256 |
return keyword; |
return keyword; |
257 |
} |
} |
258 |
|
|
259 |
static int AddNetworkEntry(const u8 operation, const u8 record_type, const struct address_group_entry *group, const u32 *min_address, const u32 *max_address, const u16 min_port, const u16 max_port, struct domain_info *domain, const u8 is_delete, const struct condition_list *condition) |
static int AddNetworkEntry(const u8 operation, const u8 record_type, const struct address_group_entry *group, const u32 *min_address, const u32 *max_address, const u16 min_port, const u16 max_port, struct domain_info *domain, const u8 is_add, const struct condition_list *condition) |
260 |
{ |
{ |
261 |
struct acl_info *ptr; |
struct acl_info *ptr; |
262 |
int error = -ENOMEM; |
int error = -ENOMEM; |
265 |
const u32 min_ip = ntohl(*min_address), max_ip = ntohl(*max_address); /* using host byte order to allow u32 comparison than memcmp().*/ |
const u32 min_ip = ntohl(*min_address), max_ip = ntohl(*max_address); /* using host byte order to allow u32 comparison than memcmp().*/ |
266 |
if (!domain) return -EINVAL; |
if (!domain) return -EINVAL; |
267 |
down(&domain_acl_lock); |
down(&domain_acl_lock); |
268 |
if (!is_delete) { |
if (is_add) { |
269 |
if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry; |
if ((ptr = domain->first_acl_ptr) == NULL) goto first_entry; |
270 |
while (1) { |
while (1) { |
271 |
IP_NETWORK_ACL_RECORD *new_ptr; |
IP_NETWORK_ACL_RECORD *new_ptr; |
298 |
continue; |
continue; |
299 |
} |
} |
300 |
first_entry: ; |
first_entry: ; |
301 |
|
if (is_add == 1 && TooManyDomainACL(domain)) break; |
302 |
/* Not found. Append it to the tail. */ |
/* Not found. Append it to the tail. */ |
303 |
if ((new_ptr = (IP_NETWORK_ACL_RECORD *) alloc_element(sizeof(IP_NETWORK_ACL_RECORD))) == NULL) break; |
if ((new_ptr = (IP_NETWORK_ACL_RECORD *) alloc_element(sizeof(IP_NETWORK_ACL_RECORD))) == NULL) break; |
304 |
new_ptr->head.type = type; |
new_ptr->head.type = type; |
380 |
} |
} |
381 |
return CheckSupervisor("%s\n" KEYWORD_ALLOW_NETWORK "%s %u.%u.%u.%u %u\n", domain->domainname->name, keyword, HIPQUAD(ip), port); |
return CheckSupervisor("%s\n" KEYWORD_ALLOW_NETWORK "%s %u.%u.%u.%u %u\n", domain->domainname->name, keyword, HIPQUAD(ip), port); |
382 |
} |
} |
383 |
if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_NETWORK)) AddNetworkEntry(operation, is_ipv6 ? IP_RECORD_TYPE_IPv6: IP_RECORD_TYPE_IPv4, NULL, address, address, port, port, domain, 0, NULL); |
if (CheckCCSAccept(CCS_TOMOYO_MAC_FOR_NETWORK)) AddNetworkEntry(operation, is_ipv6 ? IP_RECORD_TYPE_IPv6: IP_RECORD_TYPE_IPv4, NULL, address, address, port, port, domain, 1, NULL); |
384 |
return 0; |
return 0; |
385 |
} |
} |
386 |
|
|
442 |
if (strchr(cp1, ' ')) goto out; |
if (strchr(cp1, ' ')) goto out; |
443 |
if ((count = sscanf(cp1, "%hu-%hu", &min_port, &max_port)) == 1 || count == 2) { |
if ((count = sscanf(cp1, "%hu-%hu", &min_port, &max_port)) == 1 || count == 2) { |
444 |
if (count == 1) max_port = min_port; |
if (count == 1) max_port = min_port; |
445 |
return AddNetworkEntry(operation, record_type, group, (u32 *) min_address, (u32 *) max_address, min_port, max_port, domain, is_delete, condition); |
return AddNetworkEntry(operation, record_type, group, (u32 *) min_address, (u32 *) max_address, min_port, max_port, domain, is_delete ? 0 : -1, condition); |
446 |
} |
} |
447 |
out: ; |
out: ; |
448 |
return -EINVAL; |
return -EINVAL; |