diff options
author | Daniel Mack <zonque@gmail.com> | 2014-03-06 22:42:42 +0100 |
---|---|---|
committer | Daniel Mack <zonque@gmail.com> | 2014-03-07 19:14:05 +0100 |
commit | 54d76c92868838e17d6aad0a3bb0cc7a5b11e35f (patch) | |
tree | c094188e6eb2ac57b19bc64acc295654c160185d /src/core/load-fragment.c | |
parent | fb255b31c5f4eca821d60a2c9b1235a513f15732 (diff) |
busname: add parser for bus name policies
There are three directives to specify bus name polices in .busname
files:
* AllowUser [username] [access]
* AllowGroup [groupname] [access]
* AllowWorld [access]
Where [access] is one of
* 'see': The user/group/world is allowed to see a name on the bus
* 'talk': The user/group/world is allowed to talk to a name
* 'own': The user/group/world is allowed to own a name
There is no user added yet in this commit.
Diffstat (limited to 'src/core/load-fragment.c')
-rw-r--r-- | src/core/load-fragment.c | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index 18dab02cd7..06e3031d65 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -33,6 +33,8 @@ #include <sys/stat.h> #include <sys/time.h> #include <sys/resource.h> +#include <sys/types.h> +#include <grp.h> #ifdef HAVE_SECCOMP #include <seccomp.h> @@ -1606,6 +1608,89 @@ int config_parse_busname_service( return 0; } +int config_parse_bus_policy( + const char *unit, + const char *filename, + unsigned line, + const char *section, + unsigned section_line, + const char *lvalue, + int ltype, + const char *rvalue, + void *data, + void *userdata) { + + _cleanup_free_ BusNamePolicy *p = NULL; + _cleanup_free_ char *id_str = NULL; + BusName *busname = data; + char *access_str; + int r; + + assert(filename); + assert(lvalue); + assert(rvalue); + assert(data); + + p = new0(BusNamePolicy, 1); + if (!p) + return log_oom(); + + if (streq(lvalue, "AllowUser")) + p->type = BUSNAME_POLICY_TYPE_USER; + else if (streq(lvalue, "AllowGroup")) + p->type = BUSNAME_POLICY_TYPE_GROUP; + else if (streq(lvalue, "AllowWorld")) + p->type = BUSNAME_POLICY_TYPE_WORLD; + else + assert_not_reached("Unknown lvalue"); + + id_str = strdup(rvalue); + if (!id_str) + return log_oom(); + + if (p->type != BUSNAME_POLICY_TYPE_WORLD) { + access_str = strchr(id_str, ' '); + if (!access_str) { + log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid busname policy value '%s'", rvalue); + return 0; + } + + *access_str = '\0'; + access_str++; + + if (p->type == BUSNAME_POLICY_TYPE_USER) { + const char *user = id_str; + + r = get_user_creds(&user, &p->uid, NULL, NULL, NULL); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, r, "Unable to parse uid from '%s'", id_str); + return 0; + } + } else { + const char *group = id_str; + + r = get_group_creds(&group, &p->gid); + if (r < 0) { + log_syntax(unit, LOG_ERR, filename, line, -errno, "Unable to parse gid from '%s'", id_str); + return 0; + } + } + } else { + access_str = id_str; + } + + p->access = busname_policy_access_from_string(access_str); + if (p->access < 0) { + log_syntax(unit, LOG_ERR, filename, line, EINVAL, "Invalid busname policy access type '%s'", access_str); + return 0; + } + + LIST_PREPEND(policy, busname->policy, p); + p = NULL; + + return 0; +} + int config_parse_unit_env_file(const char *unit, const char *filename, unsigned line, |