Permission: refactor getPermissionFromPassword() to return std::optional

This replaces the output parameter (which is bad API design). As a side effect, it fixes the bad [[gnu::pure]] attribute added by commit a636d2127 which caused optimizing compilers to miscompile calls to that function. "Pure" functions can be assumed to have no output arguments, so the compiler can assume the function doesn't modify them. Closes https://github.com/MusicPlayerDaemon/MPD/issues/1282
2021-10-17 19:50:59 +02:00 · 2021-10-17 19:50:59 +02:00 · 907af2ad02
parent 6a2e7bbc02
commit 907af2ad02
4 changed files with 16 additions and 10 deletions
--- a/1
+++ b/1
@ -1,5 +1,6 @@
 ver 0.23.1 (not yet released)
 * fix libfmt linker problems
+* fix broken password authentication

 ver 0.23 (2021/10/14)
 * protocol
--- a/src/Permission.cxx
+++ b/src/Permission.cxx
@ -161,15 +161,14 @@ GetPermissionsFromAddress(SocketAddress address) noexcept

 #endif

-int
-getPermissionFromPassword(const char *password, unsigned *permission) noexcept
+std::optional<unsigned>
+GetPermissionFromPassword(const char *password) noexcept
 {
 	auto i = permission_passwords.find(password);
 	if (i == permission_passwords.end())
-		return -1;
+		return std::nullopt;

-	*permission = i->second;
-	return 0;
+	return i->second;
 }

 unsigned
--- a/src/Permission.hxx
+++ b/src/Permission.hxx
@ -22,6 +22,8 @@

 #include "config.h"

+#include <optional>
+
 struct ConfigData;
 class SocketAddress;

@ -32,9 +34,13 @@ static constexpr unsigned PERMISSION_CONTROL = 4;
 static constexpr unsigned PERMISSION_ADMIN = 8;
 static constexpr unsigned PERMISSION_PLAYER = 16;

+/**
+ * @return the permissions for the given password or std::nullopt if
+ * the password is not accepted
+ */
 [[gnu::pure]]
-int
-getPermissionFromPassword(const char *password, unsigned *permission) noexcept;
+std::optional<unsigned>
+GetPermissionFromPassword(const char *password) noexcept;

 [[gnu::const]]
 unsigned
--- a/src/command/ClientCommands.cxx
+++ b/src/command/ClientCommands.cxx
@ -58,13 +58,13 @@ handle_binary_limit(Client &client, Request args,
 CommandResult
 handle_password(Client &client, Request args, Response &r)
 {
-	unsigned permission = 0;
-	if (getPermissionFromPassword(args.front(), &permission) < 0) {
+	const auto permission = GetPermissionFromPassword(args.front());
+	if (!permission) {
 		r.Error(ACK_ERROR_PASSWORD, "incorrect password");
 		return CommandResult::ERROR;
 	}

-	client.SetPermission(permission);
+	client.SetPermission(*permission);

 	return CommandResult::OK;
 }