Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
Xiph.Org
Icecast-Server
Commits
d317b6fb
Commit
d317b6fb
authored
Sep 13, 2018
by
Philipp Schafft
🦁
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Feature: Added new <role> properties: match-web, nomatch-web, match-admin, and nomatch-admin
parent
6f2c6b8e
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
119 additions
and
0 deletions
+119
-0
src/auth.c
src/auth.c
+102
-0
src/auth.h
src/auth.h
+17
-0
No files found.
src/auth.c
View file @
d317b6fb
...
...
@@ -368,6 +368,7 @@ static void *auth_run_thread (void *arg)
*/
static
void
auth_add_client
(
auth_t
*
auth
,
client_t
*
client
,
void
(
*
on_no_match
)(
client_t
*
client
,
void
(
*
on_result
)(
client_t
*
client
,
void
*
userdata
,
auth_result
result
),
void
*
userdata
),
void
(
*
on_result
)(
client_t
*
client
,
void
*
userdata
,
auth_result
result
),
void
*
userdata
)
{
auth_client
*
auth_user
;
auth_matchtype_t
matchtype
;
ICECAST_LOG_DEBUG
(
"Trying to add client %p to auth %p's (role %s) queue."
,
client
,
auth
,
auth
->
role
);
...
...
@@ -387,6 +388,34 @@ static void auth_add_client(auth_t *auth, client_t *client, void (*on_no_match)(
return
;
}
if
(
client
->
admin_command
==
ADMIN_COMMAND_ERROR
)
{
/* this is a web/ client */
matchtype
=
auth
->
filter_web_policy
;
}
else
{
/* this is a admin/ client */
size_t
i
;
matchtype
=
AUTH_MATCHTYPE_UNUSED
;
for
(
i
=
0
;
i
<
(
sizeof
(
auth
->
filter_admin
)
/
sizeof
(
*
(
auth
->
filter_admin
)));
i
++
)
{
if
(
auth
->
filter_admin
[
i
].
type
!=
AUTH_MATCHTYPE_UNUSED
&&
auth
->
filter_admin
[
i
].
command
==
client
->
admin_command
)
{
matchtype
=
auth
->
filter_admin
[
i
].
type
;
break
;
}
}
if
(
matchtype
==
AUTH_MATCHTYPE_UNUSED
)
matchtype
=
auth
->
filter_admin_policy
;
}
if
(
matchtype
==
AUTH_MATCHTYPE_NOMATCH
)
{
if
(
on_no_match
)
{
on_no_match
(
client
,
on_result
,
userdata
);
}
else
if
(
on_result
)
{
on_result
(
client
,
userdata
,
AUTH_NOMATCH
);
}
return
;
}
auth_release
(
client
->
auth
);
auth_addref
(
client
->
auth
=
auth
);
auth_user
=
auth_client_setup
(
client
);
...
...
@@ -472,13 +501,56 @@ static int get_authenticator (auth_t *auth, config_options_t *options)
}
static
inline
void
auth_get_authenticator__filter_admin
(
auth_t
*
auth
,
xmlNodePtr
node
,
size_t
*
filter_admin_index
,
const
char
*
name
,
auth_matchtype_t
matchtype
)
{
char
*
tmp
=
(
char
*
)
xmlGetProp
(
node
,
XMLSTR
(
name
));
if
(
tmp
)
{
char
*
cur
=
tmp
;
char
*
next
;
while
(
cur
)
{
next
=
strstr
(
cur
,
","
);
if
(
next
)
{
*
next
=
0
;
next
++
;
for
(;
*
next
==
' '
;
next
++
);
}
if
(
*
filter_admin_index
<
(
sizeof
(
auth
->
filter_admin
)
/
sizeof
(
*
(
auth
->
filter_admin
))))
{
auth
->
filter_admin
[
*
filter_admin_index
].
command
=
admin_get_command
(
cur
);
switch
(
auth
->
filter_admin
[
*
filter_admin_index
].
command
)
{
case
ADMIN_COMMAND_ERROR
:
ICECAST_LOG_ERROR
(
"Can not add unknown %s command to role."
,
name
);
break
;
case
ADMIN_COMMAND_ANY
:
auth
->
filter_admin_policy
=
matchtype
;
break
;
default:
auth
->
filter_admin
[
*
filter_admin_index
].
type
=
matchtype
;
(
*
filter_admin_index
)
++
;
break
;
}
}
else
{
ICECAST_LOG_ERROR
(
"Can not add more %s commands to role."
,
name
);
}
cur
=
next
;
}
free
(
tmp
);
}
}
auth_t
*
auth_get_authenticator
(
xmlNodePtr
node
)
{
auth_t
*
auth
=
calloc
(
1
,
sizeof
(
auth_t
));
config_options_t
*
options
=
NULL
,
**
next_option
=
&
options
;
xmlNodePtr
option
;
char
*
method
;
char
*
tmp
;
size_t
i
;
size_t
filter_admin_index
=
0
;
if
(
auth
==
NULL
)
return
NULL
;
...
...
@@ -489,6 +561,13 @@ auth_t *auth_get_authenticator(xmlNodePtr node)
auth
->
type
=
(
char
*
)
xmlGetProp
(
node
,
XMLSTR
(
"type"
));
auth
->
role
=
(
char
*
)
xmlGetProp
(
node
,
XMLSTR
(
"name"
));
auth
->
management_url
=
(
char
*
)
xmlGetProp
(
node
,
XMLSTR
(
"management-url"
));
auth
->
filter_web_policy
=
AUTH_MATCHTYPE_MATCH
;
auth
->
filter_admin_policy
=
AUTH_MATCHTYPE_MATCH
;
for
(
i
=
0
;
i
<
(
sizeof
(
auth
->
filter_admin
)
/
sizeof
(
*
(
auth
->
filter_admin
)));
i
++
)
{
auth
->
filter_admin
[
i
].
type
=
AUTH_MATCHTYPE_UNUSED
;
auth
->
filter_admin
[
i
].
command
=
ADMIN_COMMAND_ERROR
;
}
if
(
!
auth
->
type
)
{
auth_release
(
auth
);
...
...
@@ -535,6 +614,29 @@ auth_t *auth_get_authenticator(xmlNodePtr node)
auth
->
method
[
i
]
=
1
;
}
tmp
=
(
char
*
)
xmlGetProp
(
node
,
XMLSTR
(
"match-web"
));
if
(
tmp
)
{
if
(
strcmp
(
tmp
,
"*"
)
==
0
)
{
auth
->
filter_web_policy
=
AUTH_MATCHTYPE_MATCH
;
}
else
{
auth
->
filter_web_policy
=
AUTH_MATCHTYPE_NOMATCH
;
}
free
(
tmp
);
}
tmp
=
(
char
*
)
xmlGetProp
(
node
,
XMLSTR
(
"nomatch-web"
));
if
(
tmp
)
{
if
(
strcmp
(
tmp
,
"*"
)
==
0
)
{
auth
->
filter_web_policy
=
AUTH_MATCHTYPE_NOMATCH
;
}
else
{
auth
->
filter_web_policy
=
AUTH_MATCHTYPE_MATCH
;
}
free
(
tmp
);
}
auth_get_authenticator__filter_admin
(
auth
,
node
,
&
filter_admin_index
,
"match-admin"
,
AUTH_MATCHTYPE_MATCH
);
auth_get_authenticator__filter_admin
(
auth
,
node
,
&
filter_admin_index
,
"nomatch-admin"
,
AUTH_MATCHTYPE_NOMATCH
);
/* BEFORE RELEASE 2.5.0 TODO: Migrate this to config_parse_options(). */
option
=
node
->
xmlChildrenNode
;
while
(
option
)
...
...
src/auth.h
View file @
d317b6fb
...
...
@@ -34,6 +34,8 @@
#define AUTH_TYPE_URL "url"
#define AUTH_TYPE_HTPASSWD "htpasswd"
#define MAX_ADMIN_COMMANDS 32
typedef
enum
{
/* XXX: ??? */
...
...
@@ -54,6 +56,15 @@ typedef enum
AUTH_USERDELETED
}
auth_result
;
typedef
enum
{
/* The slot is not used */
AUTH_MATCHTYPE_UNUSED
,
/* Match on this slot */
AUTH_MATCHTYPE_MATCH
,
/* Do not match on this slot */
AUTH_MATCHTYPE_NOMATCH
}
auth_matchtype_t
;
typedef
struct
auth_client_tag
{
client_t
*
client
;
...
...
@@ -77,6 +88,12 @@ struct auth_tag
/* filters */
int
method
[
httpp_req_unknown
+
1
];
auth_matchtype_t
filter_web_policy
;
auth_matchtype_t
filter_admin_policy
;
struct
{
auth_matchtype_t
type
;
admin_command_id_t
command
;
}
filter_admin
[
MAX_ADMIN_COMMANDS
];
/* whether authenticate_client() and release_client() will return immediate.
* Setting this will result in no thread being started for this.
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment