diff options
author | Havoc Pennington <hp@redhat.com> | 2003-10-14 22:16:03 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2003-10-14 22:16:03 +0000 |
commit | 3251264ac483680b4a5fe808729f7e3b34f41fd4 (patch) | |
tree | 0b2a953be7b1a858c5759158e834de3d2d1b763e /bus/policy.c | |
parent | b704a068a92c00b50e7d5f33ef6c8e1c3a87ceae (diff) |
2003-10-14 Havoc Pennington <hp@redhat.com>
* bus/bus.c (bus_context_check_security_policy): revamp this to
work more sanely with new policy-based requested reply setup
* bus/connection.c (bus_transaction_send_from_driver): set bus
driver messages as no reply
* bus/policy.c (bus_client_policy_check_can_receive): handle a
requested_reply attribute on allow/deny rules
* bus/system.conf: add <allow requested_reply="true"/>
* bus/driver.c (bus_driver_handle_message): fix check for replies
sent to the bus driver, which was backward. How did this ever work
at all though? I think I'm missing something.
* dbus/dbus-message.c (decode_header_data): require error and
method return messages to have a reply serial field to be valid
(_dbus_message_loader_queue_messages): break up this function;
validate that reply serial and plain serial are nonzero;
clean up the OOM/error handling.
(get_uint_field): don't return -1 from this
(dbus_message_create_header): fix signed/unsigned bug
* bus/connection.c (bus_connections_expect_reply): save serial of
the incoming message, not reply serial
Diffstat (limited to 'bus/policy.c')
-rw-r--r-- | bus/policy.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/bus/policy.c b/bus/policy.c index 71137ca9..63131aca 100644 --- a/bus/policy.c +++ b/bus/policy.c @@ -56,6 +56,10 @@ bus_policy_rule_new (BusPolicyRuleType type, break; case BUS_POLICY_RULE_RECEIVE: rule->d.receive.message_type = DBUS_MESSAGE_TYPE_INVALID; + /* allow rules default to TRUE (only requested replies allowed) + * deny rules default to FALSE (only unrequested replies denied) + */ + rule->d.receive.requested_reply = rule->allow; break; case BUS_POLICY_RULE_OWN: break; @@ -919,6 +923,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, dbus_bool_t bus_client_policy_check_can_receive (BusClientPolicy *policy, BusRegistry *registry, + dbus_bool_t requested_reply, DBusConnection *sender, DBusConnection *addressed_recipient, DBusConnection *proposed_recipient, @@ -978,6 +983,30 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, _dbus_verbose (" (policy) skipping deny rule since it only applies to eavesdropping\n"); continue; } + + /* If it's a reply, the requested_reply flag kicks in */ + if (dbus_message_get_reply_serial (message) != 0) + { + /* for allow, requested_reply=true means the rule applies + * only when reply was requested. requested_reply=false means + * always allow. + */ + if (!requested_reply && rule->allow && rule->d.receive.requested_reply) + { + _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies\n"); + continue; + } + + /* for deny, requested_reply=false means the rule applies only + * when the reply was not requested. requested_reply=true means the + * rule always applies. + */ + if (requested_reply && !rule->allow && !rule->d.receive.requested_reply) + { + _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n"); + continue; + } + } if (rule->d.receive.path != NULL) { |