The entire zebra list concept is to close a very bad security hole that is completely transparent to users. In Kodi, knowing the IP of the box, an untrusted person can get Kodi to send back user/pass details which can expose other boxes for exploitation.
This is bad, very bad. Unfortunately, user/pass is not limited to passwords.xml. Access to a user's server content from an outside source is still problematic as user/pass details would have to be included.
So, I'm trying to understand the exact details needed. You say you need access to sources.xml. Without user/pass details, that access is useless. So you would really needs access to sources.xml AND passwords.xml.
Perhaps an intermediate solution. Something that asks for permission, presents the user with the request for access question and then the decision moves to their accepting and granting access to said device. We gen a token and this token would be required to bypass the bits in zebra list that target specific xml files. This would require some core infrastructure to support and is something that I'm willing to do.
1. No user installed addons are supported, python or otherwise.
2. No, they really are not supported.
3. They are not coming back
4. Read from 1. again
Any mention of illegal streaming sites, addons or any pirated material will not be tolerated. This is not democracy and any offenders will be banned and posts deleted immediately without warning.
Other than that, we hope you enjoy MrMC so far and we welcome any input and feedback you might have.
Team MrMC.
2. No, they really are not supported.
3. They are not coming back
4. Read from 1. again
Any mention of illegal streaming sites, addons or any pirated material will not be tolerated. This is not democracy and any offenders will be banned and posts deleted immediately without warning.
Other than that, we hope you enjoy MrMC so far and we welcome any input and feedback you might have.
Team MrMC.
Yatse support
-
Tolriq
- Posts: 26
- Joined: 19 Mar 2018, 12:57
Re: Yatse support
I do not need access to sources.xml.
I need access to the content at the sources location.
A source is defined as :
http://ip:port/vfs/F%3A%5CFakeLibrary%5CFilms%5Ctoto.mkv should work.
If allowSharing is set to false then it's forbidden.
My understanding of Zebra is that since that folder is not a folder inside the application it's not allowed to be accessed and is more restrictive than the solution I put in place in Kodi.
Maybe I miss read the code but from all our discussions it seems that this is what you wanted to achieve.
My addition to Kodi was to allow access to those folders via webserver via something that is configurable. The point was to expose that setting at UI level but situation with Kodi started once again to be more complicated at that time thanks to MK.
As said in all our discussions I 100% agree about Kodi flaws and needs to fix
And did try to fix a few.
Just need to be sure about how to handle the access to the content of allowed sources so that users can stream their Kodi content to other players like Chromecast or local device.
Current situation in 3.6.0 on Shield is that it works I can access the file via VFS if the source have allowSharing.
Either it's unwanted and it's a bug or it's wanted and I misunderstood the Zebra filter is the question
I need access to the content at the sources location.
A source is defined as :
The allowSharing is true so I can access the content of that folder from http via VFS.
<source>
<name>Films</name>
<path pathversion="1">F:\FakeLibrary\Films\</path>
<allowsharing>true</allowsharing>
</source>
http://ip:port/vfs/F%3A%5CFakeLibrary%5CFilms%5Ctoto.mkv should work.
If allowSharing is set to false then it's forbidden.
My understanding of Zebra is that since that folder is not a folder inside the application it's not allowed to be accessed and is more restrictive than the solution I put in place in Kodi.
Maybe I miss read the code but from all our discussions it seems that this is what you wanted to achieve.
My addition to Kodi was to allow access to those folders via webserver via something that is configurable. The point was to expose that setting at UI level but situation with Kodi started once again to be more complicated at that time thanks to MK.
As said in all our discussions I 100% agree about Kodi flaws and needs to fix
And did try to fix a few.Just need to be sure about how to handle the access to the content of allowed sources so that users can stream their Kodi content to other players like Chromecast or local device.
Current situation in 3.6.0 on Shield is that it works I can access the file via VFS if the source have allowSharing.
Either it's unwanted and it's a bug or it's wanted and I misunderstood the Zebra filter is the question
-
davilla
- Team MrMC
- Posts: 4377
- Joined: 26 Oct 2015, 17:01
Re: Yatse support
ok, the real problem is that realpath return null for vfs spec'ed paths, as they are by definition virtual paths
This should resolve the issue.
This should resolve the issue.
Code: Select all
diff --git a/xbmc/utils/FileUtils.cpp b/xbmc/utils/FileUtils.cpp
index f3577a2ad1..a2e0f79629 100644
--- a/xbmc/utils/FileUtils.cpp
+++ b/xbmc/utils/FileUtils.cpp
@@ -286,6 +286,12 @@ bool CFileUtils::ZebraListAccessCheck(const std::string &filePath)
return false;
}
}
+ else if (CFileUtils::RemoteAccessAllowed(filePath))
+ {
+ // if realpath fails, then it is a vfs reference
+ // so let CFileUtils::RemoteAccessAllowed handle it.
+ return true;
+ }
return true;
}
-
Tolriq
- Posts: 26
- Joined: 19 Mar 2018, 12:57
Re: Yatse support
I was not able to compile so can't test but yes code seems OK for that purpose.
Just need to be sure that local device files are still falling in the second part and not the first.
A source on the shield could totally be a mounted smb drive. Or even local drive for the 500GB one.
EDIT: Of course the last return true should now be return false to have any security improvements
Just need to be sure that local device files are still falling in the second part and not the first.
A source on the shield could totally be a mounted smb drive. Or even local drive for the 500GB one.
EDIT: Of course the last return true should now be return false to have any security improvements
-
Tolriq
- Posts: 26
- Joined: 19 Mar 2018, 12:57
Re: Yatse support
Yatse 8.3.0 is now out with support for MrMC.
If you expand JSON to add some features of v17 please add a note in future changelog or ping me here
If you expand JSON to add some features of v17 please add a note in future changelog or ping me here
-
davilla
- Team MrMC
- Posts: 4377
- Joined: 26 Oct 2015, 17:01
-
Tolriq
- Posts: 26
- Joined: 19 Mar 2018, 12:57
Re: Yatse support
Testflights are only iOS or do you push to Play Store beta channels too?
And thanks for the change.
And thanks for the change.
-
davilla
- Team MrMC
- Posts: 4377
- Joined: 26 Oct 2015, 17:01