1 /*****************************************************************************
3 *****************************************************************************
4 * Copyright (C) 2005 Rémi Denis-Courmont
7 * Authors: Rémi Denis-Courmont <rem # videolan.org>
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111, USA.
22 *****************************************************************************/
24 /*****************************************************************************
26 *****************************************************************************/
38 /* FIXME: rwlock on acl, but libvlc doesn't implement rwlock */
39 typedef struct vlc_acl_entry_t
42 uint8_t i_bytes_match;
49 vlc_object_t *p_owner;
51 vlc_acl_entry_t *p_entries;
52 vlc_bool_t b_allow_default;
55 static int ACL_Resolve( vlc_object_t *p_this, uint8_t *p_bytes,
58 struct addrinfo hints = { 0 }, *res;
61 hints.ai_socktype = SOCK_STREAM; /* doesn't matter */
62 hints.ai_flags = AI_NUMERICHOST;
64 if( vlc_getaddrinfo( p_this, psz_ip, 0, &hints, &res ) )
66 msg_Err( p_this, "invalid IP address %s", psz_ip );
70 p_bytes[16] = 0; /* avoids overflowing when i_bytes_match = 16 */
72 i_family = res->ai_addr->sa_family;
77 struct sockaddr_in *addr;
79 addr = (struct sockaddr_in *)res->ai_addr;
80 memset( p_bytes, 0, 12 );
81 memcpy( p_bytes + 12, &addr->sin_addr, 4 );
85 #if defined (HAVE_GETADDRINFO) || defined (WIN32)
86 /* unfortunately many people define AF_INET6
87 though they don't have struct sockaddr_in6 */
90 struct sockaddr_in6 *addr;
92 addr = (struct sockaddr_in6 *)res->ai_addr;
93 memcpy( p_bytes, &addr->sin6_addr, 16 );
99 msg_Err( p_this, "IMPOSSIBLE: unknown address family!" );
100 vlc_freeaddrinfo( res );
104 vlc_freeaddrinfo( res );
110 * Returns 0 if allowed, 1 if not, -1 on error.
112 int ACL_Check( vlc_acl_t *p_acl, const char *psz_ip )
114 const vlc_acl_entry_t *p_cur, *p_end;
120 p_cur = p_acl->p_entries;
121 p_end = p_cur + p_acl->i_size;
123 if( ACL_Resolve( p_acl->p_owner, host, psz_ip ) < 0 )
126 while (p_cur < p_end)
130 i = p_cur->i_bytes_match;
131 if( (memcmp( p_cur->host, host, i ) == 0)
132 && (((p_cur->host[i] ^ host[i]) & p_cur->i_bits_mask) == 0) )
133 return !p_cur->b_allow;
138 return !p_acl->b_allow_default;
141 int ACL_AddNet( vlc_acl_t *p_acl, const char *psz_ip, int i_len,
144 vlc_acl_entry_t *p_ent;
149 i_size = p_acl->i_size;
150 p_ent = (vlc_acl_entry_t *)realloc( p_acl->p_entries,
151 ++p_acl->i_size * sizeof( *p_ent ) );
156 p_acl->p_entries = p_ent;
159 i_family = ACL_Resolve( p_acl->p_owner, p_ent->host, psz_ip );
163 * I'm lazy : memory space will be re-used in the next ACL_Add call...
172 if( i_family == AF_INET )
182 i_len = 128; /* ACL_AddHost */
185 p_ent->i_bytes_match = d.quot;
186 p_ent->i_bits_mask = 0xff << (8 - d.rem);
188 p_ent->b_allow = b_allow;
193 vlc_acl_t *__ACL_Create( vlc_object_t *p_this, vlc_bool_t b_allow )
197 p_acl = (vlc_acl_t *)malloc( sizeof( *p_acl ) );
201 vlc_object_yield( p_this );
202 p_acl->p_owner = p_this;
204 p_acl->p_entries = NULL;
205 p_acl->b_allow_default = b_allow;
211 vlc_acl_t *__ACL_Duplicate( vlc_object_t *p_this, const vlc_acl_t *p_acl )
218 p_dupacl = (vlc_acl_t *)malloc( sizeof( *p_dupacl ) );
219 if( p_dupacl == NULL )
224 p_dupacl->p_entries = (vlc_acl_entry_t *)
225 malloc( p_acl->i_size * sizeof( vlc_acl_entry_t ) );
227 if( p_dupacl->p_entries == NULL )
233 memcpy( p_dupacl->p_entries, p_acl->p_entries,
234 p_acl->i_size * sizeof( vlc_acl_entry_t ) );
237 p_dupacl->p_entries = NULL;
239 vlc_object_yield( p_this );
240 p_dupacl->p_owner = p_this;
241 p_dupacl->i_size = p_acl->i_size;
242 p_dupacl->b_allow_default = p_acl->b_allow_default;
248 void ACL_Destroy( vlc_acl_t *p_acl )
252 if( p_acl->p_entries != NULL )
253 free( p_acl->p_entries );
255 vlc_object_release( p_acl->p_owner );
261 # define isblank(c) ((c) == ' ' || (c) == '\t')
264 int ACL_LoadFile( vlc_acl_t *p_acl, const char *psz_path )
271 file = fopen( psz_path, "r" );
275 msg_Dbg( p_acl->p_owner, "find .hosts in dir=%s", psz_path );
277 while( !feof( file ) )
279 char line[1024], *psz_ip, *ptr;
281 if( fgets( line, sizeof( line ), file ) == NULL )
285 msg_Err( p_acl->p_owner, "Error reading %s : %s\n", psz_path,
292 /* fgets() is cool : never overflow, always nul-terminate */
295 /* skips blanks - cannot overflow given '\0' is not space */
296 while( isspace( *psz_ip ) )
299 if( *psz_ip == '\0' ) /* empty/blank line */
302 ptr = strchr( psz_ip, '\n' );
305 msg_Warn( p_acl->p_owner, "Skipping overly long line in %s\n",
309 fgets( line, sizeof( line ), file );
310 if( ferror( file ) || feof( file ) )
312 msg_Err( p_acl->p_owner, "Error reading %s : %s\n",
313 psz_path, strerror( errno ) );
317 while( strchr( line, '\n' ) == NULL);
319 continue; /* skip unusable line */
322 /* skips comment-only line */
326 /* looks for first space, CR, LF, etc. or end-of-line comment */
327 /* (there is at least a linefeed) */
328 for( ptr = psz_ip; ( *ptr != '#' ) && !isspace( *ptr ); ptr++ );
332 msg_Dbg( p_acl->p_owner, "restricted to %s", psz_ip );
334 ptr = strchr( psz_ip, '/' );
336 *ptr++ = '\0'; /* separate address from mask length */
339 ? ACL_AddNet( p_acl, psz_ip, atoi( ptr ), VLC_TRUE )
340 : ACL_AddHost( p_acl, psz_ip, VLC_TRUE ) )
342 msg_Err( p_acl->p_owner, "cannot add ACL from %s", psz_path );
projects / vlc / blob