/* only called for native icecast source clients */
static void _handle_source_request (client_t *client, const char *uri)
{
INFO1("Source logging in at mountpoint \"%s\"", uri);
if (uri[0] != '/')
{
WARN0 ("source mountpoint not starting with /");
client_send_401 (client);
return;
}
switch (client_check_source_auth (client, uri))
{
case 0: /* authenticated from config file */
source_startup (client, uri, ICECAST_SOURCE_AUTH);
break;
case 1: /* auth pending */
break;
default: /* failed */
INFO1("Source (%s) attempted to login with invalid or missing password", uri);
client_send_401(client);
break;
}
}
static void _handle_source_request (client_t *client, char *uri, int auth_style)
{
source_t *source;
INFO1("Source logging in at mountpoint \"%s\"", uri);
if (uri[0] != '/')
{
WARN0 ("source mountpoint not starting with /");
client_send_401 (client);
return;
}
if (auth_style == ICECAST_SOURCE_AUTH) {
if (connection_check_source_pass (client->parser, uri) == 0)
{
/* We commonly get this if the source client is using the wrong
* protocol: attempt to diagnose this and return an error
*/
/* TODO: Do what the above comment says */
INFO1("Source (%s) attempted to login with invalid or missing password", uri);
client_send_401(client);
return;
}
}
source = source_reserve (uri);
if (source)
{
if (auth_style == SHOUTCAST_SOURCE_AUTH) {
source->shoutcast_compat = 1;
}
source->client = client;
source->parser = client->parser;
source->con = client->con;
if (connection_complete_source (source, 1) < 0)
{
source_clear_source (source);
source_free_source (source);
}
else
{
refbuf_t *ok = refbuf_new (PER_CLIENT_REFBUF_SIZE);
client->respcode = 200;
snprintf (ok->data, PER_CLIENT_REFBUF_SIZE,
"HTTP/1.0 200 OK\r\n\r\n");
ok->len = strlen (ok->data);
/* we may have unprocessed data read in, so don't overwrite it */
ok->associated = client->refbuf;
client->refbuf = ok;
fserve_add_client_callback (client, source_client_callback, source);
}
}
else
{
client_send_404 (client, "Mountpoint in use");
WARN1 ("Mountpoint %s in use", uri);
}
}
static int auth_postprocess_listener (auth_client *auth_user)
{
int ret;
client_t *client = auth_user->client;
auth_t *auth = auth_user->auth;
ice_config_t *config;
mount_proxy *mountinfo;
const char *mount = auth_user->mount;
if (client == NULL)
return 0;
if ((client->flags & CLIENT_AUTHENTICATED) == 0)
{
/* auth failed so do we place the listener elsewhere */
auth_user->client = NULL;
if (auth->rejected_mount)
mount = auth->rejected_mount;
else
{
client_send_401 (client, auth_user->auth->realm);
return -1;
}
}
config = config_get_config();
mountinfo = config_find_mount (config, mount);
ret = add_authenticated_listener (mount, mountinfo, client);
config_release_config();
auth_user->client = NULL;
return ret;
}
static void _handle_source_request(connection_t *con,
http_parser_t *parser, char *uri)
{
client_t *client;
source_t *source;
client = client_create(con, parser);
INFO1("Source logging in at mountpoint \"%s\"", uri);
if (uri[0] != '/')
{
WARN0 ("source mountpoint not starting with /");
client_send_401 (client);
return;
}
if (!connection_check_source_pass(parser, uri)) {
/* We commonly get this if the source client is using the wrong
* protocol: attempt to diagnose this and return an error
*/
/* TODO: Do what the above comment says */
INFO1("Source (%s) attempted to login with invalid or missing password", uri);
client_send_401(client);
return;
}
source = source_reserve (uri);
if (source)
{
source->client = client;
source->parser = parser;
source->con = con;
if (connection_complete_source (source) < 0)
{
source->client = NULL;
source_free_source (source);
}
else
thread_create ("Source Thread", source_client_thread,
source, THREAD_DETACHED);
}
else
{
client_send_404 (client, "Mountpoint in use");
WARN1 ("Mountpoint %s in use", uri);
}
}
static void auth_client_free (auth_client *auth_user)
{
if (auth_user == NULL)
return;
if (auth_user->client)
{
client_t *client = auth_user->client;
client_send_401 (client, auth_user->auth->realm);
auth_user->client = NULL;
}
free (auth_user->hostname);
free (auth_user->mount);
free (auth_user);
}
int auth_postprocess_listener (auth_client *auth_user)
{
int ret;
client_t *client = auth_user->client;
ice_config_t *config = config_get_config();
mount_proxy *mountinfo = config_find_mount (config, auth_user->mount, MOUNT_TYPE_NORMAL);
ret = add_authenticated_listener (auth_user->mount, mountinfo, client);
config_release_config();
if (ret < 0)
client_send_401 (auth_user->client);
auth_user->client = NULL;
return ret;
}
static void auth_client_free (auth_client *auth_user)
{
if (auth_user == NULL)
return;
if (auth_user->client)
{
client_t *client = auth_user->client;
if (client->respcode)
client_destroy (client);
else
client_send_401 (client);
auth_user->client = NULL;
}
free (auth_user->mount);
free (auth_user);
}
static void _handle_stats_request (client_t *client, char *uri)
{
stats_event_inc(NULL, "stats_connections");
if (connection_check_admin_pass (client->parser) == 0)
{
client_send_401 (client);
ERROR0("Bad password for stats connection");
return;
}
client->respcode = 200;
snprintf (client->refbuf->data, PER_CLIENT_REFBUF_SIZE,
"HTTP/1.0 200 OK\r\n\r\n");
client->refbuf->len = strlen (client->refbuf->data);
fserve_add_client_callback (client, stats_callback, NULL);
}
static void auth_client_free (auth_client *auth_user)
{
if (auth_user == NULL)
return;
if (auth_user->client)
{
client_t *client = auth_user->client;
if (client->respcode)
client->connection.error = 1;
client_send_401 (client, auth_user->auth->realm);
auth_user->client = NULL;
}
free (auth_user->hostname);
free (auth_user->mount);
free (auth_user);
}
static int admin_handle_general_request (client_t *client, const char *uri)
{
struct admin_command *cmd;
if ((client->flags & CLIENT_AUTHENTICATED) == 0)
{
INFO1("Bad or missing password on admin command request (%s)", uri);
return client_send_401 (client, NULL);
}
cmd = find_admin_command (admin_general, uri);
if (cmd == NULL)
{
INFO1 ("processing file %s", uri);
return command_stats (client, uri);
}
if (cmd->handle.general == NULL)
return client_send_400 (client, "unknown request");
return cmd->handle.general (client, cmd->response);
}
/* Add a listener. Check for any mount information that states any
* authentication to be used.
*/
int auth_add_listener (const char *mount, client_t *client)
{
int ret = 0, need_auth = 1;
ice_config_t *config = config_get_config();
mount_proxy *mountinfo = config_find_mount (config, mount);
if (client->flags & CLIENT_AUTHENTICATED)
need_auth = 0;
else
{
const char *range = httpp_getvar (client->parser, "range");
if (range)
{
uint64_t pos1 = 0, pos2 = (uint64_t)-1;
if (strncmp (range, "bytes=", 6) == 0)
{
if (sscanf (range+6, "-%" SCNuMAX, &pos2) < 1)
if (sscanf (range+6, "%" SCNuMAX "-%" SCNuMAX, &pos1, &pos2) < 1)
pos2 = 0;
}
else
pos2 = 0;
if (pos2 > 0 && pos1 < pos2)
{
client->intro_offset = pos1;
client->connection.discon.offset = pos2;
client->flags |= CLIENT_RANGE_END;
if (pos2 - pos1 < 10)
need_auth = 0; // avoid auth check if range is very small, player hack
}
else
WARN2 ("client range invalid (%" PRIu64 ", %" PRIu64 "), ignoring", pos1, pos2);
}
}
if (client->parser->req_type == httpp_req_head)
{
client->flags &= ~CLIENT_AUTHENTICATED;
need_auth = 0;
}
if (need_auth)
{
if (mountinfo)
{
auth_t *auth = mountinfo->auth;
if (mountinfo->skip_accesslog)
client->flags |= CLIENT_SKIP_ACCESSLOG;
if (mountinfo->ban_client)
{
if (mountinfo->ban_client < 0)
client->flags |= CLIENT_IP_BAN_LIFT;
connection_add_banned_ip (client->connection.ip, mountinfo->ban_client);
}
if (mountinfo->no_mount)
{
config_release_config ();
return client_send_403 (client, "mountpoint unavailable");
}
if (mountinfo->redirect)
{
char buffer [4096] = "";
unsigned int len = sizeof buffer;
if (util_expand_pattern (mount, mountinfo->redirect, buffer, &len) == 0)
{
config_release_config ();
return client_send_302 (client, buffer);
}
WARN3 ("failed to expand %s on %s for %s", mountinfo->redirect, mountinfo->mountname, mount);
return client_send_501 (client);
}
do
{
if (auth == NULL) break;
if ((auth->flags & AUTH_RUNNING) == 0) break;
if (auth->pending_count > 400)
{
if (auth->flags & AUTH_SKIP_IF_SLOW) break;
config_release_config ();
WARN0 ("too many clients awaiting authentication");
if (global.new_connections_slowdown < 10)
global.new_connections_slowdown++;
return client_send_403 (client, "busy, please try again later");
}
if (auth->authenticate)
{
auth_client *auth_user = auth_client_setup (mount, client);
auth_user->process = auth_new_listener;
client->flags &= ~CLIENT_ACTIVE;
DEBUG0 ("adding client for authentication");
queue_auth_client (auth_user, mountinfo);
config_release_config ();
return 0;
}
} while (0);
}
else
{
if (strcmp (mount, "/admin/streams") == 0)
{
config_release_config ();
return client_send_401 (client, NULL);
}
}
}
ret = add_authenticated_listener (mount, mountinfo, client);
config_release_config ();
return ret;
}
void admin_handle_request(client_t *client, const char *uri)
{
const char *mount, *command_string;
int command;
DEBUG1("Admin request (%s)", uri);
if (!((strcmp(uri, "/admin.cgi") == 0) ||
(strncmp("/admin/", uri, 7) == 0))) {
ERROR0("Internal error: admin request isn't");
client_send_401(client);
return;
}
if (strcmp(uri, "/admin.cgi") == 0) {
command_string = uri + 1;
}
else {
command_string = uri + 7;
}
DEBUG1("Got command (%s)", command_string);
command = admin_get_command(command_string);
if(command < 0) {
ERROR1("Error parsing command string or unrecognised command: %s",
command_string);
client_send_400(client, "Unrecognised command");
return;
}
if (command == COMMAND_SHOUTCAST_METADATA_UPDATE) {
ice_config_t *config;
const char *sc_mount;
const char *pass = httpp_get_query_param (client->parser, "pass");
listener_t *listener;
if (pass == NULL)
{
client_send_400 (client, "missing pass parameter");
return;
}
config = config_get_config ();
sc_mount = config->shoutcast_mount;
listener = config_get_listen_sock (config, client->con);
if (listener && listener->shoutcast_mount)
sc_mount = listener->shoutcast_mount;
httpp_set_query_param (client->parser, "mount", sc_mount);
httpp_setvar (client->parser, HTTPP_VAR_PROTOCOL, "ICY");
httpp_setvar (client->parser, HTTPP_VAR_ICYPASSWORD, pass);
config_release_config ();
}
mount = httpp_get_query_param(client->parser, "mount");
if(mount != NULL) {
source_t *source;
/* this request does not require auth but can apply to files on webroot */
if (command == COMMAND_BUILDM3U)
{
command_buildm3u (client, mount);
return;
}
/* This is a mount request, handle it as such */
if (!connection_check_admin_pass(client->parser))
{
if (!connection_check_source_pass(client->parser, mount))
{
INFO1("Bad or missing password on mount modification admin "
"request (command: %s)", command_string);
client_send_401(client);
return;
}
}
avl_tree_rlock(global.source_tree);
source = source_find_mount_raw(mount);
if (source == NULL)
{
WARN2("Admin command %s on non-existent source %s",
command_string, mount);
avl_tree_unlock(global.source_tree);
client_send_400(client, "Source does not exist");
}
else
{
if (source->running == 0 && source->on_demand == 0)
{
avl_tree_unlock (global.source_tree);
INFO2("Received admin command %s on unavailable mount \"%s\"",
command_string, mount);
client_send_400 (client, "Source is not available");
return;
}
if (command == COMMAND_SHOUTCAST_METADATA_UPDATE &&
source->shoutcast_compat == 0)
{
avl_tree_unlock (global.source_tree);
ERROR0 ("illegal change of metadata on non-shoutcast "
"compatible stream");
client_send_400 (client, "illegal metadata call");
return;
}
INFO2("Received admin command %s on mount \"%s\"",
command_string, mount);
admin_handle_mount_request(client, source, command);
avl_tree_unlock(global.source_tree);
}
}
else {
if (command == COMMAND_PLAINTEXT_LISTSTREAM) {
/* this request is used by a slave relay to retrieve
mounts from the master, so handle this request
validating against the relay password */
if(!connection_check_relay_pass(client->parser)) {
INFO1("Bad or missing password on admin command "
"request (command: %s)", command_string);
client_send_401(client);
return;
}
}
else {
if(!connection_check_admin_pass(client->parser)) {
INFO1("Bad or missing password on admin command "
"request (command: %s)", command_string);
client_send_401(client);
return;
}
}
admin_handle_general_request(client, command);
}
}
int admin_handle_request (client_t *client, const char *uri)
{
const char *mount = httpp_get_query_param(client->parser, "mount");
if (strcmp (uri, "/admin.cgi") == 0)
{
const char *pass = httpp_get_query_param (client->parser, "pass");
if (pass == NULL)
return client_send_400 (client, "missing pass parameter");
uri++;
if (mount == NULL)
{
if (client->server_conn && client->server_conn->shoutcast_mount)
httpp_set_query_param (client->parser, "mount",
client->server_conn->shoutcast_mount);
mount = httpp_get_query_param (client->parser, "mount");
}
httpp_setvar (client->parser, HTTPP_VAR_PROTOCOL, "ICY");
httpp_setvar (client->parser, HTTPP_VAR_ICYPASSWORD, pass);
client->username = strdup ("source");
client->password = strdup (pass);
}
else
uri += 7;
if (connection_check_admin_pass (client->parser))
client->flags |= CLIENT_AUTHENTICATED;
else
{
/* special case for slaves requesting a streamlist for authenticated relaying */
if (strcmp (uri, "streams") == 0 || strcmp (uri, "streamlist.txt") == 0)
{
if (connection_check_relay_pass (client->parser))
client->flags |= CLIENT_AUTHENTICATED;
}
}
if (mount)
{
/* no auth/stream required for this */
if (strcmp (uri, "buildm3u") == 0)
return command_buildm3u (client, mount);
if (strcmp (uri, "showimage") == 0)
return command_show_image (client, mount);
/* This is a mount request, but admin user is allowed */
if ((client->flags & CLIENT_AUTHENTICATED) == 0)
{
switch (auth_check_source (client, mount))
{
case 0:
break;
default:
INFO1("Bad or missing password on mount modification "
"admin request (%s)", uri);
return client_send_401 (client, NULL);
/* fall through */
case 1:
return 0;
}
}
if (strcmp (uri, "streams") == 0)
return auth_add_listener ("/admin/streams", client);
return admin_mount_request (client, uri);
}
return admin_handle_general_request (client, uri);
}
/* Add a listener. Check for any mount information that states any
* authentication to be used.
*/
int auth_add_listener (const char *mount, client_t *client)
{
int ret = 0;
ice_config_t *config = config_get_config();
mount_proxy *mountinfo = config_find_mount (config, mount);
if ((client->flags & CLIENT_AUTHENTICATED) == 0)
{
if (mountinfo)
{
auth_t *auth = mountinfo->auth;
if (mountinfo->skip_accesslog)
client->flags |= CLIENT_SKIP_ACCESSLOG;
if (mountinfo->ban_client)
{
if (mountinfo->ban_client < 0)
client->flags |= CLIENT_IP_BAN_LIFT;
connection_add_banned_ip (client->connection.ip, mountinfo->ban_client);
}
if (mountinfo->no_mount)
{
config_release_config ();
return client_send_403 (client, "mountpoint unavailable");
}
if (mountinfo->redirect)
{
int len = strlen (mountinfo->redirect) + strlen (mount) + 3;
char *addr = alloca (len);
snprintf (addr, len, "%s%s", mountinfo->redirect, mount);
config_release_config ();
return client_send_302 (client, addr);
}
do
{
if (auth == NULL) break;
if ((auth->flags & AUTH_RUNNING) == 0) break;
if (auth->pending_count > 400)
{
if (auth->flags & AUTH_SKIP_IF_SLOW) break;
config_release_config ();
WARN0 ("too many clients awaiting authentication");
if (global.new_connections_slowdown < 10)
global.new_connections_slowdown++;
return client_send_403 (client, "busy, please try again later");
}
if (auth->authenticate)
{
auth_client *auth_user = auth_client_setup (mount, client);
auth_user->process = auth_new_listener;
client->flags &= ~CLIENT_ACTIVE;
DEBUG0 ("adding client for authentication");
queue_auth_client (auth_user, mountinfo);
config_release_config ();
return 0;
}
} while (0);
}
else
{
if (strcmp (mount, "/admin/streams") == 0)
{
config_release_config ();
return client_send_401 (client, NULL);
}
}
}
ret = add_authenticated_listener (mount, mountinfo, client);
config_release_config ();
return ret;
}
static void _handle_get_request(connection_t *con,
http_parser_t *parser, char *passed_uri)
{
char *fullpath;
client_t *client;
int bytes;
struct stat statbuf;
source_t *source;
int fileserve;
char *host;
int port;
int i;
char *serverhost = NULL;
int serverport = 0;
aliases *alias;
ice_config_t *config;
int client_limit;
int ret;
char *uri = passed_uri;
config = config_get_config();
fileserve = config->fileserve;
host = config->hostname;
port = config->port;
for(i = 0; i < MAX_LISTEN_SOCKETS; i++) {
if(global.serversock[i] == con->serversock) {
serverhost = config->listeners[i].bind_address;
serverport = config->listeners[i].port;
break;
}
}
alias = config->aliases;
client_limit = config->client_limit;
/* there are several types of HTTP GET clients
** media clients, which are looking for a source (eg, URI = /stream.ogg)
** stats clients, which are looking for /admin/stats.xml
** and directory server authorizers, which are looking for /GUID-xxxxxxxx
** (where xxxxxx is the GUID in question) - this isn't implemented yet.
** we need to handle the latter two before the former, as the latter two
** aren't subject to the limits.
*/
/* TODO: add GUID-xxxxxx */
/* Handle aliases */
while(alias) {
if(strcmp(uri, alias->source) == 0 && (alias->port == -1 || alias->port == serverport) && (alias->bind_address == NULL || (serverhost != NULL && strcmp(alias->bind_address, serverhost) == 0))) {
uri = strdup (alias->destination);
DEBUG2 ("alias has made %s into %s", passed_uri, uri);
break;
}
alias = alias->next;
}
config_release_config();
/* make a client */
client = client_create(con, parser);
stats_event_inc(NULL, "client_connections");
/* Dispatch all admin requests */
if (strncmp(uri, "/admin/", 7) == 0) {
admin_handle_request(client, uri);
if (uri != passed_uri) free (uri);
return;
}
/* Here we are parsing the URI request to see
** if the extension is .xsl, if so, then process
** this request as an XSLT request
*/
fullpath = util_get_path_from_normalised_uri(uri);
if (util_check_valid_extension(fullpath) == XSLT_CONTENT) {
/* If the file exists, then transform it, otherwise, write a 404 */
if (stat(fullpath, &statbuf) == 0) {
DEBUG0("Stats request, sending XSL transformed stats");
client->respcode = 200;
bytes = sock_write(client->con->sock,
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n");
if(bytes > 0) client->con->sent_bytes = bytes;
stats_transform_xslt(client, fullpath);
client_destroy(client);
}
else {
client_send_404(client, "The file you requested could not be found");
}
free(fullpath);
if (uri != passed_uri) free (uri);
return;
}
else if(fileserve && stat(fullpath, &statbuf) == 0 &&
#ifdef _WIN32
((statbuf.st_mode) & _S_IFREG))
#else
S_ISREG(statbuf.st_mode))
#endif
{
fserve_client_create(client, fullpath);
free(fullpath);
if (uri != passed_uri) free (uri);
return;
}
free(fullpath);
if(strcmp(util_get_extension(uri), "m3u") == 0) {
char *sourceuri = strdup(uri);
char *dot = strrchr(sourceuri, '.');
*dot = 0;
client->respcode = 200;
bytes = sock_write(client->con->sock,
"HTTP/1.0 200 OK\r\n"
"Content-Type: audio/x-mpegurl\r\n\r\n"
"http://%s:%d%s\r\n",
host,
port,
sourceuri
);
if(bytes > 0) client->con->sent_bytes = bytes;
client_destroy(client);
free(sourceuri);
if (uri != passed_uri) free (uri);
return;
}
global_lock();
if (global.clients >= client_limit) {
global_unlock();
client_send_404(client,
"The server is already full. Try again later.");
if (uri != passed_uri) free (uri);
return;
}
global_unlock();
avl_tree_rlock(global.source_tree);
source = source_find_mount(uri);
if (source) {
DEBUG0("Source found for client");
/* The source may not be the requested source - it might have gone
* via one or more fallbacks. We only reject it for no-mount if it's
* the originally requested source
*/
if(strcmp(uri, source->mount) == 0 && source->no_mount) {
avl_tree_unlock(global.source_tree);
client_send_404(client, "This mount is unavailable.");
if (uri != passed_uri) free (uri);
return;
}
if (source->running == 0)
{
avl_tree_unlock(global.source_tree);
DEBUG0("inactive source, client dropped");
client_send_404(client, "This mount is unavailable.");
if (uri != passed_uri) free (uri);
return;
}
/* Check for any required authentication first */
if(source->authenticator != NULL) {
ret = auth_check_client(source, client);
if(ret != AUTH_OK) {
avl_tree_unlock(global.source_tree);
if (ret == AUTH_FORBIDDEN) {
INFO1("Client attempted to log multiple times to source "
"(\"%s\")", uri);
client_send_403(client);
}
else {
/* If not FORBIDDEN, default to 401 */
INFO1("Client attempted to log in to source (\"%s\")with "
"incorrect or missing password", uri);
client_send_401(client);
}
if (uri != passed_uri) free (uri);
return;
}
}
/* And then check that there's actually room in the server... */
global_lock();
if (global.clients >= client_limit) {
global_unlock();
avl_tree_unlock(global.source_tree);
client_send_404(client,
"The server is already full. Try again later.");
if (uri != passed_uri) free (uri);
return;
}
/* Early-out for per-source max listeners. This gets checked again
* by the source itself, later. This route gives a useful message to
* the client, also.
*/
else if(source->max_listeners != -1 &&
source->listeners >= source->max_listeners)
{
global_unlock();
avl_tree_unlock(global.source_tree);
client_send_404(client,
"Too many clients on this mountpoint. Try again later.");
if (uri != passed_uri) free (uri);
return;
}
global.clients++;
global_unlock();
source->format->create_client_data (source, client);
source->format->client_send_headers(source->format, source, client);
bytes = sock_write(client->con->sock, "\r\n");
if(bytes > 0) client->con->sent_bytes += bytes;
sock_set_blocking(client->con->sock, SOCK_NONBLOCK);
sock_set_nodelay(client->con->sock);
avl_tree_wlock(source->pending_tree);
avl_insert(source->pending_tree, (void *)client);
avl_tree_unlock(source->pending_tree);
}
avl_tree_unlock(global.source_tree);
if (!source) {
DEBUG0("Source not found for client");
client_send_404(client, "The source you requested could not be found.");
}
if (uri != passed_uri) free (uri);
}