acl_list.h revision 256281
11590Srgrimes/* 21590Srgrimes * daemon/acl_list.h - client access control storage for the server. 31590Srgrimes * 41590Srgrimes * Copyright (c) 2007, NLnet Labs. All rights reserved. 51590Srgrimes * 61590Srgrimes * This software is open source. 71590Srgrimes * 81590Srgrimes * Redistribution and use in source and binary forms, with or without 91590Srgrimes * modification, are permitted provided that the following conditions 101590Srgrimes * are met: 111590Srgrimes * 121590Srgrimes * Redistributions of source code must retain the above copyright notice, 131590Srgrimes * this list of conditions and the following disclaimer. 141590Srgrimes * 151590Srgrimes * Redistributions in binary form must reproduce the above copyright notice, 161590Srgrimes * this list of conditions and the following disclaimer in the documentation 171590Srgrimes * and/or other materials provided with the distribution. 181590Srgrimes * 191590Srgrimes * Neither the name of the NLNET LABS nor the names of its contributors may 201590Srgrimes * be used to endorse or promote products derived from this software without 211590Srgrimes * specific prior written permission. 221590Srgrimes * 231590Srgrimes * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 241590Srgrimes * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 251590Srgrimes * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 261590Srgrimes * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 271590Srgrimes * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 281590Srgrimes * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2950477Speter * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 301590Srgrimes * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 311590Srgrimes * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 321590Srgrimes * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 3379535Sru * POSSIBILITY OF SUCH DAMAGE. 341590Srgrimes */ 351590Srgrimes 361590Srgrimes/** 371590Srgrimes * \file 3827646Scharnier * 3939123Sobrien * This file keeps track of the list of clients that are allowed to 401590Srgrimes * access the server. 411590Srgrimes */ 4272432Sru 431590Srgrimes#ifndef DAEMON_ACL_LIST_H 4495124Scharnier#define DAEMON_ACL_LIST_H 4595124Scharnier#include "util/storage/dnstree.h" 4695124Scharnierstruct config_file; 471590Srgrimesstruct regional; 481590Srgrimes 491590Srgrimes/** 501590Srgrimes * Enumeration of access control options for an address range. 511590Srgrimes * Allow or deny access. 521590Srgrimes */ 531590Srgrimesenum acl_access { 541590Srgrimes /** disallow any access whatsoever, drop it */ 551590Srgrimes acl_deny = 0, 561590Srgrimes /** disallow access, send a polite 'REFUSED' reply */ 571590Srgrimes acl_refuse, 581590Srgrimes /** allow full access for recursion (+RD) queries */ 591590Srgrimes acl_allow, 601590Srgrimes /** allow full access for all queries, recursion and cache snooping */ 6139123Sobrien acl_allow_snoop 62131491Sru}; 63131491Sru 6439123Sobrien/** 6539123Sobrien * Access control storage structure 6639123Sobrien */ 6739123Sobrienstruct acl_list { 6839123Sobrien /** regional for allocation */ 6939123Sobrien struct regional* region; 7039123Sobrien /** 711590Srgrimes * Tree of the addresses that are allowed/blocked. 721590Srgrimes * contents of type acl_addr. 731590Srgrimes */ 741590Srgrimes rbtree_t tree; 751590Srgrimes}; 7668963Sru 771590Srgrimes/** 781590Srgrimes * 7979755Sdd * An address span with access control information 801590Srgrimes */ 811590Srgrimesstruct acl_addr { 821590Srgrimes /** node in address tree */ 831590Srgrimes struct addr_tree_node node; 8427646Scharnier /** access control on this netblock */ 851590Srgrimes enum acl_access control; 861590Srgrimes}; 871590Srgrimes 881590Srgrimes/** 891590Srgrimes * Create acl structure 901590Srgrimes * @return new structure or NULL on error. 911590Srgrimes */ 921590Srgrimesstruct acl_list* acl_list_create(void); 931590Srgrimes 941590Srgrimes/** 951590Srgrimes * Delete acl structure. 961590Srgrimes * @param acl: to delete. 9770197Sru */ 9839123Sobrienvoid acl_list_delete(struct acl_list* acl); 9939123Sobrien 10039123Sobrien/** 101131491Sru * Process access control config. 102131491Sru * @param acl: where to store. 10351665Schris * @param cfg: config options. 10439123Sobrien * @return 0 on error. 105131491Sru */ 106131491Sruint acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg); 10739123Sobrien 108131491Sru/** 109131491Sru * Lookup address to see its access control status. 11039123Sobrien * @param acl: structure for address storage. 1111590Srgrimes * @param addr: address to check 1121590Srgrimes * @param addrlen: length of addr. 1131590Srgrimes * @return: what to do with message from this address. 1141590Srgrimes */ 1151590Srgrimesenum acl_access acl_list_lookup(struct acl_list* acl, 1161590Srgrimes struct sockaddr_storage* addr, socklen_t addrlen); 117140420Sru 118140420Sru/** 119140420Sru * Get memory used by acl structure. 120140420Sru * @param acl: structure for address storage. 1211590Srgrimes * @return bytes in use. 1221590Srgrimes */ 12327646Scharniersize_t acl_list_get_mem(struct acl_list* acl); 1241590Srgrimes 1251590Srgrimes#endif /* DAEMON_ACL_LIST_H */ 126