X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fbus-proxyd%2Fbus-proxyd.c;h=d15bd83514f5c5789f2a80b245817a6030d719f4;hb=259ac5cd7e37c4b9bd908460fe4de030aa252025;hp=4f3adf72d184d2b247b152b4bfa8153aa2973ed7;hpb=23bbb0de4e3f85d9704a5c12a5afa2dfa0159e41;p=elogind.git diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c index 4f3adf72d..d15bd8351 100644 --- a/src/bus-proxyd/bus-proxyd.c +++ b/src/bus-proxyd/bus-proxyd.c @@ -45,6 +45,8 @@ #include "def.h" #include "capability.h" #include "bus-policy.h" +#include "bus-control.h" +#include "smack-util.h" static char *arg_address = NULL; static char *arg_command_line_buffer = NULL; @@ -625,7 +627,7 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic if (!sd_bus_message_has_signature(m, "")) return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS, "Invalid parameters")); - r = sd_bus_get_owner_id(a, &server_id); + r = sd_bus_get_bus_id(a, &server_id); if (r < 0) return synthetic_reply_method_errno(m, r, NULL); @@ -958,6 +960,13 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic } } +static int handle_policy_error(sd_bus_message *m, int r) { + if (r == -ESRCH || r == -ENXIO) + return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_NAME_HAS_NO_OWNER, "Name %s is currently not owned by anyone.", m->destination); + + return r; +} + static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) { int r; @@ -969,8 +978,8 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p return 0; if (from->is_kernel) { - uid_t sender_uid = (uid_t) -1; - gid_t sender_gid = (gid_t) -1; + uid_t sender_uid = UID_INVALID; + gid_t sender_gid = GID_INVALID; char **sender_names = NULL; bool granted = false; @@ -1002,7 +1011,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p } if (granted) { - /* Then check whether us, the recipient can recieve from the sender's name */ + /* Then check whether us (the recipient) can recieve from the sender's name */ if (strv_isempty(sender_names)) { if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member)) return 0; @@ -1026,8 +1035,8 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p if (to->is_kernel) { _cleanup_bus_creds_unref_ sd_bus_creds *destination_creds = NULL; - uid_t destination_uid = (uid_t) -1; - gid_t destination_gid = (gid_t) -1; + uid_t destination_uid = UID_INVALID; + gid_t destination_gid = GID_INVALID; const char *destination_unique = NULL; char **destination_names = NULL; bool granted = false; @@ -1038,25 +1047,26 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p /* The message came from the legacy client, and is sent to kdbus. */ if (m->destination) { - r = sd_bus_get_name_creds(to, m->destination, - SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME| - SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID, &destination_creds); + r = bus_get_name_creds_kdbus(to, m->destination, + SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME| + SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID, + true, &destination_creds); if (r < 0) - return r; + return handle_policy_error(m, r); r = sd_bus_creds_get_well_known_names(destination_creds, &destination_names); if (r < 0) - return r; + return handle_policy_error(m, r); r = sd_bus_creds_get_unique_name(destination_creds, &destination_unique); if (r < 0) - return r; + return handle_policy_error(m, r); (void) sd_bus_creds_get_uid(destination_creds, &destination_uid); (void) sd_bus_creds_get_gid(destination_creds, &destination_gid); } - /* First check if we, the sender can send to this name */ + /* First check if we (the sender) can send to this name */ if (strv_isempty(destination_names)) { if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member)) granted = true; @@ -1233,6 +1243,23 @@ static int patch_sender(sd_bus *a, sd_bus_message *m) { return 0; } +static int mac_smack_apply_label_and_drop_cap_mac_admin(pid_t its_pid, const char *new_label) { +#ifdef HAVE_SMACK + int r = 0, k; + + if (!mac_smack_use()) + return 0; + + if (new_label && its_pid > 0) + r = mac_smack_apply_pid(its_pid, new_label); + + k = drop_capability(CAP_MAC_ADMIN); + return r < 0 ? r : k; +#else + return 0; +#endif +} + int main(int argc, char *argv[]) { _cleanup_bus_close_unref_ sd_bus *a = NULL, *b = NULL; @@ -1272,6 +1299,10 @@ int main(int argc, char *argv[]) { if (is_unix) { (void) getpeercred(in_fd, &ucred); (void) getpeersec(in_fd, &peersec); + + r = mac_smack_apply_label_and_drop_cap_mac_admin(getpid(), peersec); + if (r < 0) + log_warning_errno(r, "Failed to set SMACK label (%s) and drop CAP_MAC_ADMIN: %m", peersec); } if (arg_drop_privileges) { @@ -1331,13 +1362,13 @@ int main(int argc, char *argv[]) { a->fake_pids_valid = true; a->fake_creds.uid = ucred.uid; - a->fake_creds.euid = (uid_t) -1; - a->fake_creds.suid = (uid_t) -1; - a->fake_creds.fsuid = (uid_t) -1; + a->fake_creds.euid = UID_INVALID; + a->fake_creds.suid = UID_INVALID; + a->fake_creds.fsuid = UID_INVALID; a->fake_creds.gid = ucred.gid; - a->fake_creds.egid = (gid_t) -1; - a->fake_creds.sgid = (gid_t) -1; - a->fake_creds.fsgid = (gid_t) -1; + a->fake_creds.egid = GID_INVALID; + a->fake_creds.sgid = GID_INVALID; + a->fake_creds.fsgid = GID_INVALID; a->fake_creds_valid = true; } @@ -1354,7 +1385,7 @@ int main(int argc, char *argv[]) { goto finish; } - r = sd_bus_get_owner_id(a, &server_id); + r = sd_bus_get_bus_id(a, &server_id); if (r < 0) { log_error_errno(r, "Failed to get server ID: %m"); goto finish; @@ -1400,7 +1431,7 @@ int main(int argc, char *argv[]) { } policy = &policy_buffer; - policy_dump(policy); + /* policy_dump(policy); */ if (!policy_check_hello(policy, ucred.uid, ucred.gid)) { r = log_error_errno(EPERM, "Policy denied connection."); @@ -1719,7 +1750,7 @@ int main(int argc, char *argv[]) { r = ppoll(pollfd, 3, ts, NULL); if (r < 0) { - log_error("ppoll() failed: %m"); + log_error_errno(errno, "ppoll() failed: %m"); goto finish; } }