acl.h 1.59 KB
Newer Older
1
/*  Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
2 3 4 5 6 7 8 9 10 11 12 13 14 15

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
16
/*!
17
 * \file
18
 *
19
 * Access control list.
20
 *
21
 * \addtogroup server
22 23 24
 * @{
 */

25
#pragma once
26

Daniel Salzman's avatar
Daniel Salzman committed
27
#include <stdbool.h>
28 29
#include <sys/socket.h>

Daniel Salzman's avatar
Daniel Salzman committed
30
#include "libknot/tsig.h"
31
#include "knot/conf/conf.h"
32

33 34
/*! \brief ACL actions. */
typedef enum {
35 36 37
	ACL_ACTION_NONE     = 0,
	ACL_ACTION_NOTIFY   = 1,
	ACL_ACTION_TRANSFER = 2,
38
	ACL_ACTION_UPDATE   = 3
39
} acl_action_t;
40

41
/*!
42 43
 * \brief Checks if the address and/or tsig key matches given ACL list.
 *
44
 * If a proper ACL rule is found and tsig.name is not empty, tsig.secret is filled.
45
 *
46 47 48 49 50
 * \param conf    Configuration.
 * \param acl     Pointer to ACL config multivalued identifier.
 * \param action  ACL action.
 * \param addr    IP address.
 * \param tsig    TSIG parameters.
51
 *
52
 * \retval True if authenticated.
53
 */
54
bool acl_allowed(conf_t *conf, conf_val_t *acl, acl_action_t action,
55
                 const struct sockaddr_storage *addr, knot_tsig_key_t *tsig);
56

57
/*! @} */