From e43fd645c17a913f4b4206262fab1c66e138c385 Mon Sep 17 00:00:00 2001 From: Philipp Schafft Date: Thu, 15 Oct 2020 14:20:09 +0000 Subject: [PATCH] Feature: Support names for ACLs Closes: #2347 --- src/acl.c | 15 +++++++++++++++ src/acl.h | 2 ++ src/admin.c | 3 +++ src/connection.c | 6 +++--- 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/src/acl.c b/src/acl.c index 1cd464bb..bd02e7df 100644 --- a/src/acl.c +++ b/src/acl.c @@ -27,6 +27,9 @@ struct acl_tag { /* reference counter */ size_t refcount; + /* name, may be NULL if name was given in config */ + char *name; + /* allowed methods */ acl_policy_t method[httpp_req_unknown+1]; @@ -131,6 +134,8 @@ acl_t *acl_new_from_xml_node(xmlNodePtr node) if (!ret) return NULL; + ret->name = (char*)xmlGetProp(node, XMLSTR("name")); + prop = node->properties; while (prop) { tmp = (char*)xmlGetProp(node, prop->name); @@ -234,9 +239,19 @@ void acl_release(acl_t * acl) config_clear_http_header(acl->http_headers); + if (acl->name) + xmlFree(acl->name); + free(acl); } +const char *acl_get_name(acl_t * acl) +{ + if (!acl) + return NULL; + return acl->name; +} + /* HTTP Method specific functions */ int acl_set_method_str__callback(acl_t *acl, acl_policy_t policy, diff --git a/src/acl.h b/src/acl.h index 9e390f2b..6d53d28a 100644 --- a/src/acl.h +++ b/src/acl.h @@ -38,6 +38,8 @@ acl_t * acl_new_from_xml_node(xmlNodePtr node); void acl_addref(acl_t * acl); void acl_release(acl_t * acl); +const char *acl_get_name(acl_t * acl); + /* special functions */ int acl_set_ANY_str(acl_t * acl, acl_policy_t policy, const char * str, int (*callback)(acl_t *, acl_policy_t, const char *)); diff --git a/src/admin.c b/src/admin.c index 44cb625e..71814170 100644 --- a/src/admin.c +++ b/src/admin.c @@ -784,6 +784,9 @@ static inline xmlNodePtr __add_listener(client_t *client, if (client->role) xmlNewTextChild(node, NULL, XMLSTR("role"), XMLSTR(client->role)); + if (client->acl && acl_get_name(client->acl)) + xmlNewTextChild(node, NULL, XMLSTR("acl"), XMLSTR(acl_get_name(client->acl))); + xmlNewTextChild(node, NULL, XMLSTR("tls"), XMLSTR(client->con->tls ? "true" : "false")); xmlNewTextChild(node, NULL, XMLSTR("protocol"), XMLSTR(client_protocol_to_string(client->protocol))); diff --git a/src/connection.c b/src/connection.c index d970ab6d..d825e249 100644 --- a/src/connection.c +++ b/src/connection.c @@ -898,10 +898,10 @@ static void _handle_source_request(client_t *client) { const char *method = httpp_getvar(client->parser, HTTPP_VAR_REQ_TYPE); - ICECAST_LOG_INFO("Source logging in at mountpoint \"%s\" using %s%H%s from %s as role %s", + ICECAST_LOG_INFO("Source logging in at mountpoint \"%s\" using %s%H%s from %s as role %s with acl %s", client->uri, ((method) ? "\"" : "<"), ((method) ? method : "unknown"), ((method) ? "\"" : ">"), - client->con->ip, client->role); + client->con->ip, client->role, acl_get_name(client->acl)); if (client->parser && client->parser->req_type == httpp_req_source) { ICECAST_LOG_DEBUG("Source at mountpoint \"%s\" connected using deprecated SOURCE method.", client->uri); @@ -1339,7 +1339,7 @@ static void _handle_authed_client(client_t *client, void *userdata, auth_result } if (acl_test_method(client->acl, client->parser->req_type) != ACL_POLICY_ALLOW) { - ICECAST_LOG_ERROR("Client (role=%s, username=%s) not allowed to use this request method on %H", client->role, client->username, client->uri); + ICECAST_LOG_ERROR("Client (role=%s, acl=%s, username=%s) not allowed to use this request method on %H", client->role, acl_get_name(client->acl), client->username, client->uri); client_send_error_by_id(client, ICECAST_ERROR_GEN_CLIENT_NEEDS_TO_AUTHENTICATE); return; }