Data Structures | Enumerations | Functions
acl_list.h File Reference

This file keeps track of the list of clients that are allowed to access the server. More...

#include "util/storage/dnstree.h"
#include "services/view.h"

Data Structures

struct  acl_list
 Access control storage structure. More...
 
struct  acl_addr
 An address span with access control information. More...
 

Enumerations

enum  acl_access {
  acl_deny = 0 , acl_refuse , acl_deny_non_local , acl_refuse_non_local ,
  acl_allow , acl_allow_snoop , acl_allow_setrd , acl_allow_cookie
}
 Enumeration of access control options for an address range. More...
 

Functions

struct acl_listacl_list_create (void)
 Create acl structure. More...
 
void acl_list_delete (struct acl_list *acl)
 Delete acl structure. More...
 
struct acl_addracl_interface_insert (struct acl_list *acl_interface, struct sockaddr_storage *addr, socklen_t addrlen, enum acl_access control)
 Insert interface in the acl_list. More...
 
int acl_list_apply_cfg (struct acl_list *acl, struct config_file *cfg, struct views *v)
 Process access control config. More...
 
int acl_interface_compare (const void *k1, const void *k2)
 compare ACL interface "addr_tree" nodes (+port)
 
void acl_interface_init (struct acl_list *acl_interface)
 Initialise (also clean) the acl_interface struct. More...
 
int acl_interface_apply_cfg (struct acl_list *acl_interface, struct config_file *cfg, struct views *v)
 Process interface control config. More...
 
enum acl_access acl_get_control (struct acl_addr *acl)
 Lookup access control status for acl structure. More...
 
struct acl_addracl_addr_lookup (struct acl_list *acl, struct sockaddr_storage *addr, socklen_t addrlen)
 Lookup address to see its acl structure. More...
 
size_t acl_list_get_mem (struct acl_list *acl)
 Get memory used by acl structure. More...
 
const char * acl_access_to_str (enum acl_access acl)
 
void log_acl_action (const char *action, struct sockaddr_storage *addr, socklen_t addrlen, enum acl_access acl, struct acl_addr *acladdr)
 

Detailed Description

This file keeps track of the list of clients that are allowed to access the server.

Enumeration Type Documentation

◆ acl_access

enum acl_access

Enumeration of access control options for an address range.

Allow or deny access.

Enumerator
acl_deny 

disallow any access whatsoever, drop it

acl_refuse 

disallow access, send a polite 'REFUSED' reply

acl_deny_non_local 

disallow any access to zones that aren't local, drop it

acl_refuse_non_local 

disallow access to zones that aren't local, 'REFUSED' reply

acl_allow 

allow full access for recursion (+RD) queries

acl_allow_snoop 

allow full access for all queries, recursion and cache snooping

acl_allow_setrd 

allow full access for recursion queries and set RD flag regardless of request

acl_allow_cookie 

allow full access for recursion (+RD) queries if valid cookie present or stateful transport

Function Documentation

◆ acl_list_create()

struct acl_list* acl_list_create ( void  )

Create acl structure.

Returns
new structure or NULL on error.

References acl_list_delete(), acl_list::region, and regional_create().

◆ acl_list_delete()

void acl_list_delete ( struct acl_list acl)

Delete acl structure.

Parameters
aclto delete.

References acl_list::region, and regional_destroy().

Referenced by acl_list_create(), and daemon_delete().

◆ acl_interface_insert()

struct acl_addr* acl_interface_insert ( struct acl_list acl_interface,
struct sockaddr_storage *  addr,
socklen_t  addrlen,
enum acl_access  control 
)

Insert interface in the acl_list.

This should happen when the listening interface is setup.

Parameters
acl_interfaceacl_list to insert to.
addrinterface IP.
addrlenlength of the interface IP.
controlacl_access.
Returns
new structure or NULL on error.

References acl_find_or_create(), and acl_addr::control.

◆ acl_list_apply_cfg()

int acl_list_apply_cfg ( struct acl_list acl,
struct config_file cfg,
struct views v 
)

Process access control config.

Parameters
aclwhere to store.
cfgconfig options.
vviews structure
Returns
0 on error.

References acl_list_str_cfg(), config_file::acl_tag_actions, config_file::acl_tag_datas, config_file::acl_tags, config_file::acl_view, config_file::acls, addr_tree_init(), addr_tree_init_parents(), config_file::do_ip6, read_acl_list(), read_acl_tag_actions(), read_acl_tag_datas(), read_acl_tags(), read_acl_view(), acl_list::region, regional_free_all(), and acl_list::tree.

◆ acl_interface_init()

void acl_interface_init ( struct acl_list acl_interface)

Initialise (also clean) the acl_interface struct.

Parameters
acl_interfacewhere to store.

References addr_tree_addrport_init(), acl_list::region, regional_free_all(), and acl_list::tree.

Referenced by daemon_open_shared_ports().

◆ acl_interface_apply_cfg()

int acl_interface_apply_cfg ( struct acl_list acl_interface,
struct config_file cfg,
struct views v 
)

Process interface control config.

Parameters
acl_interfacewhere to store.
cfgconfig options.
vviews structure
Returns
0 on error.

◆ acl_get_control()

enum acl_access acl_get_control ( struct acl_addr acl)

Lookup access control status for acl structure.

Parameters
aclstructure for acl storage.
Returns
: what to do with message from this address.

◆ acl_addr_lookup()

struct acl_addr* acl_addr_lookup ( struct acl_list acl,
struct sockaddr_storage *  addr,
socklen_t  addrlen 
)

Lookup address to see its acl structure.

Parameters
aclstructure for address storage.
addraddress to check
addrlenlength of addr.
Returns
: acl structure from this address.

References addr_tree_lookup(), and acl_list::tree.

◆ acl_list_get_mem()

size_t acl_list_get_mem ( struct acl_list acl)

Get memory used by acl structure.

Parameters
aclstructure for address storage.
Returns
bytes in use.

References acl_list::region, and regional_get_mem().