Logo Search packages:      
Sourcecode: samhain version File versions  Download package

trustfile.h

/*
 * This is the header file for the trust function
 *
 * Author information:
 * Matt Bishop
 * Department of Computer Science
 * University of California at Davis
 * Davis, CA  95616-8562
 * phone (916) 752-8060
 * email bishop@cs.ucdavis.edu
 *
 * This code is placed in the public domain.  I do ask that
 * you keep my name associated with it, that you not represent
 * it as written by you, and that you preserve these comments.
 * This software is provided "as is" and without any guarantees
 * of any sort.
 */
/*
 * trustfile return codes
 */
#define     TF_ERROR    -1    /* can't check -- error */
#define     TF_NO        0    /* file isn't trustworthy */
#define     TF_YES             1    /* file is trustworthy */

/*
 * error codes
 */
#define TF_BADFILE      1     /* file name illegal */
#define TF_BADNAME      2     /* name not valid (prob. ran out of room) */
#define TF_BADSTAT      3     /* stat of file failed (see errno for why) */
#define TF_NOROOM 4     /* not enough allocated space */

/*
 * untrustworthy codes
 */
#define TF_BADUID 10    /* owner nmot trustworthy */
#define TF_BADGID 11    /* group writeable and member not trustworthy */
#define TF_BADOTH 12    /* anyone can write it */

/*
 * the basic constant -- what is the longest path name possible?
 * It should be at least the max path length as defined by system
 * + 4 ("/../") + max file name length as defined by system; this
 * should rarely fail (I rounded it up to 2048)
 */
#define MAXFILENAME     2048

/*
 * function declaration
 *
 * #ifdef __STDC__
 * extern int trustfile(char *, int *, int *);
 * #else
 * extern int trustfile();
 * #endif
 */
/*
 * these are useful global variables
 *
 * first set: who you gonna trust, by default?
 *    if the user does not specify a trusted or untrusted set of users,
 *    all users are considered untrusted EXCEPT:
 *    UID 0 -- root     as root can do anything on most UNIX systems, this
 *                seems reasonable
 *    tf_euid -- programmer-selectable UID
 *                if the caller specifies a specific UID by putting
 *                it in this variable, it will be trusted; this is
 *                typically used to trust the effective UID of the
 *                process (note: NOT the real UID, which will cause all
 *                sorts of problems!)  By default, this is set to -1,
 *                so if it's not set, root is the only trusted user
 */
extern uid_t tf_euid;               /* space for EUID of process */

/*
 * second set: how do you report problems?
 *    tf_errno    on return when an error has occurred, this is set
 *                to the code indicating the reason for the error:
 *                   TF_BADFILE     passed NULL for pointer to file name
 *                   TF_BADNAME     could not expand to full path name
 *                   TF_BADSTAT     stat failed; usu. file doesn't exist
 *                   TF_BADUID      owner untrusted
 *                   TF_BADGID      group untrusted & can write
 *                   TF_BADOTH      anyone can write
 *                the value is preserved across calls where no error
 *                occurs, just like errno(2)
 *    tf_path           if error occurs and a file name is involved, this
 *                contains the file name causing the problem
 */
extern char tf_path[MAXFILENAME];   /* error path for trust function */

extern uid_t rootonly[];
extern int  EUIDSLOT;


Generated by  Doxygen 1.6.0   Back to index