Skip to content

Commit

Permalink
🔧 Support <(allow|deny) (group|user)=...
Browse files Browse the repository at this point in the history
  • Loading branch information
jokeyrhyme committed Nov 27, 2024
1 parent 27c9590 commit d2a1648
Showing 1 changed file with 58 additions and 9 deletions.
67 changes: 58 additions & 9 deletions src/config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,20 @@ impl Config {
}
}

#[derive(Clone, Debug, Deserialize, PartialEq)]
pub struct ConnectOperation {
pub group: Option<String>,
pub user: Option<String>,
}
impl From<RuleAttributes> for ConnectOperation {
fn from(value: RuleAttributes) -> Self {
Self {
group: value.group,
user: value.user,
}
}
}

#[derive(Clone, Debug, Deserialize, PartialEq)]
#[serde(rename_all = "lowercase")]
pub enum BusType {
Expand Down Expand Up @@ -175,7 +189,7 @@ pub enum Name {
#[derive(Clone, Debug, Deserialize, PartialEq)]
pub enum Operation {
/// rules checked when a new connection to the message bus is established
Connect,
Connect(ConnectOperation),
/// rules checked when a connection attempts to own a well-known bus names
Own(OwnOperation),
/// rules that are checked for each recipient of a message
Expand All @@ -188,7 +202,7 @@ impl TryFrom<RuleAttributes> for OptionalOperation {
type Error = Error;

fn try_from(value: RuleAttributes) -> std::result::Result<Self, Self::Error> {
let has_connect = false;
let has_connect = value.group.is_some() || value.user.is_some();
let has_own = value.own.is_some() || value.own_prefix.is_some();
let has_send = value.send_broadcast.is_some()
|| value.send_destination.is_some()
Expand All @@ -213,18 +227,22 @@ impl TryFrom<RuleAttributes> for OptionalOperation {
.sum();

if operations_count > 1 {
return Err(Error::msg(format!("do not mix rule attributes for connect, own, receive, and/or send operations in the same rule: {value:?}")));
return Err(Error::msg(format!("do not mix rule attributes for connect, own, receive, and/or send attributes in the same rule: {value:?}")));
}

if value.send_destination.is_some() && value.send_destination_prefix.is_some() {
return Err(Error::msg(format!("send_destination_prefix cannot be combined with the send_destination in the same rule: {value:?}")));
if value.group.is_some() && value.user.is_some() {
return Err(Error::msg(format!(
"`group` cannot be combined with `user` in the same rule: {value:?}"
)));
}

if value.own.is_some() && value.own_prefix.is_some() {
return Err(Error::msg(format!(
"own_prefix cannot be combined with the own in the same rule: {value:?}"
"`own_prefix` cannot be combined with `own` in the same rule: {value:?}"
)));
}
if value.send_destination.is_some() && value.send_destination_prefix.is_some() {
return Err(Error::msg(format!("`send_destination_prefix` cannot be combined with `send_destination` in the same rule: {value:?}")));
}

// https://github.com/dbus2/busd/issues/79
if value.receive_member.is_some() {
Expand All @@ -235,7 +253,7 @@ impl TryFrom<RuleAttributes> for OptionalOperation {
}

if has_connect {
Ok(Some(Operation::Connect))
Ok(Some(Operation::Connect(ConnectOperation::from(value))))
} else if has_own {
Ok(Some(Operation::Own(OwnOperation::from(value))))
} else if has_receive {
Expand Down Expand Up @@ -734,6 +752,8 @@ mod tests {
<policy context="default">
<allow own="org.freedesktop.DBus"/>
<allow own_prefix="org.freedesktop"/>
<allow group="wheel" />
<allow user="root" />
</policy>
<policy user="root">
<allow
Expand Down Expand Up @@ -784,7 +804,21 @@ mod tests {
Operation::Own(OwnOperation {
own: Some(Name::Prefix(String::from("org.freedesktop")))
})
)
),
(
Access::Allow,
Operation::Connect(ConnectOperation {
group: Some(String::from("wheel")),
user: None,
})
),
(
Access::Allow,
Operation::Connect(ConnectOperation {
group: None,
user: Some(String::from("root")),
})
),
]),
Policy::User(
vec![
Expand Down Expand Up @@ -874,6 +908,21 @@ mod tests {
);
}

#[should_panic]
#[test]
fn bus_config_parse_with_policies_with_group_and_user_error() {
let input = r#"<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow group="wheel" user="root" />
</policy>
</busconfig>
"#;

Config::parse(input).expect("should parse XML input");
}

#[test]
fn bus_config_parse_with_policies_with_ignored_rules_and_rule_attributes_ok() {
let input = r#"<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
Expand Down

0 comments on commit d2a1648

Please sign in to comment.