diff options
author | bbryant <bbryant@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-05-23 21:37:07 +0000 |
---|---|---|
committer | bbryant <bbryant@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-05-23 21:37:07 +0000 |
commit | 6c2a246cb723cdd61fca296509bf8585b6ace513 (patch) | |
tree | 396ab612a057a3a8b31efdd63468593e11dd3930 /main/http.c | |
parent | 4a2b4f6d063a702ad95911657d1ccc3c3f31c603 (diff) |
Merged revisions 118161 via svnmerge from
https://origsvn.digium.com/svn/asterisk/trunk
........
r118161 | bbryant | 2008-05-23 16:19:42 -0500 (Fri, 23 May 2008) | 3 lines
Add new functionality to http server that requires manager authentication for any path that includes a directory named 'private'. This patch also
requires manager authentication for any POST's being sent to the server as well to help secure uploads.
........
git-svn-id: http://svn.digium.com/svn/asterisk/branches/1.6.0@118168 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'main/http.c')
-rw-r--r-- | main/http.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/main/http.c b/main/http.c index edcbf386f..10eab25c3 100644 --- a/main/http.c +++ b/main/http.c @@ -145,6 +145,18 @@ static const char *ftype2mtype(const char *ftype, char *wkspace, int wkspacelen) return wkspace; } +static uint32_t manid_from_vars(struct ast_variable *sid) { + uint32_t mngid; + + while (sid && strcmp(sid->name, "mansession_id")) + sid = sid->next; + + if (!sid || sscanf(sid->value, "%x", &mngid) != 1) + return 0; + + return mngid; +} + static struct ast_str *static_callback(struct ast_tcptls_session_instance *ser, const char *uri, struct ast_variable *vars, int *status, char **title, int *contentlength) { char *path; @@ -187,6 +199,10 @@ static struct ast_str *static_callback(struct ast_tcptls_session_instance *ser, if (fd < 0) goto out403; + if (strstr(path, "/private/") && !astman_is_authed(manid_from_vars(vars))) { + goto out403; + } + ast_strftime(buf, sizeof(buf), "%a, %d %b %Y %H:%M:%S %Z", ast_localtime(&tv, &tm, "GMT")); fprintf(ser->f, "HTTP/1.1 200 OK\r\n" "Server: Asterisk/%s\r\n" |