From 76bee6ee8fcd00811753e427c526b06ef456b6cd Mon Sep 17 00:00:00 2001 From: Gluzskiy Alexandr Date: Tue, 8 Nov 2011 01:05:25 +0200 Subject: ssl verification option basice firewall list request support --- server/proxy_ui_server.workspace | 1 + server/server/config.cpp | 34 ++++++++++++++++++++++++++++++ server/server/config.h | 6 ++++++ server/server/main.cpp | 45 +++++++++++++++++++++++++++++++++++++++- 4 files changed, 85 insertions(+), 1 deletion(-) (limited to 'server') diff --git a/server/proxy_ui_server.workspace b/server/proxy_ui_server.workspace index 4a0b48d..1e165f9 100644 --- a/server/proxy_ui_server.workspace +++ b/server/proxy_ui_server.workspace @@ -22,6 +22,7 @@ + ]]> diff --git a/server/server/config.cpp b/server/server/config.cpp index d4602da..b6b343d 100644 --- a/server/server/config.cpp +++ b/server/server/config.cpp @@ -22,8 +22,10 @@ config::config(const char *pth) vars.bind_ip = get_string(cfg_str, "BindAddress=", "0.0.0.0"); vars.log_path = get_string(cfg_str, "LogPath=", "./server.log"); vars.dos_log_path = get_string(cfg_str, "DosLogPath=", "./server_dos.log"); + vars.ignore_ssl_errors = get_int(cfg_str, "IgnoreSslErrors=", 0); load_proxy_list(); load_static_proxy_list(); + load_firewall_list(); } const int config::get_int(const std::string& data, const char* var, int default_) { @@ -183,6 +185,30 @@ void config::load_static_proxy_list(char *pth) } } } +void config::load_firewall_list(char* pth) +{ + std::ifstream config; + if(!pth) + config.open("./firewall_list.cfg", std::fstream::in); + else + config.open(pth, std::fstream::in); + std::string cfg_str((std::istreambuf_iterator(config)), std::istreambuf_iterator()); + config.close(); + if(!cfg_str.empty()) + { + std::string::size_type p1 = 0, p2 = 0, l = 1; + if(cfg_str.find("\r\n") != std::string::npos) + l = 2; + p2 = cfg_str.find(';'); + while(p2 != std::string::npos) + { + std::string line = cfg_str.substr(p1, p2-p1); + p1 = p2+l; + firewall_list.push_back(line); + p2 = cfg_str.find(';', p1); + } + } +} const int config::ban_time() { @@ -228,4 +254,12 @@ std::list *config::get_static_proxy_list() { return &static_proxy_list; } +std::list *config::get_firewall_list() +{ + return &firewall_list; +} +bool config::ignore_ssl_errors() +{ + return vars.ignore_ssl_errors; +} diff --git a/server/server/config.h b/server/server/config.h index 62a75af..5d2eb83 100644 --- a/server/server/config.h +++ b/server/server/config.h @@ -49,18 +49,22 @@ public: const int check_interval(); const int debug(); const int dos_conn_count(); + bool ignore_ssl_errors(); const std::string& bind_ip(); const std::string& log_path(); const std::string& dos_log_path(); std::list *get_proxy_list(); std::list *get_static_proxy_list(); + std::list *get_firewall_list(); private: struct cfg_data { int ban_time, conn_count, check_interval, debug, dos_conn_count, conn_time; + bool ignore_ssl_errors; std::string log_path, bind_ip, dos_log_path; cfg_data() { + ignore_ssl_errors = false; ban_time = conn_time = 60; conn_count = 30; check_interval = 30; @@ -72,9 +76,11 @@ private: const std::string get_string(const std::string& data, const char* var, const std::string& default_); void load_proxy_list(char* pth = NULL); void load_static_proxy_list(char* pth = NULL); + void load_firewall_list(char* pth = NULL); cfg_data vars; std::list proxy_list; std::list static_proxy_list; + std::list firewall_list; }; #endif \ No newline at end of file diff --git a/server/server/main.cpp b/server/server/main.cpp index 37507a8..387ec77 100644 --- a/server/server/main.cpp +++ b/server/server/main.cpp @@ -350,6 +350,49 @@ void session::proto_parser(std::vector& data) } } break; + case 0x08: // firewall list request + { + if(canceled) + { + delete this; + break; + } + logger->lock(); + *logger<< time_str() << ": recieved firewall list request from "<unlock(); + if(!blacklisted) + { + logger->lock(); + *logger<< time_str() << ": firewall list request from "<unlock(); + std::vector data; + data.push_back(0x13); + data.push_back(0x13); + data.push_back(0x08); + for(std::list::iterator it = cfg->get_firewall_list()->begin(), end = cfg->get_firewall_list()->end(); it != end; ++it) + { + if(!(it->empty())) + for(int i = 0; i < it->size(); ++ i) + data.push_back((*it)[i]); + data.push_back(';'); + } + write_w_close(data); + } + else + { + logger->lock(); + *logger<< time_str() << ": firewall list request from "<unlock(); + std::vector data; + data.push_back(0x13); + data.push_back(0x13); + data.push_back(0x66); + data.push_back(0x14); + data.push_back(0x14); + write_w_close(data); + } + } + break; default: break; } @@ -455,7 +498,7 @@ server::server(boost::asio::io_service& io_service, unsigned short port) : io_se boost::system::error_code err; std::string b_path = boost::filesystem::initial_path().string(), tmp_path; // context_.set_password_callback(boost::bind(&server::get_password, this)); - context_.set_verify_mode(boost::asio::ssl::context::verify_peer | boost::asio::ssl::context::verify_fail_if_no_peer_cert); + context_.set_verify_mode(!cfg->ignore_ssl_errors()?(boost::asio::ssl::context::verify_peer | boost::asio::ssl::context::verify_fail_if_no_peer_cert):boost::asio::ssl::context::verify_none); tmp_path = b_path; tmp_path.append("/ca.crt"); context_.load_verify_file(tmp_path, err); -- cgit v1.2.3