-static int rename_service(sd_bus *a, sd_bus *b) {
- _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
- _cleanup_free_ char *p = NULL, *name = NULL;
- const char *comm;
- char **cmdline;
- uid_t uid;
- pid_t pid;
- int r;
-
- assert(a);
- assert(b);
-
- r = sd_bus_get_owner_creds(b, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_COMM|SD_BUS_CREDS_AUGMENT, &creds);
- if (r < 0)
- return r;
-
- r = sd_bus_creds_get_uid(creds, &uid);
- if (r < 0)
- return r;
-
- r = sd_bus_creds_get_pid(creds, &pid);
- if (r < 0)
- return r;
-
- r = sd_bus_creds_get_cmdline(creds, &cmdline);
- if (r < 0)
- return r;
-
- r = sd_bus_creds_get_comm(creds, &comm);
- if (r < 0)
- return r;
-
- name = uid_to_name(uid);
- if (!name)
- return -ENOMEM;
-
- p = strv_join(cmdline, " ");
- if (!p)
- return -ENOMEM;
-
- /* The status string gets the full command line ... */
- sd_notifyf(false,
- "STATUS=Processing requests from client PID "PID_FMT" (%s); UID "UID_FMT" (%s)",
- pid, p,
- uid, name);
-
- /* ... and the argv line only the short comm */
- if (arg_command_line_buffer) {
- size_t m, w;
-
- m = strlen(arg_command_line_buffer);
- w = snprintf(arg_command_line_buffer, m,
- "[PID "PID_FMT"/%s; UID "UID_FMT"/%s]",
- pid, comm,
- uid, name);
-
- if (m > w)
- memzero(arg_command_line_buffer + w, m - w);
- }
-
- log_debug("Running on behalf of PID "PID_FMT" (%s), UID "UID_FMT" (%s), %s",
- pid, p,
- uid, name,
- a->unique_name);
-
- return 0;
-}
-
-static int handle_policy_error(sd_bus_message *m, int r) {
- if (r == -ESRCH || r == -ENXIO)
- return synthetic_reply_method_errorf(m, SD_BUS_ERROR_NAME_HAS_NO_OWNER, "Name %s is currently not owned by anyone.", m->destination);
-
- return r;
-}
-
-static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) {
- int r;
-
- assert(from);
- assert(to);
- assert(m);
-
- if (!policy)
- return 0;
-
- /*
- * dbus-1 distinguishes expected and non-expected replies by tracking
- * method-calls and timeouts. By default, DENY rules are *NEVER* applied
- * on expected replies, unless explicitly specified. But we dont track
- * method-calls, thus, we cannot know whether a reply is expected.
- * Fortunately, the kdbus forbids non-expected replies, so we can safely
- * ignore any policy on those and let the kernel deal with it.
- *
- * TODO: To be correct, we should only ignore policy-tags that are
- * applied on non-expected replies. However, so far we don't parse those
- * tags so we let everything pass. I haven't seen a DENY policy tag on
- * expected-replies, ever, so don't bother..
- */
- if (m->reply_cookie > 0)
- return 0;
-
- if (from->is_kernel) {
- uid_t sender_uid = UID_INVALID;
- gid_t sender_gid = GID_INVALID;
- char **sender_names = NULL;
- bool granted = false;
-
- /* Driver messages are always OK */
- if (streq_ptr(m->sender, "org.freedesktop.DBus"))
- return 0;
-
- /* The message came from the kernel, and is sent to our legacy client. */
- sd_bus_creds_get_well_known_names(&m->creds, &sender_names);
-
- (void) sd_bus_creds_get_uid(&m->creds, &sender_uid);
- (void) sd_bus_creds_get_gid(&m->creds, &sender_gid);
-
- if (sender_uid == UID_INVALID || sender_gid == GID_INVALID) {
- _cleanup_bus_creds_unref_ sd_bus_creds *sender_creds = NULL;
-
- /* If the message came from another legacy
- * client, then the message creds will be
- * missing, simply because on legacy clients
- * per-message creds were unknown. In this
- * case, query the creds of the peer
- * instead. */
-
- r = bus_get_name_creds_kdbus(from, m->sender, SD_BUS_CREDS_UID|SD_BUS_CREDS_GID, true, &sender_creds);
- if (r < 0)
- return handle_policy_error(m, r);
-
- (void) sd_bus_creds_get_uid(sender_creds, &sender_uid);
- (void) sd_bus_creds_get_gid(sender_creds, &sender_gid);
- }
-
- /* First check whether the sender can send the message to our name */
- if (set_isempty(owned_names)) {
- if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, NULL, m->path, m->interface, m->member, false))
- granted = true;
- } else {
- Iterator i;
- char *n;
-
- SET_FOREACH(n, owned_names, i)
- if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, n, m->path, m->interface, m->member, false)) {
- granted = true;
- break;
- }
- }
-
- if (granted) {
- /* Then check whether us (the recipient) can receive from the sender's name */
- if (strv_isempty(sender_names)) {
- if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member, false))
- return 0;
- } else {
- char **n;
-
- STRV_FOREACH(n, sender_names) {
- if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member, false))
- return 0;
- }
- }
- }
-
- /* Return an error back to the caller */
- if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
- return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy.");
-
- /* Return 1, indicating that the message shall not be processed any further */
- return 1;
- }
-
- if (to->is_kernel) {
- _cleanup_bus_creds_unref_ sd_bus_creds *destination_creds = NULL;
- uid_t destination_uid = UID_INVALID;
- gid_t destination_gid = GID_INVALID;
- const char *destination_unique = NULL;
- char **destination_names = NULL;
- bool granted = false;
-
- /* Driver messages are always OK */
- if (streq_ptr(m->destination, "org.freedesktop.DBus"))
- return 0;
-
- /* The message came from the legacy client, and is sent to kdbus. */
- if (m->destination) {
- r = bus_get_name_creds_kdbus(to, m->destination,
- SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
- SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID,
- true, &destination_creds);
- if (r < 0)
- return handle_policy_error(m, r);
-
- r = sd_bus_creds_get_unique_name(destination_creds, &destination_unique);
- if (r < 0)
- return handle_policy_error(m, r);
-
- sd_bus_creds_get_well_known_names(destination_creds, &destination_names);
-
- (void) sd_bus_creds_get_uid(destination_creds, &destination_uid);
- (void) sd_bus_creds_get_gid(destination_creds, &destination_gid);
- }
-
- /* First check if we (the sender) can send to this name */
- if (strv_isempty(destination_names)) {
- if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member, true))
- granted = true;
- } else {
- char **n;
-
- STRV_FOREACH(n, destination_names) {
- if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member, true)) {
-
- /* If we made a receiver decision,
- then remember which name's policy
- we used, and to which unique ID it
- mapped when we made the
- decision. Then, let's pass this to
- the kernel when sending the
- message, so that it refuses the
- operation should the name and
- unique ID not map to each other
- anymore. */
-
- r = free_and_strdup(&m->destination_ptr, *n);
- if (r < 0)
- return r;
-
- r = bus_kernel_parse_unique_name(destination_unique, &m->verify_destination_id);
- if (r < 0)
- break;
-
- granted = true;
- break;
- }
- }
- }
-
- /* Then check if the recipient can receive from our name */
- if (granted) {
- if (sd_bus_message_is_signal(m, NULL, NULL)) {
- /* If we forward a signal from dbus-1 to kdbus,
- * we have no idea who the recipient is.
- * Therefore, we cannot apply any dbus-1
- * receiver policies that match on receiver
- * credentials. We know sd-bus always sets
- * KDBUS_MSG_SIGNAL, so the kernel applies
- * receiver policies to the message. Therefore,
- * skip policy checks in this case. */
- return 0;
- } else if (set_isempty(owned_names)) {
- if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, NULL, m->path, m->interface, m->member, true))
- return 0;
- } else {
- Iterator i;
- char *n;
-
- SET_FOREACH(n, owned_names, i)
- if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, n, m->path, m->interface, m->member, true))
- return 0;
- }
- }
-
- /* Return an error back to the caller */
- if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
- return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy.");
-
- /* Return 1, indicating that the message shall not be processed any further */
- return 1;
- }
-
- return 0;
-}
-
-static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hello) {
- _cleanup_bus_message_unref_ sd_bus_message *n = NULL;
- bool is_hello;
- int r;
-
- assert(a);
- assert(b);
- assert(m);
- assert(got_hello);
-
- /* As reaction to hello we need to respond with two messages:
- * the callback reply and the NameAcquired for the unique
- * name, since hello is otherwise obsolete on kdbus. */
-
- is_hello =
- sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "Hello") &&
- streq_ptr(m->destination, "org.freedesktop.DBus");
-
- if (!is_hello) {
-
- if (*got_hello)
- return 0;
-
- log_error("First packet isn't hello (it's %s.%s), aborting.", m->interface, m->member);
- return -EIO;
- }
-
- if (*got_hello) {
- log_error("Got duplicate hello, aborting.");
- return -EIO;
- }
-
- *got_hello = true;
-
- if (!a->is_kernel)
- return 0;
-
- r = sd_bus_message_new_method_return(m, &n);
- if (r < 0)
- return log_error_errno(r, "Failed to generate HELLO reply: %m");
-
- r = sd_bus_message_append(n, "s", a->unique_name);
- if (r < 0)
- return log_error_errno(r, "Failed to append unique name to HELLO reply: %m");
-
- r = bus_message_append_sender(n, "org.freedesktop.DBus");
- if (r < 0)
- return log_error_errno(r, "Failed to append sender to HELLO reply: %m");
-
- r = bus_seal_synthetic_message(b, n);
- if (r < 0)
- return log_error_errno(r, "Failed to seal HELLO reply: %m");
-
- r = sd_bus_send(b, n, NULL);
- if (r < 0)
- return log_error_errno(r, "Failed to send HELLO reply: %m");
-
- n = sd_bus_message_unref(n);
- r = sd_bus_message_new_signal(
- b,
- &n,
- "/org/freedesktop/DBus",
- "org.freedesktop.DBus",
- "NameAcquired");
- if (r < 0)
- return log_error_errno(r, "Failed to allocate initial NameAcquired message: %m");
-
- r = sd_bus_message_append(n, "s", a->unique_name);
- if (r < 0)
- return log_error_errno(r, "Failed to append unique name to NameAcquired message: %m");
-
- r = bus_message_append_sender(n, "org.freedesktop.DBus");
- if (r < 0)
- return log_error_errno(r, "Failed to append sender to NameAcquired message: %m");
-
- r = bus_seal_synthetic_message(b, n);
- if (r < 0)
- return log_error_errno(r, "Failed to seal NameAcquired message: %m");
-
- r = sd_bus_send(b, n, NULL);
- if (r < 0)
- return log_error_errno(r, "Failed to send NameAcquired message: %m");
-
- return 1;
-}
-
-static int patch_sender(sd_bus *a, sd_bus_message *m) {
- char **well_known = NULL;
- sd_bus_creds *c;
- int r;
-
- assert(a);
- assert(m);
-
- if (!a->is_kernel)
- return 0;
-
- /* We will change the sender of messages from the bus driver
- * so that they originate from the bus driver. This is a
- * speciality originating from dbus1, where the bus driver did
- * not have a unique id, but only the well-known name. */
-
- c = sd_bus_message_get_creds(m);
- if (!c)
- return 0;
-
- r = sd_bus_creds_get_well_known_names(c, &well_known);
- if (r < 0)
- return r;
-
- if (strv_contains(well_known, "org.freedesktop.DBus"))
- m->sender = "org.freedesktop.DBus";
-
- return 0;
-}
-
-static int mac_smack_apply_label_and_drop_cap_mac_admin(pid_t its_pid, const char *new_label) {
-#ifdef HAVE_SMACK
- int r = 0, k;
-
- if (!mac_smack_use())
- return 0;
-
- if (new_label && its_pid > 0)
- r = mac_smack_apply_pid(its_pid, new_label);
-
- k = drop_capability(CAP_MAC_ADMIN);
- return r < 0 ? r : k;
-#else
- return 0;
-#endif
-}
-
-