1    | /***************************************
2    |   $Revision: 1.3 $
3    | 
4    |   access authorisation (aa). aa.c - functions to check access rights
5    |   for less frequent clients (ripupdate, networkupdate, mirror).
6    | 
7    |   Status: NOT REVUED, NOT TESTED, 
8    | 
9    |   Design and implementation by: Marek Bukowy
10   | 
11   |   ******************/ /******************
12   |   Copyright (c) 1999                              RIPE NCC
13   |  
14   |   All Rights Reserved
15   |   
16   |   Permission to use, copy, modify, and distribute this software and its
17   |   documentation for any purpose and without fee is hereby granted,
18   |   provided that the above copyright notice appear in all copies and that
19   |   both that copyright notice and this permission notice appear in
20   |   supporting documentation, and that the name of the author not be
21   |   used in advertising or publicity pertaining to distribution of the
22   |   software without specific, written prior permission.
23   |   
24   |   THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
25   |   ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
26   |   AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
27   |   DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
28   |   AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
29   |   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
30   |   ***************************************/
31   | 
32   | #include "iproutines.h"
33   | #include "mysql_driver.h"
34   | #include "constants.h"
35   | 
36   | #include "access_control.h"
37   | /* 
38   | > +---------------+---------------------+------+-----+---------+-------+
39   | > | Field         | Type                | Null | Key | Default | Extra |
40   | > +---------------+---------------------+------+-----+---------+-------+
41   | > | prefix        | int(10) unsigned    |      | PRI | 0       |       |
42   | > | prefix_length | tinyint(3) unsigned |      | PRI | 0       |       |
43   | > | source        | varchar(32)         |      | PRI |         |       |
44   | > | ripupdate     | tinyint(3)          |      |     | 0       |       |
45   | > | netupdate     | tinyint(3)          |      |     | 0       |       |
46   | > | mirror        | tinyint(3)          |      |     | 0       |       |
47   | > | comment       | longblob            | YES  |     | NULL    |       |
48   | > +---------------+---------------------+------+-----+---------+-------+
49   | */
50   | 
51   | typedef struct {
52   |   int ripupdate;
53   |   int netupdate;
54   |   int mirror;
55   | } aa_rights;
56   | 
57   | void aa_parserow(SQ_result_set_t *result, aa_rights *rights)
58   | {
59   |   SQ_row_t *row;
60   |   
61   |   /* zero the rights - so if we don't get any results, we have a valid
62   |    answer "no rights" */
63   | 
64   |   rights->ripupdate = 0;
65   |   rights->netupdate = 0;
66   |   rights->mirror    = 0;
67   | 
68   |   if ( (row = SQ_row_next(result)) != NULL ) {    
69   |     /* read in the order of query */
70   |     if( sscanf(SQ_get_column_string_nocopy(result, row, 0),
71   | 	       "%u", &rights->ripupdate ) < 1 ) { die; }
72   |     if( sscanf(SQ_get_column_string_nocopy(result, row, 1),
73   | 	       "%u", &rights->netupdate ) < 1 ) { die; }
74   |     if( sscanf(SQ_get_column_string_nocopy(result, row, 2),
75   | 	       "%u", &rights->mirror )    < 1 ) { die; }
76   |   }
77   | }
78   | 
79   | 
80   | 
81   | void aa_compose_query(ip_addr_t *address, char *source, char *buf, unsigned len)
82   | {
83   | snprintf(buf,len, "SELECT ripupdate, netupdate, mirror FROM aaa WHERE %lu "  
84   | " BETWEEN prefix AND (prefix+(1<<(32-prefix_length)))"
85   | " AND source = '%s' "
86   | " ORDER BY prefix_length DESC LIMIT 1" /* take the most specific entry */,
87   |   IP_addr_b2v4_addr(address), source );
88   | }
89   | 
90   | 
91   | 
92   | /* finds and fills in the struct */
93   | void
94   | aa_find(ip_addr_t *address, char *source, aa_rights *rights)
95   | {
96   |  SQ_result_set_t *result;
97   |  SQ_connection_t *con=NULL;
98   |  char buf[1024];
99   | 
100  |  /* get the query */
101  |  aa_compose_query(address,source, buf, 1024);
102  |  
103  |  /* open the database */
104  | 
105  |  if( (con = AC_dbopen_admin()) == NULL ) {
106  |    fprintf(stderr, "ERROR %d: %s\n", SQ_errno(con), SQ_error(con));
107  |    die;
108  |  }
109  |  
110  |  /* select the most specific entry */
111  |  if( SQ_execute_query(con, buf, &result) == -1 ) {
112  |    fprintf(stderr, "ERROR %d: %s\n", SQ_errno(con), SQ_error(con));
113  |    die;
114  |  }
115  |  
116  |  /* read in the rights from the resulting row */
117  |  aa_parserow(result, rights);
118  |  
119  |  /* release everything */
120  |  SQ_free_result(result);
121  |  
122  |  /* Close connection */
123  |  SQ_close_connection(con);
124  | }
125  | 
126  | 
127  | int AA_can_networkupdate( ip_addr_t *address, char *source )
128  | { 
129  |   aa_rights myrights;
130  |   aa_find(address, source, &myrights);
131  |   return (myrights.netupdate != 0);
132  | }
133  | 
134  | int AA_can_ripupdate( ip_addr_t *address, char *source )
135  | { 
136  |   aa_rights myrights;
137  |   aa_find(address, source, &myrights);
138  |   return (myrights.ripupdate != 0);
139  | }
140  | 
141  | int AA_can_mirror( ip_addr_t *address, char *source )
142  | { 
143  |   aa_rights myrights;
144  |   aa_find(address, source, &myrights);
145  |   return (myrights.mirror != 0);
146  | }