Feature #4461 » 4461-extra-debug.patch
| src/access.c | ||
|---|---|---|
| 461 | 461 |
/* |
| 462 | 462 |
* |
| 463 | 463 |
*/ |
| 464 |
static void
|
|
| 465 |
access_dump_a(access_t *a) |
|
| 464 |
void |
|
| 465 |
access_dump_a(const access_t *a)
|
|
| 466 | 466 |
{
|
| 467 | 467 |
htsmsg_field_t *f; |
| 468 | 468 |
size_t l = 0; |
| 469 | 469 |
char buf[1024]; |
| 470 | 470 |
int first; |
| 471 | 471 | |
| 472 |
if (!a) {
|
|
| 473 |
tvhinfo(LS_ACCESS, "<nopermission>"); |
|
| 474 |
} |
|
| 475 | ||
| 472 | 476 |
tvh_strlcatf(buf, sizeof(buf), l, |
| 473 | 477 |
"%s:%s [%c%c%c%c%c%c%c%c%c%c%c], conn=%u:s%u:r%u:l%u%s", |
| 474 | 478 |
a->aa_representative ?: "<no-id>", |
| ... | ... | |
| 533 | 537 |
access_dump_tags("exclude ", buf, sizeof(buf), &l, a->aa_chtags_exclude);
|
| 534 | 538 |
access_dump_tags("", buf, sizeof(buf), &l, a->aa_chtags);
|
| 535 | 539 | |
| 536 |
tvhtrace(LS_ACCESS, "%s", buf);
|
|
| 540 |
tvhinfo(LS_ACCESS, "%s", buf);
|
|
| 537 | 541 |
} |
| 538 | 542 | |
| 539 | 543 |
/* |
| ... | ... | |
| 725 | 729 |
access_entry_t *ae; |
| 726 | 730 |
int nouser = tvh_str_default(username, NULL) == NULL; |
| 727 | 731 |
char *s; |
| 732 |
tvhinfo(LS_ACCESS, "access_get for user <%s>", username?:"<none>"); |
|
| 728 | 733 | |
| 729 |
if (!access_noacl && access_ip_blocked(src)) |
|
| 734 |
if (!access_noacl && access_ip_blocked(src)) {
|
|
| 735 |
tvhinfo(LS_ACCESS, "No permission due to access_ip_blocked"); |
|
| 730 | 736 |
return a; |
| 737 |
} |
|
| 731 | 738 | |
| 732 | 739 |
if (!passwd_verify(a, username, verify, aux)) {
|
| 733 | 740 |
a->aa_username = strdup(username); |
| 734 | 741 |
a->aa_representative = strdup(username); |
| 735 | 742 |
if(!passwd_verify2(username, verify, aux, |
| 736 |
superuser_username, superuser_password)) |
|
| 743 |
superuser_username, superuser_password)) {
|
|
| 744 |
tvhinfo(LS_ACCESS, "access_full 1"); |
|
| 737 | 745 |
return access_full(a); |
| 746 |
} |
|
| 738 | 747 |
} else {
|
| 739 | 748 |
s = alloca(50); |
| 740 | 749 |
tcp_get_str_from_ip(src, s, 50); |
| 741 | 750 |
a->aa_representative = strdup(s); |
| 742 | 751 |
if(!passwd_verify2(username, verify, aux, |
| 743 |
superuser_username, superuser_password)) |
|
| 752 |
superuser_username, superuser_password)) {
|
|
| 753 |
tvhinfo(LS_ACCESS, "access_full 2"); |
|
| 744 | 754 |
return access_full(a); |
| 755 |
} |
|
| 745 | 756 |
username = NULL; |
| 746 | 757 |
} |
| 747 | 758 | |
| 748 |
if (access_noacl) |
|
| 759 |
if (access_noacl) {
|
|
| 760 |
tvhinfo(LS_ACCESS, "access_full 3"); |
|
| 749 | 761 |
return access_full(a); |
| 762 |
} |
|
| 750 | 763 | |
| 751 | 764 |
TAILQ_FOREACH(ae, &access_entries, ae_link) {
|
| 752 | 765 | |
| ... | ... | |
| 759 | 772 |
continue; /* Didn't get one */ |
| 760 | 773 |
} |
| 761 | 774 | |
| 762 |
if(!netmask_verify(&ae->ae_ipmasks, src)) |
|
| 775 |
if(!netmask_verify(&ae->ae_ipmasks, src)) {
|
|
| 776 |
tvhinfo(LS_ACCESS, "netmask_verify fail"); |
|
| 763 | 777 |
continue; /* IP based access mismatches */ |
| 778 |
} |
|
| 764 | 779 | |
| 765 | 780 |
if(ae->ae_username[0] != '*') |
| 766 | 781 |
a->aa_match = 1; |
| ... | ... | |
| 770 | 785 | |
| 771 | 786 |
/* Username was not matched - no access */ |
| 772 | 787 |
if (!a->aa_match) {
|
| 788 |
tvhinfo(LS_ACCESS, "aa_match nouser=%d", nouser); |
|
| 773 | 789 |
free(a->aa_username); |
| 774 | 790 |
a->aa_username = NULL; |
| 775 | 791 |
if (!nouser) |
| src/access.h | ||
|---|---|---|
| 300 | 300 |
access_t *access_get(struct sockaddr_storage *src, const char *username, |
| 301 | 301 |
verify_callback_t verify, void *aux); |
| 302 | 302 | |
| 303 |
void access_dump_a(const access_t *a); |
|
| 303 | 304 |
/** |
| 304 | 305 |
* |
| 305 | 306 |
*/ |
| src/webui/webui.c | ||
|---|---|---|
| 1646 | 1646 |
static access_t *hdhomerun_verify_user_permission(const http_connection_t *hc, |
| 1647 | 1647 |
const char *fail_log_reason) |
| 1648 | 1648 |
{
|
| 1649 |
tvhinfo(LS_ACCESS, "hdhomerun_verify_user_permission"); |
|
| 1649 | 1650 |
/* Not explicitly enabled? Then all calls fail. */ |
| 1650 | 1651 |
if (!config.hdhomerun_server_enable) {
|
| 1651 | 1652 |
tvhwarn(LS_WEBUI, "hdhomerun server not enabled but received request [%s]", |
| ... | ... | |
| 1655 | 1656 | |
| 1656 | 1657 |
const char *hdhr_user = config.hdhomerun_server_username ?: ""; |
| 1657 | 1658 |
access_t *perm = access_get(hc->hc_peer, hdhr_user, hdhomerun_server_verify_callback, NULL); |
| 1658 | ||
| 1659 |
access_dump_a(perm); |
|
| 1659 | 1660 |
if (access_verify2(perm, ACCESS_STREAMING)) {
|
| 1660 | 1661 |
/* Failed */ |
| 1661 |
tvhwarn(LS_WEBUI, "hdhomerun server received request but no streaming permission for user [%s] [%d] [%s]", |
|
| 1662 |
access_dump_a(perm); |
|
| 1663 |
tvhwarn(LS_WEBUI, "hdhomerun server received request but no streaming permission for user [%s] [%s] [%s] [%d] [%s]", |
|
| 1662 | 1664 |
hdhr_user ?: "<none>", |
| 1665 |
perm? (perm->aa_username ?: "<none>") : "<noperm>", |
|
| 1666 |
perm? (perm->aa_representative ?: "<none>") : "<noperm>", |
|
| 1663 | 1667 |
perm? perm->aa_rights : 0, |
| 1664 | 1668 |
fail_log_reason?:""); |
| 1665 | 1669 |
access_destroy(perm); |
| 1666 | 1670 |
return NULL; |
| 1667 | 1671 |
} else {
|
| 1672 |
tvhinfo(LS_ACCESS, "hdhomerun_verify_user_permission: OK"); |
|
| 1668 | 1673 |
return perm; |
| 1669 | 1674 |
} |
| 1670 | 1675 |
} |
