summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorColin Walters <walters@verbum.org>2008-12-17 19:29:39 -0500
committerColin Walters <walters@verbum.org>2008-12-18 15:39:18 -0500
commit788e592b32c71c3570fe9034cf3041acadc83f9d (patch)
treef61ab8a92655f84f3f8af1a6c376f14380f7ee44
parent9a1657e8e1c0106bb5f1411fe9ea3c4ef6ec826f (diff)
Add requested_reply to send denials, and connection loginfo to "would deny"
The requested_reply field is necessary in send denials too because it's used in the policy language. The connection loginfo lack in "would deny" was just an oversight.
-rw-r--r--bus/bus.c69
1 files changed, 38 insertions, 31 deletions
diff --git a/bus/bus.c b/bus/bus.c
index db3556fa..e38d4a23 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -1360,7 +1360,7 @@ bus_context_check_security_policy (BusContext *context,
message, &toggles, &log))
{
const char *msg = "Rejected send message, %d matched rules; "
- "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\" (%s))";
+ "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))";
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
toggles,
@@ -1373,22 +1373,25 @@ bus_context_check_security_policy (BusContext *context,
dbus_message_get_member (message) : "(unset)",
dbus_message_get_error_name (message) ?
dbus_message_get_error_name (message) : "(unset)",
+ requested_reply,
dest ? dest : DBUS_SERVICE_DBUS,
proposed_recipient_loginfo);
/* Needs to be duplicated to avoid calling malloc and having to handle OOM */
- bus_context_log_security (context, msg,
- toggles,
- dbus_message_type_to_string (dbus_message_get_type (message)),
- sender_name ? sender_name : "(unset)",
- sender_loginfo,
- dbus_message_get_interface (message) ?
- dbus_message_get_interface (message) : "(unset)",
- dbus_message_get_member (message) ?
- dbus_message_get_member (message) : "(unset)",
- dbus_message_get_error_name (message) ?
- dbus_message_get_error_name (message) : "(unset)",
- dest ? dest : DBUS_SERVICE_DBUS,
- proposed_recipient_loginfo);
+ if (addressed_recipient == proposed_recipient)
+ bus_context_log_security (context, msg,
+ toggles,
+ dbus_message_type_to_string (dbus_message_get_type (message)),
+ sender_name ? sender_name : "(unset)",
+ sender_loginfo,
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ requested_reply,
+ dest ? dest : DBUS_SERVICE_DBUS,
+ proposed_recipient_loginfo);
_dbus_verbose ("security policy disallowing message due to sender policy\n");
return FALSE;
}
@@ -1396,17 +1399,20 @@ bus_context_check_security_policy (BusContext *context,
if (log)
bus_context_log_security (context,
"Would reject message, %d matched rules; "
- "type=\"%s\", sender=\"%s\" interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\")",
+ "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))",
toggles,
dbus_message_type_to_string (dbus_message_get_type (message)),
sender_name ? sender_name : "(unset)",
+ sender_loginfo,
dbus_message_get_interface (message) ?
dbus_message_get_interface (message) : "(unset)",
dbus_message_get_member (message) ?
dbus_message_get_member (message) : "(unset)",
dbus_message_get_error_name (message) ?
dbus_message_get_error_name (message) : "(unset)",
- dest ? dest : DBUS_SERVICE_DBUS);
+ requested_reply,
+ dest ? dest : DBUS_SERVICE_DBUS,
+ proposed_recipient_loginfo);
if (recipient_policy &&
!bus_client_policy_check_can_receive (recipient_policy,
@@ -1435,21 +1441,22 @@ bus_context_check_security_policy (BusContext *context,
dest ? dest : DBUS_SERVICE_DBUS,
proposed_recipient_loginfo);
/* Needs to be duplicated to avoid calling malloc and having to handle OOM */
- bus_context_log_security (context, msg,
- toggles,
- dbus_message_type_to_string (dbus_message_get_type (message)),
- sender_name ? sender_name : "(unset)",
- sender_loginfo,
- dbus_message_get_interface (message) ?
- dbus_message_get_interface (message) : "(unset)",
- dbus_message_get_member (message) ?
- dbus_message_get_member (message) : "(unset)",
- dbus_message_get_error_name (message) ?
- dbus_message_get_error_name (message) : "(unset)",
- dbus_message_get_reply_serial (message),
- requested_reply,
- dest ? dest : DBUS_SERVICE_DBUS,
- proposed_recipient_loginfo);
+ if (addressed_recipient == proposed_recipient)
+ bus_context_log_security (context, msg,
+ toggles,
+ dbus_message_type_to_string (dbus_message_get_type (message)),
+ sender_name ? sender_name : "(unset)",
+ sender_loginfo,
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ dbus_message_get_reply_serial (message),
+ requested_reply,
+ dest ? dest : DBUS_SERVICE_DBUS,
+ proposed_recipient_loginfo);
_dbus_verbose ("security policy disallowing message due to recipient policy\n");
return FALSE;
}