Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
Xiph.Org
Icecast-Server
Commits
cb329735
Commit
cb329735
authored
Sep 14, 2018
by
Philipp Schafft
🦁
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Feature: Added permission system for auth backends altering clients
parent
bb2ba6e8
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
60 additions
and
1 deletion
+60
-1
src/auth.c
src/auth.c
+57
-1
src/auth.h
src/auth.h
+3
-0
No files found.
src/auth.c
View file @
cb329735
...
...
@@ -638,6 +638,52 @@ static inline int auth_get_authenticator__filter_method(auth_t *auth, xmlNodePtr
return
0
;
}
static
inline
int
auth_get_authenticator__permission_alter
(
auth_t
*
auth
,
xmlNodePtr
node
,
const
char
*
name
,
auth_matchtype_t
matchtype
)
{
char
*
tmp
=
(
char
*
)
xmlGetProp
(
node
,
XMLSTR
(
name
));
if
(
tmp
)
{
char
*
cur
=
tmp
;
while
(
cur
)
{
char
*
next
=
strstr
(
cur
,
","
);
auth_alter_t
idx
;
if
(
next
)
{
*
next
=
0
;
next
++
;
for
(;
*
next
==
' '
;
next
++
);
}
if
(
strcmp
(
cur
,
"*"
)
==
0
)
{
size_t
i
;
for
(
i
=
0
;
i
<
(
sizeof
(
auth
->
permission_alter
)
/
sizeof
(
*
(
auth
->
permission_alter
)));
i
++
)
auth
->
permission_alter
[
i
]
=
matchtype
;
break
;
}
idx
=
auth_str2alter
(
cur
);
if
(
idx
==
AUTH_ALTER_NOOP
)
{
ICECAST_LOG_ERROR
(
"Can not add unknown alter action
\"
%H
\"
to role's %s"
,
cur
,
name
);
return
-
1
;
}
else
if
(
idx
==
AUTH_ALTER_REDIRECT
)
{
auth
->
permission_alter
[
AUTH_ALTER_REDIRECT
]
=
matchtype
;
auth
->
permission_alter
[
AUTH_ALTER_REDIRECT_SEE_OTHER
]
=
matchtype
;
auth
->
permission_alter
[
AUTH_ALTER_REDIRECT_TEMPORARY
]
=
matchtype
;
auth
->
permission_alter
[
AUTH_ALTER_REDIRECT_PERMANENT
]
=
matchtype
;
}
else
{
auth
->
permission_alter
[
idx
]
=
matchtype
;
}
cur
=
next
;
}
free
(
tmp
);
}
return
0
;
}
auth_t
*
auth_get_authenticator
(
xmlNodePtr
node
)
{
auth_t
*
auth
=
calloc
(
1
,
sizeof
(
auth_t
));
...
...
@@ -665,6 +711,9 @@ auth_t *auth_get_authenticator(xmlNodePtr node)
auth
->
filter_admin
[
i
].
command
=
ADMIN_COMMAND_ERROR
;
}
for
(
i
=
0
;
i
<
(
sizeof
(
auth
->
permission_alter
)
/
sizeof
(
*
(
auth
->
permission_alter
)));
i
++
)
auth
->
permission_alter
[
i
]
=
AUTH_MATCHTYPE_NOMATCH
;
if
(
!
auth
->
type
)
{
auth_release
(
auth
);
return
NULL
;
...
...
@@ -736,6 +785,9 @@ auth_t *auth_get_authenticator(xmlNodePtr node)
auth_get_authenticator__filter_admin
(
auth
,
node
,
&
filter_admin_index
,
"match-admin"
,
AUTH_MATCHTYPE_MATCH
);
auth_get_authenticator__filter_admin
(
auth
,
node
,
&
filter_admin_index
,
"nomatch-admin"
,
AUTH_MATCHTYPE_NOMATCH
);
auth_get_authenticator__permission_alter
(
auth
,
node
,
"may-alter"
,
AUTH_MATCHTYPE_MATCH
);
auth_get_authenticator__permission_alter
(
auth
,
node
,
"may-not-alter"
,
AUTH_MATCHTYPE_NOMATCH
);
/* BEFORE RELEASE 2.5.0 TODO: Migrate this to config_parse_options(). */
option
=
node
->
xmlChildrenNode
;
while
(
option
)
...
...
@@ -804,7 +856,11 @@ int auth_alter_client(auth_t *auth, auth_client *auth_user, auth_alter_t action,
if
(
!
auth
||
!
auth_user
||
!
arg
)
return
-
1
;
/* TODO: check if auth backend has the permission for this operation */
if
(
action
<
0
||
action
>=
(
sizeof
(
auth
->
permission_alter
)
/
sizeof
(
*
(
auth
->
permission_alter
))))
return
-
1
;
if
(
auth
->
permission_alter
[
action
]
!=
AUTH_MATCHTYPE_MATCH
)
return
-
1
;
if
(
replace_string
(
&
(
auth_user
->
alter_client_arg
),
arg
)
!=
0
)
return
-
1
;
...
...
src/auth.h
View file @
cb329735
...
...
@@ -114,6 +114,9 @@ struct auth_tag
admin_command_id_t
command
;
}
filter_admin
[
MAX_ADMIN_COMMANDS
];
/* permissions */
auth_matchtype_t
permission_alter
[
AUTH_ALTER_SEND_ERROR
+
1
];
/* whether authenticate_client() and release_client() will return immediate.
* Setting this will result in no thread being started for this.
*/
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment