|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* Application component that keeps track of the current access whitelist and |
|
5
|
|
|
* provides a way to check the client against it. |
|
6
|
|
|
* |
|
7
|
|
|
* @author Sam Stenvall <[email protected]> |
|
8
|
|
|
* @copyright Copyright © Sam Stenvall 2013- |
|
9
|
|
|
* @license https://www.gnu.org/licenses/gpl.html The GNU General Public License v3.0 |
|
10
|
|
|
*/ |
|
11
|
|
|
class Whitelist extends CApplicationComponent |
|
12
|
|
|
{ |
|
13
|
|
|
|
|
14
|
|
|
/** |
|
15
|
|
|
* @var \Whitelist\Check the whitelist checker |
|
16
|
|
|
*/ |
|
17
|
|
|
private $_checker; |
|
18
|
|
|
|
|
19
|
|
|
/** |
|
20
|
|
|
* @var boolean indicates whether the whitelist should be consulted or not |
|
21
|
|
|
*/ |
|
22
|
|
|
private $_isActive = false; |
|
23
|
|
|
|
|
24
|
|
|
/** |
|
25
|
|
|
* Initializes the component |
|
26
|
|
|
*/ |
|
27
|
|
|
public function init() |
|
28
|
|
|
{ |
|
29
|
|
|
$this->_checker = new Whitelist\Check(); |
|
30
|
|
|
|
|
31
|
|
|
// Load any stored definitions |
|
32
|
|
|
$definitions = Setting::getString('whitelist'); |
|
33
|
|
|
|
|
34
|
|
|
if (!empty($definitions)) |
|
35
|
|
|
{ |
|
36
|
|
|
$definitions = $this->parseDefinitions($definitions); |
|
37
|
|
|
$this->setDefinitions($definitions); |
|
38
|
|
|
} |
|
39
|
|
|
|
|
40
|
|
|
parent::init(); |
|
41
|
|
|
} |
|
42
|
|
|
|
|
43
|
|
|
/** |
|
44
|
|
|
* Parses a comma-separated string of definitions into an array |
|
45
|
|
|
* @param string $definitions the definition string |
|
46
|
|
|
* @return array |
|
47
|
|
|
*/ |
|
48
|
|
|
public function parseDefinitions($definitions) |
|
49
|
|
|
{ |
|
50
|
|
|
return explode(',', $definitions); |
|
51
|
|
|
} |
|
52
|
|
|
|
|
53
|
|
|
/** |
|
54
|
|
|
* Activates the whitelist with the specified definitions |
|
55
|
|
|
* @param array $definitions the definitions |
|
56
|
|
|
*/ |
|
57
|
|
|
public function setDefinitions($definitions) |
|
58
|
|
|
{ |
|
59
|
|
|
$this->_checker->whitelist($definitions); |
|
60
|
|
|
$this->_isActive = true; |
|
61
|
|
|
} |
|
62
|
|
|
|
|
63
|
|
|
/** |
|
64
|
|
|
* Validates the specified conditions |
|
65
|
|
|
* @param array $definitions the definitions |
|
66
|
|
|
* @return boolean whether the definition set is legal or not |
|
67
|
|
|
*/ |
|
68
|
|
|
public function validateDefinitions($definitions) |
|
69
|
|
|
{ |
|
70
|
|
|
$temporaryChecker = clone $this->_checker; |
|
71
|
|
|
|
|
72
|
|
|
try |
|
73
|
|
|
{ |
|
74
|
|
|
$temporaryChecker->whitelist($definitions); |
|
75
|
|
|
} |
|
76
|
|
|
catch (Exception $e) |
|
77
|
|
|
{ |
|
78
|
|
|
unset($e); |
|
79
|
|
|
return false; |
|
80
|
|
|
} |
|
81
|
|
|
|
|
82
|
|
|
return true; |
|
83
|
|
|
} |
|
84
|
|
|
|
|
85
|
|
|
/** |
|
86
|
|
|
* Checks the client address and/or hostname against the whitelisted. The |
|
87
|
|
|
* check is omitted if no whitelist definitions have been specified or if |
|
88
|
|
|
* the override file is present. |
|
89
|
|
|
* @param boolean $ignoreOverride whether to honor the override file when |
|
90
|
|
|
* checking. |
|
91
|
|
|
* @return boolean whether the client is whitelisted or not |
|
92
|
|
|
*/ |
|
93
|
|
|
public function check($ignoreOverride = false) |
|
94
|
|
|
{ |
|
95
|
|
|
if (!$this->_isActive) |
|
96
|
|
|
return true; |
|
97
|
|
|
|
|
98
|
|
|
// Discard the check if the override file is present or if the |
|
99
|
|
|
// whitelist is inactive |
|
100
|
|
|
$overrideFile = Yii::app()->basePath.'/../../whitelist.override'; |
|
101
|
|
|
|
|
102
|
|
|
if (!$ignoreOverride && file_exists($overrideFile)) |
|
103
|
|
|
{ |
|
104
|
|
|
Yii::app()->user->setFlash('info', 'Whitelist override in effect'); |
|
105
|
|
|
return true; |
|
106
|
|
|
} |
|
107
|
|
|
|
|
108
|
|
|
$address = $_SERVER['REMOTE_ADDR']; |
|
109
|
|
|
$hostname = gethostbyaddr($address); |
|
110
|
|
|
|
|
111
|
|
|
$whitelisted = $this->_checker->check($address); |
|
112
|
|
|
|
|
113
|
|
|
if (!$whitelisted && $hostname !== false && $hostname !== $address) |
|
114
|
|
|
$whitelisted = $this->_checker->check($hostname); |
|
115
|
|
|
|
|
116
|
|
|
return $whitelisted; |
|
117
|
|
|
} |
|
118
|
|
|
|
|
119
|
|
|
} |
|
120
|
|
|
|
Jalle19 /
xbmc-video-server
