Feature: Support names for ACLs

Closes: #2347
2024-12-04 14:46:30 -05:00 · 2020-10-15 14:20:09 +00:00 · 2020-10-15 14:20:09 +00:00 · e43fd645c1
commit e43fd645c1
parent 726bef6d81
4 changed files with 23 additions and 3 deletions
--- a/src/acl.c
+++ b/src/acl.c
@ -27,6 +27,9 @@ struct acl_tag {
    /* reference counter */
    size_t refcount;

+    /* name, may be NULL if name was given in config */
+    char *name;
+
    /* allowed methods */
    acl_policy_t method[httpp_req_unknown+1];

@ -131,6 +134,8 @@ acl_t *acl_new_from_xml_node(xmlNodePtr node)
    if (!ret)
        return NULL;

+    ret->name = (char*)xmlGetProp(node, XMLSTR("name"));
+
    prop = node->properties;
    while (prop) {
        tmp = (char*)xmlGetProp(node, prop->name);
@ -234,9 +239,19 @@ void acl_release(acl_t * acl)

    config_clear_http_header(acl->http_headers);

+    if (acl->name)
+        xmlFree(acl->name);
+
    free(acl);
 }

+const char *acl_get_name(acl_t * acl)
+{
+    if (!acl)
+        return NULL;
+    return acl->name;
+}
+
 /* HTTP Method specific functions */
 int acl_set_method_str__callback(acl_t          *acl,
                                 acl_policy_t   policy,
--- a/src/acl.h
+++ b/src/acl.h
@ -38,6 +38,8 @@ acl_t * acl_new_from_xml_node(xmlNodePtr node);
 void acl_addref(acl_t * acl);
 void acl_release(acl_t * acl);

+const char *acl_get_name(acl_t * acl);
+
 /* special functions */
 int acl_set_ANY_str(acl_t * acl, acl_policy_t policy, const char * str, int (*callback)(acl_t *, acl_policy_t, const char *));

--- a/src/admin.c
+++ b/src/admin.c
@ -784,6 +784,9 @@ static inline xmlNodePtr __add_listener(client_t        *client,
    if (client->role)
        xmlNewTextChild(node, NULL, XMLSTR("role"), XMLSTR(client->role));

+    if (client->acl && acl_get_name(client->acl))
+        xmlNewTextChild(node, NULL, XMLSTR("acl"), XMLSTR(acl_get_name(client->acl)));
+
    xmlNewTextChild(node, NULL, XMLSTR("tls"), XMLSTR(client->con->tls ? "true" : "false"));

    xmlNewTextChild(node, NULL, XMLSTR("protocol"), XMLSTR(client_protocol_to_string(client->protocol)));
--- a/src/connection.c
+++ b/src/connection.c
@ -898,10 +898,10 @@ static void _handle_source_request(client_t *client)
 {
    const char *method = httpp_getvar(client->parser, HTTPP_VAR_REQ_TYPE);

-    ICECAST_LOG_INFO("Source logging in at mountpoint \"%s\" using %s%H%s from %s as role %s",
+    ICECAST_LOG_INFO("Source logging in at mountpoint \"%s\" using %s%H%s from %s as role %s with acl %s",
        client->uri,
        ((method) ? "\"" : "<"), ((method) ? method : "unknown"), ((method) ? "\"" : ">"),
-        client->con->ip, client->role);
+        client->con->ip, client->role, acl_get_name(client->acl));

    if (client->parser && client->parser->req_type == httpp_req_source) {
        ICECAST_LOG_DEBUG("Source at mountpoint \"%s\" connected using deprecated SOURCE method.", client->uri);
@ -1339,7 +1339,7 @@ static void _handle_authed_client(client_t *client, void *userdata, auth_result
    }

    if (acl_test_method(client->acl, client->parser->req_type) != ACL_POLICY_ALLOW) {
-        ICECAST_LOG_ERROR("Client (role=%s, username=%s) not allowed to use this request method on %H", client->role, client->username, client->uri);
+        ICECAST_LOG_ERROR("Client (role=%s, acl=%s, username=%s) not allowed to use this request method on %H", client->role, acl_get_name(client->acl), client->username, client->uri);
        client_send_error_by_id(client, ICECAST_ERROR_GEN_CLIENT_NEEDS_TO_AUTHENTICATE);
        return;
    }