From 21945c73ab40fd3840bb51cf279be75744d428f7 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Wed, 24 Jun 2026 12:47:15 +0900
Subject: [PATCH] {rwhod,fingerd}: disable varlink endpoints according to
 config

---
 src/bin/roowhod.rs        | 13 ++++++++++--
 src/server/varlink_api.rs | 44 ++++++++++++++++++++++++++++++++++++++-
 2 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/src/bin/roowhod.rs b/src/bin/roowhod.rs
index bfa6772..9c1dbf6 100644
--- a/src/bin/roowhod.rs
+++ b/src/bin/roowhod.rs
@@ -116,6 +116,8 @@ async fn main() -> anyhow::Result<()> {
             .try_clone()
             .context("Failed to clone RWHOD client-server socket fd")?,
         whod_status_store.clone(),
+        config.rwhod.enable,
+        config.fingerd.enable,
         finger_ignore_list,
         client_server_token,
     ));
@@ -155,6 +157,8 @@ async fn rwhod_server(
 async fn client_server(
     socket_fd: OwnedFd,
     whod_status_store: RwhodStatusStore,
+    rwhod_enabled: bool,
+    fingerd_enabled: bool,
     finger_ignore_list: Option<IgnoreList>,
     startup_token: CancellationToken,
 ) -> anyhow::Result<()> {
@@ -163,8 +167,13 @@ async fn client_server(
         unsafe { std::os::unix::net::UnixListener::from_raw_fd(socket_fd.as_raw_fd()) };
     std_socket.set_nonblocking(true)?;
     let zlink_listener = zlink::unix::Listener::try_from(OwnedFd::from(std_socket))?;
-    let client_server_task =
-        varlink_client_server_task(zlink_listener, whod_status_store, finger_ignore_list);
+    let client_server_task = varlink_client_server_task(
+        zlink_listener,
+        whod_status_store,
+        rwhod_enabled,
+        fingerd_enabled,
+        finger_ignore_list,
+    );
 
     startup_token.cancel();
 
diff --git a/src/server/varlink_api.rs b/src/server/varlink_api.rs
index 8da7cec..04ad98e 100644
--- a/src/server/varlink_api.rs
+++ b/src/server/varlink_api.rs
@@ -61,6 +61,7 @@ pub type VarlinkRuptimeResponse = Vec<WhodStatusUpdate>;
 pub enum VarlinkRwhodClientError {
     InvalidRequest,
     TimedOut,
+    Disabled,
 }
 
 // Types for 'no.ntnu.pvv.roowho2.finger'
@@ -105,6 +106,7 @@ pub type VarlinkFingerResponse = Vec<FingerResponseUserEntry>;
 pub enum VarlinkFingerClientError {
     InvalidRequest,
     TimedOut,
+    Disabled,
 }
 
 // --------------------
@@ -136,16 +138,22 @@ pub enum VarlinkReplyError {
 #[derive(Debug, Clone)]
 pub struct VarlinkRoowhoo2ClientServer {
     whod_status_store: RwhodStatusStore,
+    rwhod_enabled: bool,
+    fingerd_enabled: bool,
     finger_ignore_list: Option<IgnoreList>,
 }
 
 impl VarlinkRoowhoo2ClientServer {
     pub fn new(
         whod_status_store: RwhodStatusStore,
+        rwhod_enabled: bool,
+        fingerd_enabled: bool,
         finger_ignore_list: Option<IgnoreList>,
     ) -> Self {
         Self {
             whod_status_store,
+            rwhod_enabled,
+            fingerd_enabled,
             finger_ignore_list,
         }
     }
@@ -265,6 +273,15 @@ impl zlink::Service<zlink::unix::Stream> for VarlinkRoowhoo2ClientServer {
     > {
         match call.method() {
             VarlinkMethod::Rwhod(VarlinkRwhodClientRequest::Rwho { all }) => {
+                if !self.rwhod_enabled {
+                    return (
+                        MethodReply::Error(VarlinkReplyError::Rwhod(
+                            VarlinkRwhodClientError::Disabled,
+                        )),
+                        Default::default(),
+                    );
+                }
+
                 let result =
                     match timeout(Duration::from_secs(2), self.handle_rwho_request(*all)).await {
                         Ok(response) => response,
@@ -287,6 +304,15 @@ impl zlink::Service<zlink::unix::Stream> for VarlinkRoowhoo2ClientServer {
                 )
             }
             VarlinkMethod::Rwhod(VarlinkRwhodClientRequest::Ruptime { all }) => {
+                if !self.rwhod_enabled {
+                    return (
+                        MethodReply::Error(VarlinkReplyError::Rwhod(
+                            VarlinkRwhodClientError::Disabled,
+                        )),
+                        Default::default(),
+                    );
+                }
+
                 let result = match timeout(
                     Duration::from_secs(2),
                     self.handle_ruptime_request(*all),
@@ -320,6 +346,15 @@ impl zlink::Service<zlink::unix::Stream> for VarlinkRoowhoo2ClientServer {
                 disable_user_account_db,
                 raw_remote_output,
             }) => {
+                if !self.fingerd_enabled {
+                    return (
+                        MethodReply::Error(VarlinkReplyError::Finger(
+                            VarlinkFingerClientError::Disabled,
+                        )),
+                        Default::default(),
+                    );
+                }
+
                 let result = match timeout(
                     Duration::from_secs(2),
                     self.handle_finger_request(
@@ -359,9 +394,16 @@ impl zlink::Service<zlink::unix::Stream> for VarlinkRoowhoo2ClientServer {
 pub async fn varlink_client_server_task(
     socket: zlink::unix::Listener,
     whod_status_store: RwhodStatusStore,
+    rwhod_enabled: bool,
+    fingerd_enabled: bool,
     finger_ignore_list: Option<IgnoreList>,
 ) -> anyhow::Result<()> {
-    let service = VarlinkRoowhoo2ClientServer::new(whod_status_store, finger_ignore_list);
+    let service = VarlinkRoowhoo2ClientServer::new(
+        whod_status_store,
+        rwhod_enabled,
+        fingerd_enabled,
+        finger_ignore_list,
+    );
 
     let server = zlink::Server::new(socket, service);