From d2a84d3d722e9c3df68cd5b7f86d8bf9372d7e2b Mon Sep 17 00:00:00 2001 From: =?utf8?q?David=20=E2=80=98Bombe=E2=80=99=20Roden?= Date: Mon, 11 Apr 2011 11:23:19 +0200 Subject: [PATCH] Deny commands that change data when FCP connection is restricted. --- .../net/pterodactylus/sone/fcp/FcpInterface.java | 29 +++++++++++++++++++--- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/src/main/java/net/pterodactylus/sone/fcp/FcpInterface.java b/src/main/java/net/pterodactylus/sone/fcp/FcpInterface.java index 01fae78..46ee5c2 100644 --- a/src/main/java/net/pterodactylus/sone/fcp/FcpInterface.java +++ b/src/main/java/net/pterodactylus/sone/fcp/FcpInterface.java @@ -24,7 +24,6 @@ import java.util.logging.Level; import java.util.logging.Logger; import net.pterodactylus.sone.core.Core; -import net.pterodactylus.sone.freenet.fcp.Command; import net.pterodactylus.sone.freenet.fcp.Command.AccessType; import net.pterodactylus.sone.freenet.fcp.Command.ErrorResponse; import net.pterodactylus.sone.freenet.fcp.Command.Response; @@ -50,8 +49,11 @@ public class FcpInterface { /** Whether the FCP interface is currently active. */ private volatile boolean active; + /** Whether to allow write access from full access hosts only. */ + private volatile boolean allowWriteFromFullAccessOnly; + /** All available FCP commands. */ - private final Map commands = Collections.synchronizedMap(new HashMap()); + private final Map commands = Collections.synchronizedMap(new HashMap()); /** * Creates a new FCP interface. @@ -60,7 +62,7 @@ public class FcpInterface { * The core */ public FcpInterface(Core core) { - commands.put("Version", new VersionCommand()); + commands.put("Version", new VersionCommand(core)); commands.put("GetLocalSones", new GetLocalSonesCommand(core)); commands.put("GetPost", new GetPostCommand(core)); commands.put("GetPosts", new GetPostsCommand(core)); @@ -89,6 +91,17 @@ public class FcpInterface { this.active = active; } + /** + * Sets whether write access is only allowed from full access hosts. + * + * @param allowWriteFromFullAccessOnly + * {@code true} to allow write access only from full access + * hosts, {@code false} to always allow write access + */ + public void setAllowWriteFromFullAccessOnly(boolean allowWriteFromFullAccessOnly) { + this.allowWriteFromFullAccessOnly = allowWriteFromFullAccessOnly; + } + // // ACTIONS // @@ -116,7 +129,15 @@ public class FcpInterface { } return; } - Command command = commands.get(parameters.get("Message")); + AbstractSoneCommand command = commands.get(parameters.get("Message")); + if (allowWriteFromFullAccessOnly && command.requiresWriteAccess() && (accessType == FredPluginFCP.ACCESS_FCP_RESTRICTED)) { + try { + sendReply(pluginReplySender, null, new ErrorResponse(401, "No Write Access")); + } catch (PluginNotFoundException pnfe1) { + logger.log(Level.FINE, "Could not set error to plugin.", pnfe1); + } + return; + } try { if (command == null) { sendReply(pluginReplySender, null, new ErrorResponse("Unrecognized Message: " + parameters.get("Message"))); -- 2.7.4