X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fbus-proxyd%2Fbus-proxyd.c;h=6d9e1a031cdde901c4221257e583c0d3c1287af1;hb=f131770b1465fbf423881f16ba85523a05f846fe;hp=5c8357c7b5832c45553441d7cd40aef2a65ac4c6;hpb=da927ba997d68401563b927f92e6e40e021a8e5c;p=elogind.git diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c index 5c8357c7b..6d9e1a031 100644 --- a/src/bus-proxyd/bus-proxyd.c +++ b/src/bus-proxyd/bus-proxyd.c @@ -44,7 +44,10 @@ #include "strv.h" #include "def.h" #include "capability.h" -#include "bus-policy.h" +#include "bus-control.h" +#include "smack-util.h" +#include "set.h" +#include "bus-xml-policy.h" static char *arg_address = NULL; static char *arg_command_line_buffer = NULL; @@ -61,7 +64,7 @@ static int help(void) { " --configuration=PATH Configuration file or directory\n" " --machine=MACHINE Connect to specified machine\n" " --address=ADDRESS Connect to the bus specified by ADDRESS\n" - " (default: " DEFAULT_SYSTEM_BUS_PATH ")\n", + " (default: " DEFAULT_SYSTEM_BUS_ADDRESS ")\n", program_invocation_short_name); return 0; @@ -166,7 +169,7 @@ static int parse_argv(int argc, char *argv[]) { } if (!arg_address) { - arg_address = strdup(DEFAULT_SYSTEM_BUS_PATH); + arg_address = strdup(DEFAULT_SYSTEM_BUS_ADDRESS); if (!arg_address) return log_oom(); } @@ -342,6 +345,17 @@ static int synthetic_reply_method_error(sd_bus_message *call, const sd_bus_error return synthetic_driver_send(call->bus, m); } +static int synthetic_reply_method_errorf(sd_bus_message *call, const char *name, const char *format, ...) { + _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; + va_list ap; + + va_start(ap, format); + bus_error_setfv(&error, name, format, ap); + va_end(ap); + + return synthetic_reply_method_error(call, &error); +} + static int synthetic_reply_method_errno(sd_bus_message *call, int error, const sd_bus_error *p) { _cleanup_bus_error_free_ sd_bus_error berror = SD_BUS_ERROR_NULL; @@ -625,7 +639,7 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic if (!sd_bus_message_has_signature(m, "")) return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS, "Invalid parameters")); - r = sd_bus_get_owner_id(a, &server_id); + r = sd_bus_get_bus_id(a, &server_id); if (r < 0) return synthetic_reply_method_errno(m, r, NULL); @@ -689,7 +703,6 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "ListQueuedOwners")) { struct kdbus_cmd_name_list cmd = {}; struct kdbus_name_list *name_list; - struct kdbus_cmd_free cmd_free; struct kdbus_name_info *name; _cleanup_strv_free_ char **owners = NULL; _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; @@ -742,10 +755,7 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic } } - cmd_free.flags = 0; - cmd_free.offset = cmd.offset; - - r = ioctl(a->input_fd, KDBUS_CMD_FREE, &cmd_free); + r = bus_kernel_cmd_free(a, cmd.offset); if (r < 0) return synthetic_reply_method_errno(m, r, NULL); @@ -962,6 +972,13 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic } } +static int handle_policy_error(sd_bus_message *m, int r) { + if (r == -ESRCH || r == -ENXIO) + return synthetic_reply_method_errorf(m, SD_BUS_ERROR_NAME_HAS_NO_OWNER, "Name %s is currently not owned by anyone.", m->destination); + + return r; +} + static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) { int r; @@ -973,8 +990,8 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p return 0; if (from->is_kernel) { - uid_t sender_uid = (uid_t) -1; - gid_t sender_gid = (gid_t) -1; + uid_t sender_uid = UID_INVALID; + gid_t sender_gid = GID_INVALID; char **sender_names = NULL; bool granted = false; @@ -983,9 +1000,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p return 0; /* The message came from the kernel, and is sent to our legacy client. */ - r = sd_bus_creds_get_well_known_names(&m->creds, &sender_names); - if (r < 0) - return r; + sd_bus_creds_get_well_known_names(&m->creds, &sender_names); (void) sd_bus_creds_get_uid(&m->creds, &sender_uid); (void) sd_bus_creds_get_gid(&m->creds, &sender_gid); @@ -1006,7 +1021,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p } if (granted) { - /* Then check whether us, the recipient can recieve from the sender's name */ + /* Then check whether us (the recipient) can receive from the sender's name */ if (strv_isempty(sender_names)) { if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member)) return 0; @@ -1022,7 +1037,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p /* Return an error back to the caller */ if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL) - return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy."); + return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy."); /* Return 1, indicating that the message shall not be processed any further */ return 1; @@ -1030,8 +1045,8 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p if (to->is_kernel) { _cleanup_bus_creds_unref_ sd_bus_creds *destination_creds = NULL; - uid_t destination_uid = (uid_t) -1; - gid_t destination_gid = (gid_t) -1; + uid_t destination_uid = UID_INVALID; + gid_t destination_gid = GID_INVALID; const char *destination_unique = NULL; char **destination_names = NULL; bool granted = false; @@ -1042,25 +1057,24 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p /* The message came from the legacy client, and is sent to kdbus. */ if (m->destination) { - r = sd_bus_get_name_creds(to, m->destination, - SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME| - SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID, &destination_creds); + r = bus_get_name_creds_kdbus(to, m->destination, + SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME| + SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID, + true, &destination_creds); if (r < 0) - return r; - - r = sd_bus_creds_get_well_known_names(destination_creds, &destination_names); - if (r < 0) - return r; + return handle_policy_error(m, r); r = sd_bus_creds_get_unique_name(destination_creds, &destination_unique); if (r < 0) - return r; + return handle_policy_error(m, r); + + sd_bus_creds_get_well_known_names(destination_creds, &destination_names); (void) sd_bus_creds_get_uid(destination_creds, &destination_uid); (void) sd_bus_creds_get_gid(destination_creds, &destination_gid); } - /* First check if we, the sender can send to this name */ + /* First check if we (the sender) can send to this name */ if (strv_isempty(destination_names)) { if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member)) granted = true; @@ -1112,7 +1126,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p /* Return an error back to the caller */ if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL) - return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy."); + return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy."); /* Return 1, indicating that the message shall not be processed any further */ return 1; @@ -1159,34 +1173,24 @@ static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hell return 0; r = sd_bus_message_new_method_return(m, &n); - if (r < 0) { - log_error_errno(r, "Failed to generate HELLO reply: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to generate HELLO reply: %m"); r = sd_bus_message_append(n, "s", a->unique_name); - if (r < 0) { - log_error_errno(r, "Failed to append unique name to HELLO reply: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to append unique name to HELLO reply: %m"); r = bus_message_append_sender(n, "org.freedesktop.DBus"); - if (r < 0) { - log_error_errno(r, "Failed to append sender to HELLO reply: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to append sender to HELLO reply: %m"); r = bus_seal_synthetic_message(b, n); - if (r < 0) { - log_error_errno(r, "Failed to seal HELLO reply: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to seal HELLO reply: %m"); r = sd_bus_send(b, n, NULL); - if (r < 0) { - log_error_errno(r, "Failed to send HELLO reply: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to send HELLO reply: %m"); n = sd_bus_message_unref(n); r = sd_bus_message_new_signal( @@ -1195,34 +1199,24 @@ static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hell "/org/freedesktop/DBus", "org.freedesktop.DBus", "NameAcquired"); - if (r < 0) { - log_error_errno(r, "Failed to allocate initial NameAcquired message: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to allocate initial NameAcquired message: %m"); r = sd_bus_message_append(n, "s", a->unique_name); - if (r < 0) { - log_error_errno(r, "Failed to append unique name to NameAcquired message: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to append unique name to NameAcquired message: %m"); r = bus_message_append_sender(n, "org.freedesktop.DBus"); - if (r < 0) { - log_error_errno(r, "Failed to append sender to NameAcquired message: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to append sender to NameAcquired message: %m"); r = bus_seal_synthetic_message(b, n); - if (r < 0) { - log_error_errno(r, "Failed to seal NameAcquired message: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to seal NameAcquired message: %m"); r = sd_bus_send(b, n, NULL); - if (r < 0) { - log_error_errno(r, "Failed to send NameAcquired message: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to send NameAcquired message: %m"); return 1; } @@ -1257,6 +1251,23 @@ static int patch_sender(sd_bus *a, sd_bus_message *m) { return 0; } +static int mac_smack_apply_label_and_drop_cap_mac_admin(pid_t its_pid, const char *new_label) { +#ifdef HAVE_SMACK + int r = 0, k; + + if (!mac_smack_use()) + return 0; + + if (new_label && its_pid > 0) + r = mac_smack_apply_pid(its_pid, new_label); + + k = drop_capability(CAP_MAC_ADMIN); + return r < 0 ? r : k; +#else + return 0; +#endif +} + int main(int argc, char *argv[]) { _cleanup_bus_close_unref_ sd_bus *a = NULL, *b = NULL; @@ -1296,6 +1307,10 @@ int main(int argc, char *argv[]) { if (is_unix) { (void) getpeercred(in_fd, &ucred); (void) getpeersec(in_fd, &peersec); + + r = mac_smack_apply_label_and_drop_cap_mac_admin(getpid(), peersec); + if (r < 0) + log_warning_errno(r, "Failed to set SMACK label (%s) and drop CAP_MAC_ADMIN: %m", peersec); } if (arg_drop_privileges) { @@ -1355,13 +1370,13 @@ int main(int argc, char *argv[]) { a->fake_pids_valid = true; a->fake_creds.uid = ucred.uid; - a->fake_creds.euid = (uid_t) -1; - a->fake_creds.suid = (uid_t) -1; - a->fake_creds.fsuid = (uid_t) -1; + a->fake_creds.euid = UID_INVALID; + a->fake_creds.suid = UID_INVALID; + a->fake_creds.fsuid = UID_INVALID; a->fake_creds.gid = ucred.gid; - a->fake_creds.egid = (gid_t) -1; - a->fake_creds.sgid = (gid_t) -1; - a->fake_creds.fsgid = (gid_t) -1; + a->fake_creds.egid = GID_INVALID; + a->fake_creds.sgid = GID_INVALID; + a->fake_creds.fsgid = GID_INVALID; a->fake_creds_valid = true; } @@ -1378,46 +1393,57 @@ int main(int argc, char *argv[]) { goto finish; } - r = sd_bus_get_owner_id(a, &server_id); + r = sd_bus_get_bus_id(a, &server_id); if (r < 0) { log_error_errno(r, "Failed to get server ID: %m"); goto finish; } if (a->is_kernel) { - _cleanup_bus_creds_unref_ sd_bus_creds *bus_creds = NULL; - uid_t bus_uid; - - r = sd_bus_get_owner_creds(a, SD_BUS_CREDS_UID, &bus_creds); - if (r < 0) { - log_error_errno(r, "Failed to get bus creds: %m"); - goto finish; - } - - r = sd_bus_creds_get_uid(bus_creds, &bus_uid); - if (r < 0) { - log_error_errno(r, "Failed to get bus owner UID: %m"); - goto finish; - } - - if (bus_uid == 0) { - /* We only enforce the old XML policy on - * kernel busses owned by root users. */ + if (!arg_configuration) { + const char *scope; - r = policy_load(&policy_buffer, arg_configuration); + r = sd_bus_get_scope(a, &scope); if (r < 0) { - log_error_errno(r, "Failed to load policy: %m"); + log_error_errno(r, "Couldn't determine bus scope: %m"); goto finish; } - if (!policy_check_hello(&policy_buffer, ucred.uid, ucred.gid)) { - log_error("Policy denied connection"); - r = -EPERM; + if (streq(scope, "system")) + arg_configuration = strv_new( + "/etc/dbus-1/system.conf", + "/etc/dbus-1/system.d/", + "/etc/dbus-1/system-local.conf", + NULL); + else if (streq(scope, "user")) + arg_configuration = strv_new( + "/etc/dbus-1/session.conf", + "/etc/dbus-1/session.d/", + "/etc/dbus-1/session-local.conf", + NULL); + else { + log_error("Unknown scope %s, don't know which policy to load. Refusing.", scope); goto finish; } - policy_dump(&policy_buffer); - policy = &policy_buffer; + if (!arg_configuration) { + r = log_oom(); + goto finish; + } + } + + r = policy_load(&policy_buffer, arg_configuration); + if (r < 0) { + log_error_errno(r, "Failed to load policy: %m"); + goto finish; + } + + policy = &policy_buffer; + /* policy_dump(policy); */ + + if (!policy_check_hello(policy, ucred.uid, ucred.gid)) { + r = log_error_errno(EPERM, "Policy denied connection."); + goto finish; } } @@ -1732,7 +1758,7 @@ int main(int argc, char *argv[]) { r = ppoll(pollfd, 3, ts, NULL); if (r < 0) { - log_error("ppoll() failed: %m"); + log_error_errno(errno, "ppoll() failed: %m"); goto finish; } }