From 515d4519c79dfe32005a8e4921d699dfdd039466 Mon Sep 17 00:00:00 2001 From: Florian RICHER Date: Mon, 13 Mar 2023 20:37:35 +0100 Subject: [PATCH] [DAEMON] Add whitelist command support --- src/daemon/configuration/mod.rs | 2 +- src/daemon/server.rs | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/daemon/configuration/mod.rs b/src/daemon/configuration/mod.rs index 294a921..c0a2cd5 100644 --- a/src/daemon/configuration/mod.rs +++ b/src/daemon/configuration/mod.rs @@ -11,7 +11,7 @@ impl Configuration { pub fn read_or_create() -> Self { let path = std::path::Path::new("configuration.yml"); let file = std::fs::File::open(path) - .map_err(|_| format!("No such file configuration.yml")) + .map_err(|_| "No such file configuration.yml".to_string()) .unwrap(); let buffer = std::io::BufReader::new(file); serde_yaml::from_reader(buffer).unwrap() diff --git a/src/daemon/server.rs b/src/daemon/server.rs index 343c9f2..c2634c1 100644 --- a/src/daemon/server.rs +++ b/src/daemon/server.rs @@ -1,6 +1,7 @@ #![cfg_attr(not(unix), allow(unused_imports))] use tonic::{Code, Request, Response, Status}; +use libcommand::Command; use libcommand::interpreter::{ unix_server::Unix, @@ -18,6 +19,16 @@ impl Unix for DaemonServer { request: Request, ) -> Result, Status> { let session = libcommand::Session::from(request.get_ref().pid); + let cmd = Command::from(request.get_ref().command_arg.as_ref()); + + let conf = super::CONFIGURATION.lock() + .map_err(|e| Status::internal(e.to_string()))?; + let conf = conf.as_ref().ok_or_else(|| Status::internal("Configuration not loaded"))?; + + if !conf.command_allowed(&cmd.command) { + return Err(Status::permission_denied("Command not authorized")); + } + let session_id = session.id.clone(); super::SESSIONS.lock().unwrap().push(session);