acl_list.h revision 249140
1233294Sstas/* 2102644Snectar * daemon/acl_list.h - client access control storage for the server. 357416Smarkm * 4142403Snectar * Copyright (c) 2007, NLnet Labs. All rights reserved. 5233294Sstas * 6233294Sstas * This software is open source. 757416Smarkm * 857416Smarkm * Redistribution and use in source and binary forms, with or without 957416Smarkm * modification, are permitted provided that the following conditions 1057416Smarkm * are met: 1157416Smarkm * 1257416Smarkm * Redistributions of source code must retain the above copyright notice, 1357416Smarkm * this list of conditions and the following disclaimer. 1457416Smarkm * 1557416Smarkm * Redistributions in binary form must reproduce the above copyright notice, 1690926Snectar * this list of conditions and the following disclaimer in the documentation 1790926Snectar * and/or other materials provided with the distribution. 18233294Sstas * 1990926Snectar * Neither the name of the NLNET LABS nor the names of its contributors may 20233294Sstas * be used to endorse or promote products derived from this software without 2190926Snectar * specific prior written permission. 22233294Sstas * 2357416Smarkm * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 2457416Smarkm * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 2557416Smarkm * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26233294Sstas * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 2757416Smarkm * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28233294Sstas * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29102644Snectar * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30102644Snectar * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31102644Snectar * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32127808Snectar * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 3390926Snectar * POSSIBILITY OF SUCH DAMAGE. 34127808Snectar */ 3557416Smarkm 3657416Smarkm/** 3757416Smarkm * \file 3857416Smarkm * 3957416Smarkm * This file keeps track of the list of clients that are allowed to 4057416Smarkm * access the server. 41178825Sdfr */ 4257416Smarkm 43142403Snectar#ifndef DAEMON_ACL_LIST_H 44142403Snectar#define DAEMON_ACL_LIST_H 45142403Snectar#include "util/storage/dnstree.h" 46142403Snectarstruct config_file; 47142403Snectarstruct regional; 48142403Snectar 49233294Sstas/** 50142403Snectar * Enumeration of access control options for an address range. 51142403Snectar * Allow or deny access. 52142403Snectar */ 53142403Snectarenum acl_access { 54142403Snectar /** disallow any access whatsoever, drop it */ 55142403Snectar acl_deny = 0, 56142403Snectar /** disallow access, send a polite 'REFUSED' reply */ 57142403Snectar acl_refuse, 58142403Snectar /** allow full access for recursion (+RD) queries */ 59142403Snectar acl_allow, 60142403Snectar /** allow full access for all queries, recursion and cache snooping */ 61142403Snectar acl_allow_snoop 62142403Snectar}; 63142403Snectar 64233294Sstas/** 65142403Snectar * Access control storage structure 66142403Snectar */ 67142403Snectarstruct acl_list { 68142403Snectar /** regional for allocation */ 69178825Sdfr struct regional* region; 70142403Snectar /** 71142403Snectar * Tree of the addresses that are allowed/blocked. 72142403Snectar * contents of type acl_addr. 73142403Snectar */ 74142403Snectar rbtree_t tree; 75142403Snectar}; 76142403Snectar 77142403Snectar/** 78233294Sstas * 79233294Sstas * An address span with access control information 80233294Sstas */ 81233294Sstasstruct acl_addr { 82233294Sstas /** node in address tree */ 83233294Sstas struct addr_tree_node node; 84178825Sdfr /** access control on this netblock */ 85178825Sdfr enum acl_access control; 86178825Sdfr}; 87178825Sdfr 88178825Sdfr/** 89178825Sdfr * Create acl structure 90178825Sdfr * @return new structure or NULL on error. 91233294Sstas */ 92142403Snectarstruct acl_list* acl_list_create(void); 93142403Snectar 94178825Sdfr/** 95142403Snectar * Delete acl structure. 96142403Snectar * @param acl: to delete. 97233294Sstas */ 98178825Sdfrvoid acl_list_delete(struct acl_list* acl); 99243933Seadler 100142403Snectar/** 101142403Snectar * Process access control config. 102142403Snectar * @param acl: where to store. 103233294Sstas * @param cfg: config options. 104233294Sstas * @return 0 on error. 105142403Snectar */ 106233294Sstasint acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg); 107233294Sstas 108233294Sstas/** 109142403Snectar * Lookup address to see its access control status. 110142403Snectar * @param acl: structure for address storage. 111178825Sdfr * @param addr: address to check 112178825Sdfr * @param addrlen: length of addr. 113178825Sdfr * @return: what to do with message from this address. 114142403Snectar */ 115178825Sdfrenum acl_access acl_list_lookup(struct acl_list* acl, 116178825Sdfr struct sockaddr_storage* addr, socklen_t addrlen); 117178825Sdfr 118142403Snectar/** 119142403Snectar * Get memory used by acl structure. 120142403Snectar * @param acl: structure for address storage. 121142403Snectar * @return bytes in use. 122142403Snectar */ 123127808Snectarsize_t acl_list_get_mem(struct acl_list* acl); 12457416Smarkm 12572445Sassar#endif /* DAEMON_ACL_LIST_H */ 126127808Snectar