protocol-native: improve permission checks

author: Wim Taymans <wtaymans@redhat.com> 2018-11-05 15:27:13 +0100
committer: Wim Taymans <wtaymans@redhat.com> 2018-11-05 15:27:13 +0100
commit: e107d752488a0b7771fa17fc5ef94087d20b34a6 (patch)
tree: 188a246c5569d514de92cb25d8faac029e9ca38f /src
parent: eb0a561f8c8d1aec67d04d50bf8e033285fb6ee9 (diff)
3 files changed, 20 insertions, 18 deletions
diff --git a/src/extensions/protocol-native.h b/src/extensions/protocol-native.h
index 657c94b9..3ca99654 100644
--- a/src/extensions/protocol-native.h
+++ b/src/extensions/protocol-native.h
@@ -33,9 +33,7 @@ extern "C" {
 
 struct pw_protocol_native_demarshal {
 	int (*func) (void *object, void *data, size_t size);
-
-#define PW_PROTOCOL_NATIVE_PERM_W	(1<<0)
-	uint32_t flags;
+	uint32_t permissions;
 };
 
 /** \ref pw_protocol_native_ext methods */
diff --git a/src/modules/module-protocol-native.c b/src/modules/module-protocol-native.c
index 2713539e..0dbabaf4 100644
--- a/src/modules/module-protocol-native.c
+++ b/src/modules/module-protocol-native.c
@@ -132,7 +132,7 @@ process_messages(struct client_data *data)
 		struct pw_resource *resource;
 		const struct pw_protocol_native_demarshal *demarshal;
 	        const struct pw_protocol_marshal *marshal;
-		uint32_t permissions;
+		uint32_t permissions, required;
 
 		if (!pw_protocol_native_connection_get_next(conn, &opcode, &id, &message, &size))
 			break;
@@ -149,12 +149,8 @@ process_messages(struct client_data *data)
 		if (resource == NULL) {
 			pw_log_error("protocol-native %p: unknown resource %u",
 				     client->protocol, id);
-			continue;
-		}
-		permissions = pw_resource_get_permissions(resource);
-		if ((permissions & PW_PERM_X) == 0) {
-			pw_log_error("protocol-native %p: execute not allowed on resource %u",
-				     client->protocol, id);
+			pw_core_resource_error(client->core_resource, id,
+				     -EINVAL, "unknown resource %u", id);
 			continue;
 		}
 
@@ -166,10 +162,14 @@ process_messages(struct client_data *data)
 		if (!demarshal[opcode].func)
 			goto invalid_message;
 
-		if ((demarshal[opcode].flags & PW_PROTOCOL_NATIVE_PERM_W) &&
-		    ((permissions & PW_PERM_W) == 0)) {
-			pw_log_error("protocol-native %p: method %u requires write access on %u",
-				     client->protocol, opcode, id);
+		permissions = pw_resource_get_permissions(resource);
+		required = demarshal[opcode].permissions | PW_PERM_X;
+
+		if ((required & permissions) != required) {
+			pw_log_error("protocol-native %p: method %u on %u requires %08x, have %08x",
+				     client->protocol, opcode, id, required, permissions);
+			pw_core_resource_error(client->core_resource, id,
+				-EACCES, "no permission to call method %u ", opcode, id);
 			continue;
 		}
 
@@ -183,11 +183,15 @@ process_messages(struct client_data *data)
       invalid_method:
 	pw_log_error("protocol-native %p: invalid method %u on resource %u",
 		     client->protocol, opcode, id);
+	pw_core_resource_error(client->core_resource, id,
+		     -EINVAL, "invalid method %u on resource %u", opcode, id);
 	pw_client_destroy(client);
 	goto done;
       invalid_message:
 	pw_log_error("protocol-native %p: invalid message received %u %u",
 		     client->protocol, id, opcode);
+	pw_core_resource_error(client->core_resource, id,
+		     -EINVAL, "invalid message %u %u", opcode, id);
 	spa_debug_pod(0, NULL, (struct spa_pod *)message);
 	pw_client_destroy(client);
 	goto done;
diff --git a/src/modules/module-protocol-native/protocol-native.c b/src/modules/module-protocol-native/protocol-native.c
index 7c7c7dff..47aab607 100644
--- a/src/modules/module-protocol-native/protocol-native.c
+++ b/src/modules/module-protocol-native/protocol-native.c
@@ -1440,8 +1440,8 @@ static const struct pw_node_proxy_methods pw_protocol_native_node_method_marshal
 
 static const struct pw_protocol_native_demarshal pw_protocol_native_node_method_demarshal[] = {
 	{ &node_demarshal_enum_params, 0, },
-	{ &node_demarshal_set_param, PW_PROTOCOL_NATIVE_PERM_W, },
-	{ &node_demarshal_send_command, PW_PROTOCOL_NATIVE_PERM_W, },
+	{ &node_demarshal_set_param, PW_PERM_W, },
+	{ &node_demarshal_send_command, PW_PERM_W, },
 };
 
 static const struct pw_node_proxy_events pw_protocol_native_node_event_marshal = {
@@ -1506,9 +1506,9 @@ static const struct pw_client_proxy_methods pw_protocol_native_client_method_mar
 };
 
 static const struct pw_protocol_native_demarshal pw_protocol_native_client_method_demarshal[] = {
-	{ &client_demarshal_error, PW_PROTOCOL_NATIVE_PERM_W, },
+	{ &client_demarshal_error, PW_PERM_W, },
 	{ &client_demarshal_get_permissions, 0, },
-	{ &client_demarshal_update_permissions, PW_PROTOCOL_NATIVE_PERM_W, },
+	{ &client_demarshal_update_permissions, PW_PERM_W, },
 };
 
 static const struct pw_client_proxy_events pw_protocol_native_client_event_marshal = {
author	Wim Taymans <wtaymans@redhat.com>	2018-11-05 15:27:13 +0100
committer	Wim Taymans <wtaymans@redhat.com>	2018-11-05 15:27:13 +0100
commit	e107d752488a0b7771fa17fc5ef94087d20b34a6 (patch)
tree	188a246c5569d514de92cb25d8faac029e9ca38f /src
parent	eb0a561f8c8d1aec67d04d50bf8e033285fb6ee9 (diff)