#include "strv.h"
#include "conf-files.h"
#include "bus-internal.h"
+#include "bus-message.h"
#include "bus-policy.h"
static void policy_item_free(PolicyItem *i) {
DEFINE_TRIVIAL_CLEANUP_FUNC(PolicyItem*, policy_item_free);
+static void item_append(PolicyItem *i, PolicyItem **list) {
+
+ PolicyItem *tail;
+
+ LIST_FIND_TAIL(items, *list, tail);
+ LIST_INSERT_AFTER(items, *list, tail, i);
+}
+
static int file_load(Policy *p, const char *path) {
_cleanup_free_ char *c = NULL, *policy_user = NULL, *policy_group = NULL;
if (r < 0) {
if (r == -ENOENT)
return 0;
+ if (r == -EISDIR)
+ return r;
log_error("Failed to load %s: %s", path, strerror(-r));
return r;
else if (streq(name, "group"))
state = STATE_POLICY_GROUP;
else {
- log_warning("Attribute %s of <policy> tag unknown at %s:%u, ignoring.", name, path, line);
+ if (streq(name, "at_console"))
+ log_debug("Attribute %s of <policy> tag unsupported at %s:%u, ignoring.", name, path, line);
+ else
+ log_warning("Attribute %s of <policy> tag unknown at %s:%u, ignoring.", name, path, line);
state = STATE_POLICY_OTHER_ATTRIBUTE;
}
} else if (t == XML_TAG_CLOSE_EMPTY ||
ic = POLICY_ITEM_USER;
else if (streq(name, "group"))
ic = POLICY_ITEM_GROUP;
- else {
+ else if (streq(name, "eavesdrop")) {
+ log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line);
+ i->class = POLICY_ITEM_IGNORE;
+ state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
+ break;
+ } else {
log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line);
state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
break;
(streq(u, "sender") && ic == POLICY_ITEM_RECV))
state = STATE_ALLOW_DENY_NAME;
else {
- log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line);
+ if (streq(u, "requested_reply"))
+ log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line);
+ else
+ log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line);
state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE;
break;
}
}
if (policy_category == POLICY_CATEGORY_DEFAULT)
- LIST_PREPEND(items, p->default_items, i);
+ item_append(i, &p->default_items);
else if (policy_category == POLICY_CATEGORY_MANDATORY)
- LIST_PREPEND(items, p->default_items, i);
+ item_append(i, &p->mandatory_items);
else if (policy_category == POLICY_CATEGORY_USER) {
- PolicyItem *first;
+ const char *u = policy_user;
assert_cc(sizeof(uid_t) == sizeof(uint32_t));
- r = hashmap_ensure_allocated(&p->user_items, trivial_hash_func, trivial_compare_func);
+ r = hashmap_ensure_allocated(&p->user_items, NULL);
if (r < 0)
return log_oom();
- first = hashmap_get(p->user_items, UINT32_TO_PTR(i->uid));
- LIST_PREPEND(items, first, i);
+ if (!u) {
+ log_error("User policy without name");
+ return -EINVAL;
+ }
- r = hashmap_replace(p->user_items, UINT32_TO_PTR(i->uid), first);
+ r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
if (r < 0) {
- LIST_REMOVE(items, first, i);
- return log_oom();
+ log_error("Failed to resolve user %s, ignoring policy: %s", u, strerror(-r));
+ free(i);
+ } else {
+ PolicyItem *first;
+
+ first = hashmap_get(p->user_items, UINT32_TO_PTR(i->uid));
+ item_append(i, &first);
+ i->uid_valid = true;
+
+ r = hashmap_replace(p->user_items, UINT32_TO_PTR(i->uid), first);
+ if (r < 0) {
+ LIST_REMOVE(items, first, i);
+ return log_oom();
+ }
}
+
} else if (policy_category == POLICY_CATEGORY_GROUP) {
- PolicyItem *first;
+ const char *g = policy_group;
assert_cc(sizeof(gid_t) == sizeof(uint32_t));
- r = hashmap_ensure_allocated(&p->group_items, trivial_hash_func, trivial_compare_func);
+ r = hashmap_ensure_allocated(&p->group_items, NULL);
if (r < 0)
return log_oom();
- first = hashmap_get(p->group_items, UINT32_TO_PTR(i->gid));
- LIST_PREPEND(items, first, i);
+ if (!g) {
+ log_error("Group policy without name");
+ return -EINVAL;
+ }
- r = hashmap_replace(p->group_items, UINT32_TO_PTR(i->gid), first);
+ r = get_group_creds(&g, &i->gid);
if (r < 0) {
- LIST_REMOVE(items, first, i);
- return log_oom();
+ log_error("Failed to resolve group %s, ignoring policy: %s", g, strerror(-r));
+ free(i);
+ } else {
+ PolicyItem *first;
+
+ first = hashmap_get(p->group_items, UINT32_TO_PTR(i->gid));
+ item_append(i, &first);
+ i->gid_valid = true;
+
+ r = hashmap_replace(p->group_items, UINT32_TO_PTR(i->gid), first);
+ if (r < 0) {
+ LIST_REMOVE(items, first, i);
+ return log_oom();
+ }
}
}
return -EINVAL;
}
+ switch (i->class) {
+ case POLICY_ITEM_USER:
+ if (!streq(name, "*")) {
+ const char *u = name;
+
+ r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
+ if (r < 0)
+ log_error("Failed to resolve user %s: %s", name, strerror(-r));
+ else
+ i->uid_valid = true;
+ }
+ break;
+ case POLICY_ITEM_GROUP:
+ if (!streq(name, "*")) {
+ const char *g = name;
+
+ r = get_group_creds(&g, &i->gid);
+ if (r < 0)
+ log_error("Failed to resolve group %s: %s", name, strerror(-r));
+ else
+ i->gid_valid = true;
+ }
+ break;
+ default:
+ break;
+ }
+
i->name = name;
name = NULL;
+
state = STATE_ALLOW_DENY;
} else {
log_error("Unexpected token (14) in %s:%u.", path, line);
}
}
-int policy_load(Policy *p) {
- _cleanup_strv_free_ char **l = NULL;
+static bool is_matching_name_request(sd_bus_message *m, const char *name, bool prefix) {
+
+ char *n = NULL;
+ int r;
+
+ if (!sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "RequestName"))
+ return false;
+
+ r = sd_bus_message_read(m, "s", &n);
+ if (r < 0)
+ return false;
+
+ r = sd_bus_message_rewind(m, true);
+ if (r < 0)
+ return false;
+
+ if (prefix)
+ return startswith(name, n);
+ else
+ return streq_ptr(name, n);
+}
+
+static bool is_matching_call(PolicyItem *i, sd_bus_message *m, const char *name) {
+
+ if (i->message_type && (i->message_type != m->header->type))
+ return false;
+
+ if (i->path && (!m->path || !streq(i->path, m->path)))
+ return false;
+
+ if (i->member && (!m->member || !streq(i->member, m->member)))
+ return false;
+
+ if (i->interface && (!m->interface || !streq(i->interface, m->interface)))
+ return false;
+
+ if (i->name && (!name || !streq(i->name, name)))
+ return false;
+
+ return true;
+}
+
+enum {
+ ALLOW,
+ DUNNO,
+ DENY,
+};
+
+static int is_permissive(PolicyItem *i) {
+
+ return (i->type == POLICY_ITEM_ALLOW) ? ALLOW : DENY;
+}
+
+static int check_policy_item(PolicyItem *i, sd_bus_message *m, const struct ucred *ucred) {
+
+ switch (i->class) {
+ case POLICY_ITEM_SEND:
+ if ((m->bus->is_kernel && is_matching_call(i, m, m->destination)) ||
+ (!m->bus->is_kernel && is_matching_call(i, m, m->sender)))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_RECV:
+ if ((m->bus->is_kernel && is_matching_call(i, m, m->sender)) ||
+ (!m->bus->is_kernel && is_matching_call(i, m, m->destination)))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_OWN:
+ if (is_matching_name_request(m, i->name, false))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_OWN_PREFIX:
+ if (is_matching_name_request(m, i->name, true))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_USER:
+ if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "Hello") &&
+ (streq_ptr(i->name, "*") || (i->uid_valid && i->uid == ucred->uid)))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_GROUP:
+ if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "Hello") &&
+ (streq_ptr(i->name, "*") || (i->gid_valid && i->gid == ucred->gid)))
+ return is_permissive(i);
+ break;
+
+ case POLICY_ITEM_IGNORE:
+ default:
+ break;
+ }
+
+ return DUNNO;
+}
+
+static int check_policy_items(PolicyItem *items, sd_bus_message *m, const struct ucred *ucred) {
+
+ PolicyItem *i;
+ int r, ret = DUNNO;
+
+ /* Check all policies in a set - a broader one might be followed by a more specific one,
+ * and the order of rules in policy definitions matters */
+ LIST_FOREACH(items, i, items) {
+ r = check_policy_item(i, m, ucred);
+ if (r != DUNNO)
+ ret = r;
+ }
+
+ return ret;
+}
+
+bool policy_check(Policy *p, sd_bus_message *m, const struct ucred *ucred) {
+
+ PolicyItem *items;
+ int r;
+
+ /*
+ * The policy check is implemented by the following logic:
+ *
+ * 1. Check mandatory items. If the message matches any of these, it is decisive.
+ * 2. See if the passed ucred match against the user/group hashmaps. A matching entry is also decisive.
+ * 3. Consult the defaults if non of the above matched with a more specific rule.
+ * 4. If the message isn't caught be the defaults either, reject it.
+ */
+
+ r = check_policy_items(p->mandatory_items, m, ucred);
+ if (r != DUNNO)
+ return r == ALLOW;
+
+ if (ucred->pid > 0) {
+ items = hashmap_get(p->user_items, UINT32_TO_PTR(ucred->uid));
+ if (items) {
+ r = check_policy_items(items, m, ucred);
+ if (r != DUNNO)
+ return r == ALLOW;
+ }
+
+ items = hashmap_get(p->group_items, UINT32_TO_PTR(ucred->gid));
+ if (items) {
+ r = check_policy_items(items, m, ucred);
+ if (r != DUNNO)
+ return r == ALLOW;
+ }
+ }
+
+ r = check_policy_items(p->default_items, m, ucred);
+ if (r != DUNNO)
+ return r == ALLOW;
+
+ return false;
+}
+
+int policy_load(Policy *p, char **files) {
char **i;
int r;
assert(p);
- file_load(p, "/etc/dbus-1/system.conf");
- file_load(p, "/etc/dbus-1/system-local.conf");
+ STRV_FOREACH(i, files) {
- r = conf_files_list(&l, ".conf", NULL, "/etc/dbus-1/system.d/", NULL);
- if (r < 0) {
- log_error("Failed to get configuration file list: %s", strerror(-r));
- return r;
- }
+ r = file_load(p, *i);
+ if (r == -EISDIR) {
+ _cleanup_strv_free_ char **l = NULL;
+ char **j;
- STRV_FOREACH(i, l)
- file_load(p, *i);
+ r = conf_files_list(&l, ".conf", NULL, *i, NULL);
+ if (r < 0) {
+ log_error("Failed to get configuration file list: %s", strerror(-r));
+ return r;
+ }
+
+ STRV_FOREACH(j, l)
+ file_load(p, *j);
+ }
+
+ /* We ignore all errors but EISDIR, and just proceed. */
+ }
return 0;
}
LIST_REMOVE(items, first, i);
policy_item_free(i);
}
-
- policy_item_free(i);
}
while ((first = hashmap_steal_first(p->group_items))) {
LIST_REMOVE(items, first, i);
policy_item_free(i);
}
-
- policy_item_free(i);
}
hashmap_free(p->user_items);
p->user_items = p->group_items = NULL;
}
-static void dump_items(PolicyItem *i) {
+static void dump_items(PolicyItem *items, const char *prefix) {
+
+ PolicyItem *i;
- if (!i)
+ if (!items)
return;
- printf("Type: %s\n"
- "Class: %s\n",
- policy_item_type_to_string(i->type),
- policy_item_class_to_string(i->class));
+ if (!prefix)
+ prefix = "";
- if (i->interface)
- printf("Interface: %s\n",
- i->interface);
+ LIST_FOREACH(items, i, items) {
- if (i->member)
- printf("Member: %s\n",
- i->member);
+ printf("%sType: %s\n"
+ "%sClass: %s\n",
+ prefix, policy_item_type_to_string(i->type),
+ prefix, policy_item_class_to_string(i->class));
- if (i->error)
- printf("Error: %s\n",
- i->error);
+ if (i->interface)
+ printf("%sInterface: %s\n",
+ prefix, i->interface);
- if (i->path)
- printf("Path: %s\n",
- i->path);
+ if (i->member)
+ printf("%sMember: %s\n",
+ prefix, i->member);
- if (i->name)
- printf("Name: %s\n",
- i->name);
+ if (i->error)
+ printf("%sError: %s\n",
+ prefix, i->error);
- if (i->message_type != 0)
- printf("Message Type: %s\n",
- bus_message_type_to_string(i->message_type));
+ if (i->path)
+ printf("%sPath: %s\n",
+ prefix, i->path);
- if (i->uid_valid) {
- _cleanup_free_ char *user;
+ if (i->name)
+ printf("%sName: %s\n",
+ prefix, i->name);
- user = uid_to_name(i->uid);
+ if (i->message_type != 0)
+ printf("%sMessage Type: %s\n",
+ prefix, bus_message_type_to_string(i->message_type));
- printf("User: %s\n",
- strna(user));
- }
+ if (i->uid_valid) {
+ _cleanup_free_ char *user;
+
+ user = uid_to_name(i->uid);
- if (i->gid_valid) {
- _cleanup_free_ char *group;
+ printf("%sUser: %s (%d)\n",
+ prefix, strna(user), i->uid);
+ }
- group = gid_to_name(i->gid);
+ if (i->gid_valid) {
+ _cleanup_free_ char *group;
- printf("Group: %s\n",
- strna(group));
- }
+ group = gid_to_name(i->gid);
- if (i->items_next) {
- printf("--\n");
- dump_items(i->items_next);
+ printf("%sGroup: %s (%d)\n",
+ prefix, strna(group), i->gid);
+ }
}
}
void *k;
HASHMAP_FOREACH_KEY(i, k, h, j) {
- printf("Item for %u:\n", PTR_TO_UINT(k));
- dump_items(i);
+ printf("\t%s Item for %u:\n", draw_special_char(DRAW_ARROW), PTR_TO_UINT(k));
+ dump_items(i, "\t\t");
}
}
void policy_dump(Policy *p) {
- printf("→ Default Items:\n");
- dump_items(p->default_items);
+ printf("%s Default Items:\n", draw_special_char(DRAW_ARROW));
+ dump_items(p->default_items, "\t");
- printf("→ Mandatory Items:\n");
- dump_items(p->mandatory_items);
-
- printf("→ Group Items:\n");
+ printf("%s Group Items:\n", draw_special_char(DRAW_ARROW));
dump_hashmap_items(p->group_items);
- printf("→ User Items:\n");
+ printf("%s User Items:\n", draw_special_char(DRAW_ARROW));
dump_hashmap_items(p->user_items);
- exit(0);
+
+ printf("%s Mandatory Items:\n", draw_special_char(DRAW_ARROW));
+ dump_items(p->mandatory_items, "\t");
}
static const char* const policy_item_type_table[_POLICY_ITEM_TYPE_MAX] = {
[POLICY_ITEM_OWN_PREFIX] = "own-prefix",
[POLICY_ITEM_USER] = "user",
[POLICY_ITEM_GROUP] = "group",
+ [POLICY_ITEM_IGNORE] = "ignore",
};
DEFINE_STRING_TABLE_LOOKUP(policy_item_class, PolicyItemClass);