/*
* Prehook method for SLAVE ADDIP
* Gets the ip, and preforms checks.
*/
public CommandRequestInterface doIpSecuritySLAVEPreCheck(CommandRequest request) {
if (!request.hasArgument()) {
return request;
}
String argument = request.getArgument();
StringTokenizer arguments = new StringTokenizer(argument);
if (!arguments.hasMoreTokens()) {
return request;
}
String slavename = arguments.nextToken();
RemoteSlave rslave = null;
try {
rslave = GlobalContext.getGlobalContext().getSlaveManager().getRemoteSlave(slavename);
} catch (ObjectNotFoundException e) {
request.setDeniedResponse(new CommandResponse(200, "Slave Not Found: " + slavename));
request.setAllowed(false);
return request;
}
if (arguments.hasMoreTokens()) {
String command = arguments.nextToken();
if (command.equalsIgnoreCase("addmask")) {
if (arguments.countTokens() != 1) {
return request;
}
HostMask newMask = new HostMask(arguments.nextToken().replace(",", ""));
String _maskident = newMask.getIdentMask();
String _maskHostMask = newMask.getHostMask();
boolean _allowed =
IpSecurityManager.getIpSecurity()
.checkIP(_maskident, _maskHostMask, rslave.getMasks().size(), null);
if ((!_allowed) && (!_maskHostMask.equals("127.0.0.1"))) {
request.setAllowed(false);
CommandResponse response =
StandardCommandManager.genericResponse("RESPONSE_200_COMMAND_OK");
response.addComment(IpSecurityManager.getIpSecurity().outputConfs(null));
request.setDeniedResponse(response);
return request;
}
}
}
return request;
}
/*
* Checks the IP from arguments (Used for ADDUSER/GADDUSER/ADDIP)
*/
public CommandRequest checkIP(CommandRequest request, int argnum, int ipnum, boolean newuser) {
if (!request.hasArgument()) {
return request;
}
String[] args = request.getArgument().split(" ");
if (args.length < argnum) {
return request;
}
try {
int _numip = args.length - argnum + 1;
User user = null;
if (!newuser) {
user = GlobalContext.getGlobalContext().getUserManager().getUserByName(args[0]);
_numip = user.getHostMaskCollection().size();
}
for (int i = ipnum; i < args.length; i++) {
HostMask newMask = new HostMask(args[i].replace(",", ""));
String maskHostMask = newMask.getHostMask();
boolean _allowed =
IpSecurityManager.getIpSecurity()
.checkIP(newMask.getIdentMask(), maskHostMask, _numip, user);
if ((!_allowed) && (!maskHostMask.equals("127.0.0.1"))) {
request.setAllowed(false);
CommandResponse response =
StandardCommandManager.genericResponse("RESPONSE_200_COMMAND_OK");
response.addComment(IpSecurityManager.getIpSecurity().outputConfs(user));
request.setDeniedResponse(response);
return request;
}
}
} catch (NoSuchUserException ex) {
request.setAllowed(false);
request.setDeniedResponse(new CommandResponse(452, "No such user: "******"No Such User Exception - IpSecurityHooks");
return request;
} catch (UserFileException ex) {
request.setAllowed(false);
request.setDeniedResponse(new CommandResponse(452, "User File Exception: " + args[0]));
return request;
}
return request;
}
public CommandRequestInterface doNukeCheck(CommandRequest request) {
String path = VirtualFileSystem.fixPath(request.getArgument());
if (!path.startsWith(VirtualFileSystem.separator)) {
// Create full path
if (request.getCurrentDirectory().isRoot()) {
path = VirtualFileSystem.separator + path;
} else {
path = request.getCurrentDirectory().getPath() + VirtualFileSystem.separator + path;
}
}
NukeData nd = NukeBeans.getNukeBeans().findPath(path);
if (nd != null) {
// This path exist in nukelog
request.setAllowed(false);
request.setDeniedResponse(
new CommandResponse(
530,
"Access denied - " + nd.getPath() + " already nuked for '" + nd.getReason() + "'"));
}
return request;
}