94 lines
3.6 KiB
C
94 lines
3.6 KiB
C
/*
|
|
* uhub - A tiny ADC p2p connection hub
|
|
* Copyright (C) 2007-2009, Jan Vidar Krey
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
#ifndef HAVE_UHUB_ACL_H
|
|
#define HAVE_UHUB_ACL_H
|
|
|
|
struct hub_config;
|
|
struct hub_user;
|
|
struct ip_addr_encap;
|
|
|
|
enum user_credentials
|
|
{
|
|
cred_none, /**<<< "User has no credentials (not yet logged in)" */
|
|
cred_bot, /**<<< "User is a robot" */
|
|
cred_guest, /**<<< "User is a guest (unregistered user)" */
|
|
cred_user, /**<<< "User is identified as a registered user" */
|
|
cred_operator, /**<<< "User is identified as a hub operator" */
|
|
cred_super, /**<<< "User is a super user" (not used) */
|
|
cred_admin, /**<<< "User is identified as a hub administrator/owner" */
|
|
cred_link, /**<<< "User is a link (not used currently)" */
|
|
};
|
|
|
|
const char* get_user_credential_string(enum user_credentials cred);
|
|
|
|
struct hub_user_access_info
|
|
{
|
|
char* username; /* name of user, cid or IP range */
|
|
char* password; /* password */
|
|
enum user_credentials status;
|
|
};
|
|
|
|
struct ip_ban_record
|
|
{
|
|
struct ip_addr_encap lo;
|
|
struct ip_addr_encap hi;
|
|
};
|
|
|
|
struct acl_handle
|
|
{
|
|
struct linked_list* users; /* Known users. See enum user_status */
|
|
struct linked_list* cids; /* Known CIDs */
|
|
struct linked_list* networks; /* IP ranges, used for banning */
|
|
struct linked_list* nat_override; /* IPs inside these ranges can provide their false IP. Use with care! */
|
|
struct linked_list* users_banned; /* Users permanently banned */
|
|
struct linked_list* users_denied; /* bad nickname */
|
|
};
|
|
|
|
|
|
extern int acl_initialize(struct hub_config* config, struct acl_handle* handle);
|
|
extern int acl_shutdown(struct acl_handle* handle);
|
|
|
|
extern struct hub_user_access_info* acl_get_access_info(struct acl_handle* handle, const char* name);
|
|
extern int acl_is_cid_banned(struct acl_handle* handle, const char* cid);
|
|
extern int acl_is_ip_banned(struct acl_handle* handle, const char* ip_address);
|
|
extern int acl_is_ip_nat_override(struct acl_handle* handle, const char* ip_address);
|
|
|
|
extern int acl_is_user_banned(struct acl_handle* handle, const char* name);
|
|
extern int acl_is_user_denied(struct acl_handle* handle, const char* name);
|
|
|
|
extern int acl_user_ban_nick(struct acl_handle* handle, const char* nick);
|
|
extern int acl_user_ban_cid(struct acl_handle* handle, const char* cid);
|
|
extern int acl_user_unban_nick(struct acl_handle* handle, const char* nick);
|
|
extern int acl_user_unban_cid(struct acl_handle* handle, const char* cid);
|
|
|
|
extern int acl_check_ip_range(struct ip_addr_encap* addr, struct ip_ban_record* info);
|
|
|
|
extern const char* acl_password_generate_challenge(struct acl_handle* acl, struct hub_user* user);
|
|
|
|
/**
|
|
* Verify a password.
|
|
*
|
|
* @param password the hashed password (based on the nonce).
|
|
* @return 1 if the password matches, or 0 if the password is incorrect.
|
|
*/
|
|
extern int acl_password_verify(struct acl_handle* acl, struct hub_user* user, const char* password);
|
|
|
|
#endif /* HAVE_UHUB_ACL_H */
|