Permission: add special permissions for local sockets

Closes #296
2018-07-15 21:54:43 +02:00 · 2018-07-15 21:54:43 +02:00 · 9c6b52ccee
commit 9c6b52ccee
parent a47ecf9cb1
6 changed files with 53 additions and 1 deletions
--- a/doc/user.xml
+++ b/doc/user.xml
@ -1158,6 +1158,11 @@ systemctl start mpd.socket</programlisting>
          </tgroup>
        </informaltable>

+        <para>
+          <varname>local_permissions</varname> may be used to assign
+          other permissions to clients connecting on a local socket.
+        </para>
+
        <para>
          <varname>password</varname> allows the client to send a
          password to gain other permissions.  This option may be
--- a/src/Permission.cxx
+++ b/src/Permission.cxx
@ -49,6 +49,10 @@ static std::map<std::string, unsigned> permission_passwords;

 static unsigned permission_default;

+#ifdef HAVE_UN
+static unsigned local_permissions;
+#endif
+
 static unsigned
 ParsePermission(const char *p)
 {
@ -121,6 +125,14 @@ void initPermissions(void)

 	if (param)
 		permission_default = parsePermissions(param->value.c_str());
+
+#ifdef HAVE_UN
+	param = config_get_param(ConfigOption::LOCAL_PERMISSIONS);
+	if (param != nullptr)
+		local_permissions = parsePermissions(param->value.c_str());
+	else
+		local_permissions = permission_default;
+#endif
 }

 int getPermissionFromPassword(char const* password, unsigned* permission)
@ -137,3 +149,13 @@ unsigned getDefaultPermissions(void)
 {
 	return permission_default;
 }
+
+#ifdef HAVE_UN
+
+unsigned
+GetLocalPermissions() noexcept
+{
+	return local_permissions;
+}
+
+#endif
--- a/src/Permission.hxx
+++ b/src/Permission.hxx
@ -20,6 +20,8 @@
 #ifndef MPD_PERMISSION_HXX
 #define MPD_PERMISSION_HXX

+#include "check.h"
+
 static constexpr unsigned PERMISSION_NONE = 0;
 static constexpr unsigned PERMISSION_READ = 1;
 static constexpr unsigned PERMISSION_ADD = 2;
@ -31,6 +33,11 @@ int getPermissionFromPassword(char const* password, unsigned* permission);
 unsigned
 getDefaultPermissions();

+#ifdef HAVE_UN
+unsigned
+GetLocalPermissions() noexcept;
+#endif
+
 void
 initPermissions();

--- a/src/client/Listener.cxx
+++ b/src/client/Listener.cxx
@ -24,11 +24,27 @@
 #include "net/UniqueSocketDescriptor.hxx"
 #include "net/SocketAddress.hxx"

+static unsigned
+GetPermissions(SocketAddress address, int uid) noexcept
+{
+	(void)uid; // TODO: implement option to derive permissions from uid
+
+#ifdef HAVE_UN
+	if (address.GetFamily() == AF_LOCAL)
+		return GetLocalPermissions();
+#else
+	(void)address;
+#endif
+
+	return getDefaultPermissions();
+}
+
 void
 ClientListener::OnAccept(UniqueSocketDescriptor fd,
 			 SocketAddress address, int uid) noexcept
 {
+
 	client_new(GetEventLoop(), partition,
 		   std::move(fd), address, uid,
-		   getDefaultPermissions());
+		   GetPermissions(address, uid));
 }
--- a/src/config/ConfigOption.hxx
+++ b/src/config/ConfigOption.hxx
@ -48,6 +48,7 @@ enum class ConfigOption {
 	ZEROCONF_NAME,
 	ZEROCONF_ENABLED,
 	PASSWORD,
+	LOCAL_PERMISSIONS,
 	DEFAULT_PERMS,
 	AUDIO_OUTPUT_FORMAT,
 	MIXER_TYPE,
--- a/src/config/ConfigTemplates.cxx
+++ b/src/config/ConfigTemplates.cxx
@ -43,6 +43,7 @@ const ConfigTemplate config_param_templates[] = {
 	{ "zeroconf_name" },
 	{ "zeroconf_enabled" },
 	{ "password", true },
+	{ "local_permissions" },
 	{ "default_permissions" },
 	{ "audio_output_format" },
 	{ "mixer_type" },