X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=http_send.c;h=6b67a6aae09e0dca5b61fda5277d13b7a4603299;hp=799c06cc2dfa2b4400882cdb14fb16089d1bc77e;hb=37c39c45fe642f3be30658a95a35583affa2c9fa;hpb=d2e164526bed7f523043b7e4ec5bd282d5bc6f19 diff --git a/http_send.c b/http_send.c index 799c06cc..6b67a6aa 100644 --- a/http_send.c +++ b/http_send.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2005-2007 Andre Noll + * Copyright (C) 2005-2008 Andre Noll * * Licensed under the GPL v2. For licencing details see COPYING. */ @@ -24,9 +24,11 @@ #include "net.h" #include "fd.h" #include "chunk_queue.h" +#include "acl.h" +/** Message sent to clients that do not send a valid get request. */ #define HTTP_ERR_MSG "HTTP/1.0 400 Bad Request\n" -/** \endcond */ + /** The possible states of a client from the server's POV. */ enum http_status { @@ -49,7 +51,7 @@ enum http_status { /** The list of connected clients. */ static struct list_head clients; /** The whitelist/blacklist. */ -static struct list_head access_perm_list; +static struct list_head http_acl; /** Describes one client that connected the tcp port of the http sender. */ struct http_client { @@ -69,26 +71,14 @@ struct http_client { struct chunk_queue *cq; }; -/** - * Describes one entry in the blacklist/whitelist of the http sender. - */ -struct access_info { - /** The address to be black/whitelisted. */ - struct in_addr addr; - /** The netmask for this entry. */ - unsigned netmask; - /** The position of this entry in the access_perm_list. */ - struct list_head node; -}; - -static int server_fd = -1, numclients; +static int listen_fd = -1, numclients; static struct sender *self; static void http_shutdown_client(struct http_client *hc, const char *msg) { - PARA_INFO_LOG("shutting down %s on fd %d (%s)\n", - hc->name, hc->fd, msg); + PARA_INFO_LOG("shutting down %s on fd %d (%s)\n", hc->name, hc->fd, + msg); numclients--; free(hc->name); close(hc->fd); @@ -201,33 +191,14 @@ static void http_send( long unsigned current_chunk, } } -static int host_in_access_perm_list(struct http_client *hc) -{ - struct sockaddr_storage ss; - socklen_t sslen = sizeof(ss); - - if (getpeername(hc->fd, (struct sockaddr *)&ss, &sslen) < 0) { - PARA_ERROR_LOG("can not determine address family: %s\n", strerror(errno)); - } else if (ss.ss_family == AF_INET) { - /* FIXME: access restriction is (currently) only supported for IPv4 */ - struct access_info *ai, *tmp; - struct in_addr client_addr = ((struct sockaddr_in *)&ss)->sin_addr; - - list_for_each_entry_safe(ai, tmp, &access_perm_list, node) { - unsigned mask = ((~0U) >> ai->netmask); - if ((client_addr.s_addr & mask) == (ai->addr.s_addr & mask)) - return 1; - } - } - return 0; -} - static void http_post_select(fd_set *rfds, fd_set *wfds) { int i = -1, match; struct http_client *hc, *tmp; const char *err_msg; + if (listen_fd < 0) + return; list_for_each_entry_safe(hc, tmp, &clients, node) { i++; // PARA_DEBUG_LOG("handling client %d: %s\n", i, remote_name(hc->fd)); @@ -266,11 +237,11 @@ static void http_post_select(fd_set *rfds, fd_set *wfds) break; } } - if (!FD_ISSET(server_fd, rfds)) + if (!FD_ISSET(listen_fd, rfds)) return; hc = para_calloc(sizeof(struct http_client)); err_msg = "accept error"; - hc->fd = para_accept(server_fd, NULL, 0); + hc->fd = para_accept(listen_fd, NULL, 0); if (hc->fd <= 0) goto err_out; hc->name = make_message("%s", remote_name(hc->fd)); @@ -280,8 +251,8 @@ static void http_post_select(fd_set *rfds, fd_set *wfds) err_msg = "server full"; goto err_out; } - match = host_in_access_perm_list(hc); - PARA_DEBUG_LOG("host_in_access_perm_list: %d\n", match); + match = acl_lookup(hc->fd, &http_acl); + PARA_DEBUG_LOG("acl lookup returned %d\n", match); if ((match && !conf.http_default_deny_given) || (!match && conf.http_default_deny_given)) { err_msg = "permission denied"; @@ -291,14 +262,14 @@ static void http_post_select(fd_set *rfds, fd_set *wfds) hc->cq = cq_new(MAX_BACKLOG); numclients++; PARA_INFO_LOG("accepted client #%d: %s (fd %d)\n", numclients, - hc->name, hc->fd); + hc->name, hc->fd); para_list_add(&hc->node, &clients); add_close_on_fork_list(hc->fd); mark_fd_nonblocking(hc->fd); return; err_out: PARA_WARNING_LOG("ignoring connect request from %s (%s)\n", - hc->name, err_msg); + hc->name, err_msg); if (hc->fd > 0) close(hc->fd); free(hc); @@ -308,9 +279,9 @@ static void http_pre_select(int *max_fileno, fd_set *rfds, fd_set *wfds) { struct http_client *hc, *tmp; - if (server_fd < 0) + if (listen_fd < 0) return; - para_fd_set(server_fd, rfds, max_fileno); + para_fd_set(listen_fd, rfds, max_fileno); list_for_each_entry_safe(hc, tmp, &clients, node) { //PARA_DEBUG_LOG("hc %p on fd %d: status %d\n", hc, hc->fd, hc->status); hc->check_r = 0; @@ -338,105 +309,69 @@ static void http_pre_select(int *max_fileno, fd_set *rfds, fd_set *wfds) } } -static int open_tcp_port(int port) +static int http_open(void) { int ret; - server_fd = para_listen(AF_UNSPEC, IPPROTO_TCP, port); - if (server_fd < 0) { + listen_fd = para_listen(AF_UNSPEC, IPPROTO_TCP, conf.http_port_arg); + if (listen_fd < 0) { http_shutdown_clients(); - self->status = SENDER_OFF; - return server_fd; + return listen_fd; } - ret = mark_fd_nonblocking(server_fd); + ret = mark_fd_nonblocking(listen_fd); if (ret < 0) { - PARA_EMERG_LOG("%s\n", PARA_STRERROR(-ret)); + PARA_EMERG_LOG("%s\n", para_strerror(-ret)); exit(EXIT_FAILURE); } - self->status = SENDER_ON; - add_close_on_fork_list(server_fd); + add_close_on_fork_list(listen_fd); return 1; } static int http_com_on(__a_unused struct sender_command_data *scd) { - if (self->status == SENDER_ON) + if (listen_fd >= 0) return 1; - return open_tcp_port(conf.http_port_arg); + return http_open(); } static int http_com_off(__a_unused struct sender_command_data *scd) { - self->status = SENDER_OFF; - if (server_fd > 0) { - close(server_fd); - del_close_on_fork_list(server_fd); - server_fd = -1; - } + if (listen_fd < 0) + return 1; + PARA_NOTICE_LOG("closing http port %d\n", conf.http_port_arg); + close(listen_fd); + del_close_on_fork_list(listen_fd); http_shutdown_clients(); + listen_fd = -1; return 1; } -static void del_perm_list_entry(struct sender_command_data *scd) -{ - struct access_info *ai, *tmp; - - list_for_each_entry_safe(ai, tmp, &access_perm_list, node) { - char *nad = para_strdup(inet_ntoa(ai->addr)); - if (!strcmp(nad, inet_ntoa(scd->addr)) && - ai->netmask == scd->netmask) { - PARA_NOTICE_LOG("removing %s/%i from access list\n", - nad, ai->netmask); - list_del(&ai->node); - free(ai); - } - free(nad); - } -} - -static void add_perm_list_entry(struct sender_command_data *scd) -{ - struct access_info *ai = para_malloc(sizeof(struct access_info)); - ai->addr = scd->addr; - ai->netmask = scd->netmask; - PARA_INFO_LOG("adding %s/%i to access list\n", inet_ntoa(ai->addr), - ai->netmask); - para_list_add(&ai->node, &access_perm_list); -} - static int http_com_deny(struct sender_command_data *scd) { if (conf.http_default_deny_given) - del_perm_list_entry(scd); + acl_del_entry(&http_acl, scd->addr, scd->netmask); else - add_perm_list_entry(scd); + acl_add_entry(&http_acl, scd->addr, scd->netmask); return 1; } static int http_com_allow(struct sender_command_data *scd) { if (conf.http_default_deny_given) - add_perm_list_entry(scd); + acl_add_entry(&http_acl, scd->addr, scd->netmask); else - del_perm_list_entry(scd); + acl_del_entry(&http_acl, scd->addr, scd->netmask); return 1; } static char *http_info(void) { - char *clnts = NULL, *ap = NULL, *ret; - struct access_info *ai, *tmp_ai; + char *clnts = NULL, *ret; struct http_client *hc, *tmp_hc; - list_for_each_entry_safe(ai, tmp_ai, &access_perm_list, node) { - char *tmp = make_message("%s%s/%d ", ap? ap : "", - inet_ntoa(ai->addr), ai->netmask); - free(ap); - ap = tmp; - } + char *acl_contents = acl_get_contents(&http_acl); list_for_each_entry_safe(hc, tmp_hc, &clients, node) { - char *tmp = make_message("%s%s ", clnts? clnts : "", - hc->name); + char *tmp = make_message("%s%s ", clnts? clnts : "", hc->name); free(clnts); clnts = tmp; } @@ -447,48 +382,20 @@ static char *http_info(void) "http maximal number of clients: %d%s\n" "http connected clients: %s\n" "http access %s list: %s\n", - (self->status == SENDER_ON)? "on" : "off", + (listen_fd >= 0)? "on" : "off", conf.http_port_arg, numclients, conf.http_max_clients_arg, conf.http_max_clients_arg > 0? "" : " (unlimited)", clnts? clnts : "(none)", conf.http_default_deny_given? "allow" : "deny", - ap? ap : "(none)" + acl_contents? acl_contents : "(none)" ); - free(ap); + free(acl_contents); free(clnts); return ret; } -static void init_access_control_list(void) -{ - int i; - struct sender_command_data scd; - - INIT_LIST_HEAD(&access_perm_list); - for (i = 0; i < conf.http_access_given; i++) { - char *arg = para_strdup(conf.http_access_arg[i]); - char *p = strchr(arg, '/'); - if (!p) - goto err; - *p = '\0'; - if (!inet_pton(AF_INET, arg, &scd.addr)) - goto err; - scd.netmask = atoi(++p); - if (scd.netmask < 0 || scd.netmask > 32) - goto err; - add_perm_list_entry(&scd); - goto success; -err: - PARA_CRIT_LOG("syntax error for http_access option " - "#%d, ignoring\n", i); -success: - free(arg); - continue; - } -} - static char *http_help(void) { return make_message( @@ -522,8 +429,8 @@ void http_send_init(struct sender *s) s->client_cmds[SENDER_ADD] = NULL; s->client_cmds[SENDER_DELETE] = NULL; self = s; - init_access_control_list(); + acl_init(&http_acl, conf.http_access_arg, conf.http_access_given); if (!conf.http_no_autostart_given) - open_tcp_port(conf.http_port_arg); /* ignore errors */ + http_open(); /* ignore errors */ PARA_DEBUG_LOG("%s", "http sender init complete\n"); }