X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=http_send.c;h=6b67a6aae09e0dca5b61fda5277d13b7a4603299;hp=037d4f248d99a296a9c94da06ec27a34fd1aff39;hb=37c39c45fe642f3be30658a95a35583affa2c9fa;hpb=11c9ad31156c3bac5627b0539010c87eccc9bba2 diff --git a/http_send.c b/http_send.c index 037d4f24..6b67a6aa 100644 --- a/http_send.c +++ b/http_send.c @@ -24,6 +24,7 @@ #include "net.h" #include "fd.h" #include "chunk_queue.h" +#include "acl.h" /** Message sent to clients that do not send a valid get request. */ #define HTTP_ERR_MSG "HTTP/1.0 400 Bad Request\n" @@ -70,19 +71,7 @@ struct http_client { struct chunk_queue *cq; }; -/** - * Describes one entry in the blacklist/whitelist of the http sender. - */ -struct access_info { - /** The address to be black/whitelisted. */ - struct in_addr addr; - /** The netmask for this entry. */ - unsigned netmask; - /** The position of this entry in the acl. */ - struct list_head node; -}; - -static int server_fd = -1, numclients; +static int listen_fd = -1, numclients; static struct sender *self; @@ -202,46 +191,14 @@ static void http_send( long unsigned current_chunk, } } -/** - * Return true if addr_1 matches addr_2 in the first `netmask' bits. - */ -static int v4_addr_match(uint32_t addr_1, uint32_t addr_2, uint8_t netmask) -{ - uint32_t mask = ~0U; - - if (netmask < 32) - mask <<= (32 - netmask); - return (htonl(addr_1) & mask) == (htonl(addr_2) & mask); -} - -static int host_in_acl(int fd, struct list_head *acl) -{ - struct access_info *ai, *tmp; - struct sockaddr_storage ss; - socklen_t sslen = sizeof(ss); - struct in_addr v4_addr; - - if (getpeername(fd, (struct sockaddr *)&ss, &sslen) < 0) { - PARA_ERROR_LOG("Can not determine peer address: %s\n", strerror(errno)); - goto no_match; - } - v4_addr = extract_v4_addr(&ss); - if (!v4_addr.s_addr) - goto no_match; - - list_for_each_entry_safe(ai, tmp, acl, node) - if (v4_addr_match(v4_addr.s_addr, ai->addr.s_addr, ai->netmask)) - return 1; -no_match: - return 0; -} - static void http_post_select(fd_set *rfds, fd_set *wfds) { int i = -1, match; struct http_client *hc, *tmp; const char *err_msg; + if (listen_fd < 0) + return; list_for_each_entry_safe(hc, tmp, &clients, node) { i++; // PARA_DEBUG_LOG("handling client %d: %s\n", i, remote_name(hc->fd)); @@ -280,11 +237,11 @@ static void http_post_select(fd_set *rfds, fd_set *wfds) break; } } - if (!FD_ISSET(server_fd, rfds)) + if (!FD_ISSET(listen_fd, rfds)) return; hc = para_calloc(sizeof(struct http_client)); err_msg = "accept error"; - hc->fd = para_accept(server_fd, NULL, 0); + hc->fd = para_accept(listen_fd, NULL, 0); if (hc->fd <= 0) goto err_out; hc->name = make_message("%s", remote_name(hc->fd)); @@ -294,8 +251,8 @@ static void http_post_select(fd_set *rfds, fd_set *wfds) err_msg = "server full"; goto err_out; } - match = host_in_acl(hc->fd, &http_acl); - PARA_DEBUG_LOG("host_in_acl: %d\n", match); + match = acl_lookup(hc->fd, &http_acl); + PARA_DEBUG_LOG("acl lookup returned %d\n", match); if ((match && !conf.http_default_deny_given) || (!match && conf.http_default_deny_given)) { err_msg = "permission denied"; @@ -322,9 +279,9 @@ static void http_pre_select(int *max_fileno, fd_set *rfds, fd_set *wfds) { struct http_client *hc, *tmp; - if (server_fd < 0) + if (listen_fd < 0) return; - para_fd_set(server_fd, rfds, max_fileno); + para_fd_set(listen_fd, rfds, max_fileno); list_for_each_entry_safe(hc, tmp, &clients, node) { //PARA_DEBUG_LOG("hc %p on fd %d: status %d\n", hc, hc->fd, hc->status); hc->check_r = 0; @@ -352,112 +309,67 @@ static void http_pre_select(int *max_fileno, fd_set *rfds, fd_set *wfds) } } -static int open_tcp_port(int port) +static int http_open(void) { int ret; - server_fd = para_listen(AF_UNSPEC, IPPROTO_TCP, port); - if (server_fd < 0) { + listen_fd = para_listen(AF_UNSPEC, IPPROTO_TCP, conf.http_port_arg); + if (listen_fd < 0) { http_shutdown_clients(); - self->status = SENDER_OFF; - return server_fd; + return listen_fd; } - ret = mark_fd_nonblocking(server_fd); + ret = mark_fd_nonblocking(listen_fd); if (ret < 0) { PARA_EMERG_LOG("%s\n", para_strerror(-ret)); exit(EXIT_FAILURE); } - self->status = SENDER_ON; - add_close_on_fork_list(server_fd); + add_close_on_fork_list(listen_fd); return 1; } static int http_com_on(__a_unused struct sender_command_data *scd) { - if (self->status == SENDER_ON) + if (listen_fd >= 0) return 1; - return open_tcp_port(conf.http_port_arg); + return http_open(); } static int http_com_off(__a_unused struct sender_command_data *scd) { - self->status = SENDER_OFF; - if (server_fd > 0) { - close(server_fd); - del_close_on_fork_list(server_fd); - server_fd = -1; - } + if (listen_fd < 0) + return 1; + PARA_NOTICE_LOG("closing http port %d\n", conf.http_port_arg); + close(listen_fd); + del_close_on_fork_list(listen_fd); http_shutdown_clients(); + listen_fd = -1; return 1; } -static void del_acl_entry(struct list_head *acl, struct in_addr addr, - int netmask) -{ - struct access_info *ai, *tmp; - - list_for_each_entry_safe(ai, tmp, acl, node) { - char *nad = para_strdup(inet_ntoa(ai->addr)); - if (!strcmp(nad, inet_ntoa(addr)) && - ai->netmask == netmask) { - PARA_NOTICE_LOG("removing %s/%i from access list\n", - nad, ai->netmask); - list_del(&ai->node); - free(ai); - } - free(nad); - } -} - -static void add_acl_entry(struct list_head *acl, struct in_addr addr, - int netmask) -{ - struct access_info *ai = para_malloc(sizeof(struct access_info)); - ai->addr = addr; - ai->netmask = netmask; - PARA_INFO_LOG("adding %s/%i to access list\n", inet_ntoa(ai->addr), - ai->netmask); - para_list_add(&ai->node, acl); -} - static int http_com_deny(struct sender_command_data *scd) { if (conf.http_default_deny_given) - del_acl_entry(&http_acl, scd->addr, scd->netmask); + acl_del_entry(&http_acl, scd->addr, scd->netmask); else - add_acl_entry(&http_acl, scd->addr, scd->netmask); + acl_add_entry(&http_acl, scd->addr, scd->netmask); return 1; } static int http_com_allow(struct sender_command_data *scd) { if (conf.http_default_deny_given) - add_acl_entry(&http_acl, scd->addr, scd->netmask); + acl_add_entry(&http_acl, scd->addr, scd->netmask); else - del_acl_entry(&http_acl, scd->addr, scd->netmask); + acl_del_entry(&http_acl, scd->addr, scd->netmask); return 1; } -static char *get_acl_contents(struct list_head *acl) -{ - struct access_info *ai, *tmp_ai; - char *ret = NULL; - - list_for_each_entry_safe(ai, tmp_ai, acl, node) { - char *tmp = make_message("%s%s/%d ", ret? ret : "", - inet_ntoa(ai->addr), ai->netmask); - free(ret); - ret = tmp; - } - return ret; -} - static char *http_info(void) { char *clnts = NULL, *ret; struct http_client *hc, *tmp_hc; - char *acl_contents = get_acl_contents(&http_acl); + char *acl_contents = acl_get_contents(&http_acl); list_for_each_entry_safe(hc, tmp_hc, &clients, node) { char *tmp = make_message("%s%s ", clnts? clnts : "", hc->name); free(clnts); @@ -470,7 +382,7 @@ static char *http_info(void) "http maximal number of clients: %d%s\n" "http connected clients: %s\n" "http access %s list: %s\n", - (self->status == SENDER_ON)? "on" : "off", + (listen_fd >= 0)? "on" : "off", conf.http_port_arg, numclients, conf.http_max_clients_arg, @@ -484,35 +396,6 @@ static char *http_info(void) return ret; } -static void init_acl(struct list_head *acl, char * const *acl_info, int num) -{ - int i; - - INIT_LIST_HEAD(acl); - for (i = 0; i < num; i++) { - char *arg = para_strdup(acl_info[i]); - char *p = strchr(arg, '/'); - struct in_addr addr; - int netmask; - - if (!p) - goto err; - *p = '\0'; - if (!inet_pton(AF_INET, arg, &addr)) - goto err; - netmask = atoi(++p); - if (netmask < 0 || netmask > 32) - goto err; - add_acl_entry(acl, addr, netmask); - goto success; -err: - PARA_CRIT_LOG("syntax error: %s\n", acl_info[i]); -success: - free(arg); - continue; - } -} - static char *http_help(void) { return make_message( @@ -546,8 +429,8 @@ void http_send_init(struct sender *s) s->client_cmds[SENDER_ADD] = NULL; s->client_cmds[SENDER_DELETE] = NULL; self = s; - init_acl(&http_acl, conf.http_access_arg, conf.http_access_given); + acl_init(&http_acl, conf.http_access_arg, conf.http_access_given); if (!conf.http_no_autostart_given) - open_tcp_port(conf.http_port_arg); /* ignore errors */ + http_open(); /* ignore errors */ PARA_DEBUG_LOG("%s", "http sender init complete\n"); }