2021-05-29 07:31:33 -05:00
|
|
|
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4; fill-column: 100 -*- */
|
|
|
|
|
/*
|
|
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
#include <string>
|
2021-09-17 08:49:06 -05:00
|
|
|
#include <unordered_set>
|
2021-05-29 07:31:33 -05:00
|
|
|
#include "ConfigUtil.hpp"
|
|
|
|
|
#include "Util.hpp"
|
2021-09-13 14:24:50 -05:00
|
|
|
#include "CommandControl.hpp"
|
2021-05-29 07:31:33 -05:00
|
|
|
|
2021-09-13 14:24:50 -05:00
|
|
|
namespace CommandControl
|
2021-05-29 07:31:33 -05:00
|
|
|
{
|
2022-02-10 05:22:47 -06:00
|
|
|
bool LockManager::_isLockedUser = false;
|
2022-02-07 23:50:09 -06:00
|
|
|
bool LockManager::_isHostReadOnly = false;
|
2022-02-10 05:22:47 -06:00
|
|
|
std::unordered_set<std::string> LockManager::LockedCommandList;
|
|
|
|
|
std::string LockManager::LockedCommandListString;
|
2022-02-07 23:50:09 -06:00
|
|
|
Util::RegexListMatcher LockManager::readOnlyWopiHosts;
|
|
|
|
|
Util::RegexListMatcher LockManager::disabledCommandWopiHosts;
|
|
|
|
|
bool LockManager::lockHostEnabled = false;
|
2021-05-29 07:31:33 -05:00
|
|
|
|
2022-02-10 05:22:47 -06:00
|
|
|
LockManager::LockManager() {}
|
2021-05-29 07:31:33 -05:00
|
|
|
|
2022-02-10 05:22:47 -06:00
|
|
|
void LockManager::generateLockedCommandList()
|
2021-05-29 07:31:33 -05:00
|
|
|
{
|
2022-02-10 05:22:47 -06:00
|
|
|
#ifdef ENABLE_FEATURE_LOCK
|
2021-05-29 07:31:33 -05:00
|
|
|
|
2022-02-10 05:22:47 -06:00
|
|
|
LockedCommandListString = config::getString("feature_lock.locked_commands", "");
|
|
|
|
|
Util::trim(LockedCommandListString);
|
|
|
|
|
StringVector commandList = Util::tokenize(LockedCommandListString);
|
2021-05-29 07:31:33 -05:00
|
|
|
|
|
|
|
|
std::string command;
|
|
|
|
|
for (std::size_t i = 0; i < commandList.size(); i++)
|
|
|
|
|
{
|
|
|
|
|
// just an extra check to make sure any whitespace does not sniff in command
|
|
|
|
|
// or else command will not be recognized
|
|
|
|
|
command = Util::trim_whitespace(commandList[i]);
|
2022-02-10 05:22:47 -06:00
|
|
|
if (!command.empty())
|
2021-05-29 07:31:33 -05:00
|
|
|
{
|
2022-02-10 05:22:47 -06:00
|
|
|
LockedCommandList.emplace(command);
|
2021-05-29 07:31:33 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-10 05:22:47 -06:00
|
|
|
const std::unordered_set<std::string>& LockManager::getLockedCommandList()
|
2021-05-29 07:31:33 -05:00
|
|
|
{
|
2022-02-10 05:22:47 -06:00
|
|
|
if (LockedCommandList.empty())
|
|
|
|
|
generateLockedCommandList();
|
2021-05-29 07:31:33 -05:00
|
|
|
|
2022-02-10 05:22:47 -06:00
|
|
|
return LockedCommandList;
|
2021-05-29 07:31:33 -05:00
|
|
|
}
|
|
|
|
|
|
2022-02-10 05:22:47 -06:00
|
|
|
const std::string LockManager::getLockedCommandListString()
|
2021-05-29 07:31:33 -05:00
|
|
|
{
|
2022-02-10 05:22:47 -06:00
|
|
|
if (LockedCommandListString.empty())
|
|
|
|
|
generateLockedCommandList();
|
2021-05-29 07:31:33 -05:00
|
|
|
|
2022-02-10 05:22:47 -06:00
|
|
|
return LockedCommandListString;
|
2021-05-29 07:31:33 -05:00
|
|
|
}
|
2021-09-13 15:02:43 -05:00
|
|
|
|
2022-02-07 23:50:09 -06:00
|
|
|
void LockManager::parseLockedHost(Poco::Util::LayeredConfiguration& conf)
|
|
|
|
|
{
|
|
|
|
|
readOnlyWopiHosts.clear();
|
|
|
|
|
disabledCommandWopiHosts.clear();
|
|
|
|
|
|
|
|
|
|
lockHostEnabled = config::getBool("feature_lock.locked_hosts[@allow]", false);
|
|
|
|
|
|
|
|
|
|
if (lockHostEnabled)
|
|
|
|
|
{
|
|
|
|
|
for (size_t i = 0;; i++)
|
|
|
|
|
{
|
|
|
|
|
const std::string path = "feature_lock.locked_hosts.host[" + std::to_string(i) + ']';
|
|
|
|
|
const std::string host = conf.getString(path, "");
|
|
|
|
|
if (!host.empty())
|
|
|
|
|
{
|
|
|
|
|
if (conf.getBool(path + "[@read_only]", false))
|
|
|
|
|
{
|
|
|
|
|
readOnlyWopiHosts.allow(host);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
readOnlyWopiHosts.deny(host);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (conf.getBool(path + "[@disabled_commands]", false))
|
|
|
|
|
{
|
|
|
|
|
disabledCommandWopiHosts.allow(host);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
disabledCommandWopiHosts.deny(host);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else if (!conf.has(path))
|
|
|
|
|
{
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool LockManager::isHostReadOnly(const std::string& host)
|
|
|
|
|
{
|
|
|
|
|
return LockManager::lockHostEnabled && LockManager::readOnlyWopiHosts.match(host);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool LockManager::isHostCommandDisabled(const std::string& host)
|
|
|
|
|
{
|
|
|
|
|
return LockManager::lockHostEnabled && LockManager::disabledCommandWopiHosts.match(host);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool LockManager::hostExist(const std::string& host)
|
|
|
|
|
{
|
|
|
|
|
return LockManager::lockHostEnabled && LockManager::readOnlyWopiHosts.matchExist(host);
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-13 15:02:43 -05:00
|
|
|
bool RestrictionManager::_isRestrictedUser = false;
|
2021-09-17 08:49:06 -05:00
|
|
|
std::unordered_set<std::string> RestrictionManager::RestrictedCommandList;
|
2021-09-13 15:02:43 -05:00
|
|
|
std::string RestrictionManager::RestrictedCommandListString;
|
|
|
|
|
|
|
|
|
|
RestrictionManager::RestrictionManager() {}
|
|
|
|
|
|
|
|
|
|
void RestrictionManager::generateRestrictedCommandList()
|
|
|
|
|
{
|
|
|
|
|
#ifdef ENABLE_FEATURE_RESTRICTION
|
|
|
|
|
RestrictedCommandListString = config::getString("restricted_commands", "");
|
|
|
|
|
Util::trim(RestrictedCommandListString);
|
|
|
|
|
StringVector commandList = Util::tokenize(RestrictedCommandListString);
|
|
|
|
|
|
|
|
|
|
std::string command;
|
|
|
|
|
for (std::size_t i = 0; i < commandList.size(); i++)
|
|
|
|
|
{
|
|
|
|
|
// just an extra check to make sure any whitespace does not sniff in command
|
|
|
|
|
// or else command will not be recognized
|
|
|
|
|
command = Util::trim_whitespace(commandList[i]);
|
2022-02-10 05:22:47 -06:00
|
|
|
if (!command.empty())
|
2021-09-13 15:02:43 -05:00
|
|
|
{
|
2021-09-17 08:49:06 -05:00
|
|
|
RestrictedCommandList.emplace(command);
|
2021-09-13 15:02:43 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-17 08:49:06 -05:00
|
|
|
const std::unordered_set<std::string>& RestrictionManager::getRestrictedCommandList()
|
2021-09-13 15:02:43 -05:00
|
|
|
{
|
|
|
|
|
if (RestrictedCommandList.empty())
|
|
|
|
|
generateRestrictedCommandList();
|
|
|
|
|
|
|
|
|
|
return RestrictedCommandList;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const std::string RestrictionManager::getRestrictedCommandListString()
|
|
|
|
|
{
|
|
|
|
|
if (RestrictedCommandListString.empty())
|
|
|
|
|
generateRestrictedCommandList();
|
|
|
|
|
|
|
|
|
|
return RestrictedCommandListString;
|
|
|
|
|
}
|
2021-09-13 14:24:50 -05:00
|
|
|
} // namespace CommandControl
|
2021-05-29 07:31:33 -05:00
|
|
|
|
|
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
