1 /*
2  * Copyright (c) 2011 NLNet Labs. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  *    notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  *    notice, this list of conditions and the following disclaimer in the
11  *    documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
17  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
19  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
21  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
23  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  */
26 
27 /**
28  * Access Control List.
29  *
30  */
31 
32 #ifndef WIRE_ACL_H
33 #define WIRE_ACL_H
34 
35 #include "config.h"
36 #include "status.h"
37 #include "wire/listener.h"
38 #include "wire/tsig.h"
39 
40 
41 /**
42  * Address range type.
43  *
44  */
45 enum acl_range_enum {
46     ACL_RANGE_SINGLE = 0,   /* single adress */
47     ACL_RANGE_MASK = 1,     /* 10.20.30.40&255.255.255.0 */
48     ACL_RANGE_SUBNET = 2,   /* 10.20.30.40/28 */
49     ACL_RANGE_MINMAX = 3    /* 10.20.30.40-10.20.30.60 (mask=max) */
50 };
51 typedef enum acl_range_enum acl_range_type;
52 
53 /**
54  * ACL.
55  *
56  */
57 typedef struct acl_struct acl_type;
58 struct acl_struct {
59     acl_type* next;
60     /* address */
61     char* address;
62     unsigned int port;
63     int family;
64     union acl_addr_storage addr;
65     union acl_addr_storage range_mask;
66     acl_range_type range_type;
67     /* tsig */
68     const char* tsig_name;
69     tsig_type* tsig;
70     /* cache */
71     time_t ixfr_disabled;
72 };
73 
74 /**
75  * Create ACL.
76  * \param[in] allocator memory allocator
77  * \param[in] address IP address
78  * \param[in] port port
79  * \param[in] tsig_name TSIG name
80  * \param[in] tsig list of TSIGs
81  * \return acl_type* ACL
82  *
83  */
84 extern acl_type* acl_create(char* address,
85     char* port, char* tsig_name, tsig_type* tsig);
86 
87 /**
88  * Find ACL.
89  * \param[in] acl ACL
90  * \param[in] addr remote address storage
91  * \param[in] tsig tsig credentials
92  * \return acl_type* ACL that matches
93  *
94  */
95 extern acl_type* acl_find(acl_type* acl, struct sockaddr_storage* addr,
96     tsig_rr_type* tsig);
97 
98 /**
99  * Parse family from address.
100  * \param[in] a address in string format
101  * \return int address family
102  *
103  */
104 extern int acl_parse_family(const char* a);
105 
106 /**
107  * Address storage to IP string.
108  * \param[in] addr socket address storage
109  * \param[out] ip ip address
110  * \param[in] len max strlen of ip address
111  * \return int 0 if failed, 1 otherwise
112  *
113  */
114 extern int addr2ip(struct sockaddr_storage addr, char* ip, size_t len);
115 
116 /**
117  * Clean up ACL.
118  * \param[in] acl ACL
119  * \param[in] allocator memory allocator
120  *
121  */
122 extern void acl_cleanup(acl_type* acl);
123 
124 #endif /* WIRE_ACL_H */
125