bus: parse capability kdbus meta data of messages

2025-03-31 14:50:15 +03:00 · 2013-04-23 00:14:30 -03:00 · 2013-04-23 00:14:30 -03:00 · 102ea8e4f2
commit 102ea8e4f2
parent 120f919e70
4 changed files with 27 additions and 1 deletions
--- a/src/libsystemd-bus/bus-kernel.c
+++ b/src/libsystemd-bus/bus-kernel.c
@ -475,7 +475,10 @@ static int bus_kernel_make_message(sd_bus *bus, struct kdbus_msg *k, sd_bus_mess
                        m->cgroup = d->str;
                else if (d->type == KDBUS_MSG_SRC_AUDIT)
                        m->audit = &d->audit;
-                else
+                else if (d->type == KDBUS_MSG_SRC_CAPS) {
+                        m->capability = d->data;
+                        m->capability_size = l;
+                } else
                        log_debug("Got unknown field from kernel %llu", d->type);
        }

--- a/src/libsystemd-bus/bus-message.c
+++ b/src/libsystemd-bus/bus-message.c
@ -928,6 +928,23 @@ int sd_bus_message_get_audit_loginuid(sd_bus_message *m, uid_t *uid) {
        return 0;
 }

+int sd_bus_message_has_effective_cap(sd_bus_message *m, int capability) {
+        unsigned sz;
+
+        if (!m)
+                return -EINVAL;
+        if (capability < 0)
+                return -EINVAL;
+        if (!m->capability)
+                return -ESRCH;
+
+        sz = m->capability_size / 4;
+        if ((unsigned) capability >= sz*8)
+                return 0;
+
+        return !!(m->capability[2 * sz + (capability / 8)] & (1 << (capability % 8)));
+}
+
 int sd_bus_message_is_signal(sd_bus_message *m, const char *interface, const char *member) {
        if (!m)
                return -EINVAL;
@ -3193,6 +3210,8 @@ int bus_message_dump(sd_bus_message *m) {
        if (sd_bus_message_get_audit_sessionid(m, &audit_sessionid) >= 0)
                printf("\taudit_sessionid=%lu\n", (unsigned long) audit_sessionid);

+        printf("\tCAP_KILL=%i\n", sd_bus_message_has_effective_cap(m, 5));
+
        if (sd_bus_message_get_cmdline(m, &cmdline) >= 0) {
                char **c;

--- a/src/libsystemd-bus/bus-message.h
+++ b/src/libsystemd-bus/bus-message.h
@ -121,6 +121,9 @@ struct sd_bus_message {
        char *user_unit;

        struct kdbus_audit *audit;
+
+        uint8_t *capability;
+        size_t capability_size;
 };

 #define BUS_MESSAGE_NEED_BSWAP(m) ((m)->header->endian != SD_BUS_NATIVE_ENDIAN)
--- a/src/systemd/sd-bus.h
+++ b/src/systemd/sd-bus.h
@ -142,6 +142,7 @@ int sd_bus_message_get_session(sd_bus_message *m, const char **session);
 int sd_bus_message_get_owner_uid(sd_bus_message *m, uid_t *uid);
 int sd_bus_message_get_audit_sessionid(sd_bus_message *m, uint32_t *sessionid);
 int sd_bus_message_get_audit_loginuid(sd_bus_message *m, uid_t *loginuid);
+int sd_bus_message_has_effective_cap(sd_bus_message *m, int capability);

 int sd_bus_message_is_signal(sd_bus_message *m, const char *interface, const char *member);
 int sd_bus_message_is_method_call(sd_bus_message *m, const char *interface, const char *member);