/* * Prehook method for SLAVE ADDIP * Gets the ip, and preforms checks. */ public CommandRequestInterface doIpSecuritySLAVEPreCheck(CommandRequest request) { if (!request.hasArgument()) { return request; } String argument = request.getArgument(); StringTokenizer arguments = new StringTokenizer(argument); if (!arguments.hasMoreTokens()) { return request; } String slavename = arguments.nextToken(); RemoteSlave rslave = null; try { rslave = GlobalContext.getGlobalContext().getSlaveManager().getRemoteSlave(slavename); } catch (ObjectNotFoundException e) { request.setDeniedResponse(new CommandResponse(200, "Slave Not Found: " + slavename)); request.setAllowed(false); return request; } if (arguments.hasMoreTokens()) { String command = arguments.nextToken(); if (command.equalsIgnoreCase("addmask")) { if (arguments.countTokens() != 1) { return request; } HostMask newMask = new HostMask(arguments.nextToken().replace(",", "")); String _maskident = newMask.getIdentMask(); String _maskHostMask = newMask.getHostMask(); boolean _allowed = IpSecurityManager.getIpSecurity() .checkIP(_maskident, _maskHostMask, rslave.getMasks().size(), null); if ((!_allowed) && (!_maskHostMask.equals("127.0.0.1"))) { request.setAllowed(false); CommandResponse response = StandardCommandManager.genericResponse("RESPONSE_200_COMMAND_OK"); response.addComment(IpSecurityManager.getIpSecurity().outputConfs(null)); request.setDeniedResponse(response); return request; } } } return request; }
/* * Checks the IP from arguments (Used for ADDUSER/GADDUSER/ADDIP) */ public CommandRequest checkIP(CommandRequest request, int argnum, int ipnum, boolean newuser) { if (!request.hasArgument()) { return request; } String[] args = request.getArgument().split(" "); if (args.length < argnum) { return request; } try { int _numip = args.length - argnum + 1; User user = null; if (!newuser) { user = GlobalContext.getGlobalContext().getUserManager().getUserByName(args[0]); _numip = user.getHostMaskCollection().size(); } for (int i = ipnum; i < args.length; i++) { HostMask newMask = new HostMask(args[i].replace(",", "")); String maskHostMask = newMask.getHostMask(); boolean _allowed = IpSecurityManager.getIpSecurity() .checkIP(newMask.getIdentMask(), maskHostMask, _numip, user); if ((!_allowed) && (!maskHostMask.equals("127.0.0.1"))) { request.setAllowed(false); CommandResponse response = StandardCommandManager.genericResponse("RESPONSE_200_COMMAND_OK"); response.addComment(IpSecurityManager.getIpSecurity().outputConfs(user)); request.setDeniedResponse(response); return request; } } } catch (NoSuchUserException ex) { request.setAllowed(false); request.setDeniedResponse(new CommandResponse(452, "No such user: "******"No Such User Exception - IpSecurityHooks"); return request; } catch (UserFileException ex) { request.setAllowed(false); request.setDeniedResponse(new CommandResponse(452, "User File Exception: " + args[0])); return request; } return request; }
public CommandRequestInterface doNukeCheck(CommandRequest request) { String path = VirtualFileSystem.fixPath(request.getArgument()); if (!path.startsWith(VirtualFileSystem.separator)) { // Create full path if (request.getCurrentDirectory().isRoot()) { path = VirtualFileSystem.separator + path; } else { path = request.getCurrentDirectory().getPath() + VirtualFileSystem.separator + path; } } NukeData nd = NukeBeans.getNukeBeans().findPath(path); if (nd != null) { // This path exist in nukelog request.setAllowed(false); request.setDeniedResponse( new CommandResponse( 530, "Access denied - " + nd.getPath() + " already nuked for '" + nd.getReason() + "'")); } return request; }