/* [<][>][^][v][top][bottom][index][help] */
DEFINITIONS
This source file includes following functions.
- acl_st
- AC_AR_MAXPRIVATE
- AC_AR_MAXPUBLIC
- AC_AR_MAXDENIALS
- AC_AR_DENY
- AC_AR_TRUSTPASS
- AC_AR_SIZE
- AC_ar_elements
- AC_ACC_NOT_CHANGED
- AC_ACC_CHANGED
- AC_ACC_NEW
- AC_acc_status
- acc_st
1 #ifndef READ_ACCESS_CONTROL
2 #define READ_ACCESS_CONTROL
3
4 /***************************************
5 $Revision: 1.20 $
6
7 Access Control module (ac) - the header file.
8
9 Status: NOT REVUED, NOT TESTED
10
11 Design and implementation by: Marek Bukowy
12
13 ******************/ /******************
14 Copyright (c) 1999,2000,2001,2002 RIPE NCC
15
16 All Rights Reserved
17
18 Permission to use, copy, modify, and distribute this software and its
19 documentation for any purpose and without fee is hereby granted,
20 provided that the above copyright notice appear in all copies and that
21 both that copyright notice and this permission notice appear in
22 supporting documentation, and that the name of the author not be
23 used in advertising or publicity pertaining to distribution of the
24 software without specific, written prior permission.
25
26 THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
27 ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
28 AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
29 DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
30 AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
31 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
32 ***************************************/
33
34 #include "timediff.h"
35 #include "erroutines.h"
36 #include "iproutines.h"
37 #include "rxroutines.h"
38 #include "mysql_driver.h"
39
40 #ifdef AC_IMPL
41 #define EXTDEF
42 #else
43 #define EXTDEF extern
44 #endif
45
46 /* Access control structure */
47 typedef struct {
48 /* max bonus values before temporary denial,
49 * -1 == unlimited: */
50 int maxprivate; /* -- private objects */
51 int maxpublic; /* -- public objects */
52 short maxdenials; /* before the permanent ban is set */
53 char deny; /* THE ban itself */
54 char trustpass; /* has power to pass ip addresses */
55 } acl_st;
/* [<][>][^][v][top][bottom][index][help] */
56
57
58 #ifdef AC_IMPL
59 /* order must correspond to the array below */
60 typedef enum {
61 AC_AR_MAXPRIVATE = 0,
/* [<][>][^][v][top][bottom][index][help] */
62 AC_AR_MAXPUBLIC,
/* [<][>][^][v][top][bottom][index][help] */
63 AC_AR_MAXDENIALS,
/* [<][>][^][v][top][bottom][index][help] */
64 AC_AR_DENY,
/* [<][>][^][v][top][bottom][index][help] */
65 AC_AR_TRUSTPASS,
/* [<][>][^][v][top][bottom][index][help] */
66 AC_AR_SIZE
/* [<][>][^][v][top][bottom][index][help] */
67 } AC_ar_elements;
/* [<][>][^][v][top][bottom][index][help] */
68
69 /* this array is used for setting the values from the command line
70 of the admin interface (with getsubopt)
71 */
72 char* AC_ar_acl[] = {
73 "maxprivate",
74 "maxpublic",
75 "maxdenials",
76 "deny",
77 "trustpass",
78 NULL };
79 #endif
80
81 typedef enum {
82 AC_ACC_NOT_CHANGED = 0,
/* [<][>][^][v][top][bottom][index][help] */
83 AC_ACC_CHANGED,
/* [<][>][^][v][top][bottom][index][help] */
84 AC_ACC_NEW
/* [<][>][^][v][top][bottom][index][help] */
85 } AC_acc_status;
/* [<][>][^][v][top][bottom][index][help] */
86
87 /* Accounting == counters */
88 typedef struct {
89 int connections;
90 int addrpasses;
91 int denials;
92 int queries;
93 int referrals;
94 int public_objects;
95 int private_objects;
96 float public_bonus; /* those two are .. */
97 float private_bonus; /* .. maintained only in the runtime tree */
98 ut_timer_t timestamp; /* in-memory is ut_timer_t */
99 AC_acc_status changed;
100 } acc_st;
/* [<][>][^][v][top][bottom][index][help] */
101
102
103 #define ACC_PLUS 0
104 #define ACC_MINUS 1
105
106 #ifdef __cplusplus
107 extern "C" {
108 #endif
109
110
111 /* prototypes */
112 er_ret_t AC_build(void);
113 er_ret_t AC_fetch_acc( ip_addr_t *, acc_st * );
114 er_ret_t AC_check_acl( ip_addr_t *, acc_st *, acl_st *);
115 void AC_acc_addup(acc_st *, acc_st *, int);
116 er_ret_t AC_commit(ip_addr_t *, acc_st *,acl_st * );
117 er_ret_t AC_acc_load(void);
118 er_ret_t AC_decay(void);
119
120 er_ret_t AC_persistence_init(void);
121 er_ret_t AC_persistence_daemon(void);
122 er_ret_t AC_persistence_save(void);
123
124 /* interface to modifications on the fly */
125 /* er_ret_t AC_asc_ban_set(char *addrstr, char *text, int denyflag); */
126
127
128 /* printing */
129 char *AC_credit_to_string(acc_st *a);
130 unsigned AC_print_acl(GString *output);
131 unsigned AC_print_access(GString *output);
132
133 int AC_credit_isdenied(acc_st *acc_credit);
134 void AC_count_object( acc_st *acc_credit, acl_st *acl, int private );
135 int AC_get_higher_limit(acc_st *acc_credit, acl_st *acl);
136
137 er_ret_t AC_asc_acl_command_set( char *command, char *comment );
138 er_ret_t AC_asc_set_nodeny(char *ip);
139 SQ_connection_t *AC_dbopen_admin(void);
140
141 #ifdef __cplusplus
142 }
143 #endif
144
145
146 /* declare global accounting trees */
147 EXTDEF rx_tree_t *act_runtime;
148 EXTDEF rx_tree_t *act_hour;
149 EXTDEF rx_tree_t *act_minute;
150
151 EXTDEF int ac_auto_save;
152
153
154 /* declare global access control list tree */
155 EXTDEF rx_tree_t *act_acl;
156
157 #undef EXTDEF
158 #endif /* READ_ACCESS_CONTROL */