X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=http_send.c;h=7c1ea344e0f96e4ca515b6f797d8384ee1145e65;hp=446cde4f72488c684696c13b41e91840df20fe0c;hb=33fe4df2e6e28ea5972ccbfc15e6131e919ab177;hpb=e593b5f44255414087e226a25f4bbd392c9e7c76 diff --git a/http_send.c b/http_send.c index 446cde4f..7c1ea344 100644 --- a/http_send.c +++ b/http_send.c @@ -24,6 +24,7 @@ #include "net.h" #include "fd.h" #include "chunk_queue.h" +#include "acl.h" /** Message sent to clients that do not send a valid get request. */ #define HTTP_ERR_MSG "HTTP/1.0 400 Bad Request\n" @@ -70,18 +71,6 @@ struct http_client { struct chunk_queue *cq; }; -/** - * Describes one entry in the blacklist/whitelist of the http sender. - */ -struct access_info { - /** The address to be black/whitelisted. */ - struct in_addr addr; - /** The netmask for this entry. */ - unsigned netmask; - /** The position of this entry in the acl. */ - struct list_head node; -}; - static int server_fd = -1, numclients; static struct sender *self; @@ -202,40 +191,6 @@ static void http_send( long unsigned current_chunk, } } -/** - * Return true if addr_1 matches addr_2 in the first `netmask' bits. - */ -static int v4_addr_match(uint32_t addr_1, uint32_t addr_2, uint8_t netmask) -{ - uint32_t mask = ~0U; - - if (netmask < 32) - mask <<= (32 - netmask); - return (htonl(addr_1) & mask) == (htonl(addr_2) & mask); -} - -static int host_in_acl(int fd, struct list_head *acl) -{ - struct access_info *ai, *tmp; - struct sockaddr_storage ss; - socklen_t sslen = sizeof(ss); - struct in_addr v4_addr; - - if (getpeername(fd, (struct sockaddr *)&ss, &sslen) < 0) { - PARA_ERROR_LOG("Can not determine peer address: %s\n", strerror(errno)); - goto no_match; - } - v4_addr = extract_v4_addr(&ss); - if (!v4_addr.s_addr) - goto no_match; - - list_for_each_entry_safe(ai, tmp, acl, node) - if (v4_addr_match(v4_addr.s_addr, ai->addr.s_addr, ai->netmask)) - return 1; -no_match: - return 0; -} - static void http_post_select(fd_set *rfds, fd_set *wfds) { int i = -1, match; @@ -294,8 +249,8 @@ static void http_post_select(fd_set *rfds, fd_set *wfds) err_msg = "server full"; goto err_out; } - match = host_in_acl(hc->fd, &http_acl); - PARA_DEBUG_LOG("host_in_acl: %d\n", match); + match = acl_lookup(hc->fd, &http_acl); + PARA_DEBUG_LOG("acl lookup returned %d\n", match); if ((match && !conf.http_default_deny_given) || (!match && conf.http_default_deny_given)) { err_msg = "permission denied"; @@ -352,7 +307,7 @@ static void http_pre_select(int *max_fileno, fd_set *rfds, fd_set *wfds) } } -static int open_tcp_port(int port) +static int http_open(int port) { int ret; @@ -376,7 +331,7 @@ static int http_com_on(__a_unused struct sender_command_data *scd) { if (self->status == SENDER_ON) return 1; - return open_tcp_port(conf.http_port_arg); + return http_open(conf.http_port_arg); } static int http_com_off(__a_unused struct sender_command_data *scd) @@ -391,71 +346,30 @@ static int http_com_off(__a_unused struct sender_command_data *scd) return 1; } -static void del_perm_list_entry(struct sender_command_data *scd) -{ - struct access_info *ai, *tmp; - - list_for_each_entry_safe(ai, tmp, &http_acl, node) { - char *nad = para_strdup(inet_ntoa(ai->addr)); - if (!strcmp(nad, inet_ntoa(scd->addr)) && - ai->netmask == scd->netmask) { - PARA_NOTICE_LOG("removing %s/%i from access list\n", - nad, ai->netmask); - list_del(&ai->node); - free(ai); - } - free(nad); - } -} - -static void add_perm_list_entry(struct sender_command_data *scd) -{ - struct access_info *ai = para_malloc(sizeof(struct access_info)); - ai->addr = scd->addr; - ai->netmask = scd->netmask; - PARA_INFO_LOG("adding %s/%i to access list\n", inet_ntoa(ai->addr), - ai->netmask); - para_list_add(&ai->node, &http_acl); -} - static int http_com_deny(struct sender_command_data *scd) { if (conf.http_default_deny_given) - del_perm_list_entry(scd); + acl_del_entry(&http_acl, scd->addr, scd->netmask); else - add_perm_list_entry(scd); + acl_add_entry(&http_acl, scd->addr, scd->netmask); return 1; } static int http_com_allow(struct sender_command_data *scd) { if (conf.http_default_deny_given) - add_perm_list_entry(scd); + acl_add_entry(&http_acl, scd->addr, scd->netmask); else - del_perm_list_entry(scd); + acl_del_entry(&http_acl, scd->addr, scd->netmask); return 1; } -static char *get_acl_contents(struct list_head *acl) -{ - struct access_info *ai, *tmp_ai; - char *ret = NULL; - - list_for_each_entry_safe(ai, tmp_ai, acl, node) { - char *tmp = make_message("%s%s/%d ", ret? ret : "", - inet_ntoa(ai->addr), ai->netmask); - free(ret); - ret = tmp; - } - return ret; -} - static char *http_info(void) { char *clnts = NULL, *ret; struct http_client *hc, *tmp_hc; - char *acl_contents = get_acl_contents(&http_acl); + char *acl_contents = acl_get_contents(&http_acl); list_for_each_entry_safe(hc, tmp_hc, &clients, node) { char *tmp = make_message("%s%s ", clnts? clnts : "", hc->name); free(clnts); @@ -482,34 +396,6 @@ static char *http_info(void) return ret; } -static void init_acl(struct list_head *acl, char * const *acl_info, int num) -{ - int i; - struct sender_command_data scd; - - INIT_LIST_HEAD(acl); - for (i = 0; i < num; i++) { - char *arg = para_strdup(acl_info[i]); - char *p = strchr(arg, '/'); - if (!p) - goto err; - *p = '\0'; - if (!inet_pton(AF_INET, arg, &scd.addr)) - goto err; - scd.netmask = atoi(++p); - if (scd.netmask < 0 || scd.netmask > 32) - goto err; - add_perm_list_entry(&scd); - goto success; -err: - PARA_CRIT_LOG("syntax error for http_access option " - "#%d, ignoring\n", i); -success: - free(arg); - continue; - } -} - static char *http_help(void) { return make_message( @@ -543,8 +429,8 @@ void http_send_init(struct sender *s) s->client_cmds[SENDER_ADD] = NULL; s->client_cmds[SENDER_DELETE] = NULL; self = s; - init_acl(&http_acl, conf.http_access_arg, conf.http_access_given); + acl_init(&http_acl, conf.http_access_arg, conf.http_access_given); if (!conf.http_no_autostart_given) - open_tcp_port(conf.http_port_arg); /* ignore errors */ + http_open(conf.http_port_arg); /* ignore errors */ PARA_DEBUG_LOG("%s", "http sender init complete\n"); }