diff options
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | bus/bus.c | 20 | ||||
-rw-r--r-- | bus/bus.h | 46 | ||||
-rw-r--r-- | bus/connection.c | 64 | ||||
-rw-r--r-- | bus/connection.h | 2 | ||||
-rw-r--r-- | bus/policy.c | 17 | ||||
-rw-r--r-- | bus/policy.h | 34 |
7 files changed, 112 insertions, 80 deletions
@@ -1,3 +1,12 @@ +2003-04-15 Havoc Pennington <hp@pobox.com> + + * bus/bus.c: create and keep around a shared DBusUserDatabase + object. + + * bus/connection.c (bus_connection_get_groups): don't cache + groups for user in the connection object, since user database + object now does that. + 2003-04-16 Havoc Pennington <hp@redhat.com> * dbus/dbus-message.c (_dbus_message_add_size_counter): keep a @@ -44,6 +44,7 @@ struct BusContext BusActivation *activation; BusRegistry *registry; BusPolicy *policy; + DBusUserDatabase *user_database; int activation_timeout; /**< How long to wait for an activation to time out */ int auth_timeout; /**< How long to wait for an authentication to time out */ int max_completed_connections; /**< Max number of authorized connections */ @@ -371,6 +372,13 @@ bus_context_new (const DBusString *config_file, * DOS all the other users. */ context->max_completed_connections = 1024; + + context->user_database = _dbus_user_database_new (); + if (context->user_database == NULL) + { + BUS_SET_OOM (error); + goto failed; + } context->loop = _dbus_loop_new (); if (context->loop == NULL) @@ -733,6 +741,8 @@ bus_context_unref (BusContext *context) dbus_free (context->pidfile); } + _dbus_user_database_unref (context->user_database); + dbus_free (context); server_data_slot_unref (); @@ -776,11 +786,19 @@ bus_context_get_loop (BusContext *context) return context->loop; } +DBusUserDatabase* +bus_context_get_user_database (BusContext *context) +{ + return context->user_database; +} + dbus_bool_t bus_context_allow_user (BusContext *context, unsigned long uid) { - return bus_policy_allow_user (context->policy, uid); + return bus_policy_allow_user (context->policy, + context->user_database, + uid); } BusClientPolicy* @@ -29,6 +29,7 @@ #include <dbus/dbus.h> #include <dbus/dbus-string.h> #include <dbus/dbus-mainloop.h> +#include <dbus/dbus-userdb.h> typedef struct BusActivation BusActivation; typedef struct BusConnections BusConnections; @@ -40,28 +41,29 @@ typedef struct BusRegistry BusRegistry; typedef struct BusService BusService; typedef struct BusTransaction BusTransaction; -BusContext* bus_context_new (const DBusString *config_file, - int print_addr_fd, - DBusError *error); -void bus_context_shutdown (BusContext *context); -void bus_context_ref (BusContext *context); -void bus_context_unref (BusContext *context); -const char* bus_context_get_type (BusContext *context); -const char* bus_context_get_address (BusContext *context); -BusRegistry* bus_context_get_registry (BusContext *context); -BusConnections* bus_context_get_connections (BusContext *context); -BusActivation* bus_context_get_activation (BusContext *context); -DBusLoop* bus_context_get_loop (BusContext *context); -dbus_bool_t bus_context_allow_user (BusContext *context, - unsigned long uid); -BusClientPolicy* bus_context_create_client_policy (BusContext *context, - DBusConnection *connection); -int bus_context_get_activation_timeout (BusContext *context); -dbus_bool_t bus_context_check_security_policy (BusContext *context, - DBusConnection *sender, - DBusConnection *recipient, - DBusMessage *message, - DBusError *error); +BusContext* bus_context_new (const DBusString *config_file, + int print_addr_fd, + DBusError *error); +void bus_context_shutdown (BusContext *context); +void bus_context_ref (BusContext *context); +void bus_context_unref (BusContext *context); +const char* bus_context_get_type (BusContext *context); +const char* bus_context_get_address (BusContext *context); +BusRegistry* bus_context_get_registry (BusContext *context); +BusConnections* bus_context_get_connections (BusContext *context); +BusActivation* bus_context_get_activation (BusContext *context); +DBusLoop* bus_context_get_loop (BusContext *context); +DBusUserDatabase* bus_context_get_user_database (BusContext *context); +dbus_bool_t bus_context_allow_user (BusContext *context, + unsigned long uid); +BusClientPolicy* bus_context_create_client_policy (BusContext *context, + DBusConnection *connection); +int bus_context_get_activation_timeout (BusContext *context); +dbus_bool_t bus_context_check_security_policy (BusContext *context, + DBusConnection *sender, + DBusConnection *recipient, + DBusMessage *message, + DBusError *error); #endif /* BUS_BUS_H */ diff --git a/bus/connection.c b/bus/connection.c index 4c48fbd6..c311f7ed 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -48,8 +48,6 @@ typedef struct DBusList *transaction_messages; /**< Stuff we need to send as part of a transaction */ DBusMessage *oom_message; DBusPreallocatedSend *oom_preallocated; - unsigned long *group_ids; - int n_group_ids; BusClientPolicy *policy; } BusConnectionData; @@ -306,8 +304,6 @@ free_connection_data (void *data) if (d->policy) bus_client_policy_unref (d->policy); - dbus_free (d->group_ids); - dbus_free (d->name); dbus_free (d); @@ -394,9 +390,6 @@ bus_connections_setup_connection (BusConnections *connections, } retval = FALSE; - - d->n_group_ids = 0; - d->group_ids = NULL; if (!dbus_connection_set_watch_functions (connection, add_connection_watch, @@ -476,45 +469,42 @@ bus_connections_setup_connection (BusConnections *connections, } dbus_bool_t -bus_connection_get_groups (DBusConnection *connection, - const unsigned long **groups, - int *n_groups) +bus_connection_get_groups (DBusConnection *connection, + unsigned long **groups, + int *n_groups) { BusConnectionData *d; - + unsigned long uid; + DBusUserDatabase *user_database; + d = BUS_CONNECTION_DATA (connection); _dbus_assert (d != NULL); + user_database = bus_context_get_user_database (d->connections->context); + *groups = NULL; *n_groups = 0; - /* we do a lazy lookup on groups a user is in for two reasons: - * 1) we can't do it on connection setup since the user - * hasn't authenticated and 2) it might be expensive - * and we don't need to do it if there are no group-based - * rules in the config file - */ - - if (d->n_group_ids == 0) + if (dbus_connection_get_unix_user (connection, &uid)) { - unsigned long uid; - - if (dbus_connection_get_unix_user (connection, &uid)) + if (!_dbus_user_database_get_groups (user_database, + uid, groups, n_groups, + NULL)) { - if (!_dbus_get_groups (uid, &d->group_ids, &d->n_group_ids, NULL)) - { - _dbus_verbose ("Did not get any groups for UID %lu\n", - uid); - return FALSE; - } + _dbus_verbose ("Did not get any groups for UID %lu\n", + uid); + return FALSE; + } + else + { + _dbus_verbose ("Got %d groups for UID %lu\n", + *n_groups, uid); + return TRUE; } } - - *groups = d->group_ids; - *n_groups = d->n_group_ids; - - return TRUE; + else + return TRUE; /* successfully got 0 groups */ } dbus_bool_t @@ -522,7 +512,7 @@ bus_connection_is_in_group (DBusConnection *connection, unsigned long gid) { int i; - const unsigned long *group_ids; + unsigned long *group_ids; int n_group_ids; if (!bus_connection_get_groups (connection, &group_ids, &n_group_ids)) @@ -532,10 +522,14 @@ bus_connection_is_in_group (DBusConnection *connection, while (i < n_group_ids) { if (group_ids[i] == gid) - return TRUE; + { + dbus_free (group_ids); + return TRUE; + } ++i; } + dbus_free (group_ids); return FALSE; } diff --git a/bus/connection.h b/bus/connection.h index ead47673..c429007b 100644 --- a/bus/connection.h +++ b/bus/connection.h @@ -73,7 +73,7 @@ void bus_connection_disconnected (DBusConnection *connection); dbus_bool_t bus_connection_is_in_group (DBusConnection *connection, unsigned long gid); dbus_bool_t bus_connection_get_groups (DBusConnection *connection, - const unsigned long **groups, + unsigned long **groups, int *n_groups); BusClientPolicy* bus_connection_get_policy (DBusConnection *connection); diff --git a/bus/policy.c b/bus/policy.c index ad0cfaef..7d9b4b76 100644 --- a/bus/policy.c +++ b/bus/policy.c @@ -253,7 +253,7 @@ bus_policy_create_client_policy (BusPolicy *policy, */ if (_dbus_hash_table_get_n_entries (policy->rules_by_gid) > 0) { - const unsigned long *groups; + unsigned long *groups; int n_groups; int i; @@ -271,11 +271,16 @@ bus_policy_create_client_policy (BusPolicy *policy, if (list != NULL) { if (!add_list_to_client (list, client)) - goto failed; + { + dbus_free (groups); + goto failed; + } } ++i; } + + dbus_free (groups); } if (!dbus_connection_get_unix_user (connection, &uid)) @@ -369,15 +374,17 @@ list_allows_user (dbus_bool_t def, } dbus_bool_t -bus_policy_allow_user (BusPolicy *policy, - unsigned long uid) +bus_policy_allow_user (BusPolicy *policy, + DBusUserDatabase *user_database, + unsigned long uid) { dbus_bool_t allowed; unsigned long *group_ids; int n_group_ids; /* On OOM or error we always reject the user */ - if (!_dbus_get_groups (uid, &group_ids, &n_group_ids, NULL)) + if (!_dbus_user_database_get_groups (user_database, + uid, &group_ids, &n_group_ids, NULL)) { _dbus_verbose ("Did not get any groups for UID %lu\n", uid); diff --git a/bus/policy.h b/bus/policy.h index 53e30e77..07aa51b9 100644 --- a/bus/policy.h +++ b/bus/policy.h @@ -93,22 +93,24 @@ void bus_policy_rule_ref (BusPolicyRule *rule); void bus_policy_rule_unref (BusPolicyRule *rule); BusPolicy* bus_policy_new (void); -void bus_policy_ref (BusPolicy *policy); -void bus_policy_unref (BusPolicy *policy); -BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy, - DBusConnection *connection); -dbus_bool_t bus_policy_allow_user (BusPolicy *policy, - unsigned long uid); -dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy, - BusPolicyRule *rule); -dbus_bool_t bus_policy_append_mandatory_rule (BusPolicy *policy, - BusPolicyRule *rule); -dbus_bool_t bus_policy_append_user_rule (BusPolicy *policy, - dbus_uid_t uid, - BusPolicyRule *rule); -dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy, - dbus_gid_t gid, - BusPolicyRule *rule); +void bus_policy_ref (BusPolicy *policy); +void bus_policy_unref (BusPolicy *policy); +BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy, + DBusConnection *connection); +dbus_bool_t bus_policy_allow_user (BusPolicy *policy, + DBusUserDatabase *user_database, + unsigned long uid); +dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy, + BusPolicyRule *rule); +dbus_bool_t bus_policy_append_mandatory_rule (BusPolicy *policy, + BusPolicyRule *rule); +dbus_bool_t bus_policy_append_user_rule (BusPolicy *policy, + dbus_uid_t uid, + BusPolicyRule *rule); +dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy, + dbus_gid_t gid, + BusPolicyRule *rule); + BusClientPolicy* bus_client_policy_new (void); void bus_client_policy_ref (BusClientPolicy *policy); |