/* * Example cerb configuration file with macros/defines, etc. * * (c) 2002, 2003 Pawel Jakub Dawidek * * $Id: addons.cbh,v 1.33 2003/08/12 12:36:30 dawidek Exp $ */ #include #include #include #include #include #include #include #include #include "cerb_globals.h" #include "cerb_types.h" #ifdef errno #undef errno #endif #define LOGGING #ifdef LOGGING #define CB_LOGEXT(logthis, lvl, fmt, args...) \ if (logthis) { \ log(lvl, "CerbNG:%s:%s(): " fmt " (login=%s, pid=%u, " \ "ruid=%u:euid=%u:groups=%U)", pname, \ syscallname ,##args, login, pid, ruid, euid, \ groups); \ } #else #define CB_LOGEXT(logthis, lvl, fmt, args...) #endif #define CB_LOG(logthis, lvl, fmt, args...) \ if (logthis) { \ log(lvl, fmt ,##args); \ } #define CB_SYSCTL(name, args...) sysctl("cerb.user." name ,##args) #if CERB_VERSION < 2003060401 #define MKNULL(type) null(type) #endif #if CERB_VERSION >= 2003070401 #define gettabsize(tab) size(tab) #endif #if CERB_VERSION >= 2003033101 #define INITRUN() (syscall == SYS_MAXSYSCALL) #define REGISTER(policy) \ if (INITRUN()) { \ log(LOG_INFO, "CerbNG: Policy loaded: %s.", policy); \ } #else #define INITRUN() 0 #define REGISTER(policy) #endif /* Idea from Tomasz Pilat */ #define CB_PREPARE() ADD_ALLSYSCALLS(); \ reg[0] = call(); \ if (reg[0] != 0) { \ reg[1] = euid; \ reg[2] = sucall(); \ if (reg[2] == 0) { \ reg[3] = genstr("NEED0:%s:", syscallname); \ log(LOG_INFO, "%s Process: %s", reg[3], pname); \ log(LOG_INFO, "%s Executable: %s", reg[3], fname); \ log(LOG_INFO, "%s RealUid: %u", reg[3], ruid); \ log(LOG_INFO, "%sEffectiveUid: %u", reg[3], reg[1]); \ log(LOG_INFO, "%s Groups: %U", reg[3], groups); \ log(LOG_INFO, "%s Syscall: %s", reg[3], syscallname); \ if (syscall == SYS_open) { \ if (arg[1] & O_CREAT) { \ log(LOG_INFO, "%s Arguments: %s, %x, %o", reg[3], arg[0], arg[1], arg[2]); \ } else { \ log(LOG_INFO, "%s Arguments: %s, %x", reg[3], arg[0], arg[1]); \ } \ return reg[2]; \ } \ if (syscall == SYS_chmod || syscall == SYS_fchmod || syscall == SYS_lchmod) { \ log(LOG_INFO, "%s Arguments: %?, %o", reg[3], arg[0], arg[1]); \ return reg[2]; \ } \ log(LOG_INFO, "%s Arguments: %A", reg[3]); \ } \ return reg[2]; \ } \ return reg[0] #define ADD_ALLSYSCALLS() \ ADD_SYSCALL( \ SYS_execve, \ SYS_open, \ SYS_link, \ SYS_unlink, \ SYS_chmod, \ SYS_chown, \ SYS_socket, \ SYS_bind, \ SYS_setuid, \ SYS_getuid, \ SYS_seteuid, \ SYS_geteuid, \ SYS_setgid, \ SYS_getgid, \ SYS_setegid, \ SYS_getegid, \ SYS_chroot, \ SYS_setgroups, \ SYS_setlogin, \ SYS_setrlimit, \ SYS_kill, \ SYS_chdir, \ SYS_stat, \ SYS_lstat, \ SYS___sysctl, \ SYS_rename, \ SYS_getgroups, \ SYS_fchown, \ SYS_lchown, \ SYS_fchmod, \ SYS_lchmod, \ SYS_setreuid, \ SYS_setregid, \ SYS_chflags, \ SYS_fchflags, \ SYS_ioctl, \ SYS_utimes, \ SYS_recvmsg, \ SYS_sendmsg, \ SYS_recvfrom, \ SYS_accept, \ SYS_getpeername, \ SYS_getsockname, \ SYS_access, \ SYS_symlink, \ SYS_fcntl, \ SYS_setpriority, \ SYS_connect, \ SYS_getpriority, \ SYS_setsockopt, \ SYS_listen, \ SYS_getrusage, \ SYS_settimeofday, \ SYS_mkfifo, \ SYS_sendto, \ SYS_socketpair, \ SYS_mkdir, \ SYS_rmdir, \ SYS_adjtime, \ SYS_setsid, \ SYS_quotactl, \ SYS_getrlimit, \ SYS_truncate, \ SYS_ftruncate, \ SYS_getpgid, \ SYS_issetugid, \ SYS_lchown, \ SYS_getsid, \ SYS_jail, \ SYS_ktrace, \ SYS_ptrace, \ SYS_getresuid, \ SYS_getresgid, \ SYS___semctl, \ SYS_semget, \ SYS_semop, \ SYS_msgctl, \ SYS_msgget, \ SYS_msgsnd, \ SYS_msgrcv, \ SYS_shmat, \ SYS_shmctl, \ SYS_shmdt, \ SYS_shmget \ )