#include <unistd.h>
#include <string.h>
#include <errno.h>
-#include <sys/poll.h>
+#include <poll.h>
#include <stddef.h>
#include <getopt.h>
if (r < 0)
return log_error_errno(r, "Failed to set FD negotiation: %m");
- r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_GID|SD_BUS_CREDS_SELINUX_CONTEXT);
+ r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SELINUX_CONTEXT);
if (r < 0)
return log_error_errno(r, "Failed to set credential negotiation: %m");
b->fake_pids_valid = true;
b->fake_creds.uid = p->local_creds.uid;
- b->fake_creds.euid = UID_INVALID;
- b->fake_creds.suid = UID_INVALID;
- b->fake_creds.fsuid = UID_INVALID;
+ b->fake_creds.euid = p->local_creds.uid;
+ b->fake_creds.suid = p->local_creds.uid;
+ b->fake_creds.fsuid = p->local_creds.uid;
b->fake_creds.gid = p->local_creds.gid;
- b->fake_creds.egid = GID_INVALID;
- b->fake_creds.sgid = GID_INVALID;
- b->fake_creds.fsgid = GID_INVALID;
+ b->fake_creds.egid = p->local_creds.gid;
+ b->fake_creds.sgid = p->local_creds.gid;
+ b->fake_creds.fsgid = p->local_creds.gid;
b->fake_creds_valid = true;
}
if (r < 0)
return log_error_errno(r, "Failed to set FD negotiation: %m");
- r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_GID|SD_BUS_CREDS_SELINUX_CONTEXT);
+ r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SELINUX_CONTEXT);
if (r < 0)
return log_error_errno(r, "Failed to set credential negotiation: %m");
return NULL;
}
-int proxy_load_policy(Proxy *p, char **configuration) {
+int proxy_set_policy(Proxy *p, SharedPolicy *sp, char **configuration) {
_cleanup_strv_free_ char **strv = NULL;
+ Policy *policy;
int r;
assert(p);
+ assert(sp);
/* no need to load legacy policy if destination is not kdbus */
if (!p->dest_bus->is_kernel)
return 0;
+ p->policy = sp;
+
+ policy = shared_policy_acquire(sp);
+ if (policy) {
+ /* policy already pre-loaded */
+ shared_policy_release(sp, policy);
+ return 0;
+ }
+
if (!configuration) {
const char *scope;
configuration = strv;
}
- r = policy_load(&p->policy_buffer, configuration);
- if (r < 0)
- return log_error_errno(r, "Failed to load policy: %m");
-
- p->policy = &p->policy_buffer;
- /* policy_dump(p->policy); */
-
- return 0;
+ return shared_policy_preload(sp, configuration);
}
int proxy_hello_policy(Proxy *p, uid_t original_uid) {
+ Policy *policy;
+ int r = 0;
+
assert(p);
if (!p->policy)
return 0;
+ policy = shared_policy_acquire(p->policy);
+
if (p->local_creds.uid == original_uid)
log_debug("Permitting access, since bus owner matches bus client.");
- else if (policy_check_hello(p->policy, p->local_creds.uid, p->local_creds.gid))
+ else if (policy_check_hello(policy, p->local_creds.uid, p->local_creds.gid))
log_debug("Permitting access due to XML policy.");
else
- return log_error_errno(EPERM, "Policy denied connection.");
+ r = log_error_errno(EPERM, "Policy denied connection.");
- return 0;
+ shared_policy_release(p->policy, policy);
+
+ return r;
}
static int proxy_wait(Proxy *p) {
return r;
}
-static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) {
+static int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) {
int r;
assert(from);
uid_t sender_uid = UID_INVALID;
gid_t sender_gid = GID_INVALID;
char **sender_names = NULL;
- bool granted = false;
/* Driver messages are always OK */
if (streq_ptr(m->sender, "org.freedesktop.DBus"))
/* The message came from the kernel, and is sent to our legacy client. */
sd_bus_creds_get_well_known_names(&m->creds, &sender_names);
- (void) sd_bus_creds_get_uid(&m->creds, &sender_uid);
- (void) sd_bus_creds_get_gid(&m->creds, &sender_gid);
+ (void) sd_bus_creds_get_euid(&m->creds, &sender_uid);
+ (void) sd_bus_creds_get_egid(&m->creds, &sender_gid);
if (sender_uid == UID_INVALID || sender_gid == GID_INVALID) {
_cleanup_bus_creds_unref_ sd_bus_creds *sender_creds = NULL;
* case, query the creds of the peer
* instead. */
- r = bus_get_name_creds_kdbus(from, m->sender, SD_BUS_CREDS_UID|SD_BUS_CREDS_GID, true, &sender_creds);
+ r = bus_get_name_creds_kdbus(from, m->sender, SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID, true, &sender_creds);
if (r < 0)
return handle_policy_error(m, r);
- (void) sd_bus_creds_get_uid(sender_creds, &sender_uid);
- (void) sd_bus_creds_get_gid(sender_creds, &sender_gid);
+ (void) sd_bus_creds_get_euid(sender_creds, &sender_uid);
+ (void) sd_bus_creds_get_egid(sender_creds, &sender_gid);
}
/* First check whether the sender can send the message to our name */
- if (set_isempty(owned_names)) {
- if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, NULL, m->path, m->interface, m->member, false))
- granted = true;
- } else {
- Iterator i;
- char *n;
-
- SET_FOREACH(n, owned_names, i)
- if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, n, m->path, m->interface, m->member, false)) {
- granted = true;
- break;
- }
- }
-
- if (granted) {
- /* Then check whether us (the recipient) can receive from the sender's name */
- if (strv_isempty(sender_names)) {
- if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member, false))
- return 0;
- } else {
- char **n;
-
- STRV_FOREACH(n, sender_names) {
- if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member, false))
- return 0;
- }
- }
- }
+ if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, owned_names, NULL, m->path, m->interface, m->member, false, NULL) &&
+ policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, sender_names, m->path, m->interface, m->member, false))
+ return 0;
/* Return an error back to the caller */
if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
gid_t destination_gid = GID_INVALID;
const char *destination_unique = NULL;
char **destination_names = NULL;
- bool granted = false;
+ char *n;
/* Driver messages are always OK */
if (streq_ptr(m->destination, "org.freedesktop.DBus"))
if (m->destination) {
r = bus_get_name_creds_kdbus(to, m->destination,
SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
- SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID,
+ SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_PID,
true, &destination_creds);
if (r < 0)
return handle_policy_error(m, r);
sd_bus_creds_get_well_known_names(destination_creds, &destination_names);
- (void) sd_bus_creds_get_uid(destination_creds, &destination_uid);
- (void) sd_bus_creds_get_gid(destination_creds, &destination_gid);
+ (void) sd_bus_creds_get_euid(destination_creds, &destination_uid);
+ (void) sd_bus_creds_get_egid(destination_creds, &destination_gid);
}
/* First check if we (the sender) can send to this name */
- if (strv_isempty(destination_names)) {
- if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member, true))
- granted = true;
- } else {
- char **n;
-
- STRV_FOREACH(n, destination_names) {
- if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, *n, m->path, m->interface, m->member, true)) {
-
- /* If we made a receiver decision,
- then remember which name's policy
- we used, and to which unique ID it
- mapped when we made the
- decision. Then, let's pass this to
- the kernel when sending the
- message, so that it refuses the
- operation should the name and
- unique ID not map to each other
- anymore. */
-
- r = free_and_strdup(&m->destination_ptr, *n);
- if (r < 0)
- return r;
-
- r = bus_kernel_parse_unique_name(destination_unique, &m->verify_destination_id);
- if (r < 0)
- break;
-
- granted = true;
- break;
- }
+ if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, destination_names, m->path, m->interface, m->member, true, &n)) {
+ if (n) {
+ /* If we made a receiver decision, then remember which
+ * name's policy we used, and to which unique ID it
+ * mapped when we made the decision. Then, let's pass
+ * this to the kernel when sending the message, so that
+ * it refuses the operation should the name and unique
+ * ID not map to each other anymore. */
+
+ r = free_and_strdup(&m->destination_ptr, n);
+ if (r < 0)
+ return r;
+
+ r = bus_kernel_parse_unique_name(destination_unique, &m->verify_destination_id);
+ if (r < 0)
+ return r;
}
- }
- /* Then check if the recipient can receive from our name */
- if (granted) {
if (sd_bus_message_is_signal(m, NULL, NULL)) {
/* If we forward a signal from dbus-1 to kdbus,
* we have no idea who the recipient is.
* receiver policies to the message. Therefore,
* skip policy checks in this case. */
return 0;
- } else if (set_isempty(owned_names)) {
- if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, NULL, m->path, m->interface, m->member, true))
- return 0;
- } else {
- Iterator i;
- char *n;
-
- SET_FOREACH(n, owned_names, i)
- if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, n, m->path, m->interface, m->member, true))
- return 0;
+ } else if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, owned_names, NULL, m->path, m->interface, m->member, true)) {
+ return 0;
}
}
return 0;
}
+static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, SharedPolicy *sp, const struct ucred *our_ucred, Set *owned_names) {
+ Policy *policy;
+ int r;
+
+ assert(sp);
+
+ policy = shared_policy_acquire(sp);
+ r = process_policy_unlocked(from, to, m, policy, our_ucred, owned_names);
+ shared_policy_release(sp, policy);
+
+ return r;
+}
+
static int process_hello(Proxy *p, sd_bus_message *m) {
_cleanup_bus_message_unref_ sd_bus_message *n = NULL;
bool is_hello;
~ianmdlvl / elogind.git / blobdiff