/*
- * Copyright (C) 2005-2007 Andre Noll <maan@systemlinux.org>
+ * Copyright (C) 2005-2008 Andre Noll <maan@systemlinux.org>
*
* Licensed under the GPL v2. For licencing details see COPYING.
*/
#include "net.h"
#include "fd.h"
#include "chunk_queue.h"
+#include "acl.h"
-/** \cond convert sock_addr_in to ascii */
-#define CLIENT_ADDR(hc) inet_ntoa((hc)->addr.sin_addr)
-/* get the port number of a struct http_client */
-#define CLIENT_PORT(hc) (hc)->addr.sin_port
+/** Message sent to clients that do not send a valid get request. */
#define HTTP_ERR_MSG "HTTP/1.0 400 Bad Request\n"
-/** \endcond */
+
/** The possible states of a client from the server's POV. */
enum http_status {
/** The list of connected clients. */
static struct list_head clients;
/** The whitelist/blacklist. */
-static struct list_head access_perm_list;
+static struct list_head http_acl;
/** Describes one client that connected the tcp port of the http sender. */
struct http_client {
/** The file descriptor of the client. */
int fd;
- /** Address information about the client. */
- struct sockaddr_in addr;
+ /** The socket `name' of the client. */
+ char *name;
/** The client's current status. */
enum http_status status;
/** Non-zero if we included \a fd in the read set.*/
struct chunk_queue *cq;
};
-/**
- * Describes one entry in the blacklist/whitelist of the http sender.
- */
-struct access_info {
- /** The address to be black/whitelisted. */
- struct in_addr addr;
- /** The netmask for this entry. */
- unsigned netmask;
- /** The position of this entry in the access_perm_list. */
- struct list_head node;
-};
-
-static int server_fd = -1, numclients;
+static int listen_fd = -1, numclients;
static struct sender *self;
static void http_shutdown_client(struct http_client *hc, const char *msg)
{
- PARA_INFO_LOG("shutting down %s on fd %d (%s)\n", CLIENT_ADDR(hc),
- hc->fd, msg);
+ PARA_INFO_LOG("shutting down %s on fd %d (%s)\n", hc->name, hc->fd,
+ msg);
numclients--;
+ free(hc->name);
close(hc->fd);
del_close_on_fork_list(hc->fd);
cq_destroy(hc->cq);
queue_chunk_or_shutdown(hc, current_chunk, 0);
continue;
}
-// PARA_DEBUG_LOG("sending %d -> %s\n", len, CLIENT_ADDR(hc));
+// PARA_DEBUG_LOG("sending %d -> %s\n", len, remote_name(hc->fd));
ret = write(hc->fd, buf, len);
// PARA_DEBUG_LOG("ret: %d\n", ret);
if (ret < 0) {
}
}
-static int host_in_access_perm_list(struct http_client *hc)
-{
- struct access_info *ai, *tmp;
- list_for_each_entry_safe(ai, tmp, &access_perm_list, node) {
- unsigned mask = ((~0U) >> ai->netmask);
- if ((hc->addr.sin_addr.s_addr & mask) == (ai->addr.s_addr & mask))
- return 1;
- }
- return 0;
-}
-
static void http_post_select(fd_set *rfds, fd_set *wfds)
{
int i = -1, match;
struct http_client *hc, *tmp;
const char *err_msg;
+ if (listen_fd < 0)
+ return;
list_for_each_entry_safe(hc, tmp, &clients, node) {
i++;
-// PARA_DEBUG_LOG("handling client %d: %s\n", i, CLIENT_ADDR(hc));
+// PARA_DEBUG_LOG("handling client %d: %s\n", i, remote_name(hc->fd));
switch (hc->status) {
case HTTP_STREAMING: /* nothing to do */
case HTTP_READY_TO_STREAM:
break;
}
}
- if (!FD_ISSET(server_fd, rfds))
+ if (!FD_ISSET(listen_fd, rfds))
return;
hc = para_calloc(sizeof(struct http_client));
err_msg = "accept error";
- hc->fd = para_accept(server_fd, &hc->addr, sizeof(struct sockaddr_in));
+ hc->fd = para_accept(listen_fd, NULL, 0);
if (hc->fd <= 0)
goto err_out;
- PARA_NOTICE_LOG("connection from %s (fd %d)\n", CLIENT_ADDR(hc), hc->fd);
+ hc->name = make_message("%s", remote_name(hc->fd));
+ PARA_NOTICE_LOG("connection from %s (fd %d)\n", hc->name, hc->fd);
if (conf.http_max_clients_arg > 0 && numclients >=
conf.http_max_clients_arg) {
err_msg = "server full";
goto err_out;
}
- match = host_in_access_perm_list(hc);
- PARA_DEBUG_LOG("host_in_access_perm_list: %d\n", match);
+ match = acl_lookup(hc->fd, &http_acl);
+ PARA_DEBUG_LOG("acl lookup returned %d\n", match);
if ((match && !conf.http_default_deny_given) ||
(!match && conf.http_default_deny_given)) {
err_msg = "permission denied";
}
hc->status = HTTP_CONNECTED;
hc->cq = cq_new(MAX_BACKLOG);
- PARA_INFO_LOG("accepted client #%d: %s (fd %d)\n", numclients,
- CLIENT_ADDR(hc), hc->fd);
numclients++;
+ PARA_INFO_LOG("accepted client #%d: %s (fd %d)\n", numclients,
+ hc->name, hc->fd);
para_list_add(&hc->node, &clients);
add_close_on_fork_list(hc->fd);
- mark_fd_nonblock(hc->fd);
+ mark_fd_nonblocking(hc->fd);
return;
err_out:
PARA_WARNING_LOG("ignoring connect request from %s (%s)\n",
- CLIENT_ADDR(hc), err_msg);
+ hc->name, err_msg);
if (hc->fd > 0)
close(hc->fd);
free(hc);
{
struct http_client *hc, *tmp;
- if (server_fd < 0)
+ if (listen_fd < 0)
return;
- para_fd_set(server_fd, rfds, max_fileno);
+ para_fd_set(listen_fd, rfds, max_fileno);
list_for_each_entry_safe(hc, tmp, &clients, node) {
//PARA_DEBUG_LOG("hc %p on fd %d: status %d\n", hc, hc->fd, hc->status);
hc->check_r = 0;
}
}
-static int open_tcp_port(int port)
+static int http_open(int port)
{
int ret;
- server_fd = init_tcp_socket(port);
- if (server_fd < 0) {
+ listen_fd = para_listen(AF_UNSPEC, IPPROTO_TCP, port);
+ if (listen_fd < 0) {
http_shutdown_clients();
- self->status = SENDER_OFF;
- return server_fd;
+ return listen_fd;
}
- ret = mark_fd_nonblock(server_fd);
+ ret = mark_fd_nonblocking(listen_fd);
if (ret < 0) {
- PARA_EMERG_LOG("%s\n", PARA_STRERROR(-ret));
+ PARA_EMERG_LOG("%s\n", para_strerror(-ret));
exit(EXIT_FAILURE);
}
- self->status = SENDER_ON;
- add_close_on_fork_list(server_fd);
+ add_close_on_fork_list(listen_fd);
return 1;
}
static int http_com_on(__a_unused struct sender_command_data *scd)
{
- if (self->status == SENDER_ON)
+ if (listen_fd >= 0)
return 1;
- return open_tcp_port(conf.http_port_arg);
+ return http_open(conf.http_port_arg);
}
static int http_com_off(__a_unused struct sender_command_data *scd)
{
- self->status = SENDER_OFF;
- if (server_fd > 0) {
- close(server_fd);
- del_close_on_fork_list(server_fd);
- server_fd = -1;
- }
+ if (listen_fd < 0)
+ return 1;
+ PARA_NOTICE_LOG("closing http port %d\n", conf.http_port_arg);
+ close(listen_fd);
+ del_close_on_fork_list(listen_fd);
http_shutdown_clients();
+ listen_fd = -1;
return 1;
}
-static void del_perm_list_entry(struct sender_command_data *scd)
-{
- struct access_info *ai, *tmp;
-
- list_for_each_entry_safe(ai, tmp, &access_perm_list, node) {
- char *nad = para_strdup(inet_ntoa(ai->addr));
- if (!strcmp(nad, inet_ntoa(scd->addr)) &&
- ai->netmask == scd->netmask) {
- PARA_NOTICE_LOG("removing %s/%i from access list\n",
- nad, ai->netmask);
- list_del(&ai->node);
- free(ai);
- }
- free(nad);
- }
-}
-
-static void add_perm_list_entry(struct sender_command_data *scd)
-{
- struct access_info *ai = para_malloc(sizeof(struct access_info));
- ai->addr = scd->addr;
- ai->netmask = scd->netmask;
- PARA_INFO_LOG("adding %s/%i to access list\n", inet_ntoa(ai->addr),
- ai->netmask);
- para_list_add(&ai->node, &access_perm_list);
-}
-
static int http_com_deny(struct sender_command_data *scd)
{
if (conf.http_default_deny_given)
- del_perm_list_entry(scd);
+ acl_del_entry(&http_acl, scd->addr, scd->netmask);
else
- add_perm_list_entry(scd);
+ acl_add_entry(&http_acl, scd->addr, scd->netmask);
return 1;
}
static int http_com_allow(struct sender_command_data *scd)
{
if (conf.http_default_deny_given)
- add_perm_list_entry(scd);
+ acl_add_entry(&http_acl, scd->addr, scd->netmask);
else
- del_perm_list_entry(scd);
+ acl_del_entry(&http_acl, scd->addr, scd->netmask);
return 1;
}
static char *http_info(void)
{
- char *clnts = NULL, *ap = NULL, *ret;
- struct access_info *ai, *tmp_ai;
+ char *clnts = NULL, *ret;
struct http_client *hc, *tmp_hc;
- list_for_each_entry_safe(ai, tmp_ai, &access_perm_list, node) {
- char *tmp = make_message("%s%s/%d ", ap? ap : "",
- inet_ntoa(ai->addr), ai->netmask);
- free(ap);
- ap = tmp;
- }
+ char *acl_contents = acl_get_contents(&http_acl);
list_for_each_entry_safe(hc, tmp_hc, &clients, node) {
- char *tmp = make_message("%s%s:%d ", clnts? clnts : "",
- CLIENT_ADDR(hc), CLIENT_PORT(hc));
+ char *tmp = make_message("%s%s ", clnts? clnts : "", hc->name);
free(clnts);
clnts = tmp;
}
"http maximal number of clients: %d%s\n"
"http connected clients: %s\n"
"http access %s list: %s\n",
- (self->status == SENDER_ON)? "on" : "off",
+ (listen_fd >= 0)? "on" : "off",
conf.http_port_arg,
numclients,
conf.http_max_clients_arg,
conf.http_max_clients_arg > 0? "" : " (unlimited)",
clnts? clnts : "(none)",
conf.http_default_deny_given? "allow" : "deny",
- ap? ap : "(none)"
+ acl_contents? acl_contents : "(none)"
);
- free(ap);
+ free(acl_contents);
free(clnts);
return ret;
}
-static void init_access_control_list(void)
-{
- int i;
- struct sender_command_data scd;
-
- INIT_LIST_HEAD(&access_perm_list);
- for (i = 0; i < conf.http_access_given; i++) {
- char *arg = para_strdup(conf.http_access_arg[i]);
- char *p = strchr(arg, '/');
- if (!p)
- goto err;
- *p = '\0';
- if (!inet_pton(AF_INET, arg, &scd.addr))
- goto err;
- scd.netmask = atoi(++p);
- if (scd.netmask < 0 || scd.netmask > 32)
- goto err;
- add_perm_list_entry(&scd);
- goto success;
-err:
- PARA_CRIT_LOG("syntax error for http_access option "
- "#%d, ignoring\n", i);
-success:
- free(arg);
- continue;
- }
-}
-
static char *http_help(void)
{
return make_message(
s->client_cmds[SENDER_ADD] = NULL;
s->client_cmds[SENDER_DELETE] = NULL;
self = s;
- init_access_control_list();
+ acl_init(&http_acl, conf.http_access_arg, conf.http_access_given);
if (!conf.http_no_autostart_given)
- open_tcp_port(conf.http_port_arg); /* ignore errors */
+ http_open(conf.http_port_arg); /* ignore errors */
PARA_DEBUG_LOG("%s", "http sender init complete\n");
}