401 Authentication Required

/* 3APA3A simpliest proxy server (c) 2002-2008 by ZARAZA <3APA3A@security.nnov.ru> please read License Agreement */ #include "proxy.h" #define RETURN(xxx) { param->res = xxx; goto CLEANRET; } #define LINESIZE 65536 extern FILE *writable; FILE * confopen(); extern void decodeurl(unsigned char *s, int filter); struct printparam { char buf[1024]; int inbuf; struct clientparam *cp; }; static void stdpr(struct printparam* pp, char *buf, int inbuf){ if((pp->inbuf + inbuf > 1024) || !buf) { socksend(pp->cp->clisock, (unsigned char *)pp->buf, pp->inbuf, conf.timeouts[STRING_S]); pp->inbuf = 0; if(!buf) return; } if(inbuf >= 1000){ socksend(pp->cp->clisock, (unsigned char *)buf, inbuf, conf.timeouts[STRING_S]); } else { memcpy(pp->buf + pp->inbuf, buf, inbuf); pp->inbuf += inbuf; } } static void stdcbf(void *cb, char *buf, int inbuf){ int delay = 0; int i; for(i = 0; i < inbuf; i++){ switch(buf[i]){ case '&': if(delay){ stdpr((struct printparam*)cb, buf+i-delay, delay); delay = 0; } stdpr((struct printparam*)cb, "&", 5); break; case '<': if(delay){ stdpr((struct printparam*)cb, buf+i-delay, delay); delay = 0; } stdpr((struct printparam*)cb, "<", 4); break; case '>': if(delay){ stdpr((struct printparam*)cb, buf+i-delay, delay); delay = 0; } stdpr((struct printparam*)cb, ">", 4); break; default: delay++; break; } } if(delay){ stdpr((struct printparam*)cb, buf+i-delay, delay); } } /* static char * templateprint(struct printparam* pp, int *level, struct dictionary *dict, char * template){ char *s, *s2; for(; template && *template; ){ if(!( s = strchr(template, '<'))){ stdpr(pp, template, (int)strlen(template)); return template + strlen(template); } if(s[1] != '%' || s[2] == '%'){ stdpr(pp, template, (int)(s - template) + 1); template = s + 1; continue; } if(s[2] == '/' && (s2 = strchr(s + 2, '>')) && *(s2 - 1) == '%'){ if(--*level < 0) return NULL; return s2 + 1; } } return template; } */ static void printstr(struct printparam* pp, char* str){ stdpr(pp, str, str?(int)strlen(str):0); } static void printval(void *value, int type, int level, struct printparam* pp){ struct node pn, cn; struct property *p; int i; pn.iteration = NULL; pn.parent = NULL; pn.type = type; pn.value = value; printstr(pp, ""); for(p = datatypes[type].properties; p; ) { cn.iteration = NULL; cn.parent = &pn; cn.type = p->type; cn.value = (*p->e_f)(&pn); if(cn.value){ for(i = 0; i < level; i++) printstr(pp, "\t"); if(strcmp(p->name, "next")){ printstr(pp, ""); printstr(pp, ""); printstr(pp, p->name); printstr(pp, ""); printstr(pp, ""); printstr(pp, datatypes[p->type].type); printstr(pp, ""); printstr(pp, ""); printstr(pp, p->description); printstr(pp, ""); } if(datatypes[p->type].p_f){ printstr(pp, "type].p_f)(&cn, stdcbf, pp); printstr(pp, "]]>\n"); printstr(pp, ""); } else { if(!strcmp(p->name, "next")){ /* printstr(pp, "\n"); */ printstr(pp, "\n"); p = datatypes[type].properties; pn.value = value = cn.value; continue; } else { printstr(pp, "\n"); printval(cn.value, cn.type, level+1, pp); printstr(pp, ""); } } } p=p->next; } printstr(pp, ""); } char * admin_stringtable[]={ "HTTP/1.0 401 Authentication Required\r\n" "WWW-Authenticate: Basic realm=\"proxy\"\r\n" "Connection: close\r\n" "Content-type: text/html; charset=us-ascii\r\n" "\r\n" "401 Authentication Required\r\n" "

401 Authentication Required

Access to requested resource disallowed by administrator or you need valid username/password to use this resource

\r\n", "HTTP/1.0 200 OK\r\n" "Connection: close\r\n" "Expires: Thu, 01 Dec 1994 16:00:00 GMT\r\n" "Cache-Control: no-cache\r\n" "Content-type: text/html\r\n" "\r\n" "%s configuration page\r\n" "\r\n" "

\r\n" "

" "

\r\n" "Counters
\r\n" "Reload
\r\n" "Running Services
\r\n" "Config\r\n" "

" "

%s %s configuration

", "HTTP/1.0 200 OK\r\n" "Connection: close\r\n" "Cache-Control: no-cache\r\n" "Content-type: text/xml\r\n" "\r\n" "\r\n" "\r\n" "\r\n" "Services currently running and connected clients\r\n", "\r\n", "HTTP/1.0 200 OK\r\n" "Connection: close\r\n" "Cache-Control: no-cache\r\n" "Content-type: text/css\r\n" "\r\n" "services {\r\n" " display: block;\r\n" " margin: 10px auto 10px auto;\r\n" " width: 80%;\r\n" " background: black;\r\n" " font-family: sans-serif;\r\n" " font-size: small;\r\n" " color: silver;\r\n" " }\r\n" "item {\r\n" " display: block;\r\n" " margin-bottom: 10px;\r\n" " border: 2px solid #CCC;\r\n" " padding: 10px;\r\n" " spacing: 2px;\r\n" " }\r\n" "parameter {\r\n" " display: block;\r\n" " padding: 2px;\r\n" " margin-top: 10px;\r\n" " border: 1px solid grey;\r\n" " background: #EEE;\r\n" " color: black;\r\n" " }\r\n" "name {\r\n" " display: inline;\r\n" " float: left;\r\n" " margin-right: 5px;\r\n" " font-weight: bold;\r\n" " }\r\n" "type {\r\n" " display: inline;\r\n" " font-size: x-small;\r\n" " margin-right: 5px;\r\n" " color: #666;\r\n" " white-space: nowrap;\r\n" " font-style: italic;\r\n" " }\r\n" "description {\r\n" " display: inline;\r\n" " margin-right: 5px;\r\n" " white-space: nowrap;\r\n" " }\r\n" "value {\r\n" " display: block;\r\n" " margin-right: 5px;\r\n" " }\r\n", "

\r\n" "

"
	COPYRIGHT
	"\r\n"
	"

", "

Counters

\r\n" "\r\n" "" "" "" "" "\r\n", "

Description

Active

Users

Source Address

Destination Address

Port

Limit

Units

Value

Reset

Updated

Num

\r\n", NULL }; #define authreq admin_stringtable[0] #define ok admin_stringtable[1] #define xml admin_stringtable[2] #define postxml admin_stringtable[3] #define style admin_stringtable[4] #define tail admin_stringtable[5] #define counters admin_stringtable[6] #define counterstail admin_stringtable[7] static int printportlist(char *buf, int bufsize, struct portlist* pl, char * delim){ int printed = 0; for(; pl; pl = pl->next){ if(printed > (bufsize - 64)) break; if(pl->startport != pl->endport) printed += sprintf(buf+printed, "%hu-%hu%s", pl->startport, pl->endport, pl->next?delim:""); else { /* struct servent *se=NULL; if(pl->startport)se = getservbyport((int)ntohs(pl->startport), NULL); printed += sprintf(buf+printed, "%hu(%s)%s", pl->startport, se?se->s_name:"unknown", pl->next?delim:""); */ printed += sprintf(buf+printed, "%hu%s", pl->startport, pl->next?delim:""); } if(printed > (bufsize - 64)) { printed += sprintf(buf+printed, "..."); break; } } return printed; } static int printuserlist(char *buf, int bufsize, struct userlist* ul, char * delim){ int printed = 0; for(; ul; ul = ul->next){ if(printed > (bufsize - 64)) break; printed += sprintf(buf+printed, "%s%s", ul->user, ul->next?delim:""); if(printed > (bufsize - 64)) { printed += sprintf(buf+printed, "..."); break; } } return printed; } int printiple(char *buf, struct iplist* ipl); static int printiplist(char *buf, int bufsize, struct iplist* ipl, char * delim){ int printed = 0; for(; ipl; ipl = ipl->next){ if(printed > (bufsize - 128)) break; printed += printiple(buf+printed, ipl); if(printed > (bufsize - 128)) { printed += sprintf(buf+printed, "..."); break; } } return printed; } void * adminchild(struct clientparam* param) { int i, res; char * buf; char username[256]; char *sb; char *req = NULL; struct printparam pp; unsigned contentlen = 0; int isform = 0; pp.inbuf = 0; pp.cp = param; buf = myalloc(LINESIZE); if(!buf) {RETURN(555);} i = sockgetlinebuf(param, CLIENT, (unsigned char *)buf, LINESIZE - 1, '\n', conf.timeouts[STRING_S]); if(i<5 || ((buf[0]!='G' || buf[1]!='E' || buf[2]!='T' || buf[3]!=' ' || buf[4]!='/') && (buf[0]!='P' || buf[1]!='O' || buf[2]!='S' || buf[3]!='T' || buf[4]!=' ' || buf[5]!='/'))) { RETURN(701); } buf[i] = 0; sb = strchr(buf+5, ' '); if(!sb){ RETURN(702); } *sb = 0; req = mystrdup(buf + ((*buf == 'P')? 6 : 5)); while((i = sockgetlinebuf(param, CLIENT, (unsigned char *)buf, LINESIZE - 1, '\n', conf.timeouts[STRING_S])) > 2){ buf[i] = 0; if(i > 19 && (!strncasecmp(buf, "authorization", 13))){ sb = strchr(buf, ':'); if(!sb)continue; ++sb; while(isspace(*sb))sb++; if(!*sb || strncasecmp(sb, "basic", 5)){ continue; } sb+=5; while(isspace(*sb))sb++; i = de64((unsigned char *)sb, (unsigned char *)username, 255); if(i<=0)continue; username[i] = 0; sb = strchr((char *)username, ':'); if(sb){ *sb = 0; if(param->password)myfree(param->password); param->password = (unsigned char *)mystrdup(sb+1); } if(param->username) myfree(param->username); param->username = (unsigned char *)mystrdup(username); continue; } else if(i > 15 && (!strncasecmp(buf, "content-length:", 15))){ sb = buf + 15; while(isspace(*sb))sb++; sscanf(sb, "%u", &contentlen); if(contentlen > LINESIZE*1024) contentlen = 0; } else if(i > 13 && (!strncasecmp(buf, "content-type:", 13))){ sb = buf + 13; while(isspace(*sb))sb++; if(!strncasecmp(sb, "x-www-form-urlencoded", 21)) isform = 1; } } param->operation = ADMIN; if(isform && contentlen) { printstr(&pp, "HTTP/1.0 100 Continue\r\n\r\n"); stdpr(&pp, NULL, 0); } res = (*param->srv->authfunc)(param); if(res && res != 10) { printstr(&pp, authreq); RETURN(res); } if(param->srv->singlepacket || param->redirected){ if(*req == 'C') req[1] = 0; else *req = 0; } sprintf(buf, ok, conf.stringtable?(char *)conf.stringtable[2]:"3proxy", conf.stringtable?(char *)conf.stringtable[2]:"3[APA3A] tiny proxy", conf.stringtable?(char *)conf.stringtable[3]:""); if(*req != 'S') printstr(&pp, buf); switch(*req){ case 'C': printstr(&pp, counters); { struct trafcount *cp; int num = 0; for(cp = conf.trafcounter; cp; cp = cp->next, num++){ int inbuf = 0; if(cp->ace && (param->srv->singlepacket || param->redirected)){ if(!ACLmatches(cp->ace, param))continue; } if(req[1] == 'S' && atoi(req+2) == num) cp->disabled=0; if(req[1] == 'D' && atoi(req+2) == num) cp->disabled=1; inbuf += sprintf(buf, "" "%s%s", (cp->comment)?cp->comment:" ", (cp->disabled)?'S':'D', num, (cp->disabled)?"NO":"YES" ); if(!cp->ace || !cp->ace->users){ inbuf += sprintf(buf+inbuf, "ANY"); } else { inbuf += printuserlist(buf+inbuf, LINESIZE-800, cp->ace->users, ",
\r\n"); } inbuf += sprintf(buf+inbuf, ""); if(!cp->ace || !cp->ace->src){ inbuf += sprintf(buf+inbuf, "ANY"); } else { inbuf += printiplist(buf+inbuf, LINESIZE-512, cp->ace->src, ",
\r\n"); } inbuf += sprintf(buf+inbuf, ""); if(!cp->ace || !cp->ace->dst){ inbuf += sprintf(buf+inbuf, "ANY"); } else { inbuf += printiplist(buf+inbuf, LINESIZE-512, cp->ace->dst, ",
\r\n"); } inbuf += sprintf(buf+inbuf, ""); if(!cp->ace || !cp->ace->ports){ inbuf += sprintf(buf+inbuf, "ANY"); } else { inbuf += printportlist(buf+inbuf, LINESIZE-128, cp->ace->ports, ",
\r\n"); } if(cp->type == NONE) { inbuf += sprintf(buf+inbuf, "exclude from limitation\r\n" ); } else { inbuf += sprintf(buf+inbuf, "%"PRINTF_INT64_MODIFIER"u" "MB%s" "%"PRINTF_INT64_MODIFIER"u" "%s", cp->traflim64 / (1024 * 1024), rotations[cp->type], cp->traf64, cp->cleared?ctime(&cp->cleared):"never" ); inbuf += sprintf(buf + inbuf, "%s" "%i" "\r\n", cp->updated?ctime(&cp->updated):"never", cp->number ); } printstr(&pp, buf); } } printstr(&pp, counterstail); break; case 'R': conf.needreload = 1; printstr(&pp, "

Reload scheduled

"); break; case 'S': { if(req[1] == 'X'){ printstr(&pp, style); break; } printstr(&pp, xml); printval(conf.services, TYPE_SERVER, 0, &pp); printstr(&pp, postxml); } break; case 'F': { FILE *fp; char buf[256]; fp = confopen(); if(!fp){ printstr(&pp, "

Failed to open config file

"); break; } printstr(&pp, "

Please be careful editing config file remotely

"); printstr(&pp, ""); break; } case 'U': { unsigned l=0; int error = 0; if(!writable || !contentlen || fseek(writable, 0, 0)){ error = 1; } while(l < contentlen && (i = sockgetlinebuf(param, CLIENT, (unsigned char *)buf, (contentlen - l) > LINESIZE - 1?LINESIZE - 1:contentlen - l, '+', conf.timeouts[STRING_S])) > 0){ if(i > (contentlen - l)) i = (contentlen - l); if(!l){ if(i<9 || strncasecmp(buf, "conffile=", 9)) error = 1; } if(!error){ buf[i] = 0; decodeurl((unsigned char *)buf, 1); fprintf(writable, "%s", l? buf : buf + 9); } l += i; } if(writable && !error){ fflush(writable); #ifndef _WINCE ftruncate(fileno(writable), ftell(writable)); #endif } printstr(&pp, error? "

Config file is not writable

Make sure you have \"writable\" command in configuration file": "

Configuration updated

"); } break; default: printstr(&pp, (char *)conf.stringtable[WEBBANNERS]); break; } if(*req != 'S') printstr(&pp, tail); CLEANRET: printstr(&pp, NULL); if(buf) myfree(buf); (*param->srv->logfunc)(param, (unsigned char *)req); if(req)myfree(req); freeparam(param); return (NULL); }