summaryrefslogtreecommitdiff
path: root/src/bus-proxyd/bus-policy.c
AgeCommit message (Collapse)Author
2014-12-23core: rearrange code so that libsystemd/sd-bus/ does not include header ↵Lennart Poettering
files from core Stuff in src/shared or src/libsystemd should *never* include code from src/core or any of the tools, so don't do that here either. It's not OK!
2014-11-28treewide: introduce UID_INVALID (and friends) as macro for (uid_t) -1Lennart Poettering
2014-11-28treewide: more log_*_errno + return simplificationsMichal Schmidt
2014-11-28treewide: no need to negate errno for log_*_errno()Michal Schmidt
It corrrectly handles both positive and negative errno values.
2014-11-28treewide: auto-convert the simple cases to log_*_errno()Michal Schmidt
As a followup to 086891e5c1 "log: add an "error" parameter to all low-level logging calls and intrdouce log_error_errno() as log calls that take error numbers", use sed to convert the simple cases to use the new macros: find . -name '*.[ch]' | xargs sed -r -i -e \ 's/log_(debug|info|notice|warning|error|emergency)\("(.*)%s"(.*), strerror\(-([a-zA-Z_]+)\)\);/log_\1_errno(-\4, "\2%m"\3);/' Multi-line log_*() invocations are not covered. And we also should add log_unit_*_errno().
2014-11-27bus-proxy: beef up policy enforcementLennart Poettering
- actually return permission errors to clients - use the right ucreds field - fix error paths when we cannot keep track of locally acquired names due to OOM - avoid unnecessary global variables - log when the policy denies access - enforce correct policy rule order - always request all the metadata its we need to make decisions
2014-11-26bus-policy: actually test messages against the newly added test.confLennart Poettering
2014-11-26bus-policy: steal a test case for prefix ownership from dbus1, and make sure ↵Lennart Poettering
it passes with the bus proxy enforcement
2014-11-14bus-proxy: properly check for bus name prefixes when enforcing policyLennart Poettering
2014-10-09bus-policy: move name list iteration to policy usersDaniel Mack
We need to figure out which of the possible names satisfied the policy, so we cannot do the iteration in check_policy_item() but have to leave it to the users. Test cases amended accordingly.
2014-10-07bus-proxyd: assorted cleanups and fixesDaniel Mack
Just some cleanups around policy checks that came up during review. The code is still not productive.
2014-09-25bus-proxy: drop one wrong assert()Tom Gundersen
2014-09-25bus-proxyd: add some assertsTom Gundersen
Both as documentation, and to make Coverity happy. Fixes CID #1241495 and #1241496.
2014-09-24bus-policy: split API for bus-proxydDaniel Mack
Instead of operating on an sd_bus_message object, expose an API that has 4 functions: policy_check_own() policy_check_hello() policy_check_recv() policy_check_send() This also allows dropping extra code to parse message contents - the bus proxy already has dedicated code paths for that, and we can hook into those later. Tests amended accordingly.
2014-09-20bus-policy: add policy check functionDaniel Mack
Add policy_check() to actually check whether an incoming message is allowed by the policy. The code is not yet used from the proxy daemon, though.
2014-09-20bus-policy: print numeric [gu]id in dump_items()Daniel Mack
2014-09-20bus-policy: do not exit() from policy_dump()Daniel Mack
This function is quite useful for debugging. Exiting from it seems unnecessary.
2014-09-20bus-policy: implement dump_items() with LIST_FOREACHDaniel Mack
Instead of making the function call itself recursively.
2014-09-20bus-policy: resolve [ug]id of POLICY_ITEM_{USER,GROUP}Daniel Mack
Do the lookup during parsing already, and set i->uid, or i->gid to the numerical values.
2014-09-20bus_policy: set i->[ug]id_validDaniel Mack
2014-09-20bus-policy: append items rather than prepending themDaniel Mack
In the D-Bus policy, the order of items matters, so make sure to store them in the same order as they are parsed by the sax parser.
2014-09-20bus-policy: story mandatory items in right listDaniel Mack
2014-09-15hashmap: introduce hash_ops to make struct Hashmap smallerMichal Schmidt
It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-07-16test-tables: add new entriesZbigniew Jędrzejewski-Szmek
One missing string found. A few things had to be moved around to make it possible to test them.
2014-06-16bus-proxy: policy - ignore unsupported tags and attributesKay Sievers
2014-06-10bus-proxy: properly index policy by uid/gid when parsingLennart Poettering
2014-06-10bus-proxy: read the right policy when running in user modeLennart Poettering
2014-06-08bus-policy.c: use draw_special_char(DRAW_ARROW)Daniel Buch
Lets allow LC_ALL=C without corrupted output
2014-06-07bus-proxyd: do not free NULL itemsKay Sievers
2014-06-06bus-proxy: properly read user/group policy itemsLennart Poettering
2014-06-06bus: add basic dbus1 policy parserLennart Poettering
Enforcement is still missing, but at least we can parse it now.