fluidB
/
webdiss
1
0
Fork 0
Code Pull Requests Activity

Parsed ACLs.

Browse Source
master
Nicolas Favre-Felix 14 years ago
parent 75820e2648
commit 41388a5196
4 changed files with 103 additions and 63 deletions
Show Stats Download Patch File Download Diff File

4
cmd.c
Unescape Escape View File

@ -40,7 +40,6 @@ cmd_authorized(struct conf *cfg, struct evhttp_request *rq, const char *verb, si
char *always_off[] = {"MULTI", "EXEC", "WATCH", "DISCARD", "SUBSCRIBE", "PSUBSCRIBE"}; char *always_off[] = {"MULTI", "EXEC", "WATCH", "DISCARD", "SUBSCRIBE", "PSUBSCRIBE"};
struct disabled_command *dc;
unsigned int i; unsigned int i;
char *client_ip; char *client_ip;
@ -59,6 +58,8 @@ cmd_authorized(struct conf *cfg, struct evhttp_request *rq, const char *verb, si
evhttp_connection_get_peer(rq->evcon, &client_ip, &client_port); evhttp_connection_get_peer(rq->evcon, &client_ip, &client_port);
client_addr = ntohl(inet_addr(client_ip)); client_addr = ntohl(inet_addr(client_ip));
return 1;
#if 0
for(dc = cfg->disabled; dc; dc = dc->next) { for(dc = cfg->disabled; dc; dc = dc->next) {
/* CIDR test */ /* CIDR test */
@ -73,6 +74,7 @@ cmd_authorized(struct conf *cfg, struct evhttp_request *rq, const char *verb, si
} }
} }
} }
#endif
return 1; return 1;
} }

134
conf.c
Unescape Escape View File

@ -7,8 +7,8 @@
#include <jansson.h> #include <jansson.h>
#include "conf.h" #include "conf.h"
static struct disabled_command * static struct acl *
conf_disable_commands(json_t *jtab); conf_parse_acls(json_t *jtab);
struct conf * struct conf *
conf_read(const char *filename) { conf_read(const char *filename) {
@ -46,8 +46,8 @@ conf_read(const char *filename) {
conf->http_host = strdup(json_string_value(jtmp)); conf->http_host = strdup(json_string_value(jtmp));
} else if(strcmp(json_object_iter_key(kv), "http_port") == 0 && json_typeof(jtmp) == JSON_INTEGER) { } else if(strcmp(json_object_iter_key(kv), "http_port") == 0 && json_typeof(jtmp) == JSON_INTEGER) {
conf->http_port = (short)json_integer_value(jtmp); conf->http_port = (short)json_integer_value(jtmp);
} else if(strcmp(json_object_iter_key(kv), "disable") == 0 && json_typeof(jtmp) == JSON_OBJECT) { } else if(strcmp(json_object_iter_key(kv), "acl") == 0 && json_typeof(jtmp) == JSON_OBJECT) {
conf->disabled = conf_disable_commands(jtmp); conf->perms = conf_parse_acls(jtmp);
} }
} }
@ -56,30 +56,53 @@ conf_read(const char *filename) {
return conf; return conf;
} }
void
acl_read_commands(json_t *jlist, struct acl_commands *ac) {
struct disabled_command * unsigned int i, n, cur;
conf_disable_commands(json_t *jtab) {
struct disabled_command *root = NULL; /* count strings in the array */
for(i = 0, n = 0; i < json_array_size(jlist); ++i) {
json_t *jelem = json_array_get(jlist, (size_t)i);
if(json_typeof(jelem) == JSON_STRING) {
n++;
}
}
void *kv; /* allocate block */
for(kv = json_object_iter(jtab); kv; kv = json_object_iter_next(jtab, kv)) { ac->commands = calloc((size_t)n, sizeof(char*));
ac->count = n;
/* add all disabled commands */
for(i = 0, cur = 0; i < json_array_size(jlist); ++i) {
json_t *jelem = json_array_get(jlist, i);
if(json_typeof(jelem) == JSON_STRING) {
size_t sz;
const char *s = json_string_value(jelem);
sz = strlen(s);
ac->commands[cur] = calloc(1 + sz, 1);
memcpy(ac->commands[cur], s, sz);
cur++;
}
}
}
unsigned int i, cur, n; struct acl *
char *p, *ip; conf_parse_acl(json_t *j) {
const char *s;
in_addr_t mask, subnet;
unsigned short mask_bits = 0;
struct disabled_command *dc; json_t *jcidr, *jbasic, *jlist;
json_t *val = json_object_iter_value(kv); unsigned short mask_bits = 0;
if(json_typeof(val) != JSON_ARRAY) { struct acl *a = calloc(1, sizeof(struct acl));
continue; /* TODO: report error? */
} /* parse CIDR */
if((jcidr = json_object_get(j, "ip")) && json_typeof(jcidr) == JSON_STRING) {
const char *s;
char *p, *ip;
a->cidr.enabled = 1;
/* parse key in format "ip/mask" */ s = json_string_value(jcidr);
s = json_object_iter_key(kv);
p = strchr(s, '/'); p = strchr(s, '/');
if(!p) { if(!p) {
ip = strdup(s); ip = strdup(s);
@ -88,45 +111,48 @@ conf_disable_commands(json_t *jtab) {
memcpy(ip, s, (size_t)(p - s)); memcpy(ip, s, (size_t)(p - s));
mask_bits = (unsigned short)atoi(p+1); mask_bits = (unsigned short)atoi(p+1);
} }
mask = (mask_bits == 0 ? 0 : (0xffffffff << (32 - mask_bits))); a->cidr.mask = (mask_bits == 0 ? 0 : (0xffffffff << (32 - mask_bits)));
subnet = ntohl(inet_addr(ip)) & mask; a->cidr.subnet = ntohl(inet_addr(ip)) & a->cidr.mask;
free(ip);
/* count strings in the array */ }
n = 0;
for(i = 0; i < json_array_size(val); ++i) {
json_t *jelem = json_array_get(val, (size_t)i);
if(json_typeof(jelem) == JSON_STRING) {
n++;
}
}
/* allocate block */ /* parse basic_auth */
dc = calloc(1, sizeof(struct disabled_command)); if((jbasic = json_object_get(j, "http_basic_auth")) && json_typeof(jbasic) == JSON_STRING) {
dc->commands = calloc((size_t)n, sizeof(char*)); a->http_basic_auth = strdup(json_string_value(jbasic));
dc->subnet = subnet; /* TODO: base64 encode */
dc->mask = mask; }
dc->count = n;
dc->next = root; /* parse enabled commands */
root = dc; if((jlist = json_object_get(j, "enable")) && json_typeof(jlist) == JSON_ARRAY) {
acl_read_commands(jlist, &a->enable);
/* add all disabled commands */ }
for(i = 0, cur = 0; i < json_array_size(val); ++i) {
json_t *jelem = json_array_get(val, i); /* parse disabled commands */
if(json_typeof(jelem) == JSON_STRING) { if((jlist = json_object_get(j, "disable")) && json_typeof(jlist) == JSON_ARRAY) {
size_t sz; acl_read_commands(jlist, &a->disable);
s = json_string_value(jelem); }
sz = strlen(s);
return a;
dc->commands[cur] = calloc(1 + sz, 1); }
memcpy(dc->commands[cur], s, sz);
cur++; struct acl *
} conf_parse_acls(json_t *jtab) {
}
struct acl *root = NULL, *tmp = NULL;
void *kv;
for(kv = json_object_iter(jtab); kv; kv = json_object_iter_next(jtab, kv)) {
json_t *val = json_object_iter_value(kv);
tmp = conf_parse_acl(val);
if(root) root->next = tmp;
root = tmp;
} }
return root; return root;
} }
void void
conf_free(struct conf *conf) { conf_free(struct conf *conf) {

26
conf.h
Unescape Escape View File

@ -3,15 +3,27 @@
#include <netinet/in.h> #include <netinet/in.h>
struct disabled_command { struct acl_commands {
in_addr_t subnet;
in_addr_t mask;
unsigned int count; unsigned int count;
char **commands; char **commands;
};
struct acl {
/* CIDR subnet + mask */
struct {
int enabled;
in_addr_t subnet;
in_addr_t mask;
} cidr;
char *http_basic_auth;
/* commands that have been enabled or disabled */
struct acl_commands enable;
struct acl_commands disable;
struct disabled_command *next; struct acl *next;
}; };
struct conf { struct conf {
@ -23,7 +35,7 @@ struct conf {
char *http_host; char *http_host;
short http_port; short http_port;
struct disabled_command *disabled; struct acl *perms;
}; };
struct conf * struct conf *

2
webdis.json
Unescape Escape View File

@ -9,7 +9,7 @@
"disable": { "disable": {
"0.0.0.0/0": ["DEBUG", "FLUSHDB", "FLUSHALL"] "0.0.0.0/0": ["DEBUG", "FLUSHDB", "FLUSHALL"]
} },
"acl": [ "acl": [

Write Preview
Loading…
Cancel
Save