Permission: add special permissions for local sockets

doc/user.xml

@@ -1159,6 +1159,11 @@ systemctl start mpd.socket</programlisting>
         </informaltable>
 
         <para>
+          <varname>local_permissions</varname> may be used to assign
+          other permissions to clients connecting on a local socket.
+        </para>
+
+        <para>
           <varname>password</varname> allows the client to send a
           password to gain other permissions.  This option may be
           specified multiple times with different passwords.

src/Permission.cxx

@@ -49,6 +49,10 @@ static std::map<std::string, unsigned> permission_passwords;
 
 static unsigned permission_default;
 
+#ifdef HAVE_UN
+static unsigned local_permissions;
+#endif
+
 static unsigned
 ParsePermission(const char *p)
 {
@@ -121,6 +125,14 @@ void initPermissions(void)
 
 	if (param)
 		permission_default = parsePermissions(param->value.c_str());
+
+#ifdef HAVE_UN
+	param = config_get_param(ConfigOption::LOCAL_PERMISSIONS);
+	if (param != nullptr)
+		local_permissions = parsePermissions(param->value.c_str());
+	else
+		local_permissions = permission_default;
+#endif
 }
 
 int getPermissionFromPassword(char const* password, unsigned* permission)
@@ -137,3 +149,13 @@ unsigned getDefaultPermissions(void)
 {
 	return permission_default;
 }
+
+#ifdef HAVE_UN
+
+unsigned
+GetLocalPermissions() noexcept
+{
+	return local_permissions;
+}
+
+#endif

src/Permission.hxx

@@ -20,6 +20,8 @@
 #ifndef MPD_PERMISSION_HXX
 #define MPD_PERMISSION_HXX
 
+#include "check.h"
+
 static constexpr unsigned PERMISSION_NONE = 0;
 static constexpr unsigned PERMISSION_READ = 1;
 static constexpr unsigned PERMISSION_ADD = 2;
@@ -31,6 +33,11 @@ int getPermissionFromPassword(char const* password, unsigned* permission);
 unsigned
 getDefaultPermissions();
 
+#ifdef HAVE_UN
+unsigned
+GetLocalPermissions() noexcept;
+#endif
+
 void
 initPermissions();
 

src/client/Listener.cxx

@@ -24,11 +24,27 @@
 #include "net/UniqueSocketDescriptor.hxx"
 #include "net/SocketAddress.hxx"
 
+static unsigned
+GetPermissions(SocketAddress address, int uid) noexcept
+{
+	(void)uid; // TODO: implement option to derive permissions from uid
+
+#ifdef HAVE_UN
+	if (address.GetFamily() == AF_LOCAL)
+		return GetLocalPermissions();
+#else
+	(void)address;
+#endif
+
+	return getDefaultPermissions();
+}
+
 void
 ClientListener::OnAccept(UniqueSocketDescriptor fd,
 			 SocketAddress address, int uid) noexcept
 {
+
 	client_new(GetEventLoop(), partition,
 		   std::move(fd), address, uid,
-		   getDefaultPermissions());
+		   GetPermissions(address, uid));
 }

src/config/ConfigOption.hxx

@@ -48,6 +48,7 @@ enum class ConfigOption {
 	ZEROCONF_NAME,
 	ZEROCONF_ENABLED,
 	PASSWORD,
+	LOCAL_PERMISSIONS,
 	DEFAULT_PERMS,
 	AUDIO_OUTPUT_FORMAT,
 	MIXER_TYPE,

src/config/ConfigTemplates.cxx

@@ -43,6 +43,7 @@ const ConfigTemplate config_param_templates[] = {
 	{ "zeroconf_name" },
 	{ "zeroconf_enabled" },
 	{ "password", true },
+	{ "local_permissions" },
 	{ "default_permissions" },
 	{ "audio_output_format" },
 	{ "mixer_type" },