1
0

Security_admin.c 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104
  1. /* vim: set expandtab ts=4 sw=4: */
  2. /*
  3. * You may redistribute this program and/or modify it under the terms of
  4. * the GNU General Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. *
  7. * This program is distributed in the hope that it will be useful,
  8. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. * GNU General Public License for more details.
  11. *
  12. * You should have received a copy of the GNU General Public License
  13. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  14. */
  15. #include "admin/Admin.h"
  16. #include "benc/String.h"
  17. #include "benc/Dict.h"
  18. #include "exception/Except.h"
  19. #include "exception/Jmp.h"
  20. #include "util/log/Log.h"
  21. #include "util/Security.h"
  22. #define string_strlen
  23. #include "util/platform/libc/string.h"
  24. struct Context
  25. {
  26. struct Log* logger;
  27. struct Admin* admin;
  28. };
  29. static void sendError(char* errorMessage, String* txid, struct Admin* admin)
  30. {
  31. Dict error = Dict_CONST(String_CONST("error"), String_OBJ(String_CONST(errorMessage)), NULL);
  32. Admin_sendMessage(&error, txid, admin);
  33. }
  34. static void setUser(Dict* args, void* vcontext, String* txid, struct Allocator* requestAlloc)
  35. {
  36. struct Context* const ctx = (struct Context*) vcontext;
  37. struct Jmp jmp;
  38. Jmp_try(jmp) {
  39. String* user = Dict_getString(args, String_CONST("user"));
  40. Security_setUser(user->bytes, ctx->logger, &jmp.handler);
  41. } Jmp_catch {
  42. sendError(jmp.message, txid, ctx->admin);
  43. return;
  44. }
  45. sendError("none", txid, ctx->admin);
  46. }
  47. static void dropPermissions(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
  48. {
  49. struct Context* const ctx = (struct Context*) vctx;
  50. struct Jmp jmp;
  51. Jmp_try(jmp) {
  52. Security_dropPermissions(&jmp.handler);
  53. } Jmp_catch {
  54. sendError(jmp.message, txid, ctx->admin);
  55. return;
  56. }
  57. sendError("none", txid, ctx->admin);
  58. }
  59. static void checkPermissionsB(struct Except* eh,
  60. String* txid,
  61. struct Admin* admin,
  62. struct Allocator* requestAlloc)
  63. {
  64. struct Security_Permissions* sp = Security_checkPermissions(requestAlloc, eh);
  65. Dict* out = Dict_new(requestAlloc);
  66. Dict_putInt(out, String_CONST("noOpenFiles"), sp->noOpenFiles, requestAlloc);
  67. Dict_putInt(out, String_CONST("seccompExists"), sp->seccompExists, requestAlloc);
  68. Dict_putInt(out, String_CONST("seccompEnforcing"), sp->seccompEnforcing, requestAlloc);
  69. Dict_putInt(out, String_CONST("memoryLimitBytes"), sp->memoryLimitBytes, requestAlloc);
  70. Dict_putString(out, String_CONST("error"), String_CONST("none"), requestAlloc);
  71. Admin_sendMessage(out, txid, admin);
  72. }
  73. static void checkPermissions(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
  74. {
  75. struct Context* const ctx = (struct Context*) vctx;
  76. struct Jmp jmp;
  77. Jmp_try(jmp) {
  78. checkPermissionsB(&jmp.handler, txid, ctx->admin, requestAlloc);
  79. } Jmp_catch {
  80. sendError(jmp.message, txid, ctx->admin);
  81. return;
  82. }
  83. }
  84. void Security_admin_register(struct Allocator* alloc, struct Log* logger, struct Admin* admin)
  85. {
  86. struct Context* ctx = Allocator_clone(alloc, (&(struct Context) {
  87. .logger = logger,
  88. .admin = admin
  89. }));
  90. struct Admin_FunctionArg setUserArgs[] = {
  91. { .name = "user", .required = 1, .type = "String" }
  92. };
  93. Admin_registerFunction("Security_setUser", setUser, ctx, true, setUserArgs, admin);
  94. Admin_registerFunction("Security_dropPermissions", dropPermissions, ctx, true, NULL, admin);
  95. Admin_registerFunction("Security_checkPermissions", checkPermissions, ctx, true, NULL, admin);
  96. }