Commit fe1639ce authored by Kevin Lyda's avatar Kevin Lyda
Browse files

Add sandbox support and SHOW SYSTEM

Use landlock or pledge/unveil on OpenBSD.  Add a SHOW SYSTEM call.
parent 8295f672
Loading
Loading
Loading
Loading
+15 −12
Original line number Diff line number Diff line
@@ -18,14 +18,17 @@ will initialise itself with that user for that session.
The code is organised like so:

  * `ask`        - Contains routines for asking the user questions.
  * `authorized` - Authorises a new user.
  * `batch`      - Contains the batch routines - the `-b` flag.
  * `dclish`     - A command line parser akin to DCL.
  * `decus`      - Historical version this version is based on.
  * `editor`     - An editor function.
  * `folders`    - A higher level version of `storage` routines.
  * `key`        - Routines for handling ssh keys.
  * `onboard`    - Routines to onboard a new user.
  * `pager`      - A pager function.
  * `repl`       - Actions and commands for the REPL.
  * `security`   - Routines to lock things down better.
  * `storage`    - Lower level storage routines.
  * `this`       - The current session.
  * `users`      - Validation routines for users.
+2 −0
Original line number Diff line number Diff line
@@ -61,6 +61,7 @@ require (
	github.com/jackc/puddle/v2 v2.2.2 // indirect
	github.com/jinzhu/inflection v1.0.0 // indirect
	github.com/kr/pretty v0.3.1 // indirect
	github.com/landlock-lsm/go-landlock v0.7.0 // indirect
	github.com/lucasb-eyer/go-colorful v1.3.0 // indirect
	github.com/mattn/go-colorable v0.1.13 // indirect
	github.com/mattn/go-isatty v0.0.20 // indirect
@@ -116,6 +117,7 @@ require (
	gopkg.in/yaml.v3 v3.0.1 // indirect
	gotest.tools/gotestsum v1.13.0 // indirect
	honnef.co/go/tools v0.7.0 // indirect
	kernel.org/pub/linux/libs/security/libcap/psx v1.2.77 // indirect
	modernc.org/libc v1.67.7 // indirect
	modernc.org/mathutil v1.7.1 // indirect
	modernc.org/memory v1.11.0 // indirect
+4 −0
Original line number Diff line number Diff line
@@ -140,6 +140,8 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/landlock-lsm/go-landlock v0.7.0 h1:gXz0+Phg3vddZjpPzXL4pQy/MgsTMHZBs+9zgUIyu/0=
github.com/landlock-lsm/go-landlock v0.7.0/go.mod h1:mn5GSi81Jf7yMs5WSi+SUi4sUeNLUGVdbT4Id6wXNQw=
github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/lib/pq v1.11.1 h1:wuChtj2hfsGmmx3nf1m7xC2XpK6OtelS2shMY+bGMtI=
@@ -459,6 +461,8 @@ gotest.tools/gotestsum v1.13.0 h1:+Lh454O9mu9AMG1APV4o0y7oDYKyik/3kBOiCqiEpRo=
gotest.tools/gotestsum v1.13.0/go.mod h1:7f0NS5hFb0dWr4NtcsAsF0y1kzjEFfAil0HiBQJE03Q=
honnef.co/go/tools v0.7.0 h1:w6WUp1VbkqPEgLz4rkBzH/CSU6HkoqNLp6GstyTx3lU=
honnef.co/go/tools v0.7.0/go.mod h1:pm29oPxeP3P82ISxZDgIYeOaf9ta6Pi0EWvCFoLG2vc=
kernel.org/pub/linux/libs/security/libcap/psx v1.2.77 h1:Z06sMOzc0GNCwp6efaVrIrz4ywGJ1v+DP0pjVkOfDuA=
kernel.org/pub/linux/libs/security/libcap/psx v1.2.77/go.mod h1:+l6Ee2F59XiJ2I6WR5ObpC1utCQJZ/VLsEbQCD8RG24=
modernc.org/cc/v4 v4.26.1 h1:+X5NtzVBn0KgsBCBe+xkDC7twLb/jNVj9FPgiwSQO3s=
modernc.org/cc/v4 v4.26.1/go.mod h1:uVtb5OGqUKpoLWhqwNQo/8LwvoiEBLvZXIQ/SmO6mL0=
modernc.org/cc/v4 v4.27.1 h1:9W30zRlYrefrDV2JE2O8VDtJ1yPGownxciz5rrbQZis=
+23 −0
Original line number Diff line number Diff line
@@ -28,6 +28,7 @@ import (
	"git.lyda.ie/pp/bulletin/batch"
	"git.lyda.ie/pp/bulletin/onboard"
	"git.lyda.ie/pp/bulletin/repl"
	"git.lyda.ie/pp/bulletin/security"
	"git.lyda.ie/pp/bulletin/storage"
	"git.lyda.ie/pp/bulletin/this"

@@ -69,6 +70,10 @@ func main() {
				Usage:     "AuthorizedKeysCommand for sshd integration",
				ArgsUsage: "USERNAME KEYTYPE BASE64KEY",
				Action: func(_ context.Context, cmd *cli.Command) error {
					if err := security.InitSandbox(); err != nil {
						fmt.Printf("ERROR: %s.\n", err)
						os.Exit(1)
					}
					os.Exit(authorized.Run(cmd.Args().Slice()))
					return nil
				},
@@ -87,6 +92,11 @@ func main() {
					fmt.Println("ERROR: --onboard requires --fp and --pubkey.")
					os.Exit(1)
				}
				// Sandbox onboarding too.
				if err := security.InitSandbox(); err != nil {
					fmt.Printf("ERROR: %s.\n", err)
					os.Exit(1)
				}
				os.Exit(onboard.Run(fp, pubkeyFlag))
				return nil
			}
@@ -102,6 +112,14 @@ func main() {
					fmt.Println("ERROR: can only run batch commands as SYSTEM.")
					os.Exit(1)
				}
				// Don't sandbox install/migrate-keys/new-user as they need
				// broader filesystem and network access.
				if batchFlag != "install" && batchFlag != "migrate-keys" && batchFlag != "new-user" {
					if err := security.InitSandbox(); err != nil {
						fmt.Printf("ERROR: %s.\n", err)
						os.Exit(1)
					}
				}
				exitcode := 0
				switch batchFlag {
				case "reboot":
@@ -126,6 +144,11 @@ func main() {
				updateKeyLastUsed(fp)
			}

			if err := security.InitSandbox(); err != nil {
				fmt.Printf("ERROR: %s.\n", err)
				os.Exit(1)
			}

			err := this.StartThis(user)
			if err != nil {
				return err
+9 −1
Original line number Diff line number Diff line
@@ -1519,7 +1519,8 @@ that folder cannot be removed.`,

The following options are available:

  FLAGS       FOLDER      NEW         PRIVILEGES  USER        VERSION
  FLAGS       FOLDER      NEW         PRIVILEGES  SYSTEM      USER
  VERSION
`,
		Action: ActionShow,
		Commands: dclish.Commands{
@@ -1558,6 +1559,13 @@ any rights identifiers that would also give a user privileges. (The
latter are ACLs which are set on the BULLUSER.DAT file.)`,
				Action: ActionShowPrivileges,
			},
			"SYSTEM": {
				Description: `Displays system identification, current date and time, and system uptime.

  Format:
    SHOW SYSTEM`,
				Action: ActionShowSystem,
			},
			"USER": {
				Description: `Shows the last time that a user logged in, or if /FOLDER  is  specified,
the  latest  message which a user has read in the folder.  If NOLOGIN is
Loading