summaryrefslogtreecommitdiffstats
path: root/bus
diff options
context:
space:
mode:
authorColin Walters <walters@verbum.org>2008-12-10 14:17:02 -0500
committerColin Walters <walters@verbum.org>2008-12-12 14:00:16 -0500
commitbb2a464067c6843320f367b590b0e4cb00225e50 (patch)
tree51f42dbfa5ee4bcebc667832cf1429036941c63a /bus
parentb4a75abf8658378934ffd689837c72da2ac22117 (diff)
Add syslog of security denials and configuration file reloads
We need to start logging denials so that they become more easily trackable and debuggable.
Diffstat (limited to 'bus')
-rw-r--r--bus/bus.c90
-rw-r--r--bus/bus.h6
-rw-r--r--bus/config-parser-common.c6
-rw-r--r--bus/config-parser-common.h1
-rw-r--r--bus/config-parser.c25
-rw-r--r--bus/config-parser.h1
-rw-r--r--bus/policy.c10
-rw-r--r--bus/policy.h6
-rw-r--r--bus/system.conf.in3
9 files changed, 131 insertions, 17 deletions
diff --git a/bus/bus.c b/bus/bus.c
index 42cc295f..c6fd693e 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -54,6 +54,7 @@ struct BusContext
BusMatchmaker *matchmaker;
BusLimits limits;
unsigned int fork : 1;
+ unsigned int syslog : 1;
unsigned int keep_umask : 1;
unsigned int allow_anonymous : 1;
};
@@ -389,6 +390,7 @@ process_config_first_time_only (BusContext *context,
}
context->fork = bus_config_parser_get_fork (parser);
+ context->syslog = bus_config_parser_get_syslog (parser);
context->keep_umask = bus_config_parser_get_keep_umask (parser);
context->allow_anonymous = bus_config_parser_get_allow_anonymous (parser);
@@ -834,7 +836,10 @@ bus_context_reload_config (BusContext *context,
}
ret = TRUE;
+ bus_context_log_info (context, "Reloaded configuration");
failed:
+ if (!ret)
+ bus_context_log_info (context, "Unable to reload configuration: %s", error->message);
if (parser != NULL)
bus_config_parser_unref (parser);
return ret;
@@ -1115,6 +1120,32 @@ bus_context_get_reply_timeout (BusContext *context)
return context->limits.reply_timeout;
}
+void
+bus_context_log_info (BusContext *context, const char *msg, ...)
+{
+ va_list args;
+
+ va_start (args, msg);
+
+ if (context->syslog)
+ _dbus_log_info (msg, args);
+
+ va_end (args);
+}
+
+void
+bus_context_log_security (BusContext *context, const char *msg, ...)
+{
+ va_list args;
+
+ va_start (args, msg);
+
+ if (context->syslog)
+ _dbus_log_security (msg, args);
+
+ va_end (args);
+}
+
/*
* addressed_recipient is the recipient specified in the message.
*
@@ -1139,8 +1170,10 @@ bus_context_check_security_policy (BusContext *context,
{
BusClientPolicy *sender_policy;
BusClientPolicy *recipient_policy;
+ dbus_int32_t toggles;
int type;
dbus_bool_t requested_reply;
+ const char *sender_name;
type = dbus_message_get_type (message);
@@ -1151,6 +1184,12 @@ bus_context_check_security_policy (BusContext *context,
_dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
addressed_recipient != NULL ||
strcmp (dbus_message_get_destination (message), DBUS_SERVICE_DBUS) == 0);
+
+ /* Used in logging below */
+ if (sender != NULL)
+ sender_name = bus_connection_get_name (sender);
+ else
+ sender_name = NULL;
switch (type)
{
@@ -1193,8 +1232,9 @@ bus_context_check_security_policy (BusContext *context,
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"An SELinux policy prevents this sender "
"from sending this message to this recipient "
- "(rejected message had interface \"%s\" "
+ "(rejected message had sender \"%s\" interface \"%s\" "
"member \"%s\" error name \"%s\" destination \"%s\")",
+ sender_name ? sender_name : "(unset)",
dbus_message_get_interface (message) ?
dbus_message_get_interface (message) : "(unset)",
dbus_message_get_member (message) ?
@@ -1312,16 +1352,16 @@ bus_context_check_security_policy (BusContext *context,
context->registry,
requested_reply,
proposed_recipient,
- message))
+ message, &toggles))
{
const char *dest;
+ const char *msg = "Rejected send message, %d matched rules; "
+ "sender=\"%s\" interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\")";
dest = dbus_message_get_destination (message);
- dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
- "A security policy in place prevents this sender "
- "from sending this message to this recipient, "
- "see message bus configuration file (rejected message "
- "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\")",
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
+ toggles,
+ sender_name ? sender_name : "(unset)",
dbus_message_get_interface (message) ?
dbus_message_get_interface (message) : "(unset)",
dbus_message_get_member (message) ?
@@ -1329,6 +1369,17 @@ bus_context_check_security_policy (BusContext *context,
dbus_message_get_error_name (message) ?
dbus_message_get_error_name (message) : "(unset)",
dest ? dest : DBUS_SERVICE_DBUS);
+ /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
+ bus_context_log_security (context, msg,
+ toggles,
+ sender_name ? sender_name : "(unset)",
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ dest ? dest : DBUS_SERVICE_DBUS);
_dbus_verbose ("security policy disallowing message due to sender policy\n");
return FALSE;
}
@@ -1339,16 +1390,16 @@ bus_context_check_security_policy (BusContext *context,
requested_reply,
sender,
addressed_recipient, proposed_recipient,
- message))
+ message, &toggles))
{
+ const char *msg = "Rejected receive message, %d matched rules; "
+ "sender=\"%s\" interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\" reply serial=%u requested_reply=%d)";
const char *dest;
dest = dbus_message_get_destination (message);
- dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
- "A security policy in place prevents this recipient "
- "from receiving this message from this sender, "
- "see message bus configuration file (rejected message "
- "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\" reply serial %u requested_reply=%d)",
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
+ toggles,
+ sender_name ? sender_name : "(unset)",
dbus_message_get_interface (message) ?
dbus_message_get_interface (message) : "(unset)",
dbus_message_get_member (message) ?
@@ -1358,6 +1409,19 @@ bus_context_check_security_policy (BusContext *context,
dest ? dest : DBUS_SERVICE_DBUS,
dbus_message_get_reply_serial (message),
requested_reply);
+ /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
+ bus_context_log_security (context, msg,
+ toggles,
+ sender_name ? sender_name : "(unset)",
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ dest ? dest : DBUS_SERVICE_DBUS,
+ dbus_message_get_reply_serial (message),
+ requested_reply);
_dbus_verbose ("security policy disallowing message due to recipient policy\n");
return FALSE;
}
diff --git a/bus/bus.h b/bus/bus.h
index ad231040..74bdb821 100644
--- a/bus/bus.h
+++ b/bus/bus.h
@@ -107,6 +107,12 @@ int bus_context_get_max_services_per_connection (BusContext
int bus_context_get_max_match_rules_per_connection (BusContext *context);
int bus_context_get_max_replies_per_connection (BusContext *context);
int bus_context_get_reply_timeout (BusContext *context);
+void bus_context_log_info (BusContext *context,
+ const char *msg,
+ ...);
+void bus_context_log_security (BusContext *context,
+ const char *msg,
+ ...);
dbus_bool_t bus_context_check_security_policy (BusContext *context,
BusTransaction *transaction,
DBusConnection *sender,
diff --git a/bus/config-parser-common.c b/bus/config-parser-common.c
index a12642c4..4965c192 100644
--- a/bus/config-parser-common.c
+++ b/bus/config-parser-common.c
@@ -118,6 +118,10 @@ bus_config_parser_element_name_to_type (const char *name)
{
return ELEMENT_KEEP_UMASK;
}
+ else if (strcmp (name, "syslog") == 0)
+ {
+ return ELEMENT_SYSLOG;
+ }
else if (strcmp (name, "allow_anonymous") == 0)
{
return ELEMENT_ALLOW_ANONYMOUS;
@@ -172,6 +176,8 @@ bus_config_parser_element_type_to_name (ElementType type)
return "associate";
case ELEMENT_KEEP_UMASK:
return "keep_umask";
+ case ELEMENT_SYSLOG:
+ return "syslog";
case ELEMENT_ALLOW_ANONYMOUS:
return "allow_anonymous";
}
diff --git a/bus/config-parser-common.h b/bus/config-parser-common.h
index ebdc3c95..2c296433 100644
--- a/bus/config-parser-common.h
+++ b/bus/config-parser-common.h
@@ -49,6 +49,7 @@ typedef enum
ELEMENT_STANDARD_SESSION_SERVICEDIRS,
ELEMENT_STANDARD_SYSTEM_SERVICEDIRS,
ELEMENT_KEEP_UMASK,
+ ELEMENT_SYSLOG,
ELEMENT_ALLOW_ANONYMOUS
} ElementType;
diff --git a/bus/config-parser.c b/bus/config-parser.c
index 64b8f6f1..4e3be531 100644
--- a/bus/config-parser.c
+++ b/bus/config-parser.c
@@ -113,6 +113,8 @@ struct BusConfigParser
unsigned int keep_umask : 1; /**< TRUE to keep original umask when forking */
+ unsigned int syslog : 1; /**< TRUE to enable syslog */
+
unsigned int is_toplevel : 1; /**< FALSE if we are a sub-config-file inside another one */
unsigned int allow_anonymous : 1; /**< TRUE to allow anonymous connections */
@@ -720,6 +722,21 @@ start_busconfig_child (BusConfigParser *parser,
return TRUE;
}
+ else if (element_type == ELEMENT_SYSLOG)
+ {
+ if (!check_no_attributes (parser, "syslog", attribute_names, attribute_values, error))
+ return FALSE;
+
+ if (push_element (parser, ELEMENT_SYSLOG) == NULL)
+ {
+ BUS_SET_OOM (error);
+ return FALSE;
+ }
+
+ parser->syslog = TRUE;
+
+ return TRUE;
+ }
else if (element_type == ELEMENT_PIDFILE)
{
if (!check_no_attributes (parser, "pidfile", attribute_names, attribute_values, error))
@@ -1984,6 +2001,7 @@ bus_config_parser_end_element (BusConfigParser *parser,
case ELEMENT_DENY:
case ELEMENT_FORK:
case ELEMENT_KEEP_UMASK:
+ case ELEMENT_SYSLOG:
case ELEMENT_SELINUX:
case ELEMENT_ASSOCIATE:
case ELEMENT_STANDARD_SESSION_SERVICEDIRS:
@@ -2271,6 +2289,7 @@ bus_config_parser_content (BusConfigParser *parser,
case ELEMENT_DENY:
case ELEMENT_FORK:
case ELEMENT_KEEP_UMASK:
+ case ELEMENT_SYSLOG:
case ELEMENT_STANDARD_SESSION_SERVICEDIRS:
case ELEMENT_STANDARD_SYSTEM_SERVICEDIRS:
case ELEMENT_ALLOW_ANONYMOUS:
@@ -2601,6 +2620,12 @@ bus_config_parser_get_keep_umask (BusConfigParser *parser)
}
dbus_bool_t
+bus_config_parser_get_syslog (BusConfigParser *parser)
+{
+ return parser->syslog;
+}
+
+dbus_bool_t
bus_config_parser_get_allow_anonymous (BusConfigParser *parser)
{
return parser->allow_anonymous;
diff --git a/bus/config-parser.h b/bus/config-parser.h
index 6d69f3da..1f2d3d9e 100644
--- a/bus/config-parser.h
+++ b/bus/config-parser.h
@@ -65,6 +65,7 @@ const char* bus_config_parser_get_type (BusConfigParser *parser);
DBusList** bus_config_parser_get_addresses (BusConfigParser *parser);
DBusList** bus_config_parser_get_mechanisms (BusConfigParser *parser);
dbus_bool_t bus_config_parser_get_fork (BusConfigParser *parser);
+dbus_bool_t bus_config_parser_get_syslog (BusConfigParser *parser);
dbus_bool_t bus_config_parser_get_keep_umask (BusConfigParser *parser);
const char* bus_config_parser_get_pidfile (BusConfigParser *parser);
const char* bus_config_parser_get_servicehelper (BusConfigParser *parser);
diff --git a/bus/policy.c b/bus/policy.c
index caa544e7..2c1a3541 100644
--- a/bus/policy.c
+++ b/bus/policy.c
@@ -866,7 +866,8 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
BusRegistry *registry,
dbus_bool_t requested_reply,
DBusConnection *receiver,
- DBusMessage *message)
+ DBusMessage *message,
+ dbus_int32_t *toggles)
{
DBusList *link;
dbus_bool_t allowed;
@@ -876,6 +877,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
*/
_dbus_verbose (" (policy) checking send rules\n");
+ *toggles = 0;
allowed = FALSE;
link = _dbus_list_get_first_link (&policy->rules);
@@ -1026,6 +1028,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
/* Use this rule */
allowed = rule->allow;
+ (*toggles)++;
_dbus_verbose (" (policy) used rule, allow now = %d\n",
allowed);
@@ -1044,7 +1047,8 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
DBusConnection *sender,
DBusConnection *addressed_recipient,
DBusConnection *proposed_recipient,
- DBusMessage *message)
+ DBusMessage *message,
+ dbus_int32_t *toggles)
{
DBusList *link;
dbus_bool_t allowed;
@@ -1059,6 +1063,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
*/
_dbus_verbose (" (policy) checking receive rules, eavesdropping = %d\n", eavesdropping);
+ *toggles = 0;
allowed = FALSE;
link = _dbus_list_get_first_link (&policy->rules);
@@ -1223,6 +1228,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
/* Use this rule */
allowed = rule->allow;
+ (*toggles)++;
_dbus_verbose (" (policy) used rule, allow now = %d\n",
allowed);
diff --git a/bus/policy.h b/bus/policy.h
index adb9a059..91fde99f 100644
--- a/bus/policy.h
+++ b/bus/policy.h
@@ -141,14 +141,16 @@ dbus_bool_t bus_client_policy_check_can_send (BusClientPolicy *policy,
BusRegistry *registry,
dbus_bool_t requested_reply,
DBusConnection *receiver,
- DBusMessage *message);
+ DBusMessage *message,
+ dbus_int32_t *toggles);
dbus_bool_t bus_client_policy_check_can_receive (BusClientPolicy *policy,
BusRegistry *registry,
dbus_bool_t requested_reply,
DBusConnection *sender,
DBusConnection *addressed_recipient,
DBusConnection *proposed_recipient,
- DBusMessage *message);
+ DBusMessage *message,
+ dbus_int32_t *toggles);
dbus_bool_t bus_client_policy_check_can_own (BusClientPolicy *policy,
DBusConnection *connection,
const DBusString *service_name);
diff --git a/bus/system.conf.in b/bus/system.conf.in
index 1b6e716a..41e1bb1a 100644
--- a/bus/system.conf.in
+++ b/bus/system.conf.in
@@ -29,6 +29,9 @@
<!-- Write a pid file -->
<pidfile>@DBUS_SYSTEM_PID_FILE@</pidfile>
+ <!-- Enable logging to syslog -->
+ <syslog/>
+
<!-- Only allow socket-credentials-based authentication -->
<auth>EXTERNAL</auth>
generated by cgit (git 2.34.1) at 2024-04-30 01:21:00 +0000