#include "stdafx.h"
#include "IPAddressFilter.h"
/*
Routine Description:
Looks up the ip address and confirms the host with that address is allowed
access to the server
Arguments:
pszIPAddress - The IP address to validate
pfValid - Set to TRUE if the client should be allowed
Return Value:
TRUE on success, FALSE on failure
*/
BOOL CIPAddressFilter::ValidateIPAddress(const CHAR* pszIPAddress, OUT BOOL* pfValid)
{
// Assume we're going to fail validation
*pfValid = FALSE;
BOOL fFound;
// Lookup the address in the cache, if that fails, get the address from the
// database and add the retrieved address to the cache
if ( !LookupIPAddressInCache( pszIPAddress, &fFound ))
return FALSE;
if ( !fFound )
{
if ( !LookupIPAddressInDb( pszIPAddress, &fFound ))
return FALSE;
if ( fFound )
AddIPAddressToCache( pszIPAddress );
}
if ( !fFound )
{
ISAPITRACE1("[ValidatepIPAddress] Failed to find address %s\n", pszIPAddress );
return TRUE;
}
*pfValid = TRUE;
return TRUE;
}
/*
Routine Description:
Retrieves the ip address list from the file. If the addressess were coming from a
database, this routine would connect to the database.
Return Value:
TRUE on success, FALSE on failure
*/
BOOL CIPAddressFilter::InitializeIPAddressDatabase()
{
DWORD cbRead;
// Open and read the file. The System account must have access to the file.
HANDLE hFile = CreateFile( IP_LIST_FILE, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
if ( hFile == INVALID_HANDLE_VALUE )
{
ISAPITRACE2("[InitializepIPAddressDatabase] Error %d openning %s\n", GetLastError(), IP_LIST_FILE );
return FALSE;
}
DWORD cbFile = GetFileSize( hFile, NULL );
if ( cbFile == (DWORD) -1 )
{
CloseHandle( hFile );
return FALSE;
}
m_pszIPAddressFile = (CHAR *)LocalAlloc( LPTR, cbFile + 1 );
if ( !m_pszIPAddressFile )
{
SetLastError( ERROR_NOT_ENOUGH_MEMORY );
CloseHandle( hFile );
return FALSE;
}
if ( !ReadFile( hFile, m_pszIPAddressFile, cbFile, &cbRead, NULL ))
{
CloseHandle( hFile );
LocalFree( m_pszIPAddressFile );
return FALSE;
}
CloseHandle( hFile );
// Zero terminate the file data
m_pszIPAddressFile[cbRead] = '\0';
return TRUE;
}
/*
Routine Description:
Looks up the IP address in the database
The file data is not sorted to simulate the cost of an external database
lookup.
Arguments:
pszIPAddress - The address to find in the database
pfFound - Set to TRUE if the specified address name was found in the
database
Return Value:
TRUE on success, FALSE on failure
*/
BOOL CIPAddressFilter::LookupIPAddressInDb(const CHAR* pszIPAddress, OUT BOOL* pfFound)
{
*pfFound = FALSE;
// Find the external ip address. We're expecting one address per line
CHAR* pch = m_pszIPAddressFile;
DWORD cchIPAddress = strlen( pszIPAddress );
while ( pch && *pch )
{
while ( ISWHITE( *pch ) )
pch++;
CHAR* pchend = strchr( pch+1, '\n' );
if (pchend && *(pchend-2) == '*') // -2 because of \r and \n
{
DWORD cchaddr = pchend-pch-2;
if (!cchaddr) // * alone in a line?
goto Found;
if ( *pch == *pszIPAddress && !strnicmp( pszIPAddress, pch, cchaddr ) )
goto Found;
}
else
if ( *pch == *pszIPAddress && !strnicmp( pszIPAddress, pch, cchIPAddress ) )
goto Found;
pch = pchend;
}
// Not found
return TRUE;
Found:
*pfFound = TRUE;
return TRUE;
}
/*
Routine Description:
Shutsdown the IP address database.
*/
VOID CIPAddressFilter::TerminateIPAddressDatabase()
{
if ( m_pszIPAddressFile )
LocalFree(m_pszIPAddressFile );
}
// IPADDRESSFILTER.CPP - Implementation file for your Internet Server
// IP Address Sample Filter
#include "stdafx.h"
#include "IPAddressFilter.h"
///////////////////////////////////////////////////////////////////////
// The one and only CWinApp object
// NOTE: You may remove this object if you alter your project to no
// longer use MFC in a DLL.
CWinApp theApp;
///////////////////////////////////////////////////////////////////////
// The one and only CIPAddressFilter object
CIPAddressFilter theFilter;
///////////////////////////////////////////////////////////////////////
// CIPAddressFilter static members
DWORD CIPAddressFilter::m_cCacheItems = 0;
CHAR* CIPAddressFilter::m_pszIPAddressFile = NULL;
LIST_ENTRY CIPAddressFilter::m_CacheListHead;
CRITICAL_SECTION CIPAddressFilter::m_csCacheLock;
///////////////////////////////////////////////////////////////////////
// CIPAddressFilter implementation
CIPAddressFilter::CIPAddressFilter()
{
m_fCacheInitialized = FALSE;
}
CIPAddressFilter::~CIPAddressFilter()
{
TerminateCache();
TerminateIPAddressDatabase();
}
BOOL CIPAddressFilter::Initialize()
{
return (InitializeIPAddressDatabase() && InitializeCache());
}
BOOL CIPAddressFilter::GetFilterVersion(PHTTP_FILTER_VERSION pVer)
{
ISAPITRACE2( "[GetFilterVersion] Server filter version is %d.%d\n",
HIWORD( pVer->dwServerFilterVersion ),
LOWORD( pVer->dwServerFilterVersion ) );
if ( !Initialize() )
{
ISAPITRACE1("[GetFilterVersion] Database or cache failed, error %d\n", GetLastError() );
return FALSE;
}
// Call default implementation for initialization
CHttpFilter::GetFilterVersion(pVer);
// Set the flags we are interested in
pVer->dwFlags = SF_NOTIFY_ORDER_DEFAULT |
SF_NOTIFY_SECURE_PORT | SF_NOTIFY_NONSECURE_PORT |
SF_NOTIFY_URL_MAP;
// Load description string
TCHAR sz[SF_MAX_FILTER_DESC_LEN+1];
ISAPIVERIFY(::LoadString(AfxGetResourceHandle(),
IDS_FILTER, sz, SF_MAX_FILTER_DESC_LEN));
_tcscpy(pVer->lpszFilterDesc, sz);
return TRUE;
}
DWORD CIPAddressFilter::OnUrlMap(CHttpFilterContext* pCtxt, PHTTP_FILTER_URL_MAP pMapInfo)
{
char szAddress[80];
DWORD dwSize = sizeof(szAddress);
if (pCtxt->GetServerVariable("REMOTE_ADDR", szAddress, &dwSize))
{
// Make sure this address is a valid address
BOOL fAllowed;
if ( !ValidateIPAddress(szAddress, &fAllowed ))
{
ISAPITRACE2("[OnUrlMap] Error %d validating address %s\n", GetLastError(), szAddress );
return SF_STATUS_REQ_ERROR;
}
if ( !fAllowed )
{
// This ip address isn't allowed access. Map to information URL
strncpy(pMapInfo->pszPhysicalPath, NO_ACCESS, pMapInfo->cbPathBuff-1);
}
}
return SF_STATUS_REQ_NEXT_NOTIFICATION;
}
// Do not edit the following lines, which are needed by ClassWizard.
#if 0
BEGIN_MESSAGE_MAP(CIPAddressFilter, CHttpFilter)
//{{AFX_MSG_MAP(CIPAddressFilter)
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
#endif // 0
///////////////////////////////////////////////////////////////////////
// If your extension will not use MFC, you'll need this code to make
// sure the extension objects can find the resource handle for the
// module. If you convert your extension to not be dependent on MFC,
// remove the comments arounn the following AfxGetResourceHandle()
// and DllMain() functions, as well as the g_hInstance global.
/****
static HINSTANCE g_hInstance;
HINSTANCE AFXISAPI AfxGetResourceHandle()
{
return g_hInstance;
}
BOOL WINAPI DllMain(HINSTANCE hInst, ULONG ulReason,
LPVOID lpReserved)
{
if (ulReason == DLL_PROCESS_ATTACH)
{
g_hInstance = hInst;
}
return TRUE;
}
****/
