41 #ifndef ARPA2_RULES_DB_H
42 #define ARPA2_RULES_DB_H
51 #include <arpa2/digest.h>
52 #include <arpa2/identity.h>
138 #ifdef RULES_TIGHT_LMDBKEY
140 typedef uint8_t rules_dbkey [A2MD_OUTPUT_SIZE]
141 __attribute__((__aligned__(4)));
144 typedef uint8_t rules_dbkey [A2MD_OUTPUT_SIZE]
145 __attribute__((__aligned__(8)));
168 #define RULES_LMDBKEY_SIZE (sizeof (rules_dbkey_lmdbkey))
169 #define RULES_RESTKEY_SIZE (A2MD_OUTPUT_SIZE - RULES_LMDBKEY_SIZE)
171 #define digest2lmdbkey(digest) ((rules_dbkey_lmdbkey *) ((uint8_t *) digest))
172 #define digest2restkey(digest) (((uint8_t *) digest) + RULES_LMDBKEY_SIZE)
192 #ifndef RULES_ENVIRONMENT_PATH
193 #define RULES_ENVIRONMENT_PATH "/var/lib/arpa2/rules/"
196 #ifndef RULES_DATABASE_NAME
197 #define RULES_DATABASE_NAME "RuleDB"
200 #ifndef RULES_DATABASE_SIZE
201 #define RULES_DATABASE_SIZE 1048576000L
204 #ifndef RULES_DATABASE_COUNT_MAX
205 #define RULES_DATABASE_COUNT_MAX 10
227 #define RULES_TRUNK_ANY 0
228 #define RULES_TRUNK_MIN 1
229 #define RULES_TRUNK_MAX 4294967295
230 #define RULES_TRUNK_SIZE 4
348 *rule += strlen (*rule) + 1;
349 return ((*rule) < ((
char *) dbdata->mv_data) + dbdata->mv_size);
359 *rule = (
char *) dbdata->mv_data;
360 return (dbdata->mv_size > 0);
381 unsigned rulelen = strlen (*rule) + 1;
382 char *tail = *rule + rulelen;
383 unsigned taillen = ((
char *) dbdata->mv_data) + dbdata->mv_size - tail;
385 memmove (*rule, tail, taillen);
387 dbdata->mv_size -= rulelen;
388 return (taillen > 0);
457 bool rules_edit_generic (rules_dbkey svckey,
unsigned svckeylen,
459 char *rules,
unsigned ruleslen,
477 static inline bool rules_dbadd (rules_dbkey prekey,
unsigned prekeylen,
479 char *rules,
unsigned ruleslen,
a2sel_t *opt_selector) {
480 return rules_edit_generic (prekey, prekeylen, xskey, rules, ruleslen,
481 do_add, opt_selector, NULL);
498 static inline bool rules_dbdel (rules_dbkey prekey,
unsigned prekeylen,
500 char *rules,
unsigned ruleslen,
a2sel_t *opt_selector) {
501 return rules_edit_generic (prekey, prekeylen, xskey, rules, ruleslen,
502 do_del, opt_selector, NULL);
616 const uint8_t *opt_dbkey,
int dbkeylen,
617 const char *xsdomain);
646 const uint8_t *domkey,
unsigned domkeylen,
647 const uint8_t xstype [16]);
685 const uint8_t *svckey,
unsigned svckeylen,
711 const char *hexkey,
int hexkeylen);
size_t rules_dbkey_lmdbkey
Integer value for the LMDB lookup key (beginning of rules_dbkey)
Definition: rules_db.h:143
#define RULES_TRUNK_ANY
Wildcard value for trunk identities.
Definition: rules_db.h:227
#define RULES_TRUNK_SIZE
Trunk identities are stored in 32 bits.
Definition: rules_db.h:230
bool rules_dbresume(struct rules_db *ruledb)
Resume reading from the ACL databaes.
bool rules_dbsuspend(struct rules_db *ruledb)
Suspend reading from the ACL database.
bool rules_dbrollback(struct rules_db *ruledb)
Rollback recent writes to the ACL database.
bool rules_dbopen(struct rules_db *ruledb, bool rdonly, uint32_t trunk)
Open the ACL database, possibly for bulk updates.
static bool rules_dbopen_rdonly(struct rules_db *ruledb)
Open the ACL database for reading.
Definition: rules_db.h:310
bool rules_dbcommit(struct rules_db *ruledb)
Commit recent changes to the ACL database.
bool rules_dbclose(struct rules_db *ruledb)
Close the ACL database.
static bool rules_dbadd(rules_dbkey prekey, unsigned prekeylen, char *xskey, char *rules, unsigned ruleslen, a2sel_t *opt_selector)
Add rules to the database.
Definition: rules_db.h:477
changerules_what
Whether to add or delete rules in the ruleset.
Definition: rules_db.h:455
static bool rules_dbnext(const MDB_val *dbdata, char **rule)
Next in iteration over a ruleset, started with rules_dbloop().
Definition: rules_db.h:347
bool rules_dbset(struct rules_db *ruledb, MDB_val *in0_dbdata, MDB_val *in1_dbdata)
Set rules in the RuleDB.
static bool rules_dbcutnext(MDB_val *dbdata, char **rule, bool cutrule)
While iterating over a ruleset, possible remove the current rule before focussing on the next rule....
Definition: rules_db.h:377
static bool rules_dbloop(const MDB_val *dbdata, char **rule)
Start iteration over a ruleset, continue with rules_dbnext().
Definition: rules_db.h:358
static bool rules_dbdel(rules_dbkey prekey, unsigned prekeylen, char *xskey, char *rules, unsigned ruleslen, a2sel_t *opt_selector)
Delete rules from the database.
Definition: rules_db.h:498
bool rules_dbget(struct rules_db *ruledb, rules_dbkey digkey, MDB_val *out_dbdata)
Get rules from the RuleDB.
bool rules_dbkey_domain(rules_dbkey domkey, const uint8_t *opt_dbkey, int dbkeylen, const char *xsdomain)
Derive the Domain Key for a given domain name and optional Database Secret.
bool rules_dbkey_parse(rules_dbkey outkey, const char *hexkey, int hexkeylen)
Parse a Database Key from hexidecimal notation.
bool rules_dbkey_selector(rules_dbkey reqkey, const uint8_t *svckey, unsigned svckeylen, const char *xsname, const a2sel_t *selector)
Derive the Request Key for a given Access Name and Selector, using a Domain Key as a start....
bool rules_dbkey_service(rules_dbkey svckey, const uint8_t *domkey, unsigned domkeylen, const uint8_t xstype[16])
Derive the Service Key for a given Access Type, using a Domain Key as a start.
ARPA2 Selector.
Definition: identity.h:165
The RuleDB structure keeps track of LMDB control.
Definition: rules_db.h:248
Trunk identities are stored as 4-byte values in network order.
Definition: rules_db.h:235
