Localhost should be able to request all ressources if this is set via a config option
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
parent
8e63f75a71
commit
9966c84f54
|
@ -54,9 +54,6 @@ static void sha256_hex(uint8_t *data, char *buffer)
|
|||
// Returns >= 0 for any valid authentication
|
||||
#define LOCALHOSTv4 "127.0.0.1"
|
||||
#define LOCALHOSTv6 "::1"
|
||||
#define API_AUTH_UNUSED -1
|
||||
#define API_AUTH_LOCALHOST -2
|
||||
#define API_AUTH_EMPTYPASS -3
|
||||
int check_client_auth(struct mg_connection *conn)
|
||||
{
|
||||
int user_id = -1;
|
||||
|
@ -114,7 +111,7 @@ int check_client_auth(struct mg_connection *conn)
|
|||
break;
|
||||
}
|
||||
}
|
||||
if(user_id > API_AUTH_UNUSED)
|
||||
if(user_id > API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
// Authentication succesful:
|
||||
// - We know this client
|
||||
|
@ -187,7 +184,7 @@ static int get_session_object(struct mg_connection *conn, cJSON *json, const int
|
|||
}
|
||||
|
||||
// Valid session
|
||||
if(user_id > API_AUTH_UNUSED && auth_data[user_id].used)
|
||||
if(user_id > API_AUTH_UNAUTHORIZED && auth_data[user_id].used)
|
||||
{
|
||||
cJSON *session = JSON_NEW_OBJ();
|
||||
JSON_OBJ_ADD_BOOL(session, "valid", true);
|
||||
|
@ -240,7 +237,7 @@ static int send_api_auth_status(struct mg_connection *conn, const int user_id, c
|
|||
JSON_SEND_OBJECT(json);
|
||||
}
|
||||
|
||||
if(user_id > API_AUTH_UNUSED && (method == HTTP_GET || method == HTTP_POST))
|
||||
if(user_id > API_AUTH_UNAUTHORIZED && (method == HTTP_GET || method == HTTP_POST))
|
||||
{
|
||||
if(config.debug & DEBUG_API)
|
||||
logg("API Auth status: OK");
|
||||
|
@ -257,7 +254,7 @@ static int send_api_auth_status(struct mg_connection *conn, const int user_id, c
|
|||
get_session_object(conn, json, user_id, now);
|
||||
JSON_SEND_OBJECT(json);
|
||||
}
|
||||
else if(user_id > API_AUTH_UNUSED && method == HTTP_DELETE)
|
||||
else if(user_id > API_AUTH_UNAUTHORIZED && method == HTTP_DELETE)
|
||||
{
|
||||
if(config.debug & DEBUG_API)
|
||||
logg("API Auth status: Logout, asking to delete cookie");
|
||||
|
@ -351,7 +348,7 @@ int api_auth(struct mg_connection *conn)
|
|||
char *password_hash = get_password_hash();
|
||||
const bool empty_password = (strlen(password_hash) == 0u);
|
||||
|
||||
int user_id = API_AUTH_UNUSED;
|
||||
int user_id = API_AUTH_UNAUTHORIZED;
|
||||
const struct mg_request_info *request = mg_get_request_info(conn);
|
||||
|
||||
bool reponse_set = false;
|
||||
|
@ -391,7 +388,7 @@ int api_auth(struct mg_connection *conn)
|
|||
}
|
||||
|
||||
// If this is a valid session, we can exit early at this point
|
||||
if(user_id != API_AUTH_UNUSED)
|
||||
if(user_id != API_AUTH_UNAUTHORIZED)
|
||||
return send_api_auth_status(conn, user_id, method, now);
|
||||
|
||||
// Login attempt and/or auth check
|
||||
|
@ -432,7 +429,7 @@ int api_auth(struct mg_connection *conn)
|
|||
}
|
||||
|
||||
// Debug logging
|
||||
if(config.debug & DEBUG_API && user_id > API_AUTH_UNUSED)
|
||||
if(config.debug & DEBUG_API && user_id > API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
char timestr[128];
|
||||
get_timestr(timestr, auth_data[user_id].valid_until);
|
||||
|
@ -440,7 +437,7 @@ int api_auth(struct mg_connection *conn)
|
|||
user_id, timestr, auth_data[user_id].remote_addr,
|
||||
response_correct ? "correct response" : "empty password");
|
||||
}
|
||||
if(user_id == API_AUTH_UNUSED)
|
||||
if(user_id == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
logg("WARNING: No free API seats available, not authenticating client");
|
||||
}
|
||||
|
|
|
@ -48,7 +48,7 @@ static int get_blocking(struct mg_connection *conn)
|
|||
static int set_blocking(struct mg_connection *conn)
|
||||
{
|
||||
// Verify requesting client is allowed to access this ressource
|
||||
if(check_client_auth(conn) < 0)
|
||||
if(check_client_auth(conn) == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
return send_json_unauthorized(conn);
|
||||
}
|
||||
|
@ -131,7 +131,7 @@ int api_dns_blockingstatus(struct mg_connection *conn)
|
|||
int api_dns_cacheinfo(struct mg_connection *conn)
|
||||
{
|
||||
// Verify requesting client is allowed to access this ressource
|
||||
if(check_client_auth(conn) < 0)
|
||||
if(check_client_auth(conn) == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
return send_json_unauthorized(conn);
|
||||
}
|
||||
|
|
|
@ -63,7 +63,7 @@ fifologData *fifo_log = NULL;
|
|||
int api_ftl_dnsmasq_log(struct mg_connection *conn)
|
||||
{
|
||||
// Verify requesting client is allowed to see this ressource
|
||||
if(check_client_auth(conn) < 0)
|
||||
if(check_client_auth(conn) == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
return send_json_unauthorized(conn);
|
||||
}
|
||||
|
@ -128,7 +128,7 @@ int api_ftl_dnsmasq_log(struct mg_connection *conn)
|
|||
int api_ftl_database(struct mg_connection *conn)
|
||||
{
|
||||
// Verify requesting client is allowed to see this ressource
|
||||
if(check_client_auth(conn) < 0)
|
||||
if(check_client_auth(conn) == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
send_json_unauthorized(conn);
|
||||
}
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
int api_network(struct mg_connection *conn)
|
||||
{
|
||||
// Verify requesting client is allowed to see this ressource
|
||||
if(check_client_auth(conn) < 0)
|
||||
if(check_client_auth(conn) == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
return send_json_unauthorized(conn);
|
||||
}
|
||||
|
|
|
@ -175,7 +175,7 @@ int api_stats_top_domains(bool blocked, struct mg_connection *conn)
|
|||
bool audit = false;
|
||||
|
||||
// Verify requesting client is allowed to see this ressource
|
||||
if(check_client_auth(conn) < 0)
|
||||
if(check_client_auth(conn) == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
return send_json_unauthorized(conn);
|
||||
}
|
||||
|
@ -333,7 +333,7 @@ int api_stats_top_clients(bool blocked, struct mg_connection *conn)
|
|||
bool includezeroclients = false;
|
||||
|
||||
// Verify requesting client is allowed to see this ressource
|
||||
if(check_client_auth(conn) < 0)
|
||||
if(check_client_auth(conn) == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
return send_json_unauthorized(conn);
|
||||
}
|
||||
|
@ -457,7 +457,7 @@ int api_stats_upstreams(struct mg_connection *conn)
|
|||
int temparray[counters->forwarded][2];
|
||||
|
||||
// Verify requesting client is allowed to see this ressource
|
||||
if(check_client_auth(conn) < 0)
|
||||
if(check_client_auth(conn) == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
return send_json_unauthorized(conn);
|
||||
}
|
||||
|
@ -558,7 +558,7 @@ int api_stats_upstreams(struct mg_connection *conn)
|
|||
int api_stats_query_types(struct mg_connection *conn)
|
||||
{
|
||||
// Verify requesting client is allowed to see this ressource
|
||||
if(check_client_auth(conn) < 0)
|
||||
if(check_client_auth(conn) == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
return send_json_unauthorized(conn);
|
||||
}
|
||||
|
@ -594,7 +594,7 @@ int api_stats_history(struct mg_connection *conn)
|
|||
}
|
||||
|
||||
// Verify requesting client is allowed to see this ressource
|
||||
if(check_client_auth(conn) < 0)
|
||||
if(check_client_auth(conn) == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
return send_json_unauthorized(conn);
|
||||
}
|
||||
|
@ -1042,7 +1042,7 @@ int api_stats_recentblocked(struct mg_connection *conn)
|
|||
unsigned int show = 1;
|
||||
|
||||
// Verify requesting client is allowed to see this ressource
|
||||
if(check_client_auth(conn) < 0)
|
||||
if(check_client_auth(conn) == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
return send_json_unauthorized(conn);
|
||||
}
|
||||
|
@ -1113,7 +1113,7 @@ int api_stats_overTime_clients(struct mg_connection *conn)
|
|||
int sendit = -1, until = OVERTIME_SLOTS;
|
||||
|
||||
// Verify requesting client is allowed to see this ressource
|
||||
if(check_client_auth(conn) < 0)
|
||||
if(check_client_auth(conn) == API_AUTH_UNAUTHORIZED)
|
||||
{
|
||||
return send_json_unauthorized(conn);
|
||||
}
|
||||
|
|
21
src/enums.h
21
src/enums.h
|
@ -156,11 +156,16 @@ enum events {
|
|||
} __attribute__ ((packed));
|
||||
|
||||
|
||||
enum gravitry_domainlist_indices {
|
||||
GRAVITY_DOMAINLIST_EXACT_WHITELIST = 0,
|
||||
GRAVITY_DOMAINLIST_EXACT_BLACKLIST = 1,
|
||||
GRAVITY_DOMAINLIST_REGEX_WHITELIST = 2,
|
||||
GRAVITY_DOMAINLIST_REGEX_BLACKLIST = 3
|
||||
enum domainlist_type {
|
||||
GRAVITY_DOMAINLIST_ALLOW_EXACT,
|
||||
GRAVITY_DOMAINLIST_ALLOW_REGEX,
|
||||
GRAVITY_DOMAINLIST_ALLOW_ALL,
|
||||
GRAVITY_DOMAINLIST_DENY_EXACT,
|
||||
GRAVITY_DOMAINLIST_DENY_REGEX,
|
||||
GRAVITY_DOMAINLIST_DENY_ALL,
|
||||
GRAVITY_DOMAINLIST_ALL_EXACT,
|
||||
GRAVITY_DOMAINLIST_ALL_REGEX,
|
||||
GRAVITY_DOMAINLIST_ALL_ALL
|
||||
} __attribute__ ((packed));
|
||||
|
||||
enum gravity_tables {
|
||||
|
@ -194,4 +199,10 @@ enum refresh_hostnames {
|
|||
REFRESH_NONE
|
||||
} __attribute__ ((packed));
|
||||
|
||||
enum api_auth_status {
|
||||
API_AUTH_UNAUTHORIZED = -1,
|
||||
API_AUTH_LOCALHOST = -2,
|
||||
API_AUTH_EMPTYPASS = -3,
|
||||
} __attribute__ ((packed));
|
||||
|
||||
#endif // ENUMS_H
|
||||
|
|
Loading…
Reference in New Issue