| 256 |
return keyword; |
return keyword; |
| 257 |
} |
} |
| 258 |
|
|
| 259 |
static int AddNetworkEntry(const u8 operation, const u8 record_type, const struct address_group_entry *group, const u32 *min_address, const u32 *max_address, const u16 min_port, const u16 max_port, struct domain_info *domain, const u8 is_delete, const struct condition_list *condition) |
static int AddNetworkEntry(const u8 operation, const u8 record_type, const struct address_group_entry *group, const u32 *min_address, const u32 *max_address, const u16 min_port, const u16 max_port, struct domain_info *domain, const u8 is_add, const struct condition_list *condition) |
| 260 |
{ |
{ |
| 261 |
struct acl_info *ptr; |
struct acl_info *ptr; |
| 262 |
int error = -ENOMEM; |
int error = -ENOMEM; |
| 265 |
const u32 min_ip = ntohl(*min_address), max_ip = ntohl(*max_address); /* using host byte order to allow u32 comparison than memcmp().*/ |
const u32 min_ip = ntohl(*min_address), max_ip = ntohl(*max_address); /* using host byte order to allow u32 comparison than memcmp().*/ |
| 266 |
if (!domain) return -EINVAL; |
if (!domain) return -EINVAL; |
| 267 |
down(&domain_acl_lock); |
down(&domain_acl_lock); |
| 268 |
if (!is_delete) { |
if (is_add) { |
| 269 |
if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry; |
if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry; |
| 270 |
while (1) { |
while (1) { |
| 271 |
IP_NETWORK_ACL_RECORD *new_ptr; |
IP_NETWORK_ACL_RECORD *new_ptr; |
| 298 |
continue; |
continue; |
| 299 |
} |
} |
| 300 |
first_entry: ; |
first_entry: ; |
| 301 |
|
if (is_add == 1 && TooManyDomainACL(domain)) break; |
| 302 |
/* Not found. Append it to the tail. */ |
/* Not found. Append it to the tail. */ |
| 303 |
if ((new_ptr = (IP_NETWORK_ACL_RECORD *) alloc_element(sizeof(IP_NETWORK_ACL_RECORD))) == NULL) break; |
if ((new_ptr = (IP_NETWORK_ACL_RECORD *) alloc_element(sizeof(IP_NETWORK_ACL_RECORD))) == NULL) break; |
| 304 |
new_ptr->head.type = type; |
new_ptr->head.type = type; |
| 380 |
} |
} |
| 381 |
return CheckSupervisor("%s\n" KEYWORD_ALLOW_NETWORK "%s %u.%u.%u.%u %u\n", domain->domainname->name, keyword, HIPQUAD(ip), port); |
return CheckSupervisor("%s\n" KEYWORD_ALLOW_NETWORK "%s %u.%u.%u.%u %u\n", domain->domainname->name, keyword, HIPQUAD(ip), port); |
| 382 |
} |
} |
| 383 |
if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_NETWORK)) AddNetworkEntry(operation, is_ipv6 ? IP_RECORD_TYPE_IPv6: IP_RECORD_TYPE_IPv4, NULL, address, address, port, port, domain, 0, NULL); |
if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_NETWORK)) AddNetworkEntry(operation, is_ipv6 ? IP_RECORD_TYPE_IPv6: IP_RECORD_TYPE_IPv4, NULL, address, address, port, port, domain, 1, NULL); |
| 384 |
return 0; |
return 0; |
| 385 |
} |
} |
| 386 |
|
|
| 442 |
if (strchr(cp1, ' ')) goto out; |
if (strchr(cp1, ' ')) goto out; |
| 443 |
if ((count = sscanf(cp1, "%hu-%hu", &min_port, &max_port)) == 1 || count == 2) { |
if ((count = sscanf(cp1, "%hu-%hu", &min_port, &max_port)) == 1 || count == 2) { |
| 444 |
if (count == 1) max_port = min_port; |
if (count == 1) max_port = min_port; |
| 445 |
return AddNetworkEntry(operation, record_type, group, (u32 *) min_address, (u32 *) max_address, min_port, max_port, domain, is_delete, condition); |
return AddNetworkEntry(operation, record_type, group, (u32 *) min_address, (u32 *) max_address, min_port, max_port, domain, is_delete ? 0 : -1, condition); |
| 446 |
} |
} |
| 447 |
out: ; |
out: ; |
| 448 |
return -EINVAL; |
return -EINVAL; |
TOMOYO
Parent Directory
Revision Log
Patch