+++ /dev/null
-From 43cc361a5c32c81c0f93451bdb0ef781cd19a1cb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jos=C3=A9=20Bollo?= <jose.bollo@iot.bzh>
-Date: Tue, 4 Feb 2020 12:23:36 +0100
-Subject: [PATCH 7/8] Switch from cynara to cynagora
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: José Bollo <jose.bollo@iot.bzh>
----
- bus/Makefile.am | 8 +-
- bus/bus.h | 2 +-
- bus/check.c | 26 +-
- bus/check.h | 2 +-
- bus/connection.c | 27 ---
- bus/connection.h | 3 -
- bus/cynagora-check.c | 330 +++++++++++++++++++++++++
- bus/{cynara.h => cynagora-check.h} | 10 +-
- bus/cynara.c | 373 -----------------------------
- bus/system.conf.in | 6 +-
- configure.ac | 18 +-
- 11 files changed, 366 insertions(+), 439 deletions(-)
- create mode 100644 bus/cynagora-check.c
- rename bus/{cynara.h => cynagora-check.h} (81%)
- delete mode 100644 bus/cynara.c
-
-diff --git a/bus/Makefile.am b/bus/Makefile.am
-index 2a8a72c..1720048 100644
---- a/bus/Makefile.am
-+++ b/bus/Makefile.am
-@@ -13,7 +13,7 @@ DBUS_BUS_LIBS = \
- $(THREAD_LIBS) \
- $(ADT_LIBS) \
- $(NETWORK_libs) \
-- $(CYNARA_LIBS) \
-+ $(CYNAGORA_LIBS) \
- $(NULL)
-
- DBUS_LAUNCHER_LIBS = \
-@@ -31,7 +31,7 @@ AM_CPPFLAGS = \
- $(APPARMOR_CFLAGS) \
- -DDBUS_SYSTEM_CONFIG_FILE=\""$(dbusdatadir)/system.conf"\" \
- -DDBUS_COMPILATION \
-- $(CYNARA_CFLAGS) \
-+ $(CYNAGORA_CFLAGS) \
- $(NULL)
-
- # if assertions are enabled, improve backtraces
-@@ -101,8 +101,8 @@ BUS_SOURCES= \
- config-parser-common.h \
- connection.c \
- connection.h \
-- cynara.c \
-- cynara.h \
-+ cynagora-check.c \
-+ cynagora-check.h \
- desktop-file.c \
- desktop-file.h \
- $(DIR_WATCH_SOURCE) \
-diff --git a/bus/bus.h b/bus/bus.h
-index 1b08f7c..e167d9e 100644
---- a/bus/bus.h
-+++ b/bus/bus.h
-@@ -47,7 +47,7 @@ typedef struct BusMatchRule BusMatchRule;
- typedef struct BusActivationEntry BusActivationEntry;
- typedef struct BusCheck BusCheck;
- typedef struct BusDeferredMessage BusDeferredMessage;
--typedef struct BusCynara BusCynara;
-+typedef struct BusCynagora BusCynagora;
-
- /**
- * BusResult is defined as a pointer to a dummy structure to allow detection of type mismatches.
-diff --git a/bus/check.c b/bus/check.c
-index b73d08b..ec30770 100644
---- a/bus/check.c
-+++ b/bus/check.c
-@@ -26,7 +26,7 @@
- #include "check.h"
- #include "connection.h"
- #include "dispatch.h"
--#include "cynara.h"
-+#include "cynagora-check.h"
- #include "utils.h"
- #include <dbus/dbus-connection-internal.h>
- #include <dbus/dbus-message-internal.h>
-@@ -38,7 +38,7 @@ typedef struct BusCheck
- int refcount;
-
- BusContext *context;
-- BusCynara *cynara;
-+ BusCynagora *cynagora;
- } BusCheck;
-
- typedef struct BusDeferredMessage
-@@ -81,7 +81,7 @@ bus_check_new (BusContext *context, DBusError *error)
-
- check->refcount = 1;
- check->context = context;
-- check->cynara = bus_cynara_new(check, error);
-+ check->cynagora = bus_cynagora_new(check, error);
- if (dbus_error_is_set(error))
- {
- dbus_message_free_data_slot(&deferred_message_data_slot);
-@@ -110,7 +110,7 @@ bus_check_unref (BusCheck *check)
-
- if (check->refcount == 0)
- {
-- bus_cynara_unref(check->cynara);
-+ bus_cynagora_unref(check->cynagora);
- dbus_message_free_data_slot(&deferred_message_data_slot);
- dbus_free(check);
- }
-@@ -122,10 +122,10 @@ bus_check_get_context (BusCheck *check)
- return check->context;
- }
-
--BusCynara *
--bus_check_get_cynara (BusCheck *check)
-+BusCynagora *
-+bus_check_get_cynagora (BusCheck *check)
- {
-- return check->cynara;
-+ return check->cynagora;
- }
-
- static void
-@@ -276,8 +276,8 @@ bus_check_privilege (BusCheck *check,
- {
- BusDeferredMessage *previous_deferred_message;
- BusResult result = BUS_RESULT_FALSE;
--#ifdef DBUS_ENABLE_CYNARA
-- BusCynara *cynara;
-+#ifdef DBUS_ENABLE_CYNAGORA
-+ BusCynagora *cynagora;
- #endif
- DBusConnection *connection;
-
-@@ -304,7 +304,7 @@ bus_check_privilege (BusCheck *check,
- * Message has been deferred due to receive or own rule which means that sending this message
- * is allowed - it must have been checked previously.
- * This might happen when client calls RequestName method which depending on security
-- * policy might result in both "can_send" and "can_own" Cynara checks.
-+ * policy might result in both "can_send" and "can_own" Cynagora checks.
- */
- result = BUS_RESULT_TRUE;
- }
-@@ -327,9 +327,9 @@ bus_check_privilege (BusCheck *check,
- else
- {
- /* ask policy checkers */
--#ifdef DBUS_ENABLE_CYNARA
-- cynara = bus_check_get_cynara(check);
-- result = bus_cynara_check_privilege(cynara, message, sender, addressed_recipient,
-+#ifdef DBUS_ENABLE_CYNAGORA
-+ cynagora = bus_check_get_cynagora(check);
-+ result = bus_cynagora_check_privilege(cynagora, message, sender, addressed_recipient,
- proposed_recipient, privilege, check_type, deferred_message);
- #endif
- if (result == BUS_RESULT_LATER && deferred_message != NULL)
-diff --git a/bus/check.h b/bus/check.h
-index d718a69..ab63c18 100644
---- a/bus/check.h
-+++ b/bus/check.h
-@@ -45,7 +45,7 @@ BusCheck *bus_check_ref (BusCheck *check);
- void bus_check_unref (BusCheck *check);
-
- BusContext *bus_check_get_context (BusCheck *check);
--BusCynara *bus_check_get_cynara (BusCheck *check);
-+BusCynagora *bus_check_get_cynagora (BusCheck *check);
- BusResult bus_check_privilege (BusCheck *check,
- DBusMessage *message,
- DBusConnection *sender,
-diff --git a/bus/connection.c b/bus/connection.c
-index b520d57..48910e0 100644
---- a/bus/connection.c
-+++ b/bus/connection.c
-@@ -38,10 +38,6 @@
- #include <dbus/dbus-connection-internal.h>
- #include <dbus/dbus-internals.h>
- #include <dbus/dbus-message-internal.h>
--#ifdef DBUS_ENABLE_CYNARA
--#include <stdlib.h>
--#include <cynara-session.h>
--#endif
-
- /* Trim executed commands to this length; we want to keep logs readable */
- #define MAX_LOG_COMMAND_LEN 50
-@@ -124,9 +120,6 @@ typedef struct
-
- /** non-NULL if and only if this is a monitor */
- DBusList *link_in_monitors;
--#ifdef DBUS_ENABLE_CYNARA
-- char *cynara_session_id;
--#endif
- } BusConnectionData;
-
- static dbus_bool_t bus_pending_reply_expired (BusExpireList *list,
-@@ -461,10 +454,6 @@ free_connection_data (void *data)
-
- dbus_free (d->name);
-
--#ifdef DBUS_ENABLE_CYNARA
-- free (d->cynara_session_id);
--#endif
--
- dbus_free (d);
- }
-
-@@ -1095,22 +1084,6 @@ bus_connection_get_policy (DBusConnection *connection)
- return d->policy;
- }
-
--#ifdef DBUS_ENABLE_CYNARA
--const char *bus_connection_get_cynara_session_id (DBusConnection *connection)
--{
-- BusConnectionData *d = BUS_CONNECTION_DATA (connection);
-- _dbus_assert (d != NULL);
--
-- if (d->cynara_session_id == NULL)
-- {
-- unsigned long pid;
-- if (dbus_connection_get_unix_process_id(connection, &pid))
-- d->cynara_session_id = cynara_session_from_pid(pid);
-- }
-- return d->cynara_session_id;
--}
--#endif
--
- static dbus_bool_t
- foreach_active (BusConnections *connections,
- BusConnectionForeachFunction function,
-diff --git a/bus/connection.h b/bus/connection.h
-index 6af7bf1..3116bcf 100644
---- a/bus/connection.h
-+++ b/bus/connection.h
-@@ -138,9 +138,6 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection,
- BusTransaction *transaction,
- DBusList **rules,
- DBusError *error);
--#ifdef DBUS_ENABLE_CYNARA
--const char *bus_connection_get_cynara_session_id (DBusConnection *connection);
--#endif
-
- /* transaction API so we can send or not send a block of messages as a whole */
-
-diff --git a/bus/cynagora-check.c b/bus/cynagora-check.c
-new file mode 100644
-index 0000000..6c0c635
---- /dev/null
-+++ b/bus/cynagora-check.c
-@@ -0,0 +1,330 @@
-+/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
-+/* cynagora.c Cynagora runtime privilege checking
-+ *
-+ * Copyright (c) 2014 Samsung Electronics, Ltd.
-+ *
-+ * Licensed under the Academic Free License version 2.1
-+ *
-+ * This program is free software; you can redistribute it and/or modify
-+ * it under the terms of the GNU General Public License as published by
-+ * the Free Software Foundation; either version 2 of the License, or
-+ * (at your option) any later version.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-+ *
-+ */
-+
-+#include <config.h>
-+#include "cynagora-check.h"
-+#include "check.h"
-+#include "utils.h"
-+
-+#include <stdlib.h>
-+#include <stdio.h>
-+#include <errno.h>
-+
-+#include <dbus/dbus.h>
-+#include <dbus/dbus-watch.h>
-+#include <dbus/dbus-connection-internal.h>
-+#include <bus/connection.h>
-+
-+#ifndef DBUS_ENABLE_CYNAGORA
-+
-+BusCynagora *
-+bus_cynagora_new(BusCheck *check, DBusError *error)
-+{
-+ return NULL;
-+}
-+
-+BusCynagora *
-+bus_cynagora_ref (BusCynagora *cynagora)
-+{
-+ return NULL;
-+}
-+
-+void
-+bus_cynagora_unref (BusCynagora *cynagora)
-+{
-+}
-+
-+BusResult
-+bus_cynagora_check_privilege (BusCynagora *cynagora,
-+ DBusMessage *message,
-+ DBusConnection *sender,
-+ DBusConnection *addressed_recipient,
-+ DBusConnection *proposed_recipient,
-+ const char *privilege,
-+ BusDeferredMessageStatus check_type,
-+ BusDeferredMessage **deferred_message_param)
-+{
-+ return BUS_RESULT_FALSE;
-+}
-+
-+#endif
-+
-+#ifdef DBUS_ENABLE_CYNAGORA
-+
-+#include <time.h>
-+#include <sys/epoll.h>
-+
-+#include <cynagora.h>
-+
-+#ifndef CYNAGORA_CACHE_SIZE
-+#define CYNAGORA_CACHE_SIZE 8000
-+#endif
-+
-+typedef struct BusCynagora
-+{
-+ int refcount;
-+
-+ BusContext *context;
-+ BusCheck *check;
-+ cynagora_t *cynagora;
-+ DBusWatch *cynagora_watch;
-+} BusCynagora;
-+
-+static int async_callback(void *closure,
-+ int op,
-+ int fd,
-+ uint32_t events);
-+
-+BusCynagora *
-+bus_cynagora_new(BusCheck *check, DBusError *error)
-+{
-+ BusContext *context;
-+ BusCynagora *cynagora;
-+ int ret;
-+
-+ cynagora = dbus_new(BusCynagora, 1);
-+ if (cynagora == NULL)
-+ {
-+ BUS_SET_OOM(error);
-+ return NULL;
-+ }
-+
-+ context = bus_check_get_context(check);
-+
-+ cynagora->refcount = 1;
-+ cynagora->check = check;
-+ cynagora->context = context;
-+ cynagora->cynagora_watch = NULL;
-+
-+ ret = cynagora_create(&cynagora->cynagora, cynagora_Check, CYNAGORA_CACHE_SIZE, NULL);
-+ if (ret < 0)
-+ {
-+ dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to create Cynagora configuration");
-+ }
-+ else
-+ {
-+ ret = cynagora_async_setup(cynagora->cynagora, async_callback, cynagora);
-+ if (ret < 0)
-+ {
-+ dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to initialize Cynagora client");
-+ }
-+ else
-+ {
-+ return cynagora;
-+ }
-+ cynagora_destroy(cynagora->cynagora);
-+ }
-+
-+ dbus_free(cynagora);
-+ return NULL;
-+}
-+
-+BusCynagora *
-+bus_cynagora_ref (BusCynagora *cynagora)
-+{
-+ _dbus_assert (cynagora->refcount > 0);
-+ cynagora->refcount += 1;
-+
-+ return cynagora;
-+}
-+
-+void
-+bus_cynagora_unref (BusCynagora *cynagora)
-+{
-+ _dbus_assert (cynagora->refcount > 0);
-+
-+ cynagora->refcount -= 1;
-+
-+ if (cynagora->refcount == 0)
-+ {
-+ cynagora_destroy(cynagora->cynagora);
-+ dbus_free(cynagora);
-+ }
-+}
-+
-+static void
-+async_check_callback (void *closure, int status)
-+{
-+ BusDeferredMessage *deferred_message = closure;
-+ BusResult result;
-+
-+ if (deferred_message == NULL)
-+ return;
-+
-+ if (status == 1)
-+ result = BUS_RESULT_TRUE;
-+ else
-+ result = BUS_RESULT_FALSE;
-+
-+ bus_deferred_message_response_received(deferred_message, result);
-+ bus_deferred_message_unref(deferred_message);
-+}
-+
-+BusResult
-+bus_cynagora_check_privilege (BusCynagora *cynagora,
-+ DBusMessage *message,
-+ DBusConnection *sender,
-+ DBusConnection *addressed_recipient,
-+ DBusConnection *proposed_recipient,
-+ const char *permission,
-+ BusDeferredMessageStatus check_type,
-+ BusDeferredMessage **deferred_message_param)
-+{
-+ int result;
-+ unsigned long uid;
-+ unsigned long pid;
-+ char *label;
-+ char user[32];
-+ char session[32];
-+ DBusConnection *connection = check_type == BUS_DEFERRED_MESSAGE_CHECK_RECEIVE ? proposed_recipient : sender;
-+ BusDeferredMessage *deferred_message;
-+ BusResult ret;
-+ cynagora_key_t key;
-+
-+ _dbus_assert(connection != NULL);
-+
-+ if (dbus_connection_get_unix_user(connection, &uid) == FALSE)
-+ return BUS_RESULT_FALSE;
-+
-+ if (dbus_connection_get_unix_process_id(connection, &pid) == FALSE)
-+ return BUS_RESULT_FALSE;
-+
-+ if (_dbus_connection_get_linux_security_label(connection, &label) == FALSE || label == NULL)
-+ {
-+ _dbus_warn("Failed to obtain security label for connection\n");
-+ return BUS_RESULT_FALSE;
-+ }
-+
-+ snprintf(user, sizeof(user), "%lu", uid);
-+ snprintf(session, sizeof(session), "%lu", pid);
-+
-+ key.client = label;
-+ key.session = session;
-+ key.user = user;
-+ key.permission = permission;
-+
-+ result = cynagora_cache_check(cynagora->cynagora, &key);
-+ switch (result)
-+ {
-+ case 1:
-+ _dbus_verbose("Cynagora: got ALLOWED answer from cache (client=%s session_id=%s user=%s permission=%s)\n",
-+ label, session_id, user, permission);
-+ ret = BUS_RESULT_TRUE;
-+ break;
-+
-+ case 0:
-+ _dbus_verbose("Cynagora: got DENIED answer from cache (client=%s session_id=%s user=%s permission=%s)\n",
-+ label, session_id, user, permission);
-+ ret = BUS_RESULT_FALSE;
-+ break;
-+
-+ default:
-+ deferred_message = bus_deferred_message_new(message, sender, addressed_recipient,
-+ proposed_recipient, BUS_RESULT_LATER);
-+ if (deferred_message == NULL)
-+ {
-+ _dbus_verbose("Failed to allocate memory for deferred message\n");
-+ ret = BUS_RESULT_FALSE;
-+ goto out;
-+ }
-+
-+ /* callback is supposed to unref deferred_message*/
-+ result = cynagora_async_check(cynagora->cynagora, &key, 1, 0, async_check_callback, deferred_message);
-+ if (result == 0)
-+ {
-+ _dbus_verbose("Created Cynagora request: client=%s session_id=%s user=%s permission=%s "
-+ "deferred_message=%p\n", label, session_id, user, permission, deferred_message);
-+ if (deferred_message_param != NULL)
-+ *deferred_message_param = deferred_message;
-+ ret = BUS_RESULT_LATER;
-+ }
-+ else
-+ {
-+ _dbus_verbose("Error on cynagora request create: %i\n", result);
-+ bus_deferred_message_unref(deferred_message);
-+ ret = BUS_RESULT_FALSE;
-+ }
-+ break;
-+ }
-+out:
-+ dbus_free(label);
-+ return ret;
-+}
-+
-+static dbus_bool_t
-+watch_handler_callback(DBusWatch *watch,
-+ unsigned int flags,
-+ void *data)
-+{
-+ BusCynagora *cynagora = (BusCynagora *)data;
-+ int result = cynagora_async_process(cynagora->cynagora);
-+ if (result < 0)
-+ _dbus_verbose("cynagora_async_process returned %d\n", result);
-+
-+ return result != -ENOMEM ? TRUE : FALSE;
-+}
-+
-+static int
-+async_callback(void *closure, int op, int fd, uint32_t events)
-+{
-+ BusCynagora *cynagora = (BusCynagora *)closure;
-+ DBusLoop *loop = bus_context_get_loop(cynagora->context);
-+ unsigned int flags;
-+ DBusWatch *watch;
-+
-+ /* compute flags */
-+ flags = 0;
-+ if (events & EPOLLIN)
-+ flags |= DBUS_WATCH_READABLE;
-+ if (events & EPOLLOUT)
-+ flags |= DBUS_WATCH_WRITABLE;
-+
-+ /* remove the watch if needed */
-+ watch = cynagora->cynagora_watch;
-+ if (watch != NULL)
-+ {
-+ cynagora->cynagora_watch = NULL;
-+ _dbus_loop_remove_watch(loop, watch);
-+ _dbus_watch_invalidate(watch);
-+ _dbus_watch_unref(watch);
-+ }
-+
-+ /* create the watch if needed */
-+ watch = cynagora->cynagora_watch;
-+ if (op != EPOLL_CTL_DEL)
-+ {
-+ watch = _dbus_watch_new(fd, flags, TRUE, watch_handler_callback, cynagora, NULL);
-+ if (watch == NULL)
-+ return -ENOMEM;
-+ if (_dbus_loop_add_watch(loop, watch) != TRUE)
-+ {
-+ _dbus_watch_invalidate(watch);
-+ _dbus_watch_unref(watch);
-+ return -ENOMEM;
-+ }
-+ cynagora->cynagora_watch = watch;
-+ }
-+ return 0;
-+}
-+
-+#endif /* DBUS_ENABLE_CYNAGORA */
-diff --git a/bus/cynara.h b/bus/cynagora-check.h
-similarity index 81%
-rename from bus/cynara.h
-rename to bus/cynagora-check.h
-index c4728bb..c0892c3 100644
---- a/bus/cynara.h
-+++ b/bus/cynagora-check.h
-@@ -1,5 +1,5 @@
- /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
--/* cynara.h Cynara runtime privilege checking
-+/* cynagora.h Cynagora runtime privilege checking
- *
- * Copyright (c) 2014 Samsung Electronics, Ltd.
- *
-@@ -24,10 +24,10 @@
- #include "bus.h"
- #include "check.h"
-
--BusCynara *bus_cynara_new (BusCheck *check, DBusError *error);
--BusCynara *bus_cynara_ref (BusCynara *cynara);
--void bus_cynara_unref (BusCynara *cynara);
--BusResult bus_cynara_check_privilege (BusCynara *cynara,
-+BusCynagora *bus_cynagora_new (BusCheck *check, DBusError *error);
-+BusCynagora *bus_cynagora_ref (BusCynagora *cynagora);
-+void bus_cynagora_unref (BusCynagora *cynagora);
-+BusResult bus_cynagora_check_privilege (BusCynagora *cynagora,
- DBusMessage *message,
- DBusConnection *sender,
- DBusConnection *addressed_recipient,
-diff --git a/bus/cynara.c b/bus/cynara.c
-deleted file mode 100644
-index 77aed62..0000000
---- a/bus/cynara.c
-+++ /dev/null
-@@ -1,373 +0,0 @@
--/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
--/* cynara.c Cynara runtime privilege checking
-- *
-- * Copyright (c) 2014 Samsung Electronics, Ltd.
-- *
-- * Licensed under the Academic Free License version 2.1
-- *
-- * This program is free software; you can redistribute it and/or modify
-- * it under the terms of the GNU General Public License as published by
-- * the Free Software Foundation; either version 2 of the License, or
-- * (at your option) any later version.
-- *
-- * This program is distributed in the hope that it will be useful,
-- * but WITHOUT ANY WARRANTY; without even the implied warranty of
-- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- * GNU General Public License for more details.
-- *
-- * You should have received a copy of the GNU General Public License
-- * along with this program; if not, write to the Free Software
-- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-- *
-- */
--
--#include <config.h>
--#include "cynara.h"
--#include "check.h"
--#include "utils.h"
--
--#include <stdio.h>
--
--#include <dbus/dbus.h>
--#include <dbus/dbus-watch.h>
--#include <dbus/dbus-connection-internal.h>
--#include <bus/connection.h>
--#ifdef DBUS_ENABLE_CYNARA
--#include <cynara-client-async.h>
--#endif
--
--#ifdef DBUS_ENABLE_CYNARA
--typedef struct BusCynara
--{
-- int refcount;
--
-- BusContext *context;
-- BusCheck *check;
-- cynara_async *cynara;
-- DBusWatch *cynara_watch;
--} BusCynara;
--
--#define USE_CYNARA_CACHE 1
--#ifdef USE_CYNARA_CACHE
--#define CYNARA_CACHE_SIZE 1000
--#endif
--
--static dbus_bool_t bus_cynara_watch_callback(DBusWatch *watch,
-- unsigned int flags,
-- void *data);
--
--static void status_callback(int old_fd,
-- int new_fd,
-- cynara_async_status status,
-- void *user_status_data);
--static void bus_cynara_check_response_callback (cynara_check_id check_id,
-- cynara_async_call_cause cause,
-- int response,
-- void *user_response_data);
--#endif
--
--
--BusCynara *
--bus_cynara_new(BusCheck *check, DBusError *error)
--{
--#ifdef DBUS_ENABLE_CYNARA
-- BusContext *context;
-- BusCynara *cynara;
-- cynara_async_configuration *conf = NULL;
-- int ret;
--
-- cynara = dbus_new(BusCynara, 1);
-- if (cynara == NULL)
-- {
-- BUS_SET_OOM(error);
-- return NULL;
-- }
--
-- context = bus_check_get_context(check);
--
-- cynara->refcount = 1;
-- cynara->check = check;
-- cynara->context = context;
-- cynara->cynara_watch = NULL;
--
-- ret = cynara_async_configuration_create(&conf);
-- if (ret != CYNARA_API_SUCCESS)
-- {
-- dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to create Cynara configuration");
-- goto out;
-- }
--
--#ifdef CYNARA_CACHE_SIZE
-- ret = cynara_async_configuration_set_cache_size(conf, CYNARA_CACHE_SIZE);
-- if (ret != CYNARA_API_SUCCESS)
-- {
-- dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to Cynara cache size");
-- goto out;
-- }
--#endif
--
-- ret = cynara_async_initialize(&cynara->cynara, conf, &status_callback, cynara);
-- if (ret != CYNARA_API_SUCCESS)
-- {
-- dbus_set_error (error, DBUS_ERROR_FAILED, "Failed to initialize Cynara client");
-- goto out;
-- }
--
--out:
-- cynara_async_configuration_destroy(conf);
-- if (ret != CYNARA_API_SUCCESS)
-- {
-- dbus_free(cynara);
-- return NULL;
-- }
--
-- return cynara;
--#else
-- return NULL;
--#endif
--}
--
--BusCynara *
--bus_cynara_ref (BusCynara *cynara)
--{
--#ifdef DBUS_ENABLE_CYNARA
-- _dbus_assert (cynara->refcount > 0);
-- cynara->refcount += 1;
--
-- return cynara;
--#else
-- return NULL;
--#endif
--}
--
--void
--bus_cynara_unref (BusCynara *cynara)
--{
--#ifdef DBUS_ENABLE_CYNARA
-- _dbus_assert (cynara->refcount > 0);
--
-- cynara->refcount -= 1;
--
-- if (cynara->refcount == 0)
-- {
-- cynara_async_finish(cynara->cynara);
-- dbus_free(cynara);
-- }
--#endif
--}
--
--BusResult
--bus_cynara_check_privilege (BusCynara *cynara,
-- DBusMessage *message,
-- DBusConnection *sender,
-- DBusConnection *addressed_recipient,
-- DBusConnection *proposed_recipient,
-- const char *privilege,
-- BusDeferredMessageStatus check_type,
-- BusDeferredMessage **deferred_message_param)
--{
--#ifdef DBUS_ENABLE_CYNARA
-- int result;
-- unsigned long uid;
-- char *label;
-- const char *session_id;
-- char user[32];
-- cynara_check_id check_id;
-- DBusConnection *connection = check_type == BUS_DEFERRED_MESSAGE_CHECK_RECEIVE ? proposed_recipient : sender;
-- BusDeferredMessage *deferred_message;
-- BusResult ret;
--
-- _dbus_assert(connection != NULL);
--
-- if (dbus_connection_get_unix_user(connection, &uid) == FALSE)
-- return BUS_RESULT_FALSE;
--
-- if (_dbus_connection_get_linux_security_label(connection, &label) == FALSE || label == NULL)
-- {
-- _dbus_warn("Failed to obtain security label for connection\n");
-- return BUS_RESULT_FALSE;
-- }
--
-- session_id = bus_connection_get_cynara_session_id (connection);
-- if (session_id == NULL)
-- {
-- ret = BUS_RESULT_FALSE;
-- goto out;
-- }
--
-- snprintf(user, sizeof(user), "%lu", uid);
--
--#if USE_CYNARA_CACHE
-- result = cynara_async_check_cache(cynara->cynara, label, session_id, user, privilege);
--#else
-- result = CYNARA_API_CACHE_MISS;
--#endif
--
-- switch (result)
-- {
-- case CYNARA_API_ACCESS_ALLOWED:
-- _dbus_verbose("Cynara: got ALLOWED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n",
-- label, session_id, user, privilege);
-- ret = BUS_RESULT_TRUE;
-- break;
--
-- case CYNARA_API_ACCESS_DENIED:
-- _dbus_verbose("Cynara: got DENIED answer from cache (client=%s session_id=%s user=%s privilege=%s)\n",
-- label, session_id, user, privilege);
-- ret = BUS_RESULT_FALSE;
-- break;
--
-- case CYNARA_API_CACHE_MISS:
-- deferred_message = bus_deferred_message_new(message, sender, addressed_recipient,
-- proposed_recipient, BUS_RESULT_LATER);
-- if (deferred_message == NULL)
-- {
-- _dbus_verbose("Failed to allocate memory for deferred message\n");
-- ret = BUS_RESULT_FALSE;
-- goto out;
-- }
--
-- /* callback is supposed to unref deferred_message*/
-- result = cynara_async_create_request(cynara->cynara, label, session_id, user, privilege, &check_id,
-- &bus_cynara_check_response_callback, deferred_message);
-- if (result == CYNARA_API_SUCCESS)
-- {
-- _dbus_verbose("Created Cynara request: client=%s session_id=%s user=%s privilege=%s check_id=%u "
-- "deferred_message=%p\n", label, session_id, user, privilege, (unsigned int)check_id, deferred_message);
-- if (deferred_message_param != NULL)
-- *deferred_message_param = deferred_message;
-- ret = BUS_RESULT_LATER;
-- }
-- else
-- {
-- _dbus_verbose("Error on cynara request create: %i\n", result);
-- bus_deferred_message_unref(deferred_message);
-- ret = BUS_RESULT_FALSE;
-- }
-- break;
-- default:
-- _dbus_verbose("Error when accessing Cynara cache: %i\n", result);
-- ret = BUS_RESULT_FALSE;
-- }
--out:
-- dbus_free(label);
-- return ret;
--
--#else
-- return BUS_RESULT_FALSE;
--#endif
--}
--
--
--
--#ifdef DBUS_ENABLE_CYNARA
--static void
--status_callback(int old_fd, int new_fd, cynara_async_status status,
-- void *user_status_data)
--{
-- BusCynara *cynara = (BusCynara *)user_status_data;
-- DBusLoop *loop = bus_context_get_loop(cynara->context);
--
-- if (cynara->cynara_watch != NULL)
-- {
-- _dbus_loop_remove_watch(loop, cynara->cynara_watch);
-- _dbus_watch_invalidate(cynara->cynara_watch);
-- _dbus_watch_unref(cynara->cynara_watch);
-- cynara->cynara_watch = NULL;
-- }
--
-- if (new_fd != -1)
-- {
-- unsigned int flags;
-- DBusWatch *watch;
--
-- switch (status)
-- {
-- case CYNARA_STATUS_FOR_READ:
-- flags = DBUS_WATCH_READABLE;
-- break;
-- case CYNARA_STATUS_FOR_RW:
-- flags = DBUS_WATCH_READABLE | DBUS_WATCH_WRITABLE;
-- break;
-- default:
-- /* Cynara passed unknown status - warn and add RW watch */
-- _dbus_verbose("Cynara passed unknown status value: 0x%08X\n", (unsigned int)status);
-- flags = DBUS_WATCH_READABLE | DBUS_WATCH_WRITABLE;
-- break;
-- }
--
-- watch = _dbus_watch_new(new_fd, flags, TRUE, &bus_cynara_watch_callback, cynara, NULL);
-- if (watch != NULL)
-- {
-- if (_dbus_loop_add_watch(loop, watch) == TRUE)
-- {
-- cynara->cynara_watch = watch;
-- return;
-- }
--
-- _dbus_watch_invalidate(watch);
-- _dbus_watch_unref(watch);
-- }
--
-- /* It seems like not much can be done at this point. Cynara events won't be processed
-- * until next Cynara function call triggering status callback */
-- _dbus_verbose("Failed to add dbus watch\n");
-- }
--}
--
--static dbus_bool_t
--bus_cynara_watch_callback(DBusWatch *watch,
-- unsigned int flags,
-- void *data)
--{
-- BusCynara *cynara = (BusCynara *)data;
-- int result = cynara_async_process(cynara->cynara);
-- if (result != CYNARA_API_SUCCESS)
-- _dbus_verbose("cynara_async_process returned %d\n", result);
--
-- return result != CYNARA_API_OUT_OF_MEMORY ? TRUE : FALSE;
--}
--
--static inline const char *
--call_cause_to_string(cynara_async_call_cause cause)
--{
-- switch (cause)
-- {
-- case CYNARA_CALL_CAUSE_ANSWER:
-- return "ANSWER";
-- case CYNARA_CALL_CAUSE_CANCEL:
-- return "CANCEL";
-- case CYNARA_CALL_CAUSE_FINISH:
-- return "FINSIH";
-- case CYNARA_CALL_CAUSE_SERVICE_NOT_AVAILABLE:
-- return "SERVICE NOT AVAILABLE";
-- default:
-- return "INVALID";
-- }
--}
--
--static void
--bus_cynara_check_response_callback (cynara_check_id check_id,
-- cynara_async_call_cause cause,
-- int response,
-- void *user_response_data)
--{
-- BusDeferredMessage *deferred_message = user_response_data;
-- BusResult result;
--
-- _dbus_verbose("Cynara callback: check_id=%u, cause=%s response=%i response_data=%p\n",
-- (unsigned int)check_id, call_cause_to_string(cause), response, user_response_data);
--
-- if (deferred_message == NULL)
-- return;
--
-- if (cause == CYNARA_CALL_CAUSE_ANSWER && response == CYNARA_API_ACCESS_ALLOWED)
-- result = BUS_RESULT_TRUE;
-- else
-- result = BUS_RESULT_FALSE;
--
-- bus_deferred_message_response_received(deferred_message, result);
-- bus_deferred_message_unref(deferred_message);
--}
--
--#endif /* DBUS_ENABLE_CYNARA */
-diff --git a/bus/system.conf.in b/bus/system.conf.in
-index 19d0c04..81c39c8 100644
---- a/bus/system.conf.in
-+++ b/bus/system.conf.in
-@@ -72,10 +72,10 @@
- send_interface="org.freedesktop.DBus.Introspectable"/>
- <allow send_destination="org.freedesktop.DBus"
- send_interface="org.freedesktop.DBus.Properties"/>
-- <!-- If there is a need specific bus services could be protected by Cynara as well.
-+ <!-- If there is a need specific bus services could be protected by Cynagora as well.
- However, this can lead to deadlock during the boot process when such check is made and
-- Cynara is not yet activated (systemd calls protected method synchronously,
-- dbus daemon tries to consult Cynara, Cynara waits for systemd activation).
-+ Cynagora is not yet activated (systemd calls protected method synchronously,
-+ dbus daemon tries to consult Cynagora, Cynagora waits for systemd activation).
- Therefore it is advised to allow root processes to use bus services.
- Currently anyone is allowed to talk to the message bus -->
- <allow receive_sender="org.freedesktop.DBus"/>
-diff --git a/configure.ac b/configure.ac
-index 11b5ffd..df9341c 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1742,16 +1742,16 @@ AC_ARG_ENABLE([user-session],
- AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION],
- [test "x$enable_user_session" = xyes])
-
--#enable cynara integration
--AC_ARG_ENABLE([cynara], [AS_HELP_STRING([--enable-cynara], [enable Cynara integration])], [], [enable_cynara=no])
--if test "x$enable_cynara" = xyes; then
-- PKG_CHECK_MODULES([CYNARA], [cynara-client-async >= 0.6.0 cynara-session >= 0.6.0],
-- [AC_DEFINE([DBUS_ENABLE_CYNARA], [1], [Define to enable Cynara privilege checks in dbus-daemon])],
-- [AC_MSG_ERROR([libcynara-client-async and cynara-session are required to enable Cynara integration])])
-+#enable cynagora integration
-+AC_ARG_ENABLE([cynagora], [AS_HELP_STRING([--enable-cynagora], [enable Cynagora integration])], [], [enable_cynagora=no])
-+if test "x$enable_cynagora" = xyes; then
-+ PKG_CHECK_MODULES([CYNAGORA], [cynagora],
-+ [AC_DEFINE([DBUS_ENABLE_CYNAGORA], [1], [Define to enable Cynagora privilege checks in dbus-daemon])],
-+ [AC_MSG_ERROR([libcynagora is required to enable Cynagora integration])])
- fi
-
--AC_SUBST([CYNARA_CFLAGS])
--AC_SUBST([CYNARA_LIBS])
-+AC_SUBST([CYNAGORA_CFLAGS])
-+AC_SUBST([CYNAGORA_LIBS])
-
- AC_CONFIG_FILES([
- Doxyfile
-@@ -1835,7 +1835,7 @@ echo "
- Building bus stats API: ${enable_stats}
- Building SELinux support: ${have_selinux}
- Building AppArmor support: ${have_apparmor}
-- Building Cynara support: ${enable_cynara}
-+ Building Cynagora support: ${enable_cynagora}
- Building inotify support: ${have_inotify}
- Building kqueue support: ${have_kqueue}
- Building systemd support: ${have_systemd}
---
-2.21.1
-
Code Review / AGL / meta-agl.git / blobdiff