diff options
| author | Drew DeVault <sir@cmpwn.com> | 2016-12-02 17:55:03 -0500 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2016-12-02 17:55:03 -0500 |
| commit | 62dad7148f7b7b314f0297e191861ae3f03e9e1f (patch) | |
| tree | 45bc560d7a197200ff3658cbbb5763e860bf1372 /sway/ipc-server.c | |
| parent | c8dc4925d1e0f5d5086a4c15415ee9fb0b7e6155 (diff) | |
Enforce IPC security policy
Diffstat (limited to 'sway/ipc-server.c')
| -rw-r--r-- | sway/ipc-server.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/sway/ipc-server.c b/sway/ipc-server.c index ef741e3b..15791c5e 100644 --- a/sway/ipc-server.c +++ b/sway/ipc-server.c @@ -307,9 +307,14 @@ void ipc_client_handle_command(struct ipc_client *client) { } buf[client->payload_length] = '\0'; + const char *error_denied = "{ \"success\": false, \"error\": \"Permission denied\" }"; + switch (client->current_command) { case IPC_COMMAND: { + if (!(config->ipc_policy & IPC_FEATURE_COMMAND)) { + goto exit_denied; + } struct cmd_results *results = handle_command(buf, CONTEXT_IPC); const char *json = cmd_results_to_json(results); char reply[256]; @@ -359,6 +364,9 @@ void ipc_client_handle_command(struct ipc_client *client) { case IPC_GET_WORKSPACES: { + if (!(config->ipc_policy & IPC_FEATURE_GET_WORKSPACES)) { + goto exit_denied; + } json_object *workspaces = json_object_new_array(); container_map(&root_container, ipc_get_workspaces_callback, workspaces); const char *json_string = json_object_to_json_string(workspaces); @@ -369,6 +377,9 @@ void ipc_client_handle_command(struct ipc_client *client) { case IPC_GET_INPUTS: { + if (!(config->ipc_policy & IPC_FEATURE_GET_INPUTS)) { + goto exit_denied; + } json_object *inputs = json_object_new_array(); if (input_devices) { for(int i=0; i<input_devices->length; i++) { @@ -388,6 +399,9 @@ void ipc_client_handle_command(struct ipc_client *client) { case IPC_GET_OUTPUTS: { + if (!(config->ipc_policy & IPC_FEATURE_GET_OUTPUTS)) { + goto exit_denied; + } json_object *outputs = json_object_new_array(); container_map(&root_container, ipc_get_outputs_callback, outputs); const char *json_string = json_object_to_json_string(outputs); @@ -398,6 +412,9 @@ void ipc_client_handle_command(struct ipc_client *client) { case IPC_GET_TREE: { + if (!(config->ipc_policy & IPC_FEATURE_GET_TREE)) { + goto exit_denied; + } json_object *tree = ipc_json_describe_container_recursive(&root_container); const char *json_string = json_object_to_json_string(tree); ipc_send_reply(client, json_string, (uint32_t) strlen(json_string)); @@ -458,6 +475,9 @@ void ipc_client_handle_command(struct ipc_client *client) { case IPC_GET_BAR_CONFIG: { + if (!(config->ipc_policy & IPC_FEATURE_GET_BAR_CONFIG)) { + goto exit_denied; + } if (!buf[0]) { // Send list of configured bar IDs json_object *bars = json_object_new_array(); @@ -498,6 +518,9 @@ void ipc_client_handle_command(struct ipc_client *client) { goto exit_cleanup; } +exit_denied: + ipc_send_reply(client, error_denied, (uint32_t)strlen(error_denied)); + exit_cleanup: client->payload_length = 0; free(buf); @@ -562,6 +585,9 @@ void ipc_send_event(const char *json_string, enum ipc_command_type event) { } void ipc_event_workspace(swayc_t *old, swayc_t *new, const char *change) { + if (!(config->ipc_policy & IPC_FEATURE_EVENT_WORKSPACE)) { + return; + } sway_log(L_DEBUG, "Sending workspace::%s event", change); json_object *obj = json_object_new_object(); json_object_object_add(obj, "change", json_object_new_string(change)); @@ -586,6 +612,9 @@ void ipc_event_workspace(swayc_t *old, swayc_t *new, const char *change) { } void ipc_event_window(swayc_t *window, const char *change) { + if (!(config->ipc_policy & IPC_FEATURE_EVENT_WINDOW)) { + return; + } sway_log(L_DEBUG, "Sending window::%s event", change); json_object *obj = json_object_new_object(); json_object_object_add(obj, "change", json_object_new_string(change)); @@ -611,6 +640,9 @@ void ipc_event_barconfig_update(struct bar_config *bar) { } void ipc_event_mode(const char *mode) { + if (!(config->ipc_policy & IPC_FEATURE_EVENT_MODE)) { + return; + } sway_log(L_DEBUG, "Sending mode::%s event", mode); json_object *obj = json_object_new_object(); json_object_object_add(obj, "change", json_object_new_string(mode)); @@ -636,6 +668,9 @@ void ipc_event_modifier(uint32_t modifier, const char *state) { } static void ipc_event_binding(json_object *sb_obj) { + if (!(config->ipc_policy & IPC_FEATURE_EVENT_BINDING)) { + return; + } sway_log(L_DEBUG, "Sending binding::run event"); json_object *obj = json_object_new_object(); json_object_object_add(obj, "change", json_object_new_string("run")); |