chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bus: introduce "trusted" bus concept and encode access control in object vtables
[elogind.git]
/
src
/
libsystemd-bus
/
sd-bus.c
diff --git
a/src/libsystemd-bus/sd-bus.c
b/src/libsystemd-bus/sd-bus.c
index 4bbeea92f3f326cd12de3d298fb3340e37d1b52a..81bfe0d92202847420922e6a5c7f8080fe6bc633 100644
(file)
--- a/
src/libsystemd-bus/sd-bus.c
+++ b/
src/libsystemd-bus/sd-bus.c
@@
-47,6
+47,7
@@
#include "bus-objects.h"
#include "bus-util.h"
#include "bus-container.h"
#include "bus-objects.h"
#include "bus-util.h"
#include "bus-container.h"
+#include "bus-protocol.h"
static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec);
static int bus_poll(sd_bus *bus, bool need_more, uint64_t timeout_usec);
@@
-181,6
+182,7
@@
_public_ int sd_bus_new(sd_bus **ret) {
r->n_ref = REFCNT_INIT;
r->input_fd = r->output_fd = -1;
r->message_version = 1;
r->n_ref = REFCNT_INIT;
r->input_fd = r->output_fd = -1;
r->message_version = 1;
+ r->creds_mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME;
r->hello_flags |= KDBUS_HELLO_ACCEPT_FD;
r->attach_flags |= KDBUS_ATTACH_NAMES;
r->original_pid = getpid();
r->hello_flags |= KDBUS_HELLO_ACCEPT_FD;
r->attach_flags |= KDBUS_ATTACH_NAMES;
r->original_pid = getpid();
@@
-286,14
+288,14
@@
_public_ int sd_bus_negotiate_attach_timestamp(sd_bus *bus, int b) {
_public_ int sd_bus_negotiate_attach_creds(sd_bus *bus, uint64_t mask) {
assert_return(bus, -EINVAL);
_public_ int sd_bus_negotiate_attach_creds(sd_bus *bus, uint64_t mask) {
assert_return(bus, -EINVAL);
- assert_return(mask <= _SD_BUS_CREDS_
MAX
, -EINVAL);
+ assert_return(mask <= _SD_BUS_CREDS_
ALL
, -EINVAL);
assert_return(bus->state == BUS_UNSET, -EPERM);
assert_return(!bus_pid_changed(bus), -ECHILD);
/* The well knowns we need unconditionally, so that matches can work */
assert_return(bus->state == BUS_UNSET, -EPERM);
assert_return(!bus_pid_changed(bus), -ECHILD);
/* The well knowns we need unconditionally, so that matches can work */
-
mask |= SD_BUS_CREDS_WELL_KNOWN_NAMES
;
+
bus->creds_mask = mask | SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME
;
- return kdbus_translate_attach_flags(mask, &bus->creds_mask);
+ return kdbus_translate_attach_flags(
bus->creds_
mask, &bus->creds_mask);
}
_public_ int sd_bus_set_server(sd_bus *bus, int b, sd_id128_t server_id) {
}
_public_ int sd_bus_set_server(sd_bus *bus, int b, sd_id128_t server_id) {
@@
-316,6
+318,15
@@
_public_ int sd_bus_set_anonymous(sd_bus *bus, int b) {
return 0;
}
return 0;
}
+_public_ int sd_bus_set_trusted(sd_bus *bus, int b) {
+ assert_return(bus, -EINVAL);
+ assert_return(bus->state == BUS_UNSET, -EPERM);
+ assert_return(!bus_pid_changed(bus), -ECHILD);
+
+ bus->trusted = !!b;
+ return 0;
+}
+
static int hello_callback(sd_bus *bus, sd_bus_message *reply, void *userdata, sd_bus_error *error) {
const char *s;
int r;
static int hello_callback(sd_bus *bus, sd_bus_message *reply, void *userdata, sd_bus_error *error) {
const char *s;
int r;
@@
-992,13
+1003,22
@@
_public_ int sd_bus_open_system(sd_bus **ret) {
if (e)
r = sd_bus_set_address(b, e);
else
if (e)
r = sd_bus_set_address(b, e);
else
+#ifdef ENABLE_KDBUS
r = sd_bus_set_address(b, "kernel:path=/dev/kdbus/0-system/bus;unix:path=/run/dbus/system_bus_socket");
r = sd_bus_set_address(b, "kernel:path=/dev/kdbus/0-system/bus;unix:path=/run/dbus/system_bus_socket");
+#else
+ r = sd_bus_set_address(b, "unix:path=/run/dbus/system_bus_socket");
+#endif
if (r < 0)
goto fail;
b->bus_client = true;
if (r < 0)
goto fail;
b->bus_client = true;
+ /* Let's do per-method access control on the system bus. We
+ * need the caller's UID and capability set for that. */
+ b->trusted = false;
+ b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS;
+
r = sd_bus_start(b);
if (r < 0)
goto fail;
r = sd_bus_start(b);
if (r < 0)
goto fail;
@@
-1034,13
+1054,22
@@
_public_ int sd_bus_open_user(sd_bus **ret) {
ee = bus_address_escape(e);
if (!ee) {
ee = bus_address_escape(e);
if (!ee) {
- r = -ENO
ENT
;
+ r = -ENO
MEM
;
goto fail;
}
goto fail;
}
+#ifdef ENABLE_KDBUS
asprintf(&b->address, "kernel:path=/dev/kdbus/%lu-user/bus;unix:path=%s/bus", (unsigned long) getuid(), ee);
asprintf(&b->address, "kernel:path=/dev/kdbus/%lu-user/bus;unix:path=%s/bus", (unsigned long) getuid(), ee);
- } else
+#else
+ b->address = strjoin("unix:path=", ee, "/bus", NULL);
+#endif
+ } else {
+#ifdef ENABLE_KDBUS
asprintf(&b->address, "kernel:path=/dev/kdbus/%lu-user/bus", (unsigned long) getuid());
asprintf(&b->address, "kernel:path=/dev/kdbus/%lu-user/bus", (unsigned long) getuid());
+#else
+ return -ECONNREFUSED;
+#endif
+ }
if (!b->address) {
r = -ENOMEM;
if (!b->address) {
r = -ENOMEM;
@@
-1050,6
+1079,10
@@
_public_ int sd_bus_open_user(sd_bus **ret) {
b->bus_client = true;
b->bus_client = true;
+ /* We don't do any per-method access control on the user
+ * bus. */
+ b->trusted = true;
+
r = sd_bus_start(b);
if (r < 0)
goto fail;
r = sd_bus_start(b);
if (r < 0)
goto fail;
@@
-1270,8
+1303,6
@@
int bus_seal_synthetic_message(sd_bus *b, sd_bus_message *m) {
}
static int bus_write_message(sd_bus *bus, sd_bus_message *message, size_t *idx) {
}
static int bus_write_message(sd_bus *bus, sd_bus_message *message, size_t *idx) {
- int r;
-
assert(bus);
assert(message);
assert(bus);
assert(message);
@@
-1279,8
+1310,6
@@
static int bus_write_message(sd_bus *bus, sd_bus_message *message, size_t *idx)
return bus_kernel_write_message(bus, message);
else
return bus_socket_write_message(bus, message, idx);
return bus_kernel_write_message(bus, message);
else
return bus_socket_write_message(bus, message, idx);
-
- return r;
}
static int dispatch_wqueue(sd_bus *bus) {
}
static int dispatch_wqueue(sd_bus *bus) {
@@
-1398,7
+1427,7
@@
_public_ int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) {
/* If the serial number isn't kept, then we know that no reply
* is expected */
if (!serial && !m->sealed)
/* If the serial number isn't kept, then we know that no reply
* is expected */
if (!serial && !m->sealed)
- m->header->flags |=
SD_
BUS_MESSAGE_NO_REPLY_EXPECTED;
+ m->header->flags |= BUS_MESSAGE_NO_REPLY_EXPECTED;
r = bus_seal_message(bus, m);
if (r < 0)
r = bus_seal_message(bus, m);
if (r < 0)
@@
-1514,7
+1543,7
@@
_public_ int sd_bus_call_async(
assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
assert_return(m, -EINVAL);
assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
assert_return(m, -EINVAL);
assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
- assert_return(!(m->header->flags &
SD_
BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
+ assert_return(!(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
assert_return(callback, -EINVAL);
assert_return(!bus_pid_changed(bus), -ECHILD);
assert_return(callback, -EINVAL);
assert_return(!bus_pid_changed(bus), -ECHILD);
@@
-1624,7
+1653,7
@@
_public_ int sd_bus_call(
assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
assert_return(m, -EINVAL);
assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
assert_return(m, -EINVAL);
assert_return(m->header->type == SD_BUS_MESSAGE_METHOD_CALL, -EINVAL);
- assert_return(!(m->header->flags &
SD_
BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
+ assert_return(!(m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED), -EINVAL);
assert_return(!bus_error_is_dirty(error), -EINVAL);
assert_return(!bus_pid_changed(bus), -ECHILD);
assert_return(!bus_error_is_dirty(error), -EINVAL);
assert_return(!bus_pid_changed(bus), -ECHILD);
@@
-1966,7
+1995,7
@@
static int process_builtin(sd_bus *bus, sd_bus_message *m) {
if (!streq_ptr(m->interface, "org.freedesktop.DBus.Peer"))
return 0;
if (!streq_ptr(m->interface, "org.freedesktop.DBus.Peer"))
return 0;
- if (m->header->flags &
SD_
BUS_MESSAGE_NO_REPLY_EXPECTED)
+ if (m->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED)
return 1;
if (streq_ptr(m->member, "Ping"))
return 1;
if (streq_ptr(m->member, "Ping"))
@@
-2787,7
+2816,7
@@
_public_ int sd_bus_get_peer_creds(sd_bus *bus, uint64_t mask, sd_bus_creds **re
int r;
assert_return(bus, -EINVAL);
int r;
assert_return(bus, -EINVAL);
- assert_return(mask <= _SD_BUS_CREDS_
MAX
, -ENOTSUP);
+ assert_return(mask <= _SD_BUS_CREDS_
ALL
, -ENOTSUP);
assert_return(ret, -EINVAL);
assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
assert_return(!bus_pid_changed(bus), -ECHILD);
assert_return(ret, -EINVAL);
assert_return(BUS_IS_OPEN(bus->state), -ENOTCONN);
assert_return(!bus_pid_changed(bus), -ECHILD);
@@
-2805,7
+2834,7
@@
_public_ int sd_bus_get_peer_creds(sd_bus *bus, uint64_t mask, sd_bus_creds **re
c->uid = bus->ucred.uid;
c->gid = bus->ucred.gid;
c->uid = bus->ucred.uid;
c->gid = bus->ucred.gid;
- c->mask |= (
(SD_BUS_CREDS_UID | SD_BUS_CREDS_PID | SD_BUS_CREDS_GID) & mask) & bus->creds_
mask;
+ c->mask |= (
SD_BUS_CREDS_UID | SD_BUS_CREDS_PID | SD_BUS_CREDS_GID) &
mask;
}
if (!isempty(bus->label) && (mask & SD_BUS_CREDS_SELINUX_CONTEXT)) {
}
if (!isempty(bus->label) && (mask & SD_BUS_CREDS_SELINUX_CONTEXT)) {
@@
-2815,7
+2844,7
@@
_public_ int sd_bus_get_peer_creds(sd_bus *bus, uint64_t mask, sd_bus_creds **re
return -ENOMEM;
}
return -ENOMEM;
}
- c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT
| bus->creds_mask
;
+ c->mask |= SD_BUS_CREDS_SELINUX_CONTEXT;
}
r = bus_creds_add_more(c, mask, pid, 0);
}
r = bus_creds_add_more(c, mask, pid, 0);