[pulseaudio-commits] r1125 - in /trunk/src: Makefile.am modules/module-protocol-stub.c pulsecore/iochannel.c pulsecore/iochannel.h pulsecore/protocol-esound.c pulsecore/protocol-native.c
svnmailer-noreply at 0pointer.de
svnmailer-noreply at 0pointer.de
Thu Jul 20 11:43:22 PDT 2006
Author: lennart
Date: Thu Jul 20 20:43:20 2006
New Revision: 1125
URL: http://0pointer.de/cgi-bin/viewcvs.cgi?rev=1125&root=pulseaudio&view=rev
Log:
implement "auth-ip-acl=" in the native and esound protocols
Modified:
trunk/src/Makefile.am
trunk/src/modules/module-protocol-stub.c
trunk/src/pulsecore/iochannel.c
trunk/src/pulsecore/iochannel.h
trunk/src/pulsecore/protocol-esound.c
trunk/src/pulsecore/protocol-native.c
Modified: trunk/src/Makefile.am
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/Makefile.am?rev=1125&root=pulseaudio&r1=1124&r2=1125&view=diff
==============================================================================
--- trunk/src/Makefile.am (original)
+++ trunk/src/Makefile.am Thu Jul 20 20:43:20 2006
@@ -513,7 +513,7 @@
lib_LTLIBRARIES += libpulsecore.la
-# Some public stuff is used even in the core.
+# Some public stuff is used even in the core
libpulsecore_la_SOURCES = \
pulse/channelmap.c pulse/channelmap.h \
pulse/error.c pulse/error.h \
@@ -733,7 +733,7 @@
libprotocol_native_la_SOURCES = pulsecore/protocol-native.c pulsecore/protocol-native.h pulsecore/native-common.h
libprotocol_native_la_LDFLAGS = -avoid-version
-libprotocol_native_la_LIBADD = $(AM_LIBADD) libsocket-server.la libpstream.la libpstream-util.la libpdispatch.la libtagstruct.la libauthkey.la libauthkey-prop.la libstrlist.la libpulsecore.la libiochannel.la
+libprotocol_native_la_LIBADD = $(AM_LIBADD) libsocket-server.la libpstream.la libpstream-util.la libpdispatch.la libtagstruct.la libauthkey.la libauthkey-prop.la libstrlist.la libpulsecore.la libiochannel.la libipacl.la
libtagstruct_la_SOURCES = pulsecore/tagstruct.c pulsecore/tagstruct.h
libtagstruct_la_LDFLAGS = -avoid-version
@@ -741,7 +741,7 @@
libprotocol_esound_la_SOURCES = pulsecore/protocol-esound.c pulsecore/protocol-esound.h pulsecore/esound.h
libprotocol_esound_la_LDFLAGS = -avoid-version
-libprotocol_esound_la_LIBADD = $(AM_LIBADD) libsocket-server.la libiochannel.la libauthkey.la libpulsecore.la
+libprotocol_esound_la_LIBADD = $(AM_LIBADD) libsocket-server.la libiochannel.la libauthkey.la libpulsecore.la libipacl.la
libauthkey_la_SOURCES = pulsecore/authkey.c pulsecore/authkey.h
libauthkey_la_LDFLAGS = -avoid-version
Modified: trunk/src/modules/module-protocol-stub.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/modules/module-protocol-stub.c?rev=1125&root=pulseaudio&r1=1124&r2=1125&view=diff
==============================================================================
--- trunk/src/modules/module-protocol-stub.c (original)
+++ trunk/src/modules/module-protocol-stub.c Thu Jul 20 20:43:20 2006
@@ -129,8 +129,11 @@
#endif
#if defined(HAVE_CREDS) && !defined(USE_TCP_SOCKETS)
- #define MODULE_ARGUMENTS MODULE_ARGUMENTS_COMMON "auth-group", "auth-group-enable="
+ #define MODULE_ARGUMENTS MODULE_ARGUMENTS_COMMON "auth-group", "auth-group-enable",
#define AUTH_USAGE "auth-group=<system group to allow access> auth-group-enable=<enable auth by UNIX group?> "
+ #elif defined(USE_TCP_SOCKETS)
+ #define MODULE_ARGUMENTS MODULE_ARGUMENTS_COMMON "auth-ip-acl",
+ #define AUTH_USAGE "auth-ip-acl=<IP address ACL to allow access> "
#else
#define MODULE_ARGUMENTS MODULE_ARGUMENTS_COMMON
#define AUTH_USAGE
@@ -149,17 +152,27 @@
#define TCPWRAP_SERVICE "esound"
#define IPV4_PORT ESD_DEFAULT_PORT
#define UNIX_SOCKET ESD_UNIX_SOCKET_NAME
- #define MODULE_ARGUMENTS "sink", "source", "auth-anonymous", "cookie",
+ #define MODULE_ARGUMENTS_COMMON "sink", "source", "auth-anonymous", "cookie",
#ifdef USE_TCP_SOCKETS
#include "module-esound-protocol-tcp-symdef.h"
#else
#include "module-esound-protocol-unix-symdef.h"
#endif
+
+ #if defined(USE_TCP_SOCKETS)
+ #define MODULE_ARGUMENTS MODULE_ARGUMENTS_COMMON "auth-ip-acl",
+ #define AUTH_USAGE "auth-ip-acl=<IP address ACL to allow access> "
+ #else
+ #define MODULE_ARGUMENTS MODULE_ARGUMENTS_COMMON
+ #define AUTH_USAGE
+ #endif
+
PA_MODULE_DESCRIPTION("ESOUND protocol "SOCKET_DESCRIPTION)
PA_MODULE_USAGE("sink=<sink to connect to> "
"source=<source to connect to> "
"auth-anonymous=<don't verify cookies?> "
"cookie=<path to cookie file> "
+ AUTH_USAGE
SOCKET_USAGE)
#else
#error "Broken build system"
Modified: trunk/src/pulsecore/iochannel.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/iochannel.c?rev=1125&root=pulseaudio&r1=1124&r2=1125&view=diff
==============================================================================
--- trunk/src/pulsecore/iochannel.c (original)
+++ trunk/src/pulsecore/iochannel.c Thu Jul 20 20:43:20 2006
@@ -408,3 +408,9 @@
return io->mainloop;
}
+
+int pa_iochannel_get_recv_fd(pa_iochannel *io) {
+ assert(io);
+
+ return io->ifd;
+}
Modified: trunk/src/pulsecore/iochannel.h
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/iochannel.h?rev=1125&root=pulseaudio&r1=1124&r2=1125&view=diff
==============================================================================
--- trunk/src/pulsecore/iochannel.h (original)
+++ trunk/src/pulsecore/iochannel.h Thu Jul 20 20:43:20 2006
@@ -79,4 +79,6 @@
pa_mainloop_api* pa_iochannel_get_mainloop_api(pa_iochannel *io);
+int pa_iochannel_get_recv_fd(pa_iochannel *io);
+
#endif
Modified: trunk/src/pulsecore/protocol-esound.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/protocol-esound.c?rev=1125&root=pulseaudio&r1=1124&r2=1125&view=diff
==============================================================================
--- trunk/src/pulsecore/protocol-esound.c (original)
+++ trunk/src/pulsecore/protocol-esound.c Thu Jul 20 20:43:20 2006
@@ -49,6 +49,7 @@
#include <pulsecore/log.h>
#include <pulsecore/core-util.h>
#include <pulsecore/core-error.h>
+#include <pulsecore/ipacl.h>
#include "endianmacros.h"
@@ -116,6 +117,7 @@
char *sink_name, *source_name;
unsigned n_player;
uint8_t esd_key[ESD_KEY_LEN];
+ pa_ip_acl *auth_ip_acl;
};
typedef struct proto_handler {
@@ -1162,7 +1164,7 @@
c->client->kill = client_kill_cb;
c->client->userdata = c;
- c->authorized = p->public;
+ c->authorized = !!p->public;
c->swap_byte_order = 0;
c->dead = 0;
@@ -1190,6 +1192,11 @@
c->scache.name = NULL;
c->original_name = NULL;
+
+ if (!c->authorized && p->auth_ip_acl && pa_ip_acl_check(p->auth_ip_acl, pa_iochannel_get_recv_fd(io)) > 0) {
+ pa_log_info(__FILE__": Client authenticated by IP ACL.");
+ c->authorized = 1;
+ }
if (!c->authorized) {
struct timeval tv;
@@ -1211,20 +1218,32 @@
pa_protocol_esound* pa_protocol_esound_new(pa_core*core, pa_socket_server *server, pa_module *m, pa_modargs *ma) {
pa_protocol_esound *p;
int public = 0;
- assert(core && server && ma);
+ const char *acl;
+
+ assert(core);
+ assert(server);
+ assert(m);
+ assert(ma);
p = pa_xnew(pa_protocol_esound, 1);
if (pa_modargs_get_value_boolean(ma, "auth-anonymous", &public) < 0) {
pa_log(__FILE__": auth-anonymous= expects a boolean argument.");
- return NULL;
- }
-
- if (pa_authkey_load_auto(pa_modargs_get_value(ma, "cookie", DEFAULT_COOKIE_FILE), p->esd_key, sizeof(p->esd_key)) < 0) {
- pa_xfree(p);
- return NULL;
- }
-
+ goto fail;
+ }
+
+ if (pa_authkey_load_auto(pa_modargs_get_value(ma, "cookie", DEFAULT_COOKIE_FILE), p->esd_key, sizeof(p->esd_key)) < 0)
+ goto fail;
+
+ if ((acl = pa_modargs_get_value(ma, "auth-ip-acl", NULL))) {
+
+ if (!(p->auth_ip_acl = pa_ip_acl_new(acl))) {
+ pa_log(__FILE__": Failed to parse IP ACL '%s'", acl);
+ goto fail;
+ }
+ } else
+ p->auth_ip_acl = NULL;
+
p->module = m;
p->public = public;
p->server = server;
@@ -1238,6 +1257,10 @@
p->n_player = 0;
return p;
+
+fail:
+ pa_xfree(p);
+ return NULL;
}
void pa_protocol_esound_free(pa_protocol_esound *p) {
@@ -1249,5 +1272,9 @@
pa_idxset_free(p->connections, NULL, NULL);
pa_socket_server_unref(p->server);
+
+ if (p->auth_ip_acl)
+ pa_ip_acl_free(p->auth_ip_acl);
+
pa_xfree(p);
}
Modified: trunk/src/pulsecore/protocol-native.c
URL: http://0pointer.de/cgi-bin/viewcvs.cgi/trunk/src/pulsecore/protocol-native.c?rev=1125&root=pulseaudio&r1=1124&r2=1125&view=diff
==============================================================================
--- trunk/src/pulsecore/protocol-native.c (original)
+++ trunk/src/pulsecore/protocol-native.c Thu Jul 20 20:43:20 2006
@@ -57,6 +57,7 @@
#include <pulsecore/llist.h>
#include <pulsecore/creds.h>
#include <pulsecore/core-util.h>
+#include <pulsecore/ipacl.h>
#include "protocol-native.h"
@@ -139,6 +140,7 @@
#ifdef HAVE_CREDS
char *auth_group;
#endif
+ pa_ip_acl *auth_ip_acl;
};
static int sink_input_peek_cb(pa_sink_input *i, pa_memchunk *chunk);
@@ -942,7 +944,7 @@
}
#endif
- if (memcmp(c->protocol->auth_cookie, cookie, PA_NATIVE_COOKIE_LENGTH) == 0)
+ if (!success && memcmp(c->protocol->auth_cookie, cookie, PA_NATIVE_COOKIE_LENGTH) == 0)
success = 1;
if (!success) {
@@ -2239,8 +2241,13 @@
c = pa_xmalloc(sizeof(struct connection));
- c->authorized =!! p->public;
-
+ c->authorized = !!p->public;
+
+ if (!c->authorized && p->auth_ip_acl && pa_ip_acl_check(p->auth_ip_acl, pa_iochannel_get_recv_fd(io)) > 0) {
+ pa_log_info(__FILE__": Client authenticated by IP ACL.");
+ c->authorized = 1;
+ }
+
if (!c->authorized) {
struct timeval tv;
pa_gettimeofday(&tv);
@@ -2319,7 +2326,10 @@
static pa_protocol_native* protocol_new_internal(pa_core *c, pa_module *m, pa_modargs *ma) {
pa_protocol_native *p;
int public = 0;
- assert(c && ma);
+ const char *acl;
+
+ assert(c);
+ assert(ma);
if (pa_modargs_get_value_boolean(ma, "auth-anonymous", &public) < 0) {
pa_log(__FILE__": auth-anonymous= expects a boolean argument.");
@@ -2331,7 +2341,8 @@
p->module = m;
p->public = public;
p->server = NULL;
-
+ p->auth_ip_acl = NULL;
+
#ifdef HAVE_CREDS
{
int a = 1;
@@ -2345,16 +2356,30 @@
pa_log_info(__FILE__": Allowing access to group '%s'.", p->auth_group);
}
#endif
-
- if (load_key(p, pa_modargs_get_value(ma, "cookie", NULL)) < 0) {
- pa_xfree(p);
- return NULL;
- }
+
+
+ if ((acl = pa_modargs_get_value(ma, "auth-ip-acl", NULL))) {
+
+ if (!(p->auth_ip_acl = pa_ip_acl_new(acl))) {
+ pa_log(__FILE__": Failed to parse IP ACL '%s'", acl);
+ goto fail;
+ }
+ }
+
+ if (load_key(p, pa_modargs_get_value(ma, "cookie", NULL)) < 0)
+ goto fail;
p->connections = pa_idxset_new(NULL, NULL);
assert(p->connections);
return p;
+
+fail:
+ pa_xfree(p->auth_group);
+ if (p->auth_ip_acl)
+ pa_ip_acl_free(p->auth_ip_acl);
+ pa_xfree(p);
+ return NULL;
}
pa_protocol_native* pa_protocol_native_new(pa_core *core, pa_socket_server *server, pa_module *m, pa_modargs *ma) {
@@ -2405,6 +2430,9 @@
if (p->auth_cookie_in_property)
pa_authkey_prop_unref(p->core, PA_NATIVE_COOKIE_PROPERTY_NAME);
+ if (p->auth_ip_acl)
+ pa_ip_acl_free(p->auth_ip_acl);
+
#ifdef HAVE_CREDS
pa_xfree(p->auth_group);
#endif
More information about the pulseaudio-commits
mailing list