[thirdparty/squid.git] / src / acl / Arp.cc

/*
 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/* DEBUG: section 28    Access Control */

#include "squid.h"

#if USE_SQUID_EUI

#include "acl/Arp.h"
#include "acl/FilledChecklist.h"
#include "Debug.h"
#include "eui/Eui48.h"
#include "globals.h"
#include "ip/Address.h"

#include <algorithm>

ACL *
ACLARP::clone() const
{
    return new ACLARP(*this);
}

ACLARP::ACLARP (char const *theClass) : class_ (theClass)
{}

ACLARP::ACLARP (ACLARP const & old) : class_ (old.class_), aclArpData(old.aclArpData)
{
}

char const *
ACLARP::typeString() const
{
    return class_;
}

bool
ACLARP::empty () const
{
    return aclArpData.empty();
}

/* ==== BEGIN ARP ACL SUPPORT ============================================= */

/*
 * From:    dale@server.ctam.bitmcnit.bryansk.su (Dale)
 * To:      wessels@nlanr.net
 * Subject: Another Squid patch... :)
 * Date:    Thu, 04 Dec 1997 19:55:01 +0300
 * ============================================================================
 *
 * Working on setting up a proper firewall for a network containing some
 * Win'95 computers at our Univ, I've discovered that some smart students
 * avoid the restrictions easily just changing their IP addresses in Win'95
 * Contol Panel... It has been getting boring, so I took Squid-1.1.18
 * sources and added a new acl type for hard-wired access control:
 *
 * acl <name> arp <Ethernet address> ...
 *
 * For example,
 *
 * acl students arp 00:00:21:55:ed:22 00:00:21:ff:55:38
 *
 * NOTE: Linux code by David Luyer <luyer@ucs.uwa.edu.au>.
 *       Original (BSD-specific) code no longer works.
 *       Solaris code by R. Gancarz <radekg@solaris.elektrownia-lagisza.com.pl>
 */

Eui::Eui48 *
aclParseArpData(const char *t)
{
    char buf[256];
    Eui::Eui48 *q = new Eui::Eui48;
    debugs(28, 5, "aclParseArpData: " << t);

    if (sscanf(t, "%[0-9a-fA-F:]", buf) != 1) {
        debugs(28, DBG_CRITICAL, "aclParseArpData: Bad ethernet address: '" << t << "'");
        delete q;
        return NULL;
    }

    if (!q->decode(buf)) {
        debugs(28, DBG_CRITICAL, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line);
        debugs(28, DBG_CRITICAL, "aclParseArpData: Ignoring invalid ARP acl entry: can't parse '" << buf << "'");
        delete q;
        return NULL;
    }

    return q;
}

/*******************/
/* aclParseArpList */
/*******************/
void
ACLARP::parse()
{
    while (const char *t = ConfigParser::strtokFile()) {
        if (Eui::Eui48 *q = aclParseArpData(t)) {
            aclArpData.insert(*q);
            delete q;
        }
    }
}

int
ACLARP::match(ACLChecklist *cl)
{
    ACLFilledChecklist *checklist = Filled(cl);

    /* IPv6 does not do ARP */
    if (!checklist->src_addr.isIPv4()) {
        debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist->src_addr );
        return 0;
    }

    Eui::Eui48 lookingFor;
    lookingFor.lookup(checklist->src_addr);
    return (aclArpData.find(lookingFor) != aclArpData.end());
}

SBufList
ACLARP::dump() const
{
    SBufList sl;
    for (auto i = aclArpData.begin(); i != aclArpData.end(); ++i) {
        char buf[48];
        i->encode(buf,48);
        sl.push_back(SBuf(buf));
    }
    return sl;
}

/* ==== END ARP ACL SUPPORT =============================================== */

#endif /* USE_SQUID_EUI */
Commit	Line	Data
48071869	1	/*
ef57eb7b	2	* Copyright (C) 1996-2016 The Squid Software Foundation and contributors
48071869	3	*
bbc27441 AJ	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
48071869	7	*/
48071869	8
bbc27441 AJ	9	/* DEBUG: section 28 Access Control */
bbc27441 AJ	10
582c2af2	11	#include "squid.h"
6fc1da74	12
ee0927b6	13	#if USE_SQUID_EUI
6fc1da74	14
c0941a6a AR	15	#include "acl/Arp.h"
c0941a6a AR	16	#include "acl/FilledChecklist.h"
582c2af2	17	#include "Debug.h"
ee0927b6	18	#include "eui/Eui48.h"
9b859d6f	19	#include "globals.h"
96d89ea0	20	#include "ip/Address.h"
48071869	21
41b91720	22	#include <algorithm>
48071869	23
48071869	24	ACL *
	25	ACLARP::clone() const
	26	{
	27	return new ACLARP(*this);
	28	}
	29
41b91720	30	ACLARP::ACLARP (char const *theClass) : class_ (theClass)
48071869	31	{}
48071869	32
41b91720	33	ACLARP::ACLARP (ACLARP const & old) : class_ (old.class_), aclArpData(old.aclArpData)
48071869	34	{
48071869	35	}
48071869	36
48071869	37	char const *
	38	ACLARP::typeString() const
	39	{
	40	return class_;
	41	}
	42
	43	bool
4b0f5de8	44	ACLARP::empty () const
48071869	45	{
41b91720	46	return aclArpData.empty();
48071869	47	}
	48
	49	/* ==== BEGIN ARP ACL SUPPORT ============================================= */
	50
	51	/*
	52	* From: dale@server.ctam.bitmcnit.bryansk.su (Dale)
	53	* To: wessels@nlanr.net
	54	* Subject: Another Squid patch... :)
	55	* Date: Thu, 04 Dec 1997 19:55:01 +0300
	56	* ============================================================================
26ac0430	57	*
48071869	58	* Working on setting up a proper firewall for a network containing some
	59	* Win'95 computers at our Univ, I've discovered that some smart students
	60	* avoid the restrictions easily just changing their IP addresses in Win'95
	61	* Contol Panel... It has been getting boring, so I took Squid-1.1.18
	62	* sources and added a new acl type for hard-wired access control:
26ac0430	63	*
48071869	64	* acl <name> arp <Ethernet address> ...
26ac0430	65	*
48071869	66	* For example,
26ac0430	67	*
48071869	68	* acl students arp 00:00:21:55:ed:22 00:00:21:ff:55:38
	69	*
	70	* NOTE: Linux code by David Luyer <luyer@ucs.uwa.edu.au>.
	71	* Original (BSD-specific) code no longer works.
	72	* Solaris code by R. Gancarz <radekg@solaris.elektrownia-lagisza.com.pl>
	73	*/
	74
a98c2da5	75	Eui::Eui48 *
48071869	76	aclParseArpData(const char *t)
48071869	77	{
ee0927b6	78	char buf[256];
a98c2da5	79	Eui::Eui48 *q = new Eui::Eui48;
bf8fe701	80	debugs(28, 5, "aclParseArpData: " << t);
48071869	81
ee0927b6	82	if (sscanf(t, "%[0-9a-fA-F:]", buf) != 1) {
fa84c01d	83	debugs(28, DBG_CRITICAL, "aclParseArpData: Bad ethernet address: '" << t << "'");
2dd66a22	84	delete q;
48071869	85	return NULL;
	86	}
	87
ee0927b6	88	if (!q->decode(buf)) {
fa84c01d FC	89	debugs(28, DBG_CRITICAL, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line);
fa84c01d FC	90	debugs(28, DBG_CRITICAL, "aclParseArpData: Ignoring invalid ARP acl entry: can't parse '" << buf << "'");
2dd66a22	91	delete q;
48071869	92	return NULL;
	93	}
	94
	95	return q;
	96	}
	97
48071869	98	/*******************/
	99	/* aclParseArpList */
	100	/*******************/
	101	void
	102	ACLARP::parse()
48071869	103	{
16c5ad96	104	while (const char *t = ConfigParser::strtokFile()) {
2dd66a22 AJ	105	if (Eui::Eui48 *q = aclParseArpData(t)) {
	106	aclArpData.insert(*q);
	107	delete q;
	108	}
48071869	109	}
	110	}
	111
	112	int
c0941a6a	113	ACLARP::match(ACLChecklist *cl)
48071869	114	{
af6a12ee	115	ACLFilledChecklist *checklist = Filled(cl);
c0941a6a	116
cc192b50	117	/* IPv6 does not do ARP */
4dd643d5	118	if (!checklist->src_addr.isIPv4()) {
cc192b50	119	debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist->src_addr );
	120	return 0;
	121	}
	122
4c79ed3d	123	Eui::Eui48 lookingFor;
41b91720 FC	124	lookingFor.lookup(checklist->src_addr);
41b91720 FC	125	return (aclArpData.find(lookingFor) != aclArpData.end());
48071869	126	}
48071869	127
9b859d6f	128	SBufList
48071869	129	ACLARP::dump() const
48071869	130	{
41b91720	131	SBufList sl;
b06c45a5	132	for (auto i = aclArpData.begin(); i != aclArpData.end(); ++i) {
41b91720 FC	133	char buf[48];
	134	i->encode(buf,48);
	135	sl.push_back(SBuf(buf));
	136	}
	137	return sl;
48071869	138	}
	139
	140	/* ==== END ARP ACL SUPPORT =============================================== */
ee0927b6 AJ	141
ee0927b6 AJ	142	#endif /* USE_SQUID_EUI */
f53969cc	143