1    | #ifndef READ_ACCESS_CONTROL
2    | #define READ_ACCESS_CONTROL
3    | 
4    | /***************************************
5    |   $Revision: 1.20 $
6    | 
7    |   Access Control module (ac) - the header file.
8    | 
9    |   Status: NOT REVUED, NOT TESTED
10   |  
11   |   Design and implementation by: Marek Bukowy
12   | 
13   |   ******************/ /******************
14   |   Copyright (c) 1999,2000,2001,2002               RIPE NCC
15   |  
16   |   All Rights Reserved
17   |   
18   |   Permission to use, copy, modify, and distribute this software and its
19   |   documentation for any purpose and without fee is hereby granted,
20   |   provided that the above copyright notice appear in all copies and that
21   |   both that copyright notice and this permission notice appear in
22   |   supporting documentation, and that the name of the author not be
23   |   used in advertising or publicity pertaining to distribution of the
24   |   software without specific, written prior permission.
25   |   
26   |   THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
27   |   ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
28   |   AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
29   |   DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
30   |   AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
31   |   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
32   |   ***************************************/
33   | 
34   | #include "timediff.h"
35   | #include "erroutines.h"
36   | #include "iproutines.h"
37   | #include "rxroutines.h"
38   | #include "mysql_driver.h"
39   | 
40   | #ifdef AC_IMPL
41   | #define EXTDEF 
42   | #else
43   | #define EXTDEF extern
44   | #endif
45   | 
46   | /* Access control structure */
47   | typedef struct {
48   |                         /* max bonus values before temporary denial,
49   | 			 * -1 == unlimited: */
50   |   int      maxprivate;  /* --  private objects */
51   |   int      maxpublic;   /* --  public objects */
52   |   short    maxdenials;  /* before the permanent ban is set */
53   |   char     deny;        /* THE ban itself */
54   |   char     trustpass;   /* has power to pass ip addresses */
55   | } acl_st;
56   | 
57   | 
58   | #ifdef AC_IMPL
59   | /* order must correspond to the array below */
60   | typedef enum {
61   |   AC_AR_MAXPRIVATE = 0,
62   |     AC_AR_MAXPUBLIC,
63   |     AC_AR_MAXDENIALS,
64   |     AC_AR_DENY,
65   |     AC_AR_TRUSTPASS,
66   |     AC_AR_SIZE
67   | } AC_ar_elements;
68   | 
69   | /* this array is used for setting the values from the command line
70   |    of the admin interface (with getsubopt)
71   | */
72   | char* AC_ar_acl[]  = {
73   |   "maxprivate",  
74   |   "maxpublic",
75   |   "maxdenials",
76   |   "deny",
77   |   "trustpass",
78   |   NULL };
79   | #endif
80   | 
81   | typedef enum {
82   |   AC_ACC_NOT_CHANGED = 0,
83   |   AC_ACC_CHANGED,
84   |   AC_ACC_NEW
85   | } AC_acc_status;
86   | 
87   | /* Accounting == counters */
88   | typedef struct {
89   |   int connections;
90   |   int addrpasses;
91   |   int denials;
92   |   int queries;
93   |   int referrals;
94   |   int public_objects;     
95   |   int private_objects;    
96   |   float public_bonus;       /* those two are .. */
97   |   float private_bonus;      /* .. maintained only in the runtime tree */
98   |   ut_timer_t timestamp;     /* in-memory is ut_timer_t */
99   |   AC_acc_status changed; 
100  | } acc_st;
101  | 
102  | 
103  | #define ACC_PLUS 0
104  | #define ACC_MINUS 1
105  | 
106  | #ifdef __cplusplus
107  | extern "C" {
108  | #endif
109  | 
110  | 
111  | /* prototypes */
112  | er_ret_t AC_build(void);
113  | er_ret_t AC_fetch_acc( ip_addr_t *, acc_st * );
114  | er_ret_t AC_check_acl( ip_addr_t *, acc_st *, acl_st *);
115  | void AC_acc_addup(acc_st *, acc_st *, int);
116  | er_ret_t AC_commit(ip_addr_t *, acc_st *,acl_st * );
117  | er_ret_t AC_acc_load(void);
118  | er_ret_t AC_decay(void);
119  | 
120  | er_ret_t AC_persistence_init(void);
121  | er_ret_t AC_persistence_daemon(void);
122  | er_ret_t AC_persistence_save(void);
123  | 
124  | /* interface to modifications on the fly */
125  | /* er_ret_t AC_asc_ban_set(char *addrstr, char *text, int denyflag); */
126  | 
127  | 
128  | /* printing */
129  | char *AC_credit_to_string(acc_st *a);
130  | unsigned AC_print_acl(GString *output);
131  | unsigned AC_print_access(GString *output);
132  | 
133  | int AC_credit_isdenied(acc_st    *acc_credit);
134  | void AC_count_object( acc_st    *acc_credit, acl_st    *acl, int private );
135  | int AC_get_higher_limit(acc_st    *acc_credit, acl_st    *acl);
136  | 
137  | er_ret_t AC_asc_acl_command_set( char *command, char *comment );
138  | er_ret_t AC_asc_set_nodeny(char *ip);
139  | SQ_connection_t *AC_dbopen_admin(void);
140  | 
141  | #ifdef __cplusplus
142  | }
143  | #endif
144  | 
145  | 
146  | /* declare global accounting trees */
147  | EXTDEF rx_tree_t  *act_runtime;
148  | EXTDEF rx_tree_t  *act_hour;
149  | EXTDEF rx_tree_t  *act_minute;
150  | 
151  | EXTDEF int ac_auto_save;
152  | 
153  | 
154  | /* declare global access control list tree */
155  | EXTDEF rx_tree_t  *act_acl;
156  | 
157  | #undef EXTDEF
158  | #endif /* READ_ACCESS_CONTROL */