From f869d5eb7b5062a65ef9c3f11e5fc5925f9c411d Mon Sep 17 00:00:00 2001 From: Philipp Schafft Date: Wed, 23 Jun 2021 14:43:21 +0000 Subject: [PATCH] Update: Pass configuration down to Auth and ACL parsing --- src/acl.c | 5 ++--- src/acl.h | 2 +- src/auth.c | 9 ++++----- src/auth.h | 2 +- src/cfgfile.c | 49 ++++++++++++++++++++++++++----------------------- 5 files changed, 34 insertions(+), 33 deletions(-) diff --git a/src/acl.c b/src/acl.c index e1d5001a..908ffe64 100644 --- a/src/acl.c +++ b/src/acl.c @@ -121,7 +121,7 @@ acl_t *acl_new(void) return ret; } -acl_t *acl_new_from_xml_node(xmlNodePtr node) +acl_t *acl_new_from_xml_node(ice_config_t *configuration, xmlNodePtr node) { acl_t * ret; char * tmp; @@ -212,8 +212,7 @@ acl_t *acl_new_from_xml_node(xmlNodePtr node) if (xmlIsBlankNode(child)) continue; if (xmlStrcmp(child->name, XMLSTR("http-headers")) == 0) { - /* FIXME: Pass real configuration parameter here. */ - config_parse_http_headers(child->xmlChildrenNode, &(ret->http_headers), NULL); + config_parse_http_headers(child->xmlChildrenNode, &(ret->http_headers), configuration); } } while ((child = child->next)); } diff --git a/src/acl.h b/src/acl.h index 6d53d28a..fd6d9116 100644 --- a/src/acl.h +++ b/src/acl.h @@ -33,7 +33,7 @@ typedef enum acl_policy_tag { /* basic functions to work with ACLs */ acl_t * acl_new(void); -acl_t * acl_new_from_xml_node(xmlNodePtr node); +acl_t * acl_new_from_xml_node(ice_config_t *configuration, xmlNodePtr node); void acl_addref(acl_t * acl); void acl_release(acl_t * acl); diff --git a/src/auth.c b/src/auth.c index 19936bef..210f7edf 100644 --- a/src/auth.c +++ b/src/auth.c @@ -795,7 +795,7 @@ static inline int auth_get_authenticator__permission_alter(auth_t *auth, xmlNode return 0; } -auth_t *auth_get_authenticator(xmlNodePtr node) +auth_t *auth_get_authenticator(ice_config_t *configuration, xmlNodePtr node) { auth_t *auth = calloc(1, sizeof(auth_t)); config_options_t *options = NULL, **next_option = &options; @@ -931,11 +931,10 @@ auth_t *auth_get_authenticator(xmlNodePtr node) *next_option = opt; next_option = &opt->next; } else if (xmlStrcmp (child->name, XMLSTR("http-headers")) == 0) { - /* FIXME: Pass real configuration parameter here. */ - config_parse_http_headers(child->xmlChildrenNode, &(auth->http_headers), NULL); + config_parse_http_headers(child->xmlChildrenNode, &(auth->http_headers), configuration); } else if (xmlStrcmp (child->name, XMLSTR("acl")) == 0) { if (!auth->acl) { - auth->acl = acl_new_from_xml_node(child); + auth->acl = acl_new_from_xml_node(configuration, child); } else { ICECAST_LOG_ERROR("More than one ACL defined in role! Not supported (yet)."); } @@ -972,7 +971,7 @@ auth_t *auth_get_authenticator(xmlNodePtr node) if (!auth->acl) { /* If we did not get a try ACL as part of (old style). */ - auth->acl = acl_new_from_xml_node(node); + auth->acl = acl_new_from_xml_node(configuration, node); } if (!auth->acl) { auth_release(auth); diff --git a/src/auth.h b/src/auth.h index cacd9e99..4f99873c 100644 --- a/src/auth.h +++ b/src/auth.h @@ -186,7 +186,7 @@ void auth_shutdown(void); auth_result auth_str2result(const char *str); -auth_t *auth_get_authenticator(xmlNodePtr node); +auth_t *auth_get_authenticator(ice_config_t *configuration, xmlNodePtr node); void auth_release(auth_t *authenticator); void auth_addref(auth_t *authenticator); diff --git a/src/cfgfile.c b/src/cfgfile.c index f036958e..e771c5c5 100644 --- a/src/cfgfile.c +++ b/src/cfgfile.c @@ -529,7 +529,8 @@ static void __found_bad_tag(ice_config_t *configuration, xmlNodePtr node, enum b free(name); } -static void __append_old_style_auth(auth_stack_t **stack, +static void __append_old_style_auth(ice_config_t *configuration, + auth_stack_t **stack, const char *name, const char *type, const char *username, @@ -585,7 +586,7 @@ static void __append_old_style_auth(auth_stack_t **stack, xmlSetProp(pass, XMLSTR("value"), XMLSTR(password)); } - auth = auth_get_authenticator(role); + auth = auth_get_authenticator(configuration, role); auth_stack_push(stack, auth); auth_release(auth); @@ -606,7 +607,8 @@ static void __append_option_tag(xmlNodePtr parent, xmlSetProp(node, XMLSTR("value"), XMLSTR(value)); } -static void __append_old_style_urlauth(auth_stack_t **stack, +static void __append_old_style_urlauth(ice_config_t *configuration, + auth_stack_t **stack, const char *client_add, const char *client_remove, const char *action_add, @@ -654,7 +656,7 @@ static void __append_old_style_urlauth(auth_stack_t **stack, __append_option_tag(role, "headers", headers); __append_option_tag(role, "header_prefix", header_prefix); - auth = auth_get_authenticator(role); + auth = auth_get_authenticator(configuration, role); if (auth) { auth_stack_push(stack, auth); auth_release(auth); @@ -1324,7 +1326,7 @@ static void _parse_root(xmlDocPtr doc, } if (mount) { if (!mount->authstack) { - __append_old_style_auth(&mount->authstack, + __append_old_style_auth(configuration, &mount->authstack, CONFIG_LEGACY_SOURCE_NAME_GLOBAL, AUTH_TYPE_STATIC, "source", source_password, NULL, @@ -1433,7 +1435,7 @@ static void _parse_limits(xmlDocPtr doc, } while ((node = node->next)); } -static void _parse_authentication_node(xmlNodePtr node, auth_stack_t **authstack) +static void _parse_authentication_node(ice_config_t *configuration, xmlNodePtr node, auth_stack_t **authstack) { xmlChar *tmp; @@ -1454,7 +1456,7 @@ static void _parse_authentication_node(xmlNodePtr node, auth_stack_t **authstac if (xmlIsBlankNode(child)) continue; if (xmlStrcmp(child->name, XMLSTR("role")) == 0) { - auth_t *auth = auth_get_authenticator(child); + auth_t *auth = auth_get_authenticator(configuration, child); auth_stack_push(authstack, auth); auth_release(auth); } @@ -1463,7 +1465,8 @@ static void _parse_authentication_node(xmlNodePtr node, auth_stack_t **authstac static void _parse_mount_oldstyle_authentication(mount_proxy *mount, xmlNodePtr node, - auth_stack_t **authstack) + auth_stack_t **authstack, + ice_config_t *configuration) { int allow_duplicate_users = 1; auth_t *auth; @@ -1496,13 +1499,13 @@ static void _parse_mount_oldstyle_authentication(mount_proxy *mount, if (!allow_duplicate_users) xmlSetProp(node, XMLSTR("connections-per-user"), XMLSTR("0")); - auth = auth_get_authenticator(node); + auth = auth_get_authenticator(configuration, node); if (auth) { auth_stack_push(authstack, auth); auth_release(auth); } - __append_old_style_auth(authstack, NULL, AUTH_TYPE_ANONYMOUS, + __append_old_style_auth(configuration, authstack, NULL, AUTH_TYPE_ANONYMOUS, NULL, NULL, CONFIG_LEGACY_ANONYMOUS_METHODS, NULL, 0, NULL); } else if (strcmp(type, AUTH_TYPE_URL) == 0) { /* This block is super fun! Attention! Super fun ahead! Ladies and Gentlemen take care and watch your children! */ @@ -1584,17 +1587,17 @@ static void _parse_mount_oldstyle_authentication(mount_proxy *mount, __append_old_style_url_event(&mount->event, "source-disconnect", mount_add, "mount_remove", username, password); - __append_old_style_urlauth(authstack, listener_add, listener_remove, + __append_old_style_urlauth(configuration, authstack, listener_add, listener_remove, "listener_add", "listener_remove", username, password, 0, auth_header, timelimit_header, headers, header_prefix); - __append_old_style_urlauth(authstack, stream_auth, NULL, "stream_auth", + __append_old_style_urlauth(configuration, authstack, stream_auth, NULL, "stream_auth", NULL, username, password, 1, auth_header, timelimit_header, headers, header_prefix); if (listener_add) - __append_old_style_auth(authstack, NULL, AUTH_TYPE_ANONYMOUS, NULL, + __append_old_style_auth(configuration, authstack, NULL, AUTH_TYPE_ANONYMOUS, NULL, NULL, CONFIG_LEGACY_ANONYMOUS_METHODS, NULL, 0, NULL); if (stream_auth) - __append_old_style_auth(authstack, NULL, AUTH_TYPE_ANONYMOUS, NULL, + __append_old_style_auth(configuration, authstack, NULL, AUTH_TYPE_ANONYMOUS, NULL, NULL, CONFIG_LEGACY_SOURCE_METHODS, NULL, 0, NULL); if (mount_add) @@ -1622,7 +1625,7 @@ static void _parse_mount_oldstyle_authentication(mount_proxy *mount, } else { ICECAST_LOG_ERROR("Unknown authentication type in legacy mode. " "Anonymous listeners and global login for sources disabled."); - __append_old_style_auth(authstack, NULL, AUTH_TYPE_ANONYMOUS, NULL, + __append_old_style_auth(configuration, authstack, NULL, AUTH_TYPE_ANONYMOUS, NULL, NULL, NULL, NULL, 0, NULL); } xmlFree(type); @@ -1739,9 +1742,9 @@ static void _parse_mount(xmlDocPtr doc, tmp = (char *)xmlGetProp(node, XMLSTR("type")); if (tmp) { xmlFree(tmp); - _parse_mount_oldstyle_authentication(mount, node, &authstack); + _parse_mount_oldstyle_authentication(mount, node, &authstack, configuration); } else { - _parse_authentication_node(node, &authstack); + _parse_authentication_node(configuration, node, &authstack); } } else if (xmlStrcmp(node->name, XMLSTR("on-connect")) == 0) { tmp = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1); @@ -1826,7 +1829,7 @@ static void _parse_mount(xmlDocPtr doc, if (password) { auth_stack_t *old_style = NULL; - __append_old_style_auth(&old_style, CONFIG_LEGACY_SOURCE_NAME_MOUNT, + __append_old_style_auth(configuration, &old_style, CONFIG_LEGACY_SOURCE_NAME_MOUNT, AUTH_TYPE_STATIC, username ? username : "source", password, NULL, CONFIG_LEGACY_SOURCE_METHODS, CONFIG_LEGACY_SOURCE_ALLOW_WEB, CONFIG_LEGACY_SOURCE_ALLOW_ADMIN); if (authstack) { @@ -2166,7 +2169,7 @@ static void _parse_listen_socket(xmlDocPtr doc, } else if (xmlStrcmp(node->name, XMLSTR("listen-backlog")) == 0) { __read_int(configuration, doc, node, &listener->listen_backlog); } else if (xmlStrcmp(node->name, XMLSTR("authentication")) == 0) { - _parse_authentication_node(node, &(listener->authstack)); + _parse_authentication_node(configuration, node, &(listener->authstack)); } else if (xmlStrcmp(node->name, XMLSTR("http-headers")) == 0) { config_parse_http_headers(node->xmlChildrenNode, &(listener->http_headers), configuration); } else { @@ -2238,7 +2241,7 @@ static void _parse_authentication(xmlDocPtr doc, xmlNodePtr node, xmlFree(configuration->shoutcast_user); configuration->shoutcast_user = (char *)xmlNodeListGetString(doc, node->xmlChildrenNode, 1); } else if (xmlStrcmp(node->name, XMLSTR("role")) == 0) { - auth_t *auth = auth_get_authenticator(node); + auth_t *auth = auth_get_authenticator(configuration, node); auth_stack_push(&new_style, auth); auth_release(auth); } else { @@ -2247,11 +2250,11 @@ static void _parse_authentication(xmlDocPtr doc, xmlNodePtr node, } while ((node = node->next)); if (admin_password && admin_username) - __append_old_style_auth(&old_style, CONFIG_LEGACY_ADMIN_NAME, AUTH_TYPE_STATIC, + __append_old_style_auth(configuration, &old_style, CONFIG_LEGACY_ADMIN_NAME, AUTH_TYPE_STATIC, admin_username, admin_password, NULL, CONFIG_LEGACY_ADMIN_METHODS, CONFIG_LEGACY_ADMIN_ALLOW_WEB, CONFIG_LEGACY_ADMIN_ALLOW_ADMIN); if (relay_password && relay_username) - __append_old_style_auth(&old_style, CONFIG_LEGACY_RELAY_NAME, AUTH_TYPE_STATIC, + __append_old_style_auth(configuration, &old_style, CONFIG_LEGACY_RELAY_NAME, AUTH_TYPE_STATIC, relay_username, relay_password, NULL, CONFIG_LEGACY_RELAY_METHODS, CONFIG_LEGACY_RELAY_ALLOW_WEB, CONFIG_LEGACY_RELAY_ALLOW_ADMIN); if (admin_password) @@ -2271,7 +2274,7 @@ static void _parse_authentication(xmlDocPtr doc, xmlNodePtr node, } /* default unauthed anonymous account */ - __append_old_style_auth(&old_style, CONFIG_LEGACY_ANONYMOUS_NAME, AUTH_TYPE_ANONYMOUS, + __append_old_style_auth(configuration, &old_style, CONFIG_LEGACY_ANONYMOUS_NAME, AUTH_TYPE_ANONYMOUS, NULL, NULL, NULL, CONFIG_LEGACY_ANONYMOUS_METHODS, CONFIG_LEGACY_ANONYMOUS_ALLOW_WEB, CONFIG_LEGACY_ANONYMOUS_ALLOW_ADMIN); if (!old_style) ICECAST_LOG_ERROR("BAD. old_style=NULL");