Read configs from /etc/sway/security.d/*

author: Drew DeVault <sir@cmpwn.com> 2017-02-20 07:42:08 -0500
committer: Drew DeVault <sir@cmpwn.com> 2017-02-20 07:51:31 -0500
commit: 126ce571dab09d84d8ee1b760981dbba7cbc1000 (patch)
tree: c13e957c752e3ae0798945e2e0be2af99da7dc68 /sway/commands
parent: Add * policies and fix bug (diff)
download: sway-126ce571dab09d84d8ee1b760981dbba7cbc1000.tar.gz
sway-126ce571dab09d84d8ee1b760981dbba7cbc1000.tar.zst
sway-126ce571dab09d84d8ee1b760981dbba7cbc1000.zip
3 files changed, 10 insertions, 26 deletions
diff --git a/sway/commands/commands.c b/sway/commands/commands.c
index 8c7ed487..0c64970c 100644
--- a/sway/commands/commands.c
+++ b/sway/commands/commands.c
@@ -10,6 +10,9 @@ struct cmd_results *cmd_commands(int argc, char **argv) {
        if ((error = checkarg(argc, "commands", EXPECTED_EQUAL_TO, 1))) {
                return error;
        }
+        if ((error = check_security_config())) {
+                return error;
+        }
        if (strcmp(argv[0], "{") != 0) {
                return cmd_results_new(CMD_FAILURE, "commands", "Expected block declaration");
@@ -19,10 +22,5 @@ struct cmd_results *cmd_commands(int argc, char **argv) {
                return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file.");
        }
-        if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
-                return cmd_results_new(CMD_INVALID, "permit",
-                                "This command is only permitted to run from " SYSCONFDIR "/sway/security");
-        }
        return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL);
 }
diff --git a/sway/commands/ipc.c b/sway/commands/ipc.c
index d49aab64..8a7b849f 100644
--- a/sway/commands/ipc.c
+++ b/sway/commands/ipc.c
@@ -14,6 +14,9 @@ struct cmd_results *cmd_ipc(int argc, char **argv) {
        if ((error = checkarg(argc, "ipc", EXPECTED_EQUAL_TO, 2))) {
                return error;
        }
+        if ((error = check_security_config())) {
+                return error;
+        }
        const char *program = argv[0];
@@ -26,11 +29,6 @@ struct cmd_results *cmd_ipc(int argc, char **argv) {
                return cmd_results_new(CMD_FAILURE, "ipc", "Can only be used in config file.");
        }
-        if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
-                return cmd_results_new(CMD_INVALID, "permit",
-                                "This command is only permitted to run from " SYSCONFDIR "/sway/security");
-        }
        current_policy = alloc_ipc_policy(program);
        list_add(config->ipc_policies, current_policy);
diff --git a/sway/commands/permit.c b/sway/commands/permit.c
index 6eb71816..e2bec2e2 100644
--- a/sway/commands/permit.c
+++ b/sway/commands/permit.c
@@ -62,19 +62,13 @@ struct cmd_results *cmd_permit(int argc, char **argv) {
        if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) {
                return error;
        }
+        if ((error = check_security_config())) {
-        if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
+                return error;
-                return cmd_results_new(CMD_INVALID, "permit",
-                                "This command is only permitted to run from " SYSCONFDIR "/sway/security");
        }
        struct feature_policy *policy = get_policy(argv[0]);
        policy->features |= get_features(argc, argv, &error);
-        if (error) {
-                return error;
-        }
        sway_log(L_DEBUG, "Permissions granted to %s for features %d",
                        policy->program, policy->features);
@@ -86,19 +80,13 @@ struct cmd_results *cmd_reject(int argc, char **argv) {
        if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) {
                return error;
        }
+        if ((error = check_security_config())) {
-        if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
+                return error;
-                return cmd_results_new(CMD_INVALID, "permit",
-                                "This command is only permitted to run from " SYSCONFDIR "/sway/security");
        }
        struct feature_policy *policy = get_policy(argv[0]);
        policy->features &= ~get_features(argc, argv, &error);
-        if (error) {
-                return error;
-        }
        sway_log(L_DEBUG, "Permissions granted to %s for features %d",
                        policy->program, policy->features);
author	Drew DeVault <sir@cmpwn.com>	2017-02-20 07:42:08 -0500
committer	Drew DeVault <sir@cmpwn.com>	2017-02-20 07:51:31 -0500
commit	126ce571dab09d84d8ee1b760981dbba7cbc1000 (patch)
tree	c13e957c752e3ae0798945e2e0be2af99da7dc68 /sway/commands
parent	Add * policies and fix bug (diff)
download	sway-126ce571dab09d84d8ee1b760981dbba7cbc1000.tar.gz sway-126ce571dab09d84d8ee1b760981dbba7cbc1000.tar.zst sway-126ce571dab09d84d8ee1b760981dbba7cbc1000.zip

diff --git a/sway/commands/commands.c b/sway/commands/commands.c index 8c7ed487..0c64970c 100644 --- a/sway/commands/commands.c +++ b/sway/commands/commands.c
@@ -10,6 +10,9 @@ struct cmd_results cmd_commands(int argc, char *argv) {
10	if ((error = checkarg(argc, "commands", EXPECTED_EQUAL_TO, 1))) {	10	if ((error = checkarg(argc, "commands", EXPECTED_EQUAL_TO, 1))) {
11	return error;	11	return error;
12	}	12	}
		13	if ((error = check_security_config())) {
		14	return error;
		15	}
13		16
14	if (strcmp(argv[0], "{") != 0) {	17	if (strcmp(argv[0], "{") != 0) {
15	return cmd_results_new(CMD_FAILURE, "commands", "Expected block declaration");	18	return cmd_results_new(CMD_FAILURE, "commands", "Expected block declaration");
@@ -19,10 +22,5 @@ struct cmd_results cmd_commands(int argc, char *argv) {
19	return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file.");	22	return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file.");
20	}	23	}
21		24
22	if (!current_config_path \|\| strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
23	return cmd_results_new(CMD_INVALID, "permit",
24	"This command is only permitted to run from " SYSCONFDIR "/sway/security");
25	}
26
27	return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL);	25	return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL);
28	}	26	}


diff --git a/sway/commands/ipc.c b/sway/commands/ipc.c index d49aab64..8a7b849f 100644 --- a/sway/commands/ipc.c +++ b/sway/commands/ipc.c
@@ -14,6 +14,9 @@ struct cmd_results cmd_ipc(int argc, char *argv) {
14	if ((error = checkarg(argc, "ipc", EXPECTED_EQUAL_TO, 2))) {	14	if ((error = checkarg(argc, "ipc", EXPECTED_EQUAL_TO, 2))) {
15	return error;	15	return error;
16	}	16	}
		17	if ((error = check_security_config())) {
		18	return error;
		19	}
17		20
18	const char *program = argv[0];	21	const char *program = argv[0];
19		22
@@ -26,11 +29,6 @@ struct cmd_results cmd_ipc(int argc, char *argv) {
26	return cmd_results_new(CMD_FAILURE, "ipc", "Can only be used in config file.");	29	return cmd_results_new(CMD_FAILURE, "ipc", "Can only be used in config file.");
27	}	30	}
28		31
29	if (!current_config_path \|\| strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {
30	return cmd_results_new(CMD_INVALID, "permit",
31	"This command is only permitted to run from " SYSCONFDIR "/sway/security");
32	}
33
34	current_policy = alloc_ipc_policy(program);	32	current_policy = alloc_ipc_policy(program);
35	list_add(config->ipc_policies, current_policy);	33	list_add(config->ipc_policies, current_policy);
36		34


diff --git a/sway/commands/permit.c b/sway/commands/permit.c index 6eb71816..e2bec2e2 100644 --- a/sway/commands/permit.c +++ b/sway/commands/permit.c
@@ -62,19 +62,13 @@ struct cmd_results cmd_permit(int argc, char *argv) {
62	if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) {	62	if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) {
63	return error;	63	return error;
64	}	64	}
65		65	if ((error = check_security_config())) {
66	if (!current_config_path \|\| strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {	66	return error;
67	return cmd_results_new(CMD_INVALID, "permit",
68	"This command is only permitted to run from " SYSCONFDIR "/sway/security");
69	}	67	}
70		68
71	struct feature_policy *policy = get_policy(argv[0]);	69	struct feature_policy *policy = get_policy(argv[0]);
72	policy->features \|= get_features(argc, argv, &error);	70	policy->features \|= get_features(argc, argv, &error);
73		71
74	if (error) {
75	return error;
76	}
77
78	sway_log(L_DEBUG, "Permissions granted to %s for features %d",	72	sway_log(L_DEBUG, "Permissions granted to %s for features %d",
79	policy->program, policy->features);	73	policy->program, policy->features);
80		74
@@ -86,19 +80,13 @@ struct cmd_results cmd_reject(int argc, char *argv) {
86	if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) {	80	if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) {
87	return error;	81	return error;
88	}	82	}
89		83	if ((error = check_security_config())) {
90	if (!current_config_path \|\| strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) {	84	return error;
91	return cmd_results_new(CMD_INVALID, "permit",
92	"This command is only permitted to run from " SYSCONFDIR "/sway/security");
93	}	85	}
94		86
95	struct feature_policy *policy = get_policy(argv[0]);	87	struct feature_policy *policy = get_policy(argv[0]);
96	policy->features &= ~get_features(argc, argv, &error);	88	policy->features &= ~get_features(argc, argv, &error);
97		89
98	if (error) {
99	return error;
100	}
101
102	sway_log(L_DEBUG, "Permissions granted to %s for features %d",	90	sway_log(L_DEBUG, "Permissions granted to %s for features %d",
103	policy->program, policy->features);	91	policy->program, policy->features);
104		92