[asterisk-dev] Implementing asterisk CLI permissions, feedback needed

[Eliel Sardañons]

Hello,
    I start coding a patch to add permissions to run certain CLI
commands and prevent others to being executed by particular
users/groups.
The credentials of the user/group that runs the CLI commands are being
passed via the local socket (using SCM_CREDENTIALS, POSIX compatible),
the user and group being passed to the asterisk server are the owners
of the rasterisk process. The configuration file is permissions.conf,
having a '[user]' for the user and a [@group] for the group defining
inside the 'sections' the permitted and denied commands. For example:

[eliel]
deny=all
permit=sip
permit=iax

With this permissions, the user 'eliel' will only be able to run
'sip*' and 'iax*' commands, so 'sip show peers' will be allowed.

The code implements a read() wrapper called read_credentials() that
will be used to read the commands from the socket, and the vconsole
structure was modified to have a uid and gid values in it. The
permissions are loaded in a linkedlist and a function called
cli_has_permissions() is the one that checks if a user is allowed to
run a specified command. The group policy is overwritten by the user
policy, so if a user 'eliel' is in a group 'greliel', and the group
'greliel' denied the execution of the command 'sip show peer' but that
command is allowed for the user 'eliel', then the user will be allowed
to run that command, but if we remove the 'eliel's policy and will
only leave the 'greliel' policies, the the user 'eliel' won't be
allowed to run the command 'sip show peer'.

The patch was uploaded in issue #0011123,

I would like to start a discussion about the desing of this feature,
and testing the code in other non-Linux enviroments.

Thanks in advanced (and sorry for my poor english)

-- 
Eliel Sardañons