Main Page | Alphabetical List | Data Structures | Directories | File List | Data Fields | Globals | Search for 
daten / src / rsbac / linux-2.4.31-rsbac-v1.2.4 / include / rsbac

acl.h

Go to the documentation of this file.
00001 /************************************ */
00002 /* Rule Set Based Access Control      */
00003 /* Author and (c) 1999-2005: Amon Ott */
00004 /* API: Data structures               */
00005 /* and functions for Access           */
00006 /* Control Information / ACL          */
00007 /* Last modified: 09/Feb/2005         */
00008 /************************************ */
00009 
00010 #ifndef __RSBAC_ACL_H
00011 #define __RSBAC_ACL_H
00012 
00013 #include <linux/init.h>
00014 #include <rsbac/types.h>
00015 
00016 /***************************************************/
00017 /*               General Prototypes                */
00018 /***************************************************/
00019 
00020 /* All functions return 0, if no error occurred, and a negative error code  */
00021 /* otherwise. The error codes are defined in rsbac_error.h.                 */
00022 
00023 /****************************************************************************/
00024 /* Initialization, including ACI restoration for all mounted devices from   */
00025 /* disk. After this call, all ACI is kept in memory for performance reasons,*/
00026 /* but user and file/dir object ACI are written to disk on every change.    */
00027 
00028 #ifdef CONFIG_RSBAC_INIT_DELAY
00029 extern int rsbac_init_acl(void);
00030 #else
00031 extern int rsbac_init_acl(void) __init;
00032 #endif
00033 
00034 /* mounting and umounting */
00035 int rsbac_mount_acl(kdev_t kdev);
00036 int rsbac_umount_acl(kdev_t kdev);
00037 
00038 /* Some information about the current status is also available */
00039 extern int rsbac_stats_acl(void);
00040 
00041 /* Status checking */
00042 extern int rsbac_check_acl(int correct, int check_inode);
00043 
00044 /************************************************* */
00045 /*               Access functions                  */
00046 /************************************************* */
00047 
00048 /* All these procedures handle the spinlocks to protect the targets during */
00049 /* access.                                                                 */
00050 
00051 /* rsbac_acl_set_acl_entry
00052  * Set ACL entry for given target and subject to given rights. If entry does
00053  * not exist, it is created, thus cutting the inheritance from default/parent.
00054  */
00055 
00056 int rsbac_acl_set_acl_entry(
00057          rsbac_list_ta_number_t      ta_number,
00058   enum   rsbac_target_t              target,
00059   union  rsbac_target_id_t           tid,
00060   enum   rsbac_acl_subject_type_t    subj_type,
00061          rsbac_acl_subject_id_t      subj_id,
00062          rsbac_acl_rights_vector_t   rights,
00063          rsbac_time_t                ttl);
00064 
00065 /* rsbac_acl_remove_acl_entry
00066  * Remove ACL entry for given target and subject. This reactivates the
00067  * inheritance from default/parent.
00068  */
00069 
00070 int rsbac_acl_remove_acl_entry(
00071          rsbac_list_ta_number_t      ta_number,
00072   enum   rsbac_target_t              target,
00073   union  rsbac_target_id_t           tid,
00074   enum   rsbac_acl_subject_type_t    subj_type,
00075          rsbac_acl_subject_id_t      subj_id);
00076 
00077 /* rsbac_acl_remove_acl
00078  * Remove ACL for given target. For cleanup on delete.
00079  */
00080 
00081 int rsbac_acl_remove_acl(
00082          rsbac_list_ta_number_t ta_number,
00083   enum   rsbac_target_t         target,
00084   union  rsbac_target_id_t      tid);
00085 
00086 /* rsbac_acl_add_to_acl_entry
00087  * Add given rights to ACL entry for given target and subject. If entry does
00088  * not exist, behaviour is exactly like rsbac_acl_set_acl_entry.
00089  */
00090 
00091 int rsbac_acl_add_to_acl_entry(
00092          rsbac_list_ta_number_t      ta_number,
00093   enum   rsbac_target_t              target,
00094   union  rsbac_target_id_t           tid,
00095   enum   rsbac_acl_subject_type_t    subj_type,
00096          rsbac_acl_subject_id_t      subj_id,
00097          rsbac_acl_rights_vector_t   rights,
00098          rsbac_time_t                ttl);
00099 
00100 /* rsbac_acl_remove_from_acl_entry
00101  * Remove given rights from ACL entry for given target and subject. If entry does
00102  * not exist, nothing happens.
00103  * This function does NOT remove the ACL entry, so removing all rights results in
00104  * NO rights for this subject/target combination!
00105  */
00106 
00107 int rsbac_acl_remove_from_acl_entry(
00108          rsbac_list_ta_number_t      ta_number,
00109   enum   rsbac_target_t              target,
00110   union  rsbac_target_id_t           tid,
00111   enum   rsbac_acl_subject_type_t    subj_type,
00112          rsbac_acl_subject_id_t      subj_id,
00113          rsbac_acl_rights_vector_t   rights);
00114 
00115 /* rsbac_acl_set_mask
00116  * Set inheritance mask for given target to given rights. If item does
00117  * not exist, it is created.
00118  */
00119 
00120 int rsbac_acl_set_mask(
00121          rsbac_list_ta_number_t      ta_number,
00122   enum   rsbac_target_t              target,
00123   union  rsbac_target_id_t           tid,
00124          rsbac_acl_rights_vector_t   mask);
00125 
00126 /* rsbac_acl_get_mask
00127  * Get inheritance mask for given target to given rights. If item does
00128  * not exist, default mask is returned.
00129  */
00130 
00131 int rsbac_acl_get_mask(
00132          rsbac_list_ta_number_t      ta_number,
00133   enum   rsbac_target_t              target,
00134   union  rsbac_target_id_t           tid,
00135          rsbac_acl_rights_vector_t * mask_p);
00136 
00137 /* rsbac_acl_get_rights
00138  * Get effective rights from ACL entry for given target and subject.
00139  * If entry does not exist, inherited rights are used. If there is no parent,
00140  * the default rights vector for this target type is returned.
00141  * This function does NOT add role or group rights to user rights!
00142  */
00143 
00144 int rsbac_acl_get_rights(
00145          rsbac_list_ta_number_t      ta_number,
00146   enum   rsbac_target_t              target,
00147   union  rsbac_target_id_t           tid,
00148   enum   rsbac_acl_subject_type_t    subj_type,
00149          rsbac_acl_subject_id_t      subj_id,
00150          rsbac_acl_rights_vector_t * rights_p,
00151          rsbac_boolean_t                     inherit);
00152 
00153 /* rsbac_acl_get_single_right
00154  * Show, whether a right is set for given target and subject.
00155  * If right is not set, it is checked at all parents, unless it has been
00156  * masked out *or* it is SUPERVISOR, CONFIG_RSBAC_ACL_SUPER_FILTER is set
00157  * and supervisor is masked out.
00158  */
00159 
00160 int rsbac_acl_get_single_right (enum   rsbac_target_t              target,
00161                                 union  rsbac_target_id_t           tid,
00162                                 enum   rsbac_acl_subject_type_t    subj_type,
00163                                        rsbac_acl_subject_id_t      subj_id,
00164                                 enum   rsbac_adf_request_t         right,
00165                                        rsbac_boolean_t                   * result);
00166 
00167 
00168 /************************************************************************** */
00169 /* The rsbac_acl_copy_fd_acl() function copies a file/dir ACL to another    */
00170 /* file/dir ACL. The old ACL of fd2 is erased before copying.               */
00171 
00172 int rsbac_acl_copy_fd_acl(struct rsbac_fs_file_t file1,
00173                           struct rsbac_fs_file_t file2);
00174 
00175 /************************************************************************** */
00176 /* The rsbac_acl_copy_pp_acl() function copies a process acl to another     */
00177 
00178 int rsbac_acl_copy_pp_acl(rsbac_pid_t old_pid,
00179                           rsbac_pid_t new_pid);
00180 
00181 /*************************************************
00182  * rsbac_acl_get_tlist
00183  * Get subjects from ACL entries for given target.
00184  */
00185 
00186 int rsbac_acl_get_tlist(
00187          rsbac_list_ta_number_t    ta_number,
00188   enum   rsbac_target_t            target,
00189   union  rsbac_target_id_t         tid,
00190   struct rsbac_acl_entry_t      ** entry_pp,
00191          rsbac_time_t           ** ttl_pp);
00192 
00193 /*************************************************
00194  * Group management
00195  */
00196 
00197 /* add a group with new id and fill this id into *group_id_p */
00198 int rsbac_acl_add_group(
00199        rsbac_list_ta_number_t   ta_number,
00200        rsbac_uid_t              owner,
00201   enum rsbac_acl_group_type_t   type,
00202        char                   * name,
00203        rsbac_acl_group_id_t   * group_id_p);
00204 
00205 int rsbac_acl_change_group(
00206        rsbac_list_ta_number_t   ta_number,
00207        rsbac_acl_group_id_t     id,
00208        rsbac_uid_t              owner,
00209   enum rsbac_acl_group_type_t   type,
00210        char                   * name);
00211 
00212 int rsbac_acl_remove_group(
00213   rsbac_list_ta_number_t ta_number,
00214   rsbac_acl_group_id_t id);
00215 
00216 int rsbac_acl_get_group_entry(
00217          rsbac_list_ta_number_t    ta_number,
00218          rsbac_acl_group_id_t      group,
00219   struct rsbac_acl_group_entry_t * entry_p);
00220 
00221 int rsbac_acl_list_groups(
00222          rsbac_list_ta_number_t     ta_number,
00223          rsbac_uid_t                owner,
00224          rsbac_boolean_t                    include_global,
00225   struct rsbac_acl_group_entry_t ** entry_pp);
00226 
00227 /* check group existence */
00228 rsbac_boolean_t rsbac_acl_group_exist(rsbac_acl_group_id_t group);
00229 
00230 int rsbac_acl_add_group_member(
00231   rsbac_list_ta_number_t ta_number,
00232   rsbac_acl_group_id_t group,
00233   rsbac_uid_t user,
00234   rsbac_time_t ttl);
00235 
00236 int rsbac_acl_remove_group_member(
00237   rsbac_list_ta_number_t ta_number,
00238   rsbac_acl_group_id_t group,
00239   rsbac_uid_t user);
00240 
00241 /* check membership */
00242 rsbac_boolean_t rsbac_acl_group_member(rsbac_acl_group_id_t group, rsbac_uid_t user);
00243 
00244 /* build vmalloc'd array of all group memberships of the given user */
00245 /* returns number of groups or negative error */
00246 /* Attention: memory deallocation with vfree must be done by caller! */
00247 int rsbac_acl_get_user_groups(
00248   rsbac_list_ta_number_t ta_number,
00249   rsbac_uid_t user,
00250   rsbac_acl_group_id_t ** group_pp,
00251   rsbac_time_t ** ttl_pp);
00252 
00253 /* Returns number of members or negative error */
00254 int rsbac_acl_get_group_members(
00255   rsbac_list_ta_number_t ta_number,
00256   rsbac_acl_group_id_t group,
00257   rsbac_uid_t user_array[],
00258   rsbac_time_t ttl_array[],
00259   int maxnum);
00260 
00261 /* Remove subject from all ACLs */
00262 int rsbac_acl_remove_subject(
00263   rsbac_list_ta_number_t ta_number,
00264   struct rsbac_acl_entry_desc_t desc);
00265 
00266 /*************************************************/
00267 /* remove user from all groups and from all ACLs */
00268 int rsbac_acl_remove_user(
00269   rsbac_list_ta_number_t ta_number,
00270   rsbac_uid_t user);
00271 
00272 #endif
Generated on Fri Jun 17 09:45:18 2005 for RSBAC by  doxygen 1.4.2