diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2021-03-24 10:33:28 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-03-24 10:33:40 -0700 |
commit | 3eda6d0f63bb2b19182dfbacfaa9dd656286d740 (patch) | |
tree | 8ef50fa0e14c1909ce1b386926a325c609a4478a /src/connection/as.lisp | |
parent | 33fdc2a3a738447e9cf6ac25b55e10308211506d (diff) | |
download | consfigurator-3eda6d0f63bb2b19182dfbacfaa9dd656286d740.tar.gz |
attempt to implement :AS connection type and AS combinator
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'src/connection/as.lisp')
-rw-r--r-- | src/connection/as.lisp | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/connection/as.lisp b/src/connection/as.lisp new file mode 100644 index 0000000..b5a9f69 --- /dev/null +++ b/src/connection/as.lisp @@ -0,0 +1,36 @@ +;;; Consfigurator -- Lisp declarative configuration management system + +;;; Copyright (C) 2021 Sean Whitton <spwhitton@spwhitton.name> + +;;; This file is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3, or (at your option) +;;; any later version. + +;;; This file is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. + +;;; You should have received a copy of the GNU General Public License +;;; along with this program. If not, see <http://www.gnu.org/licenses/>. + +(in-package :consfigurator.connection.as) +(named-readtables:in-readtable :consfigurator) + +;; currently we only check whether we're root, but, for example, on Linux, we +;; might have a CAP_* which lets us setuid as non-root +(defun can-setuid () + (zerop (foreign-funcall "geteuid" :int))) + +(defmethod establish-connection ((type (eql :as)) remaining &key to) + "Establish a :SETUID or :SUDO connection to another user account, depending +on whether it is possible to establish a :SETUID connection. + +This connection type does not support sudo with a password -- it is designed +to be used as root." + (if (and (lisp-connection-p) + (can-setuid) + (can-probably-fork)) + (establish-connection :setuid remaining :to to) + (establish-connection :sudo remaining :user to))) |