dbus/dbus dbus-sysdeps.c, 1.76, 1.77 dbus-sysdeps.h, 1.41,
1.42 dbus-userdb.c, 1.9, 1.10 dbus-userdb.h, 1.5, 1.6
John Palmieri
johnp at freedesktop.org
Wed Aug 25 15:11:51 PDT 2004
Update of /cvs/dbus/dbus/dbus
In directory gabe:/tmp/cvs-serv32576/dbus
Modified Files:
dbus-sysdeps.c dbus-sysdeps.h dbus-userdb.c dbus-userdb.h
Log Message:
Console user security policy
* bus/config-parser.c:
(struct PolicyType): Add POLICY_CONSOLE
(struct Element.d.policy): s/gid_or_uid/gid_uid_or_at_console
(start_busconfig_child): Sets up console element when
<policy at_console=""> is encountered in a policy file
(append_rule_from_element): Convert console elements to console
rules.
* bus/policy.c:
(bus_policy_create_client_policy): Add console rules to the client
policy based on if the client is at the console
(bus_policy_append_console_rule): New function for adding a
console rule to a policy
(bus_policy_merge): Handle console rule merging
* dbus/dbus-sysdeps.h: Added the DBUS_CONSOLE_DIR constant
where we check for console user files
* dbus/dbus-sysdeps.c:
(_dbus_file_exists): New function which checks if the given
file exists
(_dbus_user_at_console): New function which does the system
specific process of checking if the user is at the console
* dbus/dbus-userdb.c:
(_dbus_is_console_user): New function converts a UID to user name
and then calls the system specific _dbus_user_at_console to
see if the user is at the console and therefor a console user
Index: dbus-sysdeps.c
===================================================================
RCS file: /cvs/dbus/dbus/dbus/dbus-sysdeps.c,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -d -r1.76 -r1.77
--- dbus-sysdeps.c 23 Aug 2004 04:33:53 -0000 1.76
+++ dbus-sysdeps.c 25 Aug 2004 22:11:49 -0000 1.77
@@ -3332,6 +3332,55 @@
sigaction (sig, &act, 0);
}
+/** Checks if a file exists
+*
+* @param file full path to the file
+* @returns #TRUE if file exists
+*/
+dbus_bool_t
+_dbus_file_exists (const char *file)
+{
+ return (access (file, F_OK) == 0);
+}
+
+/** Checks if user is at the console
+*
+* @param username user to check
+* @param error return location for errors
+* @returns #TRUE is the user is at the consolei and there are no errors
+*/
+dbus_bool_t
+_dbus_user_at_console (const char *username,
+ DBusError *error)
+{
+
+ DBusString f;
+ dbus_bool_t result;
+
+ if (!_dbus_string_init (&f))
+ {
+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
+ return FALSE;
+ }
+
+ if (!_dbus_string_append (&f, DBUS_CONSOLE_DIR))
+ {
+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
+ return FALSE;
+ }
+
+
+ if (!_dbus_string_append (&f, username))
+ {
+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
+ return FALSE;
+ }
+
+ result = _dbus_file_exists (_dbus_string_get_const_data (&f));
+ _dbus_string_free (&f);
+
+ return result;
+}
#ifdef DBUS_BUILD_TESTS
#include <stdlib.h>
Index: dbus-sysdeps.h
===================================================================
RCS file: /cvs/dbus/dbus/dbus/dbus-sysdeps.h,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -d -r1.41 -r1.42
--- dbus-sysdeps.h 10 Aug 2004 03:07:00 -0000 1.41
+++ dbus-sysdeps.h 25 Aug 2004 22:11:49 -0000 1.42
@@ -99,6 +99,8 @@
#define DBUS_UID_FORMAT "%lu"
#define DBUS_GID_FORMAT "%lu"
+#define DBUS_CONSOLE_DIR "/var/run/console/"
+
/**
* Struct representing socket credentials
*/
@@ -309,6 +311,9 @@
void _dbus_set_signal_handler (int sig,
DBusSignalHandler handler);
+dbus_bool_t _dbus_file_exists (const char *file);
+dbus_bool_t _dbus_user_at_console (const char *username,
+ DBusError *error);
/* Define DBUS_VA_COPY() to do the right thing for copying va_list variables.
* config.h may have already defined DBUS_VA_COPY as va_copy or __va_copy.
Index: dbus-userdb.c
===================================================================
RCS file: /cvs/dbus/dbus/dbus/dbus-userdb.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- dbus-userdb.c 10 Aug 2004 03:07:00 -0000 1.9
+++ dbus-userdb.c 25 Aug 2004 22:11:49 -0000 1.10
@@ -38,6 +38,7 @@
DBusHashTable *groups; /**< Groups in the database by GID */
DBusHashTable *users_by_name; /**< Users in the database by name */
DBusHashTable *groups_by_name; /**< Groups in the database by name */
+
};
static void
@@ -399,6 +400,48 @@
}
/**
+ * Checks to see if the UID sent in is the console user
+ *
+ * @param uid UID of person to check
+ * @param error return location for errors
+ * @returns #TRUE if the UID is the same as the console user and there are no errors
+ */
+dbus_bool_t
+_dbus_is_console_user (dbus_uid_t uid,
+ DBusError *error)
+{
+
+ DBusUserDatabase *db;
+ const DBusUserInfo *info;
+ DBusString *console_file;
+ dbus_bool_t result = FALSE;
+
+ _dbus_user_database_lock_system ();
+
+ db = _dbus_user_database_get_system ();
+ if (db == NULL)
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED, "Could not get system database.");
+ _dbus_user_database_unlock_system ();
+ return FALSE;
+ }
+
+ info = _dbus_user_database_lookup (db, uid, NULL, error);
+
+ if (info == NULL)
+ {
+ _dbus_user_database_unlock_system ();
+ return FALSE;
+ }
+
+ result = _dbus_user_at_console (info->username, error);
+
+ _dbus_user_database_unlock_system ();
+
+ return result;
+}
+
+/**
* Gets group ID given groupname
*
* @param groupname the groupname
Index: dbus-userdb.h
===================================================================
RCS file: /cvs/dbus/dbus/dbus/dbus-userdb.h,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- dbus-userdb.h 10 Aug 2004 03:07:00 -0000 1.5
+++ dbus-userdb.h 25 Aug 2004 22:11:49 -0000 1.6
@@ -56,7 +56,6 @@
DBusError *error);
-
DBusUserDatabase* _dbus_user_database_get_system (void);
void _dbus_user_database_lock_system (void);
void _dbus_user_database_unlock_system (void);
@@ -75,6 +74,8 @@
DBusCredentials *credentials);
dbus_bool_t _dbus_credentials_from_uid (dbus_uid_t user_id,
DBusCredentials *credentials);
+dbus_bool_t _dbus_is_console_user (dbus_uid_t uid,
+ DBusError *error);
DBUS_END_DECLS;
More information about the dbus-commit
mailing list