-/* -*- mode: C; c-file-style: "gnu" -*- */
-/* policy.h Policies for what a connection can do
+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
+/* policy.h Bus security policy
*
* Copyright (C) 2003 Red Hat, Inc.
*
- * Licensed under the Academic Free License version 1.2
+ * Licensed under the Academic Free License version 2.1
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#include <dbus/dbus.h>
#include <dbus/dbus-string.h>
+#include <dbus/dbus-list.h>
+#include <dbus/dbus-sysdeps.h>
#include "bus.h"
typedef enum
BUS_POLICY_RULE_GROUP
} BusPolicyRuleType;
+/** determines whether the rule affects a connection, or some global item */
+#define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \
+ (rule)->type == BUS_POLICY_RULE_GROUP))
+
struct BusPolicyRule
{
int refcount;
{
struct
{
- /* either can be NULL meaning "any" */
- char *message_name;
+ /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
+ int message_type;
+ /* any of these can be NULL meaning "any" */
+ char *path;
+ char *interface;
+ char *member;
+ char *error;
char *destination;
+ unsigned int eavesdrop : 1;
+ unsigned int requested_reply : 1;
+ unsigned int log : 1;
} send;
struct
{
- /* either can be NULL meaning "any" */
- char *message_name;
+ /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
+ int message_type;
+ /* any of these can be NULL meaning "any" */
+ char *path;
+ char *interface;
+ char *member;
+ char *error;
char *origin;
+ unsigned int eavesdrop : 1;
+ unsigned int requested_reply : 1;
} receive;
struct
struct
{
- char *user;
- unsigned long uid;
+ /* can be DBUS_UID_UNSET meaning "any" */
+ dbus_uid_t uid;
} user;
struct
{
- char *group;
- unsigned long gid;
+ /* can be DBUS_GID_UNSET meaning "any" */
+ dbus_gid_t gid;
} group;
-
+
} d;
};
BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type,
dbus_bool_t allow);
-void bus_policy_rule_ref (BusPolicyRule *rule);
+BusPolicyRule* bus_policy_rule_ref (BusPolicyRule *rule);
void bus_policy_rule_unref (BusPolicyRule *rule);
-BusPolicy* bus_policy_new (void);
-void bus_policy_ref (BusPolicy *policy);
-void bus_policy_unref (BusPolicy *policy);
-dbus_bool_t bus_policy_check_can_send (BusPolicy *policy,
- BusRegistry *registry,
- DBusConnection *receiver,
- DBusMessage *message);
-dbus_bool_t bus_policy_check_can_receive (BusPolicy *policy,
- BusRegistry *registry,
- DBusConnection *sender,
- DBusMessage *message);
-dbus_bool_t bus_policy_check_can_own (BusPolicy *policy,
- DBusConnection *connection,
- const DBusString *service_name);
-dbus_bool_t bus_policy_append_rule (BusPolicy *policy,
- BusPolicyRule *rule);
-void bus_policy_optimize (BusPolicy *policy);
+BusPolicy* bus_policy_new (void);
+BusPolicy* bus_policy_ref (BusPolicy *policy);
+void bus_policy_unref (BusPolicy *policy);
+BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy,
+ DBusConnection *connection,
+ DBusError *error);
+dbus_bool_t bus_policy_allow_unix_user (BusPolicy *policy,
+ unsigned long uid);
+dbus_bool_t bus_policy_allow_windows_user (BusPolicy *policy,
+ const char *windows_sid);
+dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy,
+ BusPolicyRule *rule);
+dbus_bool_t bus_policy_append_mandatory_rule (BusPolicy *policy,
+ BusPolicyRule *rule);
+dbus_bool_t bus_policy_append_user_rule (BusPolicy *policy,
+ dbus_uid_t uid,
+ BusPolicyRule *rule);
+dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy,
+ dbus_gid_t gid,
+ BusPolicyRule *rule);
+dbus_bool_t bus_policy_append_console_rule (BusPolicy *policy,
+ dbus_bool_t at_console,
+ BusPolicyRule *rule);
+
+dbus_bool_t bus_policy_merge (BusPolicy *policy,
+ BusPolicy *to_absorb);
+
+BusClientPolicy* bus_client_policy_new (void);
+BusClientPolicy* bus_client_policy_ref (BusClientPolicy *policy);
+void bus_client_policy_unref (BusClientPolicy *policy);
+dbus_bool_t bus_client_policy_check_can_send (BusClientPolicy *policy,
+ BusRegistry *registry,
+ dbus_bool_t requested_reply,
+ DBusConnection *receiver,
+ DBusMessage *message,
+ dbus_int32_t *toggles,
+ dbus_bool_t *log);
+dbus_bool_t bus_client_policy_check_can_receive (BusClientPolicy *policy,
+ BusRegistry *registry,
+ dbus_bool_t requested_reply,
+ DBusConnection *sender,
+ DBusConnection *addressed_recipient,
+ DBusConnection *proposed_recipient,
+ DBusMessage *message,
+ dbus_int32_t *toggles);
+dbus_bool_t bus_client_policy_check_can_own (BusClientPolicy *policy,
+ DBusConnection *connection,
+ const DBusString *service_name);
+dbus_bool_t bus_client_policy_append_rule (BusClientPolicy *policy,
+ BusPolicyRule *rule);
+void bus_client_policy_optimize (BusClientPolicy *policy);
+
#endif /* BUS_POLICY_H */