saf-process.c File Reference

---

Detailed Description

ES ESF Manager Request Processing.

This module satisfies requests made to the ESF API by attempting to resolve them from the cache (see saf-cache.c), and if that fails by iterating through the configured ESM Modules until one of them provides an authoritive response (see saf-esm.c). (If none of the ESM Modules provides an authoritive response, the request is rejected, per the secure-by-default rule.)

Definition in file saf-process.c.

Go to the source code of this file.

Defines
#define	saf78_SAFADMIN_DATA_AREAS
#define	SafCACHE_MAX_ENTITY_LEN   1024
#define	SafPT_UNKNOWN   (1u<<7)
#define	SafPT_GEN_ALLOWED   (1u<<0)
#define	SafPT_USE_ALLOWED   (1u<<1)
Functions
mf_uns32	SafProcInit (struct SafInit *Init)
	ESF Request Processing Initialization.
int	SafVerify (struct safpb_parameter_block *PBlock)
	Process a Verify Request.
int	SafAuth (struct safpb_parameter_block *PBlock)
	Process an Auth Request.
int	SafXauth (struct safpb_parameter_block *PBlock)
	Process an Xauth Request.
int	SafStat (struct safpb_parameter_block *PBlock)
	Process an Stat Request.
int	SafAudit (struct safpb_parameter_block *PBlock)
	Process an Audit Request.
int	SafAdmin (struct safpb_parameter_block *PBlock)
	Process an Admin Request.
int	SafUpdate (struct safpb_parameter_block *PBlock)
	Process an Admin Update Notification Request.

---

Function Documentation

mf_uns32 SafProcInit

(

struct SafInit *

Init

)

ESF Request Processing Initialization.

This function is invoked by the ESF Manager Initialization routine to initialize the request-processing layer.

Parameters:

[in]

Init

The ESF Manager initialization block

Returns:

An integer value, zero for success and non-zero if initialization failed. See ESF Manager Initialization Return Codes and ESF Manager Initialization Internal Return Codes.

Definition at line 171 of file saf-process.c.

References SafInit::Config, SafInit::ESMCnt, and SafINIT_OK.

int SafVerify

(

struct safpb_parameter_block *

PBlock

)

Process a Verify Request.

Pass a ESF API Verify request to the active ESM Modules.

Parameters:

[in,out]

PBlock

ESF API parameter block

Returns:

An integer value, as defined by the ESF API; see safapi.h.

Definition at line 201 of file saf-process.c.

References safpb_parameter_block::DISCRETE, SafACEE::Flag3, SafACEE::OperClass, SafACEE::OperId, SafACEE::RdAccessFlags, safpb_parameter_block::REQUESTS, SafACEE::ResourceKeys, safpb_parameter_block::RETCODES, saf78_RC_DATABASE_ERROR, saf78_RC_NO_USER_PROFILE, saf78_RC_PWRD_CHANGE_ERR, saf78_RC_PWRD_EXPIRED, saf78_RC_PWRD_INVALID, saf78_RC_SAFESM_INDEX, saf78_RC_TOKEN_REFUSED, saf78_RC_USER_NOT_IN_GROUP, saf78_RS_BAD_VALUE, saf78_SAF_RC_FAILURE, saf78_SAF_RC_NOT_COMPLETE, saf78_SAF_RC_PARM_ERROR, saf78_SAF_RC_SUCCESS, saf78_TYPE_ENVIR_DESTROY, saf78_TYPE_TOKEN_CREATE, saf78_TYPE_TOKEN_DELETE, saf78_VER_NO_PASSWORD, saf78_VER_PASSTOKEN, saf78_VER_PT_SURROGATE, saf78_VER_PT_TICKET, SafACEE_F3_DUID, SafACEE_F3_NPWR, SafAceeAlloc(), SafCasOldAcee, SafEsmCVerify(), SafEsmName(), SafESMRC_EXTERNAL, SafESMRC_FAIL, SafESMRC_MGRFAIL, SafESMRC_NOTIMPL, SafESMRC_OK, SafESMRC_PARAM, SafESMRC_RESOURCE, SafEventData(), SafLog(), SafMsgERR, SafMsgINFO, safpb_parameter_block::safpb_flag, safpb_parameter_block::safpb_safesm_index, safpb_parameter_block::safpb_type, safpb_verify::safpb_verify_ACEE_ptr, safpb_verify::safpb_verify_group, safpb_verify::safpb_verify_USERID_len, safpb_verify::safpb_verify_USERID_ptr, SafQueryCfg(), SafRaiseAuditEvent(), SafState(), SafSTRCMP, SafSTRCMP_CI, SafACEE::SecurityKeys, SafACEE::UserLen, SafACEE::UserResourceKeys, and safpb_parameter_block::VERIFY.

int SafAuth

(

struct safpb_parameter_block *

PBlock

)

Process an Auth Request.

Pass a ESF API Auth request to the active ESM Modules.

Parameters:

[in,out]

PBlock

ESF API parameter block

Returns:

An integer value, as defined by the ESF API; see safapi.h.

Definition at line 925 of file saf-process.c.

References safpb_parameter_block::AUTH, safpb_parameter_block::DISCRETE, safpb_parameter_block::REQUESTS, safpb_parameter_block::RETCODES, saf78_RC_ACCESS_INFO, saf78_RC_DATABASE_ERROR, saf78_RC_RESOURCE_NOT_PROT, saf78_RS_ACCESS_ALTER, saf78_RS_ACCESS_NONE, saf78_RS_NO_RESOURCE_PROF, saf78_SAF_RC_FAILURE, saf78_SAF_RC_NOT_COMPLETE, saf78_SAF_RC_SUCCESS, saf78_TYPE_ATTR_STATUS_ACC, SafACEE_NAME, SafEsmCAuth(), SafEsmName(), SafESMRC_EXTERNAL, SafESMRC_FAIL, SafESMRC_MGRFAIL, SafESMRC_NOTIMPL, SafESMRC_OK, SafESMRC_PARAM, SafESMRC_RESOURCE, SafEventData(), SafLog(), SafMsgERR, SafMsgINFO, safpb_auth::safpb_auth_ACEE_ptr, safpb_auth::safpb_auth_class, safpb_auth::safpb_auth_ENTITY_len, safpb_auth::safpb_auth_ENTITY_ptr, safpb_parameter_block::safpb_safesm_index, safpb_parameter_block::safpb_type, SafRaiseAuditEvent(), SafState(), SafACEE::User, and SafACEE::UserLen.

int SafXauth

(

struct safpb_parameter_block *

PBlock

)

Process an Xauth Request.

Pass a ESF API Xauth request to the active ESM Modules.

Parameters:

[in,out]

PBlock

ESF API parameter block

Returns:

An integer value, as defined by the ESF API; see safapi.h.

Definition at line 1226 of file saf-process.c.

References safpb_parameter_block::AUTH, safpb_parameter_block::DISCRETE, safpb_parameter_block::REQUESTS, safpb_parameter_block::RETCODES, saf78_PERM_ALTER, saf78_PERM_CONTROL, saf78_PERM_EXECUTE, saf78_PERM_READ, saf78_PERM_UPDATE, saf78_RC_DATABASE_ERROR, saf78_RC_RESOURCE_NOT_PROT, saf78_RS_NO_RESOURCE_PROF, saf78_SAF_RC_FAILURE, saf78_SAF_RC_NOT_COMPLETE, saf78_SAF_RC_SUCCESS, saf78_TYPE_ATTR_STATUS_ACC, SafACEE_NAME, SafEsmCXAuth(), SafEsmName(), SafESMRC_EXTERNAL, SafESMRC_FAIL, SafESMRC_MGRFAIL, SafESMRC_NOTIMPL, SafESMRC_OK, SafESMRC_PARAM, SafESMRC_RESOURCE, SafEventData(), SafLog(), SafMsgERR, SafMsgINFO, safpb_auth::safpb_auth_ACEE_ptr, safpb_parameter_block::safpb_safesm_index, safpb_parameter_block::safpb_type, safpb_xauth::safpb_xauth_ACEE_ptr, safpb_xauth::safpb_xauth_CLASS_len, safpb_xauth::safpb_xauth_CLASS_ptr, safpb_xauth::safpb_xauth_ENTITY_len, safpb_xauth::safpb_xauth_ENTITY_ptr, safpb_xauth::safpb_xauth_PERMISSIONS, SafRaiseAuditEvent(), SafState(), SafACEE::User, SafACEE::UserLen, and safpb_parameter_block::XAUTH.

int SafStat

(

struct safpb_parameter_block *

PBlock

)

Process an Stat Request.

Pass a ESF API Stat request to the active ESM Modules.

Parameters:

[in,out]

PBlock

ESF API parameter block

Returns:

An integer value, as defined by the ESF API; see safapi.h.

Definition at line 1526 of file saf-process.c.

References safpb_parameter_block::DISCRETE, safpb_parameter_block::RETCODES, and saf78_SAF_RC_NOT_COMPLETE.

int SafAudit

(

struct safpb_parameter_block *

PBlock

)

Process an Audit Request.

Pass a ESF API Audit request to the active ESM Modules.

Parameters:

[in,out]

PBlock

ESF API parameter block

Returns:

An integer value, as defined by the ESF API; see safapi.h.

Definition at line 1550 of file saf-process.c.

References safpb_parameter_block::DISCRETE, safpb_parameter_block::RETCODES, and saf78_SAF_RC_NOT_COMPLETE.

int SafAdmin

(

struct safpb_parameter_block *

PBlock

)

Process an Admin Request.

Pass a ESF API Admin request to the specified or active ESM Modules. If the ESM Index field (safpb_parameter_block::safpb_safesm_index) is nonzero, call only that module (indexed from 1); otherwise, call all enabled modules in turn.

Parameters:

[in,out]

PBlock

ESF API parameter block

Returns:

An integer value, as defined by the ESF API; see safapi.h.

Definition at line 1574 of file saf-process.c.

References safpb_parameter_block::ADMIN, safpb_parameter_block::DISCRETE, SafACEE::Flag3, safpb_parameter_block::REQUESTS, safpb_parameter_block::RETCODES, saf78_RC_DATABASE_ERROR, saf78_RC_DENIED, saf78_SAF_RC_FAILURE, saf78_SAF_RC_NOT_COMPLETE, saf78_TYPE_ADMIN_ADDCLASS, saf78_TYPE_ADMIN_ADDGROUP, saf78_TYPE_ADMIN_ADDRES, saf78_TYPE_ADMIN_ADDUSER, saf78_TYPE_ADMIN_ALTCLASS, saf78_TYPE_ADMIN_ALTGROUP, saf78_TYPE_ADMIN_ALTRES, saf78_TYPE_ADMIN_ALTUSER, saf78_TYPE_ADMIN_DELCLASS, saf78_TYPE_ADMIN_DELGROUP, saf78_TYPE_ADMIN_DELRES, saf78_TYPE_ADMIN_DELUSER, saf78_TYPE_ADMIN_FREELIST, saf78_TYPE_ADMIN_LISTCLASS, saf78_TYPE_ADMIN_LISTGROUP, saf78_TYPE_ADMIN_LISTRES, saf78_TYPE_ADMIN_LISTUSER, saf78_TYPE_ADMIN_SETOPTS, saf78_TYPE_ADMIN_SETPSWD, SafACEE_F3_NPWR, SafESM_MAX, SafEsmCAdmin(), SafEsmName(), SafESMRC_NOTIMPL, SafESMRC_OK, SafEventData(), SafLog(), SafMsgERR, SafMsgWARN, safpb_admin::safpb_admin_ACEE_ptr, safpb_admin::safpb_admin_LIST_ptr, safpb_parameter_block::safpb_safesm_index, safpb_parameter_block::safpb_type, SafQueryCfg(), SafRaiseAuditEvent(), and SafState().

int SafUpdate

(

struct safpb_parameter_block *

PBlock

)

Process an Admin Update Notification Request.

Handle a request that notifies us of an administrative change in an external security manager. See External Administrative Update Notification for more information.

Update notification processing takes the following steps:

1. Flush relevant information cached by ESF itself.

1. If this environment supports multiple processes using ESF and data in shared memory, cache the update request in shared memory for other ESF instances running under this environment and update the ESF update-tracking data. (This information is used by ESF instances to determine whether they've missed multiple updates, in which case they'll need to flush all private cached data.) Note that in these environments notification-request processing is globally serialized.

1. Pass the update notice on to one or more ESM Modules. If the ESM Index field (safpb_parameter_block::safpb_safesm_index) is nonzero, call only that module (indexed from 1); otherwise, call all enabled modules in turn.

Parameters:

[in,out]

PBlock

ESF API parameter block

Returns:

An integer value, as defined by the ESF API; see safapi.h.

Definition at line 2305 of file saf-process.c.

References safpb_parameter_block::DISCRETE, safpb_parameter_block::REQUESTS, safpb_parameter_block::RETCODES, saf78_RC_DATABASE_ERROR, saf78_SAF_RC_FAILURE, saf78_SAF_RC_NOT_COMPLETE, SafCACHE_MAX_ENTITY_LEN, SafESM_UPDATE, SafEsmCUpdate(), SafEsmName(), SafESMRC_NOTIMPL, SafESMRC_OK, SafEventData(), SafLog(), SafMsgERR, SafMsgINFO, SafMsgWARN, safpb_parameter_block::safpb_safesm_index, safpb_update::safpb_update_ACEE_ptr, safpb_update::safpb_update_ENTITY_len, safpb_update::safpb_update_ENTITY_ptr, SafRaiseAuditEvent(), SafState(), safpb_parameter_block::UPDATE, SafACEE::User, and SafACEE::UserLen.