From 48495f41e898498a91a1b3d9e8fa1950e60a12de Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 22 Jan 2016 02:22:27 -0800 Subject: provide mechanism for custom .well-known handlers and static files (e.g. for letsencypt ownership verification). Document that if you create a .well-known directory to validate a letsencrypt cert you need to remove it before installing hubzilla. We probably need a check for this in the install checklist. --- mod/_well_known.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'mod/_well_known.php') diff --git a/mod/_well_known.php b/mod/_well_known.php index d88bc2391..58ed13ece 100644 --- a/mod/_well_known.php +++ b/mod/_well_known.php @@ -33,6 +33,19 @@ function _well_known_init(&$a){ break; default: + // look in $WEBROOT/well_known for the requested file in case it is + // something a site requires and for which we do not have a module + + // @fixme - we may need to determine the content-type and stick it in the header + // for now this can be done with a php script masquerading as the requested file + + $wk_file = str_replace('.well-known','well_known',$a->cmd); + if(file_exists($wk_file)) { + echo file_get_contents($wk_file); + killme(); + } + elseif(file_exists($wk_file . '.php')) + require_once($wk_file . '.php'); break; } -- cgit v1.2.3 From c214692f661488df30eaf00ca85da94a5ecc1e14 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 28 Jan 2016 17:06:13 -0800 Subject: add peer filtering to all .well-known services --- mod/_well_known.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'mod/_well_known.php') diff --git a/mod/_well_known.php b/mod/_well_known.php index 58ed13ece..47cfe1512 100644 --- a/mod/_well_known.php +++ b/mod/_well_known.php @@ -7,6 +7,22 @@ function _well_known_init(&$a){ $arr = array('server' => $_SERVER, 'request' => $_REQUEST); call_hooks('well_known', $arr); + + if(! check_siteallowed($_SERVER['REMOTE_ADDR'])) { + logger('well_known: site not allowed. ' . $_SERVER['REMOTE_ADDR']); + killme(); + } + + // from php.net re: REMOTE_HOST: + // Note: Your web server must be configured to create this variable. For example in Apache + // you'll need HostnameLookups On inside httpd.conf for it to exist. See also gethostbyaddr(). + + if(get_config('system','siteallowed_remote_host') && (! check_siteallowed($_SERVER['REMOTE_HOST']))) { + logger('well_known: site not allowed. ' . $_SERVER['REMOTE_HOST']); + killme(); + } + + switch(argv(1)) { case 'zot-info': $a->argc -= 1; -- cgit v1.2.3 From be99c7fe12cc68bba1716a0b708bb171cfd223e6 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 8 Feb 2016 13:57:40 -0800 Subject: sort out the well-known acme-challenge mess - at least on apache --- mod/_well_known.php | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) (limited to 'mod/_well_known.php') diff --git a/mod/_well_known.php b/mod/_well_known.php index 47cfe1512..46714deaa 100644 --- a/mod/_well_known.php +++ b/mod/_well_known.php @@ -49,19 +49,12 @@ function _well_known_init(&$a){ break; default: - // look in $WEBROOT/well_known for the requested file in case it is - // something a site requires and for which we do not have a module - - // @fixme - we may need to determine the content-type and stick it in the header - // for now this can be done with a php script masquerading as the requested file - - $wk_file = str_replace('.well-known','well_known',$a->cmd); - if(file_exists($wk_file)) { - echo file_get_contents($wk_file); + if(file_exists($a->cmd)) { + echo file_get_contents($a->cmd); killme(); } - elseif(file_exists($wk_file . '.php')) - require_once($wk_file . '.php'); + elseif(file_exists($a->cmd . '.php')) + require_once($a->cmd . '.php'); break; } -- cgit v1.2.3 From d96e985be0b316019fa26340a60c7247baa1090e Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 8 Feb 2016 14:06:44 -0800 Subject: Revert "sort out the well-known acme-challenge mess - at least on apache" This reverts commit be99c7fe12cc68bba1716a0b708bb171cfd223e6. --- mod/_well_known.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'mod/_well_known.php') diff --git a/mod/_well_known.php b/mod/_well_known.php index 46714deaa..47cfe1512 100644 --- a/mod/_well_known.php +++ b/mod/_well_known.php @@ -49,12 +49,19 @@ function _well_known_init(&$a){ break; default: - if(file_exists($a->cmd)) { - echo file_get_contents($a->cmd); + // look in $WEBROOT/well_known for the requested file in case it is + // something a site requires and for which we do not have a module + + // @fixme - we may need to determine the content-type and stick it in the header + // for now this can be done with a php script masquerading as the requested file + + $wk_file = str_replace('.well-known','well_known',$a->cmd); + if(file_exists($wk_file)) { + echo file_get_contents($wk_file); killme(); } - elseif(file_exists($a->cmd . '.php')) - require_once($a->cmd . '.php'); + elseif(file_exists($wk_file . '.php')) + require_once($wk_file . '.php'); break; } -- cgit v1.2.3 From 90fd23e0cd1fe3b6d3471411f650b9b276473c68 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Mon, 8 Feb 2016 14:19:49 -0800 Subject: try that patch again --- mod/_well_known.php | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) (limited to 'mod/_well_known.php') diff --git a/mod/_well_known.php b/mod/_well_known.php index 47cfe1512..46714deaa 100644 --- a/mod/_well_known.php +++ b/mod/_well_known.php @@ -49,19 +49,12 @@ function _well_known_init(&$a){ break; default: - // look in $WEBROOT/well_known for the requested file in case it is - // something a site requires and for which we do not have a module - - // @fixme - we may need to determine the content-type and stick it in the header - // for now this can be done with a php script masquerading as the requested file - - $wk_file = str_replace('.well-known','well_known',$a->cmd); - if(file_exists($wk_file)) { - echo file_get_contents($wk_file); + if(file_exists($a->cmd)) { + echo file_get_contents($a->cmd); killme(); } - elseif(file_exists($wk_file . '.php')) - require_once($wk_file . '.php'); + elseif(file_exists($a->cmd . '.php')) + require_once($a->cmd . '.php'); break; } -- cgit v1.2.3 From 9abd95fad3784a10fc48bc40f9b8a75d7d74edda Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 31 Mar 2016 16:06:03 -0700 Subject: static App --- mod/_well_known.php | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'mod/_well_known.php') diff --git a/mod/_well_known.php b/mod/_well_known.php index 46714deaa..23d79bb1d 100644 --- a/mod/_well_known.php +++ b/mod/_well_known.php @@ -25,36 +25,36 @@ function _well_known_init(&$a){ switch(argv(1)) { case 'zot-info': - $a->argc -= 1; - array_shift($a->argv); - $a->argv[0] = 'zfinger'; + App::$argc -= 1; + array_shift(App::$argv); + App::$argv[0] = 'zfinger'; require_once('mod/zfinger.php'); zfinger_init($a); break; case 'webfinger': - $a->argc -= 1; - array_shift($a->argv); - $a->argv[0] = 'wfinger'; + App::$argc -= 1; + array_shift(App::$argv); + App::$argv[0] = 'wfinger'; require_once('mod/wfinger.php'); wfinger_init($a); break; case 'host-meta': - $a->argc -= 1; - array_shift($a->argv); - $a->argv[0] = 'hostxrd'; + App::$argc -= 1; + array_shift(App::$argv); + App::$argv[0] = 'hostxrd'; require_once('mod/hostxrd.php'); hostxrd_init($a); break; default: - if(file_exists($a->cmd)) { - echo file_get_contents($a->cmd); + if(file_exists(App::$cmd)) { + echo file_get_contents(App::$cmd); killme(); } - elseif(file_exists($a->cmd . '.php')) - require_once($a->cmd . '.php'); + elseif(file_exists(App::$cmd . '.php')) + require_once(App::$cmd . '.php'); break; } -- cgit v1.2.3