/* -*-c-*-
*
- * $Id: acl.h,v 1.3 1999/07/27 18:30:53 mdw Exp $
+ * $Id: acl.h,v 1.5 2004/04/08 01:36:25 mdw Exp $
*
* Access control list handling
*
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: acl.h,v $
- * Revision 1.3 1999/07/27 18:30:53 mdw
- * Various minor portability fixes.
- *
- * Revision 1.2 1999/07/26 23:28:16 mdw
- * Minor modifications for new design.
- *
- * Revision 1.1.1.1 1999/07/01 08:56:23 mdw
- * Initial revision.
- *
- */
-
#ifndef ACL_H
#define ACL_H
typedef struct acl_entry {
struct acl_entry *next; /* Next entry in the list */
+ const struct acl_ops *ops; /* Operations for the ACL entry */
unsigned act; /* What to do with matching hosts */
- struct in_addr addr, mask; /* Address and netmask */
} acl_entry;
-#define ACL_DENY 0 /* Deny access to matching hosts */
-#define ACL_ALLOW 1 /* Allow access to matching hosts */
+#define ACL_DENY 0 /* Deny access to matching conns */
+#define ACL_ALLOW 1 /* Allow access to matching conns */
#define ACL_PERM 1u /* Bit mask for permission bit */
+/* --- Host-based access control --- */
+
+typedef struct acl_host {
+ acl_entry a; /* Base structure */
+ struct in_addr addr, mask; /* Address and netmask */
+} acl_host;
+
+/* --- ACL methods --- */
+
+typedef struct acl_ops {
+ int (*check)(void */*a*/, struct in_addr /*addr*/, unsigned /*port*/);
+ void (*dump)(void */*a*/, FILE */*fp*/);
+ void (*free)(void */*a*/);
+} acl_ops;
+
/*----- Functions provided ------------------------------------------------*/
/* --- @acl_check@ --- *
*
* Arguments: @acl_entry *a@ = pointer to ACL to check against
* @struct in_addr addr@ = address to check
+ * @unsigned port@ = port number to check
+ * @int *act@ = verdict (should initially be @ACT_ALLOW@)
*
- * Returns: Nonzero if allowed.
+ * Returns: Zero if undecided, nonzero if a rule matched.
*
* Use: Checks an address against an ACL.
*/
-extern int acl_check(acl_entry */*a*/, struct in_addr /*addr*/);
+extern int acl_check(acl_entry */*a*/,
+ struct in_addr /*addr*/, unsigned /*port*/,
+ int */*act*/);
/* --- @acl_dump@ --- *
*
extern void acl_free(acl_entry */*a*/);
-/* --- @acl_add@ --- *
+/* --- @acl_addhost@ --- *
*
* Arguments: @acl_entry ***a@ = address of pointer to list tail
* @unsigned act@ = what to do with matching addresses
*
* Returns: ---
*
- * Use: Adds an entry to the end of an access control list.
+ * Use: Adds a host-authentication entry to the end of an access
+ * control list.
+ */
+
+extern void acl_addhost(acl_entry ***/*a*/, unsigned /*act*/,
+ struct in_addr /*addr*/, struct in_addr /*mask*/);
+
+/* --- @acl_addpriv@ --- *
+ *
+ * Arguments: @acl_entry ***a@ = address of pointer to list tail
+ * @unsigned act@ = what to do with matching addresses
+ *
+ * Returns: ---
+ *
+ * Use: Adds a privileged-port check to the end of an access control
+ * list.
*/
-extern void acl_add(acl_entry ***/*a*/, unsigned /*act*/,
- struct in_addr /*addr*/, struct in_addr /*mask*/);
+extern void acl_addpriv(acl_entry ***/*a*/, unsigned /*act*/);
/*----- That's all, folks -------------------------------------------------*/