diff options
author | ramon <ramongomez@us.es> | 2016-10-05 14:31:04 +0000 |
---|---|---|
committer | ramon <ramongomez@us.es> | 2016-10-05 14:31:04 +0000 |
commit | 21e5ee327b530befd844eae1e0f443bfcb45db48 (patch) | |
tree | 0b54320312ffdeff7725a3a4ce4671d7c826d3f7 /admin/WebConsole/rest/ogagent.php | |
parent | a9140b08dfa5e29fd8e0f308d1f89f274ea7b811 (diff) |
#708: Documentar funciones, comprobar consistencia de dirección IP y de tipo de cliente para peticiones de OGAgent y evitar saltos de línea innecesarios en las respuestas.
git-svn-id: https://opengnsys.es/svn/branches/version1.1@5027 a21b9725-9963-47de-94b9-378ad31fedc9
Diffstat (limited to 'admin/WebConsole/rest/ogagent.php')
-rw-r--r-- | admin/WebConsole/rest/ogagent.php | 54 |
1 files changed, 37 insertions, 17 deletions
diff --git a/admin/WebConsole/rest/ogagent.php b/admin/WebConsole/rest/ogagent.php index c6c575af..d2801d98 100644 --- a/admin/WebConsole/rest/ogagent.php +++ b/admin/WebConsole/rest/ogagent.php @@ -10,11 +10,11 @@ define('LOG_FILE', '/opt/opengnsys/log/ogagent.log'); /** * @brief OGAgent notifies that its service is started on a client. - * @note Route: /ogagent/started, Method: POST + * @note Route: /ogagent/started, Method: POST, Format: JSON * @param string ip IP address * @param string mac MAC (Ethernet) address * @param string ostype OS type (Linux, Windows) - * @param string osversion OS name and version + * @param string osversion OS version * @param string secret random secret key to access client's REST API * @return Null string if OK, else error message. */ @@ -29,9 +29,9 @@ $app->post('/ogagent/started', $mac = htmlspecialchars($input->mac); if (isset($input->ostype)) $osType = htmlspecialchars($input->ostype); if (isset($input->osversion)) $osVersion = str_replace(",", ";", htmlspecialchars($input->osversion)); - // Check sender IP address consistency (same as parameter value). - if ($ip !== $_SERVER['REMOTE_ADDR']) { - throw new Exception("Bad IP address: agent=$ip, sender=".$_SERVER['REMOTE_ADDR']); + // Check sender agent type and IP address consistency (same as parameter value). + if (empty(preg_match('/^python-requests\//', $_SERVER['HTTP_USER_AGENT'])) or $ip !== $_SERVER['REMOTE_ADDR']) { + throw new Exception("Bad OGAgent: ip=$ip, sender=".$_SERVER['REMOTE_ADDR'].", agent=".$_SERVER['HTTP_USER_AGENT']); } // Client secret key for secure communications. if (isset($input->secret)) { @@ -40,6 +40,7 @@ $app->post('/ogagent/started', throw new Exception("Bad secret key: ip=$ip, mac=$mac, os=$osType:$osVersion."); } // Store secret key in DB. + if (isset($input->secret)) $secret = htmlspecialchars($input->secret)); $cmd->texto = "UPDATE ordenadores SET agentkey='$secret' WHERE ip='$ip' AND mac=UPPER(REPLACE('$mac',':','')) @@ -66,7 +67,15 @@ $app->post('/ogagent/started', } ); -// OGAgent notifies that its service is stopped on client. +/** + * @brief OGAgent notifies that its service is stopped on client. + * @note Route: /ogagent/stopped, Method: POST, Format: JSON + * @param string ip IP address + * @param string mac MAC (Ethernet) address + * @param string ostype OS type (Linux, Windows) + * @param string osversion OS version + * @return Null string if OK, else error message. + */ $app->post('/ogagent/stopped', function() use ($app) { $osType = $osVersion = "none"; @@ -77,9 +86,9 @@ $app->post('/ogagent/stopped', $mac = htmlspecialchars($input->mac); if (isset($input->ostype)) $osType = htmlspecialchars($input->ostype); if (isset($input->osversion)) $osVersion = str_replace(",", ";", htmlspecialchars($input->osversion)); - // Check sender IP address consistency (same as parameter value). - if ($ip !== $_SERVER['REMOTE_ADDR']) { - throw new Exception("Bad IP address: agent=$ip, sender=".$_SERVER['REMOTE_ADDR']); + // Check sender agent type and IP address consistency (same as parameter value). + if (empty(preg_match('/^python-requests\//', $_SERVER['HTTP_USER_AGENT'])) or $ip !== $_SERVER['REMOTE_ADDR']) { + throw new Exception("Bad OGAgent: ip=$ip, sender=".$_SERVER['REMOTE_ADDR'].", agent=".$_SERVER['HTTP_USER_AGENT']); } // May check if client is included in the server database? // Default processing: log activity. @@ -96,7 +105,13 @@ $app->post('/ogagent/stopped', } ); -// OGAgent notifies that an user logs in. +/** + * @brief OGAgent notifies that an user logs in. + * @note Route: /ogagent/loggedin, Method: POST, Format: JSON + * @param string ip IP address + * @param string user username + * @return Null string if OK, else error message. + */ $app->post('/ogagent/loggedin', function() use ($app) { try { @@ -105,8 +120,8 @@ $app->post('/ogagent/loggedin', $ip = htmlspecialchars($input->ip); $user = htmlspecialchars($input->user); // Check sender IP address consistency (same as parameter value). - if ($ip !== $_SERVER['REMOTE_ADDR']) { - throw new Exception("Bad IP address: agent=$ip, sender=".$_SERVER['REMOTE_ADDR']); + if (empty(preg_match('/^python-requests\//', $_SERVER['HTTP_USER_AGENT'])) or $ip !== $_SERVER['REMOTE_ADDR']) { + throw new Exception("Bad OGAgent: ip=$ip, sender=".$_SERVER['REMOTE_ADDR'].", agent=".$_SERVER['HTTP_USER_AGENT']); } // May check if client is included in the server database? // Default processing: log activity. @@ -123,7 +138,13 @@ $app->post('/ogagent/loggedin', } ); -// OGAgent notifies that an user logs out. +/** + * @brief OGAgent notifies that an user logs out. + * @note Route: /ogagent/loggedout, Method: POST, Format: JSON + * @param string ip IP address + * @param string user username + * @return Null string if OK, else error message. + */ $app->post('/ogagent/loggedout', function() use ($app) { try { @@ -131,9 +152,9 @@ $app->post('/ogagent/loggedout', $input = json_decode($app->request()->getBody()); $ip = htmlspecialchars($input->ip); $user = htmlspecialchars($input->user); - // Check sender IP address consistency (same as parameter value). - if ($ip !== $_SERVER['REMOTE_ADDR']) { - throw new Exception("Bad IP address: agent=$ip, sender=".$_SERVER['REMOTE_ADDR']); + // Check sender agent type and IP address consistency (same as parameter value). + if (empty(preg_match('/^python-requests\//', $_SERVER['HTTP_USER_AGENT'])) or $ip !== $_SERVER['REMOTE_ADDR']) { + throw new Exception("Bad OGAgent: ip=$ip, sender=".$_SERVER['REMOTE_ADDR'].", agent=".$_SERVER['HTTP_USER_AGENT']); } // May check if client is included in the server database? // Default processing: log activity. @@ -151,4 +172,3 @@ $app->post('/ogagent/loggedout', ); ?> - |