X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fbus-proxyd%2Fbus-policy.c;h=227742ba745a7b1266201b8232249dafd676b0c3;hp=eed542d8f89ff425a782e8a2310d8bb745120efb;hb=080edb3484dc3ecf8d914526fdd3090b40fdf5b6;hpb=e7eb49db071f9aab2a9bad0660962f2aa4d0c7d1 diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c index eed542d8f..227742ba7 100644 --- a/src/bus-proxyd/bus-policy.c +++ b/src/bus-proxyd/bus-policy.c @@ -364,6 +364,7 @@ static int file_load(Policy *p, const char *path) { first = hashmap_get(p->user_items, UINT32_TO_PTR(i->uid)); item_append(i, &first); + i->uid_valid = true; r = hashmap_replace(p->user_items, UINT32_TO_PTR(i->uid), first); if (r < 0) { @@ -395,6 +396,7 @@ static int file_load(Policy *p, const char *path) { first = hashmap_get(p->group_items, UINT32_TO_PTR(i->gid)); item_append(i, &first); + i->gid_valid = true; r = hashmap_replace(p->group_items, UINT32_TO_PTR(i->gid), first); if (r < 0) { @@ -523,8 +525,36 @@ static int file_load(Policy *p, const char *path) { return -EINVAL; } + switch (i->class) { + case POLICY_ITEM_USER: + if (!streq(name, "*")) { + const char *u = name; + + r = get_user_creds(&u, &i->uid, NULL, NULL, NULL); + if (r < 0) + log_error("Failed to resolve user %s: %s", name, strerror(-r)); + else + i->uid_valid = true; + } + break; + case POLICY_ITEM_GROUP: + if (!streq(name, "*")) { + const char *g = name; + + r = get_group_creds(&g, &i->gid); + if (r < 0) + log_error("Failed to resolve group %s: %s", name, strerror(-r)); + else + i->gid_valid = true; + } + break; + default: + break; + } + i->name = name; name = NULL; + state = STATE_ALLOW_DENY; } else { log_error("Unexpected token (14) in %s:%u.", path, line); @@ -628,64 +658,64 @@ void policy_free(Policy *p) { p->user_items = p->group_items = NULL; } -static void dump_items(PolicyItem *i, const char *prefix) { +static void dump_items(PolicyItem *items, const char *prefix) { + + PolicyItem *i; - if (!i) + if (!items) return; if (!prefix) prefix = ""; - printf("%sType: %s\n" - "%sClass: %s\n", - prefix, policy_item_type_to_string(i->type), - prefix, policy_item_class_to_string(i->class)); + LIST_FOREACH(items, i, items) { - if (i->interface) - printf("%sInterface: %s\n", - prefix, i->interface); + printf("%sType: %s\n" + "%sClass: %s\n", + prefix, policy_item_type_to_string(i->type), + prefix, policy_item_class_to_string(i->class)); - if (i->member) - printf("%sMember: %s\n", - prefix, i->member); + if (i->interface) + printf("%sInterface: %s\n", + prefix, i->interface); - if (i->error) - printf("%sError: %s\n", - prefix, i->error); + if (i->member) + printf("%sMember: %s\n", + prefix, i->member); - if (i->path) - printf("%sPath: %s\n", - prefix, i->path); + if (i->error) + printf("%sError: %s\n", + prefix, i->error); - if (i->name) - printf("%sName: %s\n", - prefix, i->name); + if (i->path) + printf("%sPath: %s\n", + prefix, i->path); - if (i->message_type != 0) - printf("%sMessage Type: %s\n", - prefix, bus_message_type_to_string(i->message_type)); + if (i->name) + printf("%sName: %s\n", + prefix, i->name); - if (i->uid_valid) { - _cleanup_free_ char *user; + if (i->message_type != 0) + printf("%sMessage Type: %s\n", + prefix, bus_message_type_to_string(i->message_type)); - user = uid_to_name(i->uid); + if (i->uid_valid) { + _cleanup_free_ char *user; - printf("%sUser: %s\n", - prefix, strna(user)); - } + user = uid_to_name(i->uid); - if (i->gid_valid) { - _cleanup_free_ char *group; + printf("%sUser: %s\n", + prefix, strna(user)); + } - group = gid_to_name(i->gid); + if (i->gid_valid) { + _cleanup_free_ char *group; - printf("%sGroup: %s\n", - prefix, strna(group)); - } + group = gid_to_name(i->gid); - if (i->items_next) { - printf("%s%s\n", prefix, draw_special_char(DRAW_DASH)); - dump_items(i->items_next, prefix); + printf("%sGroup: %s\n", + prefix, strna(group)); + } } }