X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=http_send.c;h=7c1ea344e0f96e4ca515b6f797d8384ee1145e65;hp=e60b3f90f2853c6ff12f9958d642cb8b3e691e36;hb=9155acc014fef7023501789e877ce21fd570c284;hpb=c73d23911d78ed10179c12ef8f79a3fcf3bbcdaf

diff --git a/http_send.c b/http_send.c
index e60b3f90..7c1ea344 100644
--- a/http_send.c
+++ b/http_send.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2005-2007 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 2005-2008 Andre Noll <maan@systemlinux.org>
  *
  * Licensed under the GPL v2. For licencing details see COPYING.
  */
@@ -24,6 +24,7 @@
 #include "net.h"
 #include "fd.h"
 #include "chunk_queue.h"
+#include "acl.h"
 
 /** Message sent to clients that do not send a valid get request. */
 #define HTTP_ERR_MSG "HTTP/1.0 400 Bad Request\n"
@@ -50,7 +51,7 @@ enum http_status {
 /** The list of connected clients. */
 static struct list_head clients;
 /** The whitelist/blacklist. */
-static struct list_head access_perm_list;
+static struct list_head http_acl;
 
 /** Describes one client that connected the tcp port of the http sender. */
 struct http_client {
@@ -70,18 +71,6 @@ struct http_client {
 	struct chunk_queue *cq;
 };
 
-/**
- * Describes one entry in the blacklist/whitelist of the http sender.
- */
-struct access_info {
-	/** The address to be black/whitelisted. */
-	struct in_addr addr;
-	/** The netmask for this entry. */
-	unsigned netmask;
-	/** The position of this entry in the access_perm_list. */
-	struct list_head node;
-};
-
 static int server_fd = -1, numclients;
 static struct sender *self;
 
@@ -202,40 +191,6 @@ static void http_send( long unsigned current_chunk,
 	}
 }
 
-/**
- * Return true if addr_1 matches addr_2 in the first `netmask' bits.
- */
-static int v4_addr_match(uint32_t addr_1, uint32_t addr_2, uint8_t netmask)
-{
-	uint32_t mask = ~0U;
-
-	if (netmask < 32)
-		mask <<= (32 - netmask);
-	return (htonl(addr_1) & mask) == (htonl(addr_2) & mask);
-}
-
-static int host_in_access_perm_list(struct http_client *hc)
-{
-	struct access_info *ai, *tmp;
-	struct sockaddr_storage ss;
-	socklen_t sslen = sizeof(ss);
-	struct in_addr v4_addr;
-
-	if (getpeername(hc->fd, (struct sockaddr *)&ss, &sslen) < 0) {
-		PARA_ERROR_LOG("Can not determine peer address: %s\n", strerror(errno));
-		goto no_match;
-	}
-	v4_addr = extract_v4_addr(&ss);
-	if (!v4_addr.s_addr)
-		goto no_match;
-
-	list_for_each_entry_safe(ai, tmp, &access_perm_list, node)
-		if (v4_addr_match(v4_addr.s_addr, ai->addr.s_addr, ai->netmask))
-			return 1;
-no_match:
-	return 0;
-}
-
 static void http_post_select(fd_set *rfds, fd_set *wfds)
 {
 	int i = -1, match;
@@ -294,8 +249,8 @@ static void http_post_select(fd_set *rfds, fd_set *wfds)
 		err_msg = "server full";
 		goto err_out;
 	}
-	match = host_in_access_perm_list(hc);
-	PARA_DEBUG_LOG("host_in_access_perm_list: %d\n", match);
+	match = acl_lookup(hc->fd, &http_acl);
+	PARA_DEBUG_LOG("acl lookup returned %d\n", match);
 	if ((match && !conf.http_default_deny_given) ||
 			(!match && conf.http_default_deny_given)) {
 		err_msg = "permission denied";
@@ -352,7 +307,7 @@ static void http_pre_select(int *max_fileno, fd_set *rfds, fd_set *wfds)
 	}
 }
 
-static int open_tcp_port(int port)
+static int http_open(int port)
 {
 	int ret;
 
@@ -376,7 +331,7 @@ static int http_com_on(__a_unused struct sender_command_data *scd)
 {
 	if (self->status == SENDER_ON)
 		return 1;
-	return open_tcp_port(conf.http_port_arg);
+	return http_open(conf.http_port_arg);
 }
 
 static int http_com_off(__a_unused struct sender_command_data *scd)
@@ -391,63 +346,30 @@ static int http_com_off(__a_unused struct sender_command_data *scd)
 	return 1;
 }
 
-static void del_perm_list_entry(struct sender_command_data *scd)
-{
-	struct access_info *ai, *tmp;
-
-	list_for_each_entry_safe(ai, tmp, &access_perm_list, node) {
-		char *nad = para_strdup(inet_ntoa(ai->addr));
-		if (!strcmp(nad, inet_ntoa(scd->addr)) &&
-				ai->netmask == scd->netmask) {
-			PARA_NOTICE_LOG("removing %s/%i from access list\n",
-				nad, ai->netmask);
-			list_del(&ai->node);
-			free(ai);
-		}
-		free(nad);
-	}
-}
-
-static void add_perm_list_entry(struct sender_command_data *scd)
-{
-	struct access_info *ai = para_malloc(sizeof(struct access_info));
-	ai->addr = scd->addr;
-	ai->netmask = scd->netmask;
-	PARA_INFO_LOG("adding %s/%i to access list\n", inet_ntoa(ai->addr),
-		ai->netmask);
-	para_list_add(&ai->node, &access_perm_list);
-}
-
 static int http_com_deny(struct sender_command_data *scd)
 {
 	if (conf.http_default_deny_given)
-		del_perm_list_entry(scd);
+		acl_del_entry(&http_acl, scd->addr, scd->netmask);
 	else
-		add_perm_list_entry(scd);
+		acl_add_entry(&http_acl, scd->addr, scd->netmask);
 	return 1;
 }
 
 static int http_com_allow(struct sender_command_data *scd)
 {
 	if (conf.http_default_deny_given)
-		add_perm_list_entry(scd);
+		acl_add_entry(&http_acl, scd->addr, scd->netmask);
 	else
-		del_perm_list_entry(scd);
+		acl_del_entry(&http_acl, scd->addr, scd->netmask);
 	return 1;
 }
 
 static char *http_info(void)
 {
-	char *clnts = NULL, *ap = NULL, *ret;
-	struct access_info *ai, *tmp_ai;
+	char *clnts = NULL, *ret;
 	struct http_client *hc, *tmp_hc;
 
-	list_for_each_entry_safe(ai, tmp_ai, &access_perm_list, node) {
-		char *tmp = make_message("%s%s/%d ", ap? ap : "",
-			inet_ntoa(ai->addr), ai->netmask);
-		free(ap);
-		ap = tmp;
-	}
+	char *acl_contents = acl_get_contents(&http_acl);
 	list_for_each_entry_safe(hc, tmp_hc, &clients, node) {
 		char *tmp = make_message("%s%s ", clnts? clnts : "", hc->name);
 		free(clnts);
@@ -467,41 +389,13 @@ static char *http_info(void)
 		conf.http_max_clients_arg > 0? "" : " (unlimited)",
 		clnts? clnts : "(none)",
 		conf.http_default_deny_given? "allow" : "deny",
-		ap? ap : "(none)"
+		acl_contents? acl_contents : "(none)"
 	);
-	free(ap);
+	free(acl_contents);
 	free(clnts);
 	return ret;
 }
 
-static void init_access_control_list(void)
-{
-	int i;
-	struct sender_command_data scd;
-
-	INIT_LIST_HEAD(&access_perm_list);
-	for (i = 0; i < conf.http_access_given; i++) {
-		char *arg = para_strdup(conf.http_access_arg[i]);
-		char *p = strchr(arg, '/');
-		if (!p)
-			goto err;
-		*p = '\0';
-		if (!inet_pton(AF_INET, arg, &scd.addr))
-			goto err;
-		scd.netmask = atoi(++p);
-		if (scd.netmask < 0 || scd.netmask > 32)
-			goto err;
-		add_perm_list_entry(&scd);
-		goto success;
-err:
-		PARA_CRIT_LOG("syntax error for http_access option "
-			"#%d, ignoring\n", i);
-success:
-		free(arg);
-		continue;
-	}
-}
-
 static char *http_help(void)
 {
 	return make_message(
@@ -535,8 +429,8 @@ void http_send_init(struct sender *s)
 	s->client_cmds[SENDER_ADD] = NULL;
 	s->client_cmds[SENDER_DELETE] = NULL;
 	self = s;
-	init_access_control_list();
+	acl_init(&http_acl, conf.http_access_arg, conf.http_access_given);
 	if (!conf.http_no_autostart_given)
-		open_tcp_port(conf.http_port_arg); /* ignore errors */
+		http_open(conf.http_port_arg); /* ignore errors */
 	PARA_DEBUG_LOG("%s", "http sender init complete\n");
 }