From 69ed32cbccbec9d613447cb64e9d7b1ffa11ce3c Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 10 Dec 2008 14:17:02 -0500 Subject: Add syslog of security denials and configuration file reloads We need to start logging denials so that they become more easily trackable and debuggable. --- bus/config-parser.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'bus/config-parser.c') diff --git a/bus/config-parser.c b/bus/config-parser.c index f9e0b7d7..f4d7c501 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -111,6 +111,8 @@ struct BusConfigParser unsigned int fork : 1; /**< TRUE to fork into daemon mode */ + unsigned int syslog : 1; /**< TRUE to enable syslog */ + unsigned int is_toplevel : 1; /**< FALSE if we are a sub-config-file inside another one */ }; @@ -696,6 +698,21 @@ start_busconfig_child (BusConfigParser *parser, parser->fork = TRUE; + return TRUE; + } + else if (element_type == ELEMENT_SYSLOG) + { + if (!check_no_attributes (parser, "syslog", attribute_names, attribute_values, error)) + return FALSE; + + if (push_element (parser, ELEMENT_SYSLOG) == NULL) + { + BUS_SET_OOM (error); + return FALSE; + } + + parser->syslog = TRUE; + return TRUE; } else if (element_type == ELEMENT_PIDFILE) @@ -1947,6 +1964,7 @@ bus_config_parser_end_element (BusConfigParser *parser, case ELEMENT_ALLOW: case ELEMENT_DENY: case ELEMENT_FORK: + case ELEMENT_SYSLOG: case ELEMENT_SELINUX: case ELEMENT_ASSOCIATE: case ELEMENT_STANDARD_SESSION_SERVICEDIRS: @@ -2232,6 +2250,7 @@ bus_config_parser_content (BusConfigParser *parser, case ELEMENT_ALLOW: case ELEMENT_DENY: case ELEMENT_FORK: + case ELEMENT_SYSLOG: case ELEMENT_STANDARD_SESSION_SERVICEDIRS: case ELEMENT_STANDARD_SYSTEM_SERVICEDIRS: case ELEMENT_SELINUX: @@ -2554,6 +2573,12 @@ bus_config_parser_get_fork (BusConfigParser *parser) return parser->fork; } +dbus_bool_t +bus_config_parser_get_syslog (BusConfigParser *parser) +{ + return parser->syslog; +} + const char * bus_config_parser_get_pidfile (BusConfigParser *parser) { -- cgit From 427ff01f9d656700b370bb905fe738e76602a842 Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Tue, 16 Dec 2008 11:57:27 -0500 Subject: Add optional logging on allow rules This lets us have a backwards compatibility allow rule but still easily see when that rule is being used. --- bus/config-parser.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'bus/config-parser.c') diff --git a/bus/config-parser.c b/bus/config-parser.c index f4d7c501..a8de3ff3 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -1090,6 +1090,7 @@ append_rule_from_element (BusConfigParser *parser, dbus_bool_t allow, DBusError *error) { + const char *log; const char *send_interface; const char *send_member; const char *send_error; @@ -1133,6 +1134,7 @@ append_rule_from_element (BusConfigParser *parser, "own", &own, "user", &user, "group", &group, + "log", &log, NULL)) return FALSE; @@ -1337,6 +1339,9 @@ append_rule_from_element (BusConfigParser *parser, if (eavesdrop) rule->d.send.eavesdrop = (strcmp (eavesdrop, "true") == 0); + if (log) + rule->d.send.log = (strcmp (log, "true") == 0); + if (send_requested_reply) rule->d.send.requested_reply = (strcmp (send_requested_reply, "true") == 0); -- cgit From 6663d1dd35f94717209cd6fca86045bca853ef79 Mon Sep 17 00:00:00 2001 From: Matt McCutchen Date: Mon, 10 Nov 2008 08:55:27 -0500 Subject: Bug 18446: Keep umask for session bus Signed-off-by: Colin Walters --- bus/config-parser.c | 32 +++++++++++++++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) (limited to 'bus/config-parser.c') diff --git a/bus/config-parser.c b/bus/config-parser.c index a8de3ff3..38ce8a1d 100644 --- a/bus/config-parser.c +++ b/bus/config-parser.c @@ -112,6 +112,7 @@ struct BusConfigParser unsigned int fork : 1; /**< TRUE to fork into daemon mode */ unsigned int syslog : 1; /**< TRUE to enable syslog */ + unsigned int keep_umask : 1; /**< TRUE to keep original umask when forking */ unsigned int is_toplevel : 1; /**< FALSE if we are a sub-config-file inside another one */ }; @@ -308,6 +309,9 @@ merge_included (BusConfigParser *parser, if (included->fork) parser->fork = TRUE; + if (included->keep_umask) + parser->keep_umask = TRUE; + if (included->pidfile != NULL) { dbus_free (parser->pidfile); @@ -710,9 +714,24 @@ start_busconfig_child (BusConfigParser *parser, BUS_SET_OOM (error); return FALSE; } - + parser->syslog = TRUE; + return TRUE; + } + else if (element_type == ELEMENT_KEEP_UMASK) + { + if (!check_no_attributes (parser, "keep_umask", attribute_names, attribute_values, error)) + return FALSE; + + if (push_element (parser, ELEMENT_KEEP_UMASK) == NULL) + { + BUS_SET_OOM (error); + return FALSE; + } + + parser->keep_umask = TRUE; + return TRUE; } else if (element_type == ELEMENT_PIDFILE) @@ -1970,6 +1989,7 @@ bus_config_parser_end_element (BusConfigParser *parser, case ELEMENT_DENY: case ELEMENT_FORK: case ELEMENT_SYSLOG: + case ELEMENT_KEEP_UMASK: case ELEMENT_SELINUX: case ELEMENT_ASSOCIATE: case ELEMENT_STANDARD_SESSION_SERVICEDIRS: @@ -2256,6 +2276,7 @@ bus_config_parser_content (BusConfigParser *parser, case ELEMENT_DENY: case ELEMENT_FORK: case ELEMENT_SYSLOG: + case ELEMENT_KEEP_UMASK: case ELEMENT_STANDARD_SESSION_SERVICEDIRS: case ELEMENT_STANDARD_SYSTEM_SERVICEDIRS: case ELEMENT_SELINUX: @@ -2584,6 +2605,12 @@ bus_config_parser_get_syslog (BusConfigParser *parser) return parser->syslog; } +dbus_bool_t +bus_config_parser_get_keep_umask (BusConfigParser *parser) +{ + return parser->keep_umask; +} + const char * bus_config_parser_get_pidfile (BusConfigParser *parser) { @@ -2977,6 +3004,9 @@ config_parsers_equal (const BusConfigParser *a, if (! bools_equal (a->fork, b->fork)) return FALSE; + if (! bools_equal (a->keep_umask, b->keep_umask)) + return FALSE; + if (! bools_equal (a->is_toplevel, b->is_toplevel)) return FALSE; -- cgit