1 | /***************************************
2 | $Revision: 1.6 $
3 |
4 | access authorisation (aa). aa.c - functions to check access rights
5 | for less frequent clients (ripupdate, networkupdate, mirror).
6 |
7 | Status: NOT REVUED, NOT TESTED,
8 |
9 | Design and implementation by: Marek Bukowy
10 |
11 | ******************/ /******************
12 | Copyright (c) 1999,2000,2001,2002 RIPE NCC
13 |
14 | All Rights Reserved
15 |
16 | Permission to use, copy, modify, and distribute this software and its
17 | documentation for any purpose and without fee is hereby granted,
18 | provided that the above copyright notice appear in all copies and that
19 | both that copyright notice and this permission notice appear in
20 | supporting documentation, and that the name of the author not be
21 | used in advertising or publicity pertaining to distribution of the
22 | software without specific, written prior permission.
23 |
24 | THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
25 | ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
26 | AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
27 | DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
28 | AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
29 | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
30 | ***************************************/
31 |
32 | #include "rip.h"
33 |
34 | /*
35 | > +---------------+---------------------+------+-----+---------+-------+
36 | > | Field | Type | Null | Key | Default | Extra |
37 | > +---------------+---------------------+------+-----+---------+-------+
38 | > | prefix | int(10) unsigned | | PRI | 0 | |
39 | > | prefix_length | tinyint(3) unsigned | | PRI | 0 | |
40 | > | source | varchar(32) | | PRI | | |
41 | > | ripupdate | tinyint(3) | | | 0 | |
42 | > | netupdate | tinyint(3) | | | 0 | |
43 | > | mirror | tinyint(3) | | | 0 | |
44 | > | comment | longblob | YES | | NULL | |
45 | > +---------------+---------------------+------+-----+---------+-------+
46 | */
47 |
48 | typedef struct {
49 | int ripupdate;
50 | int netupdate;
51 | int mirror;
52 | } aa_rights;
53 |
54 | void aa_parserow(SQ_result_set_t *result, aa_rights *rights)
55 | {
56 | SQ_row_t *row;
57 |
58 | /* zero the rights - so if we don't get any results, we have a valid
59 | answer "no rights" */
60 |
61 | rights->ripupdate = 0;
62 | rights->netupdate = 0;
63 | rights->mirror = 0;
64 |
65 | if ( (row = SQ_row_next(result)) != NULL ) {
66 | /* read in the order of query */
67 | if( sscanf(SQ_get_column_string_nocopy(result, row, 0),
68 | "%u", &rights->ripupdate ) < 1 ) { die; }
69 | if( sscanf(SQ_get_column_string_nocopy(result, row, 1),
70 | "%u", &rights->netupdate ) < 1 ) { die; }
71 | if( sscanf(SQ_get_column_string_nocopy(result, row, 2),
72 | "%u", &rights->mirror ) < 1 ) { die; }
73 | }
74 | }
75 |
76 |
77 |
78 | void aa_compose_query(ip_addr_t *address, char *source, char *buf, unsigned len)
79 | {
80 | snprintf(buf,len, "SELECT ripupdate, netupdate, mirror FROM aaa WHERE %u "
81 | " BETWEEN prefix AND (prefix+(1<<(32-prefix_length)))"
82 | " AND source = '%s' "
83 | " ORDER BY prefix_length DESC LIMIT 1" /* take the most specific entry */,
84 | IP_addr_b2v4_addr(address), source );
85 | }
86 |
87 |
88 |
89 | /* finds and fills in the struct */
90 | void
91 | aa_find(ip_addr_t *address, char *source, aa_rights *rights)
92 | {
93 | SQ_result_set_t *result;
94 | SQ_connection_t *con=NULL;
95 | char buf[1024];
96 |
97 | /* get the query */
98 | aa_compose_query(address,source, buf, 1024);
99 |
100 | /* open the database */
101 |
102 | if( (con = AC_dbopen_admin()) == NULL ) {
103 | fprintf(stderr, "ERROR %d: %s\n", SQ_errno(con), SQ_error(con));
104 | die;
105 | }
106 |
107 | /* select the most specific entry */
108 | if( SQ_execute_query(con, buf, &result) == -1 ) {
109 | fprintf(stderr, "ERROR %d: %s\n", SQ_errno(con), SQ_error(con));
110 | die;
111 | }
112 |
113 | /* read in the rights from the resulting row */
114 | aa_parserow(result, rights);
115 |
116 | /* release everything */
117 | SQ_free_result(result);
118 |
119 | /* Close connection */
120 | SQ_close_connection(con);
121 | }
122 |
123 |
124 | int AA_can_networkupdate( ip_addr_t *address, char *source )
125 | {
126 | aa_rights myrights;
127 | aa_find(address, source, &myrights);
128 | return (myrights.netupdate != 0);
129 | }
130 |
131 | int AA_can_ripupdate( ip_addr_t *address, char *source )
132 | {
133 | aa_rights myrights;
134 | aa_find(address, source, &myrights);
135 | return (myrights.ripupdate != 0);
136 | }
137 |
138 | int AA_can_mirror( ip_addr_t *address, char *source )
139 | {
140 | aa_rights myrights;
141 | aa_find(address, source, &myrights);
142 | return (myrights.mirror != 0);
143 | }