1    | #ifndef READ_ACCESS_CONTROL
2    | #define READ_ACCESS_CONTROL
3    | 
4    | /***************************************
5    |   $Revision: 1.14 $
6    | 
7    |   Access Control module (ac) - the header file.
8    | 
9    |   Status: NOT REVUED, NOT TESTED
10   |  
11   |   Design and implementation by: Marek Bukowy
12   | 
13   |   ******************/ /******************
14   |   Copyright (c) 1999                              RIPE NCC
15   |  
16   |   All Rights Reserved
17   |   
18   |   Permission to use, copy, modify, and distribute this software and its
19   |   documentation for any purpose and without fee is hereby granted,
20   |   provided that the above copyright notice appear in all copies and that
21   |   both that copyright notice and this permission notice appear in
22   |   supporting documentation, and that the name of the author not be
23   |   used in advertising or publicity pertaining to distribution of the
24   |   software without specific, written prior permission.
25   |   
26   |   THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
27   |   ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
28   |   AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
29   |   DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
30   |   AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
31   |   OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
32   |   ***************************************/
33   | 
34   | #include "erroutines.h"
35   | #include "iproutines.h"
36   | #include "rxroutines.h"
37   | #include "mysql_driver.h"
38   | 
39   | #ifdef AC_IMPL
40   | #define EXTDEF 
41   | #else
42   | #define EXTDEF extern
43   | #endif
44   | 
45   | /* Access control structure */
46   | typedef struct {
47   |                         /* max bonus values before temporary denial,
48   | 			 * -1 == unlimited: */
49   |   int      maxprivate;  /* --  private objects */
50   |   int      maxpublic;   /* --  public objects */
51   |   short    maxdenials;  /* before the permanent ban is set */
52   |   char     deny;        /* THE ban itself */
53   |   char     trustpass;   /* has power to pass ip addresses */
54   | } acl_st;
55   | 
56   | 
57   | #ifdef AC_IMPL
58   | /* order must correspond to the array below */
59   | typedef enum {
60   |   AC_AR_MAXPRIVATE = 0,
61   |     AC_AR_MAXPUBLIC,
62   |     AC_AR_MAXDENIALS,
63   |     AC_AR_DENY,
64   |     AC_AR_TRUSTPASS,
65   |     AC_AR_SIZE
66   | } AC_ar_elements;
67   | 
68   | /* this array is used for setting the values from the command line
69   |    of the admin interface (with getsubopt)
70   | */
71   | char* AC_ar_acl[]  = {
72   |   "maxprivate",  
73   |   "maxpublic",
74   |   "maxdenials",
75   |   "deny",
76   |   "trustpass",
77   |   NULL };
78   | #endif
79   | 
80   | 
81   | /* Accounting == counters */
82   | typedef struct {
83   |   int connections;
84   |   int addrpasses;
85   |   int denials;
86   |   int queries;
87   |   int referrals;
88   |   int public_objects;     
89   |   int private_objects;    
90   |   int public_bonus;       /* those two are .. */
91   |   int private_bonus;      /* .. maintained only in the runtime tree */
92   | } acc_st;
93   | 
94   | 
95   | #define ACC_PLUS 0
96   | #define ACC_MINUS 1
97   | 
98   | 
99   | /* prototypes */
100  | er_ret_t AC_build(void);
101  | er_ret_t AC_fetch_acc( ip_addr_t *, acc_st * );
102  | er_ret_t AC_check_acl( ip_addr_t *, acc_st *, acl_st *);
103  | void AC_acc_addup(acc_st *, acc_st *, int);
104  | er_ret_t AC_commit(ip_addr_t *, acc_st *,acl_st * );
105  | er_ret_t AC_acc_load(void);
106  | er_ret_t AC_decay(void);
107  | 
108  | /* interface to modifications on the fly */
109  | er_ret_t AC_asc_ban_set(char *addrstr, char *text, int denyflag);
110  | 
111  | 
112  | /* printing */
113  | char *AC_to_string(GList *leafptr);
114  | char *AC_credit_to_string(acc_st *a);
115  | er_ret_t AC_rxwalkhook_print(rx_node_t *node, int level, int nodecounter, void *con);
116  | er_ret_t AC_rxwalkhook_print_acl(rx_node_t *node, int level, int nodecounter, void *con);
117  | char *AC_to_string_header(void);
118  | char *AC_acl_to_string_header(void);
119  | 
120  | int AC_credit_isdenied(acc_st    *acc_credit);
121  | void AC_count_object( acc_st    *acc_credit, acl_st    *acl, int private );
122  | int AC_get_higher_limit(acc_st    *acc_credit, acl_st    *acl);
123  | 
124  | er_ret_t AC_asc_acl_command_set( char *command, char *comment );
125  | SQ_connection_t *AC_dbopen_admin(void);
126  | 
127  | /* declare global accounting trees */
128  | EXTDEF rx_tree_t  *act_runtime;
129  | EXTDEF rx_tree_t  *act_hour;
130  | EXTDEF rx_tree_t  *act_minute;
131  | 
132  | /* declare global access control list tree */
133  | EXTDEF rx_tree_t  *act_acl;
134  | 
135  | #undef EXTDEF
136  | #endif /* READ_ACCESS_CONTROL */