Snippets
Created by
Kevin Azzam
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 |
Replaced old file:
('#!/bin/sh\n',)
('# @(#) Sample Gigapxy authorization handler.\n',)
('\n',)
('\n',)
('# Write message into debug log (or STDERR).\n',)
('dbg_msg()\n',)
('{\n',)
(' case "${os}" in\n',)
(' \'Linux\') tstamp=`date +"%Y-%m-%d %H:%M:%S.%N %Z"`;;\n',)
(' *) tstamp=`date +"%Y-%m-%d %H:%M:%S %Z"` ;;\n',)
(' esac\n',)
('\n',)
(' if [ -n "${logfile}" ]; then\n',)
(' echo >>${logfile} "${tstamp} pid=$$\\t$@"\n',)
(' else\n',)
(' echo >&2 "${tstamp} pid=$$\\t$@"\n',)
(' fi\n',)
('}\n',)
('\n',)
('\n',)
('# Perform graceful exit.\n',)
('exit_app()\n',)
('{\n',)
(' dbg_msg "$0 exited $1"\n',)
(' exit 1\n',)
('}\n',)
('\n',)
('\n',)
('# Authenticate using MD5 hash on auth=tkn tail of the channel url.\n',)
('auth_ok()\n',)
('{\n',)
(' return 0;\n',)
(" peer_ip=`echo ${1:?} | cut -d':' -f1`\n",)
(" channel=`echo ${2:?} | cut -d'?' -f1`\n",)
(" auth_tkn=`echo ${2:?} | cut -d'?' -f2 | sed 's/auth=//'`\n",)
('\n',)
(' #phrase="Greetings from ${peer_ip}! Give me ${channel}, please."\n',)
(' phrase="ThisIsCool$peer_ip"\n',)
(' # dbg_msg "phrase=[${phrase}], tkn=${auth_tkn}"\n',)
('\n',)
(' case "${os}" in\n',)
(" 'Linux') hash=`echo -n ${phrase} | md5sum | cut -d' ' -f1` ;;\n",)
(" 'FreeBSD') hash=`echo -n ${phrase} | md5` ;;\n",)
(' esac\n',)
('\n',)
(' # dbg_msg "hash=${hash}, tkn=${auth_tkn}"\n',)
('\n',)
(' if [ -z "${whitelist##*$peer_ip*}" ]; then\n',)
('\treturn 0;\n',)
(' fi\n',)
('\n',)
(' case "$channel" in\n',)
(' udp://239.195.*)\n',)
(' return 0; #Accept the user without auth on 239.195.*\n',)
(' ;;\n',)
(' # http://*)\n',)
(' # return 0;\n',)
(' # ;;\n',)
(' esac\n',)
('\n',)
(' if [ "${hash}" != "${auth_tkn}" ]; then\n',)
(' return 1\n',)
(' fi\n',)
('\n',)
(' return 0\n',)
('}\n',)
('\n',)
('\n',)
('###\n',)
('# Read requests from STDIN, respond via STDOUT.\n',)
('###\n',)
('\n',)
('os=`uname`\n',)
('\n',)
('if [ $# -lt 1 ]; then\n',)
(' echo >&2 "Usage: $0 logfile|-"\n',)
(' exit 1\n',)
('fi\n',)
('\n',)
('\n',)
('logfile=${1:-}\n',)
('case "${logfile}" in\n',)
(" '-') logfile='/dev/null';;\n",)
(" 'stderr') logfile=;;\n",)
('esac\n',)
('\n',)
('whitelist_file=${2:-/dev/null}\n',)
('\n',)
('parent_pid=$PPID # parent of this script shell\n',)
('\n',)
('# arrays suck in posix sh, probably good enough with space as delimiter\n',)
('# whitelist=$(grep "^[^#]" $whitelist_file | tr \'\\n\' \' \')\n',)
('whitelist=$(grep "^[^#]" $whitelist_file)\n',)
('\n',)
('\n',)
('dbg_msg "$0 started, parent=${parent_pid}, n_whitelisted=$(echo "$whitelist" | wc -w)"\n',)
("trap 'exit_app KILLED;' HUP INT QUIT PIPE TERM\n",)
('\n',)
('while read qtag peer_ipport cha_src cli_dst; do\n',)
(' dbg_msg "Got ${qtag} request for ${peer_ipport} ${cha_src}"\n',)
(" if echo $qtag | grep -q '^A[0-9]\\{1,9\\}$'; then\n",)
(' if auth_ok ${peer_ipport} ${cha_src}; then\n',)
(' rc=0; status="ALLOWED"\n',)
(' else\n',)
(' rc=111; status="DENIED"\n',)
(' fi\n',)
('\n',)
(' dbg_msg "${status} tag=${qtag} peer=${peer_ipport} cha=${cha_src} cli=${cli_dst}"\n',)
(' echo "${qtag} ${rc}"\n',)
(' else\n',)
(' dbg_msg "Invalid query ID: [$qtag], request ignored."\n',)
(' fi\n',)
('done\n',)
('\n',)
("exit_app 'OK'\n",)
('\n',)
('# vim: syntax=sh\n',)
('\n',)
|
Comments (0)
You can clone a snippet to your computer for local editing. Learn more.