/* addressvalidator.cpp
*
* Copyright (c) 2000, Alexander Neundorf
* neundorf@kde.org
*
* You may distribute under the terms of the GNU General Public
* License as specified in the COPYING file.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
*/
#include "addressvalidator.h"
#include "mystring.h"
#include <stdlib.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <sys/socket.h>
#include <iostream>
using namespace std;
#ifdef LISA_DEBUG
#undef LISA_DEBUG
#endif
#define LISA_DEBUG 0
#define dcerr if (LISA_DEBUG==1) std::cerr<<"AddressValidator::"
AddressValidator::AddressValidator(const MyString& addressSpecs)
//this is 127.0.0.0
:localhostNet(htonl(0x7f000000))
//with mask 255.255.255.0
,localhostMask(htonl(0xffffff00))
{
clearSpecs();
MyString tmp=addressSpecs;
setValidAddresses(tmp);
}
AddressValidator::AddressValidator()
//this is 127.0.0.0
:localhostNet(htonl(0x7f000000))
//with mask 255.255.255.0
,localhostMask(htonl(0xffffff00))
{
clearSpecs();
}
AddressValidator::~AddressValidator()
{}
void AddressValidator::configure(Config& config)
{
MyString tmp=stripWhiteSpace(config.getEntry("AllowedAddresses",""));
tmp=tmp+";";
setValidAddresses(tmp);
dcerr<<"configure(): "<<tmp<<std::endl;
}
void AddressValidator::setValidAddresses(MyString addressSpecs)
{
dcerr<<"setValidAddresses"<<std::endl;
allowedHosts=addressSpecs;
MyString nextPart;
while (!addressSpecs.isEmpty())
{
dcerr<<"setValidAddresses: "<<addressSpecs<<std::endl;
int pos=addressSpecs.find(";");
nextPart=addressSpecs.left(pos);
addressSpecs=addressSpecs.mid(pos+1);
dcerr<<"setValidAddresses: nextPart: "<<nextPart<<std::endl;
if ((nextPart.contains('.')==3) && (nextPart.contains('-')==0))
{
addSpec(EXACTADDR_SPEC,inet_addr(nextPart.data()));
dcerr<<"setValidAddresses: exact addr: "
<<std::ios::hex<<inet_addr(nextPart.data())<<std::ios::dec<<std::endl;
}
else if ((nextPart.contains('-')==1) && (nextPart.contains('.')==6))
{
int p2=nextPart.find("-");
MyString from=nextPart.left(p2);
MyString to=nextPart.mid(p2+1);
addSpec(RANGE_SPEC,ntohl(inet_addr(from.data())),ntohl(inet_addr(to.data())));
}
else if ((nextPart.contains('-')==4) && (nextPart.contains('.')==3))
{
unsigned int i1=0;
unsigned int i2=0;
int p2=0;
MyString rest=nextPart+'.';
MyString digit;
for (int i=0; i<4; i++)
{
p2=rest.find("-");
digit=rest.left(p2);
i1=i1<<8;
i1+=atoi(digit.data());
rest=rest.mid(p2+1);
p2=rest.find(".");
digit=rest.left(p2);
i2=i2<<8;
i2+=atoi(digit.data());
rest=rest.mid(p2+1);
};
addSpec(MULTIRANGE_SPEC,i1,i2);
}
else
{
pos=nextPart.find('/');
MyString netStr=nextPart.left(pos);
MyString maskStr=nextPart.mid(pos+1);
int mask=inet_addr(maskStr.data());
int net= (inet_addr(netStr.data()) & mask);
dcerr<<"setValidAddresses: net/mask: "
<<std::ios::hex<<net<<"/"<<mask<<std::ios::dec<<std::endl;
addSpec(NETMASK_SPEC,net,mask);
}
}
}
void AddressValidator::clearSpecs()
{
allowedHosts="";
for (int i=0; i<MAX_SPECS; i++)
{
specs[i].address=0;
specs[i].mask=0;
specs[i].typeOfSpec=NO_SPEC;
}
}
void AddressValidator::addSpec(int type, int address, int mask)
{
for (int i=0; i<MAX_SPECS; i++)
{
if (specs[i].typeOfSpec==NO_SPEC)
{
specs[i].address=address;
specs[i].mask=mask;
specs[i].typeOfSpec=type;
return;
}
}
}
int AddressValidator::isValid(int addressNBO)
{
dcerr<<"isValid: "
<<std::ios::hex<<addressNBO<<std::ios::dec<<std::endl;
//localhost is always allowed
dcerr<<"isValid() local net: "<<
std::ios::hex<<localhostNet<<" mask: "<<localhostMask<<" AND: "<<(addressNBO &
localhostMask)<<std::ios::dec<<std::endl;
if ((addressNBO & localhostMask) == localhostNet)
return 1;
for (int i=0; i<MAX_SPECS; i++)
{
if (specs[i].typeOfSpec==NO_SPEC)
{
//since the specifications are always entered from the beginning
//of the array, we already passed the last one if we get here
//so we can return now "it is invalid !" ;-)
return 0;
//continue;
}
else if (specs[i].typeOfSpec==EXACTADDR_SPEC)
{
dcerr<<"isValid: comparing "
<<std::ios::hex<<specs[i].address<<std::ios::dec<<std::endl;
if (addressNBO==specs[i].address)
{
dcerr<<"isValid: exact address"<<std::endl;
return 1; // this one is allowed to :-)
}
}
else if (specs[i].typeOfSpec==NETMASK_SPEC)
{
dcerr<<"isValid: ANDing "<<
std::ios::hex<<(addressNBO & specs[i].mask)<<" "<<
specs[i].address<<std::ios::dec<<std::endl;
if ((addressNBO & specs[i].mask) == specs[i].address)
{
dcerr<<"isValid: net/mask"<<std::endl;
return 1;
}
}
else if (specs[i].typeOfSpec==RANGE_SPEC)
{
if ((ntohl(addressNBO)>=specs[i].address) && (ntohl(addressNBO)<=specs[i].mask))
{
dcerr<<"isValid: range"<<std::endl;
return 1;
}
}
else if (specs[i].typeOfSpec==MULTIRANGE_SPEC)
{
unsigned int addr=ntohl(addressNBO);
dcerr<<"isValid ntohl="<<hex<<addr<<" addr: "<<specs[i].address<<" ma: "<<specs[i].mask<<dec<<std::endl;
unsigned int mask=0x000000ff;
int failure=0;
for (int j=0; j<4; j++)
{
dcerr<<"isValid "<<hex<<"mask="<<mask<<" addr="<<(addr&mask)<<" addr="<<(specs[i].address & mask)<<" ma="<<(specs[i].mask&mask)<<std::endl;
if (((addr & mask) < (specs[i].address & mask))
|| ((addr & mask) > (specs[i].mask & mask)))
{
failure=1;
break;
}
mask=mask<<8;
}
dcerr<<"isValid: multirange"<<std::endl;
if (!failure)
return 1;
}
}
//if ((addressNBO==htonl(0x0a040801)) || (addressNBO==htonl(0xc0a80001))) return 0;
dcerr<<"isValid: invalid address"<<std::endl;
return 0;
}