#include <stdio.h>
#include <string.h>
#include <string.h>
+#include <time.h>
#include <sys/types.h>
+#include <sys/time.h>
#include <unistd.h>
#include <fcntl.h>
+#include <grp.h>
#include <pwd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <netdb.h>
#include <syslog.h>
#include <mLib/bits.h>
#include <mLib/conn.h>
+#include <mLib/daemonize.h>
#include <mLib/darray.h>
#include <mLib/dstr.h>
#include <mLib/fdflags.h>
#include <mLib/fwatch.h>
+#include <mLib/mdwopt.h>
#include <mLib/quis.h>
#include <mLib/report.h>
#include <mLib/sel.h>
#include <mLib/selbuf.h>
+#include <mLib/sig.h>
/*----- Address family handling -------------------------------------------*/
} u;
};
+/* A user pattern matches a user if the uid is within the given bounds. */
+struct userpat {
+ unsigned lo, hi;
+};
+
/* A policy rule: if the query matches the pattern, then perform the
* action.
*/
struct policy {
const struct addrops *ao;
struct sockpat sp[NDIR];
+ struct userpat up;
struct action act;
};
#define POLICY_INIT(a) { .act.act = a }
* formatting error messages for the log.
*/
extern int open_policy_file(struct policy_file */*pf*/, const char */*name*/,
- const char */*what*/, const struct query */*q*/);
+ const char */*what*/, const struct query */*q*/,
+ unsigned /*f*/);
+#define OPF_NOENTOK 1u /* Don't complain if file missing */
/* Read a policy rule from the file, storing it in PF->p. Return one of the
* T_* codes.