mirror of
https://github.com/yacy/yacy_search_server.git
synced 2024-09-19 00:01:41 +02:00
f40566f9bb
- added server-side network unit identification - added server-side network access authorization - enhanced client-side network authentification essentials generation - implemented first peer-peer salted-magic authentification method git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@3953 6c8d7289-2bf4-0310-a012-ef5d649a1542
168 lines
9.2 KiB
Java
168 lines
9.2 KiB
Java
// transfer.java
|
|
// -----------------------
|
|
// part of YaCy caching proxy
|
|
// (C) by Michael Peter Christen; mc@anomic.de
|
|
// first published on http://www.anomic.de
|
|
// Frankfurt, Germany, 2004
|
|
// created 07.11.2005
|
|
//
|
|
// $LastChangedDate$
|
|
// $LastChangedRevision$
|
|
// $LastChangedBy$
|
|
//
|
|
// This program is free software; you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation; either version 2 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with this program; if not, write to the Free Software
|
|
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
//
|
|
// Using this software in any meaning (reading, learning, copying, compiling,
|
|
// running) means that you agree that the Author(s) is (are) not responsible
|
|
// for cost, loss of data or any harm that may be caused directly or indirectly
|
|
// by usage of this softare or this documentation. The usage of this software
|
|
// is on your own risk. The installation and usage (starting/running) of this
|
|
// software may allow other people or application to access your computer and
|
|
// any attached devices and is highly dependent on the configuration of the
|
|
// software which must be done by the user of the software; the author(s) is
|
|
// (are) also not responsible for proper configuration and usage of the
|
|
// software, even if provoked by documentation provided together with
|
|
// the software.
|
|
//
|
|
// Any changes to this file according to the GPL as documented in the file
|
|
// gpl.txt aside this file in the shipment you received can be done to the
|
|
// lines that follows this copyright notice here, but changes must not be
|
|
// done inside the copyright notive above. A re-distribution must contain
|
|
// the intact and unchanged copyright notice.
|
|
// Contributions and changes to the program code must be marked as such.
|
|
|
|
import java.io.File;
|
|
import java.io.IOException;
|
|
|
|
import de.anomic.http.httpHeader;
|
|
import de.anomic.kelondro.kelondroBase64Order;
|
|
import de.anomic.plasma.plasmaRankingDistribution;
|
|
import de.anomic.plasma.plasmaSwitchboard;
|
|
import de.anomic.server.serverCodings;
|
|
import de.anomic.server.serverFileUtils;
|
|
import de.anomic.server.serverObjects;
|
|
import de.anomic.server.serverSwitch;
|
|
import de.anomic.yacy.yacyCore;
|
|
import de.anomic.yacy.yacyNetwork;
|
|
import de.anomic.yacy.yacySeed;
|
|
|
|
public final class transfer {
|
|
|
|
public static serverObjects respond(httpHeader header, serverObjects post, serverSwitch env) {
|
|
plasmaSwitchboard sb = (plasmaSwitchboard) env;
|
|
serverObjects prop = new serverObjects();
|
|
if ((post == null) || (env == null)) return prop;
|
|
if (!yacyNetwork.authentifyRequest(post, env)) return prop;
|
|
|
|
String process = post.get("process", ""); // permission or store
|
|
//String key = post.get("key", ""); // a transmission key from the client
|
|
String otherpeer = post.get("iam", ""); // identification of the client (a peer-hash)
|
|
String purpose = post.get("purpose", ""); // declares how the file shall be treated
|
|
String filename = post.get("filename", ""); // a name of a file without path
|
|
//long filesize = Long.parseLong((String) post.get("filesize", "")); // the size of the file
|
|
|
|
prop.put("process", 0);
|
|
prop.putASIS("response", "denied"); // reject is default and is overwritten if ok
|
|
prop.putASIS("process_access", "");
|
|
prop.putASIS("process_address", "");
|
|
prop.putASIS("process_protocol", "");
|
|
prop.putASIS("process_path", "");
|
|
prop.putASIS("process_maxsize", "0");
|
|
|
|
if (sb.isRobinsonMode() || !sb.rankingOn) {
|
|
// in a robinson environment, do not answer. We do not do any transfer in a robinson cluster.
|
|
return prop;
|
|
}
|
|
|
|
yacySeed otherseed = yacyCore.seedDB.get(otherpeer);
|
|
if ((otherseed == null) || (filename.indexOf("..") >= 0)) {
|
|
// reject unknown peers: this does not appear fair, but anonymous senders are dangerous
|
|
// reject paths that contain '..' because they are dangerous
|
|
if (otherseed == null) sb.getLog().logFine("RankingTransmission: rejected unknown peer '" + otherpeer + "', current IP " + header.get("CLIENTIP", "unknown"));
|
|
if (filename.indexOf("..") >= 0) sb.getLog().logFine("RankingTransmission: rejected wrong path '" + filename + "' from peer " + otherseed.getName() + "/" + otherseed.getPublicAddress()+ ", current IP " + header.get("CLIENTIP", "unknown"));
|
|
return prop;
|
|
}
|
|
|
|
String otherpeerName = otherseed.hash + ":" + otherseed.getName();
|
|
|
|
if (process.equals("permission")) {
|
|
prop.put("process", 0);
|
|
if (((purpose.equals("crcon")) && (filename.startsWith("CRG")) && (filename.endsWith(".cr.gz"))) || ((filename.startsWith("domlist")) && (filename.endsWith(".txt.gz") || filename.endsWith(".zip")))) {
|
|
// consolidation of cr files
|
|
//System.out.println("yacy/transfer:post=" + post.toString());
|
|
//String cansendprotocol = (String) post.get("can-send-protocol", "http");
|
|
String access = kelondroBase64Order.enhancedCoder.encode(serverCodings.encodeMD5Raw(otherpeer + ":" + filename)) + ":" + kelondroBase64Order.enhancedCoder.encode(serverCodings.encodeMD5Raw("" + System.currentTimeMillis()));
|
|
prop.putASIS("response", "ok");
|
|
prop.putASIS("process_access", access);
|
|
prop.putASIS("process_address", yacyCore.seedDB.mySeed.getPublicAddress());
|
|
prop.putASIS("process_protocol", "http");
|
|
prop.putASIS("process_path", ""); // currently empty; the store process will find a path
|
|
prop.putASIS("process_maxsize", "-1"); // if response is too big we return the size of the file
|
|
sb.rankingPermissions.put(serverCodings.encodeMD5Hex(kelondroBase64Order.standardCoder.encodeString(access)), filename);
|
|
sb.getLog().logFine("RankingTransmission: granted peer " + otherpeerName + " to send CR file " + filename);
|
|
}
|
|
return prop;
|
|
}
|
|
|
|
if (process.equals("store")) {
|
|
prop.put("process", 1);
|
|
if (purpose.equals("crcon")) {
|
|
byte[] filebytes = (byte[]) post.get("filename$file");
|
|
String accesscode = post.get("access", ""); // one-time authentication
|
|
String md5 = post.get("md5", ""); // one-time authentication
|
|
//java.util.HashMap perm = sb.rankingPermissions;
|
|
//System.out.println("PERMISSIONDEBUG: accesscode=" + accesscode + ", permissions=" + perm.toString());
|
|
String grantedFile = (String) sb.rankingPermissions.get(accesscode);
|
|
prop.putASIS("process_tt", "");
|
|
if ((grantedFile == null) || (!(grantedFile.equals(filename)))) {
|
|
// fraud-access of this interface
|
|
prop.putASIS("response", "denied");
|
|
sb.getLog().logFine("RankingTransmission: denied " + otherpeerName + " to send CR file " + filename + ": wrong access code");
|
|
} else {
|
|
sb.rankingPermissions.remove(accesscode); // not needed any more
|
|
File path = new File(sb.rankingPath, plasmaRankingDistribution.CR_OTHER);
|
|
path.mkdirs();
|
|
File file = new File(path, filename);
|
|
try {
|
|
if (file.getCanonicalPath().toString().startsWith(path.getCanonicalPath().toString())){
|
|
serverFileUtils.write(filebytes, file);
|
|
String md5t = serverCodings.encodeMD5Hex(file);
|
|
if (md5t.equals(md5)) {
|
|
prop.putASIS("response", "ok");
|
|
sb.getLog().logFine("RankingTransmission: received from peer " + otherpeerName + " CR file " + filename);
|
|
} else {
|
|
prop.putASIS("response", "transfer failure");
|
|
sb.getLog().logFine("RankingTransmission: transfer failure from peer " + otherpeerName + " for CR file " + filename);
|
|
}
|
|
}else{
|
|
//exploit?
|
|
prop.putASIS("response", "io error");
|
|
return prop;
|
|
}
|
|
} catch (IOException e) {
|
|
prop.putASIS("response", "io error");
|
|
}
|
|
}
|
|
}
|
|
return prop;
|
|
}
|
|
|
|
// wrong access
|
|
sb.getLog().logFine("RankingTransmission: rejected unknown process " + process + ":" + purpose + " from peer " + otherpeerName);
|
|
return prop;
|
|
}
|
|
|
|
}
|