X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fbus-proxyd%2Fproxy.c;h=bd02ee12b37754b5fb47fbd174de75d8879d0605;hb=f8eeeaf9b783ebbab30672629abf3920db286811;hp=ab164474fa86a301abfe1ac9e7aeaca096f3c0c9;hpb=c4bc1a8434f2a34840ea6f63064fa998ecfae738;p=elogind.git diff --git a/src/bus-proxyd/proxy.c b/src/bus-proxyd/proxy.c index ab164474f..bd02ee12b 100644 --- a/src/bus-proxyd/proxy.c +++ b/src/bus-proxyd/proxy.c @@ -73,7 +73,7 @@ static int proxy_create_dest(Proxy *p, const char *dest, const char *local_sec, if (r < 0) return log_error_errno(r, "Failed to set FD negotiation: %m"); - r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_GID|SD_BUS_CREDS_SELINUX_CONTEXT); + r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SELINUX_CONTEXT); if (r < 0) return log_error_errno(r, "Failed to set credential negotiation: %m"); @@ -82,13 +82,13 @@ static int proxy_create_dest(Proxy *p, const char *dest, const char *local_sec, b->fake_pids_valid = true; b->fake_creds.uid = p->local_creds.uid; - b->fake_creds.euid = UID_INVALID; - b->fake_creds.suid = UID_INVALID; - b->fake_creds.fsuid = UID_INVALID; + b->fake_creds.euid = p->local_creds.uid; + b->fake_creds.suid = p->local_creds.uid; + b->fake_creds.fsuid = p->local_creds.uid; b->fake_creds.gid = p->local_creds.gid; - b->fake_creds.egid = GID_INVALID; - b->fake_creds.sgid = GID_INVALID; - b->fake_creds.fsgid = GID_INVALID; + b->fake_creds.egid = p->local_creds.gid; + b->fake_creds.sgid = p->local_creds.gid; + b->fake_creds.fsgid = p->local_creds.gid; b->fake_creds_valid = true; } @@ -134,7 +134,7 @@ static int proxy_create_local(Proxy *p, int in_fd, int out_fd, bool negotiate_fd if (r < 0) return log_error_errno(r, "Failed to set FD negotiation: %m"); - r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_GID|SD_BUS_CREDS_SELINUX_CONTEXT); + r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SELINUX_CONTEXT); if (r < 0) return log_error_errno(r, "Failed to set credential negotiation: %m"); @@ -425,7 +425,6 @@ static int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, uid_t sender_uid = UID_INVALID; gid_t sender_gid = GID_INVALID; char **sender_names = NULL; - bool granted = false; /* Driver messages are always OK */ if (streq_ptr(m->sender, "org.freedesktop.DBus")) @@ -434,8 +433,8 @@ static int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, /* The message came from the kernel, and is sent to our legacy client. */ sd_bus_creds_get_well_known_names(&m->creds, &sender_names); - (void) sd_bus_creds_get_uid(&m->creds, &sender_uid); - (void) sd_bus_creds_get_gid(&m->creds, &sender_gid); + (void) sd_bus_creds_get_euid(&m->creds, &sender_uid); + (void) sd_bus_creds_get_egid(&m->creds, &sender_gid); if (sender_uid == UID_INVALID || sender_gid == GID_INVALID) { _cleanup_bus_creds_unref_ sd_bus_creds *sender_creds = NULL; @@ -447,43 +446,18 @@ static int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, * case, query the creds of the peer * instead. */ - r = bus_get_name_creds_kdbus(from, m->sender, SD_BUS_CREDS_UID|SD_BUS_CREDS_GID, true, &sender_creds); + r = bus_get_name_creds_kdbus(from, m->sender, SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID, true, &sender_creds); if (r < 0) return handle_policy_error(m, r); - (void) sd_bus_creds_get_uid(sender_creds, &sender_uid); - (void) sd_bus_creds_get_gid(sender_creds, &sender_gid); + (void) sd_bus_creds_get_euid(sender_creds, &sender_uid); + (void) sd_bus_creds_get_egid(sender_creds, &sender_gid); } /* First check whether the sender can send the message to our name */ - if (set_isempty(owned_names)) { - if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, NULL, m->path, m->interface, m->member, false)) - granted = true; - } else { - Iterator i; - char *n; - - SET_FOREACH(n, owned_names, i) - if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, n, m->path, m->interface, m->member, false)) { - granted = true; - break; - } - } - - if (granted) { - /* Then check whether us (the recipient) can receive from the sender's name */ - if (strv_isempty(sender_names)) { - if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member, false)) - return 0; - } else { - char **n; - - STRV_FOREACH(n, sender_names) { - if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member, false)) - return 0; - } - } - } + if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, owned_names, NULL, m->path, m->interface, m->member, false, NULL) && + policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, sender_names, m->path, m->interface, m->member, false)) + return 0; /* Return an error back to the caller */ if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL) @@ -499,7 +473,7 @@ static int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, gid_t destination_gid = GID_INVALID; const char *destination_unique = NULL; char **destination_names = NULL; - bool granted = false; + char *n; /* Driver messages are always OK */ if (streq_ptr(m->destination, "org.freedesktop.DBus")) @@ -509,7 +483,7 @@ static int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, if (m->destination) { r = bus_get_name_creds_kdbus(to, m->destination, SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME| - SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID, + SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_PID, true, &destination_creds); if (r < 0) return handle_policy_error(m, r); @@ -520,47 +494,29 @@ static int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, sd_bus_creds_get_well_known_names(destination_creds, &destination_names); - (void) sd_bus_creds_get_uid(destination_creds, &destination_uid); - (void) sd_bus_creds_get_gid(destination_creds, &destination_gid); + (void) sd_bus_creds_get_euid(destination_creds, &destination_uid); + (void) sd_bus_creds_get_egid(destination_creds, &destination_gid); } /* First check if we (the sender) can send to this name */ - if (strv_isempty(destination_names)) { - if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member, true)) - granted = true; - } else { - char **n; - - STRV_FOREACH(n, destination_names) { - if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member, true)) { - - /* If we made a receiver decision, - then remember which name's policy - we used, and to which unique ID it - mapped when we made the - decision. Then, let's pass this to - the kernel when sending the - message, so that it refuses the - operation should the name and - unique ID not map to each other - anymore. */ - - r = free_and_strdup(&m->destination_ptr, *n); - if (r < 0) - return r; - - r = bus_kernel_parse_unique_name(destination_unique, &m->verify_destination_id); - if (r < 0) - break; - - granted = true; - break; - } + if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, destination_names, m->path, m->interface, m->member, true, &n)) { + if (n) { + /* If we made a receiver decision, then remember which + * name's policy we used, and to which unique ID it + * mapped when we made the decision. Then, let's pass + * this to the kernel when sending the message, so that + * it refuses the operation should the name and unique + * ID not map to each other anymore. */ + + r = free_and_strdup(&m->destination_ptr, n); + if (r < 0) + return r; + + r = bus_kernel_parse_unique_name(destination_unique, &m->verify_destination_id); + if (r < 0) + return r; } - } - /* Then check if the recipient can receive from our name */ - if (granted) { if (sd_bus_message_is_signal(m, NULL, NULL)) { /* If we forward a signal from dbus-1 to kdbus, * we have no idea who the recipient is. @@ -571,16 +527,8 @@ static int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, * receiver policies to the message. Therefore, * skip policy checks in this case. */ return 0; - } else if (set_isempty(owned_names)) { - if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, NULL, m->path, m->interface, m->member, true)) - return 0; - } else { - Iterator i; - char *n; - - SET_FOREACH(n, owned_names, i) - if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, n, m->path, m->interface, m->member, true)) - return 0; + } else if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, owned_names, NULL, m->path, m->interface, m->member, true)) { + return 0; } }