Add async access checksaccess-hooks-arg

Protect some of the native-protocol methods with async access checks.
these checks should configure the client with the right permissions to
access sinks and sources.

5 files changed, 111 insertions, 11 deletions

diff --git a/src/modules/module-access.c b/src/modules/module-access.c
index aeaf0982f..39e2f0e04 100644
--- a/src/modules/module-access.c
+++ b/src/modules/module-access.c
@@ -152,7 +152,7 @@ static void timeout_cb(pa_mainloop_api*a, pa_time_event* e, const struct timeval
     /* this should be granted or denied */
     cd->cached[d->hook].granted = true;
 
-    d->async_finish_cb (d, cd->cached[d->hook].granted);
+    d->complete_cb (d, cd->cached[d->hook].granted);
 }
 
 static client_data * client_data_new(struct userdata *u, uint32_t index, uint32_t policy) {
diff --git a/src/pulsecore/access.h b/src/pulsecore/access.h
index a4ed56139..534f66c4f 100644
--- a/src/pulsecore/access.h
+++ b/src/pulsecore/access.h
@@ -26,6 +26,7 @@
 #include <pulsecore/client.h>
 
 typedef enum pa_access_hook {
+    PA_ACCESS_HOOK_NONE = 0,
     /* context */
     PA_ACCESS_HOOK_VIEW_SERVER,
     PA_ACCESS_HOOK_EXIT_DAEMON,
@@ -80,7 +81,7 @@ typedef enum pa_access_hook {
     PA_ACCESS_HOOK_PLAY_SAMPLE,
     PA_ACCESS_HOOK_PLAY_FILE,
 
-    /* stream */
+    /* async */
     PA_ACCESS_HOOK_CONNECT_UPLOAD,
     PA_ACCESS_HOOK_CONNECT_PLAYBACK,
     PA_ACCESS_HOOK_CONNECT_RECORD,
@@ -98,8 +99,7 @@ struct pa_access_data {
     uint32_t object_index;
     pa_subscription_event_type_t event;
     const char *name;
-
-    void (*async_finish_cb) (pa_access_data *data, bool res);
+    void (*complete_cb) (pa_access_data *data, bool res);
 };
 
 #endif
diff --git a/src/pulsecore/core.c b/src/pulsecore/core.c
index 4acc14a61..eec97d1c4 100644
--- a/src/pulsecore/core.c
+++ b/src/pulsecore/core.c
@@ -333,11 +333,11 @@ pa_mempool* pa_core_new_mempool(pa_core *c, pa_mem_type_t shm_type, bool per_cli
     return pa_mempool_new(shm_type, c->shm_size, per_client);
 }
 
-/* FIXME: Should these be taking a ref during the copy? */
-
 bool pa_core_check_access_sync(pa_core *c, pa_client *client, pa_access_hook_t hook, uint32_t idx, pa_subscription_event_type_t event, const char *name) {
     pa_access_data data;
 
+    pa_assert(c);
+
     if (client == NULL)
       return true;
 
@@ -346,11 +346,25 @@ bool pa_core_check_access_sync(pa_core *c, pa_client *client, pa_access_hook_t h
     data.object_index = idx;
     data.event = event;
     data.name = name;
-    data.async_finish_cb = NULL;
+    data.complete_cb = NULL;
 
     return pa_hook_fire(&c->access[data.hook], &data) == PA_HOOK_OK;
 }
 
+pa_hook_result_t pa_core_check_access(pa_core *c, pa_client *client, pa_access_data *data) {
+    pa_assert(c);
+    pa_assert(data);
+
+    if (client == NULL)
+      return PA_HOOK_OK;
+
+    data->client_index = client->index;
+
+    return pa_hook_fire(&c->access[data->hook], data);
+}
+
+/* FIXME: Should these be taking a ref during the copy? */
+
 pa_idxset* pa_core_get_modules(pa_core *c, pa_client *client) {
     pa_idxset *s;
     uint32_t idx;
diff --git a/src/pulsecore/core.h b/src/pulsecore/core.h
index d7c14911e..fcb1b1a91 100644
--- a/src/pulsecore/core.h
+++ b/src/pulsecore/core.h
@@ -194,4 +194,6 @@ uint32_t pa_core_get_cookie(pa_core *c);
 
 bool pa_core_check_access_sync(pa_core *c, pa_client *client, pa_access_hook_t hook, uint32_t idx, pa_subscription_event_type_t event, const char *name);
 
+pa_hook_result_t pa_core_check_access(pa_core *c, pa_client *client, pa_access_data *data);
+
 #endif
diff --git a/src/pulsecore/protocol-native.c b/src/pulsecore/protocol-native.c
index 05bcb3b2f..f427d8ab5 100644
--- a/src/pulsecore/protocol-native.c
+++ b/src/pulsecore/protocol-native.c
@@ -45,6 +45,7 @@
 #include <pulsecore/pdispatch.h>
 #include <pulsecore/pstream-util.h>
 #include <pulsecore/namereg.h>
+#include <pulsecore/access.h>
 #include <pulsecore/core-scache.h>
 #include <pulsecore/core-subscribe.h>
 #include <pulsecore/log.h>
@@ -4849,14 +4850,97 @@ static void command_set_port_latency_offset(pa_pdispatch *pd, uint32_t command,
     pa_pstream_send_simple_ack(c->pstream, tag);
 }
 
+typedef struct pa_protocol_native_access_data {
+    pa_access_data d;
+
+    pa_pdispatch *pd;
+    uint32_t command;
+    uint32_t tag;
+    pa_tagstruct *tc;
+    void *userdata;
+} pa_protocol_native_access_data;
+
+static const pa_pdispatch_cb_t access_ok_table[PA_COMMAND_MAX] = {
+    [PA_COMMAND_CREATE_PLAYBACK_STREAM] = command_create_playback_stream,
+    [PA_COMMAND_CREATE_RECORD_STREAM] = command_create_record_stream,
+    [PA_COMMAND_CREATE_UPLOAD_STREAM] = command_create_upload_stream,
+    [PA_COMMAND_STAT] = command_stat,
+};
+
+static void check_access_finish_cb(pa_access_data *data, bool res) {
+    pa_protocol_native_access_data *d = (pa_protocol_native_access_data *) data;
+    pa_native_connection *c = PA_NATIVE_CONNECTION(d->userdata);
+    uint32_t command, tag;
+
+    if (!res || pa_tagstruct_getu32(d->tc, &command) < 0 ||
+        pa_tagstruct_getu32(d->tc, &tag) < 0 ||
+        command != d->command || tag != d->tag) {
+        pa_pstream_send_error(c->pstream, d->tag, PA_ERR_ACCESS);
+        goto finish;
+    }
+
+    /* call the dispatcher again, hopefully this time, the access check will
+     * fail or succeed immediately */
+    access_ok_table[d->command](d->pd, d->command, d->tag, d->tc, d->userdata);
+
+finish:
+    if (d->pd)
+        pa_pdispatch_unref(d->pd);
+    if (d->tc)
+        pa_tagstruct_free(d->tc);
+    pa_xfree(d);
+}
+
+static const pa_access_hook_t access_table[PA_COMMAND_MAX] = {
+    [PA_COMMAND_CREATE_PLAYBACK_STREAM] = PA_ACCESS_HOOK_CONNECT_PLAYBACK,
+    [PA_COMMAND_CREATE_RECORD_STREAM] = PA_ACCESS_HOOK_CONNECT_RECORD,
+    [PA_COMMAND_CREATE_UPLOAD_STREAM] = PA_ACCESS_HOOK_CONNECT_UPLOAD,
+    [PA_COMMAND_STAT] = PA_ACCESS_HOOK_STAT,
+};
+
+static void check_command_access(pa_pdispatch *pd, uint32_t command, uint32_t tag, pa_tagstruct *t, void *userdata) {
+    pa_native_connection *c = PA_NATIVE_CONNECTION(userdata);
+    pa_protocol_native_access_data *data;
+    pa_hook_result_t res;
+
+    pa_native_connection_assert_ref(c);
+
+    if (access_table[command] == 0) {
+        pa_pstream_send_error(c->pstream, tag, PA_ERR_ACCESS);
+        return;
+    }
+
+    data = pa_xnew0 (pa_protocol_native_access_data, 1);
+    data->d.client_index = c->client->index;
+    data->d.object_index = PA_INVALID_INDEX;
+    data->d.event = 0;
+    data->d.name = NULL;
+    data->d.hook = access_table[command];
+
+    res = pa_core_check_access(c->protocol->core, c->client, &data->d);
+    if (res == PA_HOOK_CANCEL) {
+        /* async */
+        data->d.complete_cb = check_access_finish_cb;
+        data->pd = pd ? pa_pdispatch_ref (pd) : NULL;
+        data->command = command;
+        data->tag = tag;
+        data->tc = t ? pa_tagstruct_copy (t) : NULL;
+        data->userdata = userdata;
+    } else {
+        pa_xfree(data);
+        access_ok_table[command](pd, command, tag, t, userdata);
+    }
+}
+
+
 static const pa_pdispatch_cb_t command_table[PA_COMMAND_MAX] = {
     [PA_COMMAND_ERROR] = NULL,
     [PA_COMMAND_TIMEOUT] = NULL,
     [PA_COMMAND_REPLY] = NULL,
-    [PA_COMMAND_CREATE_PLAYBACK_STREAM] = command_create_playback_stream,
+    [PA_COMMAND_CREATE_PLAYBACK_STREAM] = check_command_access,
     [PA_COMMAND_DELETE_PLAYBACK_STREAM] = command_delete_stream,
     [PA_COMMAND_DRAIN_PLAYBACK_STREAM] = command_drain_playback_stream,
-    [PA_COMMAND_CREATE_RECORD_STREAM] = command_create_record_stream,
+    [PA_COMMAND_CREATE_RECORD_STREAM] = check_command_access,
     [PA_COMMAND_DELETE_RECORD_STREAM] = command_delete_stream,
     [PA_COMMAND_AUTH] = command_auth,
     [PA_COMMAND_REQUEST] = NULL,
@@ -4864,10 +4948,10 @@ static const pa_pdispatch_cb_t command_table[PA_COMMAND_MAX] = {
     [PA_COMMAND_SET_CLIENT_NAME] = command_set_client_name,
     [PA_COMMAND_LOOKUP_SINK] = command_lookup,
     [PA_COMMAND_LOOKUP_SOURCE] = command_lookup,
-    [PA_COMMAND_STAT] = command_stat,
+    [PA_COMMAND_STAT] = check_command_access,
     [PA_COMMAND_GET_PLAYBACK_LATENCY] = command_get_playback_latency,
     [PA_COMMAND_GET_RECORD_LATENCY] = command_get_record_latency,
-    [PA_COMMAND_CREATE_UPLOAD_STREAM] = command_create_upload_stream,
+    [PA_COMMAND_CREATE_UPLOAD_STREAM] = check_command_access,
     [PA_COMMAND_DELETE_UPLOAD_STREAM] = command_delete_stream,
     [PA_COMMAND_FINISH_UPLOAD_STREAM] = command_finish_upload_stream,
     [PA_COMMAND_PLAY_SAMPLE] = command_play_sample,