summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Walters <walters@verbum.org>2009-01-21 15:56:42 -0500
committerColin Walters <walters@verbum.org>2009-01-21 15:56:42 -0500
commit6ca4b8c6bb0a04574373073cc8b3f59eaf8740fa (patch)
tree7e36a1b3423cbe7fffbb54fa5ca398b2f5bb9588
parentf0cc56e1919cdc762e1ba4b3b53d377312f0c6c2 (diff)
downloaddbus-6ca4b8c6bb0a04574373073cc8b3f59eaf8740fa.tar.gz
Add syslog of security denials and configuration file reloads
We need to start logging denials so that they become more easily trackable and debuggable. Conflicts: bus/bus.c bus/config-parser-common.c bus/config-parser-common.h bus/config-parser.c test/name-test/tmp-session-like-system.conf
Diffstat
-rw-r--r--bus/bus.c94
-rw-r--r--bus/bus.h6
-rw-r--r--bus/config-parser.c30
-rw-r--r--bus/config-parser.h1
-rw-r--r--bus/policy.c10
-rw-r--r--bus/policy.h6
-rw-r--r--bus/system.conf.in3
-rw-r--r--dbus/dbus-sysdeps-unix.c1
-rw-r--r--dbus/dbus-sysdeps-util-unix.c33
-rw-r--r--dbus/dbus-sysdeps.h4
-rw-r--r--test/name-test/tmp-session-like-system.conf2
11 files changed, 168 insertions, 22 deletions
diff --git a/bus/bus.c b/bus/bus.c
index efbd0232..6e6ff38f 100644
--- a/bus/bus.c
+++ b/bus/bus.c
@@ -53,6 +53,7 @@ struct BusContext
DBusUserDatabase *user_database;
BusLimits limits;
unsigned int fork : 1;
+ unsigned int syslog : 1;
};
static dbus_int32_t server_data_slot = -1;
@@ -382,6 +383,7 @@ process_config_first_time_only (BusContext *context,
}
context->fork = bus_config_parser_get_fork (parser);
+ context->syslog = bus_config_parser_get_syslog (parser);
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
retval = TRUE;
@@ -823,7 +825,10 @@ bus_context_reload_config (BusContext *context,
}
ret = TRUE;
+ bus_context_log_info (context, "Reloaded configuration");
failed:
+ if (!ret)
+ bus_context_log_info (context, "Unable to reload configuration: %s", error->message);
if (parser != NULL)
bus_config_parser_unref (parser);
return ret;
@@ -1096,6 +1101,32 @@ bus_context_get_reply_timeout (BusContext *context)
return context->limits.reply_timeout;
}
+void
+bus_context_log_info (BusContext *context, const char *msg, ...)
+{
+ va_list args;
+
+ va_start (args, msg);
+
+ if (context->syslog)
+ _dbus_log_info (msg, args);
+
+ va_end (args);
+}
+
+void
+bus_context_log_security (BusContext *context, const char *msg, ...)
+{
+ va_list args;
+
+ va_start (args, msg);
+
+ if (context->syslog)
+ _dbus_log_security (msg, args);
+
+ va_end (args);
+}
+
/*
* addressed_recipient is the recipient specified in the message.
*
@@ -1120,8 +1151,10 @@ bus_context_check_security_policy (BusContext *context,
{
BusClientPolicy *sender_policy;
BusClientPolicy *recipient_policy;
+ dbus_int32_t toggles;
int type;
dbus_bool_t requested_reply;
+ const char *sender_name;
type = dbus_message_get_type (message);
@@ -1132,6 +1165,12 @@ bus_context_check_security_policy (BusContext *context,
_dbus_assert (type == DBUS_MESSAGE_TYPE_SIGNAL ||
addressed_recipient != NULL ||
strcmp (dbus_message_get_destination (message), DBUS_SERVICE_DBUS) == 0);
+
+ /* Used in logging below */
+ if (sender != NULL)
+ sender_name = bus_connection_get_name (sender);
+ else
+ sender_name = NULL;
switch (type)
{
@@ -1169,19 +1208,18 @@ bus_context_check_security_policy (BusContext *context,
dbus_message_get_error_name (message),
dest ? dest : DBUS_SERVICE_DBUS, error))
{
-
if (dbus_error_is_set (error) &&
dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY))
{
return FALSE;
- }
-
+ }
dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
"An SELinux policy prevents this sender "
"from sending this message to this recipient "
- "(rejected message had interface \"%s\" "
+ "(rejected message had sender \"%s\" interface \"%s\" "
"member \"%s\" error name \"%s\" destination \"%s\")",
+ sender_name ? sender_name : "(unset)",
dbus_message_get_interface (message) ?
dbus_message_get_interface (message) : "(unset)",
dbus_message_get_member (message) ?
@@ -1297,16 +1335,16 @@ bus_context_check_security_policy (BusContext *context,
context->registry,
requested_reply,
proposed_recipient,
- message))
+ message, &toggles))
{
const char *dest;
+ const char *msg = "Rejected send message, %d matched rules; "
+ "sender=\"%s\" interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\")";
dest = dbus_message_get_destination (message);
- dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
- "A security policy in place prevents this sender "
- "from sending this message to this recipient, "
- "see message bus configuration file (rejected message "
- "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\")",
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
+ toggles,
+ sender_name ? sender_name : "(unset)",
dbus_message_get_interface (message) ?
dbus_message_get_interface (message) : "(unset)",
dbus_message_get_member (message) ?
@@ -1314,6 +1352,17 @@ bus_context_check_security_policy (BusContext *context,
dbus_message_get_error_name (message) ?
dbus_message_get_error_name (message) : "(unset)",
dest ? dest : DBUS_SERVICE_DBUS);
+ /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
+ bus_context_log_security (context, msg,
+ toggles,
+ sender_name ? sender_name : "(unset)",
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ dest ? dest : DBUS_SERVICE_DBUS);
_dbus_verbose ("security policy disallowing message due to sender policy\n");
return FALSE;
}
@@ -1324,16 +1373,16 @@ bus_context_check_security_policy (BusContext *context,
requested_reply,
sender,
addressed_recipient, proposed_recipient,
- message))
+ message, &toggles))
{
+ const char *msg = "Rejected receive message, %d matched rules; "
+ "sender=\"%s\" interface=\"%s\" member=\"%s\" error name=\"%s\" destination=\"%s\" reply serial=%u requested_reply=%d)";
const char *dest;
dest = dbus_message_get_destination (message);
- dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED,
- "A security policy in place prevents this recipient "
- "from receiving this message from this sender, "
- "see message bus configuration file (rejected message "
- "had interface \"%s\" member \"%s\" error name \"%s\" destination \"%s\" reply serial %u requested_reply=%d)",
+ dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, msg,
+ toggles,
+ sender_name ? sender_name : "(unset)",
dbus_message_get_interface (message) ?
dbus_message_get_interface (message) : "(unset)",
dbus_message_get_member (message) ?
@@ -1343,6 +1392,19 @@ bus_context_check_security_policy (BusContext *context,
dest ? dest : DBUS_SERVICE_DBUS,
dbus_message_get_reply_serial (message),
requested_reply);
+ /* Needs to be duplicated to avoid calling malloc and having to handle OOM */
+ bus_context_log_security (context, msg,
+ toggles,
+ sender_name ? sender_name : "(unset)",
+ dbus_message_get_interface (message) ?
+ dbus_message_get_interface (message) : "(unset)",
+ dbus_message_get_member (message) ?
+ dbus_message_get_member (message) : "(unset)",
+ dbus_message_get_error_name (message) ?
+ dbus_message_get_error_name (message) : "(unset)",
+ dest ? dest : DBUS_SERVICE_DBUS,
+ dbus_message_get_reply_serial (message),
+ requested_reply);
_dbus_verbose ("security policy disallowing message due to recipient policy\n");
return FALSE;
}
diff --git a/bus/bus.h b/bus/bus.h
index 527bfddc..99fc5b96 100644
--- a/bus/bus.h
+++ b/bus/bus.h
@@ -105,6 +105,12 @@ int bus_context_get_max_services_per_connection (BusContext
int bus_context_get_max_match_rules_per_connection (BusContext *context);
int bus_context_get_max_replies_per_connection (BusContext *context);
int bus_context_get_reply_timeout (BusContext *context);
+void bus_context_log_info (BusContext *context,
+ const char *msg,
+ ...);
+void bus_context_log_security (BusContext *context,
+ const char *msg,
+ ...);
dbus_bool_t bus_context_check_security_policy (BusContext *context,
BusTransaction *transaction,
DBusConnection *sender,
diff --git a/bus/config-parser.c b/bus/config-parser.c
index db46893a..ab1bd34d 100644
--- a/bus/config-parser.c
+++ b/bus/config-parser.c
@@ -48,7 +48,8 @@ typedef enum
ELEMENT_TYPE,
ELEMENT_SELINUX,
ELEMENT_ASSOCIATE,
- ELEMENT_STANDARD_SESSION_SERVICEDIRS
+ ELEMENT_STANDARD_SESSION_SERVICEDIRS,
+ ELEMENT_SYSLOG
} ElementType;
typedef enum
@@ -130,6 +131,8 @@ struct BusConfigParser
unsigned int fork : 1; /**< TRUE to fork into daemon mode */
+ unsigned int syslog : 1; /**< TRUE to enable syslog */
+
unsigned int is_toplevel : 1; /**< FALSE if we are a sub-config-file inside another one */
};
@@ -174,6 +177,8 @@ element_type_to_name (ElementType type)
return "selinux";
case ELEMENT_ASSOCIATE:
return "associate";
+ case ELEMENT_SYSLOG:
+ return "syslog";
}
_dbus_assert_not_reached ("bad element type");
@@ -755,6 +760,21 @@ start_busconfig_child (BusConfigParser *parser,
return TRUE;
}
+ else if (strcmp (element_name, "syslog") == 0)
+ {
+ if (!check_no_attributes (parser, "syslog", attribute_names, attribute_values, error))
+ return FALSE;
+
+ if (push_element (parser, ELEMENT_SYSLOG) == NULL)
+ {
+ BUS_SET_OOM (error);
+ return FALSE;
+ }
+
+ parser->syslog = TRUE;
+
+ return TRUE;
+ }
else if (strcmp (element_name, "pidfile") == 0)
{
if (!check_no_attributes (parser, "pidfile", attribute_names, attribute_values, error))
@@ -1958,6 +1978,7 @@ bus_config_parser_end_element (BusConfigParser *parser,
case ELEMENT_ALLOW:
case ELEMENT_DENY:
case ELEMENT_FORK:
+ case ELEMENT_SYSLOG:
case ELEMENT_SELINUX:
case ELEMENT_ASSOCIATE:
case ELEMENT_STANDARD_SESSION_SERVICEDIRS:
@@ -2208,6 +2229,7 @@ bus_config_parser_content (BusConfigParser *parser,
case ELEMENT_ALLOW:
case ELEMENT_DENY:
case ELEMENT_FORK:
+ case ELEMENT_SYSLOG:
case ELEMENT_STANDARD_SESSION_SERVICEDIRS:
case ELEMENT_SELINUX:
case ELEMENT_ASSOCIATE:
@@ -2503,6 +2525,12 @@ bus_config_parser_get_fork (BusConfigParser *parser)
return parser->fork;
}
+dbus_bool_t
+bus_config_parser_get_syslog (BusConfigParser *parser)
+{
+ return parser->syslog;
+}
+
const char *
bus_config_parser_get_pidfile (BusConfigParser *parser)
{
diff --git a/bus/config-parser.h b/bus/config-parser.h
index 657b0aef..3ecd6730 100644
--- a/bus/config-parser.h
+++ b/bus/config-parser.h
@@ -65,6 +65,7 @@ const char* bus_config_parser_get_type (BusConfigParser *parser);
DBusList** bus_config_parser_get_addresses (BusConfigParser *parser);
DBusList** bus_config_parser_get_mechanisms (BusConfigParser *parser);
dbus_bool_t bus_config_parser_get_fork (BusConfigParser *parser);
+dbus_bool_t bus_config_parser_get_syslog (BusConfigParser *parser);
const char* bus_config_parser_get_pidfile (BusConfigParser *parser);
DBusList** bus_config_parser_get_service_dirs (BusConfigParser *parser);
DBusList** bus_config_parser_get_conf_dirs (BusConfigParser *parser);
diff --git a/bus/policy.c b/bus/policy.c
index ff8a70e7..1113eaa3 100644
--- a/bus/policy.c
+++ b/bus/policy.c
@@ -855,7 +855,8 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
BusRegistry *registry,
dbus_bool_t requested_reply,
DBusConnection *receiver,
- DBusMessage *message)
+ DBusMessage *message,
+ dbus_int32_t *toggles)
{
DBusList *link;
dbus_bool_t allowed;
@@ -865,6 +866,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
*/
_dbus_verbose (" (policy) checking send rules\n");
+ *toggles = 0;
allowed = FALSE;
link = _dbus_list_get_first_link (&policy->rules);
@@ -1015,6 +1017,7 @@ bus_client_policy_check_can_send (BusClientPolicy *policy,
/* Use this rule */
allowed = rule->allow;
+ (*toggles)++;
_dbus_verbose (" (policy) used rule, allow now = %d\n",
allowed);
@@ -1033,7 +1036,8 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
DBusConnection *sender,
DBusConnection *addressed_recipient,
DBusConnection *proposed_recipient,
- DBusMessage *message)
+ DBusMessage *message,
+ dbus_int32_t *toggles)
{
DBusList *link;
dbus_bool_t allowed;
@@ -1048,6 +1052,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
*/
_dbus_verbose (" (policy) checking receive rules, eavesdropping = %d\n", eavesdropping);
+ *toggles = 0;
allowed = FALSE;
link = _dbus_list_get_first_link (&policy->rules);
@@ -1212,6 +1217,7 @@ bus_client_policy_check_can_receive (BusClientPolicy *policy,
/* Use this rule */
allowed = rule->allow;
+ (*toggles)++;
_dbus_verbose (" (policy) used rule, allow now = %d\n",
allowed);
diff --git a/bus/policy.h b/bus/policy.h
index 94b48e6f..7e2df1e7 100644
--- a/bus/policy.h
+++ b/bus/policy.h
@@ -139,14 +139,16 @@ dbus_bool_t bus_client_policy_check_can_send (BusClientPolicy *policy,
BusRegistry *registry,
dbus_bool_t requested_reply,
DBusConnection *receiver,
- DBusMessage *message);
+ DBusMessage *message,
+ dbus_int32_t *toggles);
dbus_bool_t bus_client_policy_check_can_receive (BusClientPolicy *policy,
BusRegistry *registry,
dbus_bool_t requested_reply,
DBusConnection *sender,
DBusConnection *addressed_recipient,
DBusConnection *proposed_recipient,
- DBusMessage *message);
+ DBusMessage *message,
+ dbus_int32_t *toggles);
dbus_bool_t bus_client_policy_check_can_own (BusClientPolicy *policy,
DBusConnection *connection,
const DBusString *service_name);
diff --git a/bus/system.conf.in b/bus/system.conf.in
index a0dd7415..d9900f63 100644
--- a/bus/system.conf.in
+++ b/bus/system.conf.in
@@ -23,6 +23,9 @@
<!-- Write a pid file -->
<pidfile>@DBUS_SYSTEM_PID_FILE@</pidfile>
+ <!-- Enable logging to syslog -->
+ <syslog/>
+
<!-- Only allow socket-credentials-based authentication -->
<auth>EXTERNAL</auth>
diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
index f1ac5375..42816580 100644
--- a/dbus/dbus-sysdeps-unix.c
+++ b/dbus/dbus-sysdeps-unix.c
@@ -2307,7 +2307,6 @@ _dbus_full_duplex_pipe (int *fd1,
#endif
}
-
/**
* Measure the length of the given format string and arguments,
* not including the terminating nul.
diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c
index f57b7807..439c93c2 100644
--- a/dbus/dbus-sysdeps-util-unix.c
+++ b/dbus/dbus-sysdeps-util-unix.c
@@ -36,6 +36,7 @@
#include <signal.h>
#include <unistd.h>
#include <stdio.h>
+#include <syslog.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/stat.h>
@@ -287,6 +288,38 @@ _dbus_change_identity (dbus_uid_t uid,
return TRUE;
}
+void
+_dbus_init_system_log (void)
+{
+ openlog ("dbus", LOG_PID, LOG_DAEMON);
+}
+
+/**
+ * Log an informative message. Intended for use primarily by
+ * the system bus.
+ *
+ * @param msg a printf-style format string
+ * @param args arguments for the format string
+ */
+void
+_dbus_log_info (const char *msg, va_list args)
+{
+ vsyslog (LOG_DAEMON|LOG_NOTICE, msg, args);
+}
+
+/**
+ * Log a security-related message. Intended for use primarily by
+ * the system bus.
+ *
+ * @param msg a printf-style format string
+ * @param args arguments for the format string
+ */
+void
+_dbus_log_security (const char *msg, va_list args)
+{
+ vsyslog (LOG_AUTH|LOG_NOTICE, msg, args);
+}
+
/** Installs a UNIX signal handler
*
* @param sig the signal to handle
diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h
index d3659f24..47db9fb0 100644
--- a/dbus/dbus-sysdeps.h
+++ b/dbus/dbus-sysdeps.h
@@ -382,6 +382,10 @@ void _dbus_set_signal_handler (int sig,
dbus_bool_t _dbus_user_at_console (const char *username,
DBusError *error);
+void _dbus_init_system_log (void);
+void _dbus_log_info (const char *msg, va_list args);
+void _dbus_log_security (const char *msg, va_list args);
+
/* Define DBUS_VA_COPY() to do the right thing for copying va_list variables.
* config.h may have already defined DBUS_VA_COPY as va_copy or __va_copy.
*/
diff --git a/test/name-test/tmp-session-like-system.conf b/test/name-test/tmp-session-like-system.conf
index 41a4201a..0818109a 100644
--- a/test/name-test/tmp-session-like-system.conf
+++ b/test/name-test/tmp-session-like-system.conf
@@ -8,6 +8,8 @@
<!-- Our well-known bus type, don't change this -->
<type>session</type>
+ <syslog/>
+
<listen>unix:tmpdir=/tmp</listen>
<standard_session_servicedirs />
View Lorry Controller Status