[svn-commits] russell: branch group/http_mods r60484 - in /team/group/http_mods: configs/ m...

Fri Apr 6 10:51:38 MST 2007

Author: russell
Date: Fri Apr  6 12:51:37 2007
New Revision: 60484

URL: http://svn.digium.com/view/asterisk?view=rev&rev=60484
Log:
Only allow authenticated manager sessions that have config write access to POST.
Also, update the sample config.

Modified:
    team/group/http_mods/configs/http.conf.sample
    team/group/http_mods/main/http.c
    team/group/http_mods/main/minimime/Makefile

Modified: team/group/http_mods/configs/http.conf.sample
URL: http://svn.digium.com/view/asterisk/team/group/http_mods/configs/http.conf.sample?view=diff&rev=60484&r1=60483&r2=60484
==============================================================================

--- team/group/http_mods/configs/http.conf.sample (original)
+++ team/group/http_mods/configs/http.conf.sample Fri Apr  6 12:51:37 2007
@@ -26,3 +26,15 @@
 ; requests must begin with /asterisk
 ;
 ;prefix=asterisk
+
+; The post_mappings section maps URLs to real paths on the filesystem.  If a
+; POST is done from within an authenticated manager session to one of the
+; configured POST mappings, then any files in the POST will be placed in the
+; configured directory.
+;
+;[post_mappings]
+;
+; In this example, if the prefix option is set to "asterisk", then using the
+; POST URL: /asterisk/uploads will put files in /var/lib/asterisk/uploads/.
+;uploads = /var/lib/asterisk/uploads/
+;

Modified: team/group/http_mods/main/http.c
URL: http://svn.digium.com/view/asterisk/team/group/http_mods/main/http.c?view=diff&rev=60484&r1=60483&r2=60484
==============================================================================
--- team/group/http_mods/main/http.c (original)
+++ team/group/http_mods/main/http.c Fri Apr  6 12:51:37 2007
@@ -57,6 +57,7 @@
 #include "asterisk/options.h"
 #include "asterisk/config.h"
 #include "asterisk/version.h"
+#include "asterisk/manager.h"
 
 #define MAX_PREFIX 80
 #define DEFAULT_PREFIX "/asterisk"
@@ -368,7 +369,8 @@
 }
 
 static char *handle_post(struct ast_http_server_instance *ser, char *uri, 
-	int *status, char **title, int *contentlength, struct ast_variable *headers)
+	int *status, char **title, int *contentlength, struct ast_variable *headers,
+	struct ast_variable *cookies)
 {
 	char buf;
 	FILE *f;
@@ -379,6 +381,31 @@
 	int mm_res, i;
 	struct ast_http_post_mapping *post_map;
 	const char *post_dir;
+	unsigned long ident = 0;
+
+	for (var = cookies; var; var = var->next) {
+		if (strcasecmp(var->name, "mansession_id"))
+			continue;
+
+		if (sscanf(var->value, "%lx", &ident) != 1) {
+			*status = 400;
+			*title = ast_strdup("Bad Request");
+			return ast_http_error(400, "Bad Request", NULL, "The was an error parsing the request.");
+		}
+
+		if (!astman_verify_session_writepermissions(ident, EVENT_FLAG_CONFIG)) {
+			*status = 401;
+			*title = ast_strdup("Unauthorized");
+			return ast_http_error(401, "Unauthorized", NULL, "You are not authorized to make this request.");
+		}
+
+		break;
+	}
+	if (!var) {
+		*status = 401;
+		*title = ast_strdup("Unauthorized");
+		return ast_http_error(401, "Unauthorized", NULL, "You are not authorized to make this request.");
+	}
 
 	if (!(f = tmpfile()))
 		return NULL;
@@ -685,7 +712,7 @@
 			if (!strcasecmp(buf, "get")) 
 				c = handle_uri(&ser->requestor, uri, &status, &title, &contentlength, &vars);
 			else if (!strcasecmp(buf, "post")) 
-				c = handle_post(ser, uri, &status, &title, &contentlength, headers);
+				c = handle_post(ser, uri, &status, &title, &contentlength, headers, vars);
 			else 
 				c = ast_http_error(501, "Not Implemented", NULL, "Attempt to use unimplemented / unsupported method");\
 		} else 

Modified: team/group/http_mods/main/minimime/Makefile
URL: http://svn.digium.com/view/asterisk/team/group/http_mods/main/minimime/Makefile?view=diff&rev=60484&r1=60483&r2=60484
==============================================================================
--- team/group/http_mods/main/minimime/Makefile (original)
+++ team/group/http_mods/main/minimime/Makefile Fri Apr  6 12:51:37 2007
@@ -47,7 +47,7 @@
 clean::
 	rm -f $(LIBMMIME) *.o
 
-.PHONY: clean all $(LIBMMIME)
+.PHONY: clean all
 
 ifneq ($(wildcard .*.d),)
    include .*.d

