1 | #ifndef READ_ACCESS_CONTROL
2 | #define READ_ACCESS_CONTROL
3 |
4 | /***************************************
5 | $Revision: 1.20 $
6 |
7 | Access Control module (ac) - the header file.
8 |
9 | Status: NOT REVUED, NOT TESTED
10 |
11 | Design and implementation by: Marek Bukowy
12 |
13 | ******************/ /******************
14 | Copyright (c) 1999,2000,2001,2002 RIPE NCC
15 |
16 | All Rights Reserved
17 |
18 | Permission to use, copy, modify, and distribute this software and its
19 | documentation for any purpose and without fee is hereby granted,
20 | provided that the above copyright notice appear in all copies and that
21 | both that copyright notice and this permission notice appear in
22 | supporting documentation, and that the name of the author not be
23 | used in advertising or publicity pertaining to distribution of the
24 | software without specific, written prior permission.
25 |
26 | THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
27 | ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
28 | AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
29 | DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
30 | AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
31 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
32 | ***************************************/
33 |
34 | #include "timediff.h"
35 | #include "erroutines.h"
36 | #include "iproutines.h"
37 | #include "rxroutines.h"
38 | #include "mysql_driver.h"
39 |
40 | #ifdef AC_IMPL
41 | #define EXTDEF
42 | #else
43 | #define EXTDEF extern
44 | #endif
45 |
46 | /* Access control structure */
47 | typedef struct {
48 | /* max bonus values before temporary denial,
49 | * -1 == unlimited: */
50 | int maxprivate; /* -- private objects */
51 | int maxpublic; /* -- public objects */
52 | short maxdenials; /* before the permanent ban is set */
53 | char deny; /* THE ban itself */
54 | char trustpass; /* has power to pass ip addresses */
55 | } acl_st;
56 |
57 |
58 | #ifdef AC_IMPL
59 | /* order must correspond to the array below */
60 | typedef enum {
61 | AC_AR_MAXPRIVATE = 0,
62 | AC_AR_MAXPUBLIC,
63 | AC_AR_MAXDENIALS,
64 | AC_AR_DENY,
65 | AC_AR_TRUSTPASS,
66 | AC_AR_SIZE
67 | } AC_ar_elements;
68 |
69 | /* this array is used for setting the values from the command line
70 | of the admin interface (with getsubopt)
71 | */
72 | char* AC_ar_acl[] = {
73 | "maxprivate",
74 | "maxpublic",
75 | "maxdenials",
76 | "deny",
77 | "trustpass",
78 | NULL };
79 | #endif
80 |
81 | typedef enum {
82 | AC_ACC_NOT_CHANGED = 0,
83 | AC_ACC_CHANGED,
84 | AC_ACC_NEW
85 | } AC_acc_status;
86 |
87 | /* Accounting == counters */
88 | typedef struct {
89 | int connections;
90 | int addrpasses;
91 | int denials;
92 | int queries;
93 | int referrals;
94 | int public_objects;
95 | int private_objects;
96 | float public_bonus; /* those two are .. */
97 | float private_bonus; /* .. maintained only in the runtime tree */
98 | ut_timer_t timestamp; /* in-memory is ut_timer_t */
99 | AC_acc_status changed;
100 | } acc_st;
101 |
102 |
103 | #define ACC_PLUS 0
104 | #define ACC_MINUS 1
105 |
106 | #ifdef __cplusplus
107 | extern "C" {
108 | #endif
109 |
110 |
111 | /* prototypes */
112 | er_ret_t AC_build(void);
113 | er_ret_t AC_fetch_acc( ip_addr_t *, acc_st * );
114 | er_ret_t AC_check_acl( ip_addr_t *, acc_st *, acl_st *);
115 | void AC_acc_addup(acc_st *, acc_st *, int);
116 | er_ret_t AC_commit(ip_addr_t *, acc_st *,acl_st * );
117 | er_ret_t AC_acc_load(void);
118 | er_ret_t AC_decay(void);
119 |
120 | er_ret_t AC_persistence_init(void);
121 | er_ret_t AC_persistence_daemon(void);
122 | er_ret_t AC_persistence_save(void);
123 |
124 | /* interface to modifications on the fly */
125 | /* er_ret_t AC_asc_ban_set(char *addrstr, char *text, int denyflag); */
126 |
127 |
128 | /* printing */
129 | char *AC_credit_to_string(acc_st *a);
130 | unsigned AC_print_acl(GString *output);
131 | unsigned AC_print_access(GString *output);
132 |
133 | int AC_credit_isdenied(acc_st *acc_credit);
134 | void AC_count_object( acc_st *acc_credit, acl_st *acl, int private );
135 | int AC_get_higher_limit(acc_st *acc_credit, acl_st *acl);
136 |
137 | er_ret_t AC_asc_acl_command_set( char *command, char *comment );
138 | er_ret_t AC_asc_set_nodeny(char *ip);
139 | SQ_connection_t *AC_dbopen_admin(void);
140 |
141 | #ifdef __cplusplus
142 | }
143 | #endif
144 |
145 |
146 | /* declare global accounting trees */
147 | EXTDEF rx_tree_t *act_runtime;
148 | EXTDEF rx_tree_t *act_hour;
149 | EXTDEF rx_tree_t *act_minute;
150 |
151 | EXTDEF int ac_auto_save;
152 |
153 |
154 | /* declare global access control list tree */
155 | EXTDEF rx_tree_t *act_acl;
156 |
157 | #undef EXTDEF
158 | #endif /* READ_ACCESS_CONTROL */