+ rule *rr;
+
+ /* --- Trace out the request we're checking --- */
+
+ IF_TRACING(TRACE_CHECK, {
+ struct passwd *pw_from = userdb_userById(r->from);
+ struct passwd *pw_to = userdb_userById(r->to);
+ struct hostent *h = gethostbyaddr((char *)&r->host, sizeof(r->host),
+ AF_INET);
+
+ trace(TRACE_CHECK, "check: request from %s (%li) to become %s (%li)",
+ pw_from ? pw_from->pw_name : "<unknown>", (long)r->from,
+ pw_to ? pw_to->pw_name : "<unknown>", (long)r->to);
+ trace(TRACE_CHECK, "check: ... at %s (%s) for `%s'",
+ h ? h->h_name : "<unknown>", inet_ntoa(r->host), r->cmd);
+ })
+
+ /* --- Search the rule list --- */
+
+ for (rr = rule__list; rr; rr = rr->next) {
+
+ /* --- Trace out the rule --- */
+
+ IF_TRACING(TRACE_RULE, {
+ trace(TRACE_RULE, "rule: check against rule...");
+ trace(TRACE_RULE, "rule: from"); class_dump(rr->from, 2);
+ trace(TRACE_RULE, "rule: to"); class_dump(rr->to, 2);
+ trace(TRACE_RULE, "rule: cmd"); class_dump(rr->cmd, 2);
+ trace(TRACE_RULE, "rule: host"); class_dump(rr->host, 2);
+ })
+
+ /* --- Check the rule --- */
+
+ if (class_matchUser(rr->from, r->from) &&
+ class_matchUser(rr->to, r->to) &&
+ class_matchCommand(rr->cmd, r->cmd) &&
+ class_matchHost(rr->host, r->host)) {
+ T( trace(TRACE_CHECK, "check: rule matched -- granting permission"); )
+ return (1);
+ }
+ }
+
+ /* --- Failed to match --- */
+
+ T( trace(TRACE_CHECK, "check: no rules matched -- permission denied"); )
+ return (0);
+}
+
+/* --- @rule_dump@ --- *
+ *
+ * Arguments: ---
+ *
+ * Returns: ---
+ *
+ * Use: Dumps a map of the current ruleset to the trace output.
+ */
+
+void rule_dump(void)
+{
+#ifdef TRACING