51
50
return 0; /* not found */
54
/* this is only used for simple stuff: MONITOR and BASE */
55
int access_check(const struct sockaddr_in *addr, int level)
53
/* return ACCEPT/REJECT based on source address */
54
int access_check(const struct sockaddr_in *addr)
57
56
struct access_t *tmp;
60
/* check for insanity */
61
if (level > LEVEL_MONITOR) {
62
upslogx(LOG_ERR, "checkaccess called with level=%d", level);
63
return 0; /* failed */
68
61
while (tmp != NULL) {
69
62
ret = acl_check(tmp->aclname, addr);
71
upsdebugx(3, "acl_check: %s: match %d, level %d (%d)",
72
tmp->aclname, ret, tmp->level, level);
74
/* if ip matches and access line provides the right level.. */
76
if ((ret == 1) && (tmp->level >= level)) {
78
if (tmp->action == ACTION_GRANT)
79
return 1; /* allowed */
81
upsdebugx(1, "access denied");
83
} /* if (ip matches) && (level is provided) */
85
/* otherwise ip didn't match or the level was inadequate */
64
upsdebugx(3, "acl_check: %s: match %d", tmp->aclname, ret);
67
upsdebugx(1, "ACL [%s] matches, action=%d",
68
tmp->aclname, tmp->action);
94
79
/* add to the master list of ACL names */
118
104
tmp = last = acl_head;
120
while (tmp != NULL) { /* find end */
106
while (tmp != NULL) {
125
tmp = xmalloc(sizeof (struct acl_t));
111
tmp = xmalloc(sizeof(struct acl_t));
126
112
tmp->name = xstrdup(aclname);
127
113
tmp->addr = ntohl(inet_addr(addr));
128
114
tmp->next = NULL;
130
if (strstr(mask, ".") == NULL) { /* must be a /nn CIDR type block */
116
/* must be a /nn CIDR type block */
117
if (strstr(mask, ".") == NULL) {
131
118
if (atoi(mask) != 32)
132
119
tmp->mask = ((unsigned int) ((1 << atoi(mask)) - 1) <<
135
122
tmp->mask = 0xffffffff; /* avoid overflow from 2^32 */
138
tmp->mask = ntohl(inet_addr (mask));
125
tmp->mask = ntohl(inet_addr(mask));
140
127
if (last == NULL) /* first */
143
130
last->next = tmp;
146
/* add to the access linked list */
147
void access_add(const char *action, const char *level, const char *aclname)
149
struct access_t *tmp, *last;
151
/* more sanity checking (null password is OK) */
152
if ((!action) || (!level) || (!aclname))
155
tmp = last = access_head;
157
while (tmp != NULL) { /* find end */
162
tmp = xmalloc(sizeof(struct access_t));
166
if (!strcasecmp(action, "grant"))
167
tmp->action = ACTION_GRANT;
168
if (!strcasecmp(action, "deny"))
169
tmp->action = ACTION_DENY;
171
/* we don't do "drop" any more - convert to deny */
172
if (!strcasecmp(action, "drop")) {
173
upslogx(LOG_WARNING, "ACCESS action of 'drop' deprecated; change to 'deny'");
174
tmp->action = ACTION_DENY;
177
if (!strcasecmp(level, "base"))
178
tmp->level = LEVEL_BASE;
179
if (!strcasecmp(level, "monitor"))
180
tmp->level = LEVEL_MONITOR;
182
/* deprecated in 1.2, removed in 1.3 */
183
if ((!strcasecmp(level, "login")) ||
184
(!strcasecmp(level, "master"))) {
186
upslogx(LOG_WARNING, "LOGIN and MASTER no longer supported "
187
" in upsd.conf - switch to upsd.users");
189
/* give them something somewhat useful */
190
tmp->level = LEVEL_MONITOR;
193
/* deprecated in 1.0, removed in 1.1 */
194
if (!strcasecmp(level, "manager")) {
195
upslogx(LOG_WARNING, "ACCESS type manager no longer supported -"
196
" switch to upsd.users");
198
/* but don't leave them totally out in the cold */
199
tmp->level = LEVEL_MONITOR;
202
if (!strcasecmp(level, "all"))
203
tmp->level = LEVEL_ALL;
205
tmp->aclname = xstrdup(aclname);
208
if (last == NULL) /* first */
214
133
void acl_free(void)
216
135
struct acl_t *ptr, *next;
249
168
access_head = NULL;
171
static void access_append(int action, const char *aclname)
173
struct access_t *tmp, *last;
175
tmp = last = access_head;
177
while (tmp != NULL) {
182
tmp = xmalloc(sizeof(struct access_t));
184
tmp->action = action;
185
tmp->aclname = xstrdup(aclname);
195
void access_add(int type, int numargs, const char **arg)
199
for (i = 0; i < numargs; i++)
200
access_append(type, arg[i]);