- added HTTP authentication (#475)

Modified Files: HISTORY README streamdev-server.c server/connection.h server/connectionHTTP.c server/connectionHTTP.h server/server.c server/server.h
2023-10-10 17:16:51 +00:00 · 2008-10-14 11:05:46 +00:00
parent 992444cb67
commit 86c82c1381
8 changed files with 80 additions and 13 deletions
--- a/server/connection.h
+++ b/server/connection.h
@@ -1,5 +1,5 @@
 /*
- *  $Id: connection.h,v 1.5 2007/04/16 11:01:02 schmirl Exp $
+ *  $Id: connection.h,v 1.6 2008/10/14 11:05:47 schmirl Exp $
 */
 
 #ifndef VDR_STREAMDEV_SERVER_CONNECTION_H
@@ -47,6 +47,9 @@ public:
 	cServerConnection(const char *Protocol);
 	virtual ~cServerConnection();

+	/* If true, any client IP will be accepted */
+	virtual bool CanAuthenticate(void) { return false; }
+
 	/* Gets called if the client has been accepted by the core */
 	virtual void Welcome(void) { }
 	
--- a/server/connectionHTTP.c
+++ b/server/connectionHTTP.c
@@ -1,11 +1,12 @@
 /*
- *  $Id: connectionHTTP.c,v 1.13 2008/03/28 15:11:40 schmirl Exp $
+ *  $Id: connectionHTTP.c,v 1.14 2008/10/14 11:05:47 schmirl Exp $
 */

 #include <ctype.h>
 
 #include "server/connectionHTTP.h"
 #include "server/menuHTTP.h"
+#include "server/server.h"
 #include "server/setup.h"

 cConnectionHTTP::cConnectionHTTP(void): 
@@ -26,6 +27,11 @@ cConnectionHTTP::~cConnectionHTTP()
 	delete m_LiveStreamer;
 }

+bool cConnectionHTTP::CanAuthenticate(void)
+{
+	return opt_auth != NULL;
+}
+
 bool cConnectionHTTP::Command(char *Cmd) 
 {
 	Dprintf("command %s\n", Cmd);
@@ -44,6 +50,15 @@ bool cConnectionHTTP::Command(char *Cmd)
 		if (strncasecmp(Cmd, "Host:", 5) == 0) {
 			Dprintf("Host-Header\n");
 			m_Host = (std::string) skipspace(Cmd + 5);
+			return true;
+		}
+		else if (strncasecmp(Cmd, "Authorization:", 14) == 0) {
+			Cmd = skipspace(Cmd + 14);
+			if (strncasecmp(Cmd, "Basic", 5) == 0) {
+				Dprintf("'Authorization Basic'-Header\n");
+				m_Authorization = (std::string) skipspace(Cmd + 5);
+				return true;
+			}
 		}
 		Dprintf("header\n");
 		return true;
@@ -56,6 +71,16 @@ bool cConnectionHTTP::Command(char *Cmd)
 bool cConnectionHTTP::ProcessRequest(void) 
 {
 	Dprintf("process\n");
+	if (!StreamdevHosts.Acceptable(RemoteIpAddr()))
+	{
+		if (!opt_auth || m_Authorization.empty() || m_Authorization.compare(opt_auth) != 0) {
+			isyslog("streamdev-server: HTTP authorization required");
+			DeferClose();
+			return Respond("HTTP/1.0 401 Authorization Required")
+				&& Respond("WWW-authenticate: basic Realm=\"Streamdev-Server\")")
+				&& Respond("");
+		}
+	}
 	if (m_Request.substr(0, 4) == "GET " && CmdGET(m_Request.substr(4))) {
 		switch (m_Job) {
 		case hjListing:
--- a/server/connectionHTTP.h
+++ b/server/connectionHTTP.h
@@ -1,5 +1,5 @@
 /*
- *  $Id: connectionHTTP.h,v 1.5 2008/03/28 15:11:40 schmirl Exp $
+ *  $Id: connectionHTTP.h,v 1.6 2008/10/14 11:05:48 schmirl Exp $
 */
 
 #ifndef VDR_STREAMDEV_SERVERS_CONNECTIONHTTP_H
@@ -30,6 +30,7 @@ private:

 	std::string                       m_Request;
 	std::string                       m_Host;
+	std::string                       m_Authorization;
 	//std::map<std::string,std::string> m_Headers; TODO: later?
 	eHTTPStatus                       m_Status;
 	eHTTPJob                          m_Job;
@@ -52,6 +53,8 @@ public:
 	virtual void Attach(void) { if (m_LiveStreamer != NULL) m_LiveStreamer->Attach(); }
 	virtual void Detach(void) { if (m_LiveStreamer != NULL) m_LiveStreamer->Detach(); }

+	virtual bool CanAuthenticate(void);
+
 	virtual bool Command(char *Cmd);
 	bool CmdGET(const std::string &Opts);

--- a/server/server.c
+++ b/server/server.c
@@ -1,5 +1,5 @@
 /*
- *  $Id: server.c,v 1.6 2008/04/29 07:00:54 schmirl Exp $
+ *  $Id: server.c,v 1.7 2008/10/14 11:05:48 schmirl Exp $
 */

 #include "server/server.h"
@@ -13,6 +13,7 @@
 #include <errno.h>

 cSVDRPhosts StreamdevHosts;
+char *opt_auth = NULL;
 char *opt_remux = NULL;

 cStreamdevServer         *cStreamdevServer::m_Instance = NULL;
@@ -122,7 +123,7 @@ void cStreamdevServer::Action(void)
 					esyslog("streamdev: too many clients, rejecting %s:%d",
 					        client->RemoteIp().c_str(), client->RemotePort());
 					client->Reject();
-				} else if (!StreamdevHosts.Acceptable(client->RemoteIpAddr())) {
+				} else if (!client->CanAuthenticate() && !StreamdevHosts.Acceptable(client->RemoteIpAddr())) {
 					esyslog("streamdev: client %s:%d not allowed to connect",
 					        client->RemoteIp().c_str(), client->RemotePort());
 					client->Reject();
--- a/server/server.h
+++ b/server/server.h
@@ -1,5 +1,5 @@
 /*
- *  $Id: server.h,v 1.4 2008/04/29 07:00:54 schmirl Exp $
+ *  $Id: server.h,v 1.5 2008/10/14 11:05:48 schmirl Exp $
 */
 
 #ifndef VDR_STREAMDEV_SERVER_H
@@ -13,6 +13,7 @@
 #define DEFAULT_EXTERNREMUX (*AddDirectory(cPlugin::ConfigDirectory(PLUGIN_NAME_I18N), "externremux.sh"))
 #define STREAMDEVHOSTSPATH (*AddDirectory(cPlugin::ConfigDirectory(PLUGIN_NAME_I18N), "streamdevhosts.conf"))

+extern char *opt_auth;
 extern char *opt_remux;

 class cStreamdevServer: public cThread {