From e1b9bc833c8d3e109a32c391e8fcf715534aaa7f Mon Sep 17 00:00:00 2001 From: Ken Moore Date: Tue, 9 Feb 2016 09:18:21 -0500 Subject: [PATCH 1/2] Fix up the detection of the localhost address when there is both IPv4 and IPv6 information available for the connection. --- src/server/AuthorizationManager.cpp | 4 ++-- src/server/WebServer.cpp | 15 ++++----------- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/src/server/AuthorizationManager.cpp b/src/server/AuthorizationManager.cpp index a652e58..9429419 100644 --- a/src/server/AuthorizationManager.cpp +++ b/src/server/AuthorizationManager.cpp @@ -78,7 +78,7 @@ int AuthorizationManager::checkAuthTimeoutSecs(QString token){ // == Token Generation functions QString AuthorizationManager::LoginUP(QHostAddress host, QString user, QString pass){ //Login w/ username & password - bool localhost = ( (host== QHostAddress::LocalHost) || (host== QHostAddress::LocalHostIPv6) ); + bool localhost = ( (host== QHostAddress::LocalHost) || (host== QHostAddress::LocalHostIPv6) || (host.toString()=="::ffff:127.0.0.1") ); bool ok = false; //First check that the user is valid on the system and part of the operator group bool isOperator = false; @@ -89,7 +89,7 @@ QString AuthorizationManager::LoginUP(QHostAddress host, QString user, QString p return ""; //user not allowed access if not in either of the wheel/operator groups } }else{ isOperator = true; } - //qDebug() << "Check username/password" << user << pass; + qDebug() << "Check username/password" << user << pass << localhost; //Need to run the full username/password through PAM if(!localhost || user=="root" || user=="toor"){ ok = pam_checkPW(user,pass); diff --git a/src/server/WebServer.cpp b/src/server/WebServer.cpp index 637d37a..e04fb80 100644 --- a/src/server/WebServer.cpp +++ b/src/server/WebServer.cpp @@ -159,7 +159,7 @@ void WebServer::NewConnectError(QAbstractSocket::SocketError err){ //Socket Blacklist function void WebServer::BlackListConnection(QHostAddress addr){ //Make sure this is not the localhost (never block that) - if(addr!= QHostAddress(QHostAddress::LocalHost) && addr != QHostAddress(QHostAddress::LocalHostIPv6) ){ + if(addr!=QHostAddress(QHostAddress::LocalHost) && addr!=QHostAddress(QHostAddress::LocalHostIPv6) && addr.toString()!="::ffff:127.0.0.1" ){ //Block this remote host LogManager::log(LogManager::HOST,"Blacklisting IP Temporarily: "+addr.toString()); CONFIG->setValue("blacklist/"+addr.toString(), QDateTime::currentDateTime()); @@ -178,16 +178,9 @@ void WebServer::ServerError(QWebSocketProtocol::CloseCode code){ // - SSL/Authentication Signals (still websocket only) void WebServer::OriginAuthRequired(QWebSocketCorsAuthenticator *auth){ - qDebug() << "Origin Auth Required:" << auth->origin(); - //if(auth->origin() == this->serverAddress().toString()){ - // TO-DO: Provide some kind of address filtering routine for which to accept/reject - qDebug() << " - Allowed"; - auth->setAllowed(true); - //}else{ - //qDebug() << " - Not Allowed"; - //auth->setAllowed(false); - //} - + //This just provides the ability to check the URL/app which is trying to connect from + // - this is not really useful right now since anything could be set there (accurate or not) + auth->setAllowed(true); } void WebServer::ConnectError(QAbstractSocket::SocketError err){ From 787369def3320c577084aeb42dcc7f0f8f1e8294 Mon Sep 17 00:00:00 2001 From: Ken Moore Date: Tue, 9 Feb 2016 09:57:50 -0500 Subject: [PATCH 2/2] Change the default reply code for an invalid subsystem to 400 BadRequest instead of 404 NoContent. --- src/server/WebBackend.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/server/WebBackend.cpp b/src/server/WebBackend.cpp index 689cf5c..3ed1b73 100644 --- a/src/server/WebBackend.cpp +++ b/src/server/WebBackend.cpp @@ -91,7 +91,7 @@ RestOutputStruct::ExitCode WebSocket::EvaluateBackendRequest(const RestInputStru }else{ QJsonObject avail; AvailableSubsystems(IN.fullaccess, &avail); - if(!avail.contains(namesp+"/"+name)){ return RestOutputStruct::NOTFOUND; } + if(!avail.contains(namesp+"/"+name)){ return RestOutputStruct::BADREQUEST; } } //Go through and forward this request to the appropriate sub-system