mirror of
https://gitlab.xiph.org/xiph/icecast-server.git
synced 2024-12-04 14:46:30 -05:00
Update: Improved matchfile API
This adds support for allow-deny kind of rules with the matchfile API. See: #2119
This commit is contained in:
parent
d24dda61d0
commit
b55bae035d
@ -274,28 +274,6 @@ static int connection_send(connection_t *con, const void *buf, size_t len)
|
||||
return bytes;
|
||||
}
|
||||
|
||||
|
||||
/* return 0 if the passed ip address is not to be handled by icecast, non-zero otherwise */
|
||||
static int accept_ip_address(char *ip) {
|
||||
if (matchfile_match(banned_ip, ip) > 0) {
|
||||
ICECAST_LOG_DEBUG("%s is banned", ip);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (matchfile_match(allowed_ip, ip) > 0) {
|
||||
ICECAST_LOG_DEBUG("%s is allowed", ip);
|
||||
return 1;
|
||||
} else if (allowed_ip) {
|
||||
/* we are not on allow list but there is one, so reject */
|
||||
ICECAST_LOG_DEBUG("%s is not allowed", ip);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* default: allow */
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
connection_t *connection_create (sock_t sock, sock_t serversock, char *ip)
|
||||
{
|
||||
connection_t *con;
|
||||
@ -429,8 +407,8 @@ static connection_t *_accept_connection(int duration)
|
||||
if (strncmp(ip, "::ffff:", 7) == 0)
|
||||
memmove(ip, ip+7, strlen (ip+7)+1);
|
||||
|
||||
if (accept_ip_address(ip))
|
||||
con = connection_create(sock, serversock, ip);
|
||||
if (matchfile_match_allow_deny(allowed_ip, banned_ip, ip))
|
||||
con = connection_create (sock, serversock, ip);
|
||||
if (con)
|
||||
return con;
|
||||
sock_close(sock);
|
||||
|
@ -158,3 +158,28 @@ int matchfile_match(matchfile_t *file, char *key) {
|
||||
|
||||
return avl_get_by_key(file->contents, (void*)key, &result) == 0 ? 1 : 0;
|
||||
}
|
||||
|
||||
int matchfile_match_allow_deny(matchfile_t *allow, matchfile_t *deny, char *key) {
|
||||
if (!allow && !deny)
|
||||
return 1;
|
||||
|
||||
if (!key)
|
||||
return 0;
|
||||
|
||||
if (matchfile_match(deny, key) > 0) {
|
||||
ICECAST_LOG_DEBUG("%s is banned", key);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (matchfile_match(allow, key) > 0) {
|
||||
ICECAST_LOG_DEBUG("%s is allowed", key);
|
||||
return 1;
|
||||
} else if (allow) {
|
||||
/* we are not on allow list but there is one, so reject */
|
||||
ICECAST_LOG_DEBUG("%s is not allowed", key);
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* default: allow */
|
||||
return 1;
|
||||
}
|
||||
|
@ -17,4 +17,7 @@ int matchfile_addref(matchfile_t *file);
|
||||
int matchfile_release(matchfile_t *file);
|
||||
int matchfile_match(matchfile_t *file, char *key);
|
||||
|
||||
/* returns 1 for allow or pass and 0 for deny */
|
||||
int matchfile_match_allow_deny(matchfile_t *allow, matchfile_t *deny, char *key);
|
||||
|
||||
#endif /* __MATCHFILE_H__ */
|
||||
|
Loading…
Reference in New Issue
Block a user