3 * Access control list handling
5 * (c) 1999 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of the `fw' port forwarder.
12 * `fw' is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * `fw' is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with `fw'; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /*----- Header files ------------------------------------------------------*/
36 #include <sys/types.h>
39 #include <sys/socket.h>
40 #include <netinet/in.h>
41 #include <arpa/inet.h>
48 /*----- Main code ---------------------------------------------------------*/
50 /* --- @acl_addhost@ --- *
52 * Arguments: @acl_entry ***a@ = address of pointer to list tail
53 * @unsigned act@ = what to do with matching addresses
54 * @struct in_addr addr, mask@ = address and mask to match
58 * Use: Adds a host-authentication entry to the end of an access
62 static int acl_checkhost(void *aa, struct in_addr addr, unsigned port)
65 return ((addr.s_addr & a->mask.s_addr) == a->addr.s_addr);
68 static void acl_dumphost(void *aa, FILE *fp)
73 fputs(inet_ntoa(a->addr), fp);
75 fputs(inet_ntoa(a->mask), fp);
78 static void acl_freehost(void *aa)
84 static const acl_ops acl_hostops = {
85 acl_checkhost, acl_dumphost, acl_freehost
88 void acl_addhost(acl_entry ***a, unsigned act,
89 struct in_addr addr, struct in_addr mask)
91 acl_host *aa = CREATE(acl_host);
93 aa->a.ops = &acl_hostops;
95 aa->addr.s_addr = addr.s_addr & mask.s_addr;
101 /* --- @acl_addpriv@ --- *
103 * Arguments: @acl_entry ***a@ = address of pointer to list tail
104 * @unsigned act@ = what to do with matching addresses
108 * Use: Adds a privileged-port check to the end of an access control
112 static int acl_checkpriv(void *aa, struct in_addr addr, unsigned port)
114 return (port < 1024);
117 static void acl_dumppriv(void *aa, FILE *fp)
119 fputs("from privileged ports", fp);
122 static void acl_freepriv(void *aa)
128 static const acl_ops acl_privops = {
129 acl_checkpriv, acl_dumppriv, acl_freepriv
132 void acl_addpriv(acl_entry ***a, unsigned act)
134 acl_entry *aa = CREATE(acl_entry);
136 aa->ops = &acl_privops;
142 /* --- @acl_check@ --- *
144 * Arguments: @acl_entry *a@ = pointer to ACL to check against
145 * @struct in_addr addr@ = address to check
146 * @unsigned port@ = port number to check
147 * @int *act@ = verdict (should initially be @ACT_ALLOW@)
149 * Returns: Zero if undecided, nonzero if a rule matched.
151 * Use: Checks an address against an ACL.
154 int acl_check(acl_entry *a, struct in_addr addr, unsigned port, int *act)
156 for (; a; a = a->next) {
157 if (a->ops->check(a, addr, port)) {
158 *act = a->act & ACL_PERM;
161 *act = (a->act & ACL_PERM) ^ 1;
166 /* --- @acl_dump@ --- *
168 * Arguments: @acl_entry *a@ = pointer to ACL to dump
169 * @FILE *fp@ = pointer to stream to dump on
173 * Use: Dumps an access control list to an output stream.
176 void acl_dump(acl_entry *a, FILE *fp)
178 for (; a; a = a->next) {
180 (a->act & ACL_PERM) == ACL_ALLOW ? "allow" : "deny");
186 /* --- @acl_free@ --- *
188 * Arguments: @acl_entry *a@ = pointer to a list of ACLs
192 * Use: Frees all of the memory used by an ACL.
195 void acl_free(acl_entry *a)
204 /*----- That's all, folks -------------------------------------------------*/