From b78d222083d1a1186743e2bb3aded49b5a950fe2 Mon Sep 17 00:00:00 2001 From: "John (J5) Palmieri" Date: Wed, 25 Aug 2004 22:11:49 +0000 Subject: Console user security policy * bus/config-parser.c: (struct PolicyType): Add POLICY_CONSOLE (struct Element.d.policy): s/gid_or_uid/gid_uid_or_at_console (start_busconfig_child): Sets up console element when is encountered in a policy file (append_rule_from_element): Convert console elements to console rules. * bus/policy.c: (bus_policy_create_client_policy): Add console rules to the client policy based on if the client is at the console (bus_policy_append_console_rule): New function for adding a console rule to a policy (bus_policy_merge): Handle console rule merging * dbus/dbus-sysdeps.h: Added the DBUS_CONSOLE_DIR constant where we check for console user files * dbus/dbus-sysdeps.c: (_dbus_file_exists): New function which checks if the given file exists (_dbus_user_at_console): New function which does the system specific process of checking if the user is at the console * dbus/dbus-userdb.c: (_dbus_is_console_user): New function converts a UID to user name and then calls the system specific _dbus_user_at_console to see if the user is at the console and therefor a console user --- dbus/dbus-userdb.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) (limited to 'dbus/dbus-userdb.c') diff --git a/dbus/dbus-userdb.c b/dbus/dbus-userdb.c index 1e105b29..833256c5 100644 --- a/dbus/dbus-userdb.c +++ b/dbus/dbus-userdb.c @@ -38,6 +38,7 @@ struct DBusUserDatabase DBusHashTable *groups; /**< Groups in the database by GID */ DBusHashTable *users_by_name; /**< Users in the database by name */ DBusHashTable *groups_by_name; /**< Groups in the database by name */ + }; static void @@ -398,6 +399,48 @@ _dbus_get_user_id (const DBusString *username, return TRUE; } +/** + * Checks to see if the UID sent in is the console user + * + * @param uid UID of person to check + * @param error return location for errors + * @returns #TRUE if the UID is the same as the console user and there are no errors + */ +dbus_bool_t +_dbus_is_console_user (dbus_uid_t uid, + DBusError *error) +{ + + DBusUserDatabase *db; + const DBusUserInfo *info; + DBusString *console_file; + dbus_bool_t result = FALSE; + + _dbus_user_database_lock_system (); + + db = _dbus_user_database_get_system (); + if (db == NULL) + { + dbus_set_error (error, DBUS_ERROR_FAILED, "Could not get system database."); + _dbus_user_database_unlock_system (); + return FALSE; + } + + info = _dbus_user_database_lookup (db, uid, NULL, error); + + if (info == NULL) + { + _dbus_user_database_unlock_system (); + return FALSE; + } + + result = _dbus_user_at_console (info->username, error); + + _dbus_user_database_unlock_system (); + + return result; +} + /** * Gets group ID given groupname * -- cgit