X-Git-Url: https://git.distorted.org.uk/~mdw/become/blobdiff_plain/c4f2d992e4a0fc068281376d89ec38de56dc2f58..d9fd0b209590eb371e3fc7dc1a48e0b871009048:/src/rule.c diff --git a/src/rule.c b/src/rule.c index 000c290..41fa371 100644 --- a/src/rule.c +++ b/src/rule.c @@ -1,13 +1,13 @@ /* -*-c-*- * - * $Id: rule.c,v 1.1 1997/07/21 13:47:45 mdw Exp $ + * $Id: rule.c,v 1.2 1997/08/04 10:24:25 mdw Exp $ * * Managing rule sets * * (c) 1997 EBI */ -/*----- Licencing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of `become' * @@ -22,14 +22,17 @@ * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License - * along with `become'; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * along with `become'; if not, write to the Free Software Foundation, + * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /*----- Revision history --------------------------------------------------* * * $Log: rule.c,v $ - * Revision 1.1 1997/07/21 13:47:45 mdw + * Revision 1.2 1997/08/04 10:24:25 mdw + * Sources placed under CVS control. + * + * Revision 1.1 1997/07/21 13:47:45 mdw * Initial revision * */ @@ -42,11 +45,21 @@ #include #include +/* --- Unix headers --- */ + +#include +#include +#include +#include +#include +#include + /* --- Local headers --- */ #include "become.h" #include "class.h" #include "rule.h" +#include "userdb.h" #include "utils.h" /*----- Type definitions --------------------------------------------------*/ @@ -142,17 +155,77 @@ void rule_add(classdef *host, classdef *from, classdef *to, classdef *cmd) int rule_check(request *r) { - rule *rr = rule__list; + rule *rr; + + /* --- Trace out the request we're checking --- */ + + IF_TRACING(TRACE_CHECK, { + struct passwd *pw_from = userdb_userById(r->from); + struct passwd *pw_to = userdb_userById(r->to); + struct hostent *h = gethostbyaddr((char *)&r->host, sizeof(r->host), + AF_INET); + + trace(TRACE_CHECK, "check: request from %s (%li) to become %s (%li)", + pw_from ? pw_from->pw_name : "", (long)r->from, + pw_to ? pw_to->pw_name : "", (long)r->to); + trace(TRACE_CHECK, "check: ... at %s (%s) for `%s'", + h ? h->h_name : "", inet_ntoa(r->host), r->cmd); + }) + + /* --- Search the rule list --- */ + + for (rr = rule__list; rr; rr = rr->next) { + + /* --- Trace out the rule --- */ + + IF_TRACING(TRACE_RULE, { + trace(TRACE_RULE, "rule: check against rule..."); + trace(TRACE_RULE, " from"); class_dump(rr->from); + trace(TRACE_RULE, " to"); class_dump(rr->to); + trace(TRACE_RULE, " cmd"); class_dump(rr->cmd); + trace(TRACE_RULE, " host"); class_dump(rr->host); + }) + + /* --- Check the rule --- */ - while (rr) { if (class_userMatch(rr->from, r->from) && class_userMatch(rr->to, r->to) && class_commandMatch(rr->cmd, r->cmd) && - class_hostMatch(rr->host, r->host)) + class_hostMatch(rr->host, r->host)) { + T( trace(TRACE_CHECK, "check: rule matched -- granting permission"); ) return (1); - rr = rr->next; + } } + + /* --- Failed to match --- */ + + T( trace(TRACE_CHECK, "check: no rules matched -- permission denied"); ) return (0); } +/* --- @rule_dump@ --- * + * + * Arguments: --- + * + * Returns: --- + * + * Use: Dumps a map of the current ruleset to the trace output. + */ + +void rule_dump(void) +{ + rule *rr = rule__list; + + trace(TRACE_RULE, "rule: dumping rules"); + while (rr) { + trace(TRACE_RULE, "rule dump..."); + trace(TRACE_RULE, " from"); class_dump(rr->from); + trace(TRACE_RULE, " to"); class_dump(rr->to); + trace(TRACE_RULE, " cmd"); class_dump(rr->cmd); + trace(TRACE_RULE, " host"); class_dump(rr->host); + rr = rr->next; + } + trace(TRACE_RULE, "rule: dump finished"); +} + /*----- That's all, folks -------------------------------------------------*/