/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */
/* policy.h  Bus security policy
 *
 * Copyright (C) 2003  Red Hat, Inc.
 *
 * Licensed under the Academic Free License version 2.1
 * 
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 *
 */

#ifndef BUS_POLICY_H
#define BUS_POLICY_H

#include <dbus/dbus.h>
#include <dbus/dbus-string.h>
#include <dbus/dbus-list.h>
#include <dbus/dbus-sysdeps.h>
#include "bus.h"

typedef enum
{
  BUS_POLICY_RULE_SEND,
  BUS_POLICY_RULE_RECEIVE,
  BUS_POLICY_RULE_OWN,
  BUS_POLICY_RULE_USER,
  BUS_POLICY_RULE_GROUP
} BusPolicyRuleType;

/** determines whether the rule affects a connection, or some global item */
#define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \
                                               (rule)->type == BUS_POLICY_RULE_GROUP))

struct BusPolicyRule
{
  int refcount;
  
  BusPolicyRuleType type;

  unsigned int allow : 1; /**< #TRUE if this allows, #FALSE if it denies */
  
  union
  {
    struct
    {
      /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
      int   message_type;
      /* any of these can be NULL meaning "any" */
      char *path;
      char *interface;
      char *member;
      char *error;
      char *destination;
      unsigned int eavesdrop : 1;
      unsigned int requested_reply : 1;
      unsigned int log : 1;
    } send;

    struct
    {
      /* message type can be DBUS_MESSAGE_TYPE_INVALID meaning "any" */
      int   message_type;
      /* any of these can be NULL meaning "any" */
      char *path;
      char *interface;
      char *member;
      char *error;
      char *origin;
      unsigned int eavesdrop : 1;
      unsigned int requested_reply : 1;
    } receive;

    struct
    {
      /* can be NULL meaning "any" */
      char *service_name;
      /* if prefix is set, any name starting with service_name can be owned */
      unsigned int prefix : 1;
    } own;

    struct
    {
      /* can be DBUS_UID_UNSET meaning "any" */
      dbus_uid_t uid;
    } user;

    struct
    {
      /* can be DBUS_GID_UNSET meaning "any" */
      dbus_gid_t gid;
    } group;

  } d;
};

BusPolicyRule* bus_policy_rule_new   (BusPolicyRuleType type,
                                      dbus_bool_t       allow);
BusPolicyRule* bus_policy_rule_ref   (BusPolicyRule    *rule);
void           bus_policy_rule_unref (BusPolicyRule    *rule);

BusPolicy*       bus_policy_new                   (void);
BusPolicy*       bus_policy_ref                   (BusPolicy        *policy);
void             bus_policy_unref                 (BusPolicy        *policy);
BusClientPolicy* bus_policy_create_client_policy  (BusPolicy        *policy,
                                                   DBusConnection   *connection,
                                                   DBusError        *error);
dbus_bool_t      bus_policy_allow_unix_user       (BusPolicy        *policy,
                                                   unsigned long     uid);
dbus_bool_t      bus_policy_allow_windows_user    (BusPolicy        *policy,
                                                   const char       *windows_sid);
dbus_bool_t      bus_policy_append_default_rule   (BusPolicy        *policy,
                                                   BusPolicyRule    *rule);
dbus_bool_t      bus_policy_append_mandatory_rule (BusPolicy        *policy,
                                                   BusPolicyRule    *rule);
dbus_bool_t      bus_policy_append_user_rule      (BusPolicy        *policy,
                                                   dbus_uid_t        uid,
                                                   BusPolicyRule    *rule);
dbus_bool_t      bus_policy_append_group_rule     (BusPolicy        *policy,
                                                   dbus_gid_t        gid,
                                                   BusPolicyRule    *rule);
dbus_bool_t      bus_policy_append_console_rule   (BusPolicy        *policy,
                                                   dbus_bool_t        at_console,
                                                   BusPolicyRule    *rule);

dbus_bool_t      bus_policy_merge                 (BusPolicy        *policy,
                                                   BusPolicy        *to_absorb);

BusClientPolicy* bus_client_policy_new               (void);
BusClientPolicy* bus_client_policy_ref               (BusClientPolicy  *policy);
void             bus_client_policy_unref             (BusClientPolicy  *policy);
dbus_bool_t      bus_client_policy_check_can_send    (BusClientPolicy  *policy,
                                                      BusRegistry      *registry,
                                                      dbus_bool_t       requested_reply,
                                                      DBusConnection   *receiver,
                                                      DBusMessage      *message,
                                                      dbus_int32_t     *toggles,
                                                      dbus_bool_t      *log);
dbus_bool_t      bus_client_policy_check_can_receive (BusClientPolicy  *policy,
                                                      BusRegistry      *registry,
                                                      dbus_bool_t       requested_reply,
                                                      DBusConnection   *sender,
                                                      DBusConnection   *addressed_recipient,
                                                      DBusConnection   *proposed_recipient,
                                                      DBusMessage      *message,
                                                      dbus_int32_t     *toggles);
dbus_bool_t      bus_client_policy_check_can_own     (BusClientPolicy  *policy,
                                                      const DBusString *service_name);
dbus_bool_t      bus_client_policy_append_rule       (BusClientPolicy  *policy,
                                                      BusPolicyRule    *rule);
void             bus_client_policy_optimize          (BusClientPolicy  *policy);

#ifdef DBUS_BUILD_TESTS
dbus_bool_t      bus_policy_check_can_own     (BusPolicy  *policy,
                                               const DBusString *service_name);
#endif

#endif /* BUS_POLICY_H */