From: Michael Halcrow <mhalcrow@us.ibm.com>
To: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Cc: Andrew Morton <akpm@osdl.org>, Michael Halcrow <mhalcrow@us.ibm.com>
Subject: [PATCH] BSD Secure Levels: nits, 2.6.11-rc2-mm1 (6/8)
Date: Mon, 7 Feb 2005 13:35:19 -0600 [thread overview]
Message-ID: <20050207193518.GE834@halcrow.us> (raw)
In-Reply-To: <20050207192108.GA776@halcrow.us>
[-- Attachment #1: Type: text/plain, Size: 194 bytes --]
This is the sixth in a series of eight patches to the BSD Secure
Levels LSM. It makes several trivial changes to make the code
consistent.
Signed off by: Michael Halcrow <mhalcrow@us.ibm.com>
[-- Attachment #2: seclvl_nits.patch --]
[-- Type: text/plain, Size: 8761 bytes --]
Index: linux-2.6.11-rc2-mm1-modules/security/seclvl.c
===================================================================
--- linux-2.6.11-rc2-mm1-modules.orig/security/seclvl.c 2005-02-03 15:41:46.043754544 -0600
+++ linux-2.6.11-rc2-mm1-modules/security/seclvl.c 2005-02-03 15:47:52.249082872 -0600
@@ -2,12 +2,12 @@
* BSD Secure Levels LSM
*
* Maintainers:
- * Michael A. Halcrow <mike@halcrow.us>
- * Serge Hallyn <hallyn@cs.wm.edu>
+ * Michael A. Halcrow <mhalcrow@us.ibm.com>
+ * Serge Hallyn <serue@us.ibm.com>
*
* Copyright (c) 2001 WireX Communications, Inc <chris@wirex.com>
* Copyright (c) 2001 Greg Kroah-Hartman <greg@kroah.com>
- * Copyright (c) 2002 International Business Machines <robb@austin.ibm.com>
+ * Copyright (c) 2002 International Business Machines <mhalcrow@us.ibm.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -30,9 +30,9 @@
#include <linux/proc_fs.h>
#include <linux/kobject.h>
#include <linux/crypto.h>
-#include <asm/scatterlist.h>
#include <linux/gfp.h>
#include <linux/sysfs.h>
+#include <asm/scatterlist.h>
#define SHA1_DIGEST_SIZE 20
@@ -93,9 +93,9 @@
"sets seclvl=0 when plaintext password is written to "
"(sysfs mount point)/seclvl/passwd\n");
-static int hideHash = 1;
-module_param(hideHash, int, 0);
-MODULE_PARM_DESC(hideHash, "When set to 0, reading seclvl/passwd from sysfs "
+static int hide_hash = 1;
+module_param(hide_hash, int, 0);
+MODULE_PARM_DESC(hide_hash, "When set to 0, reading seclvl/passwd from sysfs "
"will return the SHA1-hashed value of the password that "
"lowers the secure level to 0.\n");
@@ -123,7 +123,7 @@
struct subsystem seclvl_subsys;
struct seclvl_obj {
- char *name;
+ char * name;
struct list_head slot_list;
struct kobject kobj;
};
@@ -147,20 +147,20 @@
* unique for "passwd" and "seclvl".
*/
static ssize_t
-seclvl_attr_store(struct kobject *kobj,
- struct attribute *attr, const char *buf, size_t len)
+seclvl_attr_store(struct kobject * kobj,
+ struct attribute * attr, const char * buf, size_t len)
{
- struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj);
- struct seclvl_attribute *attribute =
+ struct seclvl_obj * obj = container_of(kobj, struct seclvl_obj, kobj);
+ struct seclvl_attribute * attribute =
container_of(attr, struct seclvl_attribute, attr);
return (attribute->store ? attribute->store(obj, buf, len) : 0);
}
static ssize_t
-seclvl_attr_show(struct kobject *kobj, struct attribute *attr, char *buf)
+seclvl_attr_show(struct kobject * kobj, struct attribute * attr, char * buf)
{
- struct seclvl_obj *obj = container_of(kobj, struct seclvl_obj, kobj);
- struct seclvl_attribute *attribute =
+ struct seclvl_obj * obj = container_of(kobj, struct seclvl_obj, kobj);
+ struct seclvl_attribute * attribute =
container_of(attr, struct seclvl_attribute, attr);
return (attribute->show ? attribute->show(obj, buf) : 0);
}
@@ -214,7 +214,7 @@
* Called whenever the user reads the sysfs handle to this kernel
* object
*/
-static ssize_t seclvl_read_file(struct seclvl_obj *obj, char *buff)
+static ssize_t seclvl_read_file(struct seclvl_obj * obj, char * buff)
{
return snprintf(buff, PAGE_SIZE, "%d\n", seclvl);
}
@@ -251,7 +251,7 @@
* object (seclvl/seclvl). It expects a single-digit number.
*/
static ssize_t
-seclvl_write_file(struct seclvl_obj *obj, const char *buff, size_t count)
+seclvl_write_file(struct seclvl_obj * obj, const char * buff, size_t count)
{
unsigned long val;
if (count > 2 || (count == 2 && buff[1] != '\n')) {
@@ -277,23 +277,23 @@
__ATTR(seclvl, (S_IFREG | S_IRUGO | S_IWUSR), seclvl_read_file,
seclvl_write_file);
-static unsigned char hashedPassword[SHA1_DIGEST_SIZE];
+static unsigned char hashed_password[SHA1_DIGEST_SIZE];
/**
* Called whenever the user reads the sysfs passwd handle.
*/
-static ssize_t seclvl_read_passwd(struct seclvl_obj *obj, char *buff)
+static ssize_t seclvl_read_passwd(struct seclvl_obj * obj, char * buff)
{
/* So just how good *is* your password? :-) */
char tmp[3];
int i = 0;
buff[0] = '\0';
- if (hideHash) {
+ if (hide_hash) {
/* Security through obscurity */
return 0;
}
while (i < SHA1_DIGEST_SIZE) {
- snprintf(tmp, 3, "%02x", hashedPassword[i]);
+ snprintf(tmp, 3, "%02x", hashed_password[i]);
strncat(buff, tmp, 2);
i++;
}
@@ -308,10 +308,10 @@
* people...
*/
static int
-plaintext_to_sha1(unsigned char *hash, const char *plaintext, int len)
+plaintext_to_sha1(unsigned char * hash, const char * plaintext, int len)
{
- char *pg_virt_addr;
- struct crypto_tfm *tfm;
+ char * pg_virt_addr;
+ struct crypto_tfm * tfm;
struct scatterlist sg[1];
if (len > PAGE_SIZE) {
seclvl_printk(0, KERN_ERR "%s: Plaintext password too large "
@@ -349,7 +349,7 @@
* object. It hashes the password and compares the hashed results.
*/
static ssize_t
-seclvl_write_passwd(struct seclvl_obj *obj, const char *buff, size_t count)
+seclvl_write_passwd(struct seclvl_obj * obj, const char * buff, size_t count)
{
int i;
unsigned char tmp[SHA1_DIGEST_SIZE];
@@ -377,7 +377,7 @@
return rc;
}
for (i = 0; i < SHA1_DIGEST_SIZE; i++) {
- if (hashedPassword[i] != tmp[i]) {
+ if (hashed_password[i] != tmp[i]) {
return -EPERM;
}
}
@@ -395,7 +395,8 @@
/**
* Explicitely disallow ptrace'ing the init process.
*/
-static int seclvl_ptrace(struct task_struct *parent, struct task_struct *child)
+static int
+seclvl_ptrace(struct task_struct * parent, struct task_struct * child)
{
if (seclvl >= 0) {
if (child->pid == 1) {
@@ -413,7 +414,7 @@
* Capability checks for seclvl. The majority of the policy
* enforcement for seclvl takes place here.
*/
-static int seclvl_capable(struct task_struct *tsk, int cap)
+static int seclvl_capable(struct task_struct * tsk, int cap)
{
/* init can do anything it wants */
if (tsk->pid == 1)
@@ -472,7 +473,7 @@
/**
* Disallow reversing the clock in seclvl > 1
*/
-static int seclvl_settime(struct timespec *tv, struct timezone *tz)
+static int seclvl_settime(struct timespec * tv, struct timezone * tz)
{
struct timespec now;
if (seclvl > 1) {
@@ -497,7 +498,7 @@
static int seclvl_bd_claim(struct file * filp)
{
int holder;
- struct block_device *bdev = NULL;
+ struct block_device * bdev = NULL;
dev_t dev = filp->f_dentry->d_inode->i_rdev;
bdev = open_by_devnum(dev, FMODE_WRITE);
if (bdev) {
@@ -615,7 +616,7 @@
/**
* Cannot unmount in secure level 2
*/
-static int seclvl_umount(struct vfsmount *mnt, int flags)
+static int seclvl_umount(struct vfsmount * mnt, int flags)
{
if (current->pid == 1) {
return 0;
@@ -643,10 +644,10 @@
/**
* Process the password-related module parameters
*/
-static int processPassword(void)
+static int process_password(void)
{
int rc = 0;
- hashedPassword[0] = '\0';
+ hashed_password[0] = '\0';
if (*passwd) {
if (*sha1_passwd) {
seclvl_printk(0, KERN_ERR "%s: Error: Both "
@@ -655,7 +656,7 @@
"exclusive.\n", __FUNCTION__);
return -EINVAL;
}
- if ((rc = plaintext_to_sha1(hashedPassword, passwd,
+ if ((rc = plaintext_to_sha1(hashed_password, passwd,
strlen(passwd)))) {
seclvl_printk(0, KERN_ERR "%s: Error: SHA1 support "
"not in kernel\n", __FUNCTION__);
@@ -678,7 +679,7 @@
unsigned char tmp;
tmp = sha1_passwd[i + 2];
sha1_passwd[i + 2] = '\0';
- hashedPassword[i / 2] = (unsigned char)
+ hashed_password[i / 2] = (unsigned char)
simple_strtol(&sha1_passwd[i], NULL, 16);
sha1_passwd[i + 2] = tmp;
}
@@ -689,7 +690,7 @@
/**
* Sysfs registrations
*/
-static int doSysfsRegistrations(void)
+static int do_sysfs_registrations(void)
{
int rc = 0;
if ((rc = subsystem_register(&seclvl_subsys))) {
@@ -726,7 +727,7 @@
goto exit;
}
seclvl = initlvl;
- if ((rc = processPassword())) {
+ if ((rc = process_password())) {
seclvl_printk(0, KERN_ERR "%s: Error processing the password "
"module parameter(s): rc = [%d]\n", __FUNCTION__,
rc);
@@ -746,7 +747,7 @@
} /* if primary module registered */
secondary = 1;
} /* if we registered ourselves with the security framework */
- if ((rc = doSysfsRegistrations())) {
+ if ((rc = do_sysfs_registrations())) {
seclvl_printk(0, KERN_ERR "%s: Error registering with sysfs\n",
__FUNCTION__);
goto exit;
@@ -783,6 +784,6 @@
module_init(seclvl_init);
module_exit(seclvl_exit);
-MODULE_AUTHOR("Michael A. Halcrow <mike@halcrow.us>");
+MODULE_AUTHOR("Michael A. Halcrow <mhalcrow@us.ibm.com>");
MODULE_DESCRIPTION("LSM implementation of the BSD Secure Levels");
MODULE_LICENSE("GPL");
next prev parent reply other threads:[~2005-02-07 19:50 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-07 19:21 [PATCH] BSD Secure Levels: printk overhaul, 2.6.11-rc2-mm1 (1/8) Michael Halcrow
2005-02-07 19:30 ` [PATCH] BSD Secure Levels: suid/sgid on directories; open/mknod issue, 2.6.11-rc2-mm1 (2/8) Michael Halcrow
2005-02-07 19:31 ` [PATCH] BSD Secure Levels: claim block dev in file struct rather than inode struct, 2.6.11-rc2-mm1 (3/8) Michael Halcrow
2005-02-07 22:26 ` Chris Wright
2005-02-07 22:41 ` Valdis.Kletnieks
2005-02-08 1:48 ` David Wagner
2005-02-08 2:10 ` Valdis.Kletnieks
2005-02-08 2:20 ` Chris Wright
2005-02-08 3:15 ` Valdis.Kletnieks
2005-02-08 14:33 ` David Wagner
2005-02-07 22:42 ` Valdis.Kletnieks
2005-02-08 17:24 ` Michael Halcrow
2005-02-08 17:47 ` Valdis.Kletnieks
2005-02-08 20:08 ` Serge E. Hallyn
2005-02-08 23:38 ` Chris Wright
2005-02-07 19:32 ` [PATCH] BSD Secure Levels: memory alloc failure check, 2.6.11-rc2-mm1 (4/8) Michael Halcrow
2005-02-07 19:34 ` [PATCH] BSD Secure Levels: allow setuid/setgid on process if root, 2.6.11-rc2-mm1 (5/8) Michael Halcrow
2005-02-07 19:35 ` Michael Halcrow [this message]
2005-02-08 23:43 ` [PATCH] BSD Secure Levels: nits, 2.6.11-rc2-mm1 (6/8) Chris Wright
2005-02-07 19:36 ` [PATCH] BSD Secure Levels: comment cleanups, 2.6.11-rc2-mm1 (7/8) Michael Halcrow
2005-02-07 19:37 ` [PATCH] BSD Secure Levels: remove ptrace, 2.6.11-rc2-mm1 (8/8) Michael Halcrow
2005-02-10 21:59 ` [PATCH] BSD Secure Levels: printk overhaul, 2.6.11-rc2-mm1 (1/8) Matt Mackall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050207193518.GE834@halcrow.us \
--to=mhalcrow@us.ibm.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.