1 | /***************************************
2 | $Revision: 1.3 $
3 |
4 | access authorisation (aa). aa.c - functions to check access rights
5 | for less frequent clients (ripupdate, networkupdate, mirror).
6 |
7 | Status: NOT REVUED, NOT TESTED,
8 |
9 | Design and implementation by: Marek Bukowy
10 |
11 | ******************/ /******************
12 | Copyright (c) 1999 RIPE NCC
13 |
14 | All Rights Reserved
15 |
16 | Permission to use, copy, modify, and distribute this software and its
17 | documentation for any purpose and without fee is hereby granted,
18 | provided that the above copyright notice appear in all copies and that
19 | both that copyright notice and this permission notice appear in
20 | supporting documentation, and that the name of the author not be
21 | used in advertising or publicity pertaining to distribution of the
22 | software without specific, written prior permission.
23 |
24 | THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
25 | ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
26 | AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
27 | DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
28 | AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
29 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
30 | ***************************************/
31 |
32 | #include "iproutines.h"
33 | #include "mysql_driver.h"
34 | #include "constants.h"
35 |
36 | #include "access_control.h"
37 | /*
38 | > +---------------+---------------------+------+-----+---------+-------+
39 | > | Field | Type | Null | Key | Default | Extra |
40 | > +---------------+---------------------+------+-----+---------+-------+
41 | > | prefix | int(10) unsigned | | PRI | 0 | |
42 | > | prefix_length | tinyint(3) unsigned | | PRI | 0 | |
43 | > | source | varchar(32) | | PRI | | |
44 | > | ripupdate | tinyint(3) | | | 0 | |
45 | > | netupdate | tinyint(3) | | | 0 | |
46 | > | mirror | tinyint(3) | | | 0 | |
47 | > | comment | longblob | YES | | NULL | |
48 | > +---------------+---------------------+------+-----+---------+-------+
49 | */
50 |
51 | typedef struct {
52 | int ripupdate;
53 | int netupdate;
54 | int mirror;
55 | } aa_rights;
56 |
57 | void aa_parserow(SQ_result_set_t *result, aa_rights *rights)
58 | {
59 | SQ_row_t *row;
60 |
61 | /* zero the rights - so if we don't get any results, we have a valid
62 | answer "no rights" */
63 |
64 | rights->ripupdate = 0;
65 | rights->netupdate = 0;
66 | rights->mirror = 0;
67 |
68 | if ( (row = SQ_row_next(result)) != NULL ) {
69 | /* read in the order of query */
70 | if( sscanf(SQ_get_column_string_nocopy(result, row, 0),
71 | "%u", &rights->ripupdate ) < 1 ) { die; }
72 | if( sscanf(SQ_get_column_string_nocopy(result, row, 1),
73 | "%u", &rights->netupdate ) < 1 ) { die; }
74 | if( sscanf(SQ_get_column_string_nocopy(result, row, 2),
75 | "%u", &rights->mirror ) < 1 ) { die; }
76 | }
77 | }
78 |
79 |
80 |
81 | void aa_compose_query(ip_addr_t *address, char *source, char *buf, unsigned len)
82 | {
83 | snprintf(buf,len, "SELECT ripupdate, netupdate, mirror FROM aaa WHERE %lu "
84 | " BETWEEN prefix AND (prefix+(1<<(32-prefix_length)))"
85 | " AND source = '%s' "
86 | " ORDER BY prefix_length DESC LIMIT 1" /* take the most specific entry */,
87 | IP_addr_b2v4_addr(address), source );
88 | }
89 |
90 |
91 |
92 | /* finds and fills in the struct */
93 | void
94 | aa_find(ip_addr_t *address, char *source, aa_rights *rights)
95 | {
96 | SQ_result_set_t *result;
97 | SQ_connection_t *con=NULL;
98 | char buf[1024];
99 |
100 | /* get the query */
101 | aa_compose_query(address,source, buf, 1024);
102 |
103 | /* open the database */
104 |
105 | if( (con = AC_dbopen_admin()) == NULL ) {
106 | fprintf(stderr, "ERROR %d: %s\n", SQ_errno(con), SQ_error(con));
107 | die;
108 | }
109 |
110 | /* select the most specific entry */
111 | if( SQ_execute_query(con, buf, &result) == -1 ) {
112 | fprintf(stderr, "ERROR %d: %s\n", SQ_errno(con), SQ_error(con));
113 | die;
114 | }
115 |
116 | /* read in the rights from the resulting row */
117 | aa_parserow(result, rights);
118 |
119 | /* release everything */
120 | SQ_free_result(result);
121 |
122 | /* Close connection */
123 | SQ_close_connection(con);
124 | }
125 |
126 |
127 | int AA_can_networkupdate( ip_addr_t *address, char *source )
128 | {
129 | aa_rights myrights;
130 | aa_find(address, source, &myrights);
131 | return (myrights.netupdate != 0);
132 | }
133 |
134 | int AA_can_ripupdate( ip_addr_t *address, char *source )
135 | {
136 | aa_rights myrights;
137 | aa_find(address, source, &myrights);
138 | return (myrights.ripupdate != 0);
139 | }
140 |
141 | int AA_can_mirror( ip_addr_t *address, char *source )
142 | {
143 | aa_rights myrights;
144 | aa_find(address, source, &myrights);
145 | return (myrights.mirror != 0);
146 | }