1 files changed, 100 insertions, 0 deletions

diff --git a/wsrep-lib/wsrep-API/v26/wsrep_allowlist_service.h b/wsrep-lib/wsrep-API/v26/wsrep_allowlist_service.h
new file mode 100644
index 00000000..71f4d7e9
--- /dev/null
+++ b/wsrep-lib/wsrep-API/v26/wsrep_allowlist_service.h
@@ -0,0 +1,100 @@
+/*
+ * Copyright (C) 2021 Codership Oy <info@codership.com>
+ *
+ * This file is part of wsrep-API.
+ *
+ * Wsrep-API is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Wsrep-API is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with wsrep-API.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/** @file wsrep_allowlist_service.h
+ *
+ * This file defines interface for connection allowlist checks.
+ * 
+ * The provider which is capable of using the service interface v1 must
+ * export the following functions.
+ *
+ * int wsrep_init_allowlist_service_v1(wsrep_allowlist_service_v1_t*)
+ * void wsrep_deinit_allowlist_service_v1()
+ *
+ * which can be probed by the application.
+ *
+ * The application must initialize the service via above init function
+ * before the provider is initialized via wsrep->init(). The deinit
+ * function must be called after the provider side resources have been
+ * released via wsrep->free().
+ */
+
+#ifndef WSREP_ALLOWLIST_SERVICE_H
+#define WSREP_ALLOWLIST_SERVICE_H
+
+#include "wsrep_api.h"
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif /* __cplusplus */
+
+/**
+ * Type tag for application defined allowlist processing context.
+ *
+ * Application may pass pointer to the context when initializing
+ * the allowlist service. This pointer is passed a first parameter for
+ * each service call.
+ */
+typedef struct wsrep_allowlist_context wsrep_allowlist_context_t;
+
+typedef enum
+{
+    WSREP_ALLOWLIST_KEY_IP = 0, // IP allowlist check
+    WSREP_ALLOWLIST_KEY_SSL     // SSL certificate allowlist check
+} wsrep_allowlist_key_t;
+
+/*
+ * Allowlist connection check callback. 
+ *
+ * @retval WSREP_OK          connection allowed
+ * @retval WSREP_NOT_ALLOWED connection not allowed
+ */
+typedef wsrep_status_t (*wsrep_allowlist_cb_t)(
+    wsrep_allowlist_context_t*, 
+    wsrep_allowlist_key_t key, 
+    const wsrep_buf_t* value);
+
+/**
+ * Allowlist service struct.
+ *
+ * A pointer to this struct must be passed to the call to
+ * wsrep_init_allowlist_service_v1.
+ *
+ * The application must provide implementation to all functions defined
+ * in this struct.
+ */
+typedef struct wsrep_allowlist_service_v1_st
+{
+    /* Allowlist check callback */
+    wsrep_allowlist_cb_t allowlist_cb;
+    /* Pointer to application defined allowlist context. */
+    wsrep_allowlist_context_t* context;
+} wsrep_allowlist_service_v1_t;
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+
+#define WSREP_ALLOWLIST_SERVICE_INIT_FUNC_V1 "wsrep_init_allowlist_service_v1"
+#define WSREP_ALLOWLIST_SERVICE_DEINIT_FUNC_V1 "wsrep_deinit_allowlist_service_v1"
+
+#endif /* WSREP_ALLOWLIST_SERVICE_H */
+