--- experimental/server/ACL/ACL.java 2001/12/31 02:57:00 1.8 +++ experimental/server/ACL/ACL.java 2001/12/31 19:19:03 1.9 @@ -17,7 +17,7 @@ import java.io.Serializable; * the relevant check method. * * @author $Author: tdb $ - * @version $Id: ACL.java,v 1.8 2001/12/31 02:57:00 tdb Exp $ + * @version $Id: ACL.java,v 1.9 2001/12/31 19:19:03 tdb Exp $ */ public class ACL implements Serializable { @@ -26,7 +26,7 @@ public class ACL implements Serializable { /** * The current CVS revision of this class */ - public static final String REVISION = "$Revision: 1.8 $"; + public static final String REVISION = "$Revision: 1.9 $"; /** * static to be used when adding an ALLOW rule to the ACL. @@ -128,14 +128,7 @@ public class ACL implements Serializable { if(i <= 1) { ip = false; } - // finally print out what we've found. - System.out.println("IP("+ip+"): "+expression); - if(ip) { - for(int j=0; j < ipaddr.length; j++) { - System.out.print(ipaddr[j] + " "); - } - System.out.println(); - } + // add the rule to our array _acl.add(new ACLRule(allow, expression, ipaddr, ip)); } @@ -160,35 +153,37 @@ public class ACL implements Serializable { /** * Check to see if an InetAddress is permitted * by the ACL. Perfect for Socket uses of this - * class. It should be made clear that this will - * check both the hostname AND IP address against - * each rule in turn. The hostname will always be - * checked BEFORE the IP address. + * class. A rule will either be for a name, or + * an IP address (this is determined in the add + * method), and the appropriate comparison will + * be performed. * * @param address the InetAddress to check * @return whether the InetAddress was permitted by the ACL */ public boolean check(InetAddress address) { + // gather the details first String hostname = address.getHostName(); String ip = address.getHostAddress(); short[] ipaddr = ipStringToShort(ip); + // check each rule against this InetAddress for(int i=0; i < _acl.size(); i++) { ACLRule rule = (ACLRule) _acl.get(i); if(rule._iprule) { - System.out.println("checking ip rule "+rule._expression); - //if(StringUtils.wildcardCheck(ip, rule._expression)) { + // if this is an IP rule do a short comparison if(compareShorts(ipaddr, rule._ipaddr)) { return rule._allow; } } else { - System.out.println("checking name rule: "+rule._expression); + // if not do a full blown String comparsion if(StringUtils.wildcardCheck(hostname, rule._expression)) { return rule._allow; } } } + // if we haven't matched a rule, return the default return _defaultMode; } @@ -199,12 +194,15 @@ public class ACL implements Serializable { */ public String toString() { StringBuffer acl = new StringBuffer(); + // put in the i-scream toString code acl.append(FormatName.getName(_name, getClass().getName(), REVISION)); acl.append("{"); + // put the value of each Rule in the result for(int i=0; i < _acl.size(); i++) { acl.append((ACLRule) _acl.get(i)); acl.append(","); } + // put the default mode in the result if(_defaultMode) { acl.append("DEFAULT=ALLOW"); } @@ -217,6 +215,15 @@ public class ACL implements Serializable { //---PRIVATE METHODS--- + /** + * Converts an IP address in String format into + * a short array of length 4. Any wildcards, *, + * found in the IP address are represented by + * a -1. + * + * @param ip The IP address in String format + * @return The IP address in a short[] + */ private short[] ipStringToShort(String ip) { short[] ipaddr = {-1, -1, -1, -1}; StringTokenizer st = new StringTokenizer(ip, "."); @@ -226,28 +233,38 @@ public class ACL implements Serializable { } catch(NumberFormatException e) { // do nothing? + // we just want to leave it as -1 + // -- actually, maybe we want to do more checks in here? + // although in this code context it'll probably be ok, + // it might be worth verifying wildcards and that the + // number is in range... } } return ipaddr; } + /** + * Compares two short arrays. The array can contain a -1, which + * will always match any value -- it's a wildcard. They must be + * the same length to match. At the moment the order of the + * parameters does not matter. + * + * @param first The first array to compare + * @param second The second array to compare + * @result the result of the comparison + */ private boolean compareShorts(short[] first, short[] second) { if(first.length != second.length) { - System.out.println("not equal length"); return false; } for(int i=0; i < first.length; i++) { // -- might want to consider specify which is the wildcard one? - System.out.println(i + ":" + first[i] + "," + second[i]); if(first[i] == -1 || second[i] == -1) { continue; } if(first[i] != second[i]) { - System.out.println("not equal"); return false; } - } - System.out.println("equal"); return true; } @@ -290,6 +307,7 @@ public class ACL implements Serializable { * * @param allow whether this is an ALLOW or DENY rule * @param expression what this rule matches + * @param ipaddr the IP address wildcard this rule matches if it's an IP rule * @param iprule whether this is an IP rule */ private ACLRule(boolean allow, String expression, short[] ipaddr, boolean iprule) { @@ -323,6 +341,10 @@ public class ACL implements Serializable { */ private String _expression; + /** + * The IP wildcard, only valid if this + * is an IP rule. + */ private short[] _ipaddr; /**