enum hbac_eval_result_int hbac_evaluate_rule(struct hbac_rule *rule, struct hbac_eval_req *hbac_req, enum hbac_error_code *error) { errno_t ret; bool matched; if (!rule->enabled) { HBAC_DEBUG(HBAC_DBG_INFO, "Rule [%s] is not enabled\n", rule->name); return HBAC_EVAL_UNMATCHED; } /* Make sure we have all elements */ if (!rule->users || !rule->services || !rule->targethosts || !rule->srchosts) { HBAC_DEBUG(HBAC_DBG_INFO, "Rule [%s] cannot be parsed, some elements are empty\n", rule->name); *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } /* Check users */ ret = hbac_evaluate_element(rule->users, hbac_req->user, &matched); if (ret != EOK) { HBAC_DEBUG(HBAC_DBG_ERROR, "Cannot parse user elements of rule [%s]\n", rule->name); *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } else if (!matched) { return HBAC_EVAL_UNMATCHED; } /* Check services */ ret = hbac_evaluate_element(rule->services, hbac_req->service, &matched); if (ret != EOK) { HBAC_DEBUG(HBAC_DBG_ERROR, "Cannot parse service elements of rule [%s]\n", rule->name); *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } else if (!matched) { return HBAC_EVAL_UNMATCHED; } /* Check target hosts */ ret = hbac_evaluate_element(rule->targethosts, hbac_req->targethost, &matched); if (ret != EOK) { HBAC_DEBUG(HBAC_DBG_ERROR, "Cannot parse targethost elements of rule [%s]\n", rule->name); *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } else if (!matched) { return HBAC_EVAL_UNMATCHED; } /* Check source hosts */ ret = hbac_evaluate_element(rule->srchosts, hbac_req->srchost, &matched); if (ret != EOK) { HBAC_DEBUG(HBAC_DBG_ERROR, "Cannot parse srchost elements of rule [%s]\n", rule->name); *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } else if (!matched) { return HBAC_EVAL_UNMATCHED; } return HBAC_EVAL_MATCHED; }
enum hbac_eval_result_int hbac_evaluate_rule(struct hbac_rule *rule, struct hbac_eval_req *hbac_req, enum hbac_error_code *error) { errno_t ret; bool matched; if (!rule->enabled) return HBAC_EVAL_UNMATCHED; /* Make sure we have all elements */ if (!rule->users || !rule->services || !rule->targethosts || !rule->srchosts) { *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } /* Check users */ ret = hbac_evaluate_element(rule->users, hbac_req->user, &matched); if (ret != EOK) { *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } else if (!matched) { return HBAC_EVAL_UNMATCHED; } /* Check services */ ret = hbac_evaluate_element(rule->services, hbac_req->service, &matched); if (ret != EOK) { *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } else if (!matched) { return HBAC_EVAL_UNMATCHED; } /* Check target hosts */ ret = hbac_evaluate_element(rule->targethosts, hbac_req->targethost, &matched); if (ret != EOK) { *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } else if (!matched) { return HBAC_EVAL_UNMATCHED; } /* Check source hosts */ ret = hbac_evaluate_element(rule->srchosts, hbac_req->srchost, &matched); if (ret != EOK) { *error = HBAC_ERROR_UNPARSEABLE_RULE; return HBAC_EVAL_MATCH_ERROR; } else if (!matched) { return HBAC_EVAL_UNMATCHED; } return HBAC_EVAL_MATCHED; }