mirror of
https://gitlab.xiph.org/xiph/icecast-server.git
synced 2024-09-22 04:15:54 -04:00
Fix: Handle safe HTTP methods in unsafe context correctly
Closes: #2398
This commit is contained in:
parent
e43fd645c1
commit
c3340dd73d
@ -9,7 +9,7 @@
|
|||||||
<section class="box">
|
<section class="box">
|
||||||
<h3 class="box_title">Overview for <code><xsl:value-of select="value[@member='global-config']/value[@member='hostname']/@value" /></code></h3>
|
<h3 class="box_title">Overview for <code><xsl:value-of select="value[@member='global-config']/value[@member='hostname']/@value" /></code></h3>
|
||||||
<ul class="boxnav">
|
<ul class="boxnav">
|
||||||
<li><a href="/admin/reloadconfig.xsl">Reload Configuration</a></li>
|
<li><a href="/admin/reloadconfig.xsl?omode=normal">Reload Configuration</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
<div class="side-by-side">
|
<div class="side-by-side">
|
||||||
<div>
|
<div>
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
<xsl:for-each select="resource[@name='logfiles']/value/value">
|
<xsl:for-each select="resource[@name='logfiles']/value/value">
|
||||||
<li><a href="?logfile={@value}"><xsl:value-of select="@value" /></a></li>
|
<li><a href="?logfile={@value}"><xsl:value-of select="@value" /></a></li>
|
||||||
</xsl:for-each>
|
</xsl:for-each>
|
||||||
<li class="critical"><a href="/admin/marklog.xsl">Mark logfiles</a></li>
|
<li class="critical"><a href="/admin/marklog.xsl?omode=normal">Mark logfiles</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
<ul class="codeblock">
|
<ul class="codeblock">
|
||||||
<xsl:for-each select="resource[@name='logcontent']/value/value[@member='lines']/value">
|
<xsl:for-each select="resource[@name='logcontent']/value/value[@member='lines']/value">
|
||||||
|
@ -43,7 +43,7 @@
|
|||||||
<!-- Global subnav -->
|
<!-- Global subnav -->
|
||||||
<div class="stats">
|
<div class="stats">
|
||||||
<ul class="boxnav">
|
<ul class="boxnav">
|
||||||
<li><a href="/admin/reloadconfig.xsl">Reload Configuration</a></li>
|
<li><a href="/admin/reloadconfig.xsl?omode=normal">Reload Configuration</a></li>
|
||||||
<li><a href="/admin/stats.xsl?showall=true">Show all mounts</a></li>
|
<li><a href="/admin/stats.xsl?showall=true">Show all mounts</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
</div>
|
</div>
|
||||||
|
159
src/admin.c
159
src/admin.c
@ -145,66 +145,66 @@ static void command_mark_log (client_t *client, source_t *source, adm
|
|||||||
static void command_dashboard (client_t *client, source_t *source, admin_format_t response);
|
static void command_dashboard (client_t *client, source_t *source, admin_format_t response);
|
||||||
|
|
||||||
static const admin_command_handler_t handlers[] = {
|
static const admin_command_handler_t handlers[] = {
|
||||||
{ "*", ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, NULL, NULL}, /* for ACL framework */
|
{ "*", ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, ADMINSAFE_UNSAFE, NULL, NULL}, /* for ACL framework */
|
||||||
{ FALLBACK_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, command_fallback, NULL},
|
{ FALLBACK_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, ADMINSAFE_HYBRID, command_fallback, NULL},
|
||||||
{ FALLBACK_HTML_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, command_fallback, NULL},
|
{ FALLBACK_HTML_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, ADMINSAFE_HYBRID, command_fallback, NULL},
|
||||||
{ FALLBACK_JSON_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_JSON, command_fallback, NULL},
|
{ FALLBACK_JSON_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_JSON, ADMINSAFE_HYBRID, command_fallback, NULL},
|
||||||
{ METADATA_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, command_metadata, NULL},
|
{ METADATA_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, ADMINSAFE_UNSAFE, command_metadata, NULL},
|
||||||
{ METADATA_HTML_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, command_metadata, NULL},
|
{ METADATA_HTML_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, ADMINSAFE_UNSAFE, command_metadata, NULL},
|
||||||
{ METADATA_JSON_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_JSON, command_metadata, NULL},
|
{ METADATA_JSON_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_JSON, ADMINSAFE_UNSAFE, command_metadata, NULL},
|
||||||
{ SHOUTCAST_METADATA_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, command_shoutcast_metadata, NULL},
|
{ SHOUTCAST_METADATA_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, ADMINSAFE_UNSAFE, command_shoutcast_metadata, NULL},
|
||||||
{ LISTCLIENTS_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, command_show_listeners, NULL},
|
{ LISTCLIENTS_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, ADMINSAFE_SAFE, command_show_listeners, NULL},
|
||||||
{ LISTCLIENTS_HTML_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, command_show_listeners, NULL},
|
{ LISTCLIENTS_HTML_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, ADMINSAFE_SAFE, command_show_listeners, NULL},
|
||||||
{ LISTCLIENTS_JSON_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_JSON, command_show_listeners, NULL},
|
{ LISTCLIENTS_JSON_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_JSON, ADMINSAFE_SAFE, command_show_listeners, NULL},
|
||||||
{ STATS_RAW_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_RAW, command_stats, NULL},
|
{ STATS_RAW_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_RAW, ADMINSAFE_SAFE, command_stats, NULL},
|
||||||
{ STATS_HTML_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_HTML, command_stats, NULL},
|
{ STATS_HTML_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_HTML, ADMINSAFE_SAFE, command_stats, NULL},
|
||||||
{ STATS_JSON_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_JSON, command_stats, NULL},
|
{ STATS_JSON_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_JSON, ADMINSAFE_SAFE, command_stats, NULL},
|
||||||
{ "stats.xml", ADMINTYPE_HYBRID, ADMIN_FORMAT_RAW, command_stats, NULL},
|
{ "stats.xml", ADMINTYPE_HYBRID, ADMIN_FORMAT_RAW, ADMINSAFE_SAFE, command_stats, NULL},
|
||||||
{ PUBLICSTATS_RAW_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_RAW, command_public_stats, NULL},
|
{ PUBLICSTATS_RAW_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_RAW, ADMINSAFE_SAFE, command_public_stats, NULL},
|
||||||
{ PUBLICSTATS_JSON_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_JSON, command_public_stats, NULL},
|
{ PUBLICSTATS_JSON_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_JSON, ADMINSAFE_SAFE, command_public_stats, NULL},
|
||||||
{ QUEUE_RELOAD_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, command_queue_reload, NULL},
|
{ QUEUE_RELOAD_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, ADMINSAFE_UNSAFE, command_queue_reload, NULL},
|
||||||
{ QUEUE_RELOAD_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, command_queue_reload, NULL},
|
{ QUEUE_RELOAD_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, ADMINSAFE_UNSAFE, command_queue_reload, NULL},
|
||||||
{ QUEUE_RELOAD_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, command_queue_reload, NULL},
|
{ QUEUE_RELOAD_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, ADMINSAFE_UNSAFE, command_queue_reload, NULL},
|
||||||
{ LISTMOUNTS_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, command_list_mounts, NULL},
|
{ LISTMOUNTS_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, ADMINSAFE_SAFE, command_list_mounts, NULL},
|
||||||
{ LISTMOUNTS_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, command_list_mounts, NULL},
|
{ LISTMOUNTS_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, ADMINSAFE_SAFE, command_list_mounts, NULL},
|
||||||
{ LISTMOUNTS_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, command_list_mounts, NULL},
|
{ LISTMOUNTS_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, ADMINSAFE_SAFE, command_list_mounts, NULL},
|
||||||
{ STREAMLIST_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, command_list_mounts, NULL},
|
{ STREAMLIST_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, ADMINSAFE_SAFE, command_list_mounts, NULL},
|
||||||
{ STREAMLIST_PLAINTEXT_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_PLAINTEXT, command_list_mounts, NULL},
|
{ STREAMLIST_PLAINTEXT_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_PLAINTEXT, ADMINSAFE_SAFE, command_list_mounts, NULL},
|
||||||
{ STREAMLIST_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, command_list_mounts, NULL},
|
{ STREAMLIST_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, ADMINSAFE_SAFE, command_list_mounts, NULL},
|
||||||
{ STREAMLIST_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, command_list_mounts, NULL},
|
{ STREAMLIST_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, ADMINSAFE_SAFE, command_list_mounts, NULL},
|
||||||
{ MOVECLIENTS_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, command_move_clients, NULL},
|
{ MOVECLIENTS_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, ADMINSAFE_HYBRID, command_move_clients, NULL},
|
||||||
{ MOVECLIENTS_HTML_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_HTML, command_move_clients, NULL},
|
{ MOVECLIENTS_HTML_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_HTML, ADMINSAFE_HYBRID, command_move_clients, NULL},
|
||||||
{ MOVECLIENTS_JSON_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_JSON, command_move_clients, NULL},
|
{ MOVECLIENTS_JSON_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_JSON, ADMINSAFE_HYBRID, command_move_clients, NULL},
|
||||||
{ KILLCLIENT_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, command_kill_client, NULL},
|
{ KILLCLIENT_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, ADMINSAFE_UNSAFE, command_kill_client, NULL},
|
||||||
{ KILLCLIENT_HTML_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, command_kill_client, NULL},
|
{ KILLCLIENT_HTML_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, ADMINSAFE_UNSAFE, command_kill_client, NULL},
|
||||||
{ KILLCLIENT_JSON_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_JSON, command_kill_client, NULL},
|
{ KILLCLIENT_JSON_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_JSON, ADMINSAFE_UNSAFE, command_kill_client, NULL},
|
||||||
{ KILLSOURCE_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, command_kill_source, NULL},
|
{ KILLSOURCE_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, ADMINSAFE_UNSAFE, command_kill_source, NULL},
|
||||||
{ KILLSOURCE_HTML_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, command_kill_source, NULL},
|
{ KILLSOURCE_HTML_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, ADMINSAFE_UNSAFE, command_kill_source, NULL},
|
||||||
{ KILLSOURCE_JSON_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_JSON, command_kill_source, NULL},
|
{ KILLSOURCE_JSON_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_JSON, ADMINSAFE_UNSAFE, command_kill_source, NULL},
|
||||||
{ MANAGEAUTH_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, command_manageauth, NULL},
|
{ MANAGEAUTH_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, ADMINSAFE_HYBRID, command_manageauth, NULL},
|
||||||
{ MANAGEAUTH_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, command_manageauth, NULL},
|
{ MANAGEAUTH_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, ADMINSAFE_HYBRID, command_manageauth, NULL},
|
||||||
{ MANAGEAUTH_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, command_manageauth, NULL},
|
{ MANAGEAUTH_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, ADMINSAFE_HYBRID, command_manageauth, NULL},
|
||||||
{ UPDATEMETADATA_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, command_updatemetadata, NULL},
|
{ UPDATEMETADATA_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, ADMINSAFE_SAFE, command_updatemetadata, NULL},
|
||||||
{ UPDATEMETADATA_HTML_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, command_updatemetadata, NULL},
|
{ UPDATEMETADATA_HTML_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_HTML, ADMINSAFE_SAFE, command_updatemetadata, NULL},
|
||||||
{ UPDATEMETADATA_JSON_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_JSON, command_updatemetadata, NULL},
|
{ UPDATEMETADATA_JSON_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_JSON, ADMINSAFE_SAFE, command_updatemetadata, NULL},
|
||||||
{ BUILDM3U_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, command_buildm3u, NULL},
|
{ BUILDM3U_RAW_REQUEST, ADMINTYPE_MOUNT, ADMIN_FORMAT_RAW, ADMINSAFE_SAFE, command_buildm3u, NULL},
|
||||||
{ SHOWLOG_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, command_show_log, NULL},
|
{ SHOWLOG_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, ADMINSAFE_SAFE, command_show_log, NULL},
|
||||||
{ SHOWLOG_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, command_show_log, NULL},
|
{ SHOWLOG_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, ADMINSAFE_SAFE, command_show_log, NULL},
|
||||||
{ SHOWLOG_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, command_show_log, NULL},
|
{ SHOWLOG_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, ADMINSAFE_SAFE, command_show_log, NULL},
|
||||||
{ MARKLOG_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, command_mark_log, NULL},
|
{ MARKLOG_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, ADMINSAFE_UNSAFE, command_mark_log, NULL},
|
||||||
{ MARKLOG_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, command_mark_log, NULL},
|
{ MARKLOG_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, ADMINSAFE_UNSAFE, command_mark_log, NULL},
|
||||||
{ MARKLOG_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, command_mark_log, NULL},
|
{ MARKLOG_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, ADMINSAFE_UNSAFE, command_mark_log, NULL},
|
||||||
{ DASHBOARD_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, command_dashboard, NULL},
|
{ DASHBOARD_RAW_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_RAW, ADMINSAFE_SAFE, command_dashboard, NULL},
|
||||||
{ DASHBOARD_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, command_dashboard, NULL},
|
{ DASHBOARD_HTML_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_HTML, ADMINSAFE_SAFE, command_dashboard, NULL},
|
||||||
{ DASHBOARD_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, command_dashboard, NULL},
|
{ DASHBOARD_JSON_REQUEST, ADMINTYPE_GENERAL, ADMIN_FORMAT_JSON, ADMINSAFE_SAFE, command_dashboard, NULL},
|
||||||
{ DEFAULT_HTML_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_HTML, command_default_selector, NULL},
|
{ DEFAULT_HTML_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_HTML, ADMINSAFE_SAFE, command_default_selector, NULL},
|
||||||
{ DEFAULT_RAW_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_HTML, command_default_selector, NULL}
|
{ DEFAULT_RAW_REQUEST, ADMINTYPE_HYBRID, ADMIN_FORMAT_HTML, ADMINSAFE_SAFE, command_default_selector, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
static void ui_command(client_t * client, source_t * source, admin_format_t format, resourcematch_extract_t *parameters);
|
static void ui_command(client_t * client, source_t * source, admin_format_t format, resourcematch_extract_t *parameters);
|
||||||
|
|
||||||
static const admin_command_handler_t ui_handlers[] = {
|
static const admin_command_handler_t ui_handlers[] = {
|
||||||
{ "%s", ADMINTYPE_HYBRID, ADMIN_FORMAT_AUTO, NULL, ui_command}
|
{ "%s", ADMINTYPE_HYBRID, ADMIN_FORMAT_AUTO, ADMINSAFE_SAFE, NULL, ui_command}
|
||||||
};
|
};
|
||||||
|
|
||||||
static admin_command_table_t command_tables[ADMIN_MAX_COMMAND_TABLES] = {
|
static admin_command_table_t command_tables[ADMIN_MAX_COMMAND_TABLES] = {
|
||||||
@ -374,6 +374,34 @@ int admin_command_table_unregister(const char *prefix)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Enforces requests HTTP unsafe (e.g. POST not GET).
|
||||||
|
* Returns true if the request has been handled (rejected) and false if the request is still for open for handling (passed).
|
||||||
|
*/
|
||||||
|
static int admin_enforce_unsafe(client_t *client)
|
||||||
|
{
|
||||||
|
// check if the client is using an unsafe method, if so just return.
|
||||||
|
if (!(httpp_request_info(client->parser->req_type) & HTTPP_REQUEST_IS_SAFE))
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
switch (client->mode) {
|
||||||
|
case OMODE_LEGACY:
|
||||||
|
// no-op
|
||||||
|
break;
|
||||||
|
case OMODE_STRICT:
|
||||||
|
ICECAST_LOG_WARN("Client %p (role=%H, acl=%H, username=%H) rejected for use of safe method %s on %H",
|
||||||
|
client, client->role, acl_get_name(client->acl), client->username, httpp_getvar(client->parser, HTTPP_VAR_REQ_TYPE), client->uri);
|
||||||
|
client_send_error_by_id(client, ICECAST_ERROR_GEN_SAFE_METHOD_ON_UNSAFE_CALL);
|
||||||
|
return 1;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
ICECAST_LOG_WARN("Client %p (role=%H, acl=%H, username=%H) uses safe method %s on %H",
|
||||||
|
client, client->role, acl_get_name(client->acl), client->username, httpp_getvar(client->parser, HTTPP_VAR_REQ_TYPE), client->uri);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
/* build an XML root node including some common tags */
|
/* build an XML root node including some common tags */
|
||||||
xmlNodePtr admin_build_rootnode(xmlDocPtr doc, const char *name)
|
xmlNodePtr admin_build_rootnode(xmlDocPtr doc, const char *name)
|
||||||
{
|
{
|
||||||
@ -604,6 +632,11 @@ void admin_handle_request(client_t *client, const char *uri)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (handler->safeness == ADMINSAFE_UNSAFE) {
|
||||||
|
if (admin_enforce_unsafe(client))
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (handler->format == ADMIN_FORMAT_AUTO) {
|
if (handler->format == ADMIN_FORMAT_AUTO) {
|
||||||
format = client_get_admin_format_by_content_negotiation(client);
|
format = client_get_admin_format_by_content_negotiation(client);
|
||||||
} else {
|
} else {
|
||||||
@ -711,6 +744,9 @@ static void command_move_clients(client_t *client,
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (admin_enforce_unsafe(client))
|
||||||
|
return;
|
||||||
|
|
||||||
dest = source_find_mount(dest_source);
|
dest = source_find_mount(dest_source);
|
||||||
|
|
||||||
if (dest == NULL) {
|
if (dest == NULL) {
|
||||||
@ -919,6 +955,10 @@ static void command_manageauth(client_t *client, source_t *source, admin_format_
|
|||||||
|
|
||||||
if (!strcmp(action, "add")) {
|
if (!strcmp(action, "add")) {
|
||||||
const char *password = NULL;
|
const char *password = NULL;
|
||||||
|
|
||||||
|
if (admin_enforce_unsafe(client))
|
||||||
|
return;
|
||||||
|
|
||||||
COMMAND_OPTIONAL(client, "password", password);
|
COMMAND_OPTIONAL(client, "password", password);
|
||||||
|
|
||||||
if (username == NULL || password == NULL) {
|
if (username == NULL || password == NULL) {
|
||||||
@ -944,8 +984,10 @@ static void command_manageauth(client_t *client, source_t *source, admin_format_
|
|||||||
auth_release(auth);
|
auth_release(auth);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
} else if (!strcmp(action, "delete")) {
|
||||||
if (!strcmp(action, "delete")) {
|
if (admin_enforce_unsafe(client))
|
||||||
|
return;
|
||||||
|
|
||||||
if (username == NULL) {
|
if (username == NULL) {
|
||||||
ICECAST_LOG_WARN("manage auth request delete for %lu but no username", id);
|
ICECAST_LOG_WARN("manage auth request delete for %lu but no username", id);
|
||||||
break;
|
break;
|
||||||
@ -1055,6 +1097,9 @@ static void command_fallback(client_t *client,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (admin_enforce_unsafe(client))
|
||||||
|
return;
|
||||||
|
|
||||||
COMMAND_REQUIRE(client, "fallback", fallback);
|
COMMAND_REQUIRE(client, "fallback", fallback);
|
||||||
|
|
||||||
util_replace_string(&(source->fallback_mount), fallback);
|
util_replace_string(&(source->fallback_mount), fallback);
|
||||||
|
@ -29,6 +29,11 @@
|
|||||||
#define ADMINTYPE_MOUNT 2
|
#define ADMINTYPE_MOUNT 2
|
||||||
#define ADMINTYPE_HYBRID (ADMINTYPE_GENERAL|ADMINTYPE_MOUNT)
|
#define ADMINTYPE_HYBRID (ADMINTYPE_GENERAL|ADMINTYPE_MOUNT)
|
||||||
|
|
||||||
|
/* HTTP safeness */
|
||||||
|
#define ADMINSAFE_SAFE 1
|
||||||
|
#define ADMINSAFE_UNSAFE 2
|
||||||
|
#define ADMINSAFE_HYBRID (ADMINSAFE_SAFE|ADMINSAFE_UNSAFE)
|
||||||
|
|
||||||
/* special commands */
|
/* special commands */
|
||||||
#define ADMIN_COMMAND_ERROR ((admin_command_id_t)(-1))
|
#define ADMIN_COMMAND_ERROR ((admin_command_id_t)(-1))
|
||||||
#define ADMIN_COMMAND_ANY ((admin_command_id_t)0) /* for ACL framework */
|
#define ADMIN_COMMAND_ANY ((admin_command_id_t)0) /* for ACL framework */
|
||||||
@ -40,6 +45,7 @@ typedef struct admin_command_handler {
|
|||||||
const char *route;
|
const char *route;
|
||||||
const int type;
|
const int type;
|
||||||
const int format;
|
const int format;
|
||||||
|
const int safeness;
|
||||||
const admin_request_function_ptr function;
|
const admin_request_function_ptr function;
|
||||||
const admin_request_function_with_parameters_ptr function_with_parameters;
|
const admin_request_function_with_parameters_ptr function_with_parameters;
|
||||||
} admin_command_handler_t;
|
} admin_command_handler_t;
|
||||||
|
@ -123,6 +123,9 @@ static const icecast_error_t __errors[] = {
|
|||||||
{.id = ICECAST_ERROR_GEN_MEMORY_EXHAUSTED, .http_status = 503,
|
{.id = ICECAST_ERROR_GEN_MEMORY_EXHAUSTED, .http_status = 503,
|
||||||
.uuid = "18411e73-713e-4910-b7e4-52a2e324b4e0",
|
.uuid = "18411e73-713e-4910-b7e4-52a2e324b4e0",
|
||||||
.message = "memory exhausted"},
|
.message = "memory exhausted"},
|
||||||
|
{.id = ICECAST_ERROR_GEN_SAFE_METHOD_ON_UNSAFE_CALL, .http_status = 405,
|
||||||
|
.uuid = "6f4c95e3-b446-4814-b4b8-0cb585dbe4bd",
|
||||||
|
.message = "Safe HTTP method used on unsafe call"},
|
||||||
{.id = ICECAST_ERROR_SOURCE_MOUNT_UNAVAILABLE, .http_status = 404 /* XXX */,
|
{.id = ICECAST_ERROR_SOURCE_MOUNT_UNAVAILABLE, .http_status = 404 /* XXX */,
|
||||||
.uuid = "88d06875-fcf2-4417-84af-05866c97745c",
|
.uuid = "88d06875-fcf2-4417-84af-05866c97745c",
|
||||||
.message = "Mount unavailable"},
|
.message = "Mount unavailable"},
|
||||||
|
@ -45,6 +45,7 @@ typedef enum {
|
|||||||
ICECAST_ERROR_GEN_CLIENT_NEEDS_TO_AUTHENTICATE,
|
ICECAST_ERROR_GEN_CLIENT_NEEDS_TO_AUTHENTICATE,
|
||||||
ICECAST_ERROR_GEN_HEADER_GEN_FAILED,
|
ICECAST_ERROR_GEN_HEADER_GEN_FAILED,
|
||||||
ICECAST_ERROR_GEN_MEMORY_EXHAUSTED,
|
ICECAST_ERROR_GEN_MEMORY_EXHAUSTED,
|
||||||
|
ICECAST_ERROR_GEN_SAFE_METHOD_ON_UNSAFE_CALL,
|
||||||
ICECAST_ERROR_SOURCE_MOUNT_UNAVAILABLE,
|
ICECAST_ERROR_SOURCE_MOUNT_UNAVAILABLE,
|
||||||
ICECAST_ERROR_SOURCE_STREAM_PREPARATION_ERROR,
|
ICECAST_ERROR_SOURCE_STREAM_PREPARATION_ERROR,
|
||||||
ICECAST_ERROR_SOURCE_MAX_LISTENERS,
|
ICECAST_ERROR_SOURCE_MAX_LISTENERS,
|
||||||
|
Loading…
Reference in New Issue
Block a user