aniani/icecast-server
1
0
Fork 0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2024-12-04 14:46:30 -05:00
Code

Update: Improved matchfile API

Browse Source 
This adds support for allow-deny kind of rules with the matchfile API.

See: #2119
This commit is contained in:
Philipp Schafft 2015-01-06 12:03:28 +00:00
parent d24dda61d0
commit b55bae035d
3 changed files with 30 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/connection.c
View File

@ -274,28 +274,6 @@ static int connection_send(connection_t *con, const void *buf, size_t len)
return bytes; return bytes;
} }
/* return 0 if the passed ip address is not to be handled by icecast, non-zero otherwise */
static int accept_ip_address(char *ip) {
if (matchfile_match(banned_ip, ip) > 0) {
ICECAST_LOG_DEBUG("%s is banned", ip);
return 0;
}
if (matchfile_match(allowed_ip, ip) > 0) {
ICECAST_LOG_DEBUG("%s is allowed", ip);
return 1;
} else if (allowed_ip) {
/* we are not on allow list but there is one, so reject */
ICECAST_LOG_DEBUG("%s is not allowed", ip);
return 0;
}
/* default: allow */
return 1;
}
connection_t *connection_create (sock_t sock, sock_t serversock, char *ip) connection_t *connection_create (sock_t sock, sock_t serversock, char *ip)
{ {
connection_t *con; connection_t *con;
@ -429,8 +407,8 @@ static connection_t *_accept_connection(int duration)
if (strncmp(ip, "::ffff:", 7) == 0) if (strncmp(ip, "::ffff:", 7) == 0)
memmove(ip, ip+7, strlen (ip+7)+1); memmove(ip, ip+7, strlen (ip+7)+1);
if (accept_ip_address(ip)) if (matchfile_match_allow_deny(allowed_ip, banned_ip, ip))
con = connection_create(sock, serversock, ip); con = connection_create (sock, serversock, ip);
if (con) if (con)
return con; return con;
sock_close(sock); sock_close(sock);

25
src/matchfile.c
View File

@ -158,3 +158,28 @@ int matchfile_match(matchfile_t *file, char *key) {
return avl_get_by_key(file->contents, (void*)key, &result) == 0 ? 1 : 0; return avl_get_by_key(file->contents, (void*)key, &result) == 0 ? 1 : 0;
} }
int matchfile_match_allow_deny(matchfile_t *allow, matchfile_t *deny, char *key) {
if (!allow && !deny)
return 1;
if (!key)
return 0;
if (matchfile_match(deny, key) > 0) {
ICECAST_LOG_DEBUG("%s is banned", key);
return 0;
}
if (matchfile_match(allow, key) > 0) {
ICECAST_LOG_DEBUG("%s is allowed", key);
return 1;
} else if (allow) {
/* we are not on allow list but there is one, so reject */
ICECAST_LOG_DEBUG("%s is not allowed", key);
return 0;
}
/* default: allow */
return 1;
}

3
src/matchfile.h
View File

@ -17,4 +17,7 @@ int matchfile_addref(matchfile_t *file);
int matchfile_release(matchfile_t *file); int matchfile_release(matchfile_t *file);
int matchfile_match(matchfile_t *file, char *key); int matchfile_match(matchfile_t *file, char *key);
/* returns 1 for allow or pass and 0 for deny */
int matchfile_match_allow_deny(matchfile_t *allow, matchfile_t *deny, char *key);
#endif /* __MATCHFILE_H__ */ #endif /* __MATCHFILE_H__ */