Commit b55bae03 authored by Philipp Schafft's avatar Philipp Schafft 🦁

Update: Improved matchfile API

This adds support for allow-deny kind of rules with the matchfile API.

See: #2119
parent d24dda61
......@@ -274,28 +274,6 @@ static int connection_send(connection_t *con, const void *buf, size_t len)
return bytes;
}
/* return 0 if the passed ip address is not to be handled by icecast, non-zero otherwise */
static int accept_ip_address(char *ip) {
if (matchfile_match(banned_ip, ip) > 0) {
ICECAST_LOG_DEBUG("%s is banned", ip);
return 0;
}
if (matchfile_match(allowed_ip, ip) > 0) {
ICECAST_LOG_DEBUG("%s is allowed", ip);
return 1;
} else if (allowed_ip) {
/* we are not on allow list but there is one, so reject */
ICECAST_LOG_DEBUG("%s is not allowed", ip);
return 0;
}
/* default: allow */
return 1;
}
connection_t *connection_create (sock_t sock, sock_t serversock, char *ip)
{
connection_t *con;
......@@ -429,8 +407,8 @@ static connection_t *_accept_connection(int duration)
if (strncmp(ip, "::ffff:", 7) == 0)
memmove(ip, ip+7, strlen (ip+7)+1);
if (accept_ip_address(ip))
con = connection_create(sock, serversock, ip);
if (matchfile_match_allow_deny(allowed_ip, banned_ip, ip))
con = connection_create (sock, serversock, ip);
if (con)
return con;
sock_close(sock);
......
......@@ -158,3 +158,28 @@ int matchfile_match(matchfile_t *file, char *key) {
return avl_get_by_key(file->contents, (void*)key, &result) == 0 ? 1 : 0;
}
int matchfile_match_allow_deny(matchfile_t *allow, matchfile_t *deny, char *key) {
if (!allow && !deny)
return 1;
if (!key)
return 0;
if (matchfile_match(deny, key) > 0) {
ICECAST_LOG_DEBUG("%s is banned", key);
return 0;
}
if (matchfile_match(allow, key) > 0) {
ICECAST_LOG_DEBUG("%s is allowed", key);
return 1;
} else if (allow) {
/* we are not on allow list but there is one, so reject */
ICECAST_LOG_DEBUG("%s is not allowed", key);
return 0;
}
/* default: allow */
return 1;
}
......@@ -17,4 +17,7 @@ int matchfile_addref(matchfile_t *file);
int matchfile_release(matchfile_t *file);
int matchfile_match(matchfile_t *file, char *key);
/* returns 1 for allow or pass and 0 for deny */
int matchfile_match_allow_deny(matchfile_t *allow, matchfile_t *deny, char *key);
#endif /* __MATCHFILE_H__ */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment