1 /*	$NetBSD: aclconf.h,v 1.7 2014/12/10 04:38:02 christos Exp $	*/
2 
3 /*
4  * Copyright (C) 2004-2007, 2010-2014  Internet Systems Consortium, Inc. ("ISC")
5  * Copyright (C) 1999-2001  Internet Software Consortium.
6  *
7  * Permission to use, copy, modify, and/or distribute this software for any
8  * purpose with or without fee is hereby granted, provided that the above
9  * copyright notice and this permission notice appear in all copies.
10  *
11  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17  * PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 /* Id */
21 
22 #ifndef ISCCFG_ACLCONF_H
23 #define ISCCFG_ACLCONF_H 1
24 
25 #include <isc/lang.h>
26 
27 #include <isccfg/cfg.h>
28 
29 #ifdef HAVE_GEOIP
30 #include <dns/geoip.h>
31 #endif
32 #include <dns/types.h>
33 
34 typedef struct cfg_aclconfctx {
35 	ISC_LIST(dns_acl_t) named_acl_cache;
36 	isc_mem_t *mctx;
37 #ifdef HAVE_GEOIP
38 	dns_geoip_databases_t *geoip;
39 #endif
40 	isc_refcount_t references;
41 } cfg_aclconfctx_t;
42 
43 /***
44  *** Functions
45  ***/
46 
47 ISC_LANG_BEGINDECLS
48 
49 isc_result_t
50 cfg_aclconfctx_create(isc_mem_t *mctx, cfg_aclconfctx_t **ret);
51 /*
52  * Creates and initializes an ACL configuration context.
53  */
54 
55 void
56 cfg_aclconfctx_detach(cfg_aclconfctx_t **actxp);
57 /*
58  * Removes a reference to an ACL configuration context; when references
59  * reaches zero, clears the contents and deallocate the structure.
60  */
61 
62 void
63 cfg_aclconfctx_attach(cfg_aclconfctx_t *src, cfg_aclconfctx_t **dest);
64 /*
65  * Attaches a pointer to an existing ACL configuration context.
66  */
67 
68 isc_result_t
69 cfg_acl_fromconfig(const cfg_obj_t *caml, const cfg_obj_t *cctx,
70 		   isc_log_t *lctx, cfg_aclconfctx_t *ctx,
71 		   isc_mem_t *mctx, unsigned int nest_level,
72 		   dns_acl_t **target);
73 
74 isc_result_t
75 cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
76 		   isc_log_t *lctx, cfg_aclconfctx_t *ctx,
77 		   isc_mem_t *mctx, unsigned int nest_level,
78 		   isc_uint16_t family, dns_acl_t **target);
79 /*
80  * Construct a new dns_acl_t from configuration data in 'caml' and
81  * 'cctx'.  Memory is allocated through 'mctx'.
82  *
83  * Any named ACLs referred to within 'caml' will be be converted
84  * into nested dns_acl_t objects.  Multiple references to the same
85  * named ACLs will be converted into shared references to a single
86  * nested dns_acl_t object when the referring objects were created
87  * passing the same ACL configuration context 'ctx'.
88  *
89  * cfg_acl_fromconfig() is a backward-compatible version of
90  * cfg_acl_fromconfig2(), which allows an address family to be
91  * specified.  If 'family' is not zero, then only addresses/prefixes
92  * of a matching family (AF_INET or AF_INET6) may be configured.
93  *
94  * On success, attach '*target' to the new dns_acl_t object.
95  */
96 
97 ISC_LANG_ENDDECLS
98 
99 #endif /* ISCCFG_ACLCONF_H */
100