X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fbus-proxyd%2Fbus-policy.c;h=aea8541d50a2cc6559622065b4807cec5b477b2b;hp=2df4bf7204a660e5fc7cd3f7723f6c3a62dcb789;hb=e91c8c201931d6be8229d624c10ed9c7c210d470;hpb=e76ae7ee960e837f855f104f000e2ef14790374e diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c index 2df4bf720..aea8541d5 100644 --- a/src/bus-proxyd/bus-policy.c +++ b/src/bus-proxyd/bus-policy.c @@ -24,6 +24,7 @@ #include "strv.h" #include "conf-files.h" #include "bus-internal.h" +#include "bus-message.h" #include "bus-policy.h" static void policy_item_free(PolicyItem *i) { @@ -39,6 +40,14 @@ static void policy_item_free(PolicyItem *i) { DEFINE_TRIVIAL_CLEANUP_FUNC(PolicyItem*, policy_item_free); +static void item_append(PolicyItem *i, PolicyItem **list) { + + PolicyItem *tail; + + LIST_FIND_TAIL(items, *list, tail); + LIST_INSERT_AFTER(items, *list, tail, i); +} + static int file_load(Policy *p, const char *path) { _cleanup_free_ char *c = NULL, *policy_user = NULL, *policy_group = NULL; @@ -83,6 +92,8 @@ static int file_load(Policy *p, const char *path) { if (r < 0) { if (r == -ENOENT) return 0; + if (r == -EISDIR) + return r; log_error("Failed to load %s: %s", path, strerror(-r)); return r; @@ -153,7 +164,10 @@ static int file_load(Policy *p, const char *path) { else if (streq(name, "group")) state = STATE_POLICY_GROUP; else { - log_warning("Attribute %s of tag unknown at %s:%u, ignoring.", name, path, line); + if (streq(name, "at_console")) + log_debug("Attribute %s of tag unsupported at %s:%u, ignoring.", name, path, line); + else + log_warning("Attribute %s of tag unknown at %s:%u, ignoring.", name, path, line); state = STATE_POLICY_OTHER_ATTRIBUTE; } } else if (t == XML_TAG_CLOSE_EMPTY || @@ -266,7 +280,12 @@ static int file_load(Policy *p, const char *path) { ic = POLICY_ITEM_USER; else if (streq(name, "group")) ic = POLICY_ITEM_GROUP; - else { + else if (streq(name, "eavesdrop")) { + log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line); + i->class = POLICY_ITEM_IGNORE; + state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE; + break; + } else { log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line); state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE; break; @@ -301,7 +320,10 @@ static int file_load(Policy *p, const char *path) { (streq(u, "sender") && ic == POLICY_ITEM_RECV)) state = STATE_ALLOW_DENY_NAME; else { - log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line); + if (streq(u, "requested_reply")) + log_debug("Unsupported attribute %s= at %s:%u, ignoring.", name, path, line); + else + log_error("Unknown attribute %s= at %s:%u, ignoring.", name, path, line); state = STATE_ALLOW_DENY_OTHER_ATTRIBUTE; break; } @@ -317,42 +339,71 @@ static int file_load(Policy *p, const char *path) { } if (policy_category == POLICY_CATEGORY_DEFAULT) - LIST_PREPEND(items, p->default_items, i); + item_append(i, &p->default_items); else if (policy_category == POLICY_CATEGORY_MANDATORY) - LIST_PREPEND(items, p->default_items, i); + item_append(i, &p->mandatory_items); else if (policy_category == POLICY_CATEGORY_USER) { - PolicyItem *first; + const char *u = policy_user; assert_cc(sizeof(uid_t) == sizeof(uint32_t)); - r = hashmap_ensure_allocated(&p->user_items, trivial_hash_func, trivial_compare_func); + r = hashmap_ensure_allocated(&p->user_items, NULL); if (r < 0) return log_oom(); - first = hashmap_get(p->user_items, UINT32_TO_PTR(i->uid)); - LIST_PREPEND(items, first, i); + if (!u) { + log_error("User policy without name"); + return -EINVAL; + } - r = hashmap_replace(p->user_items, UINT32_TO_PTR(i->uid), first); + r = get_user_creds(&u, &i->uid, NULL, NULL, NULL); if (r < 0) { - LIST_REMOVE(items, first, i); - return log_oom(); + log_error("Failed to resolve user %s, ignoring policy: %s", u, strerror(-r)); + free(i); + } else { + PolicyItem *first; + + first = hashmap_get(p->user_items, UINT32_TO_PTR(i->uid)); + item_append(i, &first); + i->uid_valid = true; + + r = hashmap_replace(p->user_items, UINT32_TO_PTR(i->uid), first); + if (r < 0) { + LIST_REMOVE(items, first, i); + return log_oom(); + } } + } else if (policy_category == POLICY_CATEGORY_GROUP) { - PolicyItem *first; + const char *g = policy_group; assert_cc(sizeof(gid_t) == sizeof(uint32_t)); - r = hashmap_ensure_allocated(&p->group_items, trivial_hash_func, trivial_compare_func); + r = hashmap_ensure_allocated(&p->group_items, NULL); if (r < 0) return log_oom(); - first = hashmap_get(p->group_items, UINT32_TO_PTR(i->gid)); - LIST_PREPEND(items, first, i); + if (!g) { + log_error("Group policy without name"); + return -EINVAL; + } - r = hashmap_replace(p->group_items, UINT32_TO_PTR(i->gid), first); + r = get_group_creds(&g, &i->gid); if (r < 0) { - LIST_REMOVE(items, first, i); - return log_oom(); + log_error("Failed to resolve group %s, ignoring policy: %s", g, strerror(-r)); + free(i); + } else { + PolicyItem *first; + + first = hashmap_get(p->group_items, UINT32_TO_PTR(i->gid)); + item_append(i, &first); + i->gid_valid = true; + + r = hashmap_replace(p->group_items, UINT32_TO_PTR(i->gid), first); + if (r < 0) { + LIST_REMOVE(items, first, i); + return log_oom(); + } } } @@ -475,8 +526,36 @@ static int file_load(Policy *p, const char *path) { return -EINVAL; } + switch (i->class) { + case POLICY_ITEM_USER: + if (!streq(name, "*")) { + const char *u = name; + + r = get_user_creds(&u, &i->uid, NULL, NULL, NULL); + if (r < 0) + log_error("Failed to resolve user %s: %s", name, strerror(-r)); + else + i->uid_valid = true; + } + break; + case POLICY_ITEM_GROUP: + if (!streq(name, "*")) { + const char *g = name; + + r = get_group_creds(&g, &i->gid); + if (r < 0) + log_error("Failed to resolve group %s: %s", name, strerror(-r)); + else + i->gid_valid = true; + } + break; + default: + break; + } + i->name = name; name = NULL; + state = STATE_ALLOW_DENY; } else { log_error("Unexpected token (14) in %s:%u.", path, line); @@ -513,24 +592,259 @@ static int file_load(Policy *p, const char *path) { } } -int policy_load(Policy *p) { - _cleanup_strv_free_ char **l = NULL; - char **i; +enum { + ALLOW, + DUNNO, + DENY, +}; + +struct policy_check_filter { + int class; + const struct ucred *ucred; + int message_type; + const char *interface; + const char *path; + union { + const char *name; + const char *member; + }; + char **names_strv; + Hashmap *names_hash; +}; + +static int is_permissive(PolicyItem *i) { + + assert(i); + + return (i->type == POLICY_ITEM_ALLOW) ? ALLOW : DENY; +} + +static int check_policy_item(PolicyItem *i, const struct policy_check_filter *filter) { + + assert(i); + assert(filter); + + switch (i->class) { + case POLICY_ITEM_SEND: + case POLICY_ITEM_RECV: + + if (i->name) { + if (filter->names_hash && !hashmap_contains(filter->names_hash, i->name)) + break; + + if (filter->names_strv && !strv_contains(filter->names_strv, i->name)) + break; + } + + if ((i->message_type != _POLICY_ITEM_CLASS_UNSET) && (i->message_type != filter->message_type)) + break; + + if (i->path && !streq_ptr(i->path, filter->path)) + break; + + if (i->member && !streq_ptr(i->member, filter->member)) + break; + + if (i->interface && !streq_ptr(i->interface, filter->interface)) + break; + + return is_permissive(i); + + case POLICY_ITEM_OWN: + assert(filter->member); + + if (streq(i->name, "*") || streq(i->name, filter->name)) + return is_permissive(i); + break; + + case POLICY_ITEM_OWN_PREFIX: + assert(filter->member); + + if (streq(i->name, "*") || startswith(i->name, filter->name)) + return is_permissive(i); + break; + + case POLICY_ITEM_USER: + assert(filter->ucred); + + if ((streq_ptr(i->name, "*") || (i->uid_valid && i->uid == filter->ucred->uid))) + return is_permissive(i); + break; + + case POLICY_ITEM_GROUP: + assert(filter->ucred); + + if ((streq_ptr(i->name, "*") || (i->gid_valid && i->gid == filter->ucred->gid))) + return is_permissive(i); + break; + + case POLICY_ITEM_IGNORE: + default: + break; + } + + return DUNNO; +} + +static int check_policy_items(PolicyItem *items, const struct policy_check_filter *filter) { + + PolicyItem *i; + int r, ret = DUNNO; + + assert(filter); + + /* Check all policies in a set - a broader one might be followed by a more specific one, + * and the order of rules in policy definitions matters */ + LIST_FOREACH(items, i, items) { + if (i->class != filter->class) + continue; + + r = check_policy_item(i, filter); + if (r != DUNNO) + ret = r; + } + + return ret; +} + +static int policy_check(Policy *p, const struct policy_check_filter *filter) { + + PolicyItem *items; int r; assert(p); + assert(filter); + + /* + * The policy check is implemented by the following logic: + * + * 1. Check mandatory items. If the message matches any of these, it is decisive. + * 2. See if the passed ucred match against the user/group hashmaps. A matching entry is also decisive. + * 3. Consult the defaults if non of the above matched with a more specific rule. + * 4. If the message isn't caught be the defaults either, reject it. + */ + + r = check_policy_items(p->mandatory_items, filter); + if (r != DUNNO) + return r; - file_load(p, "/etc/dbus-1/system.conf"); - file_load(p, "/etc/dbus-1/system-local.conf"); + if (filter->ucred) { + items = hashmap_get(p->user_items, UINT32_TO_PTR(filter->ucred->uid)); + if (items) { + r = check_policy_items(items, filter); + if (r != DUNNO) + return r; + } - r = conf_files_list(&l, ".conf", NULL, "/etc/dbus-1/system.d/", NULL); - if (r < 0) { - log_error("Failed to get configuration file list: %s", strerror(-r)); - return r; + items = hashmap_get(p->group_items, UINT32_TO_PTR(filter->ucred->gid)); + if (items) { + r = check_policy_items(items, filter); + if (r != DUNNO) + return r; + } } - STRV_FOREACH(i, l) - file_load(p, *i); + return check_policy_items(p->default_items, filter); +} + +bool policy_check_own(Policy *p, const struct ucred *ucred, const char *name) { + + struct policy_check_filter filter = { + .class = POLICY_ITEM_OWN, + .ucred = ucred, + .name = name, + }; + + return policy_check(p, &filter) == ALLOW; +} + +bool policy_check_hello(Policy *p, const struct ucred *ucred) { + + struct policy_check_filter filter = { + .ucred = ucred, + }; + int user, group; + + filter.class = POLICY_ITEM_USER; + user = policy_check(p, &filter); + if (user == DENY) + return false; + + filter.class = POLICY_ITEM_GROUP; + group = policy_check(p, &filter); + if (group == DENY) + return false; + + return !(user == DUNNO && group == DUNNO); +} + +bool policy_check_recv(Policy *p, + const struct ucred *ucred, + Hashmap *names, + int message_type, + const char *path, + const char *interface, + const char *member) { + + struct policy_check_filter filter = { + .class = POLICY_ITEM_RECV, + .ucred = ucred, + .names_hash = names, + .message_type = message_type, + .interface = interface, + .path = path, + .member = member, + }; + + return policy_check(p, &filter) == ALLOW; +} + +bool policy_check_send(Policy *p, + const struct ucred *ucred, + char **names, + int message_type, + const char *path, + const char *interface, + const char *member) { + + struct policy_check_filter filter = { + .class = POLICY_ITEM_SEND, + .ucred = ucred, + .names_strv = names, + .message_type = message_type, + .interface = interface, + .path = path, + .member = member, + }; + + return policy_check(p, &filter) == ALLOW; +} + +int policy_load(Policy *p, char **files) { + char **i; + int r; + + assert(p); + + STRV_FOREACH(i, files) { + + r = file_load(p, *i); + if (r == -EISDIR) { + _cleanup_strv_free_ char **l = NULL; + char **j; + + r = conf_files_list(&l, ".conf", NULL, *i, NULL); + if (r < 0) { + log_error("Failed to get configuration file list: %s", strerror(-r)); + return r; + } + + STRV_FOREACH(j, l) + file_load(p, *j); + } + + /* We ignore all errors but EISDIR, and just proceed. */ + } return 0; } @@ -573,61 +887,64 @@ void policy_free(Policy *p) { p->user_items = p->group_items = NULL; } -static void dump_items(PolicyItem *i) { +static void dump_items(PolicyItem *items, const char *prefix) { - if (!i) + PolicyItem *i; + + if (!items) return; - printf("Type: %s\n" - "Class: %s\n", - policy_item_type_to_string(i->type), - policy_item_class_to_string(i->class)); + if (!prefix) + prefix = ""; - if (i->interface) - printf("Interface: %s\n", - i->interface); + LIST_FOREACH(items, i, items) { - if (i->member) - printf("Member: %s\n", - i->member); + printf("%sType: %s\n" + "%sClass: %s\n", + prefix, policy_item_type_to_string(i->type), + prefix, policy_item_class_to_string(i->class)); - if (i->error) - printf("Error: %s\n", - i->error); + if (i->interface) + printf("%sInterface: %s\n", + prefix, i->interface); - if (i->path) - printf("Path: %s\n", - i->path); + if (i->member) + printf("%sMember: %s\n", + prefix, i->member); - if (i->name) - printf("Name: %s\n", - i->name); + if (i->error) + printf("%sError: %s\n", + prefix, i->error); - if (i->message_type != 0) - printf("Message Type: %s\n", - bus_message_type_to_string(i->message_type)); + if (i->path) + printf("%sPath: %s\n", + prefix, i->path); - if (i->uid_valid) { - _cleanup_free_ char *user; + if (i->name) + printf("%sName: %s\n", + prefix, i->name); - user = uid_to_name(i->uid); + if (i->message_type != 0) + printf("%sMessage Type: %s\n", + prefix, bus_message_type_to_string(i->message_type)); - printf("User: %s\n", - strna(user)); - } + if (i->uid_valid) { + _cleanup_free_ char *user; + + user = uid_to_name(i->uid); - if (i->gid_valid) { - _cleanup_free_ char *group; + printf("%sUser: %s (%d)\n", + prefix, strna(user), i->uid); + } - group = gid_to_name(i->gid); + if (i->gid_valid) { + _cleanup_free_ char *group; - printf("Group: %s\n", - strna(group)); - } + group = gid_to_name(i->gid); - if (i->items_next) { - printf("--\n"); - dump_items(i->items_next); + printf("%sGroup: %s (%d)\n", + prefix, strna(group), i->gid); + } } } @@ -637,25 +954,24 @@ static void dump_hashmap_items(Hashmap *h) { void *k; HASHMAP_FOREACH_KEY(i, k, h, j) { - printf("Item for %u:\n", PTR_TO_UINT(k)); - dump_items(i); + printf("\t%s Item for %u:\n", draw_special_char(DRAW_ARROW), PTR_TO_UINT(k)); + dump_items(i, "\t\t"); } } -noreturn void policy_dump(Policy *p) { +void policy_dump(Policy *p) { printf("%s Default Items:\n", draw_special_char(DRAW_ARROW)); - dump_items(p->default_items); - - printf("%s Mandatory Items:\n", draw_special_char(DRAW_ARROW)); - dump_items(p->mandatory_items); + dump_items(p->default_items, "\t"); printf("%s Group Items:\n", draw_special_char(DRAW_ARROW)); dump_hashmap_items(p->group_items); printf("%s User Items:\n", draw_special_char(DRAW_ARROW)); dump_hashmap_items(p->user_items); - exit(0); + + printf("%s Mandatory Items:\n", draw_special_char(DRAW_ARROW)); + dump_items(p->mandatory_items, "\t"); } static const char* const policy_item_type_table[_POLICY_ITEM_TYPE_MAX] = { @@ -673,5 +989,6 @@ static const char* const policy_item_class_table[_POLICY_ITEM_CLASS_MAX] = { [POLICY_ITEM_OWN_PREFIX] = "own-prefix", [POLICY_ITEM_USER] = "user", [POLICY_ITEM_GROUP] = "group", + [POLICY_ITEM_IGNORE] = "ignore", }; DEFINE_STRING_TABLE_LOOKUP(policy_item_class, PolicyItemClass);