daemon: Simplify authorization policy

The current policy is to only allow the root user access to the Sysroot
and OS interfaces, but this can be expressed in the static bus config.

The long-term intention is to integrate with PolicyKit.  Leave comments
in the code stating so but remove the unnecessary authorization handler
for the time being, just so there's less code to review.
This commit is contained in:
Matthew Barnes 2015-08-24 10:57:30 -04:00
parent d051794a88
commit 495bf4c3f3
6 changed files with 6 additions and 128 deletions

View File

@ -27,8 +27,6 @@ librpmostreed_la_SOURCES = \
src/daemon/sysroot.c \
src/daemon/errors.h \
src/daemon/errors.c \
src/daemon/auth.h \
src/daemon/auth.c \
src/daemon/deployment-utils.h \
src/daemon/deployment-utils.c \
src/daemon/transaction.h \

View File

@ -1,93 +0,0 @@
/*
* Copyright (C) 2015 Red Hat, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include "config.h"
#include "types.h"
#include "auth.h"
#include "errors.h"
#include "daemon.h"
#include <libglnx.h>
/**
* auth_check_root_or_access_denied:
*
* Used with the "g-authorize-method" signal.
* returns a gboolean represening if the user
* is root.
*/
gboolean
auth_check_root_or_access_denied (GDBusInterfaceSkeleton *instance,
GDBusMethodInvocation *invocation,
gpointer user_data)
{
const gchar *sender;
gboolean ret = FALSE;
g_autoptr(GVariant) value = NULL;
GError *error = NULL;
GDBusConnection *connection = NULL;
guint32 uid = UINT32_MAX;
if (!daemon_on_message_bus (daemon_get ()))
{
ret = TRUE;
goto out;
}
sender = g_dbus_method_invocation_get_sender (invocation);
connection = g_dbus_method_invocation_get_connection (invocation);
g_return_val_if_fail (sender != NULL, FALSE);
g_debug ("Checking auth");
value = g_dbus_connection_call_sync (connection,
"org.freedesktop.DBus",
"/org/freedesktop/DBus",
"org.freedesktop.DBus",
"GetConnectionUnixUser",
g_variant_new ("(s)", sender),
G_VARIANT_TYPE ("(u)"),
G_DBUS_CALL_FLAGS_NONE,
-1,
NULL,
&error);
if (error != NULL)
{
g_critical ("Couldn't get uid for '%s': %s",
sender, error->message);
goto out;
}
g_variant_get (value, "(u)", &uid);
ret = uid == 0;
out:
if (!ret)
{
g_dbus_method_invocation_return_error_literal (invocation,
RPM_OSTREED_ERROR,
RPM_OSTREED_ERROR_NOT_AUTHORIZED,
"Access Denied");
}
g_clear_error (&error);
return ret;
}

View File

@ -1,25 +0,0 @@
/*
* Copyright (C) 2015 Red Hat, Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#pragma once
#include "types.h"
gboolean auth_check_root_or_access_denied (GDBusInterfaceSkeleton *instance,
GDBusMethodInvocation *invocation,
gpointer user_data);

View File

@ -4,12 +4,13 @@
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<!-- Only root can own the service -->
<!-- Only root can own and access the service -->
<policy user="root">
<allow own="org.projectatomic.rpmostree1"/>
<allow send_destination="org.projectatomic.rpmostree1"/>
</policy>
<policy context="default">
<allow send_destination="org.projectatomic.rpmostree1"/>
<deny send_destination="org.projectatomic.rpmostree1"/>
</policy>
</busconfig>

View File

@ -27,7 +27,6 @@
#include "rpmostree-package-variants.h"
#include "types.h"
#include "errors.h"
#include "auth.h"
#include "os.h"
#include "utils.h"
#include "transaction.h"
@ -126,8 +125,8 @@ static void
osstub_constructed (GObject *object)
{
OSStub *self = OSSTUB (object);
g_signal_connect (RPMOSTREE_OS(self), "g-authorize-method",
G_CALLBACK (auth_check_root_or_access_denied), NULL);
/* TODO Integrate with PolicyKit via the "g-authorize-method" signal. */
self->signal_id = g_signal_connect (sysroot_get (), "sysroot-updated",
G_CALLBACK (sysroot_changed), self);

View File

@ -25,7 +25,6 @@
#include "os.h"
#include "utils.h"
#include "deployment-utils.h"
#include "auth.h"
#include "errors.h"
#include "transaction.h"
#include "transaction-monitor.h"
@ -564,8 +563,7 @@ sysroot_constructed (GObject *object)
Sysroot *self = SYSROOT (object);
GError *local_error = NULL;
g_signal_connect (RPMOSTREE_SYSROOT(self), "g-authorize-method",
G_CALLBACK (auth_check_root_or_access_denied), NULL);
/* TODO Integrate with PolicyKit via the "g-authorize-method" signal. */
g_object_bind_property_full (self->transaction_monitor,
"active-transaction",