diff options
author | Havoc Pennington <hp@redhat.com> | 2003-03-23 07:41:54 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2003-03-23 07:41:54 +0000 |
commit | a26607ab68bf0878f23d2dbddec781b4b760d034 (patch) | |
tree | fe9153c14712ce893b605a7b23b47e4e7e8d17d8 /bus/connection.c | |
parent | b6ffea177fccb6cc4e65992da7d8b390054277f7 (diff) | |
download | dbus-a26607ab68bf0878f23d2dbddec781b4b760d034.tar.gz |
2003-03-23 Havoc Pennington <hp@pobox.com>
* bus/policy.c, bus/bus.c, bus/connection.c: implement allow/deny
policies code
* dbus/dbus-hash.h: add ULONG hash keys
* dbus/dbus-sysdeps.c (_dbus_get_groups): new
(_dbus_get_group_id): new function
Diffstat (limited to 'bus/connection.c')
-rw-r--r-- | bus/connection.c | 123 |
1 files changed, 123 insertions, 0 deletions
diff --git a/bus/connection.c b/bus/connection.c index b01cbde6..773ed5ef 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -23,6 +23,7 @@ #include "connection.h" #include "dispatch.h" #include "loop.h" +#include "policy.h" #include "services.h" #include "utils.h" #include <dbus/dbus-list.h> @@ -48,6 +49,9 @@ typedef struct DBusList *transaction_messages; /**< Stuff we need to send as part of a transaction */ DBusMessage *oom_message; DBusPreallocatedSend *oom_preallocated; + unsigned long *group_ids; + int n_group_ids; + BusPolicy *policy; } BusConnectionData; #define BUS_CONNECTION_DATA(connection) (dbus_connection_get_data ((connection), connection_data_slot)) @@ -231,6 +235,20 @@ remove_connection_timeout (DBusTimeout *timeout, bus_loop_remove_timeout (timeout, connection_timeout_callback, connection); } +static dbus_bool_t +allow_user_function (DBusConnection *connection, + unsigned long uid, + void *data) +{ + BusConnectionData *d; + + d = BUS_CONNECTION_DATA (connection); + + _dbus_assert (d != NULL); + + return bus_context_allow_user (d->connections->context, uid); +} + static void free_connection_data (void *data) { @@ -246,6 +264,11 @@ free_connection_data (void *data) if (d->oom_message) dbus_message_unref (d->oom_message); + + if (d->policy) + bus_policy_unref (d->policy); + + dbus_free (d->group_ids); dbus_free (d->name); @@ -333,6 +356,9 @@ bus_connections_setup_connection (BusConnections *connections, } retval = FALSE; + + d->n_group_ids = 0; + d->group_ids = NULL; if (!dbus_connection_set_watch_functions (connection, (DBusAddWatchFunction) add_connection_watch, @@ -387,6 +413,103 @@ bus_connections_setup_connection (BusConnections *connections, return retval; } +dbus_bool_t +bus_connection_get_groups (DBusConnection *connection, + const unsigned long **groups, + int *n_groups) +{ + BusConnectionData *d; + + d = BUS_CONNECTION_DATA (connection); + + _dbus_assert (d != NULL); + + *groups = NULL; + *n_groups = 0; + + /* we do a lazy lookup on groups a user is in for two reasons: + * 1) we can't do it on connection setup since the user + * hasn't authenticated and 2) it might be expensive + * and we don't need to do it if there are no group-based + * rules in the config file + */ + + if (d->n_group_ids == 0) + { + unsigned long uid; + + if (dbus_connection_get_unix_user (connection, &uid)) + { + if (!_dbus_get_groups (uid, &d->group_ids, &d->n_group_ids)) + { + _dbus_verbose ("Did not get any groups for UID %lu\n", + uid); + return FALSE; + } + } + } + + *groups = d->group_ids; + *n_groups = d->n_group_ids; + + return TRUE; +} + +dbus_bool_t +bus_connection_is_in_group (DBusConnection *connection, + unsigned long gid) +{ + int i; + const unsigned long *group_ids; + int n_group_ids; + + if (!bus_connection_get_groups (connection, &group_ids, &n_group_ids)) + return FALSE; + + i = 0; + while (i < n_group_ids) + { + if (group_ids[i] == gid) + return TRUE; + ++i; + } + + return FALSE; +} + +BusPolicy* +bus_connection_get_policy (DBusConnection *connection) +{ + BusConnectionData *d; + + d = BUS_CONNECTION_DATA (connection); + + _dbus_assert (d != NULL); + + if (!dbus_connection_get_is_authenticated (connection)) + { + _dbus_verbose ("Tried to get policy for unauthenticated connection!\n"); + return NULL; + } + + /* We do lazy creation of the policy because + * it can only be done post-authentication. + */ + if (d->policy == NULL) + { + d->policy = + bus_context_create_connection_policy (d->connections->context, + connection); + + /* we may have a NULL policy on OOM or error getting list of + * groups for a user. In the latter case we don't handle it so + * well currently, just keep pretending we're out of memory, + * which is kind of bizarre. + */ + } + + return d->policy; +} /** * Calls function on each connection; if the function returns |