1    | #ifndef READ_ACCESS_CONTROL
2    | #define READ_ACCESS_CONTROL
3    | 
4    | /***************************************
5    |   $Revision: 1.19 $
6    | 
7    |   Access Control module (ac) - the header file.
8    | 
9    |   Status: NOT REVUED, NOT TESTED
10   |  
11   |   Design and implementation by: Marek Bukowy
12   | 
13   |   ******************/ /******************
14   |   Copyright (c) 1999,2000,2001,2002               RIPE NCC
15   |  
16   |   All Rights Reserved
17   |   
18   |   Permission to use, copy, modify, and distribute this software and its
19   |   documentation for any purpose and without fee is hereby granted,
20   |   provided that the above copyright notice appear in all copies and that
21   |   both that copyright notice and this permission notice appear in
22   |   supporting documentation, and that the name of the author not be
23   |   used in advertising or publicity pertaining to distribution of the
24   |   software without specific, written prior permission.
25   |   
26   |   THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
27   |   ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
28   |   AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
29   |   DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
30   |   AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
31   |   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
32   |   ***************************************/
33   | 
34   | #include "erroutines.h"
35   | #include "iproutines.h"
36   | #include "rxroutines.h"
37   | #include "mysql_driver.h"
38   | 
39   | #ifdef AC_IMPL
40   | #define EXTDEF 
41   | #else
42   | #define EXTDEF extern
43   | #endif
44   | 
45   | /* Access control structure */
46   | typedef struct {
47   |                         /* max bonus values before temporary denial,
48   | 			 * -1 == unlimited: */
49   |   int      maxprivate;  /* --  private objects */
50   |   int      maxpublic;   /* --  public objects */
51   |   short    maxdenials;  /* before the permanent ban is set */
52   |   char     deny;        /* THE ban itself */
53   |   char     trustpass;   /* has power to pass ip addresses */
54   | } acl_st;
55   | 
56   | 
57   | #ifdef AC_IMPL
58   | /* order must correspond to the array below */
59   | typedef enum {
60   |   AC_AR_MAXPRIVATE = 0,
61   |     AC_AR_MAXPUBLIC,
62   |     AC_AR_MAXDENIALS,
63   |     AC_AR_DENY,
64   |     AC_AR_TRUSTPASS,
65   |     AC_AR_SIZE
66   | } AC_ar_elements;
67   | 
68   | /* this array is used for setting the values from the command line
69   |    of the admin interface (with getsubopt)
70   | */
71   | char* AC_ar_acl[]  = {
72   |   "maxprivate",  
73   |   "maxpublic",
74   |   "maxdenials",
75   |   "deny",
76   |   "trustpass",
77   |   NULL };
78   | #endif
79   | 
80   | 
81   | /* Accounting == counters */
82   | typedef struct {
83   |   int connections;
84   |   int addrpasses;
85   |   int denials;
86   |   int queries;
87   |   int referrals;
88   |   int public_objects;     
89   |   int private_objects;    
90   |   float public_bonus;       /* those two are .. */
91   |   float private_bonus;      /* .. maintained only in the runtime tree */
92   | } acc_st;
93   | 
94   | 
95   | #define ACC_PLUS 0
96   | #define ACC_MINUS 1
97   | 
98   | #ifdef __cplusplus
99   | extern "C" {
100  | #endif
101  | 
102  | 
103  | /* prototypes */
104  | er_ret_t AC_build(void);
105  | er_ret_t AC_fetch_acc( ip_addr_t *, acc_st * );
106  | er_ret_t AC_check_acl( ip_addr_t *, acc_st *, acl_st *);
107  | void AC_acc_addup(acc_st *, acc_st *, int);
108  | er_ret_t AC_commit(ip_addr_t *, acc_st *,acl_st * );
109  | er_ret_t AC_acc_load(void);
110  | er_ret_t AC_decay(void);
111  | 
112  | /* interface to modifications on the fly */
113  | er_ret_t AC_asc_ban_set(char *addrstr, char *text, int denyflag);
114  | 
115  | 
116  | /* printing */
117  | char *AC_credit_to_string(acc_st *a);
118  | unsigned AC_print_acl(GString *output);
119  | unsigned AC_print_access(GString *output);
120  | 
121  | int AC_credit_isdenied(acc_st    *acc_credit);
122  | void AC_count_object( acc_st    *acc_credit, acl_st    *acl, int private );
123  | int AC_get_higher_limit(acc_st    *acc_credit, acl_st    *acl);
124  | 
125  | er_ret_t AC_asc_acl_command_set( char *command, char *comment );
126  | er_ret_t AC_asc_set_nodeny(char *ip);
127  | SQ_connection_t *AC_dbopen_admin(void);
128  | 
129  | #ifdef __cplusplus
130  | }
131  | #endif
132  | 
133  | 
134  | /* declare global accounting trees */
135  | EXTDEF rx_tree_t  *act_runtime;
136  | EXTDEF rx_tree_t  *act_hour;
137  | EXTDEF rx_tree_t  *act_minute;
138  | 
139  | /* declare global access control list tree */
140  | EXTDEF rx_tree_t  *act_acl;
141  | 
142  | #undef EXTDEF
143  | #endif /* READ_ACCESS_CONTROL */