diff options
author | eliel <eliel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-12-01 18:52:14 +0000 |
---|---|---|
committer | eliel <eliel@f38db490-d61c-443f-a65b-d21fe96a405b> | 2008-12-01 18:52:14 +0000 |
commit | c3bceb968b01e897185cf8910893939e72c445d0 (patch) | |
tree | 35cdf9c8ac4353b858aa5ad558e8b9b6830cad7c /include/asterisk/cli.h | |
parent | 14324a5259f64e532e44f0acf1684555b88369bb (diff) |
Introduce CLI permissions.
Based on cli_permissions.conf configuration file, we are able to permit or deny
cli commands based on some patterns and the local user and group running rasterisk.
(Sorry if I missed some of the testers).
Reviewboard: http://reviewboard.digium.com/r/11/
(closes issue #11123)
Reported by: eliel
Tested by: eliel, IgorG, Laureano, otherwiseguy, mvanbaak
git-svn-id: http://svn.digium.com/svn/asterisk/trunk@160062 f38db490-d61c-443f-a65b-d21fe96a405b
Diffstat (limited to 'include/asterisk/cli.h')
-rw-r--r-- | include/asterisk/cli.h | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/include/asterisk/cli.h b/include/asterisk/cli.h index 535b4e6af..a02764dfa 100644 --- a/include/asterisk/cli.h +++ b/include/asterisk/cli.h @@ -32,6 +32,10 @@ extern "C" { void ast_cli(int fd, const char *fmt, ...) __attribute__((format(printf, 2, 3))); +/* dont check permissions while passing this option as a 'uid' + * to the cli_has_permissions() function. */ +#define CLI_NO_PERMS -1 + #define RESULT_SUCCESS 0 #define RESULT_SHOWUSAGE 1 #define RESULT_FAILURE 2 @@ -191,23 +195,35 @@ char *ast_cli_complete(const char *word, char *const choices[], int pos); /*! * \brief Interprets a command - * Interpret a command s, sending output to fd + * Interpret a command s, sending output to fd if uid:gid has permissions + * to run this command. uid = CLI_NO_PERMS to avoid checking user permissions + * gid = CLI_NO_PERMS to avoid checking group permissions. + * \param uid User ID that is trying to run the command. + * \param gid Group ID that is trying to run the command. * \param fd pipe * \param s incoming string * \retval 0 on success * \retval -1 on failure */ -int ast_cli_command(int fd, const char *s); +int ast_cli_command_full(int uid, int gid, int fd, const char *s); + +#define ast_cli_command(fd,s) ast_cli_command_full(CLI_NO_PERMS, CLI_NO_PERMS, fd, s) /*! * \brief Executes multiple CLI commands * Interpret strings separated by NULL and execute each one, sending output to fd + * if uid has permissions, uid = CLI_NO_PERMS to avoid checking users permissions. + * gid = CLI_NO_PERMS to avoid checking group permissions. + * \param uid User ID that is trying to run the command. + * \param gid Group ID that is trying to run the command. * \param fd pipe * \param size is the total size of the string * \param s incoming string * \retval number of commands executed */ -int ast_cli_command_multiple(int fd, size_t size, const char *s); +int ast_cli_command_multiple_full(int uid, int gid, int fd, size_t size, const char *s); + +#define ast_cli_command_multiple(fd,size,s) ast_cli_command_multiple_full(CLI_NO_PERMS, CLI_NO_PERMS, fd, size, s) /*! \brief Registers a command or an array of commands * \param e which cli entry to register. |