From d8cdb5ac649bf1479db143a88d37a641378a57d8 Mon Sep 17 00:00:00 2001
From: sergiotarxz <sergiotarxz@posteo.net>
Date: Thu, 11 Nov 2021 21:38:06 +0100
Subject: [PATCH] Adding group authentication to the daemon.

---
 .../lib/Cualsea/Server/MessageController.pm   | 45 ++++++++++++++++++-
 1 file changed, 43 insertions(+), 2 deletions(-)

diff --git a/cualsea-server/lib/Cualsea/Server/MessageController.pm b/cualsea-server/lib/Cualsea/Server/MessageController.pm
index fa68741..dffe77a 100644
--- a/cualsea-server/lib/Cualsea/Server/MessageController.pm
+++ b/cualsea-server/lib/Cualsea/Server/MessageController.pm
@@ -6,6 +6,7 @@ use strict;
 use warnings;
 
 use Data::Dumper;
+use Socket qw/SOL_SOCKET SO_PEERCRED/;
 
 use Params::ValidationCompiler qw/validation_for/;
 use Types::Standard qw/Object HashRef/;
@@ -30,14 +31,54 @@ sub new {
         my $socket          = $params{socket};
         my $message_manager = Cualsea::MessageManager->new( socket => $socket );
         my $message         = $message_manager->read_message;
+        if ( !$self->check_if_user_has_permissions( socket => $socket )  ) {
+            $self->write_no_permission( message_manager => $message_manager );
+        }
         if ( !$self->check_is_command( message => $message ) ) {
-            $self->write_malformed(
-                message_manager => $message_manager );
+            $self->write_malformed( message_manager => $message_manager );
             return;
         }
         $message_manager->write_message( message => $message );
     }
 }
+
+{
+    my $validator = validation_for(
+        params => {
+            socket => { type => Object },
+        }
+    );
+
+    sub check_if_user_has_permissions {
+        my $self   = shift;
+        my %params = $validator->(@_);
+        my $socket = $params{socket};
+        my ($pid, $uid, $gid) = unpack 'LLL', $socket->sockopt(SO_PEERCRED);
+        my $user = getpwuid($uid);
+        while (my ($name, undef, undef, $members) = getgrent()) {
+            if ($name eq 'cualsea') {
+                return List::Util::any { $_ eq $user } split ',', $members;
+                last;
+            }
+        }
+    }
+}
+{
+    my $validator = validation_for(
+        params => {
+            message_manager => { type => Object }
+        }
+    );
+
+    sub write_no_permission {
+        my $self            = shift;
+        my %params          = $validator->(@_);
+        my $message_manager = $params{message_manager};
+        $message_manager->write_message(
+            message => { is_error => 1, status => 403 } );
+    }
+}
+
 {
     my $validator = validation_for(
         params => {