polkit-policy-cache.c 17.6 KB
Newer Older
David Zeuthen's avatar
David Zeuthen committed
1
2
3
/* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 8 -*- */
/***************************************************************************
 *
David Zeuthen's avatar
David Zeuthen committed
4
 * polkit-policy-cache.c : policy cache
David Zeuthen's avatar
David Zeuthen committed
5
6
7
 *
 * Copyright (C) 2007 David Zeuthen, <david@fubar.dk>
 *
8
9
10
11
12
13
14
 * Permission is hereby granted, free of charge, to any person
 * obtaining a copy of this software and associated documentation
 * files (the "Software"), to deal in the Software without
 * restriction, including without limitation the rights to use, copy,
 * modify, merge, publish, distribute, sublicense, and/or sell copies
 * of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
David Zeuthen's avatar
David Zeuthen committed
15
 *
16
17
 * The above copyright notice and this permission notice shall be
 * included in all copies or substantial portions of the Software.
David Zeuthen's avatar
David Zeuthen committed
18
 *
19
20
21
22
23
24
25
26
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 * DEALINGS IN THE SOFTWARE.
David Zeuthen's avatar
David Zeuthen committed
27
28
29
30
31
32
33
 *
 **************************************************************************/

#ifdef HAVE_CONFIG_H
#  include <config.h>
#endif

34
35
#define _GNU_SOURCE

David Zeuthen's avatar
David Zeuthen committed
36
37
38
39
40
41
42
43
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <pwd.h>
#include <grp.h>
#include <unistd.h>
#include <errno.h>
44
#include <syslog.h>
45
46
#include <fcntl.h>
#include <dirent.h>
David Zeuthen's avatar
David Zeuthen committed
47

David Zeuthen's avatar
David Zeuthen committed
48
49
50
#include "polkit-debug.h"
#include "polkit-policy-file.h"
#include "polkit-policy-cache.h"
51
#include "polkit-private.h"
52
#include "polkit-test.h"
David Zeuthen's avatar
David Zeuthen committed
53
54

/**
David Zeuthen's avatar
David Zeuthen committed
55
 * SECTION:polkit-policy-cache
David Zeuthen's avatar
David Zeuthen committed
56
57
 * @title: Policy Cache
 * @short_description: Holds the actions defined on the system.
David Zeuthen's avatar
David Zeuthen committed
58
59
60
61
62
63
64
65
66
67
68
 *
 * This class is used to hold all policy objects (stemming from policy
 * files) and provide look-up functions.
 **/

/**
 * PolKitPolicyCache:
 *
 * Instances of this class are used to hold all policy objects
 * (stemming from policy files) and provide look-up functions.
 **/
David Zeuthen's avatar
David Zeuthen committed
69
struct _PolKitPolicyCache
David Zeuthen's avatar
David Zeuthen committed
70
71
72
{
        int refcount;

73
        KitList *priv_entries;
David Zeuthen's avatar
David Zeuthen committed
74
75
76
};


77
78
static polkit_bool_t
_prepend_entry (PolKitPolicyFile       *policy_file,
79
80
               PolKitPolicyFileEntry  *policy_file_entry,
               void                   *user_data)
David Zeuthen's avatar
David Zeuthen committed
81
{
82
        KitList *l;
83
        PolKitPolicyCache *policy_cache = user_data;
David Zeuthen's avatar
David Zeuthen committed
84

David Zeuthen's avatar
David Zeuthen committed
85
        polkit_policy_file_entry_ref (policy_file_entry);
86
        l = kit_list_prepend (policy_cache->priv_entries, policy_file_entry);
87
88
89
90
91
92
93
94
        if (l == NULL) {
                polkit_policy_file_entry_unref (policy_file_entry);
                goto oom;
        }
        policy_cache->priv_entries = l;
        return FALSE;
oom:
        return TRUE;
David Zeuthen's avatar
David Zeuthen committed
95
96
97
}

PolKitPolicyCache *
98
_polkit_policy_cache_new (const char *dirname, polkit_bool_t load_descriptions, PolKitError **error)
David Zeuthen's avatar
David Zeuthen committed
99
{
100
101
        DIR *dir;
        struct dirent64 *d;
David Zeuthen's avatar
David Zeuthen committed
102
        PolKitPolicyCache *pc;
103
        struct stat statbuf;
David Zeuthen's avatar
David Zeuthen committed
104

105
106
        dir = NULL;

107
        pc = kit_new0 (PolKitPolicyCache, 1);
108
109
110
111
112
        if (pc == NULL) {
                polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY, "Out of memory");
                goto out;
        }

David Zeuthen's avatar
David Zeuthen committed
113
114
        pc->refcount = 1;

115
        dir = opendir (dirname);
116
        if (dir == NULL) {
117
                polkit_error_set_error (error, POLKIT_ERROR_POLICY_FILE_INVALID,
118
119
                                        "Cannot load policy files from directory %s: %m",
                                        dirname);
David Zeuthen's avatar
David Zeuthen committed
120
121
                goto out;
        }
122

123
        while ((d = readdir64 (dir)) != NULL) {
David Zeuthen's avatar
David Zeuthen committed
124
125
                char *path;
                PolKitPolicyFile *pf;
126
                PolKitError *pk_error;
127
128
129
                size_t name_len;
                char *filename;
                static const char suffix[] = ".policy";
David Zeuthen's avatar
David Zeuthen committed
130

131
132
133
134
135
136
137
138
139
140
141
142
143
144
                path = kit_strdup_printf ("%s/%s", dirname, d->d_name);
                if (path == NULL) {
                        polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY, "Out of memory");
                        goto out;
                }

                if (stat (path, &statbuf) != 0)  {
                        polkit_error_set_error (error, POLKIT_ERROR_GENERAL_ERROR, "stat()");
                        kit_free (path);
                        goto out;
                }
                
                if (!S_ISREG (statbuf.st_mode)) {
                        kit_free (path);
David Zeuthen's avatar
David Zeuthen committed
145
                        continue;
146
                }
David Zeuthen's avatar
David Zeuthen committed
147

148
149
                filename = d->d_name;
                name_len = strlen (filename);
150
151
                if (name_len < sizeof (suffix) || strcmp ((filename + name_len - sizeof (suffix) + 1), suffix) != 0) {
                        kit_free (path);
David Zeuthen's avatar
David Zeuthen committed
152
                        continue;
153
                }
David Zeuthen's avatar
David Zeuthen committed
154
155

                _pk_debug ("Loading %s", path);
156
157
                pk_error = NULL;
                pf = polkit_policy_file_new (path, load_descriptions, &pk_error);
158
                kit_free (path);
David Zeuthen's avatar
David Zeuthen committed
159
160

                if (pf == NULL) {
161
                        if (polkit_error_get_error_code (pk_error) == POLKIT_ERROR_OUT_OF_MEMORY) {
162
163
164
165
                                if (error != NULL)
                                        *error = pk_error;
                                else
                                        polkit_error_free (pk_error);
166
167
168
                                goto out;
                        }

169
170
                        //kit_warning ("libpolkit: ignoring malformed policy file: %s", 
                        //             polkit_error_get_error_message (pk_error));
171
172
                        polkit_error_free (pk_error);
                        continue;
David Zeuthen's avatar
David Zeuthen committed
173
174
                }

175
                /* steal entries */
176
177
178
179
180
181
                if (polkit_policy_file_entry_foreach (pf, _prepend_entry, pc)) {
                        /* OOM failure */
                        polkit_policy_file_unref (pf);
                        polkit_error_set_error (error, POLKIT_ERROR_OUT_OF_MEMORY, "Out of memory");
                        goto out;
                }
David Zeuthen's avatar
David Zeuthen committed
182
                polkit_policy_file_unref (pf);
David Zeuthen's avatar
David Zeuthen committed
183
        }
184
        closedir (dir);
David Zeuthen's avatar
David Zeuthen committed
185
186
187

        return pc;
out:
188
189
190
        if (dir != NULL)
                closedir(dir);

David Zeuthen's avatar
David Zeuthen committed
191
        if (pc != NULL)
192
                polkit_policy_cache_unref (pc);
David Zeuthen's avatar
David Zeuthen committed
193
194
195
196
        return NULL;
}

/**
David Zeuthen's avatar
David Zeuthen committed
197
 * polkit_policy_cache_ref:
David Zeuthen's avatar
David Zeuthen committed
198
199
200
201
202
203
204
 * @policy_cache: the policy cache object
 * 
 * Increase reference count.
 * 
 * Returns: the object
 **/
PolKitPolicyCache *
David Zeuthen's avatar
David Zeuthen committed
205
polkit_policy_cache_ref (PolKitPolicyCache *policy_cache)
David Zeuthen's avatar
David Zeuthen committed
206
{
207
        kit_return_val_if_fail (policy_cache != NULL, policy_cache);
David Zeuthen's avatar
David Zeuthen committed
208
209
210
211
212
        policy_cache->refcount++;
        return policy_cache;
}

/**
David Zeuthen's avatar
David Zeuthen committed
213
 * polkit_policy_cache_unref:
David Zeuthen's avatar
David Zeuthen committed
214
215
216
217
218
219
220
 * @policy_cache: the policy cache object
 * 
 * Decreases the reference count of the object. If it becomes zero,
 * the object is freed. Before freeing, reference counts on embedded
 * objects are decresed by one.
 **/
void
David Zeuthen's avatar
David Zeuthen committed
221
polkit_policy_cache_unref (PolKitPolicyCache *policy_cache)
David Zeuthen's avatar
David Zeuthen committed
222
{
223
        KitList *i;
David Zeuthen's avatar
David Zeuthen committed
224

225
        kit_return_if_fail (policy_cache != NULL);
David Zeuthen's avatar
David Zeuthen committed
226
227
228
229
        policy_cache->refcount--;
        if (policy_cache->refcount > 0) 
                return;

230
        for (i = policy_cache->priv_entries; i != NULL; i = i->next) {
David Zeuthen's avatar
David Zeuthen committed
231
                PolKitPolicyFileEntry *pfe = i->data;
David Zeuthen's avatar
David Zeuthen committed
232
                polkit_policy_file_entry_unref (pfe);
David Zeuthen's avatar
David Zeuthen committed
233
234
        }
        if (policy_cache->priv_entries != NULL)
235
                kit_list_free (policy_cache->priv_entries);
David Zeuthen's avatar
David Zeuthen committed
236

237
        kit_free (policy_cache);
David Zeuthen's avatar
David Zeuthen committed
238
239
240
}

/**
David Zeuthen's avatar
David Zeuthen committed
241
 * polkit_policy_cache_debug:
David Zeuthen's avatar
David Zeuthen committed
242
243
244
245
246
 * @policy_cache: the cache
 * 
 * Print debug information about object
 **/
void
David Zeuthen's avatar
David Zeuthen committed
247
polkit_policy_cache_debug (PolKitPolicyCache *policy_cache)
David Zeuthen's avatar
David Zeuthen committed
248
{
249
250
        KitList *i;
        kit_return_if_fail (policy_cache != NULL);
David Zeuthen's avatar
David Zeuthen committed
251
252
253

        _pk_debug ("PolKitPolicyCache: refcount=%d num_entries=%d ...", 
                   policy_cache->refcount,
254
                   policy_cache->priv_entries == NULL ? 0 : kit_list_length (policy_cache->priv_entries));
David Zeuthen's avatar
David Zeuthen committed
255

256
        for (i = policy_cache->priv_entries; i != NULL; i = i->next) {
David Zeuthen's avatar
David Zeuthen committed
257
                PolKitPolicyFileEntry *pfe = i->data;
David Zeuthen's avatar
David Zeuthen committed
258
                polkit_policy_file_entry_debug (pfe);
David Zeuthen's avatar
David Zeuthen committed
259
260
261
        }
}

262
263
264
/**
 * polkit_policy_cache_get_entry_by_id:
 * @policy_cache: the cache
David Zeuthen's avatar
David Zeuthen committed
265
 * @action_id: the action identifier
266
267
268
269
270
271
272
273
274
275
276
277
 * 
 * Given a action identifier, find the object describing the
 * definition of the policy; e.g. data stemming from files in
 * /usr/share/PolicyKit/policy.
 * 
 * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
 * #NULL if the action wasn't identified. Caller shall not unref
 * this object.
 **/
PolKitPolicyFileEntry* 
polkit_policy_cache_get_entry_by_id (PolKitPolicyCache *policy_cache, const char *action_id)
{
278
        KitList *i;
279
280
        PolKitPolicyFileEntry *pfe;

281
282
        kit_return_val_if_fail (policy_cache != NULL, NULL);
        kit_return_val_if_fail (action_id != NULL, NULL);
283
284
285

        pfe = NULL;

286
        for (i = policy_cache->priv_entries; i != NULL; i = i->next) {
287
288
289
290
291
                pfe = i->data;
                if (strcmp (polkit_policy_file_entry_get_id (pfe), action_id) == 0) {
                        goto out;
                }
        }
292
        pfe = NULL;
293

294
295
296
297
        if (pfe == NULL) {
                /* the authdb backend may want to synthesize pfe's */
                pfe = _polkit_authorization_db_pfe_get_by_id (policy_cache, action_id);
        }
298
299
300
301
302

out:
        return pfe;        
}

David Zeuthen's avatar
David Zeuthen committed
303
/**
David Zeuthen's avatar
David Zeuthen committed
304
 * polkit_policy_cache_get_entry:
David Zeuthen's avatar
David Zeuthen committed
305
306
307
308
309
 * @policy_cache: the cache
 * @action: the action
 * 
 * Given a action, find the object describing the definition of the
 * policy; e.g. data stemming from files in
310
 * /usr/share/PolicyKit/policy.
David Zeuthen's avatar
David Zeuthen committed
311
312
313
314
315
316
 * 
 * Returns: A #PolKitPolicyFileEntry entry on sucess; otherwise
 * #NULL if the action wasn't identified. Caller shall not unref
 * this object.
 **/
PolKitPolicyFileEntry* 
David Zeuthen's avatar
David Zeuthen committed
317
polkit_policy_cache_get_entry (PolKitPolicyCache *policy_cache,
David Zeuthen's avatar
David Zeuthen committed
318
319
                                  PolKitAction      *action)
{
320
        char *action_id;
David Zeuthen's avatar
David Zeuthen committed
321
322
323
324
        PolKitPolicyFileEntry *pfe;

        /* I'm sure it would be easy to make this O(1)... */

325
326
        kit_return_val_if_fail (policy_cache != NULL, NULL);
        kit_return_val_if_fail (action != NULL, NULL);
David Zeuthen's avatar
David Zeuthen committed
327
328
329

        pfe = NULL;

330
331
332
333
        if (!polkit_action_get_action_id (action, &action_id))
                goto out;

        pfe = polkit_policy_cache_get_entry_by_id (policy_cache, action_id);
334

David Zeuthen's avatar
David Zeuthen committed
335
336
337
out:
        return pfe;
}
338
339
340
341
342
343
344
345

/**
 * polkit_policy_cache_foreach:
 * @policy_cache: the policy cache
 * @callback: callback function
 * @user_data: user data to pass to callback function
 * 
 * Visit all entries in the policy cache.
346
347
 *
 * Returns: #TRUE only if iteration was short-circuited
348
 **/
349
polkit_bool_t
350
351
352
353
polkit_policy_cache_foreach (PolKitPolicyCache *policy_cache, 
                             PolKitPolicyCacheForeachFunc callback,
                             void *user_data)
{
354
        KitList *i;
355
356
        PolKitPolicyFileEntry *pfe;

357
358
        kit_return_val_if_fail (policy_cache != NULL, FALSE);
        kit_return_val_if_fail (callback != NULL, FALSE);
359

360
        for (i = policy_cache->priv_entries; i != NULL; i = i->next) {
361
                pfe = i->data;
362
363
                if (callback (policy_cache, pfe, user_data))
                        return TRUE;
364
        }
365
366

        /* the authdb backend may also want to return synthesized pfe's */
367
368
369
        return _polkit_authorization_db_pfe_foreach (policy_cache,
                                                     callback,
                                                     user_data);
370
}
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385

/**
 * polkit_policy_cache_get_entry_by_annotation:
 * @policy_cache: the policy cache
 * @annotation_key: the key to check for
 * @annotation_value: the value to check for
 *
 * Find the first policy file entry where a given annotation matches a
 * given value. Note that there is nothing preventing the existence of
 * multiple policy file entries matching this criteria; it would
 * however be a packaging bug if this situation occured.
 *
 * Returns: The first #PolKitPolicyFileEntry matching the search
 * criteria. The caller shall not unref this object. Returns #NULL if
 * there are no policy file entries matching the search criteria.
386
387
 *
 * Since: 0.7
388
389
390
391
392
393
 */
PolKitPolicyFileEntry* 
polkit_policy_cache_get_entry_by_annotation (PolKitPolicyCache *policy_cache, 
                                             const char *annotation_key,
                                             const char *annotation_value)
{
394
        KitList *i;
395

396
397
398
        kit_return_val_if_fail (policy_cache != NULL, NULL);
        kit_return_val_if_fail (annotation_key != NULL, NULL);
        kit_return_val_if_fail (annotation_value != NULL, NULL);
399

400
        for (i = policy_cache->priv_entries; i != NULL; i = i->next) {
401
402
403
404
405
406
407
408
409
410
411
412
413
414
                const char *value;
                PolKitPolicyFileEntry *pfe = i->data;

                value = polkit_policy_file_entry_get_annotation (pfe, annotation_key);
                if (value == NULL)
                        continue;

                if (strcmp (annotation_value, value) == 0) {
                        return pfe;
                }
        }

        return NULL;
}
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454

#ifdef POLKIT_BUILD_TESTS

static polkit_bool_t
_test_count (PolKitPolicyCache *pc, PolKitPolicyFileEntry *pfe, void *user_data)
{
        int *counter = (int *) user_data;
        const char *action_id;

        action_id = polkit_policy_file_entry_get_id (pfe);
        if (action_id != NULL && (strcmp (action_id, "org.example.valid1") == 0 ||
                                  strcmp (action_id, "org.example.valid2") == 0 ||
                                  strcmp (action_id, "org.example.valid2b") == 0 ||
                                  strcmp (action_id, "org.example.valid3") == 0 ||
                                  strcmp (action_id, "org.example.valid3b") == 0 ||
                                  strcmp (action_id, "org.example.valid4") == 0)) {
                *counter += 1;
        }
                    
        return FALSE;
}

static polkit_bool_t
_test_short_circuit (PolKitPolicyCache *pc, PolKitPolicyFileEntry *pfe, void *user_data)
{
        int *counter = (int *) user_data;
        *counter += 1;
        return TRUE;
}

static polkit_bool_t
_run_test (void)
{
        PolKitError *error;
        PolKitPolicyCache *pc;
        PolKitPolicyFileEntry *pfe;
        PolKitAction *a;
        int counter;

        error = NULL;
455
456
        kit_assert (_polkit_policy_cache_new (TEST_DATA_DIR "/non-existant", TRUE, &error) == NULL);
        kit_assert (polkit_error_is_set (error) && 
457
458
459
460
461
462
                  (polkit_error_get_error_code (error) == POLKIT_ERROR_POLICY_FILE_INVALID ||
                   polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY));
        polkit_error_free (error);

        error = NULL;
        if ((pc = _polkit_policy_cache_new (TEST_DATA_DIR "/invalid", TRUE, &error)) == NULL) {
463
                kit_assert (polkit_error_is_set (error) && 
464
465
466
467
468
469
470
471
                          polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY);
                polkit_error_free (error);
        } else {
                polkit_policy_cache_unref (pc);
        }

        error = NULL;
        if ((pc = _polkit_policy_cache_new (TEST_DATA_DIR "/valid", TRUE, &error)) == NULL) {
472
                kit_assert (polkit_error_is_set (error) && 
473
474
475
476
477
                          polkit_error_get_error_code (error) == POLKIT_ERROR_OUT_OF_MEMORY);
                polkit_error_free (error);
                goto out;
        }

478
479
        kit_assert (polkit_policy_cache_get_entry_by_id (pc, "org.example.valid1") != NULL);
        kit_assert (polkit_policy_cache_get_entry_by_id (pc, "org.example.non-existant") == NULL);
480
481

        pfe = polkit_policy_cache_get_entry_by_annotation (pc, "the.key1", "Some Value 1");
482
        kit_assert (pfe != NULL && strcmp (polkit_policy_file_entry_get_id (pfe), "org.example.valid2") == 0);
483
        pfe = polkit_policy_cache_get_entry_by_annotation (pc, "the.key2", "Some Value 2");
484
        kit_assert (pfe != NULL && strcmp (polkit_policy_file_entry_get_id (pfe), "org.example.valid2") == 0);
485
        pfe = polkit_policy_cache_get_entry_by_annotation (pc, "the.key1", "Some Value 1b");
486
        kit_assert (pfe != NULL && strcmp (polkit_policy_file_entry_get_id (pfe), "org.example.valid2b") == 0);
487
        pfe = polkit_policy_cache_get_entry_by_annotation (pc, "the.key1", "NON-EXISTANT VALUE");
488
        kit_assert (pfe == NULL);
489
        pfe = polkit_policy_cache_get_entry_by_annotation (pc, "NON_EXISTANT KEY", "NON-EXISTANT VALUE");
490
        kit_assert (pfe == NULL);
491
492
493

        if ((a = polkit_action_new ()) != NULL) {
                pfe = polkit_policy_cache_get_entry (pc, a);
494
                kit_assert (pfe == NULL);
495
496
                if (polkit_action_set_action_id (a, "org.example.valid1")) {
                        pfe = polkit_policy_cache_get_entry (pc, a);
497
                        kit_assert (pfe != NULL && strcmp (polkit_policy_file_entry_get_id (pfe), "org.example.valid1") == 0);
498
499
500
                }
                if (polkit_action_set_action_id (a, "org.example.non-existant")) {
                        pfe = polkit_policy_cache_get_entry (pc, a);
501
                        kit_assert (pfe == NULL);
502
503
504
505
506
507
508
                }

                polkit_action_unref (a);
        }

        counter = 0;
        polkit_policy_cache_foreach (pc, _test_count, &counter);
509
        kit_assert (counter == 6);
510
511
512

        counter = 0;
        polkit_policy_cache_foreach (pc, _test_short_circuit, &counter);
513
        kit_assert (counter == 1);
514
515
516
517
518
519
520
521
522

        polkit_policy_cache_debug (pc);
        polkit_policy_cache_ref (pc);
        polkit_policy_cache_unref (pc);
        polkit_policy_cache_unref (pc);
out:
        return TRUE;
}

523
KitTest _test_policy_cache = {
524
525
526
527
528
529
530
        "polkit_policy_cache",
        NULL,
        NULL,
        _run_test
};

#endif /* POLKIT_BUILD_TESTS */