1 | #ifndef READ_ACCESS_CONTROL
2 | #define READ_ACCESS_CONTROL
3 |
4 | /***************************************
5 | $Revision: 1.17 $
6 |
7 | Access Control module (ac) - the header file.
8 |
9 | Status: NOT REVUED, NOT TESTED
10 |
11 | Design and implementation by: Marek Bukowy
12 |
13 | ******************/ /******************
14 | Copyright (c) 1999 RIPE NCC
15 |
16 | All Rights Reserved
17 |
18 | Permission to use, copy, modify, and distribute this software and its
19 | documentation for any purpose and without fee is hereby granted,
20 | provided that the above copyright notice appear in all copies and that
21 | both that copyright notice and this permission notice appear in
22 | supporting documentation, and that the name of the author not be
23 | used in advertising or publicity pertaining to distribution of the
24 | software without specific, written prior permission.
25 |
26 | THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
27 | ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
28 | AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
29 | DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
30 | AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
31 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
32 | ***************************************/
33 |
34 | #include "erroutines.h"
35 | #include "iproutines.h"
36 | #include "rxroutines.h"
37 | #include "mysql_driver.h"
38 |
39 | #ifdef AC_IMPL
40 | #define EXTDEF
41 | #else
42 | #define EXTDEF extern
43 | #endif
44 |
45 | /* Access control structure */
46 | typedef struct {
47 | /* max bonus values before temporary denial,
48 | * -1 == unlimited: */
49 | int maxprivate; /* -- private objects */
50 | int maxpublic; /* -- public objects */
51 | short maxdenials; /* before the permanent ban is set */
52 | char deny; /* THE ban itself */
53 | char trustpass; /* has power to pass ip addresses */
54 | } acl_st;
55 |
56 |
57 | #ifdef AC_IMPL
58 | /* order must correspond to the array below */
59 | typedef enum {
60 | AC_AR_MAXPRIVATE = 0,
61 | AC_AR_MAXPUBLIC,
62 | AC_AR_MAXDENIALS,
63 | AC_AR_DENY,
64 | AC_AR_TRUSTPASS,
65 | AC_AR_SIZE
66 | } AC_ar_elements;
67 |
68 | /* this array is used for setting the values from the command line
69 | of the admin interface (with getsubopt)
70 | */
71 | char* AC_ar_acl[] = {
72 | "maxprivate",
73 | "maxpublic",
74 | "maxdenials",
75 | "deny",
76 | "trustpass",
77 | NULL };
78 | #endif
79 |
80 |
81 | /* Accounting == counters */
82 | typedef struct {
83 | int connections;
84 | int addrpasses;
85 | int denials;
86 | int queries;
87 | int referrals;
88 | int public_objects;
89 | int private_objects;
90 | float public_bonus; /* those two are .. */
91 | float private_bonus; /* .. maintained only in the runtime tree */
92 | } acc_st;
93 |
94 |
95 | #define ACC_PLUS 0
96 | #define ACC_MINUS 1
97 |
98 |
99 | /* prototypes */
100 | er_ret_t AC_build(void);
101 | er_ret_t AC_fetch_acc( ip_addr_t *, acc_st * );
102 | er_ret_t AC_check_acl( ip_addr_t *, acc_st *, acl_st *);
103 | void AC_acc_addup(acc_st *, acc_st *, int);
104 | er_ret_t AC_commit(ip_addr_t *, acc_st *,acl_st * );
105 | er_ret_t AC_acc_load(void);
106 | er_ret_t AC_decay(void);
107 |
108 | /* interface to modifications on the fly */
109 | er_ret_t AC_asc_ban_set(char *addrstr, char *text, int denyflag);
110 |
111 |
112 | /* printing */
113 | char *AC_credit_to_string(acc_st *a);
114 | unsigned AC_print_acl(GString *output);
115 | unsigned AC_print_access(GString *output);
116 |
117 | int AC_credit_isdenied(acc_st *acc_credit);
118 | void AC_count_object( acc_st *acc_credit, acl_st *acl, int private );
119 | int AC_get_higher_limit(acc_st *acc_credit, acl_st *acl);
120 |
121 | er_ret_t AC_asc_acl_command_set( char *command, char *comment );
122 | er_ret_t AC_asc_set_nodeny(char *ip);
123 | SQ_connection_t *AC_dbopen_admin(void);
124 |
125 | /* declare global accounting trees */
126 | EXTDEF rx_tree_t *act_runtime;
127 | EXTDEF rx_tree_t *act_hour;
128 | EXTDEF rx_tree_t *act_minute;
129 |
130 | /* declare global access control list tree */
131 | EXTDEF rx_tree_t *act_acl;
132 |
133 | #undef EXTDEF
134 | #endif /* READ_ACCESS_CONTROL */