Enforce root permission on AccessPoint constructor

josephrhobbs · josephrhobbs · commit a1cbb344fb01 · 2024-08-13T10:59:07.000-04:00
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/proton_err/src/error.rs b/proton_err/src/error.rs
@@ -39,6 +39,9 @@ pub enum ProtonError {
     /// Could not parse into CIDR range.
     CouldNotParseAsCidr (String),
 
+    /// Root permissions required.
+    MustHaveRootPermissions,
+
     /// CIDR range must contain network gateway.
     CidrMustContainGateway {
         /// Provided CIDR network range.
@@ -57,6 +60,7 @@ impl Display for ProtonError {
         use ProtonError::*;
         let error = match self {
             MustBeEthernetInterface => "must be Ethernet interface",
+            MustHaveRootPermissions => "must execute with root permissions",
             HotspotNotInitialized => "hotspot not initialized",
             CouldNotFindWirelessInterface => "could not find wireless interface",
             CouldNotGetDeviceInformation => "could not get wireless device information",
diff --git a/proton_wap/Cargo.toml b/proton_wap/Cargo.toml
@@ -8,6 +8,7 @@ name = "proton_wap"
 path = "src/lib.rs"
 
 [dependencies]
+nix = { version = "0.29.0", features = ["user"] }
 
 [dependencies.network-manager]
 path = "../network-manager"
diff --git a/proton_wap/src/ap.rs b/proton_wap/src/ap.rs
@@ -8,6 +8,8 @@ use network_manager::{
     ConnectionState,
 };
 
+use nix::unistd::Uid;
+
 use proton_cfg::HotspotConfig;
 
 use proton_dev::{
@@ -21,6 +23,14 @@ use proton_err::{
 };
 
 /// A wireless access point.
+/// 
+/// **Note**: to construct and use this, you must run the associated
+/// binary with root permissions.  This is because some of the functionality
+/// of the `AccessPoint` structure requires direct control over your
+/// device's network interface.
+/// 
+/// This is enforced by `AccessPoint::new()`, as the constructor will return
+/// a `ProtonError` if you attempt to execute it without root permission.
 pub struct AccessPoint {
     /// Device discovery manager.
     device_manager: DeviceManager,
@@ -44,6 +54,11 @@ impl AccessPoint {
         wlifname: &str,
         config: HotspotConfig,
     ) -> ProtonResult<Self> {
+        // Check if the user is `root`
+        if !Uid::effective().is_root() {
+            return Err (ProtonError::MustHaveRootPermissions);
+        }
+
         // Initialize NetworkManager API
         let network_manager = NetworkManager::new();
 
