オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/group.c

Annotation of /trunk/1.8.x/ccs-patch/security/ccsecurity/group.c

Parent Directory Parent Directory | Revision Log Revision Log

Revision 3707 - (hide annotations) (download) (as text)
Tue Jun 1 05:21:48 2010 UTC (13 years, 11 months ago) by kumaneko
Original Path: branches/ccs-patch/security/ccsecurity/group.c
File MIME type: text/x-csrc
File size: 5850 byte(s) 
Allow wildcard for execute permission and domainname
1 kumaneko 3692 /*
2     * security/ccsecurity/group.c
3     *
4     * Copyright (C) 2005-2010 NTT DATA CORPORATION
5     *
6     * Version: 1.7.2 2010/04/01
7     *
8     * This file is applicable to both 2.4.30 and 2.6.11 and later.
9     * See README.ccs for ChangeLog.
10     *
11     */
12    
13     #include "internal.h"
14    
15 kumaneko 3693 static bool ccs_same_path_group(const struct ccs_acl_head *a,
16 kumaneko 3695 const struct ccs_acl_head *b)
17 kumaneko 3692 {
18     return container_of(a, struct ccs_path_group, head)->member_name ==
19     container_of(b, struct ccs_path_group, head)->member_name;
20     }
21    
22 kumaneko 3693 static bool ccs_same_number_group(const struct ccs_acl_head *a,
23 kumaneko 3695 const struct ccs_acl_head *b)
24 kumaneko 3692 {
25     return !memcmp(&container_of(a, struct ccs_number_group, head)->number,
26     &container_of(b, struct ccs_number_group, head)->number,
27     sizeof(container_of(a, struct ccs_number_group, head)
28     ->number));
29     }
30    
31 kumaneko 3693 static bool ccs_same_address_group(const struct ccs_acl_head *a,
32 kumaneko 3695 const struct ccs_acl_head *b)
33 kumaneko 3692 {
34     const struct ccs_address_group *p1 = container_of(a, typeof(*p1),
35     head);
36     const struct ccs_address_group *p2 = container_of(b, typeof(*p2),
37     head);
38     return p1->is_ipv6 == p2->is_ipv6 &&
39     p1->min.ipv4 == p2->min.ipv4 && p1->min.ipv6 == p2->min.ipv6 &&
40     p1->max.ipv4 == p2->max.ipv4 && p1->max.ipv6 == p2->max.ipv6;
41     }
42    
43     /**
44 kumaneko 3693 * ccs_write_group - Write "struct ccs_path_group"/"struct ccs_number_group"/"struct ccs_address_group" list.
45 kumaneko 3692 *
46     * @data: String to parse.
47     * @is_delete: True if it is a delete request.
48     * @type: Type of this group.
49     *
50     * Returns 0 on success, negative value otherwise.
51     */
52 kumaneko 3693 int ccs_write_group(char *data, const bool is_delete, const u8 type)
53 kumaneko 3692 {
54     struct ccs_group *group;
55     char *w[2];
56     int error = -EINVAL;
57     if (!ccs_tokenize(data, w, sizeof(w)) || !w[1][0])
58     return -EINVAL;
59     group = ccs_get_group(w[0], type);
60     if (!group)
61     return -ENOMEM;
62     if (type == CCS_PATH_GROUP) {
63     struct ccs_path_group e = { };
64     e.member_name = ccs_get_name(w[1]);
65     if (!e.member_name) {
66     error = -ENOMEM;
67     goto out;
68     }
69     error = ccs_update_group(&e.head, sizeof(e), is_delete, group,
70 kumaneko 3693 ccs_same_path_group);
71 kumaneko 3692 ccs_put_name(e.member_name);
72     } else if (type == CCS_NUMBER_GROUP) {
73     struct ccs_number_group e = { };
74     if (w[1][0] == '@' || !ccs_parse_number_union(w[1], &e.number)
75     || e.number.values[0] > e.number.values[1])
76     goto out;
77     error = ccs_update_group(&e.head, sizeof(e), is_delete, group,
78 kumaneko 3693 ccs_same_number_group);
79 kumaneko 3692 /*
80     * ccs_put_number_union() is not needed because w[1][0] != '@'.
81     */
82     } else {
83     struct ccs_address_group e = { };
84     u16 min_address[8];
85     u16 max_address[8];
86     switch (ccs_parse_ip_address(w[1], min_address, max_address)) {
87     case CCS_IP_ADDRESS_TYPE_IPv6:
88     e.is_ipv6 = true;
89     e.min.ipv6 = ccs_get_ipv6_address((struct in6_addr *)
90     min_address);
91     e.max.ipv6 = ccs_get_ipv6_address((struct in6_addr *)
92     max_address);
93     if (!e.min.ipv6 || !e.max.ipv6)
94     goto out_address;
95     break;
96     case CCS_IP_ADDRESS_TYPE_IPv4:
97     e.min.ipv4 = ntohl(*(u32 *) min_address);
98     e.max.ipv4 = ntohl(*(u32 *) max_address);
99     break;
100     default:
101     goto out_address;
102     }
103     error = ccs_update_group(&e.head, sizeof(e), is_delete, group,
104 kumaneko 3693 ccs_same_address_group);
105 kumaneko 3692 out_address:
106     if (e.is_ipv6) {
107     ccs_put_ipv6_address(e.min.ipv6);
108     ccs_put_ipv6_address(e.max.ipv6);
109     }
110     }
111     out:
112     ccs_put_group(group);
113     return error;
114     }
115    
116     /**
117     * ccs_path_matches_group - Check whether the given pathname matches members of the given pathname group.
118     *
119     * @pathname: The name of pathname.
120     * @group: Pointer to "struct ccs_path_group".
121     *
122     * Returns true if @pathname matches pathnames in @group, false otherwise.
123     *
124     * Caller holds ccs_read_lock().
125     */
126     bool ccs_path_matches_group(const struct ccs_path_info *pathname,
127 kumaneko 3707 const struct ccs_group *group)
128 kumaneko 3692 {
129     struct ccs_path_group *member;
130     bool matched = false;
131     list_for_each_entry_rcu(member, &group->member_list, head.list) {
132     if (member->head.is_deleted)
133     continue;
134 kumaneko 3707 if (!ccs_path_matches_pattern(pathname, member->member_name))
135 kumaneko 3692 continue;
136     matched = true;
137     break;
138     }
139     return matched;
140     }
141    
142     /**
143     * ccs_number_matches_group - Check whether the given number matches members of the given number group.
144     *
145     * @min: Min number.
146     * @max: Max number.
147     * @group: Pointer to "struct ccs_number_group".
148     *
149     * Returns true if @min and @max partially overlaps @group, false otherwise.
150     *
151     * Caller holds ccs_read_lock().
152     */
153     bool ccs_number_matches_group(const unsigned long min, const unsigned long max,
154     const struct ccs_group *group)
155     {
156     struct ccs_number_group *member;
157     bool matched = false;
158     list_for_each_entry_rcu(member, &group->member_list, head.list) {
159     if (member->head.is_deleted)
160     continue;
161     if (min > member->number.values[1] ||
162     max < member->number.values[0])
163     continue;
164     matched = true;
165     break;
166     }
167     return matched;
168     }
169    
170     /**
171     * ccs_address_matches_group - Check whether the given address matches members of the given address group.
172     *
173     * @is_ipv6: True if @address is an IPv6 address.
174     * @address: An IPv4 or IPv6 address.
175     * @group: Pointer to "struct ccs_address_group".
176     *
177     * Returns true if @address matches addresses in @group group, false otherwise.
178     *
179     * Caller holds ccs_read_lock().
180     */
181     bool ccs_address_matches_group(const bool is_ipv6, const u32 *address,
182     const struct ccs_group *group)
183     {
184     struct ccs_address_group *member;
185     const u32 ip = ntohl(*address);
186     bool matched = false;
187     list_for_each_entry_rcu(member, &group->member_list, head.list) {
188     if (member->head.is_deleted)
189     continue;
190     if (member->is_ipv6) {
191     if (is_ipv6 &&
192     memcmp(member->min.ipv6, address, 16) <= 0 &&
193     memcmp(address, member->max.ipv6, 16) <= 0) {
194     matched = true;
195     break;
196     }
197     } else {
198     if (!is_ipv6 &&
199     member->min.ipv4 <= ip && ip <= member->max.ipv4) {
200     matched = true;
201     break;
202     }
203     }
204     }
205     return matched;
206     }
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ