1 /* -*- mode: C; c-file-style: "gnu" -*- */
2 /* policy.c Bus security policy
4 * Copyright (C) 2003 Red Hat, Inc.
6 * Licensed under the Academic Free License version 1.2
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 #include <dbus/dbus-list.h>
28 #include <dbus/dbus-hash.h>
29 #include <dbus/dbus-internals.h>
32 bus_policy_rule_new (BusPolicyRuleType type,
37 rule = dbus_new0 (BusPolicyRule, 1);
49 bus_policy_rule_ref (BusPolicyRule *rule)
51 _dbus_assert (rule->refcount > 0);
57 bus_policy_rule_unref (BusPolicyRule *rule)
59 _dbus_assert (rule->refcount > 0);
63 if (rule->refcount == 0)
67 case BUS_POLICY_RULE_SEND:
68 dbus_free (rule->d.send.message_name);
69 dbus_free (rule->d.send.destination);
71 case BUS_POLICY_RULE_RECEIVE:
72 dbus_free (rule->d.receive.message_name);
73 dbus_free (rule->d.receive.origin);
75 case BUS_POLICY_RULE_OWN:
76 dbus_free (rule->d.own.service_name);
78 case BUS_POLICY_RULE_USER:
79 case BUS_POLICY_RULE_GROUP:
80 _dbus_assert_not_reached ("invalid rule");
92 DBusList *default_rules; /**< Default policy rules */
93 DBusList *mandatory_rules; /**< Mandatory policy rules */
94 DBusHashTable *rules_by_uid; /**< per-UID policy rules */
95 DBusHashTable *rules_by_gid; /**< per-GID policy rules */
99 free_rule_func (void *data,
102 BusPolicyRule *rule = data;
104 bus_policy_rule_unref (rule);
108 free_rule_list_func (void *data)
110 DBusList **list = data;
112 _dbus_list_foreach (list, free_rule_func, NULL);
114 _dbus_list_clear (list);
120 bus_policy_new (void)
124 policy = dbus_new0 (BusPolicy, 1);
128 policy->refcount = 1;
130 policy->rules_by_uid = _dbus_hash_table_new (DBUS_HASH_ULONG,
132 free_rule_list_func);
133 if (policy->rules_by_uid == NULL)
136 policy->rules_by_gid = _dbus_hash_table_new (DBUS_HASH_ULONG,
138 free_rule_list_func);
139 if (policy->rules_by_gid == NULL)
145 bus_policy_unref (policy);
150 bus_policy_ref (BusPolicy *policy)
152 _dbus_assert (policy->refcount > 0);
154 policy->refcount += 1;
158 bus_policy_unref (BusPolicy *policy)
160 _dbus_assert (policy->refcount > 0);
162 policy->refcount -= 1;
164 if (policy->refcount == 0)
166 if (policy->rules_by_uid)
168 _dbus_hash_table_unref (policy->rules_by_uid);
169 policy->rules_by_uid = NULL;
172 if (policy->rules_by_gid)
174 _dbus_hash_table_unref (policy->rules_by_gid);
175 policy->rules_by_gid = NULL;
183 add_list_to_client (DBusList **list,
184 BusClientPolicy *client)
188 link = _dbus_list_get_first_link (list);
191 BusPolicyRule *rule = link->data;
192 link = _dbus_list_get_next_link (list, link);
196 case BUS_POLICY_RULE_USER:
197 case BUS_POLICY_RULE_GROUP:
198 /* These aren't per-connection policies */
201 case BUS_POLICY_RULE_OWN:
202 case BUS_POLICY_RULE_SEND:
203 case BUS_POLICY_RULE_RECEIVE:
204 /* These are per-connection */
205 if (!bus_client_policy_append_rule (client, rule))
215 bus_policy_create_client_policy (BusPolicy *policy,
216 DBusConnection *connection)
218 BusClientPolicy *client;
222 _dbus_assert (dbus_connection_get_is_authenticated (connection));
224 client = bus_client_policy_new ();
228 if (!add_list_to_client (&policy->default_rules,
232 /* we avoid the overhead of looking up user's groups
233 * if we don't have any group rules anyway
235 if (_dbus_hash_table_get_n_entries (policy->rules_by_gid) > 0)
237 const unsigned long *groups;
241 if (!bus_connection_get_groups (connection, &groups, &n_groups))
247 list = _dbus_hash_table_lookup_ulong (policy->rules_by_gid,
252 if (!add_list_to_client (list, client))
260 if (!dbus_connection_get_unix_user (connection, &uid))
263 list = _dbus_hash_table_lookup_ulong (policy->rules_by_uid,
266 if (!add_list_to_client (list, client))
269 if (!add_list_to_client (&policy->mandatory_rules,
273 bus_client_policy_optimize (client);
278 bus_client_policy_unref (client);
283 list_allows_user (dbus_bool_t def,
286 const unsigned long *group_ids,
294 link = _dbus_list_get_first_link (list);
297 BusPolicyRule *rule = link->data;
298 link = _dbus_list_get_next_link (list, link);
300 if (rule->type == BUS_POLICY_RULE_USER)
302 if (rule->d.user.uid != uid)
305 else if (rule->type == BUS_POLICY_RULE_GROUP)
310 while (i < n_group_ids)
312 if (rule->d.group.gid == group_ids[i])
317 if (i == n_group_ids)
323 allowed = rule->allow;
330 bus_policy_allow_user (BusPolicy *policy,
334 unsigned long *group_ids;
337 /* On OOM or error we always reject the user */
338 if (!_dbus_get_groups (uid, &group_ids, &n_group_ids))
340 _dbus_verbose ("Did not get any groups for UID %lu\n",
347 allowed = list_allows_user (allowed,
348 &policy->default_rules,
350 group_ids, n_group_ids);
352 allowed = list_allows_user (allowed,
353 &policy->mandatory_rules,
355 group_ids, n_group_ids);
357 dbus_free (group_ids);
362 struct BusClientPolicy
370 bus_client_policy_new (void)
372 BusClientPolicy *policy;
374 policy = dbus_new0 (BusClientPolicy, 1);
378 policy->refcount = 1;
384 bus_client_policy_ref (BusClientPolicy *policy)
386 _dbus_assert (policy->refcount > 0);
388 policy->refcount += 1;
392 rule_unref_foreach (void *data,
395 BusPolicyRule *rule = data;
397 bus_policy_rule_unref (rule);
401 bus_client_policy_unref (BusClientPolicy *policy)
403 _dbus_assert (policy->refcount > 0);
405 policy->refcount -= 1;
407 if (policy->refcount == 0)
409 _dbus_list_foreach (&policy->rules,
413 _dbus_list_clear (&policy->rules);
420 remove_rules_by_type_up_to (BusClientPolicy *policy,
421 BusPolicyRuleType type,
426 link = _dbus_list_get_first (&policy->rules);
427 while (link != up_to)
429 BusPolicyRule *rule = link->data;
430 DBusList *next = _dbus_list_get_next_link (&policy->rules, link);
432 bus_policy_rule_unref (rule);
433 _dbus_list_remove_link (&policy->rules, link);
440 bus_client_policy_optimize (BusClientPolicy *policy)
444 /* The idea here is that if we have:
446 * <allow send="foo"/>
449 * (for example) the deny will always override the allow. So we
450 * delete the allow. Ditto for deny followed by allow, etc. This is
451 * a dumb thing to put in a config file, but the <include> feature
452 * of files allows for an "inheritance and override" pattern where
453 * it could make sense. If an included file wants to "start over"
454 * with a blanket deny, no point keeping the rules from the parent
458 _dbus_verbose ("Optimizing policy with %d rules\n",
459 _dbus_list_get_length (&policy->rules));
461 link = _dbus_list_get_first (&policy->rules);
464 BusPolicyRule *rule = link->data;
465 DBusList *next = _dbus_list_get_next_link (&policy->rules, link);
466 dbus_bool_t remove_preceding;
468 remove_preceding = FALSE;
472 case BUS_POLICY_RULE_SEND:
474 rule->d.send.message_name == NULL &&
475 rule->d.send.destination == NULL;
477 case BUS_POLICY_RULE_RECEIVE:
479 rule->d.receive.message_name == NULL &&
480 rule->d.receive.origin == NULL;
482 case BUS_POLICY_RULE_OWN:
484 rule->d.own.service_name == NULL;
486 case BUS_POLICY_RULE_USER:
487 case BUS_POLICY_RULE_GROUP:
488 _dbus_assert_not_reached ("invalid rule");
492 if (remove_preceding)
493 remove_rules_by_type_up_to (policy, rule->type,
499 _dbus_verbose ("After optimization, policy has %d rules\n",
500 _dbus_list_get_length (&policy->rules));
504 bus_client_policy_append_rule (BusClientPolicy *policy,
507 if (!_dbus_list_append (&policy->rules, rule))
510 bus_policy_rule_ref (rule);
516 bus_client_policy_check_can_send (BusClientPolicy *policy,
517 BusRegistry *registry,
518 DBusConnection *receiver,
519 DBusMessage *message)
524 /* policy->rules is in the order the rules appeared
525 * in the config file, i.e. last rule that applies wins
529 link = _dbus_list_get_first (&policy->rules);
532 BusPolicyRule *rule = link->data;
534 link = _dbus_list_get_next_link (&policy->rules, link);
536 /* Rule is skipped if it specifies a different
537 * message name from the message, or a different
538 * destination from the message
541 if (rule->type != BUS_POLICY_RULE_SEND)
544 if (rule->d.send.message_name != NULL)
546 if (!dbus_message_name_is (message,
547 rule->d.send.message_name))
551 if (rule->d.send.destination != NULL)
553 /* receiver can be NULL for messages that are sent to the
554 * message bus itself, we check the strings in that case as
555 * built-in services don't have a DBusConnection but messages
556 * to them have a destination service name.
558 if (receiver == NULL)
560 if (!dbus_message_sender_is (message,
561 rule->d.send.destination))
569 _dbus_string_init_const (&str, rule->d.send.destination);
571 service = bus_registry_lookup (registry, &str);
575 if (!bus_service_has_owner (service, receiver))
581 allowed = rule->allow;
588 bus_client_policy_check_can_receive (BusClientPolicy *policy,
589 BusRegistry *registry,
590 DBusConnection *sender,
591 DBusMessage *message)
596 /* policy->rules is in the order the rules appeared
597 * in the config file, i.e. last rule that applies wins
601 link = _dbus_list_get_first (&policy->rules);
604 BusPolicyRule *rule = link->data;
606 link = _dbus_list_get_next_link (&policy->rules, link);
608 /* Rule is skipped if it specifies a different
609 * message name from the message, or a different
610 * origin from the message
613 if (rule->type != BUS_POLICY_RULE_RECEIVE)
616 if (rule->d.receive.message_name != NULL)
618 if (!dbus_message_name_is (message,
619 rule->d.receive.message_name))
623 if (rule->d.receive.origin != NULL)
625 /* sender can be NULL for messages that originate from the
626 * message bus itself, we check the strings in that case as
627 * built-in services don't have a DBusConnection but will
628 * still set the sender on their messages.
632 if (!dbus_message_sender_is (message,
633 rule->d.receive.origin))
641 _dbus_string_init_const (&str, rule->d.receive.origin);
643 service = bus_registry_lookup (registry, &str);
648 if (!bus_service_has_owner (service, sender))
654 allowed = rule->allow;
661 bus_client_policy_check_can_own (BusClientPolicy *policy,
662 DBusConnection *connection,
663 const DBusString *service_name)
668 /* policy->rules is in the order the rules appeared
669 * in the config file, i.e. last rule that applies wins
673 link = _dbus_list_get_first (&policy->rules);
676 BusPolicyRule *rule = link->data;
678 link = _dbus_list_get_next_link (&policy->rules, link);
680 /* Rule is skipped if it specifies a different service name from
684 if (rule->type != BUS_POLICY_RULE_OWN)
687 if (rule->d.own.service_name != NULL)
689 if (!_dbus_string_equal_c_str (service_name,
690 rule->d.own.service_name))
695 allowed = rule->allow;
701 #ifdef DBUS_BUILD_TESTS
704 bus_policy_test (const DBusString *test_data_dir)
706 /* This doesn't do anything for now because I decided to do it in
707 * dispatch.c instead by having some of the clients in dispatch.c
708 * have particular policies applied to them.
714 #endif /* DBUS_BUILD_TESTS */
projects / platform / upstream / dbus.git / blob