+2004-08-25 John Palmieri <johnp@redhat.com>
+ * bus/config-parser.c:
+ (struct PolicyType): Add POLICY_CONSOLE
+ (struct Element.d.policy): s/gid_or_uid/gid_uid_or_at_console
+ (start_busconfig_child): Sets up console element when
+ <policy at_console=""> is encountered in a policy file
+ (append_rule_from_element): Convert console elements to console
+ rules.
+
+ * bus/policy.c:
+ (bus_policy_create_client_policy): Add console rules to the client
+ policy based on if the client is at the console
+ (bus_policy_append_console_rule): New function for adding a
+ console rule to a policy
+ (bus_policy_merge): Handle console rule merging
+
+ * dbus/dbus-sysdeps.h: Added the DBUS_CONSOLE_DIR constant
+ where we check for console user files
+
+ * dbus/dbus-sysdeps.c:
+ (_dbus_file_exists): New function which checks if the given
+ file exists
+ (_dbus_user_at_console): New function which does the system
+ specific process of checking if the user is at the console
+
+ * dbus/dbus-userdb.c:
+ (_dbus_is_console_user): New function converts a UID to user name
+ and then calls the system specific _dbus_user_at_console to
+ see if the user is at the console and therefor a console user
+
2004-08-25 Olivier Andrieu <oliv__a@users.sourceforge.net>
* bus/config-parser.c (set_limit):
POLICY_DEFAULT,
POLICY_MANDATORY,
POLICY_USER,
- POLICY_GROUP
+ POLICY_GROUP,
+ POLICY_CONSOLE
} PolicyType;
typedef struct
struct
{
PolicyType type;
- unsigned long gid_or_uid;
+ unsigned long gid_uid_or_at_console;
} policy;
struct
const char *context;
const char *user;
const char *group;
+ const char *at_console;
if ((e = push_element (parser, ELEMENT_POLICY)) == NULL)
{
"context", &context,
"user", &user,
"group", &group,
+ "at_console", &at_console,
NULL))
return FALSE;
if (((context && user) ||
- (context && group)) ||
- (user && group) ||
- !(context || user || group))
+ (context && group) ||
+ (context && at_console)) ||
+ ((user && group) ||
+ (user && at_console)) ||
+ (group && at_console) ||
+ !(context || user || group || at_console))
{
dbus_set_error (error, DBUS_ERROR_FAILED,
- "<policy> element must have exactly one of (context|user|group) attributes");
+ "<policy> element must have exactly one of (context|user|group|at_console) attributes");
return FALSE;
}
_dbus_string_init_const (&username, user);
if (_dbus_get_user_id (&username,
- &e->d.policy.gid_or_uid))
+ &e->d.policy.gid_uid_or_at_console))
e->d.policy.type = POLICY_USER;
else
_dbus_warn ("Unknown username \"%s\" in message bus configuration file\n",
_dbus_string_init_const (&group_name, group);
if (_dbus_get_group_id (&group_name,
- &e->d.policy.gid_or_uid))
+ &e->d.policy.gid_uid_or_at_console))
e->d.policy.type = POLICY_GROUP;
else
_dbus_warn ("Unknown group \"%s\" in message bus configuration file\n",
group);
}
+ else if (at_console != NULL)
+ {
+ dbus_bool_t t;
+ t = (strcmp (at_console, "true") == 0);
+ if (t || strcmp (at_console, "false") == 0)
+ {
+ e->d.policy.gid_uid_or_at_console = t;
+ e->d.policy.type = POLICY_CONSOLE;
+ }
+ else
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED,
+ "Unknown value \"%s\" for at_console in message bus configuration file",
+ at_console);
+
+ return FALSE;
+ }
+ }
else
{
_dbus_assert_not_reached ("all <policy> attributes null and we didn't set error");
const char *own;
const char *user;
const char *group;
+
BusPolicyRule *rule;
if (!locate_attributes (parser, element_name,
goto failed;
}
- if (!bus_policy_append_user_rule (parser->policy, pe->d.policy.gid_or_uid,
+ if (!bus_policy_append_user_rule (parser->policy, pe->d.policy.gid_uid_or_at_console,
rule))
goto nomem;
break;
goto failed;
}
- if (!bus_policy_append_group_rule (parser->policy, pe->d.policy.gid_or_uid,
+ if (!bus_policy_append_group_rule (parser->policy, pe->d.policy.gid_uid_or_at_console,
+ rule))
+ goto nomem;
+ break;
+
+
+ case POLICY_CONSOLE:
+ if (!bus_policy_append_console_rule (parser->policy, pe->d.policy.gid_uid_or_at_console,
rule))
goto nomem;
break;
}
-
+
bus_policy_rule_unref (rule);
rule = NULL;
}
case ELEMENT_POLICY:
if (a->d.policy.type != b->d.policy.type)
return FALSE;
- if (a->d.policy.gid_or_uid != b->d.policy.gid_or_uid)
+ if (a->d.policy.gid_uid_or_at_console != b->d.policy.gid_uid_or_at_console)
return FALSE;
break;
{
int refcount;
- DBusList *default_rules; /**< Default policy rules */
- DBusList *mandatory_rules; /**< Mandatory policy rules */
- DBusHashTable *rules_by_uid; /**< per-UID policy rules */
- DBusHashTable *rules_by_gid; /**< per-GID policy rules */
+ DBusList *default_rules; /**< Default policy rules */
+ DBusList *mandatory_rules; /**< Mandatory policy rules */
+ DBusHashTable *rules_by_uid; /**< per-UID policy rules */
+ DBusHashTable *rules_by_gid; /**< per-GID policy rules */
+ DBusList *at_console_true_rules; /**< console user policy rules where at_console="true"*/
+ DBusList *at_console_false_rules; /**< console user policy rules where at_console="false"*/
};
static void
_dbus_list_foreach (&policy->mandatory_rules, free_rule_func, NULL);
_dbus_list_clear (&policy->mandatory_rules);
-
+
+ _dbus_list_foreach (&policy->at_console_true_rules, free_rule_func, NULL);
+ _dbus_list_clear (&policy->at_console_true_rules);
+
+ _dbus_list_foreach (&policy->at_console_false_rules, free_rule_func, NULL);
+ _dbus_list_clear (&policy->at_console_false_rules);
+
if (policy->rules_by_uid)
{
_dbus_hash_table_unref (policy->rules_by_uid);
DBusError *error)
{
BusClientPolicy *client;
- unsigned long uid;
+ dbus_uid_t uid;
+ dbus_bool_t at_console;
_dbus_assert (dbus_connection_get_is_authenticated (connection));
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
}
}
+ /* Add console rules */
+ at_console = _dbus_is_console_user (uid, error);
+
+ if (at_console)
+ {
+ if (!add_list_to_client (&policy->at_console_true_rules, client))
+ goto nomem;
+ }
+ else if (dbus_error_is_set (error) == TRUE)
+ {
+ goto failed;
+ }
+ else if (!add_list_to_client (&policy->at_console_false_rules, client))
+ {
+ goto nomem;
+ }
+
if (!add_list_to_client (&policy->mandatory_rules,
client))
goto nomem;
{
BusPolicyRule *rule = link->data;
link = _dbus_list_get_next_link (list, link);
-
+
if (rule->type == BUS_POLICY_RULE_USER)
{
_dbus_verbose ("List %p user rule uid="DBUS_UID_FORMAT"\n",
return TRUE;
}
+
+
static DBusList**
get_list (DBusHashTable *hash,
unsigned long key)
return TRUE;
}
+dbus_bool_t
+bus_policy_append_console_rule (BusPolicy *policy,
+ dbus_bool_t at_console,
+ BusPolicyRule *rule)
+{
+ if (at_console)
+ {
+ if (!_dbus_list_append (&policy->at_console_true_rules, rule))
+ return FALSE;
+ }
+ else
+ {
+ if (!_dbus_list_append (&policy->at_console_false_rules, rule))
+ return FALSE;
+ }
+
+ bus_policy_rule_ref (rule);
+
+ return TRUE;
+
+}
+
static dbus_bool_t
append_copy_of_policy_list (DBusList **list,
DBusList **to_append)
&to_absorb->mandatory_rules))
return FALSE;
+ if (!append_copy_of_policy_list (&policy->at_console_true_rules,
+ &to_absorb->at_console_true_rules))
+ return FALSE;
+
+ if (!append_copy_of_policy_list (&policy->at_console_false_rules,
+ &to_absorb->at_console_false_rules))
+ return FALSE;
+
if (!merge_id_hash (policy->rules_by_uid,
to_absorb->rules_by_uid))
return FALSE;
#include <dbus/dbus.h>
#include <dbus/dbus-string.h>
+#include <dbus/dbus-list.h>
#include <dbus/dbus-sysdeps.h>
#include "bus.h"
/* can be DBUS_GID_UNSET meaning "any" */
dbus_gid_t gid;
} group;
-
+
} d;
};
dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy,
dbus_gid_t gid,
BusPolicyRule *rule);
+dbus_bool_t bus_policy_append_console_rule (BusPolicy *policy,
+ dbus_bool_t at_console,
+ BusPolicyRule *rule);
+
dbus_bool_t bus_policy_merge (BusPolicy *policy,
BusPolicy *to_absorb);
sigaction (sig, &act, 0);
}
+/** Checks if a file exists
+*
+* @param file full path to the file
+* @returns #TRUE if file exists
+*/
+dbus_bool_t
+_dbus_file_exists (const char *file)
+{
+ return (access (file, F_OK) == 0);
+}
+
+/** Checks if user is at the console
+*
+* @param username user to check
+* @param error return location for errors
+* @returns #TRUE is the user is at the consolei and there are no errors
+*/
+dbus_bool_t
+_dbus_user_at_console (const char *username,
+ DBusError *error)
+{
+
+ DBusString f;
+ dbus_bool_t result;
+
+ if (!_dbus_string_init (&f))
+ {
+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
+ return FALSE;
+ }
+
+ if (!_dbus_string_append (&f, DBUS_CONSOLE_DIR))
+ {
+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
+ return FALSE;
+ }
+
+
+ if (!_dbus_string_append (&f, username))
+ {
+ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL);
+ return FALSE;
+ }
+
+ result = _dbus_file_exists (_dbus_string_get_const_data (&f));
+ _dbus_string_free (&f);
+
+ return result;
+}
#ifdef DBUS_BUILD_TESTS
#include <stdlib.h>
#define DBUS_UID_FORMAT "%lu"
#define DBUS_GID_FORMAT "%lu"
+#define DBUS_CONSOLE_DIR "/var/run/console/"
+
/**
* Struct representing socket credentials
*/
void _dbus_set_signal_handler (int sig,
DBusSignalHandler handler);
+dbus_bool_t _dbus_file_exists (const char *file);
+dbus_bool_t _dbus_user_at_console (const char *username,
+ DBusError *error);
/* Define DBUS_VA_COPY() to do the right thing for copying va_list variables.
* config.h may have already defined DBUS_VA_COPY as va_copy or __va_copy.
DBusHashTable *groups; /**< Groups in the database by GID */
DBusHashTable *users_by_name; /**< Users in the database by name */
DBusHashTable *groups_by_name; /**< Groups in the database by name */
+
};
static void
}
/**
+ * Checks to see if the UID sent in is the console user
+ *
+ * @param uid UID of person to check
+ * @param error return location for errors
+ * @returns #TRUE if the UID is the same as the console user and there are no errors
+ */
+dbus_bool_t
+_dbus_is_console_user (dbus_uid_t uid,
+ DBusError *error)
+{
+
+ DBusUserDatabase *db;
+ const DBusUserInfo *info;
+ DBusString *console_file;
+ dbus_bool_t result = FALSE;
+
+ _dbus_user_database_lock_system ();
+
+ db = _dbus_user_database_get_system ();
+ if (db == NULL)
+ {
+ dbus_set_error (error, DBUS_ERROR_FAILED, "Could not get system database.");
+ _dbus_user_database_unlock_system ();
+ return FALSE;
+ }
+
+ info = _dbus_user_database_lookup (db, uid, NULL, error);
+
+ if (info == NULL)
+ {
+ _dbus_user_database_unlock_system ();
+ return FALSE;
+ }
+
+ result = _dbus_user_at_console (info->username, error);
+
+ _dbus_user_database_unlock_system ();
+
+ return result;
+}
+
+/**
* Gets group ID given groupname
*
* @param groupname the groupname
DBusError *error);
-
DBusUserDatabase* _dbus_user_database_get_system (void);
void _dbus_user_database_lock_system (void);
void _dbus_user_database_unlock_system (void);
DBusCredentials *credentials);
dbus_bool_t _dbus_credentials_from_uid (dbus_uid_t user_id,
DBusCredentials *credentials);
+dbus_bool_t _dbus_is_console_user (dbus_uid_t uid,
+ DBusError *error);
DBUS_END_DECLS;