5 |
* |
* |
6 |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
* Copyright (C) 2005-2008 NTT DATA CORPORATION |
7 |
* |
* |
8 |
* Version: 1.5.3-pre 2008/01/02 |
* Version: 1.5.3-pre 2008/01/03 |
9 |
* |
* |
10 |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
* This file is applicable to both 2.4.30 and 2.6.11 and later. |
11 |
* See README.ccs for ChangeLog. |
* See README.ccs for ChangeLog. |
233 |
|
|
234 |
struct acl_info { |
struct acl_info { |
235 |
struct list1_head list; |
struct list1_head list; |
|
const struct condition_list *cond; |
|
236 |
u8 type; |
u8 type; |
237 |
bool is_deleted; |
bool is_deleted; |
238 |
} __attribute__((__packed__)); |
} __attribute__((__packed__)); |
248 |
|
|
249 |
#define MAX_PROFILES 256 |
#define MAX_PROFILES 256 |
250 |
|
|
|
struct argv0_acl_record { |
|
|
struct acl_info head; /* type = TYPE_ARGV0_ACL */ |
|
|
const struct path_info *filename; /* Pointer to single pathname. */ |
|
|
const struct path_info *argv0; /* strrchr(argv[0], '/') + 1 */ |
|
|
}; |
|
|
|
|
|
struct env_acl_record { |
|
|
struct acl_info head; /* type = TYPE_ENV_ACL */ |
|
|
const struct path_info *env; /* environment variable */ |
|
|
}; |
|
|
|
|
|
struct capability_acl_record { |
|
|
struct acl_info head; /* type = TYPE_CAPABILITY_ACL */ |
|
|
u32 capability; |
|
|
}; |
|
|
|
|
|
struct signal_acl_record { |
|
|
struct acl_info head; /* type = TYPE_SIGNAL_ACL */ |
|
|
u16 sig; |
|
|
const struct path_info *domainname; /* Pointer to destination pattern. */ |
|
|
}; |
|
|
|
|
251 |
struct single_acl_record { |
struct single_acl_record { |
252 |
struct acl_info head; /* type = TYPE_SINGLE_PATH_ACL */ |
struct acl_info head; /* type = TYPE_SINGLE_PATH_ACL */ |
253 |
bool u_is_group; |
bool u_is_group; |
258 |
u16 perm; |
u16 perm; |
259 |
}; |
}; |
260 |
|
|
261 |
|
struct single_acl_record_with_condition { |
262 |
|
struct single_acl_record record; /* head.type = TYPE_SINGLE_PATH_ACL_WITH_CONDITION */ |
263 |
|
const struct condition_list *condition; |
264 |
|
}; |
265 |
|
|
266 |
struct double_acl_record { |
struct double_acl_record { |
267 |
struct acl_info head; /* type = TYPE_DOUBLE_PATH_ACL */ |
struct acl_info head; /* type = TYPE_DOUBLE_PATH_ACL */ |
268 |
bool u1_is_group; |
bool u1_is_group; |
278 |
u8 perm; |
u8 perm; |
279 |
}; |
}; |
280 |
|
|
281 |
|
struct double_acl_record_with_condition { |
282 |
|
struct double_acl_record record; /* head.type = TYPE_DOUBLE_PATH_ACL_WITH_CONDITION */ |
283 |
|
const struct condition_list *condition; |
284 |
|
}; |
285 |
|
|
286 |
|
struct argv0_acl_record { |
287 |
|
struct acl_info head; /* type = TYPE_ARGV0_ACL */ |
288 |
|
const struct path_info *filename; /* Pointer to single pathname. */ |
289 |
|
const struct path_info *argv0; /* strrchr(argv[0], '/') + 1 */ |
290 |
|
}; |
291 |
|
|
292 |
|
struct argv0_acl_record_with_condition { |
293 |
|
struct argv0_acl_record record; /* head.type = TYPE_ARGV0_ACL_WITH_CONDITION */ |
294 |
|
const struct condition_list *condition; |
295 |
|
}; |
296 |
|
|
297 |
|
struct env_acl_record { |
298 |
|
struct acl_info head; /* type = TYPE_ENV_ACL */ |
299 |
|
const struct path_info *env; /* environment variable */ |
300 |
|
}; |
301 |
|
|
302 |
|
struct env_acl_record_with_condition { |
303 |
|
struct env_acl_record record; /* head.type = TYPE_ENV_ACL_WITH_CONDITION */ |
304 |
|
const struct condition_list *condition; |
305 |
|
}; |
306 |
|
|
307 |
|
struct capability_acl_record { |
308 |
|
struct acl_info head; /* type = TYPE_CAPABILITY_ACL */ |
309 |
|
u32 capability; |
310 |
|
}; |
311 |
|
|
312 |
|
struct capability_acl_record_with_condition { |
313 |
|
struct capability_acl_record record; /* head.type = TYPE_CAPABILITY_ACL_WITH_CONDITION */ |
314 |
|
const struct condition_list *condition; |
315 |
|
}; |
316 |
|
|
317 |
|
struct signal_acl_record { |
318 |
|
struct acl_info head; /* type = TYPE_SIGNAL_ACL */ |
319 |
|
u16 sig; |
320 |
|
const struct path_info *domainname; /* Pointer to destination pattern. */ |
321 |
|
}; |
322 |
|
|
323 |
|
struct signal_acl_record_with_condition { |
324 |
|
struct signal_acl_record record; /* head.type = TYPE_SIGNAL_ACL_WITH_CONDITION */ |
325 |
|
const struct condition_list *condition; |
326 |
|
}; |
327 |
|
|
328 |
#define IP_RECORD_TYPE_ADDRESS_GROUP 0 |
#define IP_RECORD_TYPE_ADDRESS_GROUP 0 |
329 |
#define IP_RECORD_TYPE_IPv4 1 |
#define IP_RECORD_TYPE_IPv4 1 |
330 |
#define IP_RECORD_TYPE_IPv6 2 |
#define IP_RECORD_TYPE_IPv6 2 |
348 |
u16 max_port; /* End of port number range. */ |
u16 max_port; /* End of port number range. */ |
349 |
}; |
}; |
350 |
|
|
351 |
|
struct ip_network_acl_record_with_condition { |
352 |
|
struct ip_network_acl_record record; /* type = TYPE_IP_NETWORK_ACL_WITH_CONDITION */ |
353 |
|
const struct condition_list *condition; |
354 |
|
}; |
355 |
|
|
356 |
/************************* Keywords for ACLs. *************************/ |
/************************* Keywords for ACLs. *************************/ |
357 |
|
|
358 |
#define KEYWORD_ADDRESS_GROUP "address_group " |
#define KEYWORD_ADDRESS_GROUP "address_group " |
511 |
int CCS_ReadControl(struct file *file, char __user *buffer, const int buffer_len); |
int CCS_ReadControl(struct file *file, char __user *buffer, const int buffer_len); |
512 |
int CCS_WriteControl(struct file *file, const char __user *buffer, const int buffer_len); |
int CCS_WriteControl(struct file *file, const char __user *buffer, const int buffer_len); |
513 |
int CanSaveAuditLog(const bool is_granted); |
int CanSaveAuditLog(const bool is_granted); |
|
int CheckCondition(const struct condition_list *condition, struct obj_info *obj_info); |
|
514 |
int CheckSupervisor(const char *fmt, ...) __attribute__ ((format(printf, 1, 2))); |
int CheckSupervisor(const char *fmt, ...) __attribute__ ((format(printf, 1, 2))); |
515 |
int DelDomainACL(struct acl_info *ptr); |
int DelDomainACL(struct acl_info *ptr); |
516 |
int DeleteDomain(char *data); |
int DeleteDomain(char *data); |
517 |
int DumpCondition(struct io_buffer *head, const struct condition_list *ptr); |
int DumpCondition(struct io_buffer *head, const struct condition_list *ptr); |
518 |
|
bool CheckCondition(const struct condition_list *condition, struct obj_info *obj_info); |
519 |
bool IsCorrectDomain(const unsigned char *domainname, const char *function); |
bool IsCorrectDomain(const unsigned char *domainname, const char *function); |
520 |
bool IsCorrectPath(const char *filename, const s8 start_type, const s8 pattern_type, const s8 end_type, const char *function); |
bool IsCorrectPath(const char *filename, const s8 start_type, const s8 pattern_type, const s8 end_type, const char *function); |
521 |
bool IsDomainDef(const unsigned char *buffer); |
bool IsDomainDef(const unsigned char *buffer); |