Introduce CLI permissions.

Based on cli_permissions.conf configuration file, we are able to permit or deny cli commands based on some patterns and the local user and group running rasterisk. (Sorry if I missed some of the testers). Reviewboard: http://reviewboard.digium.com/r/11/ (closes issue #11123) Reported by: eliel Tested by: eliel, IgorG, Laureano, otherwiseguy, mvanbaak git-svn-id: http://svn.digium.com/svn/asterisk/trunk@160062 f38db490-d61c-443f-a65b-d21fe96a405b
author: eliel <eliel@f38db490-d61c-443f-a65b-d21fe96a405b> 2008-12-01 18:52:14 +0000
committer: eliel <eliel@f38db490-d61c-443f-a65b-d21fe96a405b> 2008-12-01 18:52:14 +0000
commit: c3bceb968b01e897185cf8910893939e72c445d0 (patch)
tree: 35cdf9c8ac4353b858aa5ad558e8b9b6830cad7c /include/asterisk/cli.h
parent: 14324a5259f64e532e44f0acf1684555b88369bb (diff)
1 files changed, 19 insertions, 3 deletions
diff --git a/include/asterisk/cli.h b/include/asterisk/cli.h
index 535b4e6af..a02764dfa 100644
--- a/include/asterisk/cli.h
+++ b/include/asterisk/cli.h
@@ -32,6 +32,10 @@ extern "C" {
 void ast_cli(int fd, const char *fmt, ...)
 	__attribute__((format(printf, 2, 3)));
 
+/* dont check permissions while passing this option as a 'uid'
+ * to the cli_has_permissions() function. */
+#define CLI_NO_PERMS		-1
+
 #define RESULT_SUCCESS		0
 #define RESULT_SHOWUSAGE	1
 #define RESULT_FAILURE		2
@@ -191,23 +195,35 @@ char *ast_cli_complete(const char *word, char *const choices[], int pos);
 
 /*! 
  * \brief Interprets a command
- * Interpret a command s, sending output to fd
+ * Interpret a command s, sending output to fd if uid:gid has permissions
+ * to run this command. uid = CLI_NO_PERMS to avoid checking user permissions
+ * gid = CLI_NO_PERMS to avoid checking group permissions.
+ * \param uid User ID that is trying to run the command.
+ * \param gid Group ID that is trying to run the command.
  * \param fd pipe
  * \param s incoming string
  * \retval 0 on success
  * \retval -1 on failure
  */
-int ast_cli_command(int fd, const char *s);
+int ast_cli_command_full(int uid, int gid, int fd, const char *s);
+
+#define ast_cli_command(fd,s) ast_cli_command_full(CLI_NO_PERMS, CLI_NO_PERMS, fd, s) 
 
 /*! 
  * \brief Executes multiple CLI commands
  * Interpret strings separated by NULL and execute each one, sending output to fd
+ * if uid has permissions, uid = CLI_NO_PERMS to avoid checking users permissions.
+ * gid = CLI_NO_PERMS to avoid checking group permissions.
+ * \param uid User ID that is trying to run the command.
+ * \param gid Group ID that is trying to run the command.
  * \param fd pipe
  * \param size is the total size of the string
  * \param s incoming string
  * \retval number of commands executed
  */
-int ast_cli_command_multiple(int fd, size_t size, const char *s);
+int ast_cli_command_multiple_full(int uid, int gid, int fd, size_t size, const char *s);
+
+#define ast_cli_command_multiple(fd,size,s) ast_cli_command_multiple_full(CLI_NO_PERMS, CLI_NO_PERMS, fd, size, s)
 
 /*! \brief Registers a command or an array of commands
  * \param e which cli entry to register.
author	eliel <eliel@f38db490-d61c-443f-a65b-d21fe96a405b>	2008-12-01 18:52:14 +0000
committer	eliel <eliel@f38db490-d61c-443f-a65b-d21fe96a405b>	2008-12-01 18:52:14 +0000
commit	c3bceb968b01e897185cf8910893939e72c445d0 (patch)
tree	35cdf9c8ac4353b858aa5ad558e8b9b6830cad7c /include/asterisk/cli.h
parent	14324a5259f64e532e44f0acf1684555b88369bb (diff)