-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.go
More file actions
319 lines (267 loc) · 9.49 KB
/
config.go
File metadata and controls
319 lines (267 loc) · 9.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
package main
import (
"errors"
"fmt"
"io"
"log"
"os"
"path/filepath"
"strings"
"github.com/kelseyhightower/envconfig"
"github.com/spf13/pflag"
)
const (
EnvPrefix = "CMDJAIL"
JailFilename = ".cmd.jail"
)
var (
flagLogFile string
flagLogFileDesc string = "Path for logging. Set to \"\" for syslog. If unset, logging is disabled."
flagEnvReference string
flagEnvReferenceDesc string = "Environment variable with the intent command (e.g., SSH_ORIGINAL_COMMAND)."
flagJailFile string
flagJailFileDesc string = "Path to the jail file. Use - to read from stdin."
flagVerbose bool
flagVerboseDesc string = "Enable verbose logging for debugging."
flagRecordFile string
flagRecordFileDesc string = "Enable record mode. Executes command and appends it as an allow rule to the file."
flagVersion bool
flagVersionDesc string = "Print version information and exit."
flagCheck bool
flagCheckDesc string = "Validate jailfile syntax."
flagCheckIntentCmds string
flagCheckIntentCmdsDesc string = "Path to a file with commands to test (use '-' for stdin)."
flagShellCmd string
flagShellCmdDesc string = "Shell command to execute intent commands with."
)
var (
// TODO: promote to type and capture cmd to log
ErrCmdNotWrappedInQuotes = errors.New("cmd must be wrapped in single quotes")
// TODO: promote to type and capture cmd to log
ErrJailFileManipulationAttempt = fmt.Errorf("attempting to manipulate: %s. Aborted", JailFilename)
// TODO: promote to type and capture cmd to log
ErrJailBinaryManipulationAttempt = fmt.Errorf("attempting to manipulate: %s. Aborted", filepath.Base(os.Args[0]))
// TODO: promote to type and capture cmd to log
ErrJailLogManipulationAttempt = errors.New("attempting to manipulate cmdjail log. Aborted")
ErrJailFileAndCheckCmdsFromStdin = errors.New("jail file and check commands cannot both be read from stdin")
)
type envVars struct {
IntentCmd string `envconfig:"CMDJAIL_CMD"`
LogFile string
EnvReference string `envconfig:"CMDJAIL_ENV_REFERENCE"`
JailFile string
RecordFile string
Verbose bool
ShellCmd string `envconfig:"CMDJAIL_SHELL_CMD"`
}
func defaultEnvVars() (envVars, error) {
ex, err := os.Executable()
if err != nil {
return envVars{}, err
}
exPath := filepath.Dir(ex)
return envVars{
JailFile: filepath.Join(exPath, JailFilename),
ShellCmd: "bash -c",
}, nil
}
type Config struct {
IntentCmd string
Log string
JailFile string
Verbose bool
RecordFile string
Shell bool
Version bool
CheckMode bool
CheckIntentCmdsFile string
ShellCmd []string
}
var NoConfig = Config{}
func init() {
pflag.ErrHelp = errors.New("")
pflag.Usage = func() {
printMsg(os.Stderr, `cmdjail: A flexible, rule-based command filtering proxy.
Acts as an intermediary for executing shell commands. It evaluates a command
against a set of rules in a "jail file" and decides whether to execute or
block it. This is useful for restricting user actions in controlled environments.
Usage:
cmdjail [flags] -- 'command to execute'
cmdjail [flags]
When no command is provided, cmdjail starts an interactive shell.
Flags:
-j, --jail-file <path> `+flagJailFileDesc+`
(Default: .cmd.jail in binary's directory)
(Env: CMDJAIL_JAILFILE)
-l, --log-file <path> `+flagLogFileDesc+`
(Env: CMDJAIL_LOGFILE)
-e, --env-reference <var> `+flagEnvReferenceDesc+`
(Env: CMDJAIL_ENV_REFERENCE)
-r, --record-file <path> `+flagRecordFileDesc+`
(Env: CMDJAIL_RECORDFILE)
-s, --shell-cmd <cmd> `+flagShellCmdDesc+`
(Default: "bash -c")
(Env: CMDJAIL_SHELL_CMD)
-c, --check `+flagCheckDesc+`
--check-intent-cmds <path> `+flagCheckIntentCmdsDesc+`
-v, --verbose `+flagVerboseDesc+`
(Env: CMDJAIL_VERBOSE)
--version `+flagVersionDesc+`
-h, --help Show this help message.
The intent command can also be set directly via the CMDJAIL_CMD environment variable.`)
}
}
func parseFlags(envvars envVars) ([]string, error) {
pflag.BoolVar(&flagVersion, "version", false, flagVersionDesc)
pflag.BoolVarP(&flagVerbose, "verbose", "v", envvars.Verbose, flagVerboseDesc)
pflag.StringVarP(&flagLogFile, "log-file", "l", envvars.LogFile, flagLogFileDesc)
pflag.StringVarP(&flagEnvReference, "env-reference", "e", envvars.EnvReference, flagEnvReferenceDesc)
pflag.StringVarP(&flagJailFile, "jail-file", "j", envvars.JailFile, flagJailFileDesc)
pflag.StringVarP(&flagRecordFile, "record-file", "r", envvars.RecordFile, flagRecordFileDesc)
pflag.BoolVarP(&flagCheck, "check", "c", false, flagCheckDesc)
pflag.StringVar(&flagCheckIntentCmds, "check-intent-cmds", "", flagCheckIntentCmdsDesc)
pflag.StringVarP(&flagShellCmd, "shell-cmd", "s", envvars.ShellCmd, flagShellCmdDesc)
args, cmdOptions := splitAtEndOfArgs(os.Args)
if err := pflag.CommandLine.Parse(args); err != nil {
return nil, err
}
return cmdOptions, nil
}
func parseEnvVars() (envVars, error) {
envvars, err := defaultEnvVars()
if err != nil {
return envVars{}, err
}
err = envconfig.Process(EnvPrefix, &envvars)
if err != nil {
return envVars{}, err
}
return envvars, nil
}
// It returns the effective log file path (or "" for syslog/discard) and any error.
func initializeLogging(envLogFile, cliLogFile string) (string, error) {
logFileIsSetByFlag := pflag.CommandLine.Changed("log-file")
_, logFileIsSetByEnv := os.LookupEnv(EnvPrefix + "_LOGFILE")
var effectiveLogPath string
if !logFileIsSetByEnv && !logFileIsSetByFlag {
log.SetOutput(io.Discard)
printLogDebug(os.Stdout, "logging disabled")
} else {
effectiveLogPath = envLogFile
if logFileIsSetByFlag {
effectiveLogPath = cliLogFile
}
if effectiveLogPath == "" {
// An empty value means use syslog.
if err := setLoggerToSyslog(); err != nil {
return "", fmt.Errorf("configuring syslog logger: %w", err)
}
printLogDebug(os.Stdout, "logging to syslog")
} else {
// A non-empty value is a file path.
if err := setLoggerToFile(effectiveLogPath); err != nil {
return "", fmt.Errorf("configuring file logger: %w", err)
}
printLogDebug(os.Stdout, "logging to: %s", effectiveLogPath)
}
}
return effectiveLogPath, nil
}
func resolveIntentCommand(envCmd, envRef string, cliCmdOptions []string) (string, error) {
cmd := envCmd
if cmd != "" {
printLogDebug(os.Stderr, "intent command loaded from: $%s_CMD", EnvPrefix)
}
if cmd == "" && envRef != "" {
cmd = os.Getenv(envRef)
printLogDebug(os.Stderr, "intent command loaded from: $%s", envRef)
}
if len(cliCmdOptions) > 0 {
if len(cliCmdOptions) > 1 {
return "", ErrCmdNotWrappedInQuotes
}
cmd = cliCmdOptions[0]
printLogDebug(os.Stderr, "intent command loaded from arguments")
}
return cmd, nil
}
func determineOperationMode(intentCmd string, checkFlag bool, checkIntentCmdsFile string) (shellMode bool, checkMode bool) {
checkMode = checkFlag || checkIntentCmdsFile != ""
shellMode = intentCmd == "" && !checkMode
return shellMode, checkMode
}
func parseEnvAndFlags() (Config, error) {
envvars, err := parseEnvVars()
if err != nil {
return NoConfig, err
}
cmdOptions, err := parseFlags(envvars)
if err != nil {
return NoConfig, err
}
if flagJailFile == "-" && flagCheckIntentCmds == "-" {
return NoConfig, ErrJailFileAndCheckCmdsFromStdin
}
if flagVerbose {
debug = true
}
logPathOrSyslog, err := initializeLogging(envvars.LogFile, flagLogFile)
if err != nil {
return NoConfig, err
}
printLogDebug(os.Stderr, "loaded env vars: %+v", envvars)
pflag.Visit(func(f *pflag.Flag) {
printLogDebug(os.Stderr, "flag set: %+v", f)
})
if envvars.IntentCmd != "" && envvars.EnvReference != "" {
printLogWarn(os.Stderr, "both %s and %s environment variables are set", EnvPrefix+"_CMD")
}
intentCmd, err := resolveIntentCommand(envvars.IntentCmd, flagEnvReference, cmdOptions)
if err != nil {
return NoConfig, err
}
shellMode, checkMode := determineOperationMode(intentCmd, flagCheck, flagCheckIntentCmds)
if intentCmd != "" {
if err := checkCmdSafety(intentCmd, logPathOrSyslog); err != nil {
return NoConfig, err
}
}
shellCmdFields := strings.Fields(flagShellCmd)
if len(shellCmdFields) == 0 {
shellCmdFields = []string{"bash", "-c"} // Fallback
}
return Config{
IntentCmd: intentCmd,
Log: logPathOrSyslog,
JailFile: flagJailFile,
Verbose: flagVerbose,
RecordFile: flagRecordFile,
Shell: shellMode,
Version: flagVersion,
CheckMode: checkMode,
CheckIntentCmdsFile: flagCheckIntentCmds,
ShellCmd: shellCmdFields,
}, nil
}
func checkCmdSafety(cmd, logPath string) error {
if strings.Contains(cmd, JailFilename) {
return ErrJailFileManipulationAttempt
} else if strings.Contains(cmd, filepath.Base(os.Args[0])) {
return ErrJailBinaryManipulationAttempt
} else if logPath != "" && strings.Contains(cmd, logPath) {
return ErrJailLogManipulationAttempt
}
return nil
}
func splitAtEndOfArgs(args []string) ([]string, []string) {
if len(args) == 0 || len(args) == 1 {
return nil, nil
}
args = args[1:]
for i, arg := range args {
if arg == "--" {
return args[:i], args[i+1:]
}
}
return args, nil
}