Permission: add special permissions for local sockets

Closes #296
This commit is contained in:
Max Kellermann 2018-07-15 21:54:43 +02:00
parent a47ecf9cb1
commit 9c6b52ccee
6 changed files with 53 additions and 1 deletions

View File

@ -1158,6 +1158,11 @@ systemctl start mpd.socket</programlisting>
</tgroup> </tgroup>
</informaltable> </informaltable>
<para>
<varname>local_permissions</varname> may be used to assign
other permissions to clients connecting on a local socket.
</para>
<para> <para>
<varname>password</varname> allows the client to send a <varname>password</varname> allows the client to send a
password to gain other permissions. This option may be password to gain other permissions. This option may be

View File

@ -49,6 +49,10 @@ static std::map<std::string, unsigned> permission_passwords;
static unsigned permission_default; static unsigned permission_default;
#ifdef HAVE_UN
static unsigned local_permissions;
#endif
static unsigned static unsigned
ParsePermission(const char *p) ParsePermission(const char *p)
{ {
@ -121,6 +125,14 @@ void initPermissions(void)
if (param) if (param)
permission_default = parsePermissions(param->value.c_str()); permission_default = parsePermissions(param->value.c_str());
#ifdef HAVE_UN
param = config_get_param(ConfigOption::LOCAL_PERMISSIONS);
if (param != nullptr)
local_permissions = parsePermissions(param->value.c_str());
else
local_permissions = permission_default;
#endif
} }
int getPermissionFromPassword(char const* password, unsigned* permission) int getPermissionFromPassword(char const* password, unsigned* permission)
@ -137,3 +149,13 @@ unsigned getDefaultPermissions(void)
{ {
return permission_default; return permission_default;
} }
#ifdef HAVE_UN
unsigned
GetLocalPermissions() noexcept
{
return local_permissions;
}
#endif

View File

@ -20,6 +20,8 @@
#ifndef MPD_PERMISSION_HXX #ifndef MPD_PERMISSION_HXX
#define MPD_PERMISSION_HXX #define MPD_PERMISSION_HXX
#include "check.h"
static constexpr unsigned PERMISSION_NONE = 0; static constexpr unsigned PERMISSION_NONE = 0;
static constexpr unsigned PERMISSION_READ = 1; static constexpr unsigned PERMISSION_READ = 1;
static constexpr unsigned PERMISSION_ADD = 2; static constexpr unsigned PERMISSION_ADD = 2;
@ -31,6 +33,11 @@ int getPermissionFromPassword(char const* password, unsigned* permission);
unsigned unsigned
getDefaultPermissions(); getDefaultPermissions();
#ifdef HAVE_UN
unsigned
GetLocalPermissions() noexcept;
#endif
void void
initPermissions(); initPermissions();

View File

@ -24,11 +24,27 @@
#include "net/UniqueSocketDescriptor.hxx" #include "net/UniqueSocketDescriptor.hxx"
#include "net/SocketAddress.hxx" #include "net/SocketAddress.hxx"
static unsigned
GetPermissions(SocketAddress address, int uid) noexcept
{
(void)uid; // TODO: implement option to derive permissions from uid
#ifdef HAVE_UN
if (address.GetFamily() == AF_LOCAL)
return GetLocalPermissions();
#else
(void)address;
#endif
return getDefaultPermissions();
}
void void
ClientListener::OnAccept(UniqueSocketDescriptor fd, ClientListener::OnAccept(UniqueSocketDescriptor fd,
SocketAddress address, int uid) noexcept SocketAddress address, int uid) noexcept
{ {
client_new(GetEventLoop(), partition, client_new(GetEventLoop(), partition,
std::move(fd), address, uid, std::move(fd), address, uid,
getDefaultPermissions()); GetPermissions(address, uid));
} }

View File

@ -48,6 +48,7 @@ enum class ConfigOption {
ZEROCONF_NAME, ZEROCONF_NAME,
ZEROCONF_ENABLED, ZEROCONF_ENABLED,
PASSWORD, PASSWORD,
LOCAL_PERMISSIONS,
DEFAULT_PERMS, DEFAULT_PERMS,
AUDIO_OUTPUT_FORMAT, AUDIO_OUTPUT_FORMAT,
MIXER_TYPE, MIXER_TYPE,

View File

@ -43,6 +43,7 @@ const ConfigTemplate config_param_templates[] = {
{ "zeroconf_name" }, { "zeroconf_name" },
{ "zeroconf_enabled" }, { "zeroconf_enabled" },
{ "password", true }, { "password", true },
{ "local_permissions" },
{ "default_permissions" }, { "default_permissions" },
{ "audio_output_format" }, { "audio_output_format" },
{ "mixer_type" }, { "mixer_type" },