bus/policy.h

   1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
   2 /* policy.h  Bus security policy
   3  *
   4  * Copyright (C) 2003  Red Hat, Inc.
   5  *
   6  * Licensed under the Academic Free License version 2.1
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  21  *
  22  */
  23
  24 #ifndef BUS_POLICY_H
  25 #define BUS_POLICY_H
  26
  27 #include <dbus/dbus.h>
  28 #include <dbus/dbus-string.h>
  29 #include <dbus/dbus-list.h>
  30 #include <dbus/dbus-sysdeps.h>
  31 #include "bus.h"
  32
  33 typedef enum
  34 {
  35   BUS_POLICY_RULE_SEND,
  36   BUS_POLICY_RULE_RECEIVE,
  37   BUS_POLICY_RULE_OWN,
  38   BUS_POLICY_RULE_USER,
  39   BUS_POLICY_RULE_GROUP
  40 } BusPolicyRuleType;
  41
  42 typedef enum
  43 {
  44   BUS_POLICY_RULE_ACCESS_DENY,
  45   BUS_POLICY_RULE_ACCESS_ALLOW,
  46   /** runtime check resulting in allow or deny */
  47   BUS_POLICY_RULE_ACCESS_CHECK
  48 } BusPolicyRuleAccess;
  49
  50 typedef enum
  51 {
  52   BUS_POLICY_TRISTATE_ANY = 0,
  53   BUS_POLICY_TRISTATE_FALSE,
  54   BUS_POLICY_TRISTATE_TRUE
  55 } BusPolicyTristate;
  56
  57 /** determines whether the rule affects a connection, or some global item */
  58 #define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \
  59                                                (rule)->type == BUS_POLICY_RULE_GROUP))
  60
  61 struct BusPolicyRule
  62 {
  63   int refcount;
  64
  65   BusPolicyRuleType type;
  66
  67   unsigned int access : 2; /**< BusPolicyRuleAccess */
  68   unsigned int score : 30; /**< for keeping the importance of the rule */
  69   char *privilege; /**< for BUS_POLICY_RULE_ACCESS_CHECK */
  70
  71   union
  72   {
  73     struct
  74     {
  75       /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
  76       int   message_type;
  77       /* any of these can be NULL meaning "any" */
  78       char *path;
  79       char *interface;
  80       char *member;
  81       char *error;
  82       char *destination;
  83       unsigned int max_fds;
  84       unsigned int min_fds;
  85       unsigned int eavesdrop : 1;
  86       unsigned int requested_reply : 1;
  87       unsigned int log : 1;
  88       unsigned int destination_prefix : 1;
  89       unsigned int broadcast : 2; /**< really a BusPolicyTristate */
  90     } send;
  91
  92     struct
  93     {
  94       /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
  95       int   message_type;
  96       /* any of these can be NULL meaning "any" */
  97       char *path;
  98       char *interface;
  99       char *member;
 100       char *error;
 101       char *origin;
 102       unsigned int max_fds;
 103       unsigned int min_fds;
 104       unsigned int eavesdrop : 1;
 105       unsigned int requested_reply : 1;
 106     } receive;
 107
 108     struct
 109     {
 110       /* can be NULL meaning "any" */
 111       char *service_name;
 112       /* if prefix is set, any name starting with service_name can be owned */
 113       unsigned int prefix : 1;
 114     } own;
 115
 116     struct
 117     {
 118       /* can be DBUS_UID_UNSET meaning "any" */
 119       dbus_uid_t uid;
 120     } user;
 121
 122     struct
 123     {
 124       /* can be DBUS_GID_UNSET meaning "any" */
 125       dbus_gid_t gid;
 126     } group;
 127
 128   } d;
 129 };
 130
 131 BusPolicyRule* bus_policy_rule_new   (BusPolicyRuleType type,
 132                                       BusPolicyRuleAccess access);
 133 BusPolicyRule* bus_policy_rule_ref   (BusPolicyRule    *rule);
 134 void           bus_policy_rule_unref (BusPolicyRule    *rule);
 135
 136 BusPolicy*       bus_policy_new                   (void);
 137 BusPolicy*       bus_policy_ref                   (BusPolicy        *policy);
 138 void             bus_policy_unref                 (BusPolicy        *policy);
 139 BusClientPolicy* bus_policy_create_client_policy  (BusPolicy        *policy,
 140                                                    DBusConnection   *connection,
 141                                                    DBusError        *error);
 142 dbus_bool_t      bus_policy_allow_unix_user       (BusPolicy        *policy,
 143                                                    unsigned long     uid);
 144 dbus_bool_t      bus_policy_allow_windows_user    (BusPolicy        *policy,
 145                                                    const char       *windows_sid);
 146 dbus_bool_t      bus_policy_append_default_rule   (BusPolicy        *policy,
 147                                                    BusPolicyRule    *rule);
 148 dbus_bool_t      bus_policy_append_mandatory_rule (BusPolicy        *policy,
 149                                                    BusPolicyRule    *rule);
 150 dbus_bool_t      bus_policy_append_user_rule      (BusPolicy        *policy,
 151                                                    dbus_uid_t        uid,
 152                                                    BusPolicyRule    *rule);
 153 dbus_bool_t      bus_policy_append_group_rule     (BusPolicy        *policy,
 154                                                    dbus_gid_t        gid,
 155                                                    BusPolicyRule    *rule);
 156 dbus_bool_t      bus_policy_append_console_rule   (BusPolicy        *policy,
 157                                                    dbus_bool_t        at_console,
 158                                                    BusPolicyRule    *rule);
 159
 160 dbus_bool_t      bus_policy_merge                 (BusPolicy        *policy,
 161                                                    BusPolicy        *to_absorb);
 162
 163 BusClientPolicy* bus_client_policy_new               (void);
 164 BusClientPolicy* bus_client_policy_ref               (BusClientPolicy  *policy);
 165 void             bus_client_policy_unref             (BusClientPolicy  *policy);
 166 BusResult        bus_client_policy_check_can_send    (DBusConnection      *sender,
 167                                                       BusClientPolicy     *policy,
 168                                                       BusRegistry         *registry,
 169                                                       dbus_bool_t          requested_reply,
 170                                                       DBusConnection      *addressed_recipient,
 171                                                       DBusConnection      *receiver,
 172                                                       DBusMessage         *message,
 173                                                       dbus_int32_t        *toggles,
 174                                                       dbus_bool_t         *log,
 175                                                       const char         **privilege_param,
 176                                                       BusDeferredMessage **deferred_message,
 177                                                       char               **out_rule);
 178 BusResult        bus_client_policy_check_can_receive (BusClientPolicy     *policy,
 179                                                       BusRegistry         *registry,
 180                                                       dbus_bool_t          requested_reply,
 181                                                       DBusConnection      *sender,
 182                                                       DBusConnection      *addressed_recipient,
 183                                                       DBusConnection      *proposed_recipient,
 184                                                       DBusMessage         *message,
 185                                                       dbus_int32_t        *toggles,
 186                                                       const char         **privilege_param,
 187                                                       BusDeferredMessage **deferred_message,
 188                                                       char               **out_rule);
 189 BusResult        bus_client_policy_check_can_own     (BusClientPolicy  *policy,
 190                                                       const DBusString *service_name,
 191                                                       DBusConnection   *connection,
 192                                                       DBusMessage      *message);
 193
 194 #ifdef DBUS_ENABLE_EMBEDDED_TESTS
 195 dbus_bool_t      bus_policy_check_can_own     (BusPolicy  *policy,
 196                                                const DBusString *service_name);
 197 #endif
 198
 199 #endif /* BUS_POLICY_H */