Skip to content

Commit

Permalink
🦺 send_destination XOR send_destination_prefix
Browse files Browse the repository at this point in the history 
dbus2#159 (comment)
  • Loading branch information
@jokeyrhyme
jokeyrhyme committed Nov 16, 2024
1 parent 88463ca commit 0b05b72
Showing 1 changed file with 61 additions and 14 deletions.
75 changes: 61 additions & 14 deletions src/config.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,15 @@ pub struct Config {
pub user: Option<String>,
}

#[derive(Clone, Debug, Deserialize, PartialEq)]
#[serde(rename_all = "lowercase")]
pub enum Destination {
#[serde(rename = "*")]
Any,
Name(String),
Prefix(String),
}

impl TryFrom<Document> for Config {
type Error = Error;

Expand Down Expand Up @@ -297,6 +306,10 @@ impl TryFrom<RuleAttributes> for OptionalOperation {
.map(i8::from)
.sum();

if value.send_destination.is_some() && value.send_destination_prefix.is_some() {
return Err(Error::msg(format!("send_destination_prefix cannot be combined with the send_destination in the same rule: {value:?}")));
}

if operations_count > 1 {
return Err(Error::msg(format!("do not mix rule attributes for connect, own, receive, and/or send operations in the same rule: {value:?}")));
}
Expand Down Expand Up @@ -534,8 +547,7 @@ pub type Rule = (Access, Operation);
#[derive(Clone, Debug, Deserialize, PartialEq)]
pub struct SendOperation {
pub broadcast: Option<bool>,
pub destination: String,
pub destination_prefix: String,
pub destination: Option<Destination>,
pub error: String,
pub interface: String,
pub max_fds: u32,
Expand All @@ -547,8 +559,7 @@ impl Default for SendOperation {
fn default() -> Self {
Self {
broadcast: None,
destination: String::from("*"),
destination_prefix: String::default(),
destination: None,
error: String::from("*"),
interface: String::from("*"),
max_fds: u32::MAX,
Expand All @@ -560,10 +571,27 @@ impl Default for SendOperation {
}
impl From<RuleAttributes> for SendOperation {
fn from(value: RuleAttributes) -> Self {
let destination = match value {
RuleAttributes {
send_destination: Some(some),
send_destination_prefix: None,
..
} if some == "*" => Some(Destination::Any),
RuleAttributes {
send_destination: Some(some),
send_destination_prefix: None,
..
} => Some(Destination::Name(some)),
RuleAttributes {
send_destination: None,
send_destination_prefix: Some(some),
..
} => Some(Destination::Prefix(some)),
_ => None,
};
Self {
broadcast: value.send_broadcast,
destination: value.send_destination.unwrap_or(String::from("*")),
destination_prefix: value.send_destination_prefix.unwrap_or_default(),
destination,
error: value.send_error.unwrap_or(String::from("*")),
interface: value.send_interface.unwrap_or(String::from("*")),
max_fds: value.max_fds.unwrap_or(u32::MAX),
Expand Down Expand Up @@ -769,7 +797,6 @@ mod tests {
<allow
send_broadcast="true"
send_destination="org.freedesktop.DBus"
send_destination_prefix="org.freedesktop"
send_error="something bad"
send_interface="org.freedesktop.systemd1.Activator"
send_path="/org/freedesktop"
Expand All @@ -788,7 +815,7 @@ mod tests {
/>
</policy>
<policy group="network">
<allow send_destination="org.freedesktop.Avahi" send_member="DoSomething" />
<allow send_destination_prefix="org.freedesktop" send_member="DoSomething" />
<allow receive_sender="org.freedesktop.Avahi" receive_member="DoSomething"/>
</policy>
<policy context="mandatory">
Expand All @@ -810,8 +837,9 @@ mod tests {
Access::Allow,
Operation::Send(SendOperation {
broadcast: Some(true),
destination: String::from("org.freedesktop.DBus"),
destination_prefix: String::from("org.freedesktop"),
destination: Some(Destination::Name(String::from(
"org.freedesktop.DBus"
))),
error: String::from("something bad"),
interface: String::from("org.freedesktop.systemd1.Activator"),
max_fds: 128,
Expand Down Expand Up @@ -840,7 +868,9 @@ mod tests {
(
Access::Allow,
Operation::Send(SendOperation {
destination: String::from("org.freedesktop.Avahi"),
destination: Some(Destination::Prefix(String::from(
"org.freedesktop"
))),
..Default::default()
})
),
Expand All @@ -858,7 +888,7 @@ mod tests {
Policy::MandatoryContext(vec![(
Access::Deny,
Operation::Send(SendOperation {
destination: String::from("net.connman.iwd"),
destination: Some(Destination::Name(String::from("net.connman.iwd"))),
..Default::default()
})
),]),
Expand Down Expand Up @@ -902,7 +932,7 @@ mod tests {
Access::Allow,
// `eavesdrop="true"` is dropped, keep other attributes
Operation::Send(SendOperation {
destination: String::from("*"),
destination: Some(Destination::Any),
..Default::default()
})
),
Expand All @@ -915,7 +945,9 @@ mod tests {
(
Access::Allow,
Operation::Send(SendOperation {
destination: String::from("org.gnome.DisplayManager"),
destination: Some(Destination::Name(String::from(
"org.gnome.DisplayManager"
))),
interface: String::from("org.gnome.DisplayManager.Manager"),
// `member=... is dropped`
..Default::default()
Expand All @@ -929,6 +961,21 @@ mod tests {
);
}

#[should_panic]
#[test]
fn bus_config_parse_with_policies_with_send_destination_and_send_destination_prefix_error() {
let input = r#"<!DOCTYPE busconfig PUBLIC "-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow send_destination="org.freedesktop.DBus" send_destination_prefix="org.freedesktop" />
</policy>
</busconfig>
"#;

Config::parse(input).expect("should parse XML input");
}

#[should_panic]
#[test]
fn bus_config_parse_with_policies_with_send_and_receive_attributes_error() {
Expand Down

0 comments on commit 0b05b72

Please sign in to comment.