daemon: Simplify authorization policy
The current policy is to only allow the root user access to the Sysroot and OS interfaces, but this can be expressed in the static bus config. The long-term intention is to integrate with PolicyKit. Leave comments in the code stating so but remove the unnecessary authorization handler for the time being, just so there's less code to review.
This commit is contained in:
parent
d051794a88
commit
495bf4c3f3
@ -27,8 +27,6 @@ librpmostreed_la_SOURCES = \
|
||||
src/daemon/sysroot.c \
|
||||
src/daemon/errors.h \
|
||||
src/daemon/errors.c \
|
||||
src/daemon/auth.h \
|
||||
src/daemon/auth.c \
|
||||
src/daemon/deployment-utils.h \
|
||||
src/daemon/deployment-utils.c \
|
||||
src/daemon/transaction.h \
|
||||
|
@ -1,93 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2015 Red Hat, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
#include "types.h"
|
||||
#include "auth.h"
|
||||
#include "errors.h"
|
||||
#include "daemon.h"
|
||||
|
||||
#include <libglnx.h>
|
||||
|
||||
/**
|
||||
* auth_check_root_or_access_denied:
|
||||
*
|
||||
* Used with the "g-authorize-method" signal.
|
||||
* returns a gboolean represening if the user
|
||||
* is root.
|
||||
*/
|
||||
gboolean
|
||||
auth_check_root_or_access_denied (GDBusInterfaceSkeleton *instance,
|
||||
GDBusMethodInvocation *invocation,
|
||||
gpointer user_data)
|
||||
{
|
||||
const gchar *sender;
|
||||
gboolean ret = FALSE;
|
||||
|
||||
g_autoptr(GVariant) value = NULL;
|
||||
GError *error = NULL;
|
||||
GDBusConnection *connection = NULL;
|
||||
guint32 uid = UINT32_MAX;
|
||||
|
||||
if (!daemon_on_message_bus (daemon_get ()))
|
||||
{
|
||||
ret = TRUE;
|
||||
goto out;
|
||||
}
|
||||
|
||||
sender = g_dbus_method_invocation_get_sender (invocation);
|
||||
connection = g_dbus_method_invocation_get_connection (invocation);
|
||||
|
||||
g_return_val_if_fail (sender != NULL, FALSE);
|
||||
|
||||
g_debug ("Checking auth");
|
||||
|
||||
value = g_dbus_connection_call_sync (connection,
|
||||
"org.freedesktop.DBus",
|
||||
"/org/freedesktop/DBus",
|
||||
"org.freedesktop.DBus",
|
||||
"GetConnectionUnixUser",
|
||||
g_variant_new ("(s)", sender),
|
||||
G_VARIANT_TYPE ("(u)"),
|
||||
G_DBUS_CALL_FLAGS_NONE,
|
||||
-1,
|
||||
NULL,
|
||||
&error);
|
||||
|
||||
if (error != NULL)
|
||||
{
|
||||
g_critical ("Couldn't get uid for '%s': %s",
|
||||
sender, error->message);
|
||||
goto out;
|
||||
}
|
||||
|
||||
g_variant_get (value, "(u)", &uid);
|
||||
ret = uid == 0;
|
||||
|
||||
out:
|
||||
if (!ret)
|
||||
{
|
||||
g_dbus_method_invocation_return_error_literal (invocation,
|
||||
RPM_OSTREED_ERROR,
|
||||
RPM_OSTREED_ERROR_NOT_AUTHORIZED,
|
||||
"Access Denied");
|
||||
}
|
||||
|
||||
g_clear_error (&error);
|
||||
return ret;
|
||||
}
|
@ -1,25 +0,0 @@
|
||||
/*
|
||||
* Copyright (C) 2015 Red Hat, Inc.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||
*/
|
||||
|
||||
#pragma once
|
||||
|
||||
#include "types.h"
|
||||
|
||||
gboolean auth_check_root_or_access_denied (GDBusInterfaceSkeleton *instance,
|
||||
GDBusMethodInvocation *invocation,
|
||||
gpointer user_data);
|
@ -4,12 +4,13 @@
|
||||
"-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
||||
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||
<busconfig>
|
||||
<!-- Only root can own the service -->
|
||||
<!-- Only root can own and access the service -->
|
||||
<policy user="root">
|
||||
<allow own="org.projectatomic.rpmostree1"/>
|
||||
<allow send_destination="org.projectatomic.rpmostree1"/>
|
||||
</policy>
|
||||
|
||||
<policy context="default">
|
||||
<allow send_destination="org.projectatomic.rpmostree1"/>
|
||||
<deny send_destination="org.projectatomic.rpmostree1"/>
|
||||
</policy>
|
||||
</busconfig>
|
||||
|
@ -27,7 +27,6 @@
|
||||
#include "rpmostree-package-variants.h"
|
||||
#include "types.h"
|
||||
#include "errors.h"
|
||||
#include "auth.h"
|
||||
#include "os.h"
|
||||
#include "utils.h"
|
||||
#include "transaction.h"
|
||||
@ -126,8 +125,8 @@ static void
|
||||
osstub_constructed (GObject *object)
|
||||
{
|
||||
OSStub *self = OSSTUB (object);
|
||||
g_signal_connect (RPMOSTREE_OS(self), "g-authorize-method",
|
||||
G_CALLBACK (auth_check_root_or_access_denied), NULL);
|
||||
|
||||
/* TODO Integrate with PolicyKit via the "g-authorize-method" signal. */
|
||||
|
||||
self->signal_id = g_signal_connect (sysroot_get (), "sysroot-updated",
|
||||
G_CALLBACK (sysroot_changed), self);
|
||||
|
@ -25,7 +25,6 @@
|
||||
#include "os.h"
|
||||
#include "utils.h"
|
||||
#include "deployment-utils.h"
|
||||
#include "auth.h"
|
||||
#include "errors.h"
|
||||
#include "transaction.h"
|
||||
#include "transaction-monitor.h"
|
||||
@ -564,8 +563,7 @@ sysroot_constructed (GObject *object)
|
||||
Sysroot *self = SYSROOT (object);
|
||||
GError *local_error = NULL;
|
||||
|
||||
g_signal_connect (RPMOSTREE_SYSROOT(self), "g-authorize-method",
|
||||
G_CALLBACK (auth_check_root_or_access_denied), NULL);
|
||||
/* TODO Integrate with PolicyKit via the "g-authorize-method" signal. */
|
||||
|
||||
g_object_bind_property_full (self->transaction_monitor,
|
||||
"active-transaction",
|
||||
|
Loading…
Reference in New Issue
Block a user