nspawn: add "-n" shortcut for "--network-veth"

[elogind.git] / src / bus-proxyd / bus-proxyd.c

diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 6101a20ad8c4e567f6f286152b1e310795d5b066..bd2b0a82cb010ddecdddbab9628928a81047b5a7 100644 (file)
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -992,6 +992,22 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
         if (!policy)
                 return 0;
 
+        /*
+         * dbus-1 distinguishes expected and non-expected replies by tracking
+         * method-calls and timeouts. By default, DENY rules are *NEVER* applied
+         * on expected replies, unless explicitly specified. But we dont track
+         * method-calls, thus, we cannot know whether a reply is expected.
+         * Fortunately, the kdbus forbids non-expected replies, so we can safely
+         * ignore any policy on those and let the kernel deal with it.
+         *
+         * TODO: To be correct, we should only ignore policy-tags that are
+         * applied on non-expected replies. However, so far we don't parse those
+         * tags so we let everything pass. I haven't seen a DENY policy tag on
+         * expected-replies, ever, so don't bother..
+         */
+        if (m->reply_cookie > 0)
+                return 0;
+
         if (from->is_kernel) {
                 uid_t sender_uid = UID_INVALID;
                 gid_t sender_gid = GID_INVALID;
@@ -1008,16 +1024,34 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
                 (void) sd_bus_creds_get_uid(&m->creds, &sender_uid);
                 (void) sd_bus_creds_get_gid(&m->creds, &sender_gid);
 
+                if (sender_uid == UID_INVALID || sender_gid == GID_INVALID) {
+                        _cleanup_bus_creds_unref_ sd_bus_creds *sender_creds = NULL;
+
+                        /* If the message came from another legacy
+                         * client, then the message creds will be
+                         * missing, simply because on legacy clients
+                         * per-message creds were unknown. In this
+                         * case, query the creds of the peer
+                         * instead. */
+
+                        r = bus_get_name_creds_kdbus(from, m->sender, SD_BUS_CREDS_UID|SD_BUS_CREDS_GID, true, &sender_creds);
+                        if (r < 0)
+                                return handle_policy_error(m, r);
+
+                        (void) sd_bus_creds_get_uid(sender_creds, &sender_uid);
+                        (void) sd_bus_creds_get_gid(sender_creds, &sender_gid);
+                }
+
                 /* First check whether the sender can send the message to our name */
                 if (set_isempty(owned_names)) {
-                        if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, NULL, m->path, m->interface, m->member))
+                        if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, NULL, m->path, m->interface, m->member, false))
                                 granted = true;
                 } else {
                         Iterator i;
                         char *n;
 
                         SET_FOREACH(n, owned_names, i)
-                                if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, n, m->path, m->interface, m->member)) {
+                                if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, n, m->path, m->interface, m->member, false)) {
                                         granted = true;
                                         break;
                                 }
@@ -1026,13 +1060,13 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
                 if (granted) {
                         /* Then check whether us (the recipient) can receive from the sender's name */
                         if (strv_isempty(sender_names)) {
-                                if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member))
+                                if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member, false))
                                         return 0;
                         } else {
                                 char **n;
 
                                 STRV_FOREACH(n, sender_names) {
-                                        if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member))
+                                        if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member, false))
                                                 return 0;
                                 }
                         }
@@ -1079,13 +1113,13 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
 
                 /* First check if we (the sender) can send to this name */
                 if (strv_isempty(destination_names)) {
-                        if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member))
+                        if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member, true))
                                 granted = true;
                 } else {
                         char **n;
 
                         STRV_FOREACH(n, destination_names) {
-                                if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member)) {
+                                if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member, true)) {
 
                                         /* If we made a receiver decision,
                                            then remember which name's policy
@@ -1114,15 +1148,25 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
 
                 /* Then check if the recipient can receive from our name */
                 if (granted) {
-                        if (set_isempty(owned_names)) {
-                                if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, NULL, m->path, m->interface, m->member))
+                        if (sd_bus_message_is_signal(m, NULL, NULL)) {
+                                /* If we forward a signal from dbus-1 to kdbus,
+                                 * we have no idea who the recipient is.
+                                 * Therefore, we cannot apply any dbus-1
+                                 * receiver policies that match on receiver
+                                 * credentials. We know sd-bus always sets
+                                 * KDBUS_MSG_SIGNAL, so the kernel applies
+                                 * receiver policies to the message. Therefore,
+                                 * skip policy checks in this case. */
+                                return 0;
+                        } else if (set_isempty(owned_names)) {
+                                if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, NULL, m->path, m->interface, m->member, true))
                                         return 0;
                         } else {
                                 Iterator i;
                                 char *n;
 
                                 SET_FOREACH(n, owned_names, i)
-                                        if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, n, m->path, m->interface, m->member))
+                                        if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, n, m->path, m->interface, m->member, true))
                                                 return 0;
                         }
                 }