Collaboration diagram for Communication Access Operations:
Enumerations | |
| enum | access_comm_level { access_comm_whitelist = 200 , access_comm_greylist = 300 , access_comm_blacklist = 400 , access_comm_honeypot = 500 , access_comm_undefined = 600 } |
| Communication Access Right is a level. | |
Functions | |
| bool | access_comm (const a2id_t *remote, a2id_t *local, const uint8_t *opt_svckey, unsigned svckeylen, const char *opt_acl, unsigned acllen, access_comm_level *out_level, a2act_t *optout_actor) |
| Process Communication Access Rules. More... | |
Detailed Description
Communication Access can define Rules in two ways, namely as a Localised Ruleset in connection to a Resource or in an LDAP accessRule, or as Ruleset driven from a database. The two functions to implement these functions are similar to the generic rules for Rules Processing, but they are more specific:
- The Access Type is fixated to the one for Communication
- The Access Name is derived from the Local Identity
- The Local Identity can be changed by the Rules Variables
- The Access Rigths are shown as a level, not as flags
Function Documentation
◆ access_comm()
| bool access_comm | ( | const a2id_t * | remote, |
| a2id_t * | local, | ||
| const uint8_t * | opt_svckey, | ||
| unsigned | svckeylen, | ||
| const char * | opt_acl, | ||
| unsigned | acllen, | ||
| access_comm_level * | out_level, | ||
| a2act_t * | optout_actor | ||
| ) |
Process Communication Access Rules.
- Parameters
-
[in] remote is the ARPA2 Identity for the remote contact trying to initiate incoming communication. This is the Identity over which Iteration is done (in case of database lookups) or which is matched against ~selector (in explicit Rules). [in,out] local is the ARPA2 Identity for the local contact being approached. The Access Domain is assumed to match the domain of this Identity. The function may alter any part of this identity if it is needed to get onto the white list. [in] opt_svckey may be NULL or otherwise provides the Service Key. NULL requests the default Service Key, to be derived from the domain in local and without a Database Secret. [in] svckeylen specifies the lenght of opt_svckey but is only meaningful if that parameter is not NULL. [in] opt_acl may be NULL to perform Iteration on the remote to search the database for an ACL Ruleset or, if this parameter is not NULL, it will be used instead. [in] acllen specifies the length of opt_acl but is only meaningful if that parameter is not NULL. [out] out_list indicates the list into which this communication is to be sorted. It is even safe to interpret this output on failure. The results may be minimal in such cases. [out] optout_actor may be NULL to avoid Actors, but will otherwise be filled with a Actor Identity if a valid =g<scene>+<actor>attribute is related to the white list entry. The test!a2act_isempty()can be used to test that an Actor was supplied. This may for example be a group member, or a local name to be used while forwarding communication. Generally, the sender address changes from remote to optout_actor while relaying communication to a next-stage delivery address that local expands to.
- Returns
- This function returns false with a com_err in errno in case of technical problems. If out_list should be further processed, the function returns true.
