20 |
|
|
21 |
/************************* VARIABLES *************************/ |
/************************* VARIABLES *************************/ |
22 |
|
|
23 |
extern struct semaphore domain_acl_lock; |
extern struct mutex domain_acl_lock; |
24 |
|
|
25 |
/************************* AUDIT FUNCTIONS *************************/ |
/************************* AUDIT FUNCTIONS *************************/ |
26 |
|
|
47 |
|
|
48 |
static int AddAddressGroupEntry(const char *group_name, const bool is_ipv6, const u16 *min_address, const u16 *max_address, const bool is_delete) |
static int AddAddressGroupEntry(const char *group_name, const bool is_ipv6, const u16 *min_address, const u16 *max_address, const bool is_delete) |
49 |
{ |
{ |
50 |
static DECLARE_MUTEX(lock); |
static DEFINE_MUTEX(lock); |
51 |
struct address_group_entry *new_group, *group; |
struct address_group_entry *new_group, *group; |
52 |
struct address_group_member *new_member, *member; |
struct address_group_member *new_member, *member; |
53 |
const struct path_info *saved_group_name; |
const struct path_info *saved_group_name; |
54 |
int error = -ENOMEM; |
int error = -ENOMEM; |
55 |
if (!IsCorrectPath(group_name, 0, 0, 0, __FUNCTION__) || !group_name[0]) return -EINVAL; |
if (!IsCorrectPath(group_name, 0, 0, 0, __FUNCTION__) || !group_name[0]) return -EINVAL; |
56 |
if ((saved_group_name = SaveName(group_name)) == NULL) return -ENOMEM; |
if ((saved_group_name = SaveName(group_name)) == NULL) return -ENOMEM; |
57 |
down(&lock); |
mutex_lock(&lock); |
58 |
for (group = group_list; group; group = group->next) { |
for (group = group_list; group; group = group->next) { |
59 |
if (saved_group_name != group->group_name) continue; |
if (saved_group_name != group->group_name) continue; |
60 |
for (member = group->first_member; member; member = member->next) { |
for (member = group->first_member; member; member = member->next) { |
102 |
} |
} |
103 |
error = 0; |
error = 0; |
104 |
out: |
out: |
105 |
up(&lock); |
mutex_unlock(&lock); |
106 |
return error; |
return error; |
107 |
} |
} |
108 |
|
|
258 |
int error = -ENOMEM; |
int error = -ENOMEM; |
259 |
const u32 min_ip = ntohl(*min_address), max_ip = ntohl(*max_address); /* using host byte order to allow u32 comparison than memcmp().*/ |
const u32 min_ip = ntohl(*min_address), max_ip = ntohl(*max_address); /* using host byte order to allow u32 comparison than memcmp().*/ |
260 |
if (!domain) return -EINVAL; |
if (!domain) return -EINVAL; |
261 |
down(&domain_acl_lock); |
mutex_lock(&domain_acl_lock); |
262 |
if (!is_delete) { |
if (!is_delete) { |
263 |
if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry; |
if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry; |
264 |
while (1) { |
while (1) { |
328 |
break; |
break; |
329 |
} |
} |
330 |
} |
} |
331 |
up(&domain_acl_lock); |
mutex_unlock(&domain_acl_lock); |
332 |
return error; |
return error; |
333 |
} |
} |
334 |
|
|
438 |
return -EINVAL; |
return -EINVAL; |
439 |
} |
} |
440 |
|
|
441 |
int CheckNetworkListenACL(const u8 is_ipv6, const u8 *address, const u16 port) |
int CheckNetworkListenACL(const _Bool is_ipv6, const u8 *address, const u16 port) |
442 |
{ |
{ |
443 |
return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_LISTEN, (const u32 *) address, ntohs(port)); |
return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_LISTEN, (const u32 *) address, ntohs(port)); |
444 |
} |
} |
445 |
EXPORT_SYMBOL(CheckNetworkListenACL); |
EXPORT_SYMBOL(CheckNetworkListenACL); |
446 |
|
|
447 |
int CheckNetworkConnectACL(const u8 is_ipv6, const int sock_type, const u8 *address, const u16 port) |
int CheckNetworkConnectACL(const _Bool is_ipv6, const int sock_type, const u8 *address, const u16 port) |
448 |
{ |
{ |
449 |
return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_CONNECT : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT), (const u32 *) address, ntohs(port)); |
return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_CONNECT : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT), (const u32 *) address, ntohs(port)); |
450 |
} |
} |
451 |
EXPORT_SYMBOL(CheckNetworkConnectACL); |
EXPORT_SYMBOL(CheckNetworkConnectACL); |
452 |
|
|
453 |
int CheckNetworkBindACL(const u8 is_ipv6, const int sock_type, const u8 *address, const u16 port) |
int CheckNetworkBindACL(const _Bool is_ipv6, const int sock_type, const u8 *address, const u16 port) |
454 |
{ |
{ |
455 |
return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_BIND : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_BIND : NETWORK_ACL_RAW_BIND), (const u32 *) address, ntohs(port)); |
return CheckNetworkEntry(is_ipv6, sock_type == SOCK_STREAM ? NETWORK_ACL_TCP_BIND : (sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_BIND : NETWORK_ACL_RAW_BIND), (const u32 *) address, ntohs(port)); |
456 |
} |
} |
457 |
EXPORT_SYMBOL(CheckNetworkBindACL); |
EXPORT_SYMBOL(CheckNetworkBindACL); |
458 |
|
|
459 |
int CheckNetworkAcceptACL(const u8 is_ipv6, const u8 *address, const u16 port) |
int CheckNetworkAcceptACL(const _Bool is_ipv6, const u8 *address, const u16 port) |
460 |
{ |
{ |
461 |
return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_ACCEPT, (const u32 *) address, ntohs(port)); |
return CheckNetworkEntry(is_ipv6, NETWORK_ACL_TCP_ACCEPT, (const u32 *) address, ntohs(port)); |
462 |
} |
} |
463 |
EXPORT_SYMBOL(CheckNetworkAcceptACL); |
EXPORT_SYMBOL(CheckNetworkAcceptACL); |
464 |
|
|
465 |
int CheckNetworkSendMsgACL(const u8 is_ipv6, const int sock_type, const u8 *address, const u16 port) |
int CheckNetworkSendMsgACL(const _Bool is_ipv6, const int sock_type, const u8 *address, const u16 port) |
466 |
{ |
{ |
467 |
return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port)); |
return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port)); |
468 |
} |
} |
469 |
EXPORT_SYMBOL(CheckNetworkSendMsgACL); |
EXPORT_SYMBOL(CheckNetworkSendMsgACL); |
470 |
|
|
471 |
int CheckNetworkRecvMsgACL(const u8 is_ipv6, const int sock_type, const u8 *address, const u16 port) |
int CheckNetworkRecvMsgACL(const _Bool is_ipv6, const int sock_type, const u8 *address, const u16 port) |
472 |
{ |
{ |
473 |
return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port)); |
return CheckNetworkEntry(is_ipv6, sock_type == SOCK_DGRAM ? NETWORK_ACL_UDP_CONNECT : NETWORK_ACL_RAW_CONNECT, (const u32 *) address, ntohs(port)); |
474 |
} |
} |