From: Sven Wegener <sven.wegener@stealer.net>
Date: Tue, 10 Nov 2015 07:28:02 +0000 (+0100)
Subject: http: apply channel check to ticket and credentials
X-Git-Tag: v4.2.1~1609
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1a1d98575954ca43b9b2f089ac2b8ae5d4b75c13;p=thirdparty%2Ftvheadend.git

http: apply channel check to ticket and credentials

Before, if the ticket denied channel access, credentials couldn't be used to
override.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
---

diff --git a/src/http.c b/src/http.c
index ef8604571..f17e7edab 100644
--- a/src/http.c
+++ b/src/http.c
@@ -576,19 +576,25 @@ http_access_verify_channel(http_connection_t *hc, int mask,
   if (ticket)
     http_access_verify_ticket(hc);
 
-  if (hc->hc_access)
+  if (hc->hc_access) {
     res = access_verify2(hc->hc_access, mask);
 
+    if (!res && !channel_access(ch, hc->hc_access, 0))
+      res = -1;
+  }
+
   if (res) {
     access_destroy(hc->hc_access);
     hc->hc_access = access_get(hc->hc_username, hc->hc_password,
                                (struct sockaddr *)hc->hc_peer);
-    if (hc->hc_access)
+    if (hc->hc_access) {
       res = access_verify2(hc->hc_access, mask);
+
+      if (!res && !channel_access(ch, hc->hc_access, 0))
+        res = -1;
+    }
   }
 
-  if (!res && !channel_access(ch, hc->hc_access, 0))
-    res = -1;
 
   return res;
 }