Proxy unlocking authentication is ready.

git-svn-id: svn://botcastle1b/yplom/proxy@3 05ce6ebb-7522-4a6e-a768-0026ae12be9f

diff --git a/access.c b/access.c
new file mode 100644 (file)
index 0000000..bb67bbd
--- /dev/null
+++ b/access.c
@@ -0,0 +1,13 @@
+//The SETUID wrapper.
+
+#include <unistd.h>
+#include <stdio.h>
+
+#define ACCESS_PATH "/yplom/bin/proxy/access.pl"
+#define ACCESS_LOG  "/yplom/log/proxy/access-stderr.log"
+
+int main(int argc, char *argv[], char *envp[])
+{
+       freopen(ACCESS_LOG,"at",stderr);
+       return execve(ACCESS_PATH,argv,envp);
+}

diff --git a/access.pl b/access.pl
index 2f458b469cb83fe0e5d058f12546012f1dc6ce35..d8886ccfa362ea438c840f1f23187105fecb1e8e 100644 (file)
--- a/access.pl
+++ b/access.pl
@@ -1,16 +1,49 @@
 #!/usr/bin/perl
 
-use constant REWRITE_URL => 'bicyclesonthemoon.info:59443';
+use constant ACCESS_PATH    => '/yplom/data/proxy/access/';
+use constant TIMEOUT_UNLOCK => 90;
+use constant TIMEOUT_INACT  => 15;
 
 $|=1;
+$timeout_unlock = TIMEOUT_UNLOCK*60;
+$timeout_inact = TIMEOUT_INACT*60;
 
 while (<STDIN>) {
-       $a=$_;
-       if ($a =~ /^([0-9]+ )/) {
+       $line=$_;
+       if ($line =~ s/^([0-9]+ )//) {
                print $1;
        }
-       print "ERR\n";
-       open ($log,">>","/yplom/log/proxy/acl") or exit;
-       print $log $a;
-       close($log);
+       
+       $accesstime = time();
+       # print '+++ '.$line."\n";
+       
+       if ($line =~ /^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)( .*)?$/) {
+               $IP = $1;
+               $accesspath=ACCESS_PATH.$IP;
+               if (open ($accessfile,"<",$accesspath)) {
+                       $unlocktime=<$accessfile>;
+                       $lasttime=<$accessfile>;
+                       close($accessfile);
+                       $unlocktime =~ s/\n//g;
+                       $lasttime =~ s/\n//g;
+                       
+                       if ((abs($accesstime-$unlocktime)>$timeout_unlock) or (abs($accesstime-$unlocktime)>$timeout_inact)){
+                               print "ERR too long\n";
+                               unlink $accesspath;
+                       }
+                       else {
+                               print "OK\n";
+                               if (open ($accessfile,">",$accesspath)) {
+                                       print $accessfile "$unlocktime\n$accesstime\n";
+                                       close ($accessfile);
+                               }
+                       }
+               }
+               else {
+                       print "ERR\n";
+               }
+       }
+       else {
+               print "ERR\n";
+       }
 }

diff --git a/makefile b/makefile
index ab1eef908c02077ee1b60f2fe2ade945ac50c3cd..dee34ee609838b68b15294213007cb8174978dd8 100644 (file)
--- a/makefile
+++ b/makefile
@@ -11,14 +11,14 @@ all: moveout copyout
 moveout: proxy rewrite access setuid exec
        mv proxy access rewrite $(OD)
 
-copyout: proxy.pl setuid exec
-       cp proxy.pl $(OD)
+copyout: proxy.pl access.pl setuid exec
+       cp proxy.pl access.pl $(OD)
 
-setuid: proxy
-       chmod u+s proxy
+setuid: proxy access
+       chmod u+s proxy access
 
-exec: rewrite access proxy
-       chmod +x rewrite access proxy
+exec: rewrite access.pl proxy.pl proxy
+       chmod +x rewrite access.pl proxy.pl proxy
 
 proxy: proxy.c
        $(CC) $(CF) -o proxy proxy.c
@@ -26,5 +26,5 @@ proxy: proxy.c
 rewrite: rewrite.pl
        cp rewrite.pl rewrite
 
-access: access.pl
-       cp access.pl access
+access: access.c
+       $(CC) $(CF) -o access access.c

diff --git a/proxy.pl b/proxy.pl
index 94307f772971287e385dc24eb67f578e327a3902..1f9691d5144ead5e0c5443f2c9ae7f20feb81fe3 100755 (executable)
--- a/proxy.pl
+++ b/proxy.pl
@@ -2,15 +2,20 @@
 
 use POSIX qw(strftime);
 
-use constant ACCESS_LOG        => '/yplom/log/proxy/access.log';
-use constant DATA_PATH         => '/yplom/data/proxy/';
-use constant PASS_PATH         => '/yplom/data/proxy/pass/';
-use constant ACCESS_PATH       => '/yplom/data/proxy/access/';
-use constant UNLOCK_PROXY_URL  => 'https://yplom.bicyclesonthemoon.info/proxy/unlock';
-use constant UNLOCK_PROXY_HOST => qr/^yplom\.bicyclesonthemoon\.info(:[0-9]*)?$/;
-use constant UNLOCK_PROXY_PATH => qr/^\/proxy\/unlock\/?$/;
+use constant ACCESS_LOG         => '/yplom/log/proxy/access.log';
+use constant DATA_PATH          => '/yplom/data/proxy/';
+use constant PASS_PATH          => '/yplom/data/proxy/pass/';
+use constant ACCESS_PATH        => '/yplom/data/proxy/access/';
+use constant UNLOCK_PROXY_URL   => 'http://yplom.bicyclesonthemoon.info/proxy/unlock';
+use constant UNLOCK_PROXY_URL_S => 'https://yplom.bicyclesonthemoon.info/proxy/unlock';
+use constant UNLOCK_PROXY_HOST  => qr/^yplom\.bicyclesonthemoon\.info(:[0-9]*)?$/;
+use constant UNLOCK_PROXY_PATH  => qr/^\/proxy\/unlock\/?$/;
+use constant TIMEOUT_UNLOCK => 90;
+use constant TIMEOUT_INACT  => 15;
 
 $accesstime = time();
+$timeout_unlock = TIMEOUT_UNLOCK*60;
+$timeout_inact = TIMEOUT_INACT*60;
 
 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
 $ENV{'PATH'}='/usr/local/bin:/usr/bin:/bin';
@@ -19,9 +24,51 @@ if (($ENV{'HTTP_HOST'} =~ UNLOCK_PROXY_HOST) and ($ENV{'PATH_INFO'} =~ UNLOCK_PR
        unlock();
 }
 else {
-       debag();
+       if(access()) {
+               debag();
+       }
+       else {
+               noaccess();
+       }
 }
 
+sub access { #kind of doubles the functionality of access.pl but for http
+       if($ENV{'HTTP_HOST'} =~ UNLOCK_PROXY_HOST){
+               return 1;
+       }
+       if ($ENV{'REMOTE_ADDR'} =~ /^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/) {
+               $IP = $1;
+               if ($IP eq '127.0.0.1') {
+                       return 1;
+               }
+               $accesspath=ACCESS_PATH.$IP;
+               if (open ($accessfile,"<",$accesspath)) {
+                       $unlocktime=<$accessfile>;
+                       $lasttime=<$accessfile>;
+                       close($accessfile);
+                       $unlocktime =~ s/\n//g;
+                       $lasttime =~ s/\n//g;
+                       
+                       if ((abs($accesstime-$unlocktime)>$timeout_unlock) or (abs($accesstime-$unlocktime)>$timeout_inact)){
+                               unlink $accesspath;
+                               return 0;
+                       }
+                       else {
+                               if (open ($accessfile,">",$accesspath)) {
+                                       print $accessfile "$unlocktime\n$accesstime\n";
+                                       close ($accessfile);
+                               }
+                               return 1;
+                       }
+               }
+               else {
+                       return 0;
+               }
+       }
+       else {
+               return 0;
+       }
+}
 sub unlock {
        if ($ENV{'REMOTE_ADDR'} =~ /^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/) {
                $IP=$1;
@@ -80,7 +127,7 @@ sub unlock {
        
        $accesspath=ACCESS_PATH.$IP;
        open ($accessfile,">",$accesspath) or return unlockpage("$accesspath","Status: 403 Forbidden\n");
-       print $accessfile "$accesstime\n$accesstime";
+       print $accessfile "$accesstime\n$accesstime\n";
        close ($accessfile);
        
        return unlockedpage();
@@ -123,7 +170,7 @@ sub unlockpage {
        if($message ne ''){
                print $message;
        }
-       print '<form method="post" action="'.UNLOCK_PROXY_URL.'">';
+       print '<form method="post" action="'.UNLOCK_PROXY_URL_S.'">';
        print '<b>Username: </b><input type="text" name="username"><br>';
        print '<b>Password: </b><input type="password" name="password"><br>';
        print '<b>IP: </b><input type="text" name="ip" value="'.$IP.'"><br>';
@@ -154,6 +201,21 @@ sub unlockedpage {
        print "</ul></body></html>\n";
 }
 
+sub noaccess {
+       print "Status: 403 Forbidden\n;";
+       print "Content-type: text/html\n\n";
+       print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">';
+       print '<html lang="en"><head>';
+       print '<title>Proxy not unlocked</title>';
+       print '<meta http-equiv="Content-type" content="text/html; charset=UTF-8">';
+       print '</head><body>';
+       print '<h1>Proxy not unlocked</h1>';
+       print 'The proxy is not unlocked for your IP.<br>';
+       print 'Follow this link to unlock the proxy:<br>';
+       print '<a href="'.UNLOCK_PROXY_URL.'">'.UNLOCK_PROXY_URL.'</a>';
+       print "</body></html>\n";
+}
+
 sub debag {
        print "Content-type: text/plain\n\n";
        foreach $envk (keys %ENV) {