Adding required security logging

2026-01-27 10:23:15 +00:00 · 2021-09-29 20:27:47 -07:00
parent 8211eebd23
commit 2dbdfec748
6 changed files with 12 additions and 71 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-28
+29
--- a/src/RESTAPI_errors.h
+++ b/src/RESTAPI_errors.h
@@ -49,6 +49,7 @@ namespace OpenWifi::RESTAPI::Errors {
    static const std::string InvalidEmailAddress{"Invalid email address."};
    static const std::string InvalidPassword{"Invalid password."};
    static const std::string PasswordRejected{"Password was rejected. This maybe an old password."};
+    static const std::string InvalidIPRanges{"Invalid IP range specifications."};
 }

 #endif //OWPROV_RESTAPI_ERRORS_H
--- a/src/RESTAPI_handler.cpp
+++ b/src/RESTAPI_handler.cpp
@@ -67,8 +67,6 @@ namespace OpenWifi {
    }

 	bool RESTAPIHandler::ParseBindings(const std::string & Request, const std::list<const char *> & EndPoints, BindingMap &bindings) {
-		std::string Param, Value;
-
 		bindings.clear();
 		std::vector<std::string> PathItems = Utils::Split(Request, '/');

@@ -79,7 +77,6 @@ namespace OpenWifi {

 			bool Matched = true;
 			for (auto i = 0; i != PathItems.size() && Matched; i++) {
-				// std::cout << "PATH:" << PathItems[i] << "  ENDPOINT:" << ParamItems[i] << std::endl;
 				if (PathItems[i] != ParamItems[i]) {
 					if (ParamItems[i][0] == '{') {
 						auto ParamName = ParamItems[i].substr(1, ParamItems[i].size() - 2);
@@ -270,6 +267,10 @@ namespace OpenWifi {
 		ErrorObject.set("ErrorDescription","This resource does not exist.");
 		std::ostream &Answer = Response->send();
 		Poco::JSON::Stringifier::stringify(ErrorObject, Answer);
+		Logger_.debug(Poco::format("RES-NOTFOUND: User='%s' Method='%s' Path='%s",
+                                   Utils::FormatIPv6(Request->clientAddress().toString()),
+                                   Request->getMethod(),
+                                   Request->getURI()));
 	}

 	void RESTAPIHandler::OK() {
--- a/src/Utils.cpp
+++ b/src/Utils.cpp
@@ -488,67 +488,4 @@ namespace OpenWifi::Utils {
 	    return Result;
 	}

-	static bool cidr_match(const in_addr &addr, const in_addr &net, uint8_t bits) {
-		if (bits == 0) {
-			return true;
-		}
-		return !((addr.s_addr ^ net.s_addr) & htonl(0xFFFFFFFFu << (32 - bits)));
-	}
-
-	static bool cidr6_match(const in6_addr &address, const in6_addr &network, uint8_t bits) {
-#ifdef __linux__
-		const uint32_t *a = address.s6_addr32;
-		const uint32_t *n = network.s6_addr32;
-#else
-		const uint32_t *a = address.__u6_addr.__u6_addr32;
-		const uint32_t *n = network.__u6_addr.__u6_addr32;
-#endif
-		int bits_whole, bits_incomplete;
-		bits_whole = bits >> 5;         // number of whole u32
-		bits_incomplete = bits & 0x1F;  // number of bits in incomplete u32
-		if (bits_whole) {
-			if (memcmp(a, n, bits_whole << 2)!=0) {
-				return false;
-			}
-		}
-		if (bits_incomplete) {
-			uint32_t mask = htonl((0xFFFFFFFFu) << (32 - bits_incomplete));
-			if ((a[bits_whole] ^ n[bits_whole]) & mask) {
-				return false;
-			}
-		}
-		return true;
-	}
-
-	static bool ConvertStringToLong(const char *S, unsigned long &L) {
-		char *end;
-		L = std::strtol(S,&end,10);
-		return end != S;
-	}
-
-	bool IPinRange(const std::string &Range, const Poco::Net::IPAddress &IP) {
-		Poco::StringTokenizer	TimeTokens(Range,"/",Poco::StringTokenizer::TOK_TRIM);
-
-		Poco::Net::IPAddress	RangeIP;
-		if(Poco::Net::IPAddress::tryParse(TimeTokens[0],RangeIP)) {
-			if(TimeTokens.count()==2) {
-				if (RangeIP.family() == Poco::Net::IPAddress::IPv4) {
-					unsigned long MaskLength;
-					if (ConvertStringToLong(TimeTokens[1].c_str(), MaskLength)) {
-						return cidr_match(*static_cast<const in_addr *>(RangeIP.addr()),
-										  *static_cast<const in_addr *>(IP.addr()), MaskLength);
-					}
-				} else if (RangeIP.family() == Poco::Net::IPAddress::IPv6) {
-					unsigned long MaskLength;
-					if (ConvertStringToLong(TimeTokens[1].c_str(), MaskLength)) {
-						return cidr6_match(*static_cast<const in6_addr *>(RangeIP.addr()),
-										   *static_cast<const in6_addr *>(IP.addr()), MaskLength);
-					}
-				}
-			}
-			return false;
-		}
-		return false;
-	}
-
 }
--- a/src/Utils.h
+++ b/src/Utils.h
@@ -71,11 +71,8 @@ namespace OpenWifi::Utils {

    [[nodiscard]] MediaTypeEncoding FindMediaType(const Poco::File &F);
    [[nodiscard]] std::string BinaryFileToHexString( const Poco::File &F);
-
    [[nodiscard]] std::string SecondsToNiceText(uint64_t Seconds);

-	[[nodiscard]] bool IPinRange(const std::string &Range, const Poco::Net::IPAddress &IP);
-
 	template< typename T >
 	std::string int_to_hex( T i )
 	{
--- a/src/uCentralProtocol.h
+++ b/src/uCentralProtocol.h
@@ -88,6 +88,8 @@ namespace OpenWifi::uCentralProtocol {
    static const char * TIMESTAMP = "timestamp";
    static const char * SYSTEM = "system";
    static const char * HOST = "host";
+    static const char * CONNECTIONIP = "connectionIp";
+    static const char * TELEMETRY = "telemetry";

 	enum EVENT_MSG {
 			ET_UNKNOWN,
@@ -99,7 +101,8 @@ namespace OpenWifi::uCentralProtocol {
 			ET_PING,
 			ET_CFGPENDING,
 			ET_RECOVERY,
-			ET_DEVICEUPDATE
+			ET_DEVICEUPDATE,
+			ET_TELEMETRY
 		};

 	static EVENT_MSG EventFromString(const std::string & Method) {
@@ -121,6 +124,8 @@ namespace OpenWifi::uCentralProtocol {
 			return ET_RECOVERY;
 		} else if (!Poco::icompare(Method, DEVICEUPDATE)) {
 			return ET_DEVICEUPDATE;
+		} else if (!Poco::icompare(Method, TELEMETRY)) {
+			return ET_TELEMETRY;
 		} else
 			return ET_UNKNOWN;
 	};