Introduced 'svdrphosts.conf'

FORMATS

@@ -111,6 +111,26 @@ Video Disk Recorder File Formats
   1..9, the command can be selected directly by pressing the respective numerical
   key on the remote control.
 
+* svdrphosts.conf
+
+  This file contains the IP numbers of all hosts that are allowed to access the
+  SVDRP port.
+
+  Each line contains one IP number in the format
+
+    IP-Address[/Netmask]
+
+  where 'IP-Address' is the address of a host or a network in the usual dot
+  separated notation (as in 192.168.100.1). If the optional 'Netmask' is given
+  only the given number of bits of 'IP-Address' are taken into account. This
+  allows you to grant SVDRP access to all hosts of an entire network. 'Netmask'
+  can be any integer from 1 to 32. The special value of 0 is only accepted if
+  the 'IP-Address' is 0.0.0.0, because this will give access to any host (USE
+  THIS WITH CARE!).
+
+  Everything following (and including) a '#' character is considered to be
+  comment.
+
 * marks.vdr
 
   This file (if present in a recording directory) contains the editing marks

HISTORY

@@ -950,3 +950,6 @@ Video Disk Recorder Revision History
   thus making it safe to use them in nested 'if/else' statements.
 - Fixed error handling in establishing an SVDRP connection (thanks to Davide
   Achilli) for pointing this out).
+- The new configuration file 'svdrphosts.conf' is now used to define which
+  hosts may access the SVDRP port (by default only 'localhost' has access).
+  See FORMATS for details.

INSTALL

@@ -81,6 +81,11 @@ WARNING: DUE TO THE OPEN SVDRP PORT THIS PROGRAM MAY CONSTITUTE A
          A CONTROLLED ENVIRONMENT, YOU MAY WANT TO DISABLE SVDRP
          BY USING '--port=0'!
 
+The file 'svdrphosts.conf' can be used to define which hosts are allowed
+to access the SVDRP port. By default only localhost (127.0.0.1) is granted
+access. If you want to give other hosts access to your SVDRP port you need to
+add their IP numbers to 'svdrphosts.conf'.
+
 If the program shall run as a daemon, use the --daemon option. This
 will completely detach it from the terminal and will continue as a
 background process.

config.c

@@ -4,7 +4,7 @@
  * See the main source file 'vdr.c' for copyright information and
  * how to reach the author.
  *
- * $Id: config.c 1.80 2002/02/02 15:57:48 kls Exp $
+ * $Id: config.c 1.81 2002/02/02 17:15:03 kls Exp $
  */
 
 #include "config.h"
@@ -646,6 +646,40 @@ const char *cCommand::Execute(void)
   return result;
 }
 
+// -- cSVDRPhost -------------------------------------------------------------
+
+cSVDRPhost::cSVDRPhost(void)
+{
+  addr.s_addr = 0;
+  mask = 0;
+}
+
+bool cSVDRPhost::Parse(const char *s)
+{
+  mask = 0xFFFFFFFF;
+  const char *p = strchr(s, '/');
+  if (p) {
+     char *error = NULL;
+     int m = strtoul(p + 1, &error, 10);
+     if (error && !isspace(*error) || m > 32)
+        return false;
+     *(char *)p = 0; // yes, we know it's 'const' - will be restored!
+     if (m == 0)
+        mask = 0;
+     else
+        mask >>= (32 - m);
+     }
+  int result = inet_aton(s, &addr);
+  if (p)
+     *(char *)p = '/'; // there it is again
+  return result != 0 && (mask != 0 || addr.s_addr == 0);
+}
+
+bool cSVDRPhost::Accepts(in_addr_t Address)
+{
+  return (Address & mask) == addr.s_addr;
+}
+
 // -- cKeys ------------------------------------------------------------------
 
 cKeys Keys;
@@ -778,6 +812,21 @@ cTimer *cTimers::GetNextActiveTimer(void)
   return t0;
 }
 
+// -- cSVDRPhosts ------------------------------------------------------------
+
+cSVDRPhosts SVDRPhosts;
+
+bool cSVDRPhosts::Acceptable(in_addr_t Address)
+{
+  cSVDRPhost *h = First();
+  while (h) {
+        if (h->Accepts(Address))
+           return true;
+        h = (cSVDRPhost *)h->Next();
+        }
+  return false;
+}
+
 // -- cSetup -----------------------------------------------------------------
 
 cSetup Setup;

config.h

@@ -4,12 +4,13 @@
  * See the main source file 'vdr.c' for copyright information and
  * how to reach the author.
  *
- * $Id: config.h 1.91 2002/02/02 15:57:48 kls Exp $
+ * $Id: config.h 1.92 2002/02/02 15:59:18 kls Exp $
  */
 
 #ifndef __CONFIG_H
 #define __CONFIG_H
 
+#include <arpa/inet.h>
 #include <stdio.h>
 #include <string.h>
 #include <time.h>
@@ -171,6 +172,16 @@ public:
   const char *Execute(void);
   };
 
+class cSVDRPhost : public cListObject {
+private:
+  struct in_addr addr;
+  in_addr_t mask;
+public:
+  cSVDRPhost(void);
+  bool Parse(const char *s);
+  bool Accepts(in_addr_t Address);
+  };
+
 template<class T> class cConfig : public cList<T> {
 private:
   char *fileName;
@@ -268,10 +279,16 @@ public:
 
 class cCommands : public cConfig<cCommand> {};
 
+class cSVDRPhosts : public cConfig<cSVDRPhost> {
+public:
+  bool Acceptable(in_addr_t Address);
+  };
+
 extern cChannels Channels;
 extern cTimers Timers;
 extern cKeys Keys;
 extern cCommands Commands;
+extern cSVDRPhosts SVDRPhosts;
 
 class cSetup {
 private:

svdrp.c

@@ -10,7 +10,7 @@
  * and interact with the Video Disk Recorder - or write a full featured
  * graphical interface that sits on top of an SVDRP connection.
  *
- * $Id: svdrp.c 1.29 2002/02/02 13:33:57 kls Exp $
+ * $Id: svdrp.c 1.30 2002/02/02 15:59:18 kls Exp $
  */
 
 #include "svdrp.h"
@@ -101,8 +101,16 @@ int cSocket::Accept(void)
      struct sockaddr_in clientname;
      uint size = sizeof(clientname);
      int newsock = accept(sock, (struct sockaddr *)&clientname, &size);
-     if (newsock > 0)
-        isyslog(LOG_INFO, "connect from %s, port %hd", inet_ntoa(clientname.sin_addr), ntohs(clientname.sin_port));
+     if (newsock > 0) {
+        bool accepted = SVDRPhosts.Acceptable(clientname.sin_addr.s_addr);
+        if (!accepted) {
+           const char *s = "Access denied!\n";
+           write(newsock, s, strlen(s));
+           close(newsock);
+           newsock = -1;
+           }
+        isyslog(LOG_INFO, "connect from %s, port %hd - %s", inet_ntoa(clientname.sin_addr), ntohs(clientname.sin_port), accepted ? "accepted" : "DENIED");
+        }
      else if (errno != EINTR && errno != EAGAIN)
         LOG_ERROR;
      return newsock;

svdrphosts.conf

@@ -0,0 +1,13 @@
+#
+# svdrphosts    This file describes a number of host addresses that
+#               are allowed to connect to the SVDRP port of the Video
+#               Disk Recorder (VDR) running on this system.
+# Syntax:
+#    
+# IP-Address[/Netmask]
+#
+
+127.0.0.1             # always accept localhost
+#192.168.100.0/24     # any host on the local net
+#204.152.189.113      # a specific host
+#0.0.0.0/0            # any host on any net (USE THIS WITH CARE!)

vdr.c

@@ -22,7 +22,7 @@
  *
  * The project's page is at http://www.cadsoft.de/people/kls/vdr
  *
- * $Id: vdr.c 1.93 2002/01/26 14:07:01 kls Exp $
+ * $Id: vdr.c 1.94 2002/02/02 15:59:18 kls Exp $
  */
 
 #include <getopt.h>
@@ -272,6 +272,7 @@ int main(int argc, char *argv[])
   Channels.Load(AddDirectory(ConfigDirectory, "channels.conf"));
   Timers.Load(AddDirectory(ConfigDirectory, "timers.conf"));
   Commands.Load(AddDirectory(ConfigDirectory, "commands.conf"));
+  SVDRPhosts.Load(AddDirectory(ConfigDirectory, "svdrphosts.conf"), true);
 #if defined(REMOTE_LIRC)
   Keys.SetDummyValues();
 #elif !defined(REMOTE_NONE)