[Openvas-commits] r6043 - in trunk/gsa: . src

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Dec 2 20:35:32 CET 2009


Author: jan
Date: 2009-12-02 20:35:31 +0100 (Wed, 02 Dec 2009)
New Revision: 6043

Modified:
   trunk/gsa/ChangeLog
   trunk/gsa/src/gsad.c
Log:
* src/gsad.c (print_header, send_response,
send_http_authenticate_header, request_handler): Improve documentation.
(request_handler): Use "const" where possible. Introduce
oap_cgi_base. Improve redirect for non-base URLs. Redirect
"/login/". Fix memleak.
(gsad_init): Improve documentation. Call init_validator. 



Modified: trunk/gsa/ChangeLog
===================================================================
--- trunk/gsa/ChangeLog	2009-12-02 19:13:51 UTC (rev 6042)
+++ trunk/gsa/ChangeLog	2009-12-02 19:35:31 UTC (rev 6043)
@@ -1,5 +1,14 @@
 2009-12-02  Jan-Oliver Wagner <jan-oliver.wagner at greenbone.net>
 
+	* src/gsad.c (print_header, send_response,
+	send_http_authenticate_header, request_handler): Improve documentation.
+	(request_handler): Use "const" where possible. Introduce
+	oap_cgi_base. Improve redirect for non-base URLs. Redirect
+	"/login/". Fix memleak.
+	(gsad_init): Improve documentation. Call init_validator. 
+
+2009-12-02  Jan-Oliver Wagner <jan-oliver.wagner at greenbone.net>
+
 	* src/gsad.c: Fixed some comments. Added list of includes.
 	(DEFAULT_GSAD_PORT, DEFAULT_OPENVAS_ADMINISTRATOR_PORT,
 	DEFAULT_OPENVAS_MANAGER_PORT, GCRY_THREAD_OPTION_PTHREAD_IMPL,

Modified: trunk/gsa/src/gsad.c
===================================================================
--- trunk/gsa/src/gsad.c	2009-12-02 19:13:51 UTC (rev 6042)
+++ trunk/gsa/src/gsad.c	2009-12-02 19:35:31 UTC (rev 6043)
@@ -174,14 +174,11 @@
  *
  * The current implementation is empty.
  *
- * @param cls  Not used for this callback.
+ * @param[in]  cls    Not used for this callback.
+ * @param[in]  kind   Not used for this callback.
+ * @param[in]  key    Header key.
+ * @param[in]  value  Header value.
  *
- * @param kind Not used for this callback.
- *
- * @param key Header key.
- *
- * @param key Header value.
- *
  * @return MHD_YES is always returned.
  */
 int
@@ -194,12 +191,10 @@
 /**
  * @brief Sends a HTTP response.
  *
- * @param connection The connection handle.
+ * @param[in]  connection   The connection handle.
+ * @param[in]  page         The HTML page content.
+ * @param[in]  status_code  The HTTP status code.
  *
- * @param page       The HTML page content.
- *
- * @param status     The HTTP status code.
- *
  * @return The result of MHD_queue_response.
  */
 int
@@ -219,10 +214,9 @@
 /**
  * @brief Sends a HTTP redirection.
  *
- * @param connection The connection handle.
+ * @param[in]  connection  The connection handle.
+ * @param[in]  location    The URL to redirect to.
  *
- * @param location   The URL where to redirect.
- *
  * @return MHD_NO in case of a problem. Else MHD_YES.
  */
 int
@@ -251,10 +245,9 @@
 /**
  * @brief Sends HTTP header requesting the browser to authenticate itself.
  *
- * @param connection The connection object.
+ * @param[in]  connection  The connection object.
+ * @param[in]  realm       Name of the realm that was authenticated for.
  *
- * @param realm Name of the realm that was authenticated for.
- *
  * @return MHD_NO in case of an error. Else the result of queueing
  *         the response.
  */
@@ -293,6 +286,8 @@
 /**
  * @brief HTTP request handler for GSAD.
  *
+ * This routine is the callback request handler for microhttpd.
+ *
  * @param[in]  cls              Not used for this callback.
  * @param[in]  connection       Connection handle, e.g. used to send response.
  * @param[in]  url              The URL requested.
@@ -300,12 +295,10 @@
  * @param[in]  version          Not used for this callback.
  * @param[in]  upload_data      Data used for POST requests.
  * @param[in]  upload_data_size Size of upload_data.
- * @param[out] con_cls          For exhange of connection-related data
+ * @param[out] con_cls          For exchange of connection-related data
  *                              (here a struct gsad_connection_info).
  *
  * @return MHD_NO in case of problems. MHD_YES if all is OK.
- *
- * This routine is the callback request handler for microhttpd.
  */
 int
 request_handler (void *cls, struct MHD_Connection *connection,
@@ -313,8 +306,9 @@
                  const char *version, const char *upload_data,
                  size_t * upload_data_size, void **con_cls)
 {
-  char *url_base = "/";
-  char *cgi_base = "/omp";
+  const char *url_base = "/";
+  const char *omp_cgi_base = "/omp";
+  const char *oap_cgi_base = "/oap";
   char *default_file = "/login/login.html";
 
   struct MHD_Response *response;
@@ -329,6 +323,7 @@
     {
       struct gsad_connection_info *con_info;
 
+      // @todo what frees this?
       con_info = calloc (1, sizeof (struct gsad_connection_info));
       if (NULL == con_info)
         return MHD_NO;
@@ -344,14 +339,22 @@
     return MHD_NO;
 
   /* Only accept GET and POST methods and send ERROR_PAGE in other cases. */
-  if ((0 != strcmp (method, "GET")) && (0 != strcmp (method, "POST")))
+  if (strcmp (method, "GET") && strcmp (method, "POST"))
+    /** @todo return MHD_NO;? */
     send_response (connection, ERROR_PAGE, MHD_HTTP_METHOD_NOT_ACCEPTABLE);
 
   /* Redirect any URL not matching the base to the default file. */
   if (strcmp (&url[0], url_base) == 0)
     {
-      send_redirect_header (connection, default_file);
-      return MHD_YES;
+      if (is_http_authenticated (connection))
+        {
+          return send_http_authenticate_header (connection, REALM);
+        }
+      else
+        {
+          send_redirect_header (connection, default_file);
+          return MHD_YES;
+        }
     }
 
   /* Treat logging out specially. */
@@ -359,6 +362,12 @@
       && (!strncmp (&url[0], "/logout", strlen ("/logout")))) /* flawfinder: ignore,
                                                                  it is a const str */
     {
+      /**
+       * @todo The problem is the URL is still "/logout" after the
+       *       authentication, so this just keeps sending the auth header.
+       *       All the user can do is cancel so the browser clears the
+       *       credentials.  Perhaps the only way to do this is to keep
+       *       state across requests. */
       if (is_http_authenticated (connection))
         {
           return send_http_authenticate_header (connection, REALM);
@@ -370,6 +379,15 @@
         }
     }
 
+  if ((!strcmp (method, "GET"))
+        && (! strncmp (&url[0], "/login/", strlen ("/login/"))) /* flawfinder: ignore,
+                                                                    it is a const str */
+        && ! url[strlen ("/login/")])
+    {
+      send_redirect_header (connection, default_file);
+      return MHD_YES;
+    }
+
   /* Check for authentication. */
   if ((!is_http_authenticated (connection))
       && (strncmp (&url[0], "/login/", strlen ("/login/")))) /* flawfinder: ignore,
@@ -385,10 +403,10 @@
     {
       /* This is a GET request. */
 
-      if (!strncmp (&url[0], cgi_base, strlen (cgi_base))) /* flawfinder: ignore,
-                                                              it is a const str */
+      if (!strncmp (&url[0], omp_cgi_base, strlen (omp_cgi_base))
+          || !strncmp (&url[0], oap_cgi_base, strlen (oap_cgi_base)))
         {
-          /* URL requests to run OMP command. */
+          /* URL requests to run OMP or OAP command. */
 
           unsigned int res_len = 0;
           res = exec_omp_get (connection);
@@ -398,7 +416,9 @@
               response_size = 0;
             }
           else
-            res_len = strlen (res);
+            {
+              res_len = strlen (res);
+            }
 
           response = MHD_create_response_from_data (res_len,
                                                     (void *) res,
@@ -438,16 +458,23 @@
       /* URL requests neither an OMP command nor a special GSAD command,
        * so it is a simple file. */
 
-      /* FIXME: validation, URL length restriction */
+      /* @todo: validation, URL length restriction */
       path = g_strconcat (GSA_STATE_DIR, url, NULL);
       file = fopen (path, "r"); /* flawfinder: ignore, this file is just
                                    read and sent */
 
-      /* In case the file is not found, always serve the default file. */
+      /* In case the file is not found, logout if logged in, else always
+       * the default file. */
       if (file == NULL)
         {
           tracef ("File %s failed, ", path);
           g_free (path);
+
+          if (is_http_authenticated (connection))
+            {
+              return send_http_authenticate_header (connection, REALM);
+            }
+
           path = g_strconcat (GSA_STATE_DIR, default_file, NULL);
           tracef ("trying default file <%s>.\n", path);
           file = fopen (path, "r"); /* flawfinder: ignore, this file is just
@@ -459,6 +486,7 @@
           /* Even the default file failed. */
           tracef ("Default file failed.\n");
           send_response (connection, FILE_NOT_FOUND, MHD_HTTP_NOT_FOUND);
+          g_free (path);
         }
       else
         {
@@ -493,12 +521,13 @@
         {
           struct gsad_connection_info *con_info;
 
+          // @todo what frees this?
           con_info = calloc (1, sizeof (struct gsad_connection_info));
           if (NULL == con_info)
             return MHD_NO;
 
           con_info->postprocessor =
-            MHD_create_post_processor (connection, POSTBUFFERSIZE,
+            MHD_create_post_processor (connection, POST_BUFFER_SIZE,
                                        serve_post, (void *) con_info);
           if (NULL == con_info->postprocessor)
             return MHD_NO;
@@ -527,10 +556,10 @@
 /**
  * @brief Initialization routine for GSAD.
  *
+ * This routine checks for required files and initializes the gcrypt
+ * library.
+ *
  * @return MHD_NO in case of problems. MHD_YES if all is OK.
- *
- * This routine checks or required files and initializes the gcrypt
- * library.
  */
 int
 gsad_init (void)
@@ -587,6 +616,9 @@
       return MHD_NO;
     }
 
+  /* Init the validator. */
+  init_validator ();
+
   tracef ("Initialization of GSA successful.\n");
   return MHD_YES;
 }



More information about the Openvas-commits mailing list