Added local-only auto-authorize for API
This commit is contained in:
		
							parent
							
								
									5e2b29466b
								
							
						
					
					
						commit
						a82be2775f
					
				
					 3 changed files with 43 additions and 6 deletions
				
			
		|  | @ -12,6 +12,7 @@ | ||||||
| #include <sstream> | #include <sstream> | ||||||
| #include <sys/socket.h> | #include <sys/socket.h> | ||||||
| #include <sys/stat.h> | #include <sys/stat.h> | ||||||
|  | #include <ifaddrs.h> | ||||||
| 
 | 
 | ||||||
| #define BUFFER_BLOCKSIZE 4096 // set buffer blocksize to 4KiB
 | #define BUFFER_BLOCKSIZE 4096 // set buffer blocksize to 4KiB
 | ||||||
| 
 | 
 | ||||||
|  | @ -656,17 +657,17 @@ bool Socket::Connection::isAddress(std::string addr){ | ||||||
|   int s = getaddrinfo(addr.c_str(), 0, &hints, &result); |   int s = getaddrinfo(addr.c_str(), 0, &hints, &result); | ||||||
|   if (s != 0){return false;} |   if (s != 0){return false;} | ||||||
| 
 | 
 | ||||||
|   char newaddr[INET_ADDRSTRLEN]; |   char newaddr[INET6_ADDRSTRLEN]; | ||||||
|   newaddr[0] = 0; |   newaddr[0] = 0; | ||||||
|   for (rp = result; rp != NULL; rp = rp->ai_next){ |   for (rp = result; rp != NULL; rp = rp->ai_next){ | ||||||
|     if (rp->ai_family == AF_INET && inet_ntop(rp->ai_family, &(((sockaddr_in *)rp->ai_addr)->sin_addr), newaddr, INET_ADDRSTRLEN)){ |     if (rp->ai_family == AF_INET && inet_ntop(rp->ai_family, &(((sockaddr_in *)rp->ai_addr)->sin_addr), newaddr, INET6_ADDRSTRLEN)){ | ||||||
|       DEBUG_MSG(DLVL_DEVEL, "Comparing: '%s'  to '%s'", remotehost.c_str(), newaddr); |       INFO_MSG("Comparing '%s'  to '%s'", remotehost.c_str(), newaddr); | ||||||
|       if (remotehost == newaddr){return true;} |       if (remotehost == newaddr){return true;} | ||||||
|       DEBUG_MSG(DLVL_DEVEL, "Comparing: '%s'  to '::ffff:%s'", remotehost.c_str(), newaddr); |       INFO_MSG("Comparing '%s'  to '::ffff:%s'", remotehost.c_str(), newaddr); | ||||||
|       if (remotehost == std::string("::ffff:") + newaddr){return true;} |       if (remotehost == std::string("::ffff:") + newaddr){return true;} | ||||||
|     } |     } | ||||||
|     if (rp->ai_family == AF_INET6 && inet_ntop(rp->ai_family, &(((sockaddr_in6 *)rp->ai_addr)->sin6_addr), newaddr, INET_ADDRSTRLEN)){ |     if (rp->ai_family == AF_INET6 && inet_ntop(rp->ai_family, &(((sockaddr_in6 *)rp->ai_addr)->sin6_addr), newaddr, INET6_ADDRSTRLEN)){ | ||||||
|       DEBUG_MSG(DLVL_DEVEL, "Comparing: '%s'  to '%s'", remotehost.c_str(), newaddr); |       INFO_MSG("Comparing '%s'  to '%s'", remotehost.c_str(), newaddr); | ||||||
|       if (remotehost == newaddr){return true;} |       if (remotehost == newaddr){return true;} | ||||||
|     } |     } | ||||||
|   } |   } | ||||||
|  | @ -674,6 +675,36 @@ bool Socket::Connection::isAddress(std::string addr){ | ||||||
|   return false; |   return false; | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | bool Socket::Connection::isLocal(){ | ||||||
|  |   struct ifaddrs * ifAddrStruct=NULL; | ||||||
|  |   struct ifaddrs * ifa=NULL; | ||||||
|  |   void * tmpAddrPtr=NULL; | ||||||
|  |   char addressBuffer[INET6_ADDRSTRLEN]; | ||||||
|  | 
 | ||||||
|  |   getifaddrs(&ifAddrStruct); | ||||||
|  | 
 | ||||||
|  |   for (ifa = ifAddrStruct; ifa != NULL; ifa = ifa->ifa_next) { | ||||||
|  |     if (!ifa->ifa_addr) { | ||||||
|  |       continue; | ||||||
|  |     } | ||||||
|  |     if (ifa->ifa_addr->sa_family == AF_INET) { // check it is IP4
 | ||||||
|  |       tmpAddrPtr=&((struct sockaddr_in *)ifa->ifa_addr)->sin_addr; | ||||||
|  |       inet_ntop(AF_INET, tmpAddrPtr, addressBuffer, INET_ADDRSTRLEN); | ||||||
|  |       INFO_MSG("Comparing '%s'  to '%s'", remotehost.c_str(), addressBuffer); | ||||||
|  |       if (remotehost == addressBuffer){return true;} | ||||||
|  |       INFO_MSG("Comparing '%s'  to '::ffff:%s'", remotehost.c_str(), addressBuffer); | ||||||
|  |       if (remotehost == std::string("::ffff:") + addressBuffer){return true;} | ||||||
|  |     } else if (ifa->ifa_addr->sa_family == AF_INET6) { // check it is IP6
 | ||||||
|  |       tmpAddrPtr=&((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr; | ||||||
|  |       inet_ntop(AF_INET6, tmpAddrPtr, addressBuffer, INET6_ADDRSTRLEN); | ||||||
|  |       INFO_MSG("Comparing '%s'  to '%s'", remotehost.c_str(), addressBuffer); | ||||||
|  |       if (remotehost == addressBuffer){return true;} | ||||||
|  |     }  | ||||||
|  |   } | ||||||
|  |   if (ifAddrStruct!=NULL) freeifaddrs(ifAddrStruct); | ||||||
|  |   return false; | ||||||
|  | } | ||||||
|  | 
 | ||||||
| /// Create a new base Server. The socket is never connected, and a placeholder for later connections.
 | /// Create a new base Server. The socket is never connected, and a placeholder for later connections.
 | ||||||
| Socket::Server::Server(){ | Socket::Server::Server(){ | ||||||
|   sock = -1; |   sock = -1; | ||||||
|  |  | ||||||
|  | @ -82,6 +82,7 @@ namespace Socket{ | ||||||
|     std::string getError();         ///< Returns a string describing the last error that occured.
 |     std::string getError();         ///< Returns a string describing the last error that occured.
 | ||||||
|     bool connected() const;         ///< Returns the connected-state for this socket.
 |     bool connected() const;         ///< Returns the connected-state for this socket.
 | ||||||
|     bool isAddress(std::string addr); |     bool isAddress(std::string addr); | ||||||
|  |     bool isLocal(); ///< Returns true if remote address is a local address.
 | ||||||
|     // buffered i/o methods
 |     // buffered i/o methods
 | ||||||
|     bool spool();                               ///< Updates the downbufferinternal variables.
 |     bool spool();                               ///< Updates the downbufferinternal variables.
 | ||||||
|     bool peek();                                ///< Clears the downbuffer and fills it with peek
 |     bool peek();                                ///< Clears the downbuffer and fills it with peek
 | ||||||
|  |  | ||||||
|  | @ -174,6 +174,11 @@ int Controller::handleAPIConnection(Socket::Connection & conn){ | ||||||
|       } |       } | ||||||
|       {//lock the config mutex here - do not unlock until done processing
 |       {//lock the config mutex here - do not unlock until done processing
 | ||||||
|         tthread::lock_guard<tthread::mutex> guard(configMutex); |         tthread::lock_guard<tthread::mutex> guard(configMutex); | ||||||
|  |         //Are we local and not forwarded? Instant-authorized.
 | ||||||
|  |         if (!authorized && !H.hasHeader("X-Real-IP") && conn.isLocal()){ | ||||||
|  |           INFO_MSG("Local API access automatically authorized"); | ||||||
|  |           authorized = true; | ||||||
|  |         } | ||||||
|         //if already authorized, do not re-check for authorization
 |         //if already authorized, do not re-check for authorization
 | ||||||
|         if (authorized){ |         if (authorized){ | ||||||
|           Response["authorize"]["status"] = "OK"; |           Response["authorize"]["status"] = "OK"; | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue
	
	 Thulinma
						Thulinma