From 43cc361a5c32c81c0f93451bdb0ef781cd19a1cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Bollo?= Date: Tue, 4 Feb 2020 12:23:36 +0100 Subject: [PATCH 7/8] Switch from cynara to cynagora MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: José Bollo --- bus/Makefile.am | 8 +- bus/bus.h | 2 +- bus/check.c | 26 +- bus/check.h | 2 +- bus/connection.c | 27 --- bus/connection.h | 3 - bus/cynagora-check.c | 330 +++++++++++++++++++++++++ bus/{cynara.h => cynagora-check.h} | 10 +- bus/cynara.c | 373 ----------------------------- bus/system.conf.in | 6 +- configure.ac | 18 +- 11 files changed, 366 insertions(+), 439 deletions(-) create mode 100644 bus/cynagora-check.c rename bus/{cynara.h => cynagora-check.h} (81%) delete mode 100644 bus/cynara.c diff --git a/bus/Makefile.am b/bus/Makefile.am index 2a8a72c..1720048 100644 --- a/bus/Makefile.am +++ b/bus/Makefile.am @@ -13,7 +13,7 @@ DBUS_BUS_LIBS = \ $(THREAD_LIBS) \ $(ADT_LIBS) \ $(NETWORK_libs) \ - $(CYNARA_LIBS) \ + $(CYNAGORA_LIBS) \ $(NULL) DBUS_LAUNCHER_LIBS = \ @@ -31,7 +31,7 @@ AM_CPPFLAGS = \ $(APPARMOR_CFLAGS) \ -DDBUS_SYSTEM_CONFIG_FILE=\""$(dbusdatadir)/system.conf"\" \ -DDBUS_COMPILATION \ - $(CYNARA_CFLAGS) \ + $(CYNAGORA_CFLAGS) \ $(NULL) # if assertions are enabled, improve backtraces @@ -101,8 +101,8 @@ BUS_SOURCES= \ config-parser-common.h \ connection.c \ connection.h \ - cynara.c \ - cynara.h \ + cynagora-check.c \ + cynagora-check.h \ desktop-file.c \ desktop-file.h \ $(DIR_WATCH_SOURCE) \ diff --git a/bus/bus.h b/bus/bus.h index 1b08f7c..e167d9e 100644 --- a/bus/bus.h +++ b/bus/bus.h @@ -47,7 +47,7 @@ typedef struct BusMatchRule BusMatchRule; typedef struct BusActivationEntry BusActivationEntry; typedef struct BusCheck BusCheck; typedef struct BusDeferredMessage BusDeferredMessage; -typedef struct BusCynara BusCynara; +typedef struct BusCynagora BusCynagora; /** * BusResult is defined as a pointer to a dummy structure to allow detection of type mismatches. diff --git a/bus/check.c b/bus/check.c index b73d08b..ec30770 100644 --- a/bus/check.c +++ b/bus/check.c @@ -26,7 +26,7 @@ #include "check.h" #include "connection.h" #include "dispatch.h" -#include "cynara.h" +#include "cynagora-check.h" #include "utils.h" #include #include @@ -38,7 +38,7 @@ typedef struct BusCheck int refcount; BusContext *context; - BusCynara *cynara; + BusCynagora *cynagora; } BusCheck; typedef struct BusDeferredMessage @@ -81,7 +81,7 @@ bus_check_new (BusContext *context, DBusError *error) check->refcount = 1; check->context = context; - check->cynara = bus_cynara_new(check, error); + check->cynagora = bus_cynagora_new(check, error); if (dbus_error_is_set(error)) { dbus_message_free_data_slot(&deferred_message_data_slot); @@ -110,7 +110,7 @@ bus_check_unref (BusCheck *check) if (check->refcount == 0) { - bus_cynara_unref(check->cynara); + bus_cynagora_unref(check->cynagora); dbus_message_free_data_slot(&deferred_message_data_slot); dbus_free(check); } @@ -122,10 +122,10 @@ bus_check_get_context (BusCheck *check) return check->context; } -BusCynara * -bus_check_get_cynara (BusCheck *check) +BusCynagora * +bus_check_get_cynagora (BusCheck *check) { - return check->cynara; + return check->cynagora; } static void @@ -276,8 +276,8 @@ bus_check_privilege (BusCheck *check, { BusDeferredMessage *previous_deferred_message; BusResult result = BUS_RESULT_FALSE; -#ifdef DBUS_ENABLE_CYNARA - BusCynara *cynara; +#ifdef DBUS_ENABLE_CYNAGORA + BusCynagora *cynagora; #endif DBusConnection *connection; @@ -304,7 +304,7 @@ bus_check_privilege (BusCheck *check, * Message has been deferred due to receive or own rule which means that sending this message * is allowed - it must have been checked previously. * This might happen when client calls RequestName method which depending on security - * policy might result in both "can_send" and "can_own" Cynara checks. + * policy might result in both "can_send" and "can_own" Cynagora checks. */ result = BUS_RESULT_TRUE; } @@ -327,9 +327,9 @@ bus_check_privilege (BusCheck *check, else { /* ask policy checkers */ -#ifdef DBUS_ENABLE_CYNARA - cynara = bus_check_get_cynara(check); - result = bus_cynara_check_privilege(cynara, message, sender, addressed_recipient, +#ifdef DBUS_ENABLE_CYNAGORA + cynagora = bus_check_get_cynagora(check); + result = bus_cynagora_check_privilege(cynagora, message, sender, addressed_recipient, proposed_recipient, privilege, check_type, deferred_message); #endif if (result == BUS_RESULT_LATER && deferred_message != NULL) diff --git a/bus/check.h b/bus/check.h index d718a69..ab63c18 100644 --- a/bus/check.h +++ b/bus/check.h @@ -45,7 +45,7 @@ BusCheck *bus_check_ref (BusCheck *check); void bus_check_unref (BusCheck *check); BusContext *bus_check_get_context (BusCheck *check); -BusCynara *bus_check_get_cynara (BusCheck *check); +BusCynagora *bus_check_get_cynagora (BusCheck *check); BusResult bus_check_privilege (BusCheck *check, DBusMessage *message, DBusConnection *sender, diff --git a/bus/connection.c b/bus/connection.c index b520d57..48910e0 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -38,10 +38,6 @@ #include #include #include -#ifdef DBUS_ENABLE_CYNARA -#include -#include -#endif /* Trim executed commands to this length; we want to keep logs readable */ #define MAX_LOG_COMMAND_LEN 50 @@ -124,9 +120,6 @@ typedef struct /** non-NULL if and only if this is a monitor */ DBusList *link_in_monitors; -#ifdef DBUS_ENABLE_CYNARA - char *cynara_session_id; -#endif } BusConnectionData; static dbus_bool_t bus_pending_reply_expired (BusExpireList *list, @@ -461,10 +454,6 @@ free_connection_data (void *data) dbus_free (d->name); -#ifdef DBUS_ENABLE_CYNARA - free (d->cynara_session_id); -#endif - dbus_free (d); } @@ -1095,22 +1084,6 @@ bus_connection_get_policy (DBusConnection *connection) return d->policy; } -#ifdef DBUS_ENABLE_CYNARA -const char *bus_connection_get_cynara_session_id (DBusConnection *connection) -{ - BusConnectionData *d = BUS_CONNECTION_DATA (connection); - _dbus_assert (d != NULL); - - if (d->cynara_session_id == NULL) - { - unsigned long pid; - if (dbus_connection_get_unix_process_id(connection, &pid)) - d->cynara_session_id = cynara_session_from_pid(pid); - } - return d->cynara_session_id; -} -#endif - static dbus_bool_t foreach_active (BusConnections *connections, BusConnectionForeachFunction function, diff --git a/bus/connection.h b/bus/connection.h index 6af7bf1..3116bcf 100644 --- a/bus/connection.h +++ b/bus/connection.h @@ -138,9 +138,6 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection, BusTransaction *transaction, DBusList **rules, DBusError *error); -#ifdef DBUS_ENABLE_CYNARA -const char *bus_connection_get_cynara_session_id (DBusConnection *connection); -#endif /* transaction API so we can send or not send a block of messages as a whole */ diff --git a/bus/cynagora-check.c b/bus/cynagora-check.c new file mode 100644 index 0000000..6c0c635 --- /dev/null +++ b/bus/cynagora-check.c @@ -0,0 +1,330 @@ +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ +/* cynagora.c Cynagora runtime privilege checking + * + * Copyright (c) 2014 Samsung Electronics, Ltd. + * + * Licensed under the Academic Free License version 2.1 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +#include +#include "cynagora-check.h" +#include "check.h" +#include "utils.h" + +#include +#include +#include + +#include +#include +#include +#include + +#ifndef DBUS_ENABLE_CYNAGORA + +BusCynagora * +bus_cynagora_new(BusCheck *check, DBusError *error) +{ + return NULL; +} + +BusCynagora * +bus_cynagora_ref (BusCynagora *cynagora) +{ + return NULL; +} + +void +bus_cynagora_unref (BusCynagora *cynagora) +{ +} + +BusResult +bus_cynagora_check_privilege (BusCynagora *cynagora, + DBusMessage *message, + DBusConnection *sender, + DBusConnection *addressed_recipient, + DBusConnection *proposed_recipient, + const char *privilege, + BusDeferredMessageStatus check_type, + BusDeferredMessage **deferred_message_param) +{ + return BUS_RESULT_FALSE; +} + +#endif + +#ifdef DBUS_ENABLE_CYNAGORA + +#include +#include + +#include + +#ifndef CYNAGORA_CACHE_SIZE +#define CYNAGORA_CACHE_SIZE 8000 +#endif + +typedef struct BusCynagora +{ + int refcount; + + BusContext *context; + BusCheck *check; + cynagora_t *cynagora; + DBusWatch *cynagora_watch; +} BusCynagora; + +static int async_callback(void *closure, + int op, + int fd, + uint32_t events); + +BusCynagora * +bus_cynagora_new(BusCheck *check, DBusError *error) +{ + BusContext *context; + BusCynagora *cynagora; + int ret; + + cynagora = dbus_new(BusCynagora, 1); + if (cynagora == NULL) + { + BUS_SET_OOM(error); + return NULL; + } + + context = bus_check_get_context(check); + + cynagora->refcount = 1; + cynagora->check = check; + cynagora->context = context; + cynagora->cynagora_watch = NULL; + + ret = cynagora_create(&cynagora->cynagora, cynagora_Check, CYNAGORA_CACHE_SIZE, NULL); + if (ret < 0) + { + dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to create Cynagora configuration"); + } + else + { + ret = cynagora_async_setup(cynagora->cynagora, async_callback, cynagora); + if (ret < 0) + { + dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to initialize Cynagora client"); + } + else + { + return cynagora; + } + cynagora_destroy(cynagora->cynagora); + } + + dbus_free(cynagora); + return NULL; +} + +BusCynagora * +bus_cynagora_ref (BusCynagora *cynagora) +{ + _dbus_assert (cynagora->refcount > 0); + cynagora->refcount += 1; + + return cynagora; +} + +void +bus_cynagora_unref (BusCynagora *cynagora) +{ + _dbus_assert (cynagora->refcount > 0); + + cynagora->refcount -= 1; + + if (cynagora->refcount == 0) + { + cynagora_destroy(cynagora->cynagora); + dbus_free(cynagora); + } +} + +static void +async_check_callback (void *closure, int status) +{ + BusDeferredMessage *deferred_message = closure; + BusResult result; + + if (deferred_message == NULL) + return; + + if (status == 1) + result = BUS_RESULT_TRUE; + else + result = BUS_RESULT_FALSE; + + bus_deferred_message_response_received(deferred_message, result); + bus_deferred_message_unref(deferred_message); +} + +BusResult +bus_cynagora_check_privilege (BusCynagora *cynagora, + DBusMessage *message, + DBusConnection *sender, + DBusConnection *addressed_recipient, + DBusConnection *proposed_recipient, + const char *permission, + BusDeferredMessageStatus check_type, + BusDeferredMessage **deferred_message_param) +{ + int result; + unsigned long uid; + unsigned long pid; + char *label; + char user[32]; + char session[32]; + DBusConnection *connection = check_type == BUS_DEFERRED_MESSAGE_CHECK_RECEIVE ? proposed_recipient : sender; + BusDeferredMessage *deferred_message; + BusResult ret; + cynagora_key_t key; + + _dbus_assert(connection != NULL); + + if (dbus_connection_get_unix_user(connection, &uid) == FALSE) + return BUS_RESULT_FALSE; + + if (dbus_connection_get_unix_process_id(connection, &pid) == FALSE) + return BUS_RESULT_FALSE; + + if (_dbus_connection_get_linux_security_label(connection, &label) == FALSE || label == NULL) + { + _dbus_warn("Failed to obtain security label for connection\n"); + return BUS_RESULT_FALSE; + } + + snprintf(user, sizeof(user), "%lu", uid); + snprintf(session, sizeof(session), "%lu", pid); + + key.client = label; + key.session = session; + key.user = user; + key.permission = permission; + + result = cynagora_cache_check(cynagora->cynagora, &key); + switch (result) + { + case 1: + _dbus_verbose("Cynagora: got ALLOWED answer from cache (client=%s session_id=%s user=%s permission=%s)\n", + label, session_id, user, permission); + ret = BUS_RESULT_TRUE; + break; + + case 0: + _dbus_verbose("Cynagora: got DENIED answer from cache (client=%s session_id=%s user=%s permission=%s)\n", + label, session_id, user, permission); + ret = BUS_RESULT_FALSE; + break; + + default: + deferred_message = bus_deferred_message_new(message, sender, addressed_recipient, + proposed_recipient, BUS_RESULT_LATER); + if (deferred_message == NULL) + { + _dbus_verbose("Failed to allocate memory for deferred message\n"); + ret = BUS_RESULT_FALSE; + goto out; + } + + /* callback is supposed to unref deferred_message*/ + result = cynagora_async_check(cynagora->cynagora, &key, 1, 0, async_check_callback, deferred_message); + if (result == 0) + { + _dbus_verbose("Created Cynagora request: client=%s session_id=%s user=%s permission=%s " + "deferred_message=%p\n", label, session_id, user, permission, deferred_message); + if (deferred_message_param != NULL) + *deferred_message_param = deferred_message; + ret = BUS_RESULT_LATER; + } + else + { + _dbus_verbose("Error on cynagora request create: %i\n", result); + bus_deferred_message_unref(deferred_message); + ret = BUS_RESULT_FALSE; + } + break; + } +out: + dbus_free(label); + return ret; +} + +static dbus_bool_t +watch_handler_callback(DBusWatch *watch, + unsigned int flags, + void *data) +{ + BusCynagora *cynagora = (BusCynagora *)data; + int result = cynagora_async_process(cynagora->cynagora); + if (result < 0) + _dbus_verbose("cynagora_async_process returned %d\n", result); + + return result != -ENOMEM ? TRUE : FALSE; +} + +static int +async_callback(void *closure, int op, int fd, uint32_t events) +{ + BusCynagora *cynagora = (BusCynagora *)closure; + DBusLoop *loop = bus_context_get_loop(cynagora->context); + unsigned int flags; + DBusWatch *watch; + + /* compute flags */ + flags = 0; + if (events & EPOLLIN) + flags |= DBUS_WATCH_READABLE; + if (events & EPOLLOUT) + flags |= DBUS_WATCH_WRITABLE; + + /* remove the watch if needed */ + watch = cynagora->cynagora_watch; + if (watch != NULL) + { + cynagora->cynagora_watch = NULL; + _dbus_loop_remove_watch(loop, watch); + _dbus_watch_invalidate(watch); + _dbus_watch_unref(watch); + } + + /* create the watch if needed */ + watch = cynagora->cynagora_watch; + if (op != EPOLL_CTL_DEL) + { + watch = _dbus_watch_new(fd, flags, TRUE, watch_handler_callback, cynagora, NULL); + if (watch == NULL) + return -ENOMEM; + if (_dbus_loop_add_watch(loop, watch) != TRUE) + { + _dbus_watch_invalidate(watch); + _dbus_watch_unref(watch); + return -ENOMEM; + } + cynagora->cynagora_watch = watch; + } + return 0; +} + +#endif /* DBUS_ENABLE_CYNAGORA */ diff --git a/bus/cynara.h b/bus/cynagora-check.h similarity index 81% rename from bus/cynara.h rename to bus/cynagora-check.h index c4728bb..c0892c3 100644 --- a/bus/cynara.h +++ b/bus/cynagora-check.h @@ -1,5 +1,5 @@ /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ -/* cynara.h Cynara runtime privilege checking +/* cynagora.h Cynagora runtime privilege checking * * Copyright (c) 2014 Samsung Electronics, Ltd. * @@ -24,10 +24,10 @@ #include "bus.h" #include "check.h" -BusCynara *bus_cynara_new (BusCheck *check, DBusError *error); -BusCynara *bus_cynara_ref (BusCynara *cynara); -void bus_cynara_unref (BusCynara *cynara); -BusResult bus_cynara_check_privilege (BusCynara *cynara, +BusCynagora *bus_cynagora_new (BusCheck *check, DBusError *error); +BusCynagora *bus_cynagora_ref (BusCynagora *cynagora); +void bus_cynagora_unref (BusCynagora *cynagora); +BusResult bus_cynagora_check_privilege (BusCynagora *cynagora, DBusMessage *message, DBusConnection *sender, DBusConnection *addressed_recipient, diff --git a/bus/cynara.c b/bus/cynara.c deleted file mode 100644 index 77aed62..0000000 --- a/bus/cynara.c +++ /dev/null @@ -1,373 +0,0 @@ -/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ -/* cynara.c Cynara runtime privilege checking - * - * Copyright (c) 2014 Samsung Electronics, Ltd. - * - * Licensed under the Academic Free License version 2.1 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - * - */ - -#include -#include "cynara.h" -#include "check.h" -#include "utils.h" - -#include - -#include -#include -#include -#include -#ifdef DBUS_ENABLE_CYNARA -#include -#endif - -#ifdef DBUS_ENABLE_CYNARA -typedef struct BusCynara -{ - int refcount; - - BusContext *context; - BusCheck *check; - cynara_async *cynara; - DBusWatch *cynara_watch; -} BusCynara; - -#define USE_CYNARA_CACHE 1 -#ifdef USE_CYNARA_CACHE -#define CYNARA_CACHE_SIZE 1000 -#endif - -static dbus_bool_t bus_cynara_watch_callback(DBusWatch *watch, - unsigned int flags, - void *data); - -static void status_callback(int old_fd, - int new_fd, - cynara_async_status status, - void *user_status_data); -static void bus_cynara_check_response_callback (cynara_check_id check_id, - cynara_async_call_cause cause, - int response, - void *user_response_data); -#endif - - -BusCynara * -bus_cynara_new(BusCheck *check, DBusError *error) -{ -#ifdef DBUS_ENABLE_CYNARA - BusContext *context; - BusCynara *cynara; - cynara_async_configuration *conf = NULL; - int ret; - - cynara = dbus_new(BusCynara, 1); - if (cynara == NULL) - { - BUS_SET_OOM(error); - return NULL; - } - - context = bus_check_get_context(check); - - cynara->refcount = 1; - cynara->check = check; - cynara->context = context; - cynara->cynara_watch = NULL; - - ret = cynara_async_configuration_create(&conf); - if (ret != CYNARA_API_SUCCESS) - { - dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to create Cynara configuration"); - goto out; - } - -#ifdef CYNARA_CACHE_SIZE - ret = cynara_async_configuration_set_cache_size(conf, CYNARA_CACHE_SIZE); - if (ret != CYNARA_API_SUCCESS) - { - dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to Cynara cache size"); - goto out; - } -#endif - - ret = cynara_async_initialize(&cynara->cynara, conf, &status_callback, cynara); - if (ret != CYNARA_API_SUCCESS) - { - dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to initialize Cynara client"); - goto out; - } - -out: - cynara_async_configuration_destroy(conf); - if (ret != CYNARA_API_SUCCESS) - { - dbus_free(cynara); - return NULL; - } - - return cynara; -#else - return NULL; -#endif -} - -BusCynara * -bus_cynara_ref (BusCynara *cynara) -{ -#ifdef DBUS_ENABLE_CYNARA - _dbus_assert (cynara->refcount > 0); - cynara->refcount += 1; - - return cynara; -#else - return NULL; -#endif -} - -void -bus_cynara_unref (BusCynara *cynara) -{ -#ifdef DBUS_ENABLE_CYNARA - _dbus_assert (cynara->refcount > 0); - - cynara->refcount -= 1; - - if (cynara->refcount == 0) - { - cynara_async_finish(cynara->cynara); - dbus_free(cynara); - } -#endif -} - -BusResult -bus_cynara_check_privilege (BusCynara *cynara, - DBusMessage *message, - DBusConnection *sender, - DBusConnection *addressed_recipient, - DBusConnection *proposed_recipient, - const char *privilege, - BusDeferredMessageStatus check_type, - BusDeferredMessage **deferred_message_param) -{ -#ifdef DBUS_ENABLE_CYNARA - int result; - unsigned long uid; - char *label; - const char *session_id; - char user[32]; - cynara_check_id check_id; - DBusConnection *connection = check_type == BUS_DEFERRED_MESSAGE_CHECK_RECEIVE ? proposed_recipient : sender; - BusDeferredMessage *deferred_message; - BusResult ret; - - _dbus_assert(connection != NULL); - - if (dbus_connection_get_unix_user(connection, &uid) == FALSE) - return BUS_RESULT_FALSE; - - if (_dbus_connection_get_linux_security_label(connection, &label) == FALSE || label == NULL) - { - _dbus_warn("Failed to obtain security label for connection\n"); - return BUS_RESULT_FALSE; - } - - session_id = bus_connection_get_cynara_session_id (connection); - if (session_id == NULL) - { - ret = BUS_RESULT_FALSE; - goto out; - } - - snprintf(user, sizeof(user), "%lu", uid); - -#if USE_CYNARA_CACHE - result = cynara_async_check_cache(cynara->cynara, label, session_id, user, privilege); -#else - result = CYNARA_API_CACHE_MISS; -#endif - - switch (result) - { - case CYNARA_API_ACCESS_ALLOWED: - _dbus_verbose("Cynara: got ALLOWED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n", - label, session_id, user, privilege); - ret = BUS_RESULT_TRUE; - break; - - case CYNARA_API_ACCESS_DENIED: - _dbus_verbose("Cynara: got DENIED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n", - label, session_id, user, privilege); - ret = BUS_RESULT_FALSE; - break; - - case CYNARA_API_CACHE_MISS: - deferred_message = bus_deferred_message_new(message, sender, addressed_recipient, - proposed_recipient, BUS_RESULT_LATER); - if (deferred_message == NULL) - { - _dbus_verbose("Failed to allocate memory for deferred message\n"); - ret = BUS_RESULT_FALSE; - goto out; - } - - /* callback is supposed to unref deferred_message*/ - result = cynara_async_create_request(cynara->cynara, label, session_id, user, privilege, &check_id, - &bus_cynara_check_response_callback, deferred_message); - if (result == CYNARA_API_SUCCESS) - { - _dbus_verbose("Created Cynara request: client=%s session_id=%s user=%s privilege=%s check_id=%u " - "deferred_message=%p\n", label, session_id, user, privilege, (unsigned int)check_id, deferred_message); - if (deferred_message_param != NULL) - *deferred_message_param = deferred_message; - ret = BUS_RESULT_LATER; - } - else - { - _dbus_verbose("Error on cynara request create: %i\n", result); - bus_deferred_message_unref(deferred_message); - ret = BUS_RESULT_FALSE; - } - break; - default: - _dbus_verbose("Error when accessing Cynara cache: %i\n", result); - ret = BUS_RESULT_FALSE; - } -out: - dbus_free(label); - return ret; - -#else - return BUS_RESULT_FALSE; -#endif -} - - - -#ifdef DBUS_ENABLE_CYNARA -static void -status_callback(int old_fd, int new_fd, cynara_async_status status, - void *user_status_data) -{ - BusCynara *cynara = (BusCynara *)user_status_data; - DBusLoop *loop = bus_context_get_loop(cynara->context); - - if (cynara->cynara_watch != NULL) - { - _dbus_loop_remove_watch(loop, cynara->cynara_watch); - _dbus_watch_invalidate(cynara->cynara_watch); - _dbus_watch_unref(cynara->cynara_watch); - cynara->cynara_watch = NULL; - } - - if (new_fd != -1) - { - unsigned int flags; - DBusWatch *watch; - - switch (status) - { - case CYNARA_STATUS_FOR_READ: - flags = DBUS_WATCH_READABLE; - break; - case CYNARA_STATUS_FOR_RW: - flags = DBUS_WATCH_READABLE | DBUS_WATCH_WRITABLE; - break; - default: - /* Cynara passed unknown status - warn and add RW watch */ - _dbus_verbose("Cynara passed unknown status value: 0x%08X\n", (unsigned int)status); - flags = DBUS_WATCH_READABLE | DBUS_WATCH_WRITABLE; - break; - } - - watch = _dbus_watch_new(new_fd, flags, TRUE, &bus_cynara_watch_callback, cynara, NULL); - if (watch != NULL) - { - if (_dbus_loop_add_watch(loop, watch) == TRUE) - { - cynara->cynara_watch = watch; - return; - } - - _dbus_watch_invalidate(watch); - _dbus_watch_unref(watch); - } - - /* It seems like not much can be done at this point. Cynara events won't be processed - * until next Cynara function call triggering status callback */ - _dbus_verbose("Failed to add dbus watch\n"); - } -} - -static dbus_bool_t -bus_cynara_watch_callback(DBusWatch *watch, - unsigned int flags, - void *data) -{ - BusCynara *cynara = (BusCynara *)data; - int result = cynara_async_process(cynara->cynara); - if (result != CYNARA_API_SUCCESS) - _dbus_verbose("cynara_async_process returned %d\n", result); - - return result != CYNARA_API_OUT_OF_MEMORY ? TRUE : FALSE; -} - -static inline const char * -call_cause_to_string(cynara_async_call_cause cause) -{ - switch (cause) - { - case CYNARA_CALL_CAUSE_ANSWER: - return "ANSWER"; - case CYNARA_CALL_CAUSE_CANCEL: - return "CANCEL"; - case CYNARA_CALL_CAUSE_FINISH: - return "FINSIH"; - case CYNARA_CALL_CAUSE_SERVICE_NOT_AVAILABLE: - return "SERVICE NOT AVAILABLE"; - default: - return "INVALID"; - } -} - -static void -bus_cynara_check_response_callback (cynara_check_id check_id, - cynara_async_call_cause cause, - int response, - void *user_response_data) -{ - BusDeferredMessage *deferred_message = user_response_data; - BusResult result; - - _dbus_verbose("Cynara callback: check_id=%u, cause=%s response=%i response_data=%p\n", - (unsigned int)check_id, call_cause_to_string(cause), response, user_response_data); - - if (deferred_message == NULL) - return; - - if (cause == CYNARA_CALL_CAUSE_ANSWER && response == CYNARA_API_ACCESS_ALLOWED) - result = BUS_RESULT_TRUE; - else - result = BUS_RESULT_FALSE; - - bus_deferred_message_response_received(deferred_message, result); - bus_deferred_message_unref(deferred_message); -} - -#endif /* DBUS_ENABLE_CYNARA */ diff --git a/bus/system.conf.in b/bus/system.conf.in index 19d0c04..81c39c8 100644 --- a/bus/system.conf.in +++ b/bus/system.conf.in @@ -72,10 +72,10 @@ send_interface="org.freedesktop.DBus.Introspectable"/> - diff --git a/configure.ac b/configure.ac index 11b5ffd..df9341c 100644 --- a/configure.ac +++ b/configure.ac @@ -1742,16 +1742,16 @@ AC_ARG_ENABLE([user-session], AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION], [test "x$enable_user_session" = xyes]) -#enable cynara integration -AC_ARG_ENABLE([cynara], [AS_HELP_STRING([--enable-cynara], [enable Cynara integration])], [], [enable_cynara=no]) -if test "x$enable_cynara" = xyes; then - PKG_CHECK_MODULES([CYNARA], [cynara-client-async >= 0.6.0 cynara-session >= 0.6.0], - [AC_DEFINE([DBUS_ENABLE_CYNARA], [1], [Define to enable Cynara privilege checks in dbus-daemon])], - [AC_MSG_ERROR([libcynara-client-async and cynara-session are required to enable Cynara integration])]) +#enable cynagora integration +AC_ARG_ENABLE([cynagora], [AS_HELP_STRING([--enable-cynagora], [enable Cynagora integration])], [], [enable_cynagora=no]) +if test "x$enable_cynagora" = xyes; then + PKG_CHECK_MODULES([CYNAGORA], [cynagora], + [AC_DEFINE([DBUS_ENABLE_CYNAGORA], [1], [Define to enable Cynagora privilege checks in dbus-daemon])], + [AC_MSG_ERROR([libcynagora is required to enable Cynagora integration])]) fi -AC_SUBST([CYNARA_CFLAGS]) -AC_SUBST([CYNARA_LIBS]) +AC_SUBST([CYNAGORA_CFLAGS]) +AC_SUBST([CYNAGORA_LIBS]) AC_CONFIG_FILES([ Doxyfile @@ -1835,7 +1835,7 @@ echo " Building bus stats API: ${enable_stats} Building SELinux support: ${have_selinux} Building AppArmor support: ${have_apparmor} - Building Cynara support: ${enable_cynara} + Building Cynagora support: ${enable_cynagora} Building inotify support: ${have_inotify} Building kqueue support: ${have_kqueue} Building systemd support: ${have_systemd} -- 2.21.1