diff options
author | Havoc Pennington <hp@redhat.com> | 2004-05-29 04:17:17 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2004-05-29 04:17:17 +0000 |
commit | 7c77664c5a38d44b14044286e7e5aa7def858889 (patch) | |
tree | 458bf581ee94e0b62fb80f817544eba723f6da66 /bus/policy.c | |
parent | fbae5baa06819fed71f62ddbba64a64675c2d333 (diff) |
2004-05-29 Havoc Pennington <hp@redhat.com>
* bus/config-parser.c (process_test_valid_subdir): temporarily
stop testing config parser OOM handling, since expat has issues
http://freedesktop.org/pipermail/dbus/2004-May/001153.html
* bus/dbus-daemon-1.1.in: change requested_reply to
send_requested_reply/receive_requested_reply so we can send the
replies, not just receive them.
* bus/config-parser.c: parse the new
send_requested_reply/receive_requested_reply
* bus/policy.c (bus_client_policy_check_can_send): add
requested_reply argument and use it
* bus/bus.c (bus_context_check_security_policy): pass through
requested_reply status to message send check
* bus/system.conf.in: adapt to requested_reply change
Diffstat (limited to 'bus/policy.c')
-rw-r--r-- | bus/policy.c | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/bus/policy.c b/bus/policy.c index ed58a959..3c7bba9b 100644 --- a/bus/policy.c +++ b/bus/policy.c @@ -1,7 +1,7 @@ /* -*- mode: C; c-file-style: "gnu" -*- */ /* policy.c Bus security policy * - * Copyright (C) 2003 Red Hat, Inc. + * Copyright (C) 2003, 2004 Red Hat, Inc. * * Licensed under the Academic Free License version 2.0 * @@ -53,6 +53,11 @@ bus_policy_rule_new (BusPolicyRuleType type, break; case BUS_POLICY_RULE_SEND: rule->d.send.message_type = DBUS_MESSAGE_TYPE_INVALID; + + /* allow rules default to TRUE (only requested replies allowed) + * deny rules default to FALSE (only unrequested replies denied) + */ + rule->d.send.requested_reply = rule->allow; break; case BUS_POLICY_RULE_RECEIVE: rule->d.receive.message_type = DBUS_MESSAGE_TYPE_INVALID; @@ -788,6 +793,7 @@ bus_client_policy_append_rule (BusClientPolicy *policy, dbus_bool_t bus_client_policy_check_can_send (BusClientPolicy *policy, BusRegistry *registry, + dbus_bool_t requested_reply, DBusConnection *receiver, DBusMessage *message) { @@ -827,6 +833,30 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, continue; } } + + /* If it's a reply, the requested_reply flag kicks in */ + if (dbus_message_get_reply_serial (message) != 0) + { + /* for allow, requested_reply=true means the rule applies + * only when reply was requested. requested_reply=false means + * always allow. + */ + if (!requested_reply && rule->allow && rule->d.send.requested_reply) + { + _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies\n"); + continue; + } + + /* for deny, requested_reply=false means the rule applies only + * when the reply was not requested. requested_reply=true means the + * rule always applies. + */ + if (requested_reply && !rule->allow && !rule->d.send.requested_reply) + { + _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n"); + continue; + } + } if (rule->d.send.path != NULL) { |