2004-01-29 01:02:12 +00:00
|
|
|
/* Icecast
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed under the GNU General Public License, version 2.
|
|
|
|
|
* A copy of this license is included with this source.
|
|
|
|
|
*
|
2015-01-10 18:53:44 +00:00
|
|
|
* Copyright 2000-2004, Jack Moffitt <jack@xiph.org,
|
2004-01-29 01:02:12 +00:00
|
|
|
* Michael Smith <msmith@xiph.org>,
|
|
|
|
|
* oddsock <oddsock@xiph.org>,
|
|
|
|
|
* Karl Heyes <karl@xiph.org>
|
|
|
|
|
* and others (see AUTHORS for details).
|
2020-02-14 14:05:01 +00:00
|
|
|
* Copyright 2011-2020, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
|
2004-01-29 01:02:12 +00:00
|
|
|
*/
|
|
|
|
|
|
2001-09-10 02:21:46 +00:00
|
|
|
/* client.c
|
2014-11-30 20:32:30 +00:00
|
|
|
**
|
|
|
|
|
** client interface implementation
|
|
|
|
|
**
|
|
|
|
|
*/
|
2001-09-10 02:21:46 +00:00
|
|
|
|
2003-07-21 01:58:54 +00:00
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2001-09-10 02:21:46 +00:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
2018-08-08 13:20:07 +00:00
|
|
|
#include <libxml/tree.h>
|
|
|
|
|
|
2014-12-02 21:50:57 +00:00
|
|
|
#include "common/thread/thread.h"
|
|
|
|
|
#include "common/avl/avl.h"
|
|
|
|
|
#include "common/httpp/httpp.h"
|
2001-09-10 02:21:46 +00:00
|
|
|
|
2018-05-28 11:14:56 +00:00
|
|
|
#include "global.h"
|
2018-05-28 14:04:07 +00:00
|
|
|
#include "refobject.h"
|
2005-05-06 15:57:15 +00:00
|
|
|
#include "cfgfile.h"
|
2001-09-10 02:21:46 +00:00
|
|
|
#include "connection.h"
|
2018-04-17 07:29:49 +00:00
|
|
|
#include "tls.h"
|
2001-09-10 02:21:46 +00:00
|
|
|
#include "refbuf.h"
|
2005-06-03 15:35:52 +00:00
|
|
|
#include "format.h"
|
2005-05-06 15:57:15 +00:00
|
|
|
#include "stats.h"
|
2005-08-12 15:27:32 +00:00
|
|
|
#include "fserve.h"
|
2018-04-28 13:49:36 +00:00
|
|
|
#include "errors.h"
|
2018-06-27 12:45:27 +00:00
|
|
|
#include "reportxml.h"
|
|
|
|
|
#include "refobject.h"
|
|
|
|
|
#include "xslt.h"
|
2018-10-26 08:05:45 +00:00
|
|
|
#include "source.h"
|
2001-09-10 02:21:46 +00:00
|
|
|
|
|
|
|
|
#include "client.h"
|
Wow. Mega patch!
This patch *replaces* the authentication system completly.
What is new:
- <authentication> in mount section is now a container object.
- <authentication> in root and mount section may hold any number of <role>-Tags.
- <role> tags:
Those tags define a 'role' and it's ACL rules.
A role is a instance of an authentication module (see below).
<role> takes the following options. All but type are optional.
- authentication related:
- type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd;
symbolic constants in auth.h)
- name: Name for the role. For later matching. (values: any string; default: (none))
- method: This rule is only active on the given list of HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- ACL related:
- allow-method: Allowed HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get)
- deny-method: Rejected HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u)
- deny-admin: Rejected admin commands. (list of enum values: admin command; default: *)
- allow-web: Allowed web pages. (values: empty or *; default: *)
- deny-web: Rejected web pages. (values: empty or *; default: (empty))
- connections-per-user: maximum number of simultaneous connections per role and username.
This is only active on active sources. (values: unlimited or number of connections; default: unlimited)
- connection-duration: maximum time of a connection. This is only active on active sources.
(values: unlimited or number of secounds; default: unlimited)
<role> takes <option> child tags. <option> tags contain a name and a value option.
Meaning of <option> tags is up to the authentication module.
- <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried.
- <role>s are tested in this order: mount specific, default mount specific, global, internal fallback.
Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time)
and rejects all other requests.
- New authentication module: anonymous
This module matches all requests. No options taken.
- New authentication module: static
This module matches with a static username and password.
It takes two <option>s. One with name="username" and one with name="password" to set username and password.
This replaces old style <*-username> and <*-password> tags.
- New authentication module: legacy-password
This module matches with a statich password.
It takes one <option> with name="password" to set password.
This replaces old ICE and ICY (shoutcast compat mode) authentication.
- Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility.
- Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global
<authentication> for 100% backward compatibility.
- <alias> is now proccessed very early. This enables them to be used for all kinds of requests.
To Do List & What does not yet work:
- type="url" auth: mount_add and mount_remove.
This should be replaced by an unique feature I would call '<event>'.
- Admin commands manageauth and manageauth.xsl are disabled as they need more review:
This code needs to be ported to support multiple <role>s per <mount>.
- url authentication module can not yet return AUTH_NOMATCH.
This needs to be reviewed and discussed on how to handle this case best way.
- Default config files needs to be updated to reflect the changes.
As this is quite some political act it should be done in dicussion with the whole team
and permission of the release manager.
- Docs need to be updated to reflect the changes.
How does it work:
Code has been changed so that authentification is done early for all clients.
This allows accessing the ACL data (client->acl) from nearly everywhere in the code.
After accept() and initial client setup the request is parsed. In the next step
all <alias>es are resolved. After this the client is passed for authentication.
After authentication it is passed to the corresponding subsystem depending on kind of request.
All authentication instances have a thread running for doing the authentication.
This thread works on a queue of clients.
Hints for testers:
- Test with default config.
- Test with diffrent authentication modules in <mount>.
- Test shoutcast compatibility mode.
- Test with new style <authentication> and any amount of <role> (zero to quite some).
- Test <alias> lookup on all kinds of objects.
- Test source level credential login into the admin interface.
- Test shoucast style meta data updates.
- Test playlist generation.
Thank you for reading this long commit message. Have fun reading the full patch!
svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
|
|
|
#include "auth.h"
|
2001-09-10 02:21:46 +00:00
|
|
|
#include "logging.h"
|
2007-11-21 02:55:11 +00:00
|
|
|
|
2012-10-10 23:15:05 +00:00
|
|
|
#include "util.h"
|
2018-06-17 12:28:38 +00:00
|
|
|
#include "acl.h"
|
2018-05-19 07:41:45 +00:00
|
|
|
#include "listensocket.h"
|
2018-07-05 10:49:59 +00:00
|
|
|
#include "fastevent.h"
|
2012-10-10 23:15:05 +00:00
|
|
|
|
2018-08-08 13:20:07 +00:00
|
|
|
/* for ADMIN_COMMAND_ERROR, and ADMIN_ICESTATS_LEGACY_EXTENSION_APPLICATION */
|
Wow. Mega patch!
This patch *replaces* the authentication system completly.
What is new:
- <authentication> in mount section is now a container object.
- <authentication> in root and mount section may hold any number of <role>-Tags.
- <role> tags:
Those tags define a 'role' and it's ACL rules.
A role is a instance of an authentication module (see below).
<role> takes the following options. All but type are optional.
- authentication related:
- type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd;
symbolic constants in auth.h)
- name: Name for the role. For later matching. (values: any string; default: (none))
- method: This rule is only active on the given list of HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- ACL related:
- allow-method: Allowed HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get)
- deny-method: Rejected HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u)
- deny-admin: Rejected admin commands. (list of enum values: admin command; default: *)
- allow-web: Allowed web pages. (values: empty or *; default: *)
- deny-web: Rejected web pages. (values: empty or *; default: (empty))
- connections-per-user: maximum number of simultaneous connections per role and username.
This is only active on active sources. (values: unlimited or number of connections; default: unlimited)
- connection-duration: maximum time of a connection. This is only active on active sources.
(values: unlimited or number of secounds; default: unlimited)
<role> takes <option> child tags. <option> tags contain a name and a value option.
Meaning of <option> tags is up to the authentication module.
- <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried.
- <role>s are tested in this order: mount specific, default mount specific, global, internal fallback.
Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time)
and rejects all other requests.
- New authentication module: anonymous
This module matches all requests. No options taken.
- New authentication module: static
This module matches with a static username and password.
It takes two <option>s. One with name="username" and one with name="password" to set username and password.
This replaces old style <*-username> and <*-password> tags.
- New authentication module: legacy-password
This module matches with a statich password.
It takes one <option> with name="password" to set password.
This replaces old ICE and ICY (shoutcast compat mode) authentication.
- Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility.
- Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global
<authentication> for 100% backward compatibility.
- <alias> is now proccessed very early. This enables them to be used for all kinds of requests.
To Do List & What does not yet work:
- type="url" auth: mount_add and mount_remove.
This should be replaced by an unique feature I would call '<event>'.
- Admin commands manageauth and manageauth.xsl are disabled as they need more review:
This code needs to be ported to support multiple <role>s per <mount>.
- url authentication module can not yet return AUTH_NOMATCH.
This needs to be reviewed and discussed on how to handle this case best way.
- Default config files needs to be updated to reflect the changes.
As this is quite some political act it should be done in dicussion with the whole team
and permission of the release manager.
- Docs need to be updated to reflect the changes.
How does it work:
Code has been changed so that authentification is done early for all clients.
This allows accessing the ACL data (client->acl) from nearly everywhere in the code.
After accept() and initial client setup the request is parsed. In the next step
all <alias>es are resolved. After this the client is passed for authentication.
After authentication it is passed to the corresponding subsystem depending on kind of request.
All authentication instances have a thread running for doing the authentication.
This thread works on a queue of clients.
Hints for testers:
- Test with default config.
- Test with diffrent authentication modules in <mount>.
- Test shoutcast compatibility mode.
- Test with new style <authentication> and any amount of <role> (zero to quite some).
- Test <alias> lookup on all kinds of objects.
- Test source level credential login into the admin interface.
- Test shoucast style meta data updates.
- Test playlist generation.
Thank you for reading this long commit message. Have fun reading the full patch!
svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
|
|
|
#include "admin.h"
|
|
|
|
|
|
2007-11-21 02:55:11 +00:00
|
|
|
#ifdef _WIN32
|
|
|
|
|
#define snprintf _snprintf
|
|
|
|
|
#endif
|
2001-09-10 02:21:46 +00:00
|
|
|
|
2004-07-16 15:47:12 +00:00
|
|
|
#undef CATMODULE
|
|
|
|
|
#define CATMODULE "client"
|
|
|
|
|
|
2014-11-21 18:05:17 +00:00
|
|
|
static inline void client_send_500(client_t *client, const char *message);
|
|
|
|
|
|
2018-06-10 10:18:07 +00:00
|
|
|
/* This returns the protocol ID based on the string.
|
|
|
|
|
* If the string is invalid for any reason we return ICECAST_PROTOCOL_HTTP.
|
|
|
|
|
*/
|
|
|
|
|
protocol_t client_protocol_from_string(const char *str)
|
|
|
|
|
{
|
|
|
|
|
if (!str) {
|
|
|
|
|
ICECAST_LOG_ERROR("No protocol string given. Returning ICECAST_PROTOCOL_HTTP.");
|
|
|
|
|
return ICECAST_PROTOCOL_HTTP;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (strcasecmp(str, "http") == 0) {
|
|
|
|
|
return ICECAST_PROTOCOL_HTTP;
|
|
|
|
|
} else if (strcasecmp(str, "icy") == 0 || strcasecmp(str, "shoutcast") == 0) {
|
|
|
|
|
return ICECAST_PROTOCOL_SHOUTCAST;
|
|
|
|
|
} else {
|
|
|
|
|
ICECAST_LOG_ERROR("Unknown protocol \"%H\" string given. Returning ICECAST_PROTOCOL_HTTP.", str);
|
|
|
|
|
return ICECAST_PROTOCOL_HTTP;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const char * client_protocol_to_string(protocol_t protocol)
|
|
|
|
|
{
|
|
|
|
|
switch (protocol) {
|
|
|
|
|
case ICECAST_PROTOCOL_HTTP:
|
|
|
|
|
return "http";
|
|
|
|
|
break;
|
|
|
|
|
case ICECAST_PROTOCOL_SHOUTCAST:
|
|
|
|
|
return "icy";
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2005-08-25 00:07:17 +00:00
|
|
|
/* create a client_t with the provided connection and parser details. Return
|
|
|
|
|
* 0 on success, -1 if server limit has been reached. In either case a
|
|
|
|
|
* client_t is returned just in case a message needs to be returned. Should
|
|
|
|
|
* be called with global lock held.
|
|
|
|
|
*/
|
2014-11-30 20:32:30 +00:00
|
|
|
int client_create(client_t **c_ptr, connection_t *con, http_parser_t *parser)
|
2001-09-10 02:21:46 +00:00
|
|
|
{
|
2015-01-25 18:57:27 +00:00
|
|
|
ice_config_t *config;
|
|
|
|
|
client_t *client = (client_t *) calloc(1, sizeof(client_t));
|
2019-11-22 14:48:49 +00:00
|
|
|
const listener_t *listener_real, *listener_effective;
|
2015-01-25 18:57:27 +00:00
|
|
|
int ret = -1;
|
2005-08-11 23:29:58 +00:00
|
|
|
|
|
|
|
|
if (client == NULL)
|
2005-08-25 00:07:17 +00:00
|
|
|
abort();
|
2005-08-11 23:29:58 +00:00
|
|
|
|
2014-11-30 20:32:30 +00:00
|
|
|
config = config_get_config();
|
2005-05-06 15:57:15 +00:00
|
|
|
|
|
|
|
|
global.clients++;
|
2015-01-25 18:57:27 +00:00
|
|
|
if (config->client_limit < global.clients) {
|
2014-10-31 08:46:58 +00:00
|
|
|
ICECAST_LOG_WARN("server client limit reached (%d/%d)", config->client_limit, global.clients);
|
2015-01-25 18:57:27 +00:00
|
|
|
} else {
|
2005-08-11 23:29:58 +00:00
|
|
|
ret = 0;
|
2015-01-25 18:57:27 +00:00
|
|
|
}
|
2001-09-10 02:21:46 +00:00
|
|
|
|
2005-08-11 23:29:58 +00:00
|
|
|
config_release_config ();
|
|
|
|
|
|
|
|
|
|
stats_event_args (NULL, "clients", "%d", global.clients);
|
2003-03-15 02:10:19 +00:00
|
|
|
client->con = con;
|
|
|
|
|
client->parser = parser;
|
Wow. Mega patch!
This patch *replaces* the authentication system completly.
What is new:
- <authentication> in mount section is now a container object.
- <authentication> in root and mount section may hold any number of <role>-Tags.
- <role> tags:
Those tags define a 'role' and it's ACL rules.
A role is a instance of an authentication module (see below).
<role> takes the following options. All but type are optional.
- authentication related:
- type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd;
symbolic constants in auth.h)
- name: Name for the role. For later matching. (values: any string; default: (none))
- method: This rule is only active on the given list of HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- ACL related:
- allow-method: Allowed HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get)
- deny-method: Rejected HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u)
- deny-admin: Rejected admin commands. (list of enum values: admin command; default: *)
- allow-web: Allowed web pages. (values: empty or *; default: *)
- deny-web: Rejected web pages. (values: empty or *; default: (empty))
- connections-per-user: maximum number of simultaneous connections per role and username.
This is only active on active sources. (values: unlimited or number of connections; default: unlimited)
- connection-duration: maximum time of a connection. This is only active on active sources.
(values: unlimited or number of secounds; default: unlimited)
<role> takes <option> child tags. <option> tags contain a name and a value option.
Meaning of <option> tags is up to the authentication module.
- <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried.
- <role>s are tested in this order: mount specific, default mount specific, global, internal fallback.
Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time)
and rejects all other requests.
- New authentication module: anonymous
This module matches all requests. No options taken.
- New authentication module: static
This module matches with a static username and password.
It takes two <option>s. One with name="username" and one with name="password" to set username and password.
This replaces old style <*-username> and <*-password> tags.
- New authentication module: legacy-password
This module matches with a statich password.
It takes one <option> with name="password" to set password.
This replaces old ICE and ICY (shoutcast compat mode) authentication.
- Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility.
- Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global
<authentication> for 100% backward compatibility.
- <alias> is now proccessed very early. This enables them to be used for all kinds of requests.
To Do List & What does not yet work:
- type="url" auth: mount_add and mount_remove.
This should be replaced by an unique feature I would call '<event>'.
- Admin commands manageauth and manageauth.xsl are disabled as they need more review:
This code needs to be ported to support multiple <role>s per <mount>.
- url authentication module can not yet return AUTH_NOMATCH.
This needs to be reviewed and discussed on how to handle this case best way.
- Default config files needs to be updated to reflect the changes.
As this is quite some political act it should be done in dicussion with the whole team
and permission of the release manager.
- Docs need to be updated to reflect the changes.
How does it work:
Code has been changed so that authentification is done early for all clients.
This allows accessing the ACL data (client->acl) from nearly everywhere in the code.
After accept() and initial client setup the request is parsed. In the next step
all <alias>es are resolved. After this the client is passed for authentication.
After authentication it is passed to the corresponding subsystem depending on kind of request.
All authentication instances have a thread running for doing the authentication.
This thread works on a queue of clients.
Hints for testers:
- Test with default config.
- Test with diffrent authentication modules in <mount>.
- Test shoutcast compatibility mode.
- Test with new style <authentication> and any amount of <role> (zero to quite some).
- Test <alias> lookup on all kinds of objects.
- Test source level credential login into the admin interface.
- Test shoucast style meta data updates.
- Test playlist generation.
Thank you for reading this long commit message. Have fun reading the full patch!
svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
|
|
|
client->protocol = ICECAST_PROTOCOL_HTTP;
|
2018-06-18 09:48:57 +00:00
|
|
|
client->request_body_length = 0;
|
|
|
|
|
client->request_body_read = 0;
|
Wow. Mega patch!
This patch *replaces* the authentication system completly.
What is new:
- <authentication> in mount section is now a container object.
- <authentication> in root and mount section may hold any number of <role>-Tags.
- <role> tags:
Those tags define a 'role' and it's ACL rules.
A role is a instance of an authentication module (see below).
<role> takes the following options. All but type are optional.
- authentication related:
- type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd;
symbolic constants in auth.h)
- name: Name for the role. For later matching. (values: any string; default: (none))
- method: This rule is only active on the given list of HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- ACL related:
- allow-method: Allowed HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get)
- deny-method: Rejected HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u)
- deny-admin: Rejected admin commands. (list of enum values: admin command; default: *)
- allow-web: Allowed web pages. (values: empty or *; default: *)
- deny-web: Rejected web pages. (values: empty or *; default: (empty))
- connections-per-user: maximum number of simultaneous connections per role and username.
This is only active on active sources. (values: unlimited or number of connections; default: unlimited)
- connection-duration: maximum time of a connection. This is only active on active sources.
(values: unlimited or number of secounds; default: unlimited)
<role> takes <option> child tags. <option> tags contain a name and a value option.
Meaning of <option> tags is up to the authentication module.
- <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried.
- <role>s are tested in this order: mount specific, default mount specific, global, internal fallback.
Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time)
and rejects all other requests.
- New authentication module: anonymous
This module matches all requests. No options taken.
- New authentication module: static
This module matches with a static username and password.
It takes two <option>s. One with name="username" and one with name="password" to set username and password.
This replaces old style <*-username> and <*-password> tags.
- New authentication module: legacy-password
This module matches with a statich password.
It takes one <option> with name="password" to set password.
This replaces old ICE and ICY (shoutcast compat mode) authentication.
- Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility.
- Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global
<authentication> for 100% backward compatibility.
- <alias> is now proccessed very early. This enables them to be used for all kinds of requests.
To Do List & What does not yet work:
- type="url" auth: mount_add and mount_remove.
This should be replaced by an unique feature I would call '<event>'.
- Admin commands manageauth and manageauth.xsl are disabled as they need more review:
This code needs to be ported to support multiple <role>s per <mount>.
- url authentication module can not yet return AUTH_NOMATCH.
This needs to be reviewed and discussed on how to handle this case best way.
- Default config files needs to be updated to reflect the changes.
As this is quite some political act it should be done in dicussion with the whole team
and permission of the release manager.
- Docs need to be updated to reflect the changes.
How does it work:
Code has been changed so that authentification is done early for all clients.
This allows accessing the ACL data (client->acl) from nearly everywhere in the code.
After accept() and initial client setup the request is parsed. In the next step
all <alias>es are resolved. After this the client is passed for authentication.
After authentication it is passed to the corresponding subsystem depending on kind of request.
All authentication instances have a thread running for doing the authentication.
This thread works on a queue of clients.
Hints for testers:
- Test with default config.
- Test with diffrent authentication modules in <mount>.
- Test shoutcast compatibility mode.
- Test with new style <authentication> and any amount of <role> (zero to quite some).
- Test <alias> lookup on all kinds of objects.
- Test source level credential login into the admin interface.
- Test shoucast style meta data updates.
- Test playlist generation.
Thank you for reading this long commit message. Have fun reading the full patch!
svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
|
|
|
client->admin_command = ADMIN_COMMAND_ERROR;
|
2005-08-25 00:07:17 +00:00
|
|
|
client->refbuf = refbuf_new (PER_CLIENT_REFBUF_SIZE);
|
|
|
|
|
client->refbuf->len = 0; /* force reader code to ignore buffer contents */
|
2003-03-15 02:10:19 +00:00
|
|
|
client->pos = 0;
|
2005-06-08 01:36:51 +00:00
|
|
|
client->write_to_client = format_generic_write_to_client;
|
2005-08-11 23:29:58 +00:00
|
|
|
*c_ptr = client;
|
2001-09-10 02:21:46 +00:00
|
|
|
|
2019-11-22 14:48:49 +00:00
|
|
|
listener_real = listensocket_get_listener(con->listensocket_real);
|
|
|
|
|
listener_effective = listensocket_get_listener(con->listensocket_effective);
|
2019-06-26 08:23:29 +00:00
|
|
|
ICECAST_LOG_DEBUG("Client %p created on connection %p (connection ID: %llu, socket real: %p \"%H\", socket effective: %p \"%H\")",
|
|
|
|
|
client, con, (long long unsigned int)con->id,
|
2019-11-22 14:48:49 +00:00
|
|
|
con->listensocket_real, con->listensocket_real ? listener_real->id : NULL,
|
|
|
|
|
con->listensocket_effective, con->listensocket_effective ? listener_effective->id : NULL
|
2019-06-26 08:23:29 +00:00
|
|
|
);
|
2019-11-22 14:48:49 +00:00
|
|
|
listensocket_release_listener(con->listensocket_effective);
|
|
|
|
|
listensocket_release_listener(con->listensocket_real);
|
2019-06-26 08:23:29 +00:00
|
|
|
|
2018-07-05 10:49:59 +00:00
|
|
|
fastevent_emit(FASTEVENT_TYPE_CLIENT_CREATE, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_CLIENT, client);
|
|
|
|
|
|
2005-08-11 23:29:58 +00:00
|
|
|
return ret;
|
2001-09-10 02:21:46 +00:00
|
|
|
}
|
|
|
|
|
|
2018-07-20 11:12:13 +00:00
|
|
|
void client_complete(client_t *client)
|
|
|
|
|
{
|
|
|
|
|
const char *header;
|
|
|
|
|
long long unsigned int scannumber;
|
|
|
|
|
|
2020-04-19 01:43:27 +00:00
|
|
|
do {
|
2018-12-17 08:46:52 +00:00
|
|
|
header = httpp_getvar(client->parser, "content-length");
|
|
|
|
|
if (header) {
|
|
|
|
|
if (sscanf(header, "%llu", &scannumber) == 1) {
|
|
|
|
|
client->request_body_length = scannumber;
|
2020-04-19 01:43:27 +00:00
|
|
|
break;
|
2018-12-17 08:46:52 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-20 11:12:13 +00:00
|
|
|
if (client->parser->req_type == httpp_req_source) {
|
|
|
|
|
client->request_body_length = -1; /* streaming */
|
2020-04-19 01:43:27 +00:00
|
|
|
break;
|
2018-07-20 11:12:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
header = httpp_getvar(client->parser, "transfer-encoding");
|
|
|
|
|
if (header) {
|
|
|
|
|
if (strcasecmp(header, "identity") != 0) {
|
|
|
|
|
client->request_body_length = -1; /* streaming */
|
2020-04-19 01:43:27 +00:00
|
|
|
break;
|
2018-07-20 11:12:13 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (client->parser->req_type == httpp_req_put) {
|
|
|
|
|
/* As we don't know yet, we asume this PUT is in streaming mode */
|
|
|
|
|
client->request_body_length = -1; /* streaming */
|
2020-04-19 01:43:27 +00:00
|
|
|
break;
|
2018-07-20 11:12:13 +00:00
|
|
|
}
|
|
|
|
|
|
2018-07-20 11:25:55 +00:00
|
|
|
if (client->parser->req_type == httpp_req_none) {
|
|
|
|
|
/* We are a client. If the server did not tell us, we asume streaming. */
|
|
|
|
|
client->request_body_length = -1; /* streaming */
|
2020-04-19 01:43:27 +00:00
|
|
|
break;
|
2018-07-20 11:25:55 +00:00
|
|
|
}
|
2020-04-19 01:43:27 +00:00
|
|
|
} while (0);
|
2018-07-20 11:25:55 +00:00
|
|
|
|
2018-07-20 11:12:13 +00:00
|
|
|
ICECAST_LOG_DEBUG("Client %p has request_body_length=%zi", client, client->request_body_length);
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-01 23:04:54 +00:00
|
|
|
static inline void client_reuseconnection(client_t *client) {
|
|
|
|
|
connection_t *con;
|
|
|
|
|
reuse_t reuse;
|
|
|
|
|
|
|
|
|
|
if (!client)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
con = client->con;
|
|
|
|
|
reuse = client->reuse;
|
2018-11-13 08:51:02 +00:00
|
|
|
|
|
|
|
|
if (reuse == ICECAST_REUSE_UPGRADETLS) {
|
|
|
|
|
http_parser_t *parser = client->parser;
|
|
|
|
|
|
|
|
|
|
httpp_deletevar(parser, "upgrade");
|
|
|
|
|
client->reuse = ICECAST_REUSE_CLOSE;
|
|
|
|
|
|
|
|
|
|
/* release the buffer now, as the buffer could be on the source queue
|
|
|
|
|
* and may of disappeared after auth completes */
|
|
|
|
|
client_set_queue(client, NULL);
|
|
|
|
|
client->refbuf = refbuf_new (PER_CLIENT_REFBUF_SIZE);
|
|
|
|
|
client->refbuf->len = 0; /* force reader code to ignore buffer contents */
|
|
|
|
|
client->pos = 0;
|
|
|
|
|
|
|
|
|
|
connection_uses_tls(con);
|
|
|
|
|
connection_queue_client(client);
|
|
|
|
|
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
con = connection_create(con->sock, con->listensocket_real, con->listensocket_effective, strdup(con->ip));
|
2015-02-01 23:04:54 +00:00
|
|
|
client->con->sock = -1; /* TODO: do not use magic */
|
2015-02-06 10:25:40 +00:00
|
|
|
|
|
|
|
|
/* handle to keep the TLS connection */
|
2016-10-20 09:06:28 +00:00
|
|
|
if (client->con->tls) {
|
2015-02-06 10:25:40 +00:00
|
|
|
/* AHhhggrr.. That pain....
|
2016-10-20 09:06:28 +00:00
|
|
|
* stealing TLS state...
|
2015-02-06 10:25:40 +00:00
|
|
|
*/
|
2016-10-20 09:06:28 +00:00
|
|
|
con->tls = client->con->tls;
|
2015-02-06 10:25:40 +00:00
|
|
|
con->read = client->con->read;
|
|
|
|
|
con->send = client->con->send;
|
2016-10-20 09:06:28 +00:00
|
|
|
client->con->tls = NULL;
|
2015-02-06 10:25:40 +00:00
|
|
|
client->con->read = NULL;
|
|
|
|
|
client->con->send = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-18 10:31:13 +00:00
|
|
|
if (client->con->readbufferlen) {
|
|
|
|
|
/* Aend... moorre paaiin.
|
|
|
|
|
* stealing putback buffer.
|
|
|
|
|
*/
|
|
|
|
|
con->readbuffer = client->con->readbuffer;
|
|
|
|
|
con->readbufferlen = client->con->readbufferlen;
|
|
|
|
|
client->con->readbuffer = NULL;
|
|
|
|
|
client->con->readbufferlen = 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-01 23:04:54 +00:00
|
|
|
client->reuse = ICECAST_REUSE_CLOSE;
|
|
|
|
|
|
|
|
|
|
client_destroy(client);
|
|
|
|
|
connection_queue(con);
|
|
|
|
|
}
|
|
|
|
|
|
2001-09-10 02:21:46 +00:00
|
|
|
void client_destroy(client_t *client)
|
|
|
|
|
{
|
Wow. Mega patch!
This patch *replaces* the authentication system completly.
What is new:
- <authentication> in mount section is now a container object.
- <authentication> in root and mount section may hold any number of <role>-Tags.
- <role> tags:
Those tags define a 'role' and it's ACL rules.
A role is a instance of an authentication module (see below).
<role> takes the following options. All but type are optional.
- authentication related:
- type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd;
symbolic constants in auth.h)
- name: Name for the role. For later matching. (values: any string; default: (none))
- method: This rule is only active on the given list of HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- ACL related:
- allow-method: Allowed HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get)
- deny-method: Rejected HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u)
- deny-admin: Rejected admin commands. (list of enum values: admin command; default: *)
- allow-web: Allowed web pages. (values: empty or *; default: *)
- deny-web: Rejected web pages. (values: empty or *; default: (empty))
- connections-per-user: maximum number of simultaneous connections per role and username.
This is only active on active sources. (values: unlimited or number of connections; default: unlimited)
- connection-duration: maximum time of a connection. This is only active on active sources.
(values: unlimited or number of secounds; default: unlimited)
<role> takes <option> child tags. <option> tags contain a name and a value option.
Meaning of <option> tags is up to the authentication module.
- <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried.
- <role>s are tested in this order: mount specific, default mount specific, global, internal fallback.
Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time)
and rejects all other requests.
- New authentication module: anonymous
This module matches all requests. No options taken.
- New authentication module: static
This module matches with a static username and password.
It takes two <option>s. One with name="username" and one with name="password" to set username and password.
This replaces old style <*-username> and <*-password> tags.
- New authentication module: legacy-password
This module matches with a statich password.
It takes one <option> with name="password" to set password.
This replaces old ICE and ICY (shoutcast compat mode) authentication.
- Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility.
- Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global
<authentication> for 100% backward compatibility.
- <alias> is now proccessed very early. This enables them to be used for all kinds of requests.
To Do List & What does not yet work:
- type="url" auth: mount_add and mount_remove.
This should be replaced by an unique feature I would call '<event>'.
- Admin commands manageauth and manageauth.xsl are disabled as they need more review:
This code needs to be ported to support multiple <role>s per <mount>.
- url authentication module can not yet return AUTH_NOMATCH.
This needs to be reviewed and discussed on how to handle this case best way.
- Default config files needs to be updated to reflect the changes.
As this is quite some political act it should be done in dicussion with the whole team
and permission of the release manager.
- Docs need to be updated to reflect the changes.
How does it work:
Code has been changed so that authentification is done early for all clients.
This allows accessing the ACL data (client->acl) from nearly everywhere in the code.
After accept() and initial client setup the request is parsed. In the next step
all <alias>es are resolved. After this the client is passed for authentication.
After authentication it is passed to the corresponding subsystem depending on kind of request.
All authentication instances have a thread running for doing the authentication.
This thread works on a queue of clients.
Hints for testers:
- Test with default config.
- Test with diffrent authentication modules in <mount>.
- Test shoutcast compatibility mode.
- Test with new style <authentication> and any amount of <role> (zero to quite some).
- Test <alias> lookup on all kinds of objects.
- Test source level credential login into the admin interface.
- Test shoucast style meta data updates.
- Test playlist generation.
Thank you for reading this long commit message. Have fun reading the full patch!
svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
|
|
|
ICECAST_LOG_DEBUG("Called to destory client %p", client);
|
2004-02-03 00:48:02 +00:00
|
|
|
if (client == NULL)
|
|
|
|
|
return;
|
2005-08-07 23:01:04 +00:00
|
|
|
|
2018-07-05 10:49:59 +00:00
|
|
|
fastevent_emit(FASTEVENT_TYPE_CLIENT_DESTROY, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_CLIENT, client);
|
|
|
|
|
|
2015-02-01 23:04:54 +00:00
|
|
|
if (client->reuse != ICECAST_REUSE_CLOSE) {
|
2018-06-18 10:27:15 +00:00
|
|
|
/* only reuse the client if we reached the body's EOF. */
|
|
|
|
|
if (client_body_eof(client) == 1) {
|
|
|
|
|
client_reuseconnection(client);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2015-02-01 23:04:54 +00:00
|
|
|
}
|
|
|
|
|
|
2005-10-06 02:41:51 +00:00
|
|
|
/* release the buffer now, as the buffer could be on the source queue
|
|
|
|
|
* and may of disappeared after auth completes */
|
2018-09-19 14:39:19 +00:00
|
|
|
client_set_queue(client, NULL);
|
2005-10-06 02:41:51 +00:00
|
|
|
|
Wow. Mega patch!
This patch *replaces* the authentication system completly.
What is new:
- <authentication> in mount section is now a container object.
- <authentication> in root and mount section may hold any number of <role>-Tags.
- <role> tags:
Those tags define a 'role' and it's ACL rules.
A role is a instance of an authentication module (see below).
<role> takes the following options. All but type are optional.
- authentication related:
- type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd;
symbolic constants in auth.h)
- name: Name for the role. For later matching. (values: any string; default: (none))
- method: This rule is only active on the given list of HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- ACL related:
- allow-method: Allowed HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get)
- deny-method: Rejected HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u)
- deny-admin: Rejected admin commands. (list of enum values: admin command; default: *)
- allow-web: Allowed web pages. (values: empty or *; default: *)
- deny-web: Rejected web pages. (values: empty or *; default: (empty))
- connections-per-user: maximum number of simultaneous connections per role and username.
This is only active on active sources. (values: unlimited or number of connections; default: unlimited)
- connection-duration: maximum time of a connection. This is only active on active sources.
(values: unlimited or number of secounds; default: unlimited)
<role> takes <option> child tags. <option> tags contain a name and a value option.
Meaning of <option> tags is up to the authentication module.
- <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried.
- <role>s are tested in this order: mount specific, default mount specific, global, internal fallback.
Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time)
and rejects all other requests.
- New authentication module: anonymous
This module matches all requests. No options taken.
- New authentication module: static
This module matches with a static username and password.
It takes two <option>s. One with name="username" and one with name="password" to set username and password.
This replaces old style <*-username> and <*-password> tags.
- New authentication module: legacy-password
This module matches with a statich password.
It takes one <option> with name="password" to set password.
This replaces old ICE and ICY (shoutcast compat mode) authentication.
- Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility.
- Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global
<authentication> for 100% backward compatibility.
- <alias> is now proccessed very early. This enables them to be used for all kinds of requests.
To Do List & What does not yet work:
- type="url" auth: mount_add and mount_remove.
This should be replaced by an unique feature I would call '<event>'.
- Admin commands manageauth and manageauth.xsl are disabled as they need more review:
This code needs to be ported to support multiple <role>s per <mount>.
- url authentication module can not yet return AUTH_NOMATCH.
This needs to be reviewed and discussed on how to handle this case best way.
- Default config files needs to be updated to reflect the changes.
As this is quite some political act it should be done in dicussion with the whole team
and permission of the release manager.
- Docs need to be updated to reflect the changes.
How does it work:
Code has been changed so that authentification is done early for all clients.
This allows accessing the ACL data (client->acl) from nearly everywhere in the code.
After accept() and initial client setup the request is parsed. In the next step
all <alias>es are resolved. After this the client is passed for authentication.
After authentication it is passed to the corresponding subsystem depending on kind of request.
All authentication instances have a thread running for doing the authentication.
This thread works on a queue of clients.
Hints for testers:
- Test with default config.
- Test with diffrent authentication modules in <mount>.
- Test shoutcast compatibility mode.
- Test with new style <authentication> and any amount of <role> (zero to quite some).
- Test <alias> lookup on all kinds of objects.
- Test source level credential login into the admin interface.
- Test shoucast style meta data updates.
- Test playlist generation.
Thank you for reading this long commit message. Have fun reading the full patch!
svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
|
|
|
if (auth_release_client(client))
|
2005-08-07 23:01:04 +00:00
|
|
|
return;
|
|
|
|
|
|
2015-01-10 18:53:44 +00:00
|
|
|
/* write log entry if ip is set (some things don't set it, like outgoing
|
2003-02-14 11:44:08 +00:00
|
|
|
* slave requests
|
|
|
|
|
*/
|
2005-08-09 02:14:20 +00:00
|
|
|
if (client->respcode && client->parser)
|
2003-03-15 02:10:19 +00:00
|
|
|
logging_access(client);
|
2005-06-10 15:42:06 +00:00
|
|
|
if (client->con)
|
|
|
|
|
connection_close(client->con);
|
2005-08-09 02:14:20 +00:00
|
|
|
if (client->parser)
|
|
|
|
|
httpp_destroy(client->parser);
|
2015-02-10 21:18:52 +00:00
|
|
|
if (client->encoding)
|
|
|
|
|
httpp_encoding_release(client->encoding);
|
2001-09-10 02:21:46 +00:00
|
|
|
|
2014-11-30 20:32:30 +00:00
|
|
|
global_lock();
|
2005-05-06 15:57:15 +00:00
|
|
|
global.clients--;
|
2014-11-30 20:32:30 +00:00
|
|
|
stats_event_args(NULL, "clients", "%d", global.clients);
|
|
|
|
|
global_unlock();
|
2005-05-06 15:57:15 +00:00
|
|
|
|
2004-02-29 14:38:15 +00:00
|
|
|
/* we need to free client specific format data (if any) */
|
|
|
|
|
if (client->free_client_data)
|
2014-11-30 20:32:30 +00:00
|
|
|
client->free_client_data(client);
|
2004-02-29 14:38:15 +00:00
|
|
|
|
2018-05-28 14:04:07 +00:00
|
|
|
refobject_unref(client->handler_module);
|
|
|
|
|
free(client->handler_function);
|
2018-09-13 12:42:46 +00:00
|
|
|
free(client->uri);
|
2004-01-15 01:01:09 +00:00
|
|
|
free(client->username);
|
2005-08-09 02:14:20 +00:00
|
|
|
free(client->password);
|
Wow. Mega patch!
This patch *replaces* the authentication system completly.
What is new:
- <authentication> in mount section is now a container object.
- <authentication> in root and mount section may hold any number of <role>-Tags.
- <role> tags:
Those tags define a 'role' and it's ACL rules.
A role is a instance of an authentication module (see below).
<role> takes the following options. All but type are optional.
- authentication related:
- type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd;
symbolic constants in auth.h)
- name: Name for the role. For later matching. (values: any string; default: (none))
- method: This rule is only active on the given list of HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- ACL related:
- allow-method: Allowed HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get)
- deny-method: Rejected HTTP methods.
(list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *)
- allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u)
- deny-admin: Rejected admin commands. (list of enum values: admin command; default: *)
- allow-web: Allowed web pages. (values: empty or *; default: *)
- deny-web: Rejected web pages. (values: empty or *; default: (empty))
- connections-per-user: maximum number of simultaneous connections per role and username.
This is only active on active sources. (values: unlimited or number of connections; default: unlimited)
- connection-duration: maximum time of a connection. This is only active on active sources.
(values: unlimited or number of secounds; default: unlimited)
<role> takes <option> child tags. <option> tags contain a name and a value option.
Meaning of <option> tags is up to the authentication module.
- <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried.
- <role>s are tested in this order: mount specific, default mount specific, global, internal fallback.
Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time)
and rejects all other requests.
- New authentication module: anonymous
This module matches all requests. No options taken.
- New authentication module: static
This module matches with a static username and password.
It takes two <option>s. One with name="username" and one with name="password" to set username and password.
This replaces old style <*-username> and <*-password> tags.
- New authentication module: legacy-password
This module matches with a statich password.
It takes one <option> with name="password" to set password.
This replaces old ICE and ICY (shoutcast compat mode) authentication.
- Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility.
- Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global
<authentication> for 100% backward compatibility.
- <alias> is now proccessed very early. This enables them to be used for all kinds of requests.
To Do List & What does not yet work:
- type="url" auth: mount_add and mount_remove.
This should be replaced by an unique feature I would call '<event>'.
- Admin commands manageauth and manageauth.xsl are disabled as they need more review:
This code needs to be ported to support multiple <role>s per <mount>.
- url authentication module can not yet return AUTH_NOMATCH.
This needs to be reviewed and discussed on how to handle this case best way.
- Default config files needs to be updated to reflect the changes.
As this is quite some political act it should be done in dicussion with the whole team
and permission of the release manager.
- Docs need to be updated to reflect the changes.
How does it work:
Code has been changed so that authentification is done early for all clients.
This allows accessing the ACL data (client->acl) from nearly everywhere in the code.
After accept() and initial client setup the request is parsed. In the next step
all <alias>es are resolved. After this the client is passed for authentication.
After authentication it is passed to the corresponding subsystem depending on kind of request.
All authentication instances have a thread running for doing the authentication.
This thread works on a queue of clients.
Hints for testers:
- Test with default config.
- Test with diffrent authentication modules in <mount>.
- Test shoutcast compatibility mode.
- Test with new style <authentication> and any amount of <role> (zero to quite some).
- Test <alias> lookup on all kinds of objects.
- Test source level credential login into the admin interface.
- Test shoucast style meta data updates.
- Test playlist generation.
Thank you for reading this long commit message. Have fun reading the full patch!
svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
|
|
|
free(client->role);
|
|
|
|
|
acl_release(client->acl);
|
2004-01-15 01:01:09 +00:00
|
|
|
|
2003-03-15 02:10:19 +00:00
|
|
|
free(client);
|
2001-09-10 02:21:46 +00:00
|
|
|
}
|
2002-08-12 14:48:31 +00:00
|
|
|
|
2005-05-08 13:51:05 +00:00
|
|
|
/* helper function for reading data from a client */
|
2015-02-10 21:18:52 +00:00
|
|
|
static ssize_t __client_read_bytes_real(client_t *client, void *buf, size_t len)
|
|
|
|
|
{
|
|
|
|
|
/* we have data to read from a refbuf first */
|
|
|
|
|
if (client->refbuf->len < len)
|
|
|
|
|
len = client->refbuf->len;
|
|
|
|
|
memcpy (buf, client->refbuf->data, len);
|
|
|
|
|
if (len < client->refbuf->len) {
|
|
|
|
|
char *ptr = client->refbuf->data;
|
|
|
|
|
memmove (ptr, ptr+len, client->refbuf->len - len);
|
|
|
|
|
}
|
|
|
|
|
client->refbuf->len -= len;
|
|
|
|
|
return len;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-30 20:32:30 +00:00
|
|
|
int client_read_bytes(client_t *client, void *buf, unsigned len)
|
2005-05-08 13:51:05 +00:00
|
|
|
{
|
2015-02-10 21:18:52 +00:00
|
|
|
ssize_t (*reader)(void*, void*, size_t) = (ssize_t(*)(void*,void*,size_t))__client_read_bytes_real;
|
|
|
|
|
void *userdata = client;
|
2005-08-11 23:29:58 +00:00
|
|
|
int bytes;
|
2007-08-29 03:51:22 +00:00
|
|
|
|
2015-02-10 21:18:52 +00:00
|
|
|
if (!(client->refbuf && client->refbuf->len)) {
|
|
|
|
|
reader = (ssize_t(*)(void*,void*,size_t))connection_read_bytes;
|
|
|
|
|
userdata = client->con;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (client->encoding) {
|
|
|
|
|
bytes = httpp_encoding_read(client->encoding, buf, len, reader, userdata);
|
|
|
|
|
} else {
|
|
|
|
|
bytes = reader(userdata, buf, len);
|
2005-08-11 23:29:58 +00:00
|
|
|
}
|
2005-05-08 13:51:05 +00:00
|
|
|
|
2007-08-29 03:51:22 +00:00
|
|
|
if (bytes == -1 && client->con->error)
|
2014-10-31 08:46:58 +00:00
|
|
|
ICECAST_LOG_DEBUG("reading from connection has failed");
|
2007-08-29 03:51:22 +00:00
|
|
|
|
2018-07-05 10:49:59 +00:00
|
|
|
fastevent_emit(FASTEVENT_TYPE_CLIENT_READ, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_OBRD, client, buf, (size_t)len, (ssize_t)bytes);
|
|
|
|
|
|
2007-08-29 03:51:22 +00:00
|
|
|
return bytes;
|
2005-05-08 13:51:05 +00:00
|
|
|
}
|
|
|
|
|
|
2018-09-14 13:39:50 +00:00
|
|
|
static inline void _client_send_report(client_t *client, const char *uuid, const char *message, int http_status, const char *location)
|
2012-10-10 23:15:05 +00:00
|
|
|
{
|
2018-06-27 16:07:21 +00:00
|
|
|
reportxml_t *report;
|
|
|
|
|
admin_format_t admin_format;
|
|
|
|
|
const char *xslt = NULL;
|
|
|
|
|
|
|
|
|
|
admin_format = client_get_admin_format_by_content_negotiation(client);
|
|
|
|
|
|
|
|
|
|
switch (admin_format) {
|
|
|
|
|
case ADMIN_FORMAT_RAW:
|
|
|
|
|
xslt = NULL;
|
|
|
|
|
break;
|
2018-06-29 15:25:12 +00:00
|
|
|
case ADMIN_FORMAT_HTML:
|
|
|
|
|
xslt = CLIENT_DEFAULT_ERROR_XSL_HTML;
|
2018-06-27 16:07:21 +00:00
|
|
|
break;
|
|
|
|
|
case ADMIN_FORMAT_PLAINTEXT:
|
|
|
|
|
xslt = CLIENT_DEFAULT_ERROR_XSL_PLAINTEXT;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
client_send_500(client, "Invalid Admin Type");
|
|
|
|
|
break;
|
2014-11-10 10:46:55 +00:00
|
|
|
}
|
|
|
|
|
|
2018-09-14 13:39:50 +00:00
|
|
|
report = client_get_reportxml(uuid, NULL, message);
|
2018-06-27 16:07:21 +00:00
|
|
|
|
2018-09-14 13:39:50 +00:00
|
|
|
client_send_reportxml(client, report, DOCUMENT_DOMAIN_ADMIN, xslt, admin_format, http_status, location);
|
2015-02-01 23:04:54 +00:00
|
|
|
|
2018-06-27 16:07:21 +00:00
|
|
|
refobject_unref(report);
|
2002-12-31 06:28:39 +00:00
|
|
|
}
|
|
|
|
|
|
2018-09-14 13:39:50 +00:00
|
|
|
void client_send_error_by_error(client_t *client, const icecast_error_t *error)
|
2018-04-28 13:49:36 +00:00
|
|
|
{
|
|
|
|
|
|
|
|
|
|
if (!error) {
|
|
|
|
|
client_send_500(client, "Unknown error ID");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-27 16:07:21 +00:00
|
|
|
if (error->http_status == 500) {
|
|
|
|
|
client_send_500(client, error->message);
|
|
|
|
|
return;
|
2018-04-28 13:49:36 +00:00
|
|
|
}
|
|
|
|
|
|
2018-09-14 13:39:50 +00:00
|
|
|
_client_send_report(client, error->uuid, error->message, error->http_status, NULL);
|
|
|
|
|
}
|
|
|
|
|
void client_send_error_by_uuid(client_t *client, const char *uuid)
|
|
|
|
|
{
|
|
|
|
|
client_send_error_by_error(client, error_get_by_uuid(uuid));
|
|
|
|
|
}
|
|
|
|
|
void client_send_error_by_id(client_t *client, icecast_error_id_t id)
|
|
|
|
|
{
|
|
|
|
|
client_send_error_by_error(client, error_get_by_id(id));
|
2018-04-28 13:49:36 +00:00
|
|
|
}
|
|
|
|
|
|
2015-02-02 00:34:45 +00:00
|
|
|
void client_send_101(client_t *client, reuse_t reuse)
|
|
|
|
|
{
|
|
|
|
|
ssize_t ret;
|
|
|
|
|
|
|
|
|
|
if (!client)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (reuse != ICECAST_REUSE_UPGRADETLS) {
|
|
|
|
|
client_send_500(client, "Bad reuse parameter");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-02 00:50:56 +00:00
|
|
|
client->reuse = reuse;
|
|
|
|
|
|
2015-02-02 00:34:45 +00:00
|
|
|
ret = util_http_build_header(client->refbuf->data, PER_CLIENT_REFBUF_SIZE, 0,
|
|
|
|
|
0, 101, NULL,
|
|
|
|
|
"text/plain", "utf-8",
|
|
|
|
|
NULL, NULL, client);
|
|
|
|
|
|
|
|
|
|
snprintf(client->refbuf->data + ret, PER_CLIENT_REFBUF_SIZE - ret,
|
2018-11-13 08:54:06 +00:00
|
|
|
"Content-Length: 0\r\nUpgrade: TLS/1.0, HTTP/1.1\r\n\r\n");
|
2015-02-02 00:34:45 +00:00
|
|
|
|
|
|
|
|
client->respcode = 101;
|
|
|
|
|
client->refbuf->len = strlen(client->refbuf->data);
|
|
|
|
|
|
2018-07-05 11:10:32 +00:00
|
|
|
fastevent_emit(FASTEVENT_TYPE_CLIENT_SEND_RESPONSE, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_CLIENT, client);
|
|
|
|
|
|
2015-02-02 00:34:45 +00:00
|
|
|
fserve_add_client(client, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-15 18:53:43 +00:00
|
|
|
void client_send_204(client_t *client)
|
|
|
|
|
{
|
2018-10-26 08:05:45 +00:00
|
|
|
source_t *source;
|
2018-06-15 18:53:43 +00:00
|
|
|
ssize_t ret;
|
|
|
|
|
|
|
|
|
|
if (!client)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
client->reuse = ICECAST_REUSE_KEEPALIVE;
|
|
|
|
|
|
2018-10-26 08:05:45 +00:00
|
|
|
/* We get a source_t* here as this is likely a reply to OPTIONS and we want
|
|
|
|
|
* to have as much infos as possible in that case.
|
|
|
|
|
*/
|
|
|
|
|
avl_tree_rlock(global.source_tree);
|
|
|
|
|
source = source_find_mount_raw(client->uri);
|
2018-06-15 18:53:43 +00:00
|
|
|
ret = util_http_build_header(client->refbuf->data, PER_CLIENT_REFBUF_SIZE, 0,
|
|
|
|
|
0, 204, NULL,
|
|
|
|
|
NULL, NULL,
|
2018-10-26 08:05:45 +00:00
|
|
|
NULL, source, client);
|
|
|
|
|
avl_tree_unlock(global.source_tree);
|
2018-06-15 18:53:43 +00:00
|
|
|
|
|
|
|
|
snprintf(client->refbuf->data + ret, PER_CLIENT_REFBUF_SIZE - ret,
|
|
|
|
|
"Content-Length: 0\r\n\r\n");
|
|
|
|
|
|
|
|
|
|
client->respcode = 204;
|
|
|
|
|
client->refbuf->len = strlen(client->refbuf->data);
|
|
|
|
|
|
2018-07-05 11:10:32 +00:00
|
|
|
fastevent_emit(FASTEVENT_TYPE_CLIENT_SEND_RESPONSE, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_CLIENT, client);
|
|
|
|
|
|
2018-06-15 18:53:43 +00:00
|
|
|
fserve_add_client(client, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-02 00:34:45 +00:00
|
|
|
void client_send_426(client_t *client, reuse_t reuse)
|
|
|
|
|
{
|
|
|
|
|
ssize_t ret;
|
|
|
|
|
|
|
|
|
|
if (!client)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (reuse != ICECAST_REUSE_UPGRADETLS) {
|
|
|
|
|
client_send_500(client, "Bad reuse parameter");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2015-02-02 00:50:56 +00:00
|
|
|
client->reuse = reuse;
|
|
|
|
|
|
2015-02-02 00:34:45 +00:00
|
|
|
ret = util_http_build_header(client->refbuf->data, PER_CLIENT_REFBUF_SIZE, 0,
|
|
|
|
|
0, 426, NULL,
|
|
|
|
|
"text/plain", "utf-8",
|
|
|
|
|
NULL, NULL, client);
|
|
|
|
|
|
|
|
|
|
snprintf(client->refbuf->data + ret, PER_CLIENT_REFBUF_SIZE - ret,
|
2018-11-13 08:54:06 +00:00
|
|
|
"Content-Length: 0\r\nUpgrade: TLS/1.0, HTTP/1.1\r\n\r\n");
|
2015-02-02 00:34:45 +00:00
|
|
|
|
|
|
|
|
client->respcode = 426;
|
|
|
|
|
client->refbuf->len = strlen(client->refbuf->data);
|
|
|
|
|
|
|
|
|
|
client->reuse = ICECAST_REUSE_KEEPALIVE;
|
|
|
|
|
|
2018-07-05 11:10:32 +00:00
|
|
|
fastevent_emit(FASTEVENT_TYPE_CLIENT_SEND_RESPONSE, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_CLIENT, client);
|
|
|
|
|
|
2015-02-02 00:34:45 +00:00
|
|
|
fserve_add_client(client, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-10 10:46:55 +00:00
|
|
|
/* this function is designed to work even if client is in bad state */
|
2015-01-25 18:57:27 +00:00
|
|
|
static inline void client_send_500(client_t *client, const char *message)
|
|
|
|
|
{
|
2014-11-10 10:46:55 +00:00
|
|
|
const char header[] = "HTTP/1.0 500 Internal Server Error\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n"
|
|
|
|
|
"500 - Internal Server Error\n---------------------------\n";
|
2014-12-14 19:18:22 +00:00
|
|
|
const ssize_t header_len = sizeof(header) - 1;
|
|
|
|
|
ssize_t ret;
|
2014-11-10 10:46:55 +00:00
|
|
|
|
2018-07-05 11:10:32 +00:00
|
|
|
client->respcode = 500;
|
|
|
|
|
client->refbuf->len = 0;
|
|
|
|
|
fastevent_emit(FASTEVENT_TYPE_CLIENT_SEND_RESPONSE, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_CLIENT, client);
|
|
|
|
|
|
2014-11-10 10:46:55 +00:00
|
|
|
ret = client_send_bytes(client, header, header_len);
|
|
|
|
|
|
|
|
|
|
/* only send message if we have one AND if header could have transmitted completly */
|
|
|
|
|
if (message && ret == header_len)
|
|
|
|
|
client_send_bytes(client, message, strlen(message));
|
|
|
|
|
|
|
|
|
|
client_destroy(client);
|
|
|
|
|
}
|
2004-07-16 15:47:12 +00:00
|
|
|
|
2018-09-14 13:39:50 +00:00
|
|
|
void client_send_redirect(client_t *client, const char *uuid, int status, const char *location)
|
|
|
|
|
{
|
|
|
|
|
_client_send_report(client, uuid, "Redirecting", status, location);
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-27 12:45:27 +00:00
|
|
|
/* this function sends a reportxml file to the client in the prefered format. */
|
2018-09-14 13:39:50 +00:00
|
|
|
void client_send_reportxml(client_t *client, reportxml_t *report, document_domain_t domain, const char *xsl, admin_format_t admin_format_hint, int status, const char *location)
|
2018-06-27 12:45:27 +00:00
|
|
|
{
|
|
|
|
|
admin_format_t admin_format;
|
|
|
|
|
xmlDocPtr doc;
|
|
|
|
|
|
|
|
|
|
if (!client)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (!report) {
|
|
|
|
|
ICECAST_LOG_ERROR("No report xml given. Sending 500 to client %p", client);
|
|
|
|
|
client_send_500(client, "No report.");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!status)
|
|
|
|
|
status = 200;
|
|
|
|
|
|
|
|
|
|
if (admin_format_hint == ADMIN_FORMAT_AUTO) {
|
|
|
|
|
admin_format = client_get_admin_format_by_content_negotiation(client);
|
|
|
|
|
} else {
|
|
|
|
|
admin_format = admin_format_hint;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!xsl) {
|
|
|
|
|
switch (admin_format) {
|
|
|
|
|
case ADMIN_FORMAT_RAW:
|
|
|
|
|
/* noop, we don't need to set xsl */
|
|
|
|
|
break;
|
2018-06-29 15:25:12 +00:00
|
|
|
case ADMIN_FORMAT_HTML:
|
|
|
|
|
xsl = CLIENT_DEFAULT_REPORT_XSL_HTML;
|
2018-06-27 12:45:27 +00:00
|
|
|
break;
|
|
|
|
|
case ADMIN_FORMAT_PLAINTEXT:
|
|
|
|
|
xsl = CLIENT_DEFAULT_REPORT_XSL_PLAINTEXT;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
ICECAST_LOG_ERROR("Unsupported admin format and no XSLT file given. Sending 500 to client %p", client);
|
|
|
|
|
client_send_500(client, "Unsupported admin format.");
|
|
|
|
|
return;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
} else if (admin_format_hint == ADMIN_FORMAT_AUTO) {
|
|
|
|
|
ICECAST_LOG_ERROR("No explicit admin format but XSLT file given. BUG. Sending 500 to client %p", client);
|
|
|
|
|
client_send_500(client, "Admin type AUTO but XSLT.");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
doc = reportxml_render_xmldoc(report);
|
|
|
|
|
if (!doc) {
|
|
|
|
|
ICECAST_LOG_ERROR("Can not render XML Document from report. Sending 500 to client %p", client);
|
|
|
|
|
client_send_500(client, "Can not render XML Document from report.");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (admin_format == ADMIN_FORMAT_RAW) {
|
|
|
|
|
xmlChar *buff = NULL;
|
2018-09-14 13:39:50 +00:00
|
|
|
size_t location_length = 0;
|
2018-06-27 12:45:27 +00:00
|
|
|
int len = 0;
|
|
|
|
|
size_t buf_len;
|
|
|
|
|
ssize_t ret;
|
|
|
|
|
|
|
|
|
|
xmlDocDumpMemory(doc, &buff, &len);
|
|
|
|
|
|
2018-09-14 13:39:50 +00:00
|
|
|
if (location) {
|
|
|
|
|
location_length = strlen(location);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
buf_len = len + location_length + 1024;
|
2018-06-27 12:45:27 +00:00
|
|
|
if (buf_len < 4096)
|
|
|
|
|
buf_len = 4096;
|
|
|
|
|
|
|
|
|
|
client_set_queue(client, NULL);
|
|
|
|
|
client->refbuf = refbuf_new(buf_len);
|
2018-12-17 08:51:25 +00:00
|
|
|
client->reuse = ICECAST_REUSE_KEEPALIVE;
|
2018-06-27 12:45:27 +00:00
|
|
|
|
|
|
|
|
ret = util_http_build_header(client->refbuf->data, buf_len, 0,
|
|
|
|
|
0, status, NULL,
|
|
|
|
|
"text/xml", "utf-8",
|
|
|
|
|
NULL, NULL, client);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
ICECAST_LOG_ERROR("Dropping client as we can not build response headers.");
|
|
|
|
|
client_send_error_by_id(client, ICECAST_ERROR_GEN_HEADER_GEN_FAILED);
|
|
|
|
|
xmlFree(buff);
|
|
|
|
|
return;
|
2018-09-14 13:39:50 +00:00
|
|
|
} else if (buf_len < (size_t)(len + location_length + ret + 128)) {
|
2018-06-27 12:45:27 +00:00
|
|
|
void *new_data;
|
2018-09-14 13:39:50 +00:00
|
|
|
buf_len = ret + len + 128;
|
2018-06-27 12:45:27 +00:00
|
|
|
new_data = realloc(client->refbuf->data, buf_len);
|
|
|
|
|
if (new_data) {
|
|
|
|
|
ICECAST_LOG_DEBUG("Client buffer reallocation succeeded.");
|
|
|
|
|
client->refbuf->data = new_data;
|
|
|
|
|
client->refbuf->len = buf_len;
|
|
|
|
|
ret = util_http_build_header(client->refbuf->data, buf_len, 0,
|
|
|
|
|
0, status, NULL,
|
|
|
|
|
"text/xml", "utf-8",
|
|
|
|
|
NULL, NULL, client);
|
|
|
|
|
if (ret == -1) {
|
|
|
|
|
ICECAST_LOG_ERROR("Dropping client as we can not build response headers.");
|
|
|
|
|
client_send_error_by_id(client, ICECAST_ERROR_GEN_HEADER_GEN_FAILED);
|
|
|
|
|
xmlFree(buff);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
ICECAST_LOG_ERROR("Client buffer reallocation failed. Dropping client.");
|
|
|
|
|
client_send_error_by_id(client, ICECAST_ERROR_GEN_BUFFER_REALLOC);
|
|
|
|
|
xmlFree(buff);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* FIXME: in this section we hope no function will ever return -1 */
|
2018-09-14 13:39:50 +00:00
|
|
|
if (location) {
|
|
|
|
|
ret += snprintf(client->refbuf->data + ret, buf_len - ret, "Location: %s\r\n", location);
|
|
|
|
|
}
|
|
|
|
|
ret += snprintf(client->refbuf->data + ret, buf_len - ret, "Content-Length: %d\r\n\r\n%s", xmlStrlen(buff), buff);
|
2018-06-27 12:45:27 +00:00
|
|
|
|
|
|
|
|
client->refbuf->len = ret;
|
|
|
|
|
xmlFree(buff);
|
|
|
|
|
client->respcode = status;
|
2018-07-05 11:10:32 +00:00
|
|
|
fastevent_emit(FASTEVENT_TYPE_CLIENT_SEND_RESPONSE, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_CLIENT, client);
|
2018-06-27 12:45:27 +00:00
|
|
|
fserve_add_client (client, NULL);
|
|
|
|
|
} else {
|
|
|
|
|
char *fullpath_xslt_template;
|
|
|
|
|
const char *document_domain_path;
|
|
|
|
|
ssize_t fullpath_xslt_template_len;
|
|
|
|
|
ice_config_t *config;
|
|
|
|
|
|
|
|
|
|
config = config_get_config();
|
|
|
|
|
switch (domain) {
|
|
|
|
|
case DOCUMENT_DOMAIN_WEB:
|
|
|
|
|
document_domain_path = config->webroot_dir;
|
|
|
|
|
break;
|
|
|
|
|
case DOCUMENT_DOMAIN_ADMIN:
|
|
|
|
|
document_domain_path = config->adminroot_dir;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
config_release_config();
|
|
|
|
|
ICECAST_LOG_ERROR("Invalid document domain. Sending 500 to client %p", client);
|
|
|
|
|
client_send_500(client, "Invalid document domain.");
|
|
|
|
|
return;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
fullpath_xslt_template_len = strlen(document_domain_path) + strlen(xsl) + strlen(PATH_SEPARATOR) + 1;
|
|
|
|
|
fullpath_xslt_template = malloc(fullpath_xslt_template_len);
|
|
|
|
|
snprintf(fullpath_xslt_template, fullpath_xslt_template_len, "%s%s%s", document_domain_path, PATH_SEPARATOR, xsl);
|
|
|
|
|
config_release_config();
|
|
|
|
|
|
|
|
|
|
ICECAST_LOG_DEBUG("Sending XSLT (%s)", fullpath_xslt_template);
|
2018-07-05 11:10:32 +00:00
|
|
|
fastevent_emit(FASTEVENT_TYPE_CLIENT_SEND_RESPONSE, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_CLIENT, client);
|
2020-10-01 17:34:31 +00:00
|
|
|
xslt_transform(doc, fullpath_xslt_template, client, status, location, NULL);
|
2018-06-27 12:45:27 +00:00
|
|
|
free(fullpath_xslt_template);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
xmlFreeDoc(doc);
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-08 13:20:07 +00:00
|
|
|
static void client_get_reportxml__add_basic_stats(reportxml_t *report)
|
|
|
|
|
{
|
|
|
|
|
reportxml_node_t *rootnode, *extension;
|
|
|
|
|
xmlNodePtr xmlroot;
|
|
|
|
|
xmlNodePtr modules;
|
|
|
|
|
|
|
|
|
|
rootnode = reportxml_get_root_node(report);
|
|
|
|
|
|
|
|
|
|
extension = reportxml_node_new(REPORTXML_NODE_TYPE_EXTENSION, NULL, NULL, NULL);
|
|
|
|
|
reportxml_node_set_attribute(extension, "application", ADMIN_ICESTATS_LEGACY_EXTENSION_APPLICATION);
|
|
|
|
|
|
|
|
|
|
reportxml_node_add_child(rootnode, extension);
|
|
|
|
|
|
|
|
|
|
refobject_unref(rootnode);
|
|
|
|
|
|
|
|
|
|
xmlroot = xmlNewNode(NULL, XMLSTR("icestats"));
|
|
|
|
|
modules = module_container_get_modulelist_as_xml(global.modulecontainer);
|
|
|
|
|
xmlAddChild(xmlroot, modules);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
reportxml_node_add_xml_child(extension, xmlroot);
|
|
|
|
|
refobject_unref(extension);
|
|
|
|
|
xmlFreeNode(xmlroot);
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-08 12:17:00 +00:00
|
|
|
reportxml_t *client_get_reportxml(const char *state_definition, const char *state_akindof, const char *state_text)
|
|
|
|
|
{
|
|
|
|
|
reportxml_t *report = NULL;
|
|
|
|
|
|
|
|
|
|
if (state_definition) {
|
|
|
|
|
ice_config_t *config;
|
|
|
|
|
|
|
|
|
|
config = config_get_config();
|
|
|
|
|
report = reportxml_database_build_report(config->reportxml_db, state_definition, -1);
|
|
|
|
|
config_release_config();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!report) {
|
|
|
|
|
reportxml_node_t *rootnode, *incidentnode, *statenode;
|
|
|
|
|
|
2018-10-11 08:58:22 +00:00
|
|
|
report = refobject_new(reportxml_t);
|
2018-08-08 12:17:00 +00:00
|
|
|
rootnode = reportxml_get_root_node(report);
|
|
|
|
|
incidentnode = reportxml_node_new(REPORTXML_NODE_TYPE_INCIDENT, NULL, NULL, NULL);
|
|
|
|
|
statenode = reportxml_node_new(REPORTXML_NODE_TYPE_STATE, NULL, state_definition, state_akindof);
|
|
|
|
|
|
|
|
|
|
if (state_text) {
|
|
|
|
|
reportxml_node_t *textnode;
|
|
|
|
|
|
|
|
|
|
textnode = reportxml_node_new(REPORTXML_NODE_TYPE_TEXT, NULL, NULL, NULL);
|
|
|
|
|
reportxml_node_set_content(textnode, state_text);
|
|
|
|
|
reportxml_node_add_child(statenode, textnode);
|
|
|
|
|
refobject_unref(textnode);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reportxml_node_add_child(incidentnode, statenode);
|
|
|
|
|
reportxml_node_add_child(rootnode, incidentnode);
|
|
|
|
|
refobject_unref(statenode);
|
|
|
|
|
refobject_unref(incidentnode);
|
|
|
|
|
refobject_unref(rootnode);
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-08 13:20:07 +00:00
|
|
|
client_get_reportxml__add_basic_stats(report);
|
|
|
|
|
|
2018-08-08 12:17:00 +00:00
|
|
|
return report;
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-09 09:54:38 +00:00
|
|
|
admin_format_t client_get_admin_format_by_content_negotiation(client_t *client)
|
|
|
|
|
{
|
|
|
|
|
const char *pref;
|
|
|
|
|
|
|
|
|
|
if (!client || !client->parser)
|
|
|
|
|
return CLIENT_DEFAULT_ADMIN_FORMAT;
|
|
|
|
|
|
|
|
|
|
pref = util_http_select_best(httpp_getvar(client->parser, "accept"), "text/xml", "text/html", "text/plain", (const char*)NULL);
|
|
|
|
|
|
|
|
|
|
if (strcmp(pref, "text/xml") == 0) {
|
|
|
|
|
return ADMIN_FORMAT_RAW;
|
|
|
|
|
} else if (strcmp(pref, "text/html") == 0) {
|
2018-06-29 15:25:12 +00:00
|
|
|
return ADMIN_FORMAT_HTML;
|
2018-06-09 09:54:38 +00:00
|
|
|
} else if (strcmp(pref, "text/plain") == 0) {
|
|
|
|
|
return ADMIN_FORMAT_PLAINTEXT;
|
|
|
|
|
} else {
|
|
|
|
|
return CLIENT_DEFAULT_ADMIN_FORMAT;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2004-07-16 15:47:12 +00:00
|
|
|
/* helper function for sending the data to a client */
|
2014-11-30 20:32:30 +00:00
|
|
|
int client_send_bytes(client_t *client, const void *buf, unsigned len)
|
2004-07-16 15:47:12 +00:00
|
|
|
{
|
2018-07-26 10:37:12 +00:00
|
|
|
int ret = connection_send_bytes(client->con, buf, len);
|
2007-08-29 03:51:22 +00:00
|
|
|
|
|
|
|
|
if (client->con->error)
|
2014-10-31 08:46:58 +00:00
|
|
|
ICECAST_LOG_DEBUG("Client connection died");
|
2007-08-29 03:51:22 +00:00
|
|
|
|
2018-07-05 10:49:59 +00:00
|
|
|
fastevent_emit(FASTEVENT_TYPE_CLIENT_WRITE, FASTEVENT_FLAG_NONE, FASTEVENT_DATATYPE_OBRD, client, buf, (size_t)len, (ssize_t)ret);
|
|
|
|
|
|
2004-07-16 15:47:12 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-30 20:32:30 +00:00
|
|
|
void client_set_queue(client_t *client, refbuf_t *refbuf)
|
2004-08-20 15:13:59 +00:00
|
|
|
{
|
|
|
|
|
refbuf_t *to_release = client->refbuf;
|
|
|
|
|
|
|
|
|
|
client->refbuf = refbuf;
|
2004-08-23 19:01:18 +00:00
|
|
|
if (refbuf)
|
2014-11-30 20:32:30 +00:00
|
|
|
refbuf_addref(client->refbuf);
|
2004-08-20 15:13:59 +00:00
|
|
|
client->pos = 0;
|
|
|
|
|
if (to_release)
|
2014-11-30 20:32:30 +00:00
|
|
|
refbuf_release(to_release);
|
2004-08-20 15:13:59 +00:00
|
|
|
}
|
2018-04-17 07:29:49 +00:00
|
|
|
|
|
|
|
|
ssize_t client_body_read(client_t *client, void *buf, size_t len)
|
|
|
|
|
{
|
2018-06-18 09:48:57 +00:00
|
|
|
ssize_t ret;
|
|
|
|
|
|
2019-05-28 07:55:18 +00:00
|
|
|
ICECAST_LOG_DDEBUG("Reading from body (client=%p)", client);
|
2018-06-18 09:48:57 +00:00
|
|
|
|
|
|
|
|
if (client->request_body_length != -1) {
|
|
|
|
|
size_t left = (size_t)client->request_body_length - client->request_body_read;
|
|
|
|
|
if (len > left) {
|
|
|
|
|
ICECAST_LOG_DEBUG("Limiting read request to left over body size: left %zu byte, requested %zu byte", left, len);
|
|
|
|
|
len = left;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret = client_read_bytes(client, buf, len);
|
|
|
|
|
|
|
|
|
|
if (ret > 0) {
|
|
|
|
|
client->request_body_read += ret;
|
|
|
|
|
}
|
|
|
|
|
|
2018-07-05 10:49:59 +00:00
|
|
|
fastevent_emit(FASTEVENT_TYPE_CLIENT_READ_BODY, FASTEVENT_FLAG_MODIFICATION_ALLOWED, FASTEVENT_DATATYPE_OBRD, client, buf, len, ret);
|
|
|
|
|
|
2018-06-18 09:48:57 +00:00
|
|
|
return ret;
|
2018-04-17 07:29:49 +00:00
|
|
|
}
|
|
|
|
|
|
2018-04-17 09:07:57 +00:00
|
|
|
/* we might un-static this if needed at some time in distant future. -- ph3-der-loewe, 2018-04-17 */
|
|
|
|
|
static int client_eof(client_t *client)
|
2018-04-17 07:29:49 +00:00
|
|
|
{
|
2018-04-17 09:07:57 +00:00
|
|
|
if (!client)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2018-04-17 07:29:49 +00:00
|
|
|
if (!client->con)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2018-12-24 16:29:22 +00:00
|
|
|
if (client->con->tls && tls_got_shutdown(client->con->tls) > 0)
|
2018-04-17 07:29:49 +00:00
|
|
|
client->con->error = 1;
|
|
|
|
|
|
|
|
|
|
if (client->con->error)
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2018-04-17 09:07:57 +00:00
|
|
|
|
|
|
|
|
int client_body_eof(client_t *client)
|
|
|
|
|
{
|
|
|
|
|
int ret = -1;
|
|
|
|
|
|
|
|
|
|
if (!client)
|
|
|
|
|
return -1;
|
|
|
|
|
|
2018-06-18 09:48:57 +00:00
|
|
|
if (client->request_body_length != -1 && client->request_body_read == (size_t)client->request_body_length) {
|
2019-05-28 07:55:18 +00:00
|
|
|
ICECAST_LOG_DDEBUG("Reached given body length (client=%p)", client);
|
2018-06-18 09:48:57 +00:00
|
|
|
ret = 1;
|
|
|
|
|
} else if (client->encoding) {
|
2019-05-28 07:55:18 +00:00
|
|
|
ICECAST_LOG_DDEBUG("Looking for body EOF with encoding (client=%p)", client);
|
2018-04-17 09:07:57 +00:00
|
|
|
ret = httpp_encoding_eof(client->encoding, (int(*)(void*))client_eof, client);
|
|
|
|
|
} else {
|
2019-05-28 07:55:18 +00:00
|
|
|
ICECAST_LOG_DDEBUG("Looking for body EOF without encoding (client=%p)", client);
|
2018-04-17 09:07:57 +00:00
|
|
|
ret = client_eof(client);
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-28 07:55:18 +00:00
|
|
|
ICECAST_LOG_DDEBUG("... result is: %i (client=%p)", ret, client);
|
2018-04-17 09:07:57 +00:00
|
|
|
return ret;
|
|
|
|
|
}
|
2018-06-18 11:05:23 +00:00
|
|
|
|
|
|
|
|
client_slurp_result_t client_body_slurp(client_t *client, void *buf, size_t *len)
|
|
|
|
|
{
|
|
|
|
|
if (!client || !buf || !len)
|
|
|
|
|
return CLIENT_SLURP_ERROR;
|
|
|
|
|
|
|
|
|
|
if (client->request_body_length != -1) {
|
|
|
|
|
/* non-streaming mode */
|
|
|
|
|
size_t left = (size_t)client->request_body_length - client->request_body_read;
|
|
|
|
|
|
|
|
|
|
if (!left)
|
|
|
|
|
return CLIENT_SLURP_SUCCESS;
|
|
|
|
|
|
2018-06-18 21:49:45 +00:00
|
|
|
if (*len < (size_t)client->request_body_length)
|
2018-06-18 11:05:23 +00:00
|
|
|
return CLIENT_SLURP_BUFFER_TO_SMALL;
|
|
|
|
|
|
|
|
|
|
if (left > 2048)
|
|
|
|
|
left = 2048;
|
|
|
|
|
|
|
|
|
|
client_body_read(client, buf + client->request_body_read, left);
|
|
|
|
|
|
2018-06-18 21:49:45 +00:00
|
|
|
if ((size_t)client->request_body_length == client->request_body_read) {
|
2018-06-18 11:05:23 +00:00
|
|
|
*len = client->request_body_read;
|
|
|
|
|
|
|
|
|
|
return CLIENT_SLURP_SUCCESS;
|
|
|
|
|
} else {
|
|
|
|
|
return CLIENT_SLURP_NEEDS_MORE_DATA;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
/* streaming mode */
|
|
|
|
|
size_t left = *len - client->request_body_read;
|
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
if (left) {
|
|
|
|
|
if (left > 2048)
|
|
|
|
|
left = 2048;
|
|
|
|
|
|
|
|
|
|
client_body_read(client, buf + client->request_body_read, left);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret = client_body_eof(client);
|
|
|
|
|
switch (ret) {
|
|
|
|
|
case 0:
|
|
|
|
|
if (*len == client->request_body_read) {
|
|
|
|
|
return CLIENT_SLURP_BUFFER_TO_SMALL;
|
|
|
|
|
}
|
|
|
|
|
return CLIENT_SLURP_NEEDS_MORE_DATA;
|
|
|
|
|
break;
|
|
|
|
|
case 1:
|
|
|
|
|
return CLIENT_SLURP_SUCCESS;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return CLIENT_SLURP_ERROR;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
client_slurp_result_t client_body_skip(client_t *client)
|
|
|
|
|
{
|
|
|
|
|
char buf[2048];
|
|
|
|
|
int ret;
|
|
|
|
|
|
2018-10-17 09:49:55 +00:00
|
|
|
ICECAST_LOG_DEBUG("Slurping client %p", client);
|
2018-06-18 16:55:37 +00:00
|
|
|
|
|
|
|
|
if (!client) {
|
2018-10-17 09:49:55 +00:00
|
|
|
ICECAST_LOG_DEBUG("Slurping client %p ... failed", client);
|
2018-06-18 11:05:23 +00:00
|
|
|
return CLIENT_SLURP_ERROR;
|
2018-06-18 16:55:37 +00:00
|
|
|
}
|
2018-06-18 11:05:23 +00:00
|
|
|
|
|
|
|
|
if (client->request_body_length != -1) {
|
|
|
|
|
size_t left = (size_t)client->request_body_length - client->request_body_read;
|
|
|
|
|
|
2018-06-18 16:55:37 +00:00
|
|
|
if (!left) {
|
2018-10-17 09:49:55 +00:00
|
|
|
ICECAST_LOG_DEBUG("Slurping client %p ... was a success", client);
|
2018-06-18 11:05:23 +00:00
|
|
|
return CLIENT_SLURP_SUCCESS;
|
2018-06-18 16:55:37 +00:00
|
|
|
}
|
2018-06-18 11:05:23 +00:00
|
|
|
|
|
|
|
|
if (left > sizeof(buf))
|
|
|
|
|
left = sizeof(buf);
|
|
|
|
|
|
|
|
|
|
client_body_read(client, buf, left);
|
|
|
|
|
|
2018-06-18 21:49:45 +00:00
|
|
|
if ((size_t)client->request_body_length == client->request_body_read) {
|
2018-10-17 09:49:55 +00:00
|
|
|
ICECAST_LOG_DEBUG("Slurping client %p ... was a success", client);
|
2018-06-18 11:05:23 +00:00
|
|
|
return CLIENT_SLURP_SUCCESS;
|
|
|
|
|
} else {
|
2018-10-17 09:49:55 +00:00
|
|
|
ICECAST_LOG_DEBUG("Slurping client %p ... needs more data", client);
|
2018-06-18 11:05:23 +00:00
|
|
|
return CLIENT_SLURP_NEEDS_MORE_DATA;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
client_body_read(client, buf, sizeof(buf));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret = client_body_eof(client);
|
|
|
|
|
switch (ret) {
|
|
|
|
|
case 0:
|
2018-10-17 09:49:55 +00:00
|
|
|
ICECAST_LOG_DEBUG("Slurping client %p ... needs more data", client);
|
2018-06-18 11:05:23 +00:00
|
|
|
return CLIENT_SLURP_NEEDS_MORE_DATA;
|
|
|
|
|
break;
|
|
|
|
|
case 1:
|
2018-10-17 09:49:55 +00:00
|
|
|
ICECAST_LOG_DEBUG("Slurping client %p ... was a success", client);
|
2018-06-18 11:05:23 +00:00
|
|
|
return CLIENT_SLURP_SUCCESS;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2018-10-17 09:49:55 +00:00
|
|
|
ICECAST_LOG_DEBUG("Slurping client %p ... failed", client);
|
2018-06-18 11:05:23 +00:00
|
|
|
return CLIENT_SLURP_ERROR;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-05-19 07:41:45 +00:00
|
|
|
|
|
|
|
|
ssize_t client_get_baseurl(client_t *client, listensocket_t *listensocket, char *buf, size_t len, const char *user, const char *pw, const char *prefix, const char *suffix0, const char *suffix1)
|
|
|
|
|
{
|
|
|
|
|
const listener_t *listener = NULL;
|
|
|
|
|
const ice_config_t *config = NULL;
|
|
|
|
|
const char *host = NULL;
|
|
|
|
|
const char *proto = "http";
|
|
|
|
|
int port = 0;
|
|
|
|
|
ssize_t ret;
|
|
|
|
|
tlsmode_t tlsmode = ICECAST_TLSMODE_AUTO;
|
|
|
|
|
protocol_t protocol = ICECAST_PROTOCOL_HTTP;
|
|
|
|
|
|
|
|
|
|
if (!buf || !len)
|
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
|
|
if (!prefix)
|
|
|
|
|
prefix = "";
|
|
|
|
|
|
|
|
|
|
if (!suffix0)
|
|
|
|
|
suffix0 = "";
|
|
|
|
|
|
|
|
|
|
if (!suffix1)
|
|
|
|
|
suffix1 = "";
|
|
|
|
|
|
|
|
|
|
if (client) {
|
|
|
|
|
host = httpp_getvar(client->parser, "host");
|
|
|
|
|
|
|
|
|
|
/* at least a couple of players (fb2k/winamp) are reported to send a
|
|
|
|
|
* host header but without the port number. So if we are missing the
|
|
|
|
|
* port then lets treat it as if no host line was sent */
|
|
|
|
|
if (host && strchr(host, ':') == NULL)
|
|
|
|
|
host = NULL;
|
|
|
|
|
|
|
|
|
|
listensocket = client->con->listensocket_effective;
|
|
|
|
|
tlsmode = client->con->tlsmode;
|
|
|
|
|
protocol = client->protocol;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!host && listensocket) {
|
|
|
|
|
listener = listensocket_get_listener(listensocket);
|
|
|
|
|
if (listener) {
|
|
|
|
|
host = listener->bind_address;
|
|
|
|
|
port = listener->port;
|
|
|
|
|
if (!client)
|
|
|
|
|
tlsmode = listener->tls;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!host) {
|
|
|
|
|
config = config_get_config();
|
|
|
|
|
host = config->hostname;
|
|
|
|
|
if (!port)
|
|
|
|
|
port = config->port;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (tlsmode) {
|
|
|
|
|
case ICECAST_TLSMODE_DISABLED:
|
|
|
|
|
case ICECAST_TLSMODE_AUTO:
|
|
|
|
|
switch (protocol) {
|
|
|
|
|
case ICECAST_PROTOCOL_HTTP: proto = "http"; break;
|
|
|
|
|
case ICECAST_PROTOCOL_SHOUTCAST: proto = "icy"; break;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case ICECAST_TLSMODE_AUTO_NO_PLAIN:
|
|
|
|
|
case ICECAST_TLSMODE_RFC2817:
|
|
|
|
|
case ICECAST_TLSMODE_RFC2818:
|
|
|
|
|
switch (protocol) {
|
|
|
|
|
case ICECAST_PROTOCOL_HTTP: proto = "https"; break;
|
|
|
|
|
case ICECAST_PROTOCOL_SHOUTCAST: proto = "icys"; break;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (host && port) {
|
|
|
|
|
ret = snprintf(buf, len, "%s%s://%s%s%s%s%s:%i%s%s", prefix, proto, user ? user : "", pw ? ":" : "", pw ? pw : "", (user || pw) ? "@" : "", host, port, suffix0, suffix1);
|
|
|
|
|
} else if (host) {
|
|
|
|
|
ret = snprintf(buf, len, "%s%s://%s%s%s%s%s%s%s", prefix, proto, user ? user : "", pw ? ":" : "", pw ? pw : "", (user || pw) ? "@" : "", host, suffix0, suffix1);
|
|
|
|
|
} else {
|
|
|
|
|
ret = -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (config)
|
|
|
|
|
config_release_config();
|
|
|
|
|
if (listener)
|
|
|
|
|
listensocket_release_listener(listensocket);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
