1 /*****************************************************************************
3 *****************************************************************************
4 * Copyright © 2005-2007 Rémi Denis-Courmont
7 * Authors: Rémi Denis-Courmont <rem # videolan.org>
9 * This program is free software; you can redistribute it and/or modify it
10 * under the terms of the GNU Lesser General Public License as published by
11 * the Free Software Foundation; either version 2.1 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public License
20 * along with this program; if not, write to the Free Software Foundation,
21 * Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
22 *****************************************************************************/
24 /*****************************************************************************
26 *****************************************************************************/
31 #include <vlc_common.h>
36 #include <vlc_network.h>
39 /* FIXME: rwlock on acl, but libvlc doesn't implement rwlock */
40 typedef struct vlc_acl_entry_t
43 uint8_t i_bytes_match
;
50 vlc_object_t
*p_owner
;
52 vlc_acl_entry_t
*p_entries
;
56 static int ACL_Resolve( vlc_object_t
*p_this
, uint8_t *p_bytes
,
59 struct addrinfo hints
, *res
;
62 memset (&hints
, 0, sizeof (hints
));
63 hints
.ai_socktype
= SOCK_STREAM
; /* doesn't matter */
64 hints
.ai_flags
= AI_NUMERICHOST
;
66 if( vlc_getaddrinfo( p_this
, psz_ip
, 0, &hints
, &res
) )
68 msg_Err( p_this
, "invalid IP address %s", psz_ip
);
72 p_bytes
[16] = 0; /* avoids overflowing when i_bytes_match = 16 */
74 i_family
= res
->ai_addr
->sa_family
;
79 struct sockaddr_in
*addr
;
81 addr
= (struct sockaddr_in
*)res
->ai_addr
;
82 memset( p_bytes
, 0, 12 );
83 memcpy( p_bytes
+ 12, &addr
->sin_addr
, 4 );
90 struct sockaddr_in6
*addr
;
92 addr
= (struct sockaddr_in6
*)res
->ai_addr
;
93 memcpy( p_bytes
, &addr
->sin6_addr
, 16 );
99 msg_Err( p_this
, "unknown address family" );
110 * Check if a given address passes an access control list.
112 * @param p_acl pre-existing ACL to match the address against
113 * @param psz_ip numeric IPv4/IPv6 address
115 * @return 0 if the first matching ACL entry is an access grant,
116 * 1 if the first matching ACL entry is a denial of access,
119 int ACL_Check( vlc_acl_t
*p_acl
, const char *psz_ip
)
121 const vlc_acl_entry_t
*p_cur
, *p_end
;
127 p_cur
= p_acl
->p_entries
;
128 p_end
= p_cur
+ p_acl
->i_size
;
130 if( ACL_Resolve( p_acl
->p_owner
, host
, psz_ip
) < 0 )
133 while (p_cur
< p_end
)
137 i
= p_cur
->i_bytes_match
;
138 if( (memcmp( p_cur
->host
, host
, i
) == 0)
139 && (((p_cur
->host
[i
] ^ host
[i
]) & p_cur
->i_bits_mask
) == 0) )
140 return !p_cur
->b_allow
;
145 return !p_acl
->b_allow_default
;
149 * Adds an item to an ACL.
150 * Items are always matched in the same order as they are added.
152 int ACL_AddNet( vlc_acl_t
*p_acl
, const char *psz_ip
, int i_len
,
155 vlc_acl_entry_t
*p_ent
;
160 i_size
= p_acl
->i_size
;
161 p_ent
= (vlc_acl_entry_t
*)realloc( p_acl
->p_entries
,
162 ++p_acl
->i_size
* sizeof( *p_ent
) );
167 p_acl
->p_entries
= p_ent
;
170 i_family
= ACL_Resolve( p_acl
->p_owner
, p_ent
->host
, psz_ip
);
174 * I'm lazy : memory space will be re-used in the next ACL_Add call...
183 if( i_family
== AF_INET
)
190 i_len
= 128; /* ACL_AddHost */
193 p_ent
->i_bytes_match
= d
.quot
;
194 p_ent
->i_bits_mask
= 0xff << (8 - d
.rem
);
196 p_ent
->b_allow
= b_allow
;
202 * Creates an empty ACL.
204 * @param b_allow whether to grant (true) or deny (false) access
205 * by default (ie if none of the ACL entries matched).
207 * @return an ACL object. NULL in case of error.
209 vlc_acl_t
*ACL_Create( vlc_object_t
*p_this
, bool b_allow
)
213 p_acl
= (vlc_acl_t
*)malloc( sizeof( *p_acl
) );
217 vlc_object_hold( p_this
);
218 p_acl
->p_owner
= p_this
;
220 p_acl
->p_entries
= NULL
;
221 p_acl
->b_allow_default
= b_allow
;
228 * Perform a deep copy of an existing ACL.
230 * @param p_this object to attach the copy to.
231 * @param p_acl ACL object to be copied.
233 * @return a new ACL object, or NULL on error.
235 vlc_acl_t
*ACL_Duplicate( vlc_object_t
*p_this
, const vlc_acl_t
*p_acl
)
242 p_dupacl
= (vlc_acl_t
*)malloc( sizeof( *p_dupacl
) );
243 if( p_dupacl
== NULL
)
248 p_dupacl
->p_entries
= (vlc_acl_entry_t
*)
249 malloc( p_acl
->i_size
* sizeof( vlc_acl_entry_t
) );
251 if( p_dupacl
->p_entries
== NULL
)
257 memcpy( p_dupacl
->p_entries
, p_acl
->p_entries
,
258 p_acl
->i_size
* sizeof( vlc_acl_entry_t
) );
261 p_dupacl
->p_entries
= NULL
;
263 vlc_object_hold( p_this
);
264 p_dupacl
->p_owner
= p_this
;
265 p_dupacl
->i_size
= p_acl
->i_size
;
266 p_dupacl
->b_allow_default
= p_acl
->b_allow_default
;
273 * Releases all resources associated with an ACL object.
275 void ACL_Destroy( vlc_acl_t
*p_acl
)
279 free( p_acl
->p_entries
);
280 vlc_object_release( p_acl
->p_owner
);
287 * Reads ACL entries from a file.
289 * @param p_acl ACL object in which to insert parsed entries.
290 * @param psz_patch filename from which to parse entries.
292 * @return 0 on success, -1 on error.
294 int ACL_LoadFile( vlc_acl_t
*p_acl
, const char *psz_path
)
301 file
= vlc_fopen( psz_path
, "r" );
305 msg_Dbg( p_acl
->p_owner
, "find .hosts in dir=%s", psz_path
);
307 while( !feof( file
) )
309 char line
[1024], *psz_ip
, *ptr
;
311 if( fgets( line
, sizeof( line
), file
) == NULL
)
315 msg_Err( p_acl
->p_owner
, "error reading %s : %m", psz_path
);
321 /* fgets() is cool : never overflow, always nul-terminate */
324 /* skips blanks - cannot overflow given '\0' is not space */
325 while( isspace( (unsigned char)*psz_ip
) )
328 if( *psz_ip
== '\0' ) /* empty/blank line */
331 ptr
= strchr( psz_ip
, '\n' );
332 if( ptr
== NULL
&& !feof(file
) )
334 msg_Warn( p_acl
->p_owner
, "skipping overly long line in %s",
338 if( fgets( line
, sizeof( line
), file
) == NULL
)
342 msg_Err( p_acl
->p_owner
, "error reading %s : %m",
348 while( strchr( line
, '\n' ) == NULL
);
350 continue; /* skip unusable line */
353 /* look for first space, CR, LF, etc. or comment character */
354 for( ptr
= psz_ip
; ( *ptr
!='#' ) && !isspace( (unsigned char)*ptr
) && *ptr
; ++ptr
);
358 /* skip lines without usable information */
362 msg_Dbg( p_acl
->p_owner
, "restricted to %s", psz_ip
);
364 ptr
= strchr( psz_ip
, '/' );
366 *ptr
++ = '\0'; /* separate address from mask length */
369 ? ACL_AddNet( p_acl
, psz_ip
, atoi( ptr
), true )
370 : ACL_AddHost( p_acl
, psz_ip
, true ) )
372 msg_Err( p_acl
->p_owner
, "cannot add ACL from %s", psz_path
);