オープンソース・ソフトウェアの開発とダウンロード

TOMOYO

Subversion リポジトリの参照

/[tomoyo]/trunk/1.8.x/ccs-patch/security/ccsecurity/network.c

Diff of /trunk/1.8.x/ccs-patch/security/ccsecurity/network.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1015 by kumaneko, Tue Mar 4 04:04:39 2008 UTC revision 1016 by kumaneko, Tue Mar 4 05:51:18 2008 UTC
# Line 84  static int AddAddressGroupEntry(const ch Line 84  static int AddAddressGroupEntry(const ch
84          const struct path_info *saved_group_name;          const struct path_info *saved_group_name;
85          const struct in6_addr *saved_min_address = NULL, *saved_max_address = NULL;          const struct in6_addr *saved_min_address = NULL, *saved_max_address = NULL;
86          int error = -ENOMEM;          int error = -ENOMEM;
87          bool found = 0;          bool found = false;
88          if (!IsCorrectPath(group_name, 0, 0, 0, __FUNCTION__) || !group_name[0]) return -EINVAL;          if (!IsCorrectPath(group_name, 0, 0, 0, __FUNCTION__) || !group_name[0]) return -EINVAL;
89          if ((saved_group_name = SaveName(group_name)) == NULL) return -ENOMEM;          if ((saved_group_name = SaveName(group_name)) == NULL) return -ENOMEM;
90          if (is_ipv6) {          if (is_ipv6) {
# Line 105  static int AddAddressGroupEntry(const ch Line 105  static int AddAddressGroupEntry(const ch
105                          error = 0;                          error = 0;
106                          goto out;                          goto out;
107                  }                  }
108                  found = 1;                  found = true;
109                  break;                  break;
110          }          }
111          if (is_delete) {          if (is_delete) {
# Line 154  int AddAddressGroupPolicy(char *data, co Line 154  int AddAddressGroupPolicy(char *data, co
154                          max_address[i] = htons(max_address[i]);                          max_address[i] = htons(max_address[i]);
155                  }                  }
156                  if (count == 8) memmove(max_address, min_address, sizeof(min_address));                  if (count == 8) memmove(max_address, min_address, sizeof(min_address));
157                  is_ipv6 = 1;                  is_ipv6 = true;
158          } else if ((count = sscanf(cp, "%hu.%hu.%hu.%hu-%hu.%hu.%hu.%hu",          } else if ((count = sscanf(cp, "%hu.%hu.%hu.%hu-%hu.%hu.%hu.%hu",
159                                     &min_address[0], &min_address[1], &min_address[2], &min_address[3],                                     &min_address[0], &min_address[1], &min_address[2], &min_address[3],
160                                     &max_address[0], &max_address[1], &max_address[2], &max_address[3])) == 4 || count == 8) {                                     &max_address[0], &max_address[1], &max_address[2], &max_address[3])) == 4 || count == 8) {
# Line 162  int AddAddressGroupPolicy(char *data, co Line 162  int AddAddressGroupPolicy(char *data, co
162                  * (u32 *) min_address = ip;                  * (u32 *) min_address = ip;
163                  if (count == 8) ip = ((((u8) max_address[0]) << 24) + (((u8) max_address[1]) << 16) + (((u8) max_address[2]) << 8) + (u8) max_address[3]);                  if (count == 8) ip = ((((u8) max_address[0]) << 24) + (((u8) max_address[1]) << 16) + (((u8) max_address[2]) << 8) + (u8) max_address[3]);
164                  * (u32 *) max_address = ip;                  * (u32 *) max_address = ip;
165                  is_ipv6 = 0;                  is_ipv6 = false;
166          } else {          } else {
167                  return -EINVAL;                  return -EINVAL;
168          }          }
# Line 193  static bool AddressMatchesToGroup(const Line 193  static bool AddressMatchesToGroup(const
193          list1_for_each_entry(member, &group->address_group_member_list, list) {          list1_for_each_entry(member, &group->address_group_member_list, list) {
194                  if (member->is_deleted) continue;                  if (member->is_deleted) continue;
195                  if (member->is_ipv6) {                  if (member->is_ipv6) {
196                          if (is_ipv6 && memcmp(member->min.ipv6, address, 16) <= 0 && memcmp(address, member->max.ipv6, 16) <= 0) return 1;                          if (is_ipv6 && memcmp(member->min.ipv6, address, 16) <= 0 && memcmp(address, member->max.ipv6, 16) <= 0) return true;
197                  } else {                  } else {
198                          if (!is_ipv6 && member->min.ipv4 <= ip && ip <= member->max.ipv4) return 1;                          if (!is_ipv6 && member->min.ipv4 <= ip && ip <= member->max.ipv4) return true;
199                  }                  }
200          }          }
201          return 0;          return false;
202  }  }
203    
204  int ReadAddressGroupPolicy(struct io_buffer *head)  int ReadAddressGroupPolicy(struct io_buffer *head)
# Line 366  static int CheckNetworkEntry(const bool Line 366  static int CheckNetworkEntry(const bool
366          const u8 mode = CheckCCSFlags(CCS_TOMOYO_MAC_FOR_NETWORK);          const u8 mode = CheckCCSFlags(CCS_TOMOYO_MAC_FOR_NETWORK);
367          const bool is_enforce = (mode == 3);          const bool is_enforce = (mode == 3);
368          const u32 ip = ntohl(*address); /* using host byte order to allow u32 comparison than memcmp().*/          const u32 ip = ntohl(*address); /* using host byte order to allow u32 comparison than memcmp().*/
369          bool found = 0;          bool found = false;
370          if (!mode) return 0;          if (!mode) return 0;
371          list1_for_each_entry(ptr, &domain->acl_info_list, list) {          list1_for_each_entry(ptr, &domain->acl_info_list, list) {
372                  struct ip_network_acl_record *acl;                  struct ip_network_acl_record *acl;
# Line 381  static int CheckNetworkEntry(const bool Line 381  static int CheckNetworkEntry(const bool
381                          if (!is_ipv6 || memcmp(acl->u.ipv6.min, address, 16) > 0 || memcmp(address, acl->u.ipv6.max, 16) > 0) continue;                          if (!is_ipv6 || memcmp(acl->u.ipv6.min, address, 16) > 0 || memcmp(address, acl->u.ipv6.max, 16) > 0) continue;
382                  }                  }
383                  UpdateCondition(ptr);                  UpdateCondition(ptr);
384                  found = 1;                  found = true;
385                  break;                  break;
386          }          }
387          AuditNetworkLog(is_ipv6, keyword, address, port, found, profile, mode);          AuditNetworkLog(is_ipv6, keyword, address, port, found, profile, mode);
Legend:
Removed from v.1015  
changed lines
  Added in v.1016
Back to OSDN">Back to OSDN
 ViewVC Help
Powered by ViewVC 1.1.26  
サイト情報
ソフトウェアを探す
ソフトウェアを作る
コミュニティ
ヘルプ