{rwhod,fingerd}: disable varlink endpoints according to config

2026-06-24 12:47:15 +09:00
parent 4af04d7dd6
commit 21945c73ab
2 changed files with 54 additions and 3 deletions
@@ -116,6 +116,8 @@ async fn main() -> anyhow::Result<()> {
            .try_clone()
            .context("Failed to clone RWHOD client-server socket fd")?,
        whod_status_store.clone(),
+        config.rwhod.enable,
+        config.fingerd.enable,
        finger_ignore_list,
        client_server_token,
    ));
@@ -155,6 +157,8 @@ async fn rwhod_server(
 async fn client_server(
    socket_fd: OwnedFd,
    whod_status_store: RwhodStatusStore,
+    rwhod_enabled: bool,
+    fingerd_enabled: bool,
    finger_ignore_list: Option<IgnoreList>,
    startup_token: CancellationToken,
 ) -> anyhow::Result<()> {
@@ -163,8 +167,13 @@ async fn client_server(
        unsafe { std::os::unix::net::UnixListener::from_raw_fd(socket_fd.as_raw_fd()) };
    std_socket.set_nonblocking(true)?;
    let zlink_listener = zlink::unix::Listener::try_from(OwnedFd::from(std_socket))?;
-    let client_server_task =
-        varlink_client_server_task(zlink_listener, whod_status_store, finger_ignore_list);
+    let client_server_task = varlink_client_server_task(
+        zlink_listener,
+        whod_status_store,
+        rwhod_enabled,
+        fingerd_enabled,
+        finger_ignore_list,
+    );

    startup_token.cancel();

@@ -61,6 +61,7 @@ pub type VarlinkRuptimeResponse = Vec<WhodStatusUpdate>;
 pub enum VarlinkRwhodClientError {
    InvalidRequest,
    TimedOut,
+    Disabled,
 }

 // Types for 'no.ntnu.pvv.roowho2.finger'
@@ -105,6 +106,7 @@ pub type VarlinkFingerResponse = Vec<FingerResponseUserEntry>;
 pub enum VarlinkFingerClientError {
    InvalidRequest,
    TimedOut,
+    Disabled,
 }

 // --------------------
@@ -136,16 +138,22 @@ pub enum VarlinkReplyError {
 #[derive(Debug, Clone)]
 pub struct VarlinkRoowhoo2ClientServer {
    whod_status_store: RwhodStatusStore,
+    rwhod_enabled: bool,
+    fingerd_enabled: bool,
    finger_ignore_list: Option<IgnoreList>,
 }

 impl VarlinkRoowhoo2ClientServer {
    pub fn new(
        whod_status_store: RwhodStatusStore,
+        rwhod_enabled: bool,
+        fingerd_enabled: bool,
        finger_ignore_list: Option<IgnoreList>,
    ) -> Self {
        Self {
            whod_status_store,
+            rwhod_enabled,
+            fingerd_enabled,
            finger_ignore_list,
        }
    }
@@ -265,6 +273,15 @@ impl zlink::Service<zlink::unix::Stream> for VarlinkRoowhoo2ClientServer {
    > {
        match call.method() {
            VarlinkMethod::Rwhod(VarlinkRwhodClientRequest::Rwho { all }) => {
+                if !self.rwhod_enabled {
+                    return (
+                        MethodReply::Error(VarlinkReplyError::Rwhod(
+                            VarlinkRwhodClientError::Disabled,
+                        )),
+                        Default::default(),
+                    );
+                }
+
                let result =
                    match timeout(Duration::from_secs(2), self.handle_rwho_request(*all)).await {
                        Ok(response) => response,
@@ -287,6 +304,15 @@ impl zlink::Service<zlink::unix::Stream> for VarlinkRoowhoo2ClientServer {
                )
            }
            VarlinkMethod::Rwhod(VarlinkRwhodClientRequest::Ruptime { all }) => {
+                if !self.rwhod_enabled {
+                    return (
+                        MethodReply::Error(VarlinkReplyError::Rwhod(
+                            VarlinkRwhodClientError::Disabled,
+                        )),
+                        Default::default(),
+                    );
+                }
+
                let result = match timeout(
                    Duration::from_secs(2),
                    self.handle_ruptime_request(*all),
@@ -320,6 +346,15 @@ impl zlink::Service<zlink::unix::Stream> for VarlinkRoowhoo2ClientServer {
                disable_user_account_db,
                raw_remote_output,
            }) => {
+                if !self.fingerd_enabled {
+                    return (
+                        MethodReply::Error(VarlinkReplyError::Finger(
+                            VarlinkFingerClientError::Disabled,
+                        )),
+                        Default::default(),
+                    );
+                }
+
                let result = match timeout(
                    Duration::from_secs(2),
                    self.handle_finger_request(
@@ -359,9 +394,16 @@ impl zlink::Service<zlink::unix::Stream> for VarlinkRoowhoo2ClientServer {
 pub async fn varlink_client_server_task(
    socket: zlink::unix::Listener,
    whod_status_store: RwhodStatusStore,
+    rwhod_enabled: bool,
+    fingerd_enabled: bool,
    finger_ignore_list: Option<IgnoreList>,
 ) -> anyhow::Result<()> {
-    let service = VarlinkRoowhoo2ClientServer::new(whod_status_store, finger_ignore_list);
+    let service = VarlinkRoowhoo2ClientServer::new(
+        whod_status_store,
+        rwhod_enabled,
+        fingerd_enabled,
+        finger_ignore_list,
+    );

    let server = zlink::Server::new(socket, service);