1. No user installed addons are supported, python or otherwise.
2. No, they really are not supported.
3. They are not coming back
4. Read from 1. again

Any mention of illegal streaming sites, addons or any pirated material will not be tolerated. This is not democracy and any offenders will be banned and posts deleted immediately without warning.

Other than that, we hope you enjoy MrMC so far and we welcome any input and feedback you might have.

Team MrMC.

Yatse support

Development talk only
User avatar
davilla
Team MrMC
Posts: 3668
Joined: 26 Oct 2015, 17:01

Re: Yatse support

Post by davilla » 11 Apr 2018, 14:17

The entire zebra list concept is to close a very bad security hole that is completely transparent to users. In Kodi, knowing the IP of the box, an untrusted person can get Kodi to send back user/pass details which can expose other boxes for exploitation.

This is bad, very bad. Unfortunately, user/pass is not limited to passwords.xml. Access to a user's server content from an outside source is still problematic as user/pass details would have to be included.

So, I'm trying to understand the exact details needed. You say you need access to sources.xml. Without user/pass details, that access is useless. So you would really needs access to sources.xml AND passwords.xml.

Perhaps an intermediate solution. Something that asks for permission, presents the user with the request for access question and then the decision moves to their accepting and granting access to said device. We gen a token and this token would be required to bypass the bits in zebra list that target specific xml files. This would require some core infrastructure to support and is something that I'm willing to do.

Tolriq
Posts: 26
Joined: 19 Mar 2018, 12:57

Re: Yatse support

Post by Tolriq » 11 Apr 2018, 14:46

I do not need access to sources.xml.

I need access to the content at the sources location.

A source is defined as :

<source>
<name>Films</name>
<path pathversion="1">F:\FakeLibrary\Films\</path>
<allowsharing>true</allowsharing>
</source>
The allowSharing is true so I can access the content of that folder from http via VFS.

http://ip:port/vfs/F%3A%5CFakeLibrary%5CFilms%5Ctoto.mkv should work.

If allowSharing is set to false then it's forbidden.

My understanding of Zebra is that since that folder is not a folder inside the application it's not allowed to be accessed and is more restrictive than the solution I put in place in Kodi.

Maybe I miss read the code but from all our discussions it seems that this is what you wanted to achieve.

My addition to Kodi was to allow access to those folders via webserver via something that is configurable. The point was to expose that setting at UI level but situation with Kodi started once again to be more complicated at that time thanks to MK.

As said in all our discussions I 100% agree about Kodi flaws and needs to fix :) And did try to fix a few.

Just need to be sure about how to handle the access to the content of allowed sources so that users can stream their Kodi content to other players like Chromecast or local device.

Current situation in 3.6.0 on Shield is that it works I can access the file via VFS if the source have allowSharing.

Either it's unwanted and it's a bug or it's wanted and I misunderstood the Zebra filter is the question :)

User avatar
davilla
Team MrMC
Posts: 3668
Joined: 26 Oct 2015, 17:01

Re: Yatse support

Post by davilla » 11 Apr 2018, 14:49

I will review :)

User avatar
davilla
Team MrMC
Posts: 3668
Joined: 26 Oct 2015, 17:01

Re: Yatse support

Post by davilla » 12 Apr 2018, 00:41

ok, the real problem is that realpath return null for vfs spec'ed paths, as they are by definition virtual paths :)

This should resolve the issue.

Code: Select all

diff --git a/xbmc/utils/FileUtils.cpp b/xbmc/utils/FileUtils.cpp
index f3577a2ad1..a2e0f79629 100644
--- a/xbmc/utils/FileUtils.cpp
+++ b/xbmc/utils/FileUtils.cpp
@@ -286,6 +286,12 @@ bool CFileUtils::ZebraListAccessCheck(const std::string &filePath)
       return false;
     }
   }
+  else if (CFileUtils::RemoteAccessAllowed(filePath))
+  {
+    // if realpath fails, then it is a vfs reference
+    // so let CFileUtils::RemoteAccessAllowed handle it.
+    return true;
+  }
 
   return true;
 }

Tolriq
Posts: 26
Joined: 19 Mar 2018, 12:57

Re: Yatse support

Post by Tolriq » 12 Apr 2018, 07:46

I was not able to compile so can't test but yes code seems OK for that purpose.

Just need to be sure that local device files are still falling in the second part and not the first.

A source on the shield could totally be a mounted smb drive. Or even local drive for the 500GB one.


EDIT: Of course the last return true should now be return false to have any security improvements :)

Tolriq
Posts: 26
Joined: 19 Mar 2018, 12:57

Re: Yatse support

Post by Tolriq » 13 Apr 2018, 14:55

Yatse 8.3.0 is now out with support for MrMC.

If you expand JSON to add some features of v17 please add a note in future changelog or ping me here :)

User avatar
davilla
Team MrMC
Posts: 3668
Joined: 26 Oct 2015, 17:01

Re: Yatse support

Post by davilla » 13 Apr 2018, 15:09

Tolriq wrote:
13 Apr 2018, 14:55
Yatse 8.3.0 is now out with support for MrMC.

If you expand JSON to add some features of v17 please add a note in future changelog or ping me here :)
will do, and fyi 3.6.1 will have the relaxed zebra list.

Tolriq
Posts: 26
Joined: 19 Mar 2018, 12:57

Re: Yatse support

Post by Tolriq » 13 Apr 2018, 15:23

Testflights are only iOS or do you push to Play Store beta channels too?

And thanks for the change.

User avatar
davilla
Team MrMC
Posts: 3668
Joined: 26 Oct 2015, 17:01

Re: Yatse support

Post by davilla » 13 Apr 2018, 15:38

Tolriq wrote:
13 Apr 2018, 15:23
Testflights are only iOS or do you push to Play Store beta channels too?

And thanks for the change.
We push beta's to play, koying handles that now.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests