]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/bus-proxyd/bus-xml-policy.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bus-proxy: implement 'at_console'
[thirdparty/systemd.git] / src / bus-proxyd / bus-xml-policy.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2013 Lennart Poettering
7
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
12
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
17
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 ***/
21
22 #include "xml.h"
23 #include "fileio.h"
24 #include "strv.h"
25 #include "conf-files.h"
26 #include "bus-internal.h"
27 #include "bus-message.h"
28 #include "bus-xml-policy.h"
29 #include "sd-login.h"
30
31 static void policy_item_free(PolicyItem *i) {
32 assert(i);
33
34 free(i->interface);
35 free(i->member);
36 free(i->error);
37 free(i->name);
38 free(i->path);
39 free(i);
40 }
41
42 DEFINE_TRIVIAL_CLEANUP_FUNC(PolicyItem*, policy_item_free);
43
44 static void item_append(PolicyItem *i, PolicyItem **list) {
45
46 PolicyItem *tail;
47
48 LIST_FIND_TAIL(items, *list, tail);
49 LIST_INSERT_AFTER(items, *list, tail, i);
50 }
51
52 static int file_load(Policy *p, const char *path) {
53
54 _cleanup_free_ char *c = NULL, *policy_user = NULL, *policy_group = NULL;
55 _cleanup_(policy_item_freep) PolicyItem *i = NULL;
56 void *xml_state = NULL;
57 unsigned n_other = 0;
58 const char *q;
59 int r;
60
61 enum {
62 STATE_OUTSIDE,
63 STATE_BUSCONFIG,
64 STATE_POLICY,
65 STATE_POLICY_CONTEXT,
66 STATE_POLICY_CONSOLE,
67 STATE_POLICY_USER,
68 STATE_POLICY_GROUP,
69 STATE_POLICY_OTHER_ATTRIBUTE,
70 STATE_ALLOW_DENY,
71 STATE_ALLOW_DENY_INTERFACE,
72 STATE_ALLOW_DENY_MEMBER,
73 STATE_ALLOW_DENY_ERROR,
74 STATE_ALLOW_DENY_PATH,
75 STATE_ALLOW_DENY_MESSAGE_TYPE,
76 STATE_ALLOW_DENY_NAME,
77 STATE_ALLOW_DENY_OTHER_ATTRIBUTE,
78 STATE_OTHER,
79 } state = STATE_OUTSIDE;
80
81 enum {
82 POLICY_CATEGORY_NONE,
83 POLICY_CATEGORY_DEFAULT,
84 POLICY_CATEGORY_MANDATORY,
85 POLICY_CATEGORY_ON_CONSOLE,
86 POLICY_CATEGORY_NO_CONSOLE,
87 POLICY_CATEGORY_USER,
88 POLICY_CATEGORY_GROUP
89 } policy_category = POLICY_CATEGORY_NONE;
90
91 unsigned line = 0;
92
93 assert(p);
94
95 r = read_full_file(path, &c, NULL);
96 if (r < 0) {
97 if (r == -ENOENT)
98 return 0;
99 if (r == -EISDIR)
100 return r;
101
102 return log_error_errno(r, "Failed to load %s: %m", path);
103 }
104
105 q = c;
106 for (;;) {
107 _cleanup_free_ char *name = NULL;
108 int t;
109
110 t = xml_tokenize(&q, &name, &xml_state, &line);
111 if (t < 0)
112 return log_error_errno(t, "XML parse failure in %s: %m", path);
113
114 switch (state) {
115
116 case STATE_OUTSIDE:
117
118 if (t == XML_TAG_OPEN) {
119 if (streq(name, "busconfig"))
120 state = STATE_BUSCONFIG;
121 else {
122 log_error("Unexpected tag %s at %s:%u.", name, path, line);
123 return -EINVAL;
124 }
125
126 } else if (t == XML_END)
127 return 0;
128 else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
129 log_error("Unexpected token (1) at %s:%u.", path, line);
130 return -EINVAL;
131 }
132
133 break;
134
135 case STATE_BUSCONFIG:
136
137 if (t == XML_TAG_OPEN) {
138 if (streq(name, "policy")) {
139 state = STATE_POLICY;
140 policy_category = POLICY_CATEGORY_NONE;
141 free(policy_user);
142 free(policy_group);
143 policy_user = policy_group = NULL;
144 } else {
145 state = STATE_OTHER;
146 n_other = 0;
147 }
148 } else if (t == XML_TAG_CLOSE_EMPTY ||
149 (t == XML_TAG_CLOSE && streq(name, "busconfig")))
150 state = STATE_OUTSIDE;
151 else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
152 log_error("Unexpected token (2) at %s:%u.", path, line);
153 return -EINVAL;
154 }
155
156 break;
157
158 case STATE_POLICY:
159
160 if (t == XML_ATTRIBUTE_NAME) {
161 if (streq(name, "context"))
162 state = STATE_POLICY_CONTEXT;
163 else if (streq(name, "at_console"))
164 state = STATE_POLICY_CONSOLE;
165 else if (streq(name, "user"))
166 state = STATE_POLICY_USER;
167 else if (streq(name, "group"))
168 state = STATE_POLICY_GROUP;
169 else {
170 log_warning("Attribute %s of <policy> tag unknown at %s:%u, ignoring.", name, path, line);
171 state = STATE_POLICY_OTHER_ATTRIBUTE;
172 }
173 } else if (t == XML_TAG_CLOSE_EMPTY ||
174 (t == XML_TAG_CLOSE && streq(name, "policy")))
175 state = STATE_BUSCONFIG;
176 else if (t == XML_TAG_OPEN) {
177 PolicyItemType it;
178
179 if (streq(name, "allow"))
180 it = POLICY_ITEM_ALLOW;
181 else if (streq(name, "deny"))
182 it = POLICY_ITEM_DENY;
183 else {
184 log_warning("Unknown tag %s in <policy> %s:%u.", name, path, line);
185 return -EINVAL;
186 }
187
188 assert(!i);
189 i = new0(PolicyItem, 1);
190 if (!i)
191 return log_oom();
192
193 i->type = it;
194 state = STATE_ALLOW_DENY;
195
196 } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
197 log_error("Unexpected token (3) at %s:%u.", path, line);
198 return -EINVAL;
199 }
200
201 break;
202
203 case STATE_POLICY_CONTEXT:
204
205 if (t == XML_ATTRIBUTE_VALUE) {
206 if (streq(name, "default")) {
207 policy_category = POLICY_CATEGORY_DEFAULT;
208 state = STATE_POLICY;
209 } else if (streq(name, "mandatory")) {
210 policy_category = POLICY_CATEGORY_MANDATORY;
211 state = STATE_POLICY;
212 } else {
213 log_error("context= parameter %s unknown for <policy> at %s:%u.", name, path, line);
214 return -EINVAL;
215 }
216 } else {
217 log_error("Unexpected token (4) at %s:%u.", path, line);
218 return -EINVAL;
219 }
220
221 break;
222
223 case STATE_POLICY_CONSOLE:
224
225 if (t == XML_ATTRIBUTE_VALUE) {
226 if (streq(name, "true")) {
227 policy_category = POLICY_CATEGORY_ON_CONSOLE;
228 state = STATE_POLICY;
229 } else if (streq(name, "false")) {
230 policy_category = POLICY_CATEGORY_NO_CONSOLE;
231 state = STATE_POLICY;
232 } else {
233 log_error("at_console= parameter %s unknown for <policy> at %s:%u.", name, path, line);
234 return -EINVAL;
235 }
236 } else {
237 log_error("Unexpected token (4.1) at %s:%u.", path, line);
238 return -EINVAL;
239 }
240
241 break;
242
243 case STATE_POLICY_USER:
244
245 if (t == XML_ATTRIBUTE_VALUE) {
246 free(policy_user);
247 policy_user = name;
248 name = NULL;
249 policy_category = POLICY_CATEGORY_USER;
250 state = STATE_POLICY;
251 } else {
252 log_error("Unexpected token (5) in %s:%u.", path, line);
253 return -EINVAL;
254 }
255
256 break;
257
258 case STATE_POLICY_GROUP:
259
260 if (t == XML_ATTRIBUTE_VALUE) {
261 free(policy_group);
262 policy_group = name;
263 name = NULL;
264 policy_category = POLICY_CATEGORY_GROUP;
265 state = STATE_POLICY;
266 } else {
267 log_error("Unexpected token (6) at %s:%u.", path, line);
268 return -EINVAL;
269 }
270
271 break;
272
273 case STATE_POLICY_OTHER_ATTRIBUTE:
274
275 if (t == XML_ATTRIBUTE_VALUE)
276 state = STATE_POLICY;
277 else {
278 log_error("Unexpected token (7) in %s:%u.", path, line);
279 return -EINVAL;
280 }
281
282 break;
283
284 case STATE_ALLOW_DENY:
285
286 assert(i);
287
288 if (t == XML_ATTRIBUTE_NAME) {
289 PolicyItemClass ic;
290
291 if (startswith(name, "send_"))
292 ic = POLICY_ITEM_SEND;
293 else if (startswith(name, "receive_"))
294 ic = POLICY_ITEM_RECV;
295 else if (streq(name, "own"))
296 ic = POLICY_ITEM_OWN;
297 else if (streq(name, "own_prefix"))
298 ic = POLICY_ITEM_OWN_PREFIX;
299 else if (streq(name, "user"))
300 ic = POLICY_ITEM_USER;
301 else if (streq(name, "group"))
302 ic = POLICY_ITEM_GROUP;
303 else if (streq(name, "eavesdrop")) {
304 log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line);
305 state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
306 break;
307 } else {
308 log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line);
309 state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
310 break;
311 }
312
313 if (i->class != _POLICY_ITEM_CLASS_UNSET && ic != i->class) {
314 log_error("send_, receive_/eavesdrop fields mixed on same tag at %s:%u.", path, line);
315 return -EINVAL;
316 }
317
318 i->class = ic;
319
320 if (ic == POLICY_ITEM_SEND || ic == POLICY_ITEM_RECV) {
321 const char *u;
322
323 u = strchr(name, '_');
324 assert(u);
325
326 u++;
327
328 if (streq(u, "interface"))
329 state = STATE_ALLOW_DENY_INTERFACE;
330 else if (streq(u, "member"))
331 state = STATE_ALLOW_DENY_MEMBER;
332 else if (streq(u, "error"))
333 state = STATE_ALLOW_DENY_ERROR;
334 else if (streq(u, "path"))
335 state = STATE_ALLOW_DENY_PATH;
336 else if (streq(u, "type"))
337 state = STATE_ALLOW_DENY_MESSAGE_TYPE;
338 else if ((streq(u, "destination") && ic == POLICY_ITEM_SEND) ||
339 (streq(u, "sender") && ic == POLICY_ITEM_RECV))
340 state = STATE_ALLOW_DENY_NAME;
341 else {
342 if (streq(u, "requested_reply"))
343 log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line);
344 else
345 log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line);
346 state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
347 break;
348 }
349 } else
350 state = STATE_ALLOW_DENY_NAME;
351
352 } else if (t == XML_TAG_CLOSE_EMPTY ||
353 (t == XML_TAG_CLOSE && streq(name, i->type == POLICY_ITEM_ALLOW ? "allow" : "deny"))) {
354
355 /* If the tag is fully empty so far, we consider it a recv */
356 if (i->class == _POLICY_ITEM_CLASS_UNSET)
357 i->class = POLICY_ITEM_RECV;
358
359 if (policy_category == POLICY_CATEGORY_DEFAULT)
360 item_append(i, &p->default_items);
361 else if (policy_category == POLICY_CATEGORY_MANDATORY)
362 item_append(i, &p->mandatory_items);
363 else if (policy_category == POLICY_CATEGORY_ON_CONSOLE)
364 item_append(i, &p->on_console_items);
365 else if (policy_category == POLICY_CATEGORY_NO_CONSOLE)
366 item_append(i, &p->no_console_items);
367 else if (policy_category == POLICY_CATEGORY_USER) {
368 const char *u = policy_user;
369
370 assert_cc(sizeof(uid_t) == sizeof(uint32_t));
371
372 r = hashmap_ensure_allocated(&p->user_items, NULL);
373 if (r < 0)
374 return log_oom();
375
376 if (!u) {
377 log_error("User policy without name");
378 return -EINVAL;
379 }
380
381 r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
382 if (r < 0) {
383 log_error_errno(r, "Failed to resolve user %s, ignoring policy: %m", u);
384 free(i);
385 } else {
386 PolicyItem *first;
387
388 first = hashmap_get(p->user_items, UINT32_TO_PTR(i->uid));
389 item_append(i, &first);
390 i->uid_valid = true;
391
392 r = hashmap_replace(p->user_items, UINT32_TO_PTR(i->uid), first);
393 if (r < 0) {
394 LIST_REMOVE(items, first, i);
395 return log_oom();
396 }
397 }
398
399 } else if (policy_category == POLICY_CATEGORY_GROUP) {
400 const char *g = policy_group;
401
402 assert_cc(sizeof(gid_t) == sizeof(uint32_t));
403
404 r = hashmap_ensure_allocated(&p->group_items, NULL);
405 if (r < 0)
406 return log_oom();
407
408 if (!g) {
409 log_error("Group policy without name");
410 return -EINVAL;
411 }
412
413 r = get_group_creds(&g, &i->gid);
414 if (r < 0) {
415 log_error_errno(r, "Failed to resolve group %s, ignoring policy: %m", g);
416 free(i);
417 } else {
418 PolicyItem *first;
419
420 first = hashmap_get(p->group_items, UINT32_TO_PTR(i->gid));
421 item_append(i, &first);
422 i->gid_valid = true;
423
424 r = hashmap_replace(p->group_items, UINT32_TO_PTR(i->gid), first);
425 if (r < 0) {
426 LIST_REMOVE(items, first, i);
427 return log_oom();
428 }
429 }
430 }
431
432 state = STATE_POLICY;
433 i = NULL;
434
435 } else if (t != XML_TEXT || !in_charset(name, WHITESPACE)) {
436 log_error("Unexpected token (8) at %s:%u.", path, line);
437 return -EINVAL;
438 }
439
440 break;
441
442 case STATE_ALLOW_DENY_INTERFACE:
443
444 if (t == XML_ATTRIBUTE_VALUE) {
445 assert(i);
446 if (i->interface) {
447 log_error("Duplicate interface at %s:%u.", path, line);
448 return -EINVAL;
449 }
450
451 if (!streq(name, "*")) {
452 i->interface = name;
453 name = NULL;
454 }
455 state = STATE_ALLOW_DENY;
456 } else {
457 log_error("Unexpected token (9) at %s:%u.", path, line);
458 return -EINVAL;
459 }
460
461 break;
462
463 case STATE_ALLOW_DENY_MEMBER:
464
465 if (t == XML_ATTRIBUTE_VALUE) {
466 assert(i);
467 if (i->member) {
468 log_error("Duplicate member in %s:%u.", path, line);
469 return -EINVAL;
470 }
471
472 if (!streq(name, "*")) {
473 i->member = name;
474 name = NULL;
475 }
476 state = STATE_ALLOW_DENY;
477 } else {
478 log_error("Unexpected token (10) in %s:%u.", path, line);
479 return -EINVAL;
480 }
481
482 break;
483
484 case STATE_ALLOW_DENY_ERROR:
485
486 if (t == XML_ATTRIBUTE_VALUE) {
487 assert(i);
488 if (i->error) {
489 log_error("Duplicate error in %s:%u.", path, line);
490 return -EINVAL;
491 }
492
493 if (!streq(name, "*")) {
494 i->error = name;
495 name = NULL;
496 }
497 state = STATE_ALLOW_DENY;
498 } else {
499 log_error("Unexpected token (11) in %s:%u.", path, line);
500 return -EINVAL;
501 }
502
503 break;
504
505 case STATE_ALLOW_DENY_PATH:
506
507 if (t == XML_ATTRIBUTE_VALUE) {
508 assert(i);
509 if (i->path) {
510 log_error("Duplicate path in %s:%u.", path, line);
511 return -EINVAL;
512 }
513
514 if (!streq(name, "*")) {
515 i->path = name;
516 name = NULL;
517 }
518 state = STATE_ALLOW_DENY;
519 } else {
520 log_error("Unexpected token (12) in %s:%u.", path, line);
521 return -EINVAL;
522 }
523
524 break;
525
526 case STATE_ALLOW_DENY_MESSAGE_TYPE:
527
528 if (t == XML_ATTRIBUTE_VALUE) {
529 assert(i);
530
531 if (i->message_type != 0) {
532 log_error("Duplicate message type in %s:%u.", path, line);
533 return -EINVAL;
534 }
535
536 if (!streq(name, "*")) {
537 r = bus_message_type_from_string(name, &i->message_type);
538 if (r < 0) {
539 log_error("Invalid message type in %s:%u.", path, line);
540 return -EINVAL;
541 }
542 }
543
544 state = STATE_ALLOW_DENY;
545 } else {
546 log_error("Unexpected token (13) in %s:%u.", path, line);
547 return -EINVAL;
548 }
549
550 break;
551
552 case STATE_ALLOW_DENY_NAME:
553
554 if (t == XML_ATTRIBUTE_VALUE) {
555 assert(i);
556 if (i->name) {
557 log_error("Duplicate name in %s:%u.", path, line);
558 return -EINVAL;
559 }
560
561 switch (i->class) {
562 case POLICY_ITEM_USER:
563 if (!streq(name, "*")) {
564 const char *u = name;
565
566 r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
567 if (r < 0)
568 log_error_errno(r, "Failed to resolve user %s: %m", name);
569 else
570 i->uid_valid = true;
571 }
572 break;
573 case POLICY_ITEM_GROUP:
574 if (!streq(name, "*")) {
575 const char *g = name;
576
577 r = get_group_creds(&g, &i->gid);
578 if (r < 0)
579 log_error_errno(r, "Failed to resolve group %s: %m", name);
580 else
581 i->gid_valid = true;
582 }
583 break;
584
585 case POLICY_ITEM_SEND:
586 case POLICY_ITEM_RECV:
587
588 if (streq(name, "*")) {
589 free(name);
590 name = NULL;
591 }
592 break;
593
594
595 default:
596 break;
597 }
598
599 i->name = name;
600 name = NULL;
601
602 state = STATE_ALLOW_DENY;
603 } else {
604 log_error("Unexpected token (14) in %s:%u.", path, line);
605 return -EINVAL;
606 }
607
608 break;
609
610 case STATE_ALLOW_DENY_OTHER_ATTRIBUTE:
611
612 if (t == XML_ATTRIBUTE_VALUE)
613 state = STATE_ALLOW_DENY;
614 else {
615 log_error("Unexpected token (15) in %s:%u.", path, line);
616 return -EINVAL;
617 }
618
619 break;
620
621 case STATE_OTHER:
622
623 if (t == XML_TAG_OPEN)
624 n_other++;
625 else if (t == XML_TAG_CLOSE || t == XML_TAG_CLOSE_EMPTY) {
626
627 if (n_other == 0)
628 state = STATE_BUSCONFIG;
629 else
630 n_other--;
631 }
632
633 break;
634 }
635 }
636 }
637
638 enum {
639 DENY,
640 ALLOW,
641 DUNNO,
642 };
643
644 static const char *verdict_to_string(int v) {
645 switch (v) {
646
647 case DENY:
648 return "DENY";
649 case ALLOW:
650 return "ALLOW";
651 case DUNNO:
652 return "DUNNO";
653 }
654
655 return NULL;
656 }
657
658 struct policy_check_filter {
659 PolicyItemClass class;
660 uid_t uid;
661 gid_t gid;
662 int message_type;
663 const char *name;
664 const char *interface;
665 const char *path;
666 const char *member;
667 };
668
669 static int is_permissive(PolicyItem *i) {
670
671 assert(i);
672
673 return (i->type == POLICY_ITEM_ALLOW) ? ALLOW : DENY;
674 }
675
676 static int check_policy_item(PolicyItem *i, const struct policy_check_filter *filter) {
677
678 assert(i);
679 assert(filter);
680
681 switch (i->class) {
682 case POLICY_ITEM_SEND:
683 case POLICY_ITEM_RECV:
684
685 if (i->name && !streq_ptr(i->name, filter->name))
686 break;
687
688 if ((i->message_type != 0) && (i->message_type != filter->message_type))
689 break;
690
691 if (i->path && !streq_ptr(i->path, filter->path))
692 break;
693
694 if (i->member && !streq_ptr(i->member, filter->member))
695 break;
696
697 if (i->interface && !streq_ptr(i->interface, filter->interface))
698 break;
699
700 return is_permissive(i);
701
702 case POLICY_ITEM_OWN:
703 assert(filter->name);
704
705 if (streq(i->name, "*") || streq(i->name, filter->name))
706 return is_permissive(i);
707 break;
708
709 case POLICY_ITEM_OWN_PREFIX:
710 assert(filter->name);
711
712 if (streq(i->name, "*") || service_name_startswith(filter->name, i->name))
713 return is_permissive(i);
714 break;
715
716 case POLICY_ITEM_USER:
717 if (filter->uid != UID_INVALID)
718 if ((streq_ptr(i->name, "*") || (i->uid_valid && i->uid == filter->uid)))
719 return is_permissive(i);
720 break;
721
722 case POLICY_ITEM_GROUP:
723 if (filter->gid != GID_INVALID)
724 if ((streq_ptr(i->name, "*") || (i->gid_valid && i->gid == filter->gid)))
725 return is_permissive(i);
726 break;
727
728 case POLICY_ITEM_IGNORE:
729 default:
730 break;
731 }
732
733 return DUNNO;
734 }
735
736 static int check_policy_items(PolicyItem *items, const struct policy_check_filter *filter) {
737
738 PolicyItem *i;
739 int verdict = DUNNO;
740
741 assert(filter);
742
743 /* Check all policies in a set - a broader one might be followed by a more specific one,
744 * and the order of rules in policy definitions matters */
745 LIST_FOREACH(items, i, items) {
746 int v;
747
748 if (i->class != filter->class &&
749 !(i->class == POLICY_ITEM_OWN_PREFIX && filter->class == POLICY_ITEM_OWN))
750 continue;
751
752 v = check_policy_item(i, filter);
753 if (v != DUNNO)
754 verdict = v;
755 }
756
757 return verdict;
758 }
759
760 static int policy_check(Policy *p, const struct policy_check_filter *filter) {
761
762 PolicyItem *items;
763 int verdict, v;
764
765 assert(p);
766 assert(filter);
767
768 assert(IN_SET(filter->class, POLICY_ITEM_SEND, POLICY_ITEM_RECV, POLICY_ITEM_OWN, POLICY_ITEM_USER, POLICY_ITEM_GROUP));
769
770 /*
771 * The policy check is implemented by the following logic:
772 *
773 * 1. Check default items
774 * 2. Check group items
775 * 3. Check user items
776 * 4. Check on/no_console items
777 * 5. Check mandatory items
778 *
779 * Later rules override earlier rules.
780 */
781
782 verdict = check_policy_items(p->default_items, filter);
783
784 if (filter->gid != GID_INVALID) {
785 items = hashmap_get(p->group_items, UINT32_TO_PTR(filter->gid));
786 if (items) {
787 v = check_policy_items(items, filter);
788 if (v != DUNNO)
789 verdict = v;
790 }
791 }
792
793 if (filter->uid != UID_INVALID) {
794 items = hashmap_get(p->user_items, UINT32_TO_PTR(filter->uid));
795 if (items) {
796 v = check_policy_items(items, filter);
797 if (v != DUNNO)
798 verdict = v;
799 }
800 }
801
802 if (filter->uid != UID_INVALID && sd_uid_get_seats(filter->uid, -1, NULL) > 0)
803 v = check_policy_items(p->on_console_items, filter);
804 else
805 v = check_policy_items(p->no_console_items, filter);
806 if (v != DUNNO)
807 verdict = v;
808
809 v = check_policy_items(p->mandatory_items, filter);
810 if (v != DUNNO)
811 verdict = v;
812
813 return verdict;
814 }
815
816 bool policy_check_own(Policy *p, uid_t uid, gid_t gid, const char *name) {
817
818 struct policy_check_filter filter = {
819 .class = POLICY_ITEM_OWN,
820 .uid = uid,
821 .gid = gid,
822 .name = name,
823 };
824
825 int verdict;
826
827 assert(p);
828 assert(name);
829
830 verdict = policy_check(p, &filter);
831
832 log_full(LOG_AUTH | (verdict != ALLOW ? LOG_WARNING : LOG_DEBUG),
833 "Ownership permission check for uid=" UID_FMT " gid=" GID_FMT" name=%s: %s",
834 uid, gid, strna(name), strna(verdict_to_string(verdict)));
835
836 return verdict == ALLOW;
837 }
838
839 bool policy_check_hello(Policy *p, uid_t uid, gid_t gid) {
840
841 struct policy_check_filter filter = {
842 .uid = uid,
843 .gid = gid,
844 };
845 int verdict;
846
847 assert(p);
848
849 filter.class = POLICY_ITEM_USER;
850 verdict = policy_check(p, &filter);
851
852 if (verdict != DENY) {
853 int v;
854
855 filter.class = POLICY_ITEM_GROUP;
856 v = policy_check(p, &filter);
857 if (v != DUNNO)
858 verdict = v;
859 }
860
861 log_full(LOG_AUTH | (verdict != ALLOW ? LOG_WARNING : LOG_DEBUG),
862 "Hello permission check for uid=" UID_FMT " gid=" GID_FMT": %s",
863 uid, gid, strna(verdict_to_string(verdict)));
864
865 return verdict == ALLOW;
866 }
867
868 bool policy_check_recv(Policy *p,
869 uid_t uid,
870 gid_t gid,
871 int message_type,
872 const char *name,
873 const char *path,
874 const char *interface,
875 const char *member,
876 bool dbus_to_kernel) {
877
878 struct policy_check_filter filter = {
879 .class = POLICY_ITEM_RECV,
880 .uid = uid,
881 .gid = gid,
882 .message_type = message_type,
883 .name = name,
884 .interface = interface,
885 .path = path,
886 .member = member,
887 };
888
889 int verdict;
890
891 assert(p);
892
893 verdict = policy_check(p, &filter);
894
895 log_full(LOG_AUTH | (verdict != ALLOW ? LOG_WARNING : LOG_DEBUG),
896 "Receive permission check %s for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s path=%s interface=%s member=%s: %s",
897 dbus_to_kernel ? "dbus-1 to kernel" : "kernel to dbus-1", uid, gid, bus_message_type_to_string(message_type), strna(name),
898 strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
899
900 return verdict == ALLOW;
901 }
902
903 bool policy_check_send(Policy *p,
904 uid_t uid,
905 gid_t gid,
906 int message_type,
907 const char *name,
908 const char *path,
909 const char *interface,
910 const char *member,
911 bool dbus_to_kernel) {
912
913 struct policy_check_filter filter = {
914 .class = POLICY_ITEM_SEND,
915 .uid = uid,
916 .gid = gid,
917 .message_type = message_type,
918 .name = name,
919 .interface = interface,
920 .path = path,
921 .member = member,
922 };
923
924 int verdict;
925
926 assert(p);
927
928 verdict = policy_check(p, &filter);
929
930 log_full(LOG_AUTH | (verdict != ALLOW ? LOG_WARNING : LOG_DEBUG),
931 "Send permission check %s for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s path=%s interface=%s member=%s: %s",
932 dbus_to_kernel ? "dbus-1 to kernel" : "kernel to dbus-1", uid, gid, bus_message_type_to_string(message_type), strna(name),
933 strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
934
935 return verdict == ALLOW;
936 }
937
938 int policy_load(Policy *p, char **files) {
939 char **i;
940 int r;
941
942 assert(p);
943
944 STRV_FOREACH(i, files) {
945
946 r = file_load(p, *i);
947 if (r == -EISDIR) {
948 _cleanup_strv_free_ char **l = NULL;
949 char **j;
950
951 r = conf_files_list(&l, ".conf", NULL, *i, NULL);
952 if (r < 0)
953 return log_error_errno(r, "Failed to get configuration file list: %m");
954
955 STRV_FOREACH(j, l)
956 file_load(p, *j);
957 }
958
959 /* We ignore all errors but EISDIR, and just proceed. */
960 }
961
962 return 0;
963 }
964
965 void policy_free(Policy *p) {
966 PolicyItem *i, *first;
967
968 if (!p)
969 return;
970
971 while ((i = p->default_items)) {
972 LIST_REMOVE(items, p->default_items, i);
973 policy_item_free(i);
974 }
975
976 while ((i = p->mandatory_items)) {
977 LIST_REMOVE(items, p->mandatory_items, i);
978 policy_item_free(i);
979 }
980
981 while ((i = p->on_console_items)) {
982 LIST_REMOVE(items, p->on_console_items, i);
983 policy_item_free(i);
984 }
985
986 while ((i = p->no_console_items)) {
987 LIST_REMOVE(items, p->no_console_items, i);
988 policy_item_free(i);
989 }
990
991 while ((first = hashmap_steal_first(p->user_items))) {
992
993 while ((i = first)) {
994 LIST_REMOVE(items, first, i);
995 policy_item_free(i);
996 }
997 }
998
999 while ((first = hashmap_steal_first(p->group_items))) {
1000
1001 while ((i = first)) {
1002 LIST_REMOVE(items, first, i);
1003 policy_item_free(i);
1004 }
1005 }
1006
1007 hashmap_free(p->user_items);
1008 hashmap_free(p->group_items);
1009
1010 p->user_items = p->group_items = NULL;
1011 }
1012
1013 static void dump_items(PolicyItem *items, const char *prefix) {
1014
1015 PolicyItem *i;
1016
1017 if (!items)
1018 return;
1019
1020 if (!prefix)
1021 prefix = "";
1022
1023 LIST_FOREACH(items, i, items) {
1024
1025 printf("%sType: %s\n"
1026 "%sClass: %s\n",
1027 prefix, policy_item_type_to_string(i->type),
1028 prefix, policy_item_class_to_string(i->class));
1029
1030 if (i->interface)
1031 printf("%sInterface: %s\n",
1032 prefix, i->interface);
1033
1034 if (i->member)
1035 printf("%sMember: %s\n",
1036 prefix, i->member);
1037
1038 if (i->error)
1039 printf("%sError: %s\n",
1040 prefix, i->error);
1041
1042 if (i->path)
1043 printf("%sPath: %s\n",
1044 prefix, i->path);
1045
1046 if (i->name)
1047 printf("%sName: %s\n",
1048 prefix, i->name);
1049
1050 if (i->message_type != 0)
1051 printf("%sMessage Type: %s\n",
1052 prefix, bus_message_type_to_string(i->message_type));
1053
1054 if (i->uid_valid) {
1055 _cleanup_free_ char *user;
1056
1057 user = uid_to_name(i->uid);
1058
1059 printf("%sUser: %s (%d)\n",
1060 prefix, strna(user), i->uid);
1061 }
1062
1063 if (i->gid_valid) {
1064 _cleanup_free_ char *group;
1065
1066 group = gid_to_name(i->gid);
1067
1068 printf("%sGroup: %s (%d)\n",
1069 prefix, strna(group), i->gid);
1070 }
1071 printf("%s-\n", prefix);
1072 }
1073 }
1074
1075 static void dump_hashmap_items(Hashmap *h) {
1076 PolicyItem *i;
1077 Iterator j;
1078 void *k;
1079
1080 HASHMAP_FOREACH_KEY(i, k, h, j) {
1081 printf("\t%s Item for %u:\n", draw_special_char(DRAW_ARROW), PTR_TO_UINT(k));
1082 dump_items(i, "\t\t");
1083 }
1084 }
1085
1086 void policy_dump(Policy *p) {
1087
1088 printf("%s Default Items:\n", draw_special_char(DRAW_ARROW));
1089 dump_items(p->default_items, "\t");
1090
1091 printf("%s Group Items:\n", draw_special_char(DRAW_ARROW));
1092 dump_hashmap_items(p->group_items);
1093
1094 printf("%s User Items:\n", draw_special_char(DRAW_ARROW));
1095 dump_hashmap_items(p->user_items);
1096
1097 printf("%s On-Console Items:\n", draw_special_char(DRAW_ARROW));
1098 dump_items(p->on_console_items, "\t");
1099
1100 printf("%s No-Console Items:\n", draw_special_char(DRAW_ARROW));
1101 dump_items(p->no_console_items, "\t");
1102
1103 printf("%s Mandatory Items:\n", draw_special_char(DRAW_ARROW));
1104 dump_items(p->mandatory_items, "\t");
1105
1106 fflush(stdout);
1107 }
1108
1109 static const char* const policy_item_type_table[_POLICY_ITEM_TYPE_MAX] = {
1110 [_POLICY_ITEM_TYPE_UNSET] = "unset",
1111 [POLICY_ITEM_ALLOW] = "allow",
1112 [POLICY_ITEM_DENY] = "deny",
1113 };
1114 DEFINE_STRING_TABLE_LOOKUP(policy_item_type, PolicyItemType);
1115
1116 static const char* const policy_item_class_table[_POLICY_ITEM_CLASS_MAX] = {
1117 [_POLICY_ITEM_CLASS_UNSET] = "unset",
1118 [POLICY_ITEM_SEND] = "send",
1119 [POLICY_ITEM_RECV] = "recv",
1120 [POLICY_ITEM_OWN] = "own",
1121 [POLICY_ITEM_OWN_PREFIX] = "own-prefix",
1122 [POLICY_ITEM_USER] = "user",
1123 [POLICY_ITEM_GROUP] = "group",
1124 [POLICY_ITEM_IGNORE] = "ignore",
1125 };
1126 DEFINE_STRING_TABLE_LOOKUP(policy_item_class, PolicyItemClass);
Unnamed repository; edit this file 'description' to name the repository.