164a1c36abd0fef89b71b5c82e9fdb9adb78d87e
3 * $Id: acl.c,v 1.5 2004/04/08 01:36:25 mdw Exp $
5 * Access control list handling
7 * (c) 1999 Straylight/Edgeware
10 /*----- Licensing notice --------------------------------------------------*
12 * This file is part of the `fw' port forwarder.
14 * `fw' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
19 * `fw' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
24 * You should have received a copy of the GNU General Public License
25 * along with `fw'; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 /*----- Header files ------------------------------------------------------*/
38 #include <sys/types.h>
41 #include <sys/socket.h>
42 #include <netinet/in.h>
43 #include <arpa/inet.h>
50 /*----- Main code ---------------------------------------------------------*/
52 /* --- @acl_addhost@ --- *
54 * Arguments: @acl_entry ***a@ = address of pointer to list tail
55 * @unsigned act@ = what to do with matching addresses
56 * @struct in_addr addr, mask@ = address and mask to match
60 * Use: Adds a host-authentication entry to the end of an access
64 static int acl_checkhost(void *aa
, struct in_addr addr
, unsigned port
)
67 return ((addr
.s_addr
& a
->mask
.s_addr
) == a
->addr
.s_addr
);
70 static void acl_dumphost(void *aa
, FILE *fp
)
75 fputs(inet_ntoa(a
->addr
), fp
);
77 fputs(inet_ntoa(a
->mask
), fp
);
80 static void acl_freehost(void *aa
)
86 static const acl_ops acl_hostops
= {
87 acl_checkhost
, acl_dumphost
, acl_freehost
90 void acl_addhost(acl_entry
***a
, unsigned act
,
91 struct in_addr addr
, struct in_addr mask
)
93 acl_host
*aa
= CREATE(acl_host
);
95 aa
->a
.ops
= &acl_hostops
;
97 aa
->addr
.s_addr
= addr
.s_addr
& mask
.s_addr
;
103 /* --- @acl_addpriv@ --- *
105 * Arguments: @acl_entry ***a@ = address of pointer to list tail
106 * @unsigned act@ = what to do with matching addresses
110 * Use: Adds a privileged-port check to the end of an access control
114 static int acl_checkpriv(void *aa
, struct in_addr addr
, unsigned port
)
116 return (port
< 1024);
119 static void acl_dumppriv(void *aa
, FILE *fp
)
121 fputs("from privileged ports", fp
);
124 static void acl_freepriv(void *aa
)
130 static const acl_ops acl_privops
= {
131 acl_checkpriv
, acl_dumppriv
, acl_freepriv
134 void acl_addpriv(acl_entry
***a
, unsigned act
)
136 acl_entry
*aa
= CREATE(acl_entry
);
138 aa
->ops
= &acl_privops
;
144 /* --- @acl_check@ --- *
146 * Arguments: @acl_entry *a@ = pointer to ACL to check against
147 * @struct in_addr addr@ = address to check
148 * @unsigned port@ = port number to check
149 * @int *act@ = verdict (should initially be @ACT_ALLOW@)
151 * Returns: Zero if undecided, nonzero if a rule matched.
153 * Use: Checks an address against an ACL.
156 int acl_check(acl_entry
*a
, struct in_addr addr
, unsigned port
, int *act
)
158 for (; a
; a
= a
->next
) {
159 if (a
->ops
->check(a
, addr
, port
)) {
160 *act
= a
->act
& ACL_PERM
;
163 *act
= (a
->act
& ACL_PERM
) ^ 1;
168 /* --- @acl_dump@ --- *
170 * Arguments: @acl_entry *a@ = pointer to ACL to dump
171 * @FILE *fp@ = pointer to stream to dump on
175 * Use: Dumps an access control list to an output stream.
178 void acl_dump(acl_entry
*a
, FILE *fp
)
180 for (; a
; a
= a
->next
) {
182 (a
->act
& ACL_PERM
) == ACL_ALLOW ?
"allow" : "deny");
188 /* --- @acl_free@ --- *
190 * Arguments: @acl_entry *a@ = pointer to a list of ACLs
194 * Use: Frees all of the memory used by an ACL.
197 void acl_free(acl_entry
*a
)
206 /*----- That's all, folks -------------------------------------------------*/