MyFavMirrors
/
owntone-server
mirror of https://github.com/owntone/owntone-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add authentication to web interface, RSP and DAAP

This commit is contained in:
Julien BLACHE 2009-05-01 20:59:32 +02:00
parent dc68de86dd
commit 09ef188d90
3 changed files with 79 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/httpd.c
View File

@ -488,12 +488,36 @@ serve_file(struct evhttp_request *req, char *uri)
char path[PATH_MAX]; char path[PATH_MAX];
char *deref; char *deref;
char *ctype; char *ctype;
char *passwd;
struct evbuffer *evbuf; struct evbuffer *evbuf;
struct stat sb; struct stat sb;
int fd; int fd;
int i; int i;
int ret; int ret;
/* Check authentication */
passwd = cfg_getstr(cfg_getsec(cfg, "general"), "admin_password");
if (passwd)
{
DPRINTF(E_DBG, L_HTTPD, "Checking web interface authentication\n");
ret = httpd_basic_auth(req, "admin", passwd, PACKAGE " web interface");
if (ret != 0)
return;
DPRINTF(E_DBG, L_HTTPD, "Authentication successful\n");
}
else
{
if (strcmp(req->remote_host, "127.0.0.1") != 0)
{
DPRINTF(E_LOG, L_HTTPD, "Remote web interface request denied; no password set\n");
evhttp_send_error(req, 403, "Forbidden");
return;
}
}
ret = snprintf(path, sizeof(path), "%s%s", WEBFACE_ROOT, uri + 1); /* skip starting '/' */ ret = snprintf(path, sizeof(path), "%s%s", WEBFACE_ROOT, uri + 1); /* skip starting '/' */
if ((ret < 0) || (ret >= sizeof(path))) if ((ret < 0) || (ret >= sizeof(path)))
{ {

31
src/httpd_daap.c
View File

@ -1789,6 +1789,9 @@ daap_request(struct evhttp_request *req)
char *uri_parts[7]; char *uri_parts[7];
struct evbuffer *evbuf; struct evbuffer *evbuf;
struct evkeyvalq query; struct evkeyvalq query;
cfg_t *lib;
char *libname;
char *passwd;
int handler; int handler;
int ret; int ret;
int i; int i;
@ -1838,6 +1841,34 @@ daap_request(struct evhttp_request *req)
return; return;
} }
/* Check authentication */
lib = cfg_getnsec(cfg, "library", 0);
passwd = cfg_getstr(lib, "password");
/* No authentication for these URIs */
if ((strcmp(uri, "/server-info") == 0)
|| (strcmp(uri, "/logout") == 0)
|| (strncmp(uri, "/databases/1/items/", strlen("/databases/1/items/")) == 0))
passwd = NULL;
if (passwd)
{
libname = cfg_getstr(lib, "name");
DPRINTF(E_DBG, L_HTTPD, "Checking authentication for library '%s'\n", libname);
/* We don't care about the username */
ret = httpd_basic_auth(req, NULL, passwd, libname);
if (ret != 0)
{
free(uri);
free(full_uri);
return;
}
DPRINTF(E_DBG, L_HTTPD, "Library authentication successful\n");
}
memset(uri_parts, 0, sizeof(uri_parts)); memset(uri_parts, 0, sizeof(uri_parts));
uri_parts[0] = strtok_r(uri, "/", &ptr); uri_parts[0] = strtok_r(uri, "/", &ptr);

24
src/httpd_rsp.c
View File

@ -903,6 +903,9 @@ rsp_request(struct evhttp_request *req)
char *ptr; char *ptr;
char *uri_parts[5]; char *uri_parts[5];
struct evkeyvalq query; struct evkeyvalq query;
cfg_t *lib;
char *libname;
char *passwd;
int handler; int handler;
int i; int i;
int ret; int ret;
@ -952,6 +955,27 @@ rsp_request(struct evhttp_request *req)
return; return;
} }
/* Check authentication */
lib = cfg_getnsec(cfg, "library", 0);
passwd = cfg_getstr(lib, "password");
if (passwd)
{
libname = cfg_getstr(lib, "name");
DPRINTF(E_DBG, L_HTTPD, "Checking authentication for library '%s'\n", libname);
/* We don't care about the username */
ret = httpd_basic_auth(req, NULL, passwd, libname);
if (ret != 0)
{
free(uri);
free(full_uri);
return;
}
DPRINTF(E_DBG, L_HTTPD, "Library authentication successful\n");
}
memset(uri_parts, 0, sizeof(uri_parts)); memset(uri_parts, 0, sizeof(uri_parts));
uri_parts[0] = strtok_r(uri, "/", &ptr); uri_parts[0] = strtok_r(uri, "/", &ptr);