busname: add parser for bus name policies

There are three directives to specify bus name polices in .busname
files:

 * AllowUser [username] [access]
 * AllowGroup [groupname] [access]
 * AllowWorld [access]

Where [access] is one of

 * 'see': The user/group/world is allowed to see a name on the bus
 * 'talk': The user/group/world is allowed to talk to a name
 * 'own': The user/group/world is allowed to own a name

There is no user added yet in this commit.

1 files changed, 85 insertions, 0 deletions

diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c
index 18dab02cd7..06e3031d65 100644
--- a/src/core/load-fragment.c
+++ b/src/core/load-fragment.c
@@ -33,6 +33,8 @@
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/resource.h>
+#include <sys/types.h>
+#include <grp.h>
 
 #ifdef HAVE_SECCOMP
 #include <seccomp.h>
@@ -1606,6 +1608,89 @@ int config_parse_busname_service(
         return 0;
 }
 
+int config_parse_bus_policy(
+                const char *unit,
+                const char *filename,
+                unsigned line,
+                const char *section,
+                unsigned section_line,
+                const char *lvalue,
+                int ltype,
+                const char *rvalue,
+                void *data,
+                void *userdata) {
+
+        _cleanup_free_ BusNamePolicy *p = NULL;
+        _cleanup_free_ char *id_str = NULL;
+        BusName *busname = data;
+        char *access_str;
+        int r;
+
+        assert(filename);
+        assert(lvalue);
+        assert(rvalue);
+        assert(data);
+
+        p = new0(BusNamePolicy, 1);
+        if (!p)
+                return log_oom();
+
+        if (streq(lvalue, "AllowUser"))
+                p->type = BUSNAME_POLICY_TYPE_USER;
+        else if (streq(lvalue, "AllowGroup"))
+                p->type = BUSNAME_POLICY_TYPE_GROUP;
+        else if (streq(lvalue, "AllowWorld"))
+                p->type = BUSNAME_POLICY_TYPE_WORLD;
+        else
+                assert_not_reached("Unknown lvalue");
+
+        id_str = strdup(rvalue);
+        if (!id_str)
+                return log_oom();
+
+        if (p->type != BUSNAME_POLICY_TYPE_WORLD) {
+                access_str = strchr(id_str, ' ');
+                if (!access_str) {
+                        log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid busname policy value '%s'", rvalue);
+                        return 0;
+                }
+
+                *access_str = '\0';
+                access_str++;
+
+                if (p->type == BUSNAME_POLICY_TYPE_USER) {
+                        const char *user = id_str;
+
+                        r = get_user_creds(&user, &p->uid, NULL, NULL, NULL);
+                        if (r < 0) {
+                                log_syntax(unit, LOG_ERR, filename, line, r, "Unable to parse uid from '%s'", id_str);
+                                return 0;
+                        }
+                } else {
+                        const char *group = id_str;
+
+                        r = get_group_creds(&group, &p->gid);
+                        if (r < 0) {
+                                log_syntax(unit, LOG_ERR, filename, line, -errno, "Unable to parse gid from '%s'", id_str);
+                                return 0;
+                        }
+                }
+        } else {
+                access_str = id_str;
+        }
+
+        p->access = busname_policy_access_from_string(access_str);
+        if (p->access < 0) {
+                log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid busname policy access type '%s'", access_str);
+                return 0;
+        }
+
+        LIST_PREPEND(policy, busname->policy, p);
+        p = NULL;
+
+        return 0;
+}
+
 int config_parse_unit_env_file(const char *unit,
                                const char *filename,
                                unsigned line,