From cb3c8d17e8e61bdfe672999da4fa1211d1a58818 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Tue, 1 Jun 2021 01:44:41 +0100 Subject: [PATCH] ssh: Forbid SetRestrictedSshScope after SelectAccount SelectAccount generates an Authorisation in the stream state. We don't want to preserve that after we drop privs. Signed-off-by: Ian Jackson --- daemon/cmdlistener.rs | 1 + src/commands.rs | 1 + 2 files changed, 2 insertions(+) diff --git a/daemon/cmdlistener.rs b/daemon/cmdlistener.rs index 744dfafa..6dc11dd4 100644 --- a/daemon/cmdlistener.rs +++ b/daemon/cmdlistener.rs @@ -175,6 +175,7 @@ fn execute_and_respond(cs: &mut CommandStreamData, cmd: MgmtCommand, }) } MC::SetRestrictedSshScope { key } => { + if cs.account.is_some() { throw!(ME::AccountSpecified) } let good_uid = Some(config().ssh_proxy_uid); let auth = cs.authorised_uid(good_uid, Some("SetRestrictedScope")) .map_err(|_| ME::AuthorisationError)?; diff --git a/src/commands.rs b/src/commands.rs index 04234759..4a073039 100644 --- a/src/commands.rs +++ b/src/commands.rs @@ -277,6 +277,7 @@ pub enum MgmtError { #[error("ssh key not found")] SshKeyNotFound, #[error("ssh key id default, ie invalid")] InvalidSshKeyId, #[error("ssh key invalid: {0}")] InvalidSshKey(#[from] sshkeys::KeyError), + #[error("command forbides account specified")] AccountSpecified, } impl From for MgmtError { -- 2.30.2