1 /*****************************************************************************
3 *****************************************************************************
4 * Copyright © 2005-2007 Rémi Denis-Courmont
7 * Authors: Rémi Denis-Courmont <rem # videolan.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
22 *****************************************************************************/
24 /*****************************************************************************
26 *****************************************************************************/
31 #include <vlc_common.h>
38 #include <vlc_network.h>
39 #include <vlc_charset.h>
41 /* FIXME: rwlock on acl, but libvlc doesn't implement rwlock */
42 typedef struct vlc_acl_entry_t
45 uint8_t i_bytes_match
;
52 vlc_object_t
*p_owner
;
54 vlc_acl_entry_t
*p_entries
;
58 static int ACL_Resolve( vlc_object_t
*p_this
, uint8_t *p_bytes
,
61 struct addrinfo hints
, *res
;
64 memset (&hints
, 0, sizeof (hints
));
65 hints
.ai_socktype
= SOCK_STREAM
; /* doesn't matter */
66 hints
.ai_flags
= AI_NUMERICHOST
;
68 if( vlc_getaddrinfo( p_this
, psz_ip
, 0, &hints
, &res
) )
70 msg_Err( p_this
, "invalid IP address %s", psz_ip
);
74 p_bytes
[16] = 0; /* avoids overflowing when i_bytes_match = 16 */
76 i_family
= res
->ai_addr
->sa_family
;
81 struct sockaddr_in
*addr
;
83 addr
= (struct sockaddr_in
*)res
->ai_addr
;
84 memset( p_bytes
, 0, 12 );
85 memcpy( p_bytes
+ 12, &addr
->sin_addr
, 4 );
89 #if defined (HAVE_GETADDRINFO) || defined (WIN32)
90 /* unfortunately many people define AF_INET6
91 though they don't have struct sockaddr_in6 */
94 struct sockaddr_in6
*addr
;
96 addr
= (struct sockaddr_in6
*)res
->ai_addr
;
97 memcpy( p_bytes
, &addr
->sin6_addr
, 16 );
103 msg_Err( p_this
, "unknown address family" );
104 vlc_freeaddrinfo( res
);
108 vlc_freeaddrinfo( res
);
114 * Check if a given address passes an access control list.
116 * @param p_acl pre-existing ACL to match the address against
117 * @param psz_ip numeric IPv4/IPv6 address
119 * @return 0 if the first matching ACL entry is an access grant,
120 * 1 if the first matching ACL entry is a denial of access,
123 int ACL_Check( vlc_acl_t
*p_acl
, const char *psz_ip
)
125 const vlc_acl_entry_t
*p_cur
, *p_end
;
131 p_cur
= p_acl
->p_entries
;
132 p_end
= p_cur
+ p_acl
->i_size
;
134 if( ACL_Resolve( p_acl
->p_owner
, host
, psz_ip
) < 0 )
137 while (p_cur
< p_end
)
141 i
= p_cur
->i_bytes_match
;
142 if( (memcmp( p_cur
->host
, host
, i
) == 0)
143 && (((p_cur
->host
[i
] ^ host
[i
]) & p_cur
->i_bits_mask
) == 0) )
144 return !p_cur
->b_allow
;
149 return !p_acl
->b_allow_default
;
153 * Adds an item to an ACL.
154 * Items are always matched in the same order as they are added.
156 int ACL_AddNet( vlc_acl_t
*p_acl
, const char *psz_ip
, int i_len
,
159 vlc_acl_entry_t
*p_ent
;
164 i_size
= p_acl
->i_size
;
165 p_ent
= (vlc_acl_entry_t
*)realloc( p_acl
->p_entries
,
166 ++p_acl
->i_size
* sizeof( *p_ent
) );
171 p_acl
->p_entries
= p_ent
;
174 i_family
= ACL_Resolve( p_acl
->p_owner
, p_ent
->host
, psz_ip
);
178 * I'm lazy : memory space will be re-used in the next ACL_Add call...
187 if( i_family
== AF_INET
)
194 i_len
= 128; /* ACL_AddHost */
197 p_ent
->i_bytes_match
= d
.quot
;
198 p_ent
->i_bits_mask
= 0xff << (8 - d
.rem
);
200 p_ent
->b_allow
= b_allow
;
206 * Creates an empty ACL.
208 * @param b_allow whether to grant (true) or deny (false) access
209 * by default (ie if none of the ACL entries matched).
211 * @return an ACL object. NULL in case of error.
213 vlc_acl_t
*__ACL_Create( vlc_object_t
*p_this
, bool b_allow
)
217 p_acl
= (vlc_acl_t
*)malloc( sizeof( *p_acl
) );
221 vlc_object_yield( p_this
);
222 p_acl
->p_owner
= p_this
;
224 p_acl
->p_entries
= NULL
;
225 p_acl
->b_allow_default
= b_allow
;
232 * Perform a deep copy of an existing ACL.
234 * @param p_this object to attach the copy to.
235 * @param p_acl ACL object to be copied.
237 * @return a new ACL object, or NULL on error.
239 vlc_acl_t
*__ACL_Duplicate( vlc_object_t
*p_this
, const vlc_acl_t
*p_acl
)
246 p_dupacl
= (vlc_acl_t
*)malloc( sizeof( *p_dupacl
) );
247 if( p_dupacl
== NULL
)
252 p_dupacl
->p_entries
= (vlc_acl_entry_t
*)
253 malloc( p_acl
->i_size
* sizeof( vlc_acl_entry_t
) );
255 if( p_dupacl
->p_entries
== NULL
)
261 memcpy( p_dupacl
->p_entries
, p_acl
->p_entries
,
262 p_acl
->i_size
* sizeof( vlc_acl_entry_t
) );
265 p_dupacl
->p_entries
= NULL
;
267 vlc_object_yield( p_this
);
268 p_dupacl
->p_owner
= p_this
;
269 p_dupacl
->i_size
= p_acl
->i_size
;
270 p_dupacl
->b_allow_default
= p_acl
->b_allow_default
;
277 * Releases all resources associated with an ACL object.
279 void ACL_Destroy( vlc_acl_t
*p_acl
)
283 if( p_acl
->p_entries
!= NULL
)
284 free( p_acl
->p_entries
);
286 vlc_object_release( p_acl
->p_owner
);
293 * Reads ACL entries from a file.
295 * @param p_acl ACL object in which to insert parsed entries.
296 * @param psz_patch filename from which to parse entries.
298 * @return 0 on success, -1 on error.
300 int ACL_LoadFile( vlc_acl_t
*p_acl
, const char *psz_path
)
307 file
= utf8_fopen( psz_path
, "r" );
311 msg_Dbg( p_acl
->p_owner
, "find .hosts in dir=%s", psz_path
);
313 while( !feof( file
) )
315 char line
[1024], *psz_ip
, *ptr
;
317 if( fgets( line
, sizeof( line
), file
) == NULL
)
321 msg_Err( p_acl
->p_owner
, "error reading %s : %m", psz_path
);
327 /* fgets() is cool : never overflow, always nul-terminate */
330 /* skips blanks - cannot overflow given '\0' is not space */
331 while( isspace( *psz_ip
) )
334 if( *psz_ip
== '\0' ) /* empty/blank line */
337 ptr
= strchr( psz_ip
, '\n' );
340 msg_Warn( p_acl
->p_owner
, "skipping overly long line in %s",
344 if( fgets( line
, sizeof( line
), file
) == NULL
)
348 msg_Err( p_acl
->p_owner
, "error reading %s : %m",
354 while( strchr( line
, '\n' ) == NULL
);
356 continue; /* skip unusable line */
359 /* skips comment-only line */
363 /* looks for first space, CR, LF, etc. or end-of-line comment */
364 /* (there is at least a linefeed) */
365 for( ptr
= psz_ip
; ( *ptr
!= '#' ) && !isspace( *ptr
); ptr
++ );
369 msg_Dbg( p_acl
->p_owner
, "restricted to %s", psz_ip
);
371 ptr
= strchr( psz_ip
, '/' );
373 *ptr
++ = '\0'; /* separate address from mask length */
376 ? ACL_AddNet( p_acl
, psz_ip
, atoi( ptr
), true )
377 : ACL_AddHost( p_acl
, psz_ip
, true ) )
379 msg_Err( p_acl
->p_owner
, "cannot add ACL from %s", psz_path
);