| Age | Commit message (Collapse) | Author |
|---|
|
We should use the data if we can (if stdin/stdout is an AF_UNIX socket),
but still work if we can't (if stdin/stdout are pipes, like in the SSH
case).
This effectively reverts 55534fb5e4742b0db9ae5e1e0202c53804147697
|
|
sd_bus_get_peer_creds()
Clean up the function namespace by renaming the following:
sd_bus_get_owner_uid() → sd_bus_get_name_creds_uid()
sd_bus_get_owner_machine_id() → sd_bus_get_name_machine_id()
sd_bus_get_peer_creds() → sd_bus_get_owner_creds()
|
|
In kdbus.h, the following details changed:
* All commands gained a 'kernel_flags' field to report the flags supported
by the driver. Before, this was done in the 'flags' field in a
bidirectional way, which turned out to be a problem for the code in
sd-bus, as many parts of it reuse the same ioctl struct more than once
and consider them to be owned by userspace.
* Name listings are now returned by a new struct instead of reusing struct
kdbus_cmd_name for that matter. This way, we don't add more unneeded
fields to it and make the API cleaner.
* 'conn_flags' was renamed to 'flags' in struct kdbus_cmd_hello to make
the API a bit more unified.
|
|
provides us with
|
|
This reverts commit b0f84d4d7832659f2216bda7a7cdf51f5e79c6eb.
get_creds_by_name() already translate the error nicely, we just need to
make use of it.
|
|
|
|
'GetConnectionUnixProcessID', 'GetConnectionUnixUser' and
'GetConnectionSELinuxSecurityContext' methods should return
'NameHasNoOwner' error (if chosen name is not available on bus)
with more detailed description - like dbus-1:
Could not get PID of name 'org.freedesktop.test': no such name.
Could not get UID of name 'org.freedesktop.test': no such name.
Could not get security context of name 'org.freedesktop.test': no such name.
Otherwise we have only laconic message without proper dbus error:
Error System.Error.ENXIO: No such device or address
|
|
'ListQueuedOwners' method should return 'NameHasNoOwner' error
if chosen name is not available on bus.
|
|
getpeersec() will fail for non-SELinux enabled machines, so don't make that
a hard error.
|
|
We need to figure out which of the possible names satisfied the policy,
so we cannot do the iteration in check_policy_item() but have to leave it
to the users.
Test cases amended accordingly.
|
|
Just some cleanups around policy checks that came up during review.
The code is still not productive.
|
|
If we can't get the remote peer or security creds, bail out.
Spotted by coverity.
|
|
The KDBUS_CMD_FREE ioctl now uses a struct rather than a direct pointer
to the offset to free.
The KDBUS_CMD_MSG_CANCEL ioctl has also changes, but there's no user of
it yet in systemd.
|
|
In pty.c there was both an include of our pty.h and the system installed pty.h.
The latter contains only two functions openpty and forkpty. We use neither so
I assume it was a typo and removed it. We still compile and pass all tests.
|
|
Check if strjoin worked and also use _cleanup_free_ since we are
here.
Found with Coverity. Fixes CID#1241962
|
|
'make distcheck' calls test-bus-policy outside of the source tree, so it
must consider the TEST_DIR variable to access its files.
|
|
|
|
Both as documentation, and to make Coverity happy.
Fixes CID #1241495 and #1241496.
|
|
Instead of operating on an sd_bus_message object, expose an API that has 4
functions:
policy_check_own()
policy_check_hello()
policy_check_recv()
policy_check_send()
This also allows dropping extra code to parse message contents - the bus
proxy already has dedicated code paths for that, and we can hook into
those later.
Tests amended accordingly.
|
|
The kdbus logic name registry logic was changed to transport the actual
name to acquire, release or report in a kdbus item.
This brings the name API a little more in line with other calls, and allows
for later augmentation.
Follow that change on the systemd side.
|
|
Add some test files and routines for dbus policy checking.
|
|
Add policy_check() to actually check whether an incoming message is allowed
by the policy. The code is not yet used from the proxy daemon, though.
|
|
|
|
This function is quite useful for debugging. Exiting from it seems
unnecessary.
|
|
Instead of making the function call itself recursively.
|
|
Do the lookup during parsing already, and set i->uid, or i->gid to the
numerical values.
|
|
|
|
In the D-Bus policy, the order of items matters, so make sure to store them
in the same order as they are parsed by the sax parser.
|
|
|
|
It is redundant to store 'hash' and 'compare' function pointers in
struct Hashmap separately. The functions always comprise a pair.
Store a single pointer to struct hash_ops instead.
systemd keeps hundreds of hashmaps, so this saves a little bit of
memory.
|
|
|
|
|
|
Since b5eca3a2059f9399d1dc52cbcf9698674c4b1cf0 we don't attempt to GC
busses anymore when unsent messages remain that keep their reference,
when they otherwise are not referenced anymore. This means that if we
explicitly want connections to go away, we need to close them.
With this change we will no do so explicitly wherver we connect to the
bus from a main program (and thus know when the bus connection should go
away), or when we create a private bus connection, that really should go
away after our use.
This fixes connection leaks in the NSS and PAM modules.
|
|
getopt is usually good at printing out a nice error message when
commandline options are invalid. It distinguishes between an unknown
option and a known option with a missing arg. It is better to let it
do its job and not use opterr=0 unless we actually want to suppress
messages. So remove opterr=0 in the few places where it wasn't really
useful.
When an error in options is encountered, we should not print a lengthy
help() and overwhelm the user, when we know precisely what is wrong
with the commandline. In addition, since help() prints to stdout, it
should not be used except when requested with -h or --help.
Also, simplify things here and there.
|
|
We should be interested in k variable.
|
|
Err can't be bigger then zero. Rest of the code uses negative Exxxx values.
|
|
One missing string found.
A few things had to be moved around to make it possible to test them.
|
|
systemctl -H root@foobar:waldi
will now show a list of services running on container "waldi" on host
"foobar", using "root" for authenticating at "foobar".
Since entereing a container requires priviliges, this will only work
correctly for root logins.
|
|
bus-proxyd is not only the bridge between legacy dbus clients and kdbus
but is also used to access remote dbus servers via ssh. Let's make sure
it actually works for that.
|
|
|
|
|
|
|
|
Lets allow LC_ALL=C without corrupted output
|
|
|
|
|
|
Enforcement is still missing, but at least we can parse it now.
|
|
Either become uid/gid of the client we have been forked for, or become
the "systemd-bus-proxy" user if the client was root. We retain
CAP_IPC_OWNER so that we can tell kdbus we are actually our own client.
|
|
attached to a bus connection
This makes callback behaviour more like sd-event or sd-resolve, and
creates proper object for unregistering callbacks.
Taking the refernce to the slot is optional. If not taken life time of
the slot will be bound to the underlying bus object (or in the case of
an async call until the reply has been recieved).
|
|
|
|
|
