diff options
| author | Colin Walters <walters@verbum.org> | 2008-12-17 19:29:39 -0500 |
|---|---|---|
| committer | Colin Walters <walters@verbum.org> | 2008-12-17 19:29:39 -0500 |
| commit | 3af94cf25081502b6b55ff291e350f2685eef526 (patch) | |
| tree | df22bc0cfa04baaaf57a62f6069fbc47376b6be7 /bus | |
| parent | e6bbcbd903f9989cf9fe69ca4efa807848a6c11c (diff) | |
Add requested_reply to send denials, and connection loginfo to "would deny"
The requested_reply field is necessary in send denials too because
it's used in the policy language. The connection loginfo lack in
"would deny" was just an oversight.
Diffstat (limited to 'bus')
| -rw-r--r-- | bus/bus.c | 69 |
1 files changed, 38 insertions, 31 deletions
@@ -1368,7 +1368,7 @@ bus_context_check_security_policy (BusContext *context, message, &toggles, &log)) { const char *msg = "Rejected send message, %d matched rules; " - "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\" (%s))"; + "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))"; dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg, toggles, @@ -1381,22 +1381,25 @@ bus_context_check_security_policy (BusContext *context, dbus_message_get_member (message) : "(unset)", dbus_message_get_error_name (message) ? dbus_message_get_error_name (message) : "(unset)", + requested_reply, dest ? dest : DBUS_SERVICE_DBUS, proposed_recipient_loginfo); /* Needs to be duplicated to avoid calling malloc and having to handle OOM */ - bus_context_log_security (context, msg, - toggles, - dbus_message_type_to_string (dbus_message_get_type (message)), - sender_name ? sender_name : "(unset)", - sender_loginfo, - dbus_message_get_interface (message) ? - dbus_message_get_interface (message) : "(unset)", - dbus_message_get_member (message) ? - dbus_message_get_member (message) : "(unset)", - dbus_message_get_error_name (message) ? - dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS, - proposed_recipient_loginfo); + if (addressed_recipient == proposed_recipient) + bus_context_log_security (context, msg, + toggles, + dbus_message_type_to_string (dbus_message_get_type (message)), + sender_name ? sender_name : "(unset)", + sender_loginfo, + dbus_message_get_interface (message) ? + dbus_message_get_interface (message) : "(unset)", + dbus_message_get_member (message) ? + dbus_message_get_member (message) : "(unset)", + dbus_message_get_error_name (message) ? + dbus_message_get_error_name (message) : "(unset)", + requested_reply, + dest ? dest : DBUS_SERVICE_DBUS, + proposed_recipient_loginfo); _dbus_verbose ("security policy disallowing message due to sender policy\n"); return FALSE; } @@ -1404,17 +1407,20 @@ bus_context_check_security_policy (BusContext *context, if (log) bus_context_log_security (context, "Would reject message, %d matched rules; " - "type=\"%s\", sender=\"%s\" interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\")", + "type=\"%s\", sender=\"%s\" (%s) interface=\"%s\" member=\"%s\" error name=\"%s\" requested_reply=%d destination=\"%s\" (%s))", toggles, dbus_message_type_to_string (dbus_message_get_type (message)), sender_name ? sender_name : "(unset)", + sender_loginfo, dbus_message_get_interface (message) ? dbus_message_get_interface (message) : "(unset)", dbus_message_get_member (message) ? dbus_message_get_member (message) : "(unset)", dbus_message_get_error_name (message) ? dbus_message_get_error_name (message) : "(unset)", - dest ? dest : DBUS_SERVICE_DBUS); + requested_reply, + dest ? dest : DBUS_SERVICE_DBUS, + proposed_recipient_loginfo); if (recipient_policy && !bus_client_policy_check_can_receive (recipient_policy, @@ -1443,21 +1449,22 @@ bus_context_check_security_policy (BusContext *context, dest ? dest : DBUS_SERVICE_DBUS, proposed_recipient_loginfo); /* Needs to be duplicated to avoid calling malloc and having to handle OOM */ - bus_context_log_security (context, msg, - toggles, - dbus_message_type_to_string (dbus_message_get_type (message)), - sender_name ? sender_name : "(unset)", - sender_loginfo, - dbus_message_get_interface (message) ? - dbus_message_get_interface (message) : "(unset)", - dbus_message_get_member (message) ? - dbus_message_get_member (message) : "(unset)", - dbus_message_get_error_name (message) ? - dbus_message_get_error_name (message) : "(unset)", - dbus_message_get_reply_serial (message), - requested_reply, - dest ? dest : DBUS_SERVICE_DBUS, - proposed_recipient_loginfo); + if (addressed_recipient == proposed_recipient) + bus_context_log_security (context, msg, + toggles, + dbus_message_type_to_string (dbus_message_get_type (message)), + sender_name ? sender_name : "(unset)", + sender_loginfo, + dbus_message_get_interface (message) ? + dbus_message_get_interface (message) : "(unset)", + dbus_message_get_member (message) ? + dbus_message_get_member (message) : "(unset)", + dbus_message_get_error_name (message) ? + dbus_message_get_error_name (message) : "(unset)", + dbus_message_get_reply_serial (message), + requested_reply, + dest ? dest : DBUS_SERVICE_DBUS, + proposed_recipient_loginfo); _dbus_verbose ("security policy disallowing message due to recipient policy\n"); return FALSE; } |