From d6306b634e4a044e3380ed984dc7f5e5d67e69ac Mon Sep 17 00:00:00 2001 From: Nicholas Marriott Date: Wed, 6 Apr 2022 14:28:50 +0100 Subject: Add an ACL list for users connecting to the tmux socket. Users may be forbidden from attaching, forced to attach read-only, or allowed to attach read-write. A new command, server-access, configures the list. tmux gets the user using getpeereid(3) of the client socket. Users must still configure file system permissions manually. --- cmd-queue.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'cmd-queue.c') diff --git a/cmd-queue.c b/cmd-queue.c index 4fbdc4e7..a12aaf10 100644 --- a/cmd-queue.c +++ b/cmd-queue.c @@ -19,9 +19,11 @@ #include #include +#include #include #include #include +#include #include "tmux.h" @@ -558,17 +560,31 @@ cmdq_add_message(struct cmdq_item *item) { struct client *c = item->client; struct cmdq_state *state = item->state; - const char *name, *key; + const char *key; char *tmp; + uid_t uid; + struct passwd *pw; + char *user = NULL; tmp = cmd_print(item->cmd); if (c != NULL) { - name = c->name; + uid = proc_get_peer_uid(c->peer); + if (uid != getuid()) { + if ((pw = getpwuid(uid)) != NULL) + xasprintf(&user, "[%s]", pw->pw_name); + else + user = xstrdup("[unknown]"); + } else + user = xstrdup(""); if (c->session != NULL && state->event.key != KEYC_NONE) { key = key_string_lookup_key(state->event.key, 0); - server_add_message("%s key %s: %s", name, key, tmp); - } else - server_add_message("%s command: %s", name, tmp); + server_add_message("%s%s key %s: %s", c->name, user, + key, tmp); + } else { + server_add_message("%s%s command: %s", c->name, user, + tmp); + } + free(user); } else server_add_message("command: %s", tmp); free(tmp); -- cgit From 3a6d82b7c8d4254fa87959d8cf19b313f5e05480 Mon Sep 17 00:00:00 2001 From: Nicholas Marriott Date: Wed, 6 Apr 2022 16:39:46 +0100 Subject: Some style nits. --- cmd-queue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cmd-queue.c') diff --git a/cmd-queue.c b/cmd-queue.c index a12aaf10..633af06b 100644 --- a/cmd-queue.c +++ b/cmd-queue.c @@ -126,7 +126,7 @@ cmdq_new(void) { struct cmdq_list *queue; - queue = xcalloc (1, sizeof *queue); + queue = xcalloc(1, sizeof *queue); TAILQ_INIT (&queue->list); return (queue); } -- cgit From 8bcd392ee79996f828fd40c52198071ec0f273dd Mon Sep 17 00:00:00 2001 From: Nicholas Marriott Date: Wed, 6 Apr 2022 16:47:59 +0100 Subject: On platforms with no way to get peer UID, use getuid(), also fix some failure checks. --- cmd-queue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cmd-queue.c') diff --git a/cmd-queue.c b/cmd-queue.c index 633af06b..6c7c3675 100644 --- a/cmd-queue.c +++ b/cmd-queue.c @@ -569,7 +569,7 @@ cmdq_add_message(struct cmdq_item *item) tmp = cmd_print(item->cmd); if (c != NULL) { uid = proc_get_peer_uid(c->peer); - if (uid != getuid()) { + if (uid != (uid_t)-1 && uid != getuid()) { if ((pw = getpwuid(uid)) != NULL) xasprintf(&user, "[%s]", pw->pw_name); else -- cgit From 58d1a206c6ae6b33059ea6b469c21dad92ea0841 Mon Sep 17 00:00:00 2001 From: Nicholas Marriott Date: Mon, 18 Apr 2022 11:47:14 +0100 Subject: Add a way for lines added to copy mode to be passed through the parser to handle escape sequences and use it for run-shell, GitHub issue 3156. --- cmd-queue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'cmd-queue.c') diff --git a/cmd-queue.c b/cmd-queue.c index 6c7c3675..8325e2e8 100644 --- a/cmd-queue.c +++ b/cmd-queue.c @@ -856,7 +856,7 @@ cmdq_print(struct cmdq_item *item, const char *fmt, ...) window_pane_set_mode(wp, NULL, &window_view_mode, NULL, NULL); } - window_copy_add(wp, "%s", msg); + window_copy_add(wp, 0, "%s", msg); } free(msg); -- cgit