mirrors/pipewire
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/pipewire/pipewire.git synced 2025-11-04 13:30:12 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

pulse-server: add command access control

Browse source 
By default require that a client is authenticated and
has a manager to be allowed to run a command.

Specially:
 * AUTH requires nothing
 * SET_CLIENT_NAME and STAT only require authentication
This commit is contained in:
Barnabás Pőcze 2021-12-30 21:36:04 +01:00
parent 92abc7b7ad
commit 1c3e45a584
3 changed files with 22 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

15
src/modules/module-protocol-pulse/server.c
View file

@ -91,12 +91,23 @@ static int handle_packet(struct client *client, struct message *msg)
message_dump(SPA_LOG_LEVEL_INFO, msg);
}
if (commands[command].run == NULL) {
const struct command *cmd = &commands[command];
if (cmd->run == NULL) {
res = -ENOTSUP;
goto finish;
}
res = commands[command].run(client, command, tag, msg);
if (!client->authenticated && !SPA_FLAG_IS_SET(cmd->access, COMMAND_ACCESS_WITHOUT_AUTH)) {
res = -EACCES;
goto finish;
}
if (client->manager == NULL && !SPA_FLAG_IS_SET(cmd->access, COMMAND_ACCESS_WITHOUT_MANAGER)) {
res = -EACCES;
goto finish;
}
res = cmd->run(client, command, tag, msg);
finish:
message_free(impl, msg, false, false);