00001
00002
00003
00004
00005
00006
00007
00008
00009 #include <rsbac/types.h>
00010 #include <rsbac/aci.h>
00011 #include <rsbac/mac.h>
00012 #include <rsbac/pm.h>
00013 #include <rsbac/auth.h>
00014 #include <rsbac/acl.h>
00015 #include <rsbac/reg.h>
00016 #include <rsbac/error.h>
00017 #include <rsbac/debug.h>
00018 #include <rsbac/helpers.h>
00019 #include <rsbac/getname.h>
00020 #include <rsbac/network.h>
00021 #include <asm/segment.h>
00022 #include <asm/semaphore.h>
00023 #include <linux/sched.h>
00024 #include <linux/file.h>
00025 #include <rsbac/rkmem.h>
00026 #include <rsbac/gen_lists.h>
00027 #include <linux/smp_lock.h>
00028 #include <asm/uaccess.h>
00029
00030 #include <rsbac/adf.h>
00031 #include <rsbac/adf_main.h>
00032 #include <rsbac/adf_syshelpers.h>
00033 #include <rsbac/rc.h>
00034 #include <rsbac/um.h>
00035 #include <rsbac/um_types.h>
00036 #include <rsbac/syscalls.h>
00037
00038 #ifdef CONFIG_RSBAC_NET_OBJ
00039 #include <rsbac/network.h>
00040 #endif
00041 #ifdef CONFIG_RSBAC_DAZ
00042 #include <rsbac/daz.h>
00043 #endif
00044
00045 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00046 #include <linux/namei.h>
00047 #endif
00048
00049
00050
00051
00052
00053 extern struct semaphore rsbac_write_sem;
00054
00055
00056
00057
00058
00059
00060
00061
00062
00063
00064
00065
00066 int sys_rsbac_stats(void)
00067 {
00068 union rsbac_target_id_t rsbac_target_id;
00069 union rsbac_attribute_value_t rsbac_attribute_value;
00070
00071 #ifdef CONFIG_RSBAC_DEBUG
00072 if (rsbac_debug_aef)
00073 {
00074 #ifdef CONFIG_RSBAC_RMSG
00075 rsbac_printk(KERN_DEBUG "sys_rsbac_stats(): calling ADF\n");
00076 #endif
00077 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00078 if (!rsbac_nosyslog)
00079 #endif
00080 printk(KERN_DEBUG "sys_rsbac_stats(): calling ADF\n");
00081 }
00082 #endif
00083 rsbac_target_id.scd = ST_rsbac;
00084 rsbac_attribute_value.dummy = 0;
00085 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00086 current->pid,
00087 T_SCD,
00088 rsbac_target_id,
00089 A_none,
00090 rsbac_attribute_value))
00091 {
00092 return -EPERM;
00093 }
00094
00095 return(rsbac_stats());
00096 };
00097
00098 long sys_sync(void);
00099
00100 int sys_rsbac_check(int correct, int check_inode)
00101 {
00102 union rsbac_target_id_t rsbac_target_id;
00103 union rsbac_attribute_value_t rsbac_attribute_value;
00104 int result;
00105
00106 #ifdef CONFIG_RSBAC_DEBUG
00107 if (rsbac_debug_aef)
00108 {
00109 #ifdef CONFIG_RSBAC_RMSG
00110 rsbac_printk(KERN_DEBUG "sys_rsbac_check(): calling ADF\n");
00111 #endif
00112 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00113 if (!rsbac_nosyslog)
00114 #endif
00115 printk(KERN_DEBUG "sys_rsbac_check(): calling ADF\n");
00116 }
00117 #endif
00118 rsbac_target_id.scd = ST_rsbac;
00119 rsbac_attribute_value.dummy = 0;
00120 if (!rsbac_adf_request(R_GET_STATUS_DATA,
00121 current->pid,
00122 T_SCD,
00123 rsbac_target_id,
00124 A_none,
00125 rsbac_attribute_value))
00126 {
00127 return -EPERM;
00128 }
00129
00130 #ifdef CONFIG_RSBAC_RMSG
00131 rsbac_printk(KERN_INFO
00132 "sys_rsbac_check(): triggering RSBAC consistency check, correct = %u, check_inode = %u!\n",
00133 correct, check_inode);
00134 #endif
00135 #ifndef CONFIG_RSBAC_RMSG_EXCL
00136 printk(KERN_INFO
00137 "sys_rsbac_check(): triggering RSBAC consistency check, correct = %u, check_inode = %u!\n",
00138 correct, check_inode);
00139 #endif
00140
00141 if(check_inode)
00142 {
00143 #ifdef CONFIG_RSBAC_RMSG
00144 rsbac_printk(KERN_INFO
00145 "sys_rsbac_check(): syncing disks\n");
00146 #endif
00147 #ifndef CONFIG_RSBAC_RMSG_EXCL
00148 printk(KERN_INFO
00149 "sys_rsbac_check(): syncing disks\n");
00150 #endif
00151 sys_sync();
00152 }
00153
00154 lock_kernel();
00155
00156 if(check_inode)
00157 down(&rsbac_write_sem);
00158
00159 result = rsbac_check(correct, check_inode);
00160 if(!result)
00161 result=rsbac_check_lists(correct);
00162
00163 #if defined(CONFIG_RSBAC_MAC)
00164 if(!result)
00165 result=rsbac_check_mac(correct, check_inode);
00166 #endif
00167 #if defined(CONFIG_RSBAC_AUTH)
00168 if(!result)
00169 result=rsbac_check_auth(correct, check_inode);
00170 #endif
00171 #if defined(CONFIG_RSBAC_ACL)
00172 if(!result)
00173 result=rsbac_check_acl(correct, check_inode);
00174 #endif
00175 #if defined(CONFIG_RSBAC_REG)
00176 if(!result)
00177 result=rsbac_check_reg(correct, check_inode);
00178 #endif
00179
00180 if(check_inode)
00181 up(&rsbac_write_sem);
00182
00183 unlock_kernel();
00184 return(result);
00185 };
00186
00187 int sys_rsbac_write(void)
00188 {
00189 #if defined(CONFIG_RSBAC_AUTO_WRITE)
00190 union rsbac_target_id_t rsbac_target_id;
00191 union rsbac_attribute_value_t rsbac_attribute_value;
00192 int result;
00193
00194 #ifdef CONFIG_RSBAC_DEBUG
00195 if (rsbac_debug_aef)
00196 {
00197 #ifdef CONFIG_RSBAC_RMSG
00198 rsbac_printk(KERN_DEBUG "sys_rsbac_write(): calling ADF\n");
00199 #endif
00200 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00201 if (!rsbac_nosyslog)
00202 #endif
00203 printk(KERN_DEBUG "sys_rsbac_write(): calling ADF\n");
00204 }
00205 #endif
00206 rsbac_target_id.scd = ST_rsbac;
00207 rsbac_attribute_value.dummy = 0;
00208 if (!rsbac_adf_request(R_WRITE,
00209 current->pid,
00210 T_SCD,
00211 rsbac_target_id,
00212 A_none,
00213 rsbac_attribute_value))
00214 {
00215 return -EPERM;
00216 }
00217
00218
00219 result = rsbac_write(TRUE);
00220
00221 return result;
00222 #else
00223 return(0);
00224 #endif
00225 };
00226
00227
00228
00229
00230
00231 int sys_rsbac_get_attr(
00232 rsbac_list_ta_number_t ta_number,
00233 enum rsbac_switch_target_t module,
00234 enum rsbac_target_t target,
00235 union rsbac_target_id_t * tid,
00236 enum rsbac_attribute_t attr,
00237 union rsbac_attribute_value_t * value,
00238 int inherit)
00239 {
00240 union rsbac_target_id_t k_tid;
00241 union rsbac_attribute_value_t k_value;
00242 int err = 0;
00243 rsbac_boolean_t i_inherit;
00244
00245 if(module > SW_NONE)
00246 return(-RSBAC_EINVALIDMODULE);
00247 if(!tid || (target >= T_NONE))
00248 return(-RSBAC_EINVALIDTARGET);
00249 if(!value)
00250 return(-RSBAC_EINVALIDVALUE);
00251 if(attr >= A_none)
00252 return(-RSBAC_EINVALIDATTR);
00253
00254 if(module == SW_NONE)
00255 {
00256 module = get_attr_module(attr);
00257 if(module == SW_NONE)
00258 return(-RSBAC_EINVALIDMODULE);
00259 }
00260
00261
00262 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00263 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00264
00265 if(inherit)
00266 i_inherit = TRUE;
00267 else
00268 i_inherit = FALSE;
00269
00270 #ifdef CONFIG_RSBAC_NET_OBJ
00271
00272 if( (target == T_NETOBJ)
00273 && ( !k_tid.netobj.sock_p
00274 || k_tid.netobj.remote_addr
00275 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00276 || !k_tid.netobj.sock_p->file
00277 || !k_tid.netobj.sock_p->file->f_dentry
00278 || !k_tid.netobj.sock_p->file->f_dentry->d_inode
00279 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p)
00280 #else
00281 || !k_tid.netobj.sock_p->inode
00282 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p)
00283 #endif
00284 )
00285 )
00286 return -RSBAC_EINVALIDTARGET;
00287 #endif
00288
00289
00290 #ifdef CONFIG_RSBAC_DEBUG
00291 if (rsbac_debug_aef)
00292 {
00293 #ifdef CONFIG_RSBAC_RMSG
00294 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr(): calling ADF\n");
00295 #endif
00296 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00297 if (!rsbac_nosyslog)
00298 #endif
00299 printk(KERN_DEBUG "sys_rsbac_get_attr(): calling ADF\n");
00300 }
00301 #endif
00302 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
00303 current->pid,
00304 target,
00305 k_tid,
00306 attr,
00307 k_value))
00308 {
00309 return -EPERM;
00310 }
00311
00312 err = rsbac_ta_get_attr(ta_number, module, target, k_tid, attr, &k_value, i_inherit);
00313
00314 if(!err)
00315 {
00316 err = rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00317 }
00318 return (err);
00319 }
00320
00321
00322 int sys_rsbac_get_attr_n(
00323 rsbac_list_ta_number_t ta_number,
00324 enum rsbac_switch_target_t module,
00325 enum rsbac_target_t target,
00326 char * t_name,
00327 enum rsbac_attribute_t attr,
00328 union rsbac_attribute_value_t * value,
00329 int inherit)
00330 {
00331 union rsbac_attribute_value_t k_value;
00332 struct dentry * t_dentry;
00333 int err = 0;
00334 union rsbac_target_id_t tid;
00335
00336 rsbac_boolean_t i_inherit;
00337 struct nameidata nd;
00338
00339 if(module > SW_NONE)
00340 return(-RSBAC_EINVALIDMODULE);
00341 if(!t_name || (target >= T_NONE))
00342 return(-RSBAC_EINVALIDTARGET);
00343 if(!value)
00344 return(-RSBAC_EINVALIDVALUE);
00345 if(attr >= A_none)
00346 return(-RSBAC_EINVALIDATTR);
00347
00348 if(module == SW_NONE)
00349 {
00350 module = get_attr_module(attr);
00351 if(module == SW_NONE)
00352 return(-RSBAC_EINVALIDMODULE);
00353 }
00354
00355 if(inherit)
00356 i_inherit = TRUE;
00357 else
00358 i_inherit = FALSE;
00359
00360
00361 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00362
00363
00364 if ((err = user_path_walk_link(t_name, &nd)))
00365 {
00366 #ifdef CONFIG_RSBAC_DEBUG
00367 if (rsbac_debug_aef)
00368 {
00369 #ifdef CONFIG_RSBAC_RMSG
00370 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): call to user_path_walk_link() returned %i\n", err);
00371 #endif
00372 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00373 if (!rsbac_nosyslog)
00374 #endif
00375 printk(KERN_DEBUG "sys_rsbac_get_attr_n(): call to user_path_walk_link() returned %i\n", err);
00376 }
00377 #endif
00378 goto out;
00379 }
00380 t_dentry = nd.dentry;
00381 if (!t_dentry->d_inode)
00382 {
00383 #ifdef CONFIG_RSBAC_DEBUG
00384 if (rsbac_debug_aef)
00385 {
00386 #ifdef CONFIG_RSBAC_RMSG
00387 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): file not found\n");
00388 #endif
00389 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00390 if (!rsbac_nosyslog)
00391 #endif
00392 printk(KERN_DEBUG "sys_rsbac_get_attr_n(): file not found\n");
00393 }
00394 #endif
00395 err = -RSBAC_EINVALIDTARGET;
00396 goto out_dput;
00397 }
00398
00399 switch (target)
00400 {
00401
00402 case T_FD:
00403 if(S_ISREG(t_dentry->d_inode->i_mode))
00404 {
00405 target = T_FILE;
00406 }
00407 else
00408 if(S_ISDIR(t_dentry->d_inode->i_mode))
00409 {
00410 target = T_DIR;
00411 }
00412 else
00413 if(S_ISLNK(t_dentry->d_inode->i_mode))
00414 {
00415 target = T_SYMLINK;
00416 }
00417 else
00418 if(S_ISFIFO(t_dentry->d_inode->i_mode))
00419 {
00420 target = T_FIFO;
00421 }
00422 else
00423 if(S_ISBLK(t_dentry->d_inode->i_mode))
00424 {
00425 target = T_FILE;
00426 }
00427 else
00428 if(S_ISCHR(t_dentry->d_inode->i_mode))
00429 {
00430 target = T_FILE;
00431 }
00432 else
00433 {
00434 #ifdef CONFIG_RSBAC_DEBUG
00435 if (rsbac_debug_aef)
00436 {
00437 #ifdef CONFIG_RSBAC_RMSG
00438 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no filesystem object\n");
00439 #endif
00440 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00441 if (!rsbac_nosyslog)
00442 #endif
00443 printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no filesystem object\n");
00444 }
00445 #endif
00446 err = -RSBAC_EINVALIDTARGET;
00447 goto out_dput;
00448 }
00449 break;
00450
00451 case T_FILE:
00452 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
00453 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00454 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00455 {
00456 #ifdef CONFIG_RSBAC_DEBUG
00457 if (rsbac_debug_aef)
00458 {
00459 #ifdef CONFIG_RSBAC_RMSG
00460 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no file\n");
00461 #endif
00462 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00463 if (!rsbac_nosyslog)
00464 #endif
00465 printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no file\n");
00466 }
00467 #endif
00468 err = -RSBAC_EINVALIDTARGET;
00469 goto out_dput;
00470 }
00471 break;
00472
00473 case T_DIR:
00474 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00475 {
00476 #ifdef CONFIG_RSBAC_DEBUG
00477 if (rsbac_debug_aef)
00478 {
00479 #ifdef CONFIG_RSBAC_RMSG
00480 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dir\n");
00481 #endif
00482 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00483 if (!rsbac_nosyslog)
00484 #endif
00485 printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dir\n");
00486 }
00487 #endif
00488 err = -RSBAC_EINVALIDTARGET;
00489 goto out_dput;
00490 }
00491 break;
00492
00493 case T_FIFO:
00494
00495 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
00496 {
00497 #ifdef CONFIG_RSBAC_DEBUG
00498 if (rsbac_debug_aef)
00499 {
00500 #ifdef CONFIG_RSBAC_RMSG
00501 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no fifo\n");
00502 #endif
00503 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00504 if (!rsbac_nosyslog)
00505 #endif
00506 printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no fifo\n");
00507 }
00508 #endif
00509 err = -RSBAC_EINVALIDTARGET;
00510 goto out_dput;
00511 }
00512 break;
00513
00514 case T_SYMLINK:
00515 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
00516 {
00517 #ifdef CONFIG_RSBAC_DEBUG
00518 if (rsbac_debug_aef)
00519 {
00520 #ifdef CONFIG_RSBAC_RMSG
00521 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no symlink\n");
00522 #endif
00523 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00524 if (!rsbac_nosyslog)
00525 #endif
00526 printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no symlink\n");
00527 }
00528 #endif
00529 err = -RSBAC_EINVALIDTARGET;
00530 goto out_dput;
00531 }
00532 break;
00533
00534 case T_DEV:
00535 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
00536 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00537 {
00538 #ifdef CONFIG_RSBAC_DEBUG
00539 if (rsbac_debug_aef)
00540 {
00541 #ifdef CONFIG_RSBAC_RMSG
00542 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dev\n");
00543 #endif
00544 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00545 if (!rsbac_nosyslog)
00546 #endif
00547 printk(KERN_DEBUG "sys_rsbac_get_attr_n(): no dev\n");
00548 }
00549 #endif
00550 err = -RSBAC_EINVALIDTARGET;
00551 goto out_dput;
00552 }
00553 break;
00554
00555 default:
00556 err = -RSBAC_EINVALIDTARGET;
00557 goto out_dput;
00558 }
00559
00560 if(target == T_DEV)
00561 {
00562 if(S_ISBLK(t_dentry->d_inode->i_mode))
00563 tid.dev.type = D_block;
00564 else
00565 tid.dev.type = D_char;
00566 tid.dev.id = t_dentry->d_inode->i_rdev;
00567 }
00568 else
00569 {
00570
00571 tid.file.device = t_dentry->d_sb->s_dev;
00572 tid.file.inode = t_dentry->d_inode->i_ino;
00573 tid.file.dentry_p = t_dentry;
00574 }
00575
00576 #ifdef CONFIG_RSBAC_DEBUG
00577 if (rsbac_debug_aef)
00578 {
00579 #ifdef CONFIG_RSBAC_RMSG
00580 rsbac_printk(KERN_DEBUG "sys_rsbac_get_attr_n(): calling ADF\n");
00581 #endif
00582 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00583 if (!rsbac_nosyslog)
00584 #endif
00585 printk(KERN_DEBUG "sys_rsbac_get_attr_n(): calling ADF\n");
00586 }
00587 #endif
00588 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
00589 current->pid,
00590 target,
00591 tid,
00592 attr,
00593 k_value))
00594 {
00595 err = -EPERM;
00596 }
00597 else
00598 {
00599 err = rsbac_ta_get_attr(ta_number, module, target, tid, attr, &k_value, i_inherit);
00600
00601 if(!err)
00602 rsbac_put_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00603 }
00604
00605 out_dput:
00606 path_release(&nd);
00607
00608 out:
00609 return(err);
00610 }
00611
00612
00613
00614 int sys_rsbac_set_attr(
00615 rsbac_list_ta_number_t ta_number,
00616 enum rsbac_switch_target_t module,
00617 enum rsbac_target_t target,
00618 union rsbac_target_id_t * tid,
00619 enum rsbac_attribute_t attr,
00620 union rsbac_attribute_value_t * value)
00621 {
00622 union rsbac_target_id_t k_tid;
00623 union rsbac_attribute_value_t k_value;
00624 int err = 0;
00625 struct task_struct * task_p;
00626
00627 if(module > SW_NONE)
00628 return(-RSBAC_EINVALIDMODULE);
00629 if(!tid || (target >= T_NONE))
00630 return(-RSBAC_EINVALIDTARGET);
00631 if(!value)
00632 return(-RSBAC_EINVALIDVALUE);
00633 if(attr >= A_none)
00634 return(-RSBAC_EINVALIDATTR);
00635
00636 if(module == SW_NONE)
00637 {
00638 module = get_attr_module(attr);
00639 if(module == SW_NONE)
00640 return(-RSBAC_EINVALIDMODULE);
00641 }
00642 #ifdef CONFIG_RSBAC_FREEZE
00643 if(rsbac_freeze)
00644 {
00645 #ifdef CONFIG_RSBAC_RMSG
00646 rsbac_printk(KERN_WARNING
00647 "sys_rsbac_set_attr(): RSBAC configuration frozen, no administration allowed!\n");
00648 #endif
00649 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00650 if (!rsbac_nosyslog)
00651 #endif
00652 printk(KERN_WARNING
00653 "sys_rsbac_set_attr(): RSBAC configuration frozen, no administration allowed!\n");
00654 return -EPERM;
00655 }
00656 #endif
00657
00658
00659 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00660 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00661
00662
00663 switch(target)
00664 {
00665 case T_PROCESS:
00666 read_lock(&tasklist_lock);
00667 task_p = find_task_by_pid(k_tid.process);
00668 read_unlock(&tasklist_lock);
00669 if(!task_p)
00670 return(-RSBAC_EINVALIDTARGET);
00671 break;
00672
00673 #ifdef CONFIG_RSBAC_NET_OBJ
00674
00675 case T_NETOBJ:
00676 if( !k_tid.netobj.sock_p
00677 || k_tid.netobj.remote_addr
00678 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00679 || !k_tid.netobj.sock_p->file
00680 || !k_tid.netobj.sock_p->file->f_dentry
00681 || !k_tid.netobj.sock_p->file->f_dentry->d_inode
00682 || (SOCKET_I(k_tid.netobj.sock_p->file->f_dentry->d_inode) != k_tid.netobj.sock_p)
00683 #else
00684 || !k_tid.netobj.sock_p->inode
00685 || (&(k_tid.netobj.sock_p->inode->u.socket_i) != k_tid.netobj.sock_p)
00686 #endif
00687 )
00688 return -RSBAC_EINVALIDTARGET;
00689 #endif
00690
00691
00692 default:
00693 break;
00694 }
00695
00696
00697 #ifdef CONFIG_RSBAC_DEBUG
00698 if (rsbac_debug_aef)
00699 printk(KERN_DEBUG
00700 "sys_rsbac_set_attr(): calling ADF\n");
00701 #endif
00702 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00703 current->pid,
00704 target,
00705 k_tid,
00706 attr,
00707 k_value))
00708 {
00709 return -EPERM;
00710 }
00711 err = rsbac_ta_set_attr(ta_number, module, target, k_tid, attr, k_value);
00712 return (err);
00713 }
00714
00715 int sys_rsbac_set_attr_n(
00716 rsbac_list_ta_number_t ta_number,
00717 enum rsbac_switch_target_t module,
00718 enum rsbac_target_t target,
00719 char * t_name,
00720 enum rsbac_attribute_t attr,
00721 union rsbac_attribute_value_t * value)
00722 {
00723 struct dentry * t_dentry;
00724 int err = 0;
00725 union rsbac_attribute_value_t k_value;
00726 union rsbac_target_id_t tid;
00727 struct nameidata nd;
00728
00729 if(module > SW_NONE)
00730 return(-RSBAC_EINVALIDMODULE);
00731 if(!t_name || (target >= T_NONE))
00732 return(-RSBAC_EINVALIDTARGET);
00733 if(!value)
00734 return(-RSBAC_EINVALIDVALUE);
00735 if(attr >= A_none)
00736 return(-RSBAC_EINVALIDATTR);
00737
00738 if(module == SW_NONE)
00739 {
00740 module = get_attr_module(attr);
00741 if(module == SW_NONE)
00742 return(-RSBAC_EINVALIDMODULE);
00743 }
00744
00745 #ifdef CONFIG_RSBAC_FREEZE
00746 if(rsbac_freeze)
00747 {
00748 #ifdef CONFIG_RSBAC_RMSG
00749 rsbac_printk(KERN_WARNING
00750 "sys_rsbac_set_attr_n(): RSBAC configuration frozen, no administration allowed!\n");
00751 #endif
00752 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00753 if (!rsbac_nosyslog)
00754 #endif
00755 printk(KERN_WARNING
00756 "sys_rsbac_set_attr_n(): RSBAC configuration frozen, no administration allowed!\n");
00757 return -EPERM;
00758 }
00759 #endif
00760
00761 rsbac_get_user((u_char *) &k_value, (u_char *) value, sizeof(k_value) );
00762
00763
00764 if ((err = user_path_walk_link(t_name, &nd)))
00765 {
00766 #ifdef CONFIG_RSBAC_DEBUG
00767 if (rsbac_debug_aef)
00768 printk(KERN_DEBUG "sys_rsbac_set_attr_n(): call to user_path_walk_link() returned %i\n", err);
00769 #endif
00770 goto out;
00771 }
00772 t_dentry = nd.dentry;
00773 if (!t_dentry->d_inode)
00774 {
00775 #ifdef CONFIG_RSBAC_DEBUG
00776 if (rsbac_debug_aef)
00777 printk(KERN_DEBUG "sys_rsbac_set_attr_n(): file not found\n");
00778 #endif
00779 err = -RSBAC_EINVALIDTARGET;
00780 goto out_dput;
00781 }
00782
00783 switch (target)
00784 {
00785
00786 case T_FD:
00787 if(S_ISREG(t_dentry->d_inode->i_mode))
00788 {
00789 target = T_FILE;
00790 }
00791 else
00792 if(S_ISDIR(t_dentry->d_inode->i_mode))
00793 {
00794 target = T_DIR;
00795 }
00796 else
00797 if(S_ISLNK(t_dentry->d_inode->i_mode))
00798 {
00799 target = T_SYMLINK;
00800 }
00801 else
00802 if(S_ISFIFO(t_dentry->d_inode->i_mode))
00803 {
00804 target = T_FIFO;
00805 }
00806 else
00807 if(S_ISBLK(t_dentry->d_inode->i_mode))
00808 {
00809 target = T_FILE;
00810 }
00811 else
00812 if(S_ISCHR(t_dentry->d_inode->i_mode))
00813 {
00814 target = T_FILE;
00815 }
00816 else
00817 {
00818 #ifdef CONFIG_RSBAC_DEBUG
00819 if (rsbac_debug_aef)
00820 printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no filesystem object\n");
00821 #endif
00822 err = -RSBAC_EINVALIDTARGET;
00823 goto out_dput;
00824 }
00825 break;
00826
00827 case T_FILE:
00828 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
00829 && !(S_ISBLK(t_dentry->d_inode->i_mode))
00830 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00831 {
00832 #ifdef CONFIG_RSBAC_DEBUG
00833 if (rsbac_debug_aef)
00834 printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no file\n");
00835 #endif
00836 err = -RSBAC_EINVALIDTARGET;
00837 goto out_dput;
00838 }
00839 break;
00840
00841 case T_DIR:
00842 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
00843 {
00844 #ifdef CONFIG_RSBAC_DEBUG
00845 if (rsbac_debug_aef) printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n");
00846 #endif
00847 err = -RSBAC_EINVALIDTARGET;
00848 goto out_dput;
00849 }
00850 break;
00851
00852 case T_FIFO:
00853
00854 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
00855 {
00856 #ifdef CONFIG_RSBAC_DEBUG
00857 if (rsbac_debug_aef)
00858 printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no fifo\n");
00859 #endif
00860 err = -RSBAC_EINVALIDTARGET;
00861 goto out_dput;
00862 }
00863 break;
00864
00865 case T_SYMLINK:
00866 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
00867 {
00868 #ifdef CONFIG_RSBAC_DEBUG
00869 if (rsbac_debug_aef)
00870 printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no symlink\n");
00871 #endif
00872 err = -RSBAC_EINVALIDTARGET;
00873 goto out_dput;
00874 }
00875 break;
00876
00877 case T_DEV:
00878 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
00879 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
00880 {
00881 #ifdef CONFIG_RSBAC_DEBUG
00882 if (rsbac_debug_aef) printk(KERN_DEBUG "sys_rsbac_set_attr_n(): no dev\n");
00883 #endif
00884 err = -RSBAC_EINVALIDTARGET;
00885 goto out_dput;
00886 }
00887 break;
00888
00889 default:
00890 err = -RSBAC_EINVALIDTARGET;
00891 goto out_dput;
00892 }
00893
00894 if(target == T_DEV)
00895 {
00896 if(S_ISBLK(t_dentry->d_inode->i_mode))
00897 tid.dev.type = D_block;
00898 else
00899 tid.dev.type = D_char;
00900 tid.dev.id = t_dentry->d_inode->i_rdev;
00901 }
00902 else
00903 {
00904
00905 tid.file.device = t_dentry->d_sb->s_dev;
00906 tid.file.inode = t_dentry->d_inode->i_ino;
00907 tid.file.dentry_p = t_dentry;
00908 }
00909
00910 #ifdef CONFIG_RSBAC_DEBUG
00911 if (rsbac_debug_aef) printk(KERN_DEBUG "sys_rsbac_set_attr_n(): calling ADF\n");
00912 #endif
00913 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00914 current->pid,
00915 target,
00916 tid,
00917 attr,
00918 k_value))
00919 {
00920 err = -EPERM;
00921 }
00922 else
00923 {
00924 err = rsbac_ta_set_attr(ta_number, module, target, tid, attr, k_value);
00925 }
00926
00927 out_dput:
00928 path_release(&nd);
00929
00930 out:
00931 return(err);
00932 }
00933
00934
00935
00936 int sys_rsbac_remove_target(
00937 rsbac_list_ta_number_t ta_number,
00938 enum rsbac_target_t target,
00939 union rsbac_target_id_t * tid)
00940 {
00941 union rsbac_target_id_t k_tid;
00942 int err = 0;
00943
00944
00945 union rsbac_attribute_value_t rsbac_attribute_value;
00946
00947 if(!tid || (target >= T_NONE))
00948 return(-RSBAC_EINVALIDTARGET);
00949
00950 #ifdef CONFIG_RSBAC_FREEZE
00951 if(rsbac_freeze)
00952 {
00953 #ifdef CONFIG_RSBAC_RMSG
00954 rsbac_printk(KERN_WARNING
00955 "sys_rsbac_remove_target(): RSBAC configuration frozen, no administration allowed!\n");
00956 #endif
00957 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
00958 if (!rsbac_nosyslog)
00959 #endif
00960 printk(KERN_WARNING
00961 "sys_rsbac_remove_target(): RSBAC configuration frozen, no administration allowed!\n");
00962 return -EPERM;
00963 }
00964 #endif
00965
00966
00967 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
00968
00969
00970 #ifdef CONFIG_RSBAC_DEBUG
00971 if (rsbac_debug_aef) printk(KERN_DEBUG "sys_rsbac_remove_target(): calling ADF\n");
00972 #endif
00973 rsbac_attribute_value.dummy = 0;
00974 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
00975 current->pid,
00976 target,
00977 k_tid,
00978 A_none,
00979 rsbac_attribute_value))
00980 {
00981 return -EPERM;
00982 }
00983 err = rsbac_ta_remove_target(ta_number, target, k_tid);
00984 return (err);
00985 }
00986
00987 int sys_rsbac_remove_target_n(
00988 rsbac_list_ta_number_t ta_number,
00989 enum rsbac_target_t target,
00990 char * t_name)
00991 {
00992 struct dentry * t_dentry;
00993 int err = 0;
00994 union rsbac_target_id_t tid;
00995
00996
00997 union rsbac_attribute_value_t rsbac_attribute_value;
00998
00999
01000
01001 struct nameidata nd;
01002
01003 if(!t_name || (target >= T_NONE))
01004 return(-RSBAC_EINVALIDTARGET);
01005
01006 #ifdef CONFIG_RSBAC_FREEZE
01007 if(rsbac_freeze)
01008 {
01009 #ifdef CONFIG_RSBAC_RMSG
01010 rsbac_printk(KERN_WARNING
01011 "sys_rsbac_remove_target_n(): RSBAC configuration frozen, no administration allowed!\n");
01012 #endif
01013 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01014 if (!rsbac_nosyslog)
01015 #endif
01016 printk(KERN_WARNING
01017 "sys_rsbac_remove_target_n(): RSBAC configuration frozen, no administration allowed!\n");
01018 return -EPERM;
01019 }
01020 #endif
01021
01022
01023 if ((err = user_path_walk_link(t_name, &nd)))
01024 {
01025 #ifdef CONFIG_RSBAC_DEBUG
01026 if (rsbac_debug_aef)
01027 printk(KERN_DEBUG "sys_rsbac_remove_target_n(): call to user_path_walk_link() returned %i\n", err);
01028 #endif
01029 goto out;
01030 }
01031 t_dentry = nd.dentry;
01032 if (!t_dentry->d_inode)
01033 {
01034 #ifdef CONFIG_RSBAC_DEBUG
01035 if (rsbac_debug_aef)
01036 printk(KERN_DEBUG "sys_rsbac_remove_target_n(): file not found\n");
01037 #endif
01038 err = -RSBAC_EINVALIDTARGET;
01039 goto out_dput;
01040 }
01041
01042 switch (target)
01043 {
01044
01045 case T_FD:
01046 if(S_ISREG(t_dentry->d_inode->i_mode))
01047 {
01048 target = T_FILE;
01049 }
01050 else
01051 if(S_ISDIR(t_dentry->d_inode->i_mode))
01052 {
01053 target = T_DIR;
01054 }
01055 else
01056 if(S_ISLNK(t_dentry->d_inode->i_mode))
01057 {
01058 target = T_SYMLINK;
01059 }
01060 else
01061 if(S_ISFIFO(t_dentry->d_inode->i_mode))
01062 {
01063 target = T_FIFO;
01064 }
01065 else
01066 if(S_ISBLK(t_dentry->d_inode->i_mode))
01067 {
01068 target = T_FILE;
01069 }
01070 else
01071 if(S_ISCHR(t_dentry->d_inode->i_mode))
01072 {
01073 target = T_FILE;
01074 }
01075 else
01076 {
01077 #ifdef CONFIG_RSBAC_DEBUG
01078 if (rsbac_debug_aef)
01079 printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no filesystem object\n");
01080 #endif
01081 err = -RSBAC_EINVALIDTARGET;
01082 goto out_dput;
01083 }
01084 break;
01085
01086 case T_FILE:
01087 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
01088 && !(S_ISBLK(t_dentry->d_inode->i_mode))
01089 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
01090 {
01091 #ifdef CONFIG_RSBAC_DEBUG
01092 if (rsbac_debug_aef)
01093 printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no file\n");
01094 #endif
01095 err = -RSBAC_EINVALIDTARGET;
01096 goto out_dput;
01097 }
01098 break;
01099
01100 case T_DIR:
01101 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
01102 {
01103 #ifdef CONFIG_RSBAC_DEBUG
01104 if (rsbac_debug_aef) printk(KERN_DEBUG "sys_rsbac_get_attr(): no dir\n");
01105 #endif
01106 err = -RSBAC_EINVALIDTARGET;
01107 goto out_dput;
01108 }
01109 break;
01110
01111 case T_FIFO:
01112
01113 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
01114 {
01115 #ifdef CONFIG_RSBAC_DEBUG
01116 if (rsbac_debug_aef)
01117 printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no fifo\n");
01118 #endif
01119 err = -RSBAC_EINVALIDTARGET;
01120 goto out_dput;
01121 }
01122 break;
01123
01124 case T_SYMLINK:
01125 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
01126 {
01127 #ifdef CONFIG_RSBAC_DEBUG
01128 if (rsbac_debug_aef)
01129 printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no symlink\n");
01130 #endif
01131 err = -RSBAC_EINVALIDTARGET;
01132 goto out_dput;
01133 }
01134 break;
01135
01136 case T_DEV:
01137 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
01138 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
01139 {
01140 #ifdef CONFIG_RSBAC_DEBUG
01141 if (rsbac_debug_aef) printk(KERN_DEBUG "sys_rsbac_remove_target_n(): no dev\n");
01142 #endif
01143 err = -RSBAC_EINVALIDTARGET;
01144 goto out_dput;
01145 }
01146 break;
01147
01148 default:
01149 err = -RSBAC_EINVALIDTARGET;
01150 goto out_dput;
01151 }
01152
01153 if(target == T_DEV)
01154 {
01155 if(S_ISBLK(t_dentry->d_inode->i_mode))
01156 tid.dev.type = D_block;
01157 else
01158 tid.dev.type = D_char;
01159 tid.dev.id = t_dentry->d_inode->i_rdev;
01160 }
01161 else
01162 {
01163
01164 tid.file.device = t_dentry->d_sb->s_dev;
01165 tid.file.inode = t_dentry->d_inode->i_ino;
01166 tid.file.dentry_p = t_dentry;
01167 }
01168
01169 #ifdef CONFIG_RSBAC_DEBUG
01170 if (rsbac_debug_aef) printk(KERN_DEBUG "sys_rsbac_remove_target_n(): calling ADF\n");
01171 #endif
01172 rsbac_attribute_value.dummy = 0;
01173 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
01174 current->pid,
01175 target,
01176 tid,
01177 A_none,
01178 rsbac_attribute_value))
01179 {
01180 err = -EPERM;
01181 }
01182 else
01183 {
01184 err = rsbac_ta_remove_target(ta_number, target, tid);
01185 }
01186
01187 out_dput:
01188 path_release(&nd);
01189
01190 out:
01191 return(err);
01192 }
01193
01194 int sys_rsbac_net_list_all_netdev(
01195 rsbac_list_ta_number_t ta_number,
01196 rsbac_netdev_id_t * id_p,
01197 u_long maxnum)
01198 {
01199 #ifdef CONFIG_RSBAC_NET_DEV
01200 int err=0;
01201 long count;
01202
01203 if(id_p && maxnum)
01204 {
01205 rsbac_netdev_id_t * k_id_p = NULL;
01206
01207 count = rsbac_ta_net_list_all_netdev(ta_number, &k_id_p);
01208 if(count <= 0)
01209 return count;
01210 if(count > maxnum)
01211 count = maxnum;
01212
01213 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01214
01215 rsbac_vfree(k_id_p);
01216
01217 if(err)
01218 return err;
01219 else
01220 return count;
01221 }
01222 else
01223 return rsbac_ta_net_list_all_netdev(ta_number, NULL);
01224
01225 #else
01226 return -RSBAC_EINVALIDREQUEST;
01227 #endif
01228 }
01229
01230 int sys_rsbac_net_template(
01231 rsbac_list_ta_number_t ta_number,
01232 enum rsbac_net_temp_syscall_t call,
01233 rsbac_net_temp_id_t id,
01234 union rsbac_net_temp_syscall_data_t * data_p)
01235 {
01236 #ifdef CONFIG_RSBAC_NET_OBJ
01237 union rsbac_net_temp_syscall_data_t k_data;
01238 int err = 0;
01239
01240 #ifndef CONFIG_RSBAC_MAINT
01241 union rsbac_target_id_t i_tid;
01242 union rsbac_attribute_value_t i_attr_val;
01243 #endif
01244
01245 if(!id)
01246 return -RSBAC_EINVALIDVALUE;
01247 if(!data_p)
01248 return -RSBAC_EINVALIDPOINTER;
01249
01250
01251 switch(call)
01252 {
01253 case NTS_set_address:
01254 case NTS_set_address_family:
01255 case NTS_set_valid_len:
01256 case NTS_set_type:
01257 case NTS_set_protocol:
01258 case NTS_set_netdev:
01259 case NTS_set_min_port:
01260 case NTS_set_max_port:
01261 case NTS_set_name:
01262 case NTS_new_template:
01263 case NTS_copy_template:
01264 case NTS_delete_template:
01265 #ifdef CONFIG_RSBAC_FREEZE
01266 if(rsbac_freeze)
01267 {
01268 #ifdef CONFIG_RSBAC_RMSG
01269 rsbac_printk(KERN_WARNING
01270 "sys_rsbac_net_template(): RSBAC configuration frozen, no administration allowed!\n");
01271 #endif
01272 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01273 if (!rsbac_nosyslog)
01274 #endif
01275 printk(KERN_WARNING
01276 "sys_rsbac_net_template(): RSBAC configuration frozen, no administration allowed!\n");
01277 return -EPERM;
01278 }
01279 #endif
01280 if(call != NTS_delete_template)
01281 {
01282 err = rsbac_get_user((u_char *) &k_data, (u_char *) data_p, sizeof(k_data) );
01283 if(err)
01284 return err;
01285 }
01286 break;
01287 case NTS_check_id:
01288 case NTS_get_address:
01289 case NTS_get_address_family:
01290 case NTS_get_valid_len:
01291 case NTS_get_type:
01292 case NTS_get_protocol:
01293 case NTS_get_netdev:
01294 case NTS_get_min_port:
01295 case NTS_get_max_port:
01296 case NTS_get_name:
01297 break;
01298
01299 default:
01300 return -RSBAC_EINVALIDREQUEST;
01301 }
01302
01303 #ifndef CONFIG_RSBAC_MAINT
01304 #ifdef CONFIG_RSBAC_DEBUG
01305 if (rsbac_debug_aef)
01306 printk(KERN_DEBUG "sys_rsbac_net_template(): calling ADF\n");
01307 #endif
01308 i_tid.nettemp = id;
01309 i_attr_val.dummy = 0;
01310 switch(call)
01311 {
01312 case NTS_new_template:
01313 if (!rsbac_adf_request(R_CREATE,
01314 current->pid,
01315 T_NETTEMP,
01316 i_tid,
01317 A_none,
01318 i_attr_val))
01319 #ifdef CONFIG_RSBAC_SOFTMODE
01320 if(!rsbac_softmode)
01321 #endif
01322 return -EPERM;
01323 break;
01324
01325 case NTS_copy_template:
01326 if(!rsbac_net_template_exist(id))
01327 {
01328 if(!rsbac_adf_request(R_CREATE,
01329 current->pid,
01330 T_NETTEMP,
01331 i_tid,
01332 A_none,
01333 i_attr_val))
01334 #ifdef CONFIG_RSBAC_SOFTMODE
01335 if(!rsbac_softmode)
01336 #endif
01337 return -EPERM;
01338 }
01339 else
01340 {
01341 if(!rsbac_adf_request(R_WRITE,
01342 current->pid,
01343 T_NETTEMP,
01344 i_tid,
01345 A_none,
01346 i_attr_val))
01347 #ifdef CONFIG_RSBAC_SOFTMODE
01348 if(!rsbac_softmode)
01349 #endif
01350 return -EPERM;
01351 }
01352 i_tid.nettemp = k_data.id;
01353 if (!rsbac_adf_request(R_READ,
01354 current->pid,
01355 T_NETTEMP,
01356 i_tid,
01357 A_none,
01358 i_attr_val))
01359 #ifdef CONFIG_RSBAC_SOFTMODE
01360 if(!rsbac_softmode)
01361 #endif
01362 return -EPERM;
01363 break;
01364
01365 case NTS_delete_template:
01366 if (!rsbac_adf_request(R_DELETE,
01367 current->pid,
01368 T_NETTEMP,
01369 i_tid,
01370 A_none,
01371 i_attr_val))
01372 #ifdef CONFIG_RSBAC_SOFTMODE
01373 if(!rsbac_softmode)
01374 #endif
01375 return -EPERM;
01376 break;
01377
01378 case NTS_get_address:
01379 case NTS_get_address_family:
01380 case NTS_get_valid_len:
01381 case NTS_get_type:
01382 case NTS_get_protocol:
01383 case NTS_get_netdev:
01384 case NTS_get_min_port:
01385 case NTS_get_max_port:
01386 if (!rsbac_adf_request(R_READ,
01387 current->pid,
01388 T_NETTEMP,
01389 i_tid,
01390 A_none,
01391 i_attr_val))
01392 #ifdef CONFIG_RSBAC_SOFTMODE
01393 if(!rsbac_softmode)
01394 #endif
01395 return -EPERM;
01396 break;
01397
01398 case NTS_set_address:
01399 case NTS_set_address_family:
01400 case NTS_set_valid_len:
01401 case NTS_set_type:
01402 case NTS_set_protocol:
01403 case NTS_set_netdev:
01404 case NTS_set_min_port:
01405 case NTS_set_max_port:
01406 case NTS_set_name:
01407 if (!rsbac_adf_request(R_WRITE,
01408 current->pid,
01409 T_NETTEMP,
01410 i_tid,
01411 A_none,
01412 i_attr_val))
01413 #ifdef CONFIG_RSBAC_SOFTMODE
01414 if(!rsbac_softmode)
01415 #endif
01416 return -EPERM;
01417 break;
01418
01419 default:
01420 break;
01421 }
01422 #endif
01423
01424 err = rsbac_ta_net_template(ta_number, call, id, &k_data);
01425 if(!err)
01426 {
01427
01428 switch(call)
01429 {
01430 case NTS_check_id:
01431 case NTS_get_address:
01432 case NTS_get_address_family:
01433 case NTS_get_valid_len:
01434 case NTS_get_type:
01435 case NTS_get_protocol:
01436 case NTS_get_netdev:
01437 case NTS_get_min_port:
01438 case NTS_get_max_port:
01439 case NTS_get_name:
01440 err = rsbac_put_user((u_char *) &k_data, (u_char *) data_p, sizeof(k_data) );
01441 break;
01442 default:
01443 break;
01444 }
01445 }
01446 return err;
01447
01448 #else
01449 return -RSBAC_EINVALIDREQUEST;
01450 #endif
01451 }
01452
01453 int sys_rsbac_net_list_all_template(
01454 rsbac_list_ta_number_t ta_number,
01455 rsbac_net_temp_id_t * id_p,
01456 u_long maxnum)
01457 {
01458 #ifdef CONFIG_RSBAC_NET_OBJ
01459 int err=0;
01460 int count;
01461 union rsbac_target_id_t i_tid;
01462 union rsbac_attribute_value_t i_attr_val;
01463
01464 i_tid.nettemp = 0;
01465 i_attr_val.dummy = 0;
01466 if (!rsbac_adf_request(R_READ,
01467 current->pid,
01468 T_NETTEMP,
01469 i_tid,
01470 A_none,
01471 i_attr_val))
01472 return -EPERM;
01473 if(id_p && maxnum)
01474 {
01475 rsbac_net_temp_id_t * k_id_p = NULL;
01476
01477 count = rsbac_ta_net_list_all_template(ta_number, &k_id_p);
01478 if(count <= 0)
01479 return count;
01480 if(count > maxnum)
01481 count = maxnum;
01482
01483 err = rsbac_put_user((u_char *) k_id_p, (u_char *) id_p, count * sizeof(*k_id_p) );
01484
01485 rsbac_vfree(k_id_p);
01486
01487 if(err)
01488 return err;
01489 else
01490 return count;
01491 }
01492 else
01493 return rsbac_ta_net_list_all_template(ta_number, NULL);
01494
01495 #else
01496 return -RSBAC_EINVALIDREQUEST;
01497 #endif
01498 }
01499
01500
01501
01502
01503
01504
01505 int sys_rsbac_switch(enum rsbac_switch_target_t target, int value)
01506 {
01507 #if defined(CONFIG_RSBAC_SWITCH) || defined(CONFIG_RSBAC_SOFTMODE)
01508 union rsbac_target_id_t rsbac_target_id;
01509 union rsbac_attribute_value_t rsbac_attribute_value;
01510 char * switch_name;
01511
01512
01513 if(target >= SW_NONE)
01514 return(-RSBAC_EINVALIDTARGET);
01515 if ( (value < 0)
01516 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01517 || (value > 3)
01518 #else
01519 || (value > 1)
01520 #endif
01521 )
01522 return (-RSBAC_EINVALIDVALUE);
01523
01524 #ifdef CONFIG_RSBAC_SOFTMODE
01525 if( rsbac_softmode_prohibit
01526 && ( ( (value == 1)
01527 && (target == SOFTMODE)
01528 )
01529 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01530 || (value == 3)
01531 #endif
01532 )
01533 )
01534 {
01535 #ifdef CONFIG_RSBAC_RMSG
01536 rsbac_printk(KERN_WARNING
01537 "sys_rsbac_switch(): setting of softmode prohibited!\n");
01538 #endif
01539 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01540 if (!rsbac_nosyslog)
01541 #endif
01542 printk(KERN_WARNING
01543 "sys_rsbac_switch(): setting of softmode prohibited!\n");
01544 return -EPERM;
01545 }
01546 #endif
01547
01548 #ifdef CONFIG_RSBAC_DEBUG
01549 if (rsbac_debug_aef)
01550 printk(KERN_DEBUG "sys_rsbac_switch(): calling ADF\n");
01551 #endif
01552 rsbac_target_id.dummy = 0;
01553 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE
01554 if(target == DAC_DISABLE)
01555 {
01556 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01557 if(value > 1)
01558 return -RSBAC_EINVALIDVALUE;
01559 #endif
01560 rsbac_attribute_value.dummy = 0;
01561 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
01562 current->pid,
01563 T_NONE,
01564 rsbac_target_id,
01565 A_none,
01566 rsbac_attribute_value))
01567 {
01568 return -EPERM;
01569 }
01570 }
01571 else
01572 #endif
01573 {
01574 rsbac_attribute_value.switch_target = target;
01575 if (!rsbac_adf_request(R_SWITCH_MODULE,
01576 current->pid,
01577 T_NONE,
01578 rsbac_target_id,
01579 A_switch_target,
01580 rsbac_attribute_value))
01581 {
01582 return -EPERM;
01583 }
01584 }
01585 switch_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01586 if(switch_name)
01587 {
01588 int show_value = value;
01589
01590 get_switch_target_name(switch_name,target);
01591 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01592 switch(value)
01593 {
01594 case 2:
01595 case 3:
01596 strcat(switch_name, " softmode");
01597 show_value -= 2;
01598 break;
01599 default:
01600 break;
01601 }
01602 #endif
01603 #ifdef CONFIG_RSBAC_RMSG
01604 rsbac_printk(KERN_WARNING
01605 "sys_rsbac_switch(): switching RSBAC module %s to %i!\n",
01606 switch_name, show_value);
01607 #endif
01608 #ifndef CONFIG_RSBAC_RMSG_EXCL
01609 printk(KERN_WARNING
01610 "sys_rsbac_switch(): switching RSBAC module %s to %i!\n",
01611 switch_name, show_value);
01612 #endif
01613 rsbac_kfree(switch_name);
01614 }
01615
01616 switch(value)
01617 {
01618 #ifdef CONFIG_RSBAC_SOFTMODE_IND
01619 case 2:
01620 case 3:
01621 rsbac_ind_softmode[target] = value - 2;
01622 break;
01623 #endif
01624
01625 default:
01626 switch (target)
01627 {
01628 #ifdef CONFIG_RSBAC_ALLOW_DAC_DISABLE_FULL
01629 case DAC_DISABLE: rsbac_dac_disable = value;
01630 break;
01631 #endif
01632 #ifdef CONFIG_RSBAC_SOFTMODE
01633 case SOFTMODE: rsbac_softmode = value;
01634 break;
01635 #endif
01636 #ifdef CONFIG_RSBAC_FREEZE
01637 case FREEZE:
01638 if(rsbac_freeze)
01639 {
01640 #ifdef CONFIG_RSBAC_RMSG
01641 rsbac_printk(KERN_WARNING
01642 "sys_rsbac_switch(): RSBAC configuration frozen, no administration allowed!\n");
01643 #endif
01644 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01645 if (!rsbac_nosyslog)
01646 #endif
01647 printk(KERN_WARNING
01648 "sys_rsbac_switch(): RSBAC configuration frozen, no administration allowed!\n");
01649 return -EPERM;
01650 }
01651 rsbac_freeze = value;
01652 break;
01653 #endif
01654 #ifdef CONFIG_RSBAC_SWITCH
01655 #ifdef CONFIG_RSBAC_MAC
01656 case MAC: rsbac_switch_mac = value;
01657 break;
01658 #endif
01659 #ifdef CONFIG_RSBAC_FC
01660 case FC: rsbac_switch_fc = value;
01661 break;
01662 #endif
01663 #ifdef CONFIG_RSBAC_SIM
01664 case SIM: rsbac_switch_sim = value;
01665 break;
01666 #endif
01667 #ifdef CONFIG_RSBAC_PM
01668 case PM: rsbac_switch_pm = value;
01669 break;
01670 #endif
01671 #ifdef CONFIG_RSBAC_DAZ
01672 case DAZ: rsbac_switch_daz = value;
01673 break;
01674 #endif
01675 #ifdef CONFIG_RSBAC_FF
01676 case FF: rsbac_switch_ff = value;
01677 break;
01678 #endif
01679 #if defined(CONFIG_RSBAC_RC)
01680 case RC: rsbac_switch_rc = value;
01681 break;
01682 #endif
01683 #if defined(CONFIG_RSBAC_AUTH)
01684 case AUTH: rsbac_switch_auth = value;
01685 break;
01686 #endif
01687 #if defined(CONFIG_RSBAC_ACL)
01688 case ACL: rsbac_switch_acl = value;
01689 break;
01690 #endif
01691 #if defined(CONFIG_RSBAC_CAP)
01692 case CAP: rsbac_switch_cap = value;
01693 break;
01694 #endif
01695 #if defined(CONFIG_RSBAC_JAIL)
01696 case JAIL: rsbac_switch_jail = value;
01697 break;
01698 #endif
01699 #if defined(CONFIG_RSBAC_RES)
01700 case RES: rsbac_switch_res = value;
01701 break;
01702 #endif
01703 #if defined(CONFIG_RSBAC_PAX)
01704 case PAX: rsbac_switch_pax = value;
01705 break;
01706 #endif
01707 #endif
01708 default:
01709 return (-RSBAC_EINVALIDMODULE);
01710 }
01711 }
01712 #endif
01713 return(0);
01714 }
01715
01716
01717
01718 int sys_rsbac_mac_set_curr_level(rsbac_security_level_t level,
01719 rsbac_mac_category_vector_t * categories_p)
01720 {
01721 #ifdef CONFIG_RSBAC_MAC
01722 rsbac_mac_category_vector_t k_categories;
01723 int err;
01724
01725 if(!categories_p)
01726 return -RSBAC_EINVALIDPOINTER;
01727 err = rsbac_get_user((char *) &k_categories, (char *) categories_p, sizeof(k_categories));
01728 if(err)
01729 return err;
01730 return (rsbac_mac_set_curr_level(level, k_categories));
01731 #else
01732 return (-RSBAC_EINVALIDMODULE);
01733 #endif
01734 }
01735
01736 int sys_rsbac_mac_get_curr_level(rsbac_security_level_t * level_p,
01737 rsbac_mac_category_vector_t * categories_p)
01738 {
01739 #ifdef CONFIG_RSBAC_MAC
01740 int err = 0;
01741 rsbac_security_level_t k_level;
01742 rsbac_mac_category_vector_t k_categories;
01743
01744 err = rsbac_mac_get_curr_level(&k_level, &k_categories);
01745 if(err)
01746 return err;
01747 if(level_p)
01748 {
01749 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
01750 if(err)
01751 return err;
01752 }
01753 if(categories_p)
01754 {
01755 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
01756 }
01757 return err;
01758 #else
01759 return (-RSBAC_EINVALIDMODULE);
01760 #endif
01761 }
01762
01763 int sys_rsbac_mac_get_max_level(rsbac_security_level_t * level_p,
01764 rsbac_mac_category_vector_t * categories_p)
01765 {
01766 #ifdef CONFIG_RSBAC_MAC
01767 int err = 0;
01768 rsbac_security_level_t k_level;
01769 rsbac_mac_category_vector_t k_categories;
01770
01771 err = rsbac_mac_get_max_level(&k_level, &k_categories);
01772 if(err)
01773 return err;
01774 if(level_p)
01775 {
01776 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
01777 if(err)
01778 return err;
01779 }
01780 if(categories_p)
01781 {
01782 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
01783 }
01784 return err;
01785 #else
01786 return (-RSBAC_EINVALIDMODULE);
01787 #endif
01788 }
01789
01790 int sys_rsbac_mac_get_min_level(rsbac_security_level_t * level_p,
01791 rsbac_mac_category_vector_t * categories_p)
01792 {
01793 #ifdef CONFIG_RSBAC_MAC
01794 int err = 0;
01795 rsbac_security_level_t k_level;
01796 rsbac_mac_category_vector_t k_categories;
01797
01798 err = rsbac_mac_get_min_level(&k_level, &k_categories);
01799 if(err)
01800 return err;
01801 if(level_p)
01802 {
01803 err = rsbac_put_user((u_char *) &k_level, (u_char *) level_p, sizeof(k_level));
01804 if(err)
01805 return err;
01806 }
01807 if(categories_p)
01808 {
01809 err = rsbac_put_user((u_char *) &k_categories, (u_char *) categories_p, sizeof(k_categories));
01810 }
01811 return err;
01812 #else
01813 return (-RSBAC_EINVALIDMODULE);
01814 #endif
01815 }
01816
01817
01818 int sys_rsbac_mac_add_p_tru(
01819 rsbac_list_ta_number_t ta_number,
01820 rsbac_pid_t pid,
01821 rsbac_uid_t uid,
01822 rsbac_time_t ttl)
01823 {
01824 #if defined(CONFIG_RSBAC_MAC)
01825 struct task_struct * task_p;
01826
01827 #ifdef CONFIG_RSBAC_FREEZE
01828 if(rsbac_freeze)
01829 {
01830 #ifdef CONFIG_RSBAC_RMSG
01831 rsbac_printk(KERN_WARNING
01832 "sys_rsbac_mac_add_p_tru(): RSBAC configuration frozen, no administration allowed!\n");
01833 #endif
01834 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01835 if (!rsbac_nosyslog)
01836 #endif
01837 printk(KERN_WARNING
01838 "sys_rsbac_mac_add_p_tru(): RSBAC configuration frozen, no administration allowed!\n");
01839 return -EPERM;
01840 }
01841 #endif
01842
01843 read_lock(&tasklist_lock);
01844 task_p = find_task_by_pid(pid);
01845 read_unlock(&tasklist_lock);
01846 if(!task_p)
01847 return(-RSBAC_EINVALIDTARGET);
01848
01849 return(rsbac_mac_add_p_tru(ta_number, pid, uid, ttl));
01850 #else
01851 return (-RSBAC_EINVALIDMODULE);
01852 #endif
01853 }
01854
01855 int sys_rsbac_mac_remove_p_tru(
01856 rsbac_list_ta_number_t ta_number,
01857 rsbac_pid_t pid,
01858 rsbac_uid_t uid)
01859 {
01860 #if defined(CONFIG_RSBAC_MAC)
01861 struct task_struct * task_p;
01862
01863 #ifdef CONFIG_RSBAC_FREEZE
01864 if(rsbac_freeze)
01865 {
01866 #ifdef CONFIG_RSBAC_RMSG
01867 rsbac_printk(KERN_WARNING
01868 "sys_rsbac_mac_remove_p_tru(): RSBAC configuration frozen, no administration allowed!\n");
01869 #endif
01870 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01871 if (!rsbac_nosyslog)
01872 #endif
01873 printk(KERN_WARNING
01874 "sys_rsbac_mac_remove_p_tru(): RSBAC configuration frozen, no administration allowed!\n");
01875 return -EPERM;
01876 }
01877 #endif
01878
01879 read_lock(&tasklist_lock);
01880 task_p = find_task_by_pid(pid);
01881 read_unlock(&tasklist_lock);
01882 if(!task_p)
01883 return(-RSBAC_EINVALIDTARGET);
01884 return(rsbac_mac_remove_p_tru(ta_number, pid, uid));
01885 #else
01886 return (-RSBAC_EINVALIDMODULE);
01887 #endif
01888 }
01889
01890 int sys_rsbac_mac_add_f_tru(
01891 rsbac_list_ta_number_t ta_number,
01892 char * filename,
01893 rsbac_uid_t uid,
01894 rsbac_time_t ttl)
01895 {
01896 #if defined(CONFIG_RSBAC_MAC)
01897 struct dentry * t_dentry;
01898 int err = 0;
01899 enum rsbac_target_t target;
01900 union rsbac_target_id_t tid;
01901
01902 struct nameidata nd;
01903
01904 if(!filename)
01905 return(-RSBAC_EINVALIDTARGET);
01906
01907 #ifdef CONFIG_RSBAC_FREEZE
01908 if(rsbac_freeze)
01909 {
01910 #ifdef CONFIG_RSBAC_RMSG
01911 rsbac_printk(KERN_WARNING
01912 "sys_rsbac_mac_add_f_tru(): RSBAC configuration frozen, no administration allowed!\n");
01913 #endif
01914 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01915 if (!rsbac_nosyslog)
01916 #endif
01917 printk(KERN_WARNING
01918 "sys_rsbac_mac_add_f_tru(): RSBAC configuration frozen, no administration allowed!\n");
01919 return -EPERM;
01920 }
01921 #endif
01922
01923 if ((err = user_path_walk_link(filename, &nd)))
01924 {
01925 #ifdef CONFIG_RSBAC_DEBUG
01926 if (rsbac_debug_aef_mac)
01927 printk(KERN_DEBUG "sys_rsbac_mac_add_f_tru(): call to user_path_walk_link() returned %i\n", err);
01928 #endif
01929 goto out;
01930 }
01931 t_dentry = nd.dentry;
01932 if (!t_dentry->d_inode)
01933 {
01934 err = -RSBAC_EINVALIDTARGET;
01935 goto out_dput;
01936 }
01937
01938 if(S_ISREG(t_dentry->d_inode->i_mode))
01939 target = T_FILE;
01940 else
01941 if(S_ISDIR(t_dentry->d_inode->i_mode))
01942 target = T_DIR;
01943 else
01944 {
01945 err = -RSBAC_EINVALIDTARGET;
01946 goto out_dput;
01947 }
01948 tid.file.device = t_dentry->d_sb->s_dev;
01949 tid.file.inode = t_dentry->d_inode->i_ino;
01950 tid.file.dentry_p = t_dentry;
01951
01952 err = rsbac_mac_add_f_tru(ta_number, tid.file, uid, ttl);
01953
01954 out_dput:
01955 path_release(&nd);
01956 out:
01957 return(err);
01958
01959 #else
01960 return (-RSBAC_EINVALIDMODULE);
01961 #endif
01962 }
01963
01964 int sys_rsbac_mac_remove_f_tru(
01965 rsbac_list_ta_number_t ta_number,
01966 char * filename,
01967 rsbac_uid_t uid)
01968 {
01969 #if defined(CONFIG_RSBAC_MAC)
01970 struct dentry * t_dentry;
01971 int err = 0;
01972 enum rsbac_target_t target;
01973 union rsbac_target_id_t tid;
01974
01975 struct nameidata nd;
01976
01977 if(!filename)
01978 return(-RSBAC_EINVALIDTARGET);
01979
01980 #ifdef CONFIG_RSBAC_FREEZE
01981 if(rsbac_freeze)
01982 {
01983 #ifdef CONFIG_RSBAC_RMSG
01984 rsbac_printk(KERN_WARNING
01985 "sys_rsbac_mac_remove_f_tru(): RSBAC configuration frozen, no administration allowed!\n");
01986 #endif
01987 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
01988 if (!rsbac_nosyslog)
01989 #endif
01990 printk(KERN_WARNING
01991 "sys_rsbac_mac_remove_f_tru(): RSBAC configuration frozen, no administration allowed!\n");
01992 return -EPERM;
01993 }
01994 #endif
01995
01996 if ((err = user_path_walk_link(filename, &nd)))
01997 {
01998 #ifdef CONFIG_RSBAC_DEBUG
01999 if (rsbac_debug_aef_mac)
02000 printk(KERN_DEBUG "sys_rsbac_mac_remove_f_tru(): call to user_path_walk_link() returned %i\n", err);
02001 #endif
02002 goto out;
02003 }
02004 t_dentry = nd.dentry;
02005 if (!t_dentry->d_inode)
02006 {
02007 err = -RSBAC_EINVALIDTARGET;
02008 goto out_dput;
02009 }
02010
02011 if(S_ISREG(t_dentry->d_inode->i_mode))
02012 target = T_FILE;
02013 else
02014 if(S_ISDIR(t_dentry->d_inode->i_mode))
02015 target = T_DIR;
02016 else
02017 {
02018 err = -RSBAC_EINVALIDTARGET;
02019 goto out_dput;
02020 }
02021 tid.file.device = t_dentry->d_sb->s_dev;
02022 tid.file.inode = t_dentry->d_inode->i_ino;
02023 tid.file.dentry_p = t_dentry;
02024
02025 err = rsbac_mac_remove_f_tru(ta_number, tid.file, uid);
02026
02027 out_dput:
02028 path_release(&nd);
02029 out:
02030 return(err);
02031
02032 #else
02033 return (-RSBAC_EINVALIDMODULE);
02034 #endif
02035 }
02036
02037
02038 int sys_rsbac_mac_get_f_trulist(
02039 rsbac_list_ta_number_t ta_number,
02040 char * filename,
02041 rsbac_uid_t trulist[],
02042 rsbac_time_t ttllist[],
02043 u_int maxnum)
02044 {
02045 #if defined(CONFIG_RSBAC_MAC)
02046 struct dentry * t_dentry;
02047 int err = 0, tmperr = 0;
02048 enum rsbac_target_t target;
02049 union rsbac_target_id_t tid;
02050 rsbac_uid_t * k_trulist;
02051 rsbac_time_t * k_ttllist;
02052
02053 struct nameidata nd;
02054
02055 if(!filename)
02056 return(-RSBAC_EINVALIDTARGET);
02057 if(!trulist)
02058 return(-RSBAC_EINVALIDPOINTER);
02059 if(maxnum <= 0)
02060 return(-RSBAC_EINVALIDVALUE);
02061 if(maxnum > RSBAC_MAC_MAX_MAXNUM)
02062 maxnum = RSBAC_MAC_MAX_MAXNUM;
02063
02064 if ((err = user_path_walk_link(filename, &nd)))
02065 {
02066 #ifdef CONFIG_RSBAC_DEBUG
02067 if (rsbac_debug_aef_mac)
02068 printk(KERN_DEBUG "sys_rsbac_mac_get_f_trulist(): call to user_path_walk_link() returned %i\n", err);
02069 #endif
02070 goto out;
02071 }
02072 t_dentry = nd.dentry;
02073 if (!t_dentry->d_inode)
02074 {
02075 err = -RSBAC_EINVALIDTARGET;
02076 goto out_dput;
02077 }
02078
02079 if(S_ISREG(t_dentry->d_inode->i_mode))
02080 target = T_FILE;
02081 else
02082 if(S_ISDIR(t_dentry->d_inode->i_mode))
02083 target = T_DIR;
02084 else
02085 {
02086 err = -RSBAC_EINVALIDTARGET;
02087 goto out_dput;
02088 }
02089 tid.file.device = t_dentry->d_sb->s_dev;
02090 tid.file.inode = t_dentry->d_inode->i_ino;
02091 tid.file.dentry_p = t_dentry;
02092
02093 err = rsbac_mac_get_f_trulist(ta_number, tid.file, &k_trulist, &k_ttllist);
02094 if(err>0)
02095 {
02096 if(err > maxnum)
02097 err = maxnum;
02098 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist,
02099 sizeof(rsbac_uid_t) * err);
02100 if(tmperr < 0)
02101 err = tmperr;
02102 else
02103 {
02104 if(ttllist)
02105 {
02106 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
02107 sizeof(rsbac_time_t) * err);
02108 if(tmperr < 0)
02109 err = tmperr;
02110 }
02111 }
02112 rsbac_vfree(k_trulist);
02113 rsbac_vfree(k_ttllist);
02114 }
02115
02116 out_dput:
02117 path_release(&nd);
02118 out:
02119 return(err);
02120
02121 #else
02122 return (-RSBAC_EINVALIDMODULE);
02123 #endif
02124 }
02125
02126 int sys_rsbac_mac_get_p_trulist(
02127 rsbac_list_ta_number_t ta_number,
02128 rsbac_pid_t pid,
02129 rsbac_uid_t trulist[],
02130 rsbac_time_t ttllist[],
02131 u_int maxnum)
02132 {
02133 #if defined(CONFIG_RSBAC_MAC)
02134 int err = 0, tmperr = 0;
02135 union rsbac_target_id_t tid;
02136 rsbac_uid_t * k_trulist;
02137 rsbac_time_t * k_ttllist;
02138
02139 if(!pid)
02140 return(-RSBAC_EINVALIDTARGET);
02141 if(!trulist)
02142 return(-RSBAC_EINVALIDPOINTER);
02143 if(maxnum <= 0)
02144 return(-RSBAC_EINVALIDVALUE);
02145 if(maxnum > RSBAC_MAC_MAX_MAXNUM)
02146 maxnum = RSBAC_MAC_MAX_MAXNUM;
02147
02148 tid.process = pid;
02149
02150 err = rsbac_mac_get_p_trulist(ta_number, tid.process, &k_trulist, &k_ttllist);
02151 if(err>0)
02152 {
02153 if(err > maxnum)
02154 err = maxnum;
02155 tmperr = rsbac_put_user((u_char *) k_trulist, (u_char *) trulist,
02156 sizeof(rsbac_uid_t) * err);
02157 if(tmperr < 0)
02158 err = tmperr;
02159 else
02160 {
02161 if(ttllist)
02162 {
02163 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
02164 sizeof(rsbac_time_t) * err);
02165 if(tmperr < 0)
02166 err = tmperr;
02167 }
02168 }
02169 rsbac_vfree(k_trulist);
02170 rsbac_vfree(k_ttllist);
02171 }
02172
02173 return(err);
02174
02175 #else
02176 return (-RSBAC_EINVALIDMODULE);
02177 #endif
02178 }
02179
02180
02181
02182 int sys_rsbac_stats_pm(void)
02183 {
02184 #ifndef CONFIG_RSBAC_PM
02185 return (0);
02186 #else
02187 union rsbac_target_id_t rsbac_target_id;
02188 union rsbac_attribute_value_t rsbac_attribute_value;
02189
02190 #ifdef CONFIG_RSBAC_DEBUG
02191 if (rsbac_debug_aef) printk(KERN_DEBUG "sys_rsbac_stats_pm(): calling ADF\n");
02192 #endif
02193 rsbac_target_id.scd = ST_rsbac;
02194 rsbac_attribute_value.dummy = 0;
02195 if (!rsbac_adf_request(R_GET_STATUS_DATA,
02196 current->pid,
02197 T_SCD,
02198 rsbac_target_id,
02199 A_none,
02200 rsbac_attribute_value))
02201 {
02202 return -EPERM;
02203 }
02204
02205 #ifdef CONFIG_RSBAC_DEBUG
02206 if (rsbac_debug_aef_pm)
02207 printk(KERN_DEBUG "sys_rsbac_stats_pm(): getting RSBAC status!\n");
02208 #endif
02209 return(rsbac_stats_pm());
02210 #endif
02211 };
02212
02213 int sys_rsbac_pm(
02214 rsbac_list_ta_number_t ta_number,
02215 enum rsbac_pm_function_type_t function,
02216 union rsbac_pm_function_param_t * param_p,
02217 rsbac_pm_tkt_id_t ticket)
02218 {
02219 #ifndef CONFIG_RSBAC_PM
02220 return (-RSBAC_EINVALIDMODULE);
02221 #else
02222 union rsbac_pm_function_param_t k_param;
02223 int result;
02224
02225 if(function >= PF_none)
02226 return(-RSBAC_EINVALIDREQUEST);
02227 if(!param_p)
02228 return(-RSBAC_EINVALIDPOINTER);
02229 #ifdef CONFIG_RSBAC_DEBUG
02230 if (rsbac_debug_aef_pm)
02231 printk(KERN_DEBUG "sys_rsbac_pm(): called for function %i!\n",
02232 function);
02233 #endif
02234
02235 #ifdef CONFIG_RSBAC_FREEZE
02236 if(rsbac_freeze)
02237 {
02238 #ifdef CONFIG_RSBAC_RMSG
02239 rsbac_printk(KERN_WARNING
02240 "sys_rsbac_pm(): RSBAC configuration frozen, no administration allowed!\n");
02241 #endif
02242 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02243 if (!rsbac_nosyslog)
02244 #endif
02245 printk(KERN_WARNING
02246 "sys_rsbac_pm(): RSBAC configuration frozen, no administration allowed!\n");
02247 return -EPERM;
02248 }
02249 #endif
02250
02251
02252 rsbac_get_user((u_char *) &k_param, (u_char *) param_p, sizeof(k_param) );
02253
02254 lock_kernel();
02255 result = rsbac_pm(ta_number, function, k_param, ticket);
02256 unlock_kernel();
02257 return result;
02258 #endif
02259 }
02260
02261 int sys_rsbac_pm_change_current_task(rsbac_pm_task_id_t task)
02262 {
02263 #ifndef CONFIG_RSBAC_PM
02264 return (0);
02265 #else
02266 #ifdef CONFIG_RSBAC_DEBUG
02267 if (rsbac_debug_aef_pm)
02268 printk(KERN_DEBUG
02269 "sys_rsbac_pm_change_current_task(): called for task %i!\n",
02270 task);
02271 #endif
02272
02273 return(rsbac_pm_change_current_task(task));
02274 #endif
02275 }
02276
02277 int sys_rsbac_pm_create_file(const char * filename,
02278 int mode,
02279 rsbac_pm_object_class_id_t class)
02280 {
02281 #ifndef CONFIG_RSBAC_PM
02282 return (-RSBAC_EINVALIDMODULE);
02283 #else
02284 if(!filename)
02285 return(-RSBAC_EINVALIDPOINTER);
02286 #ifdef CONFIG_RSBAC_DEBUG
02287 if (rsbac_debug_aef_pm)
02288 printk(KERN_DEBUG
02289 "sys_rsbac_pm_create_file(): called with class %i!\n",
02290 class);
02291 #endif
02292
02293 return(rsbac_pm_create_file(filename, mode, class));
02294 #endif
02295 }
02296
02297
02298
02299 int sys_rsbac_daz_flush_cache(void)
02300 {
02301 #ifndef CONFIG_RSBAC_DAZ_CACHE
02302 return (0);
02303 #else
02304 #ifndef CONFIG_RSBAC_MAINT
02305 union rsbac_target_id_t i_tid;
02306 union rsbac_attribute_value_t i_attr_val1;
02307
02308
02309 i_tid.user = current->uid;
02310 if (rsbac_get_attr(DAZ,
02311 T_USER,
02312 i_tid,
02313 A_daz_role,
02314 &i_attr_val1,
02315 TRUE))
02316 {
02317 #ifdef CONFIG_RSBAC_RMSG
02318 rsbac_printk(KERN_WARNING
02319 "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
02320 #endif
02321 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02322 if (!rsbac_nosyslog)
02323 #endif
02324 printk(KERN_WARNING
02325 "rsbac_adf_request_daz(): rsbac_get_attr() returned error!\n");
02326 return -EPERM;
02327 }
02328
02329 if ( (i_attr_val1.system_role != SR_security_officer)
02330 && (i_attr_val1.system_role != SR_administrator)
02331 )
02332 #ifdef CONFIG_RSBAC_SOFTMODE
02333 if( !rsbac_softmode
02334 #ifdef CONFIG_RSBAC_SOFTMODE_IND
02335 && !rsbac_ind_softmode[DAZ]
02336 #endif
02337 )
02338 #endif
02339 return -EPERM;
02340 #endif
02341
02342 printk(KERN_INFO
02343 "sys_rsbac_daz_flush_cache(): flushing DAZuko result cache!\n");
02344
02345 return(rsbac_daz_flush_cache());
02346 #endif
02347 }
02348
02349
02350
02351
02352 int sys_rsbac_rc_copy_role(
02353 rsbac_list_ta_number_t ta_number,
02354 rsbac_rc_role_id_t from_role,
02355 rsbac_rc_role_id_t to_role)
02356 {
02357 #if defined(CONFIG_RSBAC_RC)
02358 if( (from_role > RC_role_max_value)
02359 || (from_role > RC_role_max_value))
02360 return(-RSBAC_EINVALIDVALUE);
02361 #ifdef CONFIG_RSBAC_DEBUG
02362 if (rsbac_debug_aef_rc)
02363 printk(KERN_DEBUG
02364 "sys_rsbac_rc_copy_role(): from %i, to %i!\n",
02365 from_role, to_role);
02366 #endif
02367 #ifdef CONFIG_RSBAC_FREEZE
02368 if(rsbac_freeze)
02369 {
02370 #ifdef CONFIG_RSBAC_RMSG
02371 rsbac_printk(KERN_WARNING
02372 "sys_rsbac_rc_copy_role(): RSBAC configuration frozen, no administration allowed!\n");
02373 #endif
02374 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02375 if (!rsbac_nosyslog)
02376 #endif
02377 printk(KERN_WARNING
02378 "sys_rsbac_rc_copy_role(): RSBAC configuration frozen, no administration allowed!\n");
02379 return -EPERM;
02380 }
02381 #endif
02382
02383
02384 return(rsbac_rc_sys_copy_role(ta_number, from_role, to_role));
02385 #else
02386 return (-RSBAC_EINVALIDMODULE);
02387 #endif
02388 }
02389
02390 int sys_rsbac_rc_copy_type(
02391 rsbac_list_ta_number_t ta_number,
02392 enum rsbac_rc_target_t target,
02393 rsbac_rc_type_id_t from_type,
02394 rsbac_rc_type_id_t to_type)
02395 {
02396 #if defined(CONFIG_RSBAC_RC)
02397 if( (from_type > RC_type_max_value)
02398 || (from_type > RC_type_max_value))
02399 return(-RSBAC_EINVALIDVALUE);
02400 #ifdef CONFIG_RSBAC_DEBUG
02401 if (rsbac_debug_aef_rc)
02402 printk(KERN_DEBUG
02403 "sys_rsbac_rc_copy_type(): from %i, to %i!\n",
02404 from_type, to_type);
02405 #endif
02406 #ifdef CONFIG_RSBAC_FREEZE
02407 if(rsbac_freeze)
02408 {
02409 #ifdef CONFIG_RSBAC_RMSG
02410 rsbac_printk(KERN_WARNING
02411 "sys_rsbac_rc_copy_type(): RSBAC configuration frozen, no administration allowed!\n");
02412 #endif
02413 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02414 if (!rsbac_nosyslog)
02415 #endif
02416 printk(KERN_WARNING
02417 "sys_rsbac_rc_copy_type(): RSBAC configuration frozen, no administration allowed!\n");
02418 return -EPERM;
02419 }
02420 #endif
02421
02422
02423 return(rsbac_rc_sys_copy_type(ta_number, target, from_type, to_type));
02424 #else
02425 return (-RSBAC_EINVALIDMODULE);
02426 #endif
02427 }
02428
02429
02430 int sys_rsbac_rc_get_item (
02431 rsbac_list_ta_number_t ta_number,
02432 enum rsbac_rc_target_t target,
02433 union rsbac_rc_target_id_t * tid_p,
02434 union rsbac_rc_target_id_t * subtid_p,
02435 enum rsbac_rc_item_t item,
02436 union rsbac_rc_item_value_t * value_p,
02437 rsbac_time_t * ttl_p)
02438 {
02439 #if defined(CONFIG_RSBAC_RC)
02440 union rsbac_rc_target_id_t k_tid;
02441 union rsbac_rc_target_id_t k_subtid;
02442 union rsbac_rc_item_value_t k_value;
02443 rsbac_time_t k_ttl;
02444 int err = 0;
02445
02446 if( (target >= RT_NONE)
02447 || (item >= RI_none))
02448 return(-RSBAC_EINVALIDVALUE);
02449
02450 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02451 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) );
02452 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02453 #ifdef CONFIG_RSBAC_DEBUG
02454 if (rsbac_debug_aef_rc)
02455 printk(KERN_DEBUG
02456 "sys_rsbac_rc_get_item(): target %i, item %i!\n",
02457 target, item);
02458 #endif
02459
02460 err = rsbac_rc_sys_get_item(ta_number, target, k_tid, k_subtid,
02461 item, &k_value, &k_ttl);
02462
02463 if(!err)
02464 {
02465 err = rsbac_put_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02466 if(!err && ttl_p)
02467 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) );
02468 }
02469 return (err);
02470 #else
02471 return (-RSBAC_EINVALIDMODULE);
02472 #endif
02473 }
02474
02475
02476 int sys_rsbac_rc_set_item (
02477 rsbac_list_ta_number_t ta_number,
02478 enum rsbac_rc_target_t target,
02479 union rsbac_rc_target_id_t * tid_p,
02480 union rsbac_rc_target_id_t * subtid_p,
02481 enum rsbac_rc_item_t item,
02482 union rsbac_rc_item_value_t * value_p,
02483 rsbac_time_t ttl)
02484 {
02485 #if defined(CONFIG_RSBAC_RC)
02486 union rsbac_rc_target_id_t k_tid;
02487 union rsbac_rc_target_id_t k_subtid;
02488 union rsbac_rc_item_value_t k_value;
02489
02490 if( (target >= RT_NONE)
02491 || (item >= RI_none))
02492 return(-RSBAC_EINVALIDVALUE);
02493
02494 #ifdef CONFIG_RSBAC_FREEZE
02495 if(rsbac_freeze)
02496 {
02497 #ifdef CONFIG_RSBAC_RMSG
02498 rsbac_printk(KERN_WARNING
02499 "sys_rsbac_rc_set_item(): RSBAC configuration frozen, no administration allowed!\n");
02500 #endif
02501 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02502 if (!rsbac_nosyslog)
02503 #endif
02504 printk(KERN_WARNING
02505 "sys_rsbac_rc_set_item(): RSBAC configuration frozen, no administration allowed!\n");
02506 return -EPERM;
02507 }
02508 #endif
02509
02510
02511 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02512 rsbac_get_user((u_char *) &k_subtid, (u_char *) subtid_p, sizeof(k_subtid) );
02513 rsbac_get_user((u_char *) &k_value, (u_char *) value_p, sizeof(k_value) );
02514 #ifdef CONFIG_RSBAC_DEBUG
02515 if (rsbac_debug_aef_rc)
02516 printk(KERN_DEBUG
02517 "sys_rsbac_rc_set_item(): target %i, item %i!\n",
02518 target, item);
02519 #endif
02520
02521 return rsbac_rc_sys_set_item(ta_number, target, k_tid, k_subtid, item, k_value, ttl);
02522 #else
02523 return (-RSBAC_EINVALIDMODULE);
02524 #endif
02525 };
02526
02527 int sys_rsbac_rc_get_list(
02528 rsbac_list_ta_number_t ta_number,
02529 enum rsbac_rc_target_t target,
02530 union rsbac_rc_target_id_t * tid_p,
02531 enum rsbac_rc_item_t item,
02532 u_int maxnum,
02533 __u32 * array_p,
02534 rsbac_time_t * ttl_array_p)
02535 {
02536 #if defined(CONFIG_RSBAC_RC)
02537 union rsbac_rc_target_id_t k_tid;
02538 int err;
02539
02540 rsbac_get_user((u_char *) &k_tid, (u_char *) tid_p, sizeof(k_tid) );
02541 if(array_p)
02542 {
02543 __u32 * k_array_p;
02544 rsbac_time_t * k_ttl_array_p;
02545
02546 if(!maxnum)
02547 return -RSBAC_EINVALIDVALUE;
02548
02549 err = rsbac_rc_get_list(ta_number, target, k_tid, item,
02550 &k_array_p, &k_ttl_array_p);
02551
02552 if(err > 0)
02553 {
02554 int tmperr;
02555
02556 if(err > maxnum)
02557 err = maxnum;
02558 tmperr = rsbac_put_user((u_char *) k_array_p, (u_char *) array_p, err * sizeof(*k_array_p) );
02559 if(tmperr)
02560 err=tmperr;
02561 rsbac_vfree(k_array_p);
02562 if(k_ttl_array_p && ttl_array_p)
02563 {
02564 tmperr = rsbac_put_user((u_char *) k_ttl_array_p, (u_char *) ttl_array_p, err * sizeof(*k_ttl_array_p) );
02565 if(tmperr)
02566 err=tmperr;
02567 }
02568 rsbac_vfree(k_ttl_array_p);
02569 }
02570 return (err);
02571 }
02572 else
02573 return rsbac_rc_get_list(ta_number, target, k_tid, item, NULL, NULL);
02574 #else
02575 return (-RSBAC_EINVALIDMODULE);
02576 #endif
02577 };
02578
02579
02580 int sys_rsbac_rc_change_role (rsbac_rc_role_id_t role)
02581 {
02582 #if defined(CONFIG_RSBAC_RC)
02583 if(role > RC_role_max_value)
02584 return(-RSBAC_EINVALIDVALUE);
02585 #ifdef CONFIG_RSBAC_DEBUG
02586 if (rsbac_debug_aef_rc)
02587 printk(KERN_DEBUG
02588 "sys_rsbac_rc_change_role(): role %i!\n",
02589 role);
02590 #endif
02591
02592 return rsbac_rc_sys_change_role(role);
02593 #else
02594 return (-RSBAC_EINVALIDMODULE);
02595 #endif
02596 }
02597
02598
02599 int sys_rsbac_rc_get_eff_rights_n(
02600 rsbac_list_ta_number_t ta_number,
02601 enum rsbac_target_t target,
02602 char * t_name,
02603 rsbac_rc_request_vector_t * request_vector_p,
02604 rsbac_time_t * ttl_p)
02605 {
02606 #if defined(CONFIG_RSBAC_RC)
02607 struct dentry * t_dentry;
02608 int err = 0;
02609 rsbac_rc_request_vector_t k_req_vec;
02610 rsbac_time_t k_ttl;
02611 union rsbac_target_id_t tid;
02612
02613 struct nameidata nd;
02614
02615 if(!t_name || (target >= T_NONE))
02616 return(-RSBAC_EINVALIDTARGET);
02617
02618 if ((err = user_path_walk_link(t_name, &nd)))
02619 {
02620 #ifdef CONFIG_RSBAC_DEBUG
02621 if (rsbac_debug_aef_rc)
02622 printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): call to user_path_walk_link() returned %i\n", err);
02623 #endif
02624 goto out;
02625 }
02626 t_dentry = nd.dentry;
02627 if (!t_dentry->d_inode)
02628 {
02629 err = -RSBAC_EINVALIDTARGET;
02630 goto out_dput;
02631 }
02632
02633 switch (target)
02634 {
02635 case T_FD:
02636 if(S_ISREG(t_dentry->d_inode->i_mode))
02637 {
02638 target = T_FILE;
02639 }
02640 else
02641 if(S_ISDIR(t_dentry->d_inode->i_mode))
02642 {
02643 target = T_DIR;
02644 }
02645 else
02646 if(S_ISLNK(t_dentry->d_inode->i_mode))
02647 {
02648 target = T_SYMLINK;
02649 }
02650 else
02651 if(S_ISFIFO(t_dentry->d_inode->i_mode))
02652 {
02653 target = T_FIFO;
02654 }
02655 else
02656 if(S_ISBLK(t_dentry->d_inode->i_mode))
02657 {
02658 target = T_FILE;
02659 }
02660 else
02661 if(S_ISCHR(t_dentry->d_inode->i_mode))
02662 {
02663 target = T_FILE;
02664 }
02665 else
02666 {
02667 #ifdef CONFIG_RSBAC_DEBUG
02668 if (rsbac_debug_aef)
02669 printk(KERN_DEBUG "sys_rsbac_rc_get_eff_rights_n(): no filesystem object\n");
02670 #endif
02671 err = -RSBAC_EINVALIDTARGET;
02672 goto out_dput;
02673 }
02674 break;
02675
02676 case T_FILE:
02677
02678 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
02679 && !(S_ISBLK(t_dentry->d_inode->i_mode))
02680 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
02681 {
02682 err = -RSBAC_EINVALIDTARGET;
02683 goto out_dput;
02684 }
02685 break;
02686
02687 case T_DIR:
02688 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
02689 {
02690 err = -RSBAC_EINVALIDTARGET;
02691 goto out_dput;
02692 }
02693 break;
02694
02695 case T_FIFO:
02696
02697 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
02698 {
02699 err = -RSBAC_EINVALIDTARGET;
02700 goto out_dput;
02701 }
02702 break;
02703
02704 case T_SYMLINK:
02705
02706 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
02707 {
02708 err = -RSBAC_EINVALIDTARGET;
02709 goto out_dput;
02710 }
02711 break;
02712
02713 case T_DEV:
02714
02715 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
02716 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
02717 {
02718 err = -RSBAC_EINVALIDTARGET;
02719 goto out_dput;
02720 }
02721 break;
02722
02723 default:
02724 err = -RSBAC_EINVALIDTARGET;
02725 goto out_dput;
02726 }
02727
02728 if(target == T_DEV)
02729 {
02730 if(S_ISBLK(t_dentry->d_inode->i_mode))
02731 tid.dev.type = D_block;
02732 else
02733 tid.dev.type = D_char;
02734 tid.dev.id = t_dentry->d_inode->i_rdev;
02735 }
02736 else
02737 {
02738
02739 tid.file.device = t_dentry->d_sb->s_dev;
02740 tid.file.inode = t_dentry->d_inode->i_ino;
02741 tid.file.dentry_p = t_dentry;
02742 }
02743 err = rsbac_rc_sys_get_eff_rights(ta_number, target, tid, &k_req_vec, &k_ttl);
02744
02745 if(!err)
02746 {
02747 err = rsbac_put_user((u_char *) &k_req_vec, (u_char *) request_vector_p, sizeof(k_req_vec) );
02748 if(!err && ttl_p)
02749 err = rsbac_put_user((u_char *) &k_ttl, (u_char *) ttl_p, sizeof(k_ttl) );
02750 }
02751
02752 out_dput:
02753 path_release(&nd);
02754
02755 out:
02756 return(err);
02757 #else
02758 return (-RSBAC_EINVALIDMODULE);
02759 #endif
02760 }
02761
02762
02763 int sys_rsbac_rc_get_current_role (rsbac_rc_role_id_t * role_p)
02764 {
02765 #if defined(CONFIG_RSBAC_RC)
02766 rsbac_rc_role_id_t k_role;
02767 int err;
02768
02769 if(!role_p)
02770 return(-RSBAC_EINVALIDPOINTER);
02771
02772 err = rsbac_rc_sys_get_current_role(&k_role);
02773 if(!err)
02774 {
02775 err = rsbac_put_user((u_char *) &k_role, (u_char *) role_p, sizeof(k_role) );
02776 }
02777 return err;
02778 #else
02779 return (-RSBAC_EINVALIDMODULE);
02780 #endif
02781 }
02782
02783
02784
02785
02786
02787 int sys_rsbac_auth_add_p_cap(
02788 rsbac_list_ta_number_t ta_number,
02789 rsbac_pid_t pid,
02790 enum rsbac_auth_cap_type_t cap_type,
02791 struct rsbac_auth_cap_range_t cap_range,
02792 rsbac_time_t ttl)
02793 {
02794 #if defined(CONFIG_RSBAC_AUTH)
02795 struct task_struct * task_p;
02796
02797 if(cap_type >= ACT_none)
02798 return(-RSBAC_EINVALIDTARGET);
02799 if(cap_range.first > cap_range.last)
02800 return(-RSBAC_EINVALIDVALUE);
02801
02802 #ifdef CONFIG_RSBAC_FREEZE
02803 if(rsbac_freeze)
02804 {
02805 #ifdef CONFIG_RSBAC_RMSG
02806 rsbac_printk(KERN_WARNING
02807 "sys_rsbac_auth_add_p_cap(): RSBAC configuration frozen, no administration allowed!\n");
02808 #endif
02809 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02810 if (!rsbac_nosyslog)
02811 #endif
02812 printk(KERN_WARNING
02813 "sys_rsbac_auth_add_p_cap(): RSBAC configuration frozen, no administration allowed!\n");
02814 return -EPERM;
02815 }
02816 #endif
02817
02818 read_lock(&tasklist_lock);
02819 task_p = find_task_by_pid(pid);
02820 read_unlock(&tasklist_lock);
02821 if(!task_p)
02822 return(-RSBAC_EINVALIDTARGET);
02823
02824
02825
02826 return(rsbac_auth_add_p_cap(ta_number, pid, cap_type, cap_range, ttl));
02827 #else
02828 return (-RSBAC_EINVALIDMODULE);
02829 #endif
02830 }
02831
02832 int sys_rsbac_auth_remove_p_cap(
02833 rsbac_list_ta_number_t ta_number,
02834 rsbac_pid_t pid,
02835 enum rsbac_auth_cap_type_t cap_type,
02836 struct rsbac_auth_cap_range_t cap_range)
02837 {
02838 #if defined(CONFIG_RSBAC_AUTH)
02839 struct task_struct * task_p;
02840
02841 if(cap_type >= ACT_none)
02842 return(-RSBAC_EINVALIDTARGET);
02843 if(cap_range.first > cap_range.last)
02844 return(-RSBAC_EINVALIDVALUE);
02845
02846 #ifdef CONFIG_RSBAC_FREEZE
02847 if(rsbac_freeze)
02848 {
02849 #ifdef CONFIG_RSBAC_RMSG
02850 rsbac_printk(KERN_WARNING
02851 "sys_rsbac_auth_remove_p_cap(): RSBAC configuration frozen, no administration allowed!\n");
02852 #endif
02853 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02854 if (!rsbac_nosyslog)
02855 #endif
02856 printk(KERN_WARNING
02857 "sys_rsbac_auth_remove_p_cap(): RSBAC configuration frozen, no administration allowed!\n");
02858 return -EPERM;
02859 }
02860 #endif
02861
02862 read_lock(&tasklist_lock);
02863 task_p = find_task_by_pid(pid);
02864 read_unlock(&tasklist_lock);
02865 if(!task_p)
02866 return(-RSBAC_EINVALIDTARGET);
02867
02868
02869 return(rsbac_auth_remove_p_cap(ta_number, pid, cap_type, cap_range));
02870 #else
02871 return (-RSBAC_EINVALIDMODULE);
02872 #endif
02873 }
02874
02875 int sys_rsbac_auth_add_f_cap(
02876 rsbac_list_ta_number_t ta_number,
02877 char * filename,
02878 enum rsbac_auth_cap_type_t cap_type,
02879 struct rsbac_auth_cap_range_t cap_range,
02880 rsbac_time_t ttl)
02881 {
02882 #if defined(CONFIG_RSBAC_AUTH)
02883 struct dentry * t_dentry;
02884 int err = 0;
02885 enum rsbac_target_t target;
02886 union rsbac_target_id_t tid;
02887
02888
02889 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02890 union rsbac_attribute_value_t rsbac_attribute_value;
02891 #endif
02892
02893 struct nameidata nd;
02894
02895 if(!filename)
02896 return(-RSBAC_EINVALIDTARGET);
02897 if(cap_type >= ACT_none)
02898 return(-RSBAC_EINVALIDTARGET);
02899 if(cap_range.first > cap_range.last)
02900 return(-RSBAC_EINVALIDVALUE);
02901
02902 #ifdef CONFIG_RSBAC_FREEZE
02903 if(rsbac_freeze)
02904 {
02905 #ifdef CONFIG_RSBAC_RMSG
02906 rsbac_printk(KERN_WARNING
02907 "sys_rsbac_auth_add_f_cap(): RSBAC configuration frozen, no administration allowed!\n");
02908 #endif
02909 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
02910 if (!rsbac_nosyslog)
02911 #endif
02912 printk(KERN_WARNING
02913 "sys_rsbac_auth_add_f_cap(): RSBAC configuration frozen, no administration allowed!\n");
02914 return -EPERM;
02915 }
02916 #endif
02917
02918 if ((err = user_path_walk_link(filename, &nd)))
02919 {
02920 #ifdef CONFIG_RSBAC_DEBUG
02921 if (rsbac_debug_aef_auth)
02922 printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): call to user_path_walk_link() returned %i\n", err);
02923 #endif
02924 goto out;
02925 }
02926 t_dentry = nd.dentry;
02927 if (!t_dentry->d_inode)
02928 {
02929 err = -RSBAC_EINVALIDTARGET;
02930 goto out_dput;
02931 }
02932
02933 if(S_ISREG(t_dentry->d_inode->i_mode))
02934 target = T_FILE;
02935 else
02936 if(S_ISDIR(t_dentry->d_inode->i_mode))
02937 target = T_DIR;
02938 else
02939 {
02940 err = -RSBAC_EINVALIDTARGET;
02941 goto out_dput;
02942 }
02943 tid.file.device = t_dentry->d_sb->s_dev;
02944 tid.file.inode = t_dentry->d_inode->i_ino;
02945 tid.file.dentry_p = t_dentry;
02946 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02947
02948 #ifdef CONFIG_RSBAC_DEBUG
02949 if (rsbac_debug_aef)
02950 printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n");
02951 #endif
02952 rsbac_attribute_value.auth_cap_range = cap_range;
02953 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
02954 current->pid,
02955 target,
02956 tid,
02957 A_auth_add_f_cap,
02958 rsbac_attribute_value))
02959 {
02960 err = -EPERM;
02961 }
02962 else
02963 #endif
02964 err = rsbac_auth_add_f_cap(ta_number, tid.file, cap_type, cap_range, ttl);
02965
02966 out_dput:
02967 path_release(&nd);
02968 out:
02969 return(err);
02970
02971 #else
02972 return (-RSBAC_EINVALIDMODULE);
02973 #endif
02974 };
02975
02976 int sys_rsbac_auth_remove_f_cap(
02977 rsbac_list_ta_number_t ta_number,
02978 char * filename,
02979 enum rsbac_auth_cap_type_t cap_type,
02980 struct rsbac_auth_cap_range_t cap_range)
02981 {
02982 #if defined(CONFIG_RSBAC_AUTH)
02983 struct dentry * t_dentry;
02984 int err = 0;
02985 enum rsbac_target_t target;
02986 union rsbac_target_id_t tid;
02987
02988
02989 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
02990 union rsbac_attribute_value_t rsbac_attribute_value;
02991 #endif
02992
02993 struct nameidata nd;
02994
02995 if(!filename)
02996 return(-RSBAC_EINVALIDTARGET);
02997 if(cap_type >= ACT_none)
02998 return(-RSBAC_EINVALIDTARGET);
02999 if(cap_range.first > cap_range.last)
03000 return(-RSBAC_EINVALIDVALUE);
03001
03002 #ifdef CONFIG_RSBAC_FREEZE
03003 if(rsbac_freeze)
03004 {
03005 #ifdef CONFIG_RSBAC_RMSG
03006 rsbac_printk(KERN_WARNING
03007 "sys_rsbac_auth_remove_f_cap(): RSBAC configuration frozen, no administration allowed!\n");
03008 #endif
03009 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03010 if (!rsbac_nosyslog)
03011 #endif
03012 printk(KERN_WARNING
03013 "sys_rsbac_auth_remove_f_cap(): RSBAC configuration frozen, no administration allowed!\n");
03014 return -EPERM;
03015 }
03016 #endif
03017
03018 if ((err = user_path_walk_link(filename, &nd)))
03019 {
03020 #ifdef CONFIG_RSBAC_DEBUG
03021 if (rsbac_debug_aef_auth)
03022 printk(KERN_DEBUG "sys_rsbac_auth_remove_f_cap(): call to user_path_walk_link() returned %i\n", err);
03023 #endif
03024 goto out;
03025 }
03026 t_dentry = nd.dentry;
03027 if (!t_dentry->d_inode)
03028 {
03029 err = -RSBAC_EINVALIDTARGET;
03030 goto out_dput;
03031 }
03032
03033 if(S_ISREG(t_dentry->d_inode->i_mode))
03034 target = T_FILE;
03035 else
03036 if(S_ISDIR(t_dentry->d_inode->i_mode))
03037 target = T_DIR;
03038 else
03039 {
03040 err = -RSBAC_EINVALIDTARGET;
03041 goto out_dput;
03042 }
03043 tid.file.device = t_dentry->d_sb->s_dev;
03044 tid.file.inode = t_dentry->d_inode->i_ino;
03045 tid.file.dentry_p = t_dentry;
03046 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03047
03048 #ifdef CONFIG_RSBAC_DEBUG
03049 if (rsbac_debug_aef) printk(KERN_DEBUG "sys_rsbac_auth_add_f_cap(): calling ADF\n");
03050 #endif
03051 rsbac_attribute_value.auth_cap_range = cap_range;
03052 if (!rsbac_adf_request(R_MODIFY_ATTRIBUTE,
03053 current->pid,
03054 target,
03055 tid,
03056 A_auth_remove_f_cap,
03057 rsbac_attribute_value))
03058 {
03059 err = -EPERM;
03060 }
03061 else
03062 #endif
03063 err = rsbac_auth_remove_f_cap(ta_number, tid.file, cap_type, cap_range);
03064
03065 out_dput:
03066 path_release(&nd);
03067 out:
03068 return(err);
03069
03070 #else
03071 return (-RSBAC_EINVALIDMODULE);
03072 #endif
03073 }
03074
03075
03076 int sys_rsbac_auth_get_f_caplist(
03077 rsbac_list_ta_number_t ta_number,
03078 char * filename,
03079 enum rsbac_auth_cap_type_t cap_type,
03080 struct rsbac_auth_cap_range_t caplist[],
03081 rsbac_time_t ttllist[],
03082 u_int maxnum)
03083 {
03084 #if defined(CONFIG_RSBAC_AUTH)
03085 struct dentry * t_dentry;
03086 int err = 0, tmperr = 0;
03087 enum rsbac_target_t target;
03088 union rsbac_target_id_t tid;
03089 struct rsbac_auth_cap_range_t * k_caplist;
03090 rsbac_time_t * k_ttllist;
03091
03092
03093 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03094 union rsbac_attribute_value_t rsbac_attribute_value;
03095 #endif
03096
03097 struct nameidata nd;
03098
03099 if(!filename)
03100 return(-RSBAC_EINVALIDTARGET);
03101 if(cap_type >= ACT_none)
03102 return(-RSBAC_EINVALIDTARGET);
03103 if(!caplist)
03104 return(-RSBAC_EINVALIDPOINTER);
03105 if(maxnum <= 0)
03106 return(-RSBAC_EINVALIDVALUE);
03107 if(maxnum > RSBAC_AUTH_MAX_MAXNUM)
03108 maxnum = RSBAC_AUTH_MAX_MAXNUM;
03109
03110 if ((err = user_path_walk_link(filename, &nd)))
03111 {
03112 #ifdef CONFIG_RSBAC_DEBUG
03113 if (rsbac_debug_aef_auth)
03114 printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): call to user_path_walk_link() returned %i\n", err);
03115 #endif
03116 goto out;
03117 }
03118 t_dentry = nd.dentry;
03119 if (!t_dentry->d_inode)
03120 {
03121 err = -RSBAC_EINVALIDTARGET;
03122 goto out_dput;
03123 }
03124
03125 if(S_ISREG(t_dentry->d_inode->i_mode))
03126 target = T_FILE;
03127 else
03128 if(S_ISDIR(t_dentry->d_inode->i_mode))
03129 target = T_DIR;
03130 else
03131 {
03132 err = -RSBAC_EINVALIDTARGET;
03133 goto out_dput;
03134 }
03135 tid.file.device = t_dentry->d_sb->s_dev;
03136 tid.file.inode = t_dentry->d_inode->i_ino;
03137 tid.file.dentry_p = t_dentry;
03138 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03139
03140 #ifdef CONFIG_RSBAC_DEBUG
03141 if (rsbac_debug_aef) printk(KERN_DEBUG "sys_rsbac_auth_get_f_caplist(): calling ADF\n");
03142 #endif
03143 rsbac_attribute_value.dummy = 0;
03144 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
03145 current->pid,
03146 target,
03147 tid,
03148 A_auth_get_caplist,
03149 rsbac_attribute_value))
03150 {
03151 err = -EPERM;
03152 goto out_dput;
03153 }
03154 #endif
03155 err = rsbac_auth_get_f_caplist(ta_number, tid.file, cap_type, &k_caplist, &k_ttllist);
03156 if(err>0)
03157 {
03158 if(err > maxnum)
03159 err = maxnum;
03160 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist,
03161 sizeof(struct rsbac_auth_cap_range_t) * err);
03162 if(tmperr < 0)
03163 err = tmperr;
03164 else
03165 {
03166 if(ttllist)
03167 {
03168 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
03169 sizeof(rsbac_time_t) * err);
03170 if(tmperr < 0)
03171 err = tmperr;
03172 }
03173 }
03174 rsbac_vfree(k_caplist);
03175 rsbac_vfree(k_ttllist);
03176 }
03177
03178 out_dput:
03179 path_release(&nd);
03180 out:
03181 return(err);
03182
03183 #else
03184 return (-RSBAC_EINVALIDMODULE);
03185 #endif
03186 }
03187
03188 int sys_rsbac_auth_get_p_caplist(
03189 rsbac_list_ta_number_t ta_number,
03190 rsbac_pid_t pid,
03191 enum rsbac_auth_cap_type_t cap_type,
03192 struct rsbac_auth_cap_range_t caplist[],
03193 rsbac_time_t ttllist[],
03194 u_int maxnum)
03195 {
03196 #if defined(CONFIG_RSBAC_AUTH)
03197 int err = 0, tmperr = 0;
03198 union rsbac_target_id_t tid;
03199 struct rsbac_auth_cap_range_t * k_caplist;
03200 rsbac_time_t * k_ttllist;
03201
03202
03203 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03204 union rsbac_attribute_value_t rsbac_attribute_value;
03205 #endif
03206
03207 if(!pid)
03208 return(-RSBAC_EINVALIDTARGET);
03209 if(cap_type >= ACT_none)
03210 return(-RSBAC_EINVALIDTARGET);
03211 if(!caplist)
03212 return(-RSBAC_EINVALIDPOINTER);
03213 if(maxnum <= 0)
03214 return(-RSBAC_EINVALIDVALUE);
03215 if(maxnum > RSBAC_AUTH_MAX_MAXNUM)
03216 maxnum = RSBAC_AUTH_MAX_MAXNUM;
03217
03218 tid.process = pid;
03219 #if defined(CONFIG_RSBAC_AUTH) && !defined(CONFIG_RSBAC_MAINT)
03220
03221 #ifdef CONFIG_RSBAC_DEBUG
03222 if (rsbac_debug_aef) printk(KERN_DEBUG "sys_rsbac_auth_get_p_caplist(): calling ADF\n");
03223 #endif
03224 rsbac_attribute_value.dummy = 0;
03225 if (!rsbac_adf_request(R_READ_ATTRIBUTE,
03226 current->pid,
03227 T_PROCESS,
03228 tid,
03229 A_auth_get_caplist,
03230 rsbac_attribute_value))
03231 {
03232 return -EPERM;
03233 }
03234 #endif
03235 err = rsbac_auth_get_p_caplist(ta_number, tid.process, cap_type,
03236 &k_caplist, &k_ttllist);
03237 if(err>0)
03238 {
03239 if(err > maxnum)
03240 err = maxnum;
03241 tmperr = rsbac_put_user((u_char *) k_caplist, (u_char *) caplist,
03242 sizeof(struct rsbac_auth_cap_range_t) * err);
03243 if(tmperr < 0)
03244 err = tmperr;
03245 else
03246 {
03247 if(ttllist)
03248 {
03249 tmperr = rsbac_put_user((u_char *) k_ttllist, (u_char *) ttllist,
03250 sizeof(rsbac_time_t) * err);
03251 if(tmperr < 0)
03252 err = tmperr;
03253 }
03254 }
03255 rsbac_vfree(k_caplist);
03256 rsbac_vfree(k_ttllist);
03257 }
03258
03259 return(err);
03260
03261 #else
03262 return (-RSBAC_EINVALIDMODULE);
03263 #endif
03264 }
03265
03266
03267
03268
03269 int sys_rsbac_reg(rsbac_reg_handle_t handle,
03270 void * arg)
03271 {
03272 #if defined(CONFIG_RSBAC_REG)
03273 return rsbac_reg_syscall(handle, arg);
03274 #else
03275 return (-RSBAC_EINVALIDMODULE);
03276 #endif
03277 }
03278
03279
03280
03281
03282
03283 int sys_rsbac_acl(
03284 rsbac_list_ta_number_t ta_number,
03285 enum rsbac_acl_syscall_type_t call,
03286 struct rsbac_acl_syscall_arg_t * arg)
03287 {
03288 #if defined(CONFIG_RSBAC_ACL)
03289 struct rsbac_acl_syscall_arg_t k_arg;
03290
03291 int err = 0;
03292
03293 if(call >= ACLC_none)
03294 return(-RSBAC_EINVALIDREQUEST);
03295 if(!arg)
03296 return(-RSBAC_EINVALIDPOINTER);
03297
03298
03299 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03300 if(err < 0)
03301 return err;
03302
03303 if(k_arg.target >= T_NONE)
03304 return(-RSBAC_EINVALIDTARGET);
03305
03306
03307
03308 #ifdef CONFIG_RSBAC_FREEZE
03309 if(rsbac_freeze)
03310 {
03311 #ifdef CONFIG_RSBAC_RMSG
03312 rsbac_printk(KERN_WARNING
03313 "sys_rsbac_acl(): RSBAC configuration frozen, no administration allowed!\n");
03314 #endif
03315 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03316 if (!rsbac_nosyslog)
03317 #endif
03318 printk(KERN_WARNING
03319 "sys_rsbac_acl(): RSBAC configuration frozen, no administration allowed!\n");
03320 return -EPERM;
03321 }
03322 #endif
03323
03324 if(call != ACLC_set_mask)
03325 {
03326 switch(k_arg.subj_type)
03327 {
03328 case ACLS_USER:
03329 break;
03330 case ACLS_GROUP:
03331 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03332 {
03333 struct rsbac_acl_group_entry_t entry;
03334 rsbac_uid_t caller;
03335
03336 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03337 || rsbac_get_owner(&caller)
03338 || ( (entry.owner != caller)
03339 && (entry.type != ACLG_GLOBAL)
03340 )
03341 )
03342 return(-RSBAC_EINVALIDVALUE);
03343 }
03344 break;
03345 #if defined(CONFIG_RSBAC_RC)
03346 case ACLS_ROLE:
03347 if(k_arg.subj_id > RC_role_max_value)
03348 {
03349 #ifdef CONFIG_RSBAC_RMSG
03350 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid role %u!\n", k_arg.subj_id);
03351 #endif
03352 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03353 if (!rsbac_nosyslog)
03354 #endif
03355 printk(KERN_DEBUG "sys_rsbac_acl(): Invalid role %u!\n", k_arg.subj_id);
03356 return(-RSBAC_EINVALIDVALUE);
03357 }
03358 break;
03359 #endif
03360 default:
03361 #ifdef CONFIG_RSBAC_RMSG
03362 rsbac_printk(KERN_DEBUG "sys_rsbac_acl(): Invalid subject type %u!\n", k_arg.subj_type);
03363 #endif
03364 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03365 if (!rsbac_nosyslog)
03366 #endif
03367 printk(KERN_DEBUG "sys_rsbac_acl(): Invalid subject type %u!\n", k_arg.subj_type);
03368 return(-RSBAC_EINVALIDVALUE);
03369 }
03370 if( (call == ACLC_remove_user)
03371 && (k_arg.target != T_USER)
03372 )
03373 return -RSBAC_EINVALIDTARGET;
03374
03375 }
03376
03377
03378 switch(call)
03379 {
03380 case ACLC_set_acl_entry:
03381 err = rsbac_acl_sys_set_acl_entry(ta_number,
03382 k_arg.target,
03383 k_arg.tid,
03384 k_arg.subj_type,
03385 k_arg.subj_id,
03386 k_arg.rights,
03387 k_arg.ttl);
03388 break;
03389 case ACLC_remove_acl_entry:
03390 err = rsbac_acl_sys_remove_acl_entry(ta_number,
03391 k_arg.target,
03392 k_arg.tid,
03393 k_arg.subj_type,
03394 k_arg.subj_id);
03395 break;
03396 case ACLC_remove_acl:
03397 err = rsbac_acl_sys_remove_acl(ta_number,
03398 k_arg.target,
03399 k_arg.tid);
03400 break;
03401 case ACLC_add_to_acl_entry:
03402 err = rsbac_acl_sys_add_to_acl_entry(ta_number,
03403 k_arg.target,
03404 k_arg.tid,
03405 k_arg.subj_type,
03406 k_arg.subj_id,
03407 k_arg.rights,
03408 k_arg.ttl);
03409 break;
03410 case ACLC_remove_from_acl_entry:
03411 err = rsbac_acl_sys_remove_from_acl_entry(ta_number,
03412 k_arg.target,
03413 k_arg.tid,
03414 k_arg.subj_type,
03415 k_arg.subj_id,
03416 k_arg.rights);
03417 break;
03418 case ACLC_set_mask:
03419 err = rsbac_acl_sys_set_mask(ta_number,
03420 k_arg.target,
03421 k_arg.tid,
03422 k_arg.rights);
03423 break;
03424 case ACLC_remove_user:
03425 err = rsbac_acl_sys_remove_user(ta_number,
03426 k_arg.tid.user);
03427 break;
03428
03429 default:
03430 err=-RSBAC_EINVALIDREQUEST;
03431 }
03432 return (err);
03433 #else
03434 return (-RSBAC_EINVALIDMODULE);
03435 #endif
03436 }
03437
03438
03439 int sys_rsbac_acl_n(
03440 rsbac_list_ta_number_t ta_number,
03441 enum rsbac_acl_syscall_type_t call,
03442 struct rsbac_acl_syscall_n_arg_t * arg)
03443 {
03444 #if defined(CONFIG_RSBAC_ACL)
03445 struct dentry * t_dentry = NULL;
03446 int err = 0;
03447 union rsbac_target_id_t tid;
03448 struct rsbac_acl_syscall_n_arg_t k_arg;
03449
03450 struct nameidata nd;
03451
03452 if(call >= ACLC_none)
03453 return(-RSBAC_EINVALIDREQUEST);
03454 if(!arg)
03455 return(-RSBAC_EINVALIDPOINTER);
03456
03457 #ifdef CONFIG_RSBAC_FREEZE
03458 if(rsbac_freeze)
03459 {
03460 #ifdef CONFIG_RSBAC_RMSG
03461 rsbac_printk(KERN_WARNING
03462 "sys_rsbac_acl_n(): RSBAC configuration frozen, no administration allowed!\n");
03463 #endif
03464 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03465 if (!rsbac_nosyslog)
03466 #endif
03467 printk(KERN_WARNING
03468 "sys_rsbac_acl_n(): RSBAC configuration frozen, no administration allowed!\n");
03469 return -EPERM;
03470 }
03471 #endif
03472
03473
03474 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03475 if(err < 0)
03476 return err;
03477
03478 if(k_arg.target >= T_NONE)
03479 return(-RSBAC_EINVALIDTARGET);
03480 if(call != ACLC_set_mask)
03481 {
03482 switch(k_arg.subj_type)
03483 {
03484 case ACLS_USER:
03485 break;
03486 case ACLS_GROUP:
03487 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03488 {
03489 struct rsbac_acl_group_entry_t entry;
03490 rsbac_uid_t caller;
03491
03492 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03493 || rsbac_get_owner(&caller)
03494 || ( (entry.owner != caller)
03495 && (entry.type != ACLG_GLOBAL)
03496 )
03497 )
03498 return(-RSBAC_EINVALIDVALUE);
03499 }
03500 break;
03501 #if defined(CONFIG_RSBAC_RC)
03502 case ACLS_ROLE:
03503 if(k_arg.subj_id > RC_role_max_value)
03504 return(-RSBAC_EINVALIDVALUE);
03505 break;
03506 #endif
03507 default:
03508 return(-RSBAC_EINVALIDVALUE);
03509 }
03510 }
03511
03512 if(k_arg.name)
03513 {
03514
03515 if ((err = user_path_walk_link(k_arg.name, &nd)))
03516 {
03517 #ifdef CONFIG_RSBAC_DEBUG
03518 if (rsbac_debug_aef)
03519 printk(KERN_DEBUG "sys_rsbac_acl_n(): call to user_path_walk_link() returned %i\n", err);
03520 #endif
03521 goto out;
03522 }
03523 t_dentry = nd.dentry;
03524 if (!t_dentry->d_inode)
03525 {
03526 #ifdef CONFIG_RSBAC_DEBUG
03527 if (rsbac_debug_aef)
03528 printk(KERN_DEBUG "sys_rsbac_acl_n(): file not found\n");
03529 #endif
03530 err = -RSBAC_EINVALIDTARGET;
03531 goto out_dput;
03532 }
03533 tid.file.device = t_dentry->d_sb->s_dev;
03534 tid.file.inode = t_dentry->d_inode->i_ino;
03535 tid.file.dentry_p = t_dentry;
03536 }
03537 else
03538 {
03539 tid.file.device = RSBAC_ZERO_DEV;
03540 tid.file.inode = 0;
03541 tid.file.dentry_p = NULL;
03542 }
03543
03544 switch (k_arg.target)
03545 {
03546 case T_FD:
03547 if(k_arg.name)
03548 {
03549 if(S_ISREG(t_dentry->d_inode->i_mode))
03550 {
03551 k_arg.target = T_FILE;
03552 }
03553 else
03554 if(S_ISDIR(t_dentry->d_inode->i_mode))
03555 {
03556 k_arg.target = T_DIR;
03557 }
03558 else
03559 if(S_ISLNK(t_dentry->d_inode->i_mode))
03560 {
03561 k_arg.target = T_SYMLINK;
03562 }
03563 else
03564 if(S_ISFIFO(t_dentry->d_inode->i_mode))
03565 {
03566 k_arg.target = T_FIFO;
03567 }
03568 else
03569 if(S_ISBLK(t_dentry->d_inode->i_mode))
03570 {
03571 k_arg.target = T_FILE;
03572 }
03573 else
03574 if(S_ISCHR(t_dentry->d_inode->i_mode))
03575 {
03576 k_arg.target = T_FILE;
03577 }
03578 else
03579 {
03580 #ifdef CONFIG_RSBAC_DEBUG
03581 if (rsbac_debug_aef)
03582 printk(KERN_DEBUG "sys_rsbac_acl_n(): no filesystem object\n");
03583 #endif
03584 err = -RSBAC_EINVALIDTARGET;
03585 goto out_dput;
03586 }
03587 }
03588 else
03589 k_arg.target = T_FILE;
03590 break;
03591
03592 case T_FILE:
03593 if(k_arg.name)
03594 {
03595
03596 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
03597 && !(S_ISBLK(t_dentry->d_inode->i_mode))
03598 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03599 {
03600 err = -RSBAC_EINVALIDTARGET;
03601 goto out_dput;
03602 }
03603 }
03604 break;
03605
03606 case T_DIR:
03607 if(k_arg.name)
03608 {
03609 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
03610 {
03611 err = -RSBAC_EINVALIDTARGET;
03612 goto out_dput;
03613 }
03614 }
03615 break;
03616
03617 case T_FIFO:
03618 if(k_arg.name)
03619 {
03620
03621 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
03622 {
03623 err = -RSBAC_EINVALIDTARGET;
03624 goto out_dput;
03625 }
03626 }
03627 break;
03628
03629 case T_SYMLINK:
03630 if(k_arg.name)
03631 {
03632
03633 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
03634 {
03635 err = -RSBAC_EINVALIDTARGET;
03636 goto out_dput;
03637 }
03638 }
03639 break;
03640
03641 case T_DEV:
03642 if(k_arg.name)
03643 {
03644
03645 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
03646 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03647 {
03648 err = -RSBAC_EINVALIDTARGET;
03649 goto out_dput;
03650 }
03651
03652 if(S_ISBLK(t_dentry->d_inode->i_mode))
03653 tid.dev.type = D_block;
03654 else
03655 tid.dev.type = D_char;
03656 tid.dev.id = t_dentry->d_inode->i_rdev;
03657 }
03658 else
03659 {
03660 tid.dev.type = D_none;
03661 tid.dev.id = RSBAC_ZERO_DEV;
03662 }
03663 break;
03664
03665 default:
03666 err = -RSBAC_EINVALIDTARGET;
03667 goto out_dput;
03668 }
03669
03670 switch(call)
03671 {
03672 case ACLC_set_acl_entry:
03673 err = rsbac_acl_sys_set_acl_entry(ta_number,
03674 k_arg.target,
03675 tid,
03676 k_arg.subj_type,
03677 k_arg.subj_id,
03678 k_arg.rights,
03679 k_arg.ttl);
03680 break;
03681 case ACLC_remove_acl_entry:
03682 err = rsbac_acl_sys_remove_acl_entry(ta_number,
03683 k_arg.target,
03684 tid,
03685 k_arg.subj_type,
03686 k_arg.subj_id);
03687 break;
03688 case ACLC_remove_acl:
03689 err = rsbac_acl_sys_remove_acl(ta_number,
03690 k_arg.target,
03691 tid);
03692 break;
03693 case ACLC_add_to_acl_entry:
03694 err = rsbac_acl_sys_add_to_acl_entry(ta_number,
03695 k_arg.target,
03696 tid,
03697 k_arg.subj_type,
03698 k_arg.subj_id,
03699 k_arg.rights,
03700 k_arg.ttl);
03701 break;
03702 case ACLC_remove_from_acl_entry:
03703 err = rsbac_acl_sys_remove_from_acl_entry(ta_number,
03704 k_arg.target,
03705 tid,
03706 k_arg.subj_type,
03707 k_arg.subj_id,
03708 k_arg.rights);
03709 break;
03710 case ACLC_set_mask:
03711 err = rsbac_acl_sys_set_mask(ta_number,
03712 k_arg.target,
03713 tid,
03714 k_arg.rights);
03715 break;
03716
03717 default:
03718 err=-RSBAC_EINVALIDREQUEST;
03719 }
03720
03721 out_dput:
03722 if(k_arg.name)
03723 {
03724 path_release(&nd);
03725 }
03726
03727 out:
03728 return(err);
03729 #else
03730 return (-RSBAC_EINVALIDMODULE);
03731 #endif
03732 }
03733
03734
03735
03736 int sys_rsbac_acl_get_rights(
03737 rsbac_list_ta_number_t ta_number,
03738 struct rsbac_acl_syscall_arg_t * arg,
03739 rsbac_acl_rights_vector_t * rights_p,
03740 u_int effective)
03741 {
03742 #if defined(CONFIG_RSBAC_ACL)
03743 struct rsbac_acl_syscall_arg_t k_arg;
03744 rsbac_acl_rights_vector_t k_rights = 0;
03745 int err = 0;
03746
03747 if(!arg || !rights_p)
03748 return(-RSBAC_EINVALIDPOINTER);
03749
03750 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03751
03752 if(k_arg.target >= T_NONE)
03753 return(-RSBAC_EINVALIDTARGET);
03754
03755
03756 switch(k_arg.subj_type)
03757 {
03758 case ACLS_USER:
03759 break;
03760 case ACLS_GROUP:
03761 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03762 {
03763 struct rsbac_acl_group_entry_t entry;
03764 rsbac_uid_t caller;
03765
03766 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03767 || rsbac_get_owner(&caller)
03768 || ( (entry.owner != caller)
03769 && (entry.type != ACLG_GLOBAL)
03770 )
03771 )
03772 return(-RSBAC_EINVALIDVALUE);
03773 }
03774 break;
03775 case ACLS_ROLE:
03776 #if defined(CONFIG_RSBAC_RC)
03777 if(k_arg.subj_id > RC_role_max_value)
03778 return(-RSBAC_EINVALIDVALUE);
03779 #endif
03780 break;
03781 default:
03782 #ifdef CONFIG_RSBAC_RMSG
03783 rsbac_printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): Invalid subject type %u!\n", k_arg.subj_type);
03784 #endif
03785 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
03786 if (!rsbac_nosyslog)
03787 #endif
03788 printk(KERN_DEBUG "sys_rsbac_acl_get_rights(): Invalid subject type %u!\n", k_arg.subj_type);
03789 return(-RSBAC_EINVALIDVALUE);
03790 }
03791
03792
03793 err = rsbac_acl_sys_get_rights(ta_number,
03794 k_arg.target,
03795 k_arg.tid,
03796 k_arg.subj_type,
03797 k_arg.subj_id,
03798 &k_rights,
03799 effective);
03800 if(!err)
03801 {
03802 err = rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) );
03803 }
03804 return (err);
03805 #else
03806 return (-RSBAC_EINVALIDMODULE);
03807 #endif
03808 }
03809
03810
03811 int sys_rsbac_acl_get_rights_n(
03812 rsbac_list_ta_number_t ta_number,
03813 struct rsbac_acl_syscall_n_arg_t * arg,
03814 rsbac_acl_rights_vector_t * rights_p,
03815 u_int effective)
03816 {
03817 #if defined(CONFIG_RSBAC_ACL)
03818 struct dentry * t_dentry = NULL;
03819 rsbac_boolean_t need_put = FALSE;
03820 int err = 0;
03821 union rsbac_target_id_t tid;
03822 struct rsbac_acl_syscall_n_arg_t k_arg;
03823 rsbac_acl_rights_vector_t k_rights = 0;
03824
03825 struct nameidata nd;
03826
03827 if(!arg || !rights_p)
03828 return(-RSBAC_EINVALIDPOINTER);
03829
03830 rsbac_get_user((u_char *) &k_arg, (u_char *) arg, sizeof(k_arg) );
03831
03832 if(k_arg.target >= T_NONE)
03833 return(-RSBAC_EINVALIDTARGET);
03834 switch(k_arg.subj_type)
03835 {
03836 case ACLS_USER:
03837 break;
03838 case ACLS_GROUP:
03839 if(k_arg.subj_id != RSBAC_ACL_GROUP_EVERYONE)
03840 {
03841 struct rsbac_acl_group_entry_t entry;
03842 rsbac_uid_t caller;
03843
03844 if( rsbac_acl_get_group_entry(ta_number, k_arg.subj_id, &entry)
03845 || rsbac_get_owner(&caller)
03846 || ( (entry.owner != caller)
03847 && (entry.type != ACLG_GLOBAL)
03848 )
03849 )
03850 return(-RSBAC_EINVALIDVALUE);
03851 }
03852 break;
03853 case ACLS_ROLE:
03854 #if defined(CONFIG_RSBAC_RC)
03855 if(k_arg.subj_id > RC_role_max_value)
03856 return(-RSBAC_EINVALIDVALUE);
03857 #endif
03858 break;
03859 default:
03860 return(-RSBAC_EINVALIDVALUE);
03861 }
03862
03863 switch (k_arg.target)
03864 {
03865 case T_FD:
03866 case T_FILE:
03867 case T_DIR:
03868 case T_FIFO:
03869 case T_SYMLINK:
03870 if(k_arg.name)
03871 {
03872 if ((err = user_path_walk_link(k_arg.name, &nd)))
03873 {
03874 #ifdef CONFIG_RSBAC_DEBUG
03875 if (rsbac_debug_aef_acl)
03876 printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err);
03877 #endif
03878 goto out;
03879 }
03880 t_dentry = nd.dentry;
03881 need_put = TRUE;
03882 if (!t_dentry->d_inode)
03883 {
03884 err = -RSBAC_EINVALIDTARGET;
03885 goto out_dput;
03886 }
03887
03888 switch(k_arg.target)
03889 {
03890 case T_FD:
03891 if(S_ISREG(t_dentry->d_inode->i_mode))
03892 {
03893 k_arg.target = T_FILE;
03894 }
03895 else
03896 if(S_ISDIR(t_dentry->d_inode->i_mode))
03897 {
03898 k_arg.target = T_DIR;
03899 }
03900 else
03901 if(S_ISLNK(t_dentry->d_inode->i_mode))
03902 {
03903 k_arg.target = T_SYMLINK;
03904 }
03905 else
03906 if(S_ISFIFO(t_dentry->d_inode->i_mode))
03907 {
03908 k_arg.target = T_FIFO;
03909 }
03910 else
03911 if(S_ISBLK(t_dentry->d_inode->i_mode))
03912 {
03913 k_arg.target = T_FILE;
03914 }
03915 else
03916 if(S_ISCHR(t_dentry->d_inode->i_mode))
03917 {
03918 k_arg.target = T_FILE;
03919 }
03920 else
03921 {
03922 err = -RSBAC_EINVALIDTARGET;
03923 goto out_dput;
03924 }
03925 break;
03926 case T_FILE:
03927 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
03928 && !(S_ISBLK(t_dentry->d_inode->i_mode))
03929 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03930 {
03931 err = -RSBAC_EINVALIDTARGET;
03932 goto out_dput;
03933 }
03934 break;
03935 case T_DIR:
03936 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
03937 {
03938 err = -RSBAC_EINVALIDTARGET;
03939 goto out_dput;
03940 }
03941 break;
03942 case T_FIFO:
03943
03944 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
03945 {
03946 err = -RSBAC_EINVALIDTARGET;
03947 goto out_dput;
03948 }
03949 break;
03950 case T_SYMLINK:
03951
03952 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
03953 {
03954 err = -RSBAC_EINVALIDTARGET;
03955 goto out_dput;
03956 }
03957 break;
03958 default:
03959 err = -RSBAC_EINVALIDTARGET;
03960 goto out_dput;
03961 }
03962 tid.file.device = t_dentry->d_sb->s_dev;
03963 tid.file.inode = t_dentry->d_inode->i_ino;
03964 tid.file.dentry_p = t_dentry;
03965 }
03966 else
03967 {
03968 if(k_arg.target == T_FD)
03969 k_arg.target = T_FILE;
03970 tid.file.device = RSBAC_ZERO_DEV;
03971 tid.file.inode = 0;
03972 tid.file.dentry_p = NULL;
03973 }
03974 break;
03975
03976 case T_DEV:
03977 if(k_arg.name)
03978 {
03979 if ((err = user_path_walk_link(k_arg.name, &nd)))
03980 {
03981 #ifdef CONFIG_RSBAC_DEBUG
03982 if (rsbac_debug_aef_acl)
03983 printk(KERN_DEBUG "sys_rsbac_acl_get_rights_n(): call to user_path_walk_link() returned %i\n", err);
03984 #endif
03985 goto out;
03986 }
03987 t_dentry = nd.dentry;
03988 need_put = TRUE;
03989 if (!t_dentry->d_inode)
03990 {
03991 err = -RSBAC_EINVALIDTARGET;
03992 goto out_dput;
03993 }
03994
03995 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
03996 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
03997 {
03998 err = -RSBAC_EINVALIDTARGET;
03999 goto out_dput;
04000 }
04001
04002 if(S_ISBLK(t_dentry->d_inode->i_mode))
04003 tid.dev.type = D_block;
04004 else
04005 tid.dev.type = D_char;
04006 tid.dev.id = t_dentry->d_inode->i_rdev;
04007 }
04008 else
04009 {
04010 tid.dev.type = D_none;
04011 tid.dev.id = RSBAC_ZERO_DEV;
04012 }
04013 break;
04014
04015 default:
04016 return -RSBAC_EINVALIDTARGET;
04017 }
04018
04019
04020 err = rsbac_acl_sys_get_rights(ta_number,
04021 k_arg.target,
04022 tid,
04023 k_arg.subj_type,
04024 k_arg.subj_id,
04025 &k_rights,
04026 effective);
04027
04028 out_dput:
04029 if(need_put)
04030 path_release(&nd);
04031 out:
04032 if(!err)
04033 {
04034 rsbac_put_user((u_char *) &k_rights, (u_char *) rights_p, sizeof(k_rights) );
04035 }
04036 return(err);
04037 #else
04038 return (-RSBAC_EINVALIDMODULE);
04039 #endif
04040 }
04041
04042
04043
04044 int sys_rsbac_acl_get_tlist (
04045 rsbac_list_ta_number_t ta_number,
04046 enum rsbac_target_t target,
04047 union rsbac_target_id_t * tid,
04048 struct rsbac_acl_entry_t entry_array[],
04049 rsbac_time_t ttl_array[],
04050 u_int maxnum)
04051 {
04052 #if defined(CONFIG_RSBAC_ACL)
04053 union rsbac_target_id_t k_tid;
04054 struct rsbac_acl_entry_t * k_entry_p;
04055 rsbac_time_t * k_ttl_p;
04056 int err = 0;
04057
04058 if(!tid || (target >= T_NONE))
04059 return(-RSBAC_EINVALIDTARGET);
04060 if(!entry_array)
04061 return(-RSBAC_EINVALIDPOINTER);
04062 if(!maxnum)
04063 return(-RSBAC_EINVALIDVALUE);
04064 if(maxnum > RSBAC_ACL_MAX_MAXNUM)
04065 maxnum = RSBAC_ACL_MAX_MAXNUM;
04066
04067
04068 err = rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
04069 if(err)
04070 return err;
04071
04072
04073 err = rsbac_acl_sys_get_tlist(ta_number, target, k_tid, &k_entry_p, &k_ttl_p);
04074 if(err>0)
04075 {
04076 if(err > maxnum)
04077 err = maxnum;
04078 rsbac_put_user((u_char *) k_entry_p,
04079 (u_char *) entry_array,
04080 err * sizeof(*k_entry_p) );
04081 if(ttl_array)
04082 {
04083 rsbac_put_user((u_char *) k_ttl_p,
04084 (u_char *) ttl_array,
04085 err * sizeof(*k_ttl_p) );
04086 }
04087 rsbac_vfree(k_entry_p);
04088 rsbac_vfree(k_ttl_p);
04089 }
04090 return (err);
04091 #else
04092 return (-RSBAC_EINVALIDMODULE);
04093 #endif
04094 }
04095
04096 int sys_rsbac_acl_get_tlist_n(
04097 rsbac_list_ta_number_t ta_number,
04098 enum rsbac_target_t target,
04099 char * t_name,
04100 struct rsbac_acl_entry_t entry_array[],
04101 rsbac_time_t ttl_array[],
04102 u_int maxnum)
04103 {
04104 #if defined(CONFIG_RSBAC_ACL)
04105 struct dentry * t_dentry = NULL;
04106 struct rsbac_acl_entry_t * k_entry_p;
04107 rsbac_time_t * k_ttl_p;
04108 rsbac_boolean_t need_put = FALSE;
04109 int err = 0;
04110 union rsbac_target_id_t tid;
04111
04112 struct nameidata nd;
04113
04114 if(target >= T_NONE)
04115 return(-RSBAC_EINVALIDTARGET);
04116 if(!entry_array)
04117 return(-RSBAC_EINVALIDPOINTER);
04118
04119 switch (target)
04120 {
04121 case T_FD:
04122 case T_FILE:
04123 case T_DIR:
04124 case T_FIFO:
04125 case T_SYMLINK:
04126 if(t_name)
04127 {
04128 if ((err = user_path_walk_link(t_name, &nd)))
04129 {
04130 #ifdef CONFIG_RSBAC_DEBUG
04131 if (rsbac_debug_aef_acl)
04132 printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err);
04133 #endif
04134 goto out;
04135 }
04136 t_dentry = nd.dentry;
04137 need_put = TRUE;
04138 if (!t_dentry->d_inode)
04139 {
04140 err = -RSBAC_EINVALIDTARGET;
04141 goto out_dput;
04142 }
04143
04144 switch(target)
04145 {
04146 case T_FD:
04147 if(S_ISREG(t_dentry->d_inode->i_mode))
04148 {
04149 target = T_FILE;
04150 }
04151 else
04152 if(S_ISDIR(t_dentry->d_inode->i_mode))
04153 {
04154 target = T_DIR;
04155 }
04156 else
04157 if(S_ISLNK(t_dentry->d_inode->i_mode))
04158 {
04159 target = T_SYMLINK;
04160 }
04161 else
04162 if(S_ISFIFO(t_dentry->d_inode->i_mode))
04163 {
04164 target = T_FIFO;
04165 }
04166 else
04167 if(S_ISBLK(t_dentry->d_inode->i_mode))
04168 {
04169 target = T_FILE;
04170 }
04171 else
04172 if(S_ISCHR(t_dentry->d_inode->i_mode))
04173 {
04174 target = T_FILE;
04175 }
04176 else
04177 {
04178 err = -RSBAC_EINVALIDTARGET;
04179 goto out_dput;
04180 }
04181 break;
04182 case T_FILE:
04183 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
04184 && !(S_ISBLK(t_dentry->d_inode->i_mode))
04185 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04186 {
04187 err = -RSBAC_EINVALIDTARGET;
04188 goto out_dput;
04189 }
04190 break;
04191 case T_DIR:
04192 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
04193 {
04194 err = -RSBAC_EINVALIDTARGET;
04195 goto out_dput;
04196 }
04197 break;
04198 case T_FIFO:
04199
04200 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
04201 {
04202 err = -RSBAC_EINVALIDTARGET;
04203 goto out_dput;
04204 }
04205 break;
04206 case T_SYMLINK:
04207
04208 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
04209 {
04210 err = -RSBAC_EINVALIDTARGET;
04211 goto out_dput;
04212 }
04213 break;
04214 default:
04215 err = -RSBAC_EINVALIDTARGET;
04216 goto out_dput;
04217 }
04218 tid.file.device = t_dentry->d_sb->s_dev;
04219 tid.file.inode = t_dentry->d_inode->i_ino;
04220 tid.file.dentry_p = t_dentry;
04221 }
04222 else
04223 {
04224 if(target == T_FD)
04225 target = T_FILE;
04226 tid.file.device = RSBAC_ZERO_DEV;
04227 tid.file.inode = 0;
04228 tid.file.dentry_p = NULL;
04229 }
04230 break;
04231
04232 case T_DEV:
04233 if(t_name)
04234 {
04235 if ((err = user_path_walk_link(t_name, &nd)))
04236 {
04237 #ifdef CONFIG_RSBAC_DEBUG
04238 if (rsbac_debug_aef_acl)
04239 printk(KERN_DEBUG "sys_rsbac_acl_get_tlist_n(): call to user_path_walk_link() returned %i\n", err);
04240 #endif
04241 goto out;
04242 }
04243 t_dentry = nd.dentry;
04244 need_put = TRUE;
04245 if (!t_dentry->d_inode)
04246 {
04247 err = -RSBAC_EINVALIDTARGET;
04248 goto out_dput;
04249 }
04250
04251 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
04252 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04253 {
04254 err = -RSBAC_EINVALIDTARGET;
04255 goto out_dput;
04256 }
04257
04258 if(S_ISBLK(t_dentry->d_inode->i_mode))
04259 tid.dev.type = D_block;
04260 else
04261 tid.dev.type = D_char;
04262 tid.dev.id = t_dentry->d_inode->i_rdev;
04263 }
04264 else
04265 {
04266 tid.dev.type = D_none;
04267 tid.dev.id = RSBAC_ZERO_DEV;
04268 }
04269 break;
04270
04271 default:
04272 return -RSBAC_EINVALIDTARGET;
04273 }
04274
04275 err = rsbac_acl_sys_get_tlist(ta_number, target, tid,
04276 &k_entry_p, &k_ttl_p);
04277
04278 out_dput:
04279 if(need_put)
04280 path_release(&nd);
04281 out:
04282 if(err>0)
04283 {
04284 if(err > maxnum)
04285 err = maxnum;
04286 rsbac_put_user((u_char *) k_entry_p,
04287 (u_char *) entry_array,
04288 err * sizeof(*k_entry_p) );
04289 if(ttl_array)
04290 {
04291 rsbac_put_user((u_char *) k_ttl_p,
04292 (u_char *) ttl_array,
04293 err * sizeof(*k_ttl_p) );
04294 }
04295 rsbac_vfree(k_entry_p);
04296 rsbac_vfree(k_ttl_p);
04297 }
04298 return(err);
04299
04300 #else
04301 return (-RSBAC_EINVALIDMODULE);
04302 #endif
04303 }
04304
04305
04306
04307 int sys_rsbac_acl_get_mask (
04308 rsbac_list_ta_number_t ta_number,
04309 enum rsbac_target_t target,
04310 union rsbac_target_id_t * tid,
04311 rsbac_acl_rights_vector_t * mask_p)
04312 {
04313 #if defined(CONFIG_RSBAC_ACL)
04314 union rsbac_target_id_t k_tid;
04315 rsbac_acl_rights_vector_t k_mask;
04316 int err = 0;
04317
04318 if(!tid || (target >= T_NONE))
04319 return(-RSBAC_EINVALIDTARGET);
04320 if(!mask_p)
04321 return(-RSBAC_EINVALIDPOINTER);
04322
04323
04324 rsbac_get_user((u_char *) &k_tid, (u_char *) tid, sizeof(k_tid) );
04325
04326
04327 err = rsbac_acl_sys_get_mask(ta_number, target, k_tid, &k_mask);
04328 if(!err)
04329 {
04330 rsbac_put_user((u_char *) &k_mask,
04331 (u_char *) mask_p,
04332 sizeof(k_mask) );
04333 }
04334 return (err);
04335 #else
04336 return (-RSBAC_EINVALIDMODULE);
04337 #endif
04338 }
04339
04340 int sys_rsbac_acl_get_mask_n(
04341 rsbac_list_ta_number_t ta_number,
04342 enum rsbac_target_t target,
04343 char * t_name,
04344 rsbac_acl_rights_vector_t * mask_p)
04345 {
04346 #if defined(CONFIG_RSBAC_ACL)
04347 struct dentry * t_dentry = NULL;
04348 rsbac_acl_rights_vector_t k_mask;
04349 rsbac_boolean_t need_put = FALSE;
04350 int err = 0;
04351 union rsbac_target_id_t tid;
04352
04353 struct nameidata nd;
04354
04355 if(target >= T_NONE)
04356 return(-RSBAC_EINVALIDTARGET);
04357 if(!mask_p)
04358 return(-RSBAC_EINVALIDPOINTER);
04359
04360 switch (target)
04361 {
04362 case T_FD:
04363 case T_FILE:
04364 case T_DIR:
04365 case T_FIFO:
04366 case T_SYMLINK:
04367 if(t_name)
04368 {
04369 if ((err = user_path_walk_link(t_name, &nd)))
04370 {
04371 #ifdef CONFIG_RSBAC_DEBUG
04372 if (rsbac_debug_aef_acl)
04373 printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err);
04374 #endif
04375 goto out;
04376 }
04377 t_dentry = nd.dentry;
04378 need_put = TRUE;
04379 if (!t_dentry->d_inode)
04380 {
04381 err = -RSBAC_EINVALIDTARGET;
04382 goto out_dput;
04383 }
04384
04385 switch(target)
04386 {
04387 case T_FD:
04388 if(S_ISREG(t_dentry->d_inode->i_mode))
04389 {
04390 target = T_FILE;
04391 }
04392 else
04393 if(S_ISDIR(t_dentry->d_inode->i_mode))
04394 {
04395 target = T_DIR;
04396 }
04397 else
04398 if(S_ISLNK(t_dentry->d_inode->i_mode))
04399 {
04400 target = T_SYMLINK;
04401 }
04402 else
04403 if(S_ISFIFO(t_dentry->d_inode->i_mode))
04404 {
04405 target = T_FIFO;
04406 }
04407 else
04408 if(S_ISBLK(t_dentry->d_inode->i_mode))
04409 {
04410 target = T_FILE;
04411 }
04412 else
04413 if(S_ISCHR(t_dentry->d_inode->i_mode))
04414 {
04415 target = T_FILE;
04416 }
04417 else
04418 {
04419 err = -RSBAC_EINVALIDTARGET;
04420 goto out_dput;
04421 }
04422 break;
04423 case T_FILE:
04424 if ( !(S_ISREG(t_dentry->d_inode->i_mode))
04425 && !(S_ISBLK(t_dentry->d_inode->i_mode))
04426 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04427 {
04428 err = -RSBAC_EINVALIDTARGET;
04429 goto out_dput;
04430 }
04431 break;
04432 case T_DIR:
04433 if ( !(S_ISDIR(t_dentry->d_inode->i_mode)) )
04434 {
04435 err = -RSBAC_EINVALIDTARGET;
04436 goto out_dput;
04437 }
04438 break;
04439 case T_FIFO:
04440
04441 if ( !(S_ISFIFO(t_dentry->d_inode->i_mode)))
04442 {
04443 err = -RSBAC_EINVALIDTARGET;
04444 goto out_dput;
04445 }
04446 break;
04447 case T_SYMLINK:
04448
04449 if ( !(S_ISLNK(t_dentry->d_inode->i_mode)))
04450 {
04451 err = -RSBAC_EINVALIDTARGET;
04452 goto out_dput;
04453 }
04454 break;
04455 default:
04456 err = -RSBAC_EINVALIDTARGET;
04457 goto out_dput;
04458 }
04459 tid.file.device = t_dentry->d_sb->s_dev;
04460 tid.file.inode = t_dentry->d_inode->i_ino;
04461 tid.file.dentry_p = t_dentry;
04462 }
04463 else
04464 {
04465 if(target == T_FD)
04466 target = T_FILE;
04467 tid.file.device = RSBAC_ZERO_DEV;
04468 tid.file.inode = 0;
04469 tid.file.dentry_p = NULL;
04470 }
04471 break;
04472
04473 case T_DEV:
04474 if(t_name)
04475 {
04476 if ((err = user_path_walk_link(t_name, &nd)))
04477 {
04478 #ifdef CONFIG_RSBAC_DEBUG
04479 if (rsbac_debug_aef_acl)
04480 printk(KERN_DEBUG "sys_rsbac_acl_get_mask_n(): call to user_path_walk_link() returned %i\n", err);
04481 #endif
04482 goto out;
04483 }
04484 t_dentry = nd.dentry;
04485 need_put = TRUE;
04486 if (!t_dentry->d_inode)
04487 {
04488 err = -RSBAC_EINVALIDTARGET;
04489 goto out_dput;
04490 }
04491
04492 if ( !(S_ISBLK(t_dentry->d_inode->i_mode))
04493 && !(S_ISCHR(t_dentry->d_inode->i_mode)) )
04494 {
04495 err = -RSBAC_EINVALIDTARGET;
04496 goto out_dput;
04497 }
04498
04499 if(S_ISBLK(t_dentry->d_inode->i_mode))
04500 tid.dev.type = D_block;
04501 else
04502 tid.dev.type = D_char;
04503 tid.dev.id = t_dentry->d_inode->i_rdev;
04504 }
04505 else
04506 {
04507 tid.dev.type = D_none;
04508 tid.dev.id = RSBAC_ZERO_DEV;
04509 }
04510 break;
04511
04512 default:
04513 return -RSBAC_EINVALIDTARGET;
04514 }
04515
04516 err = rsbac_acl_sys_get_mask(ta_number, target, tid, &k_mask);
04517
04518 out_dput:
04519 if(need_put)
04520 path_release(&nd);
04521 out:
04522 if(!err)
04523 {
04524 rsbac_put_user((u_char *) &k_mask,
04525 (u_char *) mask_p,
04526 sizeof(k_mask) );
04527 }
04528 return(err);
04529
04530 #else
04531 return (-RSBAC_EINVALIDMODULE);
04532 #endif
04533 }
04534
04535
04536
04537 int sys_rsbac_acl_group(
04538 rsbac_list_ta_number_t ta_number,
04539 enum rsbac_acl_group_syscall_type_t call,
04540 union rsbac_acl_group_syscall_arg_t * arg_p)
04541 {
04542 #if defined(CONFIG_RSBAC_ACL)
04543 union rsbac_acl_group_syscall_arg_t k_arg;
04544 int err = 0;
04545
04546 if(call >= ACLGS_none)
04547 return(-RSBAC_EINVALIDREQUEST);
04548 if(!arg_p)
04549 return(-RSBAC_EINVALIDPOINTER);
04550
04551 #ifdef CONFIG_RSBAC_FREEZE
04552 if(rsbac_freeze)
04553 {
04554 switch(call)
04555 {
04556 case ACLGS_add_group:
04557 case ACLGS_change_group:
04558 case ACLGS_remove_group:
04559 case ACLGS_add_member:
04560 case ACLGS_remove_member:
04561 #ifdef CONFIG_RSBAC_RMSG
04562 rsbac_printk(KERN_WARNING
04563 "sys_rsbac_acl_group(): RSBAC configuration frozen, no administration allowed!\n");
04564 #endif
04565 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04566 if (!rsbac_nosyslog)
04567 #endif
04568 printk(KERN_WARNING
04569 "sys_rsbac_acl_group(): RSBAC configuration frozen, no administration allowed!\n");
04570 return -EPERM;
04571
04572 default:
04573 break;
04574 }
04575 }
04576 #endif
04577
04578
04579 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) );
04580
04581
04582 if(err >= 0)
04583 err = rsbac_acl_sys_group(ta_number, call, k_arg);
04584 return (err);
04585 #else
04586 return (-RSBAC_EINVALIDMODULE);
04587 #endif
04588 }
04589
04590
04591
04592 int sys_rsbac_jail(rsbac_version_t version,
04593 char * path,
04594 rsbac_jail_ip_t ip,
04595 rsbac_jail_flags_t flags,
04596 rsbac_cap_vector_t max_caps)
04597 {
04598 #if defined(CONFIG_RSBAC_JAIL)
04599 return rsbac_jail_sys_jail(version, path, ip, flags, max_caps);
04600 #else
04601 return (-RSBAC_EINVALIDMODULE);
04602 #endif
04603 }
04604
04605
04606
04607 int sys_rsbac_um_auth_name(
04608 char * name,
04609 char * pass)
04610 {
04611 #if defined(CONFIG_RSBAC_UM)
04612 rsbac_uid_t uid;
04613 int err;
04614 char * k_name;
04615 char * k_pass;
04616 union rsbac_target_id_t i_tid;
04617 union rsbac_attribute_value_t i_attr_val;
04618 #ifdef CONFIG_RSBAC_DEBUG
04619 if (rsbac_debug_aef_um)
04620 {
04621 #ifdef CONFIG_RSBAC_RMSG
04622 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user\n");
04623 #endif
04624 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04625 if (!rsbac_nosyslog)
04626 #endif
04627 printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user\n");
04628 }
04629 #endif
04630 if(!name || !pass)
04631 {
04632 #ifdef CONFIG_RSBAC_DEBUG
04633 if (rsbac_debug_aef_um)
04634 {
04635 #ifdef CONFIG_RSBAC_RMSG
04636 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): NULL name or pass\n");
04637 #endif
04638 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04639 if (!rsbac_nosyslog)
04640 #endif
04641 printk(KERN_DEBUG "sys_rsbac_um_auth_name(): NULL name or pass\n");
04642 }
04643 #endif
04644 return -RSBAC_EINVALIDPOINTER;
04645 }
04646 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN);
04647 if(!k_name)
04648 return -RSBAC_ENOMEM;
04649 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04650 if(!k_pass)
04651 {
04652 rsbac_kfree(k_name);
04653 return -RSBAC_ENOMEM;
04654 }
04655 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
04656 if(err)
04657 goto out_free;
04658 k_name[RSBAC_UM_NAME_LEN-1] = 0;
04659 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
04660 if(err)
04661 goto out_free;
04662 k_pass[RSBAC_MAXNAMELEN-1] = 0;
04663 #if 0
04664 #ifdef CONFIG_RSBAC_DEBUG
04665 if (rsbac_debug_aef_um)
04666 {
04667 #ifdef CONFIG_RSBAC_RMSG
04668 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user %s with pass %s\n",
04669 k_name, k_pass);
04670 #endif
04671 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04672 if (!rsbac_nosyslog)
04673 #endif
04674 printk(KERN_DEBUG "sys_rsbac_um_auth_name(): authenticating user %s with pass %s\n",
04675 k_name, k_pass);
04676 }
04677 #endif
04678 #endif
04679 err = rsbac_um_get_uid(0, k_name, &uid);
04680 if(err)
04681 goto out_free;
04682
04683 err = rsbac_um_check_pass(uid, k_pass);
04684 if(err)
04685 goto out_free;
04686
04687 #ifdef CONFIG_RSBAC_AUTH
04688
04689 i_tid.process = current->pid;
04690 i_attr_val.auth_last_auth = uid;
04691 if (rsbac_set_attr(AUTH,
04692 T_PROCESS,
04693 i_tid,
04694 A_auth_last_auth,
04695 i_attr_val))
04696 {
04697 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth);
04698 }
04699 #endif
04700
04701 out_free:
04702 rsbac_kfree(k_name);
04703 memset(k_pass, 0, RSBAC_MAXNAMELEN);
04704 rsbac_kfree(k_pass);
04705 return err;
04706 #else
04707 return (-RSBAC_EINVALIDMODULE);
04708 #endif
04709 }
04710
04711 int sys_rsbac_um_auth_uid(rsbac_uid_t uid,
04712 char * pass)
04713 {
04714 #if defined(CONFIG_RSBAC_UM)
04715 int err;
04716 char * k_pass;
04717 union rsbac_target_id_t i_tid;
04718 union rsbac_attribute_value_t i_attr_val;
04719
04720 if(!pass)
04721 return -RSBAC_EINVALIDPOINTER;
04722 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04723 if(!k_pass)
04724 return -RSBAC_ENOMEM;
04725 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
04726 if(err)
04727 goto out_free;
04728 k_pass[RSBAC_MAXNAMELEN-1] = 0;
04729
04730 #ifdef CONFIG_RSBAC_DEBUG
04731 if (rsbac_debug_aef_um)
04732 {
04733 #ifdef CONFIG_RSBAC_RMSG
04734 rsbac_printk(KERN_DEBUG "sys_rsbac_um_auth_uid(): authenticating user %u with pass %s\n",
04735 uid, k_pass);
04736 #endif
04737 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04738 if (!rsbac_nosyslog)
04739 #endif
04740 printk(KERN_DEBUG "sys_rsbac_um_auth_uid(): authenticating user %u with pass %s\n",
04741 uid, k_pass);
04742 }
04743 #endif
04744 err = rsbac_um_check_pass(uid, k_pass);
04745 if(err)
04746 goto out_free;
04747
04748 #ifdef CONFIG_RSBAC_AUTH
04749
04750 i_tid.process = current->pid;
04751 i_attr_val.auth_last_auth = uid;
04752 if (rsbac_set_attr(AUTH,
04753 T_PROCESS,
04754 i_tid,
04755 A_auth_last_auth,
04756 i_attr_val))
04757 {
04758 rsbac_ds_set_error("sys_rsbac_um_auth_name()", A_auth_last_auth);
04759 }
04760 #endif
04761
04762 out_free:
04763 memset(k_pass, 0, RSBAC_MAXNAMELEN);
04764 rsbac_kfree(k_pass);
04765 return err;
04766 #else
04767 return (-RSBAC_EINVALIDMODULE);
04768 #endif
04769 }
04770
04771 int sys_rsbac_um_add_user(
04772 rsbac_list_ta_number_t ta_number,
04773 rsbac_uid_t uid,
04774 struct rsbac_um_user_entry_t * entry_p,
04775 char * pass,
04776 rsbac_time_t ttl)
04777 {
04778 #if defined(CONFIG_RSBAC_UM)
04779 int err;
04780 struct rsbac_um_user_entry_t * k_entry_p;
04781 char * k_pass;
04782 #ifndef CONFIG_RSBAC_MAINT
04783 union rsbac_target_id_t rsbac_target_id;
04784 union rsbac_attribute_value_t rsbac_attribute_value;
04785 #endif
04786
04787 if(!entry_p)
04788 return -RSBAC_EINVALIDPOINTER;
04789
04790 #ifdef CONFIG_RSBAC_FREEZE_UM
04791 if(rsbac_freeze)
04792 {
04793 #ifdef CONFIG_RSBAC_RMSG
04794 rsbac_printk(KERN_WARNING
04795 "sys_rsbac_um_add_user(): RSBAC configuration frozen, no administration allowed!\n");
04796 #endif
04797 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04798 if (!rsbac_nosyslog)
04799 #endif
04800 printk(KERN_WARNING
04801 "sys_rsbac_um_add_user(): RSBAC configuration frozen, no administration allowed!\n");
04802 return -EPERM;
04803 }
04804 #endif
04805
04806 #ifndef CONFIG_RSBAC_MAINT
04807 #ifdef CONFIG_RSBAC_DEBUG
04808 if (rsbac_debug_aef)
04809 {
04810 #ifdef CONFIG_RSBAC_RMSG
04811 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_user(): calling ADF\n");
04812 #endif
04813 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04814 if (!rsbac_nosyslog)
04815 #endif
04816 printk(KERN_DEBUG "sys_rsbac_um_add_user(): calling ADF\n");
04817 }
04818 #endif
04819 rsbac_target_id.user = uid;
04820 rsbac_attribute_value.dummy = 0;
04821 if (!rsbac_adf_request(R_CREATE,
04822 current->pid,
04823 T_USER,
04824 rsbac_target_id,
04825 A_none,
04826 rsbac_attribute_value))
04827 {
04828 return -EPERM;
04829 }
04830 #endif
04831
04832 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p));
04833 if(!k_entry_p)
04834 return -RSBAC_ENOMEM;
04835 if(pass)
04836 {
04837 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04838 if(!k_pass)
04839 {
04840 rsbac_kfree(k_entry_p);
04841 return -RSBAC_ENOMEM;
04842 }
04843 }
04844 else
04845 k_pass = NULL;
04846 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p));
04847 if(err)
04848 goto out_free;
04849 if(!k_entry_p->name[0])
04850 {
04851 err = -RSBAC_EINVALIDVALUE;
04852 goto out_free;
04853 }
04854 if(pass)
04855 {
04856 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
04857 if(err)
04858 goto out_free;
04859 k_pass[RSBAC_MAXNAMELEN-1] = 0;
04860 }
04861 err = rsbac_um_add_user(ta_number, uid, k_entry_p, k_pass, ttl);
04862
04863 out_free:
04864 rsbac_kfree(k_entry_p);
04865 if(k_pass)
04866 {
04867 memset(k_pass, 0, RSBAC_MAXNAMELEN);
04868 rsbac_kfree(k_pass);
04869 }
04870 return err;
04871 #else
04872 return (-RSBAC_EINVALIDMODULE);
04873 #endif
04874 }
04875
04876 int sys_rsbac_um_add_group(
04877 rsbac_list_ta_number_t ta_number,
04878 rsbac_gid_t gid,
04879 struct rsbac_um_group_entry_t * entry_p,
04880 char * pass,
04881 rsbac_time_t ttl)
04882 {
04883 #if defined(CONFIG_RSBAC_UM)
04884 int err;
04885 struct rsbac_um_group_entry_t * k_entry_p;
04886 char * k_pass;
04887 #ifndef CONFIG_RSBAC_MAINT
04888 union rsbac_target_id_t rsbac_target_id;
04889 union rsbac_attribute_value_t rsbac_attribute_value;
04890 #endif
04891
04892 if(!entry_p)
04893 return -RSBAC_EINVALIDPOINTER;
04894
04895 #ifdef CONFIG_RSBAC_FREEZE_UM
04896 if(rsbac_freeze)
04897 {
04898 #ifdef CONFIG_RSBAC_RMSG
04899 rsbac_printk(KERN_WARNING
04900 "sys_rsbac_um_add_group(): RSBAC configuration frozen, no administration allowed!\n");
04901 #endif
04902 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04903 if (!rsbac_nosyslog)
04904 #endif
04905 printk(KERN_WARNING
04906 "sys_rsbac_um_add_group(): RSBAC configuration frozen, no administration allowed!\n");
04907 return -EPERM;
04908 }
04909 #endif
04910
04911 #ifndef CONFIG_RSBAC_MAINT
04912 #ifdef CONFIG_RSBAC_DEBUG
04913 if (rsbac_debug_aef)
04914 {
04915 #ifdef CONFIG_RSBAC_RMSG
04916 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_group(): calling ADF\n");
04917 #endif
04918 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
04919 if (!rsbac_nosyslog)
04920 #endif
04921 printk(KERN_DEBUG "sys_rsbac_um_add_group(): calling ADF\n");
04922 }
04923 #endif
04924 rsbac_target_id.group = gid;
04925 rsbac_attribute_value.dummy = 0;
04926 if (!rsbac_adf_request(R_CREATE,
04927 current->pid,
04928 T_GROUP,
04929 rsbac_target_id,
04930 A_none,
04931 rsbac_attribute_value))
04932 {
04933 return -EPERM;
04934 }
04935 #endif
04936
04937 k_entry_p = rsbac_kmalloc(sizeof(*k_entry_p));
04938 if(!k_entry_p)
04939 return -RSBAC_ENOMEM;
04940 if(pass)
04941 {
04942 k_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
04943 if(!k_pass)
04944 {
04945 rsbac_kfree(k_entry_p);
04946 return -RSBAC_ENOMEM;
04947 }
04948 }
04949 else
04950 k_pass = NULL;
04951 err = rsbac_get_user((char *) k_entry_p, (char *) entry_p, sizeof(*k_entry_p));
04952 if(err)
04953 goto out_free;
04954 if(!k_entry_p->name[0])
04955 {
04956 err = -RSBAC_EINVALIDVALUE;
04957 goto out_free;
04958 }
04959 if(pass)
04960 {
04961 err = rsbac_get_user(k_pass, pass, RSBAC_MAXNAMELEN);
04962 if(err)
04963 goto out_free;
04964 k_pass[RSBAC_MAXNAMELEN-1] = 0;
04965 }
04966 err = rsbac_um_add_group(ta_number, gid, k_entry_p, k_pass, ttl);
04967
04968 out_free:
04969 rsbac_kfree(k_entry_p);
04970 if(k_pass)
04971 {
04972 memset(k_pass, 0, RSBAC_MAXNAMELEN);
04973 rsbac_kfree(k_pass);
04974 }
04975 return err;
04976 #else
04977 return (-RSBAC_EINVALIDMODULE);
04978 #endif
04979 }
04980
04981 int sys_rsbac_um_add_gm(
04982 rsbac_list_ta_number_t ta_number,
04983 rsbac_uid_t user,
04984 rsbac_gid_t group,
04985 rsbac_time_t ttl)
04986 {
04987 #if defined(CONFIG_RSBAC_UM)
04988 #ifndef CONFIG_RSBAC_MAINT
04989 union rsbac_target_id_t rsbac_target_id;
04990 union rsbac_attribute_value_t rsbac_attribute_value;
04991 #endif
04992
04993 #ifdef CONFIG_RSBAC_FREEZE_UM
04994 if(rsbac_freeze)
04995 {
04996 #ifdef CONFIG_RSBAC_RMSG
04997 rsbac_printk(KERN_WARNING
04998 "sys_rsbac_um_add_gm(): RSBAC configuration frozen, no administration allowed!\n");
04999 #endif
05000 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05001 if (!rsbac_nosyslog)
05002 #endif
05003 printk(KERN_WARNING
05004 "sys_rsbac_um_add_gm(): RSBAC configuration frozen, no administration allowed!\n");
05005 return -EPERM;
05006 }
05007 #endif
05008
05009 #ifndef CONFIG_RSBAC_MAINT
05010 #ifdef CONFIG_RSBAC_DEBUG
05011 if (rsbac_debug_aef)
05012 {
05013 #ifdef CONFIG_RSBAC_RMSG
05014 rsbac_printk(KERN_DEBUG "sys_rsbac_um_add_gm(): calling ADF\n");
05015 #endif
05016 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05017 if (!rsbac_nosyslog)
05018 #endif
05019 printk(KERN_DEBUG "sys_rsbac_um_add_gm(): calling ADF\n");
05020 }
05021 #endif
05022 rsbac_target_id.user = user;
05023 rsbac_attribute_value.group = group;
05024 if (!rsbac_adf_request(R_CHANGE_GROUP,
05025 current->pid,
05026 T_USER,
05027 rsbac_target_id,
05028 A_group,
05029 rsbac_attribute_value))
05030 {
05031 return -EPERM;
05032 }
05033 #endif
05034
05035 return rsbac_um_add_gm(ta_number, user, group, ttl);
05036 #else
05037 return (-RSBAC_EINVALIDMODULE);
05038 #endif
05039 }
05040
05041 int sys_rsbac_um_mod_user(
05042 rsbac_list_ta_number_t ta_number,
05043 rsbac_uid_t uid,
05044 enum rsbac_um_mod_t mod,
05045 union rsbac_um_mod_data_t * data_p)
05046 {
05047 #if defined(CONFIG_RSBAC_UM)
05048 int err;
05049 union rsbac_um_mod_data_t * k_data_p;
05050 #ifndef CONFIG_RSBAC_MAINT
05051 enum rsbac_adf_request_t rsbac_request;
05052 union rsbac_target_id_t rsbac_target_id;
05053 enum rsbac_attribute_t rsbac_attribute = A_none;
05054 union rsbac_attribute_value_t rsbac_attribute_value;
05055 #endif
05056
05057 if(mod >= UM_none)
05058 return -RSBAC_EINVALIDREQUEST;
05059 if( !data_p
05060 && (mod != UM_pass)
05061 )
05062 return -RSBAC_EINVALIDPOINTER;
05063
05064 #ifdef CONFIG_RSBAC_FREEZE_UM
05065 if(rsbac_freeze)
05066 {
05067 #ifdef CONFIG_RSBAC_RMSG
05068 rsbac_printk(KERN_WARNING
05069 "sys_rsbac_um_mod_user(): RSBAC configuration frozen, no administration allowed!\n");
05070 #endif
05071 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05072 if (!rsbac_nosyslog)
05073 #endif
05074 printk(KERN_WARNING
05075 "sys_rsbac_um_mod_user(): RSBAC configuration frozen, no administration allowed!\n");
05076 return -EPERM;
05077 }
05078 #endif
05079
05080 #ifndef CONFIG_RSBAC_MAINT
05081 #ifdef CONFIG_RSBAC_DEBUG
05082 if (rsbac_debug_aef)
05083 {
05084 #ifdef CONFIG_RSBAC_RMSG
05085 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_user(): calling ADF\n");
05086 #endif
05087 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05088 if (!rsbac_nosyslog)
05089 #endif
05090 printk(KERN_DEBUG "sys_rsbac_um_mod_user(): calling ADF\n");
05091 }
05092 #endif
05093 rsbac_attribute_value.dummy = 0;
05094 switch(mod)
05095 {
05096 case UM_name:
05097 rsbac_request = R_RENAME;
05098 break;
05099
05100 case UM_pass:
05101 case UM_cryptpass:
05102 rsbac_request = R_MODIFY_PERMISSIONS_DATA;
05103 break;
05104
05105 case UM_fullname:
05106 rsbac_request = R_WRITE;
05107 break;
05108
05109 case UM_homedir:
05110 rsbac_request = R_WRITE;
05111 break;
05112
05113 case UM_shell:
05114 rsbac_request = R_WRITE;
05115 break;
05116
05117 case UM_group:
05118 rsbac_request = R_CHANGE_GROUP;
05119 rsbac_attribute = A_group;
05120 rsbac_attribute_value.group = data_p->group;
05121 break;
05122
05123 case UM_lastchange:
05124 rsbac_request = R_WRITE;
05125 break;
05126
05127 case UM_minchange:
05128 rsbac_request = R_WRITE;
05129 break;
05130
05131 case UM_maxchange:
05132 rsbac_request = R_WRITE;
05133 break;
05134
05135 case UM_warnchange:
05136 rsbac_request = R_WRITE;
05137 break;
05138
05139 case UM_inactive:
05140 rsbac_request = R_WRITE;
05141 break;
05142
05143 case UM_expire:
05144 rsbac_request = R_WRITE;
05145 break;
05146
05147 case UM_ttl:
05148 rsbac_request = R_DELETE;
05149 break;
05150
05151 default:
05152 return -RSBAC_EINVALIDREQUEST;
05153 }
05154 rsbac_target_id.user = uid;
05155 if (!rsbac_adf_request(rsbac_request,
05156 current->pid,
05157 T_USER,
05158 rsbac_target_id,
05159 rsbac_attribute,
05160 rsbac_attribute_value))
05161 {
05162 return -EPERM;
05163 }
05164 #endif
05165
05166
05167 if(data_p)
05168 {
05169 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05170 if(!k_data_p)
05171 return -RSBAC_ENOMEM;
05172 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p));
05173 if(err)
05174 {
05175 rsbac_kfree(k_data_p);
05176 return err;
05177 }
05178 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0;
05179 }
05180 else
05181 k_data_p = NULL;
05182
05183 err = rsbac_um_mod_user(ta_number, uid, mod, k_data_p);
05184
05185 if(k_data_p)
05186 rsbac_kfree(k_data_p);
05187 return err;
05188 #else
05189 return (-RSBAC_EINVALIDMODULE);
05190 #endif
05191 }
05192
05193 int sys_rsbac_um_mod_group(
05194 rsbac_list_ta_number_t ta_number,
05195 rsbac_gid_t gid,
05196 enum rsbac_um_mod_t mod,
05197 union rsbac_um_mod_data_t * data_p)
05198 {
05199 #if defined(CONFIG_RSBAC_UM)
05200 int err;
05201 union rsbac_um_mod_data_t * k_data_p;
05202 #ifndef CONFIG_RSBAC_MAINT
05203 enum rsbac_adf_request_t rsbac_request;
05204 union rsbac_target_id_t rsbac_target_id;
05205 union rsbac_attribute_value_t rsbac_attribute_value;
05206 #endif
05207
05208 if(mod >= UM_none)
05209 return -RSBAC_EINVALIDREQUEST;
05210 if( !data_p
05211 && (mod != UM_pass)
05212 )
05213 return -RSBAC_EINVALIDPOINTER;
05214
05215 #ifdef CONFIG_RSBAC_FREEZE_UM
05216 if(rsbac_freeze)
05217 {
05218 #ifdef CONFIG_RSBAC_RMSG
05219 rsbac_printk(KERN_WARNING
05220 "sys_rsbac_um_mod_group(): RSBAC configuration frozen, no administration allowed!\n");
05221 #endif
05222 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05223 if (!rsbac_nosyslog)
05224 #endif
05225 printk(KERN_WARNING
05226 "sys_rsbac_um_mod_group(): RSBAC configuration frozen, no administration allowed!\n");
05227 return -EPERM;
05228 }
05229 #endif
05230
05231 #ifndef CONFIG_RSBAC_MAINT
05232 #ifdef CONFIG_RSBAC_DEBUG
05233 if (rsbac_debug_aef)
05234 {
05235 #ifdef CONFIG_RSBAC_RMSG
05236 rsbac_printk(KERN_DEBUG "sys_rsbac_um_mod_group(): calling ADF\n");
05237 #endif
05238 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05239 if (!rsbac_nosyslog)
05240 #endif
05241 printk(KERN_DEBUG "sys_rsbac_um_mod_group(): calling ADF\n");
05242 }
05243 #endif
05244 switch(mod)
05245 {
05246 case UM_name:
05247 rsbac_request = R_RENAME;
05248 break;
05249
05250 case UM_pass:
05251 case UM_cryptpass:
05252 rsbac_request = R_MODIFY_PERMISSIONS_DATA;
05253 break;
05254
05255 case UM_ttl:
05256 rsbac_request = R_DELETE;
05257 break;
05258
05259 default:
05260 return -RSBAC_EINVALIDREQUEST;
05261 }
05262 rsbac_target_id.group = gid;
05263 rsbac_attribute_value.dummy = 0;
05264 if (!rsbac_adf_request(rsbac_request,
05265 current->pid,
05266 T_GROUP,
05267 rsbac_target_id,
05268 A_none,
05269 rsbac_attribute_value))
05270 {
05271 return -EPERM;
05272 }
05273 #endif
05274
05275 if(data_p)
05276 {
05277 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05278 if(!k_data_p)
05279 return -RSBAC_ENOMEM;
05280 err = rsbac_get_user((char *) k_data_p, (char *) data_p, sizeof(*k_data_p));
05281 if(err)
05282 {
05283 rsbac_kfree(k_data_p);
05284 return err;
05285 }
05286 k_data_p->string[RSBAC_MAXNAMELEN-1] = 0;
05287 }
05288 else
05289 k_data_p = NULL;
05290
05291 err = rsbac_um_mod_group(ta_number, gid, mod, k_data_p);
05292
05293 if(k_data_p)
05294 rsbac_kfree(k_data_p);
05295 return err;
05296 #else
05297 return (-RSBAC_EINVALIDMODULE);
05298 #endif
05299 }
05300
05301 int sys_rsbac_um_get_user_item(
05302 rsbac_list_ta_number_t ta_number,
05303 rsbac_uid_t uid,
05304 enum rsbac_um_mod_t mod,
05305 union rsbac_um_mod_data_t * data_p)
05306 {
05307 #if defined(CONFIG_RSBAC_UM)
05308 int err;
05309 union rsbac_um_mod_data_t * k_data_p;
05310 #ifndef CONFIG_RSBAC_MAINT
05311 enum rsbac_adf_request_t rsbac_request;
05312 union rsbac_target_id_t rsbac_target_id;
05313 union rsbac_attribute_value_t rsbac_attribute_value;
05314 #endif
05315
05316 if(mod >= UM_none)
05317 return -RSBAC_EINVALIDREQUEST;
05318 if(!data_p)
05319 return -RSBAC_EINVALIDPOINTER;
05320
05321 #ifndef CONFIG_RSBAC_MAINT
05322 #ifdef CONFIG_RSBAC_DEBUG
05323 if (rsbac_debug_aef)
05324 {
05325 #ifdef CONFIG_RSBAC_RMSG
05326 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_item(): calling ADF\n");
05327 #endif
05328 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05329 if (!rsbac_nosyslog)
05330 #endif
05331 printk(KERN_DEBUG "sys_rsbac_um_get_user_item(): calling ADF\n");
05332 }
05333 #endif
05334 rsbac_attribute_value.dummy = 0;
05335 switch(mod)
05336 {
05337 case UM_name:
05338 rsbac_request = R_SEARCH;
05339 break;
05340
05341 case UM_group:
05342 case UM_fullname:
05343 case UM_homedir:
05344 case UM_shell:
05345 rsbac_request = R_GET_STATUS_DATA;
05346 break;
05347
05348 case UM_pass:
05349 rsbac_request = R_GET_PERMISSIONS_DATA;
05350 break;
05351
05352 case UM_lastchange:
05353 case UM_minchange:
05354 case UM_maxchange:
05355 case UM_warnchange:
05356 case UM_inactive:
05357 case UM_expire:
05358 case UM_ttl:
05359 rsbac_request = R_READ;
05360 break;
05361
05362 default:
05363 return -RSBAC_EINVALIDREQUEST;
05364 }
05365 rsbac_target_id.user = uid;
05366 if (!rsbac_adf_request(rsbac_request,
05367 current->pid,
05368 T_USER,
05369 rsbac_target_id,
05370 A_none,
05371 rsbac_attribute_value))
05372 {
05373 return -EPERM;
05374 }
05375 #endif
05376
05377 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05378 if(!k_data_p)
05379 return -RSBAC_ENOMEM;
05380 memset(k_data_p, 0, sizeof(*k_data_p));
05381
05382 err = rsbac_um_get_user_item(ta_number, uid, mod, k_data_p);
05383 if(!err)
05384 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) );
05385 rsbac_kfree(k_data_p);
05386 return err;
05387 #else
05388 return (-RSBAC_EINVALIDMODULE);
05389 #endif
05390 }
05391
05392 int sys_rsbac_um_get_group_item(
05393 rsbac_list_ta_number_t ta_number,
05394 rsbac_gid_t gid,
05395 enum rsbac_um_mod_t mod,
05396 union rsbac_um_mod_data_t * data_p)
05397 {
05398 #if defined(CONFIG_RSBAC_UM)
05399 int err;
05400 union rsbac_um_mod_data_t * k_data_p;
05401 #ifndef CONFIG_RSBAC_MAINT
05402 enum rsbac_adf_request_t rsbac_request;
05403 union rsbac_target_id_t rsbac_target_id;
05404 union rsbac_attribute_value_t rsbac_attribute_value;
05405 #endif
05406
05407 if(mod >= UM_none)
05408 return -RSBAC_EINVALIDREQUEST;
05409 if(!data_p)
05410 return -RSBAC_EINVALIDPOINTER;
05411
05412 #ifndef CONFIG_RSBAC_MAINT
05413 #ifdef CONFIG_RSBAC_DEBUG
05414 if (rsbac_debug_aef)
05415 {
05416 #ifdef CONFIG_RSBAC_RMSG
05417 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_item(): calling ADF\n");
05418 #endif
05419 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05420 if (!rsbac_nosyslog)
05421 #endif
05422 printk(KERN_DEBUG "sys_rsbac_um_get_group_item(): calling ADF\n");
05423 }
05424 #endif
05425 rsbac_attribute_value.dummy = 0;
05426 switch(mod)
05427 {
05428 case UM_name:
05429 rsbac_request = R_SEARCH;
05430 break;
05431
05432 case UM_pass:
05433 rsbac_request = R_GET_PERMISSIONS_DATA;
05434 break;
05435
05436 case UM_ttl:
05437 rsbac_request = R_GET_STATUS_DATA;
05438 break;
05439
05440 default:
05441 return -RSBAC_EINVALIDREQUEST;
05442 }
05443 rsbac_target_id.group = gid;
05444 if (!rsbac_adf_request(rsbac_request,
05445 current->pid,
05446 T_GROUP,
05447 rsbac_target_id,
05448 A_none,
05449 rsbac_attribute_value))
05450 {
05451 return -EPERM;
05452 }
05453 #endif
05454
05455 k_data_p = rsbac_kmalloc(sizeof(*k_data_p));
05456 if(!k_data_p)
05457 return -RSBAC_ENOMEM;
05458 memset(k_data_p, 0, sizeof(*k_data_p));
05459
05460 err = rsbac_um_get_group_item(ta_number, gid, mod, k_data_p);
05461 if(!err)
05462 err = rsbac_put_user((u_char *) k_data_p, (u_char *) data_p, sizeof(*k_data_p) );
05463 rsbac_kfree(k_data_p);
05464 return err;
05465 #else
05466 return (-RSBAC_EINVALIDMODULE);
05467 #endif
05468 }
05469
05470 int sys_rsbac_um_remove_user(
05471 rsbac_list_ta_number_t ta_number,
05472 rsbac_uid_t uid)
05473 {
05474 #if defined(CONFIG_RSBAC_UM)
05475 #ifndef CONFIG_RSBAC_MAINT
05476 union rsbac_target_id_t rsbac_target_id;
05477 union rsbac_attribute_value_t rsbac_attribute_value;
05478 #endif
05479
05480 #ifdef CONFIG_RSBAC_FREEZE_UM
05481 if(rsbac_freeze)
05482 {
05483 #ifdef CONFIG_RSBAC_RMSG
05484 rsbac_printk(KERN_WARNING
05485 "sys_rsbac_um_remove_user(): RSBAC configuration frozen, no administration allowed!\n");
05486 #endif
05487 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05488 if (!rsbac_nosyslog)
05489 #endif
05490 printk(KERN_WARNING
05491 "sys_rsbac_um_remove_user(): RSBAC configuration frozen, no administration allowed!\n");
05492 return -EPERM;
05493 }
05494 #endif
05495
05496 #ifndef CONFIG_RSBAC_MAINT
05497 #ifdef CONFIG_RSBAC_DEBUG
05498 if (rsbac_debug_aef)
05499 {
05500 #ifdef CONFIG_RSBAC_RMSG
05501 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_user(): calling ADF\n");
05502 #endif
05503 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05504 if (!rsbac_nosyslog)
05505 #endif
05506 printk(KERN_DEBUG "sys_rsbac_um_remove_user(): calling ADF\n");
05507 }
05508 #endif
05509 rsbac_target_id.user = uid;
05510 rsbac_attribute_value.dummy = 0;
05511 if (!rsbac_adf_request(R_DELETE,
05512 current->pid,
05513 T_USER,
05514 rsbac_target_id,
05515 A_none,
05516 rsbac_attribute_value))
05517 {
05518 return -EPERM;
05519 }
05520 #endif
05521
05522 return rsbac_um_remove_user(ta_number, uid);
05523 #else
05524 return (-RSBAC_EINVALIDMODULE);
05525 #endif
05526 }
05527
05528 int sys_rsbac_um_remove_group(
05529 rsbac_list_ta_number_t ta_number,
05530 rsbac_gid_t gid)
05531 {
05532 #if defined(CONFIG_RSBAC_UM)
05533 #ifndef CONFIG_RSBAC_MAINT
05534 union rsbac_target_id_t rsbac_target_id;
05535 union rsbac_attribute_value_t rsbac_attribute_value;
05536 #endif
05537
05538 #ifdef CONFIG_RSBAC_FREEZE_UM
05539 if(rsbac_freeze)
05540 {
05541 #ifdef CONFIG_RSBAC_RMSG
05542 rsbac_printk(KERN_WARNING
05543 "sys_rsbac_um_remove_group(): RSBAC configuration frozen, no administration allowed!\n");
05544 #endif
05545 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05546 if (!rsbac_nosyslog)
05547 #endif
05548 printk(KERN_WARNING
05549 "sys_rsbac_um_remove_group(): RSBAC configuration frozen, no administration allowed!\n");
05550 return -EPERM;
05551 }
05552 #endif
05553
05554 #ifndef CONFIG_RSBAC_MAINT
05555 #ifdef CONFIG_RSBAC_DEBUG
05556 if (rsbac_debug_aef)
05557 {
05558 #ifdef CONFIG_RSBAC_RMSG
05559 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_group(): calling ADF\n");
05560 #endif
05561 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05562 if (!rsbac_nosyslog)
05563 #endif
05564 printk(KERN_DEBUG "sys_rsbac_um_remove_group(): calling ADF\n");
05565 }
05566 #endif
05567 rsbac_target_id.group = gid;
05568 rsbac_attribute_value.dummy = 0;
05569 if (!rsbac_adf_request(R_DELETE,
05570 current->pid,
05571 T_GROUP,
05572 rsbac_target_id,
05573 A_none,
05574 rsbac_attribute_value))
05575 {
05576 return -EPERM;
05577 }
05578 #endif
05579
05580 return rsbac_um_remove_group(ta_number, gid);
05581 #else
05582 return (-RSBAC_EINVALIDMODULE);
05583 #endif
05584 }
05585
05586 int sys_rsbac_um_remove_gm(
05587 rsbac_list_ta_number_t ta_number,
05588 rsbac_uid_t user,
05589 rsbac_gid_t group)
05590 {
05591 #if defined(CONFIG_RSBAC_UM)
05592 #ifndef CONFIG_RSBAC_MAINT
05593 union rsbac_target_id_t rsbac_target_id;
05594 union rsbac_attribute_value_t rsbac_attribute_value;
05595 #endif
05596
05597 #ifdef CONFIG_RSBAC_FREEZE_UM
05598 if(rsbac_freeze)
05599 {
05600 #ifdef CONFIG_RSBAC_RMSG
05601 rsbac_printk(KERN_WARNING
05602 "sys_rsbac_um_remove_gm(): RSBAC configuration frozen, no administration allowed!\n");
05603 #endif
05604 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05605 if (!rsbac_nosyslog)
05606 #endif
05607 printk(KERN_WARNING
05608 "sys_rsbac_um_remove_gm(): RSBAC configuration frozen, no administration allowed!\n");
05609 return -EPERM;
05610 }
05611 #endif
05612
05613 #ifndef CONFIG_RSBAC_MAINT
05614 #ifdef CONFIG_RSBAC_DEBUG
05615 if (rsbac_debug_aef)
05616 {
05617 #ifdef CONFIG_RSBAC_RMSG
05618 rsbac_printk(KERN_DEBUG "sys_rsbac_um_remove_gm(): calling ADF\n");
05619 #endif
05620 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05621 if (!rsbac_nosyslog)
05622 #endif
05623 printk(KERN_DEBUG "sys_rsbac_um_remove_gm(): calling ADF\n");
05624 }
05625 #endif
05626 rsbac_target_id.user = user;
05627 rsbac_attribute_value.group = group;
05628 if (!rsbac_adf_request(R_CHANGE_GROUP,
05629 current->pid,
05630 T_USER,
05631 rsbac_target_id,
05632 A_group,
05633 rsbac_attribute_value))
05634 {
05635 return -EPERM;
05636 }
05637 #endif
05638
05639 return rsbac_um_remove_gm(ta_number, user, group);
05640 #else
05641 return (-RSBAC_EINVALIDMODULE);
05642 #endif
05643 }
05644
05645 int sys_rsbac_um_user_exists(
05646 rsbac_list_ta_number_t ta_number,
05647 rsbac_uid_t uid)
05648 {
05649 #if defined(CONFIG_RSBAC_UM)
05650 #ifndef CONFIG_RSBAC_MAINT
05651 union rsbac_target_id_t rsbac_target_id;
05652 union rsbac_attribute_value_t rsbac_attribute_value;
05653 #endif
05654
05655 #ifndef CONFIG_RSBAC_MAINT
05656 #ifdef CONFIG_RSBAC_DEBUG
05657 if (rsbac_debug_aef)
05658 {
05659 #ifdef CONFIG_RSBAC_RMSG
05660 rsbac_printk(KERN_DEBUG "sys_rsbac_um_user_exists(): calling ADF\n");
05661 #endif
05662 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05663 if (!rsbac_nosyslog)
05664 #endif
05665 printk(KERN_DEBUG "sys_rsbac_um_user_exists(): calling ADF\n");
05666 }
05667 #endif
05668 rsbac_target_id.user = uid;
05669 rsbac_attribute_value.dummy = 0;
05670 if (!rsbac_adf_request(R_SEARCH,
05671 current->pid,
05672 T_USER,
05673 rsbac_target_id,
05674 A_none,
05675 rsbac_attribute_value))
05676 {
05677 return -EPERM;
05678 }
05679 #endif
05680
05681 return rsbac_um_user_exists(ta_number, uid);
05682 #else
05683 return (-RSBAC_EINVALIDMODULE);
05684 #endif
05685 }
05686
05687 int sys_rsbac_um_group_exists(
05688 rsbac_list_ta_number_t ta_number,
05689 rsbac_gid_t gid)
05690 {
05691 #if defined(CONFIG_RSBAC_UM)
05692 #ifndef CONFIG_RSBAC_MAINT
05693 union rsbac_target_id_t rsbac_target_id;
05694 union rsbac_attribute_value_t rsbac_attribute_value;
05695 #endif
05696
05697 #ifndef CONFIG_RSBAC_MAINT
05698 #ifdef CONFIG_RSBAC_DEBUG
05699 if (rsbac_debug_aef)
05700 {
05701 #ifdef CONFIG_RSBAC_RMSG
05702 rsbac_printk(KERN_DEBUG "sys_rsbac_um_group_exists(): calling ADF\n");
05703 #endif
05704 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05705 if (!rsbac_nosyslog)
05706 #endif
05707 printk(KERN_DEBUG "sys_rsbac_um_group_exists(): calling ADF\n");
05708 }
05709 #endif
05710 rsbac_target_id.group = gid;
05711 rsbac_attribute_value.dummy = 0;
05712 if (!rsbac_adf_request(R_SEARCH,
05713 current->pid,
05714 T_GROUP,
05715 rsbac_target_id,
05716 A_none,
05717 rsbac_attribute_value))
05718 {
05719 return -EPERM;
05720 }
05721 #endif
05722
05723 return rsbac_um_group_exists(ta_number, gid);
05724 #else
05725 return (-RSBAC_EINVALIDMODULE);
05726 #endif
05727 }
05728
05729 int sys_rsbac_um_get_next_user(
05730 rsbac_list_ta_number_t ta_number,
05731 rsbac_uid_t old_user,
05732 rsbac_uid_t * next_user_p)
05733 {
05734 #if defined(CONFIG_RSBAC_UM)
05735 rsbac_uid_t k_next_user;
05736 int err;
05737 #ifndef CONFIG_RSBAC_MAINT
05738 union rsbac_target_id_t rsbac_target_id;
05739 union rsbac_attribute_value_t rsbac_attribute_value;
05740 #endif
05741
05742 if(!next_user_p)
05743 return -RSBAC_EINVALIDPOINTER;
05744
05745 #ifndef CONFIG_RSBAC_MAINT
05746 #ifdef CONFIG_RSBAC_DEBUG
05747 if (rsbac_debug_aef)
05748 {
05749 #ifdef CONFIG_RSBAC_RMSG
05750 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_next_user(): calling ADF\n");
05751 #endif
05752 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05753 if (!rsbac_nosyslog)
05754 #endif
05755 printk(KERN_DEBUG "sys_rsbac_um_get_next_user(): calling ADF\n");
05756 }
05757 #endif
05758 rsbac_target_id.user = old_user;
05759 rsbac_attribute_value.dummy = 0;
05760 if (!rsbac_adf_request(R_SEARCH,
05761 current->pid,
05762 T_USER,
05763 rsbac_target_id,
05764 A_none,
05765 rsbac_attribute_value))
05766 {
05767 return -EPERM;
05768 }
05769 #endif
05770
05771 err = rsbac_um_get_next_user(ta_number, old_user, &k_next_user);
05772 if(!err)
05773 err = rsbac_put_user((char *)&k_next_user, (char *) next_user_p, sizeof(k_next_user));
05774 return err;
05775 #else
05776 return (-RSBAC_EINVALIDMODULE);
05777 #endif
05778 }
05779
05780 int sys_rsbac_um_get_user_list(
05781 rsbac_list_ta_number_t ta_number,
05782 rsbac_uid_t user_array[],
05783 u_int maxnum)
05784 {
05785 #if defined(CONFIG_RSBAC_UM)
05786 long count;
05787 rsbac_uid_t * k_user_array;
05788 #ifndef CONFIG_RSBAC_MAINT
05789 union rsbac_target_id_t rsbac_target_id;
05790 union rsbac_attribute_value_t rsbac_attribute_value;
05791 #endif
05792
05793 if(maxnum > RSBAC_UM_MAX_MAXNUM)
05794 maxnum = RSBAC_UM_MAX_MAXNUM;
05795
05796 #ifndef CONFIG_RSBAC_MAINT
05797 #ifdef CONFIG_RSBAC_DEBUG
05798 if (rsbac_debug_aef)
05799 {
05800 #ifdef CONFIG_RSBAC_RMSG
05801 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_user_list(): calling ADF\n");
05802 #endif
05803 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05804 if (!rsbac_nosyslog)
05805 #endif
05806 printk(KERN_DEBUG "sys_rsbac_um_get_user_list(): calling ADF\n");
05807 }
05808 #endif
05809 rsbac_target_id.user = RSBAC_ALL_USERS;
05810 rsbac_attribute_value.dummy = 0;
05811 if (!rsbac_adf_request(R_SEARCH,
05812 current->pid,
05813 T_USER,
05814 rsbac_target_id,
05815 A_none,
05816 rsbac_attribute_value))
05817 {
05818 return -EPERM;
05819 }
05820 #endif
05821
05822
05823 if(!user_array || !maxnum)
05824 return rsbac_um_get_user_list(ta_number, NULL);
05825
05826 count = rsbac_um_get_user_list(ta_number, &k_user_array);
05827 if(count>0)
05828 {
05829 if(count > maxnum)
05830 count = maxnum;
05831 rsbac_put_user((u_char *) k_user_array,
05832 (u_char *) user_array,
05833 count * sizeof(*k_user_array) );
05834 rsbac_vfree(k_user_array);
05835 }
05836 return count;
05837 #else
05838 return -RSBAC_EINVALIDMODULE;
05839 #endif
05840 };
05841
05842 int sys_rsbac_um_get_gm_list(
05843 rsbac_list_ta_number_t ta_number,
05844 rsbac_uid_t user,
05845 rsbac_gid_t group_array[],
05846 u_int maxnum)
05847 {
05848 #if defined(CONFIG_RSBAC_UM)
05849 long count;
05850 rsbac_gid_t * k_group_array;
05851 #ifndef CONFIG_RSBAC_MAINT
05852 union rsbac_target_id_t rsbac_target_id;
05853 union rsbac_attribute_value_t rsbac_attribute_value;
05854 #endif
05855
05856
05857 if(maxnum > RSBAC_UM_MAX_MAXNUM)
05858 maxnum = RSBAC_UM_MAX_MAXNUM;
05859
05860 #ifndef CONFIG_RSBAC_MAINT
05861 #ifdef CONFIG_RSBAC_DEBUG
05862 if (rsbac_debug_aef)
05863 {
05864 #ifdef CONFIG_RSBAC_RMSG
05865 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_list(): calling ADF\n");
05866 #endif
05867 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05868 if (!rsbac_nosyslog)
05869 #endif
05870 printk(KERN_DEBUG "sys_rsbac_um_get_gm_list(): calling ADF\n");
05871 }
05872 #endif
05873 rsbac_target_id.user = user;
05874 rsbac_attribute_value.dummy = 0;
05875 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05876 current->pid,
05877 T_USER,
05878 rsbac_target_id,
05879 A_none,
05880 rsbac_attribute_value))
05881 {
05882 return -EPERM;
05883 }
05884 #endif
05885
05886
05887 if(!group_array || !maxnum)
05888 return rsbac_um_get_gm_list(ta_number, user, NULL);
05889
05890 count = rsbac_um_get_gm_list(ta_number, user, &k_group_array);
05891 if(count>0)
05892 {
05893 if(count > maxnum)
05894 count = maxnum;
05895 rsbac_put_user((u_char *) k_group_array,
05896 (u_char *) group_array,
05897 count * sizeof(*k_group_array) );
05898 rsbac_vfree(k_group_array);
05899 }
05900 return count;
05901 #else
05902 return -RSBAC_EINVALIDMODULE;
05903 #endif
05904 };
05905
05906 int sys_rsbac_um_get_gm_user_list(
05907 rsbac_list_ta_number_t ta_number,
05908 rsbac_gid_t group,
05909 rsbac_uid_t user_array[],
05910 u_int maxnum)
05911 {
05912 #if defined(CONFIG_RSBAC_UM)
05913 long count;
05914 rsbac_uid_t * k_user_array;
05915 #ifndef CONFIG_RSBAC_MAINT
05916 union rsbac_target_id_t rsbac_target_id;
05917 union rsbac_attribute_value_t rsbac_attribute_value;
05918 #endif
05919
05920 if(maxnum > RSBAC_UM_MAX_MAXNUM)
05921 maxnum = RSBAC_UM_MAX_MAXNUM;
05922
05923 #ifndef CONFIG_RSBAC_MAINT
05924 #ifdef CONFIG_RSBAC_DEBUG
05925 if (rsbac_debug_aef)
05926 {
05927 #ifdef CONFIG_RSBAC_RMSG
05928 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gm_user_list(): calling ADF\n");
05929 #endif
05930 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05931 if (!rsbac_nosyslog)
05932 #endif
05933 printk(KERN_DEBUG "sys_rsbac_um_get_gm_user_list(): calling ADF\n");
05934 }
05935 #endif
05936 rsbac_target_id.group = group;
05937 rsbac_attribute_value.dummy = 0;
05938 if (!rsbac_adf_request(R_READ,
05939 current->pid,
05940 T_GROUP,
05941 rsbac_target_id,
05942 A_none,
05943 rsbac_attribute_value))
05944 {
05945 return -EPERM;
05946 }
05947 #endif
05948
05949 if(!user_array || !maxnum)
05950 return rsbac_um_get_gm_user_list(ta_number, group, NULL);
05951
05952 count = rsbac_um_get_gm_user_list(ta_number, group, &k_user_array);
05953 if(count>0)
05954 {
05955 if(count > maxnum)
05956 count = maxnum;
05957 rsbac_put_user((u_char *) k_user_array,
05958 (u_char *) user_array,
05959 count * sizeof(*k_user_array) );
05960 rsbac_vfree(k_user_array);
05961 }
05962 return count;
05963 #else
05964 return -RSBAC_EINVALIDMODULE;
05965 #endif
05966 };
05967
05968 int sys_rsbac_um_get_group_list(
05969 rsbac_list_ta_number_t ta_number,
05970 rsbac_gid_t group_array[],
05971 u_int maxnum)
05972 {
05973 #if defined(CONFIG_RSBAC_UM)
05974 long count;
05975 rsbac_gid_t * k_group_array;
05976 #ifndef CONFIG_RSBAC_MAINT
05977 union rsbac_target_id_t rsbac_target_id;
05978 union rsbac_attribute_value_t rsbac_attribute_value;
05979 #endif
05980
05981 if(maxnum > RSBAC_UM_MAX_MAXNUM)
05982 maxnum = RSBAC_UM_MAX_MAXNUM;
05983
05984 #ifndef CONFIG_RSBAC_MAINT
05985 #ifdef CONFIG_RSBAC_DEBUG
05986 if (rsbac_debug_aef)
05987 {
05988 #ifdef CONFIG_RSBAC_RMSG
05989 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_group_list(): calling ADF\n");
05990 #endif
05991 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
05992 if (!rsbac_nosyslog)
05993 #endif
05994 printk(KERN_DEBUG "sys_rsbac_um_get_group_list(): calling ADF\n");
05995 }
05996 #endif
05997 rsbac_target_id.group = RSBAC_ALL_USERS;
05998 rsbac_attribute_value.dummy = 0;
05999 if (!rsbac_adf_request(R_SEARCH,
06000 current->pid,
06001 T_GROUP,
06002 rsbac_target_id,
06003 A_none,
06004 rsbac_attribute_value))
06005 {
06006 return -EPERM;
06007 }
06008 #endif
06009
06010
06011 if(!group_array || !maxnum)
06012 return rsbac_um_get_group_list(ta_number, NULL);
06013
06014 count = rsbac_um_get_group_list(ta_number, &k_group_array);
06015 if(count>0)
06016 {
06017 if(count > maxnum)
06018 count = maxnum;
06019 rsbac_put_user((u_char *) k_group_array,
06020 (u_char *) group_array,
06021 count * sizeof(*k_group_array) );
06022 rsbac_vfree(k_group_array);
06023 }
06024 return count;
06025 #else
06026 return -RSBAC_EINVALIDMODULE;
06027 #endif
06028 };
06029
06030
06031
06032 int sys_rsbac_um_get_uid(
06033 rsbac_list_ta_number_t ta_number,
06034 char * name,
06035 rsbac_uid_t * uid_p)
06036 {
06037 #if defined(CONFIG_RSBAC_UM)
06038 rsbac_uid_t k_uid;
06039 int err;
06040 char k_name[RSBAC_UM_NAME_LEN];
06041
06042 if(!name || !uid_p)
06043 return -RSBAC_EINVALIDPOINTER;
06044
06045 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06046 if(err)
06047 return err;
06048 k_name[RSBAC_UM_NAME_LEN-1] = 0;
06049 err = rsbac_um_get_uid(ta_number, k_name, &k_uid);
06050 if(!err)
06051 {
06052 #ifndef CONFIG_RSBAC_MAINT
06053 union rsbac_target_id_t rsbac_target_id;
06054 union rsbac_attribute_value_t rsbac_attribute_value;
06055
06056 #ifdef CONFIG_RSBAC_DEBUG
06057 if (rsbac_debug_aef)
06058 {
06059 #ifdef CONFIG_RSBAC_RMSG
06060 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_uid(): calling ADF\n");
06061 #endif
06062 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06063 if (!rsbac_nosyslog)
06064 #endif
06065 printk(KERN_DEBUG "sys_rsbac_um_get_uid(): calling ADF\n");
06066 }
06067 #endif
06068 rsbac_target_id.user = k_uid;
06069 rsbac_attribute_value.dummy = 0;
06070 if (!rsbac_adf_request(R_SEARCH,
06071 current->pid,
06072 T_USER,
06073 rsbac_target_id,
06074 A_none,
06075 rsbac_attribute_value))
06076 {
06077 err = -EPERM;
06078 }
06079 else
06080 #endif
06081
06082 err = rsbac_put_user((char *)&k_uid, (char *) uid_p, sizeof(k_uid));
06083 }
06084 return err;
06085 #else
06086 return (-RSBAC_EINVALIDMODULE);
06087 #endif
06088 }
06089
06090 int sys_rsbac_um_get_gid(
06091 rsbac_list_ta_number_t ta_number,
06092 char * name,
06093 rsbac_gid_t * gid_p)
06094 {
06095 #if defined(CONFIG_RSBAC_UM)
06096 rsbac_gid_t k_gid;
06097 int err;
06098 char k_name[RSBAC_UM_NAME_LEN];
06099
06100 if(!name || !gid_p)
06101 return -RSBAC_EINVALIDPOINTER;
06102 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06103 if(err)
06104 return err;
06105 k_name[RSBAC_UM_NAME_LEN-1] = 0;
06106 err = rsbac_um_get_gid(ta_number, k_name, &k_gid);
06107 if(!err)
06108 {
06109 #ifndef CONFIG_RSBAC_MAINT
06110 union rsbac_target_id_t rsbac_target_id;
06111 union rsbac_attribute_value_t rsbac_attribute_value;
06112
06113 #ifdef CONFIG_RSBAC_DEBUG
06114 if (rsbac_debug_aef)
06115 {
06116 #ifdef CONFIG_RSBAC_RMSG
06117 rsbac_printk(KERN_DEBUG "sys_rsbac_um_get_gid(): calling ADF\n");
06118 #endif
06119 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06120 if (!rsbac_nosyslog)
06121 #endif
06122 printk(KERN_DEBUG "sys_rsbac_um_get_gid(): calling ADF\n");
06123 }
06124 #endif
06125 rsbac_target_id.group = k_gid;
06126 rsbac_attribute_value.dummy = 0;
06127 if (!rsbac_adf_request(R_SEARCH,
06128 current->pid,
06129 T_GROUP,
06130 rsbac_target_id,
06131 A_none,
06132 rsbac_attribute_value))
06133 {
06134 err = -EPERM;
06135 }
06136 else
06137 #endif
06138
06139 err = rsbac_put_user((char *)&k_gid, (char *) gid_p, sizeof(k_gid));
06140 }
06141 return err;
06142 #else
06143 return (-RSBAC_EINVALIDMODULE);
06144 #endif
06145 }
06146
06147 int sys_rsbac_um_set_pass(rsbac_uid_t uid,
06148 char * old_pass,
06149 char * new_pass)
06150 {
06151 #if defined(CONFIG_RSBAC_UM)
06152 int err;
06153 char * k_new_pass;
06154
06155 if(!new_pass)
06156 return -RSBAC_EINVALIDPOINTER;
06157 if(old_pass && (uid == current->uid))
06158 {
06159 char * k_old_pass;
06160
06161 k_old_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06162 if(!k_old_pass)
06163 return -RSBAC_ENOMEM;
06164 err = rsbac_get_user(k_old_pass, old_pass, RSBAC_MAXNAMELEN);
06165 if(err)
06166 {
06167 rsbac_kfree(k_old_pass);
06168 return err;
06169 }
06170 k_old_pass[RSBAC_MAXNAMELEN-1] = 0;
06171 err = rsbac_um_check_pass(uid, k_old_pass);
06172 rsbac_kfree(k_old_pass);
06173 if(err)
06174 {
06175 #ifdef CONFIG_RSBAC_RMSG
06176 rsbac_printk(KERN_INFO "sys_rsbac_um_set_pass(): old password check failed\n");
06177 #endif
06178 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06179 if (!rsbac_nosyslog)
06180 #endif
06181 printk(KERN_INFO "sys_rsbac_um_set_pass(): old password check failed\n");
06182 return err;
06183 }
06184 }
06185 else
06186 {
06187 #ifndef CONFIG_RSBAC_MAINT
06188
06189 union rsbac_target_id_t rsbac_target_id;
06190 union rsbac_attribute_value_t rsbac_attribute_value;
06191
06192 #ifdef CONFIG_RSBAC_FREEZE_UM
06193 if(rsbac_freeze)
06194 {
06195 #ifdef CONFIG_RSBAC_RMSG
06196 rsbac_printk(KERN_WARNING
06197 "sys_rsbac_um_set_pass(): RSBAC configuration frozen, no administration allowed!\n");
06198 #endif
06199 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06200 if (!rsbac_nosyslog)
06201 #endif
06202 printk(KERN_WARNING
06203 "sys_rsbac_um_set_pass(): RSBAC configuration frozen, no administration allowed!\n");
06204 return -EPERM;
06205 }
06206 #endif
06207
06208 #ifdef CONFIG_RSBAC_DEBUG
06209 if (rsbac_debug_aef)
06210 {
06211 #ifdef CONFIG_RSBAC_RMSG
06212 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass(): calling ADF\n");
06213 #endif
06214 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06215 if (!rsbac_nosyslog)
06216 #endif
06217 printk(KERN_DEBUG "sys_rsbac_um_set_pass(): calling ADF\n");
06218 }
06219 #endif
06220 rsbac_target_id.user = uid;
06221 rsbac_attribute_value.dummy = 0;
06222 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
06223 current->pid,
06224 T_USER,
06225 rsbac_target_id,
06226 A_none,
06227 rsbac_attribute_value))
06228 {
06229 return -EPERM;
06230 }
06231 #endif
06232 }
06233
06234 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06235 if(!k_new_pass)
06236 return -RSBAC_ENOMEM;
06237 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN);
06238 if(!err)
06239 {
06240 k_new_pass[RSBAC_MAXNAMELEN-1] = 0;
06241 err = rsbac_um_set_pass(uid, k_new_pass);
06242 }
06243 rsbac_kfree(k_new_pass);
06244 return err;
06245 #else
06246 return (-RSBAC_EINVALIDMODULE);
06247 #endif
06248 }
06249
06250 int sys_rsbac_um_set_pass_name(char * name,
06251 char * old_pass,
06252 char * new_pass)
06253 {
06254 #if defined(CONFIG_RSBAC_UM)
06255 int err;
06256 rsbac_uid_t uid;
06257 char * k_name;
06258
06259 if(!name || !new_pass)
06260 return -RSBAC_EINVALIDPOINTER;
06261 k_name = rsbac_kmalloc(RSBAC_UM_NAME_LEN);
06262 if(!k_name)
06263 return -RSBAC_ENOMEM;
06264 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06265 if(err)
06266 {
06267 rsbac_kfree(k_name);
06268 return err;
06269 }
06270 k_name[RSBAC_UM_NAME_LEN-1] = 0;
06271
06272 #ifdef CONFIG_RSBAC_DEBUG
06273 if (rsbac_debug_aef_um)
06274 {
06275 #ifdef CONFIG_RSBAC_RMSG
06276 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): user %s\n",
06277 k_name);
06278 #endif
06279 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06280 if (!rsbac_nosyslog)
06281 #endif
06282 printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): user %s\n",
06283 k_name);
06284 }
06285 #endif
06286 err = rsbac_um_get_uid(0, k_name, &uid);
06287 rsbac_kfree(k_name);
06288 if(err)
06289 {
06290 #ifdef CONFIG_RSBAC_DEBUG
06291 if (rsbac_debug_aef_um)
06292 {
06293 #ifdef CONFIG_RSBAC_RMSG
06294 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): lookup of user %s failed\n",
06295 k_name);
06296 #endif
06297 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06298 if (!rsbac_nosyslog)
06299 #endif
06300 printk(KERN_DEBUG "sys_rsbac_um_set_pass_name(): lookup of user %s failed\n",
06301 k_name);
06302 }
06303 #endif
06304 }
06305 else
06306 err = sys_rsbac_um_set_pass(uid, old_pass, new_pass);
06307
06308 return err;
06309 #else
06310 return (-RSBAC_EINVALIDMODULE);
06311 #endif
06312 }
06313
06314 int sys_rsbac_um_set_group_pass(rsbac_gid_t gid,
06315 char * new_pass)
06316 {
06317 #if defined(CONFIG_RSBAC_UM)
06318 int err;
06319 char * k_new_pass;
06320 #ifndef CONFIG_RSBAC_MAINT
06321 union rsbac_target_id_t rsbac_target_id;
06322 union rsbac_attribute_value_t rsbac_attribute_value;
06323 #endif
06324
06325 #ifdef CONFIG_RSBAC_FREEZE_UM
06326 if(rsbac_freeze)
06327 {
06328 #ifdef CONFIG_RSBAC_RMSG
06329 rsbac_printk(KERN_WARNING
06330 "sys_rsbac_um_set_group_pass(): RSBAC configuration frozen, no administration allowed!\n");
06331 #endif
06332 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06333 if (!rsbac_nosyslog)
06334 #endif
06335 printk(KERN_WARNING
06336 "sys_rsbac_um_set_group_pass(): RSBAC configuration frozen, no administration allowed!\n");
06337 return -EPERM;
06338 }
06339 #endif
06340
06341 #ifndef CONFIG_RSBAC_MAINT
06342
06343 #ifdef CONFIG_RSBAC_DEBUG
06344 if (rsbac_debug_aef)
06345 {
06346 #ifdef CONFIG_RSBAC_RMSG
06347 rsbac_printk(KERN_DEBUG "sys_rsbac_um_set_group_pass(): calling ADF\n");
06348 #endif
06349 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06350 if (!rsbac_nosyslog)
06351 #endif
06352 printk(KERN_DEBUG "sys_rsbac_um_set_group_pass(): calling ADF\n");
06353 }
06354 #endif
06355 rsbac_target_id.group = gid;
06356 rsbac_attribute_value.dummy = 0;
06357 if (!rsbac_adf_request(R_MODIFY_PERMISSIONS_DATA,
06358 current->pid,
06359 T_GROUP,
06360 rsbac_target_id,
06361 A_none,
06362 rsbac_attribute_value))
06363 {
06364 return -EPERM;
06365 }
06366 #endif
06367
06368 if(new_pass)
06369 {
06370 k_new_pass = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06371 if(!k_new_pass)
06372 return -RSBAC_ENOMEM;
06373 err = rsbac_get_user(k_new_pass, new_pass, RSBAC_MAXNAMELEN);
06374 if(!err)
06375 {
06376 k_new_pass[RSBAC_MAXNAMELEN-1] = 0;
06377 err = rsbac_um_set_group_pass(gid, k_new_pass);
06378 }
06379 rsbac_kfree(k_new_pass);
06380 }
06381 else
06382 {
06383 err = rsbac_um_set_group_pass(gid, NULL);
06384 }
06385 return err;
06386 #else
06387 return (-RSBAC_EINVALIDMODULE);
06388 #endif
06389 }
06390
06391 int sys_rsbac_um_check_account(rsbac_uid_t uid)
06392 {
06393 #if defined(CONFIG_RSBAC_UM)
06394 #ifndef CONFIG_RSBAC_MAINT
06395 union rsbac_target_id_t rsbac_target_id;
06396 union rsbac_attribute_value_t rsbac_attribute_value;
06397 #endif
06398
06399
06400 #ifndef CONFIG_RSBAC_MAINT
06401 #ifdef CONFIG_RSBAC_DEBUG
06402 if (rsbac_debug_aef)
06403 {
06404 #ifdef CONFIG_RSBAC_RMSG
06405 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n");
06406 #endif
06407 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06408 if (!rsbac_nosyslog)
06409 #endif
06410 printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n");
06411 }
06412 #endif
06413 rsbac_target_id.user = uid;
06414 rsbac_attribute_value.dummy = 0;
06415 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06416 current->pid,
06417 T_USER,
06418 rsbac_target_id,
06419 A_none,
06420 rsbac_attribute_value))
06421 {
06422 return -EPERM;
06423 }
06424 #endif
06425
06426 return rsbac_um_check_account(uid);
06427 #else
06428 return (-RSBAC_EINVALIDMODULE);
06429 #endif
06430 }
06431
06432 int sys_rsbac_um_check_account_name(char * name)
06433 {
06434 #if defined(CONFIG_RSBAC_UM)
06435 int err;
06436 rsbac_uid_t uid;
06437 char k_name[RSBAC_UM_NAME_LEN];
06438 #ifndef CONFIG_RSBAC_MAINT
06439 union rsbac_target_id_t rsbac_target_id;
06440 union rsbac_attribute_value_t rsbac_attribute_value;
06441 #endif
06442
06443 if(!name)
06444 return -RSBAC_EINVALIDPOINTER;
06445 err = rsbac_get_user(k_name, name, RSBAC_UM_NAME_LEN);
06446 if(err)
06447 return err;
06448 k_name[RSBAC_UM_NAME_LEN-1] = 0;
06449 #ifdef CONFIG_RSBAC_DEBUG
06450 if (rsbac_debug_aef_um)
06451 {
06452 #ifdef CONFIG_RSBAC_RMSG
06453 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): checking user %s\n",
06454 k_name);
06455 #endif
06456 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06457 if (!rsbac_nosyslog)
06458 #endif
06459 printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): checking user %s\n",
06460 k_name);
06461 }
06462 #endif
06463 err = rsbac_um_get_uid(0, k_name, &uid);
06464 if(err)
06465 {
06466 #ifdef CONFIG_RSBAC_DEBUG
06467 if (rsbac_debug_aef_um)
06468 {
06469 #ifdef CONFIG_RSBAC_RMSG
06470 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): lookup of user %s failed\n",
06471 k_name);
06472 #endif
06473 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06474 if (!rsbac_nosyslog)
06475 #endif
06476 printk(KERN_DEBUG "sys_rsbac_um_check_account_name(): lookup of user %s failed\n",
06477 k_name);
06478 }
06479 #endif
06480 return err;
06481 }
06482
06483 #ifndef CONFIG_RSBAC_MAINT
06484 #ifdef CONFIG_RSBAC_DEBUG
06485 if (rsbac_debug_aef)
06486 {
06487 #ifdef CONFIG_RSBAC_RMSG
06488 rsbac_printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n");
06489 #endif
06490 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06491 if (!rsbac_nosyslog)
06492 #endif
06493 printk(KERN_DEBUG "sys_rsbac_um_check_account(): calling ADF\n");
06494 }
06495 #endif
06496 rsbac_target_id.user = uid;
06497 rsbac_attribute_value.dummy = 0;
06498 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06499 current->pid,
06500 T_USER,
06501 rsbac_target_id,
06502 A_none,
06503 rsbac_attribute_value))
06504 {
06505 return -EPERM;
06506 }
06507 #endif
06508
06509 return rsbac_um_check_account(uid);
06510 #else
06511 return (-RSBAC_EINVALIDMODULE);
06512 #endif
06513 }
06514
06515
06516
06517
06518
06519
06520 int sys_rsbac_adf_log_switch(enum rsbac_adf_request_t request,
06521 enum rsbac_target_t target,
06522 u_int value)
06523 {
06524 union rsbac_target_id_t rsbac_target_id;
06525 union rsbac_attribute_value_t rsbac_attribute_value;
06526
06527 if ((value != LL_none) && (value != LL_denied) && (value != LL_full))
06528 return (-RSBAC_EINVALIDVALUE);
06529 if(request >= R_NONE)
06530 return(-RSBAC_EINVALIDREQUEST);
06531 if( (target == T_FD)
06532 || (target > T_NONE)
06533 )
06534 return(-RSBAC_EINVALIDTARGET);
06535
06536 #ifdef CONFIG_RSBAC_FREEZE
06537 if(rsbac_freeze)
06538 {
06539 #ifdef CONFIG_RSBAC_RMSG
06540 rsbac_printk(KERN_WARNING
06541 "sys_rsbac_adf_log_switch(): RSBAC configuration frozen, no administration allowed!\n");
06542 #endif
06543 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06544 if (!rsbac_nosyslog)
06545 #endif
06546 printk(KERN_WARNING
06547 "sys_rsbac_adf_log_switch(): RSBAC configuration frozen, no administration allowed!\n");
06548 return -EPERM;
06549 }
06550 #endif
06551
06552
06553 #ifdef CONFIG_RSBAC_DEBUG
06554 if (rsbac_debug_aef)
06555 printk(KERN_DEBUG "sys_rsbac_adf_log_switch(): calling ADF\n");
06556 #endif
06557 rsbac_target_id.dummy = 0;
06558 rsbac_attribute_value.request = target;
06559 if (!rsbac_adf_request(R_SWITCH_LOG,
06560 current->pid,
06561 T_NONE,
06562 rsbac_target_id,
06563 A_request,
06564 rsbac_attribute_value))
06565 {
06566 return -EPERM;
06567 }
06568 #ifdef CONFIG_RSBAC_DEBUG
06569 if (rsbac_debug_aef)
06570 {
06571 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06572 if(request_name)
06573 {
06574 get_request_name(request_name,target);
06575 #ifdef CONFIG_RSBAC_RMSG
06576 rsbac_printk(KERN_INFO "sys_rsbac_adf_log_switch(): switching RSBAC module logging for request %s (No. %i) to %i!\n",
06577 request_name, target, value);
06578 #endif
06579 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
06580 if (!rsbac_nosyslog)
06581 #endif
06582 printk(KERN_INFO "sys_rsbac_adf_log_switch(): switching RSBAC module logging for request %s (No. %i) to %i!\n",
06583 request_name, target, value);
06584 rsbac_kfree(request_name);
06585 }
06586 }
06587 #endif
06588 rsbac_adf_log_switch(request,target,value);
06589 return(0);
06590 }
06591
06592 int sys_rsbac_get_adf_log(enum rsbac_adf_request_t request,
06593 enum rsbac_target_t target,
06594 u_int * value_p)
06595 {
06596 union rsbac_target_id_t rsbac_target_id;
06597 union rsbac_attribute_value_t rsbac_attribute_value;
06598 u_int k_value;
06599 int err;
06600
06601 if(request >= R_NONE)
06602 return(-RSBAC_EINVALIDREQUEST);
06603 if( (target == T_FD)
06604 || (target > T_NONE)
06605 )
06606 return(-RSBAC_EINVALIDTARGET);
06607 if(!value_p)
06608 return(-RSBAC_EINVALIDPOINTER);
06609
06610 #ifdef CONFIG_RSBAC_DEBUG
06611 if (rsbac_debug_aef)
06612 printk(KERN_DEBUG "sys_rsbac_get_adf_log(): calling ADF\n");
06613 #endif
06614 rsbac_target_id.scd = ST_rsbac;
06615 rsbac_attribute_value.request = request;
06616 if (!rsbac_adf_request(R_GET_STATUS_DATA,
06617 current->pid,
06618 T_SCD,
06619 rsbac_target_id,
06620 A_request,
06621 rsbac_attribute_value))
06622 {
06623 return -EPERM;
06624 }
06625 #ifdef CONFIG_RSBAC_DEBUG
06626 if (rsbac_debug_aef)
06627 {
06628 char * request_name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
06629 if(request_name)
06630 {
06631 get_request_name(request_name,target);
06632 printk(KERN_DEBUG "sys_rsbac_get_adf_log(): getting RSBAC module logging for request %s (No. %i)!\n",
06633 request_name, target);
06634 rsbac_kfree(request_name);
06635 }
06636 }
06637 #endif
06638 err = rsbac_get_adf_log(request, target, &k_value);
06639 if(!err)
06640 {
06641 rsbac_put_user((u_char *) &k_value,
06642 (u_char *) value_p,
06643 sizeof(k_value) );
06644 }
06645 return(err);
06646 }
06647
06648
06649
06650
06651
06652
06653
06654
06655
06656
06657
06658 int sys_rsbac_log(int type,
06659 char * buf,
06660 int len)
06661 {
06662 #if defined(CONFIG_RSBAC_RMSG)
06663
06664 return(rsbac_log(type,buf,len));
06665 #else
06666 return(0);
06667 #endif
06668 }
06669
06670 #if defined(CONFIG_RSBAC_INIT_DELAY)
06671 int sys_rsbac_init(char * path)
06672 {
06673 struct dentry * t_dentry = NULL;
06674 rsbac_boolean_t need_put = FALSE;
06675 int err = 0;
06676
06677 struct nameidata nd;
06678
06679 if(!path)
06680 return rsbac_init(ROOT_DEV);
06681
06682 if ((err = user_path_walk_link(path, &nd)))
06683 {
06684 goto out;
06685 }
06686 t_dentry = nd.dentry;
06687 need_put = TRUE;
06688 if (!t_dentry->d_inode)
06689 {
06690 err = -RSBAC_EINVALIDTARGET;
06691 goto out_dput;
06692 }
06693
06694 if(!S_ISBLK(t_dentry->d_inode->i_mode))
06695 {
06696 err = -RSBAC_EINVALIDTARGET;
06697 goto out_dput;
06698 }
06699 err = rsbac_init(t_dentry->d_sb->s_dev);
06700
06701 out_dput:
06702 if(need_put)
06703 path_release(&nd);
06704 out:
06705 return(err);
06706 }
06707 #endif
06708
06709 #ifdef CONFIG_RSBAC_LIST_TRANS
06710 int sys_rsbac_list_ta_begin(
06711 rsbac_time_t ttl,
06712 rsbac_list_ta_number_t * ta_number_p,
06713 rsbac_uid_t commit_uid,
06714 char * password)
06715 {
06716 int err;
06717 rsbac_list_ta_number_t k_ta_number;
06718 char * k_password = NULL;
06719
06720 if(password)
06721 {
06722 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
06723 if(!k_password)
06724 return -ENOMEM;
06725 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
06726 if(err)
06727 {
06728 rsbac_kfree(k_password);
06729 return err;
06730 }
06731 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
06732 }
06733 err = rsbac_list_ta_begin(ttl, &k_ta_number, commit_uid, k_password);
06734 if(!err)
06735 err = rsbac_put_user((u_char *) &k_ta_number,
06736 (u_char *) ta_number_p,
06737 sizeof(k_ta_number) );
06738 if(k_password)
06739 rsbac_kfree(k_password);
06740 return err;
06741 }
06742
06743 int sys_rsbac_list_ta_refresh(
06744 rsbac_time_t ttl,
06745 rsbac_list_ta_number_t ta_number,
06746 char * password)
06747 {
06748 int err;
06749 char * k_password;
06750
06751 if(password)
06752 {
06753 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
06754 if(!k_password)
06755 return -ENOMEM;
06756 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
06757 if(err)
06758 {
06759 rsbac_kfree(k_password);
06760 return err;
06761 }
06762 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
06763 }
06764 else
06765 k_password = NULL;
06766 err = rsbac_list_ta_refresh(ttl, ta_number, k_password);
06767 if(k_password)
06768 rsbac_kfree(k_password);
06769 return err;
06770 }
06771
06772 int sys_rsbac_list_ta_commit(
06773 rsbac_list_ta_number_t ta_number,
06774 char * password)
06775 {
06776 int err;
06777 char * k_password;
06778
06779 if(password)
06780 {
06781 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
06782 if(!k_password)
06783 return -ENOMEM;
06784 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
06785 if(err)
06786 {
06787 rsbac_kfree(k_password);
06788 return err;
06789 }
06790 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
06791 }
06792 else
06793 k_password = NULL;
06794 err = rsbac_list_ta_commit(ta_number, k_password);
06795 if(k_password)
06796 rsbac_kfree(k_password);
06797 return err;
06798 }
06799
06800 int sys_rsbac_list_ta_forget(
06801 rsbac_list_ta_number_t ta_number,
06802 char * password)
06803 {
06804 int err;
06805 char * k_password;
06806
06807 if(password)
06808 {
06809 k_password = rsbac_kmalloc(RSBAC_LIST_TA_MAX_PASSLEN);
06810 if(!k_password)
06811 return -ENOMEM;
06812 err = rsbac_get_user(k_password, password, RSBAC_LIST_TA_MAX_PASSLEN - 1);
06813 if(err)
06814 {
06815 rsbac_kfree(k_password);
06816 return err;
06817 }
06818 k_password[RSBAC_LIST_TA_MAX_PASSLEN - 1] = 0;
06819 }
06820 else
06821 k_password = NULL;
06822 err = rsbac_list_ta_forget(ta_number, k_password);
06823 if(k_password)
06824 rsbac_kfree(k_password);
06825 return err;
06826 }
06827 #endif
06828
06829
06830 #ifdef rsbac_syscall4
06831 asmlinkage int sys_rsbac(int dummy,
06832 rsbac_version_t version,
06833 enum rsbac_syscall_t call,
06834 union rsbac_syscall_arg_t * arg_p)
06835 #else
06836 asmlinkage int sys_rsbac(rsbac_version_t version,
06837 enum rsbac_syscall_t call,
06838 union rsbac_syscall_arg_t * arg_p)
06839 #endif
06840 {
06841 union rsbac_syscall_arg_t k_arg;
06842 int err;
06843
06844 if(version != RSBAC_VERSION_NR)
06845 return -RSBAC_EINVALIDVERSION;
06846
06847 if(call >= RSYS_none)
06848 return -RSBAC_EINVALIDREQUEST;
06849
06850
06851 if(arg_p)
06852 {
06853 err = rsbac_get_user((u_char *) &k_arg, (u_char *) arg_p, sizeof(k_arg) );
06854 if(err)
06855 return err;
06856 }
06857 else
06858 {
06859 memset(&k_arg, 0, sizeof(k_arg));
06860 }
06861
06862 switch(call)
06863 {
06864 case RSYS_stats:
06865 return sys_rsbac_stats();
06866 case RSYS_check:
06867 return sys_rsbac_check(k_arg.check.correct, k_arg.check.check_inode);
06868 case RSYS_get_attr:
06869 return sys_rsbac_get_attr(k_arg.get_attr.ta_number,
06870 k_arg.get_attr.module,
06871 k_arg.get_attr.target,
06872 k_arg.get_attr.tid,
06873 k_arg.get_attr.attr,
06874 k_arg.get_attr.value,
06875 k_arg.get_attr.inherit);
06876 case RSYS_get_attr_n:
06877 return sys_rsbac_get_attr_n(k_arg.get_attr_n.ta_number,
06878 k_arg.get_attr_n.module,
06879 k_arg.get_attr_n.target,
06880 k_arg.get_attr_n.t_name,
06881 k_arg.get_attr_n.attr,
06882 k_arg.get_attr_n.value,
06883 k_arg.get_attr_n.inherit);
06884 case RSYS_set_attr:
06885 return sys_rsbac_set_attr(k_arg.set_attr.ta_number,
06886 k_arg.set_attr.module,
06887 k_arg.set_attr.target,
06888 k_arg.set_attr.tid,
06889 k_arg.set_attr.attr,
06890 k_arg.set_attr.value);
06891 case RSYS_set_attr_n:
06892 return sys_rsbac_set_attr_n(k_arg.set_attr_n.ta_number,
06893 k_arg.set_attr_n.module,
06894 k_arg.set_attr_n.target,
06895 k_arg.set_attr_n.t_name,
06896 k_arg.set_attr_n.attr,
06897 k_arg.set_attr_n.value);
06898 case RSYS_remove_target:
06899 return sys_rsbac_remove_target(k_arg.remove_target.ta_number,
06900 k_arg.remove_target.target,
06901 k_arg.remove_target.tid);
06902 case RSYS_remove_target_n:
06903 return sys_rsbac_remove_target_n(k_arg.remove_target_n.ta_number,
06904 k_arg.remove_target_n.target,
06905 k_arg.remove_target_n.t_name);
06906 case RSYS_net_list_all_netdev:
06907 return sys_rsbac_net_list_all_netdev(k_arg.net_list_all_netdev.ta_number,
06908 k_arg.net_list_all_netdev.id_p,
06909 k_arg.net_list_all_netdev.maxnum);
06910 case RSYS_net_template:
06911 return sys_rsbac_net_template(k_arg.net_template.ta_number,
06912 k_arg.net_template.call,
06913 k_arg.net_template.id,
06914 k_arg.net_template.data_p);
06915 case RSYS_net_list_all_template:
06916 return sys_rsbac_net_list_all_template(k_arg.net_list_all_template.ta_number,
06917 k_arg.net_list_all_template.id_p,
06918 k_arg.net_list_all_template.maxnum);
06919 case RSYS_switch:
06920 return sys_rsbac_switch(k_arg.switch_module.target,
06921 k_arg.switch_module.value);
06922 case RSYS_adf_log_switch:
06923 return sys_rsbac_adf_log_switch(k_arg.adf_log_switch.request,
06924 k_arg.adf_log_switch.target,
06925 k_arg.adf_log_switch.value);
06926 case RSYS_get_adf_log:
06927 return sys_rsbac_get_adf_log(k_arg.get_adf_log.request,
06928 k_arg.get_adf_log.target,
06929 k_arg.get_adf_log.value_p);
06930 case RSYS_write:
06931 return sys_rsbac_write();
06932 case RSYS_log:
06933 return sys_rsbac_log(k_arg.log.type,
06934 k_arg.log.buf,
06935 k_arg.log.len);
06936 case RSYS_mac_set_curr_level:
06937 return sys_rsbac_mac_set_curr_level(k_arg.mac_set_curr_level.level,
06938 k_arg.mac_set_curr_level.categories_p);
06939 case RSYS_mac_get_curr_level:
06940 return sys_rsbac_mac_get_curr_level(k_arg.mac_get_curr_level.level_p,
06941 k_arg.mac_get_curr_level.categories_p);
06942 case RSYS_mac_get_max_level:
06943 return sys_rsbac_mac_get_max_level(k_arg.mac_get_max_level.level_p,
06944 k_arg.mac_get_max_level.categories_p);
06945 case RSYS_mac_get_min_level:
06946 return sys_rsbac_mac_get_min_level(k_arg.mac_get_min_level.level_p,
06947 k_arg.mac_get_min_level.categories_p);
06948 case RSYS_mac_add_p_tru:
06949 return sys_rsbac_mac_add_p_tru(k_arg.mac_add_p_tru.ta_number,
06950 k_arg.mac_add_p_tru.pid,
06951 k_arg.mac_add_p_tru.uid,
06952 k_arg.mac_add_p_tru.ttl);
06953 case RSYS_mac_remove_p_tru:
06954 return sys_rsbac_mac_remove_p_tru(k_arg.mac_remove_p_tru.ta_number,
06955 k_arg.mac_remove_p_tru.pid,
06956 k_arg.mac_add_p_tru.uid);
06957 case RSYS_mac_add_f_tru:
06958 return sys_rsbac_mac_add_f_tru(k_arg.mac_add_f_tru.ta_number,
06959 k_arg.mac_add_f_tru.filename,
06960 k_arg.mac_add_p_tru.uid,
06961 k_arg.mac_add_f_tru.ttl);
06962 case RSYS_mac_remove_f_tru:
06963 return sys_rsbac_mac_remove_f_tru(k_arg.mac_remove_f_tru.ta_number,
06964 k_arg.mac_remove_f_tru.filename,
06965 k_arg.mac_remove_f_tru.uid);
06966 case RSYS_mac_get_f_trulist:
06967 return sys_rsbac_mac_get_f_trulist(k_arg.mac_get_f_trulist.ta_number,
06968 k_arg.mac_get_f_trulist.filename,
06969 k_arg.mac_get_f_trulist.trulist,
06970 k_arg.mac_get_f_trulist.ttllist,
06971 k_arg.mac_get_f_trulist.maxnum);
06972 case RSYS_mac_get_p_trulist:
06973 return sys_rsbac_mac_get_p_trulist(k_arg.mac_get_p_trulist.ta_number,
06974 k_arg.mac_get_p_trulist.pid,
06975 k_arg.mac_get_p_trulist.trulist,
06976 k_arg.mac_get_p_trulist.ttllist,
06977 k_arg.mac_get_p_trulist.maxnum);
06978 case RSYS_stats_pm:
06979 return sys_rsbac_stats_pm();
06980 case RSYS_pm:
06981 return sys_rsbac_pm(k_arg.pm.ta_number,
06982 k_arg.pm.function,
06983 k_arg.pm.param_p,
06984 k_arg.pm.ticket);
06985 case RSYS_pm_change_current_task:
06986 return sys_rsbac_pm_change_current_task(k_arg.pm_change_current_task.task);
06987 case RSYS_pm_create_file:
06988 return sys_rsbac_pm_create_file(k_arg.pm_create_file.filename,
06989 k_arg.pm_create_file.mode,
06990 k_arg.pm_create_file.object_class);
06991 case RSYS_daz_flush_cache:
06992 return sys_rsbac_daz_flush_cache();
06993 case RSYS_rc_copy_role:
06994 return sys_rsbac_rc_copy_role(k_arg.rc_copy_role.ta_number,
06995 k_arg.rc_copy_role.from_role,
06996 k_arg.rc_copy_role.to_role);
06997 case RSYS_rc_copy_type:
06998 return sys_rsbac_rc_copy_type(k_arg.rc_copy_type.ta_number,
06999 k_arg.rc_copy_type.target,
07000 k_arg.rc_copy_type.from_type,
07001 k_arg.rc_copy_type.to_type);
07002 case RSYS_rc_get_item:
07003 return sys_rsbac_rc_get_item(k_arg.rc_get_item.ta_number,
07004 k_arg.rc_get_item.target,
07005 k_arg.rc_get_item.tid_p,
07006 k_arg.rc_get_item.subtid_p,
07007 k_arg.rc_get_item.item,
07008 k_arg.rc_get_item.value_p,
07009 k_arg.rc_get_item.ttl_p);
07010 case RSYS_rc_set_item:
07011 return sys_rsbac_rc_set_item(k_arg.rc_set_item.ta_number,
07012 k_arg.rc_set_item.target,
07013 k_arg.rc_set_item.tid_p,
07014 k_arg.rc_set_item.subtid_p,
07015 k_arg.rc_set_item.item,
07016 k_arg.rc_set_item.value_p,
07017 k_arg.rc_set_item.ttl);
07018 case RSYS_rc_change_role:
07019 return sys_rsbac_rc_change_role(k_arg.rc_change_role.role);
07020 case RSYS_rc_get_eff_rights_n:
07021 return sys_rsbac_rc_get_eff_rights_n(k_arg.rc_get_eff_rights_n.ta_number,
07022 k_arg.rc_get_eff_rights_n.target,
07023 k_arg.rc_get_eff_rights_n.t_name,
07024 k_arg.rc_get_eff_rights_n.request_vector_p,
07025 k_arg.rc_get_eff_rights_n.ttl_p);
07026 case RSYS_rc_get_list:
07027 return sys_rsbac_rc_get_list(k_arg.rc_get_list.ta_number,
07028 k_arg.rc_get_list.target,
07029 k_arg.rc_get_list.tid_p,
07030 k_arg.rc_get_list.item,
07031 k_arg.rc_get_list.maxnum,
07032 k_arg.rc_get_list.array_p,
07033 k_arg.rc_get_list.ttl_array_p);
07034 case RSYS_rc_get_current_role:
07035 return sys_rsbac_rc_get_current_role(k_arg.rc_get_current_role.role_p);
07036 case RSYS_auth_add_p_cap:
07037 return sys_rsbac_auth_add_p_cap(k_arg.auth_add_p_cap.ta_number,
07038 k_arg.auth_add_p_cap.pid,
07039 k_arg.auth_add_p_cap.cap_type,
07040 k_arg.auth_add_p_cap.cap_range,
07041 k_arg.auth_add_p_cap.ttl);
07042 case RSYS_auth_remove_p_cap:
07043 return sys_rsbac_auth_remove_p_cap(k_arg.auth_remove_p_cap.ta_number,
07044 k_arg.auth_remove_p_cap.pid,
07045 k_arg.auth_remove_p_cap.cap_type,
07046 k_arg.auth_remove_p_cap.cap_range);
07047 case RSYS_auth_add_f_cap:
07048 return sys_rsbac_auth_add_f_cap(k_arg.auth_add_f_cap.ta_number,
07049 k_arg.auth_add_f_cap.filename,
07050 k_arg.auth_add_f_cap.cap_type,
07051 k_arg.auth_add_f_cap.cap_range,
07052 k_arg.auth_add_f_cap.ttl);
07053 case RSYS_auth_remove_f_cap:
07054 return sys_rsbac_auth_remove_f_cap(k_arg.auth_remove_f_cap.ta_number,
07055 k_arg.auth_remove_f_cap.filename,
07056 k_arg.auth_remove_f_cap.cap_type,
07057 k_arg.auth_remove_f_cap.cap_range);
07058 case RSYS_auth_get_f_caplist:
07059 return sys_rsbac_auth_get_f_caplist(k_arg.auth_get_f_caplist.ta_number,
07060 k_arg.auth_get_f_caplist.filename,
07061 k_arg.auth_get_f_caplist.cap_type,
07062 k_arg.auth_get_f_caplist.caplist,
07063 k_arg.auth_get_f_caplist.ttllist,
07064 k_arg.auth_get_f_caplist.maxnum);
07065 case RSYS_auth_get_p_caplist:
07066 return sys_rsbac_auth_get_p_caplist(k_arg.auth_get_p_caplist.ta_number,
07067 k_arg.auth_get_p_caplist.pid,
07068 k_arg.auth_get_p_caplist.cap_type,
07069 k_arg.auth_get_p_caplist.caplist,
07070 k_arg.auth_get_p_caplist.ttllist,
07071 k_arg.auth_get_p_caplist.maxnum);
07072 case RSYS_acl:
07073 return sys_rsbac_acl(k_arg.acl.ta_number,
07074 k_arg.acl.call,
07075 k_arg.acl.arg);
07076 case RSYS_acl_n:
07077 return sys_rsbac_acl_n(k_arg.acl_n.ta_number,
07078 k_arg.acl_n.call,
07079 k_arg.acl_n.arg);
07080 case RSYS_acl_get_rights:
07081 return sys_rsbac_acl_get_rights(k_arg.acl_get_rights.ta_number,
07082 k_arg.acl_get_rights.arg,
07083 k_arg.acl_get_rights.rights_p,
07084 k_arg.acl_get_rights.effective);
07085 case RSYS_acl_get_rights_n:
07086 return sys_rsbac_acl_get_rights_n(k_arg.acl_get_rights_n.ta_number,
07087 k_arg.acl_get_rights_n.arg,
07088 k_arg.acl_get_rights_n.rights_p,
07089 k_arg.acl_get_rights_n.effective);
07090 case RSYS_acl_get_tlist:
07091 return sys_rsbac_acl_get_tlist(k_arg.acl_get_tlist.ta_number,
07092 k_arg.acl_get_tlist.target,
07093 k_arg.acl_get_tlist.tid,
07094 k_arg.acl_get_tlist.entry_array,
07095 k_arg.acl_get_tlist.ttl_array,
07096 k_arg.acl_get_tlist.maxnum);
07097 case RSYS_acl_get_tlist_n:
07098 return sys_rsbac_acl_get_tlist_n(k_arg.acl_get_tlist_n.ta_number,
07099 k_arg.acl_get_tlist_n.target,
07100 k_arg.acl_get_tlist_n.t_name,
07101 k_arg.acl_get_tlist_n.entry_array,
07102 k_arg.acl_get_tlist_n.ttl_array,
07103 k_arg.acl_get_tlist_n.maxnum);
07104 case RSYS_acl_get_mask:
07105 return sys_rsbac_acl_get_mask(k_arg.acl_get_mask.ta_number,
07106 k_arg.acl_get_mask.target,
07107 k_arg.acl_get_mask.tid,
07108 k_arg.acl_get_mask.mask_p);
07109 case RSYS_acl_get_mask_n:
07110 return sys_rsbac_acl_get_mask_n(k_arg.acl_get_mask_n.ta_number,
07111 k_arg.acl_get_mask_n.target,
07112 k_arg.acl_get_mask_n.t_name,
07113 k_arg.acl_get_mask_n.mask_p);
07114 case RSYS_acl_group:
07115 return sys_rsbac_acl_group(k_arg.acl_group.ta_number,
07116 k_arg.acl_group.call,
07117 k_arg.acl_group.arg_p);
07118 case RSYS_reg:
07119 return sys_rsbac_reg(k_arg.reg.handle,
07120 k_arg.reg.arg);
07121 case RSYS_jail:
07122 #ifdef CONFIG_RSBAC_JAIL
07123 return rsbac_jail_sys_jail(k_arg.jail.version,
07124 k_arg.jail.path,
07125 k_arg.jail.ip,
07126 k_arg.jail.flags,
07127 k_arg.jail.max_caps);
07128 #else
07129 return -RSBAC_EINVALIDMODULE;
07130 #endif
07131
07132 #if defined(CONFIG_RSBAC_INIT_DELAY)
07133 case RSYS_init:
07134 return sys_rsbac_init(k_arg.init.root_dev);
07135 #endif
07136
07137 case RSYS_um_auth_name:
07138 return sys_rsbac_um_auth_name(k_arg.um_auth_name.name,
07139 k_arg.um_auth_name.pass);
07140 case RSYS_um_auth_uid:
07141 return sys_rsbac_um_auth_uid(k_arg.um_auth_uid.uid,
07142 k_arg.um_auth_uid.pass);
07143 case RSYS_um_add_user:
07144 return sys_rsbac_um_add_user(k_arg.um_add_user.ta_number,
07145 k_arg.um_add_user.uid,
07146 k_arg.um_add_user.entry_p,
07147 k_arg.um_add_user.pass,
07148 k_arg.um_add_user.ttl);
07149 case RSYS_um_add_group:
07150 return sys_rsbac_um_add_group(k_arg.um_add_group.ta_number,
07151 k_arg.um_add_group.gid,
07152 k_arg.um_add_group.entry_p,
07153 k_arg.um_add_group.pass,
07154 k_arg.um_add_group.ttl);
07155 case RSYS_um_add_gm:
07156 return sys_rsbac_um_add_gm(k_arg.um_add_gm.ta_number,
07157 k_arg.um_add_gm.uid,
07158 k_arg.um_add_gm.gid,
07159 k_arg.um_add_gm.ttl);
07160 case RSYS_um_mod_user:
07161 return sys_rsbac_um_mod_user(k_arg.um_mod_user.ta_number,
07162 k_arg.um_mod_user.uid,
07163 k_arg.um_mod_user.mod,
07164 k_arg.um_mod_user.data_p);
07165 case RSYS_um_mod_group:
07166 return sys_rsbac_um_mod_group(k_arg.um_mod_group.ta_number,
07167 k_arg.um_mod_group.gid,
07168 k_arg.um_mod_group.mod,
07169 k_arg.um_mod_group.data_p);
07170 case RSYS_um_get_user_item:
07171 return sys_rsbac_um_get_user_item(k_arg.um_get_user_item.ta_number,
07172 k_arg.um_get_user_item.uid,
07173 k_arg.um_get_user_item.mod,
07174 k_arg.um_get_user_item.data_p);
07175 case RSYS_um_get_group_item:
07176 return sys_rsbac_um_get_group_item(k_arg.um_get_group_item.ta_number,
07177 k_arg.um_get_group_item.gid,
07178 k_arg.um_get_group_item.mod,
07179 k_arg.um_get_group_item.data_p);
07180 case RSYS_um_remove_user:
07181 return sys_rsbac_um_remove_user(k_arg.um_remove_user.ta_number,
07182 k_arg.um_remove_user.uid);
07183 case RSYS_um_remove_group:
07184 return sys_rsbac_um_remove_group(k_arg.um_remove_group.ta_number,
07185 k_arg.um_remove_group.gid);
07186 case RSYS_um_remove_gm:
07187 return sys_rsbac_um_remove_gm(k_arg.um_remove_gm.ta_number,
07188 k_arg.um_remove_gm.uid,
07189 k_arg.um_remove_gm.gid);
07190 case RSYS_um_user_exists:
07191 return sys_rsbac_um_user_exists(k_arg.um_user_exists.ta_number,
07192 k_arg.um_user_exists.uid);
07193 case RSYS_um_get_next_user:
07194 return sys_rsbac_um_get_next_user(k_arg.um_get_next_user.ta_number,
07195 k_arg.um_get_next_user.old_user,
07196 k_arg.um_get_next_user.next_user_p);
07197 case RSYS_um_get_user_list:
07198 return sys_rsbac_um_get_user_list(k_arg.um_get_user_list.ta_number,
07199 k_arg.um_get_user_list.user_array,
07200 k_arg.um_get_user_list.maxnum);
07201 case RSYS_um_get_gm_list:
07202 return sys_rsbac_um_get_gm_list(k_arg.um_get_gm_list.ta_number,
07203 k_arg.um_get_gm_list.user,
07204 k_arg.um_get_gm_list.group_array,
07205 k_arg.um_get_gm_list.maxnum);
07206 case RSYS_um_get_gm_user_list:
07207 return sys_rsbac_um_get_gm_user_list(k_arg.um_get_gm_user_list.ta_number,
07208 k_arg.um_get_gm_user_list.group,
07209 k_arg.um_get_gm_user_list.user_array,
07210 k_arg.um_get_gm_user_list.maxnum);
07211 case RSYS_um_get_group_list:
07212 return sys_rsbac_um_get_group_list(k_arg.um_get_group_list.ta_number,
07213 k_arg.um_get_group_list.group_array,
07214 k_arg.um_get_group_list.maxnum);
07215 case RSYS_um_get_uid:
07216 return sys_rsbac_um_get_uid(k_arg.um_get_uid.ta_number,
07217 k_arg.um_get_uid.name,
07218 k_arg.um_get_uid.uid_p);
07219 case RSYS_um_get_gid:
07220 return sys_rsbac_um_get_gid(k_arg.um_get_gid.ta_number,
07221 k_arg.um_get_gid.name,
07222 k_arg.um_get_gid.gid_p);
07223 case RSYS_um_set_pass:
07224 return sys_rsbac_um_set_pass(k_arg.um_set_pass.uid,
07225 k_arg.um_set_pass.old_pass,
07226 k_arg.um_set_pass.new_pass);
07227 case RSYS_um_set_pass_name:
07228 return sys_rsbac_um_set_pass_name(k_arg.um_set_pass_name.name,
07229 k_arg.um_set_pass_name.old_pass,
07230 k_arg.um_set_pass_name.new_pass);
07231 case RSYS_um_set_group_pass:
07232 return sys_rsbac_um_set_group_pass(k_arg.um_set_group_pass.gid,
07233 k_arg.um_set_group_pass.new_pass);
07234 case RSYS_um_check_account:
07235 return sys_rsbac_um_check_account(k_arg.um_check_account.uid);
07236 case RSYS_um_check_account_name:
07237 return sys_rsbac_um_check_account_name(k_arg.um_check_account_name.name);
07238
07239 #ifdef CONFIG_RSBAC_LIST_TRANS
07240 case RSYS_list_ta_begin:
07241 return sys_rsbac_list_ta_begin(k_arg.list_ta_begin.ttl,
07242 k_arg.list_ta_begin.ta_number_p,
07243 k_arg.list_ta_begin.commit_uid,
07244 k_arg.list_ta_begin.password);
07245 case RSYS_list_ta_refresh:
07246 return sys_rsbac_list_ta_refresh(k_arg.list_ta_refresh.ttl,
07247 k_arg.list_ta_refresh.ta_number,
07248 k_arg.list_ta_refresh.password);
07249 case RSYS_list_ta_commit:
07250 return sys_rsbac_list_ta_commit(k_arg.list_ta_commit.ta_number,
07251 k_arg.list_ta_commit.password);
07252 case RSYS_list_ta_forget:
07253 return sys_rsbac_list_ta_forget(k_arg.list_ta_forget.ta_number,
07254 k_arg.list_ta_forget.password);
07255 #endif
07256
07257 default:
07258 return -RSBAC_EINVALIDREQUEST;
07259 }
07260 }
07261
07262
07263
