From: <da...@us...> - 2002-05-31 21:12:41
|
Update of /cvsroot/cerber/cerb-current In directory usw-pr-cvs1:/tmp/cvs-serv30467 Modified Files: cerb.c lists.c lists.h Log Message: ... Index: cerb.c =================================================================== RCS file: /cvsroot/cerber/cerb-current/cerb.c,v retrieving revision 1.6 retrieving revision 1.7 diff -C2 -d -r1.6 -r1.7 *** cerb.c 31 May 2002 18:08:49 -0000 1.6 --- cerb.c 31 May 2002 21:12:36 -0000 1.7 *************** *** 7,10 **** --- 7,13 ---- * * $Log$ + * Revision 1.7 2002/05/31 21:12:36 dawidek + * ... + * * Revision 1.6 2002/05/31 18:08:49 dawidek * ... *************** *** 265,269 **** pinode = procva.va_fileid; ! snprintf(logbuf, LOGBUF_SIZE, "[cerb:ptrace] req: %d (called by %s, pid=%d, inode=%d) (uid=%d, gid=%d, euid=%d, egid=%d, svuid=%d, svgid=%d)\n", ea->req, p->p_comm, p->p_pid, pinode, p->p_cred->p_ruid, p->p_cred->p_rgid, p->p_ucred->cr_uid, p->p_ucred->cr_gid, p->p_cred->p_svuid, p->p_cred->p_svgid); actrule.pname = p->p_comm; --- 268,272 ---- pinode = procva.va_fileid; ! snprintf(logbuf, LOGBUF_SIZE, "[process=%s pid=%d inode=%d uid=%d gid=%d euid=%d egid=%d svuid=%d svgid=%d] [req=%d]\n", p->p_comm, p->p_pid, pinode, p->p_cred->p_ruid, p->p_cred->p_rgid, p->p_ucred->cr_uid, p->p_ucred->cr_gid, p->p_cred->p_svuid, p->p_cred->p_svgid, ea->req); actrule.pname = p->p_comm; *************** *** 274,279 **** actrule.req = ea->req; ! if (rulecomp(CB_PTRACE_NO, &actrule) != 0) { ! log(LOG_WARNING, "!!WARN!! Permission denied. %s", logbuf); return (EACCES); } --- 277,286 ---- actrule.req = ea->req; ! switch (rulecomp(CB_PTRACE_NO, &actrule)) { ! case ERR_PROT_SYSCALL: ! log(LOG_WARNING, "[cerb:ptrace] !!WARN!! (syscall protection) %s", logbuf); ! return (EACCES); ! case ERR_PERM: ! log(LOG_WARNING, "!!WARN!! (no permission) %s", logbuf); return (EACCES); } *************** *** 293,297 **** n_chmod(register struct proc *p, register struct chmod_args *ea) { ! /* struct nameidata nd, *ndptr; struct vattr procva, va; static char fname[CHMOD_SIZE], logbuf[LOGBUF_SIZE]; --- 300,305 ---- n_chmod(register struct proc *p, register struct chmod_args *ea) { ! /* ! struct nameidata nd, *ndptr; struct vattr procva, va; static char fname[CHMOD_SIZE], logbuf[LOGBUF_SIZE]; Index: lists.c =================================================================== RCS file: /cvsroot/cerber/cerb-current/lists.c,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** lists.c 31 May 2002 18:08:49 -0000 1.11 --- lists.c 31 May 2002 21:12:36 -0000 1.12 *************** *** 31,36 **** static struct cb_rule *cb_rules[32]; - static struct cb_prot *cb_prots[4]; /* ile argumentow potrzebuje */ --- 31,36 ---- static struct cb_rule *cb_rules[32]; static struct cb_prot *cb_prots[4]; + static short cb_stat[16]; /* ile argumentow potrzebuje */ *************** *** 62,65 **** --- 62,71 ---- }; + int + active(int nfun) + { + return cb_stat[nfun]; + } + void initrules(void) *************** *** 73,76 **** --- 79,85 ---- cb_prots[i] = NULL; + for (i = 0; i < 16; i++) + cb_stat[i] = 0; + return; } *************** *** 538,541 **** --- 547,558 ---- nptr = nfun + nfun; + if (strcmp(rules, "on") == 0) { + cb_stat[nfun] = 1; + return (1); + } else if (strcmp(rules, "off") == 0) { + cb_stat[nfun] = 0; + return (1); + } + i = 0; while (getpart(rules, rule, cr_rsep, i++) == 0) { *************** *** 1624,1632 **** { struct cb_prot *act; ! int i; if (rule == NULL) return (ERR_NULL); act = cb_prots[nfun]; while (act != NULL) { --- 1641,1666 ---- { struct cb_prot *act; ! int err, i; if (rule == NULL) return (ERR_NULL); + switch (nfun) { + case CB_PROT_FILE: + err = ERR_PROT_FILE; + break; + case CB_PROT_SYSCTL: + err = ERR_PROT_SYSCTL; + break; + case CB_PROT_PROC: + err = ERR_PROT_PROC; + break; + case CB_PROT_SYSCALL: + err = ERR_PROT_SYSCALL; + break; + default: + return (ERR_TYPE); + } + act = cb_prots[nfun]; while (act != NULL) { *************** *** 1677,1690 **** i++; } - act = act->next; - continue; - default: - return (ERR_TYPE); } ! ! return (0); } ! return (0); } --- 1711,1719 ---- i++; } } ! act = act->next; } ! return (err); } Index: lists.h =================================================================== RCS file: /cvsroot/cerber/cerb-current/lists.h,v retrieving revision 1.9 retrieving revision 1.10 diff -C2 -d -r1.9 -r1.10 *** lists.h 31 May 2002 18:08:49 -0000 1.9 --- lists.h 31 May 2002 21:12:36 -0000 1.10 *************** *** 159,162 **** --- 159,164 ---- } *crb_fd_head; + int active(int nfun); + void initrules(void); int initrule(struct cb_rule *rule); |