X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fbus-proxyd%2Fbus-proxyd.c;h=6dfba14695c0f689712447470b8aab957699e950;hb=affc3d834347076e8616948978e70ed1fca84db4;hp=5c8357c7b5832c45553441d7cd40aef2a65ac4c6;hpb=da927ba997d68401563b927f92e6e40e021a8e5c;p=elogind.git diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c index 5c8357c7b..6dfba1469 100644 --- a/src/bus-proxyd/bus-proxyd.c +++ b/src/bus-proxyd/bus-proxyd.c @@ -61,7 +61,7 @@ static int help(void) { " --configuration=PATH Configuration file or directory\n" " --machine=MACHINE Connect to specified machine\n" " --address=ADDRESS Connect to the bus specified by ADDRESS\n" - " (default: " DEFAULT_SYSTEM_BUS_PATH ")\n", + " (default: " DEFAULT_SYSTEM_BUS_ADDRESS ")\n", program_invocation_short_name); return 0; @@ -166,7 +166,7 @@ static int parse_argv(int argc, char *argv[]) { } if (!arg_address) { - arg_address = strdup(DEFAULT_SYSTEM_BUS_PATH); + arg_address = strdup(DEFAULT_SYSTEM_BUS_ADDRESS); if (!arg_address) return log_oom(); } @@ -625,7 +625,7 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic if (!sd_bus_message_has_signature(m, "")) return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS, "Invalid parameters")); - r = sd_bus_get_owner_id(a, &server_id); + r = sd_bus_get_bus_id(a, &server_id); if (r < 0) return synthetic_reply_method_errno(m, r, NULL); @@ -689,7 +689,6 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "ListQueuedOwners")) { struct kdbus_cmd_name_list cmd = {}; struct kdbus_name_list *name_list; - struct kdbus_cmd_free cmd_free; struct kdbus_name_info *name; _cleanup_strv_free_ char **owners = NULL; _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; @@ -742,10 +741,7 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic } } - cmd_free.flags = 0; - cmd_free.offset = cmd.offset; - - r = ioctl(a->input_fd, KDBUS_CMD_FREE, &cmd_free); + r = bus_kernel_cmd_free(a, cmd.offset); if (r < 0) return synthetic_reply_method_errno(m, r, NULL); @@ -1159,34 +1155,24 @@ static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hell return 0; r = sd_bus_message_new_method_return(m, &n); - if (r < 0) { - log_error_errno(r, "Failed to generate HELLO reply: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to generate HELLO reply: %m"); r = sd_bus_message_append(n, "s", a->unique_name); - if (r < 0) { - log_error_errno(r, "Failed to append unique name to HELLO reply: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to append unique name to HELLO reply: %m"); r = bus_message_append_sender(n, "org.freedesktop.DBus"); - if (r < 0) { - log_error_errno(r, "Failed to append sender to HELLO reply: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to append sender to HELLO reply: %m"); r = bus_seal_synthetic_message(b, n); - if (r < 0) { - log_error_errno(r, "Failed to seal HELLO reply: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to seal HELLO reply: %m"); r = sd_bus_send(b, n, NULL); - if (r < 0) { - log_error_errno(r, "Failed to send HELLO reply: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to send HELLO reply: %m"); n = sd_bus_message_unref(n); r = sd_bus_message_new_signal( @@ -1195,34 +1181,24 @@ static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hell "/org/freedesktop/DBus", "org.freedesktop.DBus", "NameAcquired"); - if (r < 0) { - log_error_errno(r, "Failed to allocate initial NameAcquired message: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to allocate initial NameAcquired message: %m"); r = sd_bus_message_append(n, "s", a->unique_name); - if (r < 0) { - log_error_errno(r, "Failed to append unique name to NameAcquired message: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to append unique name to NameAcquired message: %m"); r = bus_message_append_sender(n, "org.freedesktop.DBus"); - if (r < 0) { - log_error_errno(r, "Failed to append sender to NameAcquired message: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to append sender to NameAcquired message: %m"); r = bus_seal_synthetic_message(b, n); - if (r < 0) { - log_error_errno(r, "Failed to seal NameAcquired message: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to seal NameAcquired message: %m"); r = sd_bus_send(b, n, NULL); - if (r < 0) { - log_error_errno(r, "Failed to send NameAcquired message: %m"); - return r; - } + if (r < 0) + return log_error_errno(r, "Failed to send NameAcquired message: %m"); return 1; } @@ -1378,46 +1354,57 @@ int main(int argc, char *argv[]) { goto finish; } - r = sd_bus_get_owner_id(a, &server_id); + r = sd_bus_get_bus_id(a, &server_id); if (r < 0) { log_error_errno(r, "Failed to get server ID: %m"); goto finish; } if (a->is_kernel) { - _cleanup_bus_creds_unref_ sd_bus_creds *bus_creds = NULL; - uid_t bus_uid; - - r = sd_bus_get_owner_creds(a, SD_BUS_CREDS_UID, &bus_creds); - if (r < 0) { - log_error_errno(r, "Failed to get bus creds: %m"); - goto finish; - } + if (!arg_configuration) { + const char *scope; - r = sd_bus_creds_get_uid(bus_creds, &bus_uid); - if (r < 0) { - log_error_errno(r, "Failed to get bus owner UID: %m"); - goto finish; - } - - if (bus_uid == 0) { - /* We only enforce the old XML policy on - * kernel busses owned by root users. */ - - r = policy_load(&policy_buffer, arg_configuration); + r = sd_bus_get_scope(a, &scope); if (r < 0) { - log_error_errno(r, "Failed to load policy: %m"); + log_error_errno(r, "Couldn't determine bus scope: %m"); goto finish; } - if (!policy_check_hello(&policy_buffer, ucred.uid, ucred.gid)) { - log_error("Policy denied connection"); - r = -EPERM; + if (streq(scope, "system")) + arg_configuration = strv_new( + "/etc/dbus-1/system.conf", + "/etc/dbus-1/system.d/", + "/etc/dbus-1/system-local.conf", + NULL); + else if (streq(scope, "user")) + arg_configuration = strv_new( + "/etc/dbus-1/session.conf", + "/etc/dbus-1/session.d/", + "/etc/dbus-1/session-local.conf", + NULL); + else { + log_error("Unknown scope %s, don't know which policy to load. Refusing.", scope); goto finish; } - policy_dump(&policy_buffer); - policy = &policy_buffer; + if (!arg_configuration) { + r = log_oom(); + goto finish; + } + } + + r = policy_load(&policy_buffer, arg_configuration); + if (r < 0) { + log_error_errno(r, "Failed to load policy: %m"); + goto finish; + } + + policy = &policy_buffer; + policy_dump(policy); + + if (!policy_check_hello(policy, ucred.uid, ucred.gid)) { + r = log_error_errno(EPERM, "Policy denied connection."); + goto finish; } } @@ -1732,7 +1719,7 @@ int main(int argc, char *argv[]) { r = ppoll(pollfd, 3, ts, NULL); if (r < 0) { - log_error("ppoll() failed: %m"); + log_error_errno(errno, "ppoll() failed: %m"); goto finish; } }