HSAdmin Backend Domains, E-Mail, Datenbanken
Peter Hormanns
2019-06-12 d735e8c6167aec726eee14a1f8fcf259a2fdb1ae
restrict pillar access to hostsharing servers
2 files modified
28 ■■■■■ changed files
hsarback/src/de/hsadmin/core/util/IPv6Trick.java 18 ●●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/pillar/JsonPillarServlet.java 10 ●●●●● patch | view | raw | blame | history
hsarback/src/de/hsadmin/core/util/IPv6Trick.java
@@ -16,6 +16,8 @@
    private static final String IPv4_83_223_94 = "83.223.94";     // e-Shelter Berlin
    private static final String IPv6_PREFIX_ES = "2a01:37:3000::1";
    private static final String IPv6_PREFIX_HS = "2a01:37:";
    private static final String IPv6_PREFIX_HS_ALT = "2a01:0037:";
    
    public static String convertIPv4ToIPv6(final String ipv4address) throws ProcessorException {
        if (ipv4address == null || ipv4address.length() == 0) {
@@ -38,6 +40,22 @@
        throw new ProcessorException("unknown IPv4 address given");
    }
    public static boolean isKnownRemote(final String remoteAddress) {
        boolean isKnown = false;
        if (remoteAddress.startsWith(IPv6_PREFIX_HS) || remoteAddress.startsWith(IPv6_PREFIX_HS_ALT)) {
            // Hostsharing IPv6
            isKnown = true;
        }
        if (remoteAddress.startsWith(IPv4_83_223_78) || remoteAddress.startsWith(IPv4_83_223_94)) {
            // e-Shelter
            isKnown = true;
        }
        if (remoteAddress.startsWith(IPv4_83_223_79) || remoteAddress.startsWith(IPv4_83_223_91) || remoteAddress.startsWith(IPv4_83_223_95)) {
            // Speedbone Alboin Kontor
            isKnown = true;
        }
        return isKnown;
    }
    private static String embedIPv4Address(final InetAddress ipv4address, final InetAddress ipv6Mask) throws UnknownHostException {
        final byte[] ipv4Bytes = ipv4address.getAddress();
hsarback/src/de/hsadmin/pillar/JsonPillarServlet.java
@@ -12,8 +12,11 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.httpclient.HttpStatus;
import de.hsadmin.core.model.Transaction;
import de.hsadmin.core.qserv.ProcessorException;
import de.hsadmin.core.util.IPv6Trick;
import de.hsadmin.mods.pac.Hive;
import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.pac.PacComponent;
@@ -24,7 +27,12 @@
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        final Transaction transaction = new Transaction("pilalr");
        final String remoteAddr = req.getRemoteAddr();
        if (!IPv6Trick.isKnownRemote(remoteAddr)) {
            resp.sendError(HttpStatus.SC_UNAUTHORIZED);
            return;
        }
        final Transaction transaction = new Transaction("pillar");
        final EntityManager em = transaction.getEntityManager();
        final String hiveFqdn = req.getParameter("hive");
        String hiveName = "";