1 | /*************************************** 2 | $Revision: 1.3 $ 3 | 4 | access authorisation (aa). aa.c - functions to check access rights 5 | for less frequent clients (ripupdate, networkupdate, mirror). 6 | 7 | Status: NOT REVUED, NOT TESTED, 8 | 9 | Design and implementation by: Marek Bukowy 10 | 11 | ******************/ /****************** 12 | Copyright (c) 1999 RIPE NCC 13 | 14 | All Rights Reserved 15 | 16 | Permission to use, copy, modify, and distribute this software and its 17 | documentation for any purpose and without fee is hereby granted, 18 | provided that the above copyright notice appear in all copies and that 19 | both that copyright notice and this permission notice appear in 20 | supporting documentation, and that the name of the author not be 21 | used in advertising or publicity pertaining to distribution of the 22 | software without specific, written prior permission. 23 | 24 | THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING 25 | ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL 26 | AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY 27 | DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 28 | AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 29 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 30 | ***************************************/ 31 | 32 | #include "iproutines.h" 33 | #include "mysql_driver.h" 34 | #include "constants.h" 35 | 36 | #include "access_control.h" 37 | /* 38 | > +---------------+---------------------+------+-----+---------+-------+ 39 | > | Field | Type | Null | Key | Default | Extra | 40 | > +---------------+---------------------+------+-----+---------+-------+ 41 | > | prefix | int(10) unsigned | | PRI | 0 | | 42 | > | prefix_length | tinyint(3) unsigned | | PRI | 0 | | 43 | > | source | varchar(32) | | PRI | | | 44 | > | ripupdate | tinyint(3) | | | 0 | | 45 | > | netupdate | tinyint(3) | | | 0 | | 46 | > | mirror | tinyint(3) | | | 0 | | 47 | > | comment | longblob | YES | | NULL | | 48 | > +---------------+---------------------+------+-----+---------+-------+ 49 | */ 50 | 51 | typedef struct { 52 | int ripupdate; 53 | int netupdate; 54 | int mirror; 55 | } aa_rights; 56 | 57 | void aa_parserow(SQ_result_set_t *result, aa_rights *rights) 58 | { 59 | SQ_row_t *row; 60 | 61 | /* zero the rights - so if we don't get any results, we have a valid 62 | answer "no rights" */ 63 | 64 | rights->ripupdate = 0; 65 | rights->netupdate = 0; 66 | rights->mirror = 0; 67 | 68 | if ( (row = SQ_row_next(result)) != NULL ) { 69 | /* read in the order of query */ 70 | if( sscanf(SQ_get_column_string_nocopy(result, row, 0), 71 | "%u", &rights->ripupdate ) < 1 ) { die; } 72 | if( sscanf(SQ_get_column_string_nocopy(result, row, 1), 73 | "%u", &rights->netupdate ) < 1 ) { die; } 74 | if( sscanf(SQ_get_column_string_nocopy(result, row, 2), 75 | "%u", &rights->mirror ) < 1 ) { die; } 76 | } 77 | } 78 | 79 | 80 | 81 | void aa_compose_query(ip_addr_t *address, char *source, char *buf, unsigned len) 82 | { 83 | snprintf(buf,len, "SELECT ripupdate, netupdate, mirror FROM aaa WHERE %lu " 84 | " BETWEEN prefix AND (prefix+(1<<(32-prefix_length)))" 85 | " AND source = '%s' " 86 | " ORDER BY prefix_length DESC LIMIT 1" /* take the most specific entry */, 87 | IP_addr_b2v4_addr(address), source ); 88 | } 89 | 90 | 91 | 92 | /* finds and fills in the struct */ 93 | void 94 | aa_find(ip_addr_t *address, char *source, aa_rights *rights) 95 | { 96 | SQ_result_set_t *result; 97 | SQ_connection_t *con=NULL; 98 | char buf[1024]; 99 | 100 | /* get the query */ 101 | aa_compose_query(address,source, buf, 1024); 102 | 103 | /* open the database */ 104 | 105 | if( (con = AC_dbopen_admin()) == NULL ) { 106 | fprintf(stderr, "ERROR %d: %s\n", SQ_errno(con), SQ_error(con)); 107 | die; 108 | } 109 | 110 | /* select the most specific entry */ 111 | if( SQ_execute_query(con, buf, &result) == -1 ) { 112 | fprintf(stderr, "ERROR %d: %s\n", SQ_errno(con), SQ_error(con)); 113 | die; 114 | } 115 | 116 | /* read in the rights from the resulting row */ 117 | aa_parserow(result, rights); 118 | 119 | /* release everything */ 120 | SQ_free_result(result); 121 | 122 | /* Close connection */ 123 | SQ_close_connection(con); 124 | } 125 | 126 | 127 | int AA_can_networkupdate( ip_addr_t *address, char *source ) 128 | { 129 | aa_rights myrights; 130 | aa_find(address, source, &myrights); 131 | return (myrights.netupdate != 0); 132 | } 133 | 134 | int AA_can_ripupdate( ip_addr_t *address, char *source ) 135 | { 136 | aa_rights myrights; 137 | aa_find(address, source, &myrights); 138 | return (myrights.ripupdate != 0); 139 | } 140 | 141 | int AA_can_mirror( ip_addr_t *address, char *source ) 142 | { 143 | aa_rights myrights; 144 | aa_find(address, source, &myrights); 145 | return (myrights.mirror != 0); 146 | }