aniani/icecast-server
1
0
Fork 0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2024-06-30 06:35:23 +00:00
Code
eb66a682c0
icecast-server/src/cfgfile.c

2651 lines
102 KiB
C
Raw Normal View History

Add Copyright notice to each source file, as requested by debian. svn path=/trunk/httpp/; revision=5792
2004-01-29 01:02:12 +00:00
/* Icecast
*
* This program is distributed under the GNU General Public License, version 2.
* A copy of this license is included with this source.
*
better coding style, patch by ePirat. refs #2059 svn path=/icecast/trunk/icecast/; revision=19376
2014-11-30 20:32:30 +00:00
* Copyright 2000-2004, Jack Moffitt <jack@xiph.org,
Add Copyright notice to each source file, as requested by debian. svn path=/trunk/httpp/; revision=5792
2004-01-29 01:02:12 +00:00
* Michael Smith <msmith@xiph.org>,
* oddsock <oddsock@xiph.org>,
* Karl Heyes <karl@xiph.org>
* and others (see AUTHORS for details).
Make sure email address is up to date. svn path=/icecast/trunk/icecast/; revision=19292
2014-11-08 17:13:48 +00:00
* Copyright 2011, Dave 'justdave' Miller <justdave@mozilla.com>.
* Copyright 2011-2014, Thomas B. "dm8tbr" Ruecker <thomas@ruecker.fi>,
Update: Corrected copyright
2018-06-30 13:57:37 +00:00
* Copyright 2011-2018, Philipp "ph3-der-loewe" Schafft <lion@lion.leolix.org>,
Add Copyright notice to each source file, as requested by debian. svn path=/trunk/httpp/; revision=5792
2004-01-29 01:02:12 +00:00
*/
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
avoid fnmatch() on _WIN32 and fall back to strcmp(). Seems that MinGW does half-implement fnmatch()... svn path=/icecast/trunk/icecast/; revision=18905
2013-04-03 02:04:38 +00:00
#ifndef _WIN32
do fuzzy(fnmatch) matching for mountpoint names of non-normal mounts, see #1914 svn path=/icecast/trunk/icecast/; revision=18904
2013-04-03 00:46:55 +00:00
#include <fnmatch.h>
avoid fnmatch() on _WIN32 and fall back to strcmp(). Seems that MinGW does half-implement fnmatch()... svn path=/icecast/trunk/icecast/; revision=18905
2013-04-03 02:04:38 +00:00
#endif
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
#include <libxml/xmlmemory.h>
#include <libxml/parser.h>
Epic Git migration commit Added .gitignore and submodules Changed paths to match new location of things
2014-12-02 21:50:57 +00:00
#include "common/thread/thread.h"
Cleanup: Corrected headers used in code
2018-06-17 12:47:35 +00:00
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
#include "cfgfile.h"
Fix: Corrected includes. Made stuff that worked by accident actually work
2018-05-28 11:14:56 +00:00
#include "global.h"
Cleanup: Removed tailing spaces
2015-01-10 18:53:44 +00:00
#include "logging.h"
#include "util.h"
#include "auth.h"
#include "event.h"
Feature: Added global (in config) reportxml database
2018-06-08 12:03:46 +00:00
#include "refobject.h"
#include "reportxml.h"
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Cleanup: Moved config re-read function into right place Renamed event_config_read() into config_reread_config() and moved it into cfgfile.c. This allowed to delete event.[ch]. event.[ch] will later be used to implement <event>.
2014-12-07 10:54:34 +00:00
/* for config_reread_config() */
#include "yp.h"
#include "fserve.h"
#include "stats.h"
Feature: Allow reloading TLS key on the fly
2016-10-20 09:38:53 +00:00
#include "connection.h"
Update: Allow update of pidfile on the fly.
2018-06-16 12:55:08 +00:00
#include "main.h"
Cleanup: Corrected headers used in code
2018-06-17 12:47:35 +00:00
#include "slave.h"
Feature: Clear XSLT cache on config reload
2018-07-06 21:40:37 +00:00
#include "xslt.h"
Cleanup: Moved config re-read function into right place Renamed event_config_read() into config_reread_config() and moved it into cfgfile.c. This allowed to delete event.[ch]. event.[ch] will later be used to implement <event>.
2014-12-07 10:54:34 +00:00
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
#define CATMODULE "CONFIG"
#define CONFIG_DEFAULT_LOCATION "Earth"
#define CONFIG_DEFAULT_ADMIN "icemaster@localhost"
#define CONFIG_DEFAULT_CLIENT_LIMIT 256
#define CONFIG_DEFAULT_SOURCE_LIMIT 16
increase default max queue size, 100k isn't much and we do reduce it when there are no lagging clients svn path=/icecast/trunk/icecast/; revision=9420
2005-06-09 15:32:19 +00:00
#define CONFIG_DEFAULT_QUEUE_SIZE_LIMIT (500*1024)
Update: Added timeout and size limit to client body queue handling
2018-06-18 17:34:18 +00:00
#define CONFIG_DEFAULT_BODY_SIZE_LIMIT (4*1024)
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
#define CONFIG_DEFAULT_BURST_SIZE (64*1024)
#define CONFIG_DEFAULT_THREADPOOL_SIZE 4
#define CONFIG_DEFAULT_CLIENT_TIMEOUT 30
#define CONFIG_DEFAULT_HEADER_TIMEOUT 15
#define CONFIG_DEFAULT_SOURCE_TIMEOUT 10
Update: Added timeout and size limit to client body queue handling
2018-06-18 17:34:18 +00:00
#define CONFIG_DEFAULT_BODY_TIMEOUT (10 + CONFIG_DEFAULT_HEADER_TIMEOUT)
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
#define CONFIG_DEFAULT_MASTER_USERNAME "relay"
#define CONFIG_DEFAULT_SHOUTCAST_MOUNT "/stream"
Fix: Fixed regression for ICY source client's auth This allows ICY source clients to log in again with 2.4.x-style config. ICY does not provide a username. Therefore the username was unset. This patch sets the username for ICY source connections and allow them to be handled as if a username was provided. Configuration tag <shoutcast-user> was added to select the username to set to. This defaults to "source".
2018-04-21 11:03:18 +00:00
#define CONFIG_DEFAULT_SHOUTCAST_USER "source"
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
#define CONFIG_DEFAULT_FILESERVE 1
#define CONFIG_DEFAULT_TOUCH_FREQ 5
#define CONFIG_DEFAULT_HOSTNAME "localhost"
#define CONFIG_DEFAULT_PLAYLIST_LOG NULL
#define CONFIG_DEFAULT_ACCESS_LOG "access.log"
#define CONFIG_DEFAULT_ERROR_LOG "error.log"
#define CONFIG_DEFAULT_LOG_LEVEL ICECAST_LOGLEVEL_INFO
#define CONFIG_DEFAULT_CHROOT 0
#define CONFIG_DEFAULT_CHUID 0
#define CONFIG_DEFAULT_USER NULL
#define CONFIG_DEFAULT_GROUP NULL
#define CONFIG_MASTER_UPDATE_INTERVAL 120
#define CONFIG_YP_URL_TIMEOUT 10
Fix: Corrected and improved default value handling for relay upstreams
2018-07-26 08:25:21 +00:00
#define CONFIG_DEFAULT_RELAY_SERVER "127.0.0.1"
#define CONFIG_DEFAULT_RELAY_PORT 80
#define CONFIG_DEFAULT_RELAY_MOUNT "/"
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
#define CONFIG_DEFAULT_CIPHER_LIST "ECDHE-RSA-AES128-GCM-SHA256:"\
"ECDHE-ECDSA-AES128-GCM-SHA256:"\
"ECDHE-RSA-AES256-GCM-SHA384:"\
"ECDHE-ECDSA-AES256-GCM-SHA384:"\
"DHE-RSA-AES128-GCM-SHA256:"\
"DHE-DSS-AES128-GCM-SHA256:"\
"kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:"\
"ECDHE-ECDSA-AES128-SHA256:"\
"ECDHE-RSA-AES128-SHA:"\
"ECDHE-ECDSA-AES128-SHA:"\
"ECDHE-RSA-AES256-SHA384:"\
"ECDHE-ECDSA-AES256-SHA384:"\
"ECDHE-RSA-AES256-SHA:"\
"ECDHE-ECDSA-AES256-SHA:"\
"DHE-RSA-AES128-SHA256:"\
"DHE-RSA-AES128-SHA:"\
"DHE-DSS-AES128-SHA256:"\
"DHE-RSA-AES256-SHA256:"\
"DHE-DSS-AES256-SHA:"\
"DHE-RSA-AES256-SHA:"\
"ECDHE-RSA-DES-CBC3-SHA:"\
"ECDHE-ECDSA-DES-CBC3-SHA:"\
"AES128-GCM-SHA256:AES256-GCM-SHA384:"\
"AES128-SHA256:AES256-SHA256:"\
"AES128-SHA:AES256-SHA:AES:"\
"DES-CBC3-SHA:HIGH:!aNULL:!eNULL:"\
"!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:"\
"!EDH-DSS-DES-CBC3-SHA:"\
"!EDH-RSA-DES-CBC3-SHA:"\
"!KRB5-DES-CBC3-SHA"
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
#ifndef _WIN32
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
#define CONFIG_DEFAULT_BASE_DIR "/usr/local/icecast"
#define CONFIG_DEFAULT_LOG_DIR "/usr/local/icecast/logs"
#define CONFIG_DEFAULT_WEBROOT_DIR "/usr/local/icecast/webroot"
#define CONFIG_DEFAULT_ADMINROOT_DIR "/usr/local/icecast/admin"
#define CONFIG_DEFAULT_NULL_FILE "/dev/null"
#define MIMETYPESFILE "/etc/mime.types"
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
#else
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
#define CONFIG_DEFAULT_BASE_DIR ".\\"
#define CONFIG_DEFAULT_LOG_DIR ".\\logs"
#define CONFIG_DEFAULT_WEBROOT_DIR ".\\webroot"
#define CONFIG_DEFAULT_ADMINROOT_DIR ".\\admin"
#define CONFIG_DEFAULT_NULL_FILE "nul:"
#define MIMETYPESFILE ".\\mime.types"
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
#endif
static ice_config_t _current_configuration;
static ice_config_locks _locks;
static void _set_defaults(ice_config_t *c);
static void _parse_root(xmlDocPtr doc, xmlNodePtr node, ice_config_t *c);
static void _parse_limits(xmlDocPtr doc, xmlNodePtr node, ice_config_t *c);
static void _parse_directory(xmlDocPtr doc, xmlNodePtr node, ice_config_t *c);
static void _parse_paths(xmlDocPtr doc, xmlNodePtr node, ice_config_t *c);
static void _parse_logging(xmlDocPtr doc, xmlNodePtr node, ice_config_t *c);
static void _parse_security(xmlDocPtr doc, xmlNodePtr node, ice_config_t *c);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_authentication(xmlDocPtr doc,
xmlNodePtr node,
ice_config_t *c,
char **source_password);
static void _parse_http_headers(xmlDocPtr doc,
xmlNodePtr node,
ice_config_http_header_t **http_headers);
Feature: Allow <relay> within <mount>
2018-07-26 09:18:46 +00:00
static void _parse_relay(xmlDocPtr doc, xmlNodePtr node, ice_config_t *c, const char *mount);
static void _parse_mount(xmlDocPtr doc, xmlNodePtr parentnode, ice_config_t *c);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_listen_socket(xmlDocPtr doc,
xmlNodePtr node,
ice_config_t *c);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
static void _add_server(xmlDocPtr doc, xmlNodePtr node, ice_config_t *c);
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
static void _parse_events(event_registration_t **events, xmlNodePtr node);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
static void merge_mounts(mount_proxy * dst, mount_proxy * src);
static inline void _merge_mounts_all(ice_config_t *c);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
operation_mode config_str_to_omode(const char *str)
{
Added 'lagcay' mode stats.xml. Add '?omode=legacy' to any URI or <resource ... omode="legacy" />. Please test. closes #2097
2014-12-18 09:56:54 +00:00
if (!str || !*str)
return OMODE_DEFAULT;
if (strcasecmp(str, "default") == 0) {
return OMODE_DEFAULT;
} else if (strcasecmp(str, "normal") == 0) {
return OMODE_NORMAL;
} else if (strcasecmp(str, "legacy-compat") == 0 || strcasecmp(str, "legacy") == 0) {
return OMODE_LEGACY;
Added operation mode (omode) "strict". This adds the operation mode "strict". It does not yet have any specific features and alias the "normal" mode. This change is mostly to make the setting of "strict" valid so it can be used already.
2015-03-27 11:15:22 +00:00
} else if (strcasecmp(str, "strict") == 0) {
return OMODE_STRICT;
Added 'lagcay' mode stats.xml. Add '?omode=legacy' to any URI or <resource ... omode="legacy" />. Please test. closes #2097
2014-12-18 09:56:54 +00:00
} else {
ICECAST_LOG_ERROR("Unknown operation mode \"%s\", falling back to DEFAULT.", str);
return OMODE_DEFAULT;
}
}
Feature: Added id and type property to <listen-socket>
2018-05-11 14:01:11 +00:00
static listener_type_t config_str_to_listener_type(const char *str)
{
if (!str || !*str) {
return LISTENER_TYPE_NORMAL;
} else if (strcasecmp(str, "normal") == 0) {
return LISTENER_TYPE_NORMAL;
Feature: Allow listen sockets to be of type "virtual"
2018-05-18 13:49:15 +00:00
} else if (strcasecmp(str, "virtual") == 0) {
return LISTENER_TYPE_VIRTUAL;
Feature: Added id and type property to <listen-socket>
2018-05-11 14:01:11 +00:00
} else {
ICECAST_LOG_ERROR("Unknown listener type \"%s\", falling back to NORMAL.", str);
return LISTENER_TYPE_NORMAL;
}
}
Feature: Allow listen sockets to virtually handle other sockets traffic. This adds on-behalf-of="#id" to <listen-socket>. It allows a socket to handle the traffic that was originally meant of another (virtual) listen socket.
2018-06-30 13:51:42 +00:00
char * config_href_to_id(const char *href)
{
if (!href || !*href)
return NULL;
if (*href != '#') {
ICECAST_LOG_ERROR("Can not convert string \"%H\" to ID.", href);
return NULL;
}
return strdup(href+1);
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void create_locks(void)
{
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
thread_mutex_create(&_locks.relay_lock);
merge from branch, make the config lock a rwlock instead of mutex svn path=/icecast/trunk/icecast/; revision=9160
2005-04-20 22:34:54 +00:00
thread_rwlock_create(&_locks.config_lock);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void release_locks(void)
{
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
thread_mutex_destroy(&_locks.relay_lock);
merge from branch, make the config lock a rwlock instead of mutex svn path=/icecast/trunk/icecast/; revision=9160
2005-04-20 22:34:54 +00:00
thread_rwlock_destroy(&_locks.config_lock);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
void config_initialize(void)
{
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
create_locks();
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
void config_shutdown(void)
{
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
config_get_config();
config_clear(&_current_configuration);
config_release_config();
release_locks();
}
void config_init_configuration(ice_config_t *configuration)
{
memset(configuration, 0, sizeof(ice_config_t));
_set_defaults(configuration);
Update: Replaced reportxml_new() and reportxml_database_new()
2018-10-11 08:58:22 +00:00
configuration->reportxml_db = refobject_new(reportxml_database_t);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
static inline void __read_int(xmlDocPtr doc, xmlNodePtr node, int *val, const char *warning)
{
char *str = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
if (!str || !*str) {
ICECAST_LOG_WARN("%s", warning);
} else {
*val = util_str_to_int(str, *val);
}
if (str)
xmlFree(str);
}
static inline void __read_unsigned_int(xmlDocPtr doc, xmlNodePtr node, unsigned int *val, const char *warning)
{
char *str = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
if (!str || !*str) {
ICECAST_LOG_WARN("%s", warning);
} else {
*val = util_str_to_unsigned_int(str, *val);
}
if (str)
xmlFree(str);
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static inline int __parse_public(const char *str)
{
allow symbolc names for bools, public settings and loglevel svn path=/icecast/trunk/icecast/; revision=19345
2014-11-21 19:52:48 +00:00
/* values that are not bool */
if (strcasecmp(str, "client") == 0)
return -1;
/* old way of doing so */
if (strcmp(str, "-1") == 0)
return -1;
/* ok, only normal bool left! */
return util_str_to_bool(str);
}
Make tls mode more configureable
2016-11-06 16:02:11 +00:00
/* This converts TLS mode strings to (tlsmode_t).
* In older versions of Icecast2 this was just a bool.
* So we need to handle boolean values as well.
* See also: util_str_to_bool().
*/
static tlsmode_t str_to_tlsmode(const char *str) {
/* consider NULL and empty strings as auto mode */
if (!str || !*str)
return ICECAST_TLSMODE_AUTO;
if (strcasecmp(str, "disabled") == 0) {
return ICECAST_TLSMODE_DISABLED;
} else if (strcasecmp(str, "auto") == 0) {
return ICECAST_TLSMODE_AUTO;
} else if (strcasecmp(str, "auto_no_plain") == 0) {
return ICECAST_TLSMODE_AUTO_NO_PLAIN;
} else if (strcasecmp(str, "rfc2817") == 0) {
return ICECAST_TLSMODE_RFC2817;
} else if (strcasecmp(str, "rfc2818") == 0 ||
/* boolean-style values */
strcasecmp(str, "true") == 0 ||
strcasecmp(str, "yes") == 0 ||
strcasecmp(str, "on") == 0 ) {
return ICECAST_TLSMODE_RFC2818;
}
/* old style numbers: consider everyting non-zero RFC2818 */
if (atoi(str))
return ICECAST_TLSMODE_RFC2818;
/* we default to auto mode */
return ICECAST_TLSMODE_AUTO;
}
Feature: Added new config tag tls-context, tls-key and attribute implementation
2017-05-18 08:39:05 +00:00
/* This checks for the TLS implementation of a node */
static int __check_node_impl(xmlNodePtr node, const char *def)
{
char *impl;
int res;
impl = (char *)xmlGetProp(node, XMLSTR("implementation"));
if (!impl)
impl = (char *)xmlGetProp(node, XMLSTR("impl"));
if (!impl)
impl = (char *)xmlStrdup(XMLSTR(def));
res = tls_check_impl(impl);
xmlFree(impl);
return res;
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void __append_old_style_auth(auth_stack_t **stack,
const char *name,
const char *type,
const char *username,
const char *password,
const char *method,
const char *allow_method,
int allow_web,
const char *allow_admin)
{
xmlNodePtr role,
user,
pass;
auth_t *auth;
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (!type)
return;
role = xmlNewNode(NULL, XMLSTR("role"));
xmlSetProp(role, XMLSTR("type"), XMLSTR(type));
xmlSetProp(role, XMLSTR("deny-method"), XMLSTR("*"));
if (allow_method)
xmlSetProp(role, XMLSTR("allow-method"), XMLSTR(allow_method));
if (name)
xmlSetProp(role, XMLSTR("name"), XMLSTR(name));
if (method)
xmlSetProp(role, XMLSTR("method"), XMLSTR(method));
if (allow_web) {
xmlSetProp(role, XMLSTR("allow-web"), XMLSTR("*"));
} else {
xmlSetProp(role, XMLSTR("deny-web"), XMLSTR("*"));
}
if (allow_admin && strcmp(allow_admin, "*") == 0) {
xmlSetProp(role, XMLSTR("allow-admin"), XMLSTR("*"));
} else {
xmlSetProp(role, XMLSTR("deny-admin"), XMLSTR("*"));
if (allow_admin)
xmlSetProp(role, XMLSTR("allow-admin"), XMLSTR(allow_admin));
}
if (username) {
user = xmlNewChild(role, NULL, XMLSTR("option"), NULL);
xmlSetProp(user, XMLSTR("name"), XMLSTR("username"));
xmlSetProp(user, XMLSTR("value"), XMLSTR(username));
}
if (password) {
pass = xmlNewChild(role, NULL, XMLSTR("option"), NULL);
xmlSetProp(pass, XMLSTR("name"), XMLSTR("password"));
xmlSetProp(pass, XMLSTR("value"), XMLSTR(password));
}
auth = auth_get_authenticator(role);
auth_stack_push(stack, auth);
auth_release(auth);
xmlFreeNode(role);
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void __append_option_tag(xmlNodePtr parent,
const char *name,
const char *value)
{
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
xmlNodePtr node;
if (!name || !value)
return;
node = xmlNewChild(parent, NULL, XMLSTR("option"), NULL);
xmlSetProp(node, XMLSTR("name"), XMLSTR(name));
xmlSetProp(node, XMLSTR("value"), XMLSTR(value));
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void __append_old_style_urlauth(auth_stack_t **stack,
const char *client_add,
const char *client_remove,
const char *action_add,
const char *action_remove,
const char *username,
const char *password,
int is_source,
const char *auth_header,
const char *timelimit_header,
const char *headers,
const char *header_prefix)
{
xmlNodePtr role;
auth_t *auth;
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
Regression Fix: Correction of old-style <authentication>. Old-style <authentication> within <mount> didn't work for type="url" as well as some other parameters due to confusion between "node" and "child" variable. Thanks for trilliot for pointing out! Should work now. closes #2039
2014-12-14 09:27:49 +00:00
if (!stack || (!client_add && !client_remove))
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
return;
role = xmlNewNode(NULL, XMLSTR("role"));
xmlSetProp(role, XMLSTR("type"), XMLSTR("url"));
if (is_source) {
xmlSetProp(role, XMLSTR("method"), XMLSTR("source,put"));
xmlSetProp(role, XMLSTR("deny-method"), XMLSTR("*"));
xmlSetProp(role, XMLSTR("allow-method"), XMLSTR("source,put"));
xmlSetProp(role, XMLSTR("allow-web"), XMLSTR("*"));
xmlSetProp(role, XMLSTR("allow-admin"), XMLSTR("*"));
} else {
Feature: Allow OPTIONS request for * and web requests
2018-06-15 18:53:43 +00:00
xmlSetProp(role, XMLSTR("method"), XMLSTR("get,post,head,options"));
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
xmlSetProp(role, XMLSTR("deny-method"), XMLSTR("*"));
Feature: Allow OPTIONS request for * and web requests
2018-06-15 18:53:43 +00:00
xmlSetProp(role, XMLSTR("allow-method"), XMLSTR("get,post,head,options"));
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
xmlSetProp(role, XMLSTR("allow-web"), XMLSTR("*"));
xmlSetProp(role, XMLSTR("deny-admin"), XMLSTR("*"));
}
__append_option_tag(role, "client_add", client_add);
__append_option_tag(role, "client_remove", client_remove);
__append_option_tag(role, "action_add", action_add);
__append_option_tag(role, "action_remove", action_remove);
__append_option_tag(role, "username", username);
__append_option_tag(role, "password", password);
__append_option_tag(role, "auth_header", auth_header);
__append_option_tag(role, "timelimit_header", timelimit_header);
__append_option_tag(role, "headers", headers);
__append_option_tag(role, "header_prefix", header_prefix);
auth = auth_get_authenticator(role);
Regression Fix: Correction of old-style <authentication>. Old-style <authentication> within <mount> didn't work for type="url" as well as some other parameters due to confusion between "node" and "child" variable. Thanks for trilliot for pointing out! Should work now. closes #2039
2014-12-14 09:27:49 +00:00
if (auth) {
auth_stack_push(stack, auth);
auth_release(auth);
ICECAST_LOG_DEBUG("Pushed authenticator %p on stack %p.", auth, stack);
} else {
ICECAST_LOG_DEBUG("Failed to set up authenticator.");
}
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
xmlFreeNode(role);
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void __append_old_style_exec_event(event_registration_t **list,
const char *trigger,
const char *executable)
{
xmlNodePtr exec;
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
event_registration_t *er;
exec = xmlNewNode(NULL, XMLSTR("event"));
xmlSetProp(exec, XMLSTR("type"), XMLSTR("exec"));
xmlSetProp(exec, XMLSTR("trigger"), XMLSTR(trigger));
__append_option_tag(exec, "executable", executable);
er = event_new_from_xml_node(exec);
event_registration_push(list, er);
event_registration_release(er);
xmlFreeNode(exec);
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void __append_old_style_url_event(event_registration_t **list,
const char *trigger,
const char *url,
const char *action,
const char *username,
const char *password)
{
xmlNodePtr exec;
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
event_registration_t *er;
exec = xmlNewNode(NULL, XMLSTR("event"));
xmlSetProp(exec, XMLSTR("type"), XMLSTR("url"));
xmlSetProp(exec, XMLSTR("trigger"), XMLSTR(trigger));
__append_option_tag(exec, "url", url);
__append_option_tag(exec, "action", action);
__append_option_tag(exec, "username", username);
__append_option_tag(exec, "password", password);
er = event_new_from_xml_node(exec);
event_registration_push(list, er);
event_registration_release(er);
xmlFreeNode(exec);
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void config_clear_http_header(ice_config_http_header_t *header)
{
ice_config_http_header_t *old;
Cleanup: corrected usage of spaces
2016-06-07 11:30:46 +00:00
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
while (header) {
xmlFree(header->name);
xmlFree(header->value);
old = header;
header = header->next;
free(old);
}
initial patch to allow adding user defined headers, closes #1885 svn path=/icecast/trunk/icecast/; revision=19267
2014-11-07 00:56:02 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static inline ice_config_http_header_t *config_copy_http_header(ice_config_http_header_t *header)
{
Added support for <http-headers> within <mount>. Also support merging of headers (normal mount + default mount). See #1885 svn path=/icecast/trunk/icecast/; revision=19269
2014-11-07 02:55:57 +00:00
ice_config_http_header_t *ret = NULL;
ice_config_http_header_t *cur = NULL;
ice_config_http_header_t *old = NULL;
while (header) {
if (cur) {
cur->next = calloc(1, sizeof(ice_config_http_header_t));
old = cur;
cur = cur->next;
} else {
ret = calloc(1, sizeof(ice_config_http_header_t));
cur = ret;
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (!cur)
return ret; /* TODO: do better error handling */
Added support for <http-headers> within <mount>. Also support merging of headers (normal mount + default mount). See #1885 svn path=/icecast/trunk/icecast/; revision=19269
2014-11-07 02:55:57 +00:00
added support for type="" and status="" in <header> (subelement of <http-headers>). svn path=/icecast/trunk/icecast/; revision=19270
2014-11-07 10:12:24 +00:00
cur->type = header->type;
cur->name = (char *)xmlCharStrdup(header->name);
cur->value = (char *)xmlCharStrdup(header->value);
cur->status = header->status;
Added support for <http-headers> within <mount>. Also support merging of headers (normal mount + default mount). See #1885 svn path=/icecast/trunk/icecast/; revision=19269
2014-11-07 02:55:57 +00:00
if (!cur->name || !cur->value) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (cur->name)
xmlFree(cur->name);
if (cur->value)
xmlFree(cur->value);
Added support for <http-headers> within <mount>. Also support merging of headers (normal mount + default mount). See #1885 svn path=/icecast/trunk/icecast/; revision=19269
2014-11-07 02:55:57 +00:00
if (old) {
old->next = NULL;
} else {
ret = NULL;
}
free(cur);
return ret;
}
header = header->next;
}
return ret;
}
better coding style, patch by ePirat. refs #2059 svn path=/icecast/trunk/icecast/; revision=19376
2014-11-30 20:32:30 +00:00
static void config_clear_mount(mount_proxy *mount)
avoid adding a mount_t structure if there is no mount name defined, segv occurs later on svn path=/icecast/trunk/icecast/; revision=10151
2005-10-11 13:40:17 +00:00
{
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
if (mount->mountname) xmlFree(mount->mountname);
if (mount->dumpfile) xmlFree(mount->dumpfile);
if (mount->intro_filename) xmlFree(mount->intro_filename);
if (mount->fallback_mount) xmlFree(mount->fallback_mount);
if (mount->stream_name) xmlFree(mount->stream_name);
if (mount->stream_description) xmlFree(mount->stream_description);
if (mount->stream_url) xmlFree(mount->stream_url);
if (mount->stream_genre) xmlFree(mount->stream_genre);
if (mount->bitrate) xmlFree(mount->bitrate);
if (mount->type) xmlFree(mount->type);
if (mount->charset) xmlFree(mount->charset);
if (mount->cluster_password) xmlFree(mount->cluster_password);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (mount->authstack) auth_stack_release(mount->authstack);
Handle missing mount in relay case, and add checks for NULL which may be an issue for libxml2. svn path=/icecast/trunk/icecast/; revision=14430
2008-01-24 03:31:25 +00:00
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
event_registration_release(mount->event);
Added support for <http-headers> within <mount>. Also support merging of headers (normal mount + default mount). See #1885 svn path=/icecast/trunk/icecast/; revision=19269
2014-11-07 02:55:57 +00:00
config_clear_http_header(mount->http_headers);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
free(mount);
avoid adding a mount_t structure if there is no mount name defined, segv occurs later on svn path=/icecast/trunk/icecast/; revision=10151
2005-10-11 13:40:17 +00:00
}
Cleanup: Massive cleanup of the <resource>-tag handling
2018-05-28 12:59:22 +00:00
static void config_clear_resource(resource_t *resource)
{
resource_t *nextresource;
while (resource) {
nextresource = resource->next;
xmlFree(resource->source);
xmlFree(resource->destination);
xmlFree(resource->bind_address);
xmlFree(resource->vhost);
Feature: Allow modules to handle client requests via <resource> tags
2018-05-28 14:04:07 +00:00
xmlFree(resource->module);
xmlFree(resource->handler);
Feature: Allow <resource> to match on a specific listen-socket
2018-06-30 14:06:05 +00:00
free(resource->listen_socket);
Cleanup: Massive cleanup of the <resource>-tag handling
2018-05-28 12:59:22 +00:00
free(resource);
resource = nextresource;
}
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
listener_t *config_clear_listener(listener_t *listener)
Don't impose a limit on the number of listening sockets allowed in the xml svn path=/icecast/trunk/icecast/; revision=13995
2007-10-16 01:53:06 +00:00
{
listener_t *next = NULL;
if (listener)
{
next = listener->next;
Feature: Added id and type property to <listen-socket>
2018-05-11 14:01:11 +00:00
if (listener->id) xmlFree(listener->id);
Feature: Allow listen sockets to virtually handle other sockets traffic. This adds on-behalf-of="#id" to <listen-socket>. It allows a socket to handle the traffic that was originally meant of another (virtual) listen socket.
2018-06-30 13:51:42 +00:00
if (listener->on_behalf_of) free(listener->on_behalf_of);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
if (listener->bind_address) xmlFree(listener->bind_address);
if (listener->shoutcast_mount) xmlFree(listener->shoutcast_mount);
Feature: Added per <listen-socket> <authentication>
2018-09-13 11:34:01 +00:00
if (listener->authstack) auth_stack_release(listener->authstack);
Don't impose a limit on the number of listening sockets allowed in the xml svn path=/icecast/trunk/icecast/; revision=13995
2007-10-16 01:53:06 +00:00
free (listener);
}
return next;
}
avoid adding a mount_t structure if there is no mount name defined, segv occurs later on svn path=/icecast/trunk/icecast/; revision=10151
2005-10-11 13:40:17 +00:00
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
void config_clear(ice_config_t *c)
{
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ice_config_dir_t *dirnode,
*nextdirnode;
mount_proxy *mount,
*nextmount;
Cleanup: Seperated relay config from runtime data
2018-07-20 11:01:51 +00:00
size_t i;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
no functional/structural change but cleans up the annoying signed/unsigned pointer warnings here with xmlChar, based on work originally done by gtgbr@gmx.net. closes #783, #784, #785, #787 svn path=/icecast/trunk/icecast/; revision=13933
2007-10-04 16:48:38 +00:00
free(c->config_filename);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
xmlFree(c->server_id);
if (c->location) xmlFree(c->location);
if (c->admin) xmlFree(c->admin);
if (c->hostname) xmlFree(c->hostname);
if (c->base_dir) xmlFree(c->base_dir);
if (c->log_dir) xmlFree(c->log_dir);
if (c->webroot_dir) xmlFree(c->webroot_dir);
if (c->adminroot_dir) xmlFree(c->adminroot_dir);
if (c->null_device) xmlFree(c->null_device);
if (c->pidfile) xmlFree(c->pidfile);
if (c->banfile) xmlFree(c->banfile);
if (c->allowfile) xmlFree(c->allowfile);
if (c->playlist_log) xmlFree(c->playlist_log);
if (c->access_log) xmlFree(c->access_log);
if (c->error_log) xmlFree(c->error_log);
Make copies of the default string values instead of relying on the compiler to check for duplicate string literals. svn path=/icecast/trunk/icecast/; revision=13929
2007-10-04 00:55:13 +00:00
if (c->shoutcast_mount) xmlFree(c->shoutcast_mount);
Fix: Fixed regression for ICY source client's auth This allows ICY source clients to log in again with 2.4.x-style config. ICY does not provide a username. Therefore the username was unset. This patch sets the username for ICY source connections and allow them to be handled as if a username was provided. Configuration tag <shoutcast-user> was added to select the username to set to. This defaults to "source".
2018-04-21 11:03:18 +00:00
if (c->shoutcast_user) xmlFree(c->shoutcast_user);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (c->authstack) auth_stack_release(c->authstack);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (c->master_server) xmlFree(c->master_server);
Allow for username to be stated for master/slave setups, we still default to 'relay' though svn path=/icecast/trunk/icecast/; revision=9274
2005-05-13 00:35:08 +00:00
if (c->master_username) xmlFree(c->master_username);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
if (c->master_password) xmlFree(c->master_password);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (c->user) xmlFree(c->user);
if (c->group) xmlFree(c->group);
Cleanup: corrected a space
2015-03-31 08:03:28 +00:00
if (c->mimetypes_fn) xmlFree(c->mimetypes_fn);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Update: Prepare code for a new <tls-context> element
2017-05-18 08:02:41 +00:00
if (c->tls_context.cert_file) xmlFree(c->tls_context.cert_file);
if (c->tls_context.key_file) xmlFree(c->tls_context.key_file);
if (c->tls_context.cipher_list) xmlFree(c->tls_context.cipher_list);
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
event_registration_release(c->event);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
while ((c->listen_sock = config_clear_listener(c->listen_sock)));
Don't impose a limit on the number of listening sockets allowed in the xml svn path=/icecast/trunk/icecast/; revision=13995
2007-10-16 01:53:06 +00:00
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
thread_mutex_lock(&(_locks.relay_lock));
Cleanup: Seperated relay config from runtime data
2018-07-20 11:01:51 +00:00
for (i = 0; i < c->relay_length; i++) {
relay_config_free(c->relay[i]);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
Cleanup: Seperated relay config from runtime data
2018-07-20 11:01:51 +00:00
free(c->relay);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
thread_mutex_unlock(&(_locks.relay_lock));
mount = c->mounts;
better coding style, patch by ePirat. refs #2059 svn path=/icecast/trunk/icecast/; revision=19376
2014-11-30 20:32:30 +00:00
while (mount) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
nextmount = mount->next;
better coding style, patch by ePirat. refs #2059 svn path=/icecast/trunk/icecast/; revision=19376
2014-11-30 20:32:30 +00:00
config_clear_mount(mount);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
mount = nextmount;
}
Cleanup: Massive cleanup of the <resource>-tag handling
2018-05-28 12:59:22 +00:00
config_clear_resource(c->resources);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
dirnode = c->dir_list;
better coding style, patch by ePirat. refs #2059 svn path=/icecast/trunk/icecast/; revision=19376
2014-11-30 20:32:30 +00:00
while (dirnode) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
nextdirnode = dirnode->next;
xmlFree(dirnode->host);
free(dirnode);
dirnode = nextdirnode;
}
avoid aliasing issues, and make sure each server can take a seperate default interval as defined in the xml svn path=/icecast/trunk/icecast/; revision=8101
2004-10-25 21:10:10 +00:00
#ifdef USE_YP
Cleanup: Seperated relay config from runtime data
2018-07-20 11:01:51 +00:00
for (i = 0; i < c->num_yp_directories; i++) {
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
xmlFree(c->yp_url[i]);
small YP memory cleanup svn path=/trunk/icecast/; revision=5842
2004-02-19 14:48:31 +00:00
}
#endif
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
initial patch to allow adding user defined headers, closes #1885 svn path=/icecast/trunk/icecast/; revision=19267
2014-11-07 00:56:02 +00:00
config_clear_http_header(c->http_headers);
Feature: Added global (in config) reportxml database
2018-06-08 12:03:46 +00:00
refobject_unref(c->reportxml_db);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
memset(c, 0, sizeof(ice_config_t));
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
void config_reread_config(void)
{
int ret;
Cleanup: Moved config re-read function into right place Renamed event_config_read() into config_reread_config() and moved it into cfgfile.c. This allowed to delete event.[ch]. event.[ch] will later be used to implement <event>.
2014-12-07 10:54:34 +00:00
ice_config_t *config;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ice_config_t new_config;
Cleanup: Moved config re-read function into right place Renamed event_config_read() into config_reread_config() and moved it into cfgfile.c. This allowed to delete event.[ch]. event.[ch] will later be used to implement <event>.
2014-12-07 10:54:34 +00:00
/* reread config file */
config = config_grab_config(); /* Both to get the lock, and to be able
to find out the config filename */
xmlSetGenericErrorFunc("config", log_parse_failure);
ret = config_parse_file(config->config_filename, &new_config);
if(ret < 0) {
ICECAST_LOG_ERROR("Error parsing config, not replacing existing config");
switch (ret) {
case CONFIG_EINSANE:
ICECAST_LOG_ERROR("Config filename null or blank");
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
break;
Cleanup: Moved config re-read function into right place Renamed event_config_read() into config_reread_config() and moved it into cfgfile.c. This allowed to delete event.[ch]. event.[ch] will later be used to implement <event>.
2014-12-07 10:54:34 +00:00
case CONFIG_ENOROOT:
ICECAST_LOG_ERROR("Root element not found in %s", config->config_filename);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
break;
Cleanup: Moved config re-read function into right place Renamed event_config_read() into config_reread_config() and moved it into cfgfile.c. This allowed to delete event.[ch]. event.[ch] will later be used to implement <event>.
2014-12-07 10:54:34 +00:00
case CONFIG_EBADROOT:
ICECAST_LOG_ERROR("Not an icecast2 config file: %s",
config->config_filename);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
break;
Cleanup: Moved config re-read function into right place Renamed event_config_read() into config_reread_config() and moved it into cfgfile.c. This allowed to delete event.[ch]. event.[ch] will later be used to implement <event>.
2014-12-07 10:54:34 +00:00
default:
ICECAST_LOG_ERROR("Parse error in reading %s", config->config_filename);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
break;
Cleanup: Moved config re-read function into right place Renamed event_config_read() into config_reread_config() and moved it into cfgfile.c. This allowed to delete event.[ch]. event.[ch] will later be used to implement <event>.
2014-12-07 10:54:34 +00:00
}
config_release_config();
} else {
config_clear(config);
config_set_config(&new_config);
config = config_get_config_unlocked();
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
restart_logging(config);
Update: Allow update of pidfile on the fly.
2018-06-16 12:55:08 +00:00
main_config_reload(config);
Feature: Allow reloading TLS key on the fly
2016-10-20 09:38:53 +00:00
connection_reread_config(config);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
yp_recheck_config(config);
fserve_recheck_mime_types(config);
stats_global(config);
Cleanup: Moved config re-read function into right place Renamed event_config_read() into config_reread_config() and moved it into cfgfile.c. This allowed to delete event.[ch]. event.[ch] will later be used to implement <event>.
2014-12-07 10:54:34 +00:00
config_release_config();
slave_update_all_mounts();
Feature: Clear XSLT cache on config reload
2018-07-06 21:40:37 +00:00
xslt_clear_cache();
Cleanup: Moved config re-read function into right place Renamed event_config_read() into config_reread_config() and moved it into cfgfile.c. This allowed to delete event.[ch]. event.[ch] will later be used to implement <event>.
2014-12-07 10:54:34 +00:00
}
}
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
int config_initial_parse_file(const char *filename)
{
/* Since we're already pointing at it, we don't need to copy it in place */
return config_parse_file(filename, &_current_configuration);
}
int config_parse_file(const char *filename, ice_config_t *configuration)
{
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
xmlDocPtr doc;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
xmlNodePtr node;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (filename == NULL || strcmp(filename, "") == 0)
return CONFIG_EINSANE;
Cleanup: Removed tailing spaces
2015-01-10 18:53:44 +00:00
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
doc = xmlParseFile(filename);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (doc == NULL)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
return CONFIG_EPARSE;
node = xmlDocGetRootElement(doc);
if (node == NULL) {
xmlFreeDoc(doc);
return CONFIG_ENOROOT;
}
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
if (xmlStrcmp(node->name, XMLSTR("icecast")) != 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
xmlFreeDoc(doc);
return CONFIG_EBADROOT;
}
config_init_configuration(configuration);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration->config_filename = strdup(filename);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
_parse_root(doc, node->xmlChildrenNode, configuration);
xmlFreeDoc(doc);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
_merge_mounts_all(configuration);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
return 0;
}
int config_parse_cmdline(int arg, char **argv)
{
return 0;
}
ice_config_locks *config_locks(void)
{
return &_locks;
}
void config_release_config(void)
{
merge from branch, make the config lock a rwlock instead of mutex svn path=/icecast/trunk/icecast/; revision=9160
2005-04-20 22:34:54 +00:00
thread_rwlock_unlock(&(_locks.config_lock));
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
ice_config_t *config_get_config(void)
{
merge from branch, make the config lock a rwlock instead of mutex svn path=/icecast/trunk/icecast/; revision=9160
2005-04-20 22:34:54 +00:00
thread_rwlock_rlock(&(_locks.config_lock));
return &_current_configuration;
}
ice_config_t *config_grab_config(void)
{
thread_rwlock_wlock(&(_locks.config_lock));
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
return &_current_configuration;
}
/* MUST be called with the lock held! */
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
void config_set_config(ice_config_t *config)
{
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
memcpy(&_current_configuration, config, sizeof(ice_config_t));
}
ice_config_t *config_get_config_unlocked(void)
{
return &_current_configuration;
}
static void _set_defaults(ice_config_t *configuration)
{
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration
->location = (char *) xmlCharStrdup(CONFIG_DEFAULT_LOCATION);
configuration
->server_id = (char *) xmlCharStrdup(ICECAST_VERSION_STRING);
configuration
->admin = (char *) xmlCharStrdup(CONFIG_DEFAULT_ADMIN);
configuration
->client_limit = CONFIG_DEFAULT_CLIENT_LIMIT;
configuration
->source_limit = CONFIG_DEFAULT_SOURCE_LIMIT;
configuration
->queue_size_limit = CONFIG_DEFAULT_QUEUE_SIZE_LIMIT;
Update: Added timeout and size limit to client body queue handling
2018-06-18 17:34:18 +00:00
configuration
->body_size_limit = CONFIG_DEFAULT_BODY_SIZE_LIMIT;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration
->client_timeout = CONFIG_DEFAULT_CLIENT_TIMEOUT;
configuration
->header_timeout = CONFIG_DEFAULT_HEADER_TIMEOUT;
configuration
->source_timeout = CONFIG_DEFAULT_SOURCE_TIMEOUT;
Update: Added timeout and size limit to client body queue handling
2018-06-18 17:34:18 +00:00
configuration
->source_timeout = CONFIG_DEFAULT_BODY_TIMEOUT;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration
->shoutcast_mount = (char *) xmlCharStrdup(CONFIG_DEFAULT_SHOUTCAST_MOUNT);
Fix: Fixed regression for ICY source client's auth This allows ICY source clients to log in again with 2.4.x-style config. ICY does not provide a username. Therefore the username was unset. This patch sets the username for ICY source connections and allow them to be handled as if a username was provided. Configuration tag <shoutcast-user> was added to select the username to set to. This defaults to "source".
2018-04-21 11:03:18 +00:00
configuration
->shoutcast_user = (char *) xmlCharStrdup(CONFIG_DEFAULT_SHOUTCAST_USER);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration
->fileserve = CONFIG_DEFAULT_FILESERVE;
configuration
->touch_interval = CONFIG_DEFAULT_TOUCH_FREQ;
configuration
->on_demand = 0;
configuration
->dir_list = NULL;
configuration
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
->hostname = (char *) xmlCharStrdup(CONFIG_DEFAULT_HOSTNAME);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
->mimetypes_fn = (char *) xmlCharStrdup(MIMETYPESFILE);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration
->master_server = NULL;
configuration
->master_server_port = 0;
configuration
->master_update_interval = CONFIG_MASTER_UPDATE_INTERVAL;
configuration
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
->master_username = (char *) xmlCharStrdup(CONFIG_DEFAULT_MASTER_USERNAME);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration
->master_password = NULL;
configuration
->base_dir = (char *) xmlCharStrdup(CONFIG_DEFAULT_BASE_DIR);
configuration
->log_dir = (char *) xmlCharStrdup(CONFIG_DEFAULT_LOG_DIR);
configuration
->null_device = (char *) xmlCharStrdup(CONFIG_DEFAULT_NULL_FILE);
configuration
->webroot_dir = (char *) xmlCharStrdup(CONFIG_DEFAULT_WEBROOT_DIR);
configuration
->adminroot_dir = (char *) xmlCharStrdup(CONFIG_DEFAULT_ADMINROOT_DIR);
configuration
->playlist_log = (char *) xmlCharStrdup(CONFIG_DEFAULT_PLAYLIST_LOG);
configuration
->access_log = (char *) xmlCharStrdup(CONFIG_DEFAULT_ACCESS_LOG);
configuration
->error_log = (char *) xmlCharStrdup(CONFIG_DEFAULT_ERROR_LOG);
configuration
->loglevel = CONFIG_DEFAULT_LOG_LEVEL;
configuration
->chroot = CONFIG_DEFAULT_CHROOT;
configuration
->chuid = CONFIG_DEFAULT_CHUID;
configuration
->user = NULL;
configuration
->group = NULL;
configuration
->num_yp_directories = 0;
merged singleq branch 7177:7591 svn path=/icecast/trunk/icecast/; revision=7592
2004-08-20 15:13:59 +00:00
/* default to a typical prebuffer size used by clients */
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration
->burst_size = CONFIG_DEFAULT_BURST_SIZE;
Update: Prepare code for a new <tls-context> element
2017-05-18 08:02:41 +00:00
configuration->tls_context
.cipher_list = (char *) xmlCharStrdup(CONFIG_DEFAULT_CIPHER_LIST);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static inline void __check_hostname(ice_config_t *configuration)
{
(sync with my branch) report system name and print better warnings about <hostname> at start of process svn path=/icecast/trunk/icecast/; revision=19339
2014-11-20 18:41:42 +00:00
char *p;
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
/* ensure we have a non-NULL buffer: */
(sync with my branch) report system name and print better warnings about <hostname> at start of process svn path=/icecast/trunk/icecast/; revision=19339
2014-11-20 18:41:42 +00:00
if (!configuration->hostname)
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
configuration->hostname = (char *)xmlCharStrdup(CONFIG_DEFAULT_HOSTNAME);
(sync with my branch) report system name and print better warnings about <hostname> at start of process svn path=/icecast/trunk/icecast/; revision=19339
2014-11-20 18:41:42 +00:00
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
/* convert to lower case: */
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
for (p = configuration->hostname; *p; p++) {
(sync with my branch) report system name and print better warnings about <hostname> at start of process svn path=/icecast/trunk/icecast/; revision=19339
2014-11-20 18:41:42 +00:00
if ( *p >= 'A' && *p <= 'Z' )
*p += 'a' - 'A';
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
}
(sync with my branch) report system name and print better warnings about <hostname> at start of process svn path=/icecast/trunk/icecast/; revision=19339
2014-11-20 18:41:42 +00:00
configuration->sane_hostname = 0;
switch (util_hostcheck(configuration->hostname)) {
case HOSTCHECK_SANE:
configuration->sane_hostname = 1;
break;
case HOSTCHECK_ERROR:
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ICECAST_LOG_ERROR("Can not check hostname \"%s\".",
configuration->hostname);
(sync with my branch) report system name and print better warnings about <hostname> at start of process svn path=/icecast/trunk/icecast/; revision=19339
2014-11-20 18:41:42 +00:00
break;
case HOSTCHECK_NOT_FQDN:
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ICECAST_LOG_WARN("Warning, <hostname> seems not to be set to a "
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
"fully qualified domain name (FQDN). This may cause problems, "
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
"e.g. with YP directory listings.");
(sync with my branch) report system name and print better warnings about <hostname> at start of process svn path=/icecast/trunk/icecast/; revision=19339
2014-11-20 18:41:42 +00:00
break;
case HOSTCHECK_IS_LOCALHOST:
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ICECAST_LOG_WARN("Warning, <hostname> not configured, using "
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
"default value \"%s\". This will cause problems, e.g. "
"this breaks YP directory listings. YP directory listing "
"support will be disabled.", CONFIG_DEFAULT_HOSTNAME);
/* FIXME actually disable YP */
(sync with my branch) report system name and print better warnings about <hostname> at start of process svn path=/icecast/trunk/icecast/; revision=19339
2014-11-20 18:41:42 +00:00
break;
case HOSTCHECK_IS_IPV4:
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ICECAST_LOG_WARN("Warning, <hostname> seems to be set to an IPv4 "
"address. This may cause problems, e.g. with YP directory "
"listings.");
(sync with my branch) report system name and print better warnings about <hostname> at start of process svn path=/icecast/trunk/icecast/; revision=19339
2014-11-20 18:41:42 +00:00
break;
case HOSTCHECK_IS_IPV6:
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ICECAST_LOG_WARN("Warning, <hostname> seems to be set to an IPv6 "
"address. This may cause problems, e.g. with YP directory "
"listings.");
(sync with my branch) report system name and print better warnings about <hostname> at start of process svn path=/icecast/trunk/icecast/; revision=19339
2014-11-20 18:41:42 +00:00
break;
case HOSTCHECK_BADCHAR:
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
ICECAST_LOG_WARN("Warning, <hostname> contains unusual "
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
"characters. This may cause problems, e.g. with YP directory "
"listings.");
(sync with my branch) report system name and print better warnings about <hostname> at start of process svn path=/icecast/trunk/icecast/; revision=19339
2014-11-20 18:41:42 +00:00
break;
}
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_root(xmlDocPtr doc,
xmlNodePtr node,
ice_config_t *configuration)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
{
char *tmp;
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
char *source_password = NULL;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
->listen_sock = calloc(1, sizeof(*configuration->listen_sock));
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration
->listen_sock->port = 8000;
configuration
->listen_sock_count = 1;
Don't impose a limit on the number of listening sockets allowed in the xml svn path=/icecast/trunk/icecast/; revision=13995
2007-10-16 01:53:06 +00:00
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
if (xmlStrcmp(node->name, XMLSTR("location")) == 0) {
if (configuration->location)
xmlFree(configuration->location);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
configuration->location = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("admin")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (configuration->admin)
xmlFree(configuration->admin);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
configuration->admin = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("server-id")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
xmlFree(configuration->server_id);
close report #704, add server-id tag, default stays as the server version string. svn path=/icecast/trunk/icecast/; revision=13704
2007-09-03 00:55:27 +00:00
configuration->server_id = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ICECAST_LOG_WARN("Warning, server version string override "
"detected. This may lead to unexpected client software "
"behavior.");
} else if (xmlStrcmp(node->name, XMLSTR("authentication")) == 0) {
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
_parse_authentication(doc, node->xmlChildrenNode, configuration, &source_password);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("source-password")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
/* TODO: This is the backwards-compatibility location */
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ICECAST_LOG_WARN("<source-password> defined outside "
"<authentication>. This is deprecated and will be removed in "
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
"version 2.X.0");
/* FIXME Settle target version for removal of this functionality! */
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (source_password)
xmlFree(source_password);
source_password = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("icelogin")) == 0) {
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
ICECAST_LOG_ERROR("<icelogin> support has been removed.");
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("fileserve")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
allow symbolc names for bools, public settings and loglevel svn path=/icecast/trunk/icecast/; revision=19345
2014-11-21 19:52:48 +00:00
configuration->fileserve = util_str_to_bool(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (tmp)
xmlFree(tmp);
} else if (xmlStrcmp(node->name, XMLSTR("relays-on-demand")) == 0) {
merge in the on-demand relay implementation. svn path=/icecast/trunk/icecast/; revision=9406
2005-06-09 01:51:47 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
allow symbolc names for bools, public settings and loglevel svn path=/icecast/trunk/icecast/; revision=19345
2014-11-21 19:52:48 +00:00
configuration->on_demand = util_str_to_bool(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (tmp)
xmlFree(tmp);
} else if (xmlStrcmp(node->name, XMLSTR("hostname")) == 0) {
if (configuration->hostname)
xmlFree(configuration->hostname);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
configuration->hostname = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("mime-types")) == 0) {
Fix: Moved <mime-types> into <paths>. This moved the <mime-types> setting into <paths>. The code still supports reading it from the root element but will warn the user about this. Also there seems to be no documentation about this setting. Closes: #2164
2015-12-12 08:17:58 +00:00
ICECAST_LOG_WARN("<mime-types> has been moved into <paths>. Please update your configuration file.");
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (configuration->mimetypes_fn)
xmlFree(configuration->mimetypes_fn);
Allow rereading of the mime types file on xml reload. Also allow for specifying an alternative filename in the xml. svn path=/icecast/trunk/icecast/; revision=13541
2007-08-13 21:33:27 +00:00
configuration->mimetypes_fn = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("listen-socket")) == 0) {
Feature: Added id and type property to <listen-socket>
2018-05-11 14:01:11 +00:00
_parse_listen_socket(doc, node, configuration);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("port")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
if (tmp && *tmp) {
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
configuration->port = atoi(tmp);
configuration->listen_sock->port = atoi(tmp);
xmlFree(tmp);
} else {
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
ICECAST_LOG_WARN("<port> setting must not be empty.");
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("bind-address")) == 0) {
Cleanup: Removed tailing spaces
2015-01-10 18:53:44 +00:00
if (configuration->listen_sock->bind_address)
Don't impose a limit on the number of listening sockets allowed in the xml svn path=/icecast/trunk/icecast/; revision=13995
2007-10-16 01:53:06 +00:00
xmlFree(configuration->listen_sock->bind_address);
configuration->listen_sock->bind_address = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("master-server")) == 0) {
if (configuration->master_server)
xmlFree(configuration->master_server);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
configuration->master_server = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("master-username")) == 0) {
if (configuration->master_username)
xmlFree(configuration->master_username);
Allow for username to be stated for master/slave setups, we still default to 'relay' though svn path=/icecast/trunk/icecast/; revision=9274
2005-05-13 00:35:08 +00:00
configuration->master_username = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("master-password")) == 0) {
if (configuration->master_password)
xmlFree(configuration->master_password);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
configuration->master_password = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("master-server-port")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &configuration->master_server_port, "<master-server-port> must not be empty.");
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("master-update-interval")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &configuration->master_update_interval, "<master-update-interval> must not be empty.");
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("shoutcast-mount")) == 0) {
if (configuration->shoutcast_mount)
xmlFree(configuration->shoutcast_mount);
add <shoutcast-mount>. drop the hardcoded mountpoint hacks for NSV svn path=/icecast/trunk/icecast/; revision=8213
2004-11-17 16:02:04 +00:00
configuration->shoutcast_mount = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("limits")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
_parse_limits(doc, node->xmlChildrenNode, configuration);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("http-headers")) == 0) {
Added support for <http-headers> within <mount>. Also support merging of headers (normal mount + default mount). See #1885 svn path=/icecast/trunk/icecast/; revision=19269
2014-11-07 02:55:57 +00:00
_parse_http_headers(doc, node->xmlChildrenNode, &(configuration->http_headers));
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("relay")) == 0) {
Feature: Allow <relay> within <mount>
2018-07-26 09:18:46 +00:00
_parse_relay(doc, node->xmlChildrenNode, configuration, NULL);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("mount")) == 0) {
Added support for a default mount. See #1914. The default mount is a block in the config file that contains settings for all mount points that do not have a block in configfile themself. This is implemented by a <mount type="default">-block. In this case the <mount>-block MUST NOT contain a <mount-name>-subblock. svn path=/icecast/trunk/icecast/; revision=18902
2013-04-02 18:46:44 +00:00
_parse_mount(doc, node, configuration);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("directory")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
_parse_directory(doc, node->xmlChildrenNode, configuration);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("paths")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
_parse_paths(doc, node->xmlChildrenNode, configuration);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("logging")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
_parse_logging(doc, node->xmlChildrenNode, configuration);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("security")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
_parse_security(doc, node->xmlChildrenNode, configuration);
Cleanup: Renamed <kartoffelsalat> to <event-bindings> The parent element for <event> was renamed from <kartoffelsalat> to <event-bindings> as discussed on the mailinglist and on IRC.
2015-03-31 08:20:37 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("event-bindings")) == 0 ||
xmlStrcmp(node->name, XMLSTR("kartoffelsalat")) == 0) {
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
_parse_events(&configuration->event, node->xmlChildrenNode);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
} while ((node = node->next));
port 8000 could be set to listen on when not wanted svn path=/icecast/trunk/icecast/; revision=14314
2007-12-19 19:09:04 +00:00
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
/* global source password is set.
* We need to set it on default mount.
* If default mount has a authstack not NULL we don't need to do anything.
*/
if (source_password) {
mount_proxy *mount = config_find_mount(configuration, NULL, MOUNT_TYPE_DEFAULT);
if (!mount) {
/* create a default mount here */
xmlNodePtr node;
node = xmlNewNode(NULL, XMLSTR("mount"));
xmlSetProp(node, XMLSTR("type"), XMLSTR("default"));
_parse_mount(doc, node, configuration);
xmlFreeNode(node);
mount = config_find_mount(configuration, NULL, MOUNT_TYPE_DEFAULT);
}
if (mount) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (!mount->authstack) {
__append_old_style_auth(&mount->authstack,
"legacy-global-source",
AUTH_TYPE_STATIC, "source",
source_password, NULL,
"source,put,get", 0, "*");
}
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
} else {
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
ICECAST_LOG_ERROR("Can not find nor create default mount, but "
"global legacy source password set. This is bad.");
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
}
Fix: memory leak now freeing null_device and global source_password
2014-12-20 15:29:53 +00:00
xmlFree(source_password);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
}
port 8000 could be set to listen on when not wanted svn path=/icecast/trunk/icecast/; revision=14314
2007-12-19 19:09:04 +00:00
/* drop the first listening socket details if more than one is defined, as we only
* have port or listen-socket not both */
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (configuration->listen_sock_count > 1) {
configuration->listen_sock = config_clear_listener(configuration->listen_sock);
port 8000 could be set to listen on when not wanted svn path=/icecast/trunk/icecast/; revision=14314
2007-12-19 19:09:04 +00:00
configuration->listen_sock_count--;
}
make sure we report the correct port for m3u and YP when not using the default port svn path=/icecast/trunk/icecast/; revision=14318
2007-12-20 16:36:37 +00:00
if (configuration->port == 0)
configuration->port = 8000;
added warnings on empty and default values of <fileserve>, <hostname>, <location>, <admin> and <server-id> svn path=/icecast/trunk/icecast/; revision=19276
2014-11-07 19:14:28 +00:00
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
/* issue some warnings on bad configurations */
if (!configuration->fileserve)
ICECAST_LOG_WARN("Warning, serving of static files has been disabled "
"in the config, this will also affect files used by the web "
"interface (stylesheets, images).");
__check_hostname(configuration);
Cleanup: corrected usage of spaces
2016-06-07 11:30:46 +00:00
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (!configuration->location ||
strcmp(configuration->location, CONFIG_DEFAULT_LOCATION) == 0) {
ICECAST_LOG_WARN("Warning, <location> not configured, using default "
"value \"%s\".", CONFIG_DEFAULT_LOCATION);
added warnings on empty and default values of <fileserve>, <hostname>, <location>, <admin> and <server-id> svn path=/icecast/trunk/icecast/; revision=19276
2014-11-07 19:14:28 +00:00
if (!configuration->location)
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration->location = (char *) xmlCharStrdup(CONFIG_DEFAULT_LOCATION);
}
Cleanup: corrected usage of spaces
2016-06-07 11:30:46 +00:00
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (!configuration->admin ||
strcmp(configuration->admin, CONFIG_DEFAULT_ADMIN) == 0) {
ICECAST_LOG_WARN("Warning, <admin> contact not configured, using "
Added missing space to fix output
2016-02-10 08:15:16 +00:00
"default value \"%s\". This breaks YP directory listings. "
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
"YP directory support will be disabled.", CONFIG_DEFAULT_ADMIN);
/* FIXME actually disable YP */
added warnings on empty and default values of <fileserve>, <hostname>, <location>, <admin> and <server-id> svn path=/icecast/trunk/icecast/; revision=19276
2014-11-07 19:14:28 +00:00
if (!configuration->admin)
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
configuration->admin = (char *) xmlCharStrdup(CONFIG_DEFAULT_ADMIN);
added warnings on empty and default values of <fileserve>, <hostname>, <location>, <admin> and <server-id> svn path=/icecast/trunk/icecast/; revision=19276
2014-11-07 19:14:28 +00:00
}
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_limits(xmlDocPtr doc,
xmlNodePtr node,
ice_config_t *configuration)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
{
char *tmp;
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
if (xmlStrcmp(node->name, XMLSTR("clients")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &configuration->client_limit, "<clients> must not be empty.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("sources")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &configuration->source_limit, "<sources> must not be empty.");
Update: Added timeout and size limit to client body queue handling
2018-06-18 17:34:18 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("bodysize")) == 0) {
__read_int(doc, node, &configuration->body_size_limit, "<bodysize> must not be empty.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("queue-size")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_unsigned_int(doc, node, &configuration->queue_size_limit, "<queue-size> must not be empty.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("threadpool")) == 0) {
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
ICECAST_LOG_WARN("<threadpool> functionality was removed in Icecast"
" version 2.3.0, please remove this from your config.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("client-timeout")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &configuration->client_timeout, "<client-timeout> must not be empty.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("header-timeout")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &configuration->header_timeout, "<header-timeout> must not be empty.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("source-timeout")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &configuration->source_timeout, "<source-timeout> must not be empty.");
Update: Added timeout and size limit to client body queue handling
2018-06-18 17:34:18 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("body-timeout")) == 0) {
__read_int(doc, node, &configuration->body_timeout, "<body-timeout> must not be empty.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("burst-on-connect")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
ICECAST_LOG_WARN("<burst-on-connect> is deprecated, use <burst-size> instead.");
new feature in icecast : burst-on-connect - allows an initial burst of data to connecting listeners, thus reducing the startup time of a stream. svn path=/icecast/trunk/icecast/; revision=6606
2004-04-29 15:23:13 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
if (util_str_to_int(tmp, 0) == 0)
merged singleq branch 7177:7591 svn path=/icecast/trunk/icecast/; revision=7592
2004-08-20 15:13:59 +00:00
configuration->burst_size = 0;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (tmp)
xmlFree(tmp);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("burst-size")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_unsigned_int(doc, node, &configuration->burst_size, "<burst-size> must not be empty.");
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
} while ((node = node->next));
}
Clanup: Unify <authentication> parser code
2018-09-13 12:06:36 +00:00
static void _parse_authentication_node(xmlNodePtr node, auth_stack_t **authstack)
{
xmlChar *tmp;
if (xmlStrcmp(node->name, XMLSTR("authentication")) != 0)
return;
tmp = xmlGetProp(node, XMLSTR("type"));
if (tmp) {
ICECAST_LOG_ERROR("new style parser called on old style config.");
xmlFree(tmp);
return;
}
xmlNodePtr child = node->xmlChildrenNode;
do {
if (child == NULL)
break;
if (xmlIsBlankNode(child))
continue;
if (xmlStrcmp(child->name, XMLSTR("role")) == 0) {
auth_t *auth = auth_get_authenticator(child);
auth_stack_push(authstack, auth);
auth_release(auth);
}
} while ((child = child->next));
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_mount_oldstyle_authentication(mount_proxy *mount,
xmlNodePtr node,
auth_stack_t **authstack)
{
int allow_duplicate_users = 1;
auth_t *auth;
char *type;
char *name;
char *value;
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
xmlNodePtr child;
child = node->xmlChildrenNode;
while (child) {
Regression Fix: Correction of old-style <authentication>. Old-style <authentication> within <mount> didn't work for type="url" as well as some other parameters due to confusion between "node" and "child" variable. Thanks for trilliot for pointing out! Should work now. closes #2039
2014-12-14 09:27:49 +00:00
if (xmlStrcmp(child->name, XMLSTR("option")) == 0) {
name = (char *)xmlGetProp(child, XMLSTR("name"));
value = (char *)xmlGetProp(child, XMLSTR("value"));
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (name && value) {
if (strcmp(name, "allow_duplicate_users") == 0) {
allow_duplicate_users = util_str_to_bool(value);
}
}
if (name)
xmlFree(name);
if (value)
xmlFree(value);
}
child = child->next;
}
type = (char *)xmlGetProp(node, XMLSTR("type"));
if (strcmp(type, AUTH_TYPE_HTPASSWD) == 0) {
if (!allow_duplicate_users)
xmlSetProp(node, XMLSTR("connections-per-user"), XMLSTR("0"));
auth = auth_get_authenticator(node);
if (auth) {
auth_stack_push(authstack, auth);
auth_release(auth);
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
__append_old_style_auth(authstack, NULL, AUTH_TYPE_ANONYMOUS,
Feature: Allow OPTIONS request for * and web requests
2018-06-15 18:53:43 +00:00
NULL, NULL, "get,head,post,options", NULL, 0, NULL);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
} else if (strcmp(type, AUTH_TYPE_URL) == 0) {
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
/* This block is super fun! Attention! Super fun ahead! Ladies and Gentlemen take care and watch your children! */
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
/* Stuff that was of help:
* $ sed 's/^.*name="\([^"]*\)".*$/ const char *\1 = NULL;/'
* $ sed 's/^.*name="\([^"]*\)".*$/ if (\1)\n xmlFree(\1);/'
* $ sed 's/^.*name="\([^"]*\)".*$/ } else if (strcmp(name, "\1") == 0) {\n \1 = value;\n value = NULL;/'
*/
/* urls */
char *mount_add = NULL;
char *mount_remove = NULL;
char *listener_add = NULL;
char *listener_remove = NULL;
char *stream_auth = NULL;
/* request credentials */
char *username = NULL;
char *password = NULL;
/* general options */
char *auth_header = NULL;
char *timelimit_header = NULL;
char *headers = NULL;
char *header_prefix = NULL;
child = node->xmlChildrenNode;
while (child) {
Regression Fix: Correction of old-style <authentication>. Old-style <authentication> within <mount> didn't work for type="url" as well as some other parameters due to confusion between "node" and "child" variable. Thanks for trilliot for pointing out! Should work now. closes #2039
2014-12-14 09:27:49 +00:00
if (xmlStrcmp(child->name, XMLSTR("option")) == 0) {
name = (char *)xmlGetProp(child, XMLSTR("name"));
value = (char *)xmlGetProp(child, XMLSTR("value"));
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (name && value) {
if (strcmp(name, "mount_add") == 0) {
mount_add = value;
value = NULL;
} else if (strcmp(name, "mount_add") == 0) {
mount_add = value;
value = NULL;
} else if (strcmp(name, "mount_remove") == 0) {
mount_remove = value;
value = NULL;
} else if (strcmp(name, "listener_add") == 0) {
listener_add = value;
value = NULL;
} else if (strcmp(name, "listener_remove") == 0) {
listener_remove = value;
value = NULL;
} else if (strcmp(name, "username") == 0) {
username = value;
value = NULL;
} else if (strcmp(name, "password") == 0) {
password = value;
value = NULL;
} else if (strcmp(name, "auth_header") == 0) {
auth_header = value;
value = NULL;
} else if (strcmp(name, "timelimit_header") == 0) {
timelimit_header = value;
value = NULL;
} else if (strcmp(name, "headers") == 0) {
headers = value;
value = NULL;
} else if (strcmp(name, "header_prefix") == 0) {
header_prefix = value;
value = NULL;
} else if (strcmp(name, "stream_auth") == 0) {
stream_auth = value;
value = NULL;
}
}
if (name)
xmlFree(name);
if (value)
xmlFree(value);
}
child = child->next;
}
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
if (mount_add)
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
__append_old_style_url_event(&mount->event, "source-connect",
mount_add, "mount_add", username, password);
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
if (mount_remove)
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
__append_old_style_url_event(&mount->event, "source-disconnect",
mount_add, "mount_remove", username, password);
__append_old_style_urlauth(authstack, listener_add, listener_remove,
"listener_add", "listener_remove", username, password, 0,
auth_header, timelimit_header, headers, header_prefix);
__append_old_style_urlauth(authstack, stream_auth, NULL, "stream_auth",
NULL, username, password, 1, auth_header, timelimit_header,
headers, header_prefix);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (listener_add)
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
__append_old_style_auth(authstack, NULL, AUTH_TYPE_ANONYMOUS, NULL,
Feature: Allow OPTIONS request for * and web requests
2018-06-15 18:53:43 +00:00
NULL, "get,put,head,options", NULL, 0, NULL);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (stream_auth)
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
__append_old_style_auth(authstack, NULL, AUTH_TYPE_ANONYMOUS, NULL,
NULL, "source,put", NULL, 0, NULL);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (mount_add)
xmlFree(mount_add);
if (mount_remove)
xmlFree(mount_remove);
if (listener_add)
xmlFree(listener_add);
if (listener_remove)
xmlFree(listener_remove);
if (username)
xmlFree(username);
if (password)
xmlFree(password);
if (auth_header)
xmlFree(auth_header);
if (timelimit_header)
xmlFree(timelimit_header);
if (headers)
xmlFree(headers);
if (header_prefix)
xmlFree(header_prefix);
if (stream_auth)
xmlFree(stream_auth);
} else {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ICECAST_LOG_ERROR("Unknown authentication type in legacy mode. "
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
"Anonymous listeners and global login for sources disabled.");
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
__append_old_style_auth(authstack, NULL, AUTH_TYPE_ANONYMOUS, NULL,
NULL, NULL, NULL, 0, NULL);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
}
xmlFree(type);
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_mount(xmlDocPtr doc,
Feature: Allow <relay> within <mount>
2018-07-26 09:18:46 +00:00
xmlNodePtr parentnode,
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ice_config_t *configuration)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
{
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
char *tmp;
mount_proxy *mount = calloc(1, sizeof(mount_proxy));
mount_proxy *current = configuration->mounts;
mount_proxy *last = NULL;
char *username = NULL;
char *password = NULL;
auth_stack_t *authstack = NULL;
Feature: Allow <relay> within <mount>
2018-07-26 09:18:46 +00:00
xmlNodePtr node;
Cleanup: Removed tailing spaces
2015-01-10 18:53:44 +00:00
merged singleq branch 7177:7591 svn path=/icecast/trunk/icecast/; revision=7592
2004-08-20 15:13:59 +00:00
/* default <mount> settings */
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
mount->mounttype = MOUNT_TYPE_NORMAL;
mount->max_listeners = -1;
mount->burst_size = -1;
mount->mp3_meta_interval = -1;
mount->yp_public = -1;
Added config option for history size. This adds a <max-history> config option to the <mount> section. Default is a history size of 4. See: #766
2015-03-28 17:34:35 +00:00
mount->max_history = -1;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
mount->next = NULL;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Feature: Allow <relay> within <mount>
2018-07-26 09:18:46 +00:00
tmp = (char *)xmlGetProp(parentnode, XMLSTR("type"));
Added support for a default mount. See #1914. The default mount is a block in the config file that contains settings for all mount points that do not have a block in configfile themself. This is implemented by a <mount type="default">-block. In this case the <mount>-block MUST NOT contain a <mount-name>-subblock. svn path=/icecast/trunk/icecast/; revision=18902
2013-04-02 18:46:44 +00:00
if (tmp) {
if (strcmp(tmp, "normal") == 0) {
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
mount->mounttype = MOUNT_TYPE_NORMAL;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (strcmp(tmp, "default") == 0) {
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
mount->mounttype = MOUNT_TYPE_DEFAULT;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else {
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
ICECAST_LOG_WARN("Unknown mountpoint type: %s", tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
config_clear_mount(mount);
Added support for a default mount. See #1914. The default mount is a block in the config file that contains settings for all mount points that do not have a block in configfile themself. This is implemented by a <mount type="default">-block. In this case the <mount>-block MUST NOT contain a <mount-name>-subblock. svn path=/icecast/trunk/icecast/; revision=18902
2013-04-02 18:46:44 +00:00
return;
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
}
xmlFree(tmp);
Added support for a default mount. See #1914. The default mount is a block in the config file that contains settings for all mount points that do not have a block in configfile themself. This is implemented by a <mount type="default">-block. In this case the <mount>-block MUST NOT contain a <mount-name>-subblock. svn path=/icecast/trunk/icecast/; revision=18902
2013-04-02 18:46:44 +00:00
}
Feature: Allow <relay> within <mount>
2018-07-26 09:18:46 +00:00
node = parentnode->xmlChildrenNode;
Added support for a default mount. See #1914. The default mount is a block in the config file that contains settings for all mount points that do not have a block in configfile themself. This is implemented by a <mount type="default">-block. In this case the <mount>-block MUST NOT contain a <mount-name>-subblock. svn path=/icecast/trunk/icecast/; revision=18902
2013-04-02 18:46:44 +00:00
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (xmlStrcmp(node->name, XMLSTR("mount-name")) == 0) {
Cleanup: corrected usage of spaces
2016-06-07 11:30:46 +00:00
mount->mountname = (char *)xmlNodeListGetString(doc,
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("username")) == 0) {
username = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("password")) == 0) {
password = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("dump-file")) == 0) {
mount->dumpfile = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("intro")) == 0) {
mount->intro_filename = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("fallback-mount")) == 0) {
mount->fallback_mount = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("fallback-when-full")) == 0) {
Allow for new listeners to fallback if there are max listeners on the current mountpoint svn path=/icecast/trunk/icecast/; revision=9833
2005-08-23 18:40:20 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
allow symbolc names for bools, public settings and loglevel svn path=/icecast/trunk/icecast/; revision=19345
2014-11-21 19:52:48 +00:00
mount->fallback_when_full = util_str_to_bool(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(tmp)
xmlFree(tmp);
} else if (xmlStrcmp(node->name, XMLSTR("max-listeners")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &mount->max_listeners, "<max-listeners> must not be empty.");
Added config option for history size. This adds a <max-history> config option to the <mount> section. Default is a history size of 4. See: #766
2015-03-28 17:34:35 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("max-history")) == 0) {
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
mount->max_history = util_str_to_int(tmp, mount->max_history);
Added config option for history size. This adds a <max-history> config option to the <mount> section. Default is a history size of 4. See: #766
2015-03-28 17:34:35 +00:00
if (mount->max_history < 1 || mount->max_history > 256)
mount->max_history = 256; /* deny super huge values */
if(tmp)
xmlFree(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("charset")) == 0) {
Fix bug #895. Most if not all non-Ogg streams send metadata as non-UTF8, typically ISO-8859-1 is assumed as there is no real clarity wrt the spec. In most cases people send ASCII so it's not an issue, but for some, the extended characters they send can cause problems with XML processing. As stats and YP require UTF8 we need to translate them and block invalid cases. For the moment, for non-Ogg streams only, we assume that the metadata needs converting from ISO-8859-1. Ogg streams are UTF8 so no conversion needed. You can override the default with a charset mount option. svn path=/icecast/trunk/icecast/; revision=13615
2007-08-24 15:44:37 +00:00
mount->charset = (char *)xmlNodeListGetString(doc,
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("mp3-metadata-interval")) == 0) {
Config: Rename mp3-metadata-interval to icy-metadata-interval As proposed in #2272, this renames the mount specific mp3-metadata-interval to icy-metadata-interval to prevent confusion about what it does (setting the icy metadata interval) and to make clear it's not mp3 specific but ICY specific.
2016-06-28 11:39:57 +00:00
ICECAST_LOG_WARN("<mp3-metadata-interval> is deprecated and will be "
"removed in a future version. "
"Please use <icy-metadata-interval> instead.");
/* FIXME when do we plan to remove this? */
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &mount->mp3_meta_interval, "<mp3-metadata-interval> must not be empty.");
Config: Rename mp3-metadata-interval to icy-metadata-interval As proposed in #2272, this renames the mount specific mp3-metadata-interval to icy-metadata-interval to prevent confusion about what it does (setting the icy metadata interval) and to make clear it's not mp3 specific but ICY specific.
2016-06-28 11:39:57 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("icy-metadata-interval")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &mount->mp3_meta_interval, "<icy-metadata-interval> must not be empty.");
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("fallback-override")) == 0) {
Client authentication added. Melanie's multilevel fallbacks added (after major changes). svn path=/trunk/icecast/; revision=5760
2004-01-15 01:01:09 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
allow symbolc names for bools, public settings and loglevel svn path=/icecast/trunk/icecast/; revision=19345
2014-11-21 19:52:48 +00:00
mount->fallback_override = util_str_to_bool(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(tmp)
xmlFree(tmp);
} else if (xmlStrcmp(node->name, XMLSTR("no-mount")) == 0) {
Client authentication added. Melanie's multilevel fallbacks added (after major changes). svn path=/trunk/icecast/; revision=5760
2004-01-15 01:01:09 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
allow symbolc names for bools, public settings and loglevel svn path=/icecast/trunk/icecast/; revision=19345
2014-11-21 19:52:48 +00:00
mount->no_mount = util_str_to_bool(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(tmp)
xmlFree(tmp);
} else if (xmlStrcmp(node->name, XMLSTR("no-yp")) == 0) {
ICECAST_LOG_WARN("<no-yp> defined. Please use <public>. This is "
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
"deprecated and will be removed in a future version.");
/* FIXME when do we plan to remove this? */
add per-mount no-yp tag handling svn path=/icecast/trunk/icecast/; revision=8241
2004-11-21 15:51:49 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
allow symbolc names for bools, public settings and loglevel svn path=/icecast/trunk/icecast/; revision=19345
2014-11-21 19:52:48 +00:00
mount->yp_public = util_str_to_bool(tmp) == 0 ? -1 : 0;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(tmp)
xmlFree(tmp);
} else if (xmlStrcmp(node->name, XMLSTR("hidden")) == 0) {
merge per-mount hidden setting. prevent specific mountpoints being listed on status.xsl and streamlist svn path=/icecast/trunk/icecast/; revision=8245
2004-11-22 18:21:48 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
allow symbolc names for bools, public settings and loglevel svn path=/icecast/trunk/icecast/; revision=19345
2014-11-21 19:52:48 +00:00
mount->hidden = util_str_to_bool(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(tmp)
xmlFree(tmp);
} else if (xmlStrcmp(node->name, XMLSTR("authentication")) == 0) {
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
tmp = (char *)xmlGetProp(node, XMLSTR("type"));
if (tmp) {
xmlFree(tmp);
_parse_mount_oldstyle_authentication(mount, node, &authstack);
} else {
Clanup: Unify <authentication> parser code
2018-09-13 12:06:36 +00:00
_parse_authentication_node(node, &authstack);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("on-connect")) == 0) {
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
if (tmp) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
__append_old_style_exec_event(&mount->event,
"source-connect", tmp);
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
xmlFree(tmp);
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("on-disconnect")) == 0) {
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
if (tmp) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
__append_old_style_exec_event(&mount->event,
"source-disconnect", tmp);
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
xmlFree(tmp);
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("max-listener-duration")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_unsigned_int(doc, node, &mount->max_listener_duration, "<max-listener-duration> must not be empty.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("queue-size")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_unsigned_int(doc, node, &mount->queue_size_limit, "<queue-size> must not be empty.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("source-timeout")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_unsigned_int(doc, node, &mount->source_timeout, "<source-timeout> must not be empty.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("burst-size")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &mount->burst_size, "<burst-size> must not be empty.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("cluster-password")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
mount->cluster_password = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("stream-name")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
mount->stream_name = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("stream-description")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
mount->stream_description = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("stream-url")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
mount->stream_url = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("genre")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
mount->stream_genre = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("bitrate")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
mount->bitrate = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("public")) == 0) {
allow for more updating over HUP. Made the YP engine only read the stats instead of updating them, so source header parsing is done in the apply mount. Per-mount stream settings also allow for overriding the incoming settings. svn path=/icecast/trunk/icecast/; revision=9325
2005-05-30 14:50:57 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
allow symbolc names for bools, public settings and loglevel svn path=/icecast/trunk/icecast/; revision=19345
2014-11-21 19:52:48 +00:00
mount->yp_public = __parse_public(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(tmp)
xmlFree(tmp);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("type")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
mount->type = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("subtype")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
mount->subtype = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("http-headers")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
_parse_http_headers(doc, node->xmlChildrenNode,
&(mount->http_headers));
Cleanup: Renamed <kartoffelsalat> to <event-bindings> The parent element for <event> was renamed from <kartoffelsalat> to <event-bindings> as discussed on the mailinglist and on IRC.
2015-03-31 08:20:37 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("event-bindings")) == 0 ||
xmlStrcmp(node->name, XMLSTR("kartoffelsalat")) == 0) {
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
_parse_events(&mount->event, node->xmlChildrenNode);
Add per mount queue size and source timeout, which can override the general settings. svn path=/trunk/icecast/; revision=5867
2004-02-26 11:56:48 +00:00
}
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
} while ((node = node->next));
avoid adding a mount_t structure if there is no mount name defined, segv occurs later on svn path=/icecast/trunk/icecast/; revision=10151
2005-10-11 13:40:17 +00:00
Feature: Allow <relay> within <mount>
2018-07-26 09:18:46 +00:00
/* Do a second interation as we need to know mount->mountname, and mount->mounttype first */
node = parentnode->xmlChildrenNode;
do {
if (node == NULL)
break;
if (xmlStrcmp(node->name, XMLSTR("relay")) == 0) {
if (mount->mounttype != MOUNT_TYPE_NORMAL) {
ICECAST_LOG_WARN("<relay> set within <mount> for mountpoint %s%s%s that is not type=\"normal\"",
(mount->mountname ? "\"" : ""), (mount->mountname ? mount->mountname : "<no name>"), (mount->mountname ? "\"" : ""));
} else if (!mount->mountname || mount->mountname[0] != '/') {
ICECAST_LOG_WARN("<relay> set within <mount> with no mountpoint defined.");
} else {
_parse_relay(doc, node->xmlChildrenNode, configuration, mount->mountname);
}
}
} while ((node = node->next));
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (password) {
auth_stack_t *old_style = NULL;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
__append_old_style_auth(&old_style, "legacy-mount-source",
AUTH_TYPE_STATIC, username ? username : "source", password, NULL,
"source,put,get", 0, "*");
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (authstack) {
auth_stack_append(old_style, authstack);
auth_stack_release(authstack);
}
authstack = old_style;
}
if (username)
xmlFree(username);
if (password)
xmlFree(password);
if (mount->authstack)
auth_stack_release(mount->authstack);
auth_stack_addref(mount->authstack = authstack);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ICECAST_LOG_DEBUG("Mount %p (mountpoint %s) has %sactive "
"roles on authstack.", mount, mount->mountname, authstack ? "" : "no ");
Regression Fix: Correction of old-style <authentication>. Old-style <authentication> within <mount> didn't work for type="url" as well as some other parameters due to confusion between "node" and "child" variable. Thanks for trilliot for pointing out! Should work now. closes #2039
2014-12-14 09:27:49 +00:00
avoid adding a mount_t structure if there is no mount name defined, segv occurs later on svn path=/icecast/trunk/icecast/; revision=10151
2005-10-11 13:40:17 +00:00
/* make sure we have at least the mountpoint name */
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (mount->mountname == NULL && mount->mounttype != MOUNT_TYPE_DEFAULT) {
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
config_clear_mount(mount);
avoid adding a mount_t structure if there is no mount name defined, segv occurs later on svn path=/icecast/trunk/icecast/; revision=10151
2005-10-11 13:40:17 +00:00
return;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (mount->mountname != NULL && mount->mounttype == MOUNT_TYPE_DEFAULT) {
ICECAST_LOG_WARN("Default mount %s has mount-name set. This is "
"not supported. Behavior may not be consistent.", mount->mountname);
added a warning in case mount of type default is defined but a mountname is set svn path=/icecast/trunk/icecast/; revision=18909
2013-04-05 19:49:13 +00:00
}
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
while (authstack) {
auth_t *auth = auth_stack_get(authstack);
if (mount->mountname) {
auth->mount = strdup((char *)mount->mountname);
} else if (mount->mounttype == MOUNT_TYPE_DEFAULT ) {
auth->mount = strdup("(default mount)");
}
auth_release(auth);
auth_stack_next(&authstack);
make <auth> in <mount type="default"> work if no <mount-name> is given. svn path=/icecast/trunk/icecast/; revision=19251
2014-10-26 14:03:57 +00:00
}
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
avoid adding a mount_t structure if there is no mount name defined, segv occurs later on svn path=/icecast/trunk/icecast/; revision=10151
2005-10-11 13:40:17 +00:00
while(current) {
last = current;
current = current->next;
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (!mount->fallback_mount && (mount->fallback_when_full || mount->fallback_override)) {
ICECAST_LOG_WARN("Config for mount %s contains fallback options "
"but no fallback mount.", mount->mountname);
Escape log entries in access log (close: #1916) svn path=/icecast/trunk/icecast/; revision=18755
2013-01-02 14:44:08 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(last) {
avoid adding a mount_t structure if there is no mount name defined, segv occurs later on svn path=/icecast/trunk/icecast/; revision=10151
2005-10-11 13:40:17 +00:00
last->next = mount;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else {
avoid adding a mount_t structure if there is no mount name defined, segv occurs later on svn path=/icecast/trunk/icecast/; revision=10151
2005-10-11 13:40:17 +00:00
configuration->mounts = mount;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
}
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_http_headers(xmlDocPtr doc,
xmlNodePtr node,
ice_config_http_header_t **http_headers)
{
initial patch to allow adding user defined headers, closes #1885 svn path=/icecast/trunk/icecast/; revision=19267
2014-11-07 00:56:02 +00:00
ice_config_http_header_t *header;
ice_config_http_header_t *next;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
char *name = NULL;
char *value = NULL;
char *tmp;
int status;
http_header_type type;
initial patch to allow adding user defined headers, closes #1885 svn path=/icecast/trunk/icecast/; revision=19267
2014-11-07 00:56:02 +00:00
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
if (xmlStrcmp(node->name, XMLSTR("header")) != 0)
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
continue;
if (!(name = (char *)xmlGetProp(node, XMLSTR("name"))))
break;
if (!(value = (char *)xmlGetProp(node, XMLSTR("value"))))
break;
initial patch to allow adding user defined headers, closes #1885 svn path=/icecast/trunk/icecast/; revision=19267
2014-11-07 00:56:02 +00:00
added support for type="" and status="" in <header> (subelement of <http-headers>). svn path=/icecast/trunk/icecast/; revision=19270
2014-11-07 10:12:24 +00:00
type = HTTP_HEADER_TYPE_STATIC; /* default */
if ((tmp = (char *)xmlGetProp(node, XMLSTR("type")))) {
if (strcmp(tmp, "static") == 0) {
type = HTTP_HEADER_TYPE_STATIC;
} else {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ICECAST_LOG_WARN("Unknown type %s for "
"HTTP Header %s", tmp, name);
added support for type="" and status="" in <header> (subelement of <http-headers>). svn path=/icecast/trunk/icecast/; revision=19270
2014-11-07 10:12:24 +00:00
xmlFree(tmp);
break;
}
xmlFree(tmp);
}
status = 0; /* default: any */
if ((tmp = (char *)xmlGetProp(node, XMLSTR("status")))) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
status = util_str_to_int(tmp, 0);
added support for type="" and status="" in <header> (subelement of <http-headers>). svn path=/icecast/trunk/icecast/; revision=19270
2014-11-07 10:12:24 +00:00
xmlFree(tmp);
}
initial patch to allow adding user defined headers, closes #1885 svn path=/icecast/trunk/icecast/; revision=19267
2014-11-07 00:56:02 +00:00
header = calloc(1, sizeof(ice_config_http_header_t));
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (!header)
break;
header->type = type;
header->name = name;
header->value = value;
header->status = status;
name = NULL;
value = NULL;
initial patch to allow adding user defined headers, closes #1885 svn path=/icecast/trunk/icecast/; revision=19267
2014-11-07 00:56:02 +00:00
Added support for <http-headers> within <mount>. Also support merging of headers (normal mount + default mount). See #1885 svn path=/icecast/trunk/icecast/; revision=19269
2014-11-07 02:55:57 +00:00
if (!*http_headers) {
*http_headers = header;
initial patch to allow adding user defined headers, closes #1885 svn path=/icecast/trunk/icecast/; revision=19267
2014-11-07 00:56:02 +00:00
continue;
}
Added support for <http-headers> within <mount>. Also support merging of headers (normal mount + default mount). See #1885 svn path=/icecast/trunk/icecast/; revision=19269
2014-11-07 02:55:57 +00:00
next = *http_headers;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
while (next->next) {
next = next->next;
}
initial patch to allow adding user defined headers, closes #1885 svn path=/icecast/trunk/icecast/; revision=19267
2014-11-07 00:56:02 +00:00
next->next = header;
} while ((node = node->next));
/* in case we used break we may need to clean those up */
if (name)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
xmlFree(name);
initial patch to allow adding user defined headers, closes #1885 svn path=/icecast/trunk/icecast/; revision=19267
2014-11-07 00:56:02 +00:00
if (value)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
xmlFree(value);
initial patch to allow adding user defined headers, closes #1885 svn path=/icecast/trunk/icecast/; revision=19267
2014-11-07 00:56:02 +00:00
}
allow for more updating over HUP. Made the YP engine only read the stats instead of updating them, so source header parsing is done in the apply mount. Per-mount stream settings also allow for overriding the incoming settings. svn path=/icecast/trunk/icecast/; revision=9325
2005-05-30 14:50:57 +00:00
Cleanup: Seperated relay upstream parser into seperate function
2018-07-26 07:26:14 +00:00
static void _parse_relay_upstream(xmlDocPtr doc,
xmlNodePtr node,
relay_config_upstream_t *upstream)
{
char *tmp;
do {
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
if (xmlStrcmp(node->name, XMLSTR("server")) == 0) {
if (upstream->server)
xmlFree(upstream->server);
upstream->server = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("port")) == 0) {
__read_int(doc, node, &upstream->port, "<port> setting must not be empty.");
} else if (xmlStrcmp(node->name, XMLSTR("mount")) == 0) {
if (upstream->mount)
xmlFree(upstream->mount);
upstream->mount = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("relay-shoutcast-metadata")) == 0) {
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
upstream->mp3metadata = util_str_to_bool(tmp);
if(tmp)
xmlFree(tmp);
} else if (xmlStrcmp(node->name, XMLSTR("username")) == 0) {
if (upstream->username)
xmlFree(upstream->username);
upstream->username = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("password")) == 0) {
if (upstream->password)
xmlFree(upstream->password);
upstream->password = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("bind")) == 0) {
if (upstream->bind)
xmlFree(upstream->bind);
upstream->bind = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
}
} while ((node = node->next));
Fix: Corrected and improved default value handling for relay upstreams
2018-07-26 08:25:21 +00:00
}
Cleanup: Seperated relay upstream parser into seperate function
2018-07-26 07:26:14 +00:00
Fix: Corrected and improved default value handling for relay upstreams
2018-07-26 08:25:21 +00:00
static void _parse_relay_upstream_apply_defaults(relay_config_upstream_t *upstream)
{
Cleanup: Seperated relay upstream parser into seperate function
2018-07-26 07:26:14 +00:00
if (!upstream->server)
Fix: Corrected and improved default value handling for relay upstreams
2018-07-26 08:25:21 +00:00
upstream->server = (char *)xmlCharStrdup(CONFIG_DEFAULT_RELAY_SERVER);
if (!upstream->port)
upstream->port = CONFIG_DEFAULT_RELAY_PORT;
Cleanup: Seperated relay upstream parser into seperate function
2018-07-26 07:26:14 +00:00
if (!upstream->mount)
Fix: Corrected and improved default value handling for relay upstreams
2018-07-26 08:25:21 +00:00
upstream->mount = (char *)xmlCharStrdup(CONFIG_DEFAULT_RELAY_MOUNT);
Cleanup: Seperated relay upstream parser into seperate function
2018-07-26 07:26:14 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_relay(xmlDocPtr doc,
xmlNodePtr node,
Feature: Allow <relay> within <mount>
2018-07-26 09:18:46 +00:00
ice_config_t *configuration,
const char *mount)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
{
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
char *tmp;
Cleanup: Seperated relay config from runtime data
2018-07-20 11:01:51 +00:00
relay_config_t *relay = calloc(1, sizeof(relay_config_t));
relay_config_t **n = realloc(configuration->relay, sizeof(*configuration->relay)*(configuration->relay_length + 1));
Add per mount queue size and source timeout, which can override the general settings. svn path=/trunk/icecast/; revision=5867
2004-02-26 11:56:48 +00:00
Cleanup: Seperated relay config from runtime data
2018-07-20 11:01:51 +00:00
if (!n) {
ICECAST_LOG_ERROR("Can not allocate memory for additional relay.");
return;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
Cleanup: Seperated relay config from runtime data
2018-07-20 11:01:51 +00:00
configuration->relay = n;
configuration->relay[configuration->relay_length++] = relay;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Cleanup: Seperated relay config from runtime data
2018-07-20 11:01:51 +00:00
relay->upstream_default.mp3metadata = 1;
relay->on_demand = configuration->on_demand;
Cleanup: Seperated relay upstream parser into seperate function
2018-07-26 07:26:14 +00:00
_parse_relay_upstream(doc, node, &(relay->upstream_default));
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Cleanup: Seperated relay upstream parser into seperate function
2018-07-26 07:26:14 +00:00
if (xmlStrcmp(node->name, XMLSTR("local-mount")) == 0) {
Feature: Allow <relay> within <mount>
2018-07-26 09:18:46 +00:00
if (mount) {
ICECAST_LOG_WARN("Relay defined within mount \"%s\" defines <local-mount> which is ignored.", mount);
} else {
if (relay->localmount)
xmlFree(relay->localmount);
relay->localmount = (char *)xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
}
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("on-demand")) == 0) {
merge in the on-demand relay implementation. svn path=/icecast/trunk/icecast/; revision=9406
2005-06-09 01:51:47 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
allow symbolc names for bools, public settings and loglevel svn path=/icecast/trunk/icecast/; revision=19345
2014-11-21 19:52:48 +00:00
relay->on_demand = util_str_to_bool(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (tmp)
xmlFree(tmp);
Feature: Added <upstream>-tag to relay config
2018-07-26 07:36:24 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("upstream")) == 0) {
Feature: Allow <upstream> within <relay> to have a type="" that can be "normal" and "default"
2018-07-26 09:18:23 +00:00
tmp = (char *)xmlGetProp(node, XMLSTR("type"));
if (tmp == NULL || strcmp(tmp, "normal") == 0) {
relay_config_upstream_t *n = realloc(relay->upstream, sizeof(*n)*(relay->upstreams + 1));
if (n) {
relay->upstream = n;
memset(&(n[relay->upstreams]), 0, sizeof(relay_config_upstream_t));
_parse_relay_upstream(doc, node->xmlChildrenNode, &(n[relay->upstreams]));
relay->upstreams++;
}
} else if (strcmp(tmp, "default") == 0) {
_parse_relay_upstream(doc, node->xmlChildrenNode, &(relay->upstream_default));
} else {
ICECAST_LOG_WARN("<upstream> of unknown type is ignored.");
Feature: Added <upstream>-tag to relay config
2018-07-26 07:36:24 +00:00
}
Feature: Allow <upstream> within <relay> to have a type="" that can be "normal" and "default"
2018-07-26 09:18:23 +00:00
if (tmp)
xmlFree(tmp);
add optional bind setting to relays svn path=/icecast/trunk/icecast/; revision=15783
2009-03-17 01:45:41 +00:00
}
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
} while ((node = node->next));
Cleanup: Seperated relay upstream parser into seperate function
2018-07-26 07:26:14 +00:00
Fix: Corrected and improved default value handling for relay upstreams
2018-07-26 08:25:21 +00:00
_parse_relay_upstream_apply_defaults(&(relay->upstream_default));
Feature: Allow <relay> within <mount>
2018-07-26 09:18:46 +00:00
if (mount) {
relay->localmount = (char *)xmlStrdup(XMLSTR(mount));
}
minor cleanup svn path=/trunk/icecast/; revision=5834
2004-02-17 15:46:05 +00:00
if (relay->localmount == NULL)
Cleanup: Seperated relay config from runtime data
2018-07-20 11:01:51 +00:00
relay->localmount = (char *)xmlStrdup(XMLSTR(relay->upstream_default.mount));
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_listen_socket(xmlDocPtr doc,
xmlNodePtr node,
ice_config_t *configuration)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
{
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
char *tmp;
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
listener_t *listener = calloc(1, sizeof(listener_t));
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
merge extra checks. minor cleanup work svn path=/icecast/trunk/icecast/; revision=9711
2005-08-07 14:50:59 +00:00
if (listener == NULL)
return;
Don't impose a limit on the number of listening sockets allowed in the xml svn path=/icecast/trunk/icecast/; revision=13995
2007-10-16 01:53:06 +00:00
listener->port = 8000;
Feature: Added id and type property to <listen-socket>
2018-05-11 14:01:11 +00:00
listener->id = (char *)xmlGetProp(node, XMLSTR("id"));
Feature: Allow listen sockets to virtually handle other sockets traffic. This adds on-behalf-of="#id" to <listen-socket>. It allows a socket to handle the traffic that was originally meant of another (virtual) listen socket.
2018-06-30 13:51:42 +00:00
tmp = (char*)xmlGetProp(node, XMLSTR("on-behalf-of"));
if (tmp) {
listener->on_behalf_of = config_href_to_id(tmp);
xmlFree(tmp);
}
Feature: Added id and type property to <listen-socket>
2018-05-11 14:01:11 +00:00
tmp = (char *)xmlGetProp(node, XMLSTR("type"));
listener->type = config_str_to_listener_type(tmp);
xmlFree(tmp);
node = node->xmlChildrenNode;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
if (xmlStrcmp(node->name, XMLSTR("port")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
if (tmp) {
if(configuration->port == 0)
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
configuration->port = util_str_to_int(tmp, 0);
listener->port = util_str_to_int(tmp, listener->port);
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
xmlFree(tmp);
} else {
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
ICECAST_LOG_WARN("<port> setting must not be empty.");
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
}
Renamed config file SSL references to TLS. As we do not support any SSL version but TLS this renames all TLS related config options. Docs still need to be updated. Close still uses 'ssl' internally e.g. for variable names. This should be changed on a later patch.
2015-03-27 11:08:50 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("tls")) == 0 ||
xmlStrcmp(node->name, XMLSTR("ssl")) == 0) {
merge work. allow sockets to be marked as ssl capable. This is mainly for /admin requests but can be used for sources and listeners svn path=/icecast/trunk/icecast/; revision=13650
2007-08-29 03:51:22 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Make tls mode more configureable
2016-11-06 16:02:11 +00:00
listener->tls = str_to_tlsmode(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(tmp)
xmlFree(tmp);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("shoutcast-compat")) == 0) {
* support for the Shoutcast DSP (yay!). You can now use the Shoutcast DSP as a source client. The connection protocol is a bit odd, and we had to handle it separately, and thus we've added a new config option (<shoutcast-compat>) that is set at the listener port level. * support for NSV (and the nsvscsrc source client). After adding support for the connection protocol of the shoutcast DSP, adding NSV was just a simple of a few special handling cases. * removed all traces of the earlier attempt at the shoutcast DSP connection protocol * Due to the growing complexity of the config files, I've also created a few alternate config files, namely one for a "shoutcast compat" setup as well as a "minimal" one for quick basic configurations. svn path=/icecast/trunk/icecast/; revision=8191
2004-11-11 15:47:33 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
allow symbolc names for bools, public settings and loglevel svn path=/icecast/trunk/icecast/; revision=19345
2014-11-21 19:52:48 +00:00
listener->shoutcast_compat = util_str_to_bool(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(tmp)
xmlFree(tmp);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("shoutcast-mount")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (listener->shoutcast_mount)
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
xmlFree(listener->shoutcast_mount);
Cleanup: Removed tailing spaces
2015-01-10 18:53:44 +00:00
listener->shoutcast_mount = (char *)xmlNodeListGetString(doc,
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("bind-address")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (listener->bind_address)
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
xmlFree(listener->bind_address);
Cleanup: Removed tailing spaces
2015-01-10 18:53:44 +00:00
listener->bind_address = (char *)xmlNodeListGetString(doc,
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("so-sndbuf")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &listener->so_sndbuf, "<so-sndbuf> must not be empty.");
Feature: Added support to set listen(2) backlog. Closes: #2225
2018-09-28 13:52:39 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("listen-backlog")) == 0) {
__read_int(doc, node, &listener->listen_backlog, "<listen-backlog> must not be empty.");
Feature: Added per <listen-socket> <authentication>
2018-09-13 11:34:01 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("authentication")) == 0) {
Clanup: Unify <authentication> parser code
2018-09-13 12:06:36 +00:00
_parse_authentication_node(node, &(listener->authstack));
non-blocking setting on win32 broke with previous patch. Add optional xml setting for specifying the TCP send buffer size, it seems that on at least some win32 systems, the window size stays at 8k (even with registry settings) which could limit available streaming bandwidth. svn path=/icecast/trunk/icecast/; revision=15766
2009-03-14 16:05:12 +00:00
}
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
} while ((node = node->next));
Don't impose a limit on the number of listening sockets allowed in the xml svn path=/icecast/trunk/icecast/; revision=13995
2007-10-16 01:53:06 +00:00
port 8000 could be set to listen on when not wanted svn path=/icecast/trunk/icecast/; revision=14314
2007-12-19 19:09:04 +00:00
/* we know there's at least one of these, so add this new one after the first
* that way it can be removed easily later on */
listener->next = configuration->listen_sock->next;
configuration->listen_sock->next = listener;
Don't impose a limit on the number of listening sockets allowed in the xml svn path=/icecast/trunk/icecast/; revision=13995
2007-10-16 01:53:06 +00:00
configuration->listen_sock_count++;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (listener->shoutcast_mount) {
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
listener_t *sc_port = calloc(1, sizeof(listener_t));
allow for multiple shoutcast style source clients to connect. They don't provide a mountpoint so you specify a shoutcast-mount in the listen-socket section. Specifying this will automatically define the port+1 with the same settings however the original shoutcast-compat approach is maintained. svn path=/icecast/trunk/icecast/; revision=14045
2007-10-25 02:25:49 +00:00
sc_port->port = listener->port+1;
sc_port->shoutcast_compat = 1;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
sc_port->shoutcast_mount = (char*)xmlStrdup(XMLSTR(listener->shoutcast_mount));
allow for multiple shoutcast style source clients to connect. They don't provide a mountpoint so you specify a shoutcast-mount in the listen-socket section. Specifying this will automatically define the port+1 with the same settings however the original shoutcast-compat approach is maintained. svn path=/icecast/trunk/icecast/; revision=14045
2007-10-25 02:25:49 +00:00
if (listener->bind_address)
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
sc_port->bind_address = (char*)xmlStrdup(XMLSTR(listener->bind_address));
allow for multiple shoutcast style source clients to connect. They don't provide a mountpoint so you specify a shoutcast-mount in the listen-socket section. Specifying this will automatically define the port+1 with the same settings however the original shoutcast-compat approach is maintained. svn path=/icecast/trunk/icecast/; revision=14045
2007-10-25 02:25:49 +00:00
port 8000 could be set to listen on when not wanted svn path=/icecast/trunk/icecast/; revision=14314
2007-12-19 19:09:04 +00:00
sc_port->next = listener->next;
listener->next = sc_port;
allow for multiple shoutcast style source clients to connect. They don't provide a mountpoint so you specify a shoutcast-mount in the listen-socket section. Specifying this will automatically define the port+1 with the same settings however the original shoutcast-compat approach is maintained. svn path=/icecast/trunk/icecast/; revision=14045
2007-10-25 02:25:49 +00:00
configuration->listen_sock_count++;
}
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
static void _parse_authentication(xmlDocPtr doc, xmlNodePtr node,
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
ice_config_t *configuration, char **source_password)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
{
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
char *admin_password = NULL,
*admin_username = NULL;
char *relay_password = NULL,
*relay_username = (char*)xmlCharStrdup(CONFIG_DEFAULT_MASTER_USERNAME);
auth_stack_t *old_style = NULL,
*new_style = NULL;
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
better coding style, patch by ePirat. refs #2059 svn path=/icecast/trunk/icecast/; revision=19376
2014-11-30 20:32:30 +00:00
if (xmlStrcmp(node->name, XMLSTR("source-password")) == 0) {
cleanup of <source-password> parser code svn path=/icecast/trunk/icecast/; revision=18649
2012-10-11 22:28:40 +00:00
if (xmlGetProp(node, XMLSTR("mount"))) {
LOG_{ERROR|WARN|INFO|DEBUG}() -> ICECAST_LOG_{ERROR|WARN|INFO|DEBUG}(); this is to avoid collision with LOG_INFO that is defined as part of syslog. svn path=/icecast/trunk/icecast/; revision=19257
2014-10-31 08:46:58 +00:00
ICECAST_LOG_ERROR("Mount level source password defined within global <authentication> section.");
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else {
if (*source_password)
xmlFree(*source_password);
*source_password = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("admin-password")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(admin_password)
xmlFree(admin_password);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
admin_password = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("admin-user")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(admin_username)
xmlFree(admin_username);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
admin_username = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("relay-password")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(relay_password)
xmlFree(relay_password);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
relay_password = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("relay-user")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if(relay_username)
xmlFree(relay_username);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
relay_username = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Fix: Fixed regression for ICY source client's auth This allows ICY source clients to log in again with 2.4.x-style config. ICY does not provide a username. Therefore the username was unset. This patch sets the username for ICY source connections and allow them to be handled as if a username was provided. Configuration tag <shoutcast-user> was added to select the username to set to. This defaults to "source".
2018-04-21 11:03:18 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("shoutcast-user")) == 0) {
if (configuration->shoutcast_user)
xmlFree(configuration->shoutcast_user);
configuration->shoutcast_user = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("role")) == 0) {
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
auth_t *auth = auth_get_authenticator(node);
auth_stack_push(&new_style, auth);
auth_release(auth);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
} while ((node = node->next));
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (admin_password && admin_username)
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
__append_old_style_auth(&old_style, "legacy-admin", AUTH_TYPE_STATIC,
Feature: Allow OPTIONS request for * and web requests
2018-06-15 18:53:43 +00:00
admin_username, admin_password, NULL, "get,post,head,stats,options", 1, "*");
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (relay_password && relay_username)
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
__append_old_style_auth(&old_style, "legacy-relay", AUTH_TYPE_STATIC,
relay_username, relay_password, NULL, "get", 1, "streamlist.txt");
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (admin_password)
xmlFree(admin_password);
if (admin_username)
xmlFree(admin_username);
if (relay_password)
xmlFree(relay_password);
if (relay_username)
xmlFree(relay_username);
if (old_style && new_style) {
auth_stack_append(old_style, new_style);
auth_stack_release(new_style);
} else if (new_style) {
old_style = new_style;
}
/* default unauthed anonymous account */
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
__append_old_style_auth(&old_style, "anonymous", AUTH_TYPE_ANONYMOUS,
Feature: Allow OPTIONS request for * and web requests
2018-06-15 18:53:43 +00:00
NULL, NULL, NULL, "get,post,head,options", 1, NULL);
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (!old_style)
ICECAST_LOG_ERROR("BAD. old_style=NULL");
if (configuration->authstack)
auth_stack_release(configuration->authstack);
configuration->authstack = old_style;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_directory(xmlDocPtr doc,
xmlNodePtr node,
ice_config_t *configuration)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
{
if (configuration->num_yp_directories >= MAX_YP_DIRECTORIES) {
LOG_{ERROR|WARN|INFO|DEBUG}() -> ICECAST_LOG_{ERROR|WARN|INFO|DEBUG}(); this is to avoid collision with LOG_INFO that is defined as part of syslog. svn path=/icecast/trunk/icecast/; revision=19257
2014-10-31 08:46:58 +00:00
ICECAST_LOG_ERROR("Maximum number of yp directories exceeded!");
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
return;
}
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
if (xmlStrcmp(node->name, XMLSTR("yp-url")) == 0) {
Cleanup: Removed tailing spaces
2015-01-10 18:53:44 +00:00
if (configuration->yp_url[configuration->num_yp_directories])
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
xmlFree(configuration->yp_url[configuration->num_yp_directories]);
Cleanup: Removed tailing spaces
2015-01-10 18:53:44 +00:00
configuration->yp_url[configuration->num_yp_directories] =
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
(char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("yp-url-timeout")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &configuration->yp_url_timeout[configuration->num_yp_directories], "<yp-url-timeout> must not be empty.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("server")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
_add_server(doc, node->xmlChildrenNode, configuration);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("touch-interval")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &configuration->yp_touch_interval[configuration->num_yp_directories], "<touch-interval> must not be empty.");
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
} while ((node = node->next));
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
if (configuration->yp_url[configuration->num_yp_directories] == NULL)
sanity check for unspecifed url svn path=/icecast/trunk/icecast/; revision=14866
2008-05-11 23:20:50 +00:00
return;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
configuration->num_yp_directories++;
}
Cleanup: Massive cleanup of the <resource>-tag handling
2018-05-28 12:59:22 +00:00
static void _parse_resource(xmlDocPtr doc,
xmlNodePtr node,
ice_config_t *configuration)
{
char *temp;
resource_t *resource,
*current,
*last;
resource = calloc(1, sizeof(resource_t));
if (resource == NULL) {
ICECAST_LOG_ERROR("Can not allocate memory for resource.");
return;
}
resource->next = NULL;
resource->source = (char *)xmlGetProp(node, XMLSTR("source"));
resource->destination = (char *)xmlGetProp(node, XMLSTR("destination"));
if (!resource->destination)
resource->destination = (char *)xmlGetProp(node, XMLSTR("dest"));
if (!resource->source && resource->destination) {
resource->source = resource->destination;
resource->destination = NULL;
} else if (!resource->source && !resource->destination) {
config_clear_resource(resource);
return;
}
temp = (char *)xmlGetProp(node, XMLSTR("port"));
if(temp != NULL) {
resource->port = util_str_to_int(temp, resource->port);
xmlFree(temp);
} else {
resource->port = -1;
}
resource->bind_address = (char *)xmlGetProp(node, XMLSTR("bind-address"));
Feature: Allow <resource> to match on a specific listen-socket
2018-06-30 14:06:05 +00:00
temp = (char *)xmlGetProp(node, XMLSTR("listen-socket"));
if (temp) {
resource->listen_socket = config_href_to_id(temp);
xmlFree(temp);
}
Cleanup: Massive cleanup of the <resource>-tag handling
2018-05-28 12:59:22 +00:00
resource->vhost = (char *)xmlGetProp(node, XMLSTR("vhost"));
Feature: Allow modules to handle client requests via <resource> tags
2018-05-28 14:04:07 +00:00
resource->module = (char *)xmlGetProp(node, XMLSTR("module"));
resource->handler = (char *)xmlGetProp(node, XMLSTR("handler"));
Cleanup: Massive cleanup of the <resource>-tag handling
2018-05-28 12:59:22 +00:00
temp = (char *)xmlGetProp(node, XMLSTR("omode"));
if (temp) {
resource->omode = config_str_to_omode(temp);
xmlFree(temp);
} else {
resource->omode = OMODE_DEFAULT;
}
temp = (char *)xmlGetProp(node, XMLSTR("prefixmatch"));
Fix: Fixed memory leak with new prefixmatch="" attribute of <resource>
2018-06-06 10:33:49 +00:00
if (temp) {
resource->flags |= util_str_to_bool(temp) ? ALIAS_FLAG_PREFIXMATCH : 0;
xmlFree(temp);
}
Cleanup: Massive cleanup of the <resource>-tag handling
2018-05-28 12:59:22 +00:00
/* Attach new <resource> as last entry into the global list. */
current = configuration->resources;
last = NULL;
while (current) {
last = current;
current = current->next;
}
if (last) {
last->next = resource;
} else {
configuration->resources = resource;
}
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_paths(xmlDocPtr doc,
xmlNodePtr node,
ice_config_t *configuration)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
{
Cleanup: Renamed alias -> resource
2018-05-28 12:25:11 +00:00
char *temp;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (xmlStrcmp(node->name, XMLSTR("basedir")) == 0) {
if (configuration->base_dir)
xmlFree(configuration->base_dir);
configuration->base_dir =
(char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("logdir")) == 0) {
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
if (!(temp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1))) {
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
ICECAST_LOG_WARN("<logdir> setting must not be empty.");
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
continue;
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (configuration->log_dir)
xmlFree(configuration->log_dir);
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
configuration->log_dir = temp;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("pidfile")) == 0) {
if (configuration->pidfile)
xmlFree(configuration->pidfile);
Add optional pidfile. Writes process id of icecast to named file svn path=/trunk/icecast/; revision=5674
2003-12-01 23:30:13 +00:00
configuration->pidfile = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("nulldevice")) == 0) {
if (configuration->null_device)
xmlFree(configuration->null_device);
(sync with my branch) Updated handling of <on-connect> and <on-disconnect> in <mount>, see r19305:r19312, refs #1354, #2089, #2087, #1752 svn path=/icecast/trunk/icecast/; revision=19340
2014-11-21 09:28:29 +00:00
configuration->null_device = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Fix: Moved <mime-types> into <paths>. This moved the <mime-types> setting into <paths>. The code still supports reading it from the root element but will warn the user about this. Also there seems to be no documentation about this setting. Closes: #2164
2015-12-12 08:17:58 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("mime-types")) == 0) {
if (configuration->mimetypes_fn)
xmlFree(configuration->mimetypes_fn);
configuration->mimetypes_fn = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("deny-ip")) == 0) {
if (configuration->banfile)
xmlFree(configuration->banfile);
Allow for files to be specified that will contain IPs that can be used to accept or deny client connections. svn path=/icecast/trunk/icecast/; revision=14039
2007-10-23 22:25:31 +00:00
configuration->banfile = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("allow-ip")) == 0) {
if (configuration->allowfile)
xmlFree(configuration->allowfile);
Allow for files to be specified that will contain IPs that can be used to accept or deny client connections. svn path=/icecast/trunk/icecast/; revision=14039
2007-10-23 22:25:31 +00:00
configuration->allowfile = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Renamed config file SSL references to TLS. As we do not support any SSL version but TLS this renames all TLS related config options. Docs still need to be updated. Close still uses 'ssl' internally e.g. for variable names. This should be changed on a later patch.
2015-03-27 11:08:50 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("tls-certificate")) == 0 ||
xmlStrcmp(node->name, XMLSTR("ssl-certificate")) == 0) {
Feature: Added new config tag tls-context, tls-key and attribute implementation
2017-05-18 08:39:05 +00:00
if (__check_node_impl(node, "generic") != 0) {
ICECAST_LOG_WARN("Node %s uses unsupported implementation.", node->name);
continue;
}
Update: Prepare code for a new <tls-context> element
2017-05-18 08:02:41 +00:00
if (configuration->tls_context.cert_file)
xmlFree(configuration->tls_context.cert_file);
configuration->tls_context.cert_file = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Renamed config file SSL references to TLS. As we do not support any SSL version but TLS this renames all TLS related config options. Docs still need to be updated. Close still uses 'ssl' internally e.g. for variable names. This should be changed on a later patch.
2015-03-27 11:08:50 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("tls-allowed-ciphers")) == 0 ||
xmlStrcmp(node->name, XMLSTR("ssl-allowed-ciphers")) == 0) {
Feature: Added new config tag tls-context, tls-key and attribute implementation
2017-05-18 08:39:05 +00:00
if (__check_node_impl(node, "openssl") != 0) {
ICECAST_LOG_WARN("Node %s uses unsupported implementation.", node->name);
continue;
}
Update: Prepare code for a new <tls-context> element
2017-05-18 08:02:41 +00:00
if (configuration->tls_context.cipher_list)
xmlFree(configuration->tls_context.cipher_list);
configuration->tls_context.cipher_list = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("webroot")) == 0) {
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
if (!(temp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1))) {
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
ICECAST_LOG_WARN("<webroot> setting must not be empty.");
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
continue;
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (configuration->webroot_dir)
xmlFree(configuration->webroot_dir);
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
configuration->webroot_dir = temp;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (configuration->webroot_dir[strlen(configuration->webroot_dir)-1] == '/')
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
configuration->webroot_dir[strlen(configuration->webroot_dir)-1] = 0;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("adminroot")) == 0) {
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
if (!(temp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1))) {
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
ICECAST_LOG_WARN("<adminroot> setting must not be empty.");
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
continue;
}
Cleanup: Removed tailing spaces
2015-01-10 18:53:44 +00:00
if (configuration->adminroot_dir)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
xmlFree(configuration->adminroot_dir);
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
configuration->adminroot_dir = (char *)temp;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (configuration->adminroot_dir[strlen(configuration->adminroot_dir)-1] == '/')
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
configuration->adminroot_dir[strlen(configuration->adminroot_dir)-1] = 0;
Feature: Added global (in config) reportxml database
2018-06-08 12:03:46 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("reportxmldb")) == 0) {
reportxml_t *report;
xmlDocPtr dbdoc;
if (!(temp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1))) {
ICECAST_LOG_WARN("<reportxmldb> setting must not be empty.");
continue;
}
dbdoc = xmlParseFile(temp);
if (!doc) {
ICECAST_LOG_ERROR("Can not read report xml database \"%H\" as XML", temp);
} else {
report = reportxml_parse_xmldoc(dbdoc);
xmlFreeDoc(dbdoc);
if (!report) {
ICECAST_LOG_ERROR("Can not parse report xml database \"%H\"", temp);
} else {
reportxml_database_add_report(configuration->reportxml_db, report);
Fix: Fixed report XML related memory leaks
2018-07-06 13:21:59 +00:00
refobject_unref(report);
Update: Added useful logging in case report xml database has been loaded
2018-06-08 15:18:44 +00:00
ICECAST_LOG_INFO("File \"%H\" added to report xml database", temp);
Feature: Added global (in config) reportxml database
2018-06-08 12:03:46 +00:00
}
}
xmlFree(temp);
renamed <alias> to <resource>. renamed <alias> to <resource> as it is planned to extent the usage of this tag. docs and default configs should be updated by those taking core of them.
2014-12-06 19:47:54 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("resource")) == 0 || xmlStrcmp(node->name, XMLSTR("alias")) == 0) {
Cleanup: Massive cleanup of the <resource>-tag handling
2018-05-28 12:59:22 +00:00
_parse_resource(doc, node, configuration);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
} while ((node = node->next));
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_logging(xmlDocPtr doc,
xmlNodePtr node,
ice_config_t *configuration)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
{
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
char *tmp;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
if (xmlStrcmp(node->name, XMLSTR("accesslog")) == 0) {
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
if (!(tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1))) {
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
ICECAST_LOG_WARN("<accesslog> setting must not be empty.");
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
continue;
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (configuration->access_log)
xmlFree(configuration->access_log);
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
configuration->access_log = tmp;
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("errorlog")) == 0) {
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
if (!(tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1))) {
Fixed log messages and comments * Reworded many log messages for better understanding. * Adjusted some version targets as we won't have a 2.4.2 release. * Added some FIXME comments
2015-03-01 16:51:09 +00:00
ICECAST_LOG_WARN("<errorlog> setting must not be empty.");
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
continue;
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (configuration->error_log)
xmlFree(configuration->error_log);
handle empty strings in config file better. Now empty strings are handled in: accesslog, errorlog, logdir, webroot, adminroot and hopefully all kinds of port. Feal free to reopen ticket if there are more that needs to be fixed. closes #1963 svn path=/icecast/trunk/icecast/; revision=19268
2014-11-07 01:40:28 +00:00
configuration->error_log = tmp;
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("playlistlog")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (configuration->playlist_log)
xmlFree(configuration->playlist_log);
this patch adds a playlist log to icecast. This can be used to maintain an audit trail of metadata that comes through icecast. The format of the log file may be changed in the future as we decide on a good format. svn path=/icecast/trunk/icecast/; revision=8205
2004-11-16 04:04:02 +00:00
configuration->playlist_log = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("logsize")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &configuration->logsize, "<logsize> must not be empty.");
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("loglevel")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
char *tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
configuration->loglevel = util_str_to_loglevel(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (tmp)
xmlFree(tmp);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("logarchive")) == 0) {
Fix: Allow the use of bools for <logarchive>
2018-09-28 10:58:50 +00:00
char *tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
configuration->logarchive = util_str_to_bool(tmp);
if (tmp) {
xmlFree(tmp);
} else {
ICECAST_LOG_WARN("<logarchive> must not be empty.");
}
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
} while ((node = node->next));
}
Feature: Added new config tag tls-context, tls-key and attribute implementation
2017-05-18 08:39:05 +00:00
static void _parse_tls_context(xmlDocPtr doc,
xmlNodePtr node,
ice_config_t *configuration)
{
config_tls_context_t *context = &configuration->tls_context;
node = node->xmlChildrenNode;
do {
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
if (xmlStrcmp(node->name, XMLSTR("tls-certificate")) == 0) {
if (__check_node_impl(node, "generic") != 0) {
ICECAST_LOG_WARN("Node %s uses unsupported implementation.", node->name);
continue;
}
if (context->cert_file)
xmlFree(context->cert_file);
context->cert_file = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("tls-key")) == 0) {
if (__check_node_impl(node, "generic") != 0) {
ICECAST_LOG_WARN("Node %s uses unsupported implementation.", node->name);
continue;
}
if (context->key_file)
xmlFree(context->key_file);
context->key_file = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
} else if (xmlStrcmp(node->name, XMLSTR("tls-allowed-ciphers")) == 0) {
if (__check_node_impl(node, "openssl") != 0) {
ICECAST_LOG_WARN("Node %s uses unsupported implementation.", node->name);
continue;
}
if (context->cipher_list)
xmlFree(context->cipher_list);
context->cipher_list = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
} else {
ICECAST_LOG_ERROR("Unknown config tag: %s", node->name);
}
} while ((node = node->next));
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_security(xmlDocPtr doc,
xmlNodePtr node,
ice_config_t *configuration)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
{
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
char *tmp;
xmlNodePtr oldnode;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (xmlStrcmp(node->name, XMLSTR("chroot")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
allow symbolc names for bools, public settings and loglevel svn path=/icecast/trunk/icecast/; revision=19345
2014-11-21 19:52:48 +00:00
configuration->chroot = util_str_to_bool(tmp);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (tmp)
xmlFree(tmp);
Feature: Added new config tag tls-context, tls-key and attribute implementation
2017-05-18 08:39:05 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("tls-context")) == 0) {
_parse_tls_context(doc, node, configuration);
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("changeowner")) == 0) {
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
configuration->chuid = 1;
oldnode = node;
node = node->xmlChildrenNode;
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
if (xmlStrcmp(node->name, XMLSTR("user")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (configuration->user)
xmlFree(configuration->user);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
configuration->user = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
Cleanup: More space corrections
2015-03-31 08:14:42 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("group")) == 0) {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (configuration->group)
xmlFree(configuration->group);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
configuration->group = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1);
}
} while((node = node->next));
node = oldnode;
}
} while ((node = node->next));
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _add_server(xmlDocPtr doc,
xmlNodePtr node,
ice_config_t *configuration)
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
{
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
ice_config_dir_t *dirnode,
*server;
int addnode;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
server = (ice_config_dir_t *)malloc(sizeof(ice_config_dir_t));
server->touch_interval = configuration->touch_interval;
server->host = NULL;
addnode = 0;
Cleanup: Removed tailing spaces
2015-01-10 18:53:44 +00:00
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
do {
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (node == NULL)
break;
if (xmlIsBlankNode(node))
continue;
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
better coding style, patch by ePirat. refs #2059 svn path=/icecast/trunk/icecast/; revision=19376
2014-11-30 20:32:30 +00:00
if (xmlStrcmp(node->name, XMLSTR("host")) == 0) {
server->host = (char *) xmlNodeListGetString(doc,
node->xmlChildrenNode, 1);
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
addnode = 1;
better coding style, patch by ePirat. refs #2059 svn path=/icecast/trunk/icecast/; revision=19376
2014-11-30 20:32:30 +00:00
} else if (xmlStrcmp(node->name, XMLSTR("touch-interval")) == 0) {
Fix: Fixes a number of empty string segfaults in config parser This fixes a number of segfault happening in case config tags are empty. This patch also adds warnings for most cases. Please test for any regressions. This should likely be ported to 2.4.4 as well. Closes: #2265
2016-11-30 11:22:36 +00:00
__read_int(doc, node, &server->touch_interval, "<touch-interval> must not be empty.");
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
server->next = NULL;
} while ((node = node->next));
if (addnode) {
dirnode = configuration->dir_list;
if (dirnode == NULL) {
configuration->dir_list = server;
} else {
while (dirnode->next) dirnode = dirnode->next;
dirnode->next = server;
}
Cleanup: Removed tailing spaces
2015-01-10 18:53:44 +00:00
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
server = NULL;
addnode = 0;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
} else {
Fix a leak in a config parsing path when we see a directory server with no host specified. svn path=/icecast/trunk/icecast/; revision=10974
2006-03-07 19:21:04 +00:00
free (server);
}
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void _parse_events(event_registration_t **events, xmlNodePtr node)
{
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
while (node) {
if (xmlStrcmp(node->name, XMLSTR("event")) == 0) {
event_registration_t *reg = event_new_from_xml_node(node);
event_registration_push(events, reg);
event_registration_release(reg);
}
node = node->next;
}
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
config_options_t *config_parse_options(xmlNodePtr node)
{
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
config_options_t *ret = NULL;
config_options_t *cur = NULL;
if (!node)
return NULL;
node = node->xmlChildrenNode;
if (!node)
return NULL;
do {
if (xmlStrcmp(node->name, XMLSTR("option")) != 0)
continue;
if (cur) {
cur->next = calloc(1, sizeof(config_options_t));
cur = cur->next;
} else {
cur = ret = calloc(1, sizeof(config_options_t));
}
cur->type = (char *)xmlGetProp(node, XMLSTR("type"));
cur->name = (char *)xmlGetProp(node, XMLSTR("name"));
cur->value = (char *)xmlGetProp(node, XMLSTR("value"));
/* map type="default" to NULL. This is to avoid many extra xmlCharStrdup()s. */
if (cur->type && strcmp(cur->type, "default") == 0) {
xmlFree(cur->type);
cur->type = NULL;
}
} while ((node = node->next));
return ret;
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
void config_clear_options(config_options_t *options)
{
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
while (options) {
config_options_t *opt = options;
options = opt->next;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
if (opt->type)
xmlFree(opt->type);
if (opt->name)
xmlFree(opt->name);
if (opt->value)
xmlFree(opt->value);
Added <event>: Unified handling of events. <event> has been added and can be used within <kartoffelsalat> both in <icecast> and <mount>. <event> takes backend depending <option> child tags. Currently supported backends: - log: send message to error log. - exec: executes a program or script. - url: delivers the event via HTTP. within <mount> <on-connect> and <on-disconnect> has been replaced by <event>. Config parser can on-the-fly convert old tags. Also <authentication type="url"> within <mount> has been fixed for those cases with <option name="mount_add" .../> and <option name="mount_remove" .../> which are now on-the-fly converted by the parser to corresponding <event> tags. Please also see TAGs added as per #2098. Some include hints for documentation updates needed after this change. Those updates should take place before 2.4.2.
2014-12-08 00:39:57 +00:00
free(opt);
}
}
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
static void merge_mounts(mount_proxy * dst, mount_proxy * src)
{
Added support for <http-headers> within <mount>. Also support merging of headers (normal mount + default mount). See #1885 svn path=/icecast/trunk/icecast/; revision=19269
2014-11-07 02:55:57 +00:00
ice_config_http_header_t *http_header_next;
ice_config_http_header_t **http_header_tail;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst || !src)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
return;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->dumpfile)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->dumpfile = (char*)xmlStrdup((xmlChar*)src->dumpfile);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->intro_filename)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->intro_filename = (char*)xmlStrdup((xmlChar*)src->intro_filename);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->fallback_when_full)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->fallback_when_full = src->fallback_when_full;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (dst->max_listeners == -1)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->max_listeners = src->max_listeners;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->fallback_mount)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->fallback_mount = (char*)xmlStrdup((xmlChar*)src->fallback_mount);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->fallback_override)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->fallback_override = src->fallback_override;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->no_mount)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->no_mount = src->no_mount;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (dst->burst_size == -1)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->burst_size = src->burst_size;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->queue_size_limit)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->queue_size_limit = src->queue_size_limit;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->hidden)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->hidden = src->hidden;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->source_timeout)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->source_timeout = src->source_timeout;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->charset)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->charset = (char*)xmlStrdup((xmlChar*)src->charset);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (dst->mp3_meta_interval == -1)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->mp3_meta_interval = src->mp3_meta_interval;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->cluster_password)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->cluster_password = (char*)xmlStrdup((xmlChar*)src->cluster_password);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->max_listener_duration)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->max_listener_duration = src->max_listener_duration;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->stream_name)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->stream_name = (char*)xmlStrdup((xmlChar*)src->stream_name);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->stream_description)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->stream_description = (char*)xmlStrdup((xmlChar*)src->stream_description);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->stream_url)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->stream_url = (char*)xmlStrdup((xmlChar*)src->stream_url);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->stream_genre)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->stream_genre = (char*)xmlStrdup((xmlChar*)src->stream_genre);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->bitrate)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->bitrate = (char*)xmlStrdup((xmlChar*)src->bitrate);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->type)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->type = (char*)xmlStrdup((xmlChar*)src->type);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (!dst->subtype)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->subtype = (char*)xmlStrdup((xmlChar*)src->subtype);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
if (dst->yp_public == -1)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
dst->yp_public = src->yp_public;
Added config option for history size. This adds a <max-history> config option to the <mount> section. Default is a history size of 4. See: #766
2015-03-28 17:34:35 +00:00
if (dst->max_history == -1)
dst->max_history = src->max_history;
Added support for <http-headers> within <mount>. Also support merging of headers (normal mount + default mount). See #1885 svn path=/icecast/trunk/icecast/; revision=19269
2014-11-07 02:55:57 +00:00
if (dst->http_headers) {
http_header_next = dst->http_headers;
while (http_header_next->next) http_header_next = http_header_next->next;
http_header_tail = &(http_header_next->next);
} else {
http_header_tail = &(dst->http_headers);
}
*http_header_tail = config_copy_http_header(src->http_headers);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
}
static inline void _merge_mounts_all(ice_config_t *c) {
mount_proxy *mountinfo = c->mounts;
mount_proxy *default_mount;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
for (; mountinfo; mountinfo = mountinfo->next) {
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
if (mountinfo->mounttype != MOUNT_TYPE_NORMAL)
continue;
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
default_mount = config_find_mount(c, mountinfo->mountname, MOUNT_TYPE_DEFAULT);
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
merge_mounts(mountinfo, default_mount);
mount points defined in config should use data from default mounts as well, see #1914 svn path=/icecast/trunk/icecast/; revision=18903
2013-04-03 00:33:10 +00:00
}
}
a move over from config.c config.h. This is so that config.h can be built by autoconf. config.h is also the name expected by the convenience libs svn path=/trunk/icecast/; revision=5154
2003-07-21 01:39:39 +00:00
add function to do mount list search (could be extended later), call it from various places including the shoutcast source client auth which previously only used the global source password. svn path=/icecast/trunk/icecast/; revision=9240
2005-05-08 11:54:46 +00:00
/* return the mount details that match the supplied mountpoint */
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
mount_proxy *config_find_mount (ice_config_t *config,
const char *mount,
mount_type type)
{
add function to do mount list search (could be extended later), call it from various places including the shoutcast source client auth which previously only used the global source password. svn path=/icecast/trunk/icecast/; revision=9240
2005-05-08 11:54:46 +00:00
mount_proxy *mountinfo = config->mounts;
Fix: Handle mount=NULL in config_find_mount() correctly.
2015-11-11 12:18:15 +00:00
/* invalid args */
if (!mount && type != MOUNT_TYPE_DEFAULT)
return NULL;
Cleanup codestyle This commit cleanups codestyle a bit, yet there is still some work to be done
2015-01-25 18:57:27 +00:00
for (; mountinfo; mountinfo = mountinfo->next) {
Added support for a default mount. See #1914. The default mount is a block in the config file that contains settings for all mount points that do not have a block in configfile themself. This is implemented by a <mount type="default">-block. In this case the <mount>-block MUST NOT contain a <mount-name>-subblock. svn path=/icecast/trunk/icecast/; revision=18902
2013-04-02 18:46:44 +00:00
if (mountinfo->mounttype != type)
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
continue;
if (!mount && !mountinfo->mountname)
Added support for a default mount. See #1914. The default mount is a block in the config file that contains settings for all mount points that do not have a block in configfile themself. This is implemented by a <mount type="default">-block. In this case the <mount>-block MUST NOT contain a <mount-name>-subblock. svn path=/icecast/trunk/icecast/; revision=18902
2013-04-02 18:46:44 +00:00
break;
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (mountinfo->mounttype == MOUNT_TYPE_NORMAL) {
if (!mount || !mountinfo->mountname)
continue;
Cleanup: converted tabs into spaces
2015-01-10 01:48:15 +00:00
if (strcmp(mountinfo->mountname, mount) == 0)
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
break;
} else if (mountinfo->mounttype == MOUNT_TYPE_DEFAULT) {
Fix: Handle mount=NULL in config_find_mount() correctly.
2015-11-11 12:18:15 +00:00
if (!mount || !mountinfo->mountname)
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
break;
avoid fnmatch() on _WIN32 and fall back to strcmp(). Seems that MinGW does half-implement fnmatch()... svn path=/icecast/trunk/icecast/; revision=18905
2013-04-03 02:04:38 +00:00
#ifndef _WIN32
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (fnmatch(mountinfo->mountname, mount, FNM_PATHNAME) == 0)
break;
avoid fnmatch() on _WIN32 and fall back to strcmp(). Seems that MinGW does half-implement fnmatch()... svn path=/icecast/trunk/icecast/; revision=18905
2013-04-03 02:04:38 +00:00
#else
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
if (strcmp(mountinfo->mountname, mount) == 0)
break;
avoid fnmatch() on _WIN32 and fall back to strcmp(). Seems that MinGW does half-implement fnmatch()... svn path=/icecast/trunk/icecast/; revision=18905
2013-04-03 02:04:38 +00:00
#endif
Wow. Mega patch! This patch *replaces* the authentication system completly. What is new: - <authentication> in mount section is now a container object. - <authentication> in root and mount section may hold any number of <role>-Tags. - <role> tags: Those tags define a 'role' and it's ACL rules. A role is a instance of an authentication module (see below). <role> takes the following options. All but type are optional. - authentication related: - type: Type of the authentication module (values: anonymous, static, legacy-password, url or htpasswd; symbolic constants in auth.h) - name: Name for the role. For later matching. (values: any string; default: (none)) - method: This rule is only active on the given list of HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - ACL related: - allow-method: Allowed HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: get) - deny-method: Rejected HTTP methods. (list of enum values: methods as recognized by httpp/ (e.g: get,post); default: *) - allow-admin: Allowed admin commands. (list of enum values: admin command; default: buildm3u) - deny-admin: Rejected admin commands. (list of enum values: admin command; default: *) - allow-web: Allowed web pages. (values: empty or *; default: *) - deny-web: Rejected web pages. (values: empty or *; default: (empty)) - connections-per-user: maximum number of simultaneous connections per role and username. This is only active on active sources. (values: unlimited or number of connections; default: unlimited) - connection-duration: maximum time of a connection. This is only active on active sources. (values: unlimited or number of secounds; default: unlimited) <role> takes <option> child tags. <option> tags contain a name and a value option. Meaning of <option> tags is up to the authentication module. - <role>s are considered to build a stack. If a role returns with AUTH_NOMATCH the next one will be tried. - <role>s are tested in this order: mount specific, default mount specific, global, internal fallback. Internal fallback is set to allow web/ access via GET, POST and HEAD (only GET supported by this time) and rejects all other requests. - New authentication module: anonymous This module matches all requests. No options taken. - New authentication module: static This module matches with a static username and password. It takes two <option>s. One with name="username" and one with name="password" to set username and password. This replaces old style <*-username> and <*-password> tags. - New authentication module: legacy-password This module matches with a statich password. It takes one <option> with name="password" to set password. This replaces old ICE and ICY (shoutcast compat mode) authentication. - Parsing <authentication> in <mount> with a type set in a special way to allow 100% backward compatibility. - Parsing of <source-password>, <admin-password>, <admin-user>, <relay-password> and <relay-user> in global <authentication> for 100% backward compatibility. - <alias> is now proccessed very early. This enables them to be used for all kinds of requests. To Do List & What does not yet work: - type="url" auth: mount_add and mount_remove. This should be replaced by an unique feature I would call '<event>'. - Admin commands manageauth and manageauth.xsl are disabled as they need more review: This code needs to be ported to support multiple <role>s per <mount>. - url authentication module can not yet return AUTH_NOMATCH. This needs to be reviewed and discussed on how to handle this case best way. - Default config files needs to be updated to reflect the changes. As this is quite some political act it should be done in dicussion with the whole team and permission of the release manager. - Docs need to be updated to reflect the changes. How does it work: Code has been changed so that authentification is done early for all clients. This allows accessing the ACL data (client->acl) from nearly everywhere in the code. After accept() and initial client setup the request is parsed. In the next step all <alias>es are resolved. After this the client is passed for authentication. After authentication it is passed to the corresponding subsystem depending on kind of request. All authentication instances have a thread running for doing the authentication. This thread works on a queue of clients. Hints for testers: - Test with default config. - Test with diffrent authentication modules in <mount>. - Test shoutcast compatibility mode. - Test with new style <authentication> and any amount of <role> (zero to quite some). - Test <alias> lookup on all kinds of objects. - Test source level credential login into the admin interface. - Test shoucast style meta data updates. - Test playlist generation. Thank you for reading this long commit message. Have fun reading the full patch! svn path=/icecast/trunk/icecast/; revision=19358
2014-11-28 23:46:08 +00:00
}
add function to do mount list search (could be extended later), call it from various places including the shoutcast source client auth which previously only used the global source password. svn path=/icecast/trunk/icecast/; revision=9240
2005-05-08 11:54:46 +00:00
}
Added support for a default mount. See #1914. The default mount is a block in the config file that contains settings for all mount points that do not have a block in configfile themself. This is implemented by a <mount type="default">-block. In this case the <mount>-block MUST NOT contain a <mount-name>-subblock. svn path=/icecast/trunk/icecast/; revision=18902
2013-04-02 18:46:44 +00:00
/* retry with default mount */
if (!mountinfo && type == MOUNT_TYPE_NORMAL)
better coding style, patch by ePirat. refs #2059 svn path=/icecast/trunk/icecast/; revision=19376
2014-11-30 20:32:30 +00:00
mountinfo = config_find_mount(config, mount, MOUNT_TYPE_DEFAULT);
add function to do mount list search (could be extended later), call it from various places including the shoutcast source client auth which previously only used the global source password. svn path=/icecast/trunk/icecast/; revision=9240
2005-05-08 11:54:46 +00:00
return mountinfo;
}
Update: Rewrote listen socket handling code comepletly. This moves all the listen socket code into a nice and abstracting file. Notes: * Altering listen socket setup does not yet work on config reload. (Did it ever work?) * Server will start with no listen sockets. (There are unconfirmed rumours it sometimes(?) did before.) This is to be re-implemented in another commit. It can also be improved to work allow checking on reload or other config changes. * For slave connections the server address is now checked against the allow/deny-IP list.
2018-04-18 05:43:46 +00:00
listener_t *config_copy_listener_one(const listener_t *listener) {
listener_t *n;
Don't impose a limit on the number of listening sockets allowed in the xml svn path=/icecast/trunk/icecast/; revision=13995
2007-10-16 01:53:06 +00:00
Update: Rewrote listen socket handling code comepletly. This moves all the listen socket code into a nice and abstracting file. Notes: * Altering listen socket setup does not yet work on config reload. (Did it ever work?) * Server will start with no listen sockets. (There are unconfirmed rumours it sometimes(?) did before.) This is to be re-implemented in another commit. It can also be improved to work allow checking on reload or other config changes. * For slave connections the server address is now checked against the allow/deny-IP list.
2018-04-18 05:43:46 +00:00
if (listener == NULL)
return NULL;
n = calloc(1, sizeof(*n));
if (n == NULL)
return NULL;
n->next = NULL;
n->port = listener->port;
n->so_sndbuf = listener->so_sndbuf;
Feature: Added support to set listen(2) backlog. Closes: #2225
2018-09-28 13:52:39 +00:00
n->listen_backlog = listener->listen_backlog;
Fix: Also copy listener type
2018-05-18 13:20:38 +00:00
n->type = listener->type;
Feature: Added id and type property to <listen-socket>
2018-05-11 14:01:11 +00:00
n->id = (char*)xmlStrdup(XMLSTR(listener->id));
Feature: Allow listen sockets to virtually handle other sockets traffic. This adds on-behalf-of="#id" to <listen-socket>. It allows a socket to handle the traffic that was originally meant of another (virtual) listen socket.
2018-06-30 13:51:42 +00:00
if (listener->on_behalf_of) {
n->on_behalf_of = strdup(listener->on_behalf_of);
}
Update: Rewrote listen socket handling code comepletly. This moves all the listen socket code into a nice and abstracting file. Notes: * Altering listen socket setup does not yet work on config reload. (Did it ever work?) * Server will start with no listen sockets. (There are unconfirmed rumours it sometimes(?) did before.) This is to be re-implemented in another commit. It can also be improved to work allow checking on reload or other config changes. * For slave connections the server address is now checked against the allow/deny-IP list.
2018-04-18 05:43:46 +00:00
n->bind_address = (char*)xmlStrdup(XMLSTR(listener->bind_address));
n->shoutcast_compat = listener->shoutcast_compat;
n->shoutcast_mount = (char*)xmlStrdup(XMLSTR(listener->shoutcast_mount));
n->tls = listener->tls;
Feature: Added per <listen-socket> <authentication>
2018-09-13 11:34:01 +00:00
if (listener->authstack) {
auth_stack_addref(n->authstack = listener->authstack);
}
Update: Rewrote listen socket handling code comepletly. This moves all the listen socket code into a nice and abstracting file. Notes: * Altering listen socket setup does not yet work on config reload. (Did it ever work?) * Server will start with no listen sockets. (There are unconfirmed rumours it sometimes(?) did before.) This is to be re-implemented in another commit. It can also be improved to work allow checking on reload or other config changes. * For slave connections the server address is now checked against the allow/deny-IP list.
2018-04-18 05:43:46 +00:00
return n;
Don't impose a limit on the number of listening sockets allowed in the xml svn path=/icecast/trunk/icecast/; revision=13995
2007-10-16 01:53:06 +00:00
}
Copy Permalink