1 | #ifndef READ_ACCESS_CONTROL 2 | #define READ_ACCESS_CONTROL 3 | 4 | /*************************************** 5 | $Revision: 1.20 $ 6 | 7 | Access Control module (ac) - the header file. 8 | 9 | Status: NOT REVUED, NOT TESTED 10 | 11 | Design and implementation by: Marek Bukowy 12 | 13 | ******************/ /****************** 14 | Copyright (c) 1999,2000,2001,2002 RIPE NCC 15 | 16 | All Rights Reserved 17 | 18 | Permission to use, copy, modify, and distribute this software and its 19 | documentation for any purpose and without fee is hereby granted, 20 | provided that the above copyright notice appear in all copies and that 21 | both that copyright notice and this permission notice appear in 22 | supporting documentation, and that the name of the author not be 23 | used in advertising or publicity pertaining to distribution of the 24 | software without specific, written prior permission. 25 | 26 | THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING 27 | ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL 28 | AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY 29 | DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 30 | AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 31 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 32 | ***************************************/ 33 | 34 | #include "timediff.h" 35 | #include "erroutines.h" 36 | #include "iproutines.h" 37 | #include "rxroutines.h" 38 | #include "mysql_driver.h" 39 | 40 | #ifdef AC_IMPL 41 | #define EXTDEF 42 | #else 43 | #define EXTDEF extern 44 | #endif 45 | 46 | /* Access control structure */ 47 | typedef struct { 48 | /* max bonus values before temporary denial, 49 | * -1 == unlimited: */ 50 | int maxprivate; /* -- private objects */ 51 | int maxpublic; /* -- public objects */ 52 | short maxdenials; /* before the permanent ban is set */ 53 | char deny; /* THE ban itself */ 54 | char trustpass; /* has power to pass ip addresses */ 55 | } acl_st; 56 | 57 | 58 | #ifdef AC_IMPL 59 | /* order must correspond to the array below */ 60 | typedef enum { 61 | AC_AR_MAXPRIVATE = 0, 62 | AC_AR_MAXPUBLIC, 63 | AC_AR_MAXDENIALS, 64 | AC_AR_DENY, 65 | AC_AR_TRUSTPASS, 66 | AC_AR_SIZE 67 | } AC_ar_elements; 68 | 69 | /* this array is used for setting the values from the command line 70 | of the admin interface (with getsubopt) 71 | */ 72 | char* AC_ar_acl[] = { 73 | "maxprivate", 74 | "maxpublic", 75 | "maxdenials", 76 | "deny", 77 | "trustpass", 78 | NULL }; 79 | #endif 80 | 81 | typedef enum { 82 | AC_ACC_NOT_CHANGED = 0, 83 | AC_ACC_CHANGED, 84 | AC_ACC_NEW 85 | } AC_acc_status; 86 | 87 | /* Accounting == counters */ 88 | typedef struct { 89 | int connections; 90 | int addrpasses; 91 | int denials; 92 | int queries; 93 | int referrals; 94 | int public_objects; 95 | int private_objects; 96 | float public_bonus; /* those two are .. */ 97 | float private_bonus; /* .. maintained only in the runtime tree */ 98 | ut_timer_t timestamp; /* in-memory is ut_timer_t */ 99 | AC_acc_status changed; 100 | } acc_st; 101 | 102 | 103 | #define ACC_PLUS 0 104 | #define ACC_MINUS 1 105 | 106 | #ifdef __cplusplus 107 | extern "C" { 108 | #endif 109 | 110 | 111 | /* prototypes */ 112 | er_ret_t AC_build(void); 113 | er_ret_t AC_fetch_acc( ip_addr_t *, acc_st * ); 114 | er_ret_t AC_check_acl( ip_addr_t *, acc_st *, acl_st *); 115 | void AC_acc_addup(acc_st *, acc_st *, int); 116 | er_ret_t AC_commit(ip_addr_t *, acc_st *,acl_st * ); 117 | er_ret_t AC_acc_load(void); 118 | er_ret_t AC_decay(void); 119 | 120 | er_ret_t AC_persistence_init(void); 121 | er_ret_t AC_persistence_daemon(void); 122 | er_ret_t AC_persistence_save(void); 123 | 124 | /* interface to modifications on the fly */ 125 | /* er_ret_t AC_asc_ban_set(char *addrstr, char *text, int denyflag); */ 126 | 127 | 128 | /* printing */ 129 | char *AC_credit_to_string(acc_st *a); 130 | unsigned AC_print_acl(GString *output); 131 | unsigned AC_print_access(GString *output); 132 | 133 | int AC_credit_isdenied(acc_st *acc_credit); 134 | void AC_count_object( acc_st *acc_credit, acl_st *acl, int private ); 135 | int AC_get_higher_limit(acc_st *acc_credit, acl_st *acl); 136 | 137 | er_ret_t AC_asc_acl_command_set( char *command, char *comment ); 138 | er_ret_t AC_asc_set_nodeny(char *ip); 139 | SQ_connection_t *AC_dbopen_admin(void); 140 | 141 | #ifdef __cplusplus 142 | } 143 | #endif 144 | 145 | 146 | /* declare global accounting trees */ 147 | EXTDEF rx_tree_t *act_runtime; 148 | EXTDEF rx_tree_t *act_hour; 149 | EXTDEF rx_tree_t *act_minute; 150 | 151 | EXTDEF int ac_auto_save; 152 | 153 | 154 | /* declare global access control list tree */ 155 | EXTDEF rx_tree_t *act_acl; 156 | 157 | #undef EXTDEF 158 | #endif /* READ_ACCESS_CONTROL */