* update to new module parameters interface. remove some of the
StudlyCaps.
* make sure jiffies is unsigned long in rate limiting
* remove extraneous zeroing of static data.
--- lsm-2.6/security/seclvl.c~seclvl.fix04 2004-02-12 20:03:05.000000000 -0800
+++ lsm-2.6/security/seclvl.c 2004-02-13 14:31:59.619009544 -0800
@@ -79,6 +79,7 @@
#include <linux/config.h>
#include <linux/module.h>
+#include <linux/moduleparam.h>
#include <linux/kernel.h>
#include <linux/init.h>
#include <linux/security.h>
@@ -106,14 +107,14 @@
#ifdef CONFIG_SECURITY_SECLVL_MODULE
static int initlvl = 1;
#else
-static int initlvl = 0;
+static int initlvl;
#endif
-MODULE_PARM(initlvl, "i");
+module_param(initlvl, int, 0);
MODULE_PARM_DESC(initlvl, "Initial secure level (defaults to 1)");
/* Module parameter that defines the verbosity level */
-static int verbosity = 0;
-MODULE_PARM(verbosity, "i");
+static int verbosity;
+module_param(verbosity, int, 0);
MODULE_PARM_DESC(verbosity, "Initial verbosity level (0 or 1; defaults to "
"0, which is Quiet)");
@@ -124,11 +125,13 @@
*
* This gets converted to its SHA1 hash when stored. It's probably
* not a good idea to use this parameter when loading seclvl from a
- * script; use sha1Password instead.
+ * script; use sha1_passwd instead.
*/
-static char *plaintextPassword = NULL;
-MODULE_PARM(plaintextPassword, "s");
-MODULE_PARM_DESC(plaintextPassword,
+
+#define MAX_PASSWD_SIZE 32
+static char passwd[MAX_PASSWD_SIZE];
+module_param_string(passwd, passwd, sizeof(passwd), 0);
+MODULE_PARM_DESC(passwd,
"Plaintext of password that sets seclvl=0 when written to "
"(sysfs mount point)/seclvl/passwd\n");
@@ -142,15 +145,16 @@
*
* echo -n "secret" | sha1sum
*/
-static char *sha1Password = NULL;
-MODULE_PARM(sha1Password, "s");
-MODULE_PARM_DESC(sha1Password,
+#define MAX_SHA1_PASSWD 41
+static char sha1_passwd[MAX_SHA1_PASSWD];
+module_param_string(sha1_passwd, sha1_passwd, sizeof(sha1_passwd), 0);
+MODULE_PARM_DESC(sha1_passwd,
"SHA1 hash (40 hexadecimal characters) of password that "
"sets seclvl=0 when plaintext password is written to "
"(sysfs mount point)/seclvl/passwd\n");
static int hideHash = 1;
-MODULE_PARM(hideHash, "i");
+module_param(hideHash, int, 0);
MODULE_PARM_DESC(hideHash, "When set to 0, reading seclvl/passwd from sysfs "
"will return the SHA1-hashed value of the password that "
"lowers the secure level to 0.\n");
@@ -164,17 +168,18 @@
/**
* This time-limits log writes to one per second.
*/
-#define seclvl_printk(verb, type, fmt, arg...) \
- do { \
- if (verbosity >= verb) { \
- static int priorTimestamp = 0; \
- if ((jiffies - priorTimestamp) < HZ) \
- break; \
- printk(type "%s: %s: " fmt, \
- MY_NAME, __FUNCTION__, \
- ## arg); \
- priorTimestamp = jiffies; \
- } \
+#define seclvl_printk(verb, type, fmt, arg...) \
+ do { \
+ if (verbosity >= verb) { \
+ static unsigned long _prior; \
+ unsigned long _now = jiffies; \
+ if ((_now - _prior) > HZ) { \
+ printk(type "%s: %s: " fmt, \
+ MY_NAME, __FUNCTION__, \
+ ## arg); \
+ _prior = _now; \
+ } \
+ } \
} while (0)
/**
@@ -396,7 +401,7 @@
unsigned char tmp[SHA1_DIGEST_SIZE];
int rc;
int len;
- if (!(plaintextPassword || sha1Password)) {
+ if (!*passwd && !*sha1_passwd) {
seclvl_printk(0, KERN_ERR, "Attempt to password-unlock the "
"seclvl module, but neither a plain text "
"password nor a SHA1 hashed password was "
@@ -683,25 +688,25 @@
{
int rc = 0;
hashedPassword[0] = '\0';
- if (plaintextPassword) {
- if (sha1Password) {
+ if (*passwd) {
+ if (*sha1_passwd) {
seclvl_printk(0, KERN_ERR, "Error: Both "
- "plaintextPassword and sha1Password "
+ "passwd and sha1_passwd "
"were set, but they are mutually "
"exclusive.\n");
rc = -EINVAL;
goto exit;
}
- if ((rc = plaintextToSha1(hashedPassword, plaintextPassword,
- strlen(plaintextPassword)))) {
+ if ((rc = plaintextToSha1(hashedPassword, passwd,
+ strlen(passwd)))) {
seclvl_printk(0, KERN_ERR, "Error: SHA1 support not "
"in kernel\n");
goto exit;
}
- memset(plaintextPassword, strlen(plaintextPassword), 0);
- } else if (sha1Password) { // Base 16
+ //memset(passwd, 0, strlen(passwd));
+ } else if (*sha1_passwd) { // Base 16
int i;
- i = strlen(sha1Password);
+ i = strlen(sha1_passwd);
if (i != (SHA1_DIGEST_SIZE * 2)) {
seclvl_printk(0, KERN_ERR, "Received [%d] bytes; "
"expected [%d] for the hexadecimal "
@@ -713,11 +718,11 @@
}
while ((i -= 2) + 2) {
unsigned char tmp;
- tmp = sha1Password[i + 2];
- sha1Password[i + 2] = '\0';
+ tmp = sha1_passwd[i + 2];
+ sha1_passwd[i + 2] = '\0';
hashedPassword[i / 2] = (unsigned char)
- simple_strtol(&sha1Password[i], NULL, 16);
- sha1Password[i + 2] = tmp;
+ simple_strtol(&sha1_passwd[i], NULL, 16);
+ sha1_passwd[i + 2] = tmp;
}
}
exit:
@@ -736,7 +741,7 @@
goto exit;
}
sysfs_create_file(&seclvl_subsys.kset.kobj, &seclvlfs_seclvl_attr.attr);
- if (plaintextPassword || sha1Password) {
+ if (*passwd || *sha1_passwd) {
sysfs_create_file(&seclvl_subsys.kset.kobj,
&seclvlfs_passwd_attr.attr);
}
@@ -768,6 +773,7 @@
"module parameter(s): rc = [%d]\n", rc);
goto exit;
}
+ printk("%s: passwd=%s\n", __func__, passwd);
/* register ourselves with the security framework */
if (register_security(&seclvl_ops)) {
seclvl_printk(0, KERN_ERR,
@@ -802,7 +808,7 @@
static void __exit seclvl_exit(void)
{
sysfs_remove_file(&seclvl_subsys.kset.kobj, &seclvlfs_seclvl_attr.attr);
- if (plaintextPassword || sha1Password) {
+ if (*passwd || *sha1_passwd) {
sysfs_remove_file(&seclvl_subsys.kset.kobj,
&seclvlfs_passwd_attr.attr);
}
This archive was generated by hypermail 2b30 : Fri Feb 13 2004 - 15:06:41 PST