/daten/src/linux-2.4.27-rsbac-v1.2.3/rsbac/help/net_helpers.c

Go to the documentation of this file.
00001 /************************************* */ 00002 /* Rule Set Based Access Control */ 00003 /* Author and (c) 1999-2002: */ 00004 /* Amon Ott <ao@rsbac.org> */ 00005 /* Helper functions for network */ 00006 /* Last modified: 24/Apr/2002 */ 00007 /************************************* */ 00008 00009 #include <rsbac/types.h> 00010 #ifdef __KERNEL__ 00011 #include <rsbac/network.h> 00012 #endif 00013 00014 __u32 rsbac_net_make_mask_u32(__u8 bits) 00015 { 00016 __u32 res; 00017 __u8 res0 = 0; 00018 __u8 res1 = 0; 00019 __u8 res2 = 0; 00020 __u8 res3 = 0; 00021 int i; 00022 00023 if(bits >=32) 00024 return (__u32) -1; 00025 if(!bits) 00026 return 0; 00027 if(bits >= 24) 00028 { 00029 bits -= 24; 00030 res0 = 255; 00031 res1 = 255; 00032 res2 = 255; 00033 for(i=0; i<bits; i++) 00034 res3 |= 1 << (7-i); 00035 } 00036 else 00037 if(bits >= 16) 00038 { 00039 bits -= 16; 00040 res0 = 255; 00041 res1 = 255; 00042 res3 = 0; 00043 for(i=0; i<bits; i++) 00044 res2 |= 1 << (7-i); 00045 } 00046 else 00047 if(bits >= 8) 00048 { 00049 bits -= 8; 00050 res0 = 255; 00051 res2 = 0; 00052 res3 = 0; 00053 for(i=0; i<bits; i++) 00054 res1 |= 1 << (7-i); 00055 } 00056 else 00057 { 00058 res1 = 0; 00059 res2 = 0; 00060 res3 = 0; 00061 for(i=0; i<bits; i++) 00062 res0 |= 1 << (7-i); 00063 } 00064 res = (res3 << 24) | (res2 << 16) | (res1 << 8) | res0; 00065 return res; 00066 } 00067 00068 #ifdef __KERNEL__ 00069 /* The lookup data param is always second, so we use it as description here! */ 00070 int rsbac_net_compare_data(void * data1, void * data2) 00071 { 00072 struct rsbac_net_temp_data_t * temp = data1; 00073 struct rsbac_net_description_t * desc = data2; 00074 00075 if(!temp || !desc) 00076 return 1; 00077 if( (temp->address_family != RSBAC_NET_ANY) 00078 && (temp->address_family != desc->address_family) 00079 ) 00080 return 1; 00081 switch(desc->address_family) 00082 { 00083 case AF_UNIX: 00084 if( (temp->type != RSBAC_NET_ANY) 00085 && (desc->type != temp->type) 00086 ) 00087 return 1; 00088 if(!temp->valid_len) 00089 return 0; 00090 if( !desc->address 00091 || !desc->address_len 00092 ) 00093 return 1; 00094 if(memcmp(desc->address, 00095 temp->address, 00096 rsbac_min(desc->address_len, temp->valid_len))) 00097 return 1; 00098 else 00099 return 0; 00100 00101 case AF_INET: 00102 { 00103 __u32 mask; 00104 00105 if( (temp->type != RSBAC_NET_ANY) 00106 && (desc->type != temp->type) 00107 ) 00108 return 1; 00109 if( (temp->protocol != RSBAC_NET_ANY) 00110 && (desc->protocol != temp->protocol) 00111 ) 00112 return 1; 00113 if( (desc->port < temp->min_port) 00114 || (desc->port > temp->max_port) 00115 ) 00116 return 1; 00117 00118 if( temp->netdev[0] 00119 && ( !desc->netdev[0] 00120 || strncmp(desc->netdev, 00121 temp->netdev, 00122 RSBAC_IFNAMSIZ) 00123 ) 00124 ) 00125 return 1; 00126 if(!temp->valid_len) 00127 return 0; 00128 mask = rsbac_net_make_mask_u32(temp->valid_len); 00129 if( !desc->address 00130 || (( (*(__u32 *)desc->address) & mask ) != ( (*(__u32 *)temp->address) & mask)) 00131 ) 00132 return 1; 00133 else 00134 return 0; 00135 } 00136 00137 /* Other address families: only socket type checks for now */ 00138 default: 00139 if( (temp->type != RSBAC_NET_ANY) 00140 && (desc->type != temp->type) 00141 ) 00142 return 1; 00143 return 0; 00144 } 00145 return 1; 00146 } 00147 #endif

Generated on Tue Aug 31 10:05:26 2004 for RSBAC by doxygen 1.3.8