mirror/tomahawk
1
0
Fork 0
mirror of https://github.com/tomahawk-player/tomahawk.git synced 2025-04-04 16:12:24 +02:00
Code Issues Releases Wiki Activity

Coarse-grained ACL support is now implemented. This controls whether someone is allowed to connect to you in a global sense, and remembers the chosen value. For now there is no GUI way to revert this, but it is easily done via Tomahawk.conf

Browse Source
This commit is contained in:
Jeff Mitchell 2011-03-29 02:42:46 -04:00
parent 942cc89a22
commit e968298d7d
7 changed files with 157 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
src/libtomahawk/aclsystem.cpp
View File

@ -19,14 +19,42 @@
#include "aclsystem.h"
#include <QtDebug>
#include <QMutexLocker>
#include <QVariant>
#include <tomahawksettings.h>
ACLSystem* ACLSystem::s_instance = 0;
ACLSystem*
ACLSystem::instance()
{
if( !s_instance )
new ACLSystem();
return s_instance;
}
ACLSystem::ACLSystem( QObject* parent )
: QObject( parent ),
m_saveTimer( this )
{
//TODO: read from settings file into cache
s_instance = this;
//qRegisterMetaType< QHash< QString, QHash< QString, ACL > > >("ACLSystem::ACLCacheHash");
QStringList savedEntries = TomahawkSettings::instance()->aclEntries();
if( !savedEntries.empty() && savedEntries.size() % 3 == 0 )
{
int index = 0;
while( index < savedEntries.length() )
{
if( !m_cache.contains( savedEntries.at( index ) ) )
m_cache[savedEntries.at( index ) ] = QHash< QString, ACL >();
m_cache[savedEntries.at( index )][savedEntries.at( index + 1 )] = (ACL)(savedEntries.at( index + 2 ).toInt() );
index += 3;
}
}
m_saveTimer.setSingleShot( false );
m_saveTimer.setInterval( 60000 );
connect( &m_saveTimer, SIGNAL( timeout() ), this, SLOT( saveTimerFired() ) );
@ -36,12 +64,16 @@ ACLSystem::ACLSystem( QObject* parent )
ACLSystem::~ACLSystem()
{
m_saveTimer.stop();
//TODO: save from cache into settings file
saveTimerFired();
}
ACLSystem::ACL
ACLSystem::isAuthorizedUser(const QString& dbid) const
ACLSystem::isAuthorizedUser( const QString& dbid )
{
qDebug() << Q_FUNC_INFO;
QMutexLocker locker( &m_cacheMutex );
qDebug() << "Current cache keys = " << m_cache.keys();
qDebug() << "Looking up dbid";
if( !m_cache.contains( dbid ) )
return ACLSystem::NotFound;
else
@ -56,19 +88,24 @@ ACLSystem::isAuthorizedUser(const QString& dbid) const
void
ACLSystem::authorizeUser( const QString& dbid, ACLSystem::ACL globalType )
{
qDebug() << Q_FUNC_INFO;
if( globalType == ACLSystem::NotFound )
return;
QMutexLocker locker( &m_cacheMutex );
QHash< QString, ACL > peerHash;
if( m_cache.contains( dbid ) )
peerHash = m_cache[dbid];
peerHash["global"] = globalType;
m_cache[dbid] = peerHash;
}
ACLSystem::ACL
ACLSystem::isAuthorizedPath( const QString& dbid, const QString& path ) const
ACLSystem::isAuthorizedPath( const QString& dbid, const QString& path )
{
QMutexLocker locker( &m_cacheMutex );
if( !m_cache.contains( dbid ) )
return ACLSystem::NotFound;
@ -92,6 +129,7 @@ ACLSystem::authorizePath( const QString& dbid, const QString& path, ACLSystem::A
qDebug() << "path selected is not in our scanner path!";
return;
}
QMutexLocker locker( &m_cacheMutex );
QHash< QString, ACLSystem::ACL > peerHash;
if ( m_cache.contains( dbid ) )
peerHash = m_cache[dbid];
@ -102,5 +140,11 @@ ACLSystem::authorizePath( const QString& dbid, const QString& path, ACLSystem::A
void
ACLSystem::saveTimerFired()
{
//TODO: save from cache into settings file
QStringList saveCache;
foreach( QString dbid, m_cache.keys() )
{
foreach( QString path, m_cache[dbid].keys() )
saveCache << dbid << path << QString::number( (int)(m_cache[dbid][path]) );
}
TomahawkSettings::instance()->setAclEntries( saveCache );
}

26
src/libtomahawk/aclsystem.h
View File

@ -23,6 +23,7 @@
#include <QString>
#include <QHash>
#include <QTimer>
#include <QMutex>
#include "dllmacro.h"
@ -30,29 +31,34 @@ class DLLEXPORT ACLSystem : public QObject
{
Q_OBJECT
enum ACL {
Allow,
Deny,
NotFound
};
public:
static ACLSystem* instance();
enum ACL {
Allow = 0,
Deny = 1,
NotFound = 2
};
ACLSystem( QObject *parent = 0 );
~ACLSystem();
ACL isAuthorizedUser( const QString &dbid ) const;
ACL isAuthorizedUser( const QString &dbid );
void authorizeUser( const QString &dbid, ACL globalType );
ACL isAuthorizedPath( const QString &dbid, const QString &path ) const;
ACL isAuthorizedPath( const QString &dbid, const QString &path );
void authorizePath( const QString &dbid, const QString &path, ACL type );
private slots:
void saveTimerFired();
private:
QHash< QString, QHash< QString, ACL> > m_cache;
QHash< QString, QHash< QString, ACL > > m_cache;
QTimer m_saveTimer;
QMutex m_cacheMutex;
static ACLSystem* s_instance;
};
#endif // TOMAHAWK_ACLSYSTEM_H

3
src/libtomahawk/network/controlconnection.cpp
View File

@ -221,7 +221,8 @@ ControlConnection::handleMsg( msg_ptr msg )
{
QString theirkey = m["key"].toString();
QString ourkey = m["offer"].toString();
servent()->reverseOfferRequest( this, ourkey, theirkey );
QString theirdbid = m["controlid"].toString();
servent()->reverseOfferRequest( this, theirdbid, ourkey, theirkey );
}
else if( m.value( "method" ).toString() == "dbsync-offer" )
{

75
src/libtomahawk/network/servent.cpp
View File

@ -26,6 +26,7 @@
#include <QNetworkProxy>
#include <QNetworkRequest>
#include <QNetworkReply>
#include <QMessageBox>
#include "result.h"
#include "source.h"
@ -39,6 +40,8 @@
#include "portfwdthread.h"
#include "tomahawksettings.h"
#include "utils/tomahawkutils.h"
#include <aclsystem.h>
#include <tomahawk/tomahawkapp.h>
using namespace Tomahawk;
@ -59,6 +62,8 @@ Servent::Servent( QObject* parent )
, m_portfwd( 0 )
{
s_instance = this;
new ACLSystem( this );
setProxy( QNetworkProxy::NoProxy );
@ -313,8 +318,8 @@ Servent::readyRead()
pport = m.value( "port" ).toInt();
nodeid = m.value( "nodeid" ).toString();
controlid = m.value( "controlid" ).toString();
qDebug() << m;
qDebug() << "Incoming connection details: " << m;
if( !nodeid.isEmpty() ) // only control connections send nodeid
{
@ -344,7 +349,7 @@ Servent::readyRead()
if( conntype == "accept-offer" || "push-offer" )
{
sock->_msg.clear();
Connection* conn = claimOffer( cc, key, sock->peerAddress() );
Connection* conn = claimOffer( cc, nodeid, key, sock->peerAddress() );
if( !conn )
{
qDebug() << "claimOffer FAILED, key:" << key;
@ -529,12 +534,12 @@ Servent::connectToPeer( const QString& ha, int port, const QString &key, Connect
void
Servent::reverseOfferRequest( ControlConnection* orig_conn, const QString& key, const QString& theirkey )
Servent::reverseOfferRequest( ControlConnection* orig_conn, const QString &theirdbid, const QString& key, const QString& theirkey )
{
Q_ASSERT( this->thread() == QThread::currentThread() );
qDebug() << "Servent::reverseOfferRequest received for" << key;
Connection* new_conn = claimOffer( orig_conn, key );
Connection* new_conn = claimOffer( orig_conn, theirdbid, key );
if ( !new_conn )
{
qDebug() << "claimOffer failed, killing requesting connection out of spite";
@ -554,8 +559,10 @@ Servent::reverseOfferRequest( ControlConnection* orig_conn, const QString& key,
// return the appropriate connection for a given offer key, or NULL if invalid
Connection*
Servent::claimOffer( ControlConnection* cc, const QString &key, const QHostAddress peer )
Servent::claimOffer( ControlConnection* cc, const QString &nodeid, const QString &key, const QHostAddress peer )
{
qDebug() << Q_FUNC_INFO;
bool noauth = qApp->arguments().contains( "--noauth" );
// magic key for stream connections:
@ -613,6 +620,18 @@ Servent::claimOffer( ControlConnection* cc, const QString &key, const QHostAddre
return NULL;
}
if( !nodeid.isEmpty() )
{
// If there isn't a nodeid it's not the first connection and will already have been stopped
if( !checkACL( conn, nodeid, true ) )
{
qDebug() << "Connection not allowed due to ACL";
return NULL;
}
}
qDebug() << "ACL has allowed the connection";
if( conn->onceOnly() )
{
m_offers.remove( key );
@ -637,6 +656,50 @@ Servent::claimOffer( ControlConnection* cc, const QString &key, const QHostAddre
}
}
bool
Servent::checkACL( const Connection* conn, const QString &nodeid, bool showDialog ) const
{
qDebug() << "Checking ACLs";
ACLSystem* aclSystem = ACLSystem::instance();
ACLSystem::ACL peerStatus = aclSystem->isAuthorizedUser( nodeid );
if( peerStatus == ACLSystem::Deny )
return false;
#ifndef TOMAHAWK_HEADLESS
if( peerStatus == ACLSystem::NotFound )
{
if( !showDialog )
return false;
qDebug() << "ACL for this node not found";
QMessageBox msgBox;
msgBox.setIcon( QMessageBox::Question );
msgBox.setText( "Incoming Connection Attempt" );
msgBox.setInformativeText( QString( "Another Tomahawk instance is attempting to connect to you. Select whether to allow or deny this connection.\n\nPeer name: %1\nPeer ID: %2\n\nRemember: Only allow peers to connect if you have the legal right for them to stream music from you.").arg( conn->name(), nodeid ) );
QPushButton *denyButton = msgBox.addButton( "Deny", QMessageBox::HelpRole );
QPushButton *alwaysDenyButton = msgBox.addButton( "Always Deny", QMessageBox::YesRole );
QPushButton *allowButton = msgBox.addButton( "Allow", QMessageBox::NoRole );
QPushButton *alwaysAllowButton = msgBox.addButton( "Always Allow", QMessageBox::ActionRole );
msgBox.setDefaultButton( denyButton );
msgBox.setEscapeButton( denyButton );
msgBox.exec();
if( msgBox.clickedButton() == denyButton )
return false;
else if( msgBox.clickedButton() == alwaysDenyButton )
{
aclSystem->authorizeUser( nodeid, ACLSystem::Deny );
return false;
}
else if( msgBox.clickedButton() == alwaysAllowButton )
aclSystem->authorizeUser( nodeid, ACLSystem::Allow );
}
#endif
return true;
}
QSharedPointer<QIODevice>
Servent::remoteIODeviceFactory( const result_ptr& result )

6
src/libtomahawk/network/servent.h
View File

@ -104,7 +104,7 @@ public:
void connectToPeer( const QString& ha, int port, const QString &key, const QString& name = "", const QString& id = "" );
void connectToPeer( const QString& ha, int port, const QString &key, Connection* conn );
void reverseOfferRequest( ControlConnection* orig_conn, const QString& key, const QString& theirkey );
void reverseOfferRequest( ControlConnection* orig_conn, const QString &theirdbid, const QString& key, const QString& theirkey );
bool visibleExternally() const { return !m_externalHostname.isNull() || (m_externalPort > 0 && !m_externalAddress.isNull()); }
QString externalAddress() const { return !m_externalHostname.isNull() ? m_externalHostname : m_externalAddress.toString(); }
@ -146,11 +146,11 @@ public slots:
private slots:
void readyRead();
Connection* claimOffer( ControlConnection* cc, const QString &key, const QHostAddress peer = QHostAddress::Any );
Connection* claimOffer( ControlConnection* cc, const QString &nodeid, const QString &key, const QHostAddress peer = QHostAddress::Any );
private:
void handoverSocket( Connection* conn, QTcpSocketExtra* sock );
bool checkACL( const Connection* conn, const QString &nodeid, bool showDialog ) const;
void printCurrentTransfers();
QJson::Parser parser;

13
src/libtomahawk/tomahawksettings.cpp
View File

@ -185,6 +185,19 @@ TomahawkSettings::setProxyType( const int type )
}
QStringList
TomahawkSettings::aclEntries() const
{
return value( "acl/entries", QStringList() ).toStringList();
}
void
TomahawkSettings::setAclEntries( const QStringList &entries )
{
setValue( "acl/entries", entries );
}
QByteArray
TomahawkSettings::mainWindowGeometry() const
{

4
src/libtomahawk/tomahawksettings.h
View File

@ -114,6 +114,10 @@ public:
int proxyType() const;
void setProxyType( const int type );
/// ACL settings
QStringList aclEntries() const;
void setAclEntries( const QStringList &entries );
/// Last.fm settings
bool scrobblingEnabled() const; /// false by default
void setScrobblingEnabled( bool enable );