Changeset 486

Timestamp:

08/12/08 08:57:52 (5 months ago)

Author:

heyadayo

Message:

Added host-based ACL -- closes ticket 40

Location:

trunk/daemon

Files:

• orbited-debug.cfg (modified) (1 diff)
• orbited.cfg (modified) (1 diff)
• orbited/cometsession.py (modified) (4 diffs)
• orbited/config.py (modified) (2 diffs)
• orbited/proxy.py (modified) (1 diff)
• orbited/static/xsdrBridge.html (modified) (1 diff)

trunk/daemon/orbited-debug.cfg

@@ -15 +15 @@
 
 [access]
-irc.freenode.net:6667
-localhost:6667
-localhost:61613
-localhost:7
+localhost:8001-> irc.freenode.net:6667
+* -> irc.freenode.org:6667
+* -> localhost:6163
+* -> localhost:7
+localhost:8001 -> localhost:6667
 
 [logging]

trunk/daemon/orbited.cfg

@@ -14 +14 @@
 
 [static]
-#tmp=/tmp
 
 [access]
-irc.freenode.net:6667
-localhost:61613
+127.0.0.1:8001 -> irc.freenode.net:6667
+localhost:8001 -> irc.freenode.net:6667
+0.0.0.0:8001 -> irc.freenode.net:6667
 
 [logging]

trunk/daemon/orbited/cometsession.py

@@ -138 +138 @@
         self.protocol.connectionLost(None)
             
+    hostHeader = property(lambda s: s.transportProtocol.hostHeader)
     
 class TCPConnectionResource(resource.Resource):
@@ -149 +150 @@
     pingInterval = 40
 
-    def __init__(self, root, key, peer, host, **options):
+    def __init__(self, root, key, peer, host, hostHeader, **options):
         resource.Resource.__init__(self)
         
@@ -156 +157 @@
         self.peer = peer
         self.host = host
+        self.hostHeader = hostHeader
         self.transport = None
         self.cometTransport = None
@@ -413 +415 @@
         print request.getClientIP(), repr(request.getClientIP())
         # request.client and request.host should be address.IPv4Address classes
-        self.connections[key] = TCPConnectionResource(self, key, request.client, request.host)
+        hostHeader = request.headers.get('Host', '')
+        self.connections[key] = TCPConnectionResource(self, key, request.client, request.host, hostHeader)
         self.listeningPort.connectionMade(self.connections[key])
         self.logger.debug('created conn: ', repr(self.connections[key]))

trunk/daemon/orbited/config.py

@@ -35 +35 @@
     },
 
-    '[access]': [
-        #('irc.freenode.net', 6667),
-    ],
+    '[access]': {
+        #('irc.freenode.net', 6667): ['localhost:8001', '127.0.0.1:8001'],
+    },
 
     '[static]': {
@@ -104 +104 @@
             # assign each source in the proxy section to a target address and port
             if section == '[access]':
-                if ':' in line:
-                    addr, port = line.split(':', 1)
-                    port = int(port)
+                if '->' not in line:
+                    raise ValueError, "line %s -- [access] lines must contain an ->" % (i+1)
+                source, dest = line.split('->')
+                source, dest = source.strip(), dest.strip()
+                print 'dest is', dest
+                print 'source is', source
+                if ':' in dest:
+                    daddr, dport = dest.split(':', 1)
+                    dport = int(dport)
                 else:
-                    addr, port = target, 80
-                map[section].append((addr, port))
+                    daddr, dport = dest, 80
+                if (daddr, dport) not in map[section]:
+                    map[section][(daddr, dport)] = []
+                map[section][(daddr, dport)].append(source)
                 continue
             if section == '[listen]':

trunk/daemon/orbited/proxy.py

@@ -51 +51 @@
                 return
             peer = self.transport.getPeer()
-            if (host, port) not in config.map['[access]']:
+            allowed = False
+            for source in config.map['[access]'].get((host, port), []):
+                if source == self.transport.hostHeader or source == '*':
+                    allowed = True
+                    break
+            if not allowed:
                 self.logger.warn('Unauthorized connect from %r:%d to %r:%d' % (peer.host, peer.port, host, port))
                 self.transport.write("0" + str(ERRORS['Unauthorized']))

trunk/daemon/orbited/static/xsdrBridge.html

@@ -130 +130 @@
     var responseIndex = 0;
     xhr.onreadystatechange = function() {
-        debug('onreadystatechange', xhr.readyState);
-        var payload = {
-            readyState: xhr.readyState
+        // NOTE: after an abort, a readystatechange will cause an error...
+        // TOOD: to aborts by pushing 'ABORT' instead of ifr.src= null from the
+        //       parent (Orbited.XSDR.abort)
+        try {
+;;;         debug('onreadystatechange', xhr.readyState);
+            var payload = {
+                readyState: xhr.readyState
+            }
+            try {
+                payload['status'] = xhr.status
+            }
+            catch(e) {           
+            }
+            try {
+                var data = xhr.responseText.slice(responseIndex)
+                responseIndex = xhr.responseText.length;
+                payload['responseText'] = data;
+            }
+            catch(e) {
+            }
+;;;         debug('pushing payload', payload);
+            push(["readystatechange", payload])
+    
+            if (xhr.readyState == 4) {
+                req = null;
+                return doNextRequest();
+            }
         }
-        try {
-            payload['status'] = xhr.status
-        }
-        catch(e) {           
-        }
-        try {
-            var data = xhr.responseText.slice(responseIndex)
-            responseIndex = xhr.responseText.length;
-            payload['responseText'] = data;
-        }
-        catch(e) {
-        }
-        debug('pushing payload', payload)
-        push(["readystatechange", payload])
-
-        if (xhr.readyState == 4) {
-            req = null;
-            return doNextRequest();
-        }
+    catch(e) {
+    }
     }
     xhr.open(smethod, surl, true)