policy.h 6.93 KB
Newer Older
1
/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2
/* policy.h  Bus security policy
3 4 5
 *
 * Copyright (C) 2003  Red Hat, Inc.
 *
6
 * Licensed under the Academic Free License version 2.1
7 8 9 10 11 12 13 14 15 16 17 18 19
 * 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
20
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
21 22 23 24 25 26 27
 *
 */

#ifndef BUS_POLICY_H
#define BUS_POLICY_H

#include <dbus/dbus.h>
28
#include <dbus/dbus-string.h>
29
#include <dbus/dbus-list.h>
30
#include <dbus/dbus-sysdeps.h>
31 32 33 34
#include "bus.h"

typedef enum
{
35 36
  BUS_POLICY_RULE_SEND,
  BUS_POLICY_RULE_RECEIVE,
37 38 39
  BUS_POLICY_RULE_OWN,
  BUS_POLICY_RULE_USER,
  BUS_POLICY_RULE_GROUP
40 41
} BusPolicyRuleType;

42 43 44 45
/** determines whether the rule affects a connection, or some global item */
#define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \
                                               (rule)->type == BUS_POLICY_RULE_GROUP))

46 47 48 49 50 51 52 53 54 55 56 57
struct BusPolicyRule
{
  int refcount;
  
  BusPolicyRuleType type;

  unsigned int allow : 1; /**< #TRUE if this allows, #FALSE if it denies */
  
  union
  {
    struct
    {
58 59
      /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
      int   message_type;
60
      /* any of these can be NULL meaning "any" */
61
      char *path;
62 63 64
      char *interface;
      char *member;
      char *error;
65
      char *destination;
66
      unsigned int eavesdrop : 1;
67
      unsigned int requested_reply : 1;
68
      unsigned int log : 1;
69 70 71 72
    } send;

    struct
    {
73 74
      /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
      int   message_type;
75
      /* any of these can be NULL meaning "any" */
76
      char *path;
77 78 79
      char *interface;
      char *member;
      char *error;
80
      char *origin;
81
      unsigned int eavesdrop : 1;
82
      unsigned int requested_reply : 1;
83 84 85 86 87 88
    } receive;

    struct
    {
      /* can be NULL meaning "any" */
      char *service_name;
89 90
      /* if prefix is set, any name starting with service_name can be owned */
      unsigned int prefix : 1;
91 92
    } own;

93 94
    struct
    {
95
      /* can be DBUS_UID_UNSET meaning "any" */
96
      dbus_uid_t uid;
97 98 99 100
    } user;

    struct
    {
101
      /* can be DBUS_GID_UNSET meaning "any" */
102
      dbus_gid_t gid;
103
    } group;
104

105 106 107 108 109
  } d;
};

BusPolicyRule* bus_policy_rule_new   (BusPolicyRuleType type,
                                      dbus_bool_t       allow);
110
BusPolicyRule* bus_policy_rule_ref   (BusPolicyRule    *rule);
111 112
void           bus_policy_rule_unref (BusPolicyRule    *rule);

113
BusPolicy*       bus_policy_new                   (void);
114
BusPolicy*       bus_policy_ref                   (BusPolicy        *policy);
115 116
void             bus_policy_unref                 (BusPolicy        *policy);
BusClientPolicy* bus_policy_create_client_policy  (BusPolicy        *policy,
117 118
                                                   DBusConnection   *connection,
                                                   DBusError        *error);
119
dbus_bool_t      bus_policy_allow_unix_user       (BusPolicy        *policy,
120
                                                   unsigned long     uid);
121 122
dbus_bool_t      bus_policy_allow_windows_user    (BusPolicy        *policy,
                                                   const char       *windows_sid);
123 124 125 126 127 128 129 130 131 132
dbus_bool_t      bus_policy_append_default_rule   (BusPolicy        *policy,
                                                   BusPolicyRule    *rule);
dbus_bool_t      bus_policy_append_mandatory_rule (BusPolicy        *policy,
                                                   BusPolicyRule    *rule);
dbus_bool_t      bus_policy_append_user_rule      (BusPolicy        *policy,
                                                   dbus_uid_t        uid,
                                                   BusPolicyRule    *rule);
dbus_bool_t      bus_policy_append_group_rule     (BusPolicy        *policy,
                                                   dbus_gid_t        gid,
                                                   BusPolicyRule    *rule);
133 134 135 136
dbus_bool_t      bus_policy_append_console_rule   (BusPolicy        *policy,
                                                   dbus_bool_t        at_console,
                                                   BusPolicyRule    *rule);

137 138
dbus_bool_t      bus_policy_merge                 (BusPolicy        *policy,
                                                   BusPolicy        *to_absorb);
139 140

BusClientPolicy* bus_client_policy_new               (void);
141
BusClientPolicy* bus_client_policy_ref               (BusClientPolicy  *policy);
142 143 144
void             bus_client_policy_unref             (BusClientPolicy  *policy);
dbus_bool_t      bus_client_policy_check_can_send    (BusClientPolicy  *policy,
                                                      BusRegistry      *registry,
145
                                                      dbus_bool_t       requested_reply,
146
                                                      DBusConnection   *receiver,
147
                                                      DBusMessage      *message,
148 149
                                                      dbus_int32_t     *toggles,
                                                      dbus_bool_t      *log);
150 151
dbus_bool_t      bus_client_policy_check_can_receive (BusClientPolicy  *policy,
                                                      BusRegistry      *registry,
152
                                                      dbus_bool_t       requested_reply,
153
                                                      DBusConnection   *sender,
154 155
                                                      DBusConnection   *addressed_recipient,
                                                      DBusConnection   *proposed_recipient,
156 157
                                                      DBusMessage      *message,
                                                      dbus_int32_t     *toggles);
158 159 160 161 162 163
dbus_bool_t      bus_client_policy_check_can_own     (BusClientPolicy  *policy,
                                                      const DBusString *service_name);
dbus_bool_t      bus_client_policy_append_rule       (BusClientPolicy  *policy,
                                                      BusPolicyRule    *rule);
void             bus_client_policy_optimize          (BusClientPolicy  *policy);

164
#ifdef DBUS_ENABLE_EMBEDDED_TESTS
165 166 167
dbus_bool_t      bus_policy_check_can_own     (BusPolicy  *policy,
                                               const DBusString *service_name);
#endif
168 169

#endif /* BUS_POLICY_H */