, then grant */
00584                   if (i_attr_val1.system_role == SR_security_officer)
00585                     return(GRANTED);
00586                   /* For booting: if administrator and ioports, then grant */
00587                   if (
00588                       #if defined(CONFIG_RSBAC_AUTH_UM_PROT)
00589                          (target == T_SCD) &&
00590                       #endif
00591                          (i_attr_val1.system_role == SR_administrator)
00592                       && (tid.scd == ST_ioports) )
00593                     return(GRANTED);
00594                   else
00595                     return(NOT_GRANTED);
00596                   
00597 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
00598                 /* switching Linux DAC */
00599                 case T_NONE:
00600                   /* Security Officer? */
00601                   i_tid.user = owner;
00602                   if (rsbac_get_attr(AUTH,
00603                                      T_USER,
00604                                      i_tid,
00605                                      A_auth_role,
00606                                      &i_attr_val1,
00607                                      TRUE))
00608                     {
00609                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_role);
00610                       return(NOT_GRANTED);
00611                     }
00612                   /* if sec_officer, then grant */
00613                   if (i_attr_val1.system_role == SR_security_officer)
00614                     return(GRANTED);
00615                   else
00616                     return(NOT_GRANTED);
00617 #endif
00618 
00619                 /* all other cases are not checked */
00620                 default: return(DO_NOT_CARE);
00621               }
00622 
00623         case R_MODIFY_SYSTEM_DATA:
00624             switch(target)
00625               {
00626                 case T_SCD:
00627                   /* target not rsbaclog? no problem -> grant */
00628                   if (tid.scd != ST_rsbaclog)
00629                     return(GRANTED);
00630                   /* Get role */
00631                   i_tid.user = owner;
00632                   if (rsbac_get_attr(AUTH,
00633                                      T_USER,
00634                                      i_tid,
00635                                      A_auth_role,
00636                                      &i_attr_val1,
00637                                      TRUE))
00638                     {
00639                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_role);
00640                       return(NOT_GRANTED);
00641                     }
00642                   /* grant only for secoff and auditor */
00643                   if (   (i_attr_val1.system_role == SR_security_officer)
00644                       || (i_attr_val1.system_role == SR_auditor)
00645                      )
00646                     return(GRANTED);
00647                   else
00648                     return(NOT_GRANTED);
00649                   
00650                 /* all other cases are not checked */
00651                 default: return(DO_NOT_CARE);
00652               }
00653 
00654         case R_SWITCH_LOG:
00655             switch(target)
00656               {
00657                 case T_NONE:
00658                   /* test owner's auth_role */
00659                   i_tid.user = owner;
00660                   if (rsbac_get_attr(AUTH,
00661                                      T_USER,
00662                                      i_tid,
00663                                      A_auth_role,
00664                                      &i_attr_val1,
00665                                      TRUE))
00666                     {
00667                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_role);
00668                       return(NOT_GRANTED);
00669                     }
00670                   /* security officer? -> grant  */
00671                   if (i_attr_val1.system_role == SR_security_officer)
00672                     return(GRANTED);
00673                   else
00674                     return(NOT_GRANTED);
00675 
00676                 /* all other cases are not checked */
00677                 default: return(DO_NOT_CARE);
00678               }
00679 
00680         case R_SWITCH_MODULE:
00681             switch(target)
00682               {
00683                 case T_NONE:
00684                   /* we need the switch_target */
00685                   if(attr != A_switch_target)
00686                     return(UNDEFINED);
00687                   /* do not care for other modules */
00688                   if(   (attr_val.switch_target != AUTH)
00689                      #ifdef CONFIG_RSBAC_SOFTMODE
00690                      && (attr_val.switch_target != SOFTMODE)
00691                      #endif
00692                      #ifdef CONFIG_RSBAC_FREEZE
00693                      && (attr_val.switch_target != FREEZE)
00694                      #endif
00695                     )
00696                     return(DO_NOT_CARE);
00697                   /* test owner's auth_role */
00698                   i_tid.user = owner;
00699                   if (rsbac_get_attr(AUTH,
00700                                      T_USER,
00701                                      i_tid,
00702                                      A_auth_role,
00703                                      &i_attr_val1,
00704                                      TRUE))
00705                     {
00706                       rsbac_ds_get_error("rsbac_adf_request_auth()", A_auth_role);
00707                       return(NOT_GRANTED);
00708                     }
00709                   /* security officer? -> grant  */
00710                   if (i_attr_val1.system_role == SR_security_officer)
00711                     return(GRANTED);
00712                   else
00713                     return(NOT_GRANTED);
00714 
00715                 /* all other cases are not checked */
00716                 default: return(DO_NOT_CARE);
00717               }
00718 #endif
00719 
00720 /*********************/
00721         default: return DO_NOT_CARE;
00722       }
00723 
00724     return(result);
00725   }; /* end of rsbac_adf_request_auth() */
00726 
00727 
00728 /*****************************************************************************/
00729 /* If the request returned granted and the operation is performed,           */
00730 /* the following function can be called by the AEF to get all aci set        */
00731 /* correctly. For write accesses that are performed fully within the kernel, */
00732 /* this is usually not done to prevent extra calls, including R_CLOSE for    */
00733 /* cleaning up.                                                              */
00734 /* The second instance of target specification is the new target, if one has */
00735 /* been created, otherwise its values are ignored.                           */
00736 /* On success, 0 is returned, and an error from rsbac/error.h otherwise.     */
00737 
00738 int  rsbac_adf_set_attr_auth(
00739                       enum  rsbac_adf_request_t     request,
00740                             rsbac_pid_t             caller_pid,
00741                       enum  rsbac_target_t          target,
00742                       union rsbac_target_id_t       tid,
00743                       enum  rsbac_target_t          new_target,
00744                       union rsbac_target_id_t       new_tid,
00745                       enum  rsbac_attribute_t       attr,
00746                       union rsbac_attribute_value_t attr_val,
00747                             rsbac_uid_t             owner)
00748   {
00749     int error;
00750     union rsbac_target_id_t       i_tid;
00751     union rsbac_attribute_value_t i_attr_val1;
00752     union rsbac_attribute_value_t i_attr_val2;
00753     #if defined(CONFIG_RSBAC_AUTH_LEARN)
00754     union rsbac_attribute_value_t i_attr_val3;
00755     union rsbac_attribute_value_t i_attr_val4;
00756     union rsbac_attribute_value_t i_attr_val5;
00757     #endif
00758 
00759     switch (request)
00760       {
00761         case R_CLONE:
00762             if (target == T_PROCESS)
00763               {
00764                 /* Get auth_may_setuid from first process */
00765                 if (rsbac_get_attr(AUTH,
00766                                    T_PROCESS,
00767                                    tid,
00768                                    A_auth_may_setuid,
00769                                    &i_attr_val1,
00770                                    FALSE))
00771                   {
00772                     rsbac_ds_get_error("rsbac_adf_set_attr_auth()", A_auth_may_setuid);
00773                     return(-RSBAC_EREADFAILED);
00774                   }
00775                 /* Get auth_may_set_cap from first process */
00776                 if (rsbac_get_attr(AUTH,
00777                                    T_PROCESS,
00778                                    tid,
00779                                    A_auth_may_set_cap,
00780                                    &i_attr_val2,
00781                                    FALSE))
00782                   {
00783                     rsbac_ds_get_error("rsbac_adf_set_attr_auth()", A_auth_may_set_cap);
00784                     return(-RSBAC_EREADFAILED);
00785                   }
00786                 #if defined(CONFIG_RSBAC_AUTH_LEARN)
00787                 if (rsbac_get_attr(AUTH,
00788                                    T_PROCESS,
00789                                    tid,
00790                                    A_auth_program_file,
00791                                    &i_attr_val3,
00792                                    FALSE))
00793                   {
00794                     rsbac_ds_get_error("rsbac_adf_set_attr_auth()", A_auth_program_file);
00795                     return(-RSBAC_EREADFAILED);
00796                   }
00797                 if (rsbac_get_attr(AUTH,
00798                                    T_PROCESS,
00799                                    tid,
00800                                    A_auth_start_uid,
00801                                    &i_attr_val4,
00802                                    FALSE))
00803                   {
00804                     rsbac_ds_get_error("rsbac_adf_set_attr_auth()", A_auth_start_uid);
00805                     return(-RSBAC_EREADFAILED);
00806                   }
00807                 if (rsbac_get_attr(AUTH,
00808                                    T_PROCESS,
00809                                    tid,
00810                                    A_auth_learn,
00811                                    &i_attr_val5,
00812                                    FALSE))
00813                   {
00814                     rsbac_ds_get_error("rsbac_adf_set_attr_auth()", A_auth_learn);
00815                     return(-RSBAC_EREADFAILED);
00816                   }
00817                 #endif
00818                 /* Set auth_may_setuid for new process */
00819                 if (rsbac_set_attr(AUTH,
00820                                    T_PROCESS,
00821                                    new_tid,
00822                                    A_auth_may_setuid,
00823                                    i_attr_val1))
00824                   {
00825                     rsbac_ds_set_error("rsbac_adf_set_attr_auth()", A_auth_may_setuid);
00826                     return(-RSBAC_EWRITEFAILED);
00827                   }
00828                 /* Set auth_may_set_cap for new process */
00829                 if (rsbac_set_attr(AUTH,
00830                                    T_PROCESS,
00831                                    new_tid,
00832                                    A_auth_may_set_cap,
00833                                    i_attr_val2))
00834                   {
00835                     rsbac_ds_set_error("rsbac_adf_set_attr_auth()", A_auth_may_set_cap);
00836                     return(-RSBAC_EWRITEFAILED);
00837                   }
00838                 #if defined(CONFIG_RSBAC_AUTH_LEARN)
00839                 if (rsbac_set_attr(AUTH,
00840                                    T_PROCESS,
00841                                    new_tid,
00842                                    A_auth_program_file,
00843                                    i_attr_val3))
00844                   {
00845                     rsbac_ds_set_error("rsbac_adf_set_attr_auth()", A_auth_program_file);
00846                     return(-RSBAC_EWRITEFAILED);
00847                   }
00848                 if (rsbac_set_attr(AUTH,
00849                                    T_PROCESS,
00850                                    new_tid,
00851                                    A_auth_start_uid,
00852                                    i_attr_val4))
00853                   {
00854                     rsbac_ds_set_error("rsbac_adf_set_attr_auth()", A_auth_start_uid);
00855                     return(-RSBAC_EWRITEFAILED);
00856                   }
00857                 if (rsbac_set_attr(AUTH,
00858                                    T_PROCESS,
00859                                    new_tid,
00860                                    A_auth_learn,
00861                                    i_attr_val5))
00862                   {
00863                     rsbac_ds_set_error("rsbac_adf_set_attr_auth()", A_auth_learn);
00864                     return(-RSBAC_EWRITEFAILED);
00865                   }
00866                 #endif
00867                 /* copy capability list */
00868                 if(rsbac_auth_copy_pp_capset(tid.process,new_tid.process))
00869                   {
00870 #ifdef CONFIG_RSBAC_RMSG
00871                     rsbac_printk(KERN_WARNING
00872                            "rsbac_adf_set_attr_auth(): rsbac_auth_copy_pp_capset() returned error!\n");
00873 #endif
00874 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00875                     if (!rsbac_nosyslog)
00876 #endif
00877                     printk(KERN_WARNING
00878                            "rsbac_adf_set_attr_auth(): rsbac_auth_copy_pp_capset() returned error!\n");
00879                     return(-RSBAC_EWRITEFAILED);
00880                   }
00881                 return(0);
00882               }
00883             else
00884               return(0);
00885 
00886         case R_EXECUTE:
00887             switch(target)
00888               {
00889                 case T_FILE:
00890                   /* reset auth_may_setuid and auth_may_set_cap for process */
00891                   i_tid.process = caller_pid;
00892                   /* First, set auth_may_setuid to program file's auth_may_setuid */
00893                   if (rsbac_get_attr(AUTH,
00894                                      T_FILE,
00895                                      tid,
00896                                      A_auth_may_setuid,
00897                                      &i_attr_val1,
00898                                      TRUE))
00899                     {
00900                       rsbac_ds_get_error("rsbac_adf_set_attr_auth()", A_auth_may_setuid);
00901                       return(-RSBAC_EREADFAILED);
00902                     }
00903                   if (rsbac_set_attr(AUTH,
00904                                      T_PROCESS,
00905                                      i_tid,
00906                                      A_auth_may_setuid,
00907                                      i_attr_val1))
00908                     {
00909                       rsbac_ds_set_error("rsbac_adf_set_attr_auth()", A_auth_may_setuid);
00910                       return(-RSBAC_EWRITEFAILED);
00911                     }
00912                   /* Next, set auth_may_set_cap to program file's auth_may_set_cap */
00913                   if (rsbac_get_attr(AUTH,
00914                                      T_FILE,
00915                                      tid,
00916                                      A_auth_may_set_cap,
00917                                      &i_attr_val1,
00918                                      FALSE))
00919                     {
00920                       rsbac_ds_get_error("rsbac_adf_set_attr_auth()", A_auth_may_set_cap);
00921                       return(-RSBAC_EREADFAILED);
00922                     }
00923                   if (rsbac_set_attr(AUTH,
00924                                      T_PROCESS,
00925                                      i_tid,
00926                                      A_auth_may_set_cap,
00927                                      i_attr_val1))
00928                     {
00929                       rsbac_ds_set_error("rsbac_adf_set_attr_auth()", A_auth_may_set_cap);
00930                       return(-RSBAC_EWRITEFAILED);
00931                     }
00932                   /* reset auth_last_auth for process */
00933                   i_attr_val1.auth_last_auth = RSBAC_NO_USER;
00934                   if (rsbac_set_attr(AUTH,
00935                                      T_PROCESS,
00936                                      i_tid,
00937                                      A_auth_last_auth,
00938                                      i_attr_val1))
00939                     {
00940                       rsbac_ds_set_error("rsbac_adf_set_attr_auth()", A_auth_last_auth);
00941                     }
00942 
00943                   /* copy file capability list from file to process */
00944                   if (rsbac_auth_copy_fp_capset(tid.file, caller_pid))
00945                     {
00946 #ifdef CONFIG_RSBAC_RMSG
00947                       rsbac_printk(KERN_WARNING
00948                              "rsbac_adf_set_attr_auth(): rsbac_auth_copy_fp_capset() returned error!\n");
00949 #endif
00950 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00951                       if (!rsbac_nosyslog)
00952 #endif
00953                       printk(KERN_WARNING
00954                              "rsbac_adf_set_attr_auth(): rsbac_auth_copy_fp_capset() returned error!\n");
00955                       return(-RSBAC_EWRITEFAILED);
00956                     }
00957                   /* replace RSBAC_AUTH_OWNER_F_CAP by current owner */
00958                   error = rsbac_replace_auth_cap(caller_pid,
00959                                                  ACT_real,
00960                                                  RSBAC_AUTH_OWNER_F_CAP,
00961                                                  owner);
00962                   if(error)
00963                     return error;
00964                   #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
00965                   error = rsbac_replace_auth_cap(caller_pid,
00966                                                  ACT_eff,
00967                                                  RSBAC_AUTH_OWNER_F_CAP,
00968                                                  owner);
00969                   if(error)
00970                     return error;
00971                   error = rsbac_replace_auth_cap(caller_pid,
00972                                                  ACT_eff,
00973                                                  RSBAC_AUTH_DAC_OWNER_F_CAP,
00974                                                  current->euid);
00975                   if(error)
00976                     return error;
00977                   error = rsbac_replace_auth_cap(caller_pid,
00978                                                  ACT_fs,
00979                                                  RSBAC_AUTH_OWNER_F_CAP,
00980                                                  owner);
00981                   if(error)
00982                     return error;
00983                   error = rsbac_replace_auth_cap(caller_pid,
00984                                                  ACT_fs,
00985                                                  RSBAC_AUTH_DAC_OWNER_F_CAP,
00986                                                  current->fsuid);
00987                   if(error)
00988                     return error;
00989                   #endif
00990                   #if defined(CONFIG_RSBAC_AUTH_LEARN)
00991                   /* Set auth_learn to program file's auth_learn */
00992                   if (rsbac_get_attr(AUTH,
00993                                      T_FILE,
00994                                      tid,
00995                                      A_auth_learn,
00996                                      &i_attr_val1,
00997                                      TRUE))
00998                     {
00999                       rsbac_ds_get_error("rsbac_adf_set_attr_auth()", A_auth_learn);
01000                       return(-RSBAC_EREADFAILED);
01001                     }
01002                   if (rsbac_set_attr(AUTH,
01003                                      T_PROCESS,
01004                                      i_tid,
01005                                      A_auth_learn,
01006                                      i_attr_val1))
01007                     {
01008                       rsbac_ds_set_error("rsbac_adf_set_attr_auth()", A_auth_learn);
01009                       return(-RSBAC_EWRITEFAILED);
01010                     }
01011                   /* remember executed file */
01012                   i_attr_val1.auth_program_file = tid.file;
01013                   if (rsbac_set_attr(AUTH,
01014                                      T_PROCESS,
01015                                      i_tid,
01016                                      A_auth_program_file,
01017                                      i_attr_val1))
01018                     {
01019                       rsbac_ds_set_error("rsbac_adf_set_attr_auth()", A_auth_program_file);
01020                       return(-RSBAC_EWRITEFAILED);
01021                     }
01022                   /* remember caller */
01023                   i_attr_val1.auth_start_uid = owner;
01024                   if (rsbac_set_attr(AUTH,
01025                                      T_PROCESS,
01026                                      i_tid,
01027                                      A_auth_start_uid,
01028                                      i_attr_val1))
01029                     {
01030                       rsbac_ds_set_error("rsbac_adf_set_attr_auth()", A_auth_start_uid);
01031                       return(-RSBAC_EWRITEFAILED);
01032                     }
01033                   #endif
01034                   return(0);
01035 
01036                 /* all other cases are unknown */
01037                 default:
01038                   return(0);
01039               }
01040 
01041 /* Only protect itself, if asked to by configuration */
01042 #ifdef CONFIG_RSBAC_AUTH_AUTH_PROT
01043         /* remove all file capabilities on all changing requests to files */
01044         case R_APPEND_OPEN:
01045         case R_CHANGE_GROUP:
01046         case R_DELETE:
01047         case R_LINK_HARD:
01048         case R_MODIFY_ACCESS_DATA:
01049         case R_READ_WRITE_OPEN:
01050         case R_RENAME:
01051         case R_TRUNCATE:
01052         case R_WRITE_OPEN:
01053             switch(target)
01054               {
01055                 case T_FILE:
01056                   /* remove cap set */
01057                   if(rsbac_auth_remove_f_capsets(tid.file))
01058                     {
01059 #ifdef CONFIG_RSBAC_RMSG
01060                       rsbac_printk(KERN_WARNING
01061                              "rsbac_adf_set_attr_auth(): rsbac_auth_remove_f_capsets() returned error!\n");
01062 #endif
01063 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01064                       if (!rsbac_nosyslog)
01065 #endif
01066                       printk(KERN_WARNING
01067                              "rsbac_adf_set_attr_auth(): rsbac_auth_remove_f_capsets() returned error!\n");
01068                       return(-RSBAC_EWRITEFAILED);
01069                     }
01070                   return(0);
01071 
01072                 /* all other cases are not handled */
01073                 default: return(0);
01074               }
01075 #endif
01076 
01077 /*********************/
01078         default: return(0);
01079       }
01080 
01081     return(0);
01082   }; /* end of rsbac_adf_set_attr_auth() */
01083 
01084 /* end of rsbac/adf/auth/main.c */
Generated on Fri Jun 17 09:45:19 2005 for RSBAC by  doxygen 1.4.2