int nghttp2_http_on_header(nghttp2_session *session, nghttp2_stream *stream, nghttp2_frame *frame, nghttp2_nv *nv, int token, int trailer) { int rv; /* We are strict for pseudo header field. One bad character should lead to fail. OTOH, we should be a bit forgiving for regular headers, since existing public internet has so much illegal headers floating around and if we kill the stream because of this, we may disrupt many web sites and/or libraries. So we become conservative here, and just ignore those illegal regular headers. */ if (!nghttp2_check_header_name(nv->name, nv->namelen)) { size_t i; if (nv->namelen > 0 && nv->name[0] == ':') { return NGHTTP2_ERR_HTTP_HEADER; } /* header field name must be lower-cased without exception */ for (i = 0; i < nv->namelen; ++i) { uint8_t c = nv->name[i]; if ('A' <= c && c <= 'Z') { return NGHTTP2_ERR_HTTP_HEADER; } } /* When ignoring regular headers, we set this flag so that we still enforce header field ordering rule for pseudo header fields. */ stream->http_flags |= NGHTTP2_HTTP_FLAG_PSEUDO_HEADER_DISALLOWED; return NGHTTP2_ERR_IGN_HTTP_HEADER; } if (token == NGHTTP2_TOKEN__AUTHORITY || token == NGHTTP2_TOKEN_HOST) { rv = check_authority(nv->value, nv->valuelen); } else if (token == NGHTTP2_TOKEN__SCHEME) { rv = check_scheme(nv->value, nv->valuelen); } else { rv = nghttp2_check_header_value(nv->value, nv->valuelen); } if (rv == 0) { assert(nv->namelen > 0); if (nv->name[0] == ':') { return NGHTTP2_ERR_HTTP_HEADER; } /* When ignoring regular headers, we set this flag so that we still enforce header field ordering rule for pseudo header fields. */ stream->http_flags |= NGHTTP2_HTTP_FLAG_PSEUDO_HEADER_DISALLOWED; return NGHTTP2_ERR_IGN_HTTP_HEADER; } if (session->server || frame->hd.type == NGHTTP2_PUSH_PROMISE) { return http_request_on_header(stream, nv, token, trailer); } return http_response_on_header(stream, nv, token, trailer); }
/** * Checks to see if we have signatures of the active authorites of * the accounts specified in authority or the keys specified. */ bool check_authority( const authority* au, uint32_t depth = 0 ) { if( au == nullptr ) return false; const authority& auth = *au; uint32_t total_weight = 0; for( const auto& k : auth.key_auths ) if( signed_by( k.first ) ) { total_weight += k.second; if( total_weight >= auth.weight_threshold ) return true; } for( const auto& k : auth.address_auths ) if( signed_by( k.first ) ) { total_weight += k.second; if( total_weight >= auth.weight_threshold ) return true; } for( const auto& a : auth.account_auths ) { if( approved_by.find(a.first) == approved_by.end() ) { if( depth == max_recursion ) return false; if( check_authority( get_active( a.first ), depth+1 ) ) { approved_by.insert( a.first ); total_weight += a.second; if( total_weight >= auth.weight_threshold ) return true; } } else { total_weight += a.second; if( total_weight >= auth.weight_threshold ) return true; } } return total_weight >= auth.weight_threshold; }
bool sign_state::check_authority( const authority& auth, uint32_t depth ) { uint32_t total_weight = 0; for( const auto& k : auth.key_auths ) { if( signed_by( k.first ) ) { total_weight += k.second; if( total_weight >= auth.weight_threshold ) return true; } } for( const auto& a : auth.account_auths ) { if( approved_by.find(a.first) == approved_by.end() ) { if( depth == max_recursion ) continue; if( check_authority( get_active( a.first ), depth+1 ) ) { approved_by.insert( a.first ); total_weight += a.second; if( total_weight >= auth.weight_threshold ) return true; } } else { total_weight += a.second; if( total_weight >= auth.weight_threshold ) return true; } } return total_weight >= auth.weight_threshold; }
bool sign_state::check_authority( string id ) { if( approved_by.find(id) != approved_by.end() ) return true; return check_authority( get_active(id) ); }
bool check_authority( account_id_type id ) { if( approved_by.find(id) != approved_by.end() ) return true; return check_authority( get_active(id) ); }
static int process_connect(int new_fd) { char buf[1024], *cmd; int ret, try_cnt, ofsarr[80], argc; rpc_client_s *client; try_cnt = 3; while (try_cnt--) { buf[0] = '\0'; ret = recv(new_fd, buf, sizeof(buf), 0); if (0 == ret) { kerror("c:%s, e:%s\n", "recv", strerror(errno)); break; } if (-1 == ret) { kerror("c:%s, e:%s\n", "recv", strerror(errno)); continue; } buf[ret] = '\0'; argc = get_argv(buf, ofsarr); if (0 == argc) { sprintf(buf, PROMPT); send(new_fd, buf, strlen(buf) + 1, 0); continue; } cmd = buf + ofsarr[0]; if ((argc > 5) && (0 == strcmp("hey", cmd))) { char buffer[1024]; char mode = (buf + ofsarr[1])[0]; char *rpc_client = buf + ofsarr[2]; char *connhash = buf + ofsarr[3]; char *user = buf + ofsarr[4]; char *pass = buf + ofsarr[5]; wlogf("---------------------------\n"); wlogf("\tsocket: %d\n", new_fd); wlogf("\tclient_mode: %s\n", mode == 'o' ? "Opt" : "Wch"); wlogf("\tclient_name: %s\n", rpc_client); wlogf("\tconn_hash: %s\n", connhash); wlogf("\tuser_name: %s\n", user); wlogf("\tuser_pass: %s\n", pass); wlogf("---------------------------\n"); if (check_authority(mode, rpc_client, connhash, user, pass)) return -1; client = rpc_client_get(connhash, new_fd, (mode == 'o')); if (client) { sprintf(client->prompt, "\r\n(%s)%s", rpc_client, PROMPT); if (mode == 'o') kopt_setstr("s:/k/opt/rpc/o/connect", connhash); else kopt_setstr("s:/k/opt/rpc/w/connect", connhash); /* XXX: w socket can be process insite */ if (mode == 'o') { struct epoll_event ev; ev.data.fd = new_fd; ev.events = EPOLLIN; epoll_ctl(__g_epoll_fd, EPOLL_CTL_ADD, new_fd, &ev); } /* send the ACK */ sprintf(buf, "%s%zd%s", mk_errline(0, buffer), strlen(client->prompt), client->prompt); send(new_fd, buf, strlen(buf) + 1, 0); return 0; } else kerror("rpc_client_get return NULL, increase the size of __g_clients\n"); } if (!strncmp("help", cmd, 4)) sprintf(buf, "help(), hey(mode<o|w>, client, connhash, user, pass), bye(), wa(opt), wd(opt), os(ini), og(opt)%s%s", CRLF, PROMPT); else sprintf(buf, "%s: bad command" CRLF PROMPT, cmd); send(new_fd, buf, strlen(buf) + 1, 0); } return -1; }