ViewVC Help

View File | Revision Log | Show Annotations | Revision Graph | Root Listing

root/i-scream/experimental/server/ACL/ACL.java

Comparing experimental/server/ACL/ACL.java (file contents):
Revision 1.8 by tdb, Mon Dec 31 02:57:00 2001 UTC vs.
Revision 1.11 by tdb, Sun Jan 6 23:32:27 2002 UTC

#	Line 128 | Line 128 | public class ACL implements Serializable {
128		if(i <= 1) {
129		ip = false;
130		}
131	<	// finally print out what we've found.
132	<	System.out.println("IP("+ip+"): "+expression);
133	<	if(ip) {
134	<	for(int j=0; j < ipaddr.length; j++) {
135	<	System.out.print(ipaddr[j] + " ");
136	<	}
137	<	System.out.println();
138	<	}
131	>	// add the rule to our array
132		_acl.add(new ACLRule(allow, expression, ipaddr, ip));
133		}
134
#	Line 160 | Line 153 | public class ACL implements Serializable {
153		/**
154		* Check to see if an InetAddress is permitted
155		* by the ACL. Perfect for Socket uses of this
156	<	* class. It should be made clear that this will
157	<	* check both the hostname AND IP address against
158	<	* each rule in turn. The hostname will always be
159	<	* checked BEFORE the IP address.
156	>	* class. A rule will either be for a name, or
157	>	* an IP address (this is determined in the add
158	>	* method), and the appropriate comparison will
159	>	* be performed.
160		*
161		* @param address the InetAddress to check
162		* @return whether the InetAddress was permitted by the ACL
163		*/
164		public boolean check(InetAddress address) {
165	+	// gather the details first
166		String hostname = address.getHostName();
167		String ip = address.getHostAddress();
168		short[] ipaddr = ipStringToShort(ip);
169	+	// check each rule against this InetAddress
170		for(int i=0; i < _acl.size(); i++) {
171		ACLRule rule = (ACLRule) _acl.get(i);
172		if(rule._iprule) {
173	<	System.out.println("checking ip rule "+rule._expression);
174	<	//if(StringUtils.wildcardCheck(ip, rule._expression)) {
175	<	if(compareShorts(ipaddr, rule._ipaddr)) {
173	>	// if this is an IP rule do a short comparison
174	>	// must specify the wildcarded rule first
175	>	if(compareShorts(rule._ipaddr, ipaddr)) {
176		return rule._allow;
177		}
178		}
179		else {
180	<	System.out.println("checking name rule: "+rule._expression);
180	>	// if not do a full blown String comparsion
181		if(StringUtils.wildcardCheck(hostname, rule._expression)) {
182		return rule._allow;
183		}
184		}
185
186		}
187	+	// if we haven't matched a rule, return the default
188		return _defaultMode;
189		}
190
#	Line 199 | Line 195 | public class ACL implements Serializable {
195		*/
196		public String toString() {
197		StringBuffer acl = new StringBuffer();
198	+	// put in the i-scream toString code
199		acl.append(FormatName.getName(_name, getClass().getName(), REVISION));
200		acl.append("{");
201	+	// put the value of each Rule in the result
202		for(int i=0; i < _acl.size(); i++) {
203		acl.append((ACLRule) _acl.get(i));
204		acl.append(",");
205		}
206	+	// put the default mode in the result
207		if(_defaultMode) {
208		acl.append("DEFAULT=ALLOW");
209		}
#	Line 217 | Line 216 | public class ACL implements Serializable {
216
217		//---PRIVATE METHODS---
218
219	+	/**
220	+	* Converts an IP address in String format into
221	+	* a short array of length 4. Any wildcards, *,
222	+	* found in the IP address are represented by
223	+	* a -1.
224	+	*
225	+	* @param ip The IP address in String format
226	+	* @return The IP address in a short[]
227	+	*/
228		private short[] ipStringToShort(String ip) {
229		short[] ipaddr = {-1, -1, -1, -1};
230		StringTokenizer st = new StringTokenizer(ip, ".");
#	Line 225 | Line 233 | public class ACL implements Serializable {
233		ipaddr[i] = Short.parseShort(st.nextToken());
234		}
235		catch(NumberFormatException e) {
236	<	// do nothing?
236	>	// do nothing...
237	>	// we just want to leave it as -1
238	>	// -- actually, maybe we want to do more checks in here?
239	>	//    although in this code context it'll probably be ok,
240	>	//    it might be worth verifying wildcards and that the
241	>	//    number is in range...
242		}
243		}
244		return ipaddr;
245		}
246
247	+	/**
248	+	* Compares two short arrays. The first array can contain a -1,
249	+	* which will always match any value -- it's a wildcard.
250	+	* They must be the same length to match.
251	+	*
252	+	* @param first The first array to compare (with -1 wildcard if required)
253	+	* @param second The second array to compare
254	+	* @result the result of the comparison
255	+	*/
256		private boolean compareShorts(short[] first, short[] second) {
257		if(first.length != second.length) {
236	–	System.out.println("not equal length");
258		return false;
259		}
260		for(int i=0; i < first.length; i++) {
261	<	// -- might want to consider specify which is the wildcard one?
241	<	System.out.println(i + ":" + first[i] + "," + second[i]);
242	<	if(first[i] == -1 || second[i] == -1) {
261	>	if(first[i] == -1) {
262		continue;
263		}
264		if(first[i] != second[i]) {
246	–	System.out.println("not equal");
265		return false;
266		}
267		}
250	–	System.out.println("equal");
268		return true;
269		}
270
#	Line 290 | Line 307 | public class ACL implements Serializable {
307		*
308		* @param allow whether this is an ALLOW or DENY rule
309		* @param expression what this rule matches
310	+	* @param ipaddr the IP address wildcard this rule matches if it's an IP rule
311		* @param iprule whether this is an IP rule
312		*/
313		private ACLRule(boolean allow, String expression, short[] ipaddr, boolean iprule) {
#	Line 323 | Line 341 | public class ACL implements Serializable {
341		*/
342		private String _expression;
343
344	+	/**
345	+	* The IP wildcard, only valid if this
346	+	* is an IP rule.
347	+	*/
348		private short[] _ipaddr;
349
350		/**

Diff Legend

–	Removed lines
+	Added lines
<	Changed lines
>	Changed lines