diff options
author | 2017-02-20 07:42:08 -0500 | |
---|---|---|
committer | 2017-02-20 07:51:31 -0500 | |
commit | 126ce571dab09d84d8ee1b760981dbba7cbc1000 (patch) | |
tree | c13e957c752e3ae0798945e2e0be2af99da7dc68 /sway/commands | |
parent | Add * policies and fix bug (diff) | |
download | sway-126ce571dab09d84d8ee1b760981dbba7cbc1000.tar.gz sway-126ce571dab09d84d8ee1b760981dbba7cbc1000.tar.zst sway-126ce571dab09d84d8ee1b760981dbba7cbc1000.zip |
Read configs from /etc/sway/security.d/*
Diffstat (limited to 'sway/commands')
-rw-r--r-- | sway/commands/commands.c | 8 | ||||
-rw-r--r-- | sway/commands/ipc.c | 8 | ||||
-rw-r--r-- | sway/commands/permit.c | 20 |
3 files changed, 10 insertions, 26 deletions
diff --git a/sway/commands/commands.c b/sway/commands/commands.c index 8c7ed487..0c64970c 100644 --- a/sway/commands/commands.c +++ b/sway/commands/commands.c | |||
@@ -10,6 +10,9 @@ struct cmd_results *cmd_commands(int argc, char **argv) { | |||
10 | if ((error = checkarg(argc, "commands", EXPECTED_EQUAL_TO, 1))) { | 10 | if ((error = checkarg(argc, "commands", EXPECTED_EQUAL_TO, 1))) { |
11 | return error; | 11 | return error; |
12 | } | 12 | } |
13 | if ((error = check_security_config())) { | ||
14 | return error; | ||
15 | } | ||
13 | 16 | ||
14 | if (strcmp(argv[0], "{") != 0) { | 17 | if (strcmp(argv[0], "{") != 0) { |
15 | return cmd_results_new(CMD_FAILURE, "commands", "Expected block declaration"); | 18 | return cmd_results_new(CMD_FAILURE, "commands", "Expected block declaration"); |
@@ -19,10 +22,5 @@ struct cmd_results *cmd_commands(int argc, char **argv) { | |||
19 | return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file."); | 22 | return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file."); |
20 | } | 23 | } |
21 | 24 | ||
22 | if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { | ||
23 | return cmd_results_new(CMD_INVALID, "permit", | ||
24 | "This command is only permitted to run from " SYSCONFDIR "/sway/security"); | ||
25 | } | ||
26 | |||
27 | return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL); | 25 | return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL); |
28 | } | 26 | } |
diff --git a/sway/commands/ipc.c b/sway/commands/ipc.c index d49aab64..8a7b849f 100644 --- a/sway/commands/ipc.c +++ b/sway/commands/ipc.c | |||
@@ -14,6 +14,9 @@ struct cmd_results *cmd_ipc(int argc, char **argv) { | |||
14 | if ((error = checkarg(argc, "ipc", EXPECTED_EQUAL_TO, 2))) { | 14 | if ((error = checkarg(argc, "ipc", EXPECTED_EQUAL_TO, 2))) { |
15 | return error; | 15 | return error; |
16 | } | 16 | } |
17 | if ((error = check_security_config())) { | ||
18 | return error; | ||
19 | } | ||
17 | 20 | ||
18 | const char *program = argv[0]; | 21 | const char *program = argv[0]; |
19 | 22 | ||
@@ -26,11 +29,6 @@ struct cmd_results *cmd_ipc(int argc, char **argv) { | |||
26 | return cmd_results_new(CMD_FAILURE, "ipc", "Can only be used in config file."); | 29 | return cmd_results_new(CMD_FAILURE, "ipc", "Can only be used in config file."); |
27 | } | 30 | } |
28 | 31 | ||
29 | if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { | ||
30 | return cmd_results_new(CMD_INVALID, "permit", | ||
31 | "This command is only permitted to run from " SYSCONFDIR "/sway/security"); | ||
32 | } | ||
33 | |||
34 | current_policy = alloc_ipc_policy(program); | 32 | current_policy = alloc_ipc_policy(program); |
35 | list_add(config->ipc_policies, current_policy); | 33 | list_add(config->ipc_policies, current_policy); |
36 | 34 | ||
diff --git a/sway/commands/permit.c b/sway/commands/permit.c index 6eb71816..e2bec2e2 100644 --- a/sway/commands/permit.c +++ b/sway/commands/permit.c | |||
@@ -62,19 +62,13 @@ struct cmd_results *cmd_permit(int argc, char **argv) { | |||
62 | if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) { | 62 | if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) { |
63 | return error; | 63 | return error; |
64 | } | 64 | } |
65 | 65 | if ((error = check_security_config())) { | |
66 | if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { | 66 | return error; |
67 | return cmd_results_new(CMD_INVALID, "permit", | ||
68 | "This command is only permitted to run from " SYSCONFDIR "/sway/security"); | ||
69 | } | 67 | } |
70 | 68 | ||
71 | struct feature_policy *policy = get_policy(argv[0]); | 69 | struct feature_policy *policy = get_policy(argv[0]); |
72 | policy->features |= get_features(argc, argv, &error); | 70 | policy->features |= get_features(argc, argv, &error); |
73 | 71 | ||
74 | if (error) { | ||
75 | return error; | ||
76 | } | ||
77 | |||
78 | sway_log(L_DEBUG, "Permissions granted to %s for features %d", | 72 | sway_log(L_DEBUG, "Permissions granted to %s for features %d", |
79 | policy->program, policy->features); | 73 | policy->program, policy->features); |
80 | 74 | ||
@@ -86,19 +80,13 @@ struct cmd_results *cmd_reject(int argc, char **argv) { | |||
86 | if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) { | 80 | if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) { |
87 | return error; | 81 | return error; |
88 | } | 82 | } |
89 | 83 | if ((error = check_security_config())) { | |
90 | if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { | 84 | return error; |
91 | return cmd_results_new(CMD_INVALID, "permit", | ||
92 | "This command is only permitted to run from " SYSCONFDIR "/sway/security"); | ||
93 | } | 85 | } |
94 | 86 | ||
95 | struct feature_policy *policy = get_policy(argv[0]); | 87 | struct feature_policy *policy = get_policy(argv[0]); |
96 | policy->features &= ~get_features(argc, argv, &error); | 88 | policy->features &= ~get_features(argc, argv, &error); |
97 | 89 | ||
98 | if (error) { | ||
99 | return error; | ||
100 | } | ||
101 | |||
102 | sway_log(L_DEBUG, "Permissions granted to %s for features %d", | 90 | sway_log(L_DEBUG, "Permissions granted to %s for features %d", |
103 | policy->program, policy->features); | 91 | policy->program, policy->features); |
104 | 92 | ||