summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog9
-rw-r--r--bus/bus.c20
-rw-r--r--bus/bus.h46
-rw-r--r--bus/connection.c64
-rw-r--r--bus/connection.h2
-rw-r--r--bus/policy.c17
-rw-r--r--bus/policy.h34
7 files changed, 112 insertions, 80 deletions
diff --git a/ChangeLog b/ChangeLog
index b013d69c..97c58800 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2003-04-15 Havoc Pennington <hp@pobox.com>
+
+ * bus/bus.c: create and keep around a shared DBusUserDatabase
+ object.
+
+ * bus/connection.c (bus_connection_get_groups): don't cache
+ groups for user in the connection object, since user database
+ object now does that.
+
2003-04-16 Havoc Pennington <hp@redhat.com>
* dbus/dbus-message.c (_dbus_message_add_size_counter): keep a
diff --git a/bus/bus.c b/bus/bus.c
index 7b7ea6f1..385b3714 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -44,6 +44,7 @@ struct BusContext
BusActivation *activation;
BusRegistry *registry;
BusPolicy *policy;
+ DBusUserDatabase *user_database;
int activation_timeout; /**< How long to wait for an activation to time out */
int auth_timeout; /**< How long to wait for an authentication to time out */
int max_completed_connections; /**< Max number of authorized connections */
@@ -371,6 +372,13 @@ bus_context_new (const DBusString *config_file,
* DOS all the other users.
*/
context->max_completed_connections = 1024;
+
+ context->user_database = _dbus_user_database_new ();
+ if (context->user_database == NULL)
+ {
+ BUS_SET_OOM (error);
+ goto failed;
+ }
context->loop = _dbus_loop_new ();
if (context->loop == NULL)
@@ -733,6 +741,8 @@ bus_context_unref (BusContext *context)
dbus_free (context->pidfile);
}
+ _dbus_user_database_unref (context->user_database);
+
dbus_free (context);
server_data_slot_unref ();
@@ -776,11 +786,19 @@ bus_context_get_loop (BusContext *context)
return context->loop;
}
+DBusUserDatabase*
+bus_context_get_user_database (BusContext *context)
+{
+ return context->user_database;
+}
+
dbus_bool_t
bus_context_allow_user (BusContext *context,
unsigned long uid)
{
- return bus_policy_allow_user (context->policy, uid);
+ return bus_policy_allow_user (context->policy,
+ context->user_database,
+ uid);
}
BusClientPolicy*
diff --git a/bus/bus.h b/bus/bus.h
index 885182c7..7369d220 100644
--- a/bus/bus.h
+++ b/bus/bus.h
@@ -29,6 +29,7 @@
#include <dbus/dbus.h>
#include <dbus/dbus-string.h>
#include <dbus/dbus-mainloop.h>
+#include <dbus/dbus-userdb.h>
typedef struct BusActivation BusActivation;
typedef struct BusConnections BusConnections;
@@ -40,28 +41,29 @@ typedef struct BusRegistry BusRegistry;
typedef struct BusService BusService;
typedef struct BusTransaction BusTransaction;
-BusContext* bus_context_new (const DBusString *config_file,
- int print_addr_fd,
- DBusError *error);
-void bus_context_shutdown (BusContext *context);
-void bus_context_ref (BusContext *context);
-void bus_context_unref (BusContext *context);
-const char* bus_context_get_type (BusContext *context);
-const char* bus_context_get_address (BusContext *context);
-BusRegistry* bus_context_get_registry (BusContext *context);
-BusConnections* bus_context_get_connections (BusContext *context);
-BusActivation* bus_context_get_activation (BusContext *context);
-DBusLoop* bus_context_get_loop (BusContext *context);
-dbus_bool_t bus_context_allow_user (BusContext *context,
- unsigned long uid);
-BusClientPolicy* bus_context_create_client_policy (BusContext *context,
- DBusConnection *connection);
-int bus_context_get_activation_timeout (BusContext *context);
-dbus_bool_t bus_context_check_security_policy (BusContext *context,
- DBusConnection *sender,
- DBusConnection *recipient,
- DBusMessage *message,
- DBusError *error);
+BusContext* bus_context_new (const DBusString *config_file,
+ int print_addr_fd,
+ DBusError *error);
+void bus_context_shutdown (BusContext *context);
+void bus_context_ref (BusContext *context);
+void bus_context_unref (BusContext *context);
+const char* bus_context_get_type (BusContext *context);
+const char* bus_context_get_address (BusContext *context);
+BusRegistry* bus_context_get_registry (BusContext *context);
+BusConnections* bus_context_get_connections (BusContext *context);
+BusActivation* bus_context_get_activation (BusContext *context);
+DBusLoop* bus_context_get_loop (BusContext *context);
+DBusUserDatabase* bus_context_get_user_database (BusContext *context);
+dbus_bool_t bus_context_allow_user (BusContext *context,
+ unsigned long uid);
+BusClientPolicy* bus_context_create_client_policy (BusContext *context,
+ DBusConnection *connection);
+int bus_context_get_activation_timeout (BusContext *context);
+dbus_bool_t bus_context_check_security_policy (BusContext *context,
+ DBusConnection *sender,
+ DBusConnection *recipient,
+ DBusMessage *message,
+ DBusError *error);
#endif /* BUS_BUS_H */
diff --git a/bus/connection.c b/bus/connection.c
index 4c48fbd6..c311f7ed 100644
--- a/bus/connection.c
+++ b/bus/connection.c
@@ -48,8 +48,6 @@ typedef struct
DBusList *transaction_messages; /**< Stuff we need to send as part of a transaction */
DBusMessage *oom_message;
DBusPreallocatedSend *oom_preallocated;
- unsigned long *group_ids;
- int n_group_ids;
BusClientPolicy *policy;
} BusConnectionData;
@@ -306,8 +304,6 @@ free_connection_data (void *data)
if (d->policy)
bus_client_policy_unref (d->policy);
- dbus_free (d->group_ids);
-
dbus_free (d->name);
dbus_free (d);
@@ -394,9 +390,6 @@ bus_connections_setup_connection (BusConnections *connections,
}
retval = FALSE;
-
- d->n_group_ids = 0;
- d->group_ids = NULL;
if (!dbus_connection_set_watch_functions (connection,
add_connection_watch,
@@ -476,45 +469,42 @@ bus_connections_setup_connection (BusConnections *connections,
}
dbus_bool_t
-bus_connection_get_groups (DBusConnection *connection,
- const unsigned long **groups,
- int *n_groups)
+bus_connection_get_groups (DBusConnection *connection,
+ unsigned long **groups,
+ int *n_groups)
{
BusConnectionData *d;
-
+ unsigned long uid;
+ DBusUserDatabase *user_database;
+
d = BUS_CONNECTION_DATA (connection);
_dbus_assert (d != NULL);
+ user_database = bus_context_get_user_database (d->connections->context);
+
*groups = NULL;
*n_groups = 0;
- /* we do a lazy lookup on groups a user is in for two reasons:
- * 1) we can't do it on connection setup since the user
- * hasn't authenticated and 2) it might be expensive
- * and we don't need to do it if there are no group-based
- * rules in the config file
- */
-
- if (d->n_group_ids == 0)
+ if (dbus_connection_get_unix_user (connection, &uid))
{
- unsigned long uid;
-
- if (dbus_connection_get_unix_user (connection, &uid))
+ if (!_dbus_user_database_get_groups (user_database,
+ uid, groups, n_groups,
+ NULL))
{
- if (!_dbus_get_groups (uid, &d->group_ids, &d->n_group_ids, NULL))
- {
- _dbus_verbose ("Did not get any groups for UID %lu\n",
- uid);
- return FALSE;
- }
+ _dbus_verbose ("Did not get any groups for UID %lu\n",
+ uid);
+ return FALSE;
+ }
+ else
+ {
+ _dbus_verbose ("Got %d groups for UID %lu\n",
+ *n_groups, uid);
+ return TRUE;
}
}
-
- *groups = d->group_ids;
- *n_groups = d->n_group_ids;
-
- return TRUE;
+ else
+ return TRUE; /* successfully got 0 groups */
}
dbus_bool_t
@@ -522,7 +512,7 @@ bus_connection_is_in_group (DBusConnection *connection,
unsigned long gid)
{
int i;
- const unsigned long *group_ids;
+ unsigned long *group_ids;
int n_group_ids;
if (!bus_connection_get_groups (connection, &group_ids, &n_group_ids))
@@ -532,10 +522,14 @@ bus_connection_is_in_group (DBusConnection *connection,
while (i < n_group_ids)
{
if (group_ids[i] == gid)
- return TRUE;
+ {
+ dbus_free (group_ids);
+ return TRUE;
+ }
++i;
}
+ dbus_free (group_ids);
return FALSE;
}
diff --git a/bus/connection.h b/bus/connection.h
index ead47673..c429007b 100644
--- a/bus/connection.h
+++ b/bus/connection.h
@@ -73,7 +73,7 @@ void bus_connection_disconnected (DBusConnection *connection);
dbus_bool_t bus_connection_is_in_group (DBusConnection *connection,
unsigned long gid);
dbus_bool_t bus_connection_get_groups (DBusConnection *connection,
- const unsigned long **groups,
+ unsigned long **groups,
int *n_groups);
BusClientPolicy* bus_connection_get_policy (DBusConnection *connection);
diff --git a/bus/policy.c b/bus/policy.c
index ad0cfaef..7d9b4b76 100644
--- a/bus/policy.c
+++ b/bus/policy.c
@@ -253,7 +253,7 @@ bus_policy_create_client_policy (BusPolicy *policy,
*/
if (_dbus_hash_table_get_n_entries (policy->rules_by_gid) > 0)
{
- const unsigned long *groups;
+ unsigned long *groups;
int n_groups;
int i;
@@ -271,11 +271,16 @@ bus_policy_create_client_policy (BusPolicy *policy,
if (list != NULL)
{
if (!add_list_to_client (list, client))
- goto failed;
+ {
+ dbus_free (groups);
+ goto failed;
+ }
}
++i;
}
+
+ dbus_free (groups);
}
if (!dbus_connection_get_unix_user (connection, &uid))
@@ -369,15 +374,17 @@ list_allows_user (dbus_bool_t def,
}
dbus_bool_t
-bus_policy_allow_user (BusPolicy *policy,
- unsigned long uid)
+bus_policy_allow_user (BusPolicy *policy,
+ DBusUserDatabase *user_database,
+ unsigned long uid)
{
dbus_bool_t allowed;
unsigned long *group_ids;
int n_group_ids;
/* On OOM or error we always reject the user */
- if (!_dbus_get_groups (uid, &group_ids, &n_group_ids, NULL))
+ if (!_dbus_user_database_get_groups (user_database,
+ uid, &group_ids, &n_group_ids, NULL))
{
_dbus_verbose ("Did not get any groups for UID %lu\n",
uid);
diff --git a/bus/policy.h b/bus/policy.h
index 53e30e77..07aa51b9 100644
--- a/bus/policy.h
+++ b/bus/policy.h
@@ -93,22 +93,24 @@ void bus_policy_rule_ref (BusPolicyRule *rule);
void bus_policy_rule_unref (BusPolicyRule *rule);
BusPolicy* bus_policy_new (void);
-void bus_policy_ref (BusPolicy *policy);
-void bus_policy_unref (BusPolicy *policy);
-BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy,
- DBusConnection *connection);
-dbus_bool_t bus_policy_allow_user (BusPolicy *policy,
- unsigned long uid);
-dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy,
- BusPolicyRule *rule);
-dbus_bool_t bus_policy_append_mandatory_rule (BusPolicy *policy,
- BusPolicyRule *rule);
-dbus_bool_t bus_policy_append_user_rule (BusPolicy *policy,
- dbus_uid_t uid,
- BusPolicyRule *rule);
-dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy,
- dbus_gid_t gid,
- BusPolicyRule *rule);
+void bus_policy_ref (BusPolicy *policy);
+void bus_policy_unref (BusPolicy *policy);
+BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy,
+ DBusConnection *connection);
+dbus_bool_t bus_policy_allow_user (BusPolicy *policy,
+ DBusUserDatabase *user_database,
+ unsigned long uid);
+dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy,
+ BusPolicyRule *rule);
+dbus_bool_t bus_policy_append_mandatory_rule (BusPolicy *policy,
+ BusPolicyRule *rule);
+dbus_bool_t bus_policy_append_user_rule (BusPolicy *policy,
+ dbus_uid_t uid,
+ BusPolicyRule *rule);
+dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy,
+ dbus_gid_t gid,
+ BusPolicyRule *rule);
+
BusClientPolicy* bus_client_policy_new (void);
void bus_client_policy_ref (BusClientPolicy *policy);