diff options
author | Colin Walters <walters@verbum.org> | 2008-12-17 19:29:39 -0500 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2009-01-21 16:23:33 -0500 |
commit | 087113cfddc980bd5763b0958de02e26f2e375d0 (patch) | |
tree | 96299254e1853ec6c2271b590d721dff1eab2fdd | |
parent | b2c7b3c2466e5e62a3b68b7419af26c4efb571d9 (diff) |
Add requested_reply to send denials, and connection loginfo to "would deny"dbus-1.0-branch
The requested_reply field is necessary in send denials too because
it's used in the policy language. The connection loginfo lack in
"would deny" was just an oversight.
-rw-r--r-- | bus/bus.c | 69 |
1 files changed, 38 insertions, 31 deletions
@@ -1351,7 +1351,7 @@ bus_context_check_security_policy (BusContext *context, message, &toggles, &log)) { const char *msg = "Rejected send message, %d matched rules; " - "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\" (%s))"; + "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))"; dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg, toggles, @@ -1364,22 +1364,25 @@ bus_context_check_security_policy (BusContext *context, dbus_message_get_member (message) : "(unset)", dbus_message_get_error_name (message) ? dbus_message_get_error_name (message) : "(unset)", + requested_reply, dest ? dest : DBUS_SERVICE_DBUS, proposed_recipient_loginfo); /* Needs to be duplicated to avoid calling malloc and having to handle OOM */ - bus_context_log_security (context, msg, - toggles, - dbus_message_type_to_string (dbus_message_get_type (message)), - sender_name ? sender_name : "(unset)", - sender_loginfo, - dbus_message_get_interface (message) ? - dbus_message_get_interface (message) : "(unset)", - dbus_message_get_member (message) ? - dbus_message_get_member (message) : "(unset)", - dbus_message_get_error_name (message) ? - dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS, - proposed_recipient_loginfo); + if (addressed_recipient == proposed_recipient) + bus_context_log_security (context, msg, + toggles, + dbus_message_type_to_string (dbus_message_get_type (message)), + sender_name ? sender_name : "(unset)", + sender_loginfo, + dbus_message_get_interface (message) ? + dbus_message_get_interface (message) : "(unset)", + dbus_message_get_member (message) ? + dbus_message_get_member (message) : "(unset)", + dbus_message_get_error_name (message) ? + dbus_message_get_error_name (message) : "(unset)", + requested_reply, + dest ? dest : DBUS_SERVICE_DBUS, + proposed_recipient_loginfo); _dbus_verbose ("security policy disallowing message due to sender policy\n"); return FALSE; } @@ -1387,17 +1390,20 @@ bus_context_check_security_policy (BusContext *context, if (log) bus_context_log_security (context, "Would reject message, %d matched rules; " - "type=\"%s\", sender=\"%s\" interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\")", + "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))", toggles, dbus_message_type_to_string (dbus_message_get_type (message)), sender_name ? sender_name : "(unset)", + sender_loginfo, dbus_message_get_interface (message) ? dbus_message_get_interface (message) : "(unset)", dbus_message_get_member (message) ? dbus_message_get_member (message) : "(unset)", dbus_message_get_error_name (message) ? dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS); + requested_reply, + dest ? dest : DBUS_SERVICE_DBUS, + proposed_recipient_loginfo); if (recipient_policy && !bus_client_policy_check_can_receive (recipient_policy, @@ -1426,21 +1432,22 @@ bus_context_check_security_policy (BusContext *context, dest ? dest : DBUS_SERVICE_DBUS, proposed_recipient_loginfo); /* Needs to be duplicated to avoid calling malloc and having to handle OOM */ - bus_context_log_security (context, msg, - toggles, - dbus_message_type_to_string (dbus_message_get_type (message)), - sender_name ? sender_name : "(unset)", - sender_loginfo, - dbus_message_get_interface (message) ? - dbus_message_get_interface (message) : "(unset)", - dbus_message_get_member (message) ? - dbus_message_get_member (message) : "(unset)", - dbus_message_get_error_name (message) ? - dbus_message_get_error_name (message) : "(unset)", - dbus_message_get_reply_serial (message), - requested_reply, - dest ? dest : DBUS_SERVICE_DBUS, - proposed_recipient_loginfo); + if (addressed_recipient == proposed_recipient) + bus_context_log_security (context, msg, + toggles, + dbus_message_type_to_string (dbus_message_get_type (message)), + sender_name ? sender_name : "(unset)", + sender_loginfo, + dbus_message_get_interface (message) ? + dbus_message_get_interface (message) : "(unset)", + dbus_message_get_member (message) ? + dbus_message_get_member (message) : "(unset)", + dbus_message_get_error_name (message) ? + dbus_message_get_error_name (message) : "(unset)", + dbus_message_get_reply_serial (message), + requested_reply, + dest ? dest : DBUS_SERVICE_DBUS, + proposed_recipient_loginfo); _dbus_verbose ("security policy disallowing message due to recipient policy\n"); return FALSE; } |