diff options
-rw-r--r-- | ChangeLog | 21 | ||||
-rw-r--r-- | bus/bus.c | 6 | ||||
-rw-r--r-- | bus/config-parser.c | 82 | ||||
-rw-r--r-- | bus/dbus-daemon-1.1.in | 14 | ||||
-rw-r--r-- | bus/policy.c | 32 | ||||
-rw-r--r-- | bus/policy.h | 4 | ||||
-rw-r--r-- | bus/system.conf.in | 3 |
7 files changed, 126 insertions, 36 deletions
@@ -1,3 +1,24 @@ +2004-05-29 Havoc Pennington <hp@redhat.com> + + * bus/config-parser.c (process_test_valid_subdir): temporarily + stop testing config parser OOM handling, since expat has issues + http://freedesktop.org/pipermail/dbus/2004-May/001153.html + + * bus/dbus-daemon-1.1.in: change requested_reply to + send_requested_reply/receive_requested_reply so we can send the + replies, not just receive them. + + * bus/config-parser.c: parse the new + send_requested_reply/receive_requested_reply + + * bus/policy.c (bus_client_policy_check_can_send): add + requested_reply argument and use it + + * bus/bus.c (bus_context_check_security_policy): pass through + requested_reply status to message send check + + * bus/system.conf.in: adapt to requested_reply change + 2004-05-28 Havoc Pennington <hp@redhat.com> * test/glib/test-service-glib.c (main): remove unused variable @@ -1,7 +1,7 @@ /* -*- mode: C; c-file-style: "gnu" -*- */ /* bus.c message bus context object * - * Copyright (C) 2003 Red Hat, Inc. + * Copyright (C) 2003, 2004 Red Hat, Inc. * * Licensed under the Academic Free License version 2.0 * @@ -1189,7 +1189,9 @@ bus_context_check_security_policy (BusContext *context, if (sender_policy && !bus_client_policy_check_can_send (sender_policy, - context->registry, proposed_recipient, + context->registry, + requested_reply, + proposed_recipient, message)) { const char *dest = dbus_message_get_destination (message); diff --git a/bus/config-parser.c b/bus/config-parser.c index 874483a6..faa5b55b 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -1,7 +1,7 @@ /* -*- mode: C; c-file-style: "gnu" -*- */ /* config-parser.c XML-library-agnostic configuration file parser * - * Copyright (C) 2003 Red Hat, Inc. + * Copyright (C) 2003, 2004 Red Hat, Inc. * * Licensed under the Academic Free License version 2.0 * @@ -873,7 +873,8 @@ append_rule_from_element (BusConfigParser *parser, const char *receive_path; const char *receive_type; const char *eavesdrop; - const char *requested_reply; + const char *send_requested_reply; + const char *receive_requested_reply; const char *own; const char *user; const char *group; @@ -896,7 +897,8 @@ append_rule_from_element (BusConfigParser *parser, "receive_path", &receive_path, "receive_type", &receive_type, "eavesdrop", &eavesdrop, - "requested_reply", &requested_reply, + "send_requested_reply", &send_requested_reply, + "receive_requested_reply", &receive_requested_reply, "own", &own, "user", &user, "group", &group, @@ -906,7 +908,8 @@ append_rule_from_element (BusConfigParser *parser, if (!(send_interface || send_member || send_error || send_destination || send_type || send_path || receive_interface || receive_member || receive_error || receive_sender || - receive_type || receive_path || eavesdrop || requested_reply || + receive_type || receive_path || eavesdrop || + send_requested_reply || receive_requested_reply || own || user || group)) { dbus_set_error (error, DBUS_ERROR_FAILED, @@ -932,8 +935,8 @@ append_rule_from_element (BusConfigParser *parser, * interface + member * error * - * base send_ can combine with send_destination, send_path, send_type - * base receive_ with receive_sender, receive_path, receive_type, eavesdrop, requested_reply + * base send_ can combine with send_destination, send_path, send_type, send_requested_reply + * base receive_ with receive_sender, receive_path, receive_type, receive_requested_reply, eavesdrop * * user, group, own must occur alone * @@ -946,7 +949,7 @@ append_rule_from_element (BusConfigParser *parser, (send_interface && receive_error) || (send_interface && receive_sender) || (send_interface && eavesdrop) || - (send_interface && requested_reply) || + (send_interface && receive_requested_reply) || (send_interface && own) || (send_interface && user) || (send_interface && group)) || @@ -957,7 +960,7 @@ append_rule_from_element (BusConfigParser *parser, (send_member && receive_error) || (send_member && receive_sender) || (send_member && eavesdrop) || - (send_member && requested_reply) || + (send_member && receive_requested_reply) || (send_member && own) || (send_member && user) || (send_member && group)) || @@ -967,7 +970,7 @@ append_rule_from_element (BusConfigParser *parser, (send_error && receive_error) || (send_error && receive_sender) || (send_error && eavesdrop) || - (send_error && requested_reply) || + (send_error && receive_requested_reply) || (send_error && own) || (send_error && user) || (send_error && group)) || @@ -977,7 +980,7 @@ append_rule_from_element (BusConfigParser *parser, (send_destination && receive_error) || (send_destination && receive_sender) || (send_destination && eavesdrop) || - (send_destination && requested_reply) || + (send_destination && receive_requested_reply) || (send_destination && own) || (send_destination && user) || (send_destination && group)) || @@ -987,7 +990,7 @@ append_rule_from_element (BusConfigParser *parser, (send_type && receive_error) || (send_type && receive_sender) || (send_type && eavesdrop) || - (send_type && requested_reply) || + (send_type && receive_requested_reply) || (send_type && own) || (send_type && user) || (send_type && group)) || @@ -997,10 +1000,20 @@ append_rule_from_element (BusConfigParser *parser, (send_path && receive_error) || (send_path && receive_sender) || (send_path && eavesdrop) || - (send_path && requested_reply) || + (send_path && receive_requested_reply) || (send_path && own) || (send_path && user) || (send_path && group)) || + + ((send_requested_reply && receive_interface) || + (send_requested_reply && receive_member) || + (send_requested_reply && receive_error) || + (send_requested_reply && receive_sender) || + (send_requested_reply && eavesdrop) || + (send_requested_reply && receive_requested_reply) || + (send_requested_reply && own) || + (send_requested_reply && user) || + (send_requested_reply && group)) || ((receive_interface && receive_error) || (receive_interface && own) || @@ -1020,9 +1033,9 @@ append_rule_from_element (BusConfigParser *parser, (eavesdrop && user) || (eavesdrop && group)) || - ((requested_reply && own) || - (requested_reply && user) || - (requested_reply && group)) || + ((receive_requested_reply && own) || + (receive_requested_reply && user) || + (receive_requested_reply && group)) || ((own && user) || (own && group)) || @@ -1043,7 +1056,7 @@ append_rule_from_element (BusConfigParser *parser, #define IS_WILDCARD(str) ((str) && ((str)[0]) == '*' && ((str)[1]) == '\0') if (send_interface || send_member || send_error || send_destination || - send_path || send_type) + send_path || send_type || send_requested_reply) { int message_type; @@ -1072,11 +1085,24 @@ append_rule_from_element (BusConfigParser *parser, return FALSE; } } + + if (send_requested_reply && + !(strcmp (send_requested_reply, "true") == 0 || + strcmp (send_requested_reply, "false") == 0)) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "Bad value \"%s\" for %s attribute, must be true or false", + "send_requested_reply", send_requested_reply); + return FALSE; + } rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, allow); if (rule == NULL) goto nomem; + if (send_requested_reply) + rule->d.send.requested_reply = (strcmp (send_requested_reply, "true") == 0); + rule->d.send.message_type = message_type; rule->d.send.path = _dbus_strdup (send_path); rule->d.send.interface = _dbus_strdup (send_interface); @@ -1095,7 +1121,7 @@ append_rule_from_element (BusConfigParser *parser, goto nomem; } else if (receive_interface || receive_member || receive_error || receive_sender || - receive_path || receive_type || eavesdrop || requested_reply) + receive_path || receive_type || eavesdrop || receive_requested_reply) { int message_type; @@ -1136,13 +1162,13 @@ append_rule_from_element (BusConfigParser *parser, return FALSE; } - if (requested_reply && - !(strcmp (requested_reply, "true") == 0 || - strcmp (requested_reply, "false") == 0)) + if (receive_requested_reply && + !(strcmp (receive_requested_reply, "true") == 0 || + strcmp (receive_requested_reply, "false") == 0)) { dbus_set_error (error, DBUS_ERROR_FAILED, "Bad value \"%s\" for %s attribute, must be true or false", - "requested_reply", requested_reply); + "receive_requested_reply", receive_requested_reply); return FALSE; } @@ -1153,8 +1179,8 @@ append_rule_from_element (BusConfigParser *parser, if (eavesdrop) rule->d.receive.eavesdrop = (strcmp (eavesdrop, "true") == 0); - if (requested_reply) - rule->d.receive.requested_reply = (strcmp (requested_reply, "true") == 0); + if (receive_requested_reply) + rule->d.receive.requested_reply = (strcmp (receive_requested_reply, "true") == 0); rule->d.receive.message_type = message_type; rule->d.receive.path = _dbus_strdup (receive_path); @@ -2290,9 +2316,15 @@ process_test_valid_subdir (const DBusString *test_base_dir, d.full_path = &full_path; d.validity = validity; - if (!_dbus_test_oom_handling ("config-loader", check_loader_oom_func, &d)) - _dbus_assert_not_reached ("test failed"); + /* FIXME hackaround for an expat problem, see + * https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124747 + * http://freedesktop.org/pipermail/dbus/2004-May/001153.html + */ + /* if (!_dbus_test_oom_handling ("config-loader", check_loader_oom_func, &d)) */ + if (!check_loader_oom_func (&d)) + _dbus_assert_not_reached ("test failed"); + _dbus_string_free (&full_path); } diff --git a/bus/dbus-daemon-1.1.in b/bus/dbus-daemon-1.1.in index 7e186e51..390d145c 100644 --- a/bus/dbus-daemon-1.1.in +++ b/bus/dbus-daemon-1.1.in @@ -357,7 +357,9 @@ The possible attributes of these elements are: receive_type="method_call" | "method_return" | "signal" | "error" receive_path="/path/name" - requested_reply="true" | "false" + send_requested_reply="true" | "false" + receive_requested_reply="true" | "false" + eavesdrop="true" | "false" own="servicename" @@ -411,22 +413,22 @@ receive rules (with receive_* attributes). .PP -The requested_reply attribute works similarly to the eavesdrop +The [send|receive]_requested_reply attribute works similarly to the eavesdrop attribute. It controls whether the <deny> or <allow> matches a reply that is expected (corresponds to a previous method call message). This attribute only makes sense for reply messages (errors and method returns), and is ignored for other message types. .PP -For <allow>, requested_reply="true" is the default and indicates that +For <allow>, [send|receive]_requested_reply="true" is the default and indicates that only requested replies are allowed by the -rule. requested_reply="false" means that the rule allows any reply +rule. [send|receive]_requested_reply="false" means that the rule allows any reply even if unexpected. .PP -For <deny>, requested_reply="false" is the default but indicates that +For <deny>, [send|receive]_requested_reply="false" is the default but indicates that the rule matches only when the reply was not -requested. requested_reply="true" indicates that the rule applies +requested. [send|receive]_requested_reply="true" indicates that the rule applies always, regardless of pending reply state. .PP diff --git a/bus/policy.c b/bus/policy.c index ed58a959..3c7bba9b 100644 --- a/bus/policy.c +++ b/bus/policy.c @@ -1,7 +1,7 @@ /* -*- mode: C; c-file-style: "gnu" -*- */ /* policy.c Bus security policy * - * Copyright (C) 2003 Red Hat, Inc. + * Copyright (C) 2003, 2004 Red Hat, Inc. * * Licensed under the Academic Free License version 2.0 * @@ -53,6 +53,11 @@ bus_policy_rule_new (BusPolicyRuleType type, break; case BUS_POLICY_RULE_SEND: rule->d.send.message_type = DBUS_MESSAGE_TYPE_INVALID; + + /* allow rules default to TRUE (only requested replies allowed) + * deny rules default to FALSE (only unrequested replies denied) + */ + rule->d.send.requested_reply = rule->allow; break; case BUS_POLICY_RULE_RECEIVE: rule->d.receive.message_type = DBUS_MESSAGE_TYPE_INVALID; @@ -788,6 +793,7 @@ bus_client_policy_append_rule (BusClientPolicy *policy, dbus_bool_t bus_client_policy_check_can_send (BusClientPolicy *policy, BusRegistry *registry, + dbus_bool_t requested_reply, DBusConnection *receiver, DBusMessage *message) { @@ -827,6 +833,30 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, continue; } } + + /* If it's a reply, the requested_reply flag kicks in */ + if (dbus_message_get_reply_serial (message) != 0) + { + /* for allow, requested_reply=true means the rule applies + * only when reply was requested. requested_reply=false means + * always allow. + */ + if (!requested_reply && rule->allow && rule->d.send.requested_reply) + { + _dbus_verbose (" (policy) skipping allow rule since it only applies to requested replies\n"); + continue; + } + + /* for deny, requested_reply=false means the rule applies only + * when the reply was not requested. requested_reply=true means the + * rule always applies. + */ + if (requested_reply && !rule->allow && !rule->d.send.requested_reply) + { + _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n"); + continue; + } + } if (rule->d.send.path != NULL) { diff --git a/bus/policy.h b/bus/policy.h index 7fbb2c6c..f2bac8cc 100644 --- a/bus/policy.h +++ b/bus/policy.h @@ -61,7 +61,8 @@ struct BusPolicyRule char *interface; char *member; char *error; - char *destination; + char *destination; + unsigned int requested_reply : 1; } send; struct @@ -131,6 +132,7 @@ BusClientPolicy* bus_client_policy_ref (BusClientPolicy *policy); void bus_client_policy_unref (BusClientPolicy *policy); dbus_bool_t bus_client_policy_check_can_send (BusClientPolicy *policy, BusRegistry *registry, + dbus_bool_t requested_reply, DBusConnection *receiver, DBusMessage *message); dbus_bool_t bus_client_policy_check_can_receive (BusClientPolicy *policy, diff --git a/bus/system.conf.in b/bus/system.conf.in index 167ac39f..a45faaef 100644 --- a/bus/system.conf.in +++ b/bus/system.conf.in @@ -45,7 +45,8 @@ <allow send_destination="org.freedesktop.DBus"/> <allow receive_sender="org.freedesktop.DBus"/> <!-- valid replies are always allowed --> - <allow requested_reply="true"/> + <allow send_requested_reply="true"/> + <allow receive_requested_reply="true"/> </policy> <!-- Config files are placed here that among other things, punch |