libcreds patch

Markku Savela (none) msa at moth.iki.fi
Thu Jan 14 03:58:18 PST 2010 

In Jan 2009 I posted a prelimary patch that added support to use
*current* credentials of the client in policy decision. I've somewhat
revised the code. Making these patch mails is all new to me, I hope I
get this right. "git send-email" seems to put the patch to next
message.

The diff is against dbug git 1.3.0 tree (I hope)...

... so now we can open discussion whether it is possible to have this
in 1.4?

----

I propose adding a new syntax for policy construct as

  <policy creds="credentials-value"> ...

The credentials value in my prototype implementation can be

- if your policy depends on the uid of the client process (essentially
  replicates the <policy user=username> (but, for completenes):

    "UID::username"

- if your policy depends on gid of the client process (as contained in
  credentials of the process context -- not based on uid and
  /etc/group):

     "GID::groupname"

 - if your policy depens on presence of GID or any supplementary
   group, then used

     "GRP::groupname"

- if your policy depends on client having some capability set
  (effective) its credentials, then

     "CAP::capability-name"

Examples...

  <policy creds="UID::root"> ...
  <policy creds="GID::audio"> ...
  <policy creds="CAP::cap_net_bind_service"> ...

The credential-value has the "namespace"-like prefix ("UID", "GID",
"GRP", "CAP"), because in future, there might be additional types of
credentials that might be checked against.

The current commonly used linux kernels do not have a proper way for
accessing the credentials of another task. But, for a reference
implementation, the information required by above policies can be
extracted from "/proc/<pid>/status" at some parsing cost (and with
additional limitation that only 32 supplementary groups can be seen).

I've writen a separate library, which I have named "libcreds", which
hides the nasty details. From this library, my proposed DBus patch
uses the following three functions

 // Get credential of another process
     creds_t creds_gettask(pid_t pid);
 // Convert credentials literal to value  (returns creds type: cap/uid/gid)
     long creds_str2creds(const char *credential, creds_value_t *value);
 // Check whether a specific credential is present
     int creds_have_p(const creds_t creds, creds_type_t type, creds_value_t value);
 // Free credentials blob
     void creds_free(creds_t creds);

I have made the libcreds library available on gitorius.org with

git clone git://gitorious.org/libcreds/libcreds.git

(it should build and compile on any reasonably recent linux -- I've
test compiled only on maemo scratchbox and Ubuntu systems).

More information about the dbus mailing list