114 struct rule {
120 	TAILQ_ENTRY(rule)	r_entries;
129  * Text format for the rule string is that a rule consists of a
136 static TAILQ_HEAD(rulehead, rule)	rule_head;
142 	struct rule *rule;
144 	while ((rule = TAILQ_FIRST(head)) != NULL) {
145 		TAILQ_REMOVE(head, rule, r_entries);
146 		free(rule, M_PORTACL);
174 parse_rule_element(char *element, struct rule **rule)
177 	struct rule *new;
233 		*rule = NULL;
235 		*rule = new;
242 	struct rule *new;
264  * Instead, the non-canonical user-generated rule string is returned to the
269 rule_printf(struct sbuf *sb, struct rule *rule)
273 	switch(rule->r_idtype) {
281 		panic("rule_printf: unknown idtype (%d)\n", rule->r_idtype);
284 	switch (rule->r_protocol) {
293 		    rule->r_protocol);
295 	sbuf_printf(sb, "%s:%jd:%s:%d", idtype, (intmax_t)rule->r_id,
296 	    protocol, rule->r_port);
302 	struct rule *rule;
310 	for (rule = TAILQ_FIRST(&rule_head); rule != NULL;
311 	    rule = TAILQ_NEXT(rule, r_entries)) {
316 		rule_printf(sb, rule);
380 	struct rule *rule;
393 	for (rule = TAILQ_FIRST(&rule_head);
394 	    rule != NULL;
395 	    rule = TAILQ_NEXT(rule, r_entries)) {
396 		if (type == SOCK_DGRAM && rule->r_protocol != RULE_PROTO_UDP)
398 		if (type == SOCK_STREAM && rule->r_protocol != RULE_PROTO_TCP)
400 		if (port != rule->r_port)
402 		if (rule->r_idtype == RULE_UID) {
403 			if (cred->cr_uid == rule->r_id) {
407 		} else if (rule->r_idtype == RULE_GID) {
408 			if (cred->cr_gid == rule->r_id) {
411 			} else if (groupmember(rule->r_id, cred)) {
416 			panic("rules_check: unknown rule type %d",
417 			    rule->r_idtype);
469 	 * flag exempts port 0 allocation from rule checking as long as a low

Indexes created Sun Jun 16 09:41:23 MDT 2024