diff options
Diffstat (limited to 'src/bus-proxyd/proxy.c')
-rw-r--r-- | src/bus-proxyd/proxy.c | 50 |
1 files changed, 37 insertions, 13 deletions
diff --git a/src/bus-proxyd/proxy.c b/src/bus-proxyd/proxy.c index 744b11da5c..ab164474fa 100644 --- a/src/bus-proxyd/proxy.c +++ b/src/bus-proxyd/proxy.c @@ -255,16 +255,27 @@ Proxy *proxy_free(Proxy *p) { return NULL; } -int proxy_load_policy(Proxy *p, char **configuration) { +int proxy_set_policy(Proxy *p, SharedPolicy *sp, char **configuration) { _cleanup_strv_free_ char **strv = NULL; + Policy *policy; int r; assert(p); + assert(sp); /* no need to load legacy policy if destination is not kdbus */ if (!p->dest_bus->is_kernel) return 0; + p->policy = sp; + + policy = shared_policy_acquire(sp); + if (policy) { + /* policy already pre-loaded */ + shared_policy_release(sp, policy); + return 0; + } + if (!configuration) { const char *scope; @@ -291,30 +302,30 @@ int proxy_load_policy(Proxy *p, char **configuration) { configuration = strv; } - r = policy_load(&p->policy_buffer, configuration); - if (r < 0) - return log_error_errno(r, "Failed to load policy: %m"); - - p->policy = &p->policy_buffer; - /* policy_dump(p->policy); */ - - return 0; + return shared_policy_preload(sp, configuration); } int proxy_hello_policy(Proxy *p, uid_t original_uid) { + Policy *policy; + int r = 0; + assert(p); if (!p->policy) return 0; + policy = shared_policy_acquire(p->policy); + if (p->local_creds.uid == original_uid) log_debug("Permitting access, since bus owner matches bus client."); - else if (policy_check_hello(p->policy, p->local_creds.uid, p->local_creds.gid)) + else if (policy_check_hello(policy, p->local_creds.uid, p->local_creds.gid)) log_debug("Permitting access due to XML policy."); else - return log_error_errno(EPERM, "Policy denied connection."); + r = log_error_errno(EPERM, "Policy denied connection."); - return 0; + shared_policy_release(p->policy, policy); + + return r; } static int proxy_wait(Proxy *p) { @@ -384,7 +395,7 @@ static int handle_policy_error(sd_bus_message *m, int r) { return r; } -static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) { +static int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) { int r; assert(from); @@ -584,6 +595,19 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p return 0; } +static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, SharedPolicy *sp, const struct ucred *our_ucred, Set *owned_names) { + Policy *policy; + int r; + + assert(sp); + + policy = shared_policy_acquire(sp); + r = process_policy_unlocked(from, to, m, policy, our_ucred, owned_names); + shared_policy_release(sp, policy); + + return r; +} + static int process_hello(Proxy *p, sd_bus_message *m) { _cleanup_bus_message_unref_ sd_bus_message *n = NULL; bool is_hello; |