X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_httpd_acl.cpp;h=c25cabc0ae5eb40cc135ed4acf268718ca835914;hb=e6601069038c35c546fd3f3dce95024b0d13f1b4;hp=36eab758b8c7d9cd507cba5e2cf2c10f85c64916;hpb=0aa899ee2f7d82ea59f4c34fd29abaac29824903;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_httpd_acl.cpp b/src/modules/m_httpd_acl.cpp index 36eab758b..c25cabc0a 100644 --- a/src/modules/m_httpd_acl.cpp +++ b/src/modules/m_httpd_acl.cpp @@ -1,25 +1,30 @@ -/* +------------------------------------+ - * | Inspire Internet Relay Chat Daemon | - * +------------------------------------+ +/* + * InspIRCd -- Internet Relay Chat Daemon * - * InspIRCd: (C) 2002-2008 InspIRCd Development Team - * See: http://www.inspircd.org/wiki/index.php/Credits + * Copyright (C) 2009-2010 Daniel De Graaf + * Copyright (C) 2008 Craig Edwards * - * This program is free but copyrighted software; see - * the file COPYING for details. + * This file is part of InspIRCd. InspIRCd is free software: you can + * redistribute it and/or modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation, version 2. * - * --------------------------------------------------- + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + #include "inspircd.h" #include "httpd.h" #include "protocol.h" -#include "wildcard.h" /* $ModDesc: Provides access control lists (passwording of resources, ip restrictions etc) to m_httpd.so dependent modules */ -/* $ModDep: httpd.h */ -class ACL : public Extensible +class HTTPACL { public: std::string path; @@ -28,32 +33,31 @@ class ACL : public Extensible std::string whitelist; std::string blacklist; - ACL(const std::string &set_path, const std::string &set_username, const std::string &set_password, + HTTPACL(const std::string &set_path, const std::string &set_username, const std::string &set_password, const std::string &set_whitelist, const std::string &set_blacklist) : path(set_path), username(set_username), password(set_password), whitelist(set_whitelist), blacklist(set_blacklist) { } - ~ACL() { } + ~HTTPACL() { } }; class ModuleHTTPAccessList : public Module { - + std::string stylesheet; - bool changed; - std::vector acl_list; + std::vector acl_list; public: - void ReadConfig() + void OnRehash(User* user) { acl_list.clear(); - ConfigReader c(ServerInstance); - int n_items = c.Enumerate("httpdacl"); - for (int i = 0; i < n_items; ++i) + ConfigTagList acls = ServerInstance->Config->ConfTags("httpdacl"); + for (ConfigIter i = acls.first; i != acls.second; i++) { - std::string path = c.ReadValue("httpdacl", "path", i); - std::string types = c.ReadValue("httpdacl", "types", i); + ConfigTag* c = i->second; + std::string path = c->getString("path"); + std::string types = c->getString("types"); irc::commasepstream sep(types); std::string type; std::string username; @@ -65,16 +69,16 @@ class ModuleHTTPAccessList : public Module { if (type == "password") { - username = c.ReadValue("httpdacl", "username", i); - password = c.ReadValue("httpdacl", "password", i); + username = c->getString("username"); + password = c->getString("password"); } else if (type == "whitelist") { - whitelist = c.ReadValue("httpdacl", "whitelist", i); + whitelist = c->getString("whitelist"); } else if (type == "blacklist") { - blacklist = c.ReadValue("httpdacl", "blacklist", i); + blacklist = c->getString("blacklist"); } else { @@ -85,97 +89,39 @@ class ModuleHTTPAccessList : public Module ServerInstance->Logs->Log("m_httpd_acl", DEBUG, "Read ACL: path=%s pass=%s whitelist=%s blacklist=%s", path.c_str(), password.c_str(), whitelist.c_str(), blacklist.c_str()); - acl_list.push_back(ACL(path, username, password, whitelist, blacklist)); + acl_list.push_back(HTTPACL(path, username, password, whitelist, blacklist)); } } - ModuleHTTPAccessList(InspIRCd* Me) : Module(Me) + void init() { - ReadConfig(); - Implementation eventlist[] = { I_OnEvent, I_OnRequest }; - ServerInstance->Modules->Attach(eventlist, this, 2); + OnRehash(NULL); + Implementation eventlist[] = { I_OnEvent, I_OnRehash }; + ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); } - void BlockAccess(HTTPRequest* http, Event* event, int returnval, const std::string &extraheaderkey = "", const std::string &extraheaderval="") + void BlockAccess(HTTPRequest* http, int returnval, const std::string &extraheaderkey = "", const std::string &extraheaderval="") { + ServerInstance->Logs->Log("m_httpd_acl", DEBUG, "BlockAccess (%d)", returnval); + std::stringstream data("Access to this resource is denied by an access control list. Please contact your IRC administrator."); - HTTPDocument response(http->sock, &data, returnval); + HTTPDocumentResponse response(this, *http, &data, returnval); response.headers.SetHeader("X-Powered-By", "m_httpd_acl.so"); if (!extraheaderkey.empty()) response.headers.SetHeader(extraheaderkey, extraheaderval); - Request req((char*)&response, (Module*)this, event->GetSource()); - req.Send(); - } - - bool IsBase64(unsigned char c) - { - return (isalnum(c) || (c == '+') || (c == '/')); - } - - std::string Base64Decode(const std::string &base64) - { - const std::string base64_chars("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"); - - int inputlen = base64.length(); - - if (inputlen == 0) - return ""; - - int i = 0, j = 0, input = 0; - - unsigned char longbuf[4], shortbuf[3]; - std::string ret; - - while (inputlen-- && ( base64[input] != '=') && IsBase64(base64[input])) - { - longbuf[i++] = base64[input]; input++; - if (i ==4) - { - for (i = 0; i <4; i++) - longbuf[i] = base64_chars.find(longbuf[i]); - - shortbuf[0] = (longbuf[0] << 2) + ((longbuf[1] & 0x30) >> 4); - shortbuf[1] = ((longbuf[1] & 0xf) << 4) + ((longbuf[2] & 0x3c) >> 2); - shortbuf[2] = ((longbuf[2] & 0x3) << 6) + longbuf[3]; - - for (i = 0; (i < 3); i++) - ret += shortbuf[i]; - - i = 0; - } - } - - if (i) - { - for (j = i; j <4; j++) - longbuf[j] = 0; - - for (j = 0; j <4; j++) - longbuf[j] = base64_chars.find(longbuf[j]); - - shortbuf[0] = (longbuf[0] << 2) + ((longbuf[1] & 0x30) >> 4); - shortbuf[1] = ((longbuf[1] & 0xf) << 4) + ((longbuf[2] & 0x3c) >> 2); - shortbuf[2] = ((longbuf[2] & 0x3) << 6) + longbuf[3]; - - for (j = 0; (j < i - 1); j++) - ret += shortbuf[j]; - } - - return ret; + response.Send(); } - void OnEvent(Event* event) + void OnEvent(Event& event) { - std::stringstream data(""); - - if (event->GetEventID() == "httpd_acl") + if (event.id == "httpd_acl") { ServerInstance->Logs->Log("m_http_stats", DEBUG,"Handling httpd acl event"); - HTTPRequest* http = (HTTPRequest*)event->GetData(); + HTTPRequest* http = (HTTPRequest*)&event; - for (std::vector::const_iterator this_acl = acl_list.begin(); this_acl != acl_list.end(); ++this_acl) + for (std::vector::const_iterator this_acl = acl_list.begin(); this_acl != acl_list.end(); ++this_acl) { - if (match(http->GetURI(), this_acl->path)) + if (InspIRCd::Match(http->GetURI(), this_acl->path, ascii_case_insensitive_map)) { if (!this_acl->blacklist.empty()) { @@ -185,11 +131,11 @@ class ModuleHTTPAccessList : public Module while (sep.GetToken(entry)) { - if (match(http->GetIP(), entry)) + if (InspIRCd::Match(http->GetIP(), entry, ascii_case_insensitive_map)) { ServerInstance->Logs->Log("m_httpd_acl", DEBUG, "Denying access to blacklisted resource %s (matched by pattern %s) from ip %s (matched by entry %s)", http->GetURI().c_str(), this_acl->path.c_str(), http->GetIP().c_str(), entry.c_str()); - BlockAccess(http, event, 403); + BlockAccess(http, 403); return; } } @@ -203,15 +149,15 @@ class ModuleHTTPAccessList : public Module while (sep.GetToken(entry)) { - if (match(http->GetIP(), entry)) + if (InspIRCd::Match(http->GetIP(), entry, ascii_case_insensitive_map)) allow_access = true; } if (!allow_access) { - ServerInstance->Logs->Log("m_httpd_acl", DEBUG, "Denying access to whitelisted resource %s (matched by pattern %s) from ip %s (matched by entry %s)", - http->GetURI().c_str(), this_acl->path.c_str(), http->GetIP().c_str(), entry.c_str()); - BlockAccess(http, event, 403); + ServerInstance->Logs->Log("m_httpd_acl", DEBUG, "Denying access to whitelisted resource %s (matched by pattern %s) from ip %s (Not in whitelist)", + http->GetURI().c_str(), this_acl->path.c_str(), http->GetIP().c_str()); + BlockAccess(http, 403); return; } } @@ -228,7 +174,7 @@ class ModuleHTTPAccessList : public Module irc::spacesepstream sep(authorization); std::string authtype; std::string base64; - + sep.GetToken(authtype); if (authtype == "Basic") { @@ -236,7 +182,7 @@ class ModuleHTTPAccessList : public Module std::string pass; sep.GetToken(base64); - std::string userpass = Base64Decode(base64); + std::string userpass = Base64ToBin(base64); ServerInstance->Logs->Log("m_httpd_acl", DEBUG, "HTTP authorization: %s (%s)", userpass.c_str(), base64.c_str()); irc::sepstream userpasspair(userpass, ':'); @@ -252,20 +198,20 @@ class ModuleHTTPAccessList : public Module } else /* Invalid password */ - BlockAccess(http, event, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); + BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); } else /* Malformed user:pass pair */ - BlockAccess(http, event, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); + BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); } else /* Unsupported authentication type */ - BlockAccess(http, event, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); + BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); } else { /* No password given at all, access denied */ - BlockAccess(http, event, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); + BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); } } @@ -276,18 +222,13 @@ class ModuleHTTPAccessList : public Module } } - const char* OnRequest(Request* request) - { - return NULL; - } - virtual ~ModuleHTTPAccessList() { } virtual Version GetVersion() { - return Version(1, 2, 0, 0, VF_VENDOR, API_VERSION); + return Version("Provides access control lists (passwording of resources, ip restrictions etc) to m_httpd.so dependent modules", VF_VENDOR); } };