From: Jaroslav Kysela <perex@perex.cz>
Date: Tue, 20 Nov 2018 22:00:58 +0000 (+0100)
Subject: http: rewrite again the access verification routines, fixes #5339
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb329606ba8aa21736367296e795d9b53f3b5df1;p=thirdparty%2Ftvheadend.git

http: rewrite again the access verification routines, fixes #5339
---

diff --git a/src/http.c b/src/http.c
index a5ada85d2..bd2510e9f 100644
--- a/src/http.c
+++ b/src/http.c
@@ -1097,33 +1097,32 @@ int
 http_access_verify(http_connection_t *hc, int mask)
 {
   struct http_verify_structure v;
-  int res = -1;
-
-  if (hc->hc_access == NULL) {
-    http_access_verify_ticket(hc);
-    if (hc->hc_access)
-      res = access_verify2(hc->hc_access, mask);
-    if (res) {
-      http_access_verify_auth(hc);
-      if (hc->hc_access)
-        res = access_verify2(hc->hc_access, mask);
-    }
-  }
 
-  if (res) {
-    access_destroy(hc->hc_access);
-    if (http_verify_prepare(hc, &v)) {
-      hc->hc_access = NULL;
-      return -1;
-    }
-    hc->hc_access = access_get(hc->hc_peer, hc->hc_username,
-                               http_verify_callback, &v);
-    http_verify_free(&v);
-    if (hc->hc_access)
-      res = access_verify2(hc->hc_access, mask);
+  /* quick path */
+  if (hc->hc_access)
+    return access_verify2(hc->hc_access, mask);
+
+  /* tickets */
+  http_access_verify_ticket(hc);
+  if (hc->hc_access && !access_verify2(hc->hc_access, mask))
+    return 0;
+
+  http_access_verify_auth(hc);
+  if (hc->hc_access && !access_verify2(hc->hc_access, mask))
+    return 0;
+
+  access_destroy(hc->hc_access);
+  if (http_verify_prepare(hc, &v)) {
+    hc->hc_access = NULL;
+    return -1;
   }
+  hc->hc_access = access_get(hc->hc_peer, hc->hc_username,
+                             http_verify_callback, &v);
+  http_verify_free(&v);
+  if (hc->hc_access)
+    return access_verify2(hc->hc_access, mask);
 
-  return res;
+  return -1;
 }
 
 /**
@@ -1133,18 +1132,10 @@ int
 http_access_verify_channel(http_connection_t *hc, int mask,
                            struct channel *ch)
 {
-  int res = 0;
-
-  if (hc->hc_access == NULL) {
-    res = http_access_verify(hc, mask);
-    if (res)
-      return res;
-  }
-
-  if (!channel_access(ch, hc->hc_access, 0))
-    res = -1;
+  if (http_access_verify(hc, mask))
+    return -1;
 
-  return res;
+  return channel_access(ch, hc->hc_access, 0) ? 0 : -1;
 }
 
 /**