1
0
Fork 0
mirror of git://git.psyced.org/git/psyced synced 2024-08-15 03:25:10 +00:00

fake redirection by iframe...

This commit is contained in:
psyc://loupsycedyglgamf.onion/~lynX 2020-10-23 13:22:39 +02:00
parent 5c859e6fef
commit 0a7f208a72
6 changed files with 114 additions and 35 deletions

View file

@ -1,5 +1,5 @@
// this place is configured in a suitable way for receiving // this place is configured in a suitable way for receiving
// syslog events from the syslog2psyc tool in perlpsyc // tor router events from the remotor tool in perlpsyc
// //
#include <net.h> #include <net.h>

View file

@ -24,18 +24,16 @@ varargs http_error(string prot, int code, string comment, string html) {
P2(("hterror(%O,%O,%O,%O) in %O\n", prot,code,comment,html, ME)) P2(("hterror(%O,%O,%O,%O) in %O\n", prot,code,comment,html, ME))
#if defined(T) #if defined(T)
// use the textdb if available // use the textdb if available
out = psyctext( T("_PAGES_error", out = psyctext( T("_PAGES_error", "<title>Error [_code]</title><body><h1 id='code'>[_code]</h1><div id='comment'>[_comment]</div>"),
"<html><title id='code'>[_code]</title>\n"
"<body><h1 id='comment'>[_comment]</h1></body></html>\n"),
([ "_comment": comment, "_code": code ]) ); ([ "_comment": comment, "_code": code ]) );
#else #else
// use some hardcoded defaults // use some hardcoded defaults
out = "<body text=white bgcolor=black link=green vlink=green>\n"; out = "<body text='white' bgcolor='black' link='green' vlink='green'>\n";
if (html) out = sprintf("<title>%s</title>\n%s%s", comment, out, html); if (html) out = sprintf("<title>%s</title>\n%s%s", comment, out, html);
else out = sprintf("\ else out = sprintf("\
<title>error %d</title>\n\ <title>Error %d</title>\n\
%s\n\ %s\n\
<table width=\"100%%\" height=\"90%%\"><tr><th><h1><br>\n\n\ <table width=\"100%%\" height=\"90%%\"><tr><th><h1><br/>\n\n\
%s\n\n\ %s\n\n\
</h1></th></tr></table>\n\ </h1></th></tr></table>\n\
", ",

View file

@ -95,12 +95,19 @@ varargs string htredirect(string prot, string target, string comment, int perman
printf("%s %d %s\n%s", HTTP_SVERS, printf("%s %d %s\n%s", HTTP_SVERS,
permanent ? R_MOVED : R_FOUND, comment, htheaders()); permanent ? R_MOVED : R_FOUND, comment, htheaders());
} }
// this page might actually be visible
// if content-disposition: attachment is given
// or redirects are otherwise intercepted by plugin
// so a proper _PAGES form could be appropriate
printf("\ printf("\
Location: %s\n%s\ Location: %s\n%s\
\n\ \n\
<a href=\"%s\">%s</a>.\n\ <title>%s</title>\n\
", <body bgcolor='black' text='white' link='red' vlink='red'>\n\
target, extra, target, comment); %s\n",
// exposing the link to end-user may not be intended:
// <a href=\"%s\">%s</a>.
target, extra, comment, comment);
return 0; return 0;
} }

View file

@ -18,6 +18,10 @@
#include <status.h> #include <status.h>
#include <uniform.h> #include <uniform.h>
#ifndef HT_LOGO
# define HT_LOGO DEFAULT_HT_LOGO
#endif
#ifdef BRAIN #ifdef BRAIN
# ifdef SLAVE # ifdef SLAVE
@ -610,8 +614,9 @@ htget(prot, query, headers, qs) {
} }
#endif #endif
#ifdef CHALLENGE_MATCH #ifdef CHALLENGE_QUESTION // should make media player etc work also w/o challenge FIXME
#include <sys/regexp.h> #include <sys/regexp.h>
#include "ht/http.h"
#define CHALOG(verb) log_file("CHALLENGE", "%s %s %O A:%O P:%O C:%O\n", \ #define CHALOG(verb) log_file("CHALLENGE", "%s %s %O A:%O P:%O C:%O\n", \
MYNICK, verb, query_ip_name(), \ MYNICK, verb, query_ip_name(), \
@ -619,14 +624,47 @@ htget(prot, query, headers, qs) {
// maybe this all belongs into archetype.gen.. chesmo! // maybe this all belongs into archetype.gen.. chesmo!
htget(prot, query, headers, qs, data, noprocess) { htget(prot, query, headers, qs, data, noprocess) {
string item = headers[item] || "/@"+ MYNICK; if (probably_private(this_interactive()) <= PRIVACY_SURVEILLED) {
if (stringp(headers["cookie"]) && regmatch(headers["cookie"], hterror(prot, R_PAYMENTREQ, "To protect against abuse in this nasty world this function needs 'https' instead of 'http'.");
"challenge=complete&answer="+ md5(CHALLENGE_MATCH))) { htnotify(query, headers, "_challenge_disabled_encryption",
"[_nick_place] sees no TLS by [_web_on] from [_web_from].");
return 0;
}
string item = "/@"+ MYNICK;
if (
# ifdef CHALLENGE_AGENT
stringp(headers["user-agent"]) &&
regmatch(lower_case(headers["user-agent"]), CHALLENGE_AGENT)
# else
# ifdef CHALLENGE_ACCOUNTS
# define CHALLENGE_CHECK CHALLENGE_ACCOUNTS
# else
# ifdef CHALLENGE_MATCH
# define CHALLENGE_CHECK CHALLENGE_MATCH
# endif
# endif
stringp(headers["cookie"]) && regmatch(headers["cookie"],
"challenge=complete&answer="+ md5(CHALLENGE_CHECK))
# endif
) {
CHALOG("completes"); CHALOG("completes");
htnotify(query, headers, "_accomplished_web", htnotify(query, headers, "_challenge_accomplished_web",
"Challenge accomplished in [_nick_place] by [_web_on] coming from [_web_from]."); "Challenge accomplished in [_nick_place] by [_web_on] coming from [_web_from].");
# ifdef CHALLENGE_REDIRECT # ifdef CHALLENGE_REDIRECT
return htredirect(prot, CHALLENGE_REDIRECT, "There you go", 0, "Set-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n"); # ifdef CHALLENGE_REDIRECT_TITLE
# ifdef CHALLENGE_QUESTION
htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
# else
htok();
# endif
w("_PAGES_frame_redirect", 0,
([ "_uniform_page" : CHALLENGE_REDIRECT,
"_title_page" : CHALLENGE_REDIRECT_TITLE,
"_nick_place" : MYNICK ]) );
return 1;
# else
return htredirect(prot, CHALLENGE_REDIRECT, "Download or redirect initiated", 0, "Content-Disposition: attachment\nSet-Cookie: psycplace=\"challenge=done\"; Path="+ item +"; Secure; Max-Age=9\n");
# endif
# else # else
# ifdef HTGET # ifdef HTGET
// you may want to output a player iframe instead of a redirect... // you may want to output a player iframe instead of a redirect...
@ -636,33 +674,66 @@ htget(prot, query, headers, qs, data, noprocess) {
# endif # endif
# endif # endif
} }
if (stringp(query["answer"]) && headers["cookie"] && # if defined(CHALLENGE_MATCH) || defined(CHALLENGE_ACCOUNTS)
regmatch(headers["cookie"], "challenge=given") && if (stringp(query["answer"])) {
regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)) { unless (headers["cookie"]) {
// lazy me could have used referer here ;) CHALOG("disabled");
string nu = stringp(query["parameters"]) && hterror(prot, R_PAYMENTREQ, "To protect against abuse in this nasty world this function needs just temporarily enabled cookies. There are no de-anonymizing purposes involved. Or did you just lowercase my name in the URL?");
strlen(query["parameters"]) ? htnotify(query, headers, "_challenge_disabled_web",
item +"?"+ query["parameters"] : item; "[_nick_place] sees no cookies by [_web_on] from [_web_from].");
CHALOG("reloads");
htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_MATCH) +"\"; Path="+ item +"; Secure; Max-Age=99\n");
return 1; return 1;
} }
string acct;
if (regmatch(headers["cookie"], "challenge=given")) {
if (query["answer"] &&
# ifdef CHALLENGE_ACCOUNTS
(acct = CHALLENGE_ACCOUNTS->consult(query["answer"]))
# else
regmatch(lower_case(query["answer"]), CHALLENGE_MATCH)
# endif
) {
// lazy me could have used referer here ;)
string nu = stringp(query["parameters"]) &&
strlen(query["parameters"]) &&
query["parameters"] != "0" ?
item +"?"+ query["parameters"] : item;
CHALOG(acct? ("authenticates as "+ acct): "reloads");
htredirect(prot, nu, "Reload, please", 0, "Set-Cookie: psycplace=\"challenge=complete&answer="+ md5(CHALLENGE_CHECK) +"\"; Path="+ item +"; Secure; Max-Age=99\n");
if (acct) htnotify(query, headers, "_challenge_authenticated_web",
"[_web_on] authenticated for [_nick_place] coming from [_web_from].", acct);
return 1;
} else {
CHALOG("fails");
htnotify(query, headers, "_challenge_failed_web",
"[_nick_place] sees [_web_on] from [_web_from] fail the challenge.");
}
}
} else
# endif
{
CHALOG("challenges");
htnotify(query, headers, "_challenge_presented_web",
"[_nick_place] challenges [_web_on] coming from [_web_from].");
// (query [_web_query], cookie [_web_cookie]).");
}
// If you have trouble reloading the HTML template
// look out for both 'ht' and 'html' textdbs!
sTextPath(query["layout"], query["lang"], "html"); sTextPath(query["layout"], query["lang"], "html");
// using a non-psyced cookie here so that you can't construct a // using a non-psyced cookie here so that you can't construct a
// url that allows other people to bypass the challenge. // url that allows other people to bypass the challenge.
// could add a timeout here...
htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=given\"; Path="+ item +"; Secure; Max-Age=999\n"); htok3(prot, 0, "Set-Cookie: psycplace=\"challenge=given\"; Path="+ item +"; Secure; Max-Age=999\n");
CHALOG("challenges"); # ifndef CHALLENGE_REDIRECT_TITLE
# define CHALLENGE_REDIRECT_TITLE "Challenge for " MYNICK
# endif
w("_PAGES_group_challenge", 0, w("_PAGES_group_challenge", 0,
([ "_challenge" : htquote(CHALLENGE_QUESTION), ([ "_challenge" : htquote(CHALLENGE_QUESTION),
// if the user failed the challenge, // if the user failed the challenge,
// we maintain the original qs for next attempt: // we maintain the original qs for next attempt:
"_parameters" : query["parameters"] || qs, "_parameters" : query["parameters"] || qs,
"_uniform_logo" : HT_LOGO,
"_title_page" : CHALLENGE_REDIRECT_TITLE,
"_nick_place" : MYNICK ]) ); "_nick_place" : MYNICK ]) );
// printf("%O vs %O\n", query, headers); // printf("%O vs %O\n", query, headers);
htnotify(query, headers, "_challenged_web",
"[_nick_place] challenges [_web_on] coming from [_web_from].");
// (query [_web_query], cookie [_web_cookie]).");
return 1; return 1;
} }
#endif #endif

View file

@ -191,7 +191,7 @@ jabberMsg(XMLNode node) {
// super dirty.. this should all be in textdb // super dirty.. this should all be in textdb
packet = sprintf("<iq type='result' id='%s'>" packet = sprintf("<iq type='result' id='%s'>"
"<query xmlns='jabber:iq:register'/>" "<query xmlns='jabber:iq:register'/>"
"<error code='501>Registration by XMPP not permitted.</error></iq>", "<error code='501'>Registration by XMPP not permitted.</error></iq>",
id); id);
#else #else
packet = sprintf("<iq type='result' id='%s'>" packet = sprintf("<iq type='result' id='%s'>"
@ -235,7 +235,10 @@ jabberMsg(XMLNode node) {
// QUIT // QUIT
} else { } else {
#if defined(_flag_disable_unauthenticated_users_XMPP) || defined(_flag_disable_registration_XMPP) #if defined(_flag_disable_unauthenticated_users_XMPP) || defined(_flag_disable_registration_XMPP)
// TODO: generate some error as above emit(sprintf("<iq type='result' id='%s'>"
"<query xmlns='jabber:iq:register'/>"
"<error code='501'>Registration by XMPP not permitted.</error></iq>",
id));
#else #else
user -> vSet("password", t[Cdata]); user -> vSet("password", t[Cdata]);
if (t = helper["/email"]) { if (t = helper["/email"]) {

View file

@ -474,7 +474,7 @@ _request_set_topic(source, mc, data, vars, b) {
#if HAS_PORT(HTTP_PORT, HTTP_PATH) || HAS_PORT(HTTPS_PORT, HTTP_PATH) #if HAS_PORT(HTTP_PORT, HTTP_PATH) || HAS_PORT(HTTPS_PORT, HTTP_PATH)
// for GDPR compliance server owners are expected not to log these messages // for GDPR compliance server owners are expected not to log these messages
htnotify(query, headers, mc, fmt) { htnotify(query, headers, mc, fmt, acct) {
if (query["from"] == "") query["from"] = 0; if (query["from"] == "") query["from"] = 0;
if (query["location"] == "") query["location"] = 0; if (query["location"] == "") query["location"] = 0;
@ -484,7 +484,7 @@ htnotify(query, headers, mc, fmt) {
([ "_web_referrer" : query["from"] || "bookmark", ([ "_web_referrer" : query["from"] || "bookmark",
"_web_page" : query["location"] || headers["referer"] || "", "_web_page" : query["location"] || headers["referer"] || "",
"_web_browser" : headers["user-agent"] || "", "_web_browser" : headers["user-agent"] || "",
"_web_on" : query["location"] || headers["referer"] || "_web_on" : acct || query["location"] || headers["referer"] ||
headers["user-agent"] || "", headers["user-agent"] || "",
"_web_from" : query["from"] || "_web_from" : query["from"] ||
query_ip_name(this_interactive()) || query_ip_name(this_interactive()) ||