Commit e43fd645 authored by Philipp Schafft's avatar Philipp Schafft 🦁

Feature: Support names for ACLs

Closes: #2347
parent 726bef6d
Pipeline #2195 canceled with stage
......@@ -27,6 +27,9 @@ struct acl_tag {
/* reference counter */
size_t refcount;
/* name, may be NULL if name was given in config */
char *name;
/* allowed methods */
acl_policy_t method[httpp_req_unknown+1];
......@@ -131,6 +134,8 @@ acl_t *acl_new_from_xml_node(xmlNodePtr node)
if (!ret)
return NULL;
ret->name = (char*)xmlGetProp(node, XMLSTR("name"));
prop = node->properties;
while (prop) {
tmp = (char*)xmlGetProp(node, prop->name);
......@@ -234,9 +239,19 @@ void acl_release(acl_t * acl)
config_clear_http_header(acl->http_headers);
if (acl->name)
xmlFree(acl->name);
free(acl);
}
const char *acl_get_name(acl_t * acl)
{
if (!acl)
return NULL;
return acl->name;
}
/* HTTP Method specific functions */
int acl_set_method_str__callback(acl_t *acl,
acl_policy_t policy,
......
......@@ -38,6 +38,8 @@ acl_t * acl_new_from_xml_node(xmlNodePtr node);
void acl_addref(acl_t * acl);
void acl_release(acl_t * acl);
const char *acl_get_name(acl_t * acl);
/* special functions */
int acl_set_ANY_str(acl_t * acl, acl_policy_t policy, const char * str, int (*callback)(acl_t *, acl_policy_t, const char *));
......
......@@ -784,6 +784,9 @@ static inline xmlNodePtr __add_listener(client_t *client,
if (client->role)
xmlNewTextChild(node, NULL, XMLSTR("role"), XMLSTR(client->role));
if (client->acl && acl_get_name(client->acl))
xmlNewTextChild(node, NULL, XMLSTR("acl"), XMLSTR(acl_get_name(client->acl)));
xmlNewTextChild(node, NULL, XMLSTR("tls"), XMLSTR(client->con->tls ? "true" : "false"));
xmlNewTextChild(node, NULL, XMLSTR("protocol"), XMLSTR(client_protocol_to_string(client->protocol)));
......
......@@ -898,10 +898,10 @@ static void _handle_source_request(client_t *client)
{
const char *method = httpp_getvar(client->parser, HTTPP_VAR_REQ_TYPE);
ICECAST_LOG_INFO("Source logging in at mountpoint \"%s\" using %s%H%s from %s as role %s",
ICECAST_LOG_INFO("Source logging in at mountpoint \"%s\" using %s%H%s from %s as role %s with acl %s",
client->uri,
((method) ? "\"" : "<"), ((method) ? method : "unknown"), ((method) ? "\"" : ">"),
client->con->ip, client->role);
client->con->ip, client->role, acl_get_name(client->acl));
if (client->parser && client->parser->req_type == httpp_req_source) {
ICECAST_LOG_DEBUG("Source at mountpoint \"%s\" connected using deprecated SOURCE method.", client->uri);
......@@ -1339,7 +1339,7 @@ static void _handle_authed_client(client_t *client, void *userdata, auth_result
}
if (acl_test_method(client->acl, client->parser->req_type) != ACL_POLICY_ALLOW) {
ICECAST_LOG_ERROR("Client (role=%s, username=%s) not allowed to use this request method on %H", client->role, client->username, client->uri);
ICECAST_LOG_ERROR("Client (role=%s, acl=%s, username=%s) not allowed to use this request method on %H", client->role, acl_get_name(client->acl), client->username, client->uri);
client_send_error_by_id(client, ICECAST_ERROR_GEN_CLIENT_NEEDS_TO_AUTHENTICATE);
return;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment