]>
Commit | Line | Data |
---|---|---|
48071869 | 1 | /* |
b8ae064d | 2 | * Copyright (C) 1996-2023 The Squid Software Foundation and contributors |
48071869 | 3 | * |
bbc27441 AJ |
4 | * Squid software is distributed under GPLv2+ license and includes |
5 | * contributions from numerous individuals and organizations. | |
6 | * Please see the COPYING and CONTRIBUTORS files for details. | |
48071869 | 7 | */ |
8 | ||
bbc27441 AJ |
9 | /* DEBUG: section 28 Access Control */ |
10 | ||
582c2af2 | 11 | #include "squid.h" |
6fc1da74 | 12 | |
ee0927b6 | 13 | #if USE_SQUID_EUI |
6fc1da74 | 14 | |
c0941a6a AR |
15 | #include "acl/Arp.h" |
16 | #include "acl/FilledChecklist.h" | |
aa3b39af | 17 | #include "cache_cf.h" |
675b8408 | 18 | #include "debug/Stream.h" |
ee0927b6 | 19 | #include "eui/Eui48.h" |
9b859d6f | 20 | #include "globals.h" |
96d89ea0 | 21 | #include "ip/Address.h" |
48071869 | 22 | |
41b91720 | 23 | #include <algorithm> |
48071869 | 24 | |
41b91720 | 25 | ACLARP::ACLARP (char const *theClass) : class_ (theClass) |
48071869 | 26 | {} |
27 | ||
48071869 | 28 | char const * |
29 | ACLARP::typeString() const | |
30 | { | |
31 | return class_; | |
32 | } | |
33 | ||
34 | bool | |
4b0f5de8 | 35 | ACLARP::empty () const |
48071869 | 36 | { |
41b91720 | 37 | return aclArpData.empty(); |
48071869 | 38 | } |
39 | ||
40 | /* ==== BEGIN ARP ACL SUPPORT ============================================= */ | |
41 | ||
42 | /* | |
43 | * From: dale@server.ctam.bitmcnit.bryansk.su (Dale) | |
44 | * To: wessels@nlanr.net | |
45 | * Subject: Another Squid patch... :) | |
46 | * Date: Thu, 04 Dec 1997 19:55:01 +0300 | |
47 | * ============================================================================ | |
26ac0430 | 48 | * |
48071869 | 49 | * Working on setting up a proper firewall for a network containing some |
50 | * Win'95 computers at our Univ, I've discovered that some smart students | |
51 | * avoid the restrictions easily just changing their IP addresses in Win'95 | |
2f8abb64 | 52 | * Control Panel... It has been getting boring, so I took Squid-1.1.18 |
48071869 | 53 | * sources and added a new acl type for hard-wired access control: |
26ac0430 | 54 | * |
48071869 | 55 | * acl <name> arp <Ethernet address> ... |
26ac0430 | 56 | * |
48071869 | 57 | * For example, |
26ac0430 | 58 | * |
48071869 | 59 | * acl students arp 00:00:21:55:ed:22 00:00:21:ff:55:38 |
60 | * | |
61 | * NOTE: Linux code by David Luyer <luyer@ucs.uwa.edu.au>. | |
62 | * Original (BSD-specific) code no longer works. | |
63 | * Solaris code by R. Gancarz <radekg@solaris.elektrownia-lagisza.com.pl> | |
64 | */ | |
65 | ||
8b082ed9 | 66 | static Eui::Eui48 * |
48071869 | 67 | aclParseArpData(const char *t) |
68 | { | |
ee0927b6 | 69 | char buf[256]; |
a98c2da5 | 70 | Eui::Eui48 *q = new Eui::Eui48; |
bf8fe701 | 71 | debugs(28, 5, "aclParseArpData: " << t); |
48071869 | 72 | |
ee0927b6 | 73 | if (sscanf(t, "%[0-9a-fA-F:]", buf) != 1) { |
d816f28d | 74 | debugs(28, DBG_CRITICAL, "ERROR: aclParseArpData: Bad ethernet address: '" << t << "'"); |
2dd66a22 | 75 | delete q; |
aee3523a | 76 | return nullptr; |
48071869 | 77 | } |
78 | ||
ee0927b6 | 79 | if (!q->decode(buf)) { |
fa84c01d | 80 | debugs(28, DBG_CRITICAL, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line); |
d816f28d | 81 | debugs(28, DBG_CRITICAL, "ERROR: aclParseArpData: Ignoring invalid ARP acl entry: cannot parse '" << buf << "'"); |
2dd66a22 | 82 | delete q; |
aee3523a | 83 | return nullptr; |
48071869 | 84 | } |
85 | ||
86 | return q; | |
87 | } | |
88 | ||
48071869 | 89 | /*******************/ |
90 | /* aclParseArpList */ | |
91 | /*******************/ | |
92 | void | |
93 | ACLARP::parse() | |
48071869 | 94 | { |
16c5ad96 | 95 | while (const char *t = ConfigParser::strtokFile()) { |
2dd66a22 AJ |
96 | if (Eui::Eui48 *q = aclParseArpData(t)) { |
97 | aclArpData.insert(*q); | |
98 | delete q; | |
99 | } | |
48071869 | 100 | } |
101 | } | |
102 | ||
103 | int | |
c0941a6a | 104 | ACLARP::match(ACLChecklist *cl) |
48071869 | 105 | { |
af6a12ee | 106 | ACLFilledChecklist *checklist = Filled(cl); |
c0941a6a | 107 | |
cc192b50 | 108 | /* IPv6 does not do ARP */ |
4dd643d5 | 109 | if (!checklist->src_addr.isIPv4()) { |
cc192b50 | 110 | debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist->src_addr ); |
111 | return 0; | |
112 | } | |
113 | ||
4c79ed3d | 114 | Eui::Eui48 lookingFor; |
41b91720 FC |
115 | lookingFor.lookup(checklist->src_addr); |
116 | return (aclArpData.find(lookingFor) != aclArpData.end()); | |
48071869 | 117 | } |
118 | ||
9b859d6f | 119 | SBufList |
48071869 | 120 | ACLARP::dump() const |
121 | { | |
41b91720 | 122 | SBufList sl; |
b06c45a5 | 123 | for (auto i = aclArpData.begin(); i != aclArpData.end(); ++i) { |
41b91720 FC |
124 | char buf[48]; |
125 | i->encode(buf,48); | |
126 | sl.push_back(SBuf(buf)); | |
127 | } | |
128 | return sl; | |
48071869 | 129 | } |
130 | ||
131 | /* ==== END ARP ACL SUPPORT =============================================== */ | |
ee0927b6 AJ |
132 | |
133 | #endif /* USE_SQUID_EUI */ | |
f53969cc | 134 |