1 /*
2 * TV headend - Access control
3 * Copyright (C) 2008 Andreas Öman
4 *
5 * This program is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation, either version 3 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #ifndef ACCESS_H_
20 #define ACCESS_H_
21
22 #include "idnode.h"
23 #include "htsmsg.h"
24
25 #define ACCESS_DEFAULT_COMMENT "Default access entry"
26 #define ACCESS_WIZARD_COMMENT "Wizard access entry"
27
28 struct profile;
29 struct dvr_config;
30 struct channel_tag;
31
32 TAILQ_HEAD(access_ipmask_queue, access_ipmask);
33
34 TAILQ_HEAD(ipblock_entry_queue, ipblock_entry);
35
36 extern struct ipblock_entry_queue ipblock_entries;
37
38 typedef struct ipblock_entry {
39 idnode_t ib_id;
40
41 TAILQ_ENTRY(ipblock_entry) ib_link;
42
43 int ib_enabled;
44 struct access_ipmask_queue ib_ipmasks;
45 char *ib_comment;
46 } ipblock_entry_t;
47
48 extern const idclass_t ipblock_entry_class;
49
50 TAILQ_HEAD(passwd_entry_queue, passwd_entry);
51
52 extern struct passwd_entry_queue passwd_entries;
53
54 typedef struct passwd_entry {
55 idnode_t pw_id;
56
57 TAILQ_ENTRY(passwd_entry) pw_link;
58
59 char *pw_username;
60 char *pw_password;
61 char *pw_password2;
62
63 int pw_enabled;
64 int pw_wizard;
65
66 char *pw_comment;
67 } passwd_entry_t;
68
69 extern const idclass_t passwd_entry_class;
70
71 typedef struct access_ipmask {
72 TAILQ_ENTRY(access_ipmask) ai_link;
73
74 int ai_family;
75
76 struct in6_addr ai_ip6;
77
78 int ai_prefixlen;
79
80 uint32_t ai_netmask;
81 uint32_t ai_network;
82 } access_ipmask_t;
83
84 TAILQ_HEAD(access_entry_queue, access_entry);
85
86 extern struct access_entry_queue access_entries;
87
88 enum {
89 ACCESS_CONN_LIMIT_TYPE_ALL = 0,
90 ACCESS_CONN_LIMIT_TYPE_STREAMING,
91 ACCESS_CONN_LIMIT_TYPE_DVR,
92 };
93
94 typedef struct access_entry {
95 idnode_t ae_id;
96
97 TAILQ_ENTRY(access_entry) ae_link;
98 char *ae_username;
99 char *ae_comment;
100 char *ae_lang;
101 int ae_change_lang;
102 char *ae_lang_ui;
103 int ae_change_lang_ui;
104 char *ae_theme;
105 int ae_change_theme;
106
107 int ae_index;
108 int ae_wizard;
109 int ae_enabled;
110 int ae_uilevel;
111 int ae_change_uilevel;
112 int ae_uilevel_nochange;
113
114 int ae_streaming;
115 int ae_adv_streaming;
116 int ae_htsp_streaming;
117
118 idnode_list_head_t ae_profiles;
119 int ae_change_profiles;
120
121 int ae_conn_limit_type;
122 uint32_t ae_conn_limit;
123 int ae_change_conn_limit;
124
125 int ae_dvr;
126 int ae_htsp_dvr;
127 int ae_all_dvr;
128 int ae_all_rw_dvr;
129 int ae_failed_dvr;
130
131 int ae_htsp_anonymize;
132
133 idnode_list_head_t ae_dvr_configs;
134 int ae_change_dvr_configs;
135
136 int ae_webui;
137 int ae_admin;
138
139 uint64_t ae_chmin;
140 uint64_t ae_chmax;
141 int ae_change_chrange;
142
143 int ae_chtags_exclude;
144 idnode_list_head_t ae_chtags;
145 int ae_change_chtags;
146
147 int ae_change_rights;
148 uint32_t ae_rights;
149
150 struct access_ipmask_queue ae_ipmasks;
151 } access_entry_t;
152
153 extern const idclass_t access_entry_class;
154
155 typedef struct access {
156 char *aa_username;
157 char *aa_representative;
158 char *aa_lang;
159 char *aa_lang_ui;
160 uint32_t aa_rights;
161 htsmsg_t *aa_profiles;
162 htsmsg_t *aa_dvrcfgs;
163 uint64_t *aa_chrange;
164 int aa_chrange_count;
165 htsmsg_t *aa_chtags;
166 int aa_match;
167 uint32_t aa_conn_limit;
168 uint32_t aa_conn_limit_streaming;
169 uint32_t aa_conn_limit_dvr;
170 uint32_t aa_conn_streaming;
171 uint32_t aa_conn_dvr;
172 int aa_uilevel;
173 int aa_uilevel_nochange;
174 char *aa_theme;
175 } access_t;
176
177 TAILQ_HEAD(access_ticket_queue, access_ticket);
178
179 extern struct access_ticket_queue access_tickets;
180
181 typedef struct access_ticket {
182 char *at_id;
183
184 TAILQ_ENTRY(access_ticket) at_link;
185
186 mtimer_t at_timer;
187 char *at_resource;
188 access_t *at_access;
189 } access_ticket_t;
190
191 #define ACCESS_ANONYMOUS 0
192 #define ACCESS_STREAMING (1<<0)
193 #define ACCESS_ADVANCED_STREAMING (1<<1)
194 #define ACCESS_HTSP_STREAMING (1<<2)
195 #define ACCESS_WEB_INTERFACE (1<<3)
196 #define ACCESS_HTSP_INTERFACE (1<<4)
197 #define ACCESS_RECORDER (1<<5)
198 #define ACCESS_HTSP_RECORDER (1<<6)
199 #define ACCESS_ALL_RECORDER (1<<7)
200 #define ACCESS_ALL_RW_RECORDER (1<<8)
201 #define ACCESS_FAILED_RECORDER (1<<9)
202 #define ACCESS_HTSP_ANONYMIZE (1<<10)
203 #define ACCESS_ADMIN (1<<11)
204 #define ACCESS_OR (1<<30)
205
206 #define ACCESS_FULL \
207 (ACCESS_STREAMING | ACCESS_ADVANCED_STREAMING | \
208 ACCESS_HTSP_STREAMING | ACCESS_WEB_INTERFACE | \
209 ACCESS_RECORDER | ACCESS_HTSP_RECORDER | \
210 ACCESS_ALL_RECORDER | ACCESS_ALL_RW_RECORDER | \
211 ACCESS_FAILED_RECORDER | ACCESS_ADMIN)
212
213 /**
214 * Create a new ticket for the requested resource and generate a id for it
215 */
216 const char* access_ticket_create(const char *resource, access_t *a);
217
218 /**
219 * Verifies that a given ticket id matches a resource
220 */
221 access_t *access_ticket_verify2(const char *id, const char *resource);
222
223 int access_ticket_delete(const char *ticket_id);
224
225 /**
226 * Free the access structure
227 */
228 void access_destroy(access_t *a);
229
230 /**
231 * Copy the access structure
232 */
233 access_t *access_copy(access_t *src);
234
235 /**
236 * Compare the access structures
237 */
238 int access_compare(access_t *a, access_t *b);
239
240 /**
241 *
242 */
243 char *
244 access_get_lang(access_t *a, const char *lang);
245
246 /**
247 *
248 */
249 const char *
250 access_get_theme(access_t *a);
251
252 /**
253 * Verifies that the given user in combination with the source ip
254 * complies with the requested mask
255 *
256 * Return 0 if access is granted, -1 otherwise
257 */
access_verify2(access_t * a,uint32_t mask)258 static inline int access_verify2(access_t *a, uint32_t mask)
259 { return (mask & ACCESS_OR) ?
260 ((a->aa_rights & mask) ? 0 : -1) :
261 ((a->aa_rights & mask) == mask ? 0 : -1); }
262
263 int access_verify_list(htsmsg_t *list, const char *item);
264
265 /**
266 * Get the access structure
267 */
268 typedef int (*verify_callback_t)(void *aux, const char *passwd);
269
270 access_t *access_get(struct sockaddr_storage *src, const char *username,
271 verify_callback_t verify, void *aux);
272
273 /**
274 *
275 */
276 access_t *
277 access_get_by_username(const char *username);
278
279 /**
280 *
281 */
282 access_t *
283 access_get_by_addr(struct sockaddr_storage *src);
284
285 /**
286 *
287 */
288 access_entry_t *
289 access_entry_create(const char *uuid, htsmsg_t *conf);
290
291 /**
292 *
293 */
294 void
295 access_entry_destroy(access_entry_t *ae, int delconf);
296
297 /**
298 *
299 */
300 void
301 access_destroy_by_profile(struct profile *pro, int delconf);
302 void
303 access_destroy_by_dvr_config(struct dvr_config *cfg, int delconf);
304 void
305 access_destroy_by_channel_tag(struct channel_tag *ct, int delconf);
306
307 /**
308 *
309 */
310 passwd_entry_t *
311 passwd_entry_create(const char *uuid, htsmsg_t *conf);
312 void
313 passwd_entry_destroy(passwd_entry_t *ae, int delconf);
314
315 /**
316 *
317 */
318 ipblock_entry_t *
319 ipblock_entry_create(const char *uuid, htsmsg_t *conf);
320
321 /**
322 *
323 */
324 void access_init(int createdefault, int noacl);
325 void access_done(void);
326
327 /**
328 *
329 */
330 htsmsg_t *language_get_list ( void *obj, const char *lang );
331 htsmsg_t *language_get_ui_list ( void *obj, const char *lang );
332 htsmsg_t *theme_get_ui_list ( void *obj, const char *lang );
333 htsmsg_t *user_get_userlist ( void *obj, const char *lang );
334
335 #endif /* ACCESS_H_ */
336