|
|
@@ -766,21 +766,30 @@ int rrdpush_receiver_thread_spawn(struct web_client *w, char *url) {
|
|
|
|
|
|
if(regenerate_guid(key, buf) == -1) {
|
|
|
rrdhost_system_info_free(system_info);
|
|
|
- log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname)?hostname:"-", "ACCESS DENIED - INVALID KEY");
|
|
|
+ log_stream_connection(w->client_ip, w->client_port, key, machine_guid, hostname, "ACCESS DENIED - INVALID KEY");
|
|
|
error("STREAM [receive from [%s]:%s]: API key '%s' is not valid GUID (use the command uuidgen to generate one). Forbidding access.", w->client_ip, w->client_port, key);
|
|
|
return rrdpush_receiver_permission_denied(w);
|
|
|
}
|
|
|
|
|
|
if(regenerate_guid(machine_guid, buf) == -1) {
|
|
|
rrdhost_system_info_free(system_info);
|
|
|
- log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname)?hostname:"-", "ACCESS DENIED - INVALID MACHINE GUID");
|
|
|
+ log_stream_connection(w->client_ip, w->client_port, key, machine_guid, hostname, "ACCESS DENIED - INVALID MACHINE GUID");
|
|
|
error("STREAM [receive from [%s]:%s]: machine GUID '%s' is not GUID. Forbidding access.", w->client_ip, w->client_port, machine_guid);
|
|
|
return rrdpush_receiver_permission_denied(w);
|
|
|
}
|
|
|
|
|
|
+ const char *api_key_type = appconfig_get(&stream_config, key, "type", "api");
|
|
|
+ if(!api_key_type || !*api_key_type) api_key_type = "unknown";
|
|
|
+ if(strcmp(api_key_type, "api") != 0) {
|
|
|
+ rrdhost_system_info_free(system_info);
|
|
|
+ log_stream_connection(w->client_ip, w->client_port, key, machine_guid, hostname, "ACCESS DENIED - API KEY GIVEN IS NOT API KEY");
|
|
|
+ error("STREAM [receive from [%s]:%s]: API key '%s' is a %s GUID. Forbidding access.", w->client_ip, w->client_port, key, api_key_type);
|
|
|
+ return rrdpush_receiver_permission_denied(w);
|
|
|
+ }
|
|
|
+
|
|
|
if(!appconfig_get_boolean(&stream_config, key, "enabled", 0)) {
|
|
|
rrdhost_system_info_free(system_info);
|
|
|
- log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname)?hostname:"-", "ACCESS DENIED - KEY NOT ENABLED");
|
|
|
+ log_stream_connection(w->client_ip, w->client_port, key, machine_guid, hostname, "ACCESS DENIED - KEY NOT ENABLED");
|
|
|
error("STREAM [receive from [%s]:%s]: API key '%s' is not allowed. Forbidding access.", w->client_ip, w->client_port, key);
|
|
|
return rrdpush_receiver_permission_denied(w);
|
|
|
}
|
|
|
@@ -791,7 +800,7 @@ int rrdpush_receiver_thread_spawn(struct web_client *w, char *url) {
|
|
|
if(!simple_pattern_matches(key_allow_from, w->client_ip)) {
|
|
|
simple_pattern_free(key_allow_from);
|
|
|
rrdhost_system_info_free(system_info);
|
|
|
- log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname) ? hostname : "-", "ACCESS DENIED - KEY NOT ALLOWED FROM THIS IP");
|
|
|
+ log_stream_connection(w->client_ip, w->client_port, key, machine_guid, hostname, "ACCESS DENIED - KEY NOT ALLOWED FROM THIS IP");
|
|
|
error("STREAM [receive from [%s]:%s]: API key '%s' is not permitted from this IP. Forbidding access.", w->client_ip, w->client_port, key);
|
|
|
return rrdpush_receiver_permission_denied(w);
|
|
|
}
|
|
|
@@ -799,9 +808,18 @@ int rrdpush_receiver_thread_spawn(struct web_client *w, char *url) {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+ const char *machine_guid_type = appconfig_get(&stream_config, machine_guid, "type", "machine");
|
|
|
+ if(!machine_guid_type || !*machine_guid_type) machine_guid_type = "unknown";
|
|
|
+ if(strcmp(machine_guid_type, "machine") != 0) {
|
|
|
+ rrdhost_system_info_free(system_info);
|
|
|
+ log_stream_connection(w->client_ip, w->client_port, key, machine_guid, hostname, "ACCESS DENIED - MACHINE GUID GIVEN IS NOT A MACHINE GUID");
|
|
|
+ error("STREAM [receive from [%s]:%s]: machine GUID '%s' is a %s GUID. Forbidding access.", w->client_ip, w->client_port, machine_guid, machine_guid_type);
|
|
|
+ return rrdpush_receiver_permission_denied(w);
|
|
|
+ }
|
|
|
+
|
|
|
if(!appconfig_get_boolean(&stream_config, machine_guid, "enabled", 1)) {
|
|
|
rrdhost_system_info_free(system_info);
|
|
|
- log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname)?hostname:"-", "ACCESS DENIED - MACHINE GUID NOT ENABLED");
|
|
|
+ log_stream_connection(w->client_ip, w->client_port, key, machine_guid, hostname, "ACCESS DENIED - MACHINE GUID NOT ENABLED");
|
|
|
error("STREAM [receive from [%s]:%s]: machine GUID '%s' is not allowed. Forbidding access.", w->client_ip, w->client_port, machine_guid);
|
|
|
return rrdpush_receiver_permission_denied(w);
|
|
|
}
|
|
|
@@ -812,7 +830,7 @@ int rrdpush_receiver_thread_spawn(struct web_client *w, char *url) {
|
|
|
if(!simple_pattern_matches(machine_allow_from, w->client_ip)) {
|
|
|
simple_pattern_free(machine_allow_from);
|
|
|
rrdhost_system_info_free(system_info);
|
|
|
- log_stream_connection(w->client_ip, w->client_port, (key && *key)?key:"-", (machine_guid && *machine_guid)?machine_guid:"-", (hostname && *hostname) ? hostname : "-", "ACCESS DENIED - MACHINE GUID NOT ALLOWED FROM THIS IP");
|
|
|
+ log_stream_connection(w->client_ip, w->client_port, key, machine_guid, hostname, "ACCESS DENIED - MACHINE GUID NOT ALLOWED FROM THIS IP");
|
|
|
error("STREAM [receive from [%s]:%s]: Machine GUID '%s' is not permitted from this IP. Forbidding access.", w->client_ip, w->client_port, machine_guid);
|
|
|
return rrdpush_receiver_permission_denied(w);
|
|
|
}
|
Costa Tsaousis