diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2009-01-31 22:06:31 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2009-01-31 22:06:31 +0000 |
| commit | c0916ab7e99eb1b71eec4a6ec6813cf67afc191d (patch) | |
| tree | ca83570353885854cdcbe9351beebeb092084df7 | |
| parent | 2ad68e2692c50fff6c50db6503e255e18a333c80 (diff) | |
| download | ampache-c0916ab7e99eb1b71eec4a6ec6813cf67afc191d.tar.gz ampache-c0916ab7e99eb1b71eec4a6ec6813cf67afc191d.tar.bz2 ampache-c0916ab7e99eb1b71eec4a6ec6813cf67afc191d.zip | |
Add in IPv6 support to the ACLs and start work on the wizards for adding ACL entries. Access Control broken in this revision due to missing DB update
| -rw-r--r-- | admin/access.php | 12 | ||||
| -rw-r--r-- | config/ampache.cfg.php.dist | 4 | ||||
| -rwxr-xr-x | docs/CHANGELOG | 2 | ||||
| -rw-r--r-- | images/icon_key.png | bin | 0 -> 612 bytes | |||
| -rw-r--r-- | lib/class/access.class.php | 57 | ||||
| -rw-r--r-- | lib/class/update.class.php | 74 | ||||
| -rw-r--r-- | lib/init.php | 6 | ||||
| -rw-r--r-- | templates/show_access_list.inc.php | 49 | ||||
| -rw-r--r-- | templates/show_user.inc.php | 2 |
9 files changed, 159 insertions, 47 deletions
diff --git a/admin/access.php b/admin/access.php index f9c73def..02606c66 100644 --- a/admin/access.php +++ b/admin/access.php @@ -1,7 +1,7 @@ <?php /* - Copyright (c) 2001 - 2007 Ampache.org + Copyright (c) Ampache.org All rights reserved. This program is free software; you can redistribute it and/or @@ -44,7 +44,15 @@ switch ($_REQUEST['action']) { $access->update($_POST); show_confirmation(_('Updated'),_('Access List Entry updated'),'admin/access.php'); break; - case 'show_add_host': + case 'show_add_current': + + break; + case 'show_add_rpc': + break; + case 'show_add_local': + + break; + case 'show_add_advanced': require_once Config::get('prefix') . '/templates/show_add_access.inc.php'; break; case 'show_edit_record': diff --git a/config/ampache.cfg.php.dist b/config/ampache.cfg.php.dist index aee45cb9..ff7a2fea 100644 --- a/config/ampache.cfg.php.dist +++ b/config/ampache.cfg.php.dist @@ -104,8 +104,8 @@ catalog_prefix_pattern = "The|An|A|Die|Das|Ein|Eine|Les|Le|La" ; and only allow streaming/downloading/xml-rpc from known hosts xml-rpc ; will not work without this on. ; NOTE: Default Behavior is DENY FROM ALL -; DEFAULT: false -;access_control = "false" +; DEFAULT: true +access_control = "true" ; Require Session ; If this is set to true ampache will make sure that the URL passed when diff --git a/docs/CHANGELOG b/docs/CHANGELOG index 3e3820c4..4e3dc091 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,6 +4,8 @@ -------------------------------------------------------------------------- v.3-5-Alpha2 + - Fixed sorting issue on artist when using search method + - Updated flash player to 5.9.5 - Fixed bug where you admins couldn't edit preferences of users due to missing 'key' on form - Added Mime type to Song XML diff --git a/images/icon_key.png b/images/icon_key.png Binary files differnew file mode 100644 index 00000000..4ec1a928 --- /dev/null +++ b/images/icon_key.png diff --git a/lib/class/access.class.php b/lib/class/access.class.php index 006bfb2c..9f8e6016 100644 --- a/lib/class/access.class.php +++ b/lib/class/access.class.php @@ -34,6 +34,7 @@ class Access { public $user; public $type; public $key; + public $enabled; /** * constructor @@ -73,6 +74,21 @@ class Access { } // _get_info /** + * format + * This makes the Access object a nice fuzzy human readable object, spiffy ain't it. + */ + public function format() { + + $this->f_start = inet_ntop($this->start); + $this->f_end = inet_ntop($this->end); + + $this->f_user = $this->get_user_name(); + $this->f_level = $this->get_level_name(); + $this->f_type = $this->get_type_name(); + + } // format + + /** * update * This function takes a named array as a datasource and updates the current access list entry */ @@ -80,15 +96,16 @@ class Access { $name = Dba::escape($data['name']); $type = self::validate_type($data['type']); - $start = sprintf("%u",ip2long($data['start'])); - $end = sprintf("%u",ip2long($data['end'])); + $start = Dba::escape(inet_pton($data['start'])); + $end = Dba::escape(inet_pton($data['end'])); $level = Dba::escape($data['level']); $user = $data['user'] ? Dba::escape($data['user']) : '-1'; $key = Dba::escape($data['key']); + $enabled = make_bool($data['enabled']); $sql = "UPDATE `access_list` " . "SET `start`='$start', `end`='$end', `level`='$level', `user`='$user', `key`='$key', " . - "`name`='$name', `type`='$type' WHERE `id`='" . Dba::escape($this->id) . "'"; + "`name`='$name', `type`='$type',`enabled`='$enabled' WHERE `id`='" . Dba::escape($this->id) . "'"; $db_results = Dba::query($sql); return true; @@ -104,17 +121,17 @@ class Access { /* We need to verify the incomming data a littlebit */ - $start = sprintf("%u",ip2long($data['start'])); - $end = sprintf("%u",ip2long($data['end'])); + $start = Dba::escape(inet_pton($data['start'])); + $end = Dba::escape(inet_pton($data['end'])); $name = Dba::escape($data['name']); $key = Dba::escape($data['key']); $user = $data['user'] ? Dba::escape($data['user']) : '-1'; $level = intval($data['level']); $type = self::validate_type($data['type']); - $dns = ' '; + $enabled = make_bool($data['enabled']); - $sql = "INSERT INTO `access_list` (`name`,`level`,`start`,`end`,`key`,`user`,`type`,`dns`) " . - "VALUES ('$name','$level','$start','$end','$key','$user','$type','$dns')"; + $sql = "INSERT INTO `access_list` (`name`,`level`,`start`,`end`,`key`,`user`,`type`,`enabled`) " . + "VALUES ('$name','$level','$start','$end','$key','$user','$type','$enabled')"; $db_results = Dba::query($sql); return true; @@ -179,7 +196,7 @@ class Access { } // end if access control is turned off // Clean incomming variables - $ip = $ip ? sprintf("%u",ip2long($ip)) : sprintf("%u",ip2long($_SERVER['REMOTE_ADDR'])); + $ip = $ip ? inet_pton($ip) : inet_pton($_SERVER['REMOTE_ADDR']); $user = Dba::escape($user); $key = Dba::escape($key); $level = Dba::escape($level); @@ -217,7 +234,7 @@ class Access { break; } // end switch on type - $db_results = Dba::query($sql); + $db_results = Dba::read($sql); // Yah they have access they can use the mojo if (Dba::fetch_row($db_results)) { @@ -301,7 +318,7 @@ class Access { public static function get_access_lists() { $sql = "SELECT `id` FROM `access_list`"; - $db_results = Dba::query($sql); + $db_results = Dba::read($sql); $results = array(); @@ -321,7 +338,7 @@ class Access { */ public function get_level_name() { - if ($this->level == '75') { + if ($this->level >= '75') { return _('All'); } if ($this->level == '5') { @@ -341,14 +358,12 @@ class Access { * Take a user and return their full name */ public function get_user_name() { + + if ($this->user == '-1') { return _('All'); } $user = new User($this->user); - if ($user->username) { - return $user->fullname . " (" . $user->username . ")"; - } + return $user->fullname . " (" . $user->username . ")"; - return _('All'); - } // get_user_name /** @@ -360,17 +375,17 @@ class Access { switch ($this->type) { case 'xml-rpc': case 'rpc': - return 'RPC'; + return _('API/RPC'); break; case 'network': - return 'Local Network Definition'; + return _('Local Network Definition'); break; case 'interface': - return 'Web Interface'; + return _('Web Interface'); break; case 'stream': default: - return 'Stream Access'; + return _('Stream Access'); break; } // end switch diff --git a/lib/class/update.class.php b/lib/class/update.class.php index 257cfa7c..f45f0781 100644 --- a/lib/class/update.class.php +++ b/lib/class/update.class.php @@ -293,6 +293,10 @@ class Update { $version[] = array('version'=> '350003','description'=>$update_string); + $update_string = '- Modify ACL table to enable IPv6 ACL support'; + +// $version[] = array('version'=>'350004','description'=>$update_string); + return $version; } // populate_version @@ -1431,5 +1435,75 @@ class Update { } // update_350003 + + /** + * update_350004 + * This update makes some changes to the ACL table so that it can support IPv6 entries as well as some other feature + * enhancements + */ + public static function update_350004() { + + // First pull all of their current ACL's + $sql = "SELECT * FROM `access_list`"; + $db_results = Dba::read($sql); + + $acl_information = array(); + + while ($row = Dba::fetch_assoc($db_results)) { + $row['start'] = sprintf('%u',long2ip($row['start'])); + $row['end'] = sprintf('%u',long2ip($row['end'])); + $acl_information[] = $row; + } + + $sql = "TRUNCATE `access_list`"; + $db_results = Dba::write($sql); + + // Make the changes to the database + $sql = "ALTER TABLE `access_list` CHANGE `start` `start` VARBINARY( 255 ) NOT NULL"; + $db_results = Dba::write($sql); + + $sql = "ALTER TABLE `access_list` CHANGE `end` `end` VARBINARY( 255 ) NOT NULL"; + $db_results = Dba::write($sql); + + $sql = "ALTER TABLE `access_list` DROP `dns`"; + $db_results = Dba::write($sql); + + $sql = "ALTER TABLE `access_list` ADD `enabled` TINYINT( 1 ) UNSIGNED NOT NULL DEFAULT '1' AFTER `key`"; + $db_results = Dba::write($sql); + + // If we had nothing in there before add some base ALLOW ALL stuff as we're going + // to start defaulting Access Control to On. + if (!count($acl_information)) { + $v6_start = Dba::escape(inet_pton('::')); + $v6_end = Dba::escape(inet_pton('ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff')); + $v4_start = Dba::escape(inet_pton('0.0.0.0')); + $v4_end = Dba::escape(inet_pton('255.255.255.255')); + $sql = "INSERT INTO `access_list` (`name`,`level`,`start`,`end`,`key`,`user`,`type`,`enabled`) " . + "VALUES ('DEFAULTv4','100','$v4_start','$v4_end',NULL,'-1','interface','1')"; + $db_results = Dba::write($sql); + $sql = "INSERT INTO `access_list` (`name`,`level`,`start`,`end`,`key`,`user`,`type`,`enabled`) " . + "VALUES ('DEFAULTv4','100','$v4_start','$v4_end',NULL,'-1','stream','1')"; + $db_results = Dba::write($sql); + $sql = "INSERT INTO `access_list` (`name`,`level`,`start`,`end`,`key`,`user`,`type`,`enabled`) " . + "VALUES ('DEFAULTv6','100','$v6_start','$v6_end',NULL,'-1','interface','1')"; + $db_results = Dba::write($sql); + $sql = "INSERT INTO `access_list` (`name`,`level`,`start`,`end`,`key`,`user`,`type`,`enabled`) " . + "VALUES ('DEFAULTv6','100','$v6_start','$v6_end',NULL,'-1','stream','1')"; + $db_results = Dba::write($sql); + } // Adding default information + + foreach ($acl_information as $row) { + $row['start'] = Dba::escape(inet_pton($row['start'])); + $row['end'] = Dba::escape(inet_pton($row['end'])); + $sql = "INSERT INTO `access_list` (`name`,`level`,`start`,`end`,`key`,`user`,`type`,`enabled`) " . + "VALUES ('" . Dba::escape($row['name']) . "','" . intval($row['level']) . + "','" . $row['start'] . "','" . $row['end'] . "','" . intval($row['user']) . "','" . + $row['type'] . "','1')"; + $db_results = Dba::write($sql); + } // end foreach of existing rows + + + } // update_350004 + } // end update class ?> diff --git a/lib/init.php b/lib/init.php index 9b11d8cc..979c90cb 100644 --- a/lib/init.php +++ b/lib/init.php @@ -18,11 +18,13 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ - /*** * DO NOT EDIT THIS FILE ***/ +// SVN Fluf +$svn_version = trim('$Rev$','$'); + // Use output buffering, this gains us a few things and // fixes some CSS issues ob_start(); @@ -86,7 +88,7 @@ if (!count($results)) { } /** This is the version.... fluf nothing more... **/ -$results['version'] = '3.5-Alpha2 Build (001)'; +$results['version'] = '3.5-Alpha2 Build (' . $svn_version . ')'; $results['int_config_version'] = '9'; $results['raw_web_path'] = $results['web_path']; diff --git a/templates/show_access_list.inc.php b/templates/show_access_list.inc.php index 1e2e5b95..ecbc9273 100644 --- a/templates/show_access_list.inc.php +++ b/templates/show_access_list.inc.php @@ -24,21 +24,31 @@ @discussion default display for access admin page */ -$web_path = Config::get('web_path'); ?> -<?php show_box_top(_('Ampache Access Control')); ?> -<p> -<?php -echo _('Since your catalog can be accessed remotely you may want to limit the access from remote sources so you are not in violation of copyright laws.'); -echo _('By default your server will allow anyone with an account to stream music.'); -echo _('It will not allow any other Ampache servers to connect to it to share catalog information.'); -echo _('Use tool below to add any server\'s IP address that you want to access your Ampache catalog or be able to stream from this server.'); -?> -</p> +<?php show_box_top(_('Access Control')); ?> +<div id="information_actions" class="left-column"> +<ul> + <li> + <a href="<?php echo Config::get('web_path'); ?>/admin/access.php?action=show_add_current"><?php echo get_user_icon('add_user',_('Add Current Host')); ?></a> + <?php echo _('Add Current Host'); ?> + </li> + <li> + <a href="<?php echo Config::get('web_path'); ?>/admin/access.php?action=show_add_rpc"><?php echo get_user_icon('cog',_('Add API / RPC Host')); ?></a> + <?php echo _('Add API / RPC Host'); ?> + </li> + <li> + <a href="<?php echo Config::get('web_path'); ?>/admin/access.php?action=show_add_local"><?php echo get_user_icon('home',_('Add Local Network Definition')); ?></a> + <?php echo _('Add Local Network Definition'); ?> + <li> + <a href="<?php echo Config::get('web_path'); ?>/admin/access.php?action=show_add_advanced"><?php echo get_user_icon('add_key',_('Advanced Add')); ?></a> + <?php echo _('Advanced Add'); ?> + </li> -<p> -<a class="button" href="<?php echo $web_path; ?>/admin/access.php?action=show_add_host"><?php echo _('Add Entry'); ?></a> -</p> +</ul> +</div> +<?php show_box_bottom(); ?> +<?php show_box_top(_('Access Control Entries')); ?> +<?php Ajax::start_container('browse_content'); ?> <?php if (count($list)) { ?> <table cellspacing="1" cellpadding="3" class="tabledata"> <tr class="table-data"> @@ -55,15 +65,16 @@ echo _('Use tool below to add any server\'s IP address that you want to access y /* Start foreach List Item */ foreach ($list as $access_id) { $access = new Access($access_id); + $access->format(); ?> <tr class="<?php echo flip_class(); ?>"> <td><?php echo scrub_out($access->name); ?></td> - <td><?php echo long2ip($access->start); ?></td> - <td><?php echo long2ip($access->end); ?></td> - <td><?php echo $access->get_level_name(); ?></td> - <td><?php echo $access->get_user_name(); ?></td> + <td><?php echo $access->f_start; ?></td> + <td><?php echo $access->f_end; ?></td> + <td><?php echo $access->f_level; ?></td> + <td><?php echo $access->f_user; ?></td> <td><?php echo $access->key; ?></td> - <td><?php echo $access->get_type_name(); ?></td> + <td><?php echo $access->f_type; ?></td> <td> <a href="<?php echo $web_path; ?>/admin/access.php?action=show_edit_record&access_id=<?php echo scrub_out($access->id); ?>"><?php echo get_user_icon('edit'); ?></a> <a href="<?php echo $web_path; ?>/admin/access.php?action=delete_record&access_id=<?php echo scrub_out($access->id); ?>"><?php echo get_user_icon('delete'); ?></a> @@ -72,5 +83,5 @@ echo _('Use tool below to add any server\'s IP address that you want to access y <?php } // end foreach ?> </table> <?php } // end if count ?> +<?php Ajax::end_container(); ?> <?php show_box_bottom(); ?> - diff --git a/templates/show_user.inc.php b/templates/show_user.inc.php index 96ca8773..01868d85 100644 --- a/templates/show_user.inc.php +++ b/templates/show_user.inc.php @@ -1,7 +1,7 @@ <?php /* - Copyright (c) 2001 - 2007 Ampache.org + Copyright (c) Ampache.org All rights reserved. This program is free software; you can redistribute it and/or |
