bus-proxy: dbus-daemon implies that connections from UIDs that are identical to the...

[elogind.git] / src / bus-proxyd / bus-proxyd.c

diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 44e16fcd15c6b87a536cd1a66aee62a981fe28a3..6101a20ad8c4e567f6f286152b1e310795d5b066 100644 (file)
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -1282,6 +1282,7 @@ int main(int argc, char *argv[]) {
         _cleanup_free_ char *peersec = NULL;
         Policy policy_buffer = {}, *policy = NULL;
         _cleanup_set_free_free_ Set *owned_names = NULL;
+        uid_t original_uid;
 
         log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
         log_parse_environment();
@@ -1303,6 +1304,8 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
+        original_uid = getuid();
+
         is_unix =
                 sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
                 sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
@@ -1444,7 +1447,11 @@ int main(int argc, char *argv[]) {
                 policy = &policy_buffer;
                 /* policy_dump(policy); */
 
-                if (!policy_check_hello(policy, ucred.uid, ucred.gid)) {
+                if (ucred.uid == original_uid)
+                        log_debug("Permitting access, since bus owner matches bus client.");
+                else if (policy_check_hello(policy, ucred.uid, ucred.gid))
+                        log_debug("Permitting access due to XML policy.");
+                else {
                         r = log_error_errno(EPERM, "Policy denied connection.");
                         goto finish;
                 }
@@ -1605,14 +1612,26 @@ int main(int argc, char *argv[]) {
                                 if (!processed) {
                                         k = sd_bus_send(b, m, NULL);
                                         if (k < 0) {
-                                                if (k == -ECONNRESET)
+                                                if (k == -ECONNRESET) {
                                                         r = 0;
-                                                else {
+                                                        goto finish;
+                                                } else if (k == -EPERM && m->reply_cookie > 0) {
+                                                        /* If the peer tries to send a reply and it is rejected with EPERM
+                                                         * by the kernel, we ignore the error. This catches cases where the
+                                                         * original method-call didn't had EXPECT_REPLY set, but the proxy-peer
+                                                         * still sends a reply. This is allowed in dbus1, but not in kdbus. We
+                                                         * don't want to track reply-windows in the proxy, so we simply ignore
+                                                         * EPERM for all replies. The only downside is, that callers are no
+                                                         * longer notified if their replies are dropped. However, this is
+                                                         * equivalent to the caller's timeout to expire, so this should be
+                                                         * acceptable. Nobody sane sends replies without a matching method-call,
+                                                         * so nobody should care. */
+                                                        r = 1;
+                                                } else {
                                                         r = k;
                                                         log_error_errno(r, "Failed to send message to client: %m");
+                                                        goto finish;
                                                 }
-
-                                                goto finish;
                                         } else
                                                 r = 1;
                                 }
@@ -1682,17 +1701,20 @@ int main(int argc, char *argv[]) {
 
                                                 k = sd_bus_send(a, m, NULL);
                                                 if (k < 0) {
-                                                        if (k == -EREMCHG)
+                                                        if (k == -EREMCHG) {
                                                                 /* The name database changed since the policy check, hence let's check again */
                                                                 continue;
-                                                        else if (k == -ECONNRESET)
+                                                        } else if (k == -ECONNRESET) {
                                                                 r = 0;
-                                                        else {
+                                                                goto finish;
+                                                        } else if (k == -EPERM && m->reply_cookie > 0) {
+                                                                /* see above why EPERM is ignored for replies */
+                                                                r = 1;
+                                                        } else {
                                                                 r = k;
                                                                 log_error_errno(r, "Failed to send message to bus: %m");
+                                                                goto finish;
                                                         }
-
-                                                        goto finish;
                                                 } else
                                                         r = 1;