UMS and security

Announcements about Universal Media Server
ch2375
Posts: 4
Joined: Wed Jan 16, 2013 1:22 pm

Re: UMS and security

Post by ch2375 » Thu Aug 06, 2015 3:32 pm

I was able to invoke a change in the log output if I rename the "UMS.codes" to "UMS.code" removing the last "s". When I do this, there is output in the UMS logs (see below). Does changing the file name make sense? Is the error below because of the file name change, or something wrong in the underlying code? Is there something wrong in the regular expression if it has *.__private__.*,1234 ?

The error results in an inaccessible UMS. Renderers appear in the UMS Status tab, but UMS can't be accessed by the renderers.

A serious error occurred during PMS init
java.util.regex.PatternSyntaxException: Dangling meta character '*' near index 0
*.__private__.*
^
at java.util.regex.Pattern.error(Unknown Source) ~[na:1.8.0_51]
at java.util.regex.Pattern.sequence(Unknown Source) ~[na:1.8.0_51]
at java.util.regex.Pattern.expr(Unknown Source) ~[na:1.8.0_51]
at java.util.regex.Pattern.compile(Unknown Source) ~[na:1.8.0_51]
at java.util.regex.Pattern.<init>(Unknown Source) ~[na:1.8.0_51]
at java.util.regex.Pattern.compile(Unknown Source) ~[na:1.8.0_51]
at java.util.regex.Pattern.matches(Unknown Source) ~[na:1.8.0_51]
at net.pms.util.CodeDb.getCode(CodeDb.java:25) ~[ums.jar:5.2.0]
at net.pms.util.CodeDb.getCode(CodeDb.java:33) ~[ums.jar:5.2.0]
at net.pms.dlna.DLNAResource.addChild(DLNAResource.java:535) ~[ums.jar:5.2.0]
at net.pms.dlna.DLNAResource.addChild(DLNAResource.java:511) ~[ums.jar:5.2.0]
at net.pms.dlna.virtual.MediaLibrary.init(MediaLibrary.java:28) ~[ums.jar:5.2.0]
at net.pms.dlna.virtual.MediaLibrary.<init>(MediaLibrary.java:22) ~[ums.jar:5.2.0]
at net.pms.PMS.init(PMS.java:718) [ums.jar:5.2.0]
at net.pms.PMS.createInstance(PMS.java:1023) [ums.jar:5.2.0]
at net.pms.PMS.main(PMS.java:1135) [ums.jar:5.2.0]

User avatar
valib
Developer
Posts: 467
Joined: Fri Feb 08, 2013 3:11 am

Re: UMS and security

Post by valib » Thu Aug 06, 2015 11:16 pm

ch2375 wrote:I was able to invoke a change in the log output if I rename the "UMS.codes" to "UMS.code" removing the last "s".
You are right that the file name must be UMS.code. I fixed it in the SharkHunter's post. The problem with regex is the "*" character at the begining of the regex. Try to use

Code: Select all

.*__private__.*,1234

ch2375
Posts: 4
Joined: Wed Jan 16, 2013 1:22 pm

Re: UMS and security

Post by ch2375 » Sun Aug 23, 2015 11:44 pm

valib wrote:.*__private__.*,1234
I tried your suggestion, thanks a lot for posting it.

UMS is now accessible, and the media I have within this "__private__" directory is not accessible. The display name of the movies within the directory are also altered on the renderer (original name changed to numerical values, 1-whatever). A subdirectory with a different name within __private__ is also given the same name __private__ and anything within it is inaccessible with a "No stored files found" error thrown on the renderer if I try accessing the subdirectory. There is also a "clear" named movie at the end of the listings within __private__, which I don't think is really a movie at all. This suggests that the pin code security method is partially working. However, I never get prompted for the pin code. The renderers I have tried are mostly Samsung TV's and Kodi (OpenELEC).

Any more suggestions? Is there something in the UMS.conf that should be altered?

HT1
Posts: 115
Joined: Thu Mar 05, 2015 12:30 pm

Re: UMS and security

Post by HT1 » Sun Mar 13, 2016 12:05 pm

is the IP-Filter method from 1st post still available in ums 6.10 ?

how do i set it up please ?

or the UMS.deny do i just type an ip to block it or do i have to set a folder name too ?
Win 10 64bits java 8
Qnap TS-212 2x3TB WD Red
Sony Bravia MN (my conf)

infidel
Developer
Posts: 571
Joined: Thu Jul 12, 2012 5:37 am

Re: UMS and security

Post by infidel » Mon Mar 14, 2016 12:47 am

HT1 wrote:how do i set it up please ?
I added an example to the wiki for ip_filter.
HT1 wrote:or the UMS.deny do i just type an ip to block it or do i have to set a folder name too ?
Your UMS.deny file should contain a list of specific files/folders, so yes, you need to specify a path like in the examples, using someaddress.name=foldername to deny folders, or someaddress.file=filename for files, as per the example.

HT1
Posts: 115
Joined: Thu Mar 05, 2015 12:30 pm

Re: UMS and security

Post by HT1 » Mon Mar 14, 2016 9:17 am

awesome thanks infidel !

say i just edited my ums.conf with notepad but like the hosts file i couldn't save it right away.

You might want to address that in the wiki, ie: the "users" group needs to be granted "full control" of the folder C:\Program Files (x86)\Universal Media Server, by opening the folder's properties, going to security, clicking edit then select users and click the total control checkbox.
Win 10 64bits java 8
Qnap TS-212 2x3TB WD Red
Sony Bravia MN (my conf)

infidel
Developer
Posts: 571
Joined: Thu Jul 12, 2012 5:37 am

Re: UMS and security

Post by infidel » Sat Mar 19, 2016 11:34 pm

HT1 wrote: i just edited my ums.conf
Oops, just fixed the wiki after @valib pointed out that ip_filter acts as a whitelist, not blacklist. Apologies for any misunderstandings :).

Post Reply