diff options
| author | Colin Walters <walters@verbum.org> | 2008-12-17 16:01:28 -0500 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2008-12-18 15:39:04 -0500 |
| commit | 9a1657e8e1c0106bb5f1411fe9ea3c4ef6ec826f (patch) | |
| tree | 9aff1724e32f8c8ae55d1d3a0cee2dd46809ac8b /bus/bus.c | |
| parent | c224ba1861b1492db7e1f7f8c9f183acd2076c79 (diff) | |
Add uid, pid, and command to security logs
Extend the current security logs with even more relevant
information than just the message content. This requires
some utility code to look up and cache (as a string)
the data such as the uid/pid/command when a connection is
authenticated.
Diffstat (limited to 'bus/bus.c')
| -rw-r--r-- | bus/bus.c | 42 |
1 files changed, 31 insertions, 11 deletions
@@ -1168,6 +1168,8 @@ bus_context_check_security_policy (BusContext *context, int type; dbus_bool_t requested_reply; const char *sender_name; + const char *sender_loginfo; + const char *proposed_recipient_loginfo; type = dbus_message_get_type (message); dest = dbus_message_get_destination (message); @@ -1182,9 +1184,20 @@ bus_context_check_security_policy (BusContext *context, /* Used in logging below */ if (sender != NULL) - sender_name = bus_connection_get_name (sender); + { + sender_name = bus_connection_get_name (sender); + sender_loginfo = bus_connection_get_loginfo (sender); + } + else + { + sender_name = NULL; + sender_loginfo = "(bus)"; + } + + if (proposed_recipient != NULL) + proposed_recipient_loginfo = bus_connection_get_loginfo (proposed_recipient); else - sender_name = NULL; + proposed_recipient_loginfo = "bus"; switch (type) { @@ -1347,32 +1360,35 @@ bus_context_check_security_policy (BusContext *context, message, &toggles, &log)) { const char *msg = "Rejected send message, %d matched rules; " - "type=\"%s\", sender=\"%s\" interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\")"; - + "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\" (%s))"; dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg, toggles, dbus_message_type_to_string (dbus_message_get_type (message)), sender_name ? sender_name : "(unset)", + sender_loginfo, dbus_message_get_interface (message) ? dbus_message_get_interface (message) : "(unset)", dbus_message_get_member (message) ? dbus_message_get_member (message) : "(unset)", dbus_message_get_error_name (message) ? dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS); + dest ? dest : DBUS_SERVICE_DBUS, + proposed_recipient_loginfo); /* Needs to be duplicated to avoid calling malloc and having to handle OOM */ bus_context_log_security (context, msg, toggles, dbus_message_type_to_string (dbus_message_get_type (message)), sender_name ? sender_name : "(unset)", + sender_loginfo, dbus_message_get_interface (message) ? dbus_message_get_interface (message) : "(unset)", dbus_message_get_member (message) ? dbus_message_get_member (message) : "(unset)", dbus_message_get_error_name (message) ? dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS); + dest ? dest : DBUS_SERVICE_DBUS, + proposed_recipient_loginfo); _dbus_verbose ("security policy disallowing message due to sender policy\n"); return FALSE; } @@ -1401,35 +1417,39 @@ bus_context_check_security_policy (BusContext *context, message, &toggles)) { const char *msg = "Rejected receive message, %d matched rules; " - "type=\"%s\" sender=\"%s\" interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\" reply serial=%u requested_reply=%d)"; + "type=\"%s\" sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" reply serial=%u requested_reply=%d destination=\"%s\" (%s))"; dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg, toggles, dbus_message_type_to_string (dbus_message_get_type (message)), sender_name ? sender_name : "(unset)", + sender_loginfo, dbus_message_get_interface (message) ? dbus_message_get_interface (message) : "(unset)", dbus_message_get_member (message) ? dbus_message_get_member (message) : "(unset)", dbus_message_get_error_name (message) ? dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS, dbus_message_get_reply_serial (message), - requested_reply); + requested_reply, + dest ? dest : DBUS_SERVICE_DBUS, + proposed_recipient_loginfo); /* Needs to be duplicated to avoid calling malloc and having to handle OOM */ bus_context_log_security (context, msg, toggles, dbus_message_type_to_string (dbus_message_get_type (message)), sender_name ? sender_name : "(unset)", + sender_loginfo, dbus_message_get_interface (message) ? dbus_message_get_interface (message) : "(unset)", dbus_message_get_member (message) ? dbus_message_get_member (message) : "(unset)", dbus_message_get_error_name (message) ? dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS, dbus_message_get_reply_serial (message), - requested_reply); + requested_reply, + dest ? dest : DBUS_SERVICE_DBUS, + proposed_recipient_loginfo); _dbus_verbose ("security policy disallowing message due to recipient policy\n"); return FALSE; } |