chiark / gitweb /
bus-policy: implement dump_items() with LIST_FOREACH
[elogind.git] / src / bus-proxyd / bus-policy.c
index 053495c..227742b 100644 (file)
@@ -39,6 +39,14 @@ static void policy_item_free(PolicyItem *i) {
 
 DEFINE_TRIVIAL_CLEANUP_FUNC(PolicyItem*, policy_item_free);
 
+static void item_append(PolicyItem *i, PolicyItem **list) {
+
+        PolicyItem *tail;
+
+        LIST_FIND_TAIL(items, *list, tail);
+        LIST_INSERT_AFTER(items, *list, tail, i);
+}
+
 static int file_load(Policy *p, const char *path) {
 
         _cleanup_free_ char *c = NULL, *policy_user = NULL, *policy_group = NULL;
@@ -83,6 +91,8 @@ static int file_load(Policy *p, const char *path) {
         if (r < 0) {
                 if (r == -ENOENT)
                         return 0;
+                if (r == -EISDIR)
+                        return r;
 
                 log_error("Failed to load %s: %s", path, strerror(-r));
                 return r;
@@ -153,7 +163,10 @@ static int file_load(Policy *p, const char *path) {
                                 else if (streq(name, "group"))
                                         state = STATE_POLICY_GROUP;
                                 else {
-                                        log_warning("Attribute %s of <policy> tag unknown at %s:%u, ignoring.", name, path, line);
+                                        if (streq(name, "at_console"))
+                                                log_debug("Attribute %s of <policy> tag unsupported at %s:%u, ignoring.", name, path, line);
+                                        else
+                                                log_warning("Attribute %s of <policy> tag unknown at %s:%u, ignoring.", name, path, line);
                                         state = STATE_POLICY_OTHER_ATTRIBUTE;
                                 }
                         } else if (t == XML_TAG_CLOSE_EMPTY ||
@@ -266,7 +279,12 @@ static int file_load(Policy *p, const char *path) {
                                         ic = POLICY_ITEM_USER;
                                 else if (streq(name, "group"))
                                         ic = POLICY_ITEM_GROUP;
-                                else {
+                                else if (streq(name, "eavesdrop")) {
+                                        log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line);
+                                        i->class = POLICY_ITEM_IGNORE;
+                                        state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
+                                        break;
+                                } else {
                                         log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line);
                                         state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
                                         break;
@@ -301,7 +319,10 @@ static int file_load(Policy *p, const char *path) {
                                                  (streq(u, "sender") && ic == POLICY_ITEM_RECV))
                                                 state = STATE_ALLOW_DENY_NAME;
                                         else {
-                                                log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line);
+                                                if (streq(u, "requested_reply"))
+                                                        log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line);
+                                                else
+                                                        log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line);
                                                 state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
                                                 break;
                                         }
@@ -317,42 +338,71 @@ static int file_load(Policy *p, const char *path) {
                                 }
 
                                 if (policy_category == POLICY_CATEGORY_DEFAULT)
-                                        LIST_PREPEND(items, p->default_items, i);
+                                        item_append(i, &p->default_items);
                                 else if (policy_category == POLICY_CATEGORY_MANDATORY)
-                                        LIST_PREPEND(items, p->default_items, i);
+                                        item_append(i, &p->mandatory_items);
                                 else if (policy_category == POLICY_CATEGORY_USER) {
-                                        PolicyItem *first;
+                                        const char *u = policy_user;
 
                                         assert_cc(sizeof(uid_t) == sizeof(uint32_t));
 
-                                        r = hashmap_ensure_allocated(&p->user_items, trivial_hash_func, trivial_compare_func);
+                                        r = hashmap_ensure_allocated(&p->user_items, NULL);
                                         if (r < 0)
                                                 return log_oom();
 
-                                        first = hashmap_get(p->user_items, UINT32_TO_PTR(i->uid));
-                                        LIST_PREPEND(items, first, i);
+                                        if (!u) {
+                                                log_error("User policy without name");
+                                                return -EINVAL;
+                                        }
 
-                                        r = hashmap_replace(p->user_items, UINT32_TO_PTR(i->uid), first);
+                                        r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
                                         if (r < 0) {
-                                                LIST_REMOVE(items, first, i);
-                                                return log_oom();
+                                                log_error("Failed to resolve user %s, ignoring policy: %s", u, strerror(-r));
+                                                free(i);
+                                        } else {
+                                                PolicyItem *first;
+
+                                                first = hashmap_get(p->user_items, UINT32_TO_PTR(i->uid));
+                                                item_append(i, &first);
+                                                i->uid_valid = true;
+
+                                                r = hashmap_replace(p->user_items, UINT32_TO_PTR(i->uid), first);
+                                                if (r < 0) {
+                                                        LIST_REMOVE(items, first, i);
+                                                        return log_oom();
+                                                }
                                         }
+
                                 } else if (policy_category == POLICY_CATEGORY_GROUP) {
-                                        PolicyItem *first;
+                                        const char *g = policy_group;
 
                                         assert_cc(sizeof(gid_t) == sizeof(uint32_t));
 
-                                        r = hashmap_ensure_allocated(&p->group_items, trivial_hash_func, trivial_compare_func);
+                                        r = hashmap_ensure_allocated(&p->group_items, NULL);
                                         if (r < 0)
                                                 return log_oom();
 
-                                        first = hashmap_get(p->group_items, UINT32_TO_PTR(i->gid));
-                                        LIST_PREPEND(items, first, i);
+                                        if (!g) {
+                                                log_error("Group policy without name");
+                                                return -EINVAL;
+                                        }
 
-                                        r = hashmap_replace(p->group_items, UINT32_TO_PTR(i->gid), first);
+                                        r = get_group_creds(&g, &i->gid);
                                         if (r < 0) {
-                                                LIST_REMOVE(items, first, i);
-                                                return log_oom();
+                                                log_error("Failed to resolve group %s, ignoring policy: %s", g, strerror(-r));
+                                                free(i);
+                                        } else {
+                                                PolicyItem *first;
+
+                                                first = hashmap_get(p->group_items, UINT32_TO_PTR(i->gid));
+                                                item_append(i, &first);
+                                                i->gid_valid = true;
+
+                                                r = hashmap_replace(p->group_items, UINT32_TO_PTR(i->gid), first);
+                                                if (r < 0) {
+                                                        LIST_REMOVE(items, first, i);
+                                                        return log_oom();
+                                                }
                                         }
                                 }
 
@@ -475,8 +525,36 @@ static int file_load(Policy *p, const char *path) {
                                         return -EINVAL;
                                 }
 
+                                switch (i->class) {
+                                case POLICY_ITEM_USER:
+                                        if (!streq(name, "*")) {
+                                                const char *u = name;
+
+                                                r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
+                                                if (r < 0)
+                                                        log_error("Failed to resolve user %s: %s", name, strerror(-r));
+                                                else
+                                                        i->uid_valid = true;
+                                        }
+                                        break;
+                                case POLICY_ITEM_GROUP:
+                                        if (!streq(name, "*")) {
+                                                const char *g = name;
+
+                                                r = get_group_creds(&g, &i->gid);
+                                                if (r < 0)
+                                                        log_error("Failed to resolve group %s: %s", name, strerror(-r));
+                                                else
+                                                        i->gid_valid = true;
+                                        }
+                                        break;
+                                default:
+                                        break;
+                                }
+
                                 i->name = name;
                                 name = NULL;
+
                                 state = STATE_ALLOW_DENY;
                         } else {
                                 log_error("Unexpected token (14) in %s:%u.", path, line);
@@ -513,24 +591,31 @@ static int file_load(Policy *p, const char *path) {
         }
 }
 
-int policy_load(Policy *p) {
-        _cleanup_strv_free_ char **l = NULL;
+int policy_load(Policy *p, char **files) {
         char **i;
         int r;
 
         assert(p);
 
-        file_load(p, "/etc/dbus-1/system.conf");
-        file_load(p, "/etc/dbus-1/system-local.conf");
+        STRV_FOREACH(i, files) {
 
-        r = conf_files_list(&l, ".conf", NULL, "/etc/dbus-1/system.d/", NULL);
-        if (r < 0) {
-                log_error("Failed to get configuration file list: %s", strerror(-r));
-                return r;
-        }
+                r = file_load(p, *i);
+                if (r == -EISDIR) {
+                        _cleanup_strv_free_ char **l = NULL;
+                        char **j;
 
-        STRV_FOREACH(i, l)
-                file_load(p, *i);
+                        r = conf_files_list(&l, ".conf", NULL, *i, NULL);
+                        if (r < 0) {
+                                log_error("Failed to get configuration file list: %s", strerror(-r));
+                                return r;
+                        }
+
+                        STRV_FOREACH(j, l)
+                                file_load(p, *j);
+                }
+
+                /* We ignore all errors but EISDIR, and just proceed. */
+        }
 
         return 0;
 }
@@ -573,61 +658,64 @@ void policy_free(Policy *p) {
         p->user_items = p->group_items = NULL;
 }
 
-static void dump_items(PolicyItem *i) {
+static void dump_items(PolicyItem *items, const char *prefix) {
 
-        if (!i)
+        PolicyItem *i;
+
+        if (!items)
                 return;
 
-        printf("Type: %s\n"
-               "Class: %s\n",
-               policy_item_type_to_string(i->type),
-               policy_item_class_to_string(i->class));
+        if (!prefix)
+                prefix = "";
 
-        if (i->interface)
-                printf("Interface: %s\n",
-                       i->interface);
+        LIST_FOREACH(items, i, items) {
 
-        if (i->member)
-                printf("Member: %s\n",
-                       i->member);
+                printf("%sType: %s\n"
+                       "%sClass: %s\n",
+                       prefix, policy_item_type_to_string(i->type),
+                       prefix, policy_item_class_to_string(i->class));
 
-        if (i->error)
-                printf("Error: %s\n",
-                       i->error);
+                if (i->interface)
+                        printf("%sInterface: %s\n",
+                               prefix, i->interface);
 
-        if (i->path)
-                printf("Path: %s\n",
-                       i->path);
+                if (i->member)
+                        printf("%sMember: %s\n",
+                               prefix, i->member);
 
-        if (i->name)
-                printf("Name: %s\n",
-                       i->name);
+                if (i->error)
+                        printf("%sError: %s\n",
+                               prefix, i->error);
 
-        if (i->message_type != 0)
-                printf("Message Type: %s\n",
-                       bus_message_type_to_string(i->message_type));
+                if (i->path)
+                        printf("%sPath: %s\n",
+                               prefix, i->path);
 
-        if (i->uid_valid) {
-                _cleanup_free_ char *user;
+                if (i->name)
+                        printf("%sName: %s\n",
+                               prefix, i->name);
 
-                user = uid_to_name(i->uid);
+                if (i->message_type != 0)
+                        printf("%sMessage Type: %s\n",
+                               prefix, bus_message_type_to_string(i->message_type));
 
-                printf("User: %s\n",
-                       strna(user));
-        }
+                if (i->uid_valid) {
+                        _cleanup_free_ char *user;
 
-        if (i->gid_valid) {
-                _cleanup_free_ char *group;
+                        user = uid_to_name(i->uid);
 
-                group = gid_to_name(i->gid);
+                        printf("%sUser: %s\n",
+                               prefix, strna(user));
+                }
 
-                printf("Group: %s\n",
-                       strna(group));
-        }
+                if (i->gid_valid) {
+                        _cleanup_free_ char *group;
 
-        if (i->items_next) {
-                printf("--\n");
-                dump_items(i->items_next);
+                        group = gid_to_name(i->gid);
+
+                        printf("%sGroup: %s\n",
+                               prefix, strna(group));
+                }
         }
 }
 
@@ -637,24 +725,25 @@ static void dump_hashmap_items(Hashmap *h) {
         void *k;
 
         HASHMAP_FOREACH_KEY(i, k, h, j) {
-                printf("Item for %u:\n", PTR_TO_UINT(k));
-                dump_items(i);
+                printf("\t%s Item for %u:\n", draw_special_char(DRAW_ARROW), PTR_TO_UINT(k));
+                dump_items(i, "\t\t");
         }
 }
 
 noreturn void policy_dump(Policy *p) {
 
-        printf("→ Default Items:\n");
-        dump_items(p->default_items);
-
-        printf("→ Mandatory Items:\n");
-        dump_items(p->mandatory_items);
+        printf("%s Default Items:\n", draw_special_char(DRAW_ARROW));
+        dump_items(p->default_items, "\t");
 
-        printf("→ Group Items:\n");
+        printf("%s Group Items:\n", draw_special_char(DRAW_ARROW));
         dump_hashmap_items(p->group_items);
 
-        printf("→ User Items:\n");
+        printf("%s User Items:\n", draw_special_char(DRAW_ARROW));
         dump_hashmap_items(p->user_items);
+
+        printf("%s Mandatory Items:\n", draw_special_char(DRAW_ARROW));
+        dump_items(p->mandatory_items, "\t");
+
         exit(0);
 }
 
@@ -673,5 +762,6 @@ static const char* const policy_item_class_table[_POLICY_ITEM_CLASS_MAX] = {
         [POLICY_ITEM_OWN_PREFIX] = "own-prefix",
         [POLICY_ITEM_USER] = "user",
         [POLICY_ITEM_GROUP] = "group",
+        [POLICY_ITEM_IGNORE] = "ignore",
 };
 DEFINE_STRING_TABLE_LOOKUP(policy_item_class, PolicyItemClass);