enum hbac_eval_result_int hbac_evaluate_rule(struct hbac_rule *rule,
struct hbac_eval_req *hbac_req,
enum hbac_error_code *error)
{
errno_t ret;
bool matched;
if (!rule->enabled) {
HBAC_DEBUG(HBAC_DBG_INFO, "Rule [%s] is not enabled\n", rule->name);
return HBAC_EVAL_UNMATCHED;
}
/* Make sure we have all elements */
if (!rule->users
|| !rule->services
|| !rule->targethosts
|| !rule->srchosts) {
HBAC_DEBUG(HBAC_DBG_INFO,
"Rule [%s] cannot be parsed, some elements are empty\n",
rule->name);
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
}
/* Check users */
ret = hbac_evaluate_element(rule->users,
hbac_req->user,
&matched);
if (ret != EOK) {
HBAC_DEBUG(HBAC_DBG_ERROR,
"Cannot parse user elements of rule [%s]\n", rule->name);
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
} else if (!matched) {
return HBAC_EVAL_UNMATCHED;
}
/* Check services */
ret = hbac_evaluate_element(rule->services,
hbac_req->service,
&matched);
if (ret != EOK) {
HBAC_DEBUG(HBAC_DBG_ERROR,
"Cannot parse service elements of rule [%s]\n", rule->name);
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
} else if (!matched) {
return HBAC_EVAL_UNMATCHED;
}
/* Check target hosts */
ret = hbac_evaluate_element(rule->targethosts,
hbac_req->targethost,
&matched);
if (ret != EOK) {
HBAC_DEBUG(HBAC_DBG_ERROR,
"Cannot parse targethost elements of rule [%s]\n",
rule->name);
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
} else if (!matched) {
return HBAC_EVAL_UNMATCHED;
}
/* Check source hosts */
ret = hbac_evaluate_element(rule->srchosts,
hbac_req->srchost,
&matched);
if (ret != EOK) {
HBAC_DEBUG(HBAC_DBG_ERROR,
"Cannot parse srchost elements of rule [%s]\n",
rule->name);
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
} else if (!matched) {
return HBAC_EVAL_UNMATCHED;
}
return HBAC_EVAL_MATCHED;
}
enum hbac_eval_result_int hbac_evaluate_rule(struct hbac_rule *rule,
struct hbac_eval_req *hbac_req,
enum hbac_error_code *error)
{
errno_t ret;
bool matched;
if (!rule->enabled) return HBAC_EVAL_UNMATCHED;
/* Make sure we have all elements */
if (!rule->users
|| !rule->services
|| !rule->targethosts
|| !rule->srchosts) {
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
}
/* Check users */
ret = hbac_evaluate_element(rule->users,
hbac_req->user,
&matched);
if (ret != EOK) {
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
} else if (!matched) {
return HBAC_EVAL_UNMATCHED;
}
/* Check services */
ret = hbac_evaluate_element(rule->services,
hbac_req->service,
&matched);
if (ret != EOK) {
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
} else if (!matched) {
return HBAC_EVAL_UNMATCHED;
}
/* Check target hosts */
ret = hbac_evaluate_element(rule->targethosts,
hbac_req->targethost,
&matched);
if (ret != EOK) {
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
} else if (!matched) {
return HBAC_EVAL_UNMATCHED;
}
/* Check source hosts */
ret = hbac_evaluate_element(rule->srchosts,
hbac_req->srchost,
&matched);
if (ret != EOK) {
*error = HBAC_ERROR_UNPARSEABLE_RULE;
return HBAC_EVAL_MATCH_ERROR;
} else if (!matched) {
return HBAC_EVAL_UNMATCHED;
}
return HBAC_EVAL_MATCHED;
}
