1    | /***************************************
2    |   $Revision: 1.6 $
3    | 
4    |   access authorisation (aa). aa.c - functions to check access rights
5    |   for less frequent clients (ripupdate, networkupdate, mirror).
6    | 
7    |   Status: NOT REVUED, NOT TESTED, 
8    | 
9    |   Design and implementation by: Marek Bukowy
10   | 
11   |   ******************/ /******************
12   |   Copyright (c) 1999,2000,2001,2002                         RIPE NCC
13   |  
14   |   All Rights Reserved
15   |   
16   |   Permission to use, copy, modify, and distribute this software and its
17   |   documentation for any purpose and without fee is hereby granted,
18   |   provided that the above copyright notice appear in all copies and that
19   |   both that copyright notice and this permission notice appear in
20   |   supporting documentation, and that the name of the author not be
21   |   used in advertising or publicity pertaining to distribution of the
22   |   software without specific, written prior permission.
23   |   
24   |   THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
25   |   ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
26   |   AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
27   |   DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
28   |   AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
29   |   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
30   |   ***************************************/
31   | 
32   | #include "rip.h"
33   | 
34   | /* 
35   | > +---------------+---------------------+------+-----+---------+-------+
36   | > | Field         | Type                | Null | Key | Default | Extra |
37   | > +---------------+---------------------+------+-----+---------+-------+
38   | > | prefix        | int(10) unsigned    |      | PRI | 0       |       |
39   | > | prefix_length | tinyint(3) unsigned |      | PRI | 0       |       |
40   | > | source        | varchar(32)         |      | PRI |         |       |
41   | > | ripupdate     | tinyint(3)          |      |     | 0       |       |
42   | > | netupdate     | tinyint(3)          |      |     | 0       |       |
43   | > | mirror        | tinyint(3)          |      |     | 0       |       |
44   | > | comment       | longblob            | YES  |     | NULL    |       |
45   | > +---------------+---------------------+------+-----+---------+-------+
46   | */
47   | 
48   | typedef struct {
49   |   int ripupdate;
50   |   int netupdate;
51   |   int mirror;
52   | } aa_rights;
53   | 
54   | void aa_parserow(SQ_result_set_t *result, aa_rights *rights)
55   | {
56   |   SQ_row_t *row;
57   |   
58   |   /* zero the rights - so if we don't get any results, we have a valid
59   |    answer "no rights" */
60   | 
61   |   rights->ripupdate = 0;
62   |   rights->netupdate = 0;
63   |   rights->mirror    = 0;
64   | 
65   |   if ( (row = SQ_row_next(result)) != NULL ) {    
66   |     /* read in the order of query */
67   |     if( sscanf(SQ_get_column_string_nocopy(result, row, 0),
68   | 	       "%u", &rights->ripupdate ) < 1 ) { die; }
69   |     if( sscanf(SQ_get_column_string_nocopy(result, row, 1),
70   | 	       "%u", &rights->netupdate ) < 1 ) { die; }
71   |     if( sscanf(SQ_get_column_string_nocopy(result, row, 2),
72   | 	       "%u", &rights->mirror )    < 1 ) { die; }
73   |   }
74   | }
75   | 
76   | 
77   | 
78   | void aa_compose_query(ip_addr_t *address, char *source, char *buf, unsigned len)
79   | {
80   | snprintf(buf,len, "SELECT ripupdate, netupdate, mirror FROM aaa WHERE %u "  
81   | " BETWEEN prefix AND (prefix+(1<<(32-prefix_length)))"
82   | " AND source = '%s' "
83   | " ORDER BY prefix_length DESC LIMIT 1" /* take the most specific entry */,
84   |   IP_addr_b2v4_addr(address), source );
85   | }
86   | 
87   | 
88   | 
89   | /* finds and fills in the struct */
90   | void
91   | aa_find(ip_addr_t *address, char *source, aa_rights *rights)
92   | {
93   |  SQ_result_set_t *result;
94   |  SQ_connection_t *con=NULL;
95   |  char buf[1024];
96   | 
97   |  /* get the query */
98   |  aa_compose_query(address,source, buf, 1024);
99   |  
100  |  /* open the database */
101  | 
102  |  if( (con = AC_dbopen_admin()) == NULL ) {
103  |    fprintf(stderr, "ERROR %d: %s\n", SQ_errno(con), SQ_error(con));
104  |    die;
105  |  }
106  |  
107  |  /* select the most specific entry */
108  |  if( SQ_execute_query(con, buf, &result) == -1 ) {
109  |    fprintf(stderr, "ERROR %d: %s\n", SQ_errno(con), SQ_error(con));
110  |    die;
111  |  }
112  |  
113  |  /* read in the rights from the resulting row */
114  |  aa_parserow(result, rights);
115  |  
116  |  /* release everything */
117  |  SQ_free_result(result);
118  |  
119  |  /* Close connection */
120  |  SQ_close_connection(con);
121  | }
122  | 
123  | 
124  | int AA_can_networkupdate( ip_addr_t *address, char *source )
125  | { 
126  |   aa_rights myrights;
127  |   aa_find(address, source, &myrights);
128  |   return (myrights.netupdate != 0);
129  | }
130  | 
131  | int AA_can_ripupdate( ip_addr_t *address, char *source )
132  | { 
133  |   aa_rights myrights;
134  |   aa_find(address, source, &myrights);
135  |   return (myrights.ripupdate != 0);
136  | }
137  | 
138  | int AA_can_mirror( ip_addr_t *address, char *source )
139  | { 
140  |   aa_rights myrights;
141  |   aa_find(address, source, &myrights);
142  |   return (myrights.mirror != 0);
143  | }