1 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
2 /* policy.h  Bus security policy
3  *
4  * Copyright (C) 2003  Red Hat, Inc.
5  *
6  * Licensed under the Academic Free License version 2.1
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the Free Software
20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
21  *
22  */
23 
24 #ifndef BUS_POLICY_H
25 #define BUS_POLICY_H
26 
27 #include <dbus/dbus.h>
28 #include <dbus/dbus-string.h>
29 #include <dbus/dbus-list.h>
30 #include <dbus/dbus-sysdeps.h>
31 #include "bus.h"
32 
33 typedef enum
34 {
35   BUS_POLICY_RULE_SEND,
36   BUS_POLICY_RULE_RECEIVE,
37   BUS_POLICY_RULE_OWN,
38   BUS_POLICY_RULE_USER,
39   BUS_POLICY_RULE_GROUP
40 } BusPolicyRuleType;
41 
42 /** determines whether the rule affects a connection, or some global item */
43 #define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \
44                                                (rule)->type == BUS_POLICY_RULE_GROUP))
45 
46 struct BusPolicyRule
47 {
48   int refcount;
49 
50   BusPolicyRuleType type;
51 
52   unsigned int allow : 1; /**< #TRUE if this allows, #FALSE if it denies */
53 
54   union
55   {
56     struct
57     {
58       /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
59       int   message_type;
60       /* any of these can be NULL meaning "any" */
61       char *path;
62       char *interface;
63       char *member;
64       char *error;
65       char *destination;
66       unsigned int eavesdrop : 1;
67       unsigned int requested_reply : 1;
68       unsigned int log : 1;
69     } send;
70 
71     struct
72     {
73       /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
74       int   message_type;
75       /* any of these can be NULL meaning "any" */
76       char *path;
77       char *interface;
78       char *member;
79       char *error;
80       char *origin;
81       unsigned int eavesdrop : 1;
82       unsigned int requested_reply : 1;
83     } receive;
84 
85     struct
86     {
87       /* can be NULL meaning "any" */
88       char *service_name;
89       /* if prefix is set, any name starting with service_name can be owned */
90       unsigned int prefix : 1;
91     } own;
92 
93     struct
94     {
95       /* can be DBUS_UID_UNSET meaning "any" */
96       dbus_uid_t uid;
97     } user;
98 
99     struct
100     {
101       /* can be DBUS_GID_UNSET meaning "any" */
102       dbus_gid_t gid;
103     } group;
104 
105   } d;
106 };
107 
108 BusPolicyRule* bus_policy_rule_new   (BusPolicyRuleType type,
109                                       dbus_bool_t       allow);
110 BusPolicyRule* bus_policy_rule_ref   (BusPolicyRule    *rule);
111 void           bus_policy_rule_unref (BusPolicyRule    *rule);
112 
113 BusPolicy*       bus_policy_new                   (void);
114 BusPolicy*       bus_policy_ref                   (BusPolicy        *policy);
115 void             bus_policy_unref                 (BusPolicy        *policy);
116 BusClientPolicy* bus_policy_create_client_policy  (BusPolicy        *policy,
117                                                    DBusConnection   *connection,
118                                                    DBusError        *error);
119 dbus_bool_t      bus_policy_allow_unix_user       (BusPolicy        *policy,
120                                                    unsigned long     uid);
121 dbus_bool_t      bus_policy_allow_windows_user    (BusPolicy        *policy,
122                                                    const char       *windows_sid);
123 dbus_bool_t      bus_policy_append_default_rule   (BusPolicy        *policy,
124                                                    BusPolicyRule    *rule);
125 dbus_bool_t      bus_policy_append_mandatory_rule (BusPolicy        *policy,
126                                                    BusPolicyRule    *rule);
127 dbus_bool_t      bus_policy_append_user_rule      (BusPolicy        *policy,
128                                                    dbus_uid_t        uid,
129                                                    BusPolicyRule    *rule);
130 dbus_bool_t      bus_policy_append_group_rule     (BusPolicy        *policy,
131                                                    dbus_gid_t        gid,
132                                                    BusPolicyRule    *rule);
133 dbus_bool_t      bus_policy_append_console_rule   (BusPolicy        *policy,
134                                                    dbus_bool_t        at_console,
135                                                    BusPolicyRule    *rule);
136 
137 dbus_bool_t      bus_policy_merge                 (BusPolicy        *policy,
138                                                    BusPolicy        *to_absorb);
139 
140 BusClientPolicy* bus_client_policy_new               (void);
141 BusClientPolicy* bus_client_policy_ref               (BusClientPolicy  *policy);
142 void             bus_client_policy_unref             (BusClientPolicy  *policy);
143 dbus_bool_t      bus_client_policy_check_can_send    (BusClientPolicy  *policy,
144                                                       BusRegistry      *registry,
145                                                       dbus_bool_t       requested_reply,
146                                                       DBusConnection   *receiver,
147                                                       DBusMessage      *message,
148                                                       dbus_int32_t     *toggles,
149                                                       dbus_bool_t      *log);
150 dbus_bool_t      bus_client_policy_check_can_receive (BusClientPolicy  *policy,
151                                                       BusRegistry      *registry,
152                                                       dbus_bool_t       requested_reply,
153                                                       DBusConnection   *sender,
154                                                       DBusConnection   *addressed_recipient,
155                                                       DBusConnection   *proposed_recipient,
156                                                       DBusMessage      *message,
157                                                       dbus_int32_t     *toggles);
158 dbus_bool_t      bus_client_policy_check_can_own     (BusClientPolicy  *policy,
159                                                       const DBusString *service_name);
160 dbus_bool_t      bus_client_policy_append_rule       (BusClientPolicy  *policy,
161                                                       BusPolicyRule    *rule);
162 void             bus_client_policy_optimize          (BusClientPolicy  *policy);
163 
164 #ifdef DBUS_BUILD_TESTS
165 dbus_bool_t      bus_policy_check_can_own     (BusPolicy  *policy,
166                                                const DBusString *service_name);
167 #endif
168 
169 #endif /* BUS_POLICY_H */
170