aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDrew DeVault <sir@cmpwn.com>2018-09-08 10:19:33 -0400
committerDrew DeVault <sir@cmpwn.com>2018-10-08 18:35:39 -0400
commit3fa2d545dea85e804cb3139f74c39a25873a6af0 (patch)
tree2f2fb8255756eebe48db112e62ddf54e1fc7371c
parent8932d1727512d2b1471016e000e3cc4bc8e28027 (diff)
downloadsway-3fa2d545dea85e804cb3139f74c39a25873a6af0.zip
sway-3fa2d545dea85e804cb3139f74c39a25873a6af0.tar.gz
sway-3fa2d545dea85e804cb3139f74c39a25873a6af0.tar.bz2
Add create_secure_client and create_client_socketsecurity
-rw-r--r--include/sway/config.h2
-rw-r--r--include/sway/security.h10
-rw-r--r--sway/commands/exec_always.c4
-rw-r--r--sway/security.c50
4 files changed, 56 insertions, 10 deletions
diff --git a/include/sway/config.h b/include/sway/config.h
index 0861712..6347c85 100644
--- a/include/sway/config.h
+++ b/include/sway/config.h
@@ -273,7 +273,7 @@ enum secure_feature {
};
struct feature_policy {
- char *program;
+ char *command;
uint64_t permit_features;
uint64_t reject_features;
};
diff --git a/include/sway/security.h b/include/sway/security.h
index d186763..df2aadb 100644
--- a/include/sway/security.h
+++ b/include/sway/security.h
@@ -6,13 +6,15 @@
/** Returns a mask of all features this client is permitted to use */
uint64_t get_feature_policy_mask(struct wl_client *client);
-/** Returns the policy for a program, or creates one if it doesn't exist. */
+/** Returns the policy for a command, or creates one if it doesn't exist. */
struct feature_policy *get_feature_policy(
- struct sway_config *config, const char *program);
+ struct sway_config *config, const char *command);
-/** Creates a wayland client with a feature policy applied. */
+/** Creates a wayland client with the appropriate feature policy. */
struct wl_client *create_secure_client(struct wl_display *display,
- int fd, const struct feature_policy *policy);
+ int fd, const char *command);
+
+bool create_client_socket(int sv[2]);
struct feature_name {
char *name;
diff --git a/sway/commands/exec_always.c b/sway/commands/exec_always.c
index de78dd8..da8ce48 100644
--- a/sway/commands/exec_always.c
+++ b/sway/commands/exec_always.c
@@ -1,4 +1,4 @@
-#define _XOPEN_SOURCE 500
+#define _POSIX_C_SOURCE 200809L
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
@@ -57,6 +57,7 @@ struct cmd_results *cmd_exec_always(int argc, char **argv) {
sigemptyset(&set);
sigprocmask(SIG_SETMASK, &set, NULL);
close(fd[0]);
+
if ((child = fork()) == 0) {
close(fd[1]);
execl("/bin/sh", "/bin/sh", "-c", cmd, (void *)NULL);
@@ -74,6 +75,7 @@ struct cmd_results *cmd_exec_always(int argc, char **argv) {
return cmd_results_new(CMD_FAILURE, "exec_always", "fork() failed");
}
close(fd[1]); // close write
+
ssize_t s = 0;
while ((size_t)s < sizeof(pid_t)) {
s += read(fd[0], ((uint8_t *)&child) + s, sizeof(pid_t) - s);
diff --git a/sway/security.c b/sway/security.c
index ef9e81c..de54455 100644
--- a/sway/security.c
+++ b/sway/security.c
@@ -1,6 +1,9 @@
#define _POSIX_C_SOURCE 200809L
+#include <errno.h>
+#include <fcntl.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/socket.h>
#include "sway/security.h"
struct feature_name feature_names[] = {
@@ -15,19 +18,58 @@ struct feature_name feature_names[] = {
};
struct feature_policy *get_feature_policy(
- struct sway_config *config, const char *program) {
- if (!program) {
+ struct sway_config *config, const char *command) {
+ if (!command) {
return &config->default_policy;
}
struct feature_policy *policy;
for (int i = 0; i < config->feature_policies->length; ++i) {
policy = config->feature_policies->items[i];
- if (strcmp(policy->program, program) == 0) {
+ if (strcmp(policy->command, command) == 0) {
return policy;
}
}
policy = calloc(1, sizeof(struct feature_policy));
- policy->program = strdup(program);
+ policy->command = strdup(command);
return policy;
}
+
+struct wl_client *create_secure_client(struct wl_display *display,
+ int fd, const char *command) {
+ struct feature_policy *policy;
+ int i;
+ for (i = 0; i < config->feature_policies->length; ++i) {
+ policy = config->feature_policies->items[i];
+ if (strcmp(policy->command, command) == 0) {
+ break;
+ }
+ }
+ if (i == config->feature_policies->length) {
+ policy = &config->default_policy;
+ }
+ // TODO: Something useful with policy
+ struct wl_client *client = wl_client_create(display, fd);
+ // TODO: Destroy listener
+ return client;
+}
+
+bool create_client_socket(int sv[2]) {
+ if (socketpair(AF_UNIX, SOCK_STREAM, 0, sv) < 0 || errno == EINVAL) {
+ return false;
+ }
+ int flags;
+ if ((flags = fcntl(sv[0], F_GETFD)) == -1) {
+ return false;
+ }
+ if ((fcntl(sv[0], F_SETFD, flags | FD_CLOEXEC)) == -1) {
+ return false;
+ }
+ if ((flags = fcntl(sv[1], F_GETFD)) == -1) {
+ return false;
+ }
+ if ((fcntl(sv[1], F_SETFD, flags | FD_CLOEXEC)) == -1) {
+ return false;
+ }
+ return true;
+}