From: Jaroslav Kysela Date: Wed, 27 May 2015 09:23:05 +0000 (+0200) Subject: htsp/access: more empty username checks X-Git-Tag: v4.2.1~2452 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=74782601712ab399941d508ceb3f949e9171d2b5;p=thirdparty%2Ftvheadend.git htsp/access: more empty username checks --- diff --git a/src/access.c b/src/access.c index 2b7c48460..0ac2a5a35 100644 --- a/src/access.c +++ b/src/access.c @@ -475,7 +475,7 @@ access_get(const char *username, const char *password, struct sockaddr *src) access_t *a = calloc(1, sizeof(*a)); access_entry_t *ae; - if (username) { + if (username && username[0]) { a->aa_username = strdup(username); a->aa_representative = strdup(username); } else { @@ -545,7 +545,7 @@ access_get_hashed(const char *username, const uint8_t digest[20], SHA_CTX shactx; uint8_t d[20]; - if (username) { + if (username && username[0]) { a->aa_username = strdup(username); a->aa_representative = strdup(username); } else { @@ -630,6 +630,9 @@ access_get_by_username(const char *username) return a; } + if (username[0] == '\0') + return a; + TAILQ_FOREACH(ae, &access_entries, ae_link) { if(!ae->ae_enabled) diff --git a/src/htsp_server.c b/src/htsp_server.c index 4704dfdb3..1e3c6c87b 100644 --- a/src/htsp_server.c +++ b/src/htsp_server.c @@ -2528,14 +2528,6 @@ htsp_authenticate(htsp_connection_t *htsp, htsmsg_t *m) if((username = htsmsg_get_str(m, "username")) == NULL) return 0; - if(strcmp(htsp->htsp_username ?: "", username)) { - tvhlog(LOG_INFO, "htsp", "%s: Identified as user %s", - htsp->htsp_logname, username); - tvh_str_update(&htsp->htsp_username, username); - htsp_update_logname(htsp); - notify_reload("connections"); - } - if(!htsmsg_get_bin(m, "digest", &digest, &digestlen)) { rights = access_get_hashed(username, digest, htsp->htsp_challenge, @@ -2551,7 +2543,7 @@ htsp_authenticate(htsp_connection_t *htsp, htsmsg_t *m) htsp->htsp_granted_access->aa_rights) != htsp->htsp_granted_access->aa_rights; - tvhlog(LOG_INFO, "htsp", "%s: Identified as user %s", + tvhlog(LOG_INFO, "htsp", "%s: Identified as user '%s'", htsp->htsp_logname, username); tvh_str_update(&htsp->htsp_username, username); htsp_update_logname(htsp); @@ -2563,7 +2555,7 @@ htsp_authenticate(htsp_connection_t *htsp, htsmsg_t *m) } else { - tvhlog(LOG_INFO, "htsp", "%s: Identified as user %s (unverified)", + tvhlog(LOG_INFO, "htsp", "%s: Identified as user '%s' (unverified)", htsp->htsp_logname, username); tvh_str_update(&htsp->htsp_username, username); htsp_update_logname(htsp);