proxy.c revision 2c960818c8887386fce216a1bbbadbe8d35d59c3
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering/***
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering This file is part of systemd.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering Copyright 2010 Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering Copyright 2013 Daniel Mack
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering Copyright 2014 Kay Sievers
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering Copyright 2014 David Herrmann
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering systemd is free software; you can redistribute it and/or modify it
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering under the terms of the GNU Lesser General Public License as published by
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering the Free Software Foundation; either version 2.1 of the License, or
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering (at your option) any later version.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering systemd is distributed in the hope that it will be useful, but
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering WITHOUT ANY WARRANTY; without even the implied warranty of
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering Lesser General Public License for more details.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering You should have received a copy of the GNU Lesser General Public License
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering along with systemd; If not, see <http://www.gnu.org/licenses/>.
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering***/
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering#include <sys/socket.h>
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering#include <sys/types.h>
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering#include <string.h>
b5efdb8af40ea759a1ea584c1bc44ecc81dd00ceLennart Poettering#include <errno.h>
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering#include <poll.h>
96aad8d15a324d0e956a4e5653a11a67b209b41aLennart Poettering
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering#include "log.h"
23c80348e656a4e6fd9ba8f17523a65b6fa349a0Kay Sievers#include "util.h"
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering#include "sd-daemon.h"
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering#include "sd-bus.h"
25300b5a1fcf54674a69d0f4ab08925be00b0227Lennart Poettering#include "bus-internal.h"
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering#include "bus-message.h"
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering#include "bus-util.h"
003dffde2c1b93afbc9aff24b277276f65424406Lennart Poettering#include "strv.h"
4cee5eede280b7fd48c18a1942616c4ac896a554Lennart Poettering#include "bus-control.h"
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering#include "set.h"
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering#include "bus-xml-policy.h"
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering#include "driver.h"
15a5e95075a7f6007dd97b2a165c8ed16fe683dfLennart Poettering#include "proxy.h"
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering#include "synthesize.h"
3ffd4af22052963e7a29431721ee204e634bea75Lennart Poettering#include "formats-util.h"
b1d4f8e154bf61b5de1b27461ef8e9c8c5e838a1Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poetteringstatic int proxy_create_destination(Proxy *p, const char *destination, const char *local_sec, bool negotiate_fds) {
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering _cleanup_bus_flush_close_unref_ sd_bus *b = NULL;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering int r;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering r = sd_bus_new(&b);
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to allocate bus: %m");
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering r = sd_bus_set_description(b, "sd-proxy");
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to set bus name: %m");
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering r = sd_bus_set_address(b, destination);
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to set address to connect to: %m");
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering r = sd_bus_negotiate_fds(b, negotiate_fds);
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to set FD negotiation: %m");
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SELINUX_CONTEXT);
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to set credential negotiation: %m");
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (p->local_creds.pid > 0) {
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b->fake_pids.pid = p->local_creds.pid;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b->fake_pids_valid = true;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b->fake_creds.uid = UID_INVALID;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b->fake_creds.euid = p->local_creds.uid;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b->fake_creds.suid = UID_INVALID;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b->fake_creds.fsuid = UID_INVALID;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b->fake_creds.gid = GID_INVALID;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b->fake_creds.egid = p->local_creds.gid;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b->fake_creds.sgid = GID_INVALID;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b->fake_creds.fsgid = GID_INVALID;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b->fake_creds_valid = true;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering }
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (local_sec) {
5bcd08db289cd02aad8a89b37b2a46244a7bd473Lennart Poettering b->fake_label = strdup(local_sec);
cb81cd8073392936882643af0129934bf67e96c4Lennart Poettering if (!b->fake_label)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_oom();
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering }
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b->manual_peer_interface = true;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering r = sd_bus_start(b);
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to start bus client: %m");
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering p->destination_bus = b;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering b = NULL;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return 0;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering}
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poetteringstatic int proxy_create_local(Proxy *p, int in_fd, int out_fd, bool negotiate_fds) {
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering _cleanup_bus_flush_close_unref_ sd_bus *b = NULL;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering sd_id128_t server_id;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering int r;
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering r = sd_bus_new(&b);
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to allocate bus: %m");
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering r = sd_bus_set_fd(b, in_fd, out_fd);
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to set fds: %m");
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering r = sd_bus_get_bus_id(p->destination_bus, &server_id);
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to get server ID: %m");
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering r = sd_bus_set_server(b, 1, server_id);
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to set server mode: %m");
5bcd08db289cd02aad8a89b37b2a46244a7bd473Lennart Poettering
cb81cd8073392936882643af0129934bf67e96c4Lennart Poettering r = sd_bus_negotiate_fds(b, negotiate_fds);
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to set FD negotiation: %m");
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SELINUX_CONTEXT);
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to set credential negotiation: %m");
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering r = sd_bus_set_anonymous(b, true);
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering if (r < 0)
160e3793adf2da2bd9ae3fe6b8881bb937e6e71bLennart Poettering return log_error_errno(r, "Failed to set anonymous authentication: %m");
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering b->manual_peer_interface = true;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering r = sd_bus_start(b);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (r < 0)
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering return log_error_errno(r, "Failed to start bus client: %m");
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering p->local_bus = b;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering b = NULL;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering return 0;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering}
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poetteringstatic int proxy_match_synthetic(sd_bus_message *m, void *userdata, sd_bus_error *error) {
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering Proxy *p = userdata;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering p->synthetic_matched = true;
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering return 0; /* make sure to continue processing it in further handlers */
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering}
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering/*
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering * We always need NameOwnerChanged so we can synthesize NameLost and
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering * NameAcquired. Furthermore, dbus-1 always passes unicast-signals through, so
df2d202e6ed4001a21c6512c244acad5d4706c87Lennart Poettering * subscribe unconditionally.
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering */
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poetteringstatic int proxy_prepare_matches(Proxy *p) {
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering _cleanup_free_ char *match = NULL;
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering const char *unique;
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering int r;
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering if (!p->destination_bus->is_kernel)
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering return 0;
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering r = sd_bus_get_unique_name(p->destination_bus, &unique);
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering if (r < 0)
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering return log_error_errno(r, "Failed to get unique name: %m");
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering match = strjoin("type='signal',"
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering "sender='org.freedesktop.DBus',"
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering "path='/org/freedesktop/DBus',"
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering "interface='org.freedesktop.DBus',"
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering "member='NameOwnerChanged',"
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering "arg1='",
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering unique,
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering "'",
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering NULL);
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering if (!match)
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering return log_oom();
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering r = sd_bus_add_match(p->destination_bus, NULL, match, proxy_match_synthetic, p);
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering if (r < 0)
c2ce6a3d82b717c4c1e6245ad8c6ce1173f502d0Lennart Poettering return log_error_errno(r, "Failed to add match for NameLost: %m");
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering free(match);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering match = strjoin("type='signal',"
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering "sender='org.freedesktop.DBus',"
4e724d9c5ab76c3f8327945317463ef706011082Lennart Poettering "path='/org/freedesktop/DBus',"
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering "interface='org.freedesktop.DBus',"
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering "member='NameOwnerChanged',"
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering "arg2='",
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering unique,
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering "'",
4e724d9c5ab76c3f8327945317463ef706011082Lennart Poettering NULL);
4e724d9c5ab76c3f8327945317463ef706011082Lennart Poettering if (!match)
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering return log_oom();
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering r = sd_bus_add_match(p->destination_bus, NULL, match, proxy_match_synthetic, p);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (r < 0)
4e724d9c5ab76c3f8327945317463ef706011082Lennart Poettering return log_error_errno(r, "Failed to add match for NameAcquired: %m");
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering free(match);
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering match = strjoin("type='signal',"
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering "destination='",
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering unique,
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering "'",
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering NULL);
4e724d9c5ab76c3f8327945317463ef706011082Lennart Poettering if (!match)
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering return log_oom();
4e724d9c5ab76c3f8327945317463ef706011082Lennart Poettering
4e724d9c5ab76c3f8327945317463ef706011082Lennart Poettering r = sd_bus_add_match(p->destination_bus, NULL, match, proxy_match_synthetic, p);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (r < 0)
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering log_error_errno(r, "Failed to add match for directed signals: %m");
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering /* FIXME: temporarily ignore error to support older kdbus versions */
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
de0671ee7fe465e108f62dcbbbe9366f81dd9e9aZbigniew Jędrzejewski-Szmek return 0;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering}
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poetteringint proxy_new(Proxy **out, int in_fd, int out_fd, const char *destination) {
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering _cleanup_(proxy_freep) Proxy *p = NULL;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering _cleanup_free_ char *local_sec = NULL;
df2d202e6ed4001a21c6512c244acad5d4706c87Lennart Poettering bool is_unix;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering int r;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering p = new0(Proxy, 1);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (!p)
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering return log_oom();
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering p->local_in = in_fd;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering p->local_out = out_fd;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering p->owned_names = set_new(&string_hash_ops);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (!p->owned_names)
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering return log_oom();
df2d202e6ed4001a21c6512c244acad5d4706c87Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering is_unix = sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (is_unix) {
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering (void) getpeercred(in_fd, &p->local_creds);
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering (void) getpeersec(in_fd, &local_sec);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering }
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering r = proxy_create_destination(p, destination, local_sec, is_unix);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (r < 0)
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering return r;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering r = proxy_create_local(p, in_fd, out_fd, is_unix);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (r < 0)
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering return r;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering r = proxy_prepare_matches(p);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (r < 0)
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering return r;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering *out = p;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering p = NULL;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return 0;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering}
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart PoetteringProxy *proxy_free(Proxy *p) {
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering ProxyActivation *activation;
9030ca462bd13cd6536299814e4a71d5c5e85be9Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (!p)
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering return NULL;
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering
8aec412ff697bc14995746953912ca6fdf2c9ba8Lennart Poettering while ((activation = p->activations)) {
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering LIST_REMOVE(activations_by_proxy, p->activations, activation);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering sd_bus_message_unref(activation->request);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering sd_bus_slot_unref(activation->slot);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering free(activation);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering }
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering sd_bus_flush_close_unref(p->local_bus);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering sd_bus_flush_close_unref(p->destination_bus);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering set_free_free(p->owned_names);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering free(p);
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering return NULL;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering}
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poetteringint proxy_set_policy(Proxy *p, SharedPolicy *sp, char **configuration) {
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering _cleanup_strv_free_ char **strv = NULL;
7f0d207d2c816e0a8cb2742b0a789911f7c99356Lennart Poettering Policy *policy;
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering int r;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering assert(p);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering assert(sp);
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* no need to load legacy policy if destination is not kdbus */
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (!p->destination_bus->is_kernel)
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return 0;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering p->policy = sp;
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering policy = shared_policy_acquire(sp);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (policy) {
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering /* policy already pre-loaded */
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering shared_policy_release(sp, policy);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return 0;
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering }
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering if (!configuration) {
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering const char *scope;
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering r = sd_bus_get_scope(p->destination_bus, &scope);
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering if (r < 0)
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering return log_error_errno(r, "Couldn't determine bus scope: %m");
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering if (streq(scope, "system"))
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering strv = strv_new("/usr/share/dbus-1/system.conf",
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering "/etc/dbus-1/system.conf",
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering "/usr/share/dbus-1/system.d/",
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering "/etc/dbus-1/system.d/",
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering "/etc/dbus-1/system-local.conf",
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering NULL);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering else if (streq(scope, "user"))
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering strv = strv_new("/usr/share/dbus-1/session.conf",
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering "/etc/dbus-1/session.conf",
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering "/usr/share/dbus-1/session.d/",
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering "/etc/dbus-1/session.d/",
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering "/etc/dbus-1/session-local.conf",
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering NULL);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering else
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering return log_error("Unknown scope %s, don't know which policy to load. Refusing.", scope);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (!strv)
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering return log_oom();
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering configuration = strv;
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering }
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering return shared_policy_preload(sp, configuration);
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering}
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poetteringint proxy_hello_policy(Proxy *p, uid_t original_uid) {
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering Policy *policy;
554604b3073467af75dc94fac9e2343148603289Lennart Poettering int r = 0;
5b12334d35eadf1f45cc3d631fd1a2e72ffaea0aLennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering assert(p);
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (!p->policy)
554604b3073467af75dc94fac9e2343148603289Lennart Poettering return 0;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering policy = shared_policy_acquire(p->policy);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (p->local_creds.uid == original_uid)
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering log_debug("Permitting access, since bus owner matches bus client.");
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering else if (policy_check_hello(policy, p->local_creds.uid, p->local_creds.gid))
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering log_debug("Permitting access due to XML policy.");
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering else
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering r = log_error_errno(EPERM, "Policy denied connection.");
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering shared_policy_release(p->policy, policy);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return r;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering}
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poetteringstatic int proxy_wait(Proxy *p) {
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering uint64_t timeout_destination, timeout_local, t;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering int events_destination, events_local, fd;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering struct timespec _ts, *ts;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering struct pollfd *pollfd;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering int r;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering assert(p);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering fd = sd_bus_get_fd(p->destination_bus);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (fd < 0)
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return log_error_errno(fd, "Failed to get fd: %m");
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering events_destination = sd_bus_get_events(p->destination_bus);
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering if (events_destination < 0)
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering return log_error_errno(events_destination, "Failed to get events mask: %m");
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering r = sd_bus_get_timeout(p->destination_bus, &timeout_destination);
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering if (r < 0)
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering return log_error_errno(r, "Failed to get timeout: %m");
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering events_local = sd_bus_get_events(p->local_bus);
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering if (events_local < 0)
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering return log_error_errno(events_local, "Failed to get events mask: %m");
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering r = sd_bus_get_timeout(p->local_bus, &timeout_local);
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering if (r < 0)
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering return log_error_errno(r, "Failed to get timeout: %m");
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering t = timeout_destination;
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering if (t == (uint64_t) -1 || (timeout_local != (uint64_t) -1 && timeout_local < timeout_destination))
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering t = timeout_local;
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering if (t == (uint64_t) -1)
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering ts = NULL;
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering else {
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering usec_t nw;
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering nw = now(CLOCK_MONOTONIC);
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering if (t > nw)
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering t -= nw;
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering else
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering t = 0;
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering ts = timespec_store(&_ts, t);
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering }
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering pollfd = (struct pollfd[3]) {
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering { .fd = fd, .events = events_destination, },
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering { .fd = p->local_in, .events = events_local & POLLIN, },
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering { .fd = p->local_out, .events = events_local & POLLOUT, },
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering };
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering r = ppoll(pollfd, 3, ts, NULL);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (r < 0)
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return log_error_errno(errno, "ppoll() failed: %m");
a3e7f417d72ba3251fd6b3a228a2721a4b725a03Zbigniew Jędrzejewski-Szmek
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering return 0;
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering}
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poetteringstatic int handle_policy_error(sd_bus_message *m, int r) {
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering if (r == -ESRCH || r == -ENXIO)
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering return synthetic_reply_method_errorf(m, SD_BUS_ERROR_NAME_HAS_NO_OWNER, "Name %s is currently not owned by anyone.", m->destination);
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering return r;
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering}
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poetteringstatic int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) {
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering int r;
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering assert(from);
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering assert(to);
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering assert(m);
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering if (!policy)
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering return 0;
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering /*
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering * dbus-1 distinguishes expected and non-expected replies by tracking
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering * method-calls and timeouts. By default, DENY rules are *NEVER* applied
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering * on expected replies, unless explicitly specified. But we dont track
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering * method-calls, thus, we cannot know whether a reply is expected.
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering * Fortunately, the kdbus forbids non-expected replies, so we can safely
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering * ignore any policy on those and let the kernel deal with it.
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering *
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering * TODO: To be correct, we should only ignore policy-tags that are
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering * applied on non-expected replies. However, so far we don't parse those
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering * tags so we let everything pass. I haven't seen a DENY policy tag on
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering * expected-replies, ever, so don't bother..
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering */
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering if (m->reply_cookie > 0)
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering return 0;
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering if (from->is_kernel) {
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering uid_t sender_uid = UID_INVALID;
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering gid_t sender_gid = GID_INVALID;
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering char **sender_names = NULL;
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering /* Driver messages are always OK */
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering if (streq_ptr(m->sender, "org.freedesktop.DBus"))
89f7c8465cd1ab37347dd0c15920bce31e8225dfLennart Poettering return 0;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* The message came from the kernel, and is sent to our legacy client. */
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering (void) sd_bus_creds_get_well_known_names(&m->creds, &sender_names);
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering (void) sd_bus_creds_get_euid(&m->creds, &sender_uid);
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering (void) sd_bus_creds_get_egid(&m->creds, &sender_gid);
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering if (sender_uid == UID_INVALID || sender_gid == GID_INVALID) {
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering _cleanup_bus_creds_unref_ sd_bus_creds *sender_creds = NULL;
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering
9b5ed6feda08290edce3bf916fa7362733dd30eaLennart Poettering /* If the message came from another legacy
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering * client, then the message creds will be
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering * missing, simply because on legacy clients
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering * per-message creds were unknown. In this
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering * case, query the creds of the peer
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering * instead. */
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering r = bus_get_name_creds_kdbus(from, m->sender, SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID, true, &sender_creds);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (r < 0)
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering return handle_policy_error(m, r);
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering (void) sd_bus_creds_get_euid(sender_creds, &sender_uid);
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering (void) sd_bus_creds_get_egid(sender_creds, &sender_gid);
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering }
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering /* First check whether the sender can send the message to our name */
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, owned_names, NULL, m->path, m->interface, m->member, false, NULL) &&
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, sender_names, m->path, m->interface, m->member, false))
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering return 0;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering /* Return an error back to the caller */
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy.");
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering /* Return 1, indicating that the message shall not be processed any further */
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering return 1;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering }
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering if (to->is_kernel) {
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering _cleanup_bus_creds_unref_ sd_bus_creds *destination_creds = NULL;
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering uid_t destination_uid = UID_INVALID;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering gid_t destination_gid = GID_INVALID;
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering const char *destination_unique = NULL;
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering char **destination_names = NULL;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering char *n;
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering /* Driver messages are always OK */
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (streq_ptr(m->destination, "org.freedesktop.DBus"))
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering return 0;
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering /* The message came from the legacy client, and is sent to kdbus. */
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering if (m->destination) {
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering r = bus_get_name_creds_kdbus(to, m->destination,
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_PID,
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering true, &destination_creds);
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering if (r < 0)
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering return handle_policy_error(m, r);
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering r = sd_bus_creds_get_unique_name(destination_creds, &destination_unique);
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering if (r < 0)
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering return handle_policy_error(m, r);
ebcf1f97de4f6b1580ae55eb56b1a3939fe6b602Lennart Poettering
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering (void) sd_bus_creds_get_well_known_names(destination_creds, &destination_names);
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering (void) sd_bus_creds_get_euid(destination_creds, &destination_uid);
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering (void) sd_bus_creds_get_egid(destination_creds, &destination_gid);
878cd7e95ca303f9851d227a22d2022bd49944b0Lennart Poettering }
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
c335068380fe8c9d843cdb2cf8a00f822cfabed3Lennart Poettering /* First check if we (the sender) can send to this name */
1ee306e1248866617c96ed9f4263f375588ad838Lennart Poettering if (sd_bus_message_is_signal(m, NULL, NULL)) {
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering /* If we forward a signal from dbus-1 to kdbus, we have
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering * no idea who the recipient is. Therefore, we cannot
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering * apply any dbus-1 policies that match on receiver
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering * credentials. We know sd-bus always sets
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering * KDBUS_MSG_SIGNAL, so the kernel applies policies to
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering * the message. Therefore, skip policy checks in this
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering * case. */
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering return 0;
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering } else if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, destination_names, m->path, m->interface, m->member, true, &n)) {
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering if (n) {
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering /* If we made a receiver decision, then remember which
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering * name's policy we used, and to which unique ID it
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering * mapped when we made the decision. Then, let's pass
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering * this to the kernel when sending the message, so that
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering * it refuses the operation should the name and unique
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering * ID not map to each other anymore. */
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering r = free_and_strdup(&m->destination_ptr, n);
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering if (r < 0)
717603e391b52983ca1fd218e7333a1b9dfc5c05Lennart Poettering return r;
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering r = bus_kernel_parse_unique_name(destination_unique, &m->verify_destination_id);
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (r < 0)
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering return r;
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering }
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, owned_names, NULL, m->path, m->interface, m->member, true))
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering return 0;
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering }
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering /* Return an error back to the caller */
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy.");
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering /* Return 1, indicating that the message shall not be processed any further */
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering return 1;
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering }
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering return 0;
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering}
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poetteringstatic int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, SharedPolicy *sp, const struct ucred *our_ucred, Set *owned_names) {
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering Policy *policy;
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poettering int r;
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering assert(sp);
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering policy = shared_policy_acquire(sp);
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering r = process_policy_unlocked(from, to, m, policy, our_ucred, owned_names);
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering shared_policy_release(sp, policy);
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering return r;
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering}
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering
b6b1849830f5e4a6065c3b0c993668e500c954d3Lennart Poetteringstatic int process_hello(Proxy *p, sd_bus_message *m) {
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering _cleanup_bus_message_unref_ sd_bus_message *n = NULL;
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering bool is_hello;
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering int r;
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering
10f9c75519671e7c7ab8993b54fe22da7c2d0c38Lennart Poettering assert(p);
c19de71113f956809995fc68817e055e9f61f607Lennart Poettering assert(m);
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering /* As reaction to hello we need to respond with two messages:
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering * the callback reply and the NameAcquired for the unique
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering * name, since hello is otherwise obsolete on kdbus. */
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering is_hello =
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "Hello") &&
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering streq_ptr(m->destination, "org.freedesktop.DBus");
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering
9030ca462bd13cd6536299814e4a71d5c5e85be9Lennart Poettering if (!is_hello) {
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering if (p->got_hello)
cd61c3bfd718fb398cc53ced906266a9297782c9Lennart Poettering return 0;
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering return log_error_errno(EIO, "First packet isn't hello (it's %s.%s), aborting.", m->interface, m->member);
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering }
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering if (p->got_hello)
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering return log_error_errno(EIO, "Got duplicate hello, aborting.");
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering p->got_hello = true;
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering if (!p->destination_bus->is_kernel)
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering return 0;
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering r = sd_bus_message_new_method_return(m, &n);
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering if (r < 0)
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering return log_error_errno(r, "Failed to generate HELLO reply: %m");
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering r = sd_bus_message_append(n, "s", p->destination_bus->unique_name);
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering if (r < 0)
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering return log_error_errno(r, "Failed to append unique name to HELLO reply: %m");
40205d706e1210763ff4c98a317556375bd04bcdLennart Poettering
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering r = bus_message_append_sender(n, "org.freedesktop.DBus");
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering if (r < 0)
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering return log_error_errno(r, "Failed to append sender to HELLO reply: %m");
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering r = bus_seal_synthetic_message(p->local_bus, n);
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering if (r < 0)
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering return log_error_errno(r, "Failed to seal HELLO reply: %m");
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering r = sd_bus_send(p->local_bus, n, NULL);
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering if (r < 0)
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering return log_error_errno(r, "Failed to send HELLO reply: %m");
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering n = sd_bus_message_unref(n);
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering r = sd_bus_message_new_signal(
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering p->local_bus,
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering &n,
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering "/org/freedesktop/DBus",
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering "org.freedesktop.DBus",
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering "NameAcquired");
5f8cc96a0301c1177b11dd2e89370ef0b2ef577bLennart Poettering if (r < 0)
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering return log_error_errno(r, "Failed to allocate initial NameAcquired message: %m");
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering r = sd_bus_message_append(n, "s", p->destination_bus->unique_name);
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering if (r < 0)
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering return log_error_errno(r, "Failed to append unique name to NameAcquired message: %m");
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering r = bus_message_append_sender(n, "org.freedesktop.DBus");
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering if (r < 0)
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering return log_error_errno(r, "Failed to append sender to NameAcquired message: %m");
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering r = sd_bus_message_set_destination(n, p->destination_bus->unique_name);
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering if (r < 0)
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering return log_error_errno(r, "Failed to set destination for NameAcquired message: %m");
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering r = bus_seal_synthetic_message(p->local_bus, n);
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering if (r < 0)
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering return log_error_errno(r, "Failed to seal NameAcquired message: %m");
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering r = sd_bus_send(p->local_bus, n, NULL);
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering if (r < 0)
49af9e1368571f4e423cde0fd45ee284451434d1Lennart Poettering return log_error_errno(r, "Failed to send NameAcquired message: %m");
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering return 1;
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering}
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poetteringstatic int patch_sender(sd_bus *a, sd_bus_message *m) {
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering char **well_known = NULL;
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering sd_bus_creds *c;
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering int r;
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering assert(a);
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering assert(m);
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering if (!a->is_kernel)
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering return 0;
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering /* We will change the sender of messages from the bus driver
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering * so that they originate from the bus driver. This is a
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering * speciality originating from dbus1, where the bus driver did
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering * not have a unique id, but only the well-known name. */
90adaa25e894a580930ef2c3e65ab8db8295515aLennart Poettering
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering c = sd_bus_message_get_creds(m);
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering if (!c)
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering return 0;
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering r = sd_bus_creds_get_well_known_names(c, &well_known);
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering if (r < 0)
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering return r;
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering if (strv_contains(well_known, "org.freedesktop.DBus"))
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering m->sender = "org.freedesktop.DBus";
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering return 0;
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering}
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poetteringstatic int proxy_process_destination_to_local(Proxy *p) {
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering _cleanup_bus_message_unref_ sd_bus_message *m = NULL;
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering bool matched, matched_synthetic;
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering int r;
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering
0370612e0522191f929e3feb7d4937fff3d421e2Lennart Poettering assert(p);
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering /*
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering * Usually, we would just take any message that the bus passes to us
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering * and forward it to the local connection. However, there are actually
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering * applications that fail if they receive broadcasts that they didn't
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering * subscribe to. Therefore, we actually emulate a real broadcast
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering * matching here, and discard any broadcasts that weren't matched. Our
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering * match-handlers remembers whether a message was matched by any rule,
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering * by marking it in @p->message_matched.
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering */
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering r = sd_bus_process(p->destination_bus, &m);
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering matched = p->message_matched;
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering matched_synthetic = p->synthetic_matched;
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering p->message_matched = false;
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering p->synthetic_matched = false;
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering if (r == -ECONNRESET || r == -ENOTCONN) /* Treat 'connection reset by peer' as clean exit condition */
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering return r;
70244d1d25eb80b57e160ea004d0e6bf793d4cafLennart Poettering if (r < 0) {
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering log_error_errno(r, "Failed to process destination bus: %m");
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering return r;
086821244b5113f00a0ef993b78dc56aae2a8f6cLennart Poettering }
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering if (r == 0)
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering return 0;
1ddb263d21099ae42195c2bc382bdf72a7f24f82Lennart Poettering if (!m)
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering return 1;
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering /* We officially got EOF, let's quit */
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (sd_bus_message_is_signal(m, "org.freedesktop.DBus.Local", "Disconnected"))
1ddb263d21099ae42195c2bc382bdf72a7f24f82Lennart Poettering return -ECONNRESET;
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering r = synthesize_name_acquired(p, p->destination_bus, p->local_bus, m);
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (r == -ECONNRESET || r == -ENOTCONN)
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering return r;
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (r < 0)
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering return log_error_errno(r, "Failed to synthesize message: %m");
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering /* discard broadcasts that were not matched by any MATCH rule */
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (!matched && !sd_bus_message_get_destination(m)) {
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (!matched_synthetic)
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering log_debug("Dropped unmatched broadcast: uid=" UID_FMT " gid=" GID_FMT " pid=" PID_FMT " message=%s path=%s interface=%s member=%s sender=%s destination=%s",
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering p->local_creds.uid, p->local_creds.gid, p->local_creds.pid, bus_message_type_to_string(m->header->type),
70244d1d25eb80b57e160ea004d0e6bf793d4cafLennart Poettering strna(m->path), strna(m->interface), strna(m->member), strna(m->sender), strna(m->destination));
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering return 1;
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering }
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering patch_sender(p->destination_bus, m);
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering
1ddb263d21099ae42195c2bc382bdf72a7f24f82Lennart Poettering if (p->policy) {
1ddb263d21099ae42195c2bc382bdf72a7f24f82Lennart Poettering r = process_policy(p->destination_bus, p->local_bus, m, p->policy, &p->local_creds, p->owned_names);
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (r == -ECONNRESET || r == -ENOTCONN)
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering return r;
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering if (r < 0)
1ddb263d21099ae42195c2bc382bdf72a7f24f82Lennart Poettering return log_error_errno(r, "Failed to process policy: %m");
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (r > 0)
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering return 1;
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering }
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering r = sd_bus_send(p->local_bus, m, NULL);
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (r < 0) {
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (r == -ECONNRESET || r == -ENOTCONN)
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering return r;
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering /* If the peer tries to send a reply and it is
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering * rejected with EBADSLT by the kernel, we ignore the
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering * error. This catches cases where the original
70244d1d25eb80b57e160ea004d0e6bf793d4cafLennart Poettering * method-call didn't had EXPECT_REPLY set, but the
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering * proxy-peer still sends a reply. This is allowed in
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering * dbus1, but not in kdbus. We don't want to track
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering * reply-windows in the proxy, so we simply ignore
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering * EBADSLT for all replies. The only downside is, that
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering * callers are no longer notified if their replies are
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering * dropped. However, this is equivalent to the
1ddb263d21099ae42195c2bc382bdf72a7f24f82Lennart Poettering * caller's timeout to expire, so this should be
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering * acceptable. Nobody sane sends replies without a
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering * matching method-call, so nobody should care. */
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering if ((r == -EPERM || r == -EBADSLT) && m->reply_cookie > 0)
1ddb263d21099ae42195c2bc382bdf72a7f24f82Lennart Poettering return 1;
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering /* Return the error to the client, if we can */
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering synthetic_reply_method_errnof(m, r, "Failed to forward message we got from destination: %m");
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (r == -ENOBUFS) {
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering /* if local dbus1 peer does not dispatch its queue, warn only once */
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering if (!p->queue_overflow)
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering log_error("Dropped messages due to queue overflow of local peer (pid: "PID_FMT" uid: "UID_FMT")", p->local_creds.pid, p->local_creds.uid);
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering p->queue_overflow = true;
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering } else
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering log_error_errno(r,
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering "Failed to forward message we got from destination: uid=" UID_FMT " gid=" GID_FMT" message=%s destination=%s path=%s interface=%s member=%s: %m",
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering p->local_creds.uid, p->local_creds.gid, bus_message_type_to_string(m->header->type),
70244d1d25eb80b57e160ea004d0e6bf793d4cafLennart Poettering strna(m->destination), strna(m->path), strna(m->interface), strna(m->member));
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering return 1;
ebd93cb684806ac0f352139e69ac8f53eb49f5e4Lennart Poettering }
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering p->queue_overflow = false;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering return 1;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering}
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poetteringstatic int proxy_process_local_to_destination(Proxy *p) {
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering _cleanup_bus_message_unref_ sd_bus_message *m = NULL;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering int r;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering assert(p);
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering r = sd_bus_process(p->local_bus, &m);
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (r == -ECONNRESET || r == -ENOTCONN) /* Treat 'connection reset by peer' as clean exit condition */
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering return r;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (r < 0) {
403ed0e5c914f2a0a683403d8ba7eaf96e3ffcdfMichael Chapman log_error_errno(r, "Failed to process local bus: %m");
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering return r;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering }
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (r == 0)
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering return 0;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (!m)
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering return 1;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering /* We officially got EOF, let's quit */
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (sd_bus_message_is_signal(m, "org.freedesktop.DBus.Local", "Disconnected"))
4cee5eede280b7fd48c18a1942616c4ac896a554Lennart Poettering return -ECONNRESET;
4cee5eede280b7fd48c18a1942616c4ac896a554Lennart Poettering
4cee5eede280b7fd48c18a1942616c4ac896a554Lennart Poettering r = process_hello(p, m);
4cee5eede280b7fd48c18a1942616c4ac896a554Lennart Poettering if (r == -ECONNRESET || r == -ENOTCONN)
4cee5eede280b7fd48c18a1942616c4ac896a554Lennart Poettering return r;
26166c88e0b47b83972f32b5057ecbffe06bf904Lennart Poettering if (r < 0)
26166c88e0b47b83972f32b5057ecbffe06bf904Lennart Poettering return log_error_errno(r, "Failed to process HELLO: %m");
26166c88e0b47b83972f32b5057ecbffe06bf904Lennart Poettering if (r > 0)
26166c88e0b47b83972f32b5057ecbffe06bf904Lennart Poettering return 1;
efe0286285a7432f738fafae840fa4eda51c2986Lennart Poettering
efe0286285a7432f738fafae840fa4eda51c2986Lennart Poettering r = bus_proxy_process_driver(p, p->destination_bus, p->local_bus, m, p->policy, &p->local_creds, p->owned_names);
5bcd08db289cd02aad8a89b37b2a46244a7bd473Lennart Poettering if (r == -ECONNRESET || r == -ENOTCONN)
5bcd08db289cd02aad8a89b37b2a46244a7bd473Lennart Poettering return r;
5bcd08db289cd02aad8a89b37b2a46244a7bd473Lennart Poettering if (r < 0)
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering return log_error_errno(r, "Failed to process driver calls: %m");
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (r > 0)
26166c88e0b47b83972f32b5057ecbffe06bf904Lennart Poettering return 1;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering for (;;) {
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (p->policy) {
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering r = process_policy(p->local_bus, p->destination_bus, m, p->policy, &p->local_creds, p->owned_names);
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (r == -ECONNRESET || r == -ENOTCONN)
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering return r;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (r < 0)
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering return log_error_errno(r, "Failed to process policy: %m");
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (r > 0)
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering return 1;
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering }
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering r = sd_bus_send(p->destination_bus, m, NULL);
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (r < 0) {
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (r == -ECONNRESET || r == -ENOTCONN)
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering return r;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering /* The name database changed since the policy check, hence let's check again */
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if (r == -EREMCHG)
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering continue;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering /* see above why EBADSLT is ignored for replies */
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering if ((r == -EPERM || r == -EBADSLT) && m->reply_cookie > 0)
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering return 1;
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering synthetic_reply_method_errnof(m, r, "Failed to forward message we got from local: %m");
190700621f95160d364f8ec1d3e360246c41ce75Lennart Poettering log_error_errno(r,
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering "Failed to forward message we got from local: uid=" UID_FMT " gid=" GID_FMT" message=%s destination=%s path=%s interface=%s member=%s: %m",
d6ce17c7f02ed3facdb45f65f546e587c2f00950Lennart Poettering p->local_creds.uid, p->local_creds.gid, bus_message_type_to_string(m->header->type),
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering strna(m->destination), strna(m->path), strna(m->interface), strna(m->member));
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering return 1;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering }
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering break;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering }
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering return 1;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering}
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poetteringint proxy_match(sd_bus_message *m, void *userdata, sd_bus_error *error) {
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering Proxy *p = userdata;
c077529ba6852192c464772ce907670850210dfeLennart Poettering
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering p->message_matched = true;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering return 0; /* make sure to continue processing it in further handlers */
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering}
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poetteringint proxy_run(Proxy *p) {
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering int r;
a79366e22a43ed81017e2d8c2426431d369f3cfaLennart Poettering
a79366e22a43ed81017e2d8c2426431d369f3cfaLennart Poettering assert(p);
a79366e22a43ed81017e2d8c2426431d369f3cfaLennart Poettering
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering for (;;) {
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering bool busy = false;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering if (p->got_hello) {
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering /* Read messages from bus, to pass them on to our client */
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering r = proxy_process_destination_to_local(p);
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering if (r == -ECONNRESET || r == -ENOTCONN)
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering return 0;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering if (r < 0)
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering return r;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering if (r > 0)
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering busy = true;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering }
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering /* Read messages from our client, to pass them on to the bus */
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering r = proxy_process_local_to_destination(p);
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering if (r == -ECONNRESET || r == -ENOTCONN)
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering return 0;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering if (r < 0)
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering return r;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering if (r > 0)
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering busy = true;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering if (!busy) {
c077529ba6852192c464772ce907670850210dfeLennart Poettering r = proxy_wait(p);
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering if (r == -ECONNRESET || r == -ENOTCONN)
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering return 0;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering if (r < 0)
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering return r;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering }
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering }
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering return 0;
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering}
c01ff965b48bb9693dcd77cbc748b5d8676766b0Lennart Poettering