From: <da...@us...> - 2002-05-30 19:40:46
|
Update of /cvsroot/cerber/cerb-current In directory usw-pr-cvs1:/tmp/cvs-serv15306 Modified Files: cerb.c lists.c lists.h Log Message: syntax errors fixed Index: cerb.c =================================================================== RCS file: /cvsroot/cerber/cerb-current/cerb.c,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** cerb.c 30 May 2002 19:21:52 -0000 1.2 --- cerb.c 30 May 2002 19:40:41 -0000 1.3 *************** *** 7,10 **** --- 7,13 ---- * * $Log$ + * Revision 1.3 2002/05/30 19:40:41 dawidek + * syntax errors fixed + * * Revision 1.2 2002/05/30 19:21:52 dawidek * i have return to one global struct to all rules *************** *** 261,269 **** actrule.gid = p->p_cred->p_rgid; actrule.req = ea->req; ! if (rulecomp(CB_PTRACE_NO, &actrule) != 0) { log(LOG_WARNING, "!!WARN!! Permission denied. %s", logbuf); return (EACCES); } log(LOG_WARNING, "%s", logbuf); --- 264,273 ---- actrule.gid = p->p_cred->p_rgid; actrule.req = ea->req; ! /* if (rulecomp(CB_PTRACE_NO, &actrule) != 0) { log(LOG_WARNING, "!!WARN!! Permission denied. %s", logbuf); return (EACCES); } + */ log(LOG_WARNING, "%s", logbuf); *************** *** 370,389 **** return (ret); */ - return chmod(p, ea); - } - - - - - - - - - - - - int - n_chmod(register struct proc *p, register struct chmod_args *ea) - { return chmod(p, ea); } --- 374,377 ---- Index: lists.c =================================================================== RCS file: /cvsroot/cerber/cerb-current/lists.c,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** lists.c 30 May 2002 19:21:52 -0000 1.4 --- lists.c 30 May 2002 19:40:41 -0000 1.5 *************** *** 47,51 **** rule->inode = NULL; rule->f_inode = NULL; ! rule->short = 0; rule->req = NULL; rule->f_req = NULL; --- 47,51 ---- rule->inode = NULL; rule->f_inode = NULL; ! rule->info = 0; rule->req = NULL; rule->f_req = NULL; *************** *** 497,501 **** if (getpart(rule, buf, cr_psep, 0) != 0 || getlen(buf, cr_vsep) == 0) { ! freerule(new, M_TEMP); free(buf, M_TEMP); continue; --- 497,501 ---- if (getpart(rule, buf, cr_psep, 0) != 0 || getlen(buf, cr_vsep) == 0) { ! freerule(new); free(buf, M_TEMP); continue; *************** *** 530,534 **** if (filltab(CB_UID_T, (void **)&new->uid, &new->f_uid, rule, 3) != 0) { ! freerule(CB_PTRACE_NO, new); free(buf, M_TEMP); continue; --- 530,534 ---- if (filltab(CB_UID_T, (void **)&new->uid, &new->f_uid, rule, 3) != 0) { ! freerule(new); free(buf, M_TEMP); continue; *************** *** 557,561 **** printf("debug:addrule: [buf=%s]\n", buf); if (fillchartab(buf, &new->sname) != 0) { ! freerule(new, M_TEMP); free(buf, M_TEMP); continue; --- 557,561 ---- printf("debug:addrule: [buf=%s]\n", buf); if (fillchartab(buf, &new->sname) != 0) { ! freerule(new); free(buf, M_TEMP); continue; *************** *** 602,606 **** printf("debug:addrule: [buf=%s]\n", buf); if (fillchartab(buf, &new->name) != 0) { ! freerule(new, M_TEMP); free(buf, M_TEMP); continue; --- 602,606 ---- printf("debug:addrule: [buf=%s]\n", buf); if (fillchartab(buf, &new->name) != 0) { ! freerule(new); free(buf, M_TEMP); continue; *************** *** 659,663 **** /* open done */ ! if (nfun = CB_CHMOD_NO) { if (filltab(CB_MODE_T, (void **)&new->perm, &new->f_perm, rule, 7) != 0) { --- 659,663 ---- /* open done */ ! if (nfun == CB_CHMOD_NO) { if (filltab(CB_MODE_T, (void **)&new->perm, &new->f_perm, rule, 7) != 0) { *************** *** 690,694 **** /* sysctl done */ ! if (nfun = CB_KILL_NO) { if (filltab(CB_INT, (void **)&new->signum, &new->f_signum, rule, 7) != 0) { --- 690,694 ---- /* sysctl done */ ! if (nfun == CB_KILL_NO) { if (filltab(CB_INT, (void **)&new->signum, &new->f_signum, rule, 7) != 0) { *************** *** 702,706 **** /* kill done */ ! if (nfun = CB_CHFLAGS_NO) { if (filltab(CB_U_LONG, (void **)&new->chflags, &new->f_chflags, rule, 7) != 0) { --- 702,706 ---- /* kill done */ ! if (nfun == CB_CHFLAGS_NO) { if (filltab(CB_U_LONG, (void **)&new->chflags, &new->f_chflags, rule, 7) != 0) { *************** *** 714,718 **** /* chflags done */ ! if (nfun = CB_RENAME_NO) { /* new file names */ if (getpart(rule, buf, cr_psep, 7) != 0 || --- 714,718 ---- /* chflags done */ ! if (nfun == CB_RENAME_NO) { /* new file names */ if (getpart(rule, buf, cr_psep, 7) != 0 || *************** *** 736,740 **** /* rename done */ ! if (nfun = CB_CHOWN_NO) { if (filltab(CB_UID_T, (void **)&new->ruid, &new->f_ruid, rule, 7) != 0) { --- 736,740 ---- /* rename done */ ! if (nfun == CB_CHOWN_NO) { if (filltab(CB_UID_T, (void **)&new->ruid, &new->f_ruid, rule, 7) != 0) { *************** *** 756,760 **** /* chown done */ ! if (nfun = CB_IOCTL_NO) { if (filltab(CB_U_LONG, (void **)&new->com, &new->f_com, rule, 7) != 0) { --- 756,760 ---- /* chown done */ ! if (nfun == CB_IOCTL_NO) { if (filltab(CB_U_LONG, (void **)&new->com, &new->f_com, rule, 7) != 0) { *************** *** 768,772 **** /* ioctl done */ ! if (nfun = CB_SETUGID_NO) { if (filltab(CB_UID_T, (void **)&new->ruid, &new->f_ruid, rule, 5) != 0) { --- 768,772 ---- /* ioctl done */ ! if (nfun == CB_SETUGID_NO) { if (filltab(CB_UID_T, (void **)&new->ruid, &new->f_ruid, rule, 5) != 0) { *************** *** 818,822 **** } ! if (nfun = CB_REBOOT_NO) { if (filltab(CB_INT, (void **)&new->howto, &new->f_howto, rule, 5) != 0) { --- 818,822 ---- } ! if (nfun == CB_REBOOT_NO) { if (filltab(CB_INT, (void **)&new->howto, &new->f_howto, rule, 5) != 0) { *************** *** 840,844 **** int ! addprotrule(char *rule) { return (0); --- 840,844 ---- int ! addprotrules(char *rule) { return (0); *************** *** 1010,1075 **** uprintf("\n"); ! tmp = tmp->next; ! } ! } ! ! return (0); ! } ! ! int ! showrules_chmod(void) ! { ! chmod_cb tmp; ! int i, j, no; ! ! for (i = 0; i <= 1; i++) { ! if (i == 0) { ! if ((tmp = chmod_suid_rules) == NULL) ! uprintf("No suid rules for chmod().\n"); ! else ! uprintf("Suid rules for chmod():\n"); ! } else { ! if ((tmp = chmod_nosuid_rules) == NULL) ! uprintf("No nosuid rules for chmod().\n"); ! else ! uprintf("Nosuid rules for chmod():\n"); ! } ! ! no = 0; ! while (tmp != NULL) { ! uprintf(" %3d. Process name(s): ", ++no); ! if (tmp->pname != NULL) { ! for (j = 0; tmp->pname[j] != NULL; j++) { ! uprintf("%s ", tmp->pname[j]); ! } ! } uprintf("\n"); ! uprintf(" Process inode: "); ! shownums(tmp->pinode, tmp->f_pinode, CB_INO_T); uprintf("\n"); ! uprintf(" Process real uid: "); ! shownums(tmp->uid, tmp->f_uid, CB_UID_T); uprintf("\n"); ! uprintf(" Process real gid: "); ! shownums(tmp->gid, tmp->f_gid, CB_GID_T); uprintf("\n"); ! uprintf(" File name(s): ", ++no); ! if (tmp->name != NULL) { ! for (j = 0; tmp->name[j] != NULL; j++) { ! uprintf("%s ", tmp->name[j]); ! } ! } uprintf("\n"); ! uprintf(" File inode(s): "); ! shownums(tmp->inode, tmp->f_inode, CB_INT); uprintf("\n"); ! uprintf(" File mode(s): "); ! shownums(tmp->perm, tmp->f_mode, CB_INT); uprintf("\n"); --- 1010,1039 ---- uprintf("\n"); ! uprintf(" Real uid: "); ! shownums(tmp->ruid, tmp->f_ruid, CB_UID_T); uprintf("\n"); ! uprintf(" Real gid: "); ! shownums(tmp->rgid, tmp->f_rgid, CB_GID_T); uprintf("\n"); ! uprintf(" Effective uid: "); ! shownums(tmp->euid, tmp->f_euid, CB_UID_T); uprintf("\n"); ! uprintf(" Effective gid: "); ! shownums(tmp->egid, tmp->f_egid, CB_GID_T); uprintf("\n"); ! uprintf(" Saved uid: "); ! shownums(tmp->svuid, tmp->f_svuid, CB_UID_T); uprintf("\n"); ! uprintf(" Saved gid: "); ! shownums(tmp->svgid, tmp->f_svgid, CB_GID_T); uprintf("\n"); ! uprintf(" Reboot() howto: "); ! shownums(tmp->howto, tmp->f_howto, CB_GID_T); uprintf("\n"); *************** *** 1084,1159 **** cleanrules(void) { ! /* ! cleanrules_execve(); ! */ ! cleanrules_ptrace(); ! /* ! cleanrules_open(); ! */ ! cleanrules_chmod(); ! ! cleanrules_prot_file(); ! cleanrules_prot_syscall(); ! return; ! } ! ! void ! cleanrules_ptrace(void) ! { ! ptrace_cb act, tmp; ! int i; ! ! printf("[cerb:cleanrules] DEBUG: Cleaning ptrace() rules... "); ! for (i = 0; i <= 1; i++) { ! if (i == 0) { ! if ((act = ptrace_suid_rules) == NULL) ! continue; ! else ! ptrace_suid_rules = NULL; ! } else { ! if ((act = ptrace_nosuid_rules) == NULL) ! continue; ! else ! ptrace_nosuid_rules = NULL; ! } ! ! while (act != NULL) { ! tmp = act->next; ! freerule(CB_PTRACE_NO, (void *)act); ! act = tmp; ! } ! } ! printf("done.\n"); ! ! return; ! } ! ! void ! cleanrules_chmod(void) ! { ! chmod_cb act, tmp; int i; ! printf("[cerb:cleanrules] DEBUG: Cleaning chmod() rules... "); ! for (i = 0; i <= 1; i++) { ! if (i == 0) { ! if ((act = chmod_suid_rules) == NULL) ! continue; ! else ! chmod_suid_rules = NULL; ! } else { ! if ((act = chmod_nosuid_rules) == NULL) ! continue; ! else ! chmod_nosuid_rules = NULL; ! } while (act != NULL) { tmp = act->next; ! freerule(CB_CHMOD_NO, (void *)act); act = tmp; } } - printf("done.\n"); return; --- 1048,1064 ---- cleanrules(void) { ! struct cb_rule *act, *tmp; int i; ! for (i = 0; i <= 31; i++) { ! if ((act = cb_rules[i]) == NULL) ! continue; while (act != NULL) { tmp = act->next; ! freerule(act); act = tmp; } } return; *************** *** 1161,1198 **** void ! cleanrules_prot_file(void) ! { ! prot_file act, tmp; ! ! printf("[cerb:cleanrules] DEBUG: Cleaning prot.file() rules... "); ! act = prot_file_rules; ! prot_file_rules = NULL; ! ! while (act != NULL) { ! tmp = act->next; ! freerule(CB_PROT_FILE_NO, (void *)act); ! act = tmp; ! } ! printf("done.\n"); ! ! return; ! } ! ! void ! cleanrules_prot_syscall(void) { - prot_syscall act, tmp; - - printf("[cerb:cleanrules] DEBUG: Cleaning prot.syscall() rules... "); - act = prot_syscall_rules; - prot_syscall_rules = NULL; - - while (act != NULL) { - tmp = act->next; - freerule(CB_PROT_SYSCALL_NO, (void *)act); - act = tmp; - } - printf("done.\n"); - return; } --- 1066,1071 ---- void ! cleanprotrules(void) { return; } *************** *** 1212,1235 **** rulecomp(int type, struct cb_action *rule) { - int err; - if (rule == NULL) return (ERR_NULL); ! switch (type) { ! case CB_PTRACE_NO: ! err = rulecomp_prot_syscall(rule, CB_PTRACE_NO); ! return rulecomp_ptrace(rule, err); ! case CB_CHMOD_NO: ! if ((err = rulecomp_prot_syscall(rule, CB_PTRACE_NO)) == 0) ! err = rulecomp_prot_file(rule); ! return rulecomp_chmod(rule, scall); ! case CB_PROT_FILE_NO: ! return rulecomp_prot_file(rule, init); ! case CB_PROT_SYSCALL_NO: ! return rulecomp_prot_syscall(rule, init); ! } ! return (ERR_TYPE); } --- 1085,1094 ---- rulecomp(int type, struct cb_action *rule) { if (rule == NULL) return (ERR_NULL); ! type += type + rule->suid; ! return (0); } *************** *** 1239,1246 **** * ERR_PERM - proces powinien zostac zablokowany */ int rulecomp_ptrace(struct cb_action *rule, int err) { ! ptrace_cb act; int i, ret, sc; --- 1098,1106 ---- * ERR_PERM - proces powinien zostac zablokowany */ + /* int rulecomp_ptrace(struct cb_action *rule, int err) { ! act; int i, ret, sc; *************** *** 1281,1287 **** } ! ret = ERR_PERM; /* jesli process byl nosuid, a pasuje nazwa i * inode, to musi pasowac wszystko by zostal ! * przepuszczony */ if (numcomp(CB_UID_T, (void *)act->uid, act->f_uid, --- 1141,1147 ---- } ! ret = ERR_PERM; * jesli process byl nosuid, a pasuje nazwa i * inode, to musi pasowac wszystko by zostal ! * przepuszczony * if (numcomp(CB_UID_T, (void *)act->uid, act->f_uid, *************** *** 1310,1314 **** return (ret); } ! /* * 0 - sukces --- 1170,1174 ---- return (ret); } ! */ /* * 0 - sukces *************** *** 1316,1319 **** --- 1176,1180 ---- * ERR_PERM - proces powinien zostac zablokowany */ + /* int rulecomp_chmod(struct cb_action *rule, int err) *************** *** 1358,1364 **** } ! ret = ERR_PERM; /* jesli process byl nosuid, a pasuje nazwa i * inode, to musi pasowac wszystko by zostal ! * przepuszczony */ if (numcomp(CB_UID_T, (void *)act->uid, act->f_uid, --- 1219,1225 ---- } ! ret = ERR_PERM; * jesli process byl nosuid, a pasuje nazwa i * inode, to musi pasowac wszystko by zostal ! * przepuszczony * if (numcomp(CB_UID_T, (void *)act->uid, act->f_uid, *************** *** 1410,1414 **** return (ret); } ! /* * 0 - pliku nie ma na liscie --- 1271,1275 ---- return (ret); } ! */ /* * 0 - pliku nie ma na liscie *************** *** 1424,1427 **** --- 1285,1289 ---- * info - odczyt(0), modyfikacja(1), oba(2) */ + /* int rulecomp_prot_file(struct cb_action *rule) *************** *** 1485,1489 **** return (0); } ! /* * 0 - nie ma syscalla na liscie --- 1347,1351 ---- return (0); } ! */ /* * 0 - nie ma syscalla na liscie *************** *** 1495,1498 **** --- 1357,1361 ---- * gid - gid procesu */ + /* int rulecomp_prot_syscall(struct cb_action *rule, int scall) *************** *** 1539,1543 **** return (0); } ! /* * 0 - sukces, liczba pasuje --- 1402,1406 ---- return (0); } ! */ /* * 0 - sukces, liczba pasuje Index: lists.h =================================================================== RCS file: /cvsroot/cerber/cerb-current/lists.h,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** lists.h 30 May 2002 19:21:52 -0000 1.3 --- lists.h 30 May 2002 19:40:41 -0000 1.4 *************** *** 161,172 **** } *crb_fd_head; ! int initrule(int type, void *rule); - int freerule(int type, void *rule); void cleanrules(void); ! void cleanrules_ptrace(void); ! void cleanrules_chmod(void); ! void cleanrules_prot_file(void); ! void cleanrules_prot_syscall(void); int fillchartab(char *buf, char ***tab); --- 161,172 ---- } *crb_fd_head; ! int initrule(struct cb_rule *rule); ! int initprotrule(struct cb_prot *rule); ! ! int freerule(struct cb_rule *rule); ! int freeprotrule(struct cb_prot *rule); void cleanrules(void); ! void cleanprotrules(void); int fillchartab(char *buf, char ***tab); *************** *** 175,196 **** int shownums(void *buf, char *f_buf, int type); int showrules(char *type); ! int showrules_ptrace(void); ! int showrules_chmod(void); ! int showrules_prot_file(void); ! int showrules_prot_syscall(void); int getnfun(char *rule, int *i); int addrules(char *rules); ! int addrule_ptrace(char *rule); ! int addrule_chmod(char *rule); ! int addrule_prot_file(char *rule); ! int addrule_prot_syscall(char *rule); ! int rulecomp(int type, struct cb_action *rule, int init); ! int rulecomp_ptrace(struct cb_action *rule, int init); ! int rulecomp_chmod(struct cb_action *rule, int init); ! int rulecomp_prot_file(struct cb_action *rule); ! int rulecomp_prot_syscall(struct cb_action *rule); int numcomp(int type, void *rptr, char *f_rptr, void *num); --- 175,186 ---- int shownums(void *buf, char *f_buf, int type); int showrules(char *type); ! int showprotrules(char *type); int getnfun(char *rule, int *i); int addrules(char *rules); ! int addprotrules(char *rules); ! int rulecomp(int type, struct cb_action *rule); int numcomp(int type, void *rptr, char *f_rptr, void *num); |