summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Walters <walters@verbum.org>2008-12-17 19:29:39 -0500
committerColin Walters <walters@verbum.org>2009-01-21 16:23:33 -0500
commit087113cfddc980bd5763b0958de02e26f2e375d0 (patch)
tree96299254e1853ec6c2271b590d721dff1eab2fdd
parentb2c7b3c2466e5e62a3b68b7419af26c4efb571d9 (diff)
Add requested_reply to send denials, and connection loginfo to "would deny"dbus-1.0-branch
The requested_reply field is necessary in send denials too because it's used in the policy language. The connection loginfo lack in "would deny" was just an oversight.
Diffstat
-rw-r--r--bus/bus.c69
1 files changed, 38 insertions, 31 deletions
diff --git a/bus/bus.c b/bus/bus.c
index 5ecbcca7..94fda671 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -1351,7 +1351,7 @@ bus_context_check_security_policy (BusContext *context,
message, &toggles, &log))
{
const char *msg = "Rejected send message, %d matched rules; "
- "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\" (%s))";
+ "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))";
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
toggles,
@@ -1364,22 +1364,25 @@ bus_context_check_security_policy (BusContext *context,
dbus_message_get_member (message) : "(unset)",
dbus_message_get_error_name (message) ?
dbus_message_get_error_name (message) : "(unset)",
+ requested_reply,
dest ? dest : DBUS_SERVICE_DBUS,
proposed_recipient_loginfo);
/* Needs to be duplicated to avoid calling malloc and having to handle OOM */
- bus_context_log_security (context, msg,
- toggles,
- dbus_message_type_to_string (dbus_message_get_type (message)),
- sender_name ? sender_name : "(unset)",
- sender_loginfo,
- dbus_message_get_interface (message) ?
- dbus_message_get_interface (message) : "(unset)",
- dbus_message_get_member (message) ?
- dbus_message_get_member (message) : "(unset)",
- dbus_message_get_error_name (message) ?
- dbus_message_get_error_name (message) : "(unset)",
- dest ? dest : DBUS_SERVICE_DBUS,
- proposed_recipient_loginfo);
+ if (addressed_recipient == proposed_recipient)
+ bus_context_log_security (context, msg,
+ toggles,
+ dbus_message_type_to_string (dbus_message_get_type (message)),
+ sender_name ? sender_name : "(unset)",
+ sender_loginfo,
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ requested_reply,
+ dest ? dest : DBUS_SERVICE_DBUS,
+ proposed_recipient_loginfo);
_dbus_verbose ("security policy disallowing message due to sender policy\n");
return FALSE;
}
@@ -1387,17 +1390,20 @@ bus_context_check_security_policy (BusContext *context,
if (log)
bus_context_log_security (context,
"Would reject message, %d matched rules; "
- "type=\"%s\", sender=\"%s\" interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\")",
+ "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))",
toggles,
dbus_message_type_to_string (dbus_message_get_type (message)),
sender_name ? sender_name : "(unset)",
+ sender_loginfo,
dbus_message_get_interface (message) ?
dbus_message_get_interface (message) : "(unset)",
dbus_message_get_member (message) ?
dbus_message_get_member (message) : "(unset)",
dbus_message_get_error_name (message) ?
dbus_message_get_error_name (message) : "(unset)",
- dest ? dest : DBUS_SERVICE_DBUS);
+ requested_reply,
+ dest ? dest : DBUS_SERVICE_DBUS,
+ proposed_recipient_loginfo);
if (recipient_policy &&
!bus_client_policy_check_can_receive (recipient_policy,
@@ -1426,21 +1432,22 @@ bus_context_check_security_policy (BusContext *context,
dest ? dest : DBUS_SERVICE_DBUS,
proposed_recipient_loginfo);
/* Needs to be duplicated to avoid calling malloc and having to handle OOM */
- bus_context_log_security (context, msg,
- toggles,
- dbus_message_type_to_string (dbus_message_get_type (message)),
- sender_name ? sender_name : "(unset)",
- sender_loginfo,
- dbus_message_get_interface (message) ?
- dbus_message_get_interface (message) : "(unset)",
- dbus_message_get_member (message) ?
- dbus_message_get_member (message) : "(unset)",
- dbus_message_get_error_name (message) ?
- dbus_message_get_error_name (message) : "(unset)",
- dbus_message_get_reply_serial (message),
- requested_reply,
- dest ? dest : DBUS_SERVICE_DBUS,
- proposed_recipient_loginfo);
+ if (addressed_recipient == proposed_recipient)
+ bus_context_log_security (context, msg,
+ toggles,
+ dbus_message_type_to_string (dbus_message_get_type (message)),
+ sender_name ? sender_name : "(unset)",
+ sender_loginfo,
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ dbus_message_get_reply_serial (message),
+ requested_reply,
+ dest ? dest : DBUS_SERVICE_DBUS,
+ proposed_recipient_loginfo);
_dbus_verbose ("security policy disallowing message due to recipient policy\n");
return FALSE;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-27 21:57:40 +0000