1 /* 2 * daemon/acl_list.h - client access control storage for the server. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file keeps track of the list of clients that are allowed to 40 * access the server. 41 */ 42 43 #ifndef DAEMON_ACL_LIST_H 44 #define DAEMON_ACL_LIST_H 45 #include "util/storage/dnstree.h" 46 struct config_file; 47 struct regional; 48 49 /** 50 * Enumeration of access control options for an address range. 51 * Allow or deny access. 52 */ 53 enum acl_access { 54 /** disallow any access whatsoever, drop it */ 55 acl_deny = 0, 56 /** disallow access, send a polite 'REFUSED' reply */ 57 acl_refuse, 58 /** allow full access for recursion (+RD) queries */ 59 acl_allow, 60 /** allow full access for all queries, recursion and cache snooping */ 61 acl_allow_snoop 62 }; 63 64 /** 65 * Access control storage structure 66 */ 67 struct acl_list { 68 /** regional for allocation */ 69 struct regional* region; 70 /** 71 * Tree of the addresses that are allowed/blocked. 72 * contents of type acl_addr. 73 */ 74 rbtree_t tree; 75 }; 76 77 /** 78 * 79 * An address span with access control information 80 */ 81 struct acl_addr { 82 /** node in address tree */ 83 struct addr_tree_node node; 84 /** access control on this netblock */ 85 enum acl_access control; 86 }; 87 88 /** 89 * Create acl structure 90 * @return new structure or NULL on error. 91 */ 92 struct acl_list* acl_list_create(void); 93 94 /** 95 * Delete acl structure. 96 * @param acl: to delete. 97 */ 98 void acl_list_delete(struct acl_list* acl); 99 100 /** 101 * Process access control config. 102 * @param acl: where to store. 103 * @param cfg: config options. 104 * @return 0 on error. 105 */ 106 int acl_list_apply_cfg(struct acl_list* acl, struct config_file* cfg); 107 108 /** 109 * Lookup address to see its access control status. 110 * @param acl: structure for address storage. 111 * @param addr: address to check 112 * @param addrlen: length of addr. 113 * @return: what to do with message from this address. 114 */ 115 enum acl_access acl_list_lookup(struct acl_list* acl, 116 struct sockaddr_storage* addr, socklen_t addrlen); 117 118 /** 119 * Get memory used by acl structure. 120 * @param acl: structure for address storage. 121 * @return bytes in use. 122 */ 123 size_t acl_list_get_mem(struct acl_list* acl); 124 125 #endif /* DAEMON_ACL_LIST_H */ 126