Commit 7c022a80 authored by Havoc Pennington's avatar Havoc Pennington

2003-04-15 Havoc Pennington <hp@pobox.com>

	* bus/bus.c: create and keep around a shared DBusUserDatabase
	object.

	* bus/connection.c (bus_connection_get_groups): don't cache
	groups for user in the connection object, since user database
	object now does that.
parent 4b45f179
2003-04-15 Havoc Pennington <hp@pobox.com>
* bus/bus.c: create and keep around a shared DBusUserDatabase
object.
* bus/connection.c (bus_connection_get_groups): don't cache
groups for user in the connection object, since user database
object now does that.
2003-04-16 Havoc Pennington <hp@redhat.com>
* dbus/dbus-message.c (_dbus_message_add_size_counter): keep a
......
......@@ -44,6 +44,7 @@ struct BusContext
BusActivation *activation;
BusRegistry *registry;
BusPolicy *policy;
DBusUserDatabase *user_database;
int activation_timeout; /**< How long to wait for an activation to time out */
int auth_timeout; /**< How long to wait for an authentication to time out */
int max_completed_connections; /**< Max number of authorized connections */
......@@ -371,6 +372,13 @@ bus_context_new (const DBusString *config_file,
* DOS all the other users.
*/
context->max_completed_connections = 1024;
context->user_database = _dbus_user_database_new ();
if (context->user_database == NULL)
{
BUS_SET_OOM (error);
goto failed;
}
context->loop = _dbus_loop_new ();
if (context->loop == NULL)
......@@ -733,6 +741,8 @@ bus_context_unref (BusContext *context)
dbus_free (context->pidfile);
}
_dbus_user_database_unref (context->user_database);
dbus_free (context);
server_data_slot_unref ();
......@@ -776,11 +786,19 @@ bus_context_get_loop (BusContext *context)
return context->loop;
}
DBusUserDatabase*
bus_context_get_user_database (BusContext *context)
{
return context->user_database;
}
dbus_bool_t
bus_context_allow_user (BusContext *context,
unsigned long uid)
{
return bus_policy_allow_user (context->policy, uid);
return bus_policy_allow_user (context->policy,
context->user_database,
uid);
}
BusClientPolicy*
......
......@@ -29,6 +29,7 @@
#include <dbus/dbus.h>
#include <dbus/dbus-string.h>
#include <dbus/dbus-mainloop.h>
#include <dbus/dbus-userdb.h>
typedef struct BusActivation BusActivation;
typedef struct BusConnections BusConnections;
......@@ -40,28 +41,29 @@ typedef struct BusRegistry BusRegistry;
typedef struct BusService BusService;
typedef struct BusTransaction BusTransaction;
BusContext* bus_context_new (const DBusString *config_file,
int print_addr_fd,
DBusError *error);
void bus_context_shutdown (BusContext *context);
void bus_context_ref (BusContext *context);
void bus_context_unref (BusContext *context);
const char* bus_context_get_type (BusContext *context);
const char* bus_context_get_address (BusContext *context);
BusRegistry* bus_context_get_registry (BusContext *context);
BusConnections* bus_context_get_connections (BusContext *context);
BusActivation* bus_context_get_activation (BusContext *context);
DBusLoop* bus_context_get_loop (BusContext *context);
dbus_bool_t bus_context_allow_user (BusContext *context,
unsigned long uid);
BusClientPolicy* bus_context_create_client_policy (BusContext *context,
DBusConnection *connection);
int bus_context_get_activation_timeout (BusContext *context);
dbus_bool_t bus_context_check_security_policy (BusContext *context,
DBusConnection *sender,
DBusConnection *recipient,
DBusMessage *message,
DBusError *error);
BusContext* bus_context_new (const DBusString *config_file,
int print_addr_fd,
DBusError *error);
void bus_context_shutdown (BusContext *context);
void bus_context_ref (BusContext *context);
void bus_context_unref (BusContext *context);
const char* bus_context_get_type (BusContext *context);
const char* bus_context_get_address (BusContext *context);
BusRegistry* bus_context_get_registry (BusContext *context);
BusConnections* bus_context_get_connections (BusContext *context);
BusActivation* bus_context_get_activation (BusContext *context);
DBusLoop* bus_context_get_loop (BusContext *context);
DBusUserDatabase* bus_context_get_user_database (BusContext *context);
dbus_bool_t bus_context_allow_user (BusContext *context,
unsigned long uid);
BusClientPolicy* bus_context_create_client_policy (BusContext *context,
DBusConnection *connection);
int bus_context_get_activation_timeout (BusContext *context);
dbus_bool_t bus_context_check_security_policy (BusContext *context,
DBusConnection *sender,
DBusConnection *recipient,
DBusMessage *message,
DBusError *error);
#endif /* BUS_BUS_H */
......@@ -48,8 +48,6 @@ typedef struct
DBusList *transaction_messages; /**< Stuff we need to send as part of a transaction */
DBusMessage *oom_message;
DBusPreallocatedSend *oom_preallocated;
unsigned long *group_ids;
int n_group_ids;
BusClientPolicy *policy;
} BusConnectionData;
......@@ -306,8 +304,6 @@ free_connection_data (void *data)
if (d->policy)
bus_client_policy_unref (d->policy);
dbus_free (d->group_ids);
dbus_free (d->name);
dbus_free (d);
......@@ -394,9 +390,6 @@ bus_connections_setup_connection (BusConnections *connections,
}
retval = FALSE;
d->n_group_ids = 0;
d->group_ids = NULL;
if (!dbus_connection_set_watch_functions (connection,
add_connection_watch,
......@@ -476,45 +469,42 @@ bus_connections_setup_connection (BusConnections *connections,
}
dbus_bool_t
bus_connection_get_groups (DBusConnection *connection,
const unsigned long **groups,
int *n_groups)
bus_connection_get_groups (DBusConnection *connection,
unsigned long **groups,
int *n_groups)
{
BusConnectionData *d;
unsigned long uid;
DBusUserDatabase *user_database;
d = BUS_CONNECTION_DATA (connection);
_dbus_assert (d != NULL);
user_database = bus_context_get_user_database (d->connections->context);
*groups = NULL;
*n_groups = 0;
/* we do a lazy lookup on groups a user is in for two reasons:
* 1) we can't do it on connection setup since the user
* hasn't authenticated and 2) it might be expensive
* and we don't need to do it if there are no group-based
* rules in the config file
*/
if (d->n_group_ids == 0)
if (dbus_connection_get_unix_user (connection, &uid))
{
unsigned long uid;
if (dbus_connection_get_unix_user (connection, &uid))
if (!_dbus_user_database_get_groups (user_database,
uid, groups, n_groups,
NULL))
{
if (!_dbus_get_groups (uid, &d->group_ids, &d->n_group_ids, NULL))
{
_dbus_verbose ("Did not get any groups for UID %lu\n",
uid);
return FALSE;
}
_dbus_verbose ("Did not get any groups for UID %lu\n",
uid);
return FALSE;
}
else
{
_dbus_verbose ("Got %d groups for UID %lu\n",
*n_groups, uid);
return TRUE;
}
}
*groups = d->group_ids;
*n_groups = d->n_group_ids;
return TRUE;
else
return TRUE; /* successfully got 0 groups */
}
dbus_bool_t
......@@ -522,7 +512,7 @@ bus_connection_is_in_group (DBusConnection *connection,
unsigned long gid)
{
int i;
const unsigned long *group_ids;
unsigned long *group_ids;
int n_group_ids;
if (!bus_connection_get_groups (connection, &group_ids, &n_group_ids))
......@@ -532,10 +522,14 @@ bus_connection_is_in_group (DBusConnection *connection,
while (i < n_group_ids)
{
if (group_ids[i] == gid)
return TRUE;
{
dbus_free (group_ids);
return TRUE;
}
++i;
}
dbus_free (group_ids);
return FALSE;
}
......
......@@ -73,7 +73,7 @@ void bus_connection_disconnected (DBusConnection *connection);
dbus_bool_t bus_connection_is_in_group (DBusConnection *connection,
unsigned long gid);
dbus_bool_t bus_connection_get_groups (DBusConnection *connection,
const unsigned long **groups,
unsigned long **groups,
int *n_groups);
BusClientPolicy* bus_connection_get_policy (DBusConnection *connection);
......
......@@ -253,7 +253,7 @@ bus_policy_create_client_policy (BusPolicy *policy,
*/
if (_dbus_hash_table_get_n_entries (policy->rules_by_gid) > 0)
{
const unsigned long *groups;
unsigned long *groups;
int n_groups;
int i;
......@@ -271,11 +271,16 @@ bus_policy_create_client_policy (BusPolicy *policy,
if (list != NULL)
{
if (!add_list_to_client (list, client))
goto failed;
{
dbus_free (groups);
goto failed;
}
}
++i;
}
dbus_free (groups);
}
if (!dbus_connection_get_unix_user (connection, &uid))
......@@ -369,15 +374,17 @@ list_allows_user (dbus_bool_t def,
}
dbus_bool_t
bus_policy_allow_user (BusPolicy *policy,
unsigned long uid)
bus_policy_allow_user (BusPolicy *policy,
DBusUserDatabase *user_database,
unsigned long uid)
{
dbus_bool_t allowed;
unsigned long *group_ids;
int n_group_ids;
/* On OOM or error we always reject the user */
if (!_dbus_get_groups (uid, &group_ids, &n_group_ids, NULL))
if (!_dbus_user_database_get_groups (user_database,
uid, &group_ids, &n_group_ids, NULL))
{
_dbus_verbose ("Did not get any groups for UID %lu\n",
uid);
......
......@@ -93,22 +93,24 @@ void bus_policy_rule_ref (BusPolicyRule *rule);
void bus_policy_rule_unref (BusPolicyRule *rule);
BusPolicy* bus_policy_new (void);
void bus_policy_ref (BusPolicy *policy);
void bus_policy_unref (BusPolicy *policy);
BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy,
DBusConnection *connection);
dbus_bool_t bus_policy_allow_user (BusPolicy *policy,
unsigned long uid);
dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy,
BusPolicyRule *rule);
dbus_bool_t bus_policy_append_mandatory_rule (BusPolicy *policy,
BusPolicyRule *rule);
dbus_bool_t bus_policy_append_user_rule (BusPolicy *policy,
dbus_uid_t uid,
BusPolicyRule *rule);
dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy,
dbus_gid_t gid,
BusPolicyRule *rule);
void bus_policy_ref (BusPolicy *policy);
void bus_policy_unref (BusPolicy *policy);
BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy,
DBusConnection *connection);
dbus_bool_t bus_policy_allow_user (BusPolicy *policy,
DBusUserDatabase *user_database,
unsigned long uid);
dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy,
BusPolicyRule *rule);
dbus_bool_t bus_policy_append_mandatory_rule (BusPolicy *policy,
BusPolicyRule *rule);
dbus_bool_t bus_policy_append_user_rule (BusPolicy *policy,
dbus_uid_t uid,
BusPolicyRule *rule);
dbus_bool_t bus_policy_append_group_rule (BusPolicy *policy,
dbus_gid_t gid,
BusPolicyRule *rule);
BusClientPolicy* bus_client_policy_new (void);
void bus_client_policy_ref (BusClientPolicy *policy);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment