proxy.c revision 418e4cb07d56e365b9b77b24d3c851e85940d68b
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit/***
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit This file is part of systemd.
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit Copyright 2010 Lennart Poettering
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit Copyright 2013 Daniel Mack
685810e390056c123842842f5104daa3179cf2c9Phill Cunnington Copyright 2014 Kay Sievers
685810e390056c123842842f5104daa3179cf2c9Phill Cunnington Copyright 2014 David Herrmann
685810e390056c123842842f5104daa3179cf2c9Phill Cunnington
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit systemd is free software; you can redistribute it and/or modify it
685810e390056c123842842f5104daa3179cf2c9Phill Cunnington under the terms of the GNU Lesser General Public License as published by
685810e390056c123842842f5104daa3179cf2c9Phill Cunnington the Free Software Foundation; either version 2.1 of the License, or
685810e390056c123842842f5104daa3179cf2c9Phill Cunnington (at your option) any later version.
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit
685810e390056c123842842f5104daa3179cf2c9Phill Cunnington systemd is distributed in the hope that it will be useful, but
685810e390056c123842842f5104daa3179cf2c9Phill Cunnington WITHOUT ANY WARRANTY; without even the implied warranty of
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
685810e390056c123842842f5104daa3179cf2c9Phill Cunnington Lesser General Public License for more details.
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit You should have received a copy of the GNU Lesser General Public License
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit along with systemd; If not, see <http://www.gnu.org/licenses/>.
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit***/
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include <sys/socket.h>
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include <sys/un.h>
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include <sys/types.h>
685810e390056c123842842f5104daa3179cf2c9Phill Cunnington#include <fcntl.h>
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include <unistd.h>
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include <string.h>
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include <errno.h>
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include <poll.h>
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include <stddef.h>
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include <getopt.h>
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "log.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "util.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "socket-util.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "sd-daemon.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "sd-bus.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "bus-internal.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "bus-message.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "bus-util.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "build.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "strv.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "def.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "capability.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "bus-control.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "smack-util.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "set.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "bus-xml-policy.h"
685810e390056c123842842f5104daa3179cf2c9Phill Cunnington#include "driver.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "proxy.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit#include "synthesize.h"
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavitstatic int proxy_create_destination(Proxy *p, const char *destination, const char *local_sec, bool negotiate_fds) {
80802511792d4e59a4ac67ad19677009d332b37dBruno Lavit _cleanup_bus_close_unref_ sd_bus *b = NULL;
int r;
r = sd_bus_new(&b);
if (r < 0)
return log_error_errno(r, "Failed to allocate bus: %m");
r = sd_bus_set_description(b, "sd-proxy");
if (r < 0)
return log_error_errno(r, "Failed to set bus name: %m");
r = sd_bus_set_address(b, destination);
if (r < 0)
return log_error_errno(r, "Failed to set address to connect to: %m");
r = sd_bus_negotiate_fds(b, negotiate_fds);
if (r < 0)
return log_error_errno(r, "Failed to set FD negotiation: %m");
r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SELINUX_CONTEXT);
if (r < 0)
return log_error_errno(r, "Failed to set credential negotiation: %m");
if (p->local_creds.pid > 0) {
b->fake_pids.pid = p->local_creds.pid;
b->fake_pids_valid = true;
b->fake_creds.uid = p->local_creds.uid;
b->fake_creds.euid = p->local_creds.uid;
b->fake_creds.suid = p->local_creds.uid;
b->fake_creds.fsuid = p->local_creds.uid;
b->fake_creds.gid = p->local_creds.gid;
b->fake_creds.egid = p->local_creds.gid;
b->fake_creds.sgid = p->local_creds.gid;
b->fake_creds.fsgid = p->local_creds.gid;
b->fake_creds_valid = true;
}
if (local_sec) {
b->fake_label = strdup(local_sec);
if (!b->fake_label)
return log_oom();
}
b->manual_peer_interface = true;
r = sd_bus_start(b);
if (r < 0)
return log_error_errno(r, "Failed to start bus client: %m");
p->destination_bus = b;
b = NULL;
return 0;
}
static int proxy_create_local(Proxy *p, int in_fd, int out_fd, bool negotiate_fds) {
_cleanup_bus_close_unref_ sd_bus *b = NULL;
sd_id128_t server_id;
int r;
r = sd_bus_new(&b);
if (r < 0)
return log_error_errno(r, "Failed to allocate bus: %m");
r = sd_bus_set_fd(b, in_fd, out_fd);
if (r < 0)
return log_error_errno(r, "Failed to set fds: %m");
r = sd_bus_get_bus_id(p->destination_bus, &server_id);
if (r < 0)
return log_error_errno(r, "Failed to get server ID: %m");
r = sd_bus_set_server(b, 1, server_id);
if (r < 0)
return log_error_errno(r, "Failed to set server mode: %m");
r = sd_bus_negotiate_fds(b, negotiate_fds);
if (r < 0)
return log_error_errno(r, "Failed to set FD negotiation: %m");
r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SELINUX_CONTEXT);
if (r < 0)
return log_error_errno(r, "Failed to set credential negotiation: %m");
r = sd_bus_set_anonymous(b, true);
if (r < 0)
return log_error_errno(r, "Failed to set anonymous authentication: %m");
b->manual_peer_interface = true;
r = sd_bus_start(b);
if (r < 0)
return log_error_errno(r, "Failed to start bus client: %m");
p->local_bus = b;
b = NULL;
return 0;
}
static int proxy_prepare_matches(Proxy *p) {
_cleanup_free_ char *match = NULL;
const char *unique;
int r;
if (!p->destination_bus->is_kernel)
return 0;
r = sd_bus_get_unique_name(p->destination_bus, &unique);
if (r < 0)
return log_error_errno(r, "Failed to get unique name: %m");
match = strjoin("type='signal',"
"sender='org.freedesktop.DBus',"
"path='/org/freedesktop/DBus',"
"interface='org.freedesktop.DBus',"
"member='NameOwnerChanged',"
"arg1='",
unique,
"'",
NULL);
if (!match)
return log_oom();
r = sd_bus_add_match(p->destination_bus, NULL, match, NULL, NULL);
if (r < 0)
return log_error_errno(r, "Failed to add match for NameLost: %m");
free(match);
match = strjoin("type='signal',"
"sender='org.freedesktop.DBus',"
"path='/org/freedesktop/DBus',"
"interface='org.freedesktop.DBus',"
"member='NameOwnerChanged',"
"arg2='",
unique,
"'",
NULL);
if (!match)
return log_oom();
r = sd_bus_add_match(p->destination_bus, NULL, match, NULL, NULL);
if (r < 0)
return log_error_errno(r, "Failed to add match for NameAcquired: %m");
return 0;
}
int proxy_new(Proxy **out, int in_fd, int out_fd, const char *destination) {
_cleanup_(proxy_freep) Proxy *p = NULL;
_cleanup_free_ char *local_sec = NULL;
bool is_unix;
int r;
p = new0(Proxy, 1);
if (!p)
return log_oom();
p->local_in = in_fd;
p->local_out = out_fd;
p->owned_names = set_new(&string_hash_ops);
if (!p->owned_names)
return log_oom();
is_unix = sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
if (is_unix) {
(void) getpeercred(in_fd, &p->local_creds);
(void) getpeersec(in_fd, &local_sec);
}
r = proxy_create_destination(p, destination, local_sec, is_unix);
if (r < 0)
return r;
r = proxy_create_local(p, in_fd, out_fd, is_unix);
if (r < 0)
return r;
r = proxy_prepare_matches(p);
if (r < 0)
return r;
*out = p;
p = NULL;
return 0;
}
Proxy *proxy_free(Proxy *p) {
if (!p)
return NULL;
sd_bus_close_unrefp(&p->local_bus);
sd_bus_close_unrefp(&p->destination_bus);
set_free_free(p->owned_names);
free(p);
return NULL;
}
int proxy_set_policy(Proxy *p, SharedPolicy *sp, char **configuration) {
_cleanup_strv_free_ char **strv = NULL;
Policy *policy;
int r;
assert(p);
assert(sp);
/* no need to load legacy policy if destination is not kdbus */
if (!p->destination_bus->is_kernel)
return 0;
p->policy = sp;
policy = shared_policy_acquire(sp);
if (policy) {
/* policy already pre-loaded */
shared_policy_release(sp, policy);
return 0;
}
if (!configuration) {
const char *scope;
r = sd_bus_get_scope(p->destination_bus, &scope);
if (r < 0)
return log_error_errno(r, "Couldn't determine bus scope: %m");
if (streq(scope, "system"))
strv = strv_new("/etc/dbus-1/system.conf",
"/etc/dbus-1/system.d/",
"/etc/dbus-1/system-local.conf",
NULL);
else if (streq(scope, "user"))
strv = strv_new("/etc/dbus-1/session.conf",
"/etc/dbus-1/session.d/",
"/etc/dbus-1/session-local.conf",
NULL);
else
return log_error("Unknown scope %s, don't know which policy to load. Refusing.", scope);
if (!strv)
return log_oom();
configuration = strv;
}
return shared_policy_preload(sp, configuration);
}
int proxy_hello_policy(Proxy *p, uid_t original_uid) {
Policy *policy;
int r = 0;
assert(p);
if (!p->policy)
return 0;
policy = shared_policy_acquire(p->policy);
if (p->local_creds.uid == original_uid)
log_debug("Permitting access, since bus owner matches bus client.");
else if (policy_check_hello(policy, p->local_creds.uid, p->local_creds.gid))
log_debug("Permitting access due to XML policy.");
else
r = log_error_errno(EPERM, "Policy denied connection.");
shared_policy_release(p->policy, policy);
return r;
}
static int proxy_wait(Proxy *p) {
uint64_t timeout_destination, timeout_local, t;
int events_destination, events_local, fd;
struct timespec _ts, *ts;
struct pollfd *pollfd;
int r;
assert(p);
fd = sd_bus_get_fd(p->destination_bus);
if (fd < 0)
return log_error_errno(fd, "Failed to get fd: %m");
events_destination = sd_bus_get_events(p->destination_bus);
if (events_destination < 0)
return log_error_errno(events_destination, "Failed to get events mask: %m");
r = sd_bus_get_timeout(p->destination_bus, &timeout_destination);
if (r < 0)
return log_error_errno(r, "Failed to get timeout: %m");
events_local = sd_bus_get_events(p->local_bus);
if (events_local < 0)
return log_error_errno(events_local, "Failed to get events mask: %m");
r = sd_bus_get_timeout(p->local_bus, &timeout_local);
if (r < 0)
return log_error_errno(r, "Failed to get timeout: %m");
t = timeout_destination;
if (t == (uint64_t) -1 || (timeout_local != (uint64_t) -1 && timeout_local < timeout_destination))
t = timeout_local;
if (t == (uint64_t) -1)
ts = NULL;
else {
usec_t nw;
nw = now(CLOCK_MONOTONIC);
if (t > nw)
t -= nw;
else
t = 0;
ts = timespec_store(&_ts, t);
}
pollfd = (struct pollfd[3]) {
{ .fd = fd, .events = events_destination, },
{ .fd = p->local_in, .events = events_local & POLLIN, },
{ .fd = p->local_out, .events = events_local & POLLOUT, },
};
r = ppoll(pollfd, 3, ts, NULL);
if (r < 0)
return log_error_errno(errno, "ppoll() failed: %m");
return 0;
}
static int handle_policy_error(sd_bus_message *m, int r) {
if (r == -ESRCH || r == -ENXIO)
return synthetic_reply_method_errorf(m, SD_BUS_ERROR_NAME_HAS_NO_OWNER, "Name %s is currently not owned by anyone.", m->destination);
return r;
}
static int process_policy_unlocked(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *policy, const struct ucred *our_ucred, Set *owned_names) {
int r;
assert(from);
assert(to);
assert(m);
if (!policy)
return 0;
/*
* dbus-1 distinguishes expected and non-expected replies by tracking
* method-calls and timeouts. By default, DENY rules are *NEVER* applied
* on expected replies, unless explicitly specified. But we dont track
* method-calls, thus, we cannot know whether a reply is expected.
* Fortunately, the kdbus forbids non-expected replies, so we can safely
* ignore any policy on those and let the kernel deal with it.
*
* TODO: To be correct, we should only ignore policy-tags that are
* applied on non-expected replies. However, so far we don't parse those
* tags so we let everything pass. I haven't seen a DENY policy tag on
* expected-replies, ever, so don't bother..
*/
if (m->reply_cookie > 0)
return 0;
if (from->is_kernel) {
uid_t sender_uid = UID_INVALID;
gid_t sender_gid = GID_INVALID;
char **sender_names = NULL;
/* Driver messages are always OK */
if (streq_ptr(m->sender, "org.freedesktop.DBus"))
return 0;
/* The message came from the kernel, and is sent to our legacy client. */
(void) sd_bus_creds_get_well_known_names(&m->creds, &sender_names);
(void) sd_bus_creds_get_euid(&m->creds, &sender_uid);
(void) sd_bus_creds_get_egid(&m->creds, &sender_gid);
if (sender_uid == UID_INVALID || sender_gid == GID_INVALID) {
_cleanup_bus_creds_unref_ sd_bus_creds *sender_creds = NULL;
/* If the message came from another legacy
* client, then the message creds will be
* missing, simply because on legacy clients
* per-message creds were unknown. In this
* case, query the creds of the peer
* instead. */
r = bus_get_name_creds_kdbus(from, m->sender, SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID, true, &sender_creds);
if (r < 0)
return handle_policy_error(m, r);
(void) sd_bus_creds_get_euid(sender_creds, &sender_uid);
(void) sd_bus_creds_get_egid(sender_creds, &sender_gid);
}
/* First check whether the sender can send the message to our name */
if (policy_check_send(policy, sender_uid, sender_gid, m->header->type, owned_names, NULL, m->path, m->interface, m->member, false, NULL) &&
policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, sender_names, m->path, m->interface, m->member, false))
return 0;
/* Return an error back to the caller */
if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML receiver policy.");
/* Return 1, indicating that the message shall not be processed any further */
return 1;
}
if (to->is_kernel) {
_cleanup_bus_creds_unref_ sd_bus_creds *destination_creds = NULL;
uid_t destination_uid = UID_INVALID;
gid_t destination_gid = GID_INVALID;
const char *destination_unique = NULL;
char **destination_names = NULL;
char *n;
/* Driver messages are always OK */
if (streq_ptr(m->destination, "org.freedesktop.DBus"))
return 0;
/* The message came from the legacy client, and is sent to kdbus. */
if (m->destination) {
r = bus_get_name_creds_kdbus(to, m->destination,
SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_PID,
true, &destination_creds);
if (r < 0)
return handle_policy_error(m, r);
r = sd_bus_creds_get_unique_name(destination_creds, &destination_unique);
if (r < 0)
return handle_policy_error(m, r);
(void) sd_bus_creds_get_well_known_names(destination_creds, &destination_names);
(void) sd_bus_creds_get_euid(destination_creds, &destination_uid);
(void) sd_bus_creds_get_egid(destination_creds, &destination_gid);
}
/* First check if we (the sender) can send to this name */
if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, destination_names, m->path, m->interface, m->member, true, &n)) {
if (n) {
/* If we made a receiver decision, then remember which
* name's policy we used, and to which unique ID it
* mapped when we made the decision. Then, let's pass
* this to the kernel when sending the message, so that
* it refuses the operation should the name and unique
* ID not map to each other anymore. */
r = free_and_strdup(&m->destination_ptr, n);
if (r < 0)
return r;
r = bus_kernel_parse_unique_name(destination_unique, &m->verify_destination_id);
if (r < 0)
return r;
}
if (sd_bus_message_is_signal(m, NULL, NULL)) {
/* If we forward a signal from dbus-1 to kdbus,
* we have no idea who the recipient is.
* Therefore, we cannot apply any dbus-1
* receiver policies that match on receiver
* credentials. We know sd-bus always sets
* KDBUS_MSG_SIGNAL, so the kernel applies
* receiver policies to the message. Therefore,
* skip policy checks in this case. */
return 0;
} else if (policy_check_recv(policy, destination_uid, destination_gid, m->header->type, owned_names, NULL, m->path, m->interface, m->member, true)) {
return 0;
}
}
/* Return an error back to the caller */
if (m->header->type == SD_BUS_MESSAGE_METHOD_CALL)
return synthetic_reply_method_errorf(m, SD_BUS_ERROR_ACCESS_DENIED, "Access prohibited by XML sender policy.");
/* Return 1, indicating that the message shall not be processed any further */
return 1;
}
return 0;
}
static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, SharedPolicy *sp, const struct ucred *our_ucred, Set *owned_names) {
Policy *policy;
int r;
assert(sp);
policy = shared_policy_acquire(sp);
r = process_policy_unlocked(from, to, m, policy, our_ucred, owned_names);
shared_policy_release(sp, policy);
return r;
}
static int process_hello(Proxy *p, sd_bus_message *m) {
_cleanup_bus_message_unref_ sd_bus_message *n = NULL;
bool is_hello;
int r;
assert(p);
assert(m);
/* As reaction to hello we need to respond with two messages:
* the callback reply and the NameAcquired for the unique
* name, since hello is otherwise obsolete on kdbus. */
is_hello =
sd_bus_message_is_method_call(m, "org.freedesktop.DBus", "Hello") &&
streq_ptr(m->destination, "org.freedesktop.DBus");
if (!is_hello) {
if (p->got_hello)
return 0;
return log_error_errno(EIO, "First packet isn't hello (it's %s.%s), aborting.", m->interface, m->member);
}
if (p->got_hello)
return log_error_errno(EIO, "Got duplicate hello, aborting.");
p->got_hello = true;
if (!p->destination_bus->is_kernel)
return 0;
r = sd_bus_message_new_method_return(m, &n);
if (r < 0)
return log_error_errno(r, "Failed to generate HELLO reply: %m");
r = sd_bus_message_append(n, "s", p->destination_bus->unique_name);
if (r < 0)
return log_error_errno(r, "Failed to append unique name to HELLO reply: %m");
r = bus_message_append_sender(n, "org.freedesktop.DBus");
if (r < 0)
return log_error_errno(r, "Failed to append sender to HELLO reply: %m");
r = bus_seal_synthetic_message(p->local_bus, n);
if (r < 0)
return log_error_errno(r, "Failed to seal HELLO reply: %m");
r = sd_bus_send(p->local_bus, n, NULL);
if (r < 0)
return log_error_errno(r, "Failed to send HELLO reply: %m");
n = sd_bus_message_unref(n);
r = sd_bus_message_new_signal(
p->local_bus,
&n,
"/org/freedesktop/DBus",
"org.freedesktop.DBus",
"NameAcquired");
if (r < 0)
return log_error_errno(r, "Failed to allocate initial NameAcquired message: %m");
r = sd_bus_message_append(n, "s", p->destination_bus->unique_name);
if (r < 0)
return log_error_errno(r, "Failed to append unique name to NameAcquired message: %m");
r = bus_message_append_sender(n, "org.freedesktop.DBus");
if (r < 0)
return log_error_errno(r, "Failed to append sender to NameAcquired message: %m");
r = bus_seal_synthetic_message(p->local_bus, n);
if (r < 0)
return log_error_errno(r, "Failed to seal NameAcquired message: %m");
r = sd_bus_send(p->local_bus, n, NULL);
if (r < 0)
return log_error_errno(r, "Failed to send NameAcquired message: %m");
return 1;
}
static int patch_sender(sd_bus *a, sd_bus_message *m) {
char **well_known = NULL;
sd_bus_creds *c;
int r;
assert(a);
assert(m);
if (!a->is_kernel)
return 0;
/* We will change the sender of messages from the bus driver
* so that they originate from the bus driver. This is a
* speciality originating from dbus1, where the bus driver did
* not have a unique id, but only the well-known name. */
c = sd_bus_message_get_creds(m);
if (!c)
return 0;
r = sd_bus_creds_get_well_known_names(c, &well_known);
if (r < 0)
return r;
if (strv_contains(well_known, "org.freedesktop.DBus"))
m->sender = "org.freedesktop.DBus";
return 0;
}
static int proxy_process_destination_to_local(Proxy *p) {
_cleanup_bus_message_unref_ sd_bus_message *m = NULL;
int r;
assert(p);
r = sd_bus_process(p->destination_bus, &m);
if (r == -ECONNRESET) /* Treat 'connection reset by peer' as clean exit condition */
return r;
if (r < 0) {
log_error_errno(r, "Failed to process destination bus: %m");
return r;
}
if (r == 0)
return 0;
if (!m)
return 1;
/* We officially got EOF, let's quit */
if (sd_bus_message_is_signal(m, "org.freedesktop.DBus.Local", "Disconnected"))
return -ECONNRESET;
r = synthesize_name_acquired(p->destination_bus, p->local_bus, m);
if (r < 0)
return log_error_errno(r, "Failed to synthesize message: %m");
patch_sender(p->destination_bus, m);
if (p->policy) {
r = process_policy(p->destination_bus, p->local_bus, m, p->policy, &p->local_creds, p->owned_names);
if (r < 0)
return log_error_errno(r, "Failed to process policy: %m");
if (r > 0)
return 1;
}
r = sd_bus_send(p->local_bus, m, NULL);
if (r < 0) {
if (r == -EPERM && m->reply_cookie > 0) {
/* If the peer tries to send a reply and it is rejected with EPERM
* by the kernel, we ignore the error. This catches cases where the
* original method-call didn't had EXPECT_REPLY set, but the proxy-peer
* still sends a reply. This is allowed in dbus1, but not in kdbus. We
* don't want to track reply-windows in the proxy, so we simply ignore
* EPERM for all replies. The only downside is, that callers are no
* longer notified if their replies are dropped. However, this is
* equivalent to the caller's timeout to expire, so this should be
* acceptable. Nobody sane sends replies without a matching method-call,
* so nobody should care. */
return 1;
} else {
if (r != -ECONNRESET)
log_error_errno(r, "Failed to send message to client: %m");
return r;
}
}
return 1;
}
static int proxy_process_local_to_destination(Proxy *p) {
_cleanup_bus_message_unref_ sd_bus_message *m = NULL;
int r;
assert(p);
r = sd_bus_process(p->local_bus, &m);
if (r == -ECONNRESET) /* Treat 'connection reset by peer' as clean exit condition */
return r;
if (r < 0) {
log_error_errno(r, "Failed to process local bus: %m");
return r;
}
if (r == 0)
return 0;
if (!m)
return 1;
/* We officially got EOF, let's quit */
if (sd_bus_message_is_signal(m, "org.freedesktop.DBus.Local", "Disconnected"))
return -ECONNRESET;
r = process_hello(p, m);
if (r < 0)
return log_error_errno(r, "Failed to process HELLO: %m");
if (r > 0)
return 1;
r = bus_proxy_process_driver(p->destination_bus, p->local_bus, m, p->policy, &p->local_creds, p->owned_names);
if (r < 0)
return log_error_errno(r, "Failed to process driver calls: %m");
if (r > 0)
return 1;
for (;;) {
if (p->policy) {
r = process_policy(p->local_bus, p->destination_bus, m, p->policy, &p->local_creds, p->owned_names);
if (r < 0)
return log_error_errno(r, "Failed to process policy: %m");
else if (r > 0)
return 1;
}
r = sd_bus_send(p->destination_bus, m, NULL);
if (r < 0) {
if (r == -EREMCHG) {
/* The name database changed since the policy check, hence let's check again */
continue;
} else if (r == -EPERM && m->reply_cookie > 0) {
/* see above why EPERM is ignored for replies */
return 1;
} else {
if (r != -ECONNRESET)
log_error_errno(r, "Failed to send message to bus: %m");
return r;
}
}
break;
}
return 1;
}
int proxy_run(Proxy *p) {
int r;
assert(p);
for (;;) {
bool busy = false;
if (p->got_hello) {
/* Read messages from bus, to pass them on to our client */
r = proxy_process_destination_to_local(p);
if (r == -ECONNRESET)
return 0;
if (r < 0)
return r;
if (r > 0)
busy = true;
}
/* Read messages from our client, to pass them on to the bus */
r = proxy_process_local_to_destination(p);
if (r == -ECONNRESET)
return 0;
if (r < 0)
return r;
if (r > 0)
busy = true;
if (!busy) {
r = proxy_wait(p);
if (r < 0)
return r;
}
}
return 0;
}