diff options
| author | Havoc Pennington <hp@redhat.com> | 2007-06-09 23:41:33 +0000 |
|---|---|---|
| committer | Havoc Pennington <hp@redhat.com> | 2007-06-09 23:41:33 +0000 |
| commit | 7be5fd95cdccdca28937804f32ca8b1308887d09 (patch) | |
| tree | 2425bc50d77fbbbe6b6077d9e6dd053b936dcde1 /bus | |
| parent | 23832672266bb4ff23b66247c0cfa1a2ed0cc97b (diff) | |
2007-06-09 Havoc Pennington <hp@redhat.com>
* bus/policy.c (bus_policy_create_client_policy): gracefully
continue if the connection has no unix user - just don't apply
any unix user dependent rules.
* bus/config-parser.c: remove dbus-userdb.h usage
* bus/bus.c: remove dbus-userdb.h usage
* dbus/dbus-transport.c (_dbus_transport_get_is_authenticated):
support Windows user function; also, fix the logic for checking
auth as root in the default auth code (broken in the previous
commit)
* dbus/dbus-connection.c
(dbus_connection_set_windows_user_function): new function
(dbus_connection_get_windows_user): new function
Diffstat (limited to 'bus')
| -rw-r--r-- | bus/bus.c | 23 | ||||
| -rw-r--r-- | bus/bus.h | 4 | ||||
| -rw-r--r-- | bus/config-parser.c | 15 | ||||
| -rw-r--r-- | bus/connection.c | 43 | ||||
| -rw-r--r-- | bus/connection.h | 12 | ||||
| -rw-r--r-- | bus/policy.c | 88 | ||||
| -rw-r--r-- | bus/policy.h | 4 |
7 files changed, 112 insertions, 77 deletions
@@ -34,7 +34,6 @@ #include <dbus/dbus-list.h> #include <dbus/dbus-hash.h> #include <dbus/dbus-internals.h> -#include <dbus/dbus-userdb.h> struct BusContext { @@ -794,7 +793,7 @@ bus_context_reload_config (BusContext *context, dbus_bool_t ret; /* Flush the user database cache */ - _dbus_user_database_flush_system (); + _dbus_flush_caches (); ret = FALSE; _dbus_string_init_const (&config_file, context->config_file); @@ -995,11 +994,23 @@ bus_context_get_loop (BusContext *context) } dbus_bool_t -bus_context_allow_user (BusContext *context, - unsigned long uid) +bus_context_allow_unix_user (BusContext *context, + unsigned long uid) { - return bus_policy_allow_user (context->policy, - uid); + return bus_policy_allow_unix_user (context->policy, + uid); +} + +/* For now this is never actually called because the default + * DBusConnection behavior of 'same user that owns the bus can connect' + * is all it would do. + */ +dbus_bool_t +bus_context_allow_windows_user (BusContext *context, + const char *windows_sid) +{ + return bus_policy_allow_windows_user (context->policy, + windows_sid); } BusPolicy * @@ -85,8 +85,10 @@ BusConnections* bus_context_get_connections (BusContext BusActivation* bus_context_get_activation (BusContext *context); BusMatchmaker* bus_context_get_matchmaker (BusContext *context); DBusLoop* bus_context_get_loop (BusContext *context); -dbus_bool_t bus_context_allow_user (BusContext *context, +dbus_bool_t bus_context_allow_unix_user (BusContext *context, unsigned long uid); +dbus_bool_t bus_context_allow_windows_user (BusContext *context, + const char *windows_sid); BusPolicy* bus_context_get_policy (BusContext *context); BusClientPolicy* bus_context_create_client_policy (BusContext *context, diff --git a/bus/config-parser.c b/bus/config-parser.c index 27528e03..7b6a368c 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -27,7 +27,6 @@ #include "selinux.h" #include <dbus/dbus-list.h> #include <dbus/dbus-internals.h> -#include <dbus/dbus-userdb.h> #include <string.h> typedef enum @@ -983,8 +982,8 @@ start_busconfig_child (BusConfigParser *parser, DBusString username; _dbus_string_init_const (&username, user); - if (_dbus_get_user_id (&username, - &e->d.policy.gid_uid_or_at_console)) + if (_dbus_parse_unix_user_from_config (&username, + &e->d.policy.gid_uid_or_at_console)) e->d.policy.type = POLICY_USER; else _dbus_warn ("Unknown username \"%s\" in message bus configuration file\n", @@ -995,8 +994,8 @@ start_busconfig_child (BusConfigParser *parser, DBusString group_name; _dbus_string_init_const (&group_name, group); - if (_dbus_get_group_id (&group_name, - &e->d.policy.gid_uid_or_at_console)) + if (_dbus_parse_unix_group_from_config (&group_name, + &e->d.policy.gid_uid_or_at_console)) e->d.policy.type = POLICY_GROUP; else _dbus_warn ("Unknown group \"%s\" in message bus configuration file\n", @@ -1469,7 +1468,7 @@ append_rule_from_element (BusConfigParser *parser, _dbus_string_init_const (&username, user); - if (_dbus_get_user_id (&username, &uid)) + if (_dbus_parse_unix_user_from_config (&username, &uid)) { rule = bus_policy_rule_new (BUS_POLICY_RULE_USER, allow); if (rule == NULL) @@ -1501,7 +1500,7 @@ append_rule_from_element (BusConfigParser *parser, _dbus_string_init_const (&groupname, group); - if (_dbus_get_user_id (&groupname, &gid)) + if (_dbus_parse_unix_group_from_config (&groupname, &gid)) { rule = bus_policy_rule_new (BUS_POLICY_RULE_GROUP, allow); if (rule == NULL) @@ -1571,7 +1570,7 @@ append_rule_from_element (BusConfigParser *parser, case POLICY_CONSOLE: if (!bus_policy_append_console_rule (parser->policy, pe->d.policy.gid_uid_or_at_console, - rule)) + rule)) goto nomem; break; } diff --git a/bus/connection.c b/bus/connection.c index d063afca..10247e25 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -31,7 +31,6 @@ #include <dbus/dbus-list.h> #include <dbus/dbus-hash.h> #include <dbus/dbus-timeout.h> -#include <dbus/dbus-userdb.h> static void bus_connection_remove_transactions (DBusConnection *connection); @@ -243,7 +242,9 @@ bus_connection_disconnected (DBusConnection *connection) dbus_connection_set_unix_user_function (connection, NULL, NULL, NULL); - + dbus_connection_set_windows_user_function (connection, + NULL, NULL, NULL); + dbus_connection_set_dispatch_status_function (connection, NULL, NULL, NULL); @@ -369,9 +370,9 @@ dispatch_status_function (DBusConnection *connection, } static dbus_bool_t -allow_user_function (DBusConnection *connection, - unsigned long uid, - void *data) +allow_unix_user_function (DBusConnection *connection, + unsigned long uid, + void *data) { BusConnectionData *d; @@ -379,7 +380,7 @@ allow_user_function (DBusConnection *connection, _dbus_assert (d != NULL); - return bus_context_allow_user (d->connections->context, uid); + return bus_context_allow_unix_user (d->connections->context, uid); } static void @@ -597,9 +598,14 @@ bus_connections_setup_connection (BusConnections *connections, NULL, connection, NULL)) goto out; - + + /* For now we don't need to set a Windows user function because + * there are no policies in the config file controlling what + * Windows users can connect. The default 'same user that owns the + * bus can connect' behavior of DBusConnection is fine on Windows. + */ dbus_connection_set_unix_user_function (connection, - allow_user_function, + allow_unix_user_function, NULL, NULL); dbus_connection_set_dispatch_status_function (connection, @@ -679,6 +685,9 @@ bus_connections_setup_connection (BusConnections *connections, dbus_connection_set_unix_user_function (connection, NULL, NULL, NULL); + dbus_connection_set_windows_user_function (connection, + NULL, NULL, NULL); + dbus_connection_set_dispatch_status_function (connection, NULL, NULL, NULL); @@ -772,10 +781,10 @@ expire_incomplete_timeout (void *data) } dbus_bool_t -bus_connection_get_groups (DBusConnection *connection, - unsigned long **groups, - int *n_groups, - DBusError *error) +bus_connection_get_unix_groups (DBusConnection *connection, + unsigned long **groups, + int *n_groups, + DBusError *error) { BusConnectionData *d; unsigned long uid; @@ -789,7 +798,7 @@ bus_connection_get_groups (DBusConnection *connection, if (dbus_connection_get_unix_user (connection, &uid)) { - if (!_dbus_groups_from_uid (uid, groups, n_groups)) + if (!_dbus_unix_groups_from_uid (uid, groups, n_groups)) { _dbus_verbose ("Did not get any groups for UID %lu\n", uid); @@ -807,15 +816,15 @@ bus_connection_get_groups (DBusConnection *connection, } dbus_bool_t -bus_connection_is_in_group (DBusConnection *connection, - unsigned long gid) +bus_connection_is_in_unix_group (DBusConnection *connection, + unsigned long gid) { int i; unsigned long *group_ids; int n_group_ids; - if (!bus_connection_get_groups (connection, &group_ids, &n_group_ids, - NULL)) + if (!bus_connection_get_unix_groups (connection, &group_ids, &n_group_ids, + NULL)) return FALSE; i = 0; diff --git a/bus/connection.h b/bus/connection.h index a0703c55..75d94cf9 100644 --- a/bus/connection.h +++ b/bus/connection.h @@ -105,12 +105,12 @@ dbus_bool_t bus_connection_complete (DBusConnection *connection, /* called by dispatch.c when the connection is dropped */ void bus_connection_disconnected (DBusConnection *connection); -dbus_bool_t bus_connection_is_in_group (DBusConnection *connection, - unsigned long gid); -dbus_bool_t bus_connection_get_groups (DBusConnection *connection, - unsigned long **groups, - int *n_groups, - DBusError *error); +dbus_bool_t bus_connection_is_in_unix_group (DBusConnection *connection, + unsigned long gid); +dbus_bool_t bus_connection_get_unix_groups (DBusConnection *connection, + unsigned long **groups, + int *n_groups, + DBusError *error); BusClientPolicy* bus_connection_get_policy (DBusConnection *connection); /* transaction API so we can send or not send a block of messages as a whole */ diff --git a/bus/policy.c b/bus/policy.c index 7782563b..0d467ab9 100644 --- a/bus/policy.c +++ b/bus/policy.c @@ -28,7 +28,6 @@ #include <dbus/dbus-list.h> #include <dbus/dbus-hash.h> #include <dbus/dbus-internals.h> -#include <dbus/dbus-userdb.h> BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type, @@ -296,7 +295,7 @@ bus_policy_create_client_policy (BusPolicy *policy, int n_groups; int i; - if (!bus_connection_get_groups (connection, &groups, &n_groups, error)) + if (!bus_connection_get_unix_groups (connection, &groups, &n_groups, error)) goto failed; i = 0; @@ -321,43 +320,39 @@ bus_policy_create_client_policy (BusPolicy *policy, dbus_free (groups); } - - if (!dbus_connection_get_unix_user (connection, &uid)) + + if (dbus_connection_get_unix_user (connection, &uid)) { - dbus_set_error (error, DBUS_ERROR_FAILED, - "No user ID known for connection, cannot determine security policy\n"); - goto failed; - } + if (_dbus_hash_table_get_n_entries (policy->rules_by_uid) > 0) + { + DBusList **list; + + list = _dbus_hash_table_lookup_ulong (policy->rules_by_uid, + uid); + + if (list != NULL) + { + if (!add_list_to_client (list, client)) + goto nomem; + } + } - if (_dbus_hash_table_get_n_entries (policy->rules_by_uid) > 0) - { - DBusList **list; + /* Add console rules */ + at_console = _dbus_unix_user_is_at_console (uid, error); - list = _dbus_hash_table_lookup_ulong (policy->rules_by_uid, - uid); - - if (list != NULL) + if (at_console) { - if (!add_list_to_client (list, client)) + if (!add_list_to_client (&policy->at_console_true_rules, client)) goto nomem; } - } - - /* Add console rules */ - at_console = _dbus_is_console_user (uid, error); - - if (at_console) - { - if (!add_list_to_client (&policy->at_console_true_rules, client)) - goto nomem; - } - else if (dbus_error_is_set (error) == TRUE) - { - goto failed; - } - else if (!add_list_to_client (&policy->at_console_false_rules, client)) - { - goto nomem; + else if (dbus_error_is_set (error) == TRUE) + { + goto failed; + } + else if (!add_list_to_client (&policy->at_console_false_rules, client)) + { + goto nomem; + } } if (!add_list_to_client (&policy->mandatory_rules, @@ -438,23 +433,23 @@ list_allows_user (dbus_bool_t def, } dbus_bool_t -bus_policy_allow_user (BusPolicy *policy, - unsigned long uid) +bus_policy_allow_unix_user (BusPolicy *policy, + unsigned long uid) { dbus_bool_t allowed; unsigned long *group_ids; int n_group_ids; /* On OOM or error we always reject the user */ - if (!_dbus_groups_from_uid (uid, &group_ids, &n_group_ids)) + if (!_dbus_unix_groups_from_uid (uid, &group_ids, &n_group_ids)) { _dbus_verbose ("Did not get any groups for UID %lu\n", uid); return FALSE; } - /* Default to "user owning bus" or root can connect */ - allowed = uid == _dbus_getuid (); + /* Default to "user owning bus" can connect */ + allowed = _dbus_unix_user_is_process_owner (uid); allowed = list_allows_user (allowed, &policy->default_rules, @@ -473,6 +468,23 @@ bus_policy_allow_user (BusPolicy *policy, return allowed; } +/* For now this is never actually called because the default + * DBusConnection behavior of 'same user that owns the bus can + * connect' is all it would do. Set the windows user function in + * connection.c if the config file ever supports doing something + * interesting here. + */ +dbus_bool_t +bus_policy_allow_windows_user (BusPolicy *policy, + const char *windows_sid) +{ + /* Windows has no policies here since only the session bus + * is really used for now, so just checking that the + * connecting person is the same as the bus owner is fine. + */ + return _dbus_windows_user_is_process_owner (windows_sid); +} + dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy, BusPolicyRule *rule) diff --git a/bus/policy.h b/bus/policy.h index e2574bc3..b58b3862 100644 --- a/bus/policy.h +++ b/bus/policy.h @@ -113,8 +113,10 @@ void bus_policy_unref (BusPolicy *policy); BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy, DBusConnection *connection, DBusError *error); -dbus_bool_t bus_policy_allow_user (BusPolicy *policy, +dbus_bool_t bus_policy_allow_unix_user (BusPolicy *policy, unsigned long uid); +dbus_bool_t bus_policy_allow_windows_user (BusPolicy *policy, + const char *windows_sid); dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy, BusPolicyRule *rule); dbus_bool_t bus_policy_append_mandatory_rule (BusPolicy *policy, |