1 From 43cc361a5c32c81c0f93451bdb0ef781cd19a1cb Mon Sep 17 00:00:00 2001
2 From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
3 Date: Tue, 4 Feb 2020 12:23:36 +0100
4 Subject: [PATCH 7/8] Switch from cynara to cynagora
6 Content-Type: text/plain; charset=UTF-8
7 Content-Transfer-Encoding: 8bit
9 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
11 bus/Makefile.am | 8 +-
15 bus/connection.c | 27 ---
16 bus/connection.h | 3 -
17 bus/cynagora-check.c | 330 +++++++++++++++++++++++++
18 bus/{cynara.h => cynagora-check.h} | 10 +-
19 bus/cynara.c | 373 -----------------------------
20 bus/system.conf.in | 6 +-
22 11 files changed, 366 insertions(+), 439 deletions(-)
23 create mode 100644 bus/cynagora-check.c
24 rename bus/{cynara.h => cynagora-check.h} (81%)
25 delete mode 100644 bus/cynara.c
27 diff --git a/bus/Makefile.am b/bus/Makefile.am
28 index 2a8a72c..1720048 100644
31 @@ -13,7 +13,7 @@ DBUS_BUS_LIBS = \
39 DBUS_LAUNCHER_LIBS = \
40 @@ -31,7 +31,7 @@ AM_CPPFLAGS = \
42 -DDBUS_SYSTEM_CONFIG_FILE=\""$(dbusdatadir)/system.conf"\" \
45 + $(CYNAGORA_CFLAGS) \
48 # if assertions are enabled, improve backtraces
49 @@ -101,8 +101,8 @@ BUS_SOURCES= \
50 config-parser-common.h \
60 diff --git a/bus/bus.h b/bus/bus.h
61 index 1b08f7c..e167d9e 100644
64 @@ -47,7 +47,7 @@ typedef struct BusMatchRule BusMatchRule;
65 typedef struct BusActivationEntry BusActivationEntry;
66 typedef struct BusCheck BusCheck;
67 typedef struct BusDeferredMessage BusDeferredMessage;
68 -typedef struct BusCynara BusCynara;
69 +typedef struct BusCynagora BusCynagora;
72 * BusResult is defined as a pointer to a dummy structure to allow detection of type mismatches.
73 diff --git a/bus/check.c b/bus/check.c
74 index b73d08b..ec30770 100644
79 #include "connection.h"
82 +#include "cynagora-check.h"
84 #include <dbus/dbus-connection-internal.h>
85 #include <dbus/dbus-message-internal.h>
86 @@ -38,7 +38,7 @@ typedef struct BusCheck
91 + BusCynagora *cynagora;
94 typedef struct BusDeferredMessage
95 @@ -81,7 +81,7 @@ bus_check_new (BusContext *context, DBusError *error)
98 check->context = context;
99 - check->cynara = bus_cynara_new(check, error);
100 + check->cynagora = bus_cynagora_new(check, error);
101 if (dbus_error_is_set(error))
103 dbus_message_free_data_slot(&deferred_message_data_slot);
104 @@ -110,7 +110,7 @@ bus_check_unref (BusCheck *check)
106 if (check->refcount == 0)
108 - bus_cynara_unref(check->cynara);
109 + bus_cynagora_unref(check->cynagora);
110 dbus_message_free_data_slot(&deferred_message_data_slot);
113 @@ -122,10 +122,10 @@ bus_check_get_context (BusCheck *check)
114 return check->context;
118 -bus_check_get_cynara (BusCheck *check)
120 +bus_check_get_cynagora (BusCheck *check)
122 - return check->cynara;
123 + return check->cynagora;
127 @@ -276,8 +276,8 @@ bus_check_privilege (BusCheck *check,
129 BusDeferredMessage *previous_deferred_message;
130 BusResult result = BUS_RESULT_FALSE;
131 -#ifdef DBUS_ENABLE_CYNARA
133 +#ifdef DBUS_ENABLE_CYNAGORA
134 + BusCynagora *cynagora;
136 DBusConnection *connection;
138 @@ -304,7 +304,7 @@ bus_check_privilege (BusCheck *check,
139 * Message has been deferred due to receive or own rule which means that sending this message
140 * is allowed - it must have been checked previously.
141 * This might happen when client calls RequestName method which depending on security
142 - * policy might result in both "can_send" and "can_own" Cynara checks.
143 + * policy might result in both "can_send" and "can_own" Cynagora checks.
145 result = BUS_RESULT_TRUE;
147 @@ -327,9 +327,9 @@ bus_check_privilege (BusCheck *check,
150 /* ask policy checkers */
151 -#ifdef DBUS_ENABLE_CYNARA
152 - cynara = bus_check_get_cynara(check);
153 - result = bus_cynara_check_privilege(cynara, message, sender, addressed_recipient,
154 +#ifdef DBUS_ENABLE_CYNAGORA
155 + cynagora = bus_check_get_cynagora(check);
156 + result = bus_cynagora_check_privilege(cynagora, message, sender, addressed_recipient,
157 proposed_recipient, privilege, check_type, deferred_message);
159 if (result == BUS_RESULT_LATER && deferred_message != NULL)
160 diff --git a/bus/check.h b/bus/check.h
161 index d718a69..ab63c18 100644
164 @@ -45,7 +45,7 @@ BusCheck *bus_check_ref (BusCheck *check);
165 void bus_check_unref (BusCheck *check);
167 BusContext *bus_check_get_context (BusCheck *check);
168 -BusCynara *bus_check_get_cynara (BusCheck *check);
169 +BusCynagora *bus_check_get_cynagora (BusCheck *check);
170 BusResult bus_check_privilege (BusCheck *check,
171 DBusMessage *message,
172 DBusConnection *sender,
173 diff --git a/bus/connection.c b/bus/connection.c
174 index b520d57..48910e0 100644
175 --- a/bus/connection.c
176 +++ b/bus/connection.c
178 #include <dbus/dbus-connection-internal.h>
179 #include <dbus/dbus-internals.h>
180 #include <dbus/dbus-message-internal.h>
181 -#ifdef DBUS_ENABLE_CYNARA
183 -#include <cynara-session.h>
186 /* Trim executed commands to this length; we want to keep logs readable */
187 #define MAX_LOG_COMMAND_LEN 50
188 @@ -124,9 +120,6 @@ typedef struct
190 /** non-NULL if and only if this is a monitor */
191 DBusList *link_in_monitors;
192 -#ifdef DBUS_ENABLE_CYNARA
193 - char *cynara_session_id;
197 static dbus_bool_t bus_pending_reply_expired (BusExpireList *list,
198 @@ -461,10 +454,6 @@ free_connection_data (void *data)
202 -#ifdef DBUS_ENABLE_CYNARA
203 - free (d->cynara_session_id);
209 @@ -1095,22 +1084,6 @@ bus_connection_get_policy (DBusConnection *connection)
213 -#ifdef DBUS_ENABLE_CYNARA
214 -const char *bus_connection_get_cynara_session_id (DBusConnection *connection)
216 - BusConnectionData *d = BUS_CONNECTION_DATA (connection);
217 - _dbus_assert (d != NULL);
219 - if (d->cynara_session_id == NULL)
222 - if (dbus_connection_get_unix_process_id(connection, &pid))
223 - d->cynara_session_id = cynara_session_from_pid(pid);
225 - return d->cynara_session_id;
230 foreach_active (BusConnections *connections,
231 BusConnectionForeachFunction function,
232 diff --git a/bus/connection.h b/bus/connection.h
233 index 6af7bf1..3116bcf 100644
234 --- a/bus/connection.h
235 +++ b/bus/connection.h
236 @@ -138,9 +138,6 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection,
237 BusTransaction *transaction,
240 -#ifdef DBUS_ENABLE_CYNARA
241 -const char *bus_connection_get_cynara_session_id (DBusConnection *connection);
244 /* transaction API so we can send or not send a block of messages as a whole */
246 diff --git a/bus/cynagora-check.c b/bus/cynagora-check.c
248 index 0000000..6c0c635
250 +++ b/bus/cynagora-check.c
252 +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
253 +/* cynagora.c Cynagora runtime privilege checking
255 + * Copyright (c) 2014 Samsung Electronics, Ltd.
257 + * Licensed under the Academic Free License version 2.1
259 + * This program is free software; you can redistribute it and/or modify
260 + * it under the terms of the GNU General Public License as published by
261 + * the Free Software Foundation; either version 2 of the License, or
262 + * (at your option) any later version.
264 + * This program is distributed in the hope that it will be useful,
265 + * but WITHOUT ANY WARRANTY; without even the implied warranty of
266 + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
267 + * GNU General Public License for more details.
269 + * You should have received a copy of the GNU General Public License
270 + * along with this program; if not, write to the Free Software
271 + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
276 +#include "cynagora-check.h"
284 +#include <dbus/dbus.h>
285 +#include <dbus/dbus-watch.h>
286 +#include <dbus/dbus-connection-internal.h>
287 +#include <bus/connection.h>
289 +#ifndef DBUS_ENABLE_CYNAGORA
292 +bus_cynagora_new(BusCheck *check, DBusError *error)
298 +bus_cynagora_ref (BusCynagora *cynagora)
304 +bus_cynagora_unref (BusCynagora *cynagora)
309 +bus_cynagora_check_privilege (BusCynagora *cynagora,
310 + DBusMessage *message,
311 + DBusConnection *sender,
312 + DBusConnection *addressed_recipient,
313 + DBusConnection *proposed_recipient,
314 + const char *privilege,
315 + BusDeferredMessageStatus check_type,
316 + BusDeferredMessage **deferred_message_param)
318 + return BUS_RESULT_FALSE;
323 +#ifdef DBUS_ENABLE_CYNAGORA
326 +#include <sys/epoll.h>
328 +#include <cynagora.h>
330 +#ifndef CYNAGORA_CACHE_SIZE
331 +#define CYNAGORA_CACHE_SIZE 8000
334 +typedef struct BusCynagora
338 + BusContext *context;
340 + cynagora_t *cynagora;
341 + DBusWatch *cynagora_watch;
344 +static int async_callback(void *closure,
350 +bus_cynagora_new(BusCheck *check, DBusError *error)
352 + BusContext *context;
353 + BusCynagora *cynagora;
356 + cynagora = dbus_new(BusCynagora, 1);
357 + if (cynagora == NULL)
359 + BUS_SET_OOM(error);
363 + context = bus_check_get_context(check);
365 + cynagora->refcount = 1;
366 + cynagora->check = check;
367 + cynagora->context = context;
368 + cynagora->cynagora_watch = NULL;
370 + ret = cynagora_create(&cynagora->cynagora, cynagora_Check, CYNAGORA_CACHE_SIZE, NULL);
373 + dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to create Cynagora configuration");
377 + ret = cynagora_async_setup(cynagora->cynagora, async_callback, cynagora);
380 + dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to initialize Cynagora client");
386 + cynagora_destroy(cynagora->cynagora);
389 + dbus_free(cynagora);
394 +bus_cynagora_ref (BusCynagora *cynagora)
396 + _dbus_assert (cynagora->refcount > 0);
397 + cynagora->refcount += 1;
403 +bus_cynagora_unref (BusCynagora *cynagora)
405 + _dbus_assert (cynagora->refcount > 0);
407 + cynagora->refcount -= 1;
409 + if (cynagora->refcount == 0)
411 + cynagora_destroy(cynagora->cynagora);
412 + dbus_free(cynagora);
417 +async_check_callback (void *closure, int status)
419 + BusDeferredMessage *deferred_message = closure;
422 + if (deferred_message == NULL)
426 + result = BUS_RESULT_TRUE;
428 + result = BUS_RESULT_FALSE;
430 + bus_deferred_message_response_received(deferred_message, result);
431 + bus_deferred_message_unref(deferred_message);
435 +bus_cynagora_check_privilege (BusCynagora *cynagora,
436 + DBusMessage *message,
437 + DBusConnection *sender,
438 + DBusConnection *addressed_recipient,
439 + DBusConnection *proposed_recipient,
440 + const char *permission,
441 + BusDeferredMessageStatus check_type,
442 + BusDeferredMessage **deferred_message_param)
450 + DBusConnection *connection = check_type == BUS_DEFERRED_MESSAGE_CHECK_RECEIVE ? proposed_recipient : sender;
451 + BusDeferredMessage *deferred_message;
453 + cynagora_key_t key;
455 + _dbus_assert(connection != NULL);
457 + if (dbus_connection_get_unix_user(connection, &uid) == FALSE)
458 + return BUS_RESULT_FALSE;
460 + if (dbus_connection_get_unix_process_id(connection, &pid) == FALSE)
461 + return BUS_RESULT_FALSE;
463 + if (_dbus_connection_get_linux_security_label(connection, &label) == FALSE || label == NULL)
465 + _dbus_warn("Failed to obtain security label for connection\n");
466 + return BUS_RESULT_FALSE;
469 + snprintf(user, sizeof(user), "%lu", uid);
470 + snprintf(session, sizeof(session), "%lu", pid);
472 + key.client = label;
473 + key.session = session;
475 + key.permission = permission;
477 + result = cynagora_cache_check(cynagora->cynagora, &key);
481 + _dbus_verbose("Cynagora: got ALLOWED answer from cache (client=%s session_id=%s user=%s permission=%s)\n",
482 + label, session_id, user, permission);
483 + ret = BUS_RESULT_TRUE;
487 + _dbus_verbose("Cynagora: got DENIED answer from cache (client=%s session_id=%s user=%s permission=%s)\n",
488 + label, session_id, user, permission);
489 + ret = BUS_RESULT_FALSE;
493 + deferred_message = bus_deferred_message_new(message, sender, addressed_recipient,
494 + proposed_recipient, BUS_RESULT_LATER);
495 + if (deferred_message == NULL)
497 + _dbus_verbose("Failed to allocate memory for deferred message\n");
498 + ret = BUS_RESULT_FALSE;
502 + /* callback is supposed to unref deferred_message*/
503 + result = cynagora_async_check(cynagora->cynagora, &key, 1, 0, async_check_callback, deferred_message);
506 + _dbus_verbose("Created Cynagora request: client=%s session_id=%s user=%s permission=%s "
507 + "deferred_message=%p\n", label, session_id, user, permission, deferred_message);
508 + if (deferred_message_param != NULL)
509 + *deferred_message_param = deferred_message;
510 + ret = BUS_RESULT_LATER;
514 + _dbus_verbose("Error on cynagora request create: %i\n", result);
515 + bus_deferred_message_unref(deferred_message);
516 + ret = BUS_RESULT_FALSE;
526 +watch_handler_callback(DBusWatch *watch,
527 + unsigned int flags,
530 + BusCynagora *cynagora = (BusCynagora *)data;
531 + int result = cynagora_async_process(cynagora->cynagora);
533 + _dbus_verbose("cynagora_async_process returned %d\n", result);
535 + return result != -ENOMEM ? TRUE : FALSE;
539 +async_callback(void *closure, int op, int fd, uint32_t events)
541 + BusCynagora *cynagora = (BusCynagora *)closure;
542 + DBusLoop *loop = bus_context_get_loop(cynagora->context);
543 + unsigned int flags;
546 + /* compute flags */
548 + if (events & EPOLLIN)
549 + flags |= DBUS_WATCH_READABLE;
550 + if (events & EPOLLOUT)
551 + flags |= DBUS_WATCH_WRITABLE;
553 + /* remove the watch if needed */
554 + watch = cynagora->cynagora_watch;
557 + cynagora->cynagora_watch = NULL;
558 + _dbus_loop_remove_watch(loop, watch);
559 + _dbus_watch_invalidate(watch);
560 + _dbus_watch_unref(watch);
563 + /* create the watch if needed */
564 + watch = cynagora->cynagora_watch;
565 + if (op != EPOLL_CTL_DEL)
567 + watch = _dbus_watch_new(fd, flags, TRUE, watch_handler_callback, cynagora, NULL);
570 + if (_dbus_loop_add_watch(loop, watch) != TRUE)
572 + _dbus_watch_invalidate(watch);
573 + _dbus_watch_unref(watch);
576 + cynagora->cynagora_watch = watch;
581 +#endif /* DBUS_ENABLE_CYNAGORA */
582 diff --git a/bus/cynara.h b/bus/cynagora-check.h
584 rename from bus/cynara.h
585 rename to bus/cynagora-check.h
586 index c4728bb..c0892c3 100644
588 +++ b/bus/cynagora-check.h
590 /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
591 -/* cynara.h Cynara runtime privilege checking
592 +/* cynagora.h Cynagora runtime privilege checking
594 * Copyright (c) 2014 Samsung Electronics, Ltd.
600 -BusCynara *bus_cynara_new (BusCheck *check, DBusError *error);
601 -BusCynara *bus_cynara_ref (BusCynara *cynara);
602 -void bus_cynara_unref (BusCynara *cynara);
603 -BusResult bus_cynara_check_privilege (BusCynara *cynara,
604 +BusCynagora *bus_cynagora_new (BusCheck *check, DBusError *error);
605 +BusCynagora *bus_cynagora_ref (BusCynagora *cynagora);
606 +void bus_cynagora_unref (BusCynagora *cynagora);
607 +BusResult bus_cynagora_check_privilege (BusCynagora *cynagora,
608 DBusMessage *message,
609 DBusConnection *sender,
610 DBusConnection *addressed_recipient,
611 diff --git a/bus/cynara.c b/bus/cynara.c
612 deleted file mode 100644
613 index 77aed62..0000000
617 -/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
618 -/* cynara.c Cynara runtime privilege checking
620 - * Copyright (c) 2014 Samsung Electronics, Ltd.
622 - * Licensed under the Academic Free License version 2.1
624 - * This program is free software; you can redistribute it and/or modify
625 - * it under the terms of the GNU General Public License as published by
626 - * the Free Software Foundation; either version 2 of the License, or
627 - * (at your option) any later version.
629 - * This program is distributed in the hope that it will be useful,
630 - * but WITHOUT ANY WARRANTY; without even the implied warranty of
631 - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
632 - * GNU General Public License for more details.
634 - * You should have received a copy of the GNU General Public License
635 - * along with this program; if not, write to the Free Software
636 - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
647 -#include <dbus/dbus.h>
648 -#include <dbus/dbus-watch.h>
649 -#include <dbus/dbus-connection-internal.h>
650 -#include <bus/connection.h>
651 -#ifdef DBUS_ENABLE_CYNARA
652 -#include <cynara-client-async.h>
655 -#ifdef DBUS_ENABLE_CYNARA
656 -typedef struct BusCynara
660 - BusContext *context;
662 - cynara_async *cynara;
663 - DBusWatch *cynara_watch;
666 -#define USE_CYNARA_CACHE 1
667 -#ifdef USE_CYNARA_CACHE
668 -#define CYNARA_CACHE_SIZE 1000
671 -static dbus_bool_t bus_cynara_watch_callback(DBusWatch *watch,
672 - unsigned int flags,
675 -static void status_callback(int old_fd,
677 - cynara_async_status status,
678 - void *user_status_data);
679 -static void bus_cynara_check_response_callback (cynara_check_id check_id,
680 - cynara_async_call_cause cause,
682 - void *user_response_data);
687 -bus_cynara_new(BusCheck *check, DBusError *error)
689 -#ifdef DBUS_ENABLE_CYNARA
690 - BusContext *context;
692 - cynara_async_configuration *conf = NULL;
695 - cynara = dbus_new(BusCynara, 1);
696 - if (cynara == NULL)
698 - BUS_SET_OOM(error);
702 - context = bus_check_get_context(check);
704 - cynara->refcount = 1;
705 - cynara->check = check;
706 - cynara->context = context;
707 - cynara->cynara_watch = NULL;
709 - ret = cynara_async_configuration_create(&conf);
710 - if (ret != CYNARA_API_SUCCESS)
712 - dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to create Cynara configuration");
716 -#ifdef CYNARA_CACHE_SIZE
717 - ret = cynara_async_configuration_set_cache_size(conf, CYNARA_CACHE_SIZE);
718 - if (ret != CYNARA_API_SUCCESS)
720 - dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to Cynara cache size");
725 - ret = cynara_async_initialize(&cynara->cynara, conf, &status_callback, cynara);
726 - if (ret != CYNARA_API_SUCCESS)
728 - dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to initialize Cynara client");
733 - cynara_async_configuration_destroy(conf);
734 - if (ret != CYNARA_API_SUCCESS)
747 -bus_cynara_ref (BusCynara *cynara)
749 -#ifdef DBUS_ENABLE_CYNARA
750 - _dbus_assert (cynara->refcount > 0);
751 - cynara->refcount += 1;
760 -bus_cynara_unref (BusCynara *cynara)
762 -#ifdef DBUS_ENABLE_CYNARA
763 - _dbus_assert (cynara->refcount > 0);
765 - cynara->refcount -= 1;
767 - if (cynara->refcount == 0)
769 - cynara_async_finish(cynara->cynara);
776 -bus_cynara_check_privilege (BusCynara *cynara,
777 - DBusMessage *message,
778 - DBusConnection *sender,
779 - DBusConnection *addressed_recipient,
780 - DBusConnection *proposed_recipient,
781 - const char *privilege,
782 - BusDeferredMessageStatus check_type,
783 - BusDeferredMessage **deferred_message_param)
785 -#ifdef DBUS_ENABLE_CYNARA
789 - const char *session_id;
791 - cynara_check_id check_id;
792 - DBusConnection *connection = check_type == BUS_DEFERRED_MESSAGE_CHECK_RECEIVE ? proposed_recipient : sender;
793 - BusDeferredMessage *deferred_message;
796 - _dbus_assert(connection != NULL);
798 - if (dbus_connection_get_unix_user(connection, &uid) == FALSE)
799 - return BUS_RESULT_FALSE;
801 - if (_dbus_connection_get_linux_security_label(connection, &label) == FALSE || label == NULL)
803 - _dbus_warn("Failed to obtain security label for connection\n");
804 - return BUS_RESULT_FALSE;
807 - session_id = bus_connection_get_cynara_session_id (connection);
808 - if (session_id == NULL)
810 - ret = BUS_RESULT_FALSE;
814 - snprintf(user, sizeof(user), "%lu", uid);
816 -#if USE_CYNARA_CACHE
817 - result = cynara_async_check_cache(cynara->cynara, label, session_id, user, privilege);
819 - result = CYNARA_API_CACHE_MISS;
824 - case CYNARA_API_ACCESS_ALLOWED:
825 - _dbus_verbose("Cynara: got ALLOWED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n",
826 - label, session_id, user, privilege);
827 - ret = BUS_RESULT_TRUE;
830 - case CYNARA_API_ACCESS_DENIED:
831 - _dbus_verbose("Cynara: got DENIED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n",
832 - label, session_id, user, privilege);
833 - ret = BUS_RESULT_FALSE;
836 - case CYNARA_API_CACHE_MISS:
837 - deferred_message = bus_deferred_message_new(message, sender, addressed_recipient,
838 - proposed_recipient, BUS_RESULT_LATER);
839 - if (deferred_message == NULL)
841 - _dbus_verbose("Failed to allocate memory for deferred message\n");
842 - ret = BUS_RESULT_FALSE;
846 - /* callback is supposed to unref deferred_message*/
847 - result = cynara_async_create_request(cynara->cynara, label, session_id, user, privilege, &check_id,
848 - &bus_cynara_check_response_callback, deferred_message);
849 - if (result == CYNARA_API_SUCCESS)
851 - _dbus_verbose("Created Cynara request: client=%s session_id=%s user=%s privilege=%s check_id=%u "
852 - "deferred_message=%p\n", label, session_id, user, privilege, (unsigned int)check_id, deferred_message);
853 - if (deferred_message_param != NULL)
854 - *deferred_message_param = deferred_message;
855 - ret = BUS_RESULT_LATER;
859 - _dbus_verbose("Error on cynara request create: %i\n", result);
860 - bus_deferred_message_unref(deferred_message);
861 - ret = BUS_RESULT_FALSE;
865 - _dbus_verbose("Error when accessing Cynara cache: %i\n", result);
866 - ret = BUS_RESULT_FALSE;
873 - return BUS_RESULT_FALSE;
879 -#ifdef DBUS_ENABLE_CYNARA
881 -status_callback(int old_fd, int new_fd, cynara_async_status status,
882 - void *user_status_data)
884 - BusCynara *cynara = (BusCynara *)user_status_data;
885 - DBusLoop *loop = bus_context_get_loop(cynara->context);
887 - if (cynara->cynara_watch != NULL)
889 - _dbus_loop_remove_watch(loop, cynara->cynara_watch);
890 - _dbus_watch_invalidate(cynara->cynara_watch);
891 - _dbus_watch_unref(cynara->cynara_watch);
892 - cynara->cynara_watch = NULL;
897 - unsigned int flags;
902 - case CYNARA_STATUS_FOR_READ:
903 - flags = DBUS_WATCH_READABLE;
905 - case CYNARA_STATUS_FOR_RW:
906 - flags = DBUS_WATCH_READABLE | DBUS_WATCH_WRITABLE;
909 - /* Cynara passed unknown status - warn and add RW watch */
910 - _dbus_verbose("Cynara passed unknown status value: 0x%08X\n", (unsigned int)status);
911 - flags = DBUS_WATCH_READABLE | DBUS_WATCH_WRITABLE;
915 - watch = _dbus_watch_new(new_fd, flags, TRUE, &bus_cynara_watch_callback, cynara, NULL);
918 - if (_dbus_loop_add_watch(loop, watch) == TRUE)
920 - cynara->cynara_watch = watch;
924 - _dbus_watch_invalidate(watch);
925 - _dbus_watch_unref(watch);
928 - /* It seems like not much can be done at this point. Cynara events won't be processed
929 - * until next Cynara function call triggering status callback */
930 - _dbus_verbose("Failed to add dbus watch\n");
935 -bus_cynara_watch_callback(DBusWatch *watch,
936 - unsigned int flags,
939 - BusCynara *cynara = (BusCynara *)data;
940 - int result = cynara_async_process(cynara->cynara);
941 - if (result != CYNARA_API_SUCCESS)
942 - _dbus_verbose("cynara_async_process returned %d\n", result);
944 - return result != CYNARA_API_OUT_OF_MEMORY ? TRUE : FALSE;
947 -static inline const char *
948 -call_cause_to_string(cynara_async_call_cause cause)
952 - case CYNARA_CALL_CAUSE_ANSWER:
954 - case CYNARA_CALL_CAUSE_CANCEL:
956 - case CYNARA_CALL_CAUSE_FINISH:
958 - case CYNARA_CALL_CAUSE_SERVICE_NOT_AVAILABLE:
959 - return "SERVICE NOT AVAILABLE";
966 -bus_cynara_check_response_callback (cynara_check_id check_id,
967 - cynara_async_call_cause cause,
969 - void *user_response_data)
971 - BusDeferredMessage *deferred_message = user_response_data;
974 - _dbus_verbose("Cynara callback: check_id=%u, cause=%s response=%i response_data=%p\n",
975 - (unsigned int)check_id, call_cause_to_string(cause), response, user_response_data);
977 - if (deferred_message == NULL)
980 - if (cause == CYNARA_CALL_CAUSE_ANSWER && response == CYNARA_API_ACCESS_ALLOWED)
981 - result = BUS_RESULT_TRUE;
983 - result = BUS_RESULT_FALSE;
985 - bus_deferred_message_response_received(deferred_message, result);
986 - bus_deferred_message_unref(deferred_message);
989 -#endif /* DBUS_ENABLE_CYNARA */
990 diff --git a/bus/system.conf.in b/bus/system.conf.in
991 index 19d0c04..81c39c8 100644
992 --- a/bus/system.conf.in
993 +++ b/bus/system.conf.in
995 send_interface="org.freedesktop.DBus.Introspectable"/>
996 <allow send_destination="org.freedesktop.DBus"
997 send_interface="org.freedesktop.DBus.Properties"/>
998 - <!-- If there is a need specific bus services could be protected by Cynara as well.
999 + <!-- If there is a need specific bus services could be protected by Cynagora as well.
1000 However, this can lead to deadlock during the boot process when such check is made and
1001 - Cynara is not yet activated (systemd calls protected method synchronously,
1002 - dbus daemon tries to consult Cynara, Cynara waits for systemd activation).
1003 + Cynagora is not yet activated (systemd calls protected method synchronously,
1004 + dbus daemon tries to consult Cynagora, Cynagora waits for systemd activation).
1005 Therefore it is advised to allow root processes to use bus services.
1006 Currently anyone is allowed to talk to the message bus -->
1007 <allow receive_sender="org.freedesktop.DBus"/>
1008 diff --git a/configure.ac b/configure.ac
1009 index 11b5ffd..df9341c 100644
1012 @@ -1742,16 +1742,16 @@ AC_ARG_ENABLE([user-session],
1013 AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
1014 [test "x$enable_user_session" = xyes])
1016 -#enable cynara integration
1017 -AC_ARG_ENABLE([cynara], [AS_HELP_STRING([--enable-cynara], [enable Cynara integration])], [], [enable_cynara=no])
1018 -if test "x$enable_cynara" = xyes; then
1019 - PKG_CHECK_MODULES([CYNARA], [cynara-client-async >= 0.6.0 cynara-session >= 0.6.0],
1020 - [AC_DEFINE([DBUS_ENABLE_CYNARA], [1], [Define to enable Cynara privilege checks in dbus-daemon])],
1021 - [AC_MSG_ERROR([libcynara-client-async and cynara-session are required to enable Cynara integration])])
1022 +#enable cynagora integration
1023 +AC_ARG_ENABLE([cynagora], [AS_HELP_STRING([--enable-cynagora], [enable Cynagora integration])], [], [enable_cynagora=no])
1024 +if test "x$enable_cynagora" = xyes; then
1025 + PKG_CHECK_MODULES([CYNAGORA], [cynagora],
1026 + [AC_DEFINE([DBUS_ENABLE_CYNAGORA], [1], [Define to enable Cynagora privilege checks in dbus-daemon])],
1027 + [AC_MSG_ERROR([libcynagora is required to enable Cynagora integration])])
1030 -AC_SUBST([CYNARA_CFLAGS])
1031 -AC_SUBST([CYNARA_LIBS])
1032 +AC_SUBST([CYNAGORA_CFLAGS])
1033 +AC_SUBST([CYNAGORA_LIBS])
1037 @@ -1835,7 +1835,7 @@ echo "
1038 Building bus stats API: ${enable_stats}
1039 Building SELinux support: ${have_selinux}
1040 Building AppArmor support: ${have_apparmor}
1041 - Building Cynara support: ${enable_cynara}
1042 + Building Cynagora support: ${enable_cynagora}
1043 Building inotify support: ${have_inotify}
1044 Building kqueue support: ${have_kqueue}
1045 Building systemd support: ${have_systemd}