[Cerber-commits] cerb-current cerb.c,1.6,1.7 lists.c,1.11,1.12 lists.h,1.9,1.10

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/cerber/cerb-current
In directory usw-pr-cvs1:/tmp/cvs-serv30467

Modified Files:
	cerb.c lists.c lists.h 
Log Message:
...

Index: cerb.c
===================================================================
RCS file: /cvsroot/cerber/cerb-current/cerb.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -C2 -d -r1.6 -r1.7
*** cerb.c	31 May 2002 18:08:49 -0000	1.6
--- cerb.c	31 May 2002 21:12:36 -0000	1.7
***************
*** 7,10 ****
--- 7,13 ----
   *
   * $Log$
+  * Revision 1.7  2002/05/31 21:12:36  dawidek
+  * ...
+  *
   * Revision 1.6  2002/05/31 18:08:49  dawidek
   * ...
***************
*** 265,269 ****
  		pinode = procva.va_fileid;

! 	snprintf(logbuf, LOGBUF_SIZE, "[cerb:ptrace] req: %d (called by %s, pid=%d, inode=%d) (uid=%d, gid=%d, euid=%d, egid=%d, svuid=%d, svgid=%d)\n", ea->req, p->p_comm, p->p_pid, pinode, p->p_cred->p_ruid, p->p_cred->p_rgid, p->p_ucred->cr_uid, p->p_ucred->cr_gid, p->p_cred->p_svuid, p->p_cred->p_svgid);

  	actrule.pname = p->p_comm;
--- 268,272 ----
  		pinode = procva.va_fileid;

! 	snprintf(logbuf, LOGBUF_SIZE, "[process=%s pid=%d inode=%d uid=%d gid=%d euid=%d egid=%d svuid=%d svgid=%d] [req=%d]\n", p->p_comm, p->p_pid, pinode, p->p_cred->p_ruid, p->p_cred->p_rgid, p->p_ucred->cr_uid, p->p_ucred->cr_gid, p->p_cred->p_svuid, p->p_cred->p_svgid, ea->req);

  	actrule.pname = p->p_comm;
***************
*** 274,279 ****
  	actrule.req = ea->req;

! 	if (rulecomp(CB_PTRACE_NO, &actrule) != 0) {
! 		log(LOG_WARNING, "!!WARN!! Permission denied. %s", logbuf);
  		return (EACCES);
  	}
--- 277,286 ----
  	actrule.req = ea->req;

! 	switch (rulecomp(CB_PTRACE_NO, &actrule)) {
! 	case ERR_PROT_SYSCALL:
! 		log(LOG_WARNING, "[cerb:ptrace] !!WARN!! (syscall protection) %s", logbuf);
! 		return (EACCES);
! 	case ERR_PERM:
! 		log(LOG_WARNING, "!!WARN!! (no permission) %s", logbuf);
  		return (EACCES);
  	}
***************
*** 293,297 ****
  n_chmod(register struct proc *p, register struct chmod_args *ea)
  {
! /*	struct nameidata	nd, *ndptr;
  	struct vattr	procva, va;
  	static char	fname[CHMOD_SIZE], logbuf[LOGBUF_SIZE];
--- 300,305 ----
  n_chmod(register struct proc *p, register struct chmod_args *ea)
  {
! /*
! 	struct nameidata	nd, *ndptr;
  	struct vattr	procva, va;
  	static char	fname[CHMOD_SIZE], logbuf[LOGBUF_SIZE];

Index: lists.c
===================================================================
RCS file: /cvsroot/cerber/cerb-current/lists.c,v
retrieving revision 1.11
retrieving revision 1.12
diff -C2 -d -r1.11 -r1.12
*** lists.c	31 May 2002 18:08:49 -0000	1.11
--- lists.c	31 May 2002 21:12:36 -0000	1.12
***************
*** 31,36 ****

  static struct cb_rule	*cb_rules[32];
- 
  static struct cb_prot	*cb_prots[4];

  /* ile argumentow potrzebuje */
--- 31,36 ----

  static struct cb_rule	*cb_rules[32];
  static struct cb_prot	*cb_prots[4];
+ static short cb_stat[16];

  /* ile argumentow potrzebuje */
***************
*** 62,65 ****
--- 62,71 ----
  };

+ int
+ active(int nfun)
+ {
+ 	return cb_stat[nfun];
+ }
+ 
  void
  initrules(void)
***************
*** 73,76 ****
--- 79,85 ----
  		cb_prots[i] = NULL;

+ 	for (i = 0; i < 16; i++)
+ 		cb_stat[i] = 0;
+ 
  	return;
  }
***************
*** 538,541 ****
--- 547,558 ----

  	nptr = nfun + nfun;
+ 	if (strcmp(rules, "on") == 0) {
+ 		cb_stat[nfun] = 1;
+ 		return (1);
+ 	} else if (strcmp(rules, "off") == 0) {
+ 		cb_stat[nfun] = 0;
+ 		return (1);
+ 	}
+ 
  	i = 0;
  	while (getpart(rules, rule, cr_rsep, i++) == 0) {
***************
*** 1624,1632 ****
  {
  	struct cb_prot	*act;
! 	int		i;

  	if (rule == NULL)
  		return (ERR_NULL);

  	act = cb_prots[nfun];
  	while (act != NULL) {
--- 1641,1666 ----
  {
  	struct cb_prot	*act;
! 	int		err, i;

  	if (rule == NULL)
  		return (ERR_NULL);

+ 	switch (nfun) {
+ 	case CB_PROT_FILE:
+ 		err = ERR_PROT_FILE;
+ 		break;
+ 	case CB_PROT_SYSCTL:
+ 		err = ERR_PROT_SYSCTL;
+ 		break;
+ 	case CB_PROT_PROC:
+ 		err = ERR_PROT_PROC;
+ 		break;
+ 	case CB_PROT_SYSCALL:
+ 		err = ERR_PROT_SYSCALL;
+ 		break;
+ 	default:
+ 		return (ERR_TYPE);
+ 	}
+ 
  	act = cb_prots[nfun];
  	while (act != NULL) {
***************
*** 1677,1690 ****
  				i++;
  			}
- 			act = act->next;
- 			continue;
- 		default:
- 			return (ERR_TYPE);
  		}
! 
! 		return (0);
  	}

! 	return (0);
  }

--- 1711,1719 ----
  				i++;
  			}
  		}
! 		act = act->next;
  	}

! 	return (err);
  }

Index: lists.h
===================================================================
RCS file: /cvsroot/cerber/cerb-current/lists.h,v
retrieving revision 1.9
retrieving revision 1.10
diff -C2 -d -r1.9 -r1.10
*** lists.h	31 May 2002 18:08:49 -0000	1.9
--- lists.h	31 May 2002 21:12:36 -0000	1.10
***************
*** 159,162 ****
--- 159,164 ----
  } *crb_fd_head;

+ int	active(int nfun);
+ 
  void	initrules(void);
  int	initrule(struct cb_rule *rule);