Add an ACL list for users connecting to the tmux socket. Users may be

forbidden from attaching, forced to attach read-only, or allowed to
attach read-write. A new command, server-access, configures the list.
tmux gets the user using getpeereid(3) of the client socket. Users must
still configure file system permissions manually. From Dallas Lyons and
others.

1 files changed, 13 insertions, 5 deletions

diff --git a/usr.bin/tmux/server.c b/usr.bin/tmux/server.c
index a1293c749c4..ef1183146a5 100644
--- a/usr.bin/tmux/server.c
+++ b/usr.bin/tmux/server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: server.c,v 1.200 2022/03/28 07:40:57 nicm Exp $ */
+/* $OpenBSD: server.c,v 1.201 2022/05/30 12:48:57 nicm Exp $ */
 
 /*
  * Copyright (c) 2007 Nicholas Marriott <nicholas.marriott@gmail.com>
@@ -239,6 +239,8 @@ server_start(struct tmuxproc *client, int flags, struct event_base *base,
 	evtimer_set(&server_ev_tidy, server_tidy_event, NULL);
 	evtimer_add(&server_ev_tidy, &tv);
 
+	server_acl_init();
+
 	server_add_accept(0);
 	proc_loop(server_proc, server_loop);
 
@@ -355,9 +357,10 @@ server_update_socket(void)
 static void
 server_accept(int fd, short events, __unused void *data)
 {
-	struct sockaddr_storage	sa;
-	socklen_t		slen = sizeof sa;
-	int			newfd;
+	struct sockaddr_storage	 sa;
+	socklen_t		 slen = sizeof sa;
+	int			 newfd;
+	struct client		*c;
 
 	server_add_accept(0);
 	if (!(events & EV_READ))
@@ -374,11 +377,16 @@ server_accept(int fd, short events, __unused void *data)
 		}
 		fatal("accept failed");
 	}
+
 	if (server_exit) {
 		close(newfd);
 		return;
 	}
-	server_client_create(newfd);
+	c = server_client_create(newfd);
+	if (!server_acl_join(c)) {
+		c->exit_message = xstrdup("access not allowed");
+		c->flags |= CLIENT_EXIT;
+	}
 }
 
 /*