X-Git-Url: https://git.distorted.org.uk/~mdw/fwd/blobdiff_plain/e5398e091780133b1049bd87a75fbc299ed51749..5d9fd22aa85423521ff7c4c004f6e6299d99aad0:/acl.h

diff --git a/acl.h b/acl.h
index 45b8a40..acc92d2 100644
--- a/acl.h
+++ b/acl.h
@@ -1,13 +1,11 @@
 /* -*-c-*-
  *
- * $Id: acl.h,v 1.2 1999/07/26 23:28:16 mdw Exp $
- *
  * Access control list handling
  *
  * (c) 1999 Straylight/Edgeware
  */
 
-/*----- Licensing notice --------------------------------------------------* 
+/*----- Licensing notice --------------------------------------------------*
  *
  * This file is part of the `fw' port forwarder.
  *
@@ -15,28 +13,17 @@
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
  * (at your option) any later version.
- * 
+ *
  * `fw' is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
  * along with `fw'; if not, write to the Free Software Foundation,
  * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  */
 
-/*----- Revision history --------------------------------------------------* 
- *
- * $Log: acl.h,v $
- * Revision 1.2  1999/07/26 23:28:16  mdw
- * Minor modifications for new design.
- *
- * Revision 1.1.1.1  1999/07/01 08:56:23  mdw
- * Initial revision.
- *
- */
-
 #ifndef ACL_H
 #define ACL_H
 
@@ -48,6 +35,7 @@
 
 #include <stdio.h>
 
+#include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 
@@ -57,27 +45,46 @@
 
 typedef struct acl_entry {
   struct acl_entry *next;		/* Next entry in the list */
+  const struct acl_ops *ops;		/* Operations for the ACL entry */
   unsigned act;				/* What to do with matching hosts */
-  struct in_addr addr, mask;		/* Address and netmask */
 } acl_entry;
 
-#define ACL_DENY 0			/* Deny access to matching hosts */
-#define ACL_ALLOW 1			/* Allow access to matching hosts */
+#define ACL_DENY 0			/* Deny access to matching conns */
+#define ACL_ALLOW 1			/* Allow access to matching conns */
 #define ACL_PERM 1u			/* Bit mask for permission bit */
 
+/* --- Host-based access control --- */
+
+typedef struct acl_host {
+  acl_entry a;				/* Base structure */
+  struct in_addr addr, mask;		/* Address and netmask */
+} acl_host;
+
+/* --- ACL methods --- */
+
+typedef struct acl_ops {
+  int (*check)(void */*a*/, struct in_addr /*addr*/, unsigned /*port*/);
+  void (*dump)(void */*a*/, FILE */*fp*/);
+  void (*free)(void */*a*/);
+} acl_ops;
+
 /*----- Functions provided ------------------------------------------------*/
 
 /* --- @acl_check@ --- *
  *
  * Arguments:	@acl_entry *a@ = pointer to ACL to check against
  *		@struct in_addr addr@ = address to check
+ *		@unsigned port@ = port number to check
+ *		@int *act@ = verdict (should initially be @ACT_ALLOW@)
  *
- * Returns:	Nonzero if allowed.
+ * Returns:	Zero if undecided, nonzero if a rule matched.
  *
  * Use:		Checks an address against an ACL.
  */
 
-extern int acl_check(acl_entry */*a*/, struct in_addr /*addr*/);
+extern int acl_check(acl_entry */*a*/,
+		     struct in_addr /*addr*/, unsigned /*port*/,
+		     int */*act*/);
 
 /* --- @acl_dump@ --- *
  *
@@ -102,7 +109,7 @@ extern void acl_dump(acl_entry */*a*/, FILE */*fp*/);
 
 extern void acl_free(acl_entry */*a*/);
 
-/* --- @acl_add@ --- *
+/* --- @acl_addhost@ --- *
  *
  * Arguments:	@acl_entry ***a@ = address of pointer to list tail
  *		@unsigned act@ = what to do with matching addresses
@@ -110,11 +117,25 @@ extern void acl_free(acl_entry */*a*/);
  *
  * Returns:	---
  *
- * Use:		Adds an entry to the end of an access control list.
+ * Use:		Adds a host-authentication entry to the end of an access
+ *		control list.
+ */
+
+extern void acl_addhost(acl_entry ***/*a*/, unsigned /*act*/,
+			struct in_addr /*addr*/, struct in_addr /*mask*/);
+
+/* --- @acl_addpriv@ --- *
+ *
+ * Arguments:	@acl_entry ***a@ = address of pointer to list tail
+ *		@unsigned act@ = what to do with matching addresses
+ *
+ * Returns:	---
+ *
+ * Use:		Adds a privileged-port check to the end of an access control
+ *		list.
  */
 
-extern void acl_add(acl_entry ***/*a*/, unsigned /*act*/,
-		    struct in_addr /*addr*/, struct in_addr /*mask*/);
+extern void acl_addpriv(acl_entry ***/*a*/, unsigned /*act*/);
 
 /*----- That's all, folks -------------------------------------------------*/