Merge pull request #606 from dvdhrm/bus-proxy-pedantic-matches2

bus-proxy: never pass on unmatched broadcasts (v2)
2024-11-08 11:27:32 +03:00 · 2015-07-24 12:50:56 +02:00 · 2015-07-24 12:50:56 +02:00 · 603d5da504
commit 603d5da504
parent 77b7f80509 e23bc0e7ca
6 changed files with 75 additions and 13 deletions
--- a/src/bus-proxyd/driver.c
+++ b/src/bus-proxyd/driver.c
@ -33,6 +33,7 @@
 #include "strv.h"
 #include "set.h"
 #include "driver.h"
+#include "proxy.h"
 #include "synthesize.h"

 static int get_creds_by_name(sd_bus *bus, const char *name, uint64_t mask, sd_bus_creds **_creds, sd_bus_error *error) {
@ -70,7 +71,7 @@ static int get_creds_by_message(sd_bus *bus, sd_bus_message *m, uint64_t mask, s
        return get_creds_by_name(bus, name, mask, _creds, error);
 }

-int bus_proxy_process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, SharedPolicy *sp, const struct ucred *ucred, Set *owned_names) {
+int bus_proxy_process_driver(Proxy *p, sd_bus *a, sd_bus *b, sd_bus_message *m, SharedPolicy *sp, const struct ucred *ucred, Set *owned_names) {
        int r;

        assert(a);
@ -189,7 +190,7 @@ int bus_proxy_process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, SharedPoli
                if (r < 0)
                        return synthetic_reply_method_errno(m, r, NULL);

-                r = sd_bus_add_match(a, NULL, match, NULL, NULL);
+                r = sd_bus_add_match(a, NULL, match, proxy_match, p);
                if (r < 0)
                        return synthetic_reply_method_errno(m, r, NULL);

--- a/src/bus-proxyd/driver.h
+++ b/src/bus-proxyd/driver.h
@ -23,5 +23,6 @@

 #include "sd-bus.h"
 #include "bus-xml-policy.h"
+#include "proxy.h"

-int bus_proxy_process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, SharedPolicy *sp, const struct ucred *ucred, Set *owned_names);
+int bus_proxy_process_driver(Proxy *p, sd_bus *a, sd_bus *b, sd_bus_message *m, SharedPolicy *sp, const struct ucred *ucred, Set *owned_names);
--- a/src/bus-proxyd/proxy.c
+++ b/src/bus-proxyd/proxy.c
@ -144,9 +144,17 @@ static int proxy_create_local(Proxy *p, int in_fd, int out_fd, bool negotiate_fd
        return 0;
 }

+static int proxy_match_synthetic(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        Proxy *p = userdata;
+
+        p->synthetic_matched = true;
+        return 0; /* make sure to continue processing it in further handlers */
+}
+
 /*
- * dbus-1 clients receive NameOwnerChanged and directed signals without
- * subscribing to them; install the matches to receive them on kdbus.
+ * We always need NameOwnerChanged so we can synthesize NameLost and
+ * NameAcquired. Furthermore, dbus-1 always passes unicast-signals through, so
+ * subscribe unconditionally.
 */
 static int proxy_prepare_matches(Proxy *p) {
        _cleanup_free_ char *match = NULL;
@ -172,7 +180,7 @@ static int proxy_prepare_matches(Proxy *p) {
        if (!match)
                return log_oom();

-        r = sd_bus_add_match(p->destination_bus, NULL, match, NULL, NULL);
+        r = sd_bus_add_match(p->destination_bus, NULL, match, proxy_match_synthetic, p);
        if (r < 0)
                return log_error_errno(r, "Failed to add match for NameLost: %m");

@ -189,7 +197,7 @@ static int proxy_prepare_matches(Proxy *p) {
        if (!match)
                return log_oom();

-        r = sd_bus_add_match(p->destination_bus, NULL, match, NULL, NULL);
+        r = sd_bus_add_match(p->destination_bus, NULL, match, proxy_match_synthetic, p);
        if (r < 0)
                return log_error_errno(r, "Failed to add match for NameAcquired: %m");

@ -202,7 +210,7 @@ static int proxy_prepare_matches(Proxy *p) {
        if (!match)
                return log_oom();

-        r = sd_bus_add_match(p->destination_bus, NULL, match, NULL, NULL);
+        r = sd_bus_add_match(p->destination_bus, NULL, match, proxy_match_synthetic, p);
        if (r < 0)
                log_error_errno(r, "Failed to add match for directed signals: %m");
                /* FIXME: temporarily ignore error to support older kdbus versions */
@ -679,11 +687,28 @@ static int patch_sender(sd_bus *a, sd_bus_message *m) {

 static int proxy_process_destination_to_local(Proxy *p) {
        _cleanup_bus_message_unref_ sd_bus_message *m = NULL;
+        bool matched, matched_synthetic;
        int r;

        assert(p);

+        /*
+         * Usually, we would just take any message that the bus passes to us
+         * and forward it to the local connection. However, there are actually
+         * applications that fail if they receive broadcasts that they didn't
+         * subscribe to. Therefore, we actually emulate a real broadcast
+         * matching here, and discard any broadcasts that weren't matched. Our
+         * match-handlers remembers whether a message was matched by any rule,
+         * by marking it in @p->message_matched.
+         */
+
        r = sd_bus_process(p->destination_bus, &m);
+
+        matched = p->message_matched;
+        matched_synthetic = p->synthetic_matched;
+        p->message_matched = false;
+        p->synthetic_matched = false;
+
        if (r == -ECONNRESET || r == -ENOTCONN) /* Treat 'connection reset by peer' as clean exit condition */
                return r;
        if (r < 0) {
@ -699,12 +724,21 @@ static int proxy_process_destination_to_local(Proxy *p) {
        if (sd_bus_message_is_signal(m, "org.freedesktop.DBus.Local", "Disconnected"))
                return -ECONNRESET;

-        r = synthesize_name_acquired(p->destination_bus, p->local_bus, m);
+        r = synthesize_name_acquired(p, p->destination_bus, p->local_bus, m);
        if (r == -ECONNRESET || r == -ENOTCONN)
                return r;
        if (r < 0)
                return log_error_errno(r, "Failed to synthesize message: %m");

+        /* discard broadcasts that were not matched by any MATCH rule */
+        if (!matched && !sd_bus_message_get_destination(m)) {
+                if (!matched_synthetic)
+                        log_warning("Dropped unmatched broadcast: uid=" UID_FMT " gid=" GID_FMT" message=%s path=%s interface=%s member=%s",
+                                    p->local_creds.uid, p->local_creds.gid, bus_message_type_to_string(m->header->type),
+                                    strna(m->path), strna(m->interface), strna(m->member));
+                return 1;
+        }
+
        patch_sender(p->destination_bus, m);

        if (p->policy) {
@ -788,7 +822,7 @@ static int proxy_process_local_to_destination(Proxy *p) {
        if (r > 0)
                return 1;

-        r = bus_proxy_process_driver(p->destination_bus, p->local_bus, m, p->policy, &p->local_creds, p->owned_names);
+        r = bus_proxy_process_driver(p, p->destination_bus, p->local_bus, m, p->policy, &p->local_creds, p->owned_names);
        if (r == -ECONNRESET || r == -ENOTCONN)
                return r;
        if (r < 0)
@ -834,6 +868,13 @@ static int proxy_process_local_to_destination(Proxy *p) {
        return 1;
 }

+int proxy_match(sd_bus_message *m, void *userdata, sd_bus_error *error) {
+        Proxy *p = userdata;
+
+        p->message_matched = true;
+        return 0; /* make sure to continue processing it in further handlers */
+}
+
 int proxy_run(Proxy *p) {
        int r;

--- a/src/bus-proxyd/proxy.h
+++ b/src/bus-proxyd/proxy.h
@ -39,6 +39,8 @@ struct Proxy {

        bool got_hello : 1;
        bool queue_overflow : 1;
+        bool message_matched : 1;
+        bool synthetic_matched : 1;
 };

 int proxy_new(Proxy **out, int in_fd, int out_fd, const char *dest);
@ -46,6 +48,7 @@ Proxy *proxy_free(Proxy *p);

 int proxy_set_policy(Proxy *p, SharedPolicy *policy, char **configuration);
 int proxy_hello_policy(Proxy *p, uid_t original_uid);
+int proxy_match(sd_bus_message *m, void *userdata, sd_bus_error *error);
 int proxy_run(Proxy *p);

 DEFINE_TRIVIAL_CLEANUP_FUNC(Proxy*, proxy_free);
--- a/src/bus-proxyd/synthesize.c
+++ b/src/bus-proxyd/synthesize.c
@ -28,6 +28,7 @@
 #include "bus-internal.h"
 #include "bus-message.h"
 #include "bus-util.h"
+#include "bus-match.h"
 #include "synthesize.h"

 int synthetic_driver_send(sd_bus *b, sd_bus_message *m) {
@ -152,11 +153,12 @@ int synthetic_reply_method_return_strv(sd_bus_message *call, char **l) {
        return synthetic_driver_send(call->bus, m);
 }

-int synthesize_name_acquired(sd_bus *a, sd_bus *b, sd_bus_message *m) {
+int synthesize_name_acquired(Proxy *p, sd_bus *a, sd_bus *b, sd_bus_message *m) {
        _cleanup_bus_message_unref_ sd_bus_message *n = NULL;
        const char *name, *old_owner, *new_owner;
        int r;

+        assert(p);
        assert(a);
        assert(b);
        assert(m);
@ -216,5 +218,18 @@ int synthesize_name_acquired(sd_bus *a, sd_bus *b, sd_bus_message *m) {
        if (r < 0)
                return r;

-        return sd_bus_send(b, n, NULL);
+        /*
+         * Make sure to only forward NameLost/NameAcquired messages if they
+         * match an installed MATCH rule of the local client. We really must
+         * not send messages the client doesn't expect.
+         */
+
+        r = bus_match_run(b, &b->match_callbacks, n);
+        if (r >= 0 && p->message_matched)
+                r = sd_bus_send(b, n, NULL);
+
+        p->message_matched = false;
+        p->synthetic_matched = false;
+
+        return r;
 }
--- a/src/bus-proxyd/synthesize.h
+++ b/src/bus-proxyd/synthesize.h
@ -22,6 +22,7 @@
 ***/

 #include "sd-bus.h"
+#include "proxy.h"

 int synthetic_driver_send(sd_bus *b, sd_bus_message *m);

@ -33,4 +34,4 @@ int synthetic_reply_method_errorf(sd_bus_message *call, const char *name, const
 int synthetic_reply_method_errno(sd_bus_message *call, int error, const sd_bus_error *p);
 int synthetic_reply_method_errnof(sd_bus_message *call, int error, const char *format, ...) _sd_printf_(3, 4);

-int synthesize_name_acquired(sd_bus *a, sd_bus *b, sd_bus_message *m);
+int synthesize_name_acquired(Proxy *p, sd_bus *a, sd_bus *b, sd_bus_message *m);