1 | /*************************************** 2 | $Revision: 1.6 $ 3 | 4 | access authorisation (aa). aa.c - functions to check access rights 5 | for less frequent clients (ripupdate, networkupdate, mirror). 6 | 7 | Status: NOT REVUED, NOT TESTED, 8 | 9 | Design and implementation by: Marek Bukowy 10 | 11 | ******************/ /****************** 12 | Copyright (c) 1999,2000,2001,2002 RIPE NCC 13 | 14 | All Rights Reserved 15 | 16 | Permission to use, copy, modify, and distribute this software and its 17 | documentation for any purpose and without fee is hereby granted, 18 | provided that the above copyright notice appear in all copies and that 19 | both that copyright notice and this permission notice appear in 20 | supporting documentation, and that the name of the author not be 21 | used in advertising or publicity pertaining to distribution of the 22 | software without specific, written prior permission. 23 | 24 | THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING 25 | ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL 26 | AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY 27 | DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 28 | AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 29 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 30 | ***************************************/ 31 | 32 | #include "rip.h" 33 | 34 | /* 35 | > +---------------+---------------------+------+-----+---------+-------+ 36 | > | Field | Type | Null | Key | Default | Extra | 37 | > +---------------+---------------------+------+-----+---------+-------+ 38 | > | prefix | int(10) unsigned | | PRI | 0 | | 39 | > | prefix_length | tinyint(3) unsigned | | PRI | 0 | | 40 | > | source | varchar(32) | | PRI | | | 41 | > | ripupdate | tinyint(3) | | | 0 | | 42 | > | netupdate | tinyint(3) | | | 0 | | 43 | > | mirror | tinyint(3) | | | 0 | | 44 | > | comment | longblob | YES | | NULL | | 45 | > +---------------+---------------------+------+-----+---------+-------+ 46 | */ 47 | 48 | typedef struct { 49 | int ripupdate; 50 | int netupdate; 51 | int mirror; 52 | } aa_rights; 53 | 54 | void aa_parserow(SQ_result_set_t *result, aa_rights *rights) 55 | { 56 | SQ_row_t *row; 57 | 58 | /* zero the rights - so if we don't get any results, we have a valid 59 | answer "no rights" */ 60 | 61 | rights->ripupdate = 0; 62 | rights->netupdate = 0; 63 | rights->mirror = 0; 64 | 65 | if ( (row = SQ_row_next(result)) != NULL ) { 66 | /* read in the order of query */ 67 | if( sscanf(SQ_get_column_string_nocopy(result, row, 0), 68 | "%u", &rights->ripupdate ) < 1 ) { die; } 69 | if( sscanf(SQ_get_column_string_nocopy(result, row, 1), 70 | "%u", &rights->netupdate ) < 1 ) { die; } 71 | if( sscanf(SQ_get_column_string_nocopy(result, row, 2), 72 | "%u", &rights->mirror ) < 1 ) { die; } 73 | } 74 | } 75 | 76 | 77 | 78 | void aa_compose_query(ip_addr_t *address, char *source, char *buf, unsigned len) 79 | { 80 | snprintf(buf,len, "SELECT ripupdate, netupdate, mirror FROM aaa WHERE %u " 81 | " BETWEEN prefix AND (prefix+(1<<(32-prefix_length)))" 82 | " AND source = '%s' " 83 | " ORDER BY prefix_length DESC LIMIT 1" /* take the most specific entry */, 84 | IP_addr_b2v4_addr(address), source ); 85 | } 86 | 87 | 88 | 89 | /* finds and fills in the struct */ 90 | void 91 | aa_find(ip_addr_t *address, char *source, aa_rights *rights) 92 | { 93 | SQ_result_set_t *result; 94 | SQ_connection_t *con=NULL; 95 | char buf[1024]; 96 | 97 | /* get the query */ 98 | aa_compose_query(address,source, buf, 1024); 99 | 100 | /* open the database */ 101 | 102 | if( (con = AC_dbopen_admin()) == NULL ) { 103 | fprintf(stderr, "ERROR %d: %s\n", SQ_errno(con), SQ_error(con)); 104 | die; 105 | } 106 | 107 | /* select the most specific entry */ 108 | if( SQ_execute_query(con, buf, &result) == -1 ) { 109 | fprintf(stderr, "ERROR %d: %s\n", SQ_errno(con), SQ_error(con)); 110 | die; 111 | } 112 | 113 | /* read in the rights from the resulting row */ 114 | aa_parserow(result, rights); 115 | 116 | /* release everything */ 117 | SQ_free_result(result); 118 | 119 | /* Close connection */ 120 | SQ_close_connection(con); 121 | } 122 | 123 | 124 | int AA_can_networkupdate( ip_addr_t *address, char *source ) 125 | { 126 | aa_rights myrights; 127 | aa_find(address, source, &myrights); 128 | return (myrights.netupdate != 0); 129 | } 130 | 131 | int AA_can_ripupdate( ip_addr_t *address, char *source ) 132 | { 133 | aa_rights myrights; 134 | aa_find(address, source, &myrights); 135 | return (myrights.ripupdate != 0); 136 | } 137 | 138 | int AA_can_mirror( ip_addr_t *address, char *source ) 139 | { 140 | aa_rights myrights; 141 | aa_find(address, source, &myrights); 142 | return (myrights.mirror != 0); 143 | }