/* -*-c-*-
*
- * $Id: acl.h,v 1.3 1999/07/27 18:30:53 mdw Exp $
+ * $Id: acl.h,v 1.4 2003/11/25 14:08:23 mdw Exp $
*
* Access control list handling
*
/*----- Revision history --------------------------------------------------*
*
* $Log: acl.h,v $
+ * Revision 1.4 2003/11/25 14:08:23 mdw
+ * Debianization. Socket target options. Internet binding.
+ *
* Revision 1.3 1999/07/27 18:30:53 mdw
* Various minor portability fixes.
*
typedef struct acl_entry {
struct acl_entry *next; /* Next entry in the list */
+ const struct acl_ops *ops; /* Operations for the ACL entry */
unsigned act; /* What to do with matching hosts */
- struct in_addr addr, mask; /* Address and netmask */
} acl_entry;
-#define ACL_DENY 0 /* Deny access to matching hosts */
-#define ACL_ALLOW 1 /* Allow access to matching hosts */
+#define ACL_DENY 0 /* Deny access to matching conns */
+#define ACL_ALLOW 1 /* Allow access to matching conns */
#define ACL_PERM 1u /* Bit mask for permission bit */
+/* --- Host-based access control --- */
+
+typedef struct acl_host {
+ acl_entry a; /* Base structure */
+ struct in_addr addr, mask; /* Address and netmask */
+} acl_host;
+
+/* --- ACL methods --- */
+
+typedef struct acl_ops {
+ int (*check)(void */*a*/, struct in_addr /*addr*/, unsigned /*port*/);
+ void (*dump)(void */*a*/, FILE */*fp*/);
+ void (*free)(void */*a*/);
+} acl_ops;
+
/*----- Functions provided ------------------------------------------------*/
/* --- @acl_check@ --- *
*
* Arguments: @acl_entry *a@ = pointer to ACL to check against
* @struct in_addr addr@ = address to check
+ * @unsigned port@ = port number to check
+ * @int *act@ = verdict (should initially be @ACT_ALLOW@)
*
- * Returns: Nonzero if allowed.
+ * Returns: Zero if undecided, nonzero if a rule matched.
*
* Use: Checks an address against an ACL.
*/
-extern int acl_check(acl_entry */*a*/, struct in_addr /*addr*/);
+extern int acl_check(acl_entry */*a*/,
+ struct in_addr /*addr*/, unsigned /*port*/,
+ int */*act*/);
/* --- @acl_dump@ --- *
*
extern void acl_free(acl_entry */*a*/);
-/* --- @acl_add@ --- *
+/* --- @acl_addhost@ --- *
*
* Arguments: @acl_entry ***a@ = address of pointer to list tail
* @unsigned act@ = what to do with matching addresses
*
* Returns: ---
*
- * Use: Adds an entry to the end of an access control list.
+ * Use: Adds a host-authentication entry to the end of an access
+ * control list.
+ */
+
+extern void acl_addhost(acl_entry ***/*a*/, unsigned /*act*/,
+ struct in_addr /*addr*/, struct in_addr /*mask*/);
+
+/* --- @acl_addpriv@ --- *
+ *
+ * Arguments: @acl_entry ***a@ = address of pointer to list tail
+ * @unsigned act@ = what to do with matching addresses
+ *
+ * Returns: ---
+ *
+ * Use: Adds a privileged-port check to the end of an access control
+ * list.
*/
-extern void acl_add(acl_entry ***/*a*/, unsigned /*act*/,
- struct in_addr /*addr*/, struct in_addr /*mask*/);
+extern void acl_addpriv(acl_entry ***/*a*/, unsigned /*act*/);
/*----- That's all, folks -------------------------------------------------*/