]>
Commit | Line | Data |
---|---|---|
48071869 | 1 | /* |
ef57eb7b | 2 | * Copyright (C) 1996-2016 The Squid Software Foundation and contributors |
48071869 | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
48071869 | 7 | */ |
8 | ||
bbc27441 AJ |
9 | /* DEBUG: section 28 Access Control */ |
10 | ||
582c2af2 | 11 | #include "squid.h" |
6fc1da74 | 12 | |
ee0927b6 | 13 | #if USE_SQUID_EUI |
6fc1da74 | 14 | |
c0941a6a AR |
15 | #include "acl/Arp.h" |
16 | #include "acl/FilledChecklist.h" | |
582c2af2 | 17 | #include "Debug.h" |
ee0927b6 | 18 | #include "eui/Eui48.h" |
9b859d6f | 19 | #include "globals.h" |
96d89ea0 | 20 | #include "ip/Address.h" |
48071869 | 21 | |
41b91720 | 22 | #include <algorithm> |
48071869 | 23 | |
48071869 | 24 | ACL * |
25 | ACLARP::clone() const | |
26 | { | |
27 | return new ACLARP(*this); | |
28 | } | |
29 | ||
41b91720 | 30 | ACLARP::ACLARP (char const *theClass) : class_ (theClass) |
48071869 | 31 | {} |
32 | ||
41b91720 | 33 | ACLARP::ACLARP (ACLARP const & old) : class_ (old.class_), aclArpData(old.aclArpData) |
48071869 | 34 | { |
48071869 | 35 | } |
36 | ||
48071869 | 37 | char const * |
38 | ACLARP::typeString() const | |
39 | { | |
40 | return class_; | |
41 | } | |
42 | ||
43 | bool | |
4b0f5de8 | 44 | ACLARP::empty () const |
48071869 | 45 | { |
41b91720 | 46 | return aclArpData.empty(); |
48071869 | 47 | } |
48 | ||
49 | /* ==== BEGIN ARP ACL SUPPORT ============================================= */ | |
50 | ||
51 | /* | |
52 | * From: dale@server.ctam.bitmcnit.bryansk.su (Dale) | |
53 | * To: wessels@nlanr.net | |
54 | * Subject: Another Squid patch... :) | |
55 | * Date: Thu, 04 Dec 1997 19:55:01 +0300 | |
56 | * ============================================================================ | |
26ac0430 | 57 | * |
48071869 | 58 | * Working on setting up a proper firewall for a network containing some |
59 | * Win'95 computers at our Univ, I've discovered that some smart students | |
60 | * avoid the restrictions easily just changing their IP addresses in Win'95 | |
61 | * Contol Panel... It has been getting boring, so I took Squid-1.1.18 | |
62 | * sources and added a new acl type for hard-wired access control: | |
26ac0430 | 63 | * |
48071869 | 64 | * acl <name> arp <Ethernet address> ... |
26ac0430 | 65 | * |
48071869 | 66 | * For example, |
26ac0430 | 67 | * |
48071869 | 68 | * acl students arp 00:00:21:55:ed:22 00:00:21:ff:55:38 |
69 | * | |
70 | * NOTE: Linux code by David Luyer <luyer@ucs.uwa.edu.au>. | |
71 | * Original (BSD-specific) code no longer works. | |
72 | * Solaris code by R. Gancarz <radekg@solaris.elektrownia-lagisza.com.pl> | |
73 | */ | |
74 | ||
a98c2da5 | 75 | Eui::Eui48 * |
48071869 | 76 | aclParseArpData(const char *t) |
77 | { | |
ee0927b6 | 78 | char buf[256]; |
a98c2da5 | 79 | Eui::Eui48 *q = new Eui::Eui48; |
bf8fe701 | 80 | debugs(28, 5, "aclParseArpData: " << t); |
48071869 | 81 | |
ee0927b6 | 82 | if (sscanf(t, "%[0-9a-fA-F:]", buf) != 1) { |
fa84c01d | 83 | debugs(28, DBG_CRITICAL, "aclParseArpData: Bad ethernet address: '" << t << "'"); |
2dd66a22 | 84 | delete q; |
48071869 | 85 | return NULL; |
86 | } | |
87 | ||
ee0927b6 | 88 | if (!q->decode(buf)) { |
fa84c01d FC |
89 | debugs(28, DBG_CRITICAL, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line); |
90 | debugs(28, DBG_CRITICAL, "aclParseArpData: Ignoring invalid ARP acl entry: can't parse '" << buf << "'"); | |
2dd66a22 | 91 | delete q; |
48071869 | 92 | return NULL; |
93 | } | |
94 | ||
95 | return q; | |
96 | } | |
97 | ||
48071869 | 98 | /*******************/ |
99 | /* aclParseArpList */ | |
100 | /*******************/ | |
101 | void | |
102 | ACLARP::parse() | |
48071869 | 103 | { |
16c5ad96 | 104 | while (const char *t = ConfigParser::strtokFile()) { |
2dd66a22 AJ |
105 | if (Eui::Eui48 *q = aclParseArpData(t)) { |
106 | aclArpData.insert(*q); | |
107 | delete q; | |
108 | } | |
48071869 | 109 | } |
110 | } | |
111 | ||
112 | int | |
c0941a6a | 113 | ACLARP::match(ACLChecklist *cl) |
48071869 | 114 | { |
af6a12ee | 115 | ACLFilledChecklist *checklist = Filled(cl); |
c0941a6a | 116 | |
cc192b50 | 117 | /* IPv6 does not do ARP */ |
4dd643d5 | 118 | if (!checklist->src_addr.isIPv4()) { |
cc192b50 | 119 | debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist->src_addr ); |
120 | return 0; | |
121 | } | |
122 | ||
4c79ed3d | 123 | Eui::Eui48 lookingFor; |
41b91720 FC |
124 | lookingFor.lookup(checklist->src_addr); |
125 | return (aclArpData.find(lookingFor) != aclArpData.end()); | |
48071869 | 126 | } |
127 | ||
9b859d6f | 128 | SBufList |
48071869 | 129 | ACLARP::dump() const |
130 | { | |
41b91720 | 131 | SBufList sl; |
b06c45a5 | 132 | for (auto i = aclArpData.begin(); i != aclArpData.end(); ++i) { |
41b91720 FC |
133 | char buf[48]; |
134 | i->encode(buf,48); | |
135 | sl.push_back(SBuf(buf)); | |
136 | } | |
137 | return sl; | |
48071869 | 138 | } |
139 | ||
140 | /* ==== END ARP ACL SUPPORT =============================================== */ | |
ee0927b6 AJ |
141 | |
142 | #endif /* USE_SQUID_EUI */ | |
f53969cc | 143 |