Changeset 3d36f5ae5437e4b5ba5af4c86106c6404c80ecbc

Show
Ignore:
Timestamp:
02/05/10 17:36:41 (4 years ago)
Author:
Theo Schlossnagle <jesus@omniti.com>
git-committer:
Theo Schlossnagle <jesus@omniti.com> 1265391401 +0000
git-parent:

[8f70c06674bf6638d637075656f61e43ea438325]

git-author:
Theo Schlossnagle <jesus@omniti.com> 1265391401 +0000
Message:

use access controls for streaming urls too

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved
  • src/noit_rest.c

    r8f70c06 r3d36f5a  
    143143} 
    144144noit_boolean 
     145noit_http_rest_access(noit_http_rest_closure_t *restc, 
     146                      int npats, char **pats) { 
     147  struct noit_rest_acl *acl; 
     148  struct noit_rest_acl_rule *rule; 
     149  int ovector[30]; 
     150 
     151  for(acl = global_rest_acls; acl; acl = acl->next) { 
     152    if(acl->cn && pcre_exec(acl->cn, NULL, "", 0, 0, 0, 
     153                            ovector, sizeof(ovector)/sizeof(*ovector)) <= 0) 
     154      continue; 
     155    if(acl->url && pcre_exec(acl->url, NULL, restc->http_ctx->req.uri_str, 
     156                             strlen(restc->http_ctx->req.uri_str), 0, 0, 
     157                             ovector, sizeof(ovector)/sizeof(*ovector)) <= 0) 
     158      continue; 
     159    for(rule = acl->rules; rule; rule = rule->next) { 
     160      if(rule->cn && pcre_exec(rule->cn, NULL, "", 0, 0, 0, 
     161                               ovector, sizeof(ovector)/sizeof(*ovector)) <= 0) 
     162        continue; 
     163      if(rule->url && pcre_exec(rule->url, NULL, restc->http_ctx->req.uri_str, 
     164                                strlen(restc->http_ctx->req.uri_str), 0, 0, 
     165                                ovector, sizeof(ovector)/sizeof(*ovector)) <= 0) 
     166        continue; 
     167      return rule->allow; 
     168    } 
     169    return acl->allow; 
     170  } 
     171  return noit_false; 
     172} 
     173noit_boolean 
    145174noit_http_rest_client_cert_auth(noit_http_rest_closure_t *restc, 
    146175                                int npats, char **pats) { 
  • src/noit_rest.h

    rce0c8f2 r3d36f5a  
    6565 
    6666API_EXPORT(noit_boolean) 
     67  noit_http_rest_access(noit_http_rest_closure_t *restc, 
     68                        int npats, char **pats) ; 
     69 
     70API_EXPORT(noit_boolean) 
    6771  noit_http_rest_client_cert_auth(noit_http_rest_closure_t *restc, 
    6872                                  int npats, char **pats); 
  • src/stratcon.conf.in

    r9773c9f r3d36f5a  
    182182 
    183183  <rest> 
    184     <acl> 
    185       <rule type="allow" /> 
     184    <acl type="deny"> 
     185      <rule type="deny" url="/\.svn"/> 
     186      <rule type="allow" cn="^admin$"/> 
     187      <rule type="allow" cn="^nagios$" url="^/noits/show$"/> 
     188      <rule type="allow" url="^/noits/config$"/> 
     189      <rule type="allow" url="^/data/"/> 
     190      <rule type="allow" url="^/$"/> 
    186191    </acl> 
    187     <!-- 
    188     <acl cn="^clientfoo$" url=".*" type="deny"> 
    189       <rule type="deny" url="^/check/set/"/> 
    190       <rule type="allow" url=".*"/> 
    191     </acl> 
    192     --> 
    193192  </rest> 
    194193 
  • src/stratcon_realtime_http.c

    rce0c8f2 r3d36f5a  
    510510  eventer_name_callback("stratcon_realtime_http", 
    511511                        stratcon_realtime_http_handler); 
    512   assert(noit_http_rest_register
     512  assert(noit_http_rest_register_auth
    513513    "GET", "/data/", 
    514514           "^((?:" UUID_REGEX "(?:@\\d+)?)(?:/" UUID_REGEX "(?:@\\d+)?)*)$", 
    515     rest_stream_data 
     515    rest_stream_data, noit_http_rest_access 
    516516  ) == 0); 
    517   assert(noit_http_rest_register
    518     "GET", "/", "^(.*)$", noit_rest_simple_file_handler 
     517  assert(noit_http_rest_register_auth
     518    "GET", "/", "^(.*)$", noit_rest_simple_file_handler, noit_http_rest_access 
    519519  ) == 0); 
    520520}