#include "strv.h"
#include "def.h"
#include "capability.h"
-#include "bus-policy.h"
#include "bus-control.h"
#include "smack-util.h"
+#include "set.h"
+#include "bus-xml-policy.h"
static char *arg_address = NULL;
static char *arg_command_line_buffer = NULL;
return log_oom();
#ifdef ENABLE_KDBUS
- a = strjoin("x-container-kernel:machine=", e, ";x-container-unix:machine=", e, NULL);
+ a = strjoin("x-machine-kernel:machine=", e, ";x-machine-unix:machine=", e, NULL);
#else
- a = strjoin("x-container-unix:machine=", e, NULL);
+ a = strjoin("x-machine-unix:machine=", e, NULL);
#endif
if (!a)
return log_oom();
return synthetic_driver_send(call->bus, m);
}
+static int synthetic_reply_method_errorf(sd_bus_message *call, const char *name, const char *format, ...) {
+ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
+ va_list ap;
+
+ va_start(ap, format);
+ bus_error_setfv(&error, name, format, ap);
+ va_end(ap);
+
+ return synthetic_reply_method_error(call, &error);
+}
+
static int synthetic_reply_method_errno(sd_bus_message *call, int error, const sd_bus_error *p) {
_cleanup_bus_error_free_ sd_bus_error berror = SD_BUS_ERROR_NULL;
}
}
+static int handle_policy_error(sd_bus_message *m, int r) {
+ if (r == -ESRCH || r == -ENXIO)
+ return synthetic_reply_method_errorf(m, SD_BUS_ERROR_NAME_HAS_NO_OWNER, "Name %s is currently not owned by anyone.", m->destination);
+
+ return r;
+}
+
static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) {
int r;
return 0;
/* The message came from the kernel, and is sent to our legacy client. */
- r = sd_bus_creds_get_well_known_names(&m->creds, &sender_names);
- if (r < 0)
- return r;
+ sd_bus_creds_get_well_known_names(&m->creds, &sender_names);
(void) sd_bus_creds_get_uid(&m->creds, &sender_uid);
(void) sd_bus_creds_get_gid(&m->creds, &sender_gid);
}
if (granted) {
- /* Then check whether us (the recipient) can recieve from the sender's name */
+ /* Then check whether us (the recipient) can receive from the sender's name */
if (strv_isempty(sender_names)) {
if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member))
return 0;
/* Return an error back to the caller */
if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
- return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy.");
+ return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy.");
/* Return 1, indicating that the message shall not be processed any further */
return 1;
SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID,
true, &destination_creds);
if (r < 0)
- return r;
-
- r = sd_bus_creds_get_well_known_names(destination_creds, &destination_names);
- if (r < 0)
- return r;
+ return handle_policy_error(m, r);
r = sd_bus_creds_get_unique_name(destination_creds, &destination_unique);
if (r < 0)
- return r;
+ return handle_policy_error(m, r);
+
+ sd_bus_creds_get_well_known_names(destination_creds, &destination_names);
(void) sd_bus_creds_get_uid(destination_creds, &destination_uid);
(void) sd_bus_creds_get_gid(destination_creds, &destination_gid);
/* Return an error back to the caller */
if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
- return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy.");
+ return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy.");
/* Return 1, indicating that the message shall not be processed any further */
return 1;