db.cpp

本实例将通过ISAPI实现限制IP访问的功能

// DB.CPP - This module implements the database routines for the authentication filter.

#include "stdafx.h"
#include "IPAddressFilter.h"

/*
Routine Description:
    Looks up the ip address and confirms the host with that address is allowed
		access to the server

Arguments:
    pszIPAddress - The IP address to validate
    pfValid      - Set to TRUE if the client should be allowed

Return Value:
    TRUE on success, FALSE on failure
*/
BOOL CIPAddressFilter::ValidateIPAddress(const CHAR* pszIPAddress, OUT BOOL* pfValid)
{
	//  Assume we're going to fail validation
	*pfValid = FALSE;

	BOOL fFound;

	//  Lookup the address in the cache, if that fails, get the address from the
	//  database and add the retrieved address to the cache
	if ( !LookupIPAddressInCache( pszIPAddress, &fFound ))
		return FALSE;
	
	if ( !fFound )
	{
		if ( !LookupIPAddressInDb( pszIPAddress, &fFound ))
			return FALSE;

		if ( fFound )
			AddIPAddressToCache( pszIPAddress );
 	}

	if ( !fFound )
	{
		ISAPITRACE1("[ValidatepIPAddress] Failed to find address %s\n", pszIPAddress );
		return TRUE;
	}

	*pfValid = TRUE;

	return TRUE;
}

/*
Routine Description:
    Retrieves the  ip address list from the file.  If the addressess were coming from a
    database, this routine would connect to the database.

Return Value:
    TRUE on success, FALSE on failure

*/
BOOL CIPAddressFilter::InitializeIPAddressDatabase()
{
	DWORD  cbRead;

	//  Open and read the file.  The System account must have access to the file.
	HANDLE hFile = CreateFile( IP_LIST_FILE, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
	if ( hFile == INVALID_HANDLE_VALUE )
	{
		ISAPITRACE2("[InitializepIPAddressDatabase] Error %d openning %s\n", GetLastError(), IP_LIST_FILE );
		return FALSE;
	}

	DWORD cbFile = GetFileSize( hFile, NULL );
	if ( cbFile == (DWORD) -1 )
	{
		CloseHandle( hFile );
		return FALSE;
	}

	m_pszIPAddressFile = (CHAR *)LocalAlloc( LPTR, cbFile + 1 );
	if ( !m_pszIPAddressFile )
	{
		SetLastError( ERROR_NOT_ENOUGH_MEMORY );
		CloseHandle( hFile );
		return FALSE;
	}

	if ( !ReadFile( hFile, m_pszIPAddressFile, cbFile, &cbRead, NULL ))
	{
		CloseHandle( hFile );
		LocalFree( m_pszIPAddressFile );
		return FALSE;
	}

	CloseHandle( hFile );

	//  Zero terminate the file data
	m_pszIPAddressFile[cbRead] = '\0';

	return TRUE;
}

/*
Routine Description:
    Looks up the IP address in the database
    The file data is not sorted to simulate the cost of an external database
    lookup.

Arguments:
    pszIPAddress - The address to find in the database
		pfFound      - Set to TRUE if the specified address name was found in the
                   database

Return Value:
    TRUE on success, FALSE on failure
*/
BOOL CIPAddressFilter::LookupIPAddressInDb(const CHAR* pszIPAddress, OUT BOOL* pfFound)
{
	*pfFound = FALSE;
	
	// Find the external ip address. We're expecting one address per line
	CHAR* pch = m_pszIPAddressFile;
	DWORD  cchIPAddress = strlen( pszIPAddress );
	
	while ( pch && *pch )
	{
		while ( ISWHITE( *pch ) )
			pch++;

		CHAR* pchend = strchr( pch+1, '\n' );

		if (pchend && *(pchend-2) == '*') // -2 because of \r and \n
		{
			DWORD cchaddr = pchend-pch-2; 
			if (!cchaddr) // * alone in a line?
				goto Found;
			if ( *pch == *pszIPAddress && !strnicmp( pszIPAddress, pch, cchaddr ) )
				goto Found;
		}
		else
			if ( *pch == *pszIPAddress && !strnicmp( pszIPAddress, pch, cchIPAddress ) )
				goto Found;

		pch = pchend;
	}

	//  Not found
	return TRUE;

Found:
	*pfFound = TRUE;

	return TRUE;
}

/*
Routine Description:
    Shutsdown the IP address database.
*/
VOID CIPAddressFilter::TerminateIPAddressDatabase()
{
	if ( m_pszIPAddressFile )
		LocalFree(m_pszIPAddressFile );
}