2 This file is part of PulseAudio.
4 Copyright 2004-2006 Lennart Poettering
5 Copyright 2006 Pierre Ossman <ossman@cendio.se> for Cendio AB
7 PulseAudio is free software; you can redistribute it and/or modify
8 it under the terms of the GNU Lesser General Public License as
9 published by the Free Software Foundation; either version 2.1 of the
10 License, or (at your option) any later version.
12 PulseAudio is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public
18 License along with PulseAudio; if not, see <http://www.gnu.org/licenses/>.
25 #include <sys/types.h>
26 #include <sys/types.h>
29 #ifdef HAVE_NETINET_IN_H
30 #include <netinet/in.h>
32 #ifdef HAVE_NETINET_IN_SYSTM_H
33 #include <netinet/in_systm.h>
35 #ifdef HAVE_NETINET_IP_H
36 #include <netinet/ip.h>
39 #include <pulse/xmalloc.h>
41 #include <pulsecore/core-util.h>
42 #include <pulsecore/llist.h>
43 #include <pulsecore/log.h>
44 #include <pulsecore/macro.h>
45 #include <pulsecore/socket.h>
46 #include <pulsecore/arpa-inet.h>
51 PA_LLIST_FIELDS(struct acl_entry);
53 struct in_addr address_ipv4;
55 struct in6_addr address_ipv6;
61 PA_LLIST_HEAD(struct acl_entry, entries);
64 pa_ip_acl* pa_ip_acl_new(const char *s) {
65 const char *state = NULL;
71 acl = pa_xnew(pa_ip_acl, 1);
72 PA_LLIST_HEAD_INIT(struct acl_entry, acl->entries);
74 while ((a = pa_split(s, ";", &state))) {
76 struct acl_entry e, *n;
79 if ((slash = strchr(a, '/'))) {
82 if (pa_atou(slash, &bits) < 0) {
83 pa_log_warn("Failed to parse number of bits: %s", slash);
89 if (inet_pton(AF_INET, a, &e.address_ipv4) > 0) {
91 e.bits = bits == (uint32_t) -1 ? 32 : (int) bits;
94 pa_log_warn("Number of bits out of range: %i", e.bits);
100 if (e.bits < 32 && (uint32_t) (ntohl(e.address_ipv4.s_addr) << e.bits) != 0)
101 pa_log_warn("Host part of ACL entry '%s/%u' is not zero!", a, e.bits);
104 } else if (inet_pton(AF_INET6, a, &e.address_ipv6) > 0) {
106 e.bits = bits == (uint32_t) -1 ? 128 : (int) bits;
109 pa_log_warn("Number of bits out of range: %i", e.bits);
117 for (i = 0, bits = (uint32_t) e.bits; i < 16; i++) {
122 if ((uint8_t) ((e.address_ipv6.s6_addr[i]) << bits) != 0) {
131 pa_log_warn("Host part of ACL entry '%s/%u' is not zero!", a, e.bits);
136 pa_log_warn("Failed to parse address: %s", a);
140 n = pa_xmemdup(&e, sizeof(struct acl_entry));
141 PA_LLIST_PREPEND(struct acl_entry, acl->entries, n);
155 void pa_ip_acl_free(pa_ip_acl *acl) {
158 while (acl->entries) {
159 struct acl_entry *e = acl->entries;
160 PA_LLIST_REMOVE(struct acl_entry, acl->entries, e);
167 int pa_ip_acl_check(pa_ip_acl *acl, int fd) {
168 struct sockaddr_storage sa;
176 if (getpeername(fd, (struct sockaddr*) &sa, &salen) < 0)
180 if (sa.ss_family != AF_INET && sa.ss_family != AF_INET6)
182 if (sa.ss_family != AF_INET)
186 if (sa.ss_family == AF_INET && salen != sizeof(struct sockaddr_in))
190 if (sa.ss_family == AF_INET6 && salen != sizeof(struct sockaddr_in6))
194 for (e = acl->entries; e; e = e->next) {
196 if (e->family != sa.ss_family)
199 if (e->family == AF_INET) {
200 struct sockaddr_in *sai = (struct sockaddr_in*) &sa;
202 if (e->bits == 0 || /* this needs special handling because >> takes the right-hand side modulo 32 */
203 (ntohl(sai->sin_addr.s_addr ^ e->address_ipv4.s_addr) >> (32 - e->bits)) == 0)
206 } else if (e->family == AF_INET6) {
208 struct sockaddr_in6 *sai = (struct sockaddr_in6*) &sa;
211 return memcmp(&sai->sin6_addr, &e->address_ipv6, 16) == 0;
216 for (i = 0, bits = e->bits; i < 16; i++) {
219 if (sai->sin6_addr.s6_addr[i] != e->address_ipv6.s6_addr[i])
224 if ((sai->sin6_addr.s6_addr[i] ^ e->address_ipv6.s6_addr[i]) >> (8 - bits) != 0)