Last active
August 29, 2015 14:01
-
-
Save joshkunz/6e922cedb86c76fd1bfe to your computer and use it in GitHub Desktop.
Patch for mpd tag v0.19.9 that allows unauthenticated users to enque files using the `file://' url scheme as long as the MPD daemon is able to read the files.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/src/client/ClientFile.cxx b/src/client/ClientFile.cxx | |
index 3ea8034..0f75907 100644 | |
--- a/src/client/ClientFile.cxx | |
+++ b/src/client/ClientFile.cxx | |
@@ -33,32 +33,23 @@ Client::AllowFile(Path path_fs, Error &error) const | |
#ifdef WIN32 | |
(void)path_fs; | |
- error.Set(ack_domain, ACK_ERROR_PERMISSION, "Access denied"); | |
+ error.Set(ack_domain, ACK_ERROR_PERMISSION, "Not Implemented."); | |
return false; | |
#else | |
- if (uid >= 0 && (uid_t)uid == geteuid()) | |
- /* always allow access if user runs his own MPD | |
- instance */ | |
- return true; | |
- | |
- if (uid < 0) { | |
- /* unauthenticated client */ | |
- error.Set(ack_domain, ACK_ERROR_PERMISSION, "Access denied"); | |
- return false; | |
- } | |
- | |
struct stat st; | |
if (!StatFile(path_fs, st)) { | |
error.SetErrno(); | |
return false; | |
} | |
- if (st.st_uid != (uid_t)uid && (st.st_mode & 0444) != 0444) { | |
- /* client is not owner */ | |
- error.Set(ack_domain, ACK_ERROR_PERMISSION, "Access denied"); | |
- return false; | |
- } | |
- | |
- return true; | |
+ /* Check if the file itself is readable. */ | |
+ if ((geteuid() == st.st_uid && (st.st_mode & 0400) == 0400) || | |
+ (getegid() == st.st_gid && (st.st_mode & 0040) == 0040) || | |
+ ((st.st_mode & 0004) == 0004)) { | |
+ return true; | |
+ } | |
+ /* Otherwise, we can't read these files. */ | |
+ error.Set(ack_domain, ACK_ERROR_PERMISSION, "Access denied."); | |
+ return false; | |
#endif | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment