stv0g/tvheadend
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

http: return correct error code to obtain authorization, fix http_access_verify_channel - mask check

Browse source
This commit is contained in:
Jaroslav Kysela 2014-10-24 21:21:42 +02:00
parent 38f73e1c90
commit 596b4e0b29
2 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/http.c
View file

@ -464,6 +464,9 @@ http_access_verify_channel(http_connection_t *hc, int mask,
return -1;
}
if (access_verify2(hc->hc_access, mask))
return -1;
if (channel_access(ch, hc->hc_access, hc->hc_username))
res = 0;
return res;

12
src/webui/webui.c
View file

@ -414,7 +414,7 @@ http_tag_playlist(http_connection_t *hc, channel_tag_t *tag)
if(hc->hc_access == NULL ||
access_verify2(hc->hc_access, ACCESS_STREAMING))
return HTTP_STATUS_NOT_ALLOWED;
return HTTP_STATUS_UNAUTHORIZED;
hq = &hc->hc_reply;
host = http_arg_get(&hc->hc_args, "Host");
@ -453,7 +453,7 @@ http_tag_list_playlist(http_connection_t *hc)
if(hc->hc_access == NULL ||
access_verify2(hc->hc_access, ACCESS_STREAMING))
return HTTP_STATUS_NOT_ALLOWED;
return HTTP_STATUS_UNAUTHORIZED;
hq = &hc->hc_reply;
host = http_arg_get(&hc->hc_args, "Host");
@ -505,7 +505,7 @@ http_channel_list_playlist(http_connection_t *hc)
if(hc->hc_access == NULL ||
access_verify2(hc->hc_access, ACCESS_STREAMING))
return HTTP_STATUS_NOT_ALLOWED;
return HTTP_STATUS_UNAUTHORIZED;
hq = &hc->hc_reply;
host = http_arg_get(&hc->hc_args, "Host");
@ -1061,7 +1061,7 @@ page_play(http_connection_t *hc, const char *remain, void *opaque)
(access_verify2(hc->hc_access, ACCESS_STREAMING) &&
access_verify2(hc->hc_access, ACCESS_ADVANCED_STREAMING) &&
access_verify2(hc->hc_access, ACCESS_RECORDER)))
return HTTP_STATUS_NOT_ALLOWED;
return HTTP_STATUS_UNAUTHORIZED;
playlist = http_arg_get(&hc->hc_req_args, "playlist");
if (playlist) {
@ -1104,7 +1104,7 @@ page_dvrfile(http_connection_t *hc, const char *remain, void *opaque)
(access_verify2(hc->hc_access, ACCESS_STREAMING) &&
access_verify2(hc->hc_access, ACCESS_ADVANCED_STREAMING) &&
access_verify2(hc->hc_access, ACCESS_RECORDER)))
return HTTP_STATUS_NOT_ALLOWED;
return HTTP_STATUS_UNAUTHORIZED;
pthread_mutex_lock(&global_lock);
@ -1228,7 +1228,7 @@ page_imagecache(http_connection_t *hc, const char *remain, void *opaque)
access_verify2(hc->hc_access, ACCESS_STREAMING) &&
access_verify2(hc->hc_access, ACCESS_ADVANCED_STREAMING) &&
access_verify2(hc->hc_access, ACCESS_RECORDER)))
return HTTP_STATUS_NOT_ALLOWED;
return HTTP_STATUS_UNAUTHORIZED;
if(sscanf(remain, "%d", &id) != 1)
return HTTP_STATUS_BAD_REQUEST;