X-Git-Url: https://git.distorted.org.uk/~mdw/become/blobdiff_plain/c4f2d992e4a0fc068281376d89ec38de56dc2f58..af4f4d6a77aceba8e2d6f58d15e894df320e7c24:/src/rule.c diff --git a/src/rule.c b/src/rule.c index 000c290..9d59549 100644 --- a/src/rule.c +++ b/src/rule.c @@ -1,13 +1,13 @@ /* -*-c-*- * - * $Id: rule.c,v 1.1 1997/07/21 13:47:45 mdw Exp $ + * $Id: rule.c,v 1.8 2004/04/08 01:36:20 mdw Exp $ * * Managing rule sets * - * (c) 1997 EBI + * (c) 1998 EBI */ -/*----- Licencing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of `become' * @@ -22,16 +22,8 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with `become'; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -/*----- Revision history --------------------------------------------------* - * - * $Log: rule.c,v $ - * Revision 1.1 1997/07/21 13:47:45 mdw - * Initial revision - * + * along with `become'; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /*----- Header files ------------------------------------------------------*/ @@ -42,24 +34,27 @@ #include #include +/* --- Unix headers --- */ + +#include +#include +#include +#include +#include +#include + +/* --- mLib headers --- */ + +#include +#include +#include + /* --- Local headers --- */ #include "become.h" #include "class.h" #include "rule.h" -#include "utils.h" - -/*----- Type definitions --------------------------------------------------*/ - -/* --- Rule block --- */ - -typedef struct rule { - struct rule *next; /* Next rule in the list */ - classdef *host; /* Hosts this rule applies to */ - classdef *from; /* From users in this class */ - classdef *to; /* To users in this class */ - classdef *cmd; /* To run commands in this class */ -} rule; +#include "userdb.h" /*----- Static variables --------------------------------------------------*/ @@ -83,42 +78,59 @@ void rule_init(void) rule__tail = (rule *)&rule__list; } -/* --- @rule_reinit@ --- * +/* --- @rule_end@ --- * * * Arguments: --- * * Returns: --- * - * Use: Reinitialises the rule database. + * Use: Empties the rule database. */ -void rule_reinit(void) +void rule_end(void) { rule *r = rule__list; rule *rr; while (r) { rr = r->next; + class_dec(r->host); + class_dec(r->from); + class_dec(r->to); + class_dec(r->cmd); free(r); r = rr; } +} - rule_init(); +/* --- @rule_list@ --- * + * + * Arguments: --- + * + * Returns: The list of rules. + * + * Use: Returns the address of the first node in the rule list. + */ + +rule *rule_list(void) +{ + return (rule__list); } /* --- @rule_add@ --- * * - * Arguments: @classdef *host@ = class of hosts this rule applies to - * @classdef *from@ = class of users allowed to change - * @classdef *to@ = class of users allowed to be changed to - * @classdef *cmd@ = class of commands allowed + * Arguments: @class_node *host@ = class of hosts this rule applies to + * @class_node *from@ = class of users allowed to change + * @class_node *to@ = class of users allowed to be changed to + * @class_node *cmd@ = class of commands allowed * * Returns: --- * * Use: Registers another rule. */ -void rule_add(classdef *host, classdef *from, classdef *to, classdef *cmd) +void rule_add(class_node *host, class_node *from, + class_node *to, class_node *cmd) { rule *r = xmalloc(sizeof(*r)); @@ -142,17 +154,79 @@ void rule_add(classdef *host, classdef *from, classdef *to, classdef *cmd) int rule_check(request *r) { + rule *rr; + + /* --- Trace out the request we're checking --- */ + + IF_TRACING(TRACE_CHECK, { + struct passwd *pw_from = userdb_userById(r->from); + struct passwd *pw_to = userdb_userById(r->to); + struct hostent *h = gethostbyaddr((char *)&r->host, sizeof(r->host), + AF_INET); + + trace(TRACE_CHECK, "check: request from %s (%li) to become %s (%li)", + pw_from ? pw_from->pw_name : "", (long)r->from, + pw_to ? pw_to->pw_name : "", (long)r->to); + trace(TRACE_CHECK, "check: ... at %s (%s) for `%s'", + h ? h->h_name : "", inet_ntoa(r->host), r->cmd); + }) + + /* --- Search the rule list --- */ + + for (rr = rule__list; rr; rr = rr->next) { + + /* --- Trace out the rule --- */ + + IF_TRACING(TRACE_RULE, { + trace(TRACE_RULE, "rule: check against rule..."); + trace(TRACE_RULE, "rule: from"); class_dump(rr->from, 2); + trace(TRACE_RULE, "rule: to"); class_dump(rr->to, 2); + trace(TRACE_RULE, "rule: cmd"); class_dump(rr->cmd, 2); + trace(TRACE_RULE, "rule: host"); class_dump(rr->host, 2); + }) + + /* --- Check the rule --- */ + + if (class_matchUser(rr->from, r->from) && + class_matchUser(rr->to, r->to) && + class_matchCommand(rr->cmd, r->cmd) && + class_matchHost(rr->host, r->host)) { + T( trace(TRACE_CHECK, "check: rule matched -- granting permission"); ) + return (1); + } + } + + /* --- Failed to match --- */ + + T( trace(TRACE_CHECK, "check: no rules matched -- permission denied"); ) + return (0); +} + +/* --- @rule_dump@ --- * + * + * Arguments: --- + * + * Returns: --- + * + * Use: Dumps a map of the current ruleset to the trace output. + */ + +void rule_dump(void) +{ +#ifdef TRACING rule *rr = rule__list; + trace(TRACE_RULE, "rule: dumping rules"); while (rr) { - if (class_userMatch(rr->from, r->from) && - class_userMatch(rr->to, r->to) && - class_commandMatch(rr->cmd, r->cmd) && - class_hostMatch(rr->host, r->host)) - return (1); + trace(TRACE_RULE, "rule: rule dump..."); + trace(TRACE_RULE, "rule: from"); class_dump(rr->from, 2); + trace(TRACE_RULE, "rule: to"); class_dump(rr->to, 2); + trace(TRACE_RULE, "rule: cmd"); class_dump(rr->cmd, 2); + trace(TRACE_RULE, "rule: host"); class_dump(rr->host, 2); rr = rr->next; } - return (0); + trace(TRACE_RULE, "rule: dump finished"); +#endif } /*----- That's all, folks -------------------------------------------------*/