return (htonl(addr_1) & mask) == (htonl(addr_2) & mask);
}
-int host_in_acl(int fd, struct list_head *acl)
+/**
+ * Find out whether the peer name of a given fd belongs to an acl.
+ *
+ * \param fd File descriptor.
+ * \param acl The access control list.
+ *
+ * \return One if \a fd belongs to \a acl, zero otherwise.
+ */
+static int acl_lookup(int fd, struct list_head *acl)
{
struct access_info *ai, *tmp;
struct sockaddr_storage ss;
return 0;
}
-void add_acl_entry(struct list_head *acl, struct in_addr addr,
+/**
+ * Add an entry to an access control list.
+ *
+ * \param acl The access control list.
+ * \param addr The address to add.
+ * \param netmask The netmask to use for this entry.
+ */
+static void acl_add_entry(struct list_head *acl, struct in_addr addr,
int netmask)
{
struct access_info *ai = para_malloc(sizeof(struct access_info));
}
-void del_acl_entry(struct list_head *acl, struct in_addr addr,
+/**
+ * Delete an entry from an access control list.
+ *
+ * \param acl The access control list.
+ * \param addr The address to delete.
+ * \param netmask The netmask of the entry to be removed from the list.
+ */
+static void acl_del_entry(struct list_head *acl, struct in_addr addr,
int netmask)
{
struct access_info *ai, *tmp;
}
}
-char *get_acl_contents(struct list_head *acl)
+/**
+ * Compute a string containing the contents of an acl.
+ *
+ * \param acl The access control list.
+ *
+ * \return A string containing the contents of \a acl, or \p NULL
+ * if \a acl is empty.
+ */
+char *acl_get_contents(struct list_head *acl)
{
struct access_info *ai, *tmp_ai;
char *ret = NULL;
return ret;
}
-void init_acl(struct list_head *acl, char * const *acl_info, int num)
+/**
+ * Initialize an access control list.
+ *
+ * \param acl The list to initialize.
+ * \param acl_info An array of strings of the form ip/netmask.
+ * \param num The number of strings in \a acl_info.
+ */
+void acl_init(struct list_head *acl, char * const *acl_info, int num)
{
int i;
netmask = atoi(++p);
if (netmask < 0 || netmask > 32)
goto err;
- add_acl_entry(acl, addr, netmask);
+ acl_add_entry(acl, addr, netmask);
goto success;
err:
PARA_CRIT_LOG("syntax error: %s\n", acl_info[i]);
}
}
+
+/**
+ * Check whether the peer name of a given fd is allowed by an acl.
+ *
+ * \param fd File descriptor.
+ * \param acl The access control list.
+ * \param default_deny Whether \a acl is a whitelist.
+ *
+ * \return Positive if the peer of \a fd is permitted by \a acl, \p -E_ACL_PERM
+ * otherwise.
+ */
+int acl_check_access(int fd, struct list_head *acl, int default_deny)
+{
+ int match = acl_lookup(fd, acl);
+
+ return (!match || default_deny) && (match || !default_deny)?
+ 1 : -E_ACL_PERM;
+}
+
+/**
+ * Permit access for a range of IP addresses.
+ *
+ * \param addr The address to permit.
+ * \param netmask The netmask of the entry to be permitted.
+ * \param acl The access control list.
+ * \param default_deny Whether \a acl is a whitelist.
+ */
+void acl_allow(struct in_addr addr, int netmask,
+ struct list_head *acl, int default_deny)
+{
+ if (default_deny)
+ acl_add_entry(acl, addr, netmask);
+ else
+ acl_del_entry(acl, addr, netmask);
+}
+
+/**
+ * Deny access for a range of IP addresses.
+ *
+ * \param addr The address to permit.
+ * \param netmask The netmask of the entry to be permitted.
+ * \param acl The access control list.
+ * \param default_deny Whether \a acl is a whitelist.
+ */
+void acl_deny(struct in_addr addr, int netmask,
+ struct list_head *acl, int default_deny)
+{
+ acl_allow(addr, netmask, acl, !default_deny);
+}
projects / paraslash.git / blobdiff