ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Root Listing
root/i-scream/experimental/server/ACL/ACL.java
(Generate patch)

Comparing experimental/server/ACL/ACL.java (file contents):
Revision 1.10 by tdb, Mon Dec 31 19:25:39 2001 UTC vs.
Revision 1.12 by tdb, Tue Jan 8 13:31:34 2002 UTC

# Line 76 | Line 76 | public class ACL implements Serializable {
76       * param expression what this rule matches using wildcards
77       */
78      public void add(boolean allow, String expression) {
79 <        // default to expecting it to be an IP
80 <        // we will try to disprove this :)
81 <        boolean ip = true;
82 <        short[] ipaddr = {-1, -1, -1, -1};
83 <        int i = 0;
84 <        String s = "";
85 <        // tokenize the expression on fullstops, so we can break
86 <        // up the quads of an IP (if it's an IP!)
87 <        StringTokenizer st = new StringTokenizer(expression, ".");
88 <        while(st.hasMoreTokens() && i++ < 4) {
89 <            s = st.nextToken();
90 <            // if it's a wildcard, we'll skip to the next one
91 <            // as no more checks are required
92 <            if(s.equals("*")) {
93 <                continue;
94 <            }
95 <            // attempt to parse it into a short
96 <            try {
97 <                short n = Short.parseShort(s);
98 <                // if it's an int but outside of the
99 <                // valid range, it can't be an IP
100 <                if(n < 0 || n > 255) {
101 <                    ip = false;
102 <                    // give up checking further
103 <                    break;
104 <                }
105 <                ipaddr[i-1] = n;
106 <            }
107 <            // if it didn't parse as an int it can't be an IP
108 <            catch (NumberFormatException e) {
109 <                ip = false;
110 <                // give up checking further
111 <                break;
112 <            }
79 >        // try and convert the expression into an IP address
80 >        short[] ipaddr = ipStringToShort(expression);
81 >        // a result of null means it's not an IP address
82 >        // add either a name rule or an IP rule
83 >        if(ipaddr != null) {
84 >            _acl.add(new ACLRule(allow, expression, ipaddr, true));
85          }
86 <        // we've done 4 parts, so if there's any
87 <        // more this can't be an IP
116 <        if(st.hasMoreTokens()) {
117 <            ip = false;
86 >        else {
87 >            _acl.add(new ACLRule(allow, expression, ipaddr, false));
88          }
119        // if we've done less than 4, see if the last one
120        // was a wildcard - if it isn't then it's not an IP
121        //   -- this allows 129.12.*
122        if(i < 4 && !s.equals("*")) {
123            ip = false;
124        }
125        // if we had one or less entries it can't be an IP
126        //   -- this disallows * matching as an IP due
127        //      to the rule above
128        if(i <= 1) {
129            ip = false;
130        }
131        // add the rule to our array
132        _acl.add(new ACLRule(allow, expression, ipaddr, ip));
89      }
90      
91      /**
# Line 143 | Line 99 | public class ACL implements Serializable {
99      public boolean check(String address) {
100          for(int i=0; i < _acl.size(); i++) {
101              ACLRule rule = (ACLRule) _acl.get(i);
102 <            if(StringUtils.wildcardCheck(address, rule._expression)) {
102 >            if(StringUtils.wildcardMatch(address, rule._expression)) {
103                  return rule._allow;
104              }
105          }
# Line 171 | Line 127 | public class ACL implements Serializable {
127              ACLRule rule = (ACLRule) _acl.get(i);
128              if(rule._iprule) {
129                  // if this is an IP rule do a short comparison
130 <                if(compareShorts(ipaddr, rule._ipaddr)) {
130 >                // must specify the wildcarded rule first
131 >                if(compareShorts(rule._ipaddr, ipaddr)) {
132                      return rule._allow;
133                  }
134              }
135              else {
136                  // if not do a full blown String comparsion
137 <                if(StringUtils.wildcardCheck(hostname, rule._expression)) {
137 >                if(StringUtils.wildcardMatch(hostname, rule._expression)) {
138                      return rule._allow;
139                  }
140              }
# Line 219 | Line 176 | public class ACL implements Serializable {
176       * Converts an IP address in String format into
177       * a short array of length 4. Any wildcards, *,
178       * found in the IP address are represented by
179 <     * a -1.
179 >     * a -1. If the given String is not an IP address
180 >     * null is returned instead.
181       *
182       * @param ip The IP address in String format
183       * @return The IP address in a short[]
184       */
185      private short[] ipStringToShort(String ip) {
186 +        // default to expecting it to be an IP
187 +        // we will try to disprove this :)
188          short[] ipaddr = {-1, -1, -1, -1};
189 +        int i = 0;
190 +        String s = "";
191 +        // tokenize the String on fullstops, so we can break
192 +        // up the quads of an IP (if it's an IP!)
193          StringTokenizer st = new StringTokenizer(ip, ".");
194 <        for(int i=0; i < 4 && st.hasMoreTokens(); i++) {
194 >        while(st.hasMoreTokens() && i++ < 4) {
195 >            s = st.nextToken();
196 >            // if it's a wildcard, we'll skip to the next one
197 >            // as no more checks are required
198 >            if(s.equals("*")) {
199 >                continue;
200 >            }
201 >            // attempt to parse it into a short
202              try {
203 <                ipaddr[i] = Short.parseShort(st.nextToken());
203 >                short n = Short.parseShort(s);
204 >                // if it's an int but outside of the
205 >                // valid range, it can't be an IP
206 >                if(n < 0 || n > 255) {
207 >                    // give up checking further
208 >                    return null;
209 >                }
210 >                ipaddr[i-1] = n;
211              }
212 <            catch(NumberFormatException e) {
213 <                // do nothing?
214 <                // we just want to leave it as -1
215 <                // -- actually, maybe we want to do more checks in here?
238 <                //    although in this code context it'll probably be ok,
239 <                //    it might be worth verifying wildcards and that the
240 <                //    number is in range...
212 >            // if it didn't parse as a short it can't be an IP
213 >            catch (NumberFormatException e) {
214 >                // give up checking further
215 >                return null;
216              }
217          }
218 +        // we've done 4 parts, so if there's any
219 +        // more this can't be an IP
220 +        if(st.hasMoreTokens()) {
221 +            return null;
222 +        }
223 +        // if we've done less than 4, see if the last one
224 +        // was a wildcard - if it isn't then it's not an IP
225 +        //   -- this allows 129.12.*
226 +        if(i < 4 && !s.equals("*")) {
227 +            return null;
228 +        }
229 +        // if we had one or less entries it can't be an IP
230 +        //   -- this disallows * matching as an IP due
231 +        //      to the rule above
232 +        if(i <= 1) {
233 +            return null;
234 +        }
235          return ipaddr;
236      }
237      
238      /**
239 <     * Compares two short arrays. The array can contain a -1, which
240 <     * will always match any value -- it's a wildcard. They must be
241 <     * the same length to match. At the moment the order of the
250 <     * parameters does not matter.
239 >     * Compares two short arrays. The first array can contain a -1,
240 >     * which will always match any value -- it's a wildcard.
241 >     * They must be the same length to match.
242       *
243 <     * @param first The first array to compare
243 >     * @param first The first array to compare (with -1 wildcard if required)
244       * @param second The second array to compare
245       * @result the result of the comparison
246       */
# Line 258 | Line 249 | public class ACL implements Serializable {
249              return false;
250          }
251          for(int i=0; i < first.length; i++) {
252 <            // -- might want to consider specify which is the wildcard one?
262 <            if(first[i] == -1 || second[i] == -1) {
252 >            if(first[i] == -1) {
253                  continue;
254              }
255              if(first[i] != second[i]) {

Diff Legend

Removed lines
+ Added lines
< Changed lines
> Changed lines