X-Git-Url: https://git.distorted.org.uk/~mdw/fwd/blobdiff_plain/08cb0dd89765683f47206905c9116b73949fee63..0ac54f22a766f068db98e1caecbc913cb0cfd191:/acl.h diff --git a/acl.h b/acl.h index 21f398d..373df4b 100644 --- a/acl.h +++ b/acl.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: acl.h,v 1.3 1999/07/27 18:30:53 mdw Exp $ + * $Id: acl.h,v 1.4 2003/11/25 14:08:23 mdw Exp $ * * Access control list handling * @@ -29,6 +29,9 @@ /*----- Revision history --------------------------------------------------* * * $Log: acl.h,v $ + * Revision 1.4 2003/11/25 14:08:23 mdw + * Debianization. Socket target options. Internet binding. + * * Revision 1.3 1999/07/27 18:30:53 mdw * Various minor portability fixes. * @@ -61,27 +64,46 @@ typedef struct acl_entry { struct acl_entry *next; /* Next entry in the list */ + const struct acl_ops *ops; /* Operations for the ACL entry */ unsigned act; /* What to do with matching hosts */ - struct in_addr addr, mask; /* Address and netmask */ } acl_entry; -#define ACL_DENY 0 /* Deny access to matching hosts */ -#define ACL_ALLOW 1 /* Allow access to matching hosts */ +#define ACL_DENY 0 /* Deny access to matching conns */ +#define ACL_ALLOW 1 /* Allow access to matching conns */ #define ACL_PERM 1u /* Bit mask for permission bit */ +/* --- Host-based access control --- */ + +typedef struct acl_host { + acl_entry a; /* Base structure */ + struct in_addr addr, mask; /* Address and netmask */ +} acl_host; + +/* --- ACL methods --- */ + +typedef struct acl_ops { + int (*check)(void */*a*/, struct in_addr /*addr*/, unsigned /*port*/); + void (*dump)(void */*a*/, FILE */*fp*/); + void (*free)(void */*a*/); +} acl_ops; + /*----- Functions provided ------------------------------------------------*/ /* --- @acl_check@ --- * * * Arguments: @acl_entry *a@ = pointer to ACL to check against * @struct in_addr addr@ = address to check + * @unsigned port@ = port number to check + * @int *act@ = verdict (should initially be @ACT_ALLOW@) * - * Returns: Nonzero if allowed. + * Returns: Zero if undecided, nonzero if a rule matched. * * Use: Checks an address against an ACL. */ -extern int acl_check(acl_entry */*a*/, struct in_addr /*addr*/); +extern int acl_check(acl_entry */*a*/, + struct in_addr /*addr*/, unsigned /*port*/, + int */*act*/); /* --- @acl_dump@ --- * * @@ -106,7 +128,7 @@ extern void acl_dump(acl_entry */*a*/, FILE */*fp*/); extern void acl_free(acl_entry */*a*/); -/* --- @acl_add@ --- * +/* --- @acl_addhost@ --- * * * Arguments: @acl_entry ***a@ = address of pointer to list tail * @unsigned act@ = what to do with matching addresses @@ -114,11 +136,25 @@ extern void acl_free(acl_entry */*a*/); * * Returns: --- * - * Use: Adds an entry to the end of an access control list. + * Use: Adds a host-authentication entry to the end of an access + * control list. + */ + +extern void acl_addhost(acl_entry ***/*a*/, unsigned /*act*/, + struct in_addr /*addr*/, struct in_addr /*mask*/); + +/* --- @acl_addpriv@ --- * + * + * Arguments: @acl_entry ***a@ = address of pointer to list tail + * @unsigned act@ = what to do with matching addresses + * + * Returns: --- + * + * Use: Adds a privileged-port check to the end of an access control + * list. */ -extern void acl_add(acl_entry ***/*a*/, unsigned /*act*/, - struct in_addr /*addr*/, struct in_addr /*mask*/); +extern void acl_addpriv(acl_entry ***/*a*/, unsigned /*act*/); /*----- That's all, folks -------------------------------------------------*/