diff options
Diffstat (limited to 'meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch')
| -rw-r--r-- | meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch | 389 |
1 files changed, 181 insertions, 208 deletions
diff --git a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch index 6a7e8a39d..d04c60cd9 100644 --- a/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch +++ b/meta-security/recipes-core/dbus-cynara/dbus-cynara/0001-Integration-of-Cynara-asynchronous-security-checks.patch @@ -19,46 +19,17 @@ Currently such return value results in message denial. Cherry picked from 4dcfb02f17247ff9de966b62182cd2e08f301238 by José Bollo. +Updated for dbus 1.10.20 by Scott Murray. + Change-Id: I9bcbce34577e5dc2a3cecf6233a0a2b0e43e1108 Signed-off-by: José Bollo <jose.bollo@iot.bzh> ---- - bus/Makefile.am | 6 + - bus/bus.c | 136 +++++--- - bus/bus.h | 32 +- - bus/check.c | 217 ++++++++++++ - bus/check.h | 68 ++++ - bus/config-parser-common.c | 6 + - bus/config-parser-common.h | 1 + - bus/config-parser.c | 71 +++- - bus/connection.c | 56 ++- - bus/connection.h | 4 + - bus/cynara.c | 374 +++++++++++++++++++++ - bus/cynara.h | 37 ++ - bus/dispatch.c | 44 ++- - bus/policy.c | 193 +++++++---- - bus/policy.h | 51 ++- - configure.ac | 12 + - test/Makefile.am | 1 + - test/data/invalid-config-files/badcheck-1.conf | 9 + - test/data/invalid-config-files/badcheck-2.conf | 9 + - test/data/valid-config-files/check-1.conf | 9 + - .../valid-config-files/debug-check-some.conf.in | 18 + - tools/dbus-send.c | 2 +- - 22 files changed, 1193 insertions(+), 163 deletions(-) - create mode 100644 bus/check.c - create mode 100644 bus/check.h - create mode 100644 bus/cynara.c - create mode 100644 bus/cynara.h - create mode 100644 test/data/invalid-config-files/badcheck-1.conf - create mode 100644 test/data/invalid-config-files/badcheck-2.conf - create mode 100644 test/data/valid-config-files/check-1.conf - create mode 100644 test/data/valid-config-files/debug-check-some.conf.in +Signed-off-by: Scott Murray <scott.murray@konsulko.com> diff --git a/bus/Makefile.am b/bus/Makefile.am -index 33af09b0..3f57cc48 100644 +index 9ae3071..46afb31 100644 --- a/bus/Makefile.am +++ b/bus/Makefile.am -@@ -9,6 +9,7 @@ DBUS_BUS_LIBS = \ +@@ -13,6 +13,7 @@ DBUS_BUS_LIBS = \ $(THREAD_LIBS) \ $(ADT_LIBS) \ $(NETWORK_libs) \ @@ -66,7 +37,7 @@ index 33af09b0..3f57cc48 100644 $(NULL) DBUS_LAUNCHER_LIBS = \ -@@ -24,6 +25,7 @@ AM_CPPFLAGS = \ +@@ -30,6 +31,7 @@ AM_CPPFLAGS = \ $(APPARMOR_CFLAGS) \ -DDBUS_SYSTEM_CONFIG_FILE=\""$(dbusdatadir)/system.conf"\" \ -DDBUS_COMPILATION \ @@ -74,15 +45,16 @@ index 33af09b0..3f57cc48 100644 $(NULL) # if assertions are enabled, improve backtraces -@@ -82,12 +84,16 @@ BUS_SOURCES= \ +@@ -90,6 +92,8 @@ BUS_SOURCES= \ audit.h \ bus.c \ bus.h \ + check.c \ + check.h \ + config-loader-expat.c \ config-parser.c \ config-parser.h \ - config-parser-common.c \ +@@ -97,6 +101,8 @@ BUS_SOURCES= \ config-parser-common.h \ connection.c \ connection.h \ @@ -91,19 +63,33 @@ index 33af09b0..3f57cc48 100644 desktop-file.c \ desktop-file.h \ $(DIR_WATCH_SOURCE) \ +diff --git a/bus/activation.c b/bus/activation.c +index 6f009f5..451179d 100644 +--- a/bus/activation.c ++++ b/bus/activation.c +@@ -1795,7 +1795,8 @@ bus_activation_activate_service (BusActivation *activation, + NULL, /* proposed recipient */ + activation_message, + entry, +- error)) ++ error, ++ NULL)) + { + _DBUS_ASSERT_ERROR_IS_SET (error); + _dbus_verbose ("activation not authorized: %s: %s\n", diff --git a/bus/bus.c b/bus/bus.c -index fd4ab9e4..c4008505 100644 +index 30ce4e1..237efe3 100644 --- a/bus/bus.c +++ b/bus/bus.c -@@ -37,6 +37,7 @@ +@@ -38,6 +38,7 @@ #include "apparmor.h" #include "audit.h" #include "dir-watch.h" +#include "check.h" + #include <dbus/dbus-auth.h> #include <dbus/dbus-list.h> #include <dbus/dbus-hash.h> - #include <dbus/dbus-credentials.h> -@@ -65,6 +66,7 @@ struct BusContext +@@ -67,6 +68,7 @@ struct BusContext BusRegistry *registry; BusPolicy *policy; BusMatchmaker *matchmaker; @@ -111,7 +97,7 @@ index fd4ab9e4..c4008505 100644 BusLimits limits; DBusRLimit *initial_fd_limit; unsigned int fork : 1; -@@ -988,6 +990,10 @@ bus_context_new (const DBusString *config_file, +@@ -1003,6 +1005,10 @@ bus_context_new (const DBusString *config_file, parser = NULL; } @@ -122,7 +108,7 @@ index fd4ab9e4..c4008505 100644 dbus_server_free_data_slot (&server_data_slot); return context; -@@ -1112,6 +1118,12 @@ bus_context_unref (BusContext *context) +@@ -1127,6 +1133,12 @@ bus_context_unref (BusContext *context) bus_context_shutdown (context); @@ -135,7 +121,7 @@ index fd4ab9e4..c4008505 100644 if (context->connections) { bus_connections_unref (context->connections); -@@ -1241,6 +1253,12 @@ bus_context_get_loop (BusContext *context) +@@ -1256,6 +1268,12 @@ bus_context_get_loop (BusContext *context) return context->loop; } @@ -148,7 +134,7 @@ index fd4ab9e4..c4008505 100644 dbus_bool_t bus_context_allow_unix_user (BusContext *context, unsigned long uid) -@@ -1456,6 +1474,7 @@ complain_about_message (BusContext *context, +@@ -1451,6 +1469,7 @@ complain_about_message (BusContext *context, DBusConnection *proposed_recipient, dbus_bool_t requested_reply, dbus_bool_t log, @@ -156,7 +142,7 @@ index fd4ab9e4..c4008505 100644 DBusError *error) { DBusError stack_error = DBUS_ERROR_INIT; -@@ -1485,7 +1504,8 @@ complain_about_message (BusContext *context, +@@ -1480,7 +1499,8 @@ complain_about_message (BusContext *context, dbus_set_error (&stack_error, error_name, "%s, %d matched rules; type=\"%s\", sender=\"%s\" (%s) " "interface=\"%s\" member=\"%s\" error name=\"%s\" " @@ -166,7 +152,7 @@ index fd4ab9e4..c4008505 100644 complaint, matched_rules, dbus_message_type_to_string (dbus_message_get_type (message)), -@@ -1496,7 +1516,8 @@ complain_about_message (BusContext *context, +@@ -1491,7 +1511,8 @@ complain_about_message (BusContext *context, nonnull (dbus_message_get_error_name (message), "(unset)"), requested_reply, nonnull (dbus_message_get_destination (message), DBUS_SERVICE_DBUS), @@ -176,26 +162,21 @@ index fd4ab9e4..c4008505 100644 /* If we hit OOM while setting the error, this will syslog "out of memory" * which is itself an indication that something is seriously wrong */ -@@ -1520,14 +1541,15 @@ complain_about_message (BusContext *context, +@@ -1519,7 +1540,7 @@ complain_about_message (BusContext *context, * NULL for addressed_recipient may mean the bus driver, or may mean * no destination was specified in the message (e.g. a signal). */ -dbus_bool_t --bus_context_check_security_policy (BusContext *context, -- BusTransaction *transaction, -- DBusConnection *sender, -- DBusConnection *addressed_recipient, -- DBusConnection *proposed_recipient, -- DBusMessage *message, -- DBusError *error) +BusResult -+bus_context_check_security_policy (BusContext *context, -+ BusTransaction *transaction, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ DBusMessage *message, -+ DBusError *error, + bus_context_check_security_policy (BusContext *context, + BusTransaction *transaction, + DBusConnection *sender, +@@ -1527,7 +1548,8 @@ bus_context_check_security_policy (BusContext *context, + DBusConnection *proposed_recipient, + DBusMessage *message, + BusActivationEntry *activation_entry, +- DBusError *error) ++ DBusError *error, + BusDeferredMessage **deferred_message) { const char *src, *dest; @@ -208,7 +189,7 @@ index fd4ab9e4..c4008505 100644 type = dbus_message_get_type (message); src = dbus_message_get_sender (message); -@@ -1564,7 +1587,7 @@ bus_context_check_security_policy (BusContext *context, +@@ -1565,7 +1588,7 @@ bus_context_check_security_policy (BusContext *context, dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, "Message bus will not accept messages of unknown type\n"); @@ -217,7 +198,7 @@ index fd4ab9e4..c4008505 100644 } requested_reply = FALSE; -@@ -1594,7 +1617,7 @@ bus_context_check_security_policy (BusContext *context, +@@ -1595,7 +1618,7 @@ bus_context_check_security_policy (BusContext *context, if (dbus_error_is_set (&error2)) { dbus_move_error (&error2, error); @@ -226,7 +207,7 @@ index fd4ab9e4..c4008505 100644 } } } -@@ -1621,11 +1644,11 @@ bus_context_check_security_policy (BusContext *context, +@@ -1624,11 +1647,11 @@ bus_context_check_security_policy (BusContext *context, complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, "An SELinux policy prevents this sender from sending this " "message to this recipient", @@ -240,16 +221,16 @@ index fd4ab9e4..c4008505 100644 } /* next verify AppArmor access controls. If allowed then -@@ -1642,7 +1665,7 @@ bus_context_check_security_policy (BusContext *context, - dest ? dest : DBUS_SERVICE_DBUS, +@@ -1646,7 +1669,7 @@ bus_context_check_security_policy (BusContext *context, src ? src : DBUS_SERVICE_DBUS, + activation_entry, error)) - return FALSE; + return BUS_RESULT_FALSE; if (!bus_connection_is_active (sender)) { -@@ -1656,7 +1679,7 @@ bus_context_check_security_policy (BusContext *context, +@@ -1660,7 +1683,7 @@ bus_context_check_security_policy (BusContext *context, { _dbus_verbose ("security check allowing %s message\n", "Hello"); @@ -258,7 +239,7 @@ index fd4ab9e4..c4008505 100644 } else { -@@ -1667,7 +1690,7 @@ bus_context_check_security_policy (BusContext *context, +@@ -1671,7 +1694,7 @@ bus_context_check_security_policy (BusContext *context, "Client tried to send a message other than %s without being registered", "Hello"); @@ -267,7 +248,7 @@ index fd4ab9e4..c4008505 100644 } } } -@@ -1716,20 +1739,29 @@ bus_context_check_security_policy (BusContext *context, +@@ -1720,20 +1743,29 @@ bus_context_check_security_policy (BusContext *context, (proposed_recipient == NULL && recipient_policy == NULL)); log = FALSE; @@ -311,7 +292,7 @@ index fd4ab9e4..c4008505 100644 if (log) { -@@ -1738,23 +1770,29 @@ bus_context_check_security_policy (BusContext *context, +@@ -1742,23 +1774,29 @@ bus_context_check_security_policy (BusContext *context, complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, "Would reject message", toggles, message, sender, proposed_recipient, requested_reply, @@ -355,7 +336,7 @@ index fd4ab9e4..c4008505 100644 } /* See if limits on size have been exceeded */ -@@ -1764,10 +1802,10 @@ bus_context_check_security_policy (BusContext *context, +@@ -1768,10 +1806,10 @@ bus_context_check_security_policy (BusContext *context, { complain_about_message (context, DBUS_ERROR_LIMITS_EXCEEDED, "Rejected: destination has a full message queue", @@ -368,7 +349,7 @@ index fd4ab9e4..c4008505 100644 } /* Record that we will allow a reply here in the future (don't -@@ -1784,11 +1822,11 @@ bus_context_check_security_policy (BusContext *context, +@@ -1792,11 +1830,11 @@ bus_context_check_security_policy (BusContext *context, message, error)) { _dbus_verbose ("Failed to record reply expectation or problem with the message expecting a reply\n"); @@ -383,13 +364,13 @@ index fd4ab9e4..c4008505 100644 void diff --git a/bus/bus.h b/bus/bus.h -index 3fab59ff..dab7791f 100644 +index 2e0de82..82c32c8 100644 --- a/bus/bus.h +++ b/bus/bus.h -@@ -44,6 +44,22 @@ typedef struct BusOwner BusOwner; - typedef struct BusTransaction BusTransaction; +@@ -45,6 +45,22 @@ typedef struct BusTransaction BusTransaction; typedef struct BusMatchmaker BusMatchmaker; typedef struct BusMatchRule BusMatchRule; + typedef struct BusActivationEntry BusActivationEntry; +typedef struct BusCheck BusCheck; +typedef struct BusDeferredMessage BusDeferredMessage; +typedef struct BusCynara BusCynara; @@ -409,7 +390,7 @@ index 3fab59ff..dab7791f 100644 typedef struct { -@@ -97,6 +113,7 @@ BusConnections* bus_context_get_connections (BusContext +@@ -101,6 +117,7 @@ BusConnections* bus_context_get_connections (BusContext BusActivation* bus_context_get_activation (BusContext *context); BusMatchmaker* bus_context_get_matchmaker (BusContext *context); DBusLoop* bus_context_get_loop (BusContext *context); @@ -417,31 +398,27 @@ index 3fab59ff..dab7791f 100644 dbus_bool_t bus_context_allow_unix_user (BusContext *context, unsigned long uid); dbus_bool_t bus_context_allow_windows_user (BusContext *context, -@@ -131,13 +148,14 @@ void bus_context_log_and_set_error (BusContext +@@ -136,14 +153,15 @@ void bus_context_log_and_set_error (BusContext const char *name, const char *msg, ...) _DBUS_GNUC_PRINTF (5, 6); -dbus_bool_t bus_context_check_security_policy (BusContext *context, -- BusTransaction *transaction, -- DBusConnection *sender, -- DBusConnection *addressed_recipient, -- DBusConnection *proposed_recipient, -- DBusMessage *message, ++BusResult bus_context_check_security_policy (BusContext *context, + BusTransaction *transaction, + DBusConnection *sender, + DBusConnection *addressed_recipient, + DBusConnection *proposed_recipient, + DBusMessage *message, + BusActivationEntry *activation_entry, - DBusError *error); -+BusResult bus_context_check_security_policy (BusContext *context, -+ BusTransaction *transaction, -+ DBusConnection *sender, -+ DBusConnection *addressed_recipient, -+ DBusConnection *proposed_recipient, -+ DBusMessage *message, -+ DBusError *error, ++ DBusError *error, + BusDeferredMessage **deferred_message); void bus_context_check_all_watches (BusContext *context); #endif /* BUS_BUS_H */ diff --git a/bus/check.c b/bus/check.c new file mode 100644 -index 00000000..5b72d31c +index 0000000..5b72d31 --- /dev/null +++ b/bus/check.c @@ -0,0 +1,217 @@ @@ -664,7 +641,7 @@ index 00000000..5b72d31c +} diff --git a/bus/check.h b/bus/check.h new file mode 100644 -index 00000000..c3fcaf90 +index 0000000..c3fcaf9 --- /dev/null +++ b/bus/check.h @@ -0,0 +1,68 @@ @@ -737,7 +714,7 @@ index 00000000..c3fcaf90 + BusResult result); +#endif /* BUS_CHECK_H */ diff --git a/bus/config-parser-common.c b/bus/config-parser-common.c -index 5db6b289..ea25f5e6 100644 +index c1c4191..e2f253d 100644 --- a/bus/config-parser-common.c +++ b/bus/config-parser-common.c @@ -75,6 +75,10 @@ bus_config_parser_element_name_to_type (const char *name) @@ -761,7 +738,7 @@ index 5db6b289..ea25f5e6 100644 return "fork"; case ELEMENT_PIDFILE: diff --git a/bus/config-parser-common.h b/bus/config-parser-common.h -index 382a0141..9e026d10 100644 +index 382a014..9e026d1 100644 --- a/bus/config-parser-common.h +++ b/bus/config-parser-common.h @@ -36,6 +36,7 @@ typedef enum @@ -773,10 +750,10 @@ index 382a0141..9e026d10 100644 ELEMENT_PIDFILE, ELEMENT_SERVICEDIR, diff --git a/bus/config-parser.c b/bus/config-parser.c -index d9f6042c..a8c4ca5d 100644 +index be27d38..b54b0e4 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c -@@ -1172,7 +1172,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1318,7 +1318,7 @@ append_rule_from_element (BusConfigParser *parser, const char *element_name, const char **attribute_names, const char **attribute_values, @@ -785,15 +762,15 @@ index d9f6042c..a8c4ca5d 100644 DBusError *error) { const char *log; -@@ -1195,6 +1195,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1360,6 +1360,7 @@ append_rule_from_element (BusConfigParser *parser, const char *own_prefix; const char *user; const char *group; + const char *privilege; BusPolicyRule *rule; - -@@ -1222,6 +1223,7 @@ append_rule_from_element (BusConfigParser *parser, + +@@ -1390,6 +1391,7 @@ append_rule_from_element (BusConfigParser *parser, "user", &user, "group", &group, "log", &log, @@ -801,15 +778,15 @@ index d9f6042c..a8c4ca5d 100644 NULL)) return FALSE; -@@ -1230,6 +1232,7 @@ append_rule_from_element (BusConfigParser *parser, - receive_interface || receive_member || receive_error || receive_sender || - receive_type || receive_path || eavesdrop || - send_requested_reply || receive_requested_reply || +@@ -1422,6 +1424,7 @@ append_rule_from_element (BusConfigParser *parser, + + if (!(any_send_attribute || + any_receive_attribute || + privilege || own || own_prefix || user || group)) { dbus_set_error (error, DBUS_ERROR_FAILED, -@@ -1246,7 +1249,30 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1438,7 +1441,30 @@ append_rule_from_element (BusConfigParser *parser, element_name); return FALSE; } @@ -841,25 +818,25 @@ index d9f6042c..a8c4ca5d 100644 /* Allowed combinations of elements are: * * base, must be all send or all receive: -@@ -1420,7 +1446,7 @@ append_rule_from_element (BusConfigParser *parser, - return FALSE; - } - +@@ -1589,7 +1615,7 @@ append_rule_from_element (BusConfigParser *parser, + error)) + return FALSE; + - rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, allow); -+ rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, access); ++ rule = bus_policy_rule_new (BUS_POLICY_RULE_SEND, access); if (rule == NULL) goto nomem; -@@ -1502,7 +1528,7 @@ append_rule_from_element (BusConfigParser *parser, - return FALSE; - } - +@@ -1694,7 +1720,7 @@ append_rule_from_element (BusConfigParser *parser, + error)) + return FALSE; + - rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, allow); -+ rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, access); ++ rule = bus_policy_rule_new (BUS_POLICY_RULE_RECEIVE, access); if (rule == NULL) goto nomem; -@@ -1532,7 +1558,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1726,7 +1752,7 @@ append_rule_from_element (BusConfigParser *parser, } else if (own || own_prefix) { @@ -868,7 +845,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1558,7 +1584,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1752,7 +1778,7 @@ append_rule_from_element (BusConfigParser *parser, { if (IS_WILDCARD (user)) { @@ -877,7 +854,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1573,7 +1599,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1767,7 +1793,7 @@ append_rule_from_element (BusConfigParser *parser, if (_dbus_parse_unix_user_from_config (&username, &uid)) { @@ -886,7 +863,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1590,7 +1616,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1784,7 +1810,7 @@ append_rule_from_element (BusConfigParser *parser, { if (IS_WILDCARD (group)) { @@ -895,7 +872,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1605,7 +1631,7 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1799,7 +1825,7 @@ append_rule_from_element (BusConfigParser *parser, if (_dbus_parse_unix_group_from_config (&groupname, &gid)) { @@ -904,7 +881,7 @@ index d9f6042c..a8c4ca5d 100644 if (rule == NULL) goto nomem; -@@ -1629,6 +1655,10 @@ append_rule_from_element (BusConfigParser *parser, +@@ -1823,6 +1849,10 @@ append_rule_from_element (BusConfigParser *parser, _dbus_assert (pe != NULL); _dbus_assert (pe->type == ELEMENT_POLICY); @@ -915,7 +892,7 @@ index d9f6042c..a8c4ca5d 100644 switch (pe->d.policy.type) { case POLICY_IGNORED: -@@ -1703,7 +1733,7 @@ start_policy_child (BusConfigParser *parser, +@@ -1898,7 +1928,7 @@ start_policy_child (BusConfigParser *parser, { if (!append_rule_from_element (parser, element_name, attribute_names, attribute_values, @@ -924,7 +901,7 @@ index d9f6042c..a8c4ca5d 100644 return FALSE; if (push_element (parser, ELEMENT_ALLOW) == NULL) -@@ -1718,7 +1748,7 @@ start_policy_child (BusConfigParser *parser, +@@ -1913,7 +1943,7 @@ start_policy_child (BusConfigParser *parser, { if (!append_rule_from_element (parser, element_name, attribute_names, attribute_values, @@ -933,7 +910,7 @@ index d9f6042c..a8c4ca5d 100644 return FALSE; if (push_element (parser, ELEMENT_DENY) == NULL) -@@ -1727,6 +1757,21 @@ start_policy_child (BusConfigParser *parser, +@@ -1922,6 +1952,21 @@ start_policy_child (BusConfigParser *parser, return FALSE; } @@ -955,7 +932,7 @@ index d9f6042c..a8c4ca5d 100644 return TRUE; } else -@@ -2088,6 +2133,7 @@ bus_config_parser_end_element (BusConfigParser *parser, +@@ -2284,6 +2329,7 @@ bus_config_parser_end_element (BusConfigParser *parser, case ELEMENT_POLICY: case ELEMENT_ALLOW: case ELEMENT_DENY: @@ -963,7 +940,7 @@ index d9f6042c..a8c4ca5d 100644 case ELEMENT_FORK: case ELEMENT_SYSLOG: case ELEMENT_KEEP_UMASK: -@@ -2397,6 +2443,7 @@ bus_config_parser_content (BusConfigParser *parser, +@@ -2600,6 +2646,7 @@ bus_config_parser_content (BusConfigParser *parser, case ELEMENT_POLICY: case ELEMENT_ALLOW: case ELEMENT_DENY: @@ -971,7 +948,7 @@ index d9f6042c..a8c4ca5d 100644 case ELEMENT_FORK: case ELEMENT_SYSLOG: case ELEMENT_KEEP_UMASK: -@@ -2862,6 +2909,8 @@ do_load (const DBusString *full_path, +@@ -3127,6 +3174,8 @@ do_load (const DBusString *full_path, dbus_error_init (&error); parser = bus_config_load (full_path, TRUE, NULL, &error); @@ -981,7 +958,7 @@ index d9f6042c..a8c4ca5d 100644 { _DBUS_ASSERT_ERROR_IS_SET (&error); diff --git a/bus/connection.c b/bus/connection.c -index 02d6c220..eea50ecd 100644 +index 53605fa..deebde3 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -36,6 +36,10 @@ @@ -1061,7 +1038,7 @@ index 02d6c220..eea50ecd 100644 } static void -@@ -451,6 +458,10 @@ free_connection_data (void *data) +@@ -448,6 +455,10 @@ free_connection_data (void *data) dbus_free (d->name); @@ -1072,7 +1049,7 @@ index 02d6c220..eea50ecd 100644 dbus_free (d); } -@@ -1063,6 +1074,22 @@ bus_connection_get_policy (DBusConnection *connection) +@@ -1078,6 +1089,22 @@ bus_connection_get_policy (DBusConnection *connection) return d->policy; } @@ -1095,7 +1072,7 @@ index 02d6c220..eea50ecd 100644 static dbus_bool_t foreach_active (BusConnections *connections, BusConnectionForeachFunction function, -@@ -2289,6 +2316,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, +@@ -2333,6 +2360,7 @@ bus_transaction_send_from_driver (BusTransaction *transaction, DBusMessage *message) { DBusError error = DBUS_ERROR_INIT; @@ -1103,22 +1080,24 @@ index 02d6c220..eea50ecd 100644 /* We have to set the sender to the driver, and have * to check security policy since it was not done in -@@ -2326,9 +2354,11 @@ bus_transaction_send_from_driver (BusTransaction *transaction, +@@ -2370,10 +2398,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction, * if we're actively capturing messages, it's nice to log that we * tried to send it and did not allow ourselves to do so. */ - if (!bus_context_check_security_policy (bus_transaction_get_context (transaction), - transaction, -- NULL, connection, connection, message, &error)) +- NULL, connection, connection, +- message, NULL, &error)) + res = bus_context_check_security_policy (bus_transaction_get_context (transaction), + transaction, -+ NULL, connection, connection, message, &error, ++ NULL, connection, connection, ++ message, NULL, &error, + NULL); + if (res == BUS_RESULT_FALSE) { - if (!bus_transaction_capture_error_reply (transaction, &error, message)) - { -@@ -2342,6 +2372,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction, + if (!bus_transaction_capture_error_reply (transaction, connection, + &error, message)) +@@ -2388,6 +2418,12 @@ bus_transaction_send_from_driver (BusTransaction *transaction, dbus_error_free (&error); return TRUE; } @@ -1132,7 +1111,7 @@ index 02d6c220..eea50ecd 100644 return bus_transaction_send (transaction, connection, message); } diff --git a/bus/connection.h b/bus/connection.h -index 8c68d0a0..a6e5dfde 100644 +index 9e253ae..71078ea 100644 --- a/bus/connection.h +++ b/bus/connection.h @@ -31,6 +31,7 @@ @@ -1143,7 +1122,7 @@ index 8c68d0a0..a6e5dfde 100644 BusConnections* bus_connections_new (BusContext *context); BusConnections* bus_connections_ref (BusConnections *connections); -@@ -122,6 +123,9 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection, +@@ -124,6 +125,9 @@ dbus_bool_t bus_connection_be_monitor (DBusConnection *connection, BusTransaction *transaction, DBusList **rules, DBusError *error); @@ -1155,7 +1134,7 @@ index 8c68d0a0..a6e5dfde 100644 diff --git a/bus/cynara.c b/bus/cynara.c new file mode 100644 -index 00000000..57a4c45c +index 0000000..57a4c45 --- /dev/null +++ b/bus/cynara.c @@ -0,0 +1,374 @@ @@ -1535,7 +1514,7 @@ index 00000000..57a4c45c +#endif /* DBUS_ENABLE_CYNARA */ diff --git a/bus/cynara.h b/bus/cynara.h new file mode 100644 -index 00000000..c4728bb7 +index 0000000..c4728bb --- /dev/null +++ b/bus/cynara.h @@ -0,0 +1,37 @@ @@ -1577,7 +1556,7 @@ index 00000000..c4728bb7 + BusDeferredMessageStatus check_type, + BusDeferredMessage **deferred_message); diff --git a/bus/dispatch.c b/bus/dispatch.c -index edfa1b44..05be3bdf 100644 +index 19228be..7e51bc1 100644 --- a/bus/dispatch.c +++ b/bus/dispatch.c @@ -25,6 +25,7 @@ @@ -1588,7 +1567,7 @@ index edfa1b44..05be3bdf 100644 #include "connection.h" #include "driver.h" #include "services.h" -@@ -64,13 +65,17 @@ send_one_message (DBusConnection *connection, +@@ -64,14 +65,18 @@ send_one_message (DBusConnection *connection, DBusError *error) { DBusError stack_error = DBUS_ERROR_INIT; @@ -1601,14 +1580,15 @@ index edfa1b44..05be3bdf 100644 addressed_recipient, connection, message, + NULL, - &stack_error)) + &stack_error, + &deferred_message); + if (result != BUS_RESULT_TRUE) { - if (!bus_transaction_capture_error_reply (transaction, &stack_error, - message)) -@@ -129,6 +134,7 @@ bus_dispatch_matches (BusTransaction *transaction, + if (!bus_transaction_capture_error_reply (transaction, sender, + &stack_error, message)) +@@ -130,6 +135,7 @@ bus_dispatch_matches (BusTransaction *transaction, BusMatchmaker *matchmaker; DBusList *link; BusContext *context; @@ -1616,19 +1596,19 @@ index edfa1b44..05be3bdf 100644 _DBUS_ASSERT_ERROR_IS_CLEAR (error); -@@ -144,11 +150,21 @@ bus_dispatch_matches (BusTransaction *transaction, +@@ -145,11 +151,21 @@ bus_dispatch_matches (BusTransaction *transaction, /* First, send the message to the addressed_recipient, if there is one. */ if (addressed_recipient != NULL) { - if (!bus_context_check_security_policy (context, transaction, - sender, addressed_recipient, - addressed_recipient, -- message, error)) +- message, NULL, error)) + BusResult res; + res = bus_context_check_security_policy (context, transaction, + sender, addressed_recipient, + addressed_recipient, -+ message, error, ++ message, NULL, error, + &deferred_message); + if (res == BUS_RESULT_FALSE) return FALSE; @@ -1642,16 +1622,25 @@ index edfa1b44..05be3bdf 100644 if (dbus_message_contains_unix_fds (message) && !dbus_connection_can_send_type (addressed_recipient, -@@ -379,12 +395,24 @@ bus_dispatch (DBusConnection *connection, +@@ -374,19 +390,32 @@ bus_dispatch (DBusConnection *connection, if (service_name && strcmp (service_name, DBUS_SERVICE_DBUS) == 0) /* to bus driver */ { -- if (!bus_context_check_security_policy (context, transaction, -- connection, NULL, NULL, message, &error)) + BusDeferredMessage *deferred_message; + BusResult res; ++ + if (!bus_transaction_capture (transaction, connection, NULL, message)) + { + BUS_SET_OOM (&error); + goto out; + } + +- if (!bus_context_check_security_policy (context, transaction, +- connection, NULL, NULL, message, +- NULL, &error)) + res = bus_context_check_security_policy (context, transaction, -+ connection, NULL, NULL, message, &error, ++ connection, NULL, NULL, message, ++ NULL, &error, + &deferred_message); + if (res == BUS_RESULT_FALSE) { @@ -1670,7 +1659,7 @@ index edfa1b44..05be3bdf 100644 _dbus_verbose ("Giving message to %s\n", DBUS_SERVICE_DBUS); if (!bus_driver_handle_message (connection, transaction, message, &error)) diff --git a/bus/policy.c b/bus/policy.c -index 082f3853..bcade176 100644 +index a37be80..7ee1ce5 100644 --- a/bus/policy.c +++ b/bus/policy.c @@ -22,6 +22,7 @@ @@ -1681,7 +1670,7 @@ index 082f3853..bcade176 100644 #include "policy.h" #include "services.h" #include "test.h" -@@ -32,7 +33,7 @@ +@@ -33,7 +34,7 @@ BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type, @@ -1690,7 +1679,7 @@ index 082f3853..bcade176 100644 { BusPolicyRule *rule; -@@ -42,7 +43,7 @@ bus_policy_rule_new (BusPolicyRuleType type, +@@ -43,7 +44,7 @@ bus_policy_rule_new (BusPolicyRuleType type, rule->type = type; rule->refcount = 1; @@ -1699,7 +1688,7 @@ index 082f3853..bcade176 100644 switch (rule->type) { -@@ -54,18 +55,19 @@ bus_policy_rule_new (BusPolicyRuleType type, +@@ -55,18 +56,19 @@ bus_policy_rule_new (BusPolicyRuleType type, break; case BUS_POLICY_RULE_SEND: rule->d.send.message_type = DBUS_MESSAGE_TYPE_INVALID; @@ -1722,9 +1711,9 @@ index 082f3853..bcade176 100644 break; case BUS_POLICY_RULE_OWN: break; -@@ -117,7 +119,8 @@ bus_policy_rule_unref (BusPolicyRule *rule) - case BUS_POLICY_RULE_GROUP: - break; +@@ -122,7 +124,8 @@ bus_policy_rule_unref (BusPolicyRule *rule) + default: + _dbus_assert_not_reached ("invalid rule"); } - + @@ -1732,7 +1721,7 @@ index 082f3853..bcade176 100644 dbus_free (rule); } } -@@ -427,7 +430,10 @@ list_allows_user (dbus_bool_t def, +@@ -435,7 +438,10 @@ list_allows_user (dbus_bool_t def, else continue; @@ -1744,7 +1733,7 @@ index 082f3853..bcade176 100644 } return allowed; -@@ -862,18 +868,23 @@ bus_client_policy_append_rule (BusClientPolicy *policy, +@@ -873,18 +879,23 @@ bus_client_policy_append_rule (BusClientPolicy *policy, return TRUE; } @@ -1778,7 +1767,7 @@ index 082f3853..bcade176 100644 /* policy->rules is in the order the rules appeared * in the config file, i.e. last rule that applies wins */ -@@ -881,7 +892,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -892,7 +903,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, _dbus_verbose (" (policy) checking send rules\n"); *toggles = 0; @@ -1787,7 +1776,7 @@ index 082f3853..bcade176 100644 link = _dbus_list_get_first_link (&policy->rules); while (link != NULL) { -@@ -912,13 +923,14 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -923,13 +934,14 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, /* If it's a reply, the requested_reply flag kicks in */ if (dbus_message_get_reply_serial (message) != 0) { @@ -1807,7 +1796,7 @@ index 082f3853..bcade176 100644 continue; } -@@ -926,7 +938,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -937,7 +949,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, * when the reply was not requested. requested_reply=true means the * rule always applies. */ @@ -1816,7 +1805,7 @@ index 082f3853..bcade176 100644 { _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n"); continue; -@@ -949,13 +961,15 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -960,13 +972,15 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, /* The interface is optional in messages. For allow rules, if the message * has no interface we want to skip the rule (and thus not allow); * for deny rules, if the message has no interface we want to use the @@ -1834,7 +1823,7 @@ index 082f3853..bcade176 100644 (!no_interface && strcmp (dbus_message_get_interface (message), rule->d.send.interface) != 0)) -@@ -1029,33 +1043,63 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, +@@ -1079,33 +1093,63 @@ bus_client_policy_check_can_send (BusClientPolicy *policy, } /* Use this rule */ @@ -1912,7 +1901,7 @@ index 082f3853..bcade176 100644 eavesdropping = addressed_recipient != proposed_recipient && -@@ -1068,7 +1112,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1118,7 +1162,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, _dbus_verbose (" (policy) checking receive rules, eavesdropping = %d\n", eavesdropping); *toggles = 0; @@ -1921,7 +1910,7 @@ index 082f3853..bcade176 100644 link = _dbus_list_get_first_link (&policy->rules); while (link != NULL) { -@@ -1091,19 +1135,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1141,19 +1185,21 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, } } @@ -1948,7 +1937,7 @@ index 082f3853..bcade176 100644 { _dbus_verbose (" (policy) skipping deny rule since it only applies to eavesdropping\n"); continue; -@@ -1112,13 +1158,14 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1162,13 +1208,14 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, /* If it's a reply, the requested_reply flag kicks in */ if (dbus_message_get_reply_serial (message) != 0) { @@ -1968,7 +1957,7 @@ index 082f3853..bcade176 100644 continue; } -@@ -1126,7 +1173,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1176,7 +1223,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, * when the reply was not requested. requested_reply=true means the * rule always applies. */ @@ -1977,7 +1966,7 @@ index 082f3853..bcade176 100644 { _dbus_verbose (" (policy) skipping deny rule since it only applies to unrequested replies\n"); continue; -@@ -1149,13 +1196,13 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1199,13 +1246,13 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, /* The interface is optional in messages. For allow rules, if the message * has no interface we want to skip the rule (and thus not allow); * for deny rules, if the message has no interface we want to use the @@ -1993,9 +1982,9 @@ index 082f3853..bcade176 100644 (!no_interface && strcmp (dbus_message_get_interface (message), rule->d.receive.interface) != 0)) -@@ -1230,14 +1277,42 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, +@@ -1295,14 +1342,42 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy, } - + /* Use this rule */ - allowed = rule->allow; + switch (rule->access) @@ -2040,7 +2029,7 @@ index 082f3853..bcade176 100644 } -@@ -1289,7 +1364,7 @@ bus_rules_check_can_own (DBusList *rules, +@@ -1354,7 +1429,7 @@ bus_rules_check_can_own (DBusList *rules, } /* Use this rule */ @@ -2050,12 +2039,12 @@ index 082f3853..bcade176 100644 return allowed; diff --git a/bus/policy.h b/bus/policy.h -index d1d3e72b..e9f193af 100644 +index ec43ffa..f306a3c 100644 --- a/bus/policy.h +++ b/bus/policy.h -@@ -39,6 +39,14 @@ typedef enum - BUS_POLICY_RULE_GROUP - } BusPolicyRuleType; +@@ -46,6 +46,14 @@ typedef enum + BUS_POLICY_TRISTATE_TRUE + } BusPolicyTristate; +typedef enum +{ @@ -2068,7 +2057,7 @@ index d1d3e72b..e9f193af 100644 /** determines whether the rule affects a connection, or some global item */ #define BUS_POLICY_RULE_IS_PER_CLIENT(rule) (!((rule)->type == BUS_POLICY_RULE_USER || \ (rule)->type == BUS_POLICY_RULE_GROUP)) -@@ -49,8 +57,9 @@ struct BusPolicyRule +@@ -56,8 +64,9 @@ struct BusPolicyRule BusPolicyRuleType type; @@ -2080,7 +2069,7 @@ index d1d3e72b..e9f193af 100644 union { struct -@@ -106,7 +115,7 @@ struct BusPolicyRule +@@ -118,7 +127,7 @@ struct BusPolicyRule }; BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type, @@ -2089,7 +2078,7 @@ index d1d3e72b..e9f193af 100644 BusPolicyRule* bus_policy_rule_ref (BusPolicyRule *rule); void bus_policy_rule_unref (BusPolicyRule *rule); -@@ -140,21 +149,27 @@ dbus_bool_t bus_policy_merge (BusPolicy *policy, +@@ -152,21 +161,27 @@ dbus_bool_t bus_policy_merge (BusPolicy *policy, BusClientPolicy* bus_client_policy_new (void); BusClientPolicy* bus_client_policy_ref (BusClientPolicy *policy); void bus_client_policy_unref (BusClientPolicy *policy); @@ -2133,10 +2122,10 @@ index d1d3e72b..e9f193af 100644 const DBusString *service_name); dbus_bool_t bus_client_policy_append_rule (BusClientPolicy *policy, diff --git a/configure.ac b/configure.ac -index 71e3515c..f3a2ffc1 100644 +index 80671b2..d975b04 100644 --- a/configure.ac +++ b/configure.ac -@@ -1873,6 +1873,17 @@ AC_ARG_ENABLE([user-session], +@@ -1761,6 +1761,17 @@ AC_ARG_ENABLE([user-session], AM_CONDITIONAL([DBUS_ENABLE_USER_SESSION], [test "x$enable_user_session" = xyes]) @@ -2154,7 +2143,7 @@ index 71e3515c..f3a2ffc1 100644 AC_CONFIG_FILES([ Doxyfile dbus/Version -@@ -1952,6 +1963,7 @@ echo " +@@ -1843,6 +1854,7 @@ echo " Building bus stats API: ${enable_stats} Building SELinux support: ${have_selinux} Building AppArmor support: ${have_apparmor} @@ -2163,20 +2152,20 @@ index 71e3515c..f3a2ffc1 100644 Building kqueue support: ${have_kqueue} Building systemd support: ${have_systemd} diff --git a/test/Makefile.am b/test/Makefile.am -index 914dd7f2..86882537 100644 +index 6a6e1a3..ce84dbc 100644 --- a/test/Makefile.am +++ b/test/Makefile.am -@@ -341,6 +341,7 @@ in_data = \ +@@ -439,6 +439,7 @@ in_data = \ data/valid-config-files/debug-allow-all.conf.in \ data/valid-config-files/finite-timeout.conf.in \ data/valid-config-files/forbidding.conf.in \ + data/valid-config-files/debug-check-some.conf.in \ data/valid-config-files/incoming-limit.conf.in \ - data/valid-config-files/multi-user.conf.in \ - data/valid-config-files/systemd-activation.conf.in \ + data/valid-config-files/max-completed-connections.conf.in \ + data/valid-config-files/max-connections-per-user.conf.in \ diff --git a/test/data/invalid-config-files/badcheck-1.conf b/test/data/invalid-config-files/badcheck-1.conf new file mode 100644 -index 00000000..fad9f502 +index 0000000..fad9f50 --- /dev/null +++ b/test/data/invalid-config-files/badcheck-1.conf @@ -0,0 +1,9 @@ @@ -2191,7 +2180,7 @@ index 00000000..fad9f502 +</busconfig> diff --git a/test/data/invalid-config-files/badcheck-2.conf b/test/data/invalid-config-files/badcheck-2.conf new file mode 100644 -index 00000000..63c7ef25 +index 0000000..63c7ef2 --- /dev/null +++ b/test/data/invalid-config-files/badcheck-2.conf @@ -0,0 +1,9 @@ @@ -2206,7 +2195,7 @@ index 00000000..63c7ef25 +</busconfig> diff --git a/test/data/valid-config-files/check-1.conf b/test/data/valid-config-files/check-1.conf new file mode 100644 -index 00000000..ad714733 +index 0000000..ad71473 --- /dev/null +++ b/test/data/valid-config-files/check-1.conf @@ -0,0 +1,9 @@ @@ -2221,7 +2210,7 @@ index 00000000..ad714733 +</busconfig> diff --git a/test/data/valid-config-files/debug-check-some.conf.in b/test/data/valid-config-files/debug-check-some.conf.in new file mode 100644 -index 00000000..47ee8548 +index 0000000..47ee854 --- /dev/null +++ b/test/data/valid-config-files/debug-check-some.conf.in @@ -0,0 +1,18 @@ @@ -2243,19 +2232,3 @@ index 00000000..47ee8548 + <check privilege="foo" send_interface="org.freedesktop.TestSuite" send_member="Echo"/> + </policy> +</busconfig> -diff --git a/tools/dbus-send.c b/tools/dbus-send.c -index 0dc1f5b3..76ddab3f 100644 ---- a/tools/dbus-send.c -+++ b/tools/dbus-send.c -@@ -458,7 +458,7 @@ main (int argc, char *argv[]) - char *arg; - char *c; - int type; -- int secondary_type; -+ int secondary_type = 0; - int container_type; - DBusMessageIter *target_iter; - DBusMessageIter container_iter; --- -2.14.3 - |