src/acl/Arp.cc

   1 /*
   2  * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 /* DEBUG: section 28    Access Control */
  10
  11 #include "squid.h"
  12
  13 #if USE_SQUID_EUI
  14
  15 #include "acl/Arp.h"
  16 #include "acl/FilledChecklist.h"
  17 #include "cache_cf.h"
  18 #include "Debug.h"
  19 #include "eui/Eui48.h"
  20 #include "globals.h"
  21 #include "ip/Address.h"
  22
  23 static void aclParseArpList(SplayNode<Eui::Eui48 *> **curlist);
  24 static int aclMatchArp(SplayNode<Eui::Eui48 *> **dataptr, Ip::Address &c);
  25 static SplayNode<Eui::Eui48 *>::SPLAYCMP aclArpCompare;
  26 static SplayNode<Eui::Eui48 *>::SPLAYWALKEE aclDumpArpListWalkee;
  27
  28 ACL *
  29 ACLARP::clone() const
  30 {
  31     return new ACLARP(*this);
  32 }
  33
  34 ACLARP::ACLARP (char const *theClass) : data (NULL), class_ (theClass)
  35 {}
  36
  37 ACLARP::ACLARP (ACLARP const & old) : data (NULL), class_ (old.class_)
  38 {
  39     /* we don't have copy constructors for the data yet */
  40     assert (!old.data);
  41 }
  42
  43 ACLARP::~ACLARP()
  44 {
  45     if (data)
  46         data->destroy(SplayNode<Eui::Eui48*>::DefaultFree);
  47 }
  48
  49 char const *
  50 ACLARP::typeString() const
  51 {
  52     return class_;
  53 }
  54
  55 bool
  56 ACLARP::empty () const
  57 {
  58     return data->empty();
  59 }
  60
  61 /* ==== BEGIN ARP ACL SUPPORT ============================================= */
  62
  63 /*
  64  * From:    dale@server.ctam.bitmcnit.bryansk.su (Dale)
  65  * To:      wessels@nlanr.net
  66  * Subject: Another Squid patch... :)
  67  * Date:    Thu, 04 Dec 1997 19:55:01 +0300
  68  * ============================================================================
  69  *
  70  * Working on setting up a proper firewall for a network containing some
  71  * Win'95 computers at our Univ, I've discovered that some smart students
  72  * avoid the restrictions easily just changing their IP addresses in Win'95
  73  * Contol Panel... It has been getting boring, so I took Squid-1.1.18
  74  * sources and added a new acl type for hard-wired access control:
  75  *
  76  * acl <name> arp <Ethernet address> ...
  77  *
  78  * For example,
  79  *
  80  * acl students arp 00:00:21:55:ed:22 00:00:21:ff:55:38
  81  *
  82  * NOTE: Linux code by David Luyer <luyer@ucs.uwa.edu.au>.
  83  *       Original (BSD-specific) code no longer works.
  84  *       Solaris code by R. Gancarz <radekg@solaris.elektrownia-lagisza.com.pl>
  85  */
  86
  87 Eui::Eui48 *
  88 aclParseArpData(const char *t)
  89 {
  90     char buf[256];
  91     Eui::Eui48 *q = new Eui::Eui48;
  92     debugs(28, 5, "aclParseArpData: " << t);
  93
  94     if (sscanf(t, "%[0-9a-fA-F:]", buf) != 1) {
  95         debugs(28, DBG_CRITICAL, "aclParseArpData: Bad ethernet address: '" << t << "'");
  96         safe_free(q);
  97         return NULL;
  98     }
  99
 100     if (!q->decode(buf)) {
 101         debugs(28, DBG_CRITICAL, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line);
 102         debugs(28, DBG_CRITICAL, "aclParseArpData: Ignoring invalid ARP acl entry: can't parse '" << buf << "'");
 103         safe_free(q);
 104         return NULL;
 105     }
 106
 107     return q;
 108 }
 109
 110 /*******************/
 111 /* aclParseArpList */
 112 /*******************/
 113 void
 114 ACLARP::parse()
 115 {
 116     aclParseArpList(&data);
 117 }
 118
 119 void
 120 aclParseArpList(SplayNode<Eui::Eui48 *> **curlist)
 121 {
 122     char *t = NULL;
 123     SplayNode<Eui::Eui48*> **Top = curlist;
 124     Eui::Eui48 *q = NULL;
 125
 126     while ((t = strtokFile())) {
 127         if ((q = aclParseArpData(t)) == NULL)
 128             continue;
 129
 130         *Top = (*Top)->insert(q, aclArpCompare);
 131     }
 132 }
 133
 134 int
 135 ACLARP::match(ACLChecklist *cl)
 136 {
 137     ACLFilledChecklist *checklist = Filled(cl);
 138
 139     /* IPv6 does not do ARP */
 140     if (!checklist->src_addr.isIPv4()) {
 141         debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist->src_addr );
 142         return 0;
 143     }
 144
 145     return aclMatchArp(&data, checklist->src_addr);
 146 }
 147
 148 /***************/
 149 /* aclMatchArp */
 150 /***************/
 151 int
 152 aclMatchArp(SplayNode<Eui::Eui48 *> **dataptr, Ip::Address &c)
 153 {
 154     Eui::Eui48 result;
 155     SplayNode<Eui::Eui48 *> **Top = dataptr;
 156
 157     if (result.lookup(c)) {
 158         /* Do ACL match lookup */
 159         *Top = (*Top)->splay(&result, aclArpCompare);
 160         debugs(28, 3, "aclMatchArp: '" << c << "' " << (splayLastResult ? "NOT found" : "found"));
 161         return (0 == splayLastResult);
 162     }
 163
 164     /*
 165      * Address was not found on any interface
 166      */
 167     debugs(28, 3, "aclMatchArp: " << c << " NOT found");
 168     return 0;
 169 }
 170
 171 static int
 172 aclArpCompare(Eui::Eui48 * const &a, Eui::Eui48 * const &b)
 173 {
 174     return memcmp(a, b, sizeof(Eui::Eui48));
 175 }
 176
 177 static void
 178 aclDumpArpListWalkee(Eui::Eui48 * const &node, void *state)
 179 {
 180     static char buf[48];
 181     node->encode(buf, 48);
 182     static_cast<SBufList *>(state)->push_back(SBuf(buf));
 183 }
 184
 185 SBufList
 186 ACLARP::dump() const
 187 {
 188     SBufList sl;
 189     data->walk(aclDumpArpListWalkee, &sl);
 190     return sl;
 191 }
 192
 193 /* ==== END ARP ACL SUPPORT =============================================== */
 194
 195 #endif /* USE_SQUID_EUI */