| 128 |
|
if(i <= 1) { |
| 129 |
|
ip = false; |
| 130 |
|
} |
| 131 |
< |
// finally print out what we've found. |
| 132 |
< |
System.out.println("IP("+ip+"): "+expression); |
| 133 |
< |
if(ip) { |
| 134 |
< |
for(int j=0; j < ipaddr.length; j++) { |
| 135 |
< |
System.out.print(ipaddr[j] + " "); |
| 136 |
< |
} |
| 137 |
< |
System.out.println(); |
| 138 |
< |
} |
| 131 |
> |
// add the rule to our array |
| 132 |
|
_acl.add(new ACLRule(allow, expression, ipaddr, ip)); |
| 133 |
|
} |
| 134 |
|
|
| 153 |
|
/** |
| 154 |
|
* Check to see if an InetAddress is permitted |
| 155 |
|
* by the ACL. Perfect for Socket uses of this |
| 156 |
< |
* class. It should be made clear that this will |
| 157 |
< |
* check both the hostname AND IP address against |
| 158 |
< |
* each rule in turn. The hostname will always be |
| 159 |
< |
* checked BEFORE the IP address. |
| 156 |
> |
* class. A rule will either be for a name, or |
| 157 |
> |
* an IP address (this is determined in the add |
| 158 |
> |
* method), and the appropriate comparison will |
| 159 |
> |
* be performed. |
| 160 |
|
* |
| 161 |
|
* @param address the InetAddress to check |
| 162 |
|
* @return whether the InetAddress was permitted by the ACL |
| 163 |
|
*/ |
| 164 |
|
public boolean check(InetAddress address) { |
| 165 |
+ |
// gather the details first |
| 166 |
|
String hostname = address.getHostName(); |
| 167 |
|
String ip = address.getHostAddress(); |
| 168 |
|
short[] ipaddr = ipStringToShort(ip); |
| 169 |
+ |
// check each rule against this InetAddress |
| 170 |
|
for(int i=0; i < _acl.size(); i++) { |
| 171 |
|
ACLRule rule = (ACLRule) _acl.get(i); |
| 172 |
|
if(rule._iprule) { |
| 173 |
< |
System.out.println("checking ip rule "+rule._expression); |
| 179 |
< |
//if(StringUtils.wildcardCheck(ip, rule._expression)) { |
| 173 |
> |
// if this is an IP rule do a short comparison |
| 174 |
|
if(compareShorts(ipaddr, rule._ipaddr)) { |
| 175 |
|
return rule._allow; |
| 176 |
|
} |
| 177 |
|
} |
| 178 |
|
else { |
| 179 |
< |
System.out.println("checking name rule: "+rule._expression); |
| 179 |
> |
// if not do a full blown String comparsion |
| 180 |
|
if(StringUtils.wildcardCheck(hostname, rule._expression)) { |
| 181 |
|
return rule._allow; |
| 182 |
|
} |
| 183 |
|
} |
| 184 |
|
|
| 185 |
|
} |
| 186 |
+ |
// if we haven't matched a rule, return the default |
| 187 |
|
return _defaultMode; |
| 188 |
|
} |
| 189 |
|
|
| 194 |
|
*/ |
| 195 |
|
public String toString() { |
| 196 |
|
StringBuffer acl = new StringBuffer(); |
| 197 |
+ |
// put in the i-scream toString code |
| 198 |
|
acl.append(FormatName.getName(_name, getClass().getName(), REVISION)); |
| 199 |
|
acl.append("{"); |
| 200 |
+ |
// put the value of each Rule in the result |
| 201 |
|
for(int i=0; i < _acl.size(); i++) { |
| 202 |
|
acl.append((ACLRule) _acl.get(i)); |
| 203 |
|
acl.append(","); |
| 204 |
|
} |
| 205 |
+ |
// put the default mode in the result |
| 206 |
|
if(_defaultMode) { |
| 207 |
|
acl.append("DEFAULT=ALLOW"); |
| 208 |
|
} |
| 215 |
|
|
| 216 |
|
//---PRIVATE METHODS--- |
| 217 |
|
|
| 218 |
+ |
/** |
| 219 |
+ |
* Converts an IP address in String format into |
| 220 |
+ |
* a short array of length 4. Any wildcards, *, |
| 221 |
+ |
* found in the IP address are represented by |
| 222 |
+ |
* a -1. |
| 223 |
+ |
* |
| 224 |
+ |
* @param ip The IP address in String format |
| 225 |
+ |
* @return The IP address in a short[] |
| 226 |
+ |
*/ |
| 227 |
|
private short[] ipStringToShort(String ip) { |
| 228 |
|
short[] ipaddr = {-1, -1, -1, -1}; |
| 229 |
|
StringTokenizer st = new StringTokenizer(ip, "."); |
| 233 |
|
} |
| 234 |
|
catch(NumberFormatException e) { |
| 235 |
|
// do nothing? |
| 236 |
+ |
// we just want to leave it as -1 |
| 237 |
+ |
// -- actually, maybe we want to do more checks in here? |
| 238 |
+ |
// although in this code context it'll probably be ok, |
| 239 |
+ |
// it might be worth verifying wildcards and that the |
| 240 |
+ |
// number is in range... |
| 241 |
|
} |
| 242 |
|
} |
| 243 |
|
return ipaddr; |
| 244 |
|
} |
| 245 |
|
|
| 246 |
+ |
/** |
| 247 |
+ |
* Compares two short arrays. The array can contain a -1, which |
| 248 |
+ |
* will always match any value -- it's a wildcard. They must be |
| 249 |
+ |
* the same length to match. At the moment the order of the |
| 250 |
+ |
* parameters does not matter. |
| 251 |
+ |
* |
| 252 |
+ |
* @param first The first array to compare |
| 253 |
+ |
* @param second The second array to compare |
| 254 |
+ |
* @result the result of the comparison |
| 255 |
+ |
*/ |
| 256 |
|
private boolean compareShorts(short[] first, short[] second) { |
| 257 |
|
if(first.length != second.length) { |
| 236 |
– |
System.out.println("not equal length"); |
| 258 |
|
return false; |
| 259 |
|
} |
| 260 |
|
for(int i=0; i < first.length; i++) { |
| 261 |
|
// -- might want to consider specify which is the wildcard one? |
| 241 |
– |
System.out.println(i + ":" + first[i] + "," + second[i]); |
| 262 |
|
if(first[i] == -1 || second[i] == -1) { |
| 263 |
|
continue; |
| 264 |
|
} |
| 265 |
|
if(first[i] != second[i]) { |
| 246 |
– |
System.out.println("not equal"); |
| 266 |
|
return false; |
| 267 |
|
} |
| 249 |
– |
} |
| 250 |
– |
System.out.println("equal"); |
| 268 |
|
return true; |
| 269 |
|
} |
| 270 |
|
|
| 307 |
|
* |
| 308 |
|
* @param allow whether this is an ALLOW or DENY rule |
| 309 |
|
* @param expression what this rule matches |
| 310 |
+ |
* @param ipaddr the IP address wildcard this rule matches if it's an IP rule |
| 311 |
|
* @param iprule whether this is an IP rule |
| 312 |
|
*/ |
| 313 |
|
private ACLRule(boolean allow, String expression, short[] ipaddr, boolean iprule) { |
| 341 |
|
*/ |
| 342 |
|
private String _expression; |
| 343 |
|
|
| 344 |
+ |
/** |
| 345 |
+ |
* The IP wildcard, only valid if this |
| 346 |
+ |
* is an IP rule. |
| 347 |
+ |
*/ |
| 348 |
|
private short[] _ipaddr; |
| 349 |
|
|
| 350 |
|
/** |
