tmux/dist/cmd-server-access.c

*6db26757Swiz/* $OpenBSD$ */
*6db26757Swiz
*6db26757Swiz/*
*6db26757Swiz * Copyright (c) 2021 Dallas Lyons <dallasdlyons@gmail.com>
*6db26757Swiz *
*6db26757Swiz * Permission to use, copy, modify, and distribute this software for any
*6db26757Swiz * purpose with or without fee is hereby granted, provided that the above
*6db26757Swiz * copyright notice and this permission notice appear in all copies.
*6db26757Swiz *
*6db26757Swiz * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
*6db26757Swiz * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
*6db26757Swiz * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
*6db26757Swiz * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
*6db26757Swiz * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
*6db26757Swiz * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
*6db26757Swiz * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*6db26757Swiz */
*6db26757Swiz
*6db26757Swiz#include <sys/stat.h>
*6db26757Swiz#include <sys/types.h>
*6db26757Swiz
*6db26757Swiz#include <pwd.h>
*6db26757Swiz#include <stdio.h>
*6db26757Swiz#include <string.h>
*6db26757Swiz#include <stdlib.h>
*6db26757Swiz#include <unistd.h>
*6db26757Swiz
*6db26757Swiz#include "tmux.h"
*6db26757Swiz
*6db26757Swiz/*
*6db26757Swiz * Controls access to session.
*6db26757Swiz */
*6db26757Swiz
*6db26757Swizstatic enum cmd_retval cmd_server_access_exec(struct cmd *, struct cmdq_item *);
*6db26757Swiz
*6db26757Swizconst struct cmd_entry cmd_server_access_entry = {
*6db26757Swiz	.name = "server-access",
*6db26757Swiz	.alias = NULL,
*6db26757Swiz
*6db26757Swiz	.args = { "adlrw", 0, 1, NULL },
*6db26757Swiz	.usage = "[-adlrw] " CMD_TARGET_PANE_USAGE " [user]",
*6db26757Swiz
*6db26757Swiz	.flags = CMD_CLIENT_CANFAIL,
*6db26757Swiz	.exec = cmd_server_access_exec
*6db26757Swiz};
*6db26757Swiz
*6db26757Swizstatic enum cmd_retval
*6db26757Swizcmd_server_access_deny(struct cmdq_item *item, struct passwd *pw)
*6db26757Swiz{
*6db26757Swiz	struct client		*loop;
*6db26757Swiz	struct server_acl_user	*user;
*6db26757Swiz	uid_t			 uid;
*6db26757Swiz
*6db26757Swiz	if ((user = server_acl_user_find(pw->pw_uid)) == NULL) {
*6db26757Swiz		cmdq_error(item, "user %s not found", pw->pw_name);
*6db26757Swiz		return (CMD_RETURN_ERROR);
*6db26757Swiz	}
*6db26757Swiz	TAILQ_FOREACH(loop, &clients, entry) {
*6db26757Swiz		uid = proc_get_peer_uid(loop->peer);
*6db26757Swiz		if (uid == server_acl_get_uid(user)) {
*6db26757Swiz			loop->exit_message = xstrdup("access not allowed");
*6db26757Swiz			loop->flags |= CLIENT_EXIT;
*6db26757Swiz		}
*6db26757Swiz	}
*6db26757Swiz	server_acl_user_deny(pw->pw_uid);
*6db26757Swiz
*6db26757Swiz	return (CMD_RETURN_NORMAL);
*6db26757Swiz}
*6db26757Swiz
*6db26757Swizstatic enum cmd_retval
*6db26757Swizcmd_server_access_exec(struct cmd *self, struct cmdq_item *item)
*6db26757Swiz{
*6db26757Swiz
*6db26757Swiz	struct args	*args = cmd_get_args(self);
*6db26757Swiz	struct client	*c = cmdq_get_target_client(item);
*6db26757Swiz	char		*name;
*6db26757Swiz	struct passwd	*pw = NULL;
*6db26757Swiz
*6db26757Swiz	if (args_has(args, 'l')) {
*6db26757Swiz		server_acl_display(item);
*6db26757Swiz		return (CMD_RETURN_NORMAL);
*6db26757Swiz	}
*6db26757Swiz	if (args_count(args) == 0) {
*6db26757Swiz		cmdq_error(item, "missing user argument");
*6db26757Swiz		return (CMD_RETURN_ERROR);
*6db26757Swiz	}
*6db26757Swiz
*6db26757Swiz	name = format_single(item, args_string(args, 0), c, NULL, NULL, NULL);
*6db26757Swiz	if (*name != '\0')
*6db26757Swiz		pw = getpwnam(name);
*6db26757Swiz	if (pw == NULL) {
*6db26757Swiz		cmdq_error(item, "unknown user: %s", name);
*6db26757Swiz		return (CMD_RETURN_ERROR);
*6db26757Swiz	}
*6db26757Swiz	free(name);
*6db26757Swiz
*6db26757Swiz	if (pw->pw_uid == 0 || pw->pw_uid == getuid()) {
*6db26757Swiz		cmdq_error(item, "%s owns the server, can't change access",
*6db26757Swiz		    pw->pw_name);
*6db26757Swiz		return (CMD_RETURN_ERROR);
*6db26757Swiz	}
*6db26757Swiz
*6db26757Swiz	if (args_has(args, 'a') && args_has(args, 'd')) {
*6db26757Swiz		cmdq_error(item, "-a and -d cannot be used together");
*6db26757Swiz		return (CMD_RETURN_ERROR);
*6db26757Swiz	}
*6db26757Swiz	if (args_has(args, 'w') && args_has(args, 'r')) {
*6db26757Swiz		cmdq_error(item, "-r and -w cannot be used together");
*6db26757Swiz		return (CMD_RETURN_ERROR);
*6db26757Swiz	}
*6db26757Swiz
*6db26757Swiz	if (args_has(args, 'd'))
*6db26757Swiz		return (cmd_server_access_deny(item, pw));
*6db26757Swiz	if (args_has(args, 'a')) {
*6db26757Swiz		if (server_acl_user_find(pw->pw_uid) != NULL) {
*6db26757Swiz			cmdq_error(item, "user %s is already added",
*6db26757Swiz			    pw->pw_name);
*6db26757Swiz			return (CMD_RETURN_ERROR);
*6db26757Swiz		}
*6db26757Swiz		server_acl_user_allow(pw->pw_uid);
*6db26757Swiz		/* Do not return - allow -r or -w with -a. */
*6db26757Swiz	} else if (args_has(args, 'r') || args_has(args, 'w')) {
*6db26757Swiz		/* -r or -w implies -a if user does not exist. */
*6db26757Swiz		if (server_acl_user_find(pw->pw_uid) == NULL)
*6db26757Swiz			server_acl_user_allow(pw->pw_uid);
*6db26757Swiz	}
*6db26757Swiz
*6db26757Swiz	if (args_has(args, 'w')) {
*6db26757Swiz		if (server_acl_user_find(pw->pw_uid) == NULL) {
*6db26757Swiz			cmdq_error(item, "user %s not found", pw->pw_name);
*6db26757Swiz			return (CMD_RETURN_ERROR);
*6db26757Swiz		}
*6db26757Swiz		server_acl_user_allow_write(pw->pw_uid);
*6db26757Swiz		return (CMD_RETURN_NORMAL);
*6db26757Swiz	}
*6db26757Swiz
*6db26757Swiz	if (args_has(args, 'r')) {
*6db26757Swiz		if (server_acl_user_find(pw->pw_uid) == NULL) {
*6db26757Swiz			cmdq_error(item, "user %s not found", pw->pw_name);
*6db26757Swiz			return (CMD_RETURN_ERROR);
*6db26757Swiz		}
*6db26757Swiz		server_acl_user_deny_write(pw->pw_uid);
*6db26757Swiz		return (CMD_RETURN_NORMAL);
*6db26757Swiz	}
*6db26757Swiz
*6db26757Swiz	return (CMD_RETURN_NORMAL);
*6db26757Swiz}