1 /* -*- mode: C; c-file-style: "gnu" -*- */
2 /* policy.c Bus security policy
4 * Copyright (C) 2003 Red Hat, Inc.
6 * Licensed under the Academic Free License version 1.2
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
28 #include <dbus/dbus-list.h>
29 #include <dbus/dbus-hash.h>
30 #include <dbus/dbus-internals.h>
33 bus_policy_rule_new (BusPolicyRuleType type,
38 rule = dbus_new0 (BusPolicyRule, 1);
48 case BUS_POLICY_RULE_USER:
49 rule->d.user.uid = DBUS_UID_UNSET;
51 case BUS_POLICY_RULE_GROUP:
52 rule->d.group.gid = DBUS_GID_UNSET;
54 case BUS_POLICY_RULE_SEND:
55 case BUS_POLICY_RULE_RECEIVE:
56 case BUS_POLICY_RULE_OWN:
64 bus_policy_rule_ref (BusPolicyRule *rule)
66 _dbus_assert (rule->refcount > 0);
72 bus_policy_rule_unref (BusPolicyRule *rule)
74 _dbus_assert (rule->refcount > 0);
78 if (rule->refcount == 0)
82 case BUS_POLICY_RULE_SEND:
83 dbus_free (rule->d.send.message_name);
84 dbus_free (rule->d.send.destination);
86 case BUS_POLICY_RULE_RECEIVE:
87 dbus_free (rule->d.receive.message_name);
88 dbus_free (rule->d.receive.origin);
90 case BUS_POLICY_RULE_OWN:
91 dbus_free (rule->d.own.service_name);
93 case BUS_POLICY_RULE_USER:
95 case BUS_POLICY_RULE_GROUP:
107 DBusList *default_rules; /**< Default policy rules */
108 DBusList *mandatory_rules; /**< Mandatory policy rules */
109 DBusHashTable *rules_by_uid; /**< per-UID policy rules */
110 DBusHashTable *rules_by_gid; /**< per-GID policy rules */
114 free_rule_func (void *data,
117 BusPolicyRule *rule = data;
119 bus_policy_rule_unref (rule);
123 free_rule_list_func (void *data)
125 DBusList **list = data;
127 _dbus_list_foreach (list, free_rule_func, NULL);
129 _dbus_list_clear (list);
135 bus_policy_new (void)
139 policy = dbus_new0 (BusPolicy, 1);
143 policy->refcount = 1;
145 policy->rules_by_uid = _dbus_hash_table_new (DBUS_HASH_ULONG,
147 free_rule_list_func);
148 if (policy->rules_by_uid == NULL)
151 policy->rules_by_gid = _dbus_hash_table_new (DBUS_HASH_ULONG,
153 free_rule_list_func);
154 if (policy->rules_by_gid == NULL)
160 bus_policy_unref (policy);
165 bus_policy_ref (BusPolicy *policy)
167 _dbus_assert (policy->refcount > 0);
169 policy->refcount += 1;
173 bus_policy_unref (BusPolicy *policy)
175 _dbus_assert (policy->refcount > 0);
177 policy->refcount -= 1;
179 if (policy->refcount == 0)
181 _dbus_list_foreach (&policy->default_rules, free_rule_func, NULL);
182 _dbus_list_clear (&policy->default_rules);
184 _dbus_list_foreach (&policy->mandatory_rules, free_rule_func, NULL);
185 _dbus_list_clear (&policy->mandatory_rules);
187 if (policy->rules_by_uid)
189 _dbus_hash_table_unref (policy->rules_by_uid);
190 policy->rules_by_uid = NULL;
193 if (policy->rules_by_gid)
195 _dbus_hash_table_unref (policy->rules_by_gid);
196 policy->rules_by_gid = NULL;
204 add_list_to_client (DBusList **list,
205 BusClientPolicy *client)
209 link = _dbus_list_get_first_link (list);
212 BusPolicyRule *rule = link->data;
213 link = _dbus_list_get_next_link (list, link);
217 case BUS_POLICY_RULE_USER:
218 case BUS_POLICY_RULE_GROUP:
219 /* These aren't per-connection policies */
222 case BUS_POLICY_RULE_OWN:
223 case BUS_POLICY_RULE_SEND:
224 case BUS_POLICY_RULE_RECEIVE:
225 /* These are per-connection */
226 if (!bus_client_policy_append_rule (client, rule))
236 bus_policy_create_client_policy (BusPolicy *policy,
237 DBusConnection *connection,
240 BusClientPolicy *client;
243 _dbus_assert (dbus_connection_get_is_authenticated (connection));
244 _DBUS_ASSERT_ERROR_IS_CLEAR (error);
246 client = bus_client_policy_new ();
250 if (!add_list_to_client (&policy->default_rules,
254 /* we avoid the overhead of looking up user's groups
255 * if we don't have any group rules anyway
257 if (_dbus_hash_table_get_n_entries (policy->rules_by_gid) > 0)
259 unsigned long *groups;
263 if (!bus_connection_get_groups (connection, &groups, &n_groups, error))
271 list = _dbus_hash_table_lookup_ulong (policy->rules_by_gid,
276 if (!add_list_to_client (list, client))
289 if (!dbus_connection_get_unix_user (connection, &uid))
291 dbus_set_error (error, DBUS_ERROR_FAILED,
292 "No user ID known for connection, cannot determine security policy\n");
296 if (_dbus_hash_table_get_n_entries (policy->rules_by_uid) > 0)
300 list = _dbus_hash_table_lookup_ulong (policy->rules_by_uid,
305 if (!add_list_to_client (list, client))
310 if (!add_list_to_client (&policy->mandatory_rules,
314 bus_client_policy_optimize (client);
321 _DBUS_ASSERT_ERROR_IS_SET (error);
323 bus_client_policy_unref (client);
328 list_allows_user (dbus_bool_t def,
331 const unsigned long *group_ids,
339 link = _dbus_list_get_first_link (list);
342 BusPolicyRule *rule = link->data;
343 link = _dbus_list_get_next_link (list, link);
345 if (rule->type == BUS_POLICY_RULE_USER)
347 _dbus_verbose ("List %p user rule uid="DBUS_UID_FORMAT"\n",
348 list, rule->d.user.uid);
350 if (rule->d.user.uid == DBUS_UID_UNSET)
352 else if (rule->d.user.uid != uid)
355 else if (rule->type == BUS_POLICY_RULE_GROUP)
357 _dbus_verbose ("List %p group rule uid="DBUS_UID_FORMAT"\n",
358 list, rule->d.user.uid);
360 if (rule->d.group.gid == DBUS_GID_UNSET)
367 while (i < n_group_ids)
369 if (rule->d.group.gid == group_ids[i])
374 if (i == n_group_ids)
381 allowed = rule->allow;
388 bus_policy_allow_user (BusPolicy *policy,
389 DBusUserDatabase *user_database,
393 unsigned long *group_ids;
396 /* On OOM or error we always reject the user */
397 if (!_dbus_user_database_get_groups (user_database,
398 uid, &group_ids, &n_group_ids, NULL))
400 _dbus_verbose ("Did not get any groups for UID %lu\n",
407 allowed = list_allows_user (allowed,
408 &policy->default_rules,
410 group_ids, n_group_ids);
412 allowed = list_allows_user (allowed,
413 &policy->mandatory_rules,
415 group_ids, n_group_ids);
417 dbus_free (group_ids);
419 _dbus_verbose ("UID %lu allowed = %d\n", uid, allowed);
425 bus_policy_append_default_rule (BusPolicy *policy,
428 if (!_dbus_list_append (&policy->default_rules, rule))
431 bus_policy_rule_ref (rule);
437 bus_policy_append_mandatory_rule (BusPolicy *policy,
440 if (!_dbus_list_append (&policy->mandatory_rules, rule))
443 bus_policy_rule_ref (rule);
449 get_list (DBusHashTable *hash,
454 list = _dbus_hash_table_lookup_ulong (hash, key);
458 list = dbus_new0 (DBusList*, 1);
462 if (!_dbus_hash_table_insert_ulong (hash, key, list))
473 bus_policy_append_user_rule (BusPolicy *policy,
479 list = get_list (policy->rules_by_uid, uid);
484 if (!_dbus_list_append (list, rule))
487 bus_policy_rule_ref (rule);
493 bus_policy_append_group_rule (BusPolicy *policy,
499 list = get_list (policy->rules_by_gid, gid);
504 if (!_dbus_list_append (list, rule))
507 bus_policy_rule_ref (rule);
512 struct BusClientPolicy
520 bus_client_policy_new (void)
522 BusClientPolicy *policy;
524 policy = dbus_new0 (BusClientPolicy, 1);
528 policy->refcount = 1;
534 bus_client_policy_ref (BusClientPolicy *policy)
536 _dbus_assert (policy->refcount > 0);
538 policy->refcount += 1;
542 rule_unref_foreach (void *data,
545 BusPolicyRule *rule = data;
547 bus_policy_rule_unref (rule);
551 bus_client_policy_unref (BusClientPolicy *policy)
553 _dbus_assert (policy->refcount > 0);
555 policy->refcount -= 1;
557 if (policy->refcount == 0)
559 _dbus_list_foreach (&policy->rules,
563 _dbus_list_clear (&policy->rules);
570 remove_rules_by_type_up_to (BusClientPolicy *policy,
571 BusPolicyRuleType type,
576 link = _dbus_list_get_first_link (&policy->rules);
577 while (link != up_to)
579 BusPolicyRule *rule = link->data;
580 DBusList *next = _dbus_list_get_next_link (&policy->rules, link);
582 if (rule->type == type)
584 _dbus_list_remove_link (&policy->rules, link);
585 bus_policy_rule_unref (rule);
593 bus_client_policy_optimize (BusClientPolicy *policy)
597 /* The idea here is that if we have:
599 * <allow send="foo"/>
602 * (for example) the deny will always override the allow. So we
603 * delete the allow. Ditto for deny followed by allow, etc. This is
604 * a dumb thing to put in a config file, but the <include> feature
605 * of files allows for an "inheritance and override" pattern where
606 * it could make sense. If an included file wants to "start over"
607 * with a blanket deny, no point keeping the rules from the parent
611 _dbus_verbose ("Optimizing policy with %d rules\n",
612 _dbus_list_get_length (&policy->rules));
614 link = _dbus_list_get_first_link (&policy->rules);
619 dbus_bool_t remove_preceding;
621 next = _dbus_list_get_next_link (&policy->rules, link);
624 remove_preceding = FALSE;
626 _dbus_assert (rule != NULL);
630 case BUS_POLICY_RULE_SEND:
632 rule->d.send.message_name == NULL &&
633 rule->d.send.destination == NULL;
635 case BUS_POLICY_RULE_RECEIVE:
637 rule->d.receive.message_name == NULL &&
638 rule->d.receive.origin == NULL;
640 case BUS_POLICY_RULE_OWN:
642 rule->d.own.service_name == NULL;
644 case BUS_POLICY_RULE_USER:
645 case BUS_POLICY_RULE_GROUP:
646 _dbus_assert_not_reached ("invalid rule");
650 if (remove_preceding)
651 remove_rules_by_type_up_to (policy, rule->type,
657 _dbus_verbose ("After optimization, policy has %d rules\n",
658 _dbus_list_get_length (&policy->rules));
662 bus_client_policy_append_rule (BusClientPolicy *policy,
665 _dbus_verbose ("Appending rule %p with type %d to policy %p\n",
666 rule, rule->type, policy);
668 if (!_dbus_list_append (&policy->rules, rule))
671 bus_policy_rule_ref (rule);
677 bus_client_policy_check_can_send (BusClientPolicy *policy,
678 BusRegistry *registry,
679 DBusConnection *receiver,
680 DBusMessage *message)
685 /* policy->rules is in the order the rules appeared
686 * in the config file, i.e. last rule that applies wins
689 _dbus_verbose (" (policy) checking send rules\n");
692 link = _dbus_list_get_first_link (&policy->rules);
695 BusPolicyRule *rule = link->data;
697 link = _dbus_list_get_next_link (&policy->rules, link);
699 /* Rule is skipped if it specifies a different
700 * message name from the message, or a different
701 * destination from the message
704 if (rule->type != BUS_POLICY_RULE_SEND)
706 _dbus_verbose (" (policy) skipping non-send rule\n");
710 if (rule->d.send.message_name != NULL)
712 if (!dbus_message_has_name (message,
713 rule->d.send.message_name))
715 _dbus_verbose (" (policy) skipping rule for different message name\n");
720 if (rule->d.send.destination != NULL)
722 /* receiver can be NULL for messages that are sent to the
723 * message bus itself, we check the strings in that case as
724 * built-in services don't have a DBusConnection but messages
725 * to them have a destination service name.
727 if (receiver == NULL)
729 if (!dbus_message_has_destination (message,
730 rule->d.send.destination))
732 _dbus_verbose (" (policy) skipping rule because message dest is not %s\n",
733 rule->d.send.destination);
742 _dbus_string_init_const (&str, rule->d.send.destination);
744 service = bus_registry_lookup (registry, &str);
747 _dbus_verbose (" (policy) skipping rule because dest %s doesn't exist\n",
748 rule->d.send.destination);
752 if (!bus_service_has_owner (service, receiver))
754 _dbus_verbose (" (policy) skipping rule because dest %s isn't owned by receiver\n",
755 rule->d.send.destination);
762 allowed = rule->allow;
764 _dbus_verbose (" (policy) used rule, allow now = %d\n",
772 bus_client_policy_check_can_receive (BusClientPolicy *policy,
773 BusRegistry *registry,
774 DBusConnection *sender,
775 DBusMessage *message)
780 /* policy->rules is in the order the rules appeared
781 * in the config file, i.e. last rule that applies wins
784 _dbus_verbose (" (policy) checking receive rules\n");
787 link = _dbus_list_get_first_link (&policy->rules);
790 BusPolicyRule *rule = link->data;
792 link = _dbus_list_get_next_link (&policy->rules, link);
794 /* Rule is skipped if it specifies a different
795 * message name from the message, or a different
796 * origin from the message
799 if (rule->type != BUS_POLICY_RULE_RECEIVE)
801 _dbus_verbose (" (policy) skipping non-receive rule\n");
805 if (rule->d.receive.message_name != NULL)
807 if (!dbus_message_has_name (message,
808 rule->d.receive.message_name))
810 _dbus_verbose (" (policy) skipping rule for different message name\n");
815 if (rule->d.receive.origin != NULL)
817 /* sender can be NULL for messages that originate from the
818 * message bus itself, we check the strings in that case as
819 * built-in services don't have a DBusConnection but will
820 * still set the sender on their messages.
824 if (!dbus_message_has_sender (message,
825 rule->d.receive.origin))
827 _dbus_verbose (" (policy) skipping rule because message sender is not %s\n",
828 rule->d.receive.origin);
837 _dbus_string_init_const (&str, rule->d.receive.origin);
839 service = bus_registry_lookup (registry, &str);
843 _dbus_verbose (" (policy) skipping rule because origin %s doesn't exist\n",
844 rule->d.receive.origin);
848 if (!bus_service_has_owner (service, sender))
850 _dbus_verbose (" (policy) skipping rule because origin %s isn't owned by sender\n",
851 rule->d.receive.origin);
858 allowed = rule->allow;
860 _dbus_verbose (" (policy) used rule, allow now = %d\n",
868 bus_client_policy_check_can_own (BusClientPolicy *policy,
869 DBusConnection *connection,
870 const DBusString *service_name)
875 /* policy->rules is in the order the rules appeared
876 * in the config file, i.e. last rule that applies wins
880 link = _dbus_list_get_first_link (&policy->rules);
883 BusPolicyRule *rule = link->data;
885 link = _dbus_list_get_next_link (&policy->rules, link);
887 /* Rule is skipped if it specifies a different service name from
891 if (rule->type != BUS_POLICY_RULE_OWN)
894 if (rule->d.own.service_name != NULL)
896 if (!_dbus_string_equal_c_str (service_name,
897 rule->d.own.service_name))
902 allowed = rule->allow;
908 #ifdef DBUS_BUILD_TESTS
911 bus_policy_test (const DBusString *test_data_dir)
913 /* This doesn't do anything for now because I decided to do it in
914 * dispatch.c instead by having some of the clients in dispatch.c
915 * have particular policies applied to them.
921 #endif /* DBUS_BUILD_TESTS */
projects / platform / upstream / dbus.git / blob