diff --git a/copyparty/authsrv.py b/copyparty/authsrv.py index bdc65640..03dea807 100644 --- a/copyparty/authsrv.py +++ b/copyparty/authsrv.py @@ -70,6 +70,25 @@ if PY2: LEELOO_DALLAS = "leeloo_dallas" +## +## you might be curious what Leeloo Dallas is doing here, so let me explain: +## +## certain daemonic tasks, namely: +## * deletion of expired files, running on a timer +## * deletion of sidecar files, initiated by plugins +## need to skip the usual permission-checks to do their thing, +## so we let Leeloo handle these +## +## and also, the smb-server has really shitty support for user-accounts +## so one popular way to avoid issues is by running copyparty without users; +## this makes all smb-clients identify as LD to gain unrestricted access +## +## Leeloo, being a fictional character from The Fifth Element, +## obviously does not exist and will never be able to access any copyparty +## instances from the outside (the username is rejected at every entrypoint) +## +## thanks for coming to my ted talk + SEE_LOG = "see log for details" SEESLOG = " (see serverlog for details)" diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py index 8bb12870..f90f4d93 100644 --- a/copyparty/httpcli.py +++ b/copyparty/httpcli.py @@ -33,7 +33,7 @@ except: from .__init__ import ANYWIN, PY2, RES, TYPE_CHECKING, EnvParams, unicode from .__version__ import S_VERSION -from .authsrv import VFS # typechk +from .authsrv import LEELOO_DALLAS, VFS # typechk from .bos import bos from .star import StreamTar from .stolen.qrcodegen import QrCode, qr2svg @@ -622,6 +622,9 @@ class HttpCli(object): ) or self.args.idp_h_key in self.headers if trusted_key and trusted_xff: + if idp_usr.lower() == LEELOO_DALLAS: + self.loud_reply("send her back", status=403) + return False self.asrv.idp_checkin(self.conn.hsrv.broker, idp_usr, idp_grp) else: if not trusted_key: