diff options
author | Klaus Schmidinger <vdr@tvdr.de> | 2002-02-02 17:20:54 +0100 |
---|---|---|
committer | Klaus Schmidinger <vdr@tvdr.de> | 2002-02-02 17:20:54 +0100 |
commit | 0b7e9057daceab33b13238f4dea90976b5d2074d (patch) | |
tree | d295db6809e43a22e09e704e8a45bfaf3c10e9cb | |
parent | fa32be64a8781d8c1cdec9b359a2e8fe62668416 (diff) | |
download | vdr-0b7e9057daceab33b13238f4dea90976b5d2074d.tar.gz vdr-0b7e9057daceab33b13238f4dea90976b5d2074d.tar.bz2 |
Introduced 'svdrphosts.conf'
-rw-r--r-- | FORMATS | 20 | ||||
-rw-r--r-- | HISTORY | 3 | ||||
-rw-r--r-- | INSTALL | 5 | ||||
-rw-r--r-- | config.c | 51 | ||||
-rw-r--r-- | config.h | 19 | ||||
-rw-r--r-- | svdrp.c | 14 | ||||
-rw-r--r-- | svdrphosts.conf | 13 | ||||
-rw-r--r-- | vdr.c | 3 |
8 files changed, 122 insertions, 6 deletions
@@ -111,6 +111,26 @@ Video Disk Recorder File Formats 1..9, the command can be selected directly by pressing the respective numerical key on the remote control. +* svdrphosts.conf + + This file contains the IP numbers of all hosts that are allowed to access the + SVDRP port. + + Each line contains one IP number in the format + + IP-Address[/Netmask] + + where 'IP-Address' is the address of a host or a network in the usual dot + separated notation (as in 192.168.100.1). If the optional 'Netmask' is given + only the given number of bits of 'IP-Address' are taken into account. This + allows you to grant SVDRP access to all hosts of an entire network. 'Netmask' + can be any integer from 1 to 32. The special value of 0 is only accepted if + the 'IP-Address' is 0.0.0.0, because this will give access to any host (USE + THIS WITH CARE!). + + Everything following (and including) a '#' character is considered to be + comment. + * marks.vdr This file (if present in a recording directory) contains the editing marks @@ -950,3 +950,6 @@ Video Disk Recorder Revision History thus making it safe to use them in nested 'if/else' statements. - Fixed error handling in establishing an SVDRP connection (thanks to Davide Achilli) for pointing this out). +- The new configuration file 'svdrphosts.conf' is now used to define which + hosts may access the SVDRP port (by default only 'localhost' has access). + See FORMATS for details. @@ -81,6 +81,11 @@ WARNING: DUE TO THE OPEN SVDRP PORT THIS PROGRAM MAY CONSTITUTE A A CONTROLLED ENVIRONMENT, YOU MAY WANT TO DISABLE SVDRP BY USING '--port=0'! +The file 'svdrphosts.conf' can be used to define which hosts are allowed +to access the SVDRP port. By default only localhost (127.0.0.1) is granted +access. If you want to give other hosts access to your SVDRP port you need to +add their IP numbers to 'svdrphosts.conf'. + If the program shall run as a daemon, use the --daemon option. This will completely detach it from the terminal and will continue as a background process. @@ -4,7 +4,7 @@ * See the main source file 'vdr.c' for copyright information and * how to reach the author. * - * $Id: config.c 1.80 2002/02/02 15:57:48 kls Exp $ + * $Id: config.c 1.81 2002/02/02 17:15:03 kls Exp $ */ #include "config.h" @@ -646,6 +646,40 @@ const char *cCommand::Execute(void) return result; } +// -- cSVDRPhost ------------------------------------------------------------- + +cSVDRPhost::cSVDRPhost(void) +{ + addr.s_addr = 0; + mask = 0; +} + +bool cSVDRPhost::Parse(const char *s) +{ + mask = 0xFFFFFFFF; + const char *p = strchr(s, '/'); + if (p) { + char *error = NULL; + int m = strtoul(p + 1, &error, 10); + if (error && !isspace(*error) || m > 32) + return false; + *(char *)p = 0; // yes, we know it's 'const' - will be restored! + if (m == 0) + mask = 0; + else + mask >>= (32 - m); + } + int result = inet_aton(s, &addr); + if (p) + *(char *)p = '/'; // there it is again + return result != 0 && (mask != 0 || addr.s_addr == 0); +} + +bool cSVDRPhost::Accepts(in_addr_t Address) +{ + return (Address & mask) == addr.s_addr; +} + // -- cKeys ------------------------------------------------------------------ cKeys Keys; @@ -778,6 +812,21 @@ cTimer *cTimers::GetNextActiveTimer(void) return t0; } +// -- cSVDRPhosts ------------------------------------------------------------ + +cSVDRPhosts SVDRPhosts; + +bool cSVDRPhosts::Acceptable(in_addr_t Address) +{ + cSVDRPhost *h = First(); + while (h) { + if (h->Accepts(Address)) + return true; + h = (cSVDRPhost *)h->Next(); + } + return false; +} + // -- cSetup ----------------------------------------------------------------- cSetup Setup; @@ -4,12 +4,13 @@ * See the main source file 'vdr.c' for copyright information and * how to reach the author. * - * $Id: config.h 1.91 2002/02/02 15:57:48 kls Exp $ + * $Id: config.h 1.92 2002/02/02 15:59:18 kls Exp $ */ #ifndef __CONFIG_H #define __CONFIG_H +#include <arpa/inet.h> #include <stdio.h> #include <string.h> #include <time.h> @@ -171,6 +172,16 @@ public: const char *Execute(void); }; +class cSVDRPhost : public cListObject { +private: + struct in_addr addr; + in_addr_t mask; +public: + cSVDRPhost(void); + bool Parse(const char *s); + bool Accepts(in_addr_t Address); + }; + template<class T> class cConfig : public cList<T> { private: char *fileName; @@ -268,10 +279,16 @@ public: class cCommands : public cConfig<cCommand> {}; +class cSVDRPhosts : public cConfig<cSVDRPhost> { +public: + bool Acceptable(in_addr_t Address); + }; + extern cChannels Channels; extern cTimers Timers; extern cKeys Keys; extern cCommands Commands; +extern cSVDRPhosts SVDRPhosts; class cSetup { private: @@ -10,7 +10,7 @@ * and interact with the Video Disk Recorder - or write a full featured * graphical interface that sits on top of an SVDRP connection. * - * $Id: svdrp.c 1.29 2002/02/02 13:33:57 kls Exp $ + * $Id: svdrp.c 1.30 2002/02/02 15:59:18 kls Exp $ */ #include "svdrp.h" @@ -101,8 +101,16 @@ int cSocket::Accept(void) struct sockaddr_in clientname; uint size = sizeof(clientname); int newsock = accept(sock, (struct sockaddr *)&clientname, &size); - if (newsock > 0) - isyslog(LOG_INFO, "connect from %s, port %hd", inet_ntoa(clientname.sin_addr), ntohs(clientname.sin_port)); + if (newsock > 0) { + bool accepted = SVDRPhosts.Acceptable(clientname.sin_addr.s_addr); + if (!accepted) { + const char *s = "Access denied!\n"; + write(newsock, s, strlen(s)); + close(newsock); + newsock = -1; + } + isyslog(LOG_INFO, "connect from %s, port %hd - %s", inet_ntoa(clientname.sin_addr), ntohs(clientname.sin_port), accepted ? "accepted" : "DENIED"); + } else if (errno != EINTR && errno != EAGAIN) LOG_ERROR; return newsock; diff --git a/svdrphosts.conf b/svdrphosts.conf new file mode 100644 index 00000000..dec9c42a --- /dev/null +++ b/svdrphosts.conf @@ -0,0 +1,13 @@ +# +# svdrphosts This file describes a number of host addresses that +# are allowed to connect to the SVDRP port of the Video +# Disk Recorder (VDR) running on this system. +# Syntax: +# +# IP-Address[/Netmask] +# + +127.0.0.1 # always accept localhost +#192.168.100.0/24 # any host on the local net +#204.152.189.113 # a specific host +#0.0.0.0/0 # any host on any net (USE THIS WITH CARE!) @@ -22,7 +22,7 @@ * * The project's page is at http://www.cadsoft.de/people/kls/vdr * - * $Id: vdr.c 1.93 2002/01/26 14:07:01 kls Exp $ + * $Id: vdr.c 1.94 2002/02/02 15:59:18 kls Exp $ */ #include <getopt.h> @@ -272,6 +272,7 @@ int main(int argc, char *argv[]) Channels.Load(AddDirectory(ConfigDirectory, "channels.conf")); Timers.Load(AddDirectory(ConfigDirectory, "timers.conf")); Commands.Load(AddDirectory(ConfigDirectory, "commands.conf")); + SVDRPhosts.Load(AddDirectory(ConfigDirectory, "svdrphosts.conf"), true); #if defined(REMOTE_LIRC) Keys.SetDummyValues(); #elif !defined(REMOTE_NONE) |