1 /*_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
5 * Function:..Client-Check-Funktions *
9 * Authors:...Dr. Kurt Spanier & Bernhard Winkler, *
10 * Zentrum fuer Datenverarbeitung, Bereich Entwicklung *
11 * neuer Dienste, Universitaet Tuebingen, GERMANY *
14 * Creation date: Z D D V V *
15 * March 7 1996 Z D D V V *
16 * Last modification: Z D D V V *
17 * March 19 1999 ZZZZ DDD V *
19 _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_*/
22 * $Id: checkclient.c,v 1.6 1999/09/10 15:01:16 zrnsk01 Exp $
29 #include "charray_exp.h"
30 #include "checkclient.h"
31 #include "regular_exp.h"
33 PRIVATE int check4access (host, glob)
37 * check if host ends in a valid domain.
38 * return OK if so, NOTOK otherwise
42 (glob->allow_string ? checkad(host, glob->comp_allow, glob) : OK) &&
43 (glob->deny_string ? !checkad(host, glob->comp_deny, glob) : OK));
46 /* end of function: check4access */
49 PRIVATE int checkad (host, string, glob)
56 strcpy(nhost, host ? host : "unknown.xxx");
57 return( tweb_regexec( string, nhost ));
60 /* end of function: checkad */
62 /* Analyse Web-Client-Type / proxy + Log-Message */
64 PUBLIC void checkwwwclient (fp, ip_addr, ip_port, hp, glob)
72 char agent[BUFSIZ], via[BUFSIZ];
73 char *host = hp ? hp->h_name : "unknown";
77 if(!((glob->grant ? checkad(host, glob->comp_grant, glob) : OK) &&
78 (glob->refuse ? !checkad(host, glob->comp_refuse, glob) : OK))){
81 syslog (LOG_INFO, "%s REFUSED <%08d>",
82 glob->server_connection_msg, glob->svc_cnt);
84 if (http == 1) PRINT_HTML_HEADER;
85 fprintf( fp, HTML_HEAD_TITLE, "ACCESS DENIED", glob->la[100]);
86 disp_file(glob, glob->header, fp);
87 fprintf(fp, "%s", glob->la[97]);
88 disp_file(glob, glob->footer, fp);
90 close_ldap_connections(glob);
94 glob->is_proxy = FALSE;
95 while(fgets( in, BUFSIZ-1, fp ) && *trimright(in, WSPACE) ) {
96 if(strstr(in, "User-Agent:")){
98 if(strstr(str_tolower(in), PROXY_TOKEN1) ||
99 strstr(in, PROXY_TOKEN2))
100 glob->is_proxy = TRUE;
102 if(strstr(in, "Via:")){
104 glob->is_proxy = TRUE;
108 char useragent[BUFSIZ];
110 sprintf(useragent, "%s (%s,%u) %s",
111 *agent ? agent : "User-Agent: unknown",
112 ip_addr, ip_port, via);
113 glob->user_agent_msg = strdup(useragent);
116 /* check if access is allowed ... */
120 && ((check4access(str_tolower(hp->h_name), glob) == OK))
121 && !( glob->no_proxy && glob->is_proxy
122 && !charray_inlist(glob->allow_proxy, hp->h_name)
127 /* end of function: checkwwwclient */
129 PUBLIC void decide_access(glob)
134 /* access from a non allowed computer
135 ==> put webdn/webpw on a alternative value (if existant) */
136 glob->webdn = glob->webdn2;
137 glob->webpw = glob->webpw2;
140 if (dosyslog) syslog (LOG_INFO, "%s DENIED <%08d>",
141 glob->server_connection_msg, glob->svc_cnt);
145 /* if allowed and not strict: list persons without limits */
146 if (!glob->strict) glob->max_person = 0;
148 if (dosyslog) syslog (LOG_INFO, "%s ALLOWED <%08d>",
149 glob->server_connection_msg, glob->svc_cnt);
151 if (dosyslog) syslog (LOG_INFO, "%s <%08d>",
152 glob->user_agent_msg, glob->svc_cnt);
154 /* non configured max-person means full listing */
155 if (!glob->max_person) glob->max_person = 100000;
157 /* if result-lists shall be restricted: configure display of
159 glob->legal = glob->legal && (!glob->allowed || glob->strict);
161 /* if browsing should be restricted: configure no_browse-variable */
162 glob->no_browse = glob->no_browse &&
163 (glob->noauth || glob->strict);
167 /* end of function: decide_access */
169 /* Read ip_refuse dat_file and build up the data structure */
171 PUBLIC void get_ip_refuse_clients(glob)
174 if ( glob->ip_refuse ) {
179 size_t buflen = REFU_BUFSIZ;
180 size_t curlen = (size_t) 1;
182 if(!(rfp = fopen(glob->ip_refuse->dat_file, "r"))) {
186 if ( glob->ip_refuse->refu_str ) free( glob->ip_refuse->refu_str );
187 glob->ip_refuse->refu_str = ch_calloc( 1, REFU_BUFSIZ );
188 *glob->ip_refuse->refu_str = '&';
190 while(fgets(inLine, BUFSIZ-1, rfp)) {
193 if ( ( inLineP = strchr( inLine, '#' ) )) *inLineP = '\0';
194 inLineP = trim(inLine, " \t\n");
195 if ( *inLineP == '\0' ) continue;
197 inLen = strlen( inLineP );
198 if ( !( curlen + inLen + 1 < buflen )) {
200 glob->ip_refuse->refu_str =
201 ch_realloc( glob->ip_refuse->refu_str,
202 buflen + REFU_BUFSIZ );
203 buflen += REFU_BUFSIZ;
207 sprintf( glob->ip_refuse->refu_str, "%s%s&",
208 glob->ip_refuse->refu_str, inLineP );
216 } /* get_ip_refuse_clients */
219 /* Routine needed to initialize structure in init.c */
221 /* Test the incomming IP address for denial */
224 check_ip_denial( ip_connection, glob )
225 struct sockaddr_in *ip_connection;
230 if ( glob->ip_refuse ) {
233 sprintf( ip_address, "&%s&", inet_ntoa( ip_connection->sin_addr ));
234 if ( strstr( glob->ip_refuse->refu_str, ip_address ))
241 } /* check_ip_denial */
244 /* re-read IP-REFUSE file if necessary */
247 re_readIPrefuse( glob )
250 static int ip_refuse_reload = 0;
252 if ( glob->ip_refuse &&
253 !( ++ip_refuse_reload % glob->ip_refuse->rereadcycle )) {
254 get_ip_refuse_clients( glob );
257 } /* re_readIPrefuse */