X-Git-Url: https://git.distorted.org.uk/~mdw/fwd/blobdiff_plain/e0ce9d387ef6ee881ef99317161eec97ebdcee38..9515272fc0a92f82c056a9b8bca0633822e14d9c:/acl.h diff --git a/acl.h b/acl.h index 21f398d..43de47c 100644 --- a/acl.h +++ b/acl.h @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: acl.h,v 1.3 1999/07/27 18:30:53 mdw Exp $ + * $Id: acl.h,v 1.5 2004/04/08 01:36:25 mdw Exp $ * * Access control list handling * @@ -26,20 +26,6 @@ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: acl.h,v $ - * Revision 1.3 1999/07/27 18:30:53 mdw - * Various minor portability fixes. - * - * Revision 1.2 1999/07/26 23:28:16 mdw - * Minor modifications for new design. - * - * Revision 1.1.1.1 1999/07/01 08:56:23 mdw - * Initial revision. - * - */ - #ifndef ACL_H #define ACL_H @@ -61,27 +47,46 @@ typedef struct acl_entry { struct acl_entry *next; /* Next entry in the list */ + const struct acl_ops *ops; /* Operations for the ACL entry */ unsigned act; /* What to do with matching hosts */ - struct in_addr addr, mask; /* Address and netmask */ } acl_entry; -#define ACL_DENY 0 /* Deny access to matching hosts */ -#define ACL_ALLOW 1 /* Allow access to matching hosts */ +#define ACL_DENY 0 /* Deny access to matching conns */ +#define ACL_ALLOW 1 /* Allow access to matching conns */ #define ACL_PERM 1u /* Bit mask for permission bit */ +/* --- Host-based access control --- */ + +typedef struct acl_host { + acl_entry a; /* Base structure */ + struct in_addr addr, mask; /* Address and netmask */ +} acl_host; + +/* --- ACL methods --- */ + +typedef struct acl_ops { + int (*check)(void */*a*/, struct in_addr /*addr*/, unsigned /*port*/); + void (*dump)(void */*a*/, FILE */*fp*/); + void (*free)(void */*a*/); +} acl_ops; + /*----- Functions provided ------------------------------------------------*/ /* --- @acl_check@ --- * * * Arguments: @acl_entry *a@ = pointer to ACL to check against * @struct in_addr addr@ = address to check + * @unsigned port@ = port number to check + * @int *act@ = verdict (should initially be @ACT_ALLOW@) * - * Returns: Nonzero if allowed. + * Returns: Zero if undecided, nonzero if a rule matched. * * Use: Checks an address against an ACL. */ -extern int acl_check(acl_entry */*a*/, struct in_addr /*addr*/); +extern int acl_check(acl_entry */*a*/, + struct in_addr /*addr*/, unsigned /*port*/, + int */*act*/); /* --- @acl_dump@ --- * * @@ -106,7 +111,7 @@ extern void acl_dump(acl_entry */*a*/, FILE */*fp*/); extern void acl_free(acl_entry */*a*/); -/* --- @acl_add@ --- * +/* --- @acl_addhost@ --- * * * Arguments: @acl_entry ***a@ = address of pointer to list tail * @unsigned act@ = what to do with matching addresses @@ -114,11 +119,25 @@ extern void acl_free(acl_entry */*a*/); * * Returns: --- * - * Use: Adds an entry to the end of an access control list. + * Use: Adds a host-authentication entry to the end of an access + * control list. + */ + +extern void acl_addhost(acl_entry ***/*a*/, unsigned /*act*/, + struct in_addr /*addr*/, struct in_addr /*mask*/); + +/* --- @acl_addpriv@ --- * + * + * Arguments: @acl_entry ***a@ = address of pointer to list tail + * @unsigned act@ = what to do with matching addresses + * + * Returns: --- + * + * Use: Adds a privileged-port check to the end of an access control + * list. */ -extern void acl_add(acl_entry ***/*a*/, unsigned /*act*/, - struct in_addr /*addr*/, struct in_addr /*mask*/); +extern void acl_addpriv(acl_entry ***/*a*/, unsigned /*act*/); /*----- That's all, folks -------------------------------------------------*/