|
|
@ -5,6 +5,7 @@
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
#include <arpa/inet.h>
|
|
|
|
|
|
|
|
|
|
|
|
#include <jansson.h>
|
|
|
|
#include <jansson.h>
|
|
|
|
|
|
|
|
#include <evhttp.h>
|
|
|
|
#include <libb64/cencode.h>
|
|
|
|
#include <libb64/cencode.h>
|
|
|
|
#include "conf.h"
|
|
|
|
#include "conf.h"
|
|
|
|
|
|
|
|
|
|
|
@ -174,15 +175,21 @@ conf_parse_acls(json_t *jtab) {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
int
|
|
|
|
acl_match(struct acl *a, in_addr_t *ip) {
|
|
|
|
acl_match(struct acl *a, struct evhttp_request *rq, in_addr_t *ip) {
|
|
|
|
|
|
|
|
|
|
|
|
/* TODO: add HTTP Basic Auth */
|
|
|
|
/* check HTTP Basic Auth */
|
|
|
|
|
|
|
|
const char *auth;
|
|
|
|
|
|
|
|
auth = evhttp_find_header(rq->input_headers, "Authorization");
|
|
|
|
|
|
|
|
if(auth && a->http_basic_auth && strncasecmp(auth, "Basic ", 6) == 0) { /* sent auth */
|
|
|
|
|
|
|
|
if(strcmp(auth + 6, a->http_basic_auth) != 0) { /* wrong */
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* CIDR check. */
|
|
|
|
if(a->cidr.enabled == 0) { /* none given, all match */
|
|
|
|
if(a->cidr.enabled == 0) { /* none given, all match */
|
|
|
|
return 1;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* CIDR check. */
|
|
|
|
|
|
|
|
if(((*ip) & a->cidr.mask) == (a->cidr.subnet & a->cidr.mask)) {
|
|
|
|
if(((*ip) & a->cidr.mask) == (a->cidr.subnet & a->cidr.mask)) {
|
|
|
|
return 1;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|