summaryrefslogtreecommitdiff
path: root/src/core
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2013-11-28 17:50:02 +0100
committerLennart Poettering <lennart@poettering.net>2013-11-28 18:42:18 +0100
commit5b12334d35eadf1f45cc3d631fd1a2e72ffaea0a (patch)
tree55682fbecfeb705adfaf0f78fd76f5c8dc219b1b /src/core
parent70f75a523b16ad495a7791d595ee3eececf75953 (diff)
bus: add new sd_bus_creds object to encapsulate process credentials
This way we can unify handling of credentials that are attached to messages, or can be queried for bus name owners or connection peers. This also adds the ability to extend incomplete credential information with data from /proc, Also, provide a convenience call that will automatically determine the most appropriate credential object for an incoming message, by using the the attached information if possible, the sending name information if available and otherwise the peer's credentials.
Diffstat (limited to 'src/core')
-rw-r--r--src/core/dbus-manager.c8
-rw-r--r--src/core/dbus.c16
-rw-r--r--src/core/selinux-access.c219
-rw-r--r--src/core/service.c5
4 files changed, 65 insertions, 183 deletions
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index b934624def..8f63721571 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -338,7 +338,13 @@ static int method_get_unit_by_pid(sd_bus *bus, sd_bus_message *message, void *us
return r;
if (pid == 0) {
- r = sd_bus_get_owner_pid(bus, sd_bus_message_get_sender(message), &pid);
+ _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
+
+ r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_creds_get_pid(creds, &pid);
if (r < 0)
return r;
}
diff --git a/src/core/dbus.c b/src/core/dbus.c
index d130e0974e..7d7c6cbddc 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -247,9 +247,14 @@ static int selinux_filter(sd_bus *bus, sd_bus_message *message, void *userdata,
}
if (streq_ptr(path, "/org/freedesktop/systemd1/unit/self")) {
+ _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
pid_t pid;
- r = sd_bus_get_owner_pid(bus, sd_bus_message_get_sender(message), &pid);
+ r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
+ if (r < 0)
+ return 0;
+
+ r = sd_bus_creds_get_pid(creds, &pid);
if (r < 0)
return 0;
@@ -300,6 +305,7 @@ static int find_unit(Manager *m, sd_bus *bus, const char *path, Unit **unit, sd_
assert(path);
if (streq_ptr(path, "/org/freedesktop/systemd1/unit/self")) {
+ _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
sd_bus_message *message;
pid_t pid;
@@ -307,9 +313,13 @@ static int find_unit(Manager *m, sd_bus *bus, const char *path, Unit **unit, sd_
if (!message)
return 0;
- r = sd_bus_get_owner_pid(bus, sd_bus_message_get_sender(message), &pid);
+ r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_PID, &creds);
if (r < 0)
- return 0;
+ return r;
+
+ r = sd_bus_creds_get_pid(creds, &pid);
+ if (r < 0)
+ return r;
u = manager_get_unit_by_pid(m, pid);
} else {
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index cca3df652a..21c7a8c5bc 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -41,91 +41,16 @@
#include "audit.h"
#include "selinux-util.h"
#include "audit-fd.h"
+#include "strv.h"
static bool initialized = false;
-struct auditstruct {
+struct audit_info {
+ sd_bus_creds *creds;
const char *path;
- char *cmdline;
- uid_t loginuid;
- uid_t uid;
- gid_t gid;
+ const char *cmdline;
};
-static int bus_get_selinux_security_context(
- sd_bus *bus,
- const char *name,
- sd_bus_error *error,
- char **ret) {
-
- _cleanup_bus_message_unref_ sd_bus_message *m = NULL;
- const void *p;
- size_t sz;
- char *b;
- int r;
-
- assert(bus);
- assert(name);
- assert(ret);
-
- r = sd_bus_call_method(
- bus,
- "org.freedesktop.DBus",
- "/org/freedesktop/DBus",
- "org.freedesktop.DBus",
- "GetConnectionSELinuxSecurityContext",
- error, &m,
- "s", name);
- if (r < 0)
- return r;
-
- r = sd_bus_message_read_array(m, 'y', &p, &sz);
- if (r < 0)
- return r;
-
- b = strndup(p, sz);
- if (!b)
- return -ENOMEM;
-
- *ret = b;
- return 0;
-}
-
-static int bus_get_audit_data(
- sd_bus *bus,
- const char *name,
- struct auditstruct *audit) {
-
- pid_t pid;
- int r;
-
- assert(bus);
- assert(name);
- assert(audit);
-
- r = sd_bus_get_owner_pid(bus, name, &pid);
- if (r < 0)
- return r;
-
- r = audit_loginuid_from_pid(pid, &audit->loginuid);
- if (r < 0)
- return r;
-
- r = get_process_uid(pid, &audit->uid);
- if (r < 0)
- return r;
-
- r = get_process_gid(pid, &audit->gid);
- if (r < 0)
- return r;
-
- r = get_process_cmdline(pid, 0, true, &audit->cmdline);
- if (r < 0)
- return r;
-
- return 0;
-}
-
/*
Any time an access gets denied this callback will be called
with the aduit data. We then need to just copy the audit data into the msgbuf.
@@ -136,19 +61,19 @@ static int audit_callback(
char *msgbuf,
size_t msgbufsize) {
- struct auditstruct *audit = (struct auditstruct *) auditdata;
+ const struct audit_info *audit = auditdata;
+ uid_t uid = 0, login_uid = 0;
+ gid_t gid = 0;
+
+ sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid);
+ sd_bus_creds_get_uid(audit->creds, &uid);
+ sd_bus_creds_get_gid(audit->creds, &gid);
snprintf(msgbuf, msgbufsize,
"auid=%d uid=%d gid=%d%s%s%s%s%s%s",
- audit->loginuid,
- audit->uid,
- audit->gid,
- (audit->path ? " path=\"" : ""),
- strempty(audit->path),
- (audit->path ? "\"" : ""),
- (audit->cmdline ? " cmdline=\"" : ""),
- strempty(audit->cmdline),
- (audit->cmdline ? "\"" : ""));
+ login_uid, uid, gid,
+ audit->path ? " path=\"" : "", strempty(audit->path), audit->path ? "\"" : "",
+ audit->cmdline ? " cmdline=\"" : "", strempty(audit->cmdline), audit->cmdline ? "\"" : "");
msgbuf[msgbufsize-1] = 0;
@@ -164,13 +89,12 @@ static int audit_callback(
_printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
va_list ap;
- va_start(ap, fmt);
-
#ifdef HAVE_AUDIT
if (get_audit_fd() >= 0) {
_cleanup_free_ char *buf = NULL;
int r;
+ va_start(ap, fmt);
r = vasprintf(&buf, fmt, ap);
va_end(ap);
@@ -178,10 +102,10 @@ _printf_(2, 3) static int log_callback(int type, const char *fmt, ...) {
audit_log_user_avc_message(get_audit_fd(), AUDIT_USER_AVC, buf, NULL, NULL, NULL, 0);
return 0;
}
-
- va_start(ap, fmt);
}
#endif
+
+ va_start(ap, fmt);
log_metav(LOG_USER | LOG_INFO, __FILE__, __LINE__, __FUNCTION__, fmt, ap);
va_end(ap);
@@ -238,76 +162,6 @@ void selinux_access_free(void) {
initialized = false;
}
-static int get_audit_data(
- sd_bus *bus,
- sd_bus_message *message,
- struct auditstruct *audit) {
-
- struct ucred ucred;
- const char *sender;
- socklen_t len;
- int r, fd;
-
- sender = sd_bus_message_get_sender(message);
- if (sender)
- return bus_get_audit_data(bus, sender, audit);
-
- fd = sd_bus_get_fd(bus);
- if (fd < 0)
- return fd;
-
- len = sizeof(ucred);
- r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &len);
- if (r < 0)
- return -errno;
-
- audit->uid = ucred.uid;
- audit->gid = ucred.gid;
-
- r = audit_loginuid_from_pid(ucred.pid, &audit->loginuid);
- if (r < 0)
- return r;
-
- r = get_process_cmdline(ucred.pid, 0, true, &audit->cmdline);
- if (r < 0)
- return r;
-
- return 0;
-}
-
-/*
- This function returns the security context of the remote end of the dbus
- connections. Whether it is on the bus or a local connection.
-*/
-static int get_calling_context(
- sd_bus *bus,
- sd_bus_message *message,
- sd_bus_error *error,
- security_context_t *ret) {
-
- const char *sender;
- int r, fd;
-
- /*
- If sender exists then
- if sender is NULL this indicates a local connection. Grab the fd
- from dbus and do an getpeercon to peers process context
- */
- sender = sd_bus_message_get_sender(message);
- if (sender)
- return bus_get_selinux_security_context(bus, sender, error, ret);
-
- fd = sd_bus_get_fd(bus);
- if (fd < 0)
- return fd;
-
- r = getpeercon(fd, ret);
- if (r < 0)
- return -errno;
-
- return 0;
-}
-
/*
This function communicates with the kernel to check whether or not it should
allow the access.
@@ -321,9 +175,12 @@ int selinux_generic_access_check(
const char *permission,
sd_bus_error *error) {
- security_context_t scon = NULL, fcon = NULL;
- const char *tclass = NULL;
- struct auditstruct audit;
+ _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
+ const char *tclass = NULL, *scon = NULL;
+ struct audit_info audit_info = {};
+ _cleanup_free_ char *cl = NULL;
+ security_context_t fcon = NULL;
+ char **cmdline = NULL;
int r = 0;
assert(bus);
@@ -338,12 +195,16 @@ int selinux_generic_access_check(
if (r < 0)
return r;
- audit.uid = audit.loginuid = (uid_t) -1;
- audit.gid = (gid_t) -1;
- audit.cmdline = NULL;
- audit.path = path;
+ r = sd_bus_query_sender_creds(
+ message,
+ SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|
+ SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
+ SD_BUS_CREDS_SELINUX_CONTEXT,
+ &creds);
+ if (r < 0)
+ goto finish;
- r = get_calling_context(bus, message, error, &scon);
+ r = sd_bus_creds_get_selinux_context(creds, &scon);
if (r < 0)
goto finish;
@@ -367,21 +228,23 @@ int selinux_generic_access_check(
tclass = "system";
}
- get_audit_data(bus, message, &audit);
+ sd_bus_creds_get_cmdline(creds, &cmdline);
+ cl = strv_join(cmdline, " ");
+
+ audit_info.creds = creds;
+ audit_info.path = path;
+ audit_info.cmdline = cl;
- errno = 0;
- r = selinux_check_access(scon, fcon, tclass, permission, &audit);
+ r = selinux_check_access((security_context_t) scon, fcon, tclass, permission, &audit_info);
if (r < 0)
r = sd_bus_error_setf(error, SD_BUS_ERROR_ACCESS_DENIED, "SELinux policy denies access.");
- log_debug("SELinux access check scon=%s tcon=%s tclass=%s perm=%s path=%s cmdline=%s: %i", scon, fcon, tclass, permission, path, audit.cmdline, r);
+ log_debug("SELinux access check scon=%s tcon=%s tclass=%s perm=%s path=%s cmdline=%s: %i", scon, fcon, tclass, permission, path, cl, r);
finish:
- free(audit.cmdline);
- freecon(scon);
freecon(fcon);
- if (r && security_getenforce() != 1) {
+ if (r < 0 && security_getenforce() != 1) {
sd_bus_error_free(error);
r = 0;
}
diff --git a/src/core/service.c b/src/core/service.c
index 5b41c36383..cdbe4c83ee 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -3673,11 +3673,14 @@ static void service_bus_name_owner_change(
s->state == SERVICE_RUNNING ||
s->state == SERVICE_RELOAD)) {
+ _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
pid_t pid;
/* Try to acquire PID from bus service */
- r = sd_bus_get_owner_pid(u->manager->api_bus, name, &pid);
+ r = sd_bus_get_owner_creds(u->manager->api_bus, name, SD_BUS_CREDS_PID, &creds);
+ if (r >= 0)
+ r = sd_bus_creds_get_pid(creds, &pid);
if (r >= 0) {
log_debug_unit(u->id, "%s's D-Bus name %s is now owned by process %u", u->id, name, (unsigned) pid);