#include "bus-internal.h"
#include "bus-message.h"
#include "bus-xml-policy.h"
+#include "sd-login.h"
static void policy_item_free(PolicyItem *i) {
assert(i);
STATE_BUSCONFIG,
STATE_POLICY,
STATE_POLICY_CONTEXT,
+ STATE_POLICY_CONSOLE,
STATE_POLICY_USER,
STATE_POLICY_GROUP,
STATE_POLICY_OTHER_ATTRIBUTE,
POLICY_CATEGORY_NONE,
POLICY_CATEGORY_DEFAULT,
POLICY_CATEGORY_MANDATORY,
+ POLICY_CATEGORY_ON_CONSOLE,
+ POLICY_CATEGORY_NO_CONSOLE,
POLICY_CATEGORY_USER,
POLICY_CATEGORY_GROUP
} policy_category = POLICY_CATEGORY_NONE;
if (t == XML_ATTRIBUTE_NAME) {
if (streq(name, "context"))
state = STATE_POLICY_CONTEXT;
+ else if (streq(name, "at_console"))
+ state = STATE_POLICY_CONSOLE;
else if (streq(name, "user"))
state = STATE_POLICY_USER;
else if (streq(name, "group"))
state = STATE_POLICY_GROUP;
else {
- if (streq(name, "at_console"))
- log_debug("Attribute %s of <policy> tag unsupported at %s:%u, ignoring.", name, path, line);
- else
- log_warning("Attribute %s of <policy> tag unknown at %s:%u, ignoring.", name, path, line);
+ log_warning("Attribute %s of <policy> tag unknown at %s:%u, ignoring.", name, path, line);
state = STATE_POLICY_OTHER_ATTRIBUTE;
}
} else if (t == XML_TAG_CLOSE_EMPTY ||
break;
+ case STATE_POLICY_CONSOLE:
+
+ if (t == XML_ATTRIBUTE_VALUE) {
+ if (streq(name, "true")) {
+ policy_category = POLICY_CATEGORY_ON_CONSOLE;
+ state = STATE_POLICY;
+ } else if (streq(name, "false")) {
+ policy_category = POLICY_CATEGORY_NO_CONSOLE;
+ state = STATE_POLICY;
+ } else {
+ log_error("at_console= parameter %s unknown for <policy> at %s:%u.", name, path, line);
+ return -EINVAL;
+ }
+ } else {
+ log_error("Unexpected token (4.1) at %s:%u.", path, line);
+ return -EINVAL;
+ }
+
+ break;
+
case STATE_POLICY_USER:
if (t == XML_ATTRIBUTE_VALUE) {
ic = POLICY_ITEM_GROUP;
else if (streq(name, "eavesdrop")) {
log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line);
- i->class = POLICY_ITEM_IGNORE;
state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
break;
} else {
}
if (i->class != _POLICY_ITEM_CLASS_UNSET && ic != i->class) {
- log_error("send_ and receive_ fields mixed on same tag at %s:%u.", path, line);
+ log_error("send_, receive_/eavesdrop fields mixed on same tag at %s:%u.", path, line);
return -EINVAL;
}
} else if (t == XML_TAG_CLOSE_EMPTY ||
(t == XML_TAG_CLOSE && streq(name, i->type == POLICY_ITEM_ALLOW ? "allow" : "deny"))) {
- if (i->class == _POLICY_ITEM_CLASS_UNSET) {
- log_error("Policy not set at %s:%u.", path, line);
- return -EINVAL;
- }
+ /* If the tag is fully empty so far, we consider it a recv */
+ if (i->class == _POLICY_ITEM_CLASS_UNSET)
+ i->class = POLICY_ITEM_RECV;
if (policy_category == POLICY_CATEGORY_DEFAULT)
item_append(i, &p->default_items);
else if (policy_category == POLICY_CATEGORY_MANDATORY)
item_append(i, &p->mandatory_items);
+ else if (policy_category == POLICY_CATEGORY_ON_CONSOLE)
+ item_append(i, &p->on_console_items);
+ else if (policy_category == POLICY_CATEGORY_NO_CONSOLE)
+ item_append(i, &p->no_console_items);
else if (policy_category == POLICY_CATEGORY_USER) {
const char *u = policy_user;
return -EINVAL;
}
- i->interface = name;
- name = NULL;
+ if (!streq(name, "*")) {
+ i->interface = name;
+ name = NULL;
+ }
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (9) at %s:%u.", path, line);
return -EINVAL;
}
- i->member = name;
- name = NULL;
+ if (!streq(name, "*")) {
+ i->member = name;
+ name = NULL;
+ }
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (10) in %s:%u.", path, line);
return -EINVAL;
}
- i->error = name;
- name = NULL;
+ if (!streq(name, "*")) {
+ i->error = name;
+ name = NULL;
+ }
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (11) in %s:%u.", path, line);
return -EINVAL;
}
- i->path = name;
- name = NULL;
+ if (!streq(name, "*")) {
+ i->path = name;
+ name = NULL;
+ }
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (12) in %s:%u.", path, line);
return -EINVAL;
}
- r = bus_message_type_from_string(name, &i->message_type);
- if (r < 0) {
- log_error("Invalid message type in %s:%u.", path, line);
- return -EINVAL;
+ if (!streq(name, "*")) {
+ r = bus_message_type_from_string(name, &i->message_type);
+ if (r < 0) {
+ log_error("Invalid message type in %s:%u.", path, line);
+ return -EINVAL;
+ }
}
state = STATE_ALLOW_DENY;
i->gid_valid = true;
}
break;
+
+ case POLICY_ITEM_SEND:
+ case POLICY_ITEM_RECV:
+
+ if (streq(name, "*")) {
+ free(name);
+ name = NULL;
+ }
+ break;
+
+
default:
break;
}
* 1. Check default items
* 2. Check group items
* 3. Check user items
- * 4. Check mandatory items
+ * 4. Check on/no_console items
+ * 5. Check mandatory items
*
* Later rules override earlier rules.
*/
}
}
+ if (filter->uid != UID_INVALID && sd_uid_get_seats(filter->uid, -1, NULL) > 0)
+ v = check_policy_items(p->on_console_items, filter);
+ else
+ v = check_policy_items(p->no_console_items, filter);
+ if (v != DUNNO)
+ verdict = v;
+
v = check_policy_items(p->mandatory_items, filter);
if (v != DUNNO)
verdict = v;
const char *name,
const char *path,
const char *interface,
- const char *member) {
+ const char *member,
+ bool dbus_to_kernel) {
struct policy_check_filter filter = {
.class = POLICY_ITEM_RECV,
verdict = policy_check(p, &filter);
log_full(LOG_AUTH | (verdict != ALLOW ? LOG_WARNING : LOG_DEBUG),
- "Recieve permission check for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s interface=%s path=%s member=%s: %s",
- uid, gid, bus_message_type_to_string(message_type), strna(name), strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
+ "Receive permission check %s for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s path=%s interface=%s member=%s: %s",
+ dbus_to_kernel ? "dbus-1 to kernel" : "kernel to dbus-1", uid, gid, bus_message_type_to_string(message_type), strna(name),
+ strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
return verdict == ALLOW;
}
const char *name,
const char *path,
const char *interface,
- const char *member) {
+ const char *member,
+ bool dbus_to_kernel) {
struct policy_check_filter filter = {
.class = POLICY_ITEM_SEND,
verdict = policy_check(p, &filter);
log_full(LOG_AUTH | (verdict != ALLOW ? LOG_WARNING : LOG_DEBUG),
- "Send permission check for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s interface=%s path=%s member=%s: %s",
- uid, gid, bus_message_type_to_string(message_type), strna(name), strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
+ "Send permission check %s for uid=" UID_FMT " gid=" GID_FMT" message=%s name=%s path=%s interface=%s member=%s: %s",
+ dbus_to_kernel ? "dbus-1 to kernel" : "kernel to dbus-1", uid, gid, bus_message_type_to_string(message_type), strna(name),
+ strna(path), strna(interface), strna(member), strna(verdict_to_string(verdict)));
return verdict == ALLOW;
}
policy_item_free(i);
}
+ while ((i = p->on_console_items)) {
+ LIST_REMOVE(items, p->on_console_items, i);
+ policy_item_free(i);
+ }
+
+ while ((i = p->no_console_items)) {
+ LIST_REMOVE(items, p->no_console_items, i);
+ policy_item_free(i);
+ }
+
while ((first = hashmap_steal_first(p->user_items))) {
while ((i = first)) {
printf("%s User Items:\n", draw_special_char(DRAW_ARROW));
dump_hashmap_items(p->user_items);
+ printf("%s On-Console Items:\n", draw_special_char(DRAW_ARROW));
+ dump_items(p->on_console_items, "\t");
+
+ printf("%s No-Console Items:\n", draw_special_char(DRAW_ARROW));
+ dump_items(p->no_console_items, "\t");
+
printf("%s Mandatory Items:\n", draw_special_char(DRAW_ARROW));
dump_items(p->mandatory_items, "\t");
+
+ fflush(stdout);
+}
+
+int shared_policy_new(SharedPolicy **out) {
+ SharedPolicy *sp;
+ int r;
+
+ sp = new0(SharedPolicy, 1);
+ if (!sp)
+ return log_oom();
+
+ r = pthread_mutex_init(&sp->lock, NULL);
+ if (r < 0) {
+ log_error_errno(r, "Cannot initialize shared policy mutex: %m");
+ goto exit_free;
+ }
+
+ r = pthread_rwlock_init(&sp->rwlock, NULL);
+ if (r < 0) {
+ log_error_errno(r, "Cannot initialize shared policy rwlock: %m");
+ goto exit_mutex;
+ }
+
+ *out = sp;
+ sp = NULL;
+ return 0;
+
+ /* pthread lock destruction is not fail-safe... meh! */
+exit_mutex:
+ pthread_mutex_destroy(&sp->lock);
+exit_free:
+ free(sp);
+ return r;
+}
+
+SharedPolicy *shared_policy_free(SharedPolicy *sp) {
+ if (!sp)
+ return NULL;
+
+ policy_free(sp->policy);
+ pthread_rwlock_destroy(&sp->rwlock);
+ pthread_mutex_destroy(&sp->lock);
+ free(sp);
+
+ return NULL;
+}
+
+static int shared_policy_reload_unlocked(SharedPolicy *sp, char **configuration) {
+ Policy old, buffer = {};
+ bool free_old;
+ int r;
+
+ assert(sp);
+
+ r = policy_load(&buffer, configuration);
+ if (r < 0)
+ return log_error_errno(r, "Failed to load policy: %m");
+
+ /* policy_dump(&buffer); */
+
+ pthread_rwlock_wrlock(&sp->rwlock);
+ memcpy(&old, &sp->buffer, sizeof(old));
+ memcpy(&sp->buffer, &buffer, sizeof(buffer));
+ free_old = !!sp->policy;
+ sp->policy = &sp->buffer;
+ pthread_rwlock_unlock(&sp->rwlock);
+
+ if (free_old)
+ policy_free(&old);
+
+ return 0;
+}
+
+int shared_policy_reload(SharedPolicy *sp, char **configuration) {
+ int r;
+
+ assert(sp);
+
+ pthread_mutex_lock(&sp->lock);
+ r = shared_policy_reload_unlocked(sp, configuration);
+ pthread_mutex_unlock(&sp->lock);
+
+ return r;
+}
+
+int shared_policy_preload(SharedPolicy *sp, char **configuration) {
+ int r;
+
+ assert(sp);
+
+ pthread_mutex_lock(&sp->lock);
+ if (!sp->policy)
+ r = shared_policy_reload_unlocked(sp, configuration);
+ else
+ r = 0;
+ pthread_mutex_unlock(&sp->lock);
+
+ return r;
+}
+
+Policy *shared_policy_acquire(SharedPolicy *sp) {
+ assert(sp);
+
+ pthread_rwlock_rdlock(&sp->rwlock);
+ if (sp->policy)
+ return sp->policy;
+ pthread_rwlock_unlock(&sp->rwlock);
+
+ return NULL;
+}
+
+void shared_policy_release(SharedPolicy *sp, Policy *p) {
+ assert(sp);
+ assert(!p || sp->policy == p);
+
+ if (p)
+ pthread_rwlock_unlock(&sp->rwlock);
}
static const char* const policy_item_type_table[_POLICY_ITEM_TYPE_MAX] = {