src/acl/Arp.cc

   1 /*
   2  * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /* DEBUG: section 28    Access Control */
  10
  11 #include "squid.h"
  12
  13 #if USE_SQUID_EUI
  14
  15 #include "acl/Arp.h"
  16 #include "acl/FilledChecklist.h"
  17 #include "cache_cf.h"
  18 #include "Debug.h"
  19 #include "eui/Eui48.h"
  20 #include "globals.h"
  21 #include "ip/Address.h"
  22
  23 static void aclParseArpList(Splay<Eui::Eui48 *> **curlist);
  24 static int aclMatchArp(Splay<Eui::Eui48 *> **dataptr, Ip::Address &c);
  25 static Splay<Eui::Eui48 *>::SPLAYCMP aclArpCompare;
  26
  27 ACL *
  28 ACLARP::clone() const
  29 {
  30     return new ACLARP(*this);
  31 }
  32
  33 ACLARP::ACLARP (char const *theClass) : data (NULL), class_ (theClass)
  34 {}
  35
  36 ACLARP::ACLARP (ACLARP const & old) : data (NULL), class_ (old.class_)
  37 {
  38     /* we don't have copy constructors for the data yet */
  39     assert (!old.data);
  40 }
  41
  42 ACLARP::~ACLARP()
  43 {
  44     if (data) {
  45         data->destroy();
  46         delete data;
  47     }
  48 }
  49
  50 char const *
  51 ACLARP::typeString() const
  52 {
  53     return class_;
  54 }
  55
  56 bool
  57 ACLARP::empty () const
  58 {
  59     return data->empty();
  60 }
  61
  62 /* ==== BEGIN ARP ACL SUPPORT ============================================= */
  63
  64 /*
  65  * From:    dale@server.ctam.bitmcnit.bryansk.su (Dale)
  66  * To:      wessels@nlanr.net
  67  * Subject: Another Squid patch... :)
  68  * Date:    Thu, 04 Dec 1997 19:55:01 +0300
  69  * ============================================================================
  70  *
  71  * Working on setting up a proper firewall for a network containing some
  72  * Win'95 computers at our Univ, I've discovered that some smart students
  73  * avoid the restrictions easily just changing their IP addresses in Win'95
  74  * Contol Panel... It has been getting boring, so I took Squid-1.1.18
  75  * sources and added a new acl type for hard-wired access control:
  76  *
  77  * acl <name> arp <Ethernet address> ...
  78  *
  79  * For example,
  80  *
  81  * acl students arp 00:00:21:55:ed:22 00:00:21:ff:55:38
  82  *
  83  * NOTE: Linux code by David Luyer <luyer@ucs.uwa.edu.au>.
  84  *       Original (BSD-specific) code no longer works.
  85  *       Solaris code by R. Gancarz <radekg@solaris.elektrownia-lagisza.com.pl>
  86  */
  87
  88 Eui::Eui48 *
  89 aclParseArpData(const char *t)
  90 {
  91     char buf[256];
  92     Eui::Eui48 *q = new Eui::Eui48;
  93     debugs(28, 5, "aclParseArpData: " << t);
  94
  95     if (sscanf(t, "%[0-9a-fA-F:]", buf) != 1) {
  96         debugs(28, DBG_CRITICAL, "aclParseArpData: Bad ethernet address: '" << t << "'");
  97         safe_free(q);
  98         return NULL;
  99     }
 100
 101     if (!q->decode(buf)) {
 102         debugs(28, DBG_CRITICAL, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line);
 103         debugs(28, DBG_CRITICAL, "aclParseArpData: Ignoring invalid ARP acl entry: can't parse '" << buf << "'");
 104         safe_free(q);
 105         return NULL;
 106     }
 107
 108     return q;
 109 }
 110
 111 /*******************/
 112 /* aclParseArpList */
 113 /*******************/
 114 void
 115 ACLARP::parse()
 116 {
 117     if (!data)
 118         data = new Splay<Eui::Eui48 *>();
 119     aclParseArpList(&data);
 120 }
 121
 122 void
 123 aclParseArpList(Splay<Eui::Eui48 *> **curlist)
 124 {
 125     char *t = NULL;
 126     Eui::Eui48 *q = NULL;
 127
 128     while ((t = strtokFile())) {
 129         if ((q = aclParseArpData(t)) == NULL)
 130             continue;
 131
 132         (*curlist)->insert(q, aclArpCompare);
 133     }
 134 }
 135
 136 int
 137 ACLARP::match(ACLChecklist *cl)
 138 {
 139     ACLFilledChecklist *checklist = Filled(cl);
 140
 141     /* IPv6 does not do ARP */
 142     if (!checklist->src_addr.isIPv4()) {
 143         debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist->src_addr );
 144         return 0;
 145     }
 146
 147     return aclMatchArp(&data, checklist->src_addr);
 148 }
 149
 150 /***************/
 151 /* aclMatchArp */
 152 /***************/
 153 int
 154 aclMatchArp(Splay<Eui::Eui48 *> **dataptr, Ip::Address &c)
 155 {
 156     Eui::Eui48 lookingFor;
 157     if (lookingFor.lookup(c)) {
 158         Eui::Eui48 * const* lookupResult = (*dataptr)->find(&lookingFor,aclArpCompare);
 159         debugs(28, 3, "aclMatchArp: '" << c << "' " << (lookupResult ? "found" : "NOT found"));
 160         return (lookupResult != NULL);
 161     }
 162     debugs(28, 3, "aclMatchArp: " << c << " NOT found");
 163     return 0;
 164 }
 165
 166 static int
 167 aclArpCompare(Eui::Eui48 * const &a, Eui::Eui48 * const &b)
 168 {
 169     return memcmp(a, b, sizeof(Eui::Eui48));
 170 }
 171
 172 // visitor functor to collect the contents of the Arp Acl
 173 struct ArpAclDumpVisitor {
 174     SBufList contents;
 175     void operator() (const Eui::Eui48 * v) {
 176         static char buf[48];
 177         v->encode(buf,48);
 178         contents.push_back(SBuf(buf));
 179     }
 180 };
 181
 182 SBufList
 183 ACLARP::dump() const
 184 {
 185     ArpAclDumpVisitor visitor;
 186     data->visit(visitor);
 187     return visitor.contents;
 188 }
 189
 190 /* ==== END ARP ACL SUPPORT =============================================== */
 191
 192 #endif /* USE_SQUID_EUI */
 193