bus-proxy: add support for "GetConnectionCredentials" method

GetConnectionCredentials method was added to dbus-1 specification
more than one year ago. This method should return "[...] as many
credentials as possible for the process connected to the server",
but at this moment only "UnixUserID", "LinuxSecurityLabel" and
"ProcessID" are defined by the specification. We should add support
for next credentials after extending dbus-1 spec.

diff --git a/src/bus-proxyd/driver.c b/src/bus-proxyd/driver.c
index 3c613e415795b270ab1e19108819c53fe04bbaa3..e63a95d875a1b279963627cb67ef51734d9fb82d 100644 (file)
--- a/src/bus-proxyd/driver.c
+++ b/src/bus-proxyd/driver.c
@@ -49,9 +49,6 @@ static int get_creds_by_name(sd_bus *bus, const char *name, uint64_t mask, sd_bu
         if (r < 0)
                 return r;
 
         if (r < 0)
                 return r;
 

-        if ((c->mask & mask) != mask)
-                return -ENOTSUP;
-

         *_creds = c;
         c = NULL;
 
         *_creds = c;
         c = NULL;
 


@@ -109,6 +106,10 @@ int bus_proxy_process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, SharedPoli
                         "  <method name=\"RemoveMatch\">\n"
                         "   <arg type=\"s\" direction=\"in\"/>\n"
                         "  </method>\n"
                         "  <method name=\"RemoveMatch\">\n"
                         "   <arg type=\"s\" direction=\"in\"/>\n"
                         "  </method>\n"

+                        "  <method name=\"GetConnectionCredentials\">\n"
+                        "   <arg type=\"s\" direction=\"in\"/>\n"
+                        "   <arg type=\"a{sv}\" direction=\"out\"/>\n"
+                        "  </method>\n"

                         "  <method name=\"GetConnectionSELinuxSecurityContext\">\n"
                         "   <arg type=\"s\" direction=\"in\"/>\n"
                         "   <arg type=\"ay\" direction=\"out\"/>\n"
                         "  <method name=\"GetConnectionSELinuxSecurityContext\">\n"
                         "   <arg type=\"s\" direction=\"in\"/>\n"
                         "   <arg type=\"ay\" direction=\"out\"/>\n"


@@ -212,6 +213,72 @@ int bus_proxy_process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, SharedPoli
 
                 return synthetic_reply_method_return(m, NULL);
 
 
                 return synthetic_reply_method_return(m, NULL);
 

+        } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "GetConnectionCredentials")) {
+                _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
+                _cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
+                _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
+
+                if (!sd_bus_message_has_signature(m, "s"))
+                        return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS, "Invalid parameters"));
+
+                r = get_creds_by_message(a, m, SD_BUS_CREDS_PID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_SELINUX_CONTEXT, &creds, &error);
+                if (r < 0)
+                        return synthetic_reply_method_errno(m, r, &error);
+
+                r = sd_bus_message_new_method_return(m, &reply);
+                if (r < 0)
+                        return synthetic_reply_method_errno(m, r, NULL);
+
+                r = sd_bus_message_open_container(reply, 'a', "{sv}");
+                if (r < 0)
+                        return synthetic_reply_method_errno(m, r, NULL);
+
+                /* Due to i.e. namespace translations some data might be missing */
+
+                if (creds->mask & SD_BUS_CREDS_PID) {
+                        r = sd_bus_message_append(reply, "{sv}", "ProcessID", "u", (uint32_t) creds->pid);
+                        if (r < 0)
+                                return synthetic_reply_method_errno(m, r, NULL);
+                }
+
+                if (creds->mask & SD_BUS_CREDS_EUID) {
+                        r = sd_bus_message_append(reply, "{sv}", "UnixUserID", "u", (uint32_t) creds->euid);
+                        if (r < 0)
+                                return synthetic_reply_method_errno(m, r, NULL);
+                }
+
+                if (creds->mask & SD_BUS_CREDS_SELINUX_CONTEXT) {
+                        r = sd_bus_message_open_container(reply, 'e', "sv");
+                        if (r < 0)
+                                return synthetic_reply_method_errno(m, r, NULL);
+
+                        r = sd_bus_message_append(reply, "s", "LinuxSecurityLabel");
+                        if (r < 0)
+                                return synthetic_reply_method_errno(m, r, NULL);
+
+                        r = sd_bus_message_open_container(reply, 'v', "ay");
+                        if (r < 0)
+                                return synthetic_reply_method_errno(m, r, NULL);
+
+                        r = sd_bus_message_append_array(reply, 'y', creds->label, strlen(creds->label));
+                        if (r < 0)
+                                return synthetic_reply_method_errno(m, r, NULL);
+
+                        r = sd_bus_message_close_container(reply);
+                        if (r < 0)
+                                return synthetic_reply_method_errno(m, r, NULL);
+
+                        r = sd_bus_message_close_container(reply);
+                        if (r < 0)
+                                return synthetic_reply_method_errno(m, r, NULL);
+                }
+
+                r = sd_bus_message_close_container(reply);
+                if (r < 0)
+                        return synthetic_reply_method_errno(m, r, NULL);
+
+                return synthetic_driver_send(m->bus, reply);
+

         } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "GetConnectionSELinuxSecurityContext")) {
                 _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
                 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
         } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "GetConnectionSELinuxSecurityContext")) {
                 _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
                 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;


@@ -223,6 +290,9 @@ int bus_proxy_process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, SharedPoli
                 if (r < 0)
                         return synthetic_reply_method_errno(m, r, &error);
 
                 if (r < 0)
                         return synthetic_reply_method_errno(m, r, &error);
 

+                if (!(creds->mask & SD_BUS_CREDS_SELINUX_CONTEXT))
+                        return synthetic_reply_method_errno(m, -ENOTSUP, NULL);
+

                 return synthetic_reply_method_return(m, "y", creds->label, strlen(creds->label));
 
         } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "GetConnectionUnixProcessID")) {
                 return synthetic_reply_method_return(m, "y", creds->label, strlen(creds->label));
 
         } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "GetConnectionUnixProcessID")) {


@@ -236,6 +306,9 @@ int bus_proxy_process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, SharedPoli
                 if (r < 0)
                         return synthetic_reply_method_errno(m, r, &error);
 
                 if (r < 0)
                         return synthetic_reply_method_errno(m, r, &error);
 

+                if (!(creds->mask & SD_BUS_CREDS_PID))
+                        return synthetic_reply_method_errno(m, -ENOTSUP, NULL);
+

                 return synthetic_reply_method_return(m, "u", (uint32_t) creds->pid);
 
         } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "GetConnectionUnixUser")) {
                 return synthetic_reply_method_return(m, "u", (uint32_t) creds->pid);
 
         } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "GetConnectionUnixUser")) {


@@ -249,6 +322,9 @@ int bus_proxy_process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, SharedPoli
                 if (r < 0)
                         return synthetic_reply_method_errno(m, r, &error);
 
                 if (r < 0)
                         return synthetic_reply_method_errno(m, r, &error);
 

+                if (!(creds->mask & SD_BUS_CREDS_EUID))
+                        return synthetic_reply_method_errno(m, -ENOTSUP, NULL);
+

                 return synthetic_reply_method_return(m, "u", (uint32_t) creds->euid);
 
         } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "GetId")) {
                 return synthetic_reply_method_return(m, "u", (uint32_t) creds->euid);
 
         } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "GetId")) {


@@ -283,6 +359,9 @@ int bus_proxy_process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, SharedPoli
                 if (r < 0)
                         return synthetic_reply_method_errno(m, r, &error);
 
                 if (r < 0)
                         return synthetic_reply_method_errno(m, r, &error);
 

+                if (!(creds->mask & SD_BUS_CREDS_UNIQUE_NAME))
+                        return synthetic_reply_method_errno(m, -ENOTSUP, NULL);
+

                 return synthetic_reply_method_return(m, "s", creds->unique_name);
 
         } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "ListActivatableNames")) {
                 return synthetic_reply_method_return(m, "s", creds->unique_name);
 
         } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "ListActivatableNames")) {

diff --git a/src/bus-proxyd/synthesize.c b/src/bus-proxyd/synthesize.c
index 542166f68a1f54c6287bfe697a6a5937eb9ee388..67bcc7a242e5dc165608a586ee7ee13ffd592c4c 100644 (file)
--- a/src/bus-proxyd/synthesize.c
+++ b/src/bus-proxyd/synthesize.c
@@ -30,7 +30,7 @@
 #include "bus-util.h"
 #include "synthesize.h"
 
 #include "bus-util.h"
 #include "synthesize.h"
 

-static int synthetic_driver_send(sd_bus *b, sd_bus_message *m) {
+int synthetic_driver_send(sd_bus *b, sd_bus_message *m) {

         int r;
 
         assert(b);
         int r;
 
         assert(b);

diff --git a/src/bus-proxyd/synthesize.h b/src/bus-proxyd/synthesize.h
index a55f171cb2a327cc11e8aa34be231dfe7d69eb41..e850350bc5ffc285f74b800b9cf9d4853838a769 100644 (file)
--- a/src/bus-proxyd/synthesize.h
+++ b/src/bus-proxyd/synthesize.h
@@ -23,6 +23,8 @@
 
 #include "sd-bus.h"
 
 
 #include "sd-bus.h"
 

+int synthetic_driver_send(sd_bus *b, sd_bus_message *m);
+

 int synthetic_reply_method_return(sd_bus_message *call, const char *types, ...);
 int synthetic_reply_method_return_strv(sd_bus_message *call, char **l);
 
 int synthetic_reply_method_return(sd_bus_message *call, const char *types, ...);
 int synthetic_reply_method_return_strv(sd_bus_message *call, char **l);