From bce7068b659a0010b80ebb0ec14ce7d5783af779 Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Wed, 1 Aug 2018 21:33:47 -0400 Subject: [PATCH] Load up security.d/* on startup --- include/sway/config.h | 2 ++ sway/config.c | 18 +++++++++++++++--- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/include/sway/config.h b/include/sway/config.h index 00b5f25bf..ea19233bb 100644 --- a/include/sway/config.h +++ b/include/sway/config.h @@ -461,6 +461,8 @@ void free_sway_variable(struct sway_variable *var); */ char *do_var_replacement(char *str); +struct cmd_results *check_security_config(struct sway_config *config); + int input_identifier_cmp(const void *item, const void *data); struct input_config *new_input_config(const char* identifier); diff --git a/sway/config.c b/sway/config.c index a50e9144f..9c577639a 100644 --- a/sway/config.c +++ b/sway/config.c @@ -377,6 +377,10 @@ static bool load_config(const char *path, struct sway_config *config, return true; } +static int qstrcmp(const void* a, const void* b) { + return strcmp(*((char**) a), *((char**) b)); +} + bool load_main_config(const char *file, bool is_active, bool validating) { char *path; if (file != NULL) { @@ -412,9 +416,7 @@ bool load_main_config(const char *file, bool is_active, bool validating) { config->reading = true; // Read security configs - // TODO: Security bool success = true; - /* DIR *dir = opendir(SYSCONFDIR "/sway/security.d"); if (!dir) { wlr_log(WLR_ERROR, @@ -457,7 +459,6 @@ bool load_main_config(const char *file, bool is_active, bool validating) { free_flat_list(secconfigs); } - */ success = success && load_config(path, config, &config->swaynag_config_errors); @@ -486,6 +487,17 @@ bool load_main_config(const char *file, bool is_active, bool validating) { return success; } +struct cmd_results *check_security_config(struct sway_config *config) { + const char *path = SYSCONFDIR "/sway/security.d/"; + if (!config->current_config_path || + strncmp(path, config->current_config_path, strlen(path)) != 0) { + return cmd_results_new(CMD_INVALID, "permit", + "This command is only permitted to run from %s/sway/security.d/*", + path); + } + return NULL; +} + static bool load_include_config(const char *path, const char *parent_dir, struct sway_config *config, struct swaynag_instance *swaynag) { // save parent config