New policy type to check client credentials?

[Markku Savela]

> From: Havoc Pennington <havoc.pennington at gmail.com>
> On Fri, Jan 30, 2009 at 1:28 PM, Michael Biebl <mbiebl at gmail.com> wrote:
> > One complaint I heard a few times already, is that the dbus group
> > policy does not work with dynamically assigned groups, i.e. pam_group.

> There's just no way to know when the group list changes, except for
> an extremely expensive reload operation that's not realistic
> per-dbus-message.

Possibly, I may have misunderstood how the DBus policy checking goes?
But, I assumed that the function bus_policy_create_client_policy (in
bus/policy.c) is called when the client connects. This is the
function, where I have the patch to access the clients credentials
based on the client pid. This check does not read /etc/groups or
anything, it only reads the client task context from kernel.

This is supposed to build a set of policy what client can do and
not. For me, it is actually a designed feature, that the resulting
policy is based on the dynamic credentials the client has at the time
of connection. It does not matter if the groups in process context are
changed after that.

The actual translation of credentails names (like groups) into numbers
is done in start_busconfig_child (in config-parser.c). If the mapping
from names to numbers (gids) changes, the policy configuration should
probably need to be reread.

I don't know how the PAM works in this respect, but if it just has the
groups as supplementary groups in the task context, then the creds
patch should work for them.

What is the best way to give this for evaluation? The patch is two components

- libcreds1 library (separate, because I wish this to be standard
  feature). And this is only reference implementation based on
  /sys/<pid>/proc info, until kernel has proper API for this.

- actual DBus patch.

Just post to this list? Or send to someone for preview?

-- 
Markku Savela