| 76 |
|
* param expression what this rule matches using wildcards |
| 77 |
|
*/ |
| 78 |
|
public void add(boolean allow, String expression) { |
| 79 |
< |
// default to expecting it to be an IP |
| 80 |
< |
// we will try to disprove this :) |
| 81 |
< |
boolean ip = true; |
| 82 |
< |
short[] ipaddr = {-1, -1, -1, -1}; |
| 83 |
< |
int i = 0; |
| 84 |
< |
String s = ""; |
| 85 |
< |
// tokenize the expression on fullstops, so we can break |
| 86 |
< |
// up the quads of an IP (if it's an IP!) |
| 87 |
< |
StringTokenizer st = new StringTokenizer(expression, "."); |
| 88 |
< |
while(st.hasMoreTokens() && i++ < 4) { |
| 89 |
< |
s = st.nextToken(); |
| 90 |
< |
// if it's a wildcard, we'll skip to the next one |
| 91 |
< |
// as no more checks are required |
| 92 |
< |
if(s.equals("*")) { |
| 93 |
< |
continue; |
| 94 |
< |
} |
| 95 |
< |
// attempt to parse it into a short |
| 96 |
< |
try { |
| 97 |
< |
short n = Short.parseShort(s); |
| 98 |
< |
// if it's an int but outside of the |
| 99 |
< |
// valid range, it can't be an IP |
| 100 |
< |
if(n < 0 || n > 255) { |
| 101 |
< |
ip = false; |
| 102 |
< |
// give up checking further |
| 103 |
< |
break; |
| 104 |
< |
} |
| 105 |
< |
ipaddr[i-1] = n; |
| 106 |
< |
} |
| 107 |
< |
// if it didn't parse as an int it can't be an IP |
| 108 |
< |
catch (NumberFormatException e) { |
| 109 |
< |
ip = false; |
| 110 |
< |
// give up checking further |
| 111 |
< |
break; |
| 112 |
< |
} |
| 79 |
> |
// try and convert the expression into an IP address |
| 80 |
> |
short[] ipaddr = ipStringToShort(expression); |
| 81 |
> |
// a result of null means it's not an IP address |
| 82 |
> |
// add either a name rule or an IP rule |
| 83 |
> |
if(ipaddr != null) { |
| 84 |
> |
_acl.add(new ACLRule(allow, expression, ipaddr, true)); |
| 85 |
|
} |
| 86 |
< |
// we've done 4 parts, so if there's any |
| 87 |
< |
// more this can't be an IP |
| 116 |
< |
if(st.hasMoreTokens()) { |
| 117 |
< |
ip = false; |
| 86 |
> |
else { |
| 87 |
> |
_acl.add(new ACLRule(allow, expression, ipaddr, false)); |
| 88 |
|
} |
| 119 |
– |
// if we've done less than 4, see if the last one |
| 120 |
– |
// was a wildcard - if it isn't then it's not an IP |
| 121 |
– |
// -- this allows 129.12.* |
| 122 |
– |
if(i < 4 && !s.equals("*")) { |
| 123 |
– |
ip = false; |
| 124 |
– |
} |
| 125 |
– |
// if we had one or less entries it can't be an IP |
| 126 |
– |
// -- this disallows * matching as an IP due |
| 127 |
– |
// to the rule above |
| 128 |
– |
if(i <= 1) { |
| 129 |
– |
ip = false; |
| 130 |
– |
} |
| 131 |
– |
// add the rule to our array |
| 132 |
– |
_acl.add(new ACLRule(allow, expression, ipaddr, ip)); |
| 89 |
|
} |
| 90 |
|
|
| 91 |
|
/** |
| 99 |
|
public boolean check(String address) { |
| 100 |
|
for(int i=0; i < _acl.size(); i++) { |
| 101 |
|
ACLRule rule = (ACLRule) _acl.get(i); |
| 102 |
< |
if(StringUtils.wildcardCheck(address, rule._expression)) { |
| 102 |
> |
if(StringUtils.wildcardMatch(address, rule._expression)) { |
| 103 |
|
return rule._allow; |
| 104 |
|
} |
| 105 |
|
} |
| 127 |
|
ACLRule rule = (ACLRule) _acl.get(i); |
| 128 |
|
if(rule._iprule) { |
| 129 |
|
// if this is an IP rule do a short comparison |
| 130 |
< |
if(compareShorts(ipaddr, rule._ipaddr)) { |
| 130 |
> |
// must specify the wildcarded rule first |
| 131 |
> |
if(compareShorts(rule._ipaddr, ipaddr)) { |
| 132 |
|
return rule._allow; |
| 133 |
|
} |
| 134 |
|
} |
| 135 |
|
else { |
| 136 |
|
// if not do a full blown String comparsion |
| 137 |
< |
if(StringUtils.wildcardCheck(hostname, rule._expression)) { |
| 137 |
> |
if(StringUtils.wildcardMatch(hostname, rule._expression)) { |
| 138 |
|
return rule._allow; |
| 139 |
|
} |
| 140 |
|
} |
| 176 |
|
* Converts an IP address in String format into |
| 177 |
|
* a short array of length 4. Any wildcards, *, |
| 178 |
|
* found in the IP address are represented by |
| 179 |
< |
* a -1. |
| 179 |
> |
* a -1. If the given String is not an IP address |
| 180 |
> |
* null is returned instead. |
| 181 |
|
* |
| 182 |
|
* @param ip The IP address in String format |
| 183 |
|
* @return The IP address in a short[] |
| 184 |
|
*/ |
| 185 |
|
private short[] ipStringToShort(String ip) { |
| 186 |
+ |
// default to expecting it to be an IP |
| 187 |
+ |
// we will try to disprove this :) |
| 188 |
|
short[] ipaddr = {-1, -1, -1, -1}; |
| 189 |
+ |
int i = 0; |
| 190 |
+ |
String s = ""; |
| 191 |
+ |
// tokenize the String on fullstops, so we can break |
| 192 |
+ |
// up the quads of an IP (if it's an IP!) |
| 193 |
|
StringTokenizer st = new StringTokenizer(ip, "."); |
| 194 |
< |
for(int i=0; i < 4 && st.hasMoreTokens(); i++) { |
| 194 |
> |
while(st.hasMoreTokens() && i++ < 4) { |
| 195 |
> |
s = st.nextToken(); |
| 196 |
> |
// if it's a wildcard, we'll skip to the next one |
| 197 |
> |
// as no more checks are required |
| 198 |
> |
if(s.equals("*")) { |
| 199 |
> |
continue; |
| 200 |
> |
} |
| 201 |
> |
// attempt to parse it into a short |
| 202 |
|
try { |
| 203 |
< |
ipaddr[i] = Short.parseShort(st.nextToken()); |
| 203 |
> |
short n = Short.parseShort(s); |
| 204 |
> |
// if it's an int but outside of the |
| 205 |
> |
// valid range, it can't be an IP |
| 206 |
> |
if(n < 0 || n > 255) { |
| 207 |
> |
// give up checking further |
| 208 |
> |
return null; |
| 209 |
> |
} |
| 210 |
> |
ipaddr[i-1] = n; |
| 211 |
|
} |
| 212 |
< |
catch(NumberFormatException e) { |
| 213 |
< |
// do nothing? |
| 214 |
< |
// we just want to leave it as -1 |
| 215 |
< |
// -- actually, maybe we want to do more checks in here? |
| 238 |
< |
// although in this code context it'll probably be ok, |
| 239 |
< |
// it might be worth verifying wildcards and that the |
| 240 |
< |
// number is in range... |
| 212 |
> |
// if it didn't parse as a short it can't be an IP |
| 213 |
> |
catch (NumberFormatException e) { |
| 214 |
> |
// give up checking further |
| 215 |
> |
return null; |
| 216 |
|
} |
| 217 |
|
} |
| 218 |
+ |
// we've done 4 parts, so if there's any |
| 219 |
+ |
// more this can't be an IP |
| 220 |
+ |
if(st.hasMoreTokens()) { |
| 221 |
+ |
return null; |
| 222 |
+ |
} |
| 223 |
+ |
// if we've done less than 4, see if the last one |
| 224 |
+ |
// was a wildcard - if it isn't then it's not an IP |
| 225 |
+ |
// -- this allows 129.12.* |
| 226 |
+ |
if(i < 4 && !s.equals("*")) { |
| 227 |
+ |
return null; |
| 228 |
+ |
} |
| 229 |
+ |
// if we had one or less entries it can't be an IP |
| 230 |
+ |
// -- this disallows * matching as an IP due |
| 231 |
+ |
// to the rule above |
| 232 |
+ |
if(i <= 1) { |
| 233 |
+ |
return null; |
| 234 |
+ |
} |
| 235 |
|
return ipaddr; |
| 236 |
|
} |
| 237 |
|
|
| 238 |
|
/** |
| 239 |
< |
* Compares two short arrays. The array can contain a -1, which |
| 240 |
< |
* will always match any value -- it's a wildcard. They must be |
| 241 |
< |
* the same length to match. At the moment the order of the |
| 250 |
< |
* parameters does not matter. |
| 239 |
> |
* Compares two short arrays. The first array can contain a -1, |
| 240 |
> |
* which will always match any value -- it's a wildcard. |
| 241 |
> |
* They must be the same length to match. |
| 242 |
|
* |
| 243 |
< |
* @param first The first array to compare |
| 243 |
> |
* @param first The first array to compare (with -1 wildcard if required) |
| 244 |
|
* @param second The second array to compare |
| 245 |
|
* @result the result of the comparison |
| 246 |
|
*/ |
| 249 |
|
return false; |
| 250 |
|
} |
| 251 |
|
for(int i=0; i < first.length; i++) { |
| 252 |
< |
// -- might want to consider specify which is the wildcard one? |
| 262 |
< |
if(first[i] == -1 || second[i] == -1) { |
| 252 |
> |
if(first[i] == -1) { |
| 253 |
|
continue; |
| 254 |
|
} |
| 255 |
|
if(first[i] != second[i]) { |
