Update: Improved matchfile API

This adds support for allow-deny kind of rules with the matchfile API. See: #2119
2024-06-16 06:15:24 +00:00 · 2015-01-06 12:03:28 +00:00 · 2015-01-06 12:03:28 +00:00 · b55bae035d
commit b55bae035d
parent d24dda61d0
3 changed files with 30 additions and 24 deletions
--- a/src/connection.c
+++ b/src/connection.c
@ -274,28 +274,6 @@ static int connection_send(connection_t *con, const void *buf, size_t len)
    return bytes;
 }

-
-/* return 0 if the passed ip address is not to be handled by icecast, non-zero otherwise */
-static int accept_ip_address(char *ip) {
-    if (matchfile_match(banned_ip, ip) > 0) {
-        ICECAST_LOG_DEBUG("%s is banned", ip);
-        return 0;
-    }
-
-    if (matchfile_match(allowed_ip, ip) > 0) {
-        ICECAST_LOG_DEBUG("%s is allowed", ip);
-        return 1;
-    } else if (allowed_ip) {
-        /* we are not on allow list but there is one, so reject */
-        ICECAST_LOG_DEBUG("%s is not allowed", ip);
-        return 0;
-    }
-
-    /* default: allow */
-    return 1;
-}
-
-
 connection_t *connection_create (sock_t sock, sock_t serversock, char *ip)
 {
    connection_t *con;
@ -429,8 +407,8 @@ static connection_t *_accept_connection(int duration)
        if (strncmp(ip, "::ffff:", 7) == 0)
            memmove(ip, ip+7, strlen (ip+7)+1);

-        if (accept_ip_address(ip))
-            con = connection_create(sock, serversock, ip);
+        if (matchfile_match_allow_deny(allowed_ip, banned_ip, ip))
+            con = connection_create (sock, serversock, ip);
        if (con)
            return con;
        sock_close(sock);
--- a/src/matchfile.c
+++ b/src/matchfile.c
@ -158,3 +158,28 @@ int          matchfile_match(matchfile_t *file, char *key) {

    return avl_get_by_key(file->contents, (void*)key, &result) == 0 ? 1 : 0;
 }
+
+int          matchfile_match_allow_deny(matchfile_t *allow, matchfile_t *deny, char *key) {
+    if (!allow && !deny)
+        return 1;
+
+    if (!key)
+        return 0;
+
+    if (matchfile_match(deny, key) > 0) {
+        ICECAST_LOG_DEBUG("%s is banned", key);
+        return 0;
+    }
+
+    if (matchfile_match(allow, key) > 0) {
+        ICECAST_LOG_DEBUG("%s is allowed", key);
+        return 1;
+    } else if (allow) {
+        /* we are not on allow list but there is one, so reject */
+        ICECAST_LOG_DEBUG("%s is not allowed", key);
+        return 0;
+    }
+
+    /* default: allow */
+    return 1;
+}
--- a/src/matchfile.h
+++ b/src/matchfile.h
@ -17,4 +17,7 @@ int          matchfile_addref(matchfile_t *file);
 int          matchfile_release(matchfile_t *file);
 int          matchfile_match(matchfile_t *file, char *key);

+/* returns 1 for allow or pass and 0 for deny */
+int          matchfile_match_allow_deny(matchfile_t *allow, matchfile_t *deny, char *key);
+
 #endif  /* __MATCHFILE_H__ */