Merge branch 'obsd-master'
[tmux.git] / cmd-server-access.c
blobb2b718b86f7d706cdbb19a67b4f665bf98ffd52a
1 /* $OpenBSD$ */
3 /*
4 * Copyright (c) 2021 Dallas Lyons <dallasdlyons@gmail.com>
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
15 * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
16 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <sys/stat.h>
20 #include <sys/types.h>
22 #include <pwd.h>
23 #include <stdio.h>
24 #include <string.h>
25 #include <stdlib.h>
26 #include <unistd.h>
28 #include "tmux.h"
31 * Controls access to session.
34 static enum cmd_retval cmd_server_access_exec(struct cmd *, struct cmdq_item *);
36 const struct cmd_entry cmd_server_access_entry = {
37 .name = "server-access",
38 .alias = NULL,
40 .args = { "adlrw", 0, 1, NULL },
41 .usage = "[-adlrw] " CMD_TARGET_PANE_USAGE " [user]",
43 .flags = CMD_CLIENT_CANFAIL,
44 .exec = cmd_server_access_exec
47 static enum cmd_retval
48 cmd_server_access_deny(struct cmdq_item *item, struct passwd *pw)
50 struct client *loop;
51 struct server_acl_user *user;
52 uid_t uid;
54 if ((user = server_acl_user_find(pw->pw_uid)) == NULL) {
55 cmdq_error(item, "user %s not found", pw->pw_name);
56 return (CMD_RETURN_ERROR);
58 TAILQ_FOREACH(loop, &clients, entry) {
59 uid = proc_get_peer_uid(loop->peer);
60 if (uid == server_acl_get_uid(user)) {
61 loop->exit_message = xstrdup("access not allowed");
62 loop->flags |= CLIENT_EXIT;
65 server_acl_user_deny(pw->pw_uid);
67 return (CMD_RETURN_NORMAL);
70 static enum cmd_retval
71 cmd_server_access_exec(struct cmd *self, struct cmdq_item *item)
74 struct args *args = cmd_get_args(self);
75 struct client *c = cmdq_get_target_client(item);
76 char *name;
77 struct passwd *pw = NULL;
79 if (args_has(args, 'l')) {
80 server_acl_display(item);
81 return (CMD_RETURN_NORMAL);
83 if (args_count(args) == 0) {
84 cmdq_error(item, "missing user argument");
85 return (CMD_RETURN_ERROR);
88 name = format_single(item, args_string(args, 0), c, NULL, NULL, NULL);
89 if (*name != '\0')
90 pw = getpwnam(name);
91 if (pw == NULL) {
92 cmdq_error(item, "unknown user: %s", name);
93 return (CMD_RETURN_ERROR);
95 free(name);
97 if (pw->pw_uid == 0 || pw->pw_uid == getuid()) {
98 cmdq_error(item, "%s owns the server, can't change access",
99 pw->pw_name);
100 return (CMD_RETURN_ERROR);
103 if (args_has(args, 'a') && args_has(args, 'd')) {
104 cmdq_error(item, "-a and -d cannot be used together");
105 return (CMD_RETURN_ERROR);
107 if (args_has(args, 'w') && args_has(args, 'r')) {
108 cmdq_error(item, "-r and -w cannot be used together");
109 return (CMD_RETURN_ERROR);
112 if (args_has(args, 'd'))
113 return (cmd_server_access_deny(item, pw));
114 if (args_has(args, 'a')) {
115 if (server_acl_user_find(pw->pw_uid) != NULL) {
116 cmdq_error(item, "user %s is already added",
117 pw->pw_name);
118 return (CMD_RETURN_ERROR);
120 server_acl_user_allow(pw->pw_uid);
121 /* Do not return - allow -r or -w with -a. */
122 } else if (args_has(args, 'r') || args_has(args, 'w')) {
123 /* -r or -w implies -a if user does not exist. */
124 if (server_acl_user_find(pw->pw_uid) == NULL)
125 server_acl_user_allow(pw->pw_uid);
128 if (args_has(args, 'w')) {
129 if (server_acl_user_find(pw->pw_uid) == NULL) {
130 cmdq_error(item, "user %s not found", pw->pw_name);
131 return (CMD_RETURN_ERROR);
133 server_acl_user_allow_write(pw->pw_uid);
134 return (CMD_RETURN_NORMAL);
137 if (args_has(args, 'r')) {
138 if (server_acl_user_find(pw->pw_uid) == NULL) {
139 cmdq_error(item, "user %s not found", pw->pw_name);
140 return (CMD_RETURN_ERROR);
142 server_acl_user_deny_write(pw->pw_uid);
143 return (CMD_RETURN_NORMAL);
146 return (CMD_RETURN_NORMAL);