chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bus-proxy: print message direction in policy logs
[elogind.git] / src / bus-proxyd / bus-proxyd.c
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 79f2f6e53c904ab1ef0663c9bc55d234db8dce8a..bd2b0a82cb010ddecdddbab9628928a81047b5a7 100644 (file)
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -44,7 +44,10 @@
 #include "strv.h"
 #include "def.h"
 #include "capability.h"
-#include "bus-policy.h"
+#include "bus-control.h"
+#include "smack-util.h"
+#include "set.h"
+#include "bus-xml-policy.h"
 
 static char *arg_address = NULL;
 static char *arg_command_line_buffer = NULL;
@@ -61,7 +64,7 @@ static int help(void) {
                "     --configuration=PATH Configuration file or directory\n"
                "     --machine=MACHINE    Connect to specified machine\n"
                "     --address=ADDRESS    Connect to the bus specified by ADDRESS\n"
-               "                          (default: " DEFAULT_SYSTEM_BUS_PATH ")\n",
+               "                          (default: " DEFAULT_SYSTEM_BUS_ADDRESS ")\n",
                program_invocation_short_name);
 
         return 0;
@@ -136,9 +139,9 @@ static int parse_argv(int argc, char *argv[]) {
                                 return log_oom();
 
 #ifdef ENABLE_KDBUS
-                        a = strjoin("x-container-kernel:machine=", e, ";x-container-unix:machine=", e, NULL);
+                        a = strjoin("x-machine-kernel:machine=", e, ";x-machine-unix:machine=", e, NULL);
 #else
-                        a = strjoin("x-container-unix:machine=", e, NULL);
+                        a = strjoin("x-machine-unix:machine=", e, NULL);
 #endif
                         if (!a)
                                 return log_oom();
@@ -166,7 +169,7 @@ static int parse_argv(int argc, char *argv[]) {
         }
 
         if (!arg_address) {
-                arg_address = strdup(DEFAULT_SYSTEM_BUS_PATH);
+                arg_address = strdup(DEFAULT_SYSTEM_BUS_ADDRESS);
                 if (!arg_address)
                         return log_oom();
         }
@@ -186,7 +189,7 @@ static int rename_service(sd_bus *a, sd_bus *b) {
         assert(a);
         assert(b);
 
-        r = sd_bus_get_owner_creds(b, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_COMM, &creds);
+        r = sd_bus_get_owner_creds(b, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_COMM|SD_BUS_CREDS_AUGMENT, &creds);
         if (r < 0)
                 return r;
 
@@ -342,6 +345,17 @@ static int synthetic_reply_method_error(sd_bus_message *call, const sd_bus_error
         return synthetic_driver_send(call->bus, m);
 }
 
+static int synthetic_reply_method_errorf(sd_bus_message *call, const char *name, const char *format, ...) {
+        _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
+        va_list ap;
+
+        va_start(ap, format);
+        bus_error_setfv(&error, name, format, ap);
+        va_end(ap);
+
+        return synthetic_reply_method_error(call, &error);
+}
+
 static int synthetic_reply_method_errno(sd_bus_message *call, int error, const sd_bus_error *p) {
 
         _cleanup_bus_error_free_ sd_bus_error berror = SD_BUS_ERROR_NULL;
@@ -391,6 +405,9 @@ static int synthetic_reply_return_strv(sd_bus_message *call, char **l) {
 
         assert(call);
 
+        if (call->header->flags & BUS_MESSAGE_NO_REPLY_EXPECTED)
+                return 0;
+
         r = sd_bus_message_new_method_return(call, &m);
         if (r < 0)
                 return synthetic_reply_method_errno(call, r, NULL);
@@ -625,7 +642,7 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic
                 if (!sd_bus_message_has_signature(m, ""))
                         return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS, "Invalid parameters"));
 
-                r = sd_bus_get_owner_id(a, &server_id);
+                r = sd_bus_get_bus_id(a, &server_id);
                 if (r < 0)
                         return synthetic_reply_method_errno(m, r, NULL);
 
@@ -689,7 +706,6 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic
         } else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "ListQueuedOwners")) {
                 struct kdbus_cmd_name_list cmd = {};
                 struct kdbus_name_list *name_list;
-                struct kdbus_cmd_free cmd_free;
                 struct kdbus_name_info *name;
                 _cleanup_strv_free_ char **owners = NULL;
                 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
@@ -742,10 +758,7 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic
                         }
                 }
 
-                cmd_free.flags = 0;
-                cmd_free.offset = cmd.offset;
-
-                r = ioctl(a->input_fd, KDBUS_CMD_FREE, &cmd_free);
+                r = bus_kernel_cmd_free(a, cmd.offset);
                 if (r < 0)
                         return synthetic_reply_method_errno(m, r, NULL);
 
@@ -962,6 +975,13 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic
         }
 }
 
+static int handle_policy_error(sd_bus_message *m, int r) {
+        if (r == -ESRCH || r == -ENXIO)
+                return synthetic_reply_method_errorf(m, SD_BUS_ERROR_NAME_HAS_NO_OWNER, "Name %s is currently not owned by anyone.", m->destination);
+
+        return r;
+}
+
 static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) {
         int r;
 
@@ -972,9 +992,25 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
         if (!policy)
                 return 0;
 
+        /*
+         * dbus-1 distinguishes expected and non-expected replies by tracking
+         * method-calls and timeouts. By default, DENY rules are *NEVER* applied
+         * on expected replies, unless explicitly specified. But we dont track
+         * method-calls, thus, we cannot know whether a reply is expected.
+         * Fortunately, the kdbus forbids non-expected replies, so we can safely
+         * ignore any policy on those and let the kernel deal with it.
+         *
+         * TODO: To be correct, we should only ignore policy-tags that are
+         * applied on non-expected replies. However, so far we don't parse those
+         * tags so we let everything pass. I haven't seen a DENY policy tag on
+         * expected-replies, ever, so don't bother..
+         */
+        if (m->reply_cookie > 0)
+                return 0;
+
         if (from->is_kernel) {
-                uid_t sender_uid = (uid_t) -1;
-                gid_t sender_gid = (gid_t) -1;
+                uid_t sender_uid = UID_INVALID;
+                gid_t sender_gid = GID_INVALID;
                 char **sender_names = NULL;
                 bool granted = false;
 
@@ -983,38 +1019,54 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
                         return 0;
 
                 /* The message came from the kernel, and is sent to our legacy client. */
-                r = sd_bus_creds_get_well_known_names(&m->creds, &sender_names);
-                if (r < 0)
-                        return r;
+                sd_bus_creds_get_well_known_names(&m->creds, &sender_names);
 
                 (void) sd_bus_creds_get_uid(&m->creds, &sender_uid);
                 (void) sd_bus_creds_get_gid(&m->creds, &sender_gid);
 
+                if (sender_uid == UID_INVALID || sender_gid == GID_INVALID) {
+                        _cleanup_bus_creds_unref_ sd_bus_creds *sender_creds = NULL;
+
+                        /* If the message came from another legacy
+                         * client, then the message creds will be
+                         * missing, simply because on legacy clients
+                         * per-message creds were unknown. In this
+                         * case, query the creds of the peer
+                         * instead. */
+
+                        r = bus_get_name_creds_kdbus(from, m->sender, SD_BUS_CREDS_UID|SD_BUS_CREDS_GID, true, &sender_creds);
+                        if (r < 0)
+                                return handle_policy_error(m, r);
+
+                        (void) sd_bus_creds_get_uid(sender_creds, &sender_uid);
+                        (void) sd_bus_creds_get_gid(sender_creds, &sender_gid);
+                }
+
                 /* First check whether the sender can send the message to our name */
                 if (set_isempty(owned_names)) {
-                        if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, NULL, m->path, m->interface, m->member))
+                        if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, NULL, m->path, m->interface, m->member, false))
                                 granted = true;
                 } else {
                         Iterator i;
                         char *n;
 
                         SET_FOREACH(n, owned_names, i)
-                                if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, n, m->path, m->interface, m->member)) {
+                                if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, n, m->path, m->interface, m->member, false)) {
                                         granted = true;
                                         break;
                                 }
                 }
 
                 if (granted) {
-                        /* Then check whether us, the recipient can recieve from the sender's name */
+                        /* Then check whether us (the recipient) can receive from the sender's name */
                         if (strv_isempty(sender_names)) {
-                                if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member))
+                                if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member, false))
                                         return 0;
                         } else {
                                 char **n;
 
                                 STRV_FOREACH(n, sender_names) {
-                                        if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member))
+                                        if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member, false))
                                                 return 0;
                                 }
                         }
@@ -1022,7 +1074,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
 
                 /* Return an error back to the caller */
                 if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
-                        return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy.");
+                        return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy.");
 
                 /* Return 1, indicating that the message shall not be processed any further */
                 return 1;
@@ -1030,8 +1082,8 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
 
         if (to->is_kernel) {
                 _cleanup_bus_creds_unref_ sd_bus_creds *destination_creds = NULL;
-                uid_t destination_uid = (uid_t) -1;
-                gid_t destination_gid = (gid_t) -1;
+                uid_t destination_uid = UID_INVALID;
+                gid_t destination_gid = GID_INVALID;
                 const char *destination_unique = NULL;
                 char **destination_names = NULL;
                 bool granted = false;
@@ -1042,33 +1094,32 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
 
                 /* The message came from the legacy client, and is sent to kdbus. */
                 if (m->destination) {
-                        r = sd_bus_get_name_creds(to, m->destination,
-                                                  SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
-                                                  SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID, &destination_creds);
-                        if (r < 0)
-                                return r;
-
-                        r = sd_bus_creds_get_well_known_names(destination_creds, &destination_names);
+                        r = bus_get_name_creds_kdbus(to, m->destination,
+                                                     SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
+                                                     SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID,
+                                                     true, &destination_creds);
                         if (r < 0)
-                                return r;
+                                return handle_policy_error(m, r);
 
                         r = sd_bus_creds_get_unique_name(destination_creds, &destination_unique);
                         if (r < 0)
-                                return r;
+                                return handle_policy_error(m, r);
+
+                        sd_bus_creds_get_well_known_names(destination_creds, &destination_names);
 
                         (void) sd_bus_creds_get_uid(destination_creds, &destination_uid);
                         (void) sd_bus_creds_get_gid(destination_creds, &destination_gid);
                 }
 
-                /* First check if we, the sender can send to this name */
+                /* First check if we (the sender) can send to this name */
                 if (strv_isempty(destination_names)) {
-                        if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member))
+                        if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member, true))
                                 granted = true;
                 } else {
                         char **n;
 
                         STRV_FOREACH(n, destination_names) {
-                                if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member)) {
+                                if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member, true)) {
 
                                         /* If we made a receiver decision,
                                            then remember which name's policy
@@ -1097,22 +1148,32 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
 
                 /* Then check if the recipient can receive from our name */
                 if (granted) {
-                        if (set_isempty(owned_names)) {
-                                if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, NULL, m->path, m->interface, m->member))
+                        if (sd_bus_message_is_signal(m, NULL, NULL)) {
+                                /* If we forward a signal from dbus-1 to kdbus,
+                                 * we have no idea who the recipient is.
+                                 * Therefore, we cannot apply any dbus-1
+                                 * receiver policies that match on receiver
+                                 * credentials. We know sd-bus always sets
+                                 * KDBUS_MSG_SIGNAL, so the kernel applies
+                                 * receiver policies to the message. Therefore,
+                                 * skip policy checks in this case. */
+                                return 0;
+                        } else if (set_isempty(owned_names)) {
+                                if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, NULL, m->path, m->interface, m->member, true))
                                         return 0;
                         } else {
                                 Iterator i;
                                 char *n;
 
                                 SET_FOREACH(n, owned_names, i)
-                                        if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, n, m->path, m->interface, m->member))
+                                        if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, n, m->path, m->interface, m->member, true))
                                                 return 0;
                         }
                 }
 
                 /* Return an error back to the caller */
                 if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
-                        return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy.");
+                        return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy.");
 
                 /* Return 1, indicating that the message shall not be processed any further */
                 return 1;
@@ -1159,34 +1220,24 @@ static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hell
                 return 0;
 
         r = sd_bus_message_new_method_return(m, &n);
-        if (r < 0) {
-                log_error_errno(-r, "Failed to generate HELLO reply: %m");
-                return r;
-        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to generate HELLO reply: %m");
 
         r = sd_bus_message_append(n, "s", a->unique_name);
-        if (r < 0) {
-                log_error_errno(-r, "Failed to append unique name to HELLO reply: %m");
-                return r;
-        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to append unique name to HELLO reply: %m");
 
         r = bus_message_append_sender(n, "org.freedesktop.DBus");
-        if (r < 0) {
-                log_error_errno(-r, "Failed to append sender to HELLO reply: %m");
-                return r;
-        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to append sender to HELLO reply: %m");
 
         r = bus_seal_synthetic_message(b, n);
-        if (r < 0) {
-                log_error_errno(-r, "Failed to seal HELLO reply: %m");
-                return r;
-        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to seal HELLO reply: %m");
 
         r = sd_bus_send(b, n, NULL);
-        if (r < 0) {
-                log_error_errno(-r, "Failed to send HELLO reply: %m");
-                return r;
-        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to send HELLO reply: %m");
 
         n = sd_bus_message_unref(n);
         r = sd_bus_message_new_signal(
@@ -1195,34 +1246,24 @@ static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hell
                         "/org/freedesktop/DBus",
                         "org.freedesktop.DBus",
                         "NameAcquired");
-        if (r < 0) {
-                log_error_errno(-r, "Failed to allocate initial NameAcquired message: %m");
-                return r;
-        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to allocate initial NameAcquired message: %m");
 
         r = sd_bus_message_append(n, "s", a->unique_name);
-        if (r < 0) {
-                log_error_errno(-r, "Failed to append unique name to NameAcquired message: %m");
-                return r;
-        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to append unique name to NameAcquired message: %m");
 
         r = bus_message_append_sender(n, "org.freedesktop.DBus");
-        if (r < 0) {
-                log_error_errno(-r, "Failed to append sender to NameAcquired message: %m");
-                return r;
-        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to append sender to NameAcquired message: %m");
 
         r = bus_seal_synthetic_message(b, n);
-        if (r < 0) {
-                log_error_errno(-r, "Failed to seal NameAcquired message: %m");
-                return r;
-        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to seal NameAcquired message: %m");
 
         r = sd_bus_send(b, n, NULL);
-        if (r < 0) {
-                log_error_errno(-r, "Failed to send NameAcquired message: %m");
-                return r;
-        }
+        if (r < 0)
+                return log_error_errno(r, "Failed to send NameAcquired message: %m");
 
         return 1;
 }
@@ -1257,6 +1298,23 @@ static int patch_sender(sd_bus *a, sd_bus_message *m) {
         return 0;
 }
 
+static int mac_smack_apply_label_and_drop_cap_mac_admin(pid_t its_pid, const char *new_label) {
+#ifdef HAVE_SMACK
+        int r = 0, k;
+
+        if (!mac_smack_use())
+                return 0;
+
+        if (new_label && its_pid > 0)
+                r = mac_smack_apply_pid(its_pid, new_label);
+
+        k = drop_capability(CAP_MAC_ADMIN);
+        return r < 0 ? r : k;
+#else
+        return 0;
+#endif
+}
+
 int main(int argc, char *argv[]) {
 
         _cleanup_bus_close_unref_ sd_bus *a = NULL, *b = NULL;
@@ -1268,6 +1326,7 @@ int main(int argc, char *argv[]) {
         _cleanup_free_ char *peersec = NULL;
         Policy policy_buffer = {}, *policy = NULL;
         _cleanup_set_free_free_ Set *owned_names = NULL;
+        uid_t original_uid;
 
         log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
         log_parse_environment();
@@ -1289,6 +1348,8 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
+        original_uid = getuid();
+
         is_unix =
                 sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
                 sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
@@ -1296,6 +1357,10 @@ int main(int argc, char *argv[]) {
         if (is_unix) {
                 (void) getpeercred(in_fd, &ucred);
                 (void) getpeersec(in_fd, &peersec);
+
+                r = mac_smack_apply_label_and_drop_cap_mac_admin(getpid(), peersec);
+                if (r < 0)
+                        log_warning_errno(r, "Failed to set SMACK label (%s) and drop CAP_MAC_ADMIN: %m", peersec);
         }
 
         if (arg_drop_privileges) {
@@ -1305,7 +1370,7 @@ int main(int argc, char *argv[]) {
 
                 r = get_user_creds(&user, &uid, &gid, NULL, NULL);
                 if (r < 0) {
-                        log_error_errno(-r, "Cannot resolve user name %s: %m", user);
+                        log_error_errno(r, "Cannot resolve user name %s: %m", user);
                         goto finish;
                 }
 
@@ -1322,31 +1387,31 @@ int main(int argc, char *argv[]) {
 
         r = sd_bus_new(&a);
         if (r < 0) {
-                log_error_errno(-r, "Failed to allocate bus: %m");
+                log_error_errno(r, "Failed to allocate bus: %m");
                 goto finish;
         }
 
         r = sd_bus_set_description(a, "sd-proxy");
         if (r < 0) {
-                log_error_errno(-r, "Failed to set bus name: %m");
+                log_error_errno(r, "Failed to set bus name: %m");
                 goto finish;
         }
 
         r = sd_bus_set_address(a, arg_address);
         if (r < 0) {
-                log_error_errno(-r, "Failed to set address to connect to: %m");
+                log_error_errno(r, "Failed to set address to connect to: %m");
                 goto finish;
         }
 
         r = sd_bus_negotiate_fds(a, is_unix);
         if (r < 0) {
-                log_error_errno(-r, "Failed to set FD negotiation: %m");
+                log_error_errno(r, "Failed to set FD negotiation: %m");
                 goto finish;
         }
 
         r = sd_bus_negotiate_creds(a, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_GID|SD_BUS_CREDS_SELINUX_CONTEXT);
         if (r < 0) {
-                log_error_errno(-r, "Failed to set credential negotiation: %m");
+                log_error_errno(r, "Failed to set credential negotiation: %m");
                 goto finish;
         }
 
@@ -1355,13 +1420,13 @@ int main(int argc, char *argv[]) {
                 a->fake_pids_valid = true;
 
                 a->fake_creds.uid = ucred.uid;
-                a->fake_creds.euid = (uid_t) -1;
-                a->fake_creds.suid = (uid_t) -1;
-                a->fake_creds.fsuid = (uid_t) -1;
+                a->fake_creds.euid = UID_INVALID;
+                a->fake_creds.suid = UID_INVALID;
+                a->fake_creds.fsuid = UID_INVALID;
                 a->fake_creds.gid = ucred.gid;
-                a->fake_creds.egid = (gid_t) -1;
-                a->fake_creds.sgid = (gid_t) -1;
-                a->fake_creds.fsgid = (gid_t) -1;
+                a->fake_creds.egid = GID_INVALID;
+                a->fake_creds.sgid = GID_INVALID;
+                a->fake_creds.fsgid = GID_INVALID;
                 a->fake_creds_valid = true;
         }
 
@@ -1374,86 +1439,101 @@ int main(int argc, char *argv[]) {
 
         r = sd_bus_start(a);
         if (r < 0) {
-                log_error_errno(-r, "Failed to start bus client: %m");
+                log_error_errno(r, "Failed to start bus client: %m");
                 goto finish;
         }
 
-        r = sd_bus_get_owner_id(a, &server_id);
+        r = sd_bus_get_bus_id(a, &server_id);
         if (r < 0) {
-                log_error_errno(-r, "Failed to get server ID: %m");
+                log_error_errno(r, "Failed to get server ID: %m");
                 goto finish;
         }
 
         if (a->is_kernel) {
-                _cleanup_bus_creds_unref_ sd_bus_creds *bus_creds = NULL;
-                uid_t bus_uid;
-
-                r = sd_bus_get_owner_creds(a, SD_BUS_CREDS_UID, &bus_creds);
-                if (r < 0) {
-                        log_error_errno(-r, "Failed to get bus creds: %m");
-                        goto finish;
-                }
+                if (!arg_configuration) {
+                        const char *scope;
 
-                r = sd_bus_creds_get_uid(bus_creds, &bus_uid);
-                if (r < 0) {
-                        log_error_errno(-r, "Failed to get bus owner UID: %m");
-                        goto finish;
-                }
-
-                if (bus_uid == 0) {
-                        /* We only enforce the old XML policy on
-                         * kernel busses owned by root users. */
-
-                        r = policy_load(&policy_buffer, arg_configuration);
+                        r = sd_bus_get_scope(a, &scope);
                         if (r < 0) {
-                                log_error_errno(-r, "Failed to load policy: %m");
+                                log_error_errno(r, "Couldn't determine bus scope: %m");
                                 goto finish;
                         }
 
-                        if (!policy_check_hello(&policy_buffer, ucred.uid, ucred.gid)) {
-                                log_error("Policy denied connection");
-                                r = -EPERM;
+                        if (streq(scope, "system"))
+                                arg_configuration = strv_new(
+                                                "/etc/dbus-1/system.conf",
+                                                "/etc/dbus-1/system.d/",
+                                                "/etc/dbus-1/system-local.conf",
+                                                NULL);
+                        else if (streq(scope, "user"))
+                                arg_configuration = strv_new(
+                                                "/etc/dbus-1/session.conf",
+                                                "/etc/dbus-1/session.d/",
+                                                "/etc/dbus-1/session-local.conf",
+                                                NULL);
+                        else {
+                                log_error("Unknown scope %s, don't know which policy to load. Refusing.", scope);
                                 goto finish;
                         }
 
-                        policy_dump(&policy_buffer);
-                        policy = &policy_buffer;
+                        if (!arg_configuration) {
+                                r = log_oom();
+                                goto finish;
+                        }
+                }
+
+                r = policy_load(&policy_buffer, arg_configuration);
+                if (r < 0) {
+                        log_error_errno(r, "Failed to load policy: %m");
+                        goto finish;
+                }
+
+                policy = &policy_buffer;
+                /* policy_dump(policy); */
+
+                if (ucred.uid == original_uid)
+                        log_debug("Permitting access, since bus owner matches bus client.");
+                else if (policy_check_hello(policy, ucred.uid, ucred.gid))
+                        log_debug("Permitting access due to XML policy.");
+                else {
+                        r = log_error_errno(EPERM, "Policy denied connection.");
+                        goto finish;
                 }
         }
 
         r = sd_bus_new(&b);
         if (r < 0) {
-                log_error_errno(-r, "Failed to allocate bus: %m");
+                log_error_errno(r, "Failed to allocate bus: %m");
                 goto finish;
         }
 
         r = sd_bus_set_fd(b, in_fd, out_fd);
         if (r < 0) {
-                log_error_errno(-r, "Failed to set fds: %m");
+                log_error_errno(r, "Failed to set fds: %m");
                 goto finish;
         }
 
         r = sd_bus_set_server(b, 1, server_id);
         if (r < 0) {
-                log_error_errno(-r, "Failed to set server mode: %m");
+                log_error_errno(r, "Failed to set server mode: %m");
                 goto finish;
         }
 
         r = sd_bus_negotiate_fds(b, is_unix);
         if (r < 0) {
-                log_error_errno(-r, "Failed to set FD negotiation: %m");
+                log_error_errno(r, "Failed to set FD negotiation: %m");
                 goto finish;
         }
 
         r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_GID|SD_BUS_CREDS_SELINUX_CONTEXT);
         if (r < 0) {
-                log_error_errno(-r, "Failed to set credential negotiation: %m");
+                log_error_errno(r, "Failed to set credential negotiation: %m");
                 goto finish;
         }
 
         r = sd_bus_set_anonymous(b, true);
         if (r < 0) {
-                log_error_errno(-r, "Failed to set anonymous authentication: %m");
+                log_error_errno(r, "Failed to set anonymous authentication: %m");
                 goto finish;
         }
 
@@ -1461,13 +1541,13 @@ int main(int argc, char *argv[]) {
 
         r = sd_bus_start(b);
         if (r < 0) {
-                log_error_errno(-r, "Failed to start bus client: %m");
+                log_error_errno(r, "Failed to start bus client: %m");
                 goto finish;
         }
 
         r = rename_service(a, b);
         if (r < 0)
-                log_debug_errno(-r, "Failed to rename process: %m");
+                log_debug_errno(r, "Failed to rename process: %m");
 
         if (a->is_kernel) {
                 _cleanup_free_ char *match = NULL;
@@ -1475,7 +1555,7 @@ int main(int argc, char *argv[]) {
 
                 r = sd_bus_get_unique_name(a, &unique);
                 if (r < 0) {
-                        log_error_errno(-r, "Failed to get unique name: %m");
+                        log_error_errno(r, "Failed to get unique name: %m");
                         goto finish;
                 }
 
@@ -1495,7 +1575,7 @@ int main(int argc, char *argv[]) {
 
                 r = sd_bus_add_match(a, NULL, match, NULL, NULL);
                 if (r < 0) {
-                        log_error_errno(-r, "Failed to add match for NameLost: %m");
+                        log_error_errno(r, "Failed to add match for NameLost: %m");
                         goto finish;
                 }
 
@@ -1516,7 +1596,7 @@ int main(int argc, char *argv[]) {
 
                 r = sd_bus_add_match(a, NULL, match, NULL, NULL);
                 if (r < 0) {
-                        log_error_errno(-r, "Failed to add match for NameAcquired: %m");
+                        log_error_errno(r, "Failed to add match for NameAcquired: %m");
                         goto finish;
                 }
         }
@@ -1538,7 +1618,7 @@ int main(int argc, char *argv[]) {
                                 if (r == -ECONNRESET)
                                         r = 0;
                                 else
-                                        log_error_errno(-r, "Failed to process bus a: %m");
+                                        log_error_errno(r, "Failed to process bus a: %m");
 
                                 goto finish;
                         }
@@ -1555,7 +1635,7 @@ int main(int argc, char *argv[]) {
                                 k = synthesize_name_acquired(a, b, m);
                                 if (k < 0) {
                                         r = k;
-                                        log_error_errno(-r, "Failed to synthesize message: %m");
+                                        log_error_errno(r, "Failed to synthesize message: %m");
                                         goto finish;
                                 }
 
@@ -1565,7 +1645,7 @@ int main(int argc, char *argv[]) {
                                         k = process_policy(a, b, m, policy, &ucred, owned_names);
                                         if (k < 0) {
                                                 r = k;
-                                                log_error_errno(-r, "Failed to process policy: %m");
+                                                log_error_errno(r, "Failed to process policy: %m");
                                                 goto finish;
                                         } else if (k > 0) {
                                                 r = 1;
@@ -1576,14 +1656,26 @@ int main(int argc, char *argv[]) {
                                 if (!processed) {
                                         k = sd_bus_send(b, m, NULL);
                                         if (k < 0) {
-                                                if (k == -ECONNRESET)
+                                                if (k == -ECONNRESET) {
                                                         r = 0;
-                                                else {
+                                                        goto finish;
+                                                } else if (k == -EPERM && m->reply_cookie > 0) {
+                                                        /* If the peer tries to send a reply and it is rejected with EPERM
+                                                         * by the kernel, we ignore the error. This catches cases where the
+                                                         * original method-call didn't had EXPECT_REPLY set, but the proxy-peer
+                                                         * still sends a reply. This is allowed in dbus1, but not in kdbus. We
+                                                         * don't want to track reply-windows in the proxy, so we simply ignore
+                                                         * EPERM for all replies. The only downside is, that callers are no
+                                                         * longer notified if their replies are dropped. However, this is
+                                                         * equivalent to the caller's timeout to expire, so this should be
+                                                         * acceptable. Nobody sane sends replies without a matching method-call,
+                                                         * so nobody should care. */
+                                                        r = 1;
+                                                } else {
                                                         r = k;
-                                                        log_error_errno(-r, "Failed to send message to client: %m");
+                                                        log_error_errno(r, "Failed to send message to client: %m");
+                                                        goto finish;
                                                 }
-
-                                                goto finish;
                                         } else
                                                 r = 1;
                                 }
@@ -1600,7 +1692,7 @@ int main(int argc, char *argv[]) {
                         if (r == -ECONNRESET)
                                 r = 0;
                         else
-                                log_error_errno(-r, "Failed to process bus b: %m");
+                                log_error_errno(r, "Failed to process bus b: %m");
 
                         goto finish;
                 }
@@ -1617,7 +1709,7 @@ int main(int argc, char *argv[]) {
                         k = process_hello(a, b, m, &got_hello);
                         if (k < 0) {
                                 r = k;
-                                log_error_errno(-r, "Failed to process HELLO: %m");
+                                log_error_errno(r, "Failed to process HELLO: %m");
                                 goto finish;
                         } else if (k > 0) {
                                 processed = true;
@@ -1628,7 +1720,7 @@ int main(int argc, char *argv[]) {
                                 k = process_driver(a, b, m, policy, &ucred, owned_names);
                                 if (k < 0) {
                                         r = k;
-                                        log_error_errno(-r, "Failed to process driver calls: %m");
+                                        log_error_errno(r, "Failed to process driver calls: %m");
                                         goto finish;
                                 } else if (k > 0) {
                                         processed = true;
@@ -1642,7 +1734,7 @@ int main(int argc, char *argv[]) {
                                                         k = process_policy(b, a, m, policy, &ucred, owned_names);
                                                         if (k < 0) {
                                                                 r = k;
-                                                                log_error_errno(-r, "Failed to process policy: %m");
+                                                                log_error_errno(r, "Failed to process policy: %m");
                                                                 goto finish;
                                                         } else if (k > 0) {
                                                                 processed = true;
@@ -1653,17 +1745,20 @@ int main(int argc, char *argv[]) {
 
                                                 k = sd_bus_send(a, m, NULL);
                                                 if (k < 0) {
-                                                        if (k == -EREMCHG)
+                                                        if (k == -EREMCHG) {
                                                                 /* The name database changed since the policy check, hence let's check again */
                                                                 continue;
-                                                        else if (k == -ECONNRESET)
+                                                        } else if (k == -ECONNRESET) {
                                                                 r = 0;
-                                                        else {
+                                                                goto finish;
+                                                        } else if (k == -EPERM && m->reply_cookie > 0) {
+                                                                /* see above why EPERM is ignored for replies */
+                                                                r = 1;
+                                                        } else {
                                                                 r = k;
-                                                                log_error_errno(-r, "Failed to send message to bus: %m");
+                                                                log_error_errno(r, "Failed to send message to bus: %m");
+                                                                goto finish;
                                                         }
-
-                                                        goto finish;
                                                 } else
                                                         r = 1;
 
@@ -1678,31 +1773,31 @@ int main(int argc, char *argv[]) {
 
                 fd = sd_bus_get_fd(a);
                 if (fd < 0) {
-                        log_error_errno(-r, "Failed to get fd: %m");
+                        log_error_errno(r, "Failed to get fd: %m");
                         goto finish;
                 }
 
                 events_a = sd_bus_get_events(a);
                 if (events_a < 0) {
-                        log_error_errno(-r, "Failed to get events mask: %m");
+                        log_error_errno(r, "Failed to get events mask: %m");
                         goto finish;
                 }
 
                 r = sd_bus_get_timeout(a, &timeout_a);
                 if (r < 0) {
-                        log_error_errno(-r, "Failed to get timeout: %m");
+                        log_error_errno(r, "Failed to get timeout: %m");
                         goto finish;
                 }
 
                 events_b = sd_bus_get_events(b);
                 if (events_b < 0) {
-                        log_error_errno(-r, "Failed to get events mask: %m");
+                        log_error_errno(r, "Failed to get events mask: %m");
                         goto finish;
                 }
 
                 r = sd_bus_get_timeout(b, &timeout_b);
                 if (r < 0) {
-                        log_error_errno(-r, "Failed to get timeout: %m");
+                        log_error_errno(r, "Failed to get timeout: %m");
                         goto finish;
                 }
 
@@ -1732,7 +1827,7 @@ int main(int argc, char *argv[]) {
 
                 r = ppoll(pollfd, 3, ts, NULL);
                 if (r < 0) {
-                        log_error("ppoll() failed: %m");
+                        log_error_errno(errno, "ppoll() failed: %m");
                         goto finish;
                 }
         }
Unnamed repository; edit this file 'description' to name the repository.