[thirdparty/squid.git] / src / acl / Arp.cc

/*
 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/* DEBUG: section 28    Access Control */

#include "squid.h"

#if USE_SQUID_EUI

#include "acl/Arp.h"
#include "acl/FilledChecklist.h"
#include "cache_cf.h"
#include "debug/Stream.h"
#include "eui/Eui48.h"
#include "globals.h"
#include "ip/Address.h"

#include <algorithm>

ACLARP::ACLARP (char const *theClass) : class_ (theClass)
{}

char const *
ACLARP::typeString() const
{
    return class_;
}

bool
ACLARP::empty () const
{
    return aclArpData.empty();
}

/* ==== BEGIN ARP ACL SUPPORT ============================================= */

/*
 * From:    dale@server.ctam.bitmcnit.bryansk.su (Dale)
 * To:      wessels@nlanr.net
 * Subject: Another Squid patch... :)
 * Date:    Thu, 04 Dec 1997 19:55:01 +0300
 * ============================================================================
 *
 * Working on setting up a proper firewall for a network containing some
 * Win'95 computers at our Univ, I've discovered that some smart students
 * avoid the restrictions easily just changing their IP addresses in Win'95
 * Control Panel... It has been getting boring, so I took Squid-1.1.18
 * sources and added a new acl type for hard-wired access control:
 *
 * acl <name> arp <Ethernet address> ...
 *
 * For example,
 *
 * acl students arp 00:00:21:55:ed:22 00:00:21:ff:55:38
 *
 * NOTE: Linux code by David Luyer <luyer@ucs.uwa.edu.au>.
 *       Original (BSD-specific) code no longer works.
 *       Solaris code by R. Gancarz <radekg@solaris.elektrownia-lagisza.com.pl>
 */

static Eui::Eui48 *
aclParseArpData(const char *t)
{
    char buf[256];
    Eui::Eui48 *q = new Eui::Eui48;
    debugs(28, 5, "aclParseArpData: " << t);

    if (sscanf(t, "%[0-9a-fA-F:]", buf) != 1) {
        debugs(28, DBG_CRITICAL, "ERROR: aclParseArpData: Bad ethernet address: '" << t << "'");
        delete q;
        return nullptr;
    }

    if (!q->decode(buf)) {
        debugs(28, DBG_CRITICAL, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line);
        debugs(28, DBG_CRITICAL, "ERROR: aclParseArpData: Ignoring invalid ARP acl entry: cannot parse '" << buf << "'");
        delete q;
        return nullptr;
    }

    return q;
}

/*******************/
/* aclParseArpList */
/*******************/
void
ACLARP::parse()
{
    while (const char *t = ConfigParser::strtokFile()) {
        if (Eui::Eui48 *q = aclParseArpData(t)) {
            aclArpData.insert(*q);
            delete q;
        }
    }
}

int
ACLARP::match(ACLChecklist *cl)
{
    ACLFilledChecklist *checklist = Filled(cl);

    /* IPv6 does not do ARP */
    if (!checklist->src_addr.isIPv4()) {
        debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist->src_addr );
        return 0;
    }

    Eui::Eui48 lookingFor;
    lookingFor.lookup(checklist->src_addr);
    return (aclArpData.find(lookingFor) != aclArpData.end());
}

SBufList
ACLARP::dump() const
{
    SBufList sl;
    for (auto i = aclArpData.begin(); i != aclArpData.end(); ++i) {
        char buf[48];
        i->encode(buf,48);
        sl.push_back(SBuf(buf));
    }
    return sl;
}

/* ==== END ARP ACL SUPPORT =============================================== */

#endif /* USE_SQUID_EUI */
Commit	Line	Data
48071869	1	/*
b8ae064d	2	* Copyright (C) 1996-2023 The Squid Software Foundation and contributors
48071869	3	*
bbc27441 AJ	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
48071869	7	*/
48071869	8
bbc27441 AJ	9	/* DEBUG: section 28 Access Control */
bbc27441 AJ	10
582c2af2	11	#include "squid.h"
6fc1da74	12
ee0927b6	13	#if USE_SQUID_EUI
6fc1da74	14
c0941a6a AR	15	#include "acl/Arp.h"
c0941a6a AR	16	#include "acl/FilledChecklist.h"
aa3b39af	17	#include "cache_cf.h"
675b8408	18	#include "debug/Stream.h"
ee0927b6	19	#include "eui/Eui48.h"
9b859d6f	20	#include "globals.h"
96d89ea0	21	#include "ip/Address.h"
48071869	22
41b91720	23	#include <algorithm>
48071869	24
41b91720	25	ACLARP::ACLARP (char const *theClass) : class_ (theClass)
48071869	26	{}
48071869	27
48071869	28	char const *
	29	ACLARP::typeString() const
	30	{
	31	return class_;
	32	}
	33
	34	bool
4b0f5de8	35	ACLARP::empty () const
48071869	36	{
41b91720	37	return aclArpData.empty();
48071869	38	}
	39
	40	/* ==== BEGIN ARP ACL SUPPORT ============================================= */
	41
	42	/*
	43	* From: dale@server.ctam.bitmcnit.bryansk.su (Dale)
	44	* To: wessels@nlanr.net
	45	* Subject: Another Squid patch... :)
	46	* Date: Thu, 04 Dec 1997 19:55:01 +0300
	47	* ============================================================================
26ac0430	48	*
48071869	49	* Working on setting up a proper firewall for a network containing some
	50	* Win'95 computers at our Univ, I've discovered that some smart students
	51	* avoid the restrictions easily just changing their IP addresses in Win'95
2f8abb64	52	* Control Panel... It has been getting boring, so I took Squid-1.1.18
48071869	53	* sources and added a new acl type for hard-wired access control:
26ac0430	54	*
48071869	55	* acl <name> arp <Ethernet address> ...
26ac0430	56	*
48071869	57	* For example,
26ac0430	58	*
48071869	59	* acl students arp 00:00:21:55:ed:22 00:00:21:ff:55:38
	60	*
	61	* NOTE: Linux code by David Luyer <luyer@ucs.uwa.edu.au>.
	62	* Original (BSD-specific) code no longer works.
	63	* Solaris code by R. Gancarz <radekg@solaris.elektrownia-lagisza.com.pl>
	64	*/
	65
8b082ed9	66	static Eui::Eui48 *
48071869	67	aclParseArpData(const char *t)
48071869	68	{
ee0927b6	69	char buf[256];
a98c2da5	70	Eui::Eui48 *q = new Eui::Eui48;
bf8fe701	71	debugs(28, 5, "aclParseArpData: " << t);
48071869	72
ee0927b6	73	if (sscanf(t, "%[0-9a-fA-F:]", buf) != 1) {
d816f28d	74	debugs(28, DBG_CRITICAL, "ERROR: aclParseArpData: Bad ethernet address: '" << t << "'");
2dd66a22	75	delete q;
aee3523a	76	return nullptr;
48071869	77	}
48071869	78
ee0927b6	79	if (!q->decode(buf)) {
fa84c01d	80	debugs(28, DBG_CRITICAL, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line);
d816f28d	81	debugs(28, DBG_CRITICAL, "ERROR: aclParseArpData: Ignoring invalid ARP acl entry: cannot parse '" << buf << "'");
2dd66a22	82	delete q;
aee3523a	83	return nullptr;
48071869	84	}
	85
	86	return q;
	87	}
	88
48071869	89	/*******************/
	90	/* aclParseArpList */
	91	/*******************/
	92	void
	93	ACLARP::parse()
48071869	94	{
16c5ad96	95	while (const char *t = ConfigParser::strtokFile()) {
2dd66a22 AJ	96	if (Eui::Eui48 *q = aclParseArpData(t)) {
	97	aclArpData.insert(*q);
	98	delete q;
	99	}
48071869	100	}
	101	}
	102
	103	int
c0941a6a	104	ACLARP::match(ACLChecklist *cl)
48071869	105	{
af6a12ee	106	ACLFilledChecklist *checklist = Filled(cl);
c0941a6a	107
cc192b50	108	/* IPv6 does not do ARP */
4dd643d5	109	if (!checklist->src_addr.isIPv4()) {
cc192b50	110	debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist->src_addr );
	111	return 0;
	112	}
	113
4c79ed3d	114	Eui::Eui48 lookingFor;
41b91720 FC	115	lookingFor.lookup(checklist->src_addr);
41b91720 FC	116	return (aclArpData.find(lookingFor) != aclArpData.end());
48071869	117	}
48071869	118
9b859d6f	119	SBufList
48071869	120	ACLARP::dump() const
48071869	121	{
41b91720	122	SBufList sl;
b06c45a5	123	for (auto i = aclArpData.begin(); i != aclArpData.end(); ++i) {
41b91720 FC	124	char buf[48];
	125	i->encode(buf,48);
	126	sl.push_back(SBuf(buf));
	127	}
	128	return sl;
48071869	129	}
	130
	131	/* ==== END ARP ACL SUPPORT =============================================== */
ee0927b6 AJ	132
ee0927b6 AJ	133	#endif /* USE_SQUID_EUI */
f53969cc	134