1/* 2 * daemon/acl_list.h - client access control storage for the server. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36/** 37 * \file 38 * 39 * This file keeps track of the list of clients that are allowed to 40 * access the server. 41 */ 42 43#ifndef DAEMON_ACL_LIST_H 44#define DAEMON_ACL_LIST_H 45#include "util/storage/dnstree.h" 46struct config_file; 47struct regional; 48 49/** 50 * Enumeration of access control options for an address range. 51 * Allow or deny access. 52 */ 53enum acl_access { 54 /** disallow any access whatsoever, drop it */ 55 acl_deny = 0, 56 /** disallow access, send a polite 'REFUSED' reply */ 57 acl_refuse, 58 /** allow full access for recursion (+RD) queries */ 59 acl_allow, 60 /** allow full access for all queries, recursion and cache snooping */ 61 acl_allow_snoop 62}; 63 64/** 65 * Access control storage structure 66 */ 67struct acl_list { 68 /** regional for allocation */ 69 struct regional* region; 70 /** 71 * Tree of the addresses that are allowed/blocked. 72 * contents of type acl_addr. 73 */ 74 rbtree_t tree; 75}; 76 77/** 78 * 79 * An address span with access control information 80 */ 81struct acl_addr { 82 /** node in address tree */ 83 struct addr_tree_node node; 84 /** access control on this netblock */ 85 enum acl_access control; 86}; 87 88/** 89 * Create acl structure 90 * @return new structure or NULL on error. 91 */ 92struct acl_list* acl_list_create(void); 93 94/** 95 * Delete acl structure. 96 * @param acl: to delete. 97 */ 98void acl_list_delete(struct acl_list* acl); 99 100/** 101 * Process access control config. 102 * @param acl: where to store. 103 * @param cfg: config options. 104 * @return 0 on error. 105 */ 106int acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg); 107 108/** 109 * Lookup address to see its access control status. 110 * @param acl: structure for address storage. 111 * @param addr: address to check 112 * @param addrlen: length of addr. 113 * @return: what to do with message from this address. 114 */ 115enum acl_access acl_list_lookup(struct acl_list* acl, 116 struct sockaddr_storage* addr, socklen_t addrlen); 117 118/** 119 * Get memory used by acl structure. 120 * @param acl: structure for address storage. 121 * @return bytes in use. 122 */ 123size_t acl_list_get_mem(struct acl_list* acl); 124 125#endif /* DAEMON_ACL_LIST_H */ 126