1 /* 2 * Copyright (c) 2011 NLNet Labs. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 15 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 17 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 19 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 20 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 21 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 22 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 23 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 */ 26 27 /** 28 * Access Control List. 29 * 30 */ 31 32 #ifndef WIRE_ACL_H 33 #define WIRE_ACL_H 34 35 #include "config.h" 36 #include "status.h" 37 #include "wire/listener.h" 38 #include "wire/tsig.h" 39 40 41 /** 42 * Address range type. 43 * 44 */ 45 enum acl_range_enum { 46 ACL_RANGE_SINGLE = 0, /* single adress */ 47 ACL_RANGE_MASK = 1, /* 10.20.30.40&255.255.255.0 */ 48 ACL_RANGE_SUBNET = 2, /* 10.20.30.40/28 */ 49 ACL_RANGE_MINMAX = 3 /* 10.20.30.40-10.20.30.60 (mask=max) */ 50 }; 51 typedef enum acl_range_enum acl_range_type; 52 53 /** 54 * ACL. 55 * 56 */ 57 typedef struct acl_struct acl_type; 58 struct acl_struct { 59 acl_type* next; 60 /* address */ 61 char* address; 62 unsigned int port; 63 int family; 64 union acl_addr_storage addr; 65 union acl_addr_storage range_mask; 66 acl_range_type range_type; 67 /* tsig */ 68 const char* tsig_name; 69 tsig_type* tsig; 70 /* cache */ 71 time_t ixfr_disabled; 72 }; 73 74 /** 75 * Create ACL. 76 * \param[in] allocator memory allocator 77 * \param[in] address IP address 78 * \param[in] port port 79 * \param[in] tsig_name TSIG name 80 * \param[in] tsig list of TSIGs 81 * \return acl_type* ACL 82 * 83 */ 84 extern acl_type* acl_create(char* address, 85 char* port, char* tsig_name, tsig_type* tsig); 86 87 /** 88 * Find ACL. 89 * \param[in] acl ACL 90 * \param[in] addr remote address storage 91 * \param[in] tsig tsig credentials 92 * \return acl_type* ACL that matches 93 * 94 */ 95 extern acl_type* acl_find(acl_type* acl, struct sockaddr_storage* addr, 96 tsig_rr_type* tsig); 97 98 /** 99 * Parse family from address. 100 * \param[in] a address in string format 101 * \return int address family 102 * 103 */ 104 extern int acl_parse_family(const char* a); 105 106 /** 107 * Address storage to IP string. 108 * \param[in] addr socket address storage 109 * \param[out] ip ip address 110 * \param[in] len max strlen of ip address 111 * \return int 0 if failed, 1 otherwise 112 * 113 */ 114 extern int addr2ip(struct sockaddr_storage addr, char* ip, size_t len); 115 116 /** 117 * Clean up ACL. 118 * \param[in] acl ACL 119 * \param[in] allocator memory allocator 120 * 121 */ 122 extern void acl_cleanup(acl_type* acl); 123 124 #endif /* WIRE_ACL_H */ 125