X-Real-IP support

src/output/output.cpp

@@ -132,7 +132,7 @@ namespace Mist {
     sought = false;
     /*LTS-START*/
     if(Triggers::shouldTrigger("CONN_PLAY", streamName)){
-      std::string payload = streamName+"\n" + myConn.getHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl;
+      std::string payload = streamName+"\n" + getConnectedHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl;
       if (!Triggers::doTrigger("CONN_PLAY", payload, streamName)){
         myConn.close();
       }
@@ -745,7 +745,7 @@ namespace Mist {
   int Output::run() {
     /*LTS-START*/
     if(Triggers::shouldTrigger("CONN_OPEN", streamName)){
-      std::string payload = streamName+"\n" + myConn.getHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl;
+      std::string payload = streamName+"\n" + getConnectedHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl;
       if (!Triggers::doTrigger("CONN_OPEN", payload, streamName)){
         return 1;
       }
@@ -779,7 +779,7 @@ namespace Mist {
     
     /*LTS-START*/
     if(Triggers::shouldTrigger("CONN_CLOSE", streamName)){
-      std::string payload = streamName+"\n"+myConn.getHost()+"\n"+capa["name"].asStringRef()+"\n"+reqUrl; ///\todo generate payload
+      std::string payload = streamName+"\n"+getConnectedHost()+"\n"+capa["name"].asStringRef()+"\n"+reqUrl; ///\todo generate payload
       Triggers::doTrigger("CONN_CLOSE", payload, streamName); //no stream specified    
     }
     /*LTS-END*/
@@ -836,7 +836,7 @@ namespace Mist {
       onFinish();
       /*LTS-START*/      
       if(Triggers::shouldTrigger("CONN_STOP", streamName)){
-        std::string payload = streamName+"\n" + myConn.getHost() +"\n"+capa["name"].asStringRef()+"\n";
+        std::string payload = streamName+"\n" + getConnectedHost() +"\n"+capa["name"].asStringRef()+"\n";
         Triggers::doTrigger("CONN_STOP", payload, streamName);
       }
       /*LTS-END*/

src/output/output.h

@@ -85,6 +85,8 @@ namespace Mist {
       bool onList(std::string ip, std::string list);
       std::string getCountry(std::string ip);
       /*LTS-END*/
+
+
       std::map<unsigned long, unsigned int> currKeyOpen;
       void loadPageForKey(long unsigned int trackId, long long int keyNum);
       int pageNumForKey(long unsigned int trackId, long long int keyNum);

src/output/output_http.cpp

@@ -2,6 +2,7 @@
 #include "output_http.h"
 #include <mist/stream.h>
 #include <mist/checksum.h>
+#include <set>
 
 namespace Mist {
   HTTPOutput::HTTPOutput(Socket::Connection & conn) : Output(conn) {
@@ -333,5 +334,66 @@ namespace Mist {
     ///start new/better process
     execv(argarr[0], argarr);
   }
+
+  /*LTS-START*/
+  std::string HTTPOutput::getConnectedHost(){
+    std::string host = Output::getConnectedHost();
+    std::string xRealIp = H.GetHeader("x-real-ip");
+
+    if (!isTrustedProxy(host) || !xRealIp.size()){
+      static bool msg = false;
+      if (xRealIp.size() && !msg){
+        WARN_MSG("Host %s is attempting to act as a proxy, but not trusted", host.c_str());
+        msg = true;
+      }
+      return host;
+    }
+    return xRealIp;
+  }
+  std::string HTTPOutput::getConnectedBinHost(){
+    //Do first check with connected host because of simplicity
+    std::string host = Output::getConnectedHost();
+    std::string xRealIp = H.GetHeader("x-real-ip");
+
+    if (!isTrustedProxy(host) || !xRealIp.size()){
+      static bool msg = false;
+      if (xRealIp.size() && !msg){
+        WARN_MSG("Host %s is attempting to act as a proxy, but not trusted", host.c_str());
+        msg = true;
+      }
+      return Output::getConnectedBinHost();
+    }
+    
+    Socket::Connection binConn;
+    binConn.setHost(xRealIp);
+    return binConn.getBinHost();
+  }
+
+  bool HTTPOutput::isTrustedProxy(const std::string & ip){
+    static std::set<std::string> trustedProxies;
+    if (!trustedProxies.size()){
+      trustedProxies.insert("::1");
+      trustedProxies.insert("127.0.0.1");
+
+      IPC::sharedPage serverCfg("!mistConfig", DEFAULT_CONF_PAGE_SIZE, false, false); ///< Open server config
+      IPC::semaphore configLock("!mistConfLock", O_CREAT | O_RDWR, ACCESSPERMS, 1);
+      configLock.wait();
+      std::string trustedList = DTSC::Scan(serverCfg.mapped, serverCfg.len).getMember("config").getMember("trustedproxy").asString();
+      configLock.post();
+      configLock.close();
+      size_t pos = 0;
+      size_t endPos;
+      while (pos != std::string::npos){
+        endPos = trustedList.find(" ", pos);
+        trustedProxies.insert(trustedList.substr(pos, endPos - pos));
+        pos = endPos;
+        if (pos != std::string::npos){
+          pos++;
+        }
+      }
+    }
+    return trustedProxies.count(ip);
+  }
+  /*LTS-END*/
   
 }

src/output/output_http.h

@@ -19,5 +19,8 @@ namespace Mist {
       std::string getHandler();
   protected:
       HTTP::Parser H;
+      std::string getConnectedHost();//LTS
+      std::string getConnectedBinHost();//LTS
+      bool isTrustedProxy(const std::string & ip);//LTS
   };
 }

src/output/output_rtmp.cpp

@@ -489,11 +489,11 @@ namespace Mist {
 
         /*LTS-START*/
         if(Triggers::shouldTrigger("RTMP_PUSH_REWRITE")){
-          std::string payload = reqUrl+"\n" + myConn.getHost();
+          std::string payload = reqUrl+"\n" + getConnectedHost();
           std::string newUrl = "";
           Triggers::doTrigger("RTMP_PUSH_REWRITE", payload, "", false, newUrl);
           if (!newUrl.size()){
-            FAIL_MSG("Push from %s to URL %s rejected - RTMP_PUSH_REWRITE trigger blanked the URL", myConn.getHost().c_str(), reqUrl.c_str());
+            FAIL_MSG("Push from %s to URL %s rejected - RTMP_PUSH_REWRITE trigger blanked the URL", getConnectedHost().c_str(), reqUrl.c_str());
             myConn.close();
             return;
           }
@@ -551,9 +551,9 @@ namespace Mist {
               }
             }
             if(Triggers::shouldTrigger("STREAM_PUSH", smp)){
-              std::string payload = streamName+"\n" + myConn.getHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl;
+              std::string payload = streamName+"\n" + getConnectedHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl;
               if (!Triggers::doTrigger("STREAM_PUSH", payload, smp)){
-                DEBUG_MSG(DLVL_FAIL, "Push from %s to %s rejected - STREAM_PUSH trigger denied the push", myConn.getHost().c_str(), streamName.c_str());
+                DEBUG_MSG(DLVL_FAIL, "Push from %s to %s rejected - STREAM_PUSH trigger denied the push", getConnectedHost().c_str(), streamName.c_str());
                 myConn.close();
                 configLock.post();
                 configLock.close();

src/output/output_rtsp.cpp

@@ -145,7 +145,7 @@ namespace Mist {
       streamName = HTTP_R.url.substr(found + 1, HTTP_R.url.substr(found + 1).find('/'));
       Util::sanitizeName(streamName);
       if (streamName != ""){
-        HTTP_S.SetHeader("Session", Secure::md5(HTTP_S.GetHeader("User-Agent") + myConn.getHost()) + "_" + streamName);
+        HTTP_S.SetHeader("Session", Secure::md5(HTTP_S.GetHeader("User-Agent") + getConnectedHost()) + "_" + streamName);
       }
       
       //set the date
@@ -312,10 +312,10 @@ namespace Mist {
       cPort = atol(transport.substr(port_loc, transport.rfind('-') - port_loc).c_str());
       //find available ports locally;
       int sendbuff = 4*1024*1024;
-      tracks[trId].data.SetDestination(myConn.getHost(), cPort);
+      tracks[trId].data.SetDestination(getConnectedHost(), cPort);
       tracks[trId].data.bind(2000 + trId * 2);
       setsockopt(tracks[trId].data.getSock(), SOL_SOCKET, SO_SNDBUF, &sendbuff, sizeof(sendbuff));
-      tracks[trId].rtcp.SetDestination(myConn.getHost(), cPort + 1);
+      tracks[trId].rtcp.SetDestination(getConnectedHost(), cPort + 1);
       tracks[trId].rtcp.bind(2000 + trId * 2 + 1);
       setsockopt(tracks[trId].rtcp.getSock(), SOL_SOCKET, SO_SNDBUF, &sendbuff, sizeof(sendbuff));
       std::string source = HTTP_R.url.substr(7);