[DAEMON] Add whitelist command support

2023-03-13 20:37:35 +01:00 · 2023-03-13 20:37:35 +01:00 · 515d4519c7
commit 515d4519c7
parent 2ee52a7aef
2 changed files with 12 additions and 1 deletions
--- a/src/daemon/configuration/mod.rs
+++ b/src/daemon/configuration/mod.rs
@ -11,7 +11,7 @@ impl Configuration {
    pub fn read_or_create() -> Self {
        let path = std::path::Path::new("configuration.yml");
        let file = std::fs::File::open(path)
-            .map_err(|_| format!("No such file configuration.yml"))
+            .map_err(|_| "No such file configuration.yml".to_string())
            .unwrap();
        let buffer = std::io::BufReader::new(file);
        serde_yaml::from_reader(buffer).unwrap()
--- a/src/daemon/server.rs
+++ b/src/daemon/server.rs
@ -1,6 +1,7 @@
 #![cfg_attr(not(unix), allow(unused_imports))]

 use tonic::{Code, Request, Response, Status};
+use libcommand::Command;

 use libcommand::interpreter::{
    unix_server::Unix,
@ -18,6 +19,16 @@ impl Unix for DaemonServer {
        request: Request<AuthorizeRequest>,
    ) -> Result<Response<AuthorizeResponse>, Status> {
        let session = libcommand::Session::from(request.get_ref().pid);
+        let cmd = Command::from(request.get_ref().command_arg.as_ref());
+
+        let conf = super::CONFIGURATION.lock()
+            .map_err(|e| Status::internal(e.to_string()))?;
+        let conf = conf.as_ref().ok_or_else(|| Status::internal("Configuration not loaded"))?;
+
+        if !conf.command_allowed(&cmd.command) {
+            return Err(Status::permission_denied("Command not authorized"));
+        }
+
        let session_id = session.id.clone();
        super::SESSIONS.lock().unwrap().push(session);