I'd like to commit the following patch which adds a new option to the
htpasswd client authenticator. This option <option
name="allow_duplicate_users"> specifies wether or not the same
username can
connect to a mountpoint more than once. This is pretty much a required
feature for any decent use of the listener authentication capabilities of
icecast.
thoughts ? comments ?
------------------------Patch start-------------------------------------------
Index: conf/icecast.xml.in
==================================================================---
conf/icecast.xml.in (revision 6619)
+++ conf/icecast.xml.in (working copy)
@@ -86,6 +86,7 @@
<fallback-mount>/example2.ogg</fallback-mount>
<authentication type="htpasswd">
<option name="filename"
value="myauth"/>
+ <option name="allow_duplicate_users"
value="0"/>
</authentication>
</mount>
-->
Index: src/auth.c
==================================================================--- src/auth.c
(revision 6619)
+++ src/auth.c (working copy)
@@ -34,6 +34,30 @@
#define CATMODULE "auth"
<p>+int auth_is_listener_connected(source_t *source, char *username)
+{
+ client_t *client;
+ avl_node *client_node;
+
+ avl_tree_rlock(source->client_tree);
+
+ client_node = avl_get_first(source->client_tree);
+ while(client_node) {
+ client = (client_t *)client_node->key;
+ if (client->username) {
+ if (!strcmp(client->username, username)) {
+ avl_tree_unlock(source->client_tree);
+ return 1;
+ }
+ }
+ client_node = avl_get_next(client_node);
+ }
+
+ avl_tree_unlock(source->client_tree);
+ return 0;
+
+}
+
auth_result auth_check_client(source_t *source, client_t *client)
{
auth_t *authenticator = source->authenticator;
@@ -71,7 +95,7 @@
password = tmp+1;
result = authenticator->authenticate(
- authenticator, username, password);
+ authenticator, source, username, password);
if(result == AUTH_OK)
client->username = strdup(username);
@@ -106,6 +130,7 @@
typedef struct {
char *filename;
+ int allow_duplicate_users;
rwlock_t file_rwlock;
} htpasswd_auth_state;
@@ -150,14 +175,20 @@
#define MAX_LINE_LEN 512
/* Not efficient; opens and scans the entire file for every request */
-static auth_result htpasswd_auth(auth_t *auth, char *username, char *password)
+static auth_result htpasswd_auth(auth_t *auth, source_t *source, char
*username, char *password)
{
htpasswd_auth_state *state = auth->state;
- FILE *passwdfile = fopen(state->filename, "rb");
+ FILE *passwdfile = NULL;
char line[MAX_LINE_LEN];
char *sep;
thread_rwlock_rlock(&state->file_rwlock);
+ if (!state->allow_duplicate_users) {
+ if (auth_is_listener_connected(source, username)) {
+ return AUTH_FAILED;
+ }
+ }
+ passwdfile = fopen(state->filename, "rb");
if(passwdfile == NULL) {
WARN2("Failed to open authentication database \"%s\":
%s",
state->filename, strerror(errno));
@@ -208,9 +239,12 @@
state = calloc(1, sizeof(htpasswd_auth_state));
+ state->allow_duplicate_users = 1;
while(options) {
if(!strcmp(options->name, "filename"))
state->filename = strdup(options->value);
+ if(!strcmp(options->name, "allow_duplicate_users"))
+ state->allow_duplicate_users = atoi(options->value);
options = options->next;
}
@@ -454,3 +488,4 @@
}
return ret;
}
+
Index: src/auth.h
==================================================================--- src/auth.h
(revision 6619)
+++ src/auth.h (working copy)
@@ -33,7 +33,7 @@
{
/* Authenticate using the given username and password */
auth_result (*authenticate)(struct auth_tag *self,
- char *username, char *password);
+ source_t *source, char *username, char *password);
void (*free)(struct auth_tag *self);
void *state;
void *type;
Index: doc/icecast2_config_file.html
==================================================================---
doc/icecast2_config_file.html (revision 6619)
+++ doc/icecast2_config_file.html (working copy)
@@ -273,6 +273,7 @@
<fallback-mount>example2.ogg<fallback-mount>
<authentication type="htpasswd">
<option name="filename"
value="myauth"/>
+ <option name="allow_duplicate_users"
value="0"/>
</authentication>
<mount>
@@ -305,7 +306,7 @@
</div>
<h4>authentication</h4>
<div class=indentedbox>
-This specifies that the named mount point will require listener
authentication. Currently, we only support a file-based authentication
scheme (type=htpasswd). Users and encrypted password are placed in this
file (separated by a :) and all requests for this mountpoint will require
that a user and password be supplied for authentication purposes. These
values are passed in via normal HTTP Basic Authentication means (i.e.
http://user:password@stream:port/mountpoint.ogg). Users and Passwords are
maintained via the web admin interface. A mountpoint configured with an
authenticator will display a red key next to the mount point name on the
admin screens.
+This specifies that the named mount point will require listener
authentication. Currently, we only support a file-based authentication
scheme (type=htpasswd). Users and encrypted password are placed in this
file (separated by a :) and all requests for this mountpoint will require
that a user and password be supplied for authentication purposes. These
values are passed in via normal HTTP Basic Authentication means (i.e.
http://user:password@stream:port/mountpoint.ogg). Users and Passwords are
maintained via the web admin interface. A mountpoint configured with an
authenticator will display a red key next to the mount point name on the
admin screens. You can read more about listener authentication <a
href="icecast2_listenerauth.html">here</a>.
</div>
<br>
<br>
Index: doc/icecast2_listenerauth.html
==================================================================---
doc/icecast2_listenerauth.html (revision 6619)
+++ doc/icecast2_listenerauth.html (working copy)
@@ -20,10 +20,11 @@
<mount-name>/example-complex.ogg</mount-name>
<authentication type="htpasswd">
<option name="filename"
value="myauth"/>
+ <option name="allow_duplicate_users"
value="0"/>
</authentication>
</mount>
</pre>
-<p>To support listener authentication you MUST provide at a minimum
<mount-name> and <authentication>. The mount-name
is the name
of the mountpoint that you will use to connect your source client with and
authentication configures what type of icecast2 authenticator to
use. Currently, only a single type "htpasswd" is implemented. New
authenticators will be added later. Each authenticator has a variable
number of options that are required and these are specified as shown in the
example. The htpasswd authenticator requires only a single parameter,
filename, which specifies the name of the file to use to store users and
passwords. Note that this file need not exist (and probably will not exist
when you first set it up). Icecast has built-in support for managing users
and passwords via the web admin interface. More on this later in this
section.</p>
+<p>To support listener authentication you MUST provide at a minimum
<mount-name> and <authentication>. The mount-name
is the name
of the mountpoint that you will use to connect your source client with and
authentication configures what type of icecast2 authenticator to
use. Currently, only a single type "htpasswd" is implemented. New
authenticators will be added later. Each authenticator has a variable
number of options that are required and these are specified as shown in the
example. The htpasswd authenticator requires a few parameters. The first,
filename, specifies the name of the file to use to store users and
passwords. Note that this file need not exist (and probably will not exist
when you first set it up). Icecast has built-in support for managing users
and passwords via the web admin interface. More on this later in this
section. The second option, allow_duplicate_users, if set to 0, will
prevent multiple connections using the same username. Setting this value
to 1 will enable mutltiple connections from the same username on a given
mountpoint. Note there is no way to specify a "max connections" for a
particular user.
<p>Icecast supports a mixture of streams that require listener
authentication and those that do not. Only mounts that are named in the
config file can be configured for listener authentication.</p>
<br>
------------------------Patch end-------------------------------------------
<p>--- >8 ----
List archives: http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to
'icecast-dev-request@xiph.org'
containing only the word 'unsubscribe' in the body. No subject is
needed.
Unsubscribe messages sent to the list will be ignored/filtered.