Menu
▾
▴
[Cerber-commits] cerb-current cerb.c,1.2,1.3 lists.c,1.4,1.5 lists.h,1.3,1.4
|
From: <da...@us...> - 2002-05-30 19:40:46
|
Update of /cvsroot/cerber/cerb-current
In directory usw-pr-cvs1:/tmp/cvs-serv15306
Modified Files:
cerb.c lists.c lists.h
Log Message:
syntax errors fixed
Index: cerb.c
===================================================================
RCS file: /cvsroot/cerber/cerb-current/cerb.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** cerb.c 30 May 2002 19:21:52 -0000 1.2
--- cerb.c 30 May 2002 19:40:41 -0000 1.3
***************
*** 7,10 ****
--- 7,13 ----
*
* $Log$
+ * Revision 1.3 2002/05/30 19:40:41 dawidek
+ * syntax errors fixed
+ *
* Revision 1.2 2002/05/30 19:21:52 dawidek
* i have return to one global struct to all rules
***************
*** 261,269 ****
actrule.gid = p->p_cred->p_rgid;
actrule.req = ea->req;
!
if (rulecomp(CB_PTRACE_NO, &actrule) != 0) {
log(LOG_WARNING, "!!WARN!! Permission denied. %s", logbuf);
return (EACCES);
}
log(LOG_WARNING, "%s", logbuf);
--- 264,273 ----
actrule.gid = p->p_cred->p_rgid;
actrule.req = ea->req;
! /*
if (rulecomp(CB_PTRACE_NO, &actrule) != 0) {
log(LOG_WARNING, "!!WARN!! Permission denied. %s", logbuf);
return (EACCES);
}
+ */
log(LOG_WARNING, "%s", logbuf);
***************
*** 370,389 ****
return (ret);
*/
- return chmod(p, ea);
- }
-
-
-
-
-
-
-
-
-
-
-
- int
- n_chmod(register struct proc *p, register struct chmod_args *ea)
- {
return chmod(p, ea);
}
--- 374,377 ----
Index: lists.c
===================================================================
RCS file: /cvsroot/cerber/cerb-current/lists.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** lists.c 30 May 2002 19:21:52 -0000 1.4
--- lists.c 30 May 2002 19:40:41 -0000 1.5
***************
*** 47,51 ****
rule->inode = NULL;
rule->f_inode = NULL;
! rule->short = 0;
rule->req = NULL;
rule->f_req = NULL;
--- 47,51 ----
rule->inode = NULL;
rule->f_inode = NULL;
! rule->info = 0;
rule->req = NULL;
rule->f_req = NULL;
***************
*** 497,501 ****
if (getpart(rule, buf, cr_psep, 0) != 0 ||
getlen(buf, cr_vsep) == 0) {
! freerule(new, M_TEMP);
free(buf, M_TEMP);
continue;
--- 497,501 ----
if (getpart(rule, buf, cr_psep, 0) != 0 ||
getlen(buf, cr_vsep) == 0) {
! freerule(new);
free(buf, M_TEMP);
continue;
***************
*** 530,534 ****
if (filltab(CB_UID_T, (void **)&new->uid, &new->f_uid, rule,
3) != 0) {
! freerule(CB_PTRACE_NO, new);
free(buf, M_TEMP);
continue;
--- 530,534 ----
if (filltab(CB_UID_T, (void **)&new->uid, &new->f_uid, rule,
3) != 0) {
! freerule(new);
free(buf, M_TEMP);
continue;
***************
*** 557,561 ****
printf("debug:addrule: [buf=%s]\n", buf);
if (fillchartab(buf, &new->sname) != 0) {
! freerule(new, M_TEMP);
free(buf, M_TEMP);
continue;
--- 557,561 ----
printf("debug:addrule: [buf=%s]\n", buf);
if (fillchartab(buf, &new->sname) != 0) {
! freerule(new);
free(buf, M_TEMP);
continue;
***************
*** 602,606 ****
printf("debug:addrule: [buf=%s]\n", buf);
if (fillchartab(buf, &new->name) != 0) {
! freerule(new, M_TEMP);
free(buf, M_TEMP);
continue;
--- 602,606 ----
printf("debug:addrule: [buf=%s]\n", buf);
if (fillchartab(buf, &new->name) != 0) {
! freerule(new);
free(buf, M_TEMP);
continue;
***************
*** 659,663 ****
/* open done */
! if (nfun = CB_CHMOD_NO) {
if (filltab(CB_MODE_T, (void **)&new->perm,
&new->f_perm, rule, 7) != 0) {
--- 659,663 ----
/* open done */
! if (nfun == CB_CHMOD_NO) {
if (filltab(CB_MODE_T, (void **)&new->perm,
&new->f_perm, rule, 7) != 0) {
***************
*** 690,694 ****
/* sysctl done */
! if (nfun = CB_KILL_NO) {
if (filltab(CB_INT, (void **)&new->signum,
&new->f_signum, rule, 7) != 0) {
--- 690,694 ----
/* sysctl done */
! if (nfun == CB_KILL_NO) {
if (filltab(CB_INT, (void **)&new->signum,
&new->f_signum, rule, 7) != 0) {
***************
*** 702,706 ****
/* kill done */
! if (nfun = CB_CHFLAGS_NO) {
if (filltab(CB_U_LONG, (void **)&new->chflags,
&new->f_chflags, rule, 7) != 0) {
--- 702,706 ----
/* kill done */
! if (nfun == CB_CHFLAGS_NO) {
if (filltab(CB_U_LONG, (void **)&new->chflags,
&new->f_chflags, rule, 7) != 0) {
***************
*** 714,718 ****
/* chflags done */
! if (nfun = CB_RENAME_NO) {
/* new file names */
if (getpart(rule, buf, cr_psep, 7) != 0 ||
--- 714,718 ----
/* chflags done */
! if (nfun == CB_RENAME_NO) {
/* new file names */
if (getpart(rule, buf, cr_psep, 7) != 0 ||
***************
*** 736,740 ****
/* rename done */
! if (nfun = CB_CHOWN_NO) {
if (filltab(CB_UID_T, (void **)&new->ruid,
&new->f_ruid, rule, 7) != 0) {
--- 736,740 ----
/* rename done */
! if (nfun == CB_CHOWN_NO) {
if (filltab(CB_UID_T, (void **)&new->ruid,
&new->f_ruid, rule, 7) != 0) {
***************
*** 756,760 ****
/* chown done */
! if (nfun = CB_IOCTL_NO) {
if (filltab(CB_U_LONG, (void **)&new->com,
&new->f_com, rule, 7) != 0) {
--- 756,760 ----
/* chown done */
! if (nfun == CB_IOCTL_NO) {
if (filltab(CB_U_LONG, (void **)&new->com,
&new->f_com, rule, 7) != 0) {
***************
*** 768,772 ****
/* ioctl done */
! if (nfun = CB_SETUGID_NO) {
if (filltab(CB_UID_T, (void **)&new->ruid,
&new->f_ruid, rule, 5) != 0) {
--- 768,772 ----
/* ioctl done */
! if (nfun == CB_SETUGID_NO) {
if (filltab(CB_UID_T, (void **)&new->ruid,
&new->f_ruid, rule, 5) != 0) {
***************
*** 818,822 ****
}
! if (nfun = CB_REBOOT_NO) {
if (filltab(CB_INT, (void **)&new->howto,
&new->f_howto, rule, 5) != 0) {
--- 818,822 ----
}
! if (nfun == CB_REBOOT_NO) {
if (filltab(CB_INT, (void **)&new->howto,
&new->f_howto, rule, 5) != 0) {
***************
*** 840,844 ****
int
! addprotrule(char *rule)
{
return (0);
--- 840,844 ----
int
! addprotrules(char *rule)
{
return (0);
***************
*** 1010,1075 ****
uprintf("\n");
! tmp = tmp->next;
! }
! }
!
! return (0);
! }
!
! int
! showrules_chmod(void)
! {
! chmod_cb tmp;
! int i, j, no;
!
! for (i = 0; i <= 1; i++) {
! if (i == 0) {
! if ((tmp = chmod_suid_rules) == NULL)
! uprintf("No suid rules for chmod().\n");
! else
! uprintf("Suid rules for chmod():\n");
! } else {
! if ((tmp = chmod_nosuid_rules) == NULL)
! uprintf("No nosuid rules for chmod().\n");
! else
! uprintf("Nosuid rules for chmod():\n");
! }
!
! no = 0;
! while (tmp != NULL) {
! uprintf(" %3d. Process name(s): ", ++no);
! if (tmp->pname != NULL) {
! for (j = 0; tmp->pname[j] != NULL; j++) {
! uprintf("%s ", tmp->pname[j]);
! }
! }
uprintf("\n");
! uprintf(" Process inode: ");
! shownums(tmp->pinode, tmp->f_pinode, CB_INO_T);
uprintf("\n");
! uprintf(" Process real uid: ");
! shownums(tmp->uid, tmp->f_uid, CB_UID_T);
uprintf("\n");
! uprintf(" Process real gid: ");
! shownums(tmp->gid, tmp->f_gid, CB_GID_T);
uprintf("\n");
! uprintf(" File name(s): ", ++no);
! if (tmp->name != NULL) {
! for (j = 0; tmp->name[j] != NULL; j++) {
! uprintf("%s ", tmp->name[j]);
! }
! }
uprintf("\n");
! uprintf(" File inode(s): ");
! shownums(tmp->inode, tmp->f_inode, CB_INT);
uprintf("\n");
! uprintf(" File mode(s): ");
! shownums(tmp->perm, tmp->f_mode, CB_INT);
uprintf("\n");
--- 1010,1039 ----
uprintf("\n");
! uprintf(" Real uid: ");
! shownums(tmp->ruid, tmp->f_ruid, CB_UID_T);
uprintf("\n");
! uprintf(" Real gid: ");
! shownums(tmp->rgid, tmp->f_rgid, CB_GID_T);
uprintf("\n");
! uprintf(" Effective uid: ");
! shownums(tmp->euid, tmp->f_euid, CB_UID_T);
uprintf("\n");
! uprintf(" Effective gid: ");
! shownums(tmp->egid, tmp->f_egid, CB_GID_T);
uprintf("\n");
! uprintf(" Saved uid: ");
! shownums(tmp->svuid, tmp->f_svuid, CB_UID_T);
uprintf("\n");
! uprintf(" Saved gid: ");
! shownums(tmp->svgid, tmp->f_svgid, CB_GID_T);
uprintf("\n");
! uprintf(" Reboot() howto: ");
! shownums(tmp->howto, tmp->f_howto, CB_GID_T);
uprintf("\n");
***************
*** 1084,1159 ****
cleanrules(void)
{
! /*
! cleanrules_execve();
! */
! cleanrules_ptrace();
! /*
! cleanrules_open();
! */
! cleanrules_chmod();
!
! cleanrules_prot_file();
! cleanrules_prot_syscall();
! return;
! }
!
! void
! cleanrules_ptrace(void)
! {
! ptrace_cb act, tmp;
! int i;
!
! printf("[cerb:cleanrules] DEBUG: Cleaning ptrace() rules... ");
! for (i = 0; i <= 1; i++) {
! if (i == 0) {
! if ((act = ptrace_suid_rules) == NULL)
! continue;
! else
! ptrace_suid_rules = NULL;
! } else {
! if ((act = ptrace_nosuid_rules) == NULL)
! continue;
! else
! ptrace_nosuid_rules = NULL;
! }
!
! while (act != NULL) {
! tmp = act->next;
! freerule(CB_PTRACE_NO, (void *)act);
! act = tmp;
! }
! }
! printf("done.\n");
!
! return;
! }
!
! void
! cleanrules_chmod(void)
! {
! chmod_cb act, tmp;
int i;
! printf("[cerb:cleanrules] DEBUG: Cleaning chmod() rules... ");
! for (i = 0; i <= 1; i++) {
! if (i == 0) {
! if ((act = chmod_suid_rules) == NULL)
! continue;
! else
! chmod_suid_rules = NULL;
! } else {
! if ((act = chmod_nosuid_rules) == NULL)
! continue;
! else
! chmod_nosuid_rules = NULL;
! }
while (act != NULL) {
tmp = act->next;
! freerule(CB_CHMOD_NO, (void *)act);
act = tmp;
}
}
- printf("done.\n");
return;
--- 1048,1064 ----
cleanrules(void)
{
! struct cb_rule *act, *tmp;
int i;
! for (i = 0; i <= 31; i++) {
! if ((act = cb_rules[i]) == NULL)
! continue;
while (act != NULL) {
tmp = act->next;
! freerule(act);
act = tmp;
}
}
return;
***************
*** 1161,1198 ****
void
! cleanrules_prot_file(void)
! {
! prot_file act, tmp;
!
! printf("[cerb:cleanrules] DEBUG: Cleaning prot.file() rules... ");
! act = prot_file_rules;
! prot_file_rules = NULL;
!
! while (act != NULL) {
! tmp = act->next;
! freerule(CB_PROT_FILE_NO, (void *)act);
! act = tmp;
! }
! printf("done.\n");
!
! return;
! }
!
! void
! cleanrules_prot_syscall(void)
{
- prot_syscall act, tmp;
-
- printf("[cerb:cleanrules] DEBUG: Cleaning prot.syscall() rules... ");
- act = prot_syscall_rules;
- prot_syscall_rules = NULL;
-
- while (act != NULL) {
- tmp = act->next;
- freerule(CB_PROT_SYSCALL_NO, (void *)act);
- act = tmp;
- }
- printf("done.\n");
-
return;
}
--- 1066,1071 ----
void
! cleanprotrules(void)
{
return;
}
***************
*** 1212,1235 ****
rulecomp(int type, struct cb_action *rule)
{
- int err;
-
if (rule == NULL)
return (ERR_NULL);
! switch (type) {
! case CB_PTRACE_NO:
! err = rulecomp_prot_syscall(rule, CB_PTRACE_NO);
! return rulecomp_ptrace(rule, err);
! case CB_CHMOD_NO:
! if ((err = rulecomp_prot_syscall(rule, CB_PTRACE_NO)) == 0)
! err = rulecomp_prot_file(rule);
! return rulecomp_chmod(rule, scall);
! case CB_PROT_FILE_NO:
! return rulecomp_prot_file(rule, init);
! case CB_PROT_SYSCALL_NO:
! return rulecomp_prot_syscall(rule, init);
! }
! return (ERR_TYPE);
}
--- 1085,1094 ----
rulecomp(int type, struct cb_action *rule)
{
if (rule == NULL)
return (ERR_NULL);
! type += type + rule->suid;
! return (0);
}
***************
*** 1239,1246 ****
* ERR_PERM - proces powinien zostac zablokowany
*/
int
rulecomp_ptrace(struct cb_action *rule, int err)
{
! ptrace_cb act;
int i, ret, sc;
--- 1098,1106 ----
* ERR_PERM - proces powinien zostac zablokowany
*/
+ /*
int
rulecomp_ptrace(struct cb_action *rule, int err)
{
! act;
int i, ret, sc;
***************
*** 1281,1287 ****
}
! ret = ERR_PERM; /* jesli process byl nosuid, a pasuje nazwa i
* inode, to musi pasowac wszystko by zostal
! * przepuszczony */
if (numcomp(CB_UID_T, (void *)act->uid, act->f_uid,
--- 1141,1147 ----
}
! ret = ERR_PERM; * jesli process byl nosuid, a pasuje nazwa i
* inode, to musi pasowac wszystko by zostal
! * przepuszczony *
if (numcomp(CB_UID_T, (void *)act->uid, act->f_uid,
***************
*** 1310,1314 ****
return (ret);
}
!
/*
* 0 - sukces
--- 1170,1174 ----
return (ret);
}
! */
/*
* 0 - sukces
***************
*** 1316,1319 ****
--- 1176,1180 ----
* ERR_PERM - proces powinien zostac zablokowany
*/
+ /*
int
rulecomp_chmod(struct cb_action *rule, int err)
***************
*** 1358,1364 ****
}
! ret = ERR_PERM; /* jesli process byl nosuid, a pasuje nazwa i
* inode, to musi pasowac wszystko by zostal
! * przepuszczony */
if (numcomp(CB_UID_T, (void *)act->uid, act->f_uid,
--- 1219,1225 ----
}
! ret = ERR_PERM; * jesli process byl nosuid, a pasuje nazwa i
* inode, to musi pasowac wszystko by zostal
! * przepuszczony *
if (numcomp(CB_UID_T, (void *)act->uid, act->f_uid,
***************
*** 1410,1414 ****
return (ret);
}
!
/*
* 0 - pliku nie ma na liscie
--- 1271,1275 ----
return (ret);
}
! */
/*
* 0 - pliku nie ma na liscie
***************
*** 1424,1427 ****
--- 1285,1289 ----
* info - odczyt(0), modyfikacja(1), oba(2)
*/
+ /*
int
rulecomp_prot_file(struct cb_action *rule)
***************
*** 1485,1489 ****
return (0);
}
!
/*
* 0 - nie ma syscalla na liscie
--- 1347,1351 ----
return (0);
}
! */
/*
* 0 - nie ma syscalla na liscie
***************
*** 1495,1498 ****
--- 1357,1361 ----
* gid - gid procesu
*/
+ /*
int
rulecomp_prot_syscall(struct cb_action *rule, int scall)
***************
*** 1539,1543 ****
return (0);
}
!
/*
* 0 - sukces, liczba pasuje
--- 1402,1406 ----
return (0);
}
! */
/*
* 0 - sukces, liczba pasuje
Index: lists.h
===================================================================
RCS file: /cvsroot/cerber/cerb-current/lists.h,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** lists.h 30 May 2002 19:21:52 -0000 1.3
--- lists.h 30 May 2002 19:40:41 -0000 1.4
***************
*** 161,172 ****
} *crb_fd_head;
! int initrule(int type, void *rule);
- int freerule(int type, void *rule);
void cleanrules(void);
! void cleanrules_ptrace(void);
! void cleanrules_chmod(void);
! void cleanrules_prot_file(void);
! void cleanrules_prot_syscall(void);
int fillchartab(char *buf, char ***tab);
--- 161,172 ----
} *crb_fd_head;
! int initrule(struct cb_rule *rule);
! int initprotrule(struct cb_prot *rule);
!
! int freerule(struct cb_rule *rule);
! int freeprotrule(struct cb_prot *rule);
void cleanrules(void);
! void cleanprotrules(void);
int fillchartab(char *buf, char ***tab);
***************
*** 175,196 ****
int shownums(void *buf, char *f_buf, int type);
int showrules(char *type);
! int showrules_ptrace(void);
! int showrules_chmod(void);
! int showrules_prot_file(void);
! int showrules_prot_syscall(void);
int getnfun(char *rule, int *i);
int addrules(char *rules);
! int addrule_ptrace(char *rule);
! int addrule_chmod(char *rule);
! int addrule_prot_file(char *rule);
! int addrule_prot_syscall(char *rule);
! int rulecomp(int type, struct cb_action *rule, int init);
! int rulecomp_ptrace(struct cb_action *rule, int init);
! int rulecomp_chmod(struct cb_action *rule, int init);
! int rulecomp_prot_file(struct cb_action *rule);
! int rulecomp_prot_syscall(struct cb_action *rule);
int numcomp(int type, void *rptr, char *f_rptr, void *num);
--- 175,186 ----
int shownums(void *buf, char *f_buf, int type);
int showrules(char *type);
! int showprotrules(char *type);
int getnfun(char *rule, int *i);
int addrules(char *rules);
! int addprotrules(char *rules);
! int rulecomp(int type, struct cb_action *rule);
int numcomp(int type, void *rptr, char *f_rptr, void *num);
|