comment.hh \
common_startup.cc common_startup.hh \
communicator.cc communicator.hh \
+ credentials.cc credentials.hh \
dbdnsseckeeper.cc \
digests.hh \
distributor.hh \
bindparser.yy \
cachecleaner.hh \
circular_buffer.hh \
+ credentials.cc credentials.hh \
dbdnsseckeeper.cc \
dns.cc \
dns_random.cc \
axfr-retriever.cc \
base32.cc \
base64.cc base64.hh \
+ credentials.cc credentials.hh \
dns.cc \
dns_random_urandom.cc dns_random.hh \
dnslabeltext.cc \
webserver.hh webserver.cc \
zoneparser-tng.cc
-
ixfrdist_LDADD = \
$(BOOST_PROGRAM_OPTIONS_LIBS) \
$(JSON11_LIBS) \
$(BOOST_PROGRAM_OPTIONS_LDFLAGS) \
$(LIBCRYPTO_LDFLAGS)
+if LIBSODIUM
+ixfrdist_LDADD += $(LIBSODIUM_LIBS)
+endif
+
if PKCS11
ixfrdist_SOURCES += pkcs11signers.cc pkcs11signers.hh
ixfrdist_LDADD += $(P11KIT1_LIBS)
capabilities.cc capabilities.hh \
circular_buffer.hh \
comment.hh \
+ credentials.cc credentials.hh \
dns.hh dns.cc \
dns_random.hh dns_random.cc \
dnsbackend.hh \
pdns_recursor_SOURCES += \
sodiumsigners.cc
pdns_recursor_LDADD += $(LIBSODIUM_LIBS)
+
+rec_control_LDADD = $(LIBSODIUM_LIBS)
+
testrunner_SOURCES += \
sodiumsigners.cc
testrunner_LDADD += $(LIBSODIUM_LIBS)
rec_control_SOURCES = \
arguments.cc arguments.hh \
+ credentials.cc credentials.hh \
dnslabeltext.cc \
dnsname.hh dnsname.cc \
logger.cc \
--- /dev/null
+../credentials.cc
\ No newline at end of file
--- /dev/null
+../credentials.hh
\ No newline at end of file
return doc;
}
-bool HttpRequest::compareAuthorization(const string &expected_password)
+bool HttpRequest::compareAuthorization(const CredentialsHolder& credentials) const
{
// validate password
- YaHTTP::strstr_map_t::iterator header = headers.find("authorization");
+ auto header = headers.find("authorization");
bool auth_ok = false;
if (header != headers.end() && toLower(header->second).find("basic ") == 0) {
string cookie = header->second.substr(6);
vector<string> cparts;
stringtok(cparts, plain, ":");
- // this gets rid of terminating zeros
- auth_ok = (cparts.size()==2 && (0==strcmp(cparts[1].c_str(), expected_password.c_str())));
+ auth_ok = (cparts.size() == 2 && credentials.matches(cparts[1].c_str()));
}
return auth_ok;
}
-bool HttpRequest::compareHeader(const string &header_name, const string &expected_value)
+bool HttpRequest::compareHeader(const string &header_name, const string &expected_value) const
{
- YaHTTP::strstr_map_t::iterator header = headers.find(header_name);
- if (header == headers.end())
+ auto header = headers.find(header_name);
+ if (header == headers.end()) {
return false;
+ }
// this gets rid of terminating zeros
return (0==strcmp(header->second.c_str(), expected_value.c_str()));
}
+bool HttpRequest::compareHeader(const string &header_name, const CredentialsHolder& credentials) const
+{
+ auto header = headers.find(header_name);
+ if (header == headers.end()) {
+ return false;
+ }
+
+ return credentials.matches(header->second);
+}
+
void HttpResponse::setPlainBody(const string& document)
{
this->headers["Content-Type"] = "text/plain; charset=utf-8";
resp->headers["access-control-allow-origin"] = "*";
- if (d_apikey.empty()) {
+ if (!d_apikey) {
g_log<<Logger::Error<<req->logprefix<<"HTTP API Request \"" << req->url.path << "\": Authentication failed, API Key missing in config" << endl;
throw HttpUnauthorizedException("X-API-Key");
}
- bool auth_ok = req->compareHeader("x-api-key", d_apikey) || req->getvars["api-key"] == d_apikey;
+ bool auth_ok = req->compareHeader("x-api-key", *d_apikey) || d_apikey->matches(req->getvars["api-key"]);
if (!auth_ok && allowPassword) {
- if (!d_webserverPassword.empty()) {
- auth_ok = req->compareAuthorization(d_webserverPassword);
+ if (d_webserverPassword) {
+ auth_ok = req->compareAuthorization(*d_webserverPassword);
} else {
auth_ok = true;
}
}
void WebServer::webWrapper(const WebServer::HandlerFunction& handler, HttpRequest* req, HttpResponse* resp) {
- if (!d_webserverPassword.empty()) {
- bool auth_ok = req->compareAuthorization(d_webserverPassword);
+ if (d_webserverPassword) {
+ bool auth_ok = req->compareAuthorization(*d_webserverPassword);
if (!auth_ok) {
g_log<<Logger::Debug<<req->logprefix<<"HTTP Request \"" << req->url.path << "\": Web Authentication failed" << endl;
throw HttpUnauthorizedException("Basic");
#include <list>
#include <boost/utility.hpp>
#include <yahttp/yahttp.hpp>
+
#include "json11.hpp"
+
+#include "credentials.hh"
#include "namespaces.hh"
#include "sstuff.hh"
json11::Json json();
// checks password _only_.
- bool compareAuthorization(const string &expected_password);
- bool compareHeader(const string &header_name, const string &expected_value);
+ bool compareAuthorization(const CredentialsHolder& expectedCredentials) const;
+ bool compareHeader(const string &header_name, const CredentialsHolder& expectedCredentials) const;
+ bool compareHeader(const string &header_name, const string &expected_value) const;
};
class HttpResponse: public YaHTTP::Response {
virtual ~WebServer() { };
void setApiKey(const string &apikey) {
- d_apikey = apikey;
+ if (!apikey.empty()) {
+ d_apikey = make_unique<CredentialsHolder>(std::string(apikey));
+ }
+ else {
+ d_apikey.reset();
+ }
}
void setPassword(const string &password) {
- d_webserverPassword = password;
+ if (!password.empty()) {
+ d_webserverPassword = make_unique<CredentialsHolder>(std::string(password));
+ }
+ else {
+ d_webserverPassword.reset();
+ }
}
void setMaxBodySize(ssize_t s) { // in megabytes
return std::make_shared<Server>(d_listenaddress, d_port);
}
+ void apiWrapper(const WebServer::HandlerFunction& handler, HttpRequest* req, HttpResponse* resp, bool allowPassword);
+ void webWrapper(const WebServer::HandlerFunction& handler, HttpRequest* req, HttpResponse* resp);
+
string d_listenaddress;
int d_port;
- string d_password;
std::shared_ptr<Server> d_server;
- std::string d_apikey;
- void apiWrapper(const WebServer::HandlerFunction& handler, HttpRequest* req, HttpResponse* resp, bool allowPassword);
- std::string d_webserverPassword;
- void webWrapper(const WebServer::HandlerFunction& handler, HttpRequest* req, HttpResponse* resp);
+ std::unique_ptr<CredentialsHolder> d_apikey{nullptr};
+ std::unique_ptr<CredentialsHolder> d_webserverPassword{nullptr};
ssize_t d_maxbodysize; // in bytes
projects / thirdparty / pdns.git / commitdiff
