Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 81 lines (62 sloc) 1.816 kb
a7bf6f7 Nicolas Favre-Felix ACL refactoring.
nicolasff authored
1 #include "acl.h"
2 #include "cmd.h"
3 #include "conf.h"
9ffc519 Nicolas Favre-Felix Fix ACLs
nicolasff authored
4 #include "http.h"
a7bf6f7 Nicolas Favre-Felix ACL refactoring.
nicolasff authored
5
6 #include <string.h>
7 #include <evhttp.h>
8 #include <netinet/in.h>
9 #include <arpa/inet.h>
10
11 int
9ffc519 Nicolas Favre-Felix Fix ACLs
nicolasff authored
12 acl_match_client(struct acl *a, struct http_client *client, in_addr_t *ip) {
a7bf6f7 Nicolas Favre-Felix ACL refactoring.
nicolasff authored
13
14 /* check HTTP Basic Auth */
15 const char *auth;
9ffc519 Nicolas Favre-Felix Fix ACLs
nicolasff authored
16 auth = client->header_authorization.s;
a7bf6f7 Nicolas Favre-Felix ACL refactoring.
nicolasff authored
17 if(auth && a->http_basic_auth && strncasecmp(auth, "Basic ", 6) == 0) { /* sent auth */
18 if(strcmp(auth + 6, a->http_basic_auth) != 0) { /* wrong */
19 return 0;
20 }
21 }
22
23 /* CIDR check. */
24 if(a->cidr.enabled == 0) { /* none given, all match */
25 return 1;
26 }
27 if(((*ip) & a->cidr.mask) == (a->cidr.subnet & a->cidr.mask)) {
28 return 1;
29 }
30
31 return 0;
32 }
33
34 int
9ffc519 Nicolas Favre-Felix Fix ACLs
nicolasff authored
35 acl_allow_command(struct cmd *cmd, struct conf *cfg, struct http_client *client) {
a7bf6f7 Nicolas Favre-Felix ACL refactoring.
nicolasff authored
36
37 char *always_off[] = {"MULTI", "EXEC", "WATCH", "DISCARD"};
38
39 unsigned int i;
40 int authorized = 1;
41 struct acl *a;
42
43 in_addr_t client_addr;
44
45 const char *cmd_name = cmd->argv[0];
46 size_t cmd_len = cmd->argv_len[0];
47
48 /* some commands are always disabled, regardless of the config file. */
49 for(i = 0; i < sizeof(always_off) / sizeof(always_off[0]); ++i) {
50 if(strncasecmp(always_off[i], cmd_name, cmd_len) == 0) {
51 return 0;
52 }
53 }
54
55 /* find client's address */
9ffc519 Nicolas Favre-Felix Fix ACLs
nicolasff authored
56 client_addr = ntohl(client->addr);
a7bf6f7 Nicolas Favre-Felix ACL refactoring.
nicolasff authored
57
58 /* go through permissions */
59 for(a = cfg->perms; a; a = a->next) {
60
9ffc519 Nicolas Favre-Felix Fix ACLs
nicolasff authored
61 if(!acl_match_client(a, client, &client_addr)) continue; /* match client */
a7bf6f7 Nicolas Favre-Felix ACL refactoring.
nicolasff authored
62
63 /* go through authorized commands */
64 for(i = 0; i < a->enabled.count; ++i) {
65 if(strncasecmp(a->enabled.commands[i], cmd_name, cmd_len) == 0) {
66 authorized = 1;
67 }
68 }
69
70 /* go through unauthorized commands */
71 for(i = 0; i < a->disabled.count; ++i) {
72 if(strncasecmp(a->disabled.commands[i], cmd_name, cmd_len) == 0) {
73 authorized = 0;
74 }
75 }
76 }
77
78 return authorized;
79 }
80
Something went wrong with that request. Please try again.