[icecast-dev] No Duplicate Users - Patch

oddsock oddsock at oddsock.org
Sun May 16 08:23:11 PDT 2004



I'd like to commit the following patch which adds a new option to the 
htpasswd client authenticator.  This option <option 
name="allow_duplicate_users"> specifies wether or not the same username can 
connect to a mountpoint more than once.  This is pretty much a required 
feature for any decent use of the listener authentication capabilities of 
icecast.

thoughts ? comments ?
------------------------Patch start-------------------------------------------
Index: conf/icecast.xml.in
===================================================================
--- conf/icecast.xml.in	(revision 6619)
+++ conf/icecast.xml.in	(working copy)
@@ -86,6 +86,7 @@
          <fallback-mount>/example2.ogg</fallback-mount>
          <authentication type="htpasswd">
                  <option name="filename" value="myauth"/>
+                <option name="allow_duplicate_users" value="0"/>
          </authentication>
      </mount>
      -->
Index: src/auth.c
===================================================================
--- src/auth.c	(revision 6619)
+++ src/auth.c	(working copy)
@@ -34,6 +34,30 @@
  #define CATMODULE "auth"

<p>+int auth_is_listener_connected(source_t *source, char *username)
+{
+    client_t *client;
+    avl_node *client_node;
+
+    avl_tree_rlock(source->client_tree);
+
+    client_node = avl_get_first(source->client_tree);
+    while(client_node) {
+        client = (client_t *)client_node->key;
+        if (client->username) {
+            if (!strcmp(client->username, username)) {
+                avl_tree_unlock(source->client_tree);
+                return 1;
+            }
+        }
+        client_node = avl_get_next(client_node);
+    }
+
+    avl_tree_unlock(source->client_tree);
+    return 0;
+
+}
+
  auth_result auth_check_client(source_t *source, client_t *client)
  {
      auth_t *authenticator = source->authenticator;
@@ -71,7 +95,7 @@
          password = tmp+1;

          result = authenticator->authenticate(
-                authenticator, username, password);
+                authenticator, source, username, password);

          if(result == AUTH_OK)
              client->username = strdup(username);
@@ -106,6 +130,7 @@

  typedef struct {
      char *filename;
+    int allow_duplicate_users;
      rwlock_t file_rwlock;
  } htpasswd_auth_state;

@@ -150,14 +175,20 @@
  #define MAX_LINE_LEN 512

  /* Not efficient; opens and scans the entire file for every request */
-static auth_result htpasswd_auth(auth_t *auth, char *username, char *password)
+static auth_result htpasswd_auth(auth_t *auth, source_t *source, char 
*username, char *password)
  {
      htpasswd_auth_state *state = auth->state;
-    FILE *passwdfile = fopen(state->filename, "rb");
+    FILE *passwdfile = NULL;
      char line[MAX_LINE_LEN];
      char *sep;

      thread_rwlock_rlock(&state->file_rwlock);
+    if (!state->allow_duplicate_users) {
+        if (auth_is_listener_connected(source, username)) {
+            return AUTH_FAILED;
+        }
+    }
+    passwdfile = fopen(state->filename, "rb");
      if(passwdfile == NULL) {
          WARN2("Failed to open authentication database \"%s\": %s",
                  state->filename, strerror(errno));
@@ -208,9 +239,12 @@

      state = calloc(1, sizeof(htpasswd_auth_state));

+    state->allow_duplicate_users = 1;
      while(options) {
          if(!strcmp(options->name, "filename"))
              state->filename = strdup(options->value);
+        if(!strcmp(options->name, "allow_duplicate_users"))
+            state->allow_duplicate_users = atoi(options->value);
          options = options->next;
      }

@@ -454,3 +488,4 @@
      }
      return ret;
  }
+
Index: src/auth.h
===================================================================
--- src/auth.h	(revision 6619)
+++ src/auth.h	(working copy)
@@ -33,7 +33,7 @@
  {
      /* Authenticate using the given username and password */
      auth_result (*authenticate)(struct auth_tag *self,
-            char *username, char *password);
+            source_t *source, char *username, char *password);
      void (*free)(struct auth_tag *self);
      void *state;
      void *type;
Index: doc/icecast2_config_file.html
===================================================================
--- doc/icecast2_config_file.html	(revision 6619)
+++ doc/icecast2_config_file.html	(working copy)
@@ -273,6 +273,7 @@
          &lt;fallback-mount&gt;example2.ogg&lt;fallback-mount&gt;
          &lt;authentication type="htpasswd"&gt;
                  &lt;option name="filename" value="myauth"/&gt;
+                &lt;option name="allow_duplicate_users" value="0"/&gt;
          &lt;/authentication&gt;

      &lt;mount&gt;
@@ -305,7 +306,7 @@
  </div>
  <h4>authentication</h4>
  <div class=indentedbox>
-This specifies that the named mount point will require listener 
authentication.  Currently, we only support a file-based authentication 
scheme (type=htpasswd).  Users and encrypted password are placed in this 
file (separated by a :) and all requests for this mountpoint will require 
that a user and password be supplied for authentication purposes.  These 
values are passed in via normal HTTP Basic Authentication means (i.e. 
http://user:password@stream:port/mountpoint.ogg).  Users and Passwords are 
maintained via the web admin interface.  A mountpoint configured with an 
authenticator will display a red key next to the mount point name on the 
admin screens.
+This specifies that the named mount point will require listener 
authentication.  Currently, we only support a file-based authentication 
scheme (type=htpasswd).  Users and encrypted password are placed in this 
file (separated by a :) and all requests for this mountpoint will require 
that a user and password be supplied for authentication purposes.  These 
values are passed in via normal HTTP Basic Authentication means (i.e. 
http://user:password@stream:port/mountpoint.ogg).  Users and Passwords are 
maintained via the web admin interface.  A mountpoint configured with an 
authenticator will display a red key next to the mount point name on the 
admin screens.  You can read more about listener authentication <a 
href="icecast2_listenerauth.html">here</a>.
  </div>
  <br>
  <br>
Index: doc/icecast2_listenerauth.html
===================================================================
--- doc/icecast2_listenerauth.html	(revision 6619)
+++ doc/icecast2_listenerauth.html	(working copy)
@@ -20,10 +20,11 @@
          &lt;mount-name&gt;/example-complex.ogg&lt;/mount-name&gt;
          &lt;authentication type="htpasswd"&gt;
                  &lt;option name="filename" value="myauth"/&gt;
+                &lt;option name="allow_duplicate_users" value="0"/&gt;
          &lt;/authentication&gt;
      &lt;/mount&gt;
  </pre>
-<p>To support listener authentication you MUST provide at a minimum 
&lt;mount-name&gt; and &lt;authentication&gt;.  The mount-name is the name 
of the mountpoint that you will use to connect your source client with and 
authentication configures what type of icecast2 authenticator to 
use.  Currently, only a single type "htpasswd" is implemented.  New 
authenticators will be added later.  Each authenticator has a variable 
number of options that are required and these are specified as shown in the 
example.  The htpasswd authenticator requires only a single parameter, 
filename, which specifies the name of the file to use to store users and 
passwords.  Note that this file need not exist (and probably will not exist 
when you first set it up).  Icecast has built-in support for managing users 
and passwords via the web admin interface.  More on this later in this 
section.</p>
+<p>To support listener authentication you MUST provide at a minimum 
&lt;mount-name&gt; and &lt;authentication&gt;.  The mount-name is the name 
of the mountpoint that you will use to connect your source client with and 
authentication configures what type of icecast2 authenticator to 
use.  Currently, only a single type "htpasswd" is implemented.  New 
authenticators will be added later.  Each authenticator has a variable 
number of options that are required and these are specified as shown in the 
example.  The htpasswd authenticator requires a few parameters.  The first, 
filename, specifies the name of the file to use to store users and 
passwords.  Note that this file need not exist (and probably will not exist 
when you first set it up).  Icecast has built-in support for managing users 
and passwords via the web admin interface.  More on this later in this 
section.  The second option, allow_duplicate_users, if set to 0, will 
prevent multiple connections using the same username.  Setting this value 
to 1 will enable mutltiple connections from the same username on a given 
mountpoint.  Note there is no way to specify a "max connections" for a 
particular user.

  <p>Icecast supports a mixture of streams that require listener 
authentication and those that do not.  Only mounts that are named in the 
config file can be configured for listener authentication.</p>
  <br>
------------------------Patch end-------------------------------------------

<p>--- >8 ----
List archives:  http://www.xiph.org/archives/
icecast project homepage: http://www.icecast.org/
To unsubscribe from this list, send a message to 'icecast-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.



More information about the Icecast-dev mailing list