aniani/icecast-server
1
0
Fork 0
mirror of https://gitlab.xiph.org/xiph/icecast-server.git synced 2025-04-18 00:48:43 -04:00
Code

Fix: SECURITY Do not handle admin-requests in listen-socket auth differently.

Browse Source 
This also adds comments to _handle_authentication_global() and
_handle_authentication_mount_default() to explain the situation.
This commit is contained in:
Philipp Schafft 2018-10-04 09:00:26 +00:00
parent 09ade15b91
commit f20dfcef63
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/connection.c
View File

@ -1347,6 +1347,7 @@ static void _handle_authentication_global(client_t *client, void *userdata, auth
client->authstack = NULL; client->authstack = NULL;
if (result != AUTH_NOMATCH && if (result != AUTH_NOMATCH &&
/* Allow global admins access to all mount points */
!(result == AUTH_OK && client->admin_command != ADMIN_COMMAND_ERROR && acl_test_admin(client->acl, client->admin_command) == ACL_POLICY_DENY)) { !(result == AUTH_OK && client->admin_command != ADMIN_COMMAND_ERROR && acl_test_admin(client->acl, client->admin_command) == ACL_POLICY_DENY)) {
_handle_authed_client(client, userdata, result); _handle_authed_client(client, userdata, result);
return; return;
@ -1404,6 +1405,7 @@ static void _handle_authentication_mount_default(client_t *client, void *userdat
client->authstack = NULL; client->authstack = NULL;
if (result != AUTH_NOMATCH && if (result != AUTH_NOMATCH &&
/* Allow global admins access to all mount points */
!(result == AUTH_OK && client->admin_command != ADMIN_COMMAND_ERROR && acl_test_admin(client->acl, client->admin_command) == ACL_POLICY_DENY)) { !(result == AUTH_OK && client->admin_command != ADMIN_COMMAND_ERROR && acl_test_admin(client->acl, client->admin_command) == ACL_POLICY_DENY)) {
_handle_authed_client(client, userdata, result); _handle_authed_client(client, userdata, result);
return; return;
@ -1418,8 +1420,7 @@ static void _handle_authentication_mount_normal(client_t *client, void *userdata
auth_stack_release(client->authstack); auth_stack_release(client->authstack);
client->authstack = NULL; client->authstack = NULL;
if (result != AUTH_NOMATCH && if (result != AUTH_NOMATCH) {
!(result == AUTH_OK && client->admin_command != ADMIN_COMMAND_ERROR && acl_test_admin(client->acl, client->admin_command) == ACL_POLICY_DENY)) {
_handle_authed_client(client, userdata, result); _handle_authed_client(client, userdata, result);
return; return;
} }