#include "strv.h"
#include "def.h"
#include "capability.h"
-#include "bus-policy.h"
+#include "bus-control.h"
+#include "smack-util.h"
+#include "set.h"
+#include "bus-xml-policy.h"
static char *arg_address = NULL;
static char *arg_command_line_buffer = NULL;
" --configuration=PATH Configuration file or directory\n"
" --machine=MACHINE Connect to specified machine\n"
" --address=ADDRESS Connect to the bus specified by ADDRESS\n"
- " (default: " DEFAULT_SYSTEM_BUS_PATH ")\n",
+ " (default: " DEFAULT_SYSTEM_BUS_ADDRESS ")\n",
program_invocation_short_name);
return 0;
return log_oom();
#ifdef ENABLE_KDBUS
- a = strjoin("x-container-kernel:machine=", e, ";x-container-unix:machine=", e, NULL);
+ a = strjoin("x-machine-kernel:machine=", e, ";x-machine-unix:machine=", e, NULL);
#else
- a = strjoin("x-container-unix:machine=", e, NULL);
+ a = strjoin("x-machine-unix:machine=", e, NULL);
#endif
if (!a)
return log_oom();
}
if (!arg_address) {
- arg_address = strdup(DEFAULT_SYSTEM_BUS_PATH);
+ arg_address = strdup(DEFAULT_SYSTEM_BUS_ADDRESS);
if (!arg_address)
return log_oom();
}
assert(a);
assert(b);
- r = sd_bus_get_owner_creds(b, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_COMM, &creds);
+ r = sd_bus_get_owner_creds(b, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_COMM|SD_BUS_CREDS_AUGMENT, &creds);
if (r < 0)
return r;
return synthetic_driver_send(call->bus, m);
}
+static int synthetic_reply_method_errorf(sd_bus_message *call, const char *name, const char *format, ...) {
+ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
+ va_list ap;
+
+ va_start(ap, format);
+ bus_error_setfv(&error, name, format, ap);
+ va_end(ap);
+
+ return synthetic_reply_method_error(call, &error);
+}
+
static int synthetic_reply_method_errno(sd_bus_message *call, int error, const sd_bus_error *p) {
_cleanup_bus_error_free_ sd_bus_error berror = SD_BUS_ERROR_NULL;
assert(call);
+ if (call->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED)
+ return 0;
+
r = sd_bus_message_new_method_return(call, &m);
if (r < 0)
return synthetic_reply_method_errno(call, r, NULL);
if (!sd_bus_message_has_signature(m, ""))
return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS, "Invalid parameters"));
- r = sd_bus_get_owner_id(a, &server_id);
+ r = sd_bus_get_bus_id(a, &server_id);
if (r < 0)
return synthetic_reply_method_errno(m, r, NULL);
} else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "ListQueuedOwners")) {
struct kdbus_cmd_name_list cmd = {};
struct kdbus_name_list *name_list;
- struct kdbus_cmd_free cmd_free;
struct kdbus_name_info *name;
_cleanup_strv_free_ char **owners = NULL;
_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
}
}
- cmd_free.flags = 0;
- cmd_free.offset = cmd.offset;
-
- r = ioctl(a->input_fd, KDBUS_CMD_FREE, &cmd_free);
+ r = bus_kernel_cmd_free(a, cmd.offset);
if (r < 0)
return synthetic_reply_method_errno(m, r, NULL);
}
}
+static int handle_policy_error(sd_bus_message *m, int r) {
+ if (r == -ESRCH || r == -ENXIO)
+ return synthetic_reply_method_errorf(m, SD_BUS_ERROR_NAME_HAS_NO_OWNER, "Name %s is currently not owned by anyone.", m->destination);
+
+ return r;
+}
+
static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) {
int r;
return 0;
if (from->is_kernel) {
- uid_t sender_uid = (uid_t) -1;
- gid_t sender_gid = (gid_t) -1;
+ uid_t sender_uid = UID_INVALID;
+ gid_t sender_gid = GID_INVALID;
char **sender_names = NULL;
bool granted = false;
return 0;
/* The message came from the kernel, and is sent to our legacy client. */
- r = sd_bus_creds_get_well_known_names(&m->creds, &sender_names);
- if (r < 0)
- return r;
+ sd_bus_creds_get_well_known_names(&m->creds, &sender_names);
(void) sd_bus_creds_get_uid(&m->creds, &sender_uid);
(void) sd_bus_creds_get_gid(&m->creds, &sender_gid);
}
if (granted) {
- /* Then check whether us, the recipient can recieve from the sender's name */
+ /* Then check whether us (the recipient) can receive from the sender's name */
if (strv_isempty(sender_names)) {
if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member))
return 0;
/* Return an error back to the caller */
if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
- return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy.");
+ return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy.");
/* Return 1, indicating that the message shall not be processed any further */
return 1;
if (to->is_kernel) {
_cleanup_bus_creds_unref_ sd_bus_creds *destination_creds = NULL;
- uid_t destination_uid = (uid_t) -1;
- gid_t destination_gid = (gid_t) -1;
+ uid_t destination_uid = UID_INVALID;
+ gid_t destination_gid = GID_INVALID;
const char *destination_unique = NULL;
char **destination_names = NULL;
bool granted = false;
/* The message came from the legacy client, and is sent to kdbus. */
if (m->destination) {
- r = sd_bus_get_name_creds(to, m->destination,
- SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
- SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID, &destination_creds);
- if (r < 0)
- return r;
-
- r = sd_bus_creds_get_well_known_names(destination_creds, &destination_names);
+ r = bus_get_name_creds_kdbus(to, m->destination,
+ SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
+ SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID,
+ true, &destination_creds);
if (r < 0)
- return r;
+ return handle_policy_error(m, r);
r = sd_bus_creds_get_unique_name(destination_creds, &destination_unique);
if (r < 0)
- return r;
+ return handle_policy_error(m, r);
+
+ sd_bus_creds_get_well_known_names(destination_creds, &destination_names);
(void) sd_bus_creds_get_uid(destination_creds, &destination_uid);
(void) sd_bus_creds_get_gid(destination_creds, &destination_gid);
}
- /* First check if we, the sender can send to this name */
+ /* First check if we (the sender) can send to this name */
if (strv_isempty(destination_names)) {
if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member))
granted = true;
/* Return an error back to the caller */
if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
- return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy.");
+ return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy.");
/* Return 1, indicating that the message shall not be processed any further */
return 1;
return 0;
r = sd_bus_message_new_method_return(m, &n);
- if (r < 0) {
- log_error_errno(r, "Failed to generate HELLO reply: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to generate HELLO reply: %m");
r = sd_bus_message_append(n, "s", a->unique_name);
- if (r < 0) {
- log_error_errno(r, "Failed to append unique name to HELLO reply: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to append unique name to HELLO reply: %m");
r = bus_message_append_sender(n, "org.freedesktop.DBus");
- if (r < 0) {
- log_error_errno(r, "Failed to append sender to HELLO reply: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to append sender to HELLO reply: %m");
r = bus_seal_synthetic_message(b, n);
- if (r < 0) {
- log_error_errno(r, "Failed to seal HELLO reply: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to seal HELLO reply: %m");
r = sd_bus_send(b, n, NULL);
- if (r < 0) {
- log_error_errno(r, "Failed to send HELLO reply: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to send HELLO reply: %m");
n = sd_bus_message_unref(n);
r = sd_bus_message_new_signal(
"/org/freedesktop/DBus",
"org.freedesktop.DBus",
"NameAcquired");
- if (r < 0) {
- log_error_errno(r, "Failed to allocate initial NameAcquired message: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to allocate initial NameAcquired message: %m");
r = sd_bus_message_append(n, "s", a->unique_name);
- if (r < 0) {
- log_error_errno(r, "Failed to append unique name to NameAcquired message: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to append unique name to NameAcquired message: %m");
r = bus_message_append_sender(n, "org.freedesktop.DBus");
- if (r < 0) {
- log_error_errno(r, "Failed to append sender to NameAcquired message: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to append sender to NameAcquired message: %m");
r = bus_seal_synthetic_message(b, n);
- if (r < 0) {
- log_error_errno(r, "Failed to seal NameAcquired message: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to seal NameAcquired message: %m");
r = sd_bus_send(b, n, NULL);
- if (r < 0) {
- log_error_errno(r, "Failed to send NameAcquired message: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to send NameAcquired message: %m");
return 1;
}
return 0;
}
+static int mac_smack_apply_label_and_drop_cap_mac_admin(pid_t its_pid, const char *new_label) {
+#ifdef HAVE_SMACK
+ int r = 0, k;
+
+ if (!mac_smack_use())
+ return 0;
+
+ if (new_label && its_pid > 0)
+ r = mac_smack_apply_pid(its_pid, new_label);
+
+ k = drop_capability(CAP_MAC_ADMIN);
+ return r < 0 ? r : k;
+#else
+ return 0;
+#endif
+}
+
int main(int argc, char *argv[]) {
_cleanup_bus_close_unref_ sd_bus *a = NULL, *b = NULL;
_cleanup_free_ char *peersec = NULL;
Policy policy_buffer = {}, *policy = NULL;
_cleanup_set_free_free_ Set *owned_names = NULL;
+ uid_t original_uid;
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
log_parse_environment();
goto finish;
}
+ original_uid = getuid();
+
is_unix =
sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
if (is_unix) {
(void) getpeercred(in_fd, &ucred);
(void) getpeersec(in_fd, &peersec);
+
+ r = mac_smack_apply_label_and_drop_cap_mac_admin(getpid(), peersec);
+ if (r < 0)
+ log_warning_errno(r, "Failed to set SMACK label (%s) and drop CAP_MAC_ADMIN: %m", peersec);
}
if (arg_drop_privileges) {
a->fake_pids_valid = true;
a->fake_creds.uid = ucred.uid;
- a->fake_creds.euid = (uid_t) -1;
- a->fake_creds.suid = (uid_t) -1;
- a->fake_creds.fsuid = (uid_t) -1;
+ a->fake_creds.euid = UID_INVALID;
+ a->fake_creds.suid = UID_INVALID;
+ a->fake_creds.fsuid = UID_INVALID;
a->fake_creds.gid = ucred.gid;
- a->fake_creds.egid = (gid_t) -1;
- a->fake_creds.sgid = (gid_t) -1;
- a->fake_creds.fsgid = (gid_t) -1;
+ a->fake_creds.egid = GID_INVALID;
+ a->fake_creds.sgid = GID_INVALID;
+ a->fake_creds.fsgid = GID_INVALID;
a->fake_creds_valid = true;
}
goto finish;
}
- r = sd_bus_get_owner_id(a, &server_id);
+ r = sd_bus_get_bus_id(a, &server_id);
if (r < 0) {
log_error_errno(r, "Failed to get server ID: %m");
goto finish;
}
if (a->is_kernel) {
- _cleanup_bus_creds_unref_ sd_bus_creds *bus_creds = NULL;
- uid_t bus_uid;
+ if (!arg_configuration) {
+ const char *scope;
- r = sd_bus_get_owner_creds(a, SD_BUS_CREDS_UID, &bus_creds);
- if (r < 0) {
- log_error_errno(r, "Failed to get bus creds: %m");
- goto finish;
- }
-
- r = sd_bus_creds_get_uid(bus_creds, &bus_uid);
- if (r < 0) {
- log_error_errno(r, "Failed to get bus owner UID: %m");
- goto finish;
- }
-
- if (bus_uid == 0) {
- /* We only enforce the old XML policy on
- * kernel busses owned by root users. */
-
- r = policy_load(&policy_buffer, arg_configuration);
+ r = sd_bus_get_scope(a, &scope);
if (r < 0) {
- log_error_errno(r, "Failed to load policy: %m");
+ log_error_errno(r, "Couldn't determine bus scope: %m");
+ goto finish;
+ }
+
+ if (streq(scope, "system"))
+ arg_configuration = strv_new(
+ "/etc/dbus-1/system.conf",
+ "/etc/dbus-1/system.d/",
+ "/etc/dbus-1/system-local.conf",
+ NULL);
+ else if (streq(scope, "user"))
+ arg_configuration = strv_new(
+ "/etc/dbus-1/session.conf",
+ "/etc/dbus-1/session.d/",
+ "/etc/dbus-1/session-local.conf",
+ NULL);
+ else {
+ log_error("Unknown scope %s, don't know which policy to load. Refusing.", scope);
goto finish;
}
- if (!policy_check_hello(&policy_buffer, ucred.uid, ucred.gid)) {
- log_error("Policy denied connection");
- r = -EPERM;
+ if (!arg_configuration) {
+ r = log_oom();
goto finish;
}
+ }
+
+ r = policy_load(&policy_buffer, arg_configuration);
+ if (r < 0) {
+ log_error_errno(r, "Failed to load policy: %m");
+ goto finish;
+ }
+
+ policy = &policy_buffer;
+ /* policy_dump(policy); */
- policy_dump(&policy_buffer);
- policy = &policy_buffer;
+ if (ucred.uid == original_uid)
+ log_debug("Permitting access, since bus owner matches bus client.");
+ else if (policy_check_hello(policy, ucred.uid, ucred.gid))
+ log_debug("Permitting access due to XML policy.");
+ else {
+ r = log_error_errno(EPERM, "Policy denied connection.");
+ goto finish;
}
}
if (!processed) {
k = sd_bus_send(b, m, NULL);
if (k < 0) {
- if (k == -ECONNRESET)
+ if (k == -ECONNRESET) {
r = 0;
- else {
+ goto finish;
+ } else if (k == -EPERM && m->reply_cookie > 0) {
+ /* If the peer tries to send a reply and it is rejected with EPERM
+ * by the kernel, we ignore the error. This catches cases where the
+ * original method-call didn't had EXPECT_REPLY set, but the proxy-peer
+ * still sends a reply. This is allowed in dbus1, but not in kdbus. We
+ * don't want to track reply-windows in the proxy, so we simply ignore
+ * EPERM for all replies. The only downside is, that callers are no
+ * longer notified if their replies are dropped. However, this is
+ * equivalent to the caller's timeout to expire, so this should be
+ * acceptable. Nobody sane sends replies without a matching method-call,
+ * so nobody should care. */
+ r = 1;
+ } else {
r = k;
log_error_errno(r, "Failed to send message to client: %m");
+ goto finish;
}
-
- goto finish;
} else
r = 1;
}
k = sd_bus_send(a, m, NULL);
if (k < 0) {
- if (k == -EREMCHG)
+ if (k == -EREMCHG) {
/* The name database changed since the policy check, hence let's check again */
continue;
- else if (k == -ECONNRESET)
+ } else if (k == -ECONNRESET) {
r = 0;
- else {
+ goto finish;
+ } else if (k == -EPERM && m->reply_cookie > 0) {
+ /* see above why EPERM is ignored for replies */
+ r = 1;
+ } else {
r = k;
log_error_errno(r, "Failed to send message to bus: %m");
+ goto finish;
}
-
- goto finish;
} else
r = 1;
r = ppoll(pollfd, 3, ts, NULL);
if (r < 0) {
- log_error("ppoll() failed: %m");
+ log_error_errno(errno, "ppoll() failed: %m");
goto finish;
}
}
~ianmdlvl / elogind.git / blobdiff