#include "bus-internal.h"
#include "bus-message.h"
#include "bus-util.h"
+#include "bus-internal.h"
#include "build.h"
#include "strv.h"
#include "def.h"
+#include "capability.h"
static const char *arg_address = DEFAULT_SYSTEM_BUS_PATH;
static char *arg_command_line_buffer = NULL;
+static bool arg_drop_privileges = false;
static int help(void) {
"Connect STDIO or a socket to a given bus address.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
+ " --drop-privileges Drop privileges\n"
" --address=ADDRESS Connect to the bus specified by ADDRESS\n"
" (default: " DEFAULT_SYSTEM_BUS_PATH ")\n",
program_invocation_short_name);
enum {
ARG_VERSION = 0x100,
ARG_ADDRESS,
+ ARG_DROP_PRIVILEGES,
};
static const struct option options[] = {
- { "help", no_argument, NULL, 'h' },
- { "version", no_argument, NULL, ARG_VERSION },
- { "address", required_argument, NULL, ARG_ADDRESS },
- { NULL, 0, NULL, 0 }
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, ARG_VERSION },
+ { "address", required_argument, NULL, ARG_ADDRESS },
+ { "drop-privileges", no_argument, NULL, ARG_DROP_PRIVILEGES },
+ { NULL, 0, NULL, 0 },
};
int c;
arg_address = optarg;
break;
+ case ARG_DROP_PRIVILEGES:
+ arg_drop_privileges = true;
+ break;
+
case '?':
return -EINVAL;
return false;
}
-
static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) {
int r;
if (r < 0)
return synthetic_reply_method_errno(m, r, NULL);
- r = sd_bus_add_match(a, match, NULL, NULL);
+ r = sd_bus_add_match(a, NULL, match, NULL, NULL);
if (r < 0)
return synthetic_reply_method_errno(m, r, NULL);
if (r < 0)
return synthetic_reply_method_errno(m, r, NULL);
- r = sd_bus_remove_match(a, match, NULL, NULL);
+ r = bus_remove_match_by_string(a, match, NULL, NULL);
+ if (r == 0)
+ return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_MATCH_RULE_NOT_FOUND, "Match rule not found"));
if (r < 0)
return synthetic_reply_method_errno(m, r, NULL);
r = sd_bus_release_name(a, name);
if (r < 0) {
if (r == -ESRCH)
- synthetic_reply_method_return(m, "u", BUS_NAME_NON_EXISTENT);
+ return synthetic_reply_method_return(m, "u", BUS_NAME_NON_EXISTENT);
if (r == -EADDRINUSE)
- synthetic_reply_method_return(m, "u", BUS_NAME_NOT_OWNER);
+ return synthetic_reply_method_return(m, "u", BUS_NAME_NOT_OWNER);
+
return synthetic_reply_method_errno(m, r, NULL);
}
getpeersec(in_fd, &peersec);
}
+ if (arg_drop_privileges) {
+ const char *user = "systemd-bus-proxy";
+ uid_t uid;
+ gid_t gid;
+
+ r = get_user_creds(&user, &uid, &gid, NULL, NULL);
+ if (r < 0) {
+ log_error("Cannot resolve user name %s: %s", user, strerror(-r));
+ goto finish;
+ }
+
+ r = drop_privileges(uid, gid, 1ULL << CAP_IPC_OWNER);
+ if (r < 0)
+ goto finish;
+ }
+
r = sd_bus_new(&a);
if (r < 0) {
log_error("Failed to allocate bus: %s", strerror(-r));
goto finish;
}
- r = sd_bus_add_match(a, match, NULL, NULL);
+ r = sd_bus_add_match(a, NULL, match, NULL, NULL);
if (r < 0) {
log_error("Failed to add match for NameLost: %s", strerror(-r));
goto finish;
goto finish;
}
- r = sd_bus_add_match(a, match, NULL, NULL);
+ r = sd_bus_add_match(a, NULL, match, NULL, NULL);
if (r < 0) {
log_error("Failed to add match for NameAcquired: %s", strerror(-r));
goto finish;