Remove existing URL ACLs to avoid conflicts

New: Choose IP address to listen on (advanced)
Fixed: Check if URL has been registered with Windows before trying to register it
pull/145/head
Mark McDowall 10 years ago
parent 5a8ce04bd5
commit d77c685d14

@ -1,5 +1,4 @@
using System; using System.Linq;
using System.Linq;
using System.Reflection; using System.Reflection;
using FluentValidation; using FluentValidation;
using NzbDrone.Common.EnvironmentInfo; using NzbDrone.Common.EnvironmentInfo;
@ -24,10 +23,8 @@ namespace NzbDrone.Api.Config
GetResourceById = GetHostConfig; GetResourceById = GetHostConfig;
UpdateResource = SaveHostConfig; UpdateResource = SaveHostConfig;
SharedValidator.RuleFor(c => c.Branch).NotEmpty().WithMessage("Branch name is required, 'master' is the default"); SharedValidator.RuleFor(c => c.Branch).NotEmpty().WithMessage("Branch name is required, 'master' is the default");
SharedValidator.RuleFor(c => c.Port).ValidPort(); SharedValidator.RuleFor(c => c.Port).ValidPort();
SharedValidator.RuleFor(c => c.BindAddress).ValidIp4Address().When(c => c.BindAddress != "*");
SharedValidator.RuleFor(c => c.Port).InclusiveBetween(1, 65535);
SharedValidator.RuleFor(c => c.Username).NotEmpty().When(c => c.AuthenticationEnabled); SharedValidator.RuleFor(c => c.Username).NotEmpty().When(c => c.AuthenticationEnabled);
SharedValidator.RuleFor(c => c.Password).NotEmpty().When(c => c.AuthenticationEnabled); SharedValidator.RuleFor(c => c.Password).NotEmpty().When(c => c.AuthenticationEnabled);
@ -36,6 +33,11 @@ namespace NzbDrone.Api.Config
SharedValidator.RuleFor(c => c.SslCertHash).NotEmpty().When(c => c.EnableSsl && OsInfo.IsWindows); SharedValidator.RuleFor(c => c.SslCertHash).NotEmpty().When(c => c.EnableSsl && OsInfo.IsWindows);
SharedValidator.RuleFor(c => c.UpdateScriptPath).IsValidPath().When(c => c.UpdateMechanism == UpdateMechanism.Script); SharedValidator.RuleFor(c => c.UpdateScriptPath).IsValidPath().When(c => c.UpdateMechanism == UpdateMechanism.Script);
SharedValidator.RuleFor(c => c.BindAddress)
.ValidIp4Address()
.NotListenAllIp4Address()
.When(c => c.BindAddress != "*");
} }
private HostConfigResource GetHostConfig() private HostConfigResource GetHostConfig()
@ -61,4 +63,4 @@ namespace NzbDrone.Api.Config
_configFileProvider.SaveConfigDictionary(dictionary); _configFileProvider.SaveConfigDictionary(dictionary);
} }
} }
} }

@ -841,6 +841,7 @@
<Compile Include="Update\UpdateVerification.cs" /> <Compile Include="Update\UpdateVerification.cs" />
<Compile Include="Update\UpdateVerificationFailedException.cs" /> <Compile Include="Update\UpdateVerificationFailedException.cs" />
<Compile Include="Validation\FolderValidator.cs" /> <Compile Include="Validation\FolderValidator.cs" />
<Compile Include="Validation\IpValidation.cs" />
<Compile Include="Validation\LangaugeValidator.cs" /> <Compile Include="Validation\LangaugeValidator.cs" />
<Compile Include="Validation\NzbDroneValidationFailure.cs" /> <Compile Include="Validation\NzbDroneValidationFailure.cs" />
<Compile Include="Validation\Paths\DroneFactoryValidator.cs" /> <Compile Include="Validation\Paths\DroneFactoryValidator.cs" />

@ -0,0 +1,35 @@
using System.Net;
using System.Net.Sockets;
using FluentValidation;
using FluentValidation.Validators;
namespace NzbDrone.Core.Validation
{
public static class IpValidation
{
public static IRuleBuilderOptions<T, string> ValidIp4Address<T>(this IRuleBuilder<T, string> ruleBuilder)
{
return ruleBuilder.Must(x =>
{
IPAddress parsedAddress;
if (!IPAddress.TryParse(x, out parsedAddress))
{
return false;
}
if (parsedAddress.Equals(IPAddress.Parse("255.255.255.255")))
{
return false;
}
return parsedAddress.AddressFamily == AddressFamily.InterNetwork;
}).WithMessage("Must be a valid IPv4 Address");
}
public static IRuleBuilderOptions<T, string> NotListenAllIp4Address<T>(this IRuleBuilder<T, string> ruleBuilder)
{
return ruleBuilder.SetValidator(new RegularExpressionValidator(@"^(?!0\.0\.0\.0)")).WithMessage("Use * instead of 0.0.0.0");
}
}
}

@ -1,6 +1,4 @@
using System.Net; using System.Text.RegularExpressions;
using System.Net.Sockets;
using System.Text.RegularExpressions;
using FluentValidation; using FluentValidation;
using FluentValidation.Validators; using FluentValidation.Validators;
using NzbDrone.Core.Parser; using NzbDrone.Core.Parser;
@ -35,21 +33,6 @@ namespace NzbDrone.Core.Validation
return ruleBuilder.SetValidator(new InclusiveBetweenValidator(1, 65535)); return ruleBuilder.SetValidator(new InclusiveBetweenValidator(1, 65535));
} }
public static IRuleBuilderOptions<T, string> ValidIp4Address<T>(this IRuleBuilder<T, string> ruleBuilder)
{
return ruleBuilder.Must(x =>
{
IPAddress parsedAddress;
if (!IPAddress.TryParse(x, out parsedAddress))
{
return false;
}
return parsedAddress.AddressFamily == AddressFamily.InterNetwork;
});
}
public static IRuleBuilderOptions<T, Language> ValidLanguage<T>(this IRuleBuilder<T, Language> ruleBuilder) public static IRuleBuilderOptions<T, Language> ValidLanguage<T>(this IRuleBuilder<T, Language> ruleBuilder)
{ {
return ruleBuilder.SetValidator(new LangaugeValidator()); return ruleBuilder.SetValidator(new LangaugeValidator());

@ -0,0 +1,20 @@
using System;
namespace NzbDrone.Host.AccessControl
{
public class UrlAcl
{
public string Scheme { get; set; }
public string Address { get; set; }
public int Port { get; set; }
public string UrlBase { get; set; }
public string Url
{
get
{
return String.Format("{0}://{1}:{2}/{3}", Scheme, Address, Port, UrlBase);
}
}
}
}

@ -1,15 +1,18 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Text.RegularExpressions;
using NLog; using NLog;
using NzbDrone.Common;
using NzbDrone.Common.EnvironmentInfo; using NzbDrone.Common.EnvironmentInfo;
using NzbDrone.Common.Extensions;
using NzbDrone.Core.Configuration; using NzbDrone.Core.Configuration;
namespace NzbDrone.Host.AccessControl namespace NzbDrone.Host.AccessControl
{ {
public interface IUrlAclAdapter public interface IUrlAclAdapter
{ {
void ConfigureUrl(); void ConfigureUrls();
List<String> Urls { get; } List<String> Urls { get; }
} }
@ -20,7 +23,18 @@ namespace NzbDrone.Host.AccessControl
private readonly IRuntimeInfo _runtimeInfo; private readonly IRuntimeInfo _runtimeInfo;
private readonly Logger _logger; private readonly Logger _logger;
public List<String> Urls { get; private set; } public List<String> Urls
{
get
{
return InternalUrls.Select(c => c.Url).ToList();
}
}
private List<UrlAcl> InternalUrls { get; set; }
private List<UrlAcl> RegisteredUrls { get; set; }
private static readonly Regex UrlAclRegex = new Regex(@"(?<scheme>https?)\:\/\/(?<address>.+?)\:(?<port>\d+)/(?<urlbase>.+)?", RegexOptions.Compiled | RegexOptions.IgnoreCase);
public UrlAclAdapter(INetshProvider netshProvider, public UrlAclAdapter(INetshProvider netshProvider,
IConfigFileProvider configFileProvider, IConfigFileProvider configFileProvider,
@ -32,20 +46,21 @@ namespace NzbDrone.Host.AccessControl
_runtimeInfo = runtimeInfo; _runtimeInfo = runtimeInfo;
_logger = logger; _logger = logger;
Urls = new List<String>(); InternalUrls = new List<UrlAcl>();
RegisteredUrls = GetRegisteredUrls();
} }
public void ConfigureUrl() public void ConfigureUrls()
{ {
var localHostHttpUrls = BuildUrls("http", "localhost", _configFileProvider.Port); var localHostHttpUrls = BuildUrlAcls("http", "localhost", _configFileProvider.Port);
var interfaceHttpUrls = BuildUrls("http", _configFileProvider.BindAddress, _configFileProvider.Port); var interfaceHttpUrls = BuildUrlAcls("http", _configFileProvider.BindAddress, _configFileProvider.Port);
var localHostHttpsUrls = BuildUrls("https", "localhost", _configFileProvider.SslPort); var localHostHttpsUrls = BuildUrlAcls("https", "localhost", _configFileProvider.SslPort);
var interfaceHttpsUrls = BuildUrls("https", _configFileProvider.BindAddress, _configFileProvider.SslPort); var interfaceHttpsUrls = BuildUrlAcls("https", _configFileProvider.BindAddress, _configFileProvider.SslPort);
if (!_configFileProvider.EnableSsl) if (!_configFileProvider.EnableSsl)
{ {
Urls.Clear(); localHostHttpsUrls.Clear();
interfaceHttpsUrls.Clear(); interfaceHttpsUrls.Clear();
} }
@ -54,13 +69,33 @@ namespace NzbDrone.Host.AccessControl
var httpUrls = interfaceHttpUrls.All(IsRegistered) ? interfaceHttpUrls : localHostHttpUrls; var httpUrls = interfaceHttpUrls.All(IsRegistered) ? interfaceHttpUrls : localHostHttpUrls;
var httpsUrls = interfaceHttpsUrls.All(IsRegistered) ? interfaceHttpsUrls : localHostHttpsUrls; var httpsUrls = interfaceHttpsUrls.All(IsRegistered) ? interfaceHttpsUrls : localHostHttpsUrls;
Urls.AddRange(httpUrls); InternalUrls.AddRange(httpUrls);
Urls.AddRange(httpsUrls); InternalUrls.AddRange(httpsUrls);
if (_configFileProvider.BindAddress != "*")
{
if (httpUrls.None(c => c.Address.Equals("localhost")))
{
InternalUrls.AddRange(localHostHttpUrls);
}
if (httpsUrls.None(c => c.Address.Equals("localhost")))
{
InternalUrls.AddRange(localHostHttpsUrls);
}
}
} }
else else
{ {
Urls.AddRange(interfaceHttpUrls); InternalUrls.AddRange(interfaceHttpUrls);
Urls.AddRange(interfaceHttpsUrls); InternalUrls.AddRange(interfaceHttpsUrls);
//Register localhost URLs so the IP Address doesn't need to be used from the local system
if (_configFileProvider.BindAddress != "*")
{
InternalUrls.AddRange(localHostHttpUrls);
InternalUrls.AddRange(localHostHttpsUrls);
}
if (OsInfo.IsWindows) if (OsInfo.IsWindows)
{ {
@ -71,49 +106,104 @@ namespace NzbDrone.Host.AccessControl
private void RefreshRegistration() private void RefreshRegistration()
{ {
if (OsInfo.Version.Major < 6) if (OsInfo.Version.Major < 6) return;
return;
Urls.ForEach(RegisterUrl); foreach (var urlAcl in InternalUrls)
{
if (IsRegistered(urlAcl) || urlAcl.Address.Equals("localhost")) continue;
RemoveSimilar(urlAcl);
RegisterUrl(urlAcl);
}
} }
private bool IsRegistered(string urlAcl) private bool IsRegistered(UrlAcl urlAcl)
{
return RegisteredUrls.Any(c => c.Scheme == urlAcl.Scheme &&
c.Address == urlAcl.Address &&
c.Port == urlAcl.Port &&
c.UrlBase == urlAcl.UrlBase);
}
private List<UrlAcl> GetRegisteredUrls()
{ {
var arguments = String.Format("http show urlacl {0}", urlAcl); var arguments = String.Format("http show urlacl");
var output = _netshProvider.Run(arguments); var output = _netshProvider.Run(arguments);
if (output == null || !output.Standard.Any()) return false; if (output == null || !output.Standard.Any()) return new List<UrlAcl>();
return output.Standard.Select(line =>
{
var match = UrlAclRegex.Match(line);
if (match.Success)
{
return new UrlAcl
{
Scheme = match.Groups["scheme"].Value,
Address = match.Groups["address"].Value,
Port = Convert.ToInt32(match.Groups["port"].Value),
UrlBase = match.Groups["urlbase"].Value.Trim()
};
}
return null;
return output.Standard.Any(line => line.Contains(urlAcl)); }).Where(r => r != null).ToList();
} }
private void RegisterUrl(string urlAcl) private void RegisterUrl(UrlAcl urlAcl)
{ {
var arguments = String.Format("http add urlacl {0} sddl=D:(A;;GX;;;S-1-1-0)", urlAcl); var arguments = String.Format("http add urlacl {0} sddl=D:(A;;GX;;;S-1-1-0)", urlAcl.Url);
_netshProvider.Run(arguments); _netshProvider.Run(arguments);
} }
private string BuildUrl(string protocol, string url, int port, string urlBase) private void RemoveSimilar(UrlAcl urlAcl)
{ {
var result = protocol + "://" + url + ":" + port; var similar = RegisteredUrls.Where(c => c.Scheme == urlAcl.Scheme &&
result += String.IsNullOrEmpty(urlBase) ? "/" : urlBase + "/"; InternalUrls.None(x => x.Address == c.Address) &&
c.Port == urlAcl.Port &&
c.UrlBase == urlAcl.UrlBase);
return result; foreach (var s in similar)
{
UnregisterUrl(s);
}
}
private void UnregisterUrl(UrlAcl urlAcl)
{
_logger.Trace("Removing URL ACL {0}", urlAcl.Url);
var arguments = String.Format("http delete urlacl {0}", urlAcl.Url);
_netshProvider.Run(arguments);
} }
private List<String> BuildUrls(string protocol, string url, int port) private List<UrlAcl> BuildUrlAcls(string scheme, string address, int port)
{ {
var urls = new List<String>(); var urlAcls = new List<UrlAcl>();
var urlBase = _configFileProvider.UrlBase; var urlBase = _configFileProvider.UrlBase;
if (!String.IsNullOrEmpty(urlBase)) if (urlBase.IsNotNullOrWhiteSpace())
{ {
urls.Add(BuildUrl(protocol, url, port, urlBase)); urlAcls.Add(new UrlAcl
{
Scheme = scheme,
Address = address,
Port = port,
UrlBase = urlBase.Trim('/') + "/"
});
} }
urls.Add(BuildUrl(protocol, url, port, "")); urlAcls.Add(new UrlAcl
{
Scheme = scheme,
Address = address,
Port = port,
UrlBase = String.Empty
});
return urls; return urlAcls;
} }
} }
} }

@ -101,6 +101,7 @@
</Compile> </Compile>
<Compile Include="AccessControl\FirewallAdapter.cs" /> <Compile Include="AccessControl\FirewallAdapter.cs" />
<Compile Include="AccessControl\NetshProvider.cs" /> <Compile Include="AccessControl\NetshProvider.cs" />
<Compile Include="AccessControl\UrlAcl.cs" />
<Compile Include="AccessControl\SslAdapter.cs" /> <Compile Include="AccessControl\SslAdapter.cs" />
<Compile Include="AccessControl\UrlAclAdapter.cs" /> <Compile Include="AccessControl\UrlAclAdapter.cs" />
<Compile Include="ApplicationModes.cs" /> <Compile Include="ApplicationModes.cs" />

@ -45,7 +45,7 @@ namespace NzbDrone.Host.Owin
} }
} }
_urlAclAdapter.ConfigureUrl(); _urlAclAdapter.ConfigureUrls();
_logger.Info("Listening on the following URLs:"); _logger.Info("Listening on the following URLs:");
foreach (var url in _urlAclAdapter.Urls) foreach (var url in _urlAclAdapter.Urls)

@ -7,6 +7,7 @@
<div class="col-sm-1 col-sm-push-4 help-inline"> <div class="col-sm-1 col-sm-push-4 help-inline">
<i class="icon-nd-form-warning" title="Requires restart to take effect" /> <i class="icon-nd-form-warning" title="Requires restart to take effect" />
<i class="icon-nd-form-info" title="Valid IP4 address or '*' for all interfaces"/>
</div> </div>
<div class="col-sm-4 col-sm-pull-1"> <div class="col-sm-4 col-sm-pull-1">

Loading…
Cancel
Save