[asterisk-commits] russell: branch group/http_mods r60484 - in
/team/group/http_mods: configs/ m...
asterisk-commits at lists.digium.com
asterisk-commits at lists.digium.com
Fri Apr 6 10:51:38 MST 2007
Author: russell
Date: Fri Apr 6 12:51:37 2007
New Revision: 60484
URL: http://svn.digium.com/view/asterisk?view=rev&rev=60484
Log:
Only allow authenticated manager sessions that have config write access to POST.
Also, update the sample config.
Modified:
team/group/http_mods/configs/http.conf.sample
team/group/http_mods/main/http.c
team/group/http_mods/main/minimime/Makefile
Modified: team/group/http_mods/configs/http.conf.sample
URL: http://svn.digium.com/view/asterisk/team/group/http_mods/configs/http.conf.sample?view=diff&rev=60484&r1=60483&r2=60484
==============================================================================
--- team/group/http_mods/configs/http.conf.sample (original)
+++ team/group/http_mods/configs/http.conf.sample Fri Apr 6 12:51:37 2007
@@ -26,3 +26,15 @@
; requests must begin with /asterisk
;
;prefix=asterisk
+
+; The post_mappings section maps URLs to real paths on the filesystem. If a
+; POST is done from within an authenticated manager session to one of the
+; configured POST mappings, then any files in the POST will be placed in the
+; configured directory.
+;
+;[post_mappings]
+;
+; In this example, if the prefix option is set to "asterisk", then using the
+; POST URL: /asterisk/uploads will put files in /var/lib/asterisk/uploads/.
+;uploads = /var/lib/asterisk/uploads/
+;
Modified: team/group/http_mods/main/http.c
URL: http://svn.digium.com/view/asterisk/team/group/http_mods/main/http.c?view=diff&rev=60484&r1=60483&r2=60484
==============================================================================
--- team/group/http_mods/main/http.c (original)
+++ team/group/http_mods/main/http.c Fri Apr 6 12:51:37 2007
@@ -57,6 +57,7 @@
#include "asterisk/options.h"
#include "asterisk/config.h"
#include "asterisk/version.h"
+#include "asterisk/manager.h"
#define MAX_PREFIX 80
#define DEFAULT_PREFIX "/asterisk"
@@ -368,7 +369,8 @@
}
static char *handle_post(struct ast_http_server_instance *ser, char *uri,
- int *status, char **title, int *contentlength, struct ast_variable *headers)
+ int *status, char **title, int *contentlength, struct ast_variable *headers,
+ struct ast_variable *cookies)
{
char buf;
FILE *f;
@@ -379,6 +381,31 @@
int mm_res, i;
struct ast_http_post_mapping *post_map;
const char *post_dir;
+ unsigned long ident = 0;
+
+ for (var = cookies; var; var = var->next) {
+ if (strcasecmp(var->name, "mansession_id"))
+ continue;
+
+ if (sscanf(var->value, "%lx", &ident) != 1) {
+ *status = 400;
+ *title = ast_strdup("Bad Request");
+ return ast_http_error(400, "Bad Request", NULL, "The was an error parsing the request.");
+ }
+
+ if (!astman_verify_session_writepermissions(ident, EVENT_FLAG_CONFIG)) {
+ *status = 401;
+ *title = ast_strdup("Unauthorized");
+ return ast_http_error(401, "Unauthorized", NULL, "You are not authorized to make this request.");
+ }
+
+ break;
+ }
+ if (!var) {
+ *status = 401;
+ *title = ast_strdup("Unauthorized");
+ return ast_http_error(401, "Unauthorized", NULL, "You are not authorized to make this request.");
+ }
if (!(f = tmpfile()))
return NULL;
@@ -685,7 +712,7 @@
if (!strcasecmp(buf, "get"))
c = handle_uri(&ser->requestor, uri, &status, &title, &contentlength, &vars);
else if (!strcasecmp(buf, "post"))
- c = handle_post(ser, uri, &status, &title, &contentlength, headers);
+ c = handle_post(ser, uri, &status, &title, &contentlength, headers, vars);
else
c = ast_http_error(501, "Not Implemented", NULL, "Attempt to use unimplemented / unsupported method");\
} else
Modified: team/group/http_mods/main/minimime/Makefile
URL: http://svn.digium.com/view/asterisk/team/group/http_mods/main/minimime/Makefile?view=diff&rev=60484&r1=60483&r2=60484
==============================================================================
--- team/group/http_mods/main/minimime/Makefile (original)
+++ team/group/http_mods/main/minimime/Makefile Fri Apr 6 12:51:37 2007
@@ -47,7 +47,7 @@
clean::
rm -f $(LIBMMIME) *.o
-.PHONY: clean all $(LIBMMIME)
+.PHONY: clean all
ifneq ($(wildcard .*.d),)
include .*.d
More information about the asterisk-commits
mailing list