NetworkUtils::HostEntry NetworkUtils::getHostByAddress(const Poco::Net::IPAddress& ipAddress)
{
NetworkUtils::HostEntry hostEntry;
try
{
hostEntry = Poco::Net::DNS::hostByAddress(ipAddress);
}
catch (const Poco::Net::HostNotFoundException& exc)
{
ofLogError("NetworkUtils::getHostByAddress") << exc.displayText();
return hostEntry;
}
catch (const Poco::Net::DNSException& exc)
{
ofLogError("NetworkUtils::getHostByAddress") << exc.displayText();
return hostEntry;
}
catch (const Poco::IOException& exc)
{
ofLogError("NetworkUtils::getHostByAddress") << exc.displayText();
return hostEntry;
}
catch (...)
{
ofLogError("NetworkUtils::getHostByAddress") << "Unknown Exception: " << ipAddress.toString();
return hostEntry;
}
return hostEntry;
}
QuotaForIntervalsPtr Quota::get(const String & quota_key, const String & user_name, const Poco::Net::IPAddress & ip)
{
if (!quota_key.empty() && !ignore_key_if_not_keyed && (!is_keyed || keyed_by_ip))
throw Exception("Quota " + name + " (for user " + user_name + ") doesn't allow client supplied keys.",
ErrorCodes::QUOTA_DOESNT_ALLOW_KEYS);
/** Quota is calculated separately:
* - for each IP-address, if 'keyed_by_ip';
* - otherwise for each 'quota_key', if present;
* - otherwise for each 'user_name'.
*/
UInt64 quota_key_hashed = sipHash64(
keyed_by_ip
? ip.toString()
: (!quota_key.empty()
? quota_key
: user_name));
std::lock_guard<std::mutex> lock(mutex);
Container::iterator it = quota_for_keys.find(quota_key_hashed);
if (quota_for_keys.end() == it)
it = quota_for_keys.emplace(quota_key_hashed, std::make_shared<QuotaForIntervals>(max, user_name)).first;
return it->second;
}
std::string ofApp::toString(const ofxNet::IPAddressRange& range,
const Poco::Net::IPAddress& address)
{
std::stringstream ss;
ss << address.toString();
ss << (range.contains(address) ? " is in " : " is NOT in ");
ss << range.toString();
ss << " (" << range.getHostMin().toString();
ss << " - " << range.getHostMax().toString();
ss << ")" << std::endl;
return ss.str();
}
UserPtr SecurityManager::authorizeAndGetUser(
const String & user_name,
const String & password,
const Poco::Net::IPAddress & address) const
{
auto it = users.find(user_name);
if (users.end() == it)
throw Exception("Unknown user " + user_name, ErrorCodes::UNKNOWN_USER);
if (!it->second->addresses.contains(address))
throw Exception("User " + user_name + " is not allowed to connect from address " + address.toString(), ErrorCodes::IP_ADDRESS_NOT_ALLOWED);
auto on_wrong_password = [&]()
{
if (password.empty())
throw Exception("Password required for user " + user_name, ErrorCodes::REQUIRED_PASSWORD);
else
throw Exception("Wrong password for user " + user_name, ErrorCodes::WRONG_PASSWORD);
};
if (!it->second->password_sha256_hex.empty())
{
unsigned char hash[32];
SHA256_CTX ctx;
SHA256_Init(&ctx);
SHA256_Update(&ctx, reinterpret_cast<const unsigned char *>(password.data()), password.size());
SHA256_Final(hash, &ctx);
String hash_hex;
{
WriteBufferFromString buf(hash_hex);
HexWriteBuffer hex_buf(buf);
hex_buf.write(reinterpret_cast<const char *>(hash), sizeof(hash));
}
Poco::toLowerInPlace(hash_hex);
if (hash_hex != it->second->password_sha256_hex)
on_wrong_password();
}
else if (password != it->second->password)
{
on_wrong_password();
}
return it->second;
}
