d8788062ab
In some use cases, it may be usefull to not allow selection of the DVR configuration for the end-users. Map the DVR configuration by name matching the username for these restricted users (DVR configuration must be identical to the username, otherwise the default configuration is used). Signed-off-by: Jaroslav Kysela <perex@perex.cz>
103 lines
2.5 KiB
C
103 lines
2.5 KiB
C
/*
|
|
* TV headend - Access control
|
|
* Copyright (C) 2008 Andreas Öman
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
#ifndef ACCESS_H_
|
|
#define ACCESS_H_
|
|
|
|
|
|
TAILQ_HEAD(access_entry_queue, access_entry);
|
|
|
|
extern struct access_entry_queue access_entries;
|
|
|
|
typedef struct access_entry {
|
|
char *ae_id;
|
|
|
|
TAILQ_ENTRY(access_entry) ae_link;
|
|
char *ae_username;
|
|
char *ae_password;
|
|
char *ae_comment;
|
|
struct in_addr ae_ip;
|
|
int ae_prefixlen;
|
|
int ae_enabled;
|
|
|
|
|
|
uint32_t ae_rights;
|
|
|
|
uint32_t ae_network; /* derived from ae_ip */
|
|
uint32_t ae_netmask; /* derived from ae_prefixlen */
|
|
} access_entry_t;
|
|
|
|
TAILQ_HEAD(access_ticket_queue, access_ticket);
|
|
|
|
extern struct access_ticket_queue access_tickets;
|
|
|
|
typedef struct access_ticket {
|
|
char *at_id;
|
|
|
|
TAILQ_ENTRY(access_ticket) at_link;
|
|
|
|
gtimer_t at_timer;
|
|
char *at_resource;
|
|
} access_ticket_t;
|
|
|
|
#define ACCESS_STREAMING 0x1
|
|
#define ACCESS_WEB_INTERFACE 0x2
|
|
#define ACCESS_RECORDER 0x4
|
|
#define ACCESS_RECORDER_ALL 0x8
|
|
#define ACCESS_ADMIN 0x10
|
|
#define ACCESS_FULL 0x3f
|
|
|
|
/**
|
|
* Create a new ticket for the requested resource and generate a id for it
|
|
*/
|
|
const char* access_ticket_create(const char *resource);
|
|
|
|
/**
|
|
* Verifies that a given ticket id matches a resource
|
|
*/
|
|
int access_ticket_verify(const char *id, const char *resource);
|
|
|
|
int access_ticket_delete(const char *ticket_id);
|
|
/**
|
|
* Verifies that the given user in combination with the source ip
|
|
* complies with the requested mask
|
|
*
|
|
* Return 0 if access is granted, -1 otherwise
|
|
*/
|
|
int access_verify(const char *username, const char *password,
|
|
struct sockaddr *src, uint32_t mask);
|
|
|
|
/**
|
|
*
|
|
*/
|
|
uint32_t access_get_hashed(const char *username, const uint8_t digest[20],
|
|
const uint8_t *challenge, struct sockaddr *src,
|
|
int *entrymatch);
|
|
|
|
/**
|
|
*
|
|
*/
|
|
uint32_t access_get_by_addr(struct sockaddr *src);
|
|
|
|
|
|
/**
|
|
*
|
|
*/
|
|
void access_init(int createdefault);
|
|
|
|
#endif /* ACCESS_H_ */
|