RSBAC: /daten/src/rsbac/linux-2.4.31-rsbac-v1.2.4/rsbac/help/cap

00001 /********************************** */
00002 /* Rule Set Based Access Control    */
00003 /* Author and (c) 1999-2005:        */
00004 /*   Amon Ott <ao@rsbac.org>        */
00005 /* Getname functions for CAP module */
00006 /* Last modified: 28/Jan/2005       */
00007 /********************************** */
00008 
00009 #include <rsbac/getname.h>
00010 #include <rsbac/cap_getname.h>
00011 #include <rsbac/helpers.h>
00012 #include <rsbac/error.h>
00013 
00014 #ifdef __KERNEL__
00015 #include <linux/sched.h>
00016 #include <linux/string.h>
00017 #include <linux/module.h>
00018 #include <rsbac/rkmem.h>
00019 #include <rsbac/debug.h>
00020 #include <rsbac/aci.h>
00021 #else
00022 #include <string.h>
00023 #endif
00024 
00025 static char  cap_list[RSBAC_CAP_MAX+1][17] = {
00026    "CHOWN",
00027    "DAC_OVERRIDE",
00028    "DAC_READ_SEARCH",
00029    "FOWNER",
00030    "FSETID",
00031    "KILL",
00032    "SETGID",
00033    "SETUID",
00034    "SETPCAP",
00035    "LINUX_IMMUTABLE",
00036    "NET_BIND_SERVICE",
00037    "NET_BROADCAST",
00038    "NET_ADMIN",
00039    "NET_RAW",
00040    "IPC_LOCK",
00041    "IPC_OWNER",
00042    "SYS_MODULE",
00043    "SYS_RAWIO",
00044    "SYS_CHROOT",
00045    "SYS_PTRACE",
00046    "SYS_PACCT",
00047    "SYS_ADMIN",
00048    "SYS_BOOT",
00049    "SYS_NICE",
00050    "SYS_RESOURCE",
00051    "SYS_TIME",
00052    "SYS_TTY_CONFIG",
00053    "MKNOD",
00054    "LEASE",
00055    "NONE" };
00056 
00057 /*****************************************/
00058 
00059 #ifdef __KERNEL__
00060 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
00061 EXPORT_SYMBOL(rsbac_cap_log_missing_cap);
00062 
00063 void rsbac_cap_log_missing_cap(int cap)
00064   {
00065     char * tmp;
00066     union rsbac_target_id_t       i_tid;
00067     union rsbac_attribute_value_t i_attr_val1;
00068 
00069     if(!rsbac_cap_log_missing)
00070       return;
00071 #if 0 && LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00072     if(cap == CAP_SYS_ADMIN)
00073       return;
00074 #endif
00075     
00076     i_tid.process = current->pid;
00077     if (rsbac_get_attr(CAP,
00078                        T_PROCESS,
00079                        i_tid,
00080                        A_max_caps_user,
00081                        &i_attr_val1,
00082                        FALSE))
00083       {
00084         rsbac_ds_get_error("rsbac_cap_log_missing_cap()", A_max_caps_user);
00085       }
00086     else
00087       {
00088         if(!(i_attr_val1.max_caps_user & (1 << cap)))
00089           {
00090             tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00091             if(tmp)
00092               {
00093                 get_cap_name(tmp, cap);
00094 #ifdef CONFIG_RSBAC_RMSG
00095                 rsbac_printk(KERN_DEBUG
00096                              "capable(): pid %u(%.15s), uid %u: missing user max_cap %s!\n",
00097                              current->pid, current->comm,
00098                              current->uid,
00099                              tmp);
00100 #endif
00101 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00102                 if (!rsbac_nosyslog)
00103 #endif
00104                   printk(KERN_DEBUG
00105                          "capable(): pid %u(%.15s), uid %u: missing user max_cap %s!\n",
00106                          current->pid, current->comm,
00107                          current->uid,
00108                          tmp);
00109                   rsbac_kfree(tmp);
00110               }
00111           }
00112       }
00113     if (rsbac_get_attr(CAP,
00114                        T_PROCESS,
00115                        i_tid,
00116                        A_max_caps_program,
00117                        &i_attr_val1,
00118                        FALSE))
00119       {
00120         rsbac_ds_get_error("rsbac_cap_log_missing_cap()", A_max_caps_program);
00121       }
00122     else
00123       {
00124         if(!(i_attr_val1.max_caps_program & (1 << cap)))
00125           {
00126             tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
00127             if(tmp)
00128               {
00129                 get_cap_name(tmp, cap);
00130 #ifdef CONFIG_RSBAC_RMSG
00131                 rsbac_printk(KERN_DEBUG
00132                              "capable(): pid %u(%.15s), uid %u: missing program max_cap %s!\n",
00133                              current->pid, current->comm,
00134                              current->uid,
00135                              tmp);
00136 #endif
00137 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00138                 if (!rsbac_nosyslog)
00139 #endif
00140                   printk(KERN_DEBUG
00141                          "capable(): pid %u(%.15s), uid %u: missing program max_cap %s!\n",
00142                          current->pid, current->comm,
00143                          current->uid,
00144                          tmp);
00145                   rsbac_kfree(tmp);
00146               }
00147           }
00148       }
00149   }
00150 #endif
00151 #endif
00152 
00153 char * get_cap_name(char * name,
00154                     u_int value)
00155   {
00156     if(!name)
00157       return(NULL);
00158     if(value > CAP_NONE)
00159       strcpy(name, "ERROR!");
00160     else
00161       strcpy(name, cap_list[value]);
00162     return(name);
00163   }
00164 
00165 int get_cap_nr(const char * name)
00166   {
00167     int i;
00168     
00169     if(!name)
00170       return(RT_NONE);
00171     for (i = 0; i < CAP_NONE; i++)
00172       {
00173         if (!strcmp(name, cap_list[i]))
00174           {
00175             return(i);
00176           }
00177       }
00178     return(CAP_NONE);
00179   }
cap_getname.c
