diff --git a/src/output/output.cpp b/src/output/output.cpp index 9f8c0587..d3a68b72 100644 --- a/src/output/output.cpp +++ b/src/output/output.cpp @@ -132,7 +132,7 @@ namespace Mist { sought = false; /*LTS-START*/ if(Triggers::shouldTrigger("CONN_PLAY", streamName)){ - std::string payload = streamName+"\n" + myConn.getHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl; + std::string payload = streamName+"\n" + getConnectedHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl; if (!Triggers::doTrigger("CONN_PLAY", payload, streamName)){ myConn.close(); } @@ -745,7 +745,7 @@ namespace Mist { int Output::run() { /*LTS-START*/ if(Triggers::shouldTrigger("CONN_OPEN", streamName)){ - std::string payload = streamName+"\n" + myConn.getHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl; + std::string payload = streamName+"\n" + getConnectedHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl; if (!Triggers::doTrigger("CONN_OPEN", payload, streamName)){ return 1; } @@ -779,7 +779,7 @@ namespace Mist { /*LTS-START*/ if(Triggers::shouldTrigger("CONN_CLOSE", streamName)){ - std::string payload = streamName+"\n"+myConn.getHost()+"\n"+capa["name"].asStringRef()+"\n"+reqUrl; ///\todo generate payload + std::string payload = streamName+"\n"+getConnectedHost()+"\n"+capa["name"].asStringRef()+"\n"+reqUrl; ///\todo generate payload Triggers::doTrigger("CONN_CLOSE", payload, streamName); //no stream specified } /*LTS-END*/ @@ -836,7 +836,7 @@ namespace Mist { onFinish(); /*LTS-START*/ if(Triggers::shouldTrigger("CONN_STOP", streamName)){ - std::string payload = streamName+"\n" + myConn.getHost() +"\n"+capa["name"].asStringRef()+"\n"; + std::string payload = streamName+"\n" + getConnectedHost() +"\n"+capa["name"].asStringRef()+"\n"; Triggers::doTrigger("CONN_STOP", payload, streamName); } /*LTS-END*/ diff --git a/src/output/output.h b/src/output/output.h index 5419f444..2682c1b6 100644 --- a/src/output/output.h +++ b/src/output/output.h @@ -85,6 +85,8 @@ namespace Mist { bool onList(std::string ip, std::string list); std::string getCountry(std::string ip); /*LTS-END*/ + + std::map currKeyOpen; void loadPageForKey(long unsigned int trackId, long long int keyNum); int pageNumForKey(long unsigned int trackId, long long int keyNum); diff --git a/src/output/output_http.cpp b/src/output/output_http.cpp index 17a2c767..08f68c66 100644 --- a/src/output/output_http.cpp +++ b/src/output/output_http.cpp @@ -2,6 +2,7 @@ #include "output_http.h" #include #include +#include namespace Mist { HTTPOutput::HTTPOutput(Socket::Connection & conn) : Output(conn) { @@ -333,5 +334,66 @@ namespace Mist { ///start new/better process execv(argarr[0], argarr); } + + /*LTS-START*/ + std::string HTTPOutput::getConnectedHost(){ + std::string host = Output::getConnectedHost(); + std::string xRealIp = H.GetHeader("x-real-ip"); + + if (!isTrustedProxy(host) || !xRealIp.size()){ + static bool msg = false; + if (xRealIp.size() && !msg){ + WARN_MSG("Host %s is attempting to act as a proxy, but not trusted", host.c_str()); + msg = true; + } + return host; + } + return xRealIp; + } + std::string HTTPOutput::getConnectedBinHost(){ + //Do first check with connected host because of simplicity + std::string host = Output::getConnectedHost(); + std::string xRealIp = H.GetHeader("x-real-ip"); + + if (!isTrustedProxy(host) || !xRealIp.size()){ + static bool msg = false; + if (xRealIp.size() && !msg){ + WARN_MSG("Host %s is attempting to act as a proxy, but not trusted", host.c_str()); + msg = true; + } + return Output::getConnectedBinHost(); + } + + Socket::Connection binConn; + binConn.setHost(xRealIp); + return binConn.getBinHost(); + } + + bool HTTPOutput::isTrustedProxy(const std::string & ip){ + static std::set trustedProxies; + if (!trustedProxies.size()){ + trustedProxies.insert("::1"); + trustedProxies.insert("127.0.0.1"); + + IPC::sharedPage serverCfg("!mistConfig", DEFAULT_CONF_PAGE_SIZE, false, false); ///< Open server config + IPC::semaphore configLock("!mistConfLock", O_CREAT | O_RDWR, ACCESSPERMS, 1); + configLock.wait(); + std::string trustedList = DTSC::Scan(serverCfg.mapped, serverCfg.len).getMember("config").getMember("trustedproxy").asString(); + configLock.post(); + configLock.close(); + size_t pos = 0; + size_t endPos; + while (pos != std::string::npos){ + endPos = trustedList.find(" ", pos); + trustedProxies.insert(trustedList.substr(pos, endPos - pos)); + pos = endPos; + if (pos != std::string::npos){ + pos++; + } + } + } + return trustedProxies.count(ip); + } + /*LTS-END*/ } diff --git a/src/output/output_http.h b/src/output/output_http.h index 6fe05c03..001c52cf 100644 --- a/src/output/output_http.h +++ b/src/output/output_http.h @@ -19,5 +19,8 @@ namespace Mist { std::string getHandler(); protected: HTTP::Parser H; + std::string getConnectedHost();//LTS + std::string getConnectedBinHost();//LTS + bool isTrustedProxy(const std::string & ip);//LTS }; } diff --git a/src/output/output_rtmp.cpp b/src/output/output_rtmp.cpp index 9bdfb5aa..62465fa8 100644 --- a/src/output/output_rtmp.cpp +++ b/src/output/output_rtmp.cpp @@ -489,11 +489,11 @@ namespace Mist { /*LTS-START*/ if(Triggers::shouldTrigger("RTMP_PUSH_REWRITE")){ - std::string payload = reqUrl+"\n" + myConn.getHost(); + std::string payload = reqUrl+"\n" + getConnectedHost(); std::string newUrl = ""; Triggers::doTrigger("RTMP_PUSH_REWRITE", payload, "", false, newUrl); if (!newUrl.size()){ - FAIL_MSG("Push from %s to URL %s rejected - RTMP_PUSH_REWRITE trigger blanked the URL", myConn.getHost().c_str(), reqUrl.c_str()); + FAIL_MSG("Push from %s to URL %s rejected - RTMP_PUSH_REWRITE trigger blanked the URL", getConnectedHost().c_str(), reqUrl.c_str()); myConn.close(); return; } @@ -551,9 +551,9 @@ namespace Mist { } } if(Triggers::shouldTrigger("STREAM_PUSH", smp)){ - std::string payload = streamName+"\n" + myConn.getHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl; + std::string payload = streamName+"\n" + getConnectedHost() +"\n"+capa["name"].asStringRef()+"\n"+reqUrl; if (!Triggers::doTrigger("STREAM_PUSH", payload, smp)){ - DEBUG_MSG(DLVL_FAIL, "Push from %s to %s rejected - STREAM_PUSH trigger denied the push", myConn.getHost().c_str(), streamName.c_str()); + DEBUG_MSG(DLVL_FAIL, "Push from %s to %s rejected - STREAM_PUSH trigger denied the push", getConnectedHost().c_str(), streamName.c_str()); myConn.close(); configLock.post(); configLock.close(); diff --git a/src/output/output_rtsp.cpp b/src/output/output_rtsp.cpp index b3617c12..096c6f87 100644 --- a/src/output/output_rtsp.cpp +++ b/src/output/output_rtsp.cpp @@ -145,7 +145,7 @@ namespace Mist { streamName = HTTP_R.url.substr(found + 1, HTTP_R.url.substr(found + 1).find('/')); Util::sanitizeName(streamName); if (streamName != ""){ - HTTP_S.SetHeader("Session", Secure::md5(HTTP_S.GetHeader("User-Agent") + myConn.getHost()) + "_" + streamName); + HTTP_S.SetHeader("Session", Secure::md5(HTTP_S.GetHeader("User-Agent") + getConnectedHost()) + "_" + streamName); } //set the date @@ -312,10 +312,10 @@ namespace Mist { cPort = atol(transport.substr(port_loc, transport.rfind('-') - port_loc).c_str()); //find available ports locally; int sendbuff = 4*1024*1024; - tracks[trId].data.SetDestination(myConn.getHost(), cPort); + tracks[trId].data.SetDestination(getConnectedHost(), cPort); tracks[trId].data.bind(2000 + trId * 2); setsockopt(tracks[trId].data.getSock(), SOL_SOCKET, SO_SNDBUF, &sendbuff, sizeof(sendbuff)); - tracks[trId].rtcp.SetDestination(myConn.getHost(), cPort + 1); + tracks[trId].rtcp.SetDestination(getConnectedHost(), cPort + 1); tracks[trId].rtcp.bind(2000 + trId * 2 + 1); setsockopt(tracks[trId].rtcp.getSock(), SOL_SOCKET, SO_SNDBUF, &sendbuff, sizeof(sendbuff)); std::string source = HTTP_R.url.substr(7);