version 1.5, 2007/06/12 18:19:46
|
version 1.6, 2007/07/24 19:53:14
|
|
|
EXECUTOR_OPEN_FILE_MESSAGE, | EXECUTOR_OPEN_FILE_MESSAGE, |
"${currentConfigFilePath}", | "${currentConfigFilePath}", |
"w", | "w", |
|
(S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) /* 0644 */ |
}, | }, |
{ | { |
EXECUTOR_RENAME_FILE_MESSAGE, | EXECUTOR_RENAME_FILE_MESSAGE, |
"${currentConfigFilePath}", | "${currentConfigFilePath}", |
"${currentConfigFilePath}.bak", | "${currentConfigFilePath}.bak", |
|
0, /* flags */ |
}, | }, |
{ | { |
EXECUTOR_REMOVE_FILE_MESSAGE, | EXECUTOR_REMOVE_FILE_MESSAGE, |
"${currentConfigFilePath}", | "${currentConfigFilePath}", |
NULL, | NULL, |
|
0, /* flags */ |
}, | }, |
{ | { |
EXECUTOR_REMOVE_FILE_MESSAGE, | EXECUTOR_REMOVE_FILE_MESSAGE, |
"${currentConfigFilePath}.bak", | "${currentConfigFilePath}.bak", |
NULL, | NULL, |
|
0, /* flags */ |
}, | }, |
/* cimserver_planned.conf policies */ | /* cimserver_planned.conf policies */ |
{ | { |
EXECUTOR_OPEN_FILE_MESSAGE, | EXECUTOR_OPEN_FILE_MESSAGE, |
"${plannedConfigFilePath}", | "${plannedConfigFilePath}", |
"w", | "w", |
|
(S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) /* 0644 */ |
}, | }, |
{ | { |
EXECUTOR_RENAME_FILE_MESSAGE, | EXECUTOR_RENAME_FILE_MESSAGE, |
"${plannedConfigFilePath}", | "${plannedConfigFilePath}", |
"${plannedConfigFilePath}.bak", | "${plannedConfigFilePath}.bak", |
|
0, /* flags */ |
}, | }, |
{ | { |
EXECUTOR_REMOVE_FILE_MESSAGE, | EXECUTOR_REMOVE_FILE_MESSAGE, |
"${plannedConfigFilePath}", | "${plannedConfigFilePath}", |
NULL, | NULL, |
|
0, /* flags */ |
}, | }, |
{ | { |
EXECUTOR_REMOVE_FILE_MESSAGE, | EXECUTOR_REMOVE_FILE_MESSAGE, |
"${plannedConfigFilePath}.bak", | "${plannedConfigFilePath}.bak", |
NULL, | NULL, |
|
0, /* flags */ |
}, | }, |
/* cimserver.passwd policies */ | /* cimserver.passwd policies */ |
{ | { |
EXECUTOR_OPEN_FILE_MESSAGE, | EXECUTOR_OPEN_FILE_MESSAGE, |
"${passwordFilePath}", | "${passwordFilePath}", |
"w", | "w", |
|
(S_IRUSR | S_IWUSR) /* 0600 */ |
}, | }, |
{ | { |
EXECUTOR_RENAME_FILE_MESSAGE, | EXECUTOR_RENAME_FILE_MESSAGE, |
"${passwordFilePath}.bak", | "${passwordFilePath}.bak", |
"${passwordFilePath}", | "${passwordFilePath}", |
|
0, /* flags */ |
}, | }, |
{ | { |
EXECUTOR_RENAME_FILE_MESSAGE, | EXECUTOR_RENAME_FILE_MESSAGE, |
"${passwordFilePath}", | "${passwordFilePath}", |
"${passwordFilePath}.bak", | "${passwordFilePath}.bak", |
|
0, /* flags */ |
}, | }, |
{ | { |
EXECUTOR_REMOVE_FILE_MESSAGE, | EXECUTOR_REMOVE_FILE_MESSAGE, |
"${passwordFilePath}.bak", | "${passwordFilePath}.bak", |
NULL, | NULL, |
|
0, /* flags */ |
}, | }, |
{ | { |
EXECUTOR_REMOVE_FILE_MESSAGE, | EXECUTOR_REMOVE_FILE_MESSAGE, |
"${passwordFilePath}", | "${passwordFilePath}", |
NULL, | NULL, |
|
0, /* flags */ |
}, | }, |
/* SSL key file policies. */ | /* SSL key file policies. */ |
{ | { |
EXECUTOR_OPEN_FILE_MESSAGE, | EXECUTOR_OPEN_FILE_MESSAGE, |
"${sslKeyFilePath}", | "${sslKeyFilePath}", |
"r", | "r", |
|
0, /* flags not used when opening a file for read access */ |
}, | }, |
/* SSL trust store policies. */ | /* SSL trust store policies. */ |
{ | { |
EXECUTOR_OPEN_FILE_MESSAGE, | EXECUTOR_OPEN_FILE_MESSAGE, |
"${sslTrustStore}/*", | "${sslTrustStore}/*", |
"w", | "w", |
|
(S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) /* 0644 */ |
}, | }, |
{ | { |
EXECUTOR_REMOVE_FILE_MESSAGE, | EXECUTOR_REMOVE_FILE_MESSAGE, |
"${sslTrustStore}/*", | "${sslTrustStore}/*", |
NULL, | NULL, |
|
0, /* flags */ |
}, | }, |
/* CRL store policies. */ | /* CRL store policies. */ |
{ | { |
EXECUTOR_OPEN_FILE_MESSAGE, | EXECUTOR_OPEN_FILE_MESSAGE, |
"${crlStore}/*", | "${crlStore}/*", |
"w", | "w", |
|
(S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) /* 0644 */ |
}, | }, |
{ | { |
EXECUTOR_REMOVE_FILE_MESSAGE, | EXECUTOR_REMOVE_FILE_MESSAGE, |
"${crlStore}/*", | "${crlStore}/*", |
NULL, | NULL, |
|
0, /* flags */ |
}, | }, |
}; | }; |
| |
|
|
size_t policyTableSize, | size_t policyTableSize, |
enum ExecutorMessageCode messageCode, | enum ExecutorMessageCode messageCode, |
const char* arg1, | const char* arg1, |
const char* arg2) |
const char* arg2, |
|
unsigned long* flags) |
{ | { |
size_t i; | size_t i; |
| |
|
/* Clear the flags. */ |
|
|
|
if (flags) |
|
*flags = 0; |
|
|
for (i = 0; i < policyTableSize; i++) | for (i = 0; i < policyTableSize; i++) |
{ | { |
const struct Policy* p; | const struct Policy* p; |
|
|
continue; | continue; |
} | } |
| |
|
/* Set the output flags argument. */ |
|
|
|
if (flags) |
|
*flags = p->flags; |
|
|
/* Found a matching policy! */ | /* Found a matching policy! */ |
|
|
return 0; | return 0; |
} | } |
| |
|
|
**============================================================================== | **============================================================================== |
*/ | */ |
| |
int CheckOpenFilePolicy(const char* path, int mode) |
int CheckOpenFilePolicy(const char* path, int mode, unsigned long* flags) |
{ | { |
char arg2[2]; | char arg2[2]; |
| |
|
|
arg2[1] = '\0'; | arg2[1] = '\0'; |
| |
if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize, | if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize, |
EXECUTOR_OPEN_FILE_MESSAGE, path, arg2) == 0) |
EXECUTOR_OPEN_FILE_MESSAGE, path, arg2, flags) == 0) |
{ | { |
Log(LL_TRACE, "CheckOpenFilePolicy(%s=\"%s\", %s='%c') passed", | Log(LL_TRACE, "CheckOpenFilePolicy(%s=\"%s\", %s='%c') passed", |
ARG(path), ARG(mode)); | ARG(path), ARG(mode)); |
|
|
int CheckRemoveFilePolicy(const char* path) | int CheckRemoveFilePolicy(const char* path) |
{ | { |
if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize, | if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize, |
EXECUTOR_REMOVE_FILE_MESSAGE, path, NULL) == 0) |
EXECUTOR_REMOVE_FILE_MESSAGE, path, NULL, NULL) == 0) |
{ | { |
Log(LL_TRACE, "CheckRemoveFilePolicy(%s=\"%s\") passed", ARG(path)); | Log(LL_TRACE, "CheckRemoveFilePolicy(%s=\"%s\") passed", ARG(path)); |
return 0; | return 0; |
|
|
int CheckRenameFilePolicy(const char* oldPath, const char* newPath) | int CheckRenameFilePolicy(const char* oldPath, const char* newPath) |
{ | { |
if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize, | if (CheckPolicy(_staticPolicyTable, _staticPolicyTableSize, |
EXECUTOR_RENAME_FILE_MESSAGE, oldPath, newPath) == 0) |
EXECUTOR_RENAME_FILE_MESSAGE, oldPath, newPath, NULL) == 0) |
{ | { |
Log(LL_TRACE, "CheckRenameFilePolicy(%s=\"%s\", %s=\"%s\") passed", | Log(LL_TRACE, "CheckRenameFilePolicy(%s=\"%s\", %s=\"%s\") passed", |
ARG(oldPath), ARG(newPath)); | ARG(oldPath), ARG(newPath)); |