From a8e52ad89f60741adc474d460724e25bc783dfe5 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Sun, 2 Feb 2014 13:59:07 +0100 Subject: [PATCH] ClientFile: move client_allow_file() into the Client class --- Makefile.am | 2 +- src/client/Client.hxx | 13 ++++++++++++ src/client/ClientFile.cxx | 5 +---- src/client/ClientFile.hxx | 40 ----------------------------------- src/command/FileCommands.cxx | 3 +-- src/command/OtherCommands.cxx | 3 +-- src/command/QueueCommands.cxx | 5 ++--- 7 files changed, 19 insertions(+), 52 deletions(-) delete mode 100644 src/client/ClientFile.hxx diff --git a/Makefile.am b/Makefile.am index 11b006553..1dd97a5bf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -118,7 +118,7 @@ src_mpd_SOURCES = \ src/client/ClientWrite.cxx \ src/client/ClientMessage.cxx src/client/ClientMessage.hxx \ src/client/ClientSubscribe.cxx \ - src/client/ClientFile.cxx src/client/ClientFile.hxx \ + src/client/ClientFile.cxx \ src/Listen.cxx src/Listen.hxx \ src/LogInit.cxx src/LogInit.hxx \ src/LogBackend.cxx src/LogBackend.hxx \ diff --git a/src/client/Client.hxx b/src/client/Client.hxx index ec7d2d741..708b0d03d 100644 --- a/src/client/Client.hxx +++ b/src/client/Client.hxx @@ -36,6 +36,7 @@ struct sockaddr; class EventLoop; +class Path; struct Partition; class Client final : private FullyBufferedSocket, TimeoutMonitor { @@ -156,6 +157,18 @@ public: void UnsubscribeAll(); bool PushMessage(const ClientMessage &msg); + /** + * Is this client allowed to use the specified local file? + * + * Note that this function is vulnerable to timing/symlink attacks. + * We cannot fix this as long as there are plugins that open a file by + * its name, and not by file descriptor / callbacks. + * + * @param path_fs the absolute path name in filesystem encoding + * @return true if access is allowed + */ + bool AllowFile(Path path_fs, Error &error) const; + private: /* virtual methods from class BufferedSocket */ virtual InputResult OnSocketInput(void *data, size_t length) override; diff --git a/src/client/ClientFile.cxx b/src/client/ClientFile.cxx index bdd9b0426..eba64d09c 100644 --- a/src/client/ClientFile.cxx +++ b/src/client/ClientFile.cxx @@ -18,7 +18,6 @@ */ #include "config.h" -#include "ClientFile.hxx" #include "Client.hxx" #include "protocol/Ack.hxx" #include "fs/Path.hxx" @@ -29,16 +28,14 @@ #include bool -client_allow_file(const Client &client, Path path_fs, Error &error) +Client::AllowFile(Path path_fs, Error &error) const { #ifdef WIN32 - (void)client; (void)path_fs; error.Set(ack_domain, ACK_ERROR_PERMISSION, "Access denied"); return false; #else - const int uid = client.GetUID(); if (uid >= 0 && (uid_t)uid == geteuid()) /* always allow access if user runs his own MPD instance */ diff --git a/src/client/ClientFile.hxx b/src/client/ClientFile.hxx deleted file mode 100644 index 5a02a8df7..000000000 --- a/src/client/ClientFile.hxx +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (C) 2003-2014 The Music Player Daemon Project - * http://www.musicpd.org - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - */ - -#ifndef MPD_CLIENT_FILE_HXX -#define MPD_CLIENT_FILE_HXX - -class Client; -class Path; -class Error; - -/** - * Is this client allowed to use the specified local file? - * - * Note that this function is vulnerable to timing/symlink attacks. - * We cannot fix this as long as there are plugins that open a file by - * its name, and not by file descriptor / callbacks. - * - * @param path_fs the absolute path name in filesystem encoding - * @return true if access is allowed - */ -bool -client_allow_file(const Client &client, Path path_fs, Error &error); - -#endif diff --git a/src/command/FileCommands.cxx b/src/command/FileCommands.cxx index 345e9b85b..0b0421c3e 100644 --- a/src/command/FileCommands.cxx +++ b/src/command/FileCommands.cxx @@ -22,7 +22,6 @@ #include "CommandError.hxx" #include "protocol/Ack.hxx" #include "protocol/Result.hxx" -#include "client/ClientFile.hxx" #include "client/Client.hxx" #include "util/CharUtil.hxx" #include "util/UriUtil.hxx" @@ -122,7 +121,7 @@ handle_read_comments(Client &client, gcc_unused int argc, char *argv[]) } Error error; - if (!client_allow_file(client, path_fs, error)) + if (!client.AllowFile(path_fs, error)) return print_error(client, error); } else if (uri_has_scheme(uri)) { return read_stream_comments(client, uri); diff --git a/src/command/OtherCommands.cxx b/src/command/OtherCommands.cxx index 76f97f389..9455971e8 100644 --- a/src/command/OtherCommands.cxx +++ b/src/command/OtherCommands.cxx @@ -41,7 +41,6 @@ #include "Permission.hxx" #include "PlaylistFile.hxx" #include "db/PlaylistVector.hxx" -#include "client/ClientFile.hxx" #include "client/Client.hxx" #include "Partition.hxx" #include "Instance.hxx" @@ -143,7 +142,7 @@ handle_lsinfo(Client &client, int argc, char *argv[]) } Error error; - if (!client_allow_file(client, path_fs, error)) + if (!client.AllowFile(path_fs, error)) return print_error(client, error); DetachedSong song(path_utf8); diff --git a/src/command/QueueCommands.cxx b/src/command/QueueCommands.cxx index 0f326698b..5bef1b461 100644 --- a/src/command/QueueCommands.cxx +++ b/src/command/QueueCommands.cxx @@ -25,7 +25,6 @@ #include "db/Selection.hxx" #include "Playlist.hxx" #include "PlaylistPrint.hxx" -#include "client/ClientFile.hxx" #include "client/Client.hxx" #include "Partition.hxx" #include "protocol/ArgParser.hxx" @@ -56,7 +55,7 @@ handle_add(Client &client, gcc_unused int argc, char *argv[]) } Error error; - if (!client_allow_file(client, path_fs, error)) + if (!client.AllowFile(path_fs, error)) return print_error(client, error); result = client.partition.AppendFile(path_utf8); @@ -104,7 +103,7 @@ handle_addid(Client &client, int argc, char *argv[]) } Error error; - if (!client_allow_file(client, path_fs, error)) + if (!client.AllowFile(path_fs, error)) return print_error(client, error); result = client.partition.AppendFile(path_utf8, &added_id);