libcreds patch
Markku Savela (none)
msa at moth.iki.fi
Thu Jan 14 03:58:18 PST 2010
In Jan 2009 I posted a prelimary patch that added support to use
*current* credentials of the client in policy decision. I've somewhat
revised the code. Making these patch mails is all new to me, I hope I
get this right. "git send-email" seems to put the patch to next
message.
The diff is against dbug git 1.3.0 tree (I hope)...
... so now we can open discussion whether it is possible to have this
in 1.4?
----
I propose adding a new syntax for policy construct as
<policy creds="credentials-value"> ...
The credentials value in my prototype implementation can be
- if your policy depends on the uid of the client process (essentially
replicates the <policy user=username> (but, for completenes):
"UID::username"
- if your policy depends on gid of the client process (as contained in
credentials of the process context -- not based on uid and
/etc/group):
"GID::groupname"
- if your policy depens on presence of GID or any supplementary
group, then used
"GRP::groupname"
- if your policy depends on client having some capability set
(effective) its credentials, then
"CAP::capability-name"
Examples...
<policy creds="UID::root"> ...
<policy creds="GID::audio"> ...
<policy creds="CAP::cap_net_bind_service"> ...
The credential-value has the "namespace"-like prefix ("UID", "GID",
"GRP", "CAP"), because in future, there might be additional types of
credentials that might be checked against.
The current commonly used linux kernels do not have a proper way for
accessing the credentials of another task. But, for a reference
implementation, the information required by above policies can be
extracted from "/proc/<pid>/status" at some parsing cost (and with
additional limitation that only 32 supplementary groups can be seen).
I've writen a separate library, which I have named "libcreds", which
hides the nasty details. From this library, my proposed DBus patch
uses the following three functions
// Get credential of another process
creds_t creds_gettask(pid_t pid);
// Convert credentials literal to value (returns creds type: cap/uid/gid)
long creds_str2creds(const char *credential, creds_value_t *value);
// Check whether a specific credential is present
int creds_have_p(const creds_t creds, creds_type_t type, creds_value_t value);
// Free credentials blob
void creds_free(creds_t creds);
I have made the libcreds library available on gitorius.org with
git clone git://gitorious.org/libcreds/libcreds.git
(it should build and compile on any reasonably recent linux -- I've
test compiled only on maemo scratchbox and Ubuntu systems).
More information about the dbus
mailing list