[systemd-commits] 9 commits - .gitignore Makefile.am src/bus-proxyd test/bus-policy
Daniel Mack
zonque at kemper.freedesktop.org
Sat Sep 20 09:50:39 PDT 2014
.gitignore | 1
Makefile.am | 20 ++
src/bus-proxyd/bus-policy.c | 284 ++++++++++++++++++++++++++++++++-------
src/bus-proxyd/bus-policy.h | 2
src/bus-proxyd/test-bus-policy.c | 165 ++++++++++++++++++++++
test/bus-policy/hello.conf | 14 +
test/bus-policy/methods.conf | 15 ++
test/bus-policy/ownerships.conf | 24 +++
test/bus-policy/signals.conf | 15 ++
9 files changed, 492 insertions(+), 48 deletions(-)
New commits:
commit 20725d929ff566e53d7a857d6f0ee94aa8383469
Author: Daniel Mack <daniel at zonque.org>
Date: Fri Sep 19 14:50:53 2014 +0200
bus-policy: add test utility
Add some test files and routines for dbus policy checking.
diff --git a/.gitignore b/.gitignore
index 2889460..b78a4cb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -146,6 +146,7 @@
/test-bus-match
/test-bus-memfd
/test-bus-objects
+/test-bus-policy
/test-bus-server
/test-bus-signature
/test-bus-zero-copy
diff --git a/Makefile.am b/Makefile.am
index f80ffc6..6b2ca29 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1342,7 +1342,8 @@ tests += \
test-async \
test-ratelimit \
test-condition-util \
- test-uid-range
+ test-uid-range \
+ test-bus-policy
EXTRA_DIST += \
test/a.service \
@@ -1374,7 +1375,12 @@ EXTRA_DIST += \
test/sysinit.target \
test/testsuite.target \
test/timers.target \
- test/unstoppable.service
+ test/unstoppable.service \
+ test/bus-policy/hello.conf \
+ test/bus-policy/methods.conf \
+ test/bus-policy/ownerships.conf \
+ test/bus-policy/signals.conf
+
EXTRA_DIST += \
src/test/test-helper.h
@@ -1782,6 +1788,16 @@ test_conf_files_SOURCES = \
test_conf_files_LDADD = \
libsystemd-shared.la
+test_bus_policy_SOURCES = \
+ src/bus-proxyd/test-bus-policy.c \
+ src/bus-proxyd/bus-policy.c \
+ src/bus-proxyd/bus-policy.h
+
+test_bus_policy_LDADD = \
+ libsystemd-capability.la \
+ libsystemd-internal.la \
+ libsystemd-shared.la
+
# ------------------------------------------------------------------------------
## .PHONY so it always rebuilds it
.PHONY: coverage lcov-run lcov-report coverage-sync
diff --git a/src/bus-proxyd/test-bus-policy.c b/src/bus-proxyd/test-bus-policy.c
new file mode 100644
index 0000000..ed17bfe
--- /dev/null
+++ b/src/bus-proxyd/test-bus-policy.c
@@ -0,0 +1,165 @@
+/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
+
+/***
+ This file is part of systemd.
+
+ Copyright 2014 Daniel Mack
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+***/
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include <sys/poll.h>
+#include <stddef.h>
+#include <getopt.h>
+
+#include "log.h"
+#include "util.h"
+#include "sd-bus.h"
+#include "bus-internal.h"
+#include "bus-message.h"
+#include "bus-util.h"
+#include "bus-internal.h"
+#include "build.h"
+#include "strv.h"
+#include "def.h"
+#include "capability.h"
+
+#include <bus-proxyd/bus-policy.h>
+
+static int make_name_request(sd_bus *bus,
+ const char *name,
+ sd_bus_message **ret) {
+
+ int r;
+ sd_bus_message *m = NULL;
+
+ r = sd_bus_message_new_method_call(bus, &m, "org.freedesktop.DBus", "/org/freedesktop/DBus", "org.freedesktop.DBus", "RequestName");
+ if (r < 0)
+ return r;
+
+ r = sd_bus_message_append_basic(m, 's', name);
+ if (r < 0)
+ return r;
+
+ m->sealed = 1;
+ sd_bus_message_rewind(m, true);
+
+ *ret = m;
+ return 0;
+}
+
+int main(int argc, char *argv[]) {
+
+ Policy p = {};
+ sd_bus_message *m;
+ struct ucred ucred = {};
+ _cleanup_bus_close_unref_ sd_bus *bus = NULL;;
+
+ assert_se(sd_bus_default_system(&bus) >= 0);
+
+ /* Fake pid for policy checks */
+ ucred.pid = 1;
+
+ /* Ownership tests */
+ assert_se(policy_load(&p, STRV_MAKE("test/bus-policy/ownerships.conf")) == 0);
+
+ assert_se(make_name_request(bus, "org.test.test1", &m) == 0);
+ ucred.uid = 0;
+ assert_se(policy_check(&p, m, &ucred) == true);
+ ucred.uid = 1;
+ assert_se(policy_check(&p, m, &ucred) == true);
+ assert_se(sd_bus_message_unref(m) == 0);
+
+ assert_se(make_name_request(bus, "org.test.test2", &m) == 0);
+ ucred.uid = 0;
+ assert_se(policy_check(&p, m, &ucred) == true);
+ ucred.uid = 1;
+ assert_se(policy_check(&p, m, &ucred) == false);
+ assert_se(sd_bus_message_unref(m) == 0);
+
+ assert_se(make_name_request(bus, "org.test.test3", &m) == 0);
+ ucred.uid = 0;
+ assert_se(policy_check(&p, m, &ucred) == false);
+ ucred.uid = 1;
+ assert_se(policy_check(&p, m, &ucred) == false);
+ assert_se(sd_bus_message_unref(m) == 0);
+
+ assert_se(make_name_request(bus, "org.test.test4", &m) == 0);
+ ucred.uid = 0;
+ assert_se(policy_check(&p, m, &ucred) == false);
+ ucred.uid = 1;
+ assert_se(policy_check(&p, m, &ucred) == true);
+ assert_se(sd_bus_message_unref(m) == 0);
+
+ policy_free(&p);
+
+ /* Signal test */
+ assert_se(policy_load(&p, STRV_MAKE("test/bus-policy/signals.conf")) == 0);
+
+ assert_se(sd_bus_message_new_signal(bus, &m, "/an/object/path", "bli.bla.blubb", "Name") == 0);
+ ucred.uid = 0;
+ assert_se(policy_check(&p, m, &ucred) == true);
+
+ ucred.uid = 1;
+ assert_se(policy_check(&p, m, &ucred) == false);
+ assert_se(sd_bus_message_unref(m) == 0);
+
+ policy_free(&p);
+
+ /* Method calls */
+ assert_se(policy_load(&p, STRV_MAKE("test/bus-policy/methods.conf")) == 0);
+
+ ucred.uid = 0;
+ assert_se(sd_bus_message_new_method_call(bus, &m, "org.foo.bar", "/an/object/path", "bli.bla.blubb", "Member") == 0);
+ assert_se(policy_check(&p, m, &ucred) == false);
+
+ assert_se(sd_bus_message_new_method_call(bus, &m, "org.test.test1", "/an/object/path", "bli.bla.blubb", "Member") == 0);
+ assert_se(policy_check(&p, m, &ucred) == false);
+
+ bus->is_kernel = 1;
+ assert_se(sd_bus_message_new_method_call(bus, &m, "org.test.test1", "/an/object/path", "org.test.int1", "Member") == 0);
+ assert_se(policy_check(&p, m, &ucred) == true);
+
+ assert_se(sd_bus_message_new_method_call(bus, &m, "org.test.test1", "/an/object/path", "org.test.int2", "Member") == 0);
+ assert_se(policy_check(&p, m, &ucred) == true);
+
+ policy_free(&p);
+
+ /* User and groups */
+ assert_se(policy_load(&p, STRV_MAKE("test/bus-policy/hello.conf")) == 0);
+ assert_se(sd_bus_message_new_method_call(bus, &m, "org.freedesktop.DBus", "/org/freedesktop/DBus", "org.freedesktop.DBus", "Hello") == 0);
+ policy_dump(&p);
+
+ ucred.uid = 0;
+ assert_se(policy_check(&p, m, &ucred) == true);
+
+ ucred.uid = 1;
+ assert_se(policy_check(&p, m, &ucred) == false);
+
+ ucred.uid = 0;
+ ucred.gid = 1;
+ assert_se(policy_check(&p, m, &ucred) == false);
+
+ policy_free(&p);
+
+
+ return EXIT_SUCCESS;
+}
diff --git a/test/bus-policy/hello.conf b/test/bus-policy/hello.conf
new file mode 100644
index 0000000..af09893
--- /dev/null
+++ b/test/bus-policy/hello.conf
@@ -0,0 +1,14 @@
+<?xml version="1.0"?> <!--*-nxml-*-->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+
+ <policy context="default">
+ <allow user="*"/>
+
+ <deny user="1"/>
+ <deny group="1"/>
+ </policy>
+
+</busconfig>
diff --git a/test/bus-policy/methods.conf b/test/bus-policy/methods.conf
new file mode 100644
index 0000000..d6c28c7
--- /dev/null
+++ b/test/bus-policy/methods.conf
@@ -0,0 +1,15 @@
+<?xml version="1.0"?> <!--*-nxml-*-->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+
+ <policy context="default">
+ <deny send_type="method_call"/>
+
+ <deny send_destination="org.test.test1"/>
+ <allow send_destination="org.test.test1" send_interface="org.test.int1"/>
+ <allow send_destination="org.test.test1" send_interface="org.test.int2"/>
+ </policy>
+
+</busconfig>
diff --git a/test/bus-policy/ownerships.conf b/test/bus-policy/ownerships.conf
new file mode 100644
index 0000000..bc3a230
--- /dev/null
+++ b/test/bus-policy/ownerships.conf
@@ -0,0 +1,24 @@
+<?xml version="1.0"?> <!--*-nxml-*-->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+
+ <policy context="default">
+ <allow own="org.test.test1"/>
+ </policy>
+
+ <policy context="mandatory">
+ <deny own="org.test.test3"/>
+ </policy>
+
+ <policy user="root">
+ <allow own="org.test.test2"/>
+ <allow own="org.test.test3"/>
+ </policy>
+
+ <policy user="1">
+ <allow own="org.test.test4"/>
+ </policy>
+
+</busconfig>
diff --git a/test/bus-policy/signals.conf b/test/bus-policy/signals.conf
new file mode 100644
index 0000000..440e3fe
--- /dev/null
+++ b/test/bus-policy/signals.conf
@@ -0,0 +1,15 @@
+<?xml version="1.0"?> <!--*-nxml-*-->
+<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+
+<busconfig>
+
+ <policy context="default">
+ <allow send_type="signal"/>
+ </policy>
+
+ <policy user="1">
+ <deny send_type="signal"/>
+ </policy>
+
+</busconfig>
commit 38349552d8d6418229fee9ee68b1f470b4ad7a52
Author: Daniel Mack <daniel at zonque.org>
Date: Fri Sep 19 14:38:52 2014 +0200
bus-policy: add policy check function
Add policy_check() to actually check whether an incoming message is allowed
by the policy. The code is not yet used from the proxy daemon, though.
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index e870fbc..151d679 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -24,6 +24,7 @@
#include "strv.h"
#include "conf-files.h"
#include "bus-internal.h"
+#include "bus-message.h"
#include "bus-policy.h"
static void policy_item_free(PolicyItem *i) {
@@ -591,6 +592,161 @@ static int file_load(Policy *p, const char *path) {
}
}
+static bool is_matching_name_request(sd_bus_message *m, const char *name, bool prefix) {
+
+ char *n = NULL;
+ int r;
+
+ if (!sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "RequestName"))
+ return false;
+
+ r = sd_bus_message_read(m, "s", &n);
+ if (r < 0)
+ return false;
+
+ r = sd_bus_message_rewind(m, true);
+ if (r < 0)
+ return false;
+
+ if (prefix)
+ return startswith(name, n);
+ else
+ return streq_ptr(name, n);
+}
+
+static bool is_matching_call(PolicyItem *i, sd_bus_message *m, const char *name) {
+
+ if (i->message_type && (i->message_type != m->header->type))
+ return false;
+
+ if (i->path && (!m->path || !streq(i->path, m->path)))
+ return false;
+
+ if (i->member && (!m->member || !streq(i->member, m->member)))
+ return false;
+
+ if (i->interface && (!m->interface || !streq(i->interface, m->interface)))
+ return false;
+
+ if (i->name && (!name || !streq(i->name, name)))
+ return false;
+
+ return true;
+}
+
+enum {
+ ALLOW,
+ DUNNO,
+ DENY,
+};
+
+static int is_permissive(PolicyItem *i) {
+
+ return (i->type == POLICY_ITEM_ALLOW) ? ALLOW : DENY;
+}
+
+static int check_policy_item(PolicyItem *i, sd_bus_message *m, const struct ucred *ucred) {
+
+ switch (i->class) {
+ case POLICY_ITEM_SEND:
+ if ((m->bus->is_kernel && is_matching_call(i, m, m->destination)) ||
+ (!m->bus->is_kernel && is_matching_call(i, m, m->sender)))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_RECV:
+ if ((m->bus->is_kernel && is_matching_call(i, m, m->sender)) ||
+ (!m->bus->is_kernel && is_matching_call(i, m, m->destination)))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_OWN:
+ if (is_matching_name_request(m, i->name, false))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_OWN_PREFIX:
+ if (is_matching_name_request(m, i->name, true))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_USER:
+ if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "Hello") &&
+ (streq_ptr(i->name, "*") || (i->uid_valid && i->uid == ucred->uid)))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_GROUP:
+ if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "Hello") &&
+ (streq_ptr(i->name, "*") || (i->gid_valid && i->gid == ucred->gid)))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_IGNORE:
+ default:
+ break;
+ }
+
+ return DUNNO;
+}
+
+static int check_policy_items(PolicyItem *items, sd_bus_message *m, const struct ucred *ucred) {
+
+ PolicyItem *i;
+ int r, ret = DUNNO;
+
+ /* Check all policies in a set - a broader one might be followed by a more specific one,
+ * and the order of rules in policy definitions matters */
+ LIST_FOREACH(items, i, items) {
+ r = check_policy_item(i, m, ucred);
+ if (r != DUNNO)
+ ret = r;
+ }
+
+ return ret;
+}
+
+bool policy_check(Policy *p, sd_bus_message *m, const struct ucred *ucred) {
+
+ PolicyItem *items;
+ int r;
+
+ /*
+ * The policy check is implemented by the following logic:
+ *
+ * 1. Check mandatory items. If the message matches any of these, it is decisive.
+ * 2. See if the passed ucred match against the user/group hashmaps. A matching entry is also decisive.
+ * 3. Consult the defaults if non of the above matched with a more specific rule.
+ * 4. If the message isn't caught be the defaults either, reject it.
+ */
+
+ r = check_policy_items(p->mandatory_items, m, ucred);
+ if (r != DUNNO)
+ return r == ALLOW;
+
+ if (ucred->pid > 0) {
+ items = hashmap_get(p->user_items, UINT32_TO_PTR(ucred->uid));
+ if (items) {
+ r = check_policy_items(items, m, ucred);
+ if (r != DUNNO)
+ return r == ALLOW;
+ }
+
+ items = hashmap_get(p->group_items, UINT32_TO_PTR(ucred->gid));
+ if (items) {
+ r = check_policy_items(items, m, ucred);
+ if (r != DUNNO)
+ return r == ALLOW;
+ }
+ }
+
+ r = check_policy_items(p->default_items, m, ucred);
+ if (r != DUNNO)
+ return r == ALLOW;
+
+ return false;
+}
+
int policy_load(Policy *p, char **files) {
char **i;
int r;
diff --git a/src/bus-proxyd/bus-policy.h b/src/bus-proxyd/bus-policy.h
index a6ff5c3..2222716 100644
--- a/src/bus-proxyd/bus-policy.h
+++ b/src/bus-proxyd/bus-policy.h
@@ -76,6 +76,8 @@ typedef struct Policy {
int policy_load(Policy *p, char **files);
void policy_free(Policy *p);
+bool policy_check(Policy *p, sd_bus_message *m, const struct ucred *c);
+
void policy_dump(Policy *p);
const char* policy_item_type_to_string(PolicyItemType t) _const_;
commit ed91202f1c237a41a3ee3754a4a1d37139d7f34f
Author: Daniel Mack <daniel at zonque.org>
Date: Sat Sep 20 18:09:00 2014 +0200
bus-policy: print numeric [gu]id in dump_items()
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index 4bc575f..e870fbc 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -704,8 +704,8 @@ static void dump_items(PolicyItem *items, const char *prefix) {
user = uid_to_name(i->uid);
- printf("%sUser: %s\n",
- prefix, strna(user));
+ printf("%sUser: %s (%d)\n",
+ prefix, strna(user), i->uid);
}
if (i->gid_valid) {
@@ -713,8 +713,8 @@ static void dump_items(PolicyItem *items, const char *prefix) {
group = gid_to_name(i->gid);
- printf("%sGroup: %s\n",
- prefix, strna(group));
+ printf("%sGroup: %s (%d)\n",
+ prefix, strna(group), i->gid);
}
}
}
commit e42bb8d4ed7c81abbe416ef30436f7b4b9e07bad
Author: Daniel Mack <daniel at zonque.org>
Date: Sat Sep 20 15:59:40 2014 +0200
bus-policy: do not exit() from policy_dump()
This function is quite useful for debugging. Exiting from it seems
unnecessary.
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index 227742b..4bc575f 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -730,7 +730,7 @@ static void dump_hashmap_items(Hashmap *h) {
}
}
-noreturn void policy_dump(Policy *p) {
+void policy_dump(Policy *p) {
printf("%s Default Items:\n", draw_special_char(DRAW_ARROW));
dump_items(p->default_items, "\t");
@@ -743,8 +743,6 @@ noreturn void policy_dump(Policy *p) {
printf("%s Mandatory Items:\n", draw_special_char(DRAW_ARROW));
dump_items(p->mandatory_items, "\t");
-
- exit(0);
}
static const char* const policy_item_type_table[_POLICY_ITEM_TYPE_MAX] = {
commit 080edb3484dc3ecf8d914526fdd3090b40fdf5b6
Author: Daniel Mack <daniel at zonque.org>
Date: Fri Sep 19 14:05:18 2014 +0200
bus-policy: implement dump_items() with LIST_FOREACH
Instead of making the function call itself recursively.
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index ab16cda..227742b 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -658,64 +658,64 @@ void policy_free(Policy *p) {
p->user_items = p->group_items = NULL;
}
-static void dump_items(PolicyItem *i, const char *prefix) {
+static void dump_items(PolicyItem *items, const char *prefix) {
- if (!i)
+ PolicyItem *i;
+
+ if (!items)
return;
if (!prefix)
prefix = "";
- printf("%sType: %s\n"
- "%sClass: %s\n",
- prefix, policy_item_type_to_string(i->type),
- prefix, policy_item_class_to_string(i->class));
+ LIST_FOREACH(items, i, items) {
- if (i->interface)
- printf("%sInterface: %s\n",
- prefix, i->interface);
+ printf("%sType: %s\n"
+ "%sClass: %s\n",
+ prefix, policy_item_type_to_string(i->type),
+ prefix, policy_item_class_to_string(i->class));
- if (i->member)
- printf("%sMember: %s\n",
- prefix, i->member);
+ if (i->interface)
+ printf("%sInterface: %s\n",
+ prefix, i->interface);
- if (i->error)
- printf("%sError: %s\n",
- prefix, i->error);
+ if (i->member)
+ printf("%sMember: %s\n",
+ prefix, i->member);
- if (i->path)
- printf("%sPath: %s\n",
- prefix, i->path);
+ if (i->error)
+ printf("%sError: %s\n",
+ prefix, i->error);
- if (i->name)
- printf("%sName: %s\n",
- prefix, i->name);
+ if (i->path)
+ printf("%sPath: %s\n",
+ prefix, i->path);
- if (i->message_type != 0)
- printf("%sMessage Type: %s\n",
- prefix, bus_message_type_to_string(i->message_type));
+ if (i->name)
+ printf("%sName: %s\n",
+ prefix, i->name);
- if (i->uid_valid) {
- _cleanup_free_ char *user;
+ if (i->message_type != 0)
+ printf("%sMessage Type: %s\n",
+ prefix, bus_message_type_to_string(i->message_type));
- user = uid_to_name(i->uid);
+ if (i->uid_valid) {
+ _cleanup_free_ char *user;
- printf("%sUser: %s\n",
- prefix, strna(user));
- }
+ user = uid_to_name(i->uid);
- if (i->gid_valid) {
- _cleanup_free_ char *group;
+ printf("%sUser: %s\n",
+ prefix, strna(user));
+ }
- group = gid_to_name(i->gid);
+ if (i->gid_valid) {
+ _cleanup_free_ char *group;
- printf("%sGroup: %s\n",
- prefix, strna(group));
- }
+ group = gid_to_name(i->gid);
- if (i->items_next) {
- printf("%s%s\n", prefix, draw_special_char(DRAW_DASH));
- dump_items(i->items_next, prefix);
+ printf("%sGroup: %s\n",
+ prefix, strna(group));
+ }
}
}
commit 9eacea6b51bb86fb2c066bd4fa7cba28a17d12f3
Author: Daniel Mack <daniel at zonque.org>
Date: Sat Sep 20 04:34:30 2014 +0200
bus-policy: resolve [ug]id of POLICY_ITEM_{USER,GROUP}
Do the lookup during parsing already, and set i->uid, or i->gid to the
numerical values.
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index 2c4708d..ab16cda 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -525,8 +525,36 @@ static int file_load(Policy *p, const char *path) {
return -EINVAL;
}
+ switch (i->class) {
+ case POLICY_ITEM_USER:
+ if (!streq(name, "*")) {
+ const char *u = name;
+
+ r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
+ if (r < 0)
+ log_error("Failed to resolve user %s: %s", name, strerror(-r));
+ else
+ i->uid_valid = true;
+ }
+ break;
+ case POLICY_ITEM_GROUP:
+ if (!streq(name, "*")) {
+ const char *g = name;
+
+ r = get_group_creds(&g, &i->gid);
+ if (r < 0)
+ log_error("Failed to resolve group %s: %s", name, strerror(-r));
+ else
+ i->gid_valid = true;
+ }
+ break;
+ default:
+ break;
+ }
+
i->name = name;
name = NULL;
+
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (14) in %s:%u.", path, line);
commit c3502b59ec4e58a877003050e6c2fc668eee3129
Author: Daniel Mack <daniel at zonque.org>
Date: Sat Sep 20 16:34:31 2014 +0200
bus_policy: set i->[ug]id_valid
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index eed542d..2c4708d 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -364,6 +364,7 @@ static int file_load(Policy *p, const char *path) {
first = hashmap_get(p->user_items, UINT32_TO_PTR(i->uid));
item_append(i, &first);
+ i->uid_valid = true;
r = hashmap_replace(p->user_items, UINT32_TO_PTR(i->uid), first);
if (r < 0) {
@@ -395,6 +396,7 @@ static int file_load(Policy *p, const char *path) {
first = hashmap_get(p->group_items, UINT32_TO_PTR(i->gid));
item_append(i, &first);
+ i->gid_valid = true;
r = hashmap_replace(p->group_items, UINT32_TO_PTR(i->gid), first);
if (r < 0) {
commit e7eb49db071f9aab2a9bad0660962f2aa4d0c7d1
Author: Daniel Mack <daniel at zonque.org>
Date: Fri Sep 19 22:05:01 2014 +0200
bus-policy: append items rather than prepending them
In the D-Bus policy, the order of items matters, so make sure to store them
in the same order as they are parsed by the sax parser.
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index 8676d31..eed542d 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -39,6 +39,14 @@ static void policy_item_free(PolicyItem *i) {
DEFINE_TRIVIAL_CLEANUP_FUNC(PolicyItem*, policy_item_free);
+static void item_append(PolicyItem *i, PolicyItem **list) {
+
+ PolicyItem *tail;
+
+ LIST_FIND_TAIL(items, *list, tail);
+ LIST_INSERT_AFTER(items, *list, tail, i);
+}
+
static int file_load(Policy *p, const char *path) {
_cleanup_free_ char *c = NULL, *policy_user = NULL, *policy_group = NULL;
@@ -330,9 +338,9 @@ static int file_load(Policy *p, const char *path) {
}
if (policy_category == POLICY_CATEGORY_DEFAULT)
- LIST_PREPEND(items, p->default_items, i);
+ item_append(i, &p->default_items);
else if (policy_category == POLICY_CATEGORY_MANDATORY)
- LIST_PREPEND(items, p->mandatory_items, i);
+ item_append(i, &p->mandatory_items);
else if (policy_category == POLICY_CATEGORY_USER) {
const char *u = policy_user;
@@ -355,7 +363,7 @@ static int file_load(Policy *p, const char *path) {
PolicyItem *first;
first = hashmap_get(p->user_items, UINT32_TO_PTR(i->uid));
- LIST_PREPEND(items, first, i);
+ item_append(i, &first);
r = hashmap_replace(p->user_items, UINT32_TO_PTR(i->uid), first);
if (r < 0) {
@@ -386,7 +394,7 @@ static int file_load(Policy *p, const char *path) {
PolicyItem *first;
first = hashmap_get(p->group_items, UINT32_TO_PTR(i->gid));
- LIST_PREPEND(items, first, i);
+ item_append(i, &first);
r = hashmap_replace(p->group_items, UINT32_TO_PTR(i->gid), first);
if (r < 0) {
commit 303174638af7a8fcf6211fb99b8d07c9d270567e
Author: Daniel Mack <daniel at zonque.org>
Date: Fri Sep 19 17:50:41 2014 +0200
bus-policy: story mandatory items in right list
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index d2eace9..8676d31 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -332,7 +332,7 @@ static int file_load(Policy *p, const char *path) {
if (policy_category == POLICY_CATEGORY_DEFAULT)
LIST_PREPEND(items, p->default_items, i);
else if (policy_category == POLICY_CATEGORY_MANDATORY)
- LIST_PREPEND(items, p->default_items, i);
+ LIST_PREPEND(items, p->mandatory_items, i);
else if (policy_category == POLICY_CATEGORY_USER) {
const char *u = policy_user;
More information about the systemd-commits
mailing list