X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fbus-proxyd%2Fbus-proxyd.c;h=fc70cce9402392dea2795996cb81ae0d18202af9;hb=13790add4bf648fed816361794d8277a75253410;hp=5d304538fd757db56006f9bef807062ac35a6ef6;hpb=dd5ae4c36c89da5dbe8d1628939b26c00db98753;p=elogind.git diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c index 5d304538f..fc70cce94 100644 --- a/src/bus-proxyd/bus-proxyd.c +++ b/src/bus-proxyd/bus-proxyd.c @@ -44,9 +44,10 @@ #include "strv.h" #include "def.h" #include "capability.h" -#include "bus-policy.h" #include "bus-control.h" #include "smack-util.h" +#include "set.h" +#include "bus-xml-policy.h" static char *arg_address = NULL; static char *arg_command_line_buffer = NULL; @@ -138,9 +139,9 @@ static int parse_argv(int argc, char *argv[]) { return log_oom(); #ifdef ENABLE_KDBUS - a = strjoin("x-container-kernel:machine=", e, ";x-container-unix:machine=", e, NULL); + a = strjoin("x-machine-kernel:machine=", e, ";x-machine-unix:machine=", e, NULL); #else - a = strjoin("x-container-unix:machine=", e, NULL); + a = strjoin("x-machine-unix:machine=", e, NULL); #endif if (!a) return log_oom(); @@ -344,6 +345,17 @@ static int synthetic_reply_method_error(sd_bus_message *call, const sd_bus_error return synthetic_driver_send(call->bus, m); } +static int synthetic_reply_method_errorf(sd_bus_message *call, const char *name, const char *format, ...) { + _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL; + va_list ap; + + va_start(ap, format); + bus_error_setfv(&error, name, format, ap); + va_end(ap); + + return synthetic_reply_method_error(call, &error); +} + static int synthetic_reply_method_errno(sd_bus_message *call, int error, const sd_bus_error *p) { _cleanup_bus_error_free_ sd_bus_error berror = SD_BUS_ERROR_NULL; @@ -817,6 +829,10 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic if (r < 0) return synthetic_reply_method_errno(m, r, NULL); + if (streq(name, "org.freedesktop.DBus")) + return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS, + "Connection is not allowed to own the org.freedesktop.DBus service.")); + if (policy && !policy_check_own(policy, ucred->uid, ucred->gid, name)) return synthetic_reply_method_errno(m, -EPERM, NULL); @@ -960,6 +976,13 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic } } +static int handle_policy_error(sd_bus_message *m, int r) { + if (r == -ESRCH || r == -ENXIO) + return synthetic_reply_method_errorf(m, SD_BUS_ERROR_NAME_HAS_NO_OWNER, "Name %s is currently not owned by anyone.", m->destination); + + return r; +} + static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) { int r; @@ -981,9 +1004,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p return 0; /* The message came from the kernel, and is sent to our legacy client. */ - r = sd_bus_creds_get_well_known_names(&m->creds, &sender_names); - if (r < 0) - return r; + sd_bus_creds_get_well_known_names(&m->creds, &sender_names); (void) sd_bus_creds_get_uid(&m->creds, &sender_uid); (void) sd_bus_creds_get_gid(&m->creds, &sender_gid); @@ -1004,7 +1025,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p } if (granted) { - /* Then check whether us (the recipient) can recieve from the sender's name */ + /* Then check whether us (the recipient) can receive from the sender's name */ if (strv_isempty(sender_names)) { if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member)) return 0; @@ -1020,7 +1041,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p /* Return an error back to the caller */ if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL) - return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy."); + return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy."); /* Return 1, indicating that the message shall not be processed any further */ return 1; @@ -1045,15 +1066,13 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID, true, &destination_creds); if (r < 0) - return r; - - r = sd_bus_creds_get_well_known_names(destination_creds, &destination_names); - if (r < 0) - return r; + return handle_policy_error(m, r); r = sd_bus_creds_get_unique_name(destination_creds, &destination_unique); if (r < 0) - return r; + return handle_policy_error(m, r); + + sd_bus_creds_get_well_known_names(destination_creds, &destination_names); (void) sd_bus_creds_get_uid(destination_creds, &destination_uid); (void) sd_bus_creds_get_gid(destination_creds, &destination_gid); @@ -1111,7 +1130,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p /* Return an error back to the caller */ if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL) - return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy."); + return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy."); /* Return 1, indicating that the message shall not be processed any further */ return 1;