From 596b4e0b29937a6123b25940621fe17dccbefbb4 Mon Sep 17 00:00:00 2001 From: Jaroslav Kysela Date: Fri, 24 Oct 2014 21:21:42 +0200 Subject: [PATCH] http: return correct error code to obtain authorization, fix http_access_verify_channel - mask check --- src/http.c | 3 +++ src/webui/webui.c | 12 ++++++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/http.c b/src/http.c index 1f42111b..b2e41ccb 100644 --- a/src/http.c +++ b/src/http.c @@ -464,6 +464,9 @@ http_access_verify_channel(http_connection_t *hc, int mask, return -1; } + if (access_verify2(hc->hc_access, mask)) + return -1; + if (channel_access(ch, hc->hc_access, hc->hc_username)) res = 0; return res; diff --git a/src/webui/webui.c b/src/webui/webui.c index fe4685dd..523a4a11 100644 --- a/src/webui/webui.c +++ b/src/webui/webui.c @@ -414,7 +414,7 @@ http_tag_playlist(http_connection_t *hc, channel_tag_t *tag) if(hc->hc_access == NULL || access_verify2(hc->hc_access, ACCESS_STREAMING)) - return HTTP_STATUS_NOT_ALLOWED; + return HTTP_STATUS_UNAUTHORIZED; hq = &hc->hc_reply; host = http_arg_get(&hc->hc_args, "Host"); @@ -453,7 +453,7 @@ http_tag_list_playlist(http_connection_t *hc) if(hc->hc_access == NULL || access_verify2(hc->hc_access, ACCESS_STREAMING)) - return HTTP_STATUS_NOT_ALLOWED; + return HTTP_STATUS_UNAUTHORIZED; hq = &hc->hc_reply; host = http_arg_get(&hc->hc_args, "Host"); @@ -505,7 +505,7 @@ http_channel_list_playlist(http_connection_t *hc) if(hc->hc_access == NULL || access_verify2(hc->hc_access, ACCESS_STREAMING)) - return HTTP_STATUS_NOT_ALLOWED; + return HTTP_STATUS_UNAUTHORIZED; hq = &hc->hc_reply; host = http_arg_get(&hc->hc_args, "Host"); @@ -1061,7 +1061,7 @@ page_play(http_connection_t *hc, const char *remain, void *opaque) (access_verify2(hc->hc_access, ACCESS_STREAMING) && access_verify2(hc->hc_access, ACCESS_ADVANCED_STREAMING) && access_verify2(hc->hc_access, ACCESS_RECORDER))) - return HTTP_STATUS_NOT_ALLOWED; + return HTTP_STATUS_UNAUTHORIZED; playlist = http_arg_get(&hc->hc_req_args, "playlist"); if (playlist) { @@ -1104,7 +1104,7 @@ page_dvrfile(http_connection_t *hc, const char *remain, void *opaque) (access_verify2(hc->hc_access, ACCESS_STREAMING) && access_verify2(hc->hc_access, ACCESS_ADVANCED_STREAMING) && access_verify2(hc->hc_access, ACCESS_RECORDER))) - return HTTP_STATUS_NOT_ALLOWED; + return HTTP_STATUS_UNAUTHORIZED; pthread_mutex_lock(&global_lock); @@ -1228,7 +1228,7 @@ page_imagecache(http_connection_t *hc, const char *remain, void *opaque) access_verify2(hc->hc_access, ACCESS_STREAMING) && access_verify2(hc->hc_access, ACCESS_ADVANCED_STREAMING) && access_verify2(hc->hc_access, ACCESS_RECORDER))) - return HTTP_STATUS_NOT_ALLOWED; + return HTTP_STATUS_UNAUTHORIZED; if(sscanf(remain, "%d", &id) != 1) return HTTP_STATUS_BAD_REQUEST;