" --configuration=PATH Configuration file or directory\n"
" --machine=MACHINE Connect to specified machine\n"
" --address=ADDRESS Connect to the bus specified by ADDRESS\n"
- " (default: " DEFAULT_SYSTEM_BUS_PATH ")\n",
+ " (default: " DEFAULT_SYSTEM_BUS_ADDRESS ")\n",
program_invocation_short_name);
return 0;
}
if (!arg_address) {
- arg_address = strdup(DEFAULT_SYSTEM_BUS_PATH);
+ arg_address = strdup(DEFAULT_SYSTEM_BUS_ADDRESS);
if (!arg_address)
return log_oom();
}
if (!sd_bus_message_has_signature(m, ""))
return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS, "Invalid parameters"));
- r = sd_bus_get_owner_id(a, &server_id);
+ r = sd_bus_get_bus_id(a, &server_id);
if (r < 0)
return synthetic_reply_method_errno(m, r, NULL);
} else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "ListQueuedOwners")) {
struct kdbus_cmd_name_list cmd = {};
struct kdbus_name_list *name_list;
- struct kdbus_cmd_free cmd_free;
struct kdbus_name_info *name;
_cleanup_strv_free_ char **owners = NULL;
_cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
}
}
- cmd_free.flags = 0;
- cmd_free.offset = cmd.offset;
-
- r = ioctl(a->input_fd, KDBUS_CMD_FREE, &cmd_free);
+ r = bus_kernel_cmd_free(a, cmd.offset);
if (r < 0)
return synthetic_reply_method_errno(m, r, NULL);
return 0;
if (from->is_kernel) {
- uid_t sender_uid = (uid_t) -1;
- gid_t sender_gid = (gid_t) -1;
+ uid_t sender_uid = UID_INVALID;
+ gid_t sender_gid = GID_INVALID;
char **sender_names = NULL;
bool granted = false;
if (to->is_kernel) {
_cleanup_bus_creds_unref_ sd_bus_creds *destination_creds = NULL;
- uid_t destination_uid = (uid_t) -1;
- gid_t destination_gid = (gid_t) -1;
+ uid_t destination_uid = UID_INVALID;
+ gid_t destination_gid = GID_INVALID;
const char *destination_unique = NULL;
char **destination_names = NULL;
bool granted = false;
return 0;
r = sd_bus_message_new_method_return(m, &n);
- if (r < 0) {
- log_error_errno(-r, "Failed to generate HELLO reply: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to generate HELLO reply: %m");
r = sd_bus_message_append(n, "s", a->unique_name);
- if (r < 0) {
- log_error_errno(-r, "Failed to append unique name to HELLO reply: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to append unique name to HELLO reply: %m");
r = bus_message_append_sender(n, "org.freedesktop.DBus");
- if (r < 0) {
- log_error_errno(-r, "Failed to append sender to HELLO reply: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to append sender to HELLO reply: %m");
r = bus_seal_synthetic_message(b, n);
- if (r < 0) {
- log_error_errno(-r, "Failed to seal HELLO reply: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to seal HELLO reply: %m");
r = sd_bus_send(b, n, NULL);
- if (r < 0) {
- log_error_errno(-r, "Failed to send HELLO reply: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to send HELLO reply: %m");
n = sd_bus_message_unref(n);
r = sd_bus_message_new_signal(
"/org/freedesktop/DBus",
"org.freedesktop.DBus",
"NameAcquired");
- if (r < 0) {
- log_error_errno(-r, "Failed to allocate initial NameAcquired message: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to allocate initial NameAcquired message: %m");
r = sd_bus_message_append(n, "s", a->unique_name);
- if (r < 0) {
- log_error_errno(-r, "Failed to append unique name to NameAcquired message: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to append unique name to NameAcquired message: %m");
r = bus_message_append_sender(n, "org.freedesktop.DBus");
- if (r < 0) {
- log_error_errno(-r, "Failed to append sender to NameAcquired message: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to append sender to NameAcquired message: %m");
r = bus_seal_synthetic_message(b, n);
- if (r < 0) {
- log_error_errno(-r, "Failed to seal NameAcquired message: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to seal NameAcquired message: %m");
r = sd_bus_send(b, n, NULL);
- if (r < 0) {
- log_error_errno(-r, "Failed to send NameAcquired message: %m");
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to send NameAcquired message: %m");
return 1;
}
r = get_user_creds(&user, &uid, &gid, NULL, NULL);
if (r < 0) {
- log_error_errno(-r, "Cannot resolve user name %s: %m", user);
+ log_error_errno(r, "Cannot resolve user name %s: %m", user);
goto finish;
}
r = sd_bus_new(&a);
if (r < 0) {
- log_error_errno(-r, "Failed to allocate bus: %m");
+ log_error_errno(r, "Failed to allocate bus: %m");
goto finish;
}
r = sd_bus_set_description(a, "sd-proxy");
if (r < 0) {
- log_error_errno(-r, "Failed to set bus name: %m");
+ log_error_errno(r, "Failed to set bus name: %m");
goto finish;
}
r = sd_bus_set_address(a, arg_address);
if (r < 0) {
- log_error_errno(-r, "Failed to set address to connect to: %m");
+ log_error_errno(r, "Failed to set address to connect to: %m");
goto finish;
}
r = sd_bus_negotiate_fds(a, is_unix);
if (r < 0) {
- log_error_errno(-r, "Failed to set FD negotiation: %m");
+ log_error_errno(r, "Failed to set FD negotiation: %m");
goto finish;
}
r = sd_bus_negotiate_creds(a, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_GID|SD_BUS_CREDS_SELINUX_CONTEXT);
if (r < 0) {
- log_error_errno(-r, "Failed to set credential negotiation: %m");
+ log_error_errno(r, "Failed to set credential negotiation: %m");
goto finish;
}
a->fake_pids_valid = true;
a->fake_creds.uid = ucred.uid;
- a->fake_creds.euid = (uid_t) -1;
- a->fake_creds.suid = (uid_t) -1;
- a->fake_creds.fsuid = (uid_t) -1;
+ a->fake_creds.euid = UID_INVALID;
+ a->fake_creds.suid = UID_INVALID;
+ a->fake_creds.fsuid = UID_INVALID;
a->fake_creds.gid = ucred.gid;
- a->fake_creds.egid = (gid_t) -1;
- a->fake_creds.sgid = (gid_t) -1;
- a->fake_creds.fsgid = (gid_t) -1;
+ a->fake_creds.egid = GID_INVALID;
+ a->fake_creds.sgid = GID_INVALID;
+ a->fake_creds.fsgid = GID_INVALID;
a->fake_creds_valid = true;
}
r = sd_bus_start(a);
if (r < 0) {
- log_error_errno(-r, "Failed to start bus client: %m");
+ log_error_errno(r, "Failed to start bus client: %m");
goto finish;
}
- r = sd_bus_get_owner_id(a, &server_id);
+ r = sd_bus_get_bus_id(a, &server_id);
if (r < 0) {
- log_error_errno(-r, "Failed to get server ID: %m");
+ log_error_errno(r, "Failed to get server ID: %m");
goto finish;
}
if (a->is_kernel) {
- _cleanup_bus_creds_unref_ sd_bus_creds *bus_creds = NULL;
- uid_t bus_uid;
-
- r = sd_bus_get_owner_creds(a, SD_BUS_CREDS_UID, &bus_creds);
- if (r < 0) {
- log_error_errno(-r, "Failed to get bus creds: %m");
- goto finish;
- }
+ if (!arg_configuration) {
+ const char *scope;
- r = sd_bus_creds_get_uid(bus_creds, &bus_uid);
- if (r < 0) {
- log_error_errno(-r, "Failed to get bus owner UID: %m");
- goto finish;
- }
-
- if (bus_uid == 0) {
- /* We only enforce the old XML policy on
- * kernel busses owned by root users. */
-
- r = policy_load(&policy_buffer, arg_configuration);
+ r = sd_bus_get_scope(a, &scope);
if (r < 0) {
- log_error_errno(-r, "Failed to load policy: %m");
+ log_error_errno(r, "Couldn't determine bus scope: %m");
goto finish;
}
- if (!policy_check_hello(&policy_buffer, ucred.uid, ucred.gid)) {
- log_error("Policy denied connection");
- r = -EPERM;
+ if (streq(scope, "system"))
+ arg_configuration = strv_new(
+ "/etc/dbus-1/system.conf",
+ "/etc/dbus-1/system.d/",
+ "/etc/dbus-1/system-local.conf",
+ NULL);
+ else if (streq(scope, "user"))
+ arg_configuration = strv_new(
+ "/etc/dbus-1/session.conf",
+ "/etc/dbus-1/session.d/",
+ "/etc/dbus-1/session-local.conf",
+ NULL);
+ else {
+ log_error("Unknown scope %s, don't know which policy to load. Refusing.", scope);
goto finish;
}
- policy_dump(&policy_buffer);
- policy = &policy_buffer;
+ if (!arg_configuration) {
+ r = log_oom();
+ goto finish;
+ }
+ }
+
+ r = policy_load(&policy_buffer, arg_configuration);
+ if (r < 0) {
+ log_error_errno(r, "Failed to load policy: %m");
+ goto finish;
+ }
+
+ policy = &policy_buffer;
+ /* policy_dump(policy); */
+
+ if (!policy_check_hello(policy, ucred.uid, ucred.gid)) {
+ r = log_error_errno(EPERM, "Policy denied connection.");
+ goto finish;
}
}
r = sd_bus_new(&b);
if (r < 0) {
- log_error_errno(-r, "Failed to allocate bus: %m");
+ log_error_errno(r, "Failed to allocate bus: %m");
goto finish;
}
r = sd_bus_set_fd(b, in_fd, out_fd);
if (r < 0) {
- log_error_errno(-r, "Failed to set fds: %m");
+ log_error_errno(r, "Failed to set fds: %m");
goto finish;
}
r = sd_bus_set_server(b, 1, server_id);
if (r < 0) {
- log_error_errno(-r, "Failed to set server mode: %m");
+ log_error_errno(r, "Failed to set server mode: %m");
goto finish;
}
r = sd_bus_negotiate_fds(b, is_unix);
if (r < 0) {
- log_error_errno(-r, "Failed to set FD negotiation: %m");
+ log_error_errno(r, "Failed to set FD negotiation: %m");
goto finish;
}
r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_GID|SD_BUS_CREDS_SELINUX_CONTEXT);
if (r < 0) {
- log_error_errno(-r, "Failed to set credential negotiation: %m");
+ log_error_errno(r, "Failed to set credential negotiation: %m");
goto finish;
}
r = sd_bus_set_anonymous(b, true);
if (r < 0) {
- log_error_errno(-r, "Failed to set anonymous authentication: %m");
+ log_error_errno(r, "Failed to set anonymous authentication: %m");
goto finish;
}
r = sd_bus_start(b);
if (r < 0) {
- log_error_errno(-r, "Failed to start bus client: %m");
+ log_error_errno(r, "Failed to start bus client: %m");
goto finish;
}
r = rename_service(a, b);
if (r < 0)
- log_debug_errno(-r, "Failed to rename process: %m");
+ log_debug_errno(r, "Failed to rename process: %m");
if (a->is_kernel) {
_cleanup_free_ char *match = NULL;
r = sd_bus_get_unique_name(a, &unique);
if (r < 0) {
- log_error_errno(-r, "Failed to get unique name: %m");
+ log_error_errno(r, "Failed to get unique name: %m");
goto finish;
}
r = sd_bus_add_match(a, NULL, match, NULL, NULL);
if (r < 0) {
- log_error_errno(-r, "Failed to add match for NameLost: %m");
+ log_error_errno(r, "Failed to add match for NameLost: %m");
goto finish;
}
r = sd_bus_add_match(a, NULL, match, NULL, NULL);
if (r < 0) {
- log_error_errno(-r, "Failed to add match for NameAcquired: %m");
+ log_error_errno(r, "Failed to add match for NameAcquired: %m");
goto finish;
}
}
if (r == -ECONNRESET)
r = 0;
else
- log_error_errno(-r, "Failed to process bus a: %m");
+ log_error_errno(r, "Failed to process bus a: %m");
goto finish;
}
k = synthesize_name_acquired(a, b, m);
if (k < 0) {
r = k;
- log_error_errno(-r, "Failed to synthesize message: %m");
+ log_error_errno(r, "Failed to synthesize message: %m");
goto finish;
}
k = process_policy(a, b, m, policy, &ucred, owned_names);
if (k < 0) {
r = k;
- log_error_errno(-r, "Failed to process policy: %m");
+ log_error_errno(r, "Failed to process policy: %m");
goto finish;
} else if (k > 0) {
r = 1;
r = 0;
else {
r = k;
- log_error_errno(-r, "Failed to send message to client: %m");
+ log_error_errno(r, "Failed to send message to client: %m");
}
goto finish;
if (r == -ECONNRESET)
r = 0;
else
- log_error_errno(-r, "Failed to process bus b: %m");
+ log_error_errno(r, "Failed to process bus b: %m");
goto finish;
}
k = process_hello(a, b, m, &got_hello);
if (k < 0) {
r = k;
- log_error_errno(-r, "Failed to process HELLO: %m");
+ log_error_errno(r, "Failed to process HELLO: %m");
goto finish;
} else if (k > 0) {
processed = true;
k = process_driver(a, b, m, policy, &ucred, owned_names);
if (k < 0) {
r = k;
- log_error_errno(-r, "Failed to process driver calls: %m");
+ log_error_errno(r, "Failed to process driver calls: %m");
goto finish;
} else if (k > 0) {
processed = true;
k = process_policy(b, a, m, policy, &ucred, owned_names);
if (k < 0) {
r = k;
- log_error_errno(-r, "Failed to process policy: %m");
+ log_error_errno(r, "Failed to process policy: %m");
goto finish;
} else if (k > 0) {
processed = true;
r = 0;
else {
r = k;
- log_error_errno(-r, "Failed to send message to bus: %m");
+ log_error_errno(r, "Failed to send message to bus: %m");
}
goto finish;
fd = sd_bus_get_fd(a);
if (fd < 0) {
- log_error_errno(-r, "Failed to get fd: %m");
+ log_error_errno(r, "Failed to get fd: %m");
goto finish;
}
events_a = sd_bus_get_events(a);
if (events_a < 0) {
- log_error_errno(-r, "Failed to get events mask: %m");
+ log_error_errno(r, "Failed to get events mask: %m");
goto finish;
}
r = sd_bus_get_timeout(a, &timeout_a);
if (r < 0) {
- log_error_errno(-r, "Failed to get timeout: %m");
+ log_error_errno(r, "Failed to get timeout: %m");
goto finish;
}
events_b = sd_bus_get_events(b);
if (events_b < 0) {
- log_error_errno(-r, "Failed to get events mask: %m");
+ log_error_errno(r, "Failed to get events mask: %m");
goto finish;
}
r = sd_bus_get_timeout(b, &timeout_b);
if (r < 0) {
- log_error_errno(-r, "Failed to get timeout: %m");
+ log_error_errno(r, "Failed to get timeout: %m");
goto finish;
}
r = ppoll(pollfd, 3, ts, NULL);
if (r < 0) {
- log_error("ppoll() failed: %m");
+ log_error_errno(errno, "ppoll() failed: %m");
goto finish;
}
}