bus-proxyd: assorted cleanups and fixes

[elogind.git] / src / bus-proxyd / bus-policy.c

diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index e870fbc9485aa735aa244947bdff55f2efe28dd9..aea8541d50a2cc6559622065b4807cec5b477b2b 100644 (file)
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -24,6 +24,7 @@
 #include "strv.h"
 #include "conf-files.h"
 #include "bus-internal.h"
+#include "bus-message.h"
 #include "bus-policy.h"
 
 static void policy_item_free(PolicyItem *i) {
@@ -591,6 +592,234 @@ static int file_load(Policy *p, const char *path) {
         }
 }
 
+enum {
+        ALLOW,
+        DUNNO,
+        DENY,
+};
+
+struct policy_check_filter {
+        int class;
+        const struct ucred *ucred;
+        int message_type;
+        const char *interface;
+        const char *path;
+        union {
+                const char *name;
+                const char *member;
+        };
+        char **names_strv;
+        Hashmap *names_hash;
+};
+
+static int is_permissive(PolicyItem *i) {
+
+        assert(i);
+
+        return (i->type == POLICY_ITEM_ALLOW) ? ALLOW : DENY;
+}
+
+static int check_policy_item(PolicyItem *i, const struct policy_check_filter *filter) {
+
+        assert(i);
+        assert(filter);
+
+        switch (i->class) {
+        case POLICY_ITEM_SEND:
+        case POLICY_ITEM_RECV:
+
+                if (i->name) {
+                        if (filter->names_hash && !hashmap_contains(filter->names_hash, i->name))
+                                break;
+
+                        if (filter->names_strv && !strv_contains(filter->names_strv, i->name))
+                                break;
+                }
+
+                if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type))
+                        break;
+
+                if (i->path && !streq_ptr(i->path, filter->path))
+                        break;
+
+                if (i->member && !streq_ptr(i->member, filter->member))
+                        break;
+
+                if (i->interface && !streq_ptr(i->interface, filter->interface))
+                        break;
+
+                return is_permissive(i);
+
+        case POLICY_ITEM_OWN:
+                assert(filter->member);
+
+                if (streq(i->name, "*") || streq(i->name, filter->name))
+                        return is_permissive(i);
+                break;
+
+        case POLICY_ITEM_OWN_PREFIX:
+                assert(filter->member);
+
+                if (streq(i->name, "*") || startswith(i->name, filter->name))
+                        return is_permissive(i);
+                break;
+
+        case POLICY_ITEM_USER:
+                assert(filter->ucred);
+
+                if ((streq_ptr(i->name, "*") || (i->uid_valid && i->uid == filter->ucred->uid)))
+                        return is_permissive(i);
+                break;
+
+        case POLICY_ITEM_GROUP:
+                assert(filter->ucred);
+
+                if ((streq_ptr(i->name, "*") || (i->gid_valid && i->gid == filter->ucred->gid)))
+                        return is_permissive(i);
+                break;
+
+        case POLICY_ITEM_IGNORE:
+        default:
+                break;
+        }
+
+        return DUNNO;
+}
+
+static int check_policy_items(PolicyItem *items, const struct policy_check_filter *filter) {
+
+        PolicyItem *i;
+        int r, ret = DUNNO;
+
+        assert(filter);
+
+        /* Check all policies in a set - a broader one might be followed by a more specific one,
+         * and the order of rules in policy definitions matters */
+        LIST_FOREACH(items, i, items) {
+                if (i->class != filter->class)
+                        continue;
+
+                r = check_policy_item(i, filter);
+                if (r != DUNNO)
+                        ret = r;
+        }
+
+        return ret;
+}
+
+static int policy_check(Policy *p, const struct policy_check_filter *filter) {
+
+        PolicyItem *items;
+        int r;
+
+        assert(p);
+        assert(filter);
+
+        /*
+         * The policy check is implemented by the following logic:
+         *
+         * 1. Check mandatory items. If the message matches any of these, it is decisive.
+         * 2. See if the passed ucred match against the user/group hashmaps. A matching entry is also decisive.
+         * 3. Consult the defaults if non of the above matched with a more specific rule.
+         * 4. If the message isn't caught be the defaults either, reject it.
+         */
+
+        r = check_policy_items(p->mandatory_items, filter);
+        if (r != DUNNO)
+                return r;
+
+        if (filter->ucred) {
+                items = hashmap_get(p->user_items, UINT32_TO_PTR(filter->ucred->uid));
+                if (items) {
+                        r = check_policy_items(items, filter);
+                        if (r != DUNNO)
+                                return r;
+                }
+
+                items = hashmap_get(p->group_items, UINT32_TO_PTR(filter->ucred->gid));
+                if (items) {
+                        r = check_policy_items(items, filter);
+                        if (r != DUNNO)
+                                return r;
+                }
+        }
+
+        return check_policy_items(p->default_items, filter);
+}
+
+bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name) {
+
+        struct policy_check_filter filter = {
+                .class = POLICY_ITEM_OWN,
+                .ucred = ucred,
+                .name  = name,
+        };
+
+        return policy_check(p, &filter) == ALLOW;
+}
+
+bool policy_check_hello(Policy *p, const struct ucred *ucred) {
+
+        struct policy_check_filter filter = {
+                .ucred  = ucred,
+        };
+        int user, group;
+
+        filter.class = POLICY_ITEM_USER;
+        user = policy_check(p, &filter);
+        if (user == DENY)
+                return false;
+
+        filter.class = POLICY_ITEM_GROUP;
+        group = policy_check(p, &filter);
+        if (group == DENY)
+                return false;
+
+        return !(user == DUNNO && group == DUNNO);
+}
+
+bool policy_check_recv(Policy *p,
+                       const struct ucred *ucred,
+                       Hashmap *names,
+                       int message_type,
+                       const char *path,
+                       const char *interface,
+                       const char *member) {
+
+        struct policy_check_filter filter = {
+                .class        = POLICY_ITEM_RECV,
+                .ucred        = ucred,
+                .names_hash   = names,
+                .message_type = message_type,
+                .interface    = interface,
+                .path         = path,
+                .member       = member,
+        };
+
+        return policy_check(p, &filter) == ALLOW;
+}
+
+bool policy_check_send(Policy *p,
+                       const struct ucred *ucred,
+                       char **names,
+                       int message_type,
+                       const char *path,
+                       const char *interface,
+                       const char *member) {
+
+        struct policy_check_filter filter = {
+                .class        = POLICY_ITEM_SEND,
+                .ucred        = ucred,
+                .names_strv   = names,
+                .message_type = message_type,
+                .interface    = interface,
+                .path         = path,
+                .member       = member,
+        };
+
+        return policy_check(p, &filter) == ALLOW;
+}
+
 int policy_load(Policy *p, char **files) {
         char **i;
         int r;