1
0

Security_admin.c 5.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148
  1. /* vim: set expandtab ts=4 sw=4: */
  2. /*
  3. * You may redistribute this program and/or modify it under the terms of
  4. * the GNU General Public License as published by the Free Software Foundation,
  5. * either version 3 of the License, or (at your option) any later version.
  6. *
  7. * This program is distributed in the hope that it will be useful,
  8. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  9. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  10. * GNU General Public License for more details.
  11. *
  12. * You should have received a copy of the GNU General Public License
  13. * along with this program. If not, see <https://www.gnu.org/licenses/>.
  14. */
  15. #include "admin/Admin.h"
  16. #include "benc/String.h"
  17. #include "benc/Dict.h"
  18. #include "exception/Er.h"
  19. #include "util/log/Log.h"
  20. #include "util/Security.h"
  21. #include "util/Security_admin.h"
  22. struct Context
  23. {
  24. struct Log* logger;
  25. struct Admin* admin;
  26. struct Security* sec;
  27. Identity
  28. };
  29. static void sendError(const char* errorMessage, String* txid, struct Admin* admin)
  30. {
  31. Dict error = Dict_CONST(String_CONST("error"),
  32. String_OBJ(String_CONST((char*)errorMessage)), NULL);
  33. Admin_sendMessage(&error, txid, admin);
  34. }
  35. static void setUser(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
  36. {
  37. struct Context* const ctx = Identity_check((struct Context*) vctx);
  38. int64_t* user = Dict_getIntC(args, "uid");
  39. int64_t* group = Dict_getIntC(args, "gid");
  40. int gid = group ? (int)*group : 0;
  41. int64_t* keepNetAdmin = Dict_getIntC(args, "keepNetAdmin");
  42. struct Er_Ret* er = NULL;
  43. Er_check(&er, Security_setUser(*user, gid, *keepNetAdmin, ctx->logger, requestAlloc));
  44. if (er) {
  45. sendError(er->message, txid, ctx->admin);
  46. return;
  47. }
  48. sendError("none", txid, ctx->admin);
  49. }
  50. static void checkPermissions(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
  51. {
  52. struct Context* const ctx = Identity_check((struct Context*) vctx);
  53. struct Er_Ret* er = NULL;
  54. struct Security_Permissions* sp = Er_check(&er, Security_checkPermissions(requestAlloc));
  55. if (er) {
  56. sendError(er->message, txid, ctx->admin);
  57. return;
  58. }
  59. Dict* out = Dict_new(requestAlloc);
  60. Dict_putIntC(out, "noOpenFiles", sp->noOpenFiles, requestAlloc);
  61. Dict_putIntC(out, "userId", sp->uid, requestAlloc);
  62. Dict_putStringCC(out, "error", "none", requestAlloc);
  63. Admin_sendMessage(out, txid, ctx->admin);
  64. }
  65. #define NOARG_CALL(vctx, txid, func, requestAlloc) \
  66. do { \
  67. struct Context* const ctx = Identity_check((struct Context*) vctx); \
  68. struct Er_Ret* er = NULL; \
  69. Er_check(&er, func(requestAlloc)); \
  70. if (er) { \
  71. sendError(er->message, txid, ctx->admin); \
  72. return; \
  73. } \
  74. sendError("none", txid, ctx->admin); \
  75. } while (0)
  76. // CHECKFILES_IGNORE expecting { bracket
  77. static void nofiles(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
  78. {
  79. NOARG_CALL(vctx, txid, Security_nofiles, requestAlloc);
  80. }
  81. static void noforks(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
  82. {
  83. NOARG_CALL(vctx, txid, Security_noforks, requestAlloc);
  84. }
  85. static void chroot(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
  86. {
  87. struct Context* const ctx = Identity_check((struct Context*) vctx);
  88. struct Er_Ret* er = NULL;
  89. String* root = Dict_getStringC(args, "root");
  90. Er_check(&er, Security_chroot(root->bytes, requestAlloc));
  91. if (er) {
  92. sendError(er->message, txid, ctx->admin);
  93. return;
  94. }
  95. sendError("none", txid, ctx->admin);
  96. }
  97. static void setupComplete(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
  98. {
  99. struct Context* const ctx = Identity_check((struct Context*) vctx);
  100. Security_setupComplete(ctx->sec);
  101. sendError("none", txid, ctx->admin);
  102. }
  103. static void getUser(Dict* args, void* vctx, String* txid, struct Allocator* requestAlloc)
  104. {
  105. struct Context* const ctx = Identity_check((struct Context*) vctx);
  106. String* user = Dict_getStringC(args, "user");
  107. Dict* ret = Security_getUser((user) ? user->bytes : NULL, requestAlloc);
  108. Admin_sendMessage(ret, txid, ctx->admin);
  109. }
  110. void Security_admin_register(struct Allocator* alloc,
  111. struct Log* logger,
  112. struct Security* sec,
  113. struct Admin* admin)
  114. {
  115. struct Context* ctx = Allocator_clone(alloc, (&(struct Context) {
  116. .logger = logger,
  117. .admin = admin
  118. }));
  119. Identity_set(ctx);
  120. ctx->sec = sec;
  121. Admin_registerFunction("Security_nofiles", nofiles, ctx, true, NULL, admin);
  122. Admin_registerFunction("Security_noforks", noforks, ctx, true, NULL, admin);
  123. Admin_registerFunction("Security_chroot", chroot, ctx, true, ((struct Admin_FunctionArg[]) {
  124. { .name = "root", .required = 1, .type = "String" }
  125. }), admin);
  126. Admin_registerFunction("Security_setUser", setUser, ctx, true, ((struct Admin_FunctionArg[]) {
  127. { .name = "uid", .required = 1, .type = "Int" },
  128. { .name = "gid", .required = 0, .type = "Int" },
  129. { .name = "keepNetAdmin", .required = 1, .type = "Int" },
  130. }), admin);
  131. Admin_registerFunction("Security_getUser", getUser, ctx, true, ((struct Admin_FunctionArg[]) {
  132. { .name = "user", .required = 0, .type = "String" }
  133. }), admin);
  134. Admin_registerFunction("Security_setupComplete", setupComplete, ctx, true, NULL, admin);
  135. Admin_registerFunction("Security_checkPermissions", checkPermissions, ctx, true, NULL, admin);
  136. }