From: Adam Chlipala <adamc@hcoop.net>
Date: Sun, 25 Feb 2007 18:24:53 +0000 (+0000)
Subject: Trusted-path permission checking
X-Git-Tag: release_2010-11-19~251
X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/commitdiff_plain/4d5126e168a9671d01a0b57efcecd08ad68dcfbe

Trusted-path permission checking
---

diff --git a/src/main-admin.sml b/src/main-admin.sml
index 5973689..e670a6e 100644
--- a/src/main-admin.sml
+++ b/src/main-admin.sml
@@ -51,4 +51,5 @@ val _ =
       | ["package", node, pkg] => OS.Process.exit (Main.requestApt {node = node, pkg = pkg})
       | ["cron", node, uname] => OS.Process.exit (Main.requestCron {node = node, uname = uname})
       | ["ftp", node, uname] => OS.Process.exit (Main.requestFtp {node = node, uname = uname})
+      | ["tpe", node, uname] => OS.Process.exit (Main.requestTrustedPath {node = node, uname = uname})
       | _ => print "Invalid command-line arguments\n"
diff --git a/src/main.sig b/src/main.sig
index db8eea5..03f361b 100644
--- a/src/main.sig
+++ b/src/main.sig
@@ -72,4 +72,5 @@ signature MAIN = sig
     val requestApt : {node : string, pkg : string} -> OS.Process.status
     val requestCron : {node : string, uname : string} -> OS.Process.status
     val requestFtp : {node : string, uname : string} -> OS.Process.status
+    val requestTrustedPath : {node : string, uname : string} -> OS.Process.status
 end
diff --git a/src/main.sml b/src/main.sml
index 05bce83..90a5e94 100644
--- a/src/main.sml
+++ b/src/main.sml
@@ -691,6 +691,35 @@ fun requestFtp {node, uname} =
 	before OpenSSL.close bio
     end
 
+fun requestTrustedPath {node, uname} =
+    let
+	val (user, context) = requestContext (fn () => ())
+	val bio = OpenSSL.connect (context, if node = Config.masterNode then
+						dispatcher
+					    else
+						Domain.nodeIp node ^ ":" ^ Int.toString Config.slavePort)
+
+	val _ = Msg.send (bio, MsgQuery (QTrustedPath uname))
+
+	fun loop () =
+	    case Msg.recv bio of
+		NONE => (print "Server closed connection unexpectedly.\n";
+			 OS.Process.failure)
+	      | SOME m =>
+		case m of
+		    MsgYes => (print "User has trusted path restriction.\n";
+			       OS.Process.success)
+		  | MsgNo => (print "User does not have trusted path restriction.\n";
+			      OS.Process.failure)
+		  | MsgError s => (print ("Trusted path query failed: " ^ s ^ "\n");
+				   OS.Process.failure)
+		  | _ => (print "Unexpected server reply.\n";
+			  OS.Process.failure)
+    in
+	loop ()
+	before OpenSSL.close bio
+    end
+
 fun regenerate context =
     let
 	val b = basis ()
@@ -779,12 +808,14 @@ fun answerQuery q =
 	QApt pkg => if Apt.installed pkg then MsgYes else MsgNo
       | QCron user => if Cron.allowed user then MsgYes else MsgNo
       | QFtp user => if Ftp.allowed user then MsgYes else MsgNo
+      | QTrustedPath user => if TrustedPath.query user then MsgYes else MsgNo
 
 fun describeQuery q =
     case q of
 	QApt pkg => "Requested installation status of package " ^ pkg
       | QCron user => "Asked about cron permissions for user " ^ user
       | QFtp user => "Asked about FTP permissions for user " ^ user
+      | QTrustedPath user => "Asked about trusted path settings for user " ^ user
 
 fun service () =
     let
diff --git a/src/msg.sml b/src/msg.sml
index 562c9d1..bd7b5ee 100644
--- a/src/msg.sml
+++ b/src/msg.sml
@@ -96,6 +96,8 @@ fun sendQuery (bio, q) =
 		    OpenSSL.writeString (bio, s))
       | QFtp s => (OpenSSL.writeInt (bio, 2);
 		   OpenSSL.writeString (bio, s))
+      | QTrustedPath s => (OpenSSL.writeInt (bio, 3);
+			   OpenSSL.writeString (bio, s))
 
 fun recvQuery bio =
     case OpenSSL.readInt bio of
@@ -104,6 +106,7 @@ fun recvQuery bio =
 	     0 => Option.map QApt (OpenSSL.readString bio)
 	   | 1 => Option.map QCron (OpenSSL.readString bio)
 	   | 2 => Option.map QFtp (OpenSSL.readString bio)
+	   | 3 => Option.map QTrustedPath (OpenSSL.readString bio)
 	   | _ => NONE)
       | NONE => NONE
 
diff --git a/src/msgTypes.sml b/src/msgTypes.sml
index f51e780..e0f4385 100644
--- a/src/msgTypes.sml
+++ b/src/msgTypes.sml
@@ -27,6 +27,8 @@ datatype query =
        (* Is this user allowed to use cron? *)
        | QFtp of string
        (* Is this user allowed to use FTP? *)
+       | QTrustedPath of string
+       (* Is this user restricted to trusted-path executables? *)
 
 datatype msg =
 	 MsgOk
diff --git a/src/plugins/trustedPath.sig b/src/plugins/trustedPath.sig
new file mode 100644
index 0000000..0e42878
--- /dev/null
+++ b/src/plugins/trustedPath.sig
@@ -0,0 +1,26 @@
+(* HCoop Domtool (http://hcoop.sourceforge.net/)
+ * Copyright (c) 2006-2007, Adam Chlipala
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *)
+
+(* Trusted path settings querying *)
+
+signature TRUSTED_PATH = sig
+
+    val query : string -> bool
+    (* Is the named user restricted to trusted-path executables on this host? *)
+
+end
diff --git a/src/plugins/trustedPath.sml b/src/plugins/trustedPath.sml
new file mode 100644
index 0000000..092a5b5
--- /dev/null
+++ b/src/plugins/trustedPath.sml
@@ -0,0 +1,27 @@
+(* HCoop Domtool (http://hcoop.sourceforge.net/)
+ * Copyright (c) 2006-2007, Adam Chlipala
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *)
+
+(* Trusted path settings querying *)
+
+structure TrustedPath :> TRUSTED_PATH = struct
+
+fun query uname = List.exists (fn x => x = uname)
+		  (Posix.SysDB.Group.members (Posix.SysDB.getgrnam "only-tpe"))
+		  handle OS.SysErr _ => false
+
+end
diff --git a/src/sources b/src/sources
index ee48c10..28feb3c 100644
--- a/src/sources
+++ b/src/sources
@@ -95,6 +95,9 @@ plugins/cron.sml
 plugins/ftp.sig
 plugins/ftp.sml
 
+plugins/trustedPath.sig
+plugins/trustedPath.sml
+
 mail/vmail.sig
 mail/vmail.sml