along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
+#include <sys/capability.h>
+
#include "strv.h"
#include "set.h"
#include "bus-internal.h"
sd_bus *bus,
const char *path,
struct node_vtable *c,
- void **userdata) {
+ void **userdata,
+ sd_bus_error *error) {
void *u;
int r;
u = c->userdata;
if (c->find) {
- r = c->find(bus, path, c->interface, &u, u);
- if (r <= 0)
+ r = c->find(bus, path, c->interface, u, &u, error);
+ if (r < 0)
+ return r;
+ if (sd_bus_error_is_set(error))
+ return -sd_bus_error_get_errno(error);
+ if (r == 0)
return r;
}
sd_bus *bus,
const char *path,
struct vtable_member *p,
- void **userdata) {
+ void **userdata,
+ sd_bus_error *error) {
void *u;
int r;
assert(p);
assert(userdata);
- r = node_vtable_get_userdata(bus, path, p->parent, &u);
+ r = node_vtable_get_userdata(bus, path, p->parent, &u, error);
if (r <= 0)
return r;
if (bus->nodes_modified)
sd_bus *bus,
const char *prefix,
struct node_enumerator *first,
- Set *s) {
+ Set *s,
+ sd_bus_error *error) {
struct node_enumerator *c;
int r;
if (bus->nodes_modified)
return 0;
- r = c->callback(bus, prefix, &children, c->userdata);
+ r = c->callback(bus, prefix, c->userdata, &children, error);
if (r < 0)
return r;
+ if (sd_bus_error_is_set(error))
+ return -sd_bus_error_get_errno(error);
STRV_FOREACH(k, children) {
if (r < 0) {
}
r = set_consume(s, *k);
+ if (r == -EEXIST)
+ r = 0;
}
free(children);
sd_bus *bus,
const char *prefix,
struct node *n,
- Set *s) {
+ Set *s,
+ sd_bus_error *error) {
struct node *i;
int r;
assert(n);
assert(s);
- r = add_enumerated_to_set(bus, prefix, n->enumerators, s);
+ r = add_enumerated_to_set(bus, prefix, n->enumerators, s, error);
if (r < 0)
return r;
if (bus->nodes_modified)
if (r < 0 && r != -EEXIST)
return r;
- r = add_subtree_to_set(bus, prefix, i, s);
+ r = add_subtree_to_set(bus, prefix, i, s, error);
if (r < 0)
return r;
if (bus->nodes_modified)
sd_bus *bus,
const char *prefix,
struct node *n,
- Set **_s) {
+ Set **_s,
+ sd_bus_error *error) {
Set *s = NULL;
int r;
if (!s)
return -ENOMEM;
- r = add_subtree_to_set(bus, prefix, n, s);
+ r = add_subtree_to_set(bus, prefix, n, s, error);
if (r < 0) {
set_free_free(s);
return r;
return 0;
}
+#define CAPABILITY_SHIFT(x) (((x) >> __builtin_ctzll(_SD_BUS_VTABLE_CAPABILITY_MASK)) & 0xFFFF)
+
+static int check_access(sd_bus *bus, sd_bus_message *m, struct vtable_member *c, sd_bus_error *error) {
+ _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
+ uint64_t cap;
+ uid_t uid;
+ int r;
+
+ assert(bus);
+ assert(m);
+ assert(c);
+
+ /* If the entire bus is trusted let's grant access */
+ if (bus->trusted)
+ return 0;
+
+ /* If the member is marked UNPRIVILEGED let's grant access */
+ if (c->vtable->flags & SD_BUS_VTABLE_UNPRIVILEGED)
+ return 0;
+
+ /* If we are not connected to kdbus we cannot retrieve the
+ * effective capability set without race. Since we need this
+ * for a security decision we cannot use racy data, hence
+ * don't request it. */
+ if (bus->is_kernel)
+ r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_UID|SD_BUS_CREDS_EFFECTIVE_CAPS, &creds);
+ else
+ r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_UID, &creds);
+ if (r < 0)
+ return r;
+
+ /* Check have the caller has the requested capability
+ * set. Note that the flags value contains the capability
+ * number plus one, which we need to subtract here. We do this
+ * so that we have 0 as special value for "default
+ * capability". */
+ cap = CAPABILITY_SHIFT(c->vtable->flags);
+ if (cap == 0)
+ cap = CAPABILITY_SHIFT(c->parent->vtable[0].flags);
+ if (cap == 0)
+ cap = CAP_SYS_ADMIN;
+ else
+ cap --;
+
+ r = sd_bus_creds_has_effective_cap(creds, cap);
+ if (r > 0)
+ return 1;
+
+ /* Caller has same UID as us, then let's grant access */
+ r = sd_bus_creds_get_uid(creds, &uid);
+ if (r >= 0) {
+ if (uid == getuid())
+ return 1;
+ }
+
+ return sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "Access to %s.%s() not permitted.", c->interface, c->member);
+}
+
static int method_callbacks_run(
sd_bus *bus,
sd_bus_message *m,
bool require_fallback,
bool *found_object) {
+ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
const char *signature;
void *u;
int r;
if (require_fallback && !c->parent->is_fallback)
return 0;
- r = node_vtable_get_userdata(bus, m->path, c->parent, &u);
+ r = check_access(bus, m, c, &error);
+ if (r < 0)
+ return bus_maybe_reply_error(m, r, &error);
+
+ r = node_vtable_get_userdata(bus, m->path, c->parent, &u, &error);
if (r <= 0)
- return r;
+ return bus_maybe_reply_error(m, r, &error);
if (bus->nodes_modified)
return 0;
if (!signature)
return -EINVAL;
- if (!streq(strempty(c->vtable->x.method.signature), signature)) {
- r = sd_bus_reply_method_errorf(m,
- SD_BUS_ERROR_INVALID_ARGS,
- "Invalid arguments '%s' to call %s:%s, expecting '%s'.",
- signature, c->interface, c->member, strempty(c->vtable->x.method.signature));
- if (r < 0)
- return r;
+ if (!streq(strempty(c->vtable->x.method.signature), signature))
+ return sd_bus_reply_method_errorf(
+ m,
+ SD_BUS_ERROR_INVALID_ARGS,
+ "Invalid arguments '%s' to call %s.%s(), expecting '%s'.",
+ signature, c->interface, c->member, strempty(c->vtable->x.method.signature));
- return 1;
- }
+ /* Keep track what the signature of the reply to this message
+ * should be, so that this can be enforced when sealing the
+ * reply. */
+ m->enforced_reply_signature = strempty(c->vtable->x.method.result);
if (c->vtable->x.method.handler) {
- _cleanup_bus_error_free_ sd_bus_error error_buffer = SD_BUS_ERROR_NULL;
-
- r = c->vtable->x.method.handler(bus, m, u, &error_buffer);
-
- return bus_maybe_reply_error(m, r, &error_buffer);
+ r = c->vtable->x.method.handler(bus, m, u, &error);
+ return bus_maybe_reply_error(m, r, &error);
}
/* If the method callback is NULL, make this a successful NOP */
sd_bus_error *error) {
const void *p;
+ int r;
assert(bus);
assert(v);
assert(property);
assert(reply);
- if (v->x.property.get)
- return v->x.property.get(bus, path, interface, property, reply, userdata, error);
+ if (v->x.property.get) {
+ r = v->x.property.get(bus, path, interface, property, reply, userdata, error);
+ if (r < 0)
+ return r;
+ if (sd_bus_error_is_set(error))
+ return -sd_bus_error_get_errno(error);
+ return r;
+ }
/* Automatic handling if no callback is defined. */
assert(property);
assert(value);
- if (v->x.property.set)
- return v->x.property.set(bus, path, interface, property, value, userdata, error);
+ if (v->x.property.set) {
+ r = v->x.property.set(bus, path, interface, property, value, userdata, error);
+ if (r < 0)
+ return r;
+ if (sd_bus_error_is_set(error))
+ return -sd_bus_error_get_errno(error);
+ return r;
+ }
/* Automatic handling if no callback is defined. */
if (require_fallback && !c->parent->is_fallback)
return 0;
- r = vtable_property_get_userdata(bus, m->path, c, &u);
+ r = vtable_property_get_userdata(bus, m->path, c, &u, &error);
if (r <= 0)
- return r;
+ return bus_maybe_reply_error(m, r, &error);
if (bus->nodes_modified)
return 0;
if (r < 0)
return r;
+ /* Note that we do not do an access check here. Read
+ * access to properties is always unrestricted, since
+ * PropertiesChanged signals broadcast contents
+ * anyway. */
+
r = invoke_property_get(bus, c->vtable, m->path, c->interface, c->member, reply, u, &error);
if (r < 0)
- return sd_bus_reply_method_errno(m, r, &error);
- if (sd_bus_error_is_set(&error))
- return sd_bus_reply_method_error(m, &error);
+ return bus_maybe_reply_error(m, r, &error);
if (bus->nodes_modified)
return 0;
if (r < 0)
return r;
+ r = check_access(bus, m, c, &error);
+ if (r < 0)
+ return bus_maybe_reply_error(m, r, &error);
+
r = invoke_property_set(bus, c->vtable, m->path, c->interface, c->member, m, u, &error);
if (r < 0)
- return sd_bus_reply_method_errno(m, r, &error);
- if (sd_bus_error_is_set(&error))
- return sd_bus_reply_method_error(m, &error);
+ return bus_maybe_reply_error(m, r, &error);
if (bus->nodes_modified)
return 0;
assert(path);
assert(c);
+ if (c->vtable[0].flags & SD_BUS_VTABLE_HIDDEN)
+ return 1;
+
for (v = c->vtable+1; v->type != _SD_BUS_VTABLE_END; v++) {
if (v->type != _SD_BUS_VTABLE_PROPERTY && v->type != _SD_BUS_VTABLE_WRITABLE_PROPERTY)
continue;
+ if (v->flags & SD_BUS_VTABLE_HIDDEN)
+ continue;
+
r = sd_bus_message_open_container(reply, 'e', "sv");
if (r < 0)
return r;
return r;
r = invoke_property_get(bus, v, path, c->interface, v->x.property.member, reply, vtable_property_convert_userdata(v, userdata), error);
- if (sd_bus_error_is_set(error))
- return 0;
- if (r < 0) {
- sd_bus_error_set_errno(error, r);
- return 0;
- }
+ if (r < 0)
+ return r;
if (bus->nodes_modified)
return 0;
if (require_fallback && !c->is_fallback)
continue;
- r = node_vtable_get_userdata(bus, m->path, c, &u);
+ r = node_vtable_get_userdata(bus, m->path, c, &u, &error);
if (r < 0)
- return r;
+ return bus_maybe_reply_error(m, r, &error);
if (bus->nodes_modified)
return 0;
if (r == 0)
r = vtable_append_all_properties(bus, reply, m->path, c, u, &error);
if (r < 0)
- return r;
-
- if (sd_bus_error_is_set(&error)) {
- r = sd_bus_reply_method_error(m, &error);
- if (r < 0)
- return r;
-
- return 1;
- }
+ return bus_maybe_reply_error(m, r, &error);
if (bus->nodes_modified)
return 0;
}
}
LIST_FOREACH(vtables, c, n->vtables) {
+ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
if (require_fallback && !c->is_fallback)
continue;
- if (node_vtable_get_userdata(bus, path, c, NULL) > 0)
+ if (node_vtable_get_userdata(bus, path, c, NULL, &error) > 0)
return true;
if (bus->nodes_modified)
return false;
bool require_fallback,
bool *found_object) {
+ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
_cleanup_set_free_free_ Set *s = NULL;
const char *previous_interface = NULL;
assert(n);
assert(found_object);
- r = get_child_nodes(bus, m->path, n, &s);
+ r = get_child_nodes(bus, m->path, n, &s, &error);
if (r < 0)
- return r;
+ return bus_maybe_reply_error(m, r, &error);
if (bus->nodes_modified)
return 0;
- r = introspect_begin(&intro);
+ r = introspect_begin(&intro, bus->trusted);
if (r < 0)
return r;
if (require_fallback && !c->is_fallback)
continue;
- r = node_vtable_get_userdata(bus, m->path, c, NULL);
- if (r < 0)
- return r;
- if (bus->nodes_modified)
- return 0;
+ r = node_vtable_get_userdata(bus, m->path, c, NULL, &error);
+ if (r < 0) {
+ r = bus_maybe_reply_error(m, r, &error);
+ goto finish;
+ }
+ if (bus->nodes_modified) {
+ r = 0;
+ goto finish;
+ }
if (r == 0)
continue;
empty = false;
+ if (c->vtable[0].flags & SD_BUS_VTABLE_HIDDEN)
+ continue;
+
if (!streq_ptr(previous_interface, c->interface)) {
if (previous_interface)
if (require_fallback && !i->is_fallback)
continue;
- r = node_vtable_get_userdata(bus, path, i, &u);
+ r = node_vtable_get_userdata(bus, path, i, &u, error);
if (r < 0)
return r;
if (bus->nodes_modified)
r = vtable_append_all_properties(bus, reply, path, i, u, error);
if (r < 0)
return r;
- if (sd_bus_error_is_set(error))
- return 0;
if (bus->nodes_modified)
return 0;
r = object_manager_serialize_path(bus, reply, path, path, false, error);
if (r < 0)
return r;
- if (sd_bus_error_is_set(error))
- return 0;
if (bus->nodes_modified)
return 0;
r = object_manager_serialize_path(bus, reply, prefix, path, true, error);
if (r < 0)
return r;
- if (sd_bus_error_is_set(error))
- return 0;
if (bus->nodes_modified)
return 0;
}
bool require_fallback,
bool *found_object) {
+ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
_cleanup_set_free_free_ Set *s = NULL;
bool empty;
if (!bus_node_with_object_manager(bus, n))
return 0;
- r = get_child_nodes(bus, m->path, n, &s);
+ r = get_child_nodes(bus, m->path, n, &s, &error);
if (r < 0)
return r;
if (bus->nodes_modified)
char *path;
SET_FOREACH(path, s, i) {
- _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
-
r = object_manager_serialize_path_and_fallbacks(bus, reply, path, &error);
if (r < 0)
- return -ENOMEM;
-
- if (sd_bus_error_is_set(&error)) {
- r = sd_bus_reply_method_error(m, &error);
- if (r < 0)
- return r;
-
- return 1;
- }
+ return r;
if (bus->nodes_modified)
return 0;
r = sd_bus_message_read(m, "ss", &vtable_key.interface, &vtable_key.member);
if (r < 0)
- return r;
+ return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_INVALID_ARGS, "Expected interface and member parameters");
v = hashmap_get(bus->vtable_properties, &vtable_key);
if (v) {
r = sd_bus_message_read(m, "s", &iface);
if (r < 0)
- return r;
+ return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_INVALID_ARGS, "Expected interface parameter");
if (iface[0] == 0)
iface = NULL;
} else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus.Introspectable", "Introspect")) {
+ if (!isempty(sd_bus_message_get_signature(m, true)))
+ return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_INVALID_ARGS, "Expected no parameters");
+
r = process_introspect(bus, m, n, require_fallback, found_object);
if (r != 0)
return r;
} else if (sd_bus_message_is_method_call(m, "org.freedesktop.DBus.ObjectManager", "GetManagedObjects")) {
+ if (!isempty(sd_bus_message_get_signature(m, true)))
+ return sd_bus_reply_method_errorf(m, SD_BUS_ERROR_INVALID_ARGS, "Expected no parameters");
+
r = process_get_managed_objects(bus, m, n, require_fallback, found_object);
if (r != 0)
return r;
if (m->header->type != SD_BUS_MESSAGE_METHOD_CALL)
return 0;
- if (!m->path)
+ if (hashmap_isempty(bus->nodes))
return 0;
- if (hashmap_isempty(bus->nodes))
+ /* Never respond to broadcast messages */
+ if (bus->bus_client && !m->destination)
return 0;
+ assert(m->path);
+ assert(m->member);
+
pl = strlen(m->path);
do {
char prefix[pl+1];
static struct node *bus_node_allocate(sd_bus *bus, const char *path) {
struct node *n, *parent;
const char *e;
- char *s, *p;
+ _cleanup_free_ char *s = NULL;
+ char *p;
int r;
assert(bus);
p = strndupa(path, MAX(1, path - e));
parent = bus_node_allocate(bus, p);
- if (!parent) {
- free(s);
+ if (!parent)
return NULL;
- }
}
n = new0(struct node, 1);
n->parent = parent;
n->path = s;
+ s = NULL; /* do not free */
- r = hashmap_put(bus->nodes, s, n);
+ r = hashmap_put(bus->nodes, n->path, n);
if (r < 0) {
- free(s);
+ free(n->path);
free(n);
return NULL;
}
!signature_is_valid(strempty(v->x.method.signature), false) ||
!signature_is_valid(strempty(v->x.method.result), false) ||
!(v->x.method.handler || (isempty(v->x.method.signature) && isempty(v->x.method.result))) ||
- v->flags & (SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE|SD_BUS_VTABLE_PROPERTY_INVALIDATE_ONLY)) {
+ v->flags & (SD_BUS_VTABLE_PROPERTY_CONST|SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE|SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION)) {
r = -EINVAL;
goto fail;
}
!signature_is_single(v->x.property.signature, false) ||
!(v->x.property.get || bus_type_is_basic(v->x.property.signature[0]) || streq(v->x.property.signature, "as")) ||
v->flags & SD_BUS_VTABLE_METHOD_NO_REPLY ||
- (v->flags & SD_BUS_VTABLE_PROPERTY_INVALIDATE_ONLY && !(v->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE))) {
+ (!!(v->flags & SD_BUS_VTABLE_PROPERTY_CONST) + !!(v->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE) + !!(v->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION)) > 1 ||
+ (v->flags & SD_BUS_VTABLE_UNPRIVILEGED && v->type == _SD_BUS_VTABLE_PROPERTY)) {
r = -EINVAL;
goto fail;
}
-
m = new0(struct vtable_member, 1);
if (!m) {
r = -ENOMEM;
case _SD_BUS_VTABLE_SIGNAL:
if (!member_name_is_valid(v->x.signal.member) ||
- !signature_is_valid(strempty(v->x.signal.signature), false)) {
+ !signature_is_valid(strempty(v->x.signal.signature), false) ||
+ v->flags & SD_BUS_VTABLE_UNPRIVILEGED) {
r = -EINVAL;
goto fail;
}
bool require_fallback,
char **names) {
+ _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_bus_message_unref_ sd_bus_message *m = NULL;
bool has_invalidating = false, has_changing = false;
struct vtable_member key = {};
if (!streq(c->interface, interface))
continue;
- r = node_vtable_get_userdata(bus, path, c, &u);
+ r = node_vtable_get_userdata(bus, path, c, &u, &error);
if (r < 0)
return r;
if (bus->nodes_modified)
continue;
STRV_FOREACH(property, names) {
- _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
struct vtable_member *v;
assert_return(member_name_is_valid(*property), -EINVAL);
if (c != v->parent)
continue;
- assert_return(v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE, -EDOM);
+ assert_return(v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE ||
+ v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION, -EDOM);
- if (v->vtable->flags & SD_BUS_VTABLE_PROPERTY_INVALIDATE_ONLY) {
+ if (v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION) {
has_invalidating = true;
continue;
}
r = invoke_property_get(bus, v->vtable, m->path, interface, *property, m, vtable_property_convert_userdata(v->vtable, u), &error);
if (r < 0)
return r;
- if (sd_bus_error_is_set(&error))
- return sd_bus_error_get_errno(&error);
if (bus->nodes_modified)
return 0;
if (!streq(c->interface, interface))
continue;
- r = node_vtable_get_userdata(bus, path, c, &u);
+ r = node_vtable_get_userdata(bus, path, c, &u, &error);
if (r < 0)
return r;
if (bus->nodes_modified)
assert_se(v = hashmap_get(bus->vtable_properties, &key));
assert(c == v->parent);
- if (!(v->vtable->flags & SD_BUS_VTABLE_PROPERTY_INVALIDATE_ONLY))
+ if (!(v->vtable->flags & SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION))
continue;
r = sd_bus_message_append(m, "s", *property);
if (!streq(c->interface, interface))
continue;
- r = node_vtable_get_userdata(bus, path, c, &u);
+ r = node_vtable_get_userdata(bus, path, c, &u, &error);
if (r < 0)
return r;
if (bus->nodes_modified)
~ianmdlvl / elogind.git / blobdiff