From eae0287466020b5b5aee137fb4599136420f89a2 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 27 Feb 2009 19:20:11 +0100 Subject: song_print: hide HTTP password in playlist Added the uri_remove_auth() library function which strips username and password from a HTTP URI, and use it in song_print_url(). This allows you to add HTTP URIs to the playlist including secret username and password, without disclosing it to all MPD clients. --- src/song_print.c | 12 +++++++++++- src/uri.c | 32 ++++++++++++++++++++++++++++++++ src/uri.h | 9 +++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/song_print.c b/src/song_print.c index 60e16f941..1b62f324e 100644 --- a/src/song_print.c +++ b/src/song_print.c @@ -22,6 +22,7 @@ #include "directory.h" #include "tag_print.h" #include "client.h" +#include "uri.h" void song_print_url(struct client *client, struct song *song) @@ -30,7 +31,16 @@ song_print_url(struct client *client, struct song *song) client_printf(client, "%s%s/%s\n", SONG_FILE, directory_get_path(song->parent), song->url); } else { - client_printf(client, "%s%s\n", SONG_FILE, song->url); + char *allocated; + const char *uri; + + uri = allocated = uri_remove_auth(song->url); + if (uri == NULL) + uri = song->url; + + client_printf(client, "%s%s\n", SONG_FILE, uri); + + g_free(allocated); } } diff --git a/src/uri.c b/src/uri.c index 6a6ddf82f..8c5ec4dcb 100644 --- a/src/uri.c +++ b/src/uri.c @@ -35,3 +35,35 @@ uri_get_suffix(const char *uri) return dot != NULL ? dot + 1 : NULL; } + +char * +uri_remove_auth(const char *uri) +{ + const char *auth, *slash, *at; + char *p; + + if (strncmp(uri, "http://", 7) == 0) + auth = uri + 7; + else if (strncmp(uri, "https://", 8) == 0) + auth = uri + 8; + else + /* unrecognized URI */ + return NULL; + + slash = strchr(auth, '/'); + if (slash == NULL) + slash = auth + strlen(auth); + + at = memchr(auth, '@', slash - auth); + if (at == NULL) + /* no auth info present, do nothing */ + return NULL; + + /* duplicate the full URI and then delete the auth + information */ + p = g_strdup(uri); + memmove(p + (auth - uri), p + (at + 1 - uri), + strlen(at)); + + return p; +} diff --git a/src/uri.h b/src/uri.h index 6a20e94a4..1189cb227 100644 --- a/src/uri.h +++ b/src/uri.h @@ -30,4 +30,13 @@ bool uri_has_scheme(const char *uri); const char * uri_get_suffix(const char *uri); +/** + * Removes HTTP username and password from the URI. This may be + * useful for displaying an URI without disclosing secrets. Returns + * NULL if nothing needs to be removed, or if the URI is not + * recognized. + */ +char * +uri_remove_auth(const char *uri); + #endif -- cgit v1.2.3