00001 /**************************************/ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2003: */ 00004 /* Amon Ott <ao@rsbac.org> */ 00005 /* Data structures / AUTH */ 00006 /* Last modified: 28/Oct/2004 */ 00007 /**************************************/ 00008 00009 #ifndef __RSBAC_AUTH_DATA_STRUC_H 00010 #define __RSBAC_AUTH_DATA_STRUC_H 00011 00012 #include <linux/types.h> 00013 #include <rsbac/aci.h> 00014 #include <rsbac/types.h> 00015 00016 /**********************************************/ 00017 /* Capability lists */ 00018 /**********************************************/ 00019 00020 #define RSBAC_AUTH_LIST_KEY 626281 00021 00022 #define RSBAC_AUTH_P_LIST_VERSION 1 00023 #define RSBAC_AUTH_P_LIST_NAME "authproc" 00024 #define RSBAC_AUTH_P_EFF_LIST_NAME "authproceff" 00025 #define RSBAC_AUTH_P_FS_LIST_NAME "authprocfs" 00026 #define RSBAC_AUTH_P_GROUP_LIST_NAME "authprocgr" 00027 #define RSBAC_AUTH_P_GROUP_EFF_LIST_NAME "authprocgreff" 00028 #define RSBAC_AUTH_P_GROUP_FS_LIST_NAME "authprocgrfs" 00029 00030 #define RSBAC_AUTH_FD_FILENAME "authfd." 00031 #define RSBAC_AUTH_FD_EFF_FILENAME "authfde." 00032 #define RSBAC_AUTH_FD_FS_FILENAME "authfdf." 00033 #define RSBAC_AUTH_FD_GROUP_FILENAME "authfg." 00034 #define RSBAC_AUTH_FD_GROUP_EFF_FILENAME "authfge." 00035 #define RSBAC_AUTH_FD_GROUP_FS_FILENAME "authfgf." 00036 #define RSBAC_AUTH_NR_CAP_FD_LISTS 4 00037 #define RSBAC_AUTH_NR_CAP_EFF_FD_LISTS 2 00038 #define RSBAC_AUTH_NR_CAP_FS_FD_LISTS 2 00039 #define RSBAC_AUTH_NR_CAP_GROUP_FD_LISTS 4 00040 #define RSBAC_AUTH_NR_CAP_GROUP_EFF_FD_LISTS 2 00041 #define RSBAC_AUTH_NR_CAP_GROUP_FS_FD_LISTS 2 00042 #define RSBAC_AUTH_FD_LIST_VERSION 1 00043 #define RSBAC_AUTH_FD_EFF_LIST_VERSION 1 00044 #define RSBAC_AUTH_FD_FS_LIST_VERSION 1 00045 #define RSBAC_AUTH_FD_GROUP_LIST_VERSION 1 00046 #define RSBAC_AUTH_FD_GROUP_EFF_LIST_VERSION 1 00047 #define RSBAC_AUTH_FD_GROUP_FS_LIST_VERSION 1 00048 00049 /* The list of devices is also a double linked list, so we define list */ 00050 /* items and a list head. */ 00051 00052 struct rsbac_auth_device_list_item_t 00053 { 00054 kdev_t id; /* set to 0 before deletion */ 00055 u_int mount_count; 00056 rsbac_list_handle_t handles[RSBAC_AUTH_NR_CAP_FD_LISTS]; 00057 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 00058 rsbac_list_handle_t eff_handles[RSBAC_AUTH_NR_CAP_EFF_FD_LISTS]; 00059 rsbac_list_handle_t fs_handles[RSBAC_AUTH_NR_CAP_FS_FD_LISTS]; 00060 #endif 00061 #ifdef CONFIG_RSBAC_AUTH_GROUP 00062 rsbac_list_handle_t group_handles[RSBAC_AUTH_NR_CAP_GROUP_FD_LISTS]; 00063 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER 00064 rsbac_list_handle_t group_eff_handles[RSBAC_AUTH_NR_CAP_GROUP_EFF_FD_LISTS]; 00065 rsbac_list_handle_t group_fs_handles[RSBAC_AUTH_NR_CAP_GROUP_FS_FD_LISTS]; 00066 #endif 00067 #endif 00068 struct rsbac_auth_device_list_item_t * prev; 00069 struct rsbac_auth_device_list_item_t * next; 00070 }; 00071 00072 /* To provide consistency we use spinlocks for all list accesses. The */ 00073 /* 'curr' entry is used to avoid repeated lookups for the same item. */ 00074 00075 struct rsbac_auth_device_list_head_t 00076 { 00077 struct rsbac_auth_device_list_item_t * head; 00078 struct rsbac_auth_device_list_item_t * tail; 00079 struct rsbac_auth_device_list_item_t * curr; 00080 rwlock_t lock; 00081 u_int count; 00082 }; 00083 00084 #endif
1.4.2