aclnew, aclset, aclsetc, acldelete, acldeletec, aclcheck, aclload, acldestroy - routines to implement network access control lists.
#include <acl.h>
struct acl *a
aclnew(void)
int
aclset(struct acl *a, struct in_addr *adr, struct in_addr *mask)
int
aclsetc(struct acl *a, const char *cidr)
int
acldelete(struct acl *a, struct in_addr *adr, struct in_addr *mask)
int
acldeletec(struct acl *a, const char *cidr)
int
aclcheck(struct acl *a, struct in_addr *adr)
int
aclload(struct acl *a, const char *path)
int
acldestroy(struct acl *a)
These functions implement access control lists. These list are needed to allow or permit access to network bound functions to certain hosts or networks.
aclnew
Creates a new empty acl and returns a pointer to it. This must be
called before any subsequent call to the acl routines.
aclset
Adds the network address coded in adr with netmask mask to the acl a.
aclsetc
Adds the network address coded in cidr to the acl a. The argument cidr
specifies the network address in CIDR notation (see below).
acldelete
Deletes the entry given by adr and mask from the access list.
acldeletec
Does the same as acldelete, but with the address being in CIDR notation.
aclcheck
Checks if address adr with mask mask is covered by the list or not.
aclload
This function loads an entire acl a from a file specified by path. The
format of the file is:
address[/len] [<whitespace> netmask]
with address being the address. If len is added, the address is in CIDR
notation and the netmask is not used (if it is given a warning will be
issued). If a neither netmask is given nor a length specified, a single
host is assumed. Entries are positive entries i.e. if the entry exists,
a host is permitted to access.
Lines that start with ``#'' or a single space or which are empty are treated as comment lines.
acldestroy
Destroys the given acl a and frees all memory.
CIDR (Classless Inter Domain Routing) Addresses are of the form address/length. This means that the length leftmost bits of the address form the network part of the final address and the rest the host part. As an example: 193.141.89.0/24 is equivalent to 193.141.89.0 netmask 255.255.255.0.
Note: if length is omitted, then it is taken as 32 which means that a single host is specified.
Note: If you wish to exclude e.g. one host from an entire class C net, then you have to split the net into several smaller pieces that add up to the class C net without that host. In a future revision some sort of exclude statement will possibly appear.
All functions return -1 on failure and 0 on success, except aclnew.
The acl*() functions are part of MCNTP, the diploma thesis Transport of NetNews via IP-multicast of the author.
Heiko W.Rupp (hwr@pilhuhn.de)
None known yet. If you find any, then please report them to <mcntpbugs@pilhuhn.de>
$Id: acl.3.html,v 1.5 2001/11/22 10:24:37 pilhuhn Exp $