~mdw / fwd / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Preliminary bump to 1.2.7.
[fwd] / acl.c
1 /* -*-c-*-
2 *
3 * $Id: acl.c,v 1.4 2003/11/25 14:08:23 mdw Exp $
4 *
5 * Access control list handling
6 *
7 * (c) 1999 Straylight/Edgeware
8 */
9
10 /*----- Licensing notice --------------------------------------------------*
11 *
12 * This file is part of the `fw' port forwarder.
13 *
14 * `fw' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
18 *
19 * `fw' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with `fw'; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 */
28
29 /*----- Revision history --------------------------------------------------*
30 *
31 * $Log: acl.c,v $
32 * Revision 1.4 2003/11/25 14:08:23 mdw
33 * Debianization. Socket target options. Internet binding.
34 *
35 * Revision 1.3 1999/07/27 18:30:53 mdw
36 * Various minor portability fixes.
37 *
38 * Revision 1.2 1999/07/26 23:28:15 mdw
39 * Minor modifications for new design.
40 *
41 * Revision 1.1.1.1 1999/07/01 08:56:23 mdw
42 * Initial revision.
43 *
44 */
45
46 /*----- Header files ------------------------------------------------------*/
47
48 #include "config.h"
49
50 #include <errno.h>
51 #include <stdio.h>
52 #include <stdlib.h>
53 #include <string.h>
54
55 #include <sys/types.h>
56 #include <unistd.h>
57
58 #include <sys/socket.h>
59 #include <netinet/in.h>
60 #include <arpa/inet.h>
61 #include <netdb.h>
62
63 #include <mLib/sub.h>
64
65 #include "acl.h"
66
67 /*----- Main code ---------------------------------------------------------*/
68
69 /* --- @acl_addhost@ --- *
70 *
71 * Arguments: @acl_entry ***a@ = address of pointer to list tail
72 * @unsigned act@ = what to do with matching addresses
73 * @struct in_addr addr, mask@ = address and mask to match
74 *
75 * Returns: ---
76 *
77 * Use: Adds a host-authentication entry to the end of an access
78 * control list.
79 */
80
81 static int acl_checkhost(void *aa, struct in_addr addr, unsigned port)
82 {
83 acl_host *a = aa;
84 return ((addr.s_addr & a->mask.s_addr) == a->addr.s_addr);
85 }
86
87 static void acl_dumphost(void *aa, FILE *fp)
88 {
89 acl_host *a = aa;
90
91 fputs("from ", fp);
92 fputs(inet_ntoa(a->addr), fp);
93 fputc('/', fp);
94 fputs(inet_ntoa(a->mask), fp);
95 }
96
97 static void acl_freehost(void *aa)
98 {
99 acl_host *a = aa;
100 DESTROY(a);
101 }
102
103 static const acl_ops acl_hostops = {
104 acl_checkhost, acl_dumphost, acl_freehost
105 };
106
107 void acl_addhost(acl_entry ***a, unsigned act,
108 struct in_addr addr, struct in_addr mask)
109 {
110 acl_host *aa = CREATE(acl_host);
111 aa->a.next = 0;
112 aa->a.ops = &acl_hostops;
113 aa->a.act = act;
114 aa->addr.s_addr = addr.s_addr & mask.s_addr;
115 aa->mask = mask;
116 **a = &aa->a;
117 *a = &aa->a.next;
118 }
119
120 /* --- @acl_addpriv@ --- *
121 *
122 * Arguments: @acl_entry ***a@ = address of pointer to list tail
123 * @unsigned act@ = what to do with matching addresses
124 *
125 * Returns: ---
126 *
127 * Use: Adds a privileged-port check to the end of an access control
128 * list.
129 */
130
131 static int acl_checkpriv(void *aa, struct in_addr addr, unsigned port)
132 {
133 return (port < 1024);
134 }
135
136 static void acl_dumppriv(void *aa, FILE *fp)
137 {
138 fputs("from privileged ports", fp);
139 }
140
141 static void acl_freepriv(void *aa)
142 {
143 acl_entry *a = aa;
144 DESTROY(a);
145 }
146
147 static const acl_ops acl_privops = {
148 acl_checkpriv, acl_dumppriv, acl_freepriv
149 };
150
151 void acl_addpriv(acl_entry ***a, unsigned act)
152 {
153 acl_entry *aa = CREATE(acl_entry);
154 aa->next = 0;
155 aa->ops = &acl_privops;
156 aa->act = act;
157 **a = aa;
158 *a = &aa->next;
159 }
160
161 /* --- @acl_check@ --- *
162 *
163 * Arguments: @acl_entry *a@ = pointer to ACL to check against
164 * @struct in_addr addr@ = address to check
165 * @unsigned port@ = port number to check
166 * @int *act@ = verdict (should initially be @ACT_ALLOW@)
167 *
168 * Returns: Zero if undecided, nonzero if a rule matched.
169 *
170 * Use: Checks an address against an ACL.
171 */
172
173 int acl_check(acl_entry *a, struct in_addr addr, unsigned port, int *act)
174 {
175 for (; a; a = a->next) {
176 if (a->ops->check(a, addr, port)) {
177 *act = a->act & ACL_PERM;
178 return (1);
179 }
180 *act = (a->act & ACL_PERM) ^ 1;
181 }
182 return (0);
183 }
184
185 /* --- @acl_dump@ --- *
186 *
187 * Arguments: @acl_entry *a@ = pointer to ACL to dump
188 * @FILE *fp@ = pointer to stream to dump on
189 *
190 * Returns: ---
191 *
192 * Use: Dumps an access control list to an output stream.
193 */
194
195 void acl_dump(acl_entry *a, FILE *fp)
196 {
197 for (; a; a = a->next) {
198 fprintf(fp, " %s ",
199 (a->act & ACL_PERM) == ACL_ALLOW ? "allow" : "deny");
200 a->ops->dump(a, fp);
201 fputc('\n', fp);
202 }
203 }
204
205 /* --- @acl_free@ --- *
206 *
207 * Arguments: @acl_entry *a@ = pointer to a list of ACLs
208 *
209 * Returns: ---
210 *
211 * Use: Frees all of the memory used by an ACL.
212 */
213
214 void acl_free(acl_entry *a)
215 {
216 while (a) {
217 acl_entry *aa = a;
218 a = a->next;
219 aa->ops->free(aa);
220 }
221 }
222
223 /*----- That's all, folks -------------------------------------------------*/
Port forwarder with too many features