diff options
| author | Drew DeVault <sir@cmpwn.com> | 2017-02-20 07:42:08 -0500 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2017-02-20 07:51:31 -0500 |
| commit | 126ce571dab09d84d8ee1b760981dbba7cbc1000 (patch) | |
| tree | c13e957c752e3ae0798945e2e0be2af99da7dc68 /sway/commands | |
| parent | eabfb6c5598d5b655b40d8677d97b58cce757ef5 (diff) | |
Read configs from /etc/sway/security.d/*
Diffstat (limited to 'sway/commands')
| -rw-r--r-- | sway/commands/commands.c | 8 | ||||
| -rw-r--r-- | sway/commands/ipc.c | 8 | ||||
| -rw-r--r-- | sway/commands/permit.c | 20 |
3 files changed, 10 insertions, 26 deletions
diff --git a/sway/commands/commands.c b/sway/commands/commands.c index 8c7ed487..0c64970c 100644 --- a/sway/commands/commands.c +++ b/sway/commands/commands.c @@ -10,6 +10,9 @@ struct cmd_results *cmd_commands(int argc, char **argv) { if ((error = checkarg(argc, "commands", EXPECTED_EQUAL_TO, 1))) { return error; } + if ((error = check_security_config())) { + return error; + } if (strcmp(argv[0], "{") != 0) { return cmd_results_new(CMD_FAILURE, "commands", "Expected block declaration"); @@ -19,10 +22,5 @@ struct cmd_results *cmd_commands(int argc, char **argv) { return cmd_results_new(CMD_FAILURE, "commands", "Can only be used in config file."); } - if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { - return cmd_results_new(CMD_INVALID, "permit", - "This command is only permitted to run from " SYSCONFDIR "/sway/security"); - } - return cmd_results_new(CMD_BLOCK_COMMANDS, NULL, NULL); } diff --git a/sway/commands/ipc.c b/sway/commands/ipc.c index d49aab64..8a7b849f 100644 --- a/sway/commands/ipc.c +++ b/sway/commands/ipc.c @@ -14,6 +14,9 @@ struct cmd_results *cmd_ipc(int argc, char **argv) { if ((error = checkarg(argc, "ipc", EXPECTED_EQUAL_TO, 2))) { return error; } + if ((error = check_security_config())) { + return error; + } const char *program = argv[0]; @@ -26,11 +29,6 @@ struct cmd_results *cmd_ipc(int argc, char **argv) { return cmd_results_new(CMD_FAILURE, "ipc", "Can only be used in config file."); } - if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { - return cmd_results_new(CMD_INVALID, "permit", - "This command is only permitted to run from " SYSCONFDIR "/sway/security"); - } - current_policy = alloc_ipc_policy(program); list_add(config->ipc_policies, current_policy); diff --git a/sway/commands/permit.c b/sway/commands/permit.c index 6eb71816..e2bec2e2 100644 --- a/sway/commands/permit.c +++ b/sway/commands/permit.c @@ -62,19 +62,13 @@ struct cmd_results *cmd_permit(int argc, char **argv) { if ((error = checkarg(argc, "permit", EXPECTED_MORE_THAN, 1))) { return error; } - - if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { - return cmd_results_new(CMD_INVALID, "permit", - "This command is only permitted to run from " SYSCONFDIR "/sway/security"); + if ((error = check_security_config())) { + return error; } struct feature_policy *policy = get_policy(argv[0]); policy->features |= get_features(argc, argv, &error); - if (error) { - return error; - } - sway_log(L_DEBUG, "Permissions granted to %s for features %d", policy->program, policy->features); @@ -86,19 +80,13 @@ struct cmd_results *cmd_reject(int argc, char **argv) { if ((error = checkarg(argc, "reject", EXPECTED_MORE_THAN, 1))) { return error; } - - if (!current_config_path || strcmp(SYSCONFDIR "/sway/security", current_config_path) != 0) { - return cmd_results_new(CMD_INVALID, "permit", - "This command is only permitted to run from " SYSCONFDIR "/sway/security"); + if ((error = check_security_config())) { + return error; } struct feature_policy *policy = get_policy(argv[0]); policy->features &= ~get_features(argc, argv, &error); - if (error) { - return error; - } - sway_log(L_DEBUG, "Permissions granted to %s for features %d", policy->program, policy->features); |