1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering
7 Copyright 2013 Daniel Mack
8 Copyright 2014 Kay Sievers
9 Copyright 2014 David Herrmann
11 systemd is free software; you can redistribute it and/or modify it
12 under the terms of the GNU Lesser General Public License as published by
13 the Free Software Foundation; either version 2.1 of the License, or
14 (at your option) any later version.
16 systemd is distributed in the hope that it will be useful, but
17 WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 Lesser General Public License for more details.
21 You should have received a copy of the GNU Lesser General Public License
22 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 #include <sys/socket.h>
26 #include <sys/types.h>
33 #include "sd-daemon.h"
35 #include "bus-internal.h"
36 #include "bus-message.h"
39 #include "bus-control.h"
41 #include "bus-xml-policy.h"
44 #include "synthesize.h"
45 #include "formats-util.h"
47 static int proxy_create_destination(Proxy
*p
, const char *destination
, const char *local_sec
, bool negotiate_fds
) {
48 _cleanup_bus_close_unref_ sd_bus
*b
= NULL
;
53 return log_error_errno(r
, "Failed to allocate bus: %m");
55 r
= sd_bus_set_description(b
, "sd-proxy");
57 return log_error_errno(r
, "Failed to set bus name: %m");
59 r
= sd_bus_set_address(b
, destination
);
61 return log_error_errno(r
, "Failed to set address to connect to: %m");
63 r
= sd_bus_negotiate_fds(b
, negotiate_fds
);
65 return log_error_errno(r
, "Failed to set FD negotiation: %m");
67 r
= sd_bus_negotiate_creds(b
, true, SD_BUS_CREDS_EUID
|SD_BUS_CREDS_PID
|SD_BUS_CREDS_EGID
|SD_BUS_CREDS_SELINUX_CONTEXT
);
69 return log_error_errno(r
, "Failed to set credential negotiation: %m");
71 if (p
->local_creds
.pid
> 0) {
72 b
->fake_pids
.pid
= p
->local_creds
.pid
;
73 b
->fake_pids_valid
= true;
75 b
->fake_creds
.uid
= UID_INVALID
;
76 b
->fake_creds
.euid
= p
->local_creds
.uid
;
77 b
->fake_creds
.suid
= UID_INVALID
;
78 b
->fake_creds
.fsuid
= UID_INVALID
;
79 b
->fake_creds
.gid
= GID_INVALID
;
80 b
->fake_creds
.egid
= p
->local_creds
.gid
;
81 b
->fake_creds
.sgid
= GID_INVALID
;
82 b
->fake_creds
.fsgid
= GID_INVALID
;
83 b
->fake_creds_valid
= true;
87 b
->fake_label
= strdup(local_sec
);
92 b
->manual_peer_interface
= true;
96 return log_error_errno(r
, "Failed to start bus client: %m");
98 p
->destination_bus
= b
;
103 static int proxy_create_local(Proxy
*p
, int in_fd
, int out_fd
, bool negotiate_fds
) {
104 _cleanup_bus_close_unref_ sd_bus
*b
= NULL
;
105 sd_id128_t server_id
;
110 return log_error_errno(r
, "Failed to allocate bus: %m");
112 r
= sd_bus_set_fd(b
, in_fd
, out_fd
);
114 return log_error_errno(r
, "Failed to set fds: %m");
116 r
= sd_bus_get_bus_id(p
->destination_bus
, &server_id
);
118 return log_error_errno(r
, "Failed to get server ID: %m");
120 r
= sd_bus_set_server(b
, 1, server_id
);
122 return log_error_errno(r
, "Failed to set server mode: %m");
124 r
= sd_bus_negotiate_fds(b
, negotiate_fds
);
126 return log_error_errno(r
, "Failed to set FD negotiation: %m");
128 r
= sd_bus_negotiate_creds(b
, true, SD_BUS_CREDS_EUID
|SD_BUS_CREDS_PID
|SD_BUS_CREDS_EGID
|SD_BUS_CREDS_SELINUX_CONTEXT
);
130 return log_error_errno(r
, "Failed to set credential negotiation: %m");
132 r
= sd_bus_set_anonymous(b
, true);
134 return log_error_errno(r
, "Failed to set anonymous authentication: %m");
136 b
->manual_peer_interface
= true;
140 return log_error_errno(r
, "Failed to start bus client: %m");
147 static int proxy_prepare_matches(Proxy
*p
) {
148 _cleanup_free_
char *match
= NULL
;
152 if (!p
->destination_bus
->is_kernel
)
155 r
= sd_bus_get_unique_name(p
->destination_bus
, &unique
);
157 return log_error_errno(r
, "Failed to get unique name: %m");
159 match
= strjoin("type='signal',"
160 "sender='org.freedesktop.DBus',"
161 "path='/org/freedesktop/DBus',"
162 "interface='org.freedesktop.DBus',"
163 "member='NameOwnerChanged',"
171 r
= sd_bus_add_match(p
->destination_bus
, NULL
, match
, NULL
, NULL
);
173 return log_error_errno(r
, "Failed to add match for NameLost: %m");
176 match
= strjoin("type='signal',"
177 "sender='org.freedesktop.DBus',"
178 "path='/org/freedesktop/DBus',"
179 "interface='org.freedesktop.DBus',"
180 "member='NameOwnerChanged',"
188 r
= sd_bus_add_match(p
->destination_bus
, NULL
, match
, NULL
, NULL
);
190 return log_error_errno(r
, "Failed to add match for NameAcquired: %m");
195 int proxy_new(Proxy
**out
, int in_fd
, int out_fd
, const char *destination
) {
196 _cleanup_(proxy_freep
) Proxy
*p
= NULL
;
197 _cleanup_free_
char *local_sec
= NULL
;
206 p
->local_out
= out_fd
;
208 p
->owned_names
= set_new(&string_hash_ops
);
212 is_unix
= sd_is_socket(in_fd
, AF_UNIX
, 0, 0) > 0 &&
213 sd_is_socket(out_fd
, AF_UNIX
, 0, 0) > 0;
216 (void) getpeercred(in_fd
, &p
->local_creds
);
217 (void) getpeersec(in_fd
, &local_sec
);
220 r
= proxy_create_destination(p
, destination
, local_sec
, is_unix
);
224 r
= proxy_create_local(p
, in_fd
, out_fd
, is_unix
);
228 r
= proxy_prepare_matches(p
);
237 Proxy
*proxy_free(Proxy
*p
) {
241 sd_bus_close_unrefp(&p
->local_bus
);
242 sd_bus_close_unrefp(&p
->destination_bus
);
243 set_free_free(p
->owned_names
);
249 int proxy_set_policy(Proxy
*p
, SharedPolicy
*sp
, char **configuration
) {
250 _cleanup_strv_free_
char **strv
= NULL
;
257 /* no need to load legacy policy if destination is not kdbus */
258 if (!p
->destination_bus
->is_kernel
)
263 policy
= shared_policy_acquire(sp
);
265 /* policy already pre-loaded */
266 shared_policy_release(sp
, policy
);
270 if (!configuration
) {
273 r
= sd_bus_get_scope(p
->destination_bus
, &scope
);
275 return log_error_errno(r
, "Couldn't determine bus scope: %m");
277 if (streq(scope
, "system"))
278 strv
= strv_new("/usr/share/dbus-1/system.conf",
279 "/etc/dbus-1/system.conf",
280 "/usr/share/dbus-1/system.d/",
281 "/etc/dbus-1/system.d/",
282 "/etc/dbus-1/system-local.conf",
284 else if (streq(scope
, "user"))
285 strv
= strv_new("/usr/share/dbus-1/session.conf",
286 "/etc/dbus-1/session.conf",
287 "/usr/share/dbus-1/session.d/",
288 "/etc/dbus-1/session.d/",
289 "/etc/dbus-1/session-local.conf",
292 return log_error("Unknown scope %s, don't know which policy to load. Refusing.", scope
);
297 configuration
= strv
;
300 return shared_policy_preload(sp
, configuration
);
303 int proxy_hello_policy(Proxy
*p
, uid_t original_uid
) {
312 policy
= shared_policy_acquire(p
->policy
);
314 if (p
->local_creds
.uid
== original_uid
)
315 log_debug("Permitting access, since bus owner matches bus client.");
316 else if (policy_check_hello(policy
, p
->local_creds
.uid
, p
->local_creds
.gid
))
317 log_debug("Permitting access due to XML policy.");
319 r
= log_error_errno(EPERM
, "Policy denied connection.");
321 shared_policy_release(p
->policy
, policy
);
326 static int proxy_wait(Proxy
*p
) {
327 uint64_t timeout_destination
, timeout_local
, t
;
328 int events_destination
, events_local
, fd
;
329 struct timespec _ts
, *ts
;
330 struct pollfd
*pollfd
;
335 fd
= sd_bus_get_fd(p
->destination_bus
);
337 return log_error_errno(fd
, "Failed to get fd: %m");
339 events_destination
= sd_bus_get_events(p
->destination_bus
);
340 if (events_destination
< 0)
341 return log_error_errno(events_destination
, "Failed to get events mask: %m");
343 r
= sd_bus_get_timeout(p
->destination_bus
, &timeout_destination
);
345 return log_error_errno(r
, "Failed to get timeout: %m");
347 events_local
= sd_bus_get_events(p
->local_bus
);
348 if (events_local
< 0)
349 return log_error_errno(events_local
, "Failed to get events mask: %m");
351 r
= sd_bus_get_timeout(p
->local_bus
, &timeout_local
);
353 return log_error_errno(r
, "Failed to get timeout: %m");
355 t
= timeout_destination
;
356 if (t
== (uint64_t) -1 || (timeout_local
!= (uint64_t) -1 && timeout_local
< timeout_destination
))
359 if (t
== (uint64_t) -1)
364 nw
= now(CLOCK_MONOTONIC
);
370 ts
= timespec_store(&_ts
, t
);
373 pollfd
= (struct pollfd
[3]) {
374 { .fd
= fd
, .events
= events_destination
, },
375 { .fd
= p
->local_in
, .events
= events_local
& POLLIN
, },
376 { .fd
= p
->local_out
, .events
= events_local
& POLLOUT
, },
379 r
= ppoll(pollfd
, 3, ts
, NULL
);
381 return log_error_errno(errno
, "ppoll() failed: %m");
386 static int handle_policy_error(sd_bus_message
*m
, int r
) {
387 if (r
== -ESRCH
|| r
== -ENXIO
)
388 return synthetic_reply_method_errorf(m
, SD_BUS_ERROR_NAME_HAS_NO_OWNER
, "Name %s is currently not owned by anyone.", m
->destination
);
393 static int process_policy_unlocked(sd_bus
*from
, sd_bus
*to
, sd_bus_message
*m
, Policy
*policy
, const struct ucred
*our_ucred
, Set
*owned_names
) {
404 * dbus-1 distinguishes expected and non-expected replies by tracking
405 * method-calls and timeouts. By default, DENY rules are *NEVER* applied
406 * on expected replies, unless explicitly specified. But we dont track
407 * method-calls, thus, we cannot know whether a reply is expected.
408 * Fortunately, the kdbus forbids non-expected replies, so we can safely
409 * ignore any policy on those and let the kernel deal with it.
411 * TODO: To be correct, we should only ignore policy-tags that are
412 * applied on non-expected replies. However, so far we don't parse those
413 * tags so we let everything pass. I haven't seen a DENY policy tag on
414 * expected-replies, ever, so don't bother..
416 if (m
->reply_cookie
> 0)
419 if (from
->is_kernel
) {
420 uid_t sender_uid
= UID_INVALID
;
421 gid_t sender_gid
= GID_INVALID
;
422 char **sender_names
= NULL
;
424 /* Driver messages are always OK */
425 if (streq_ptr(m
->sender
, "org.freedesktop.DBus"))
428 /* The message came from the kernel, and is sent to our legacy client. */
429 (void) sd_bus_creds_get_well_known_names(&m
->creds
, &sender_names
);
431 (void) sd_bus_creds_get_euid(&m
->creds
, &sender_uid
);
432 (void) sd_bus_creds_get_egid(&m
->creds
, &sender_gid
);
434 if (sender_uid
== UID_INVALID
|| sender_gid
== GID_INVALID
) {
435 _cleanup_bus_creds_unref_ sd_bus_creds
*sender_creds
= NULL
;
437 /* If the message came from another legacy
438 * client, then the message creds will be
439 * missing, simply because on legacy clients
440 * per-message creds were unknown. In this
441 * case, query the creds of the peer
444 r
= bus_get_name_creds_kdbus(from
, m
->sender
, SD_BUS_CREDS_EUID
|SD_BUS_CREDS_EGID
, true, &sender_creds
);
446 return handle_policy_error(m
, r
);
448 (void) sd_bus_creds_get_euid(sender_creds
, &sender_uid
);
449 (void) sd_bus_creds_get_egid(sender_creds
, &sender_gid
);
452 /* First check whether the sender can send the message to our name */
453 if (policy_check_send(policy
, sender_uid
, sender_gid
, m
->header
->type
, owned_names
, NULL
, m
->path
, m
->interface
, m
->member
, false, NULL
) &&
454 policy_check_recv(policy
, our_ucred
->uid
, our_ucred
->gid
, m
->header
->type
, NULL
, sender_names
, m
->path
, m
->interface
, m
->member
, false))
457 /* Return an error back to the caller */
458 if (m
->header
->type
== SD_BUS_MESSAGE_METHOD_CALL
)
459 return synthetic_reply_method_errorf(m
, SD_BUS_ERROR_ACCESS_DENIED
, "Access prohibited by XML receiver policy.");
461 /* Return 1, indicating that the message shall not be processed any further */
466 _cleanup_bus_creds_unref_ sd_bus_creds
*destination_creds
= NULL
;
467 uid_t destination_uid
= UID_INVALID
;
468 gid_t destination_gid
= GID_INVALID
;
469 const char *destination_unique
= NULL
;
470 char **destination_names
= NULL
;
473 /* Driver messages are always OK */
474 if (streq_ptr(m
->destination
, "org.freedesktop.DBus"))
477 /* The message came from the legacy client, and is sent to kdbus. */
478 if (m
->destination
) {
479 r
= bus_get_name_creds_kdbus(to
, m
->destination
,
480 SD_BUS_CREDS_WELL_KNOWN_NAMES
|SD_BUS_CREDS_UNIQUE_NAME
|
481 SD_BUS_CREDS_EUID
|SD_BUS_CREDS_EGID
|SD_BUS_CREDS_PID
,
482 true, &destination_creds
);
484 return handle_policy_error(m
, r
);
486 r
= sd_bus_creds_get_unique_name(destination_creds
, &destination_unique
);
488 return handle_policy_error(m
, r
);
490 (void) sd_bus_creds_get_well_known_names(destination_creds
, &destination_names
);
492 (void) sd_bus_creds_get_euid(destination_creds
, &destination_uid
);
493 (void) sd_bus_creds_get_egid(destination_creds
, &destination_gid
);
496 /* First check if we (the sender) can send to this name */
497 if (policy_check_send(policy
, our_ucred
->uid
, our_ucred
->gid
, m
->header
->type
, NULL
, destination_names
, m
->path
, m
->interface
, m
->member
, true, &n
)) {
499 /* If we made a receiver decision, then remember which
500 * name's policy we used, and to which unique ID it
501 * mapped when we made the decision. Then, let's pass
502 * this to the kernel when sending the message, so that
503 * it refuses the operation should the name and unique
504 * ID not map to each other anymore. */
506 r
= free_and_strdup(&m
->destination_ptr
, n
);
510 r
= bus_kernel_parse_unique_name(destination_unique
, &m
->verify_destination_id
);
515 if (sd_bus_message_is_signal(m
, NULL
, NULL
)) {
516 /* If we forward a signal from dbus-1 to kdbus,
517 * we have no idea who the recipient is.
518 * Therefore, we cannot apply any dbus-1
519 * receiver policies that match on receiver
520 * credentials. We know sd-bus always sets
521 * KDBUS_MSG_SIGNAL, so the kernel applies
522 * receiver policies to the message. Therefore,
523 * skip policy checks in this case. */
525 } else if (policy_check_recv(policy
, destination_uid
, destination_gid
, m
->header
->type
, owned_names
, NULL
, m
->path
, m
->interface
, m
->member
, true)) {
530 /* Return an error back to the caller */
531 if (m
->header
->type
== SD_BUS_MESSAGE_METHOD_CALL
)
532 return synthetic_reply_method_errorf(m
, SD_BUS_ERROR_ACCESS_DENIED
, "Access prohibited by XML sender policy.");
534 /* Return 1, indicating that the message shall not be processed any further */
541 static int process_policy(sd_bus
*from
, sd_bus
*to
, sd_bus_message
*m
, SharedPolicy
*sp
, const struct ucred
*our_ucred
, Set
*owned_names
) {
547 policy
= shared_policy_acquire(sp
);
548 r
= process_policy_unlocked(from
, to
, m
, policy
, our_ucred
, owned_names
);
549 shared_policy_release(sp
, policy
);
554 static int process_hello(Proxy
*p
, sd_bus_message
*m
) {
555 _cleanup_bus_message_unref_ sd_bus_message
*n
= NULL
;
562 /* As reaction to hello we need to respond with two messages:
563 * the callback reply and the NameAcquired for the unique
564 * name, since hello is otherwise obsolete on kdbus. */
567 sd_bus_message_is_method_call(m
, "org.freedesktop.DBus", "Hello") &&
568 streq_ptr(m
->destination
, "org.freedesktop.DBus");
574 return log_error_errno(EIO
, "First packet isn't hello (it's %s.%s), aborting.", m
->interface
, m
->member
);
578 return log_error_errno(EIO
, "Got duplicate hello, aborting.");
582 if (!p
->destination_bus
->is_kernel
)
585 r
= sd_bus_message_new_method_return(m
, &n
);
587 return log_error_errno(r
, "Failed to generate HELLO reply: %m");
589 r
= sd_bus_message_append(n
, "s", p
->destination_bus
->unique_name
);
591 return log_error_errno(r
, "Failed to append unique name to HELLO reply: %m");
593 r
= bus_message_append_sender(n
, "org.freedesktop.DBus");
595 return log_error_errno(r
, "Failed to append sender to HELLO reply: %m");
597 r
= bus_seal_synthetic_message(p
->local_bus
, n
);
599 return log_error_errno(r
, "Failed to seal HELLO reply: %m");
601 r
= sd_bus_send(p
->local_bus
, n
, NULL
);
603 return log_error_errno(r
, "Failed to send HELLO reply: %m");
605 n
= sd_bus_message_unref(n
);
606 r
= sd_bus_message_new_signal(
609 "/org/freedesktop/DBus",
610 "org.freedesktop.DBus",
613 return log_error_errno(r
, "Failed to allocate initial NameAcquired message: %m");
615 r
= sd_bus_message_append(n
, "s", p
->destination_bus
->unique_name
);
617 return log_error_errno(r
, "Failed to append unique name to NameAcquired message: %m");
619 r
= bus_message_append_sender(n
, "org.freedesktop.DBus");
621 return log_error_errno(r
, "Failed to append sender to NameAcquired message: %m");
623 r
= bus_seal_synthetic_message(p
->local_bus
, n
);
625 return log_error_errno(r
, "Failed to seal NameAcquired message: %m");
627 r
= sd_bus_send(p
->local_bus
, n
, NULL
);
629 return log_error_errno(r
, "Failed to send NameAcquired message: %m");
634 static int patch_sender(sd_bus
*a
, sd_bus_message
*m
) {
635 char **well_known
= NULL
;
645 /* We will change the sender of messages from the bus driver
646 * so that they originate from the bus driver. This is a
647 * speciality originating from dbus1, where the bus driver did
648 * not have a unique id, but only the well-known name. */
650 c
= sd_bus_message_get_creds(m
);
654 r
= sd_bus_creds_get_well_known_names(c
, &well_known
);
658 if (strv_contains(well_known
, "org.freedesktop.DBus"))
659 m
->sender
= "org.freedesktop.DBus";
664 static int proxy_process_destination_to_local(Proxy
*p
) {
665 _cleanup_bus_message_unref_ sd_bus_message
*m
= NULL
;
670 r
= sd_bus_process(p
->destination_bus
, &m
);
671 if (r
== -ECONNRESET
|| r
== -ENOTCONN
) /* Treat 'connection reset by peer' as clean exit condition */
674 log_error_errno(r
, "Failed to process destination bus: %m");
682 /* We officially got EOF, let's quit */
683 if (sd_bus_message_is_signal(m
, "org.freedesktop.DBus.Local", "Disconnected"))
686 r
= synthesize_name_acquired(p
->destination_bus
, p
->local_bus
, m
);
687 if (r
== -ECONNRESET
|| r
== -ENOTCONN
)
690 return log_error_errno(r
, "Failed to synthesize message: %m");
692 patch_sender(p
->destination_bus
, m
);
695 r
= process_policy(p
->destination_bus
, p
->local_bus
, m
, p
->policy
, &p
->local_creds
, p
->owned_names
);
696 if (r
== -ECONNRESET
|| r
== -ENOTCONN
)
699 return log_error_errno(r
, "Failed to process policy: %m");
704 r
= sd_bus_send(p
->local_bus
, m
, NULL
);
706 if (r
== -ECONNRESET
|| r
== -ENOTCONN
)
709 /* If the peer tries to send a reply and it is
710 * rejected with EPERM by the kernel, we ignore the
711 * error. This catches cases where the original
712 * method-call didn't had EXPECT_REPLY set, but the
713 * proxy-peer still sends a reply. This is allowed in
714 * dbus1, but not in kdbus. We don't want to track
715 * reply-windows in the proxy, so we simply ignore
716 * EPERM for all replies. The only downside is, that
717 * callers are no longer notified if their replies are
718 * dropped. However, this is equivalent to the
719 * caller's timeout to expire, so this should be
720 * acceptable. Nobody sane sends replies without a
721 * matching method-call, so nobody should care. */
722 if (r
== -EPERM
&& m
->reply_cookie
> 0)
725 /* Return the error to the client, if we can */
726 synthetic_reply_method_errnof(m
, r
, "Failed to forward message we got from destination: %m");
728 /* if local dbus1 peer does not dispatch its queue, warn only once */
729 if (!p
->queue_overflow
)
730 log_error("Dropped messages due to queue overflow of local peer (pid: "PID_FMT
" uid: "UID_FMT
")", p
->local_creds
.pid
, p
->local_creds
.uid
);
731 p
->queue_overflow
= true;
734 "Failed to forward message we got from destination: uid=" UID_FMT
" gid=" GID_FMT
" message=%s destination=%s path=%s interface=%s member=%s: %m",
735 p
->local_creds
.uid
, p
->local_creds
.gid
, bus_message_type_to_string(m
->header
->type
),
736 strna(m
->destination
), strna(m
->path
), strna(m
->interface
), strna(m
->member
));
741 p
->queue_overflow
= false;
745 static int proxy_process_local_to_destination(Proxy
*p
) {
746 _cleanup_bus_message_unref_ sd_bus_message
*m
= NULL
;
751 r
= sd_bus_process(p
->local_bus
, &m
);
752 if (r
== -ECONNRESET
|| r
== -ENOTCONN
) /* Treat 'connection reset by peer' as clean exit condition */
755 log_error_errno(r
, "Failed to process local bus: %m");
763 /* We officially got EOF, let's quit */
764 if (sd_bus_message_is_signal(m
, "org.freedesktop.DBus.Local", "Disconnected"))
767 r
= process_hello(p
, m
);
768 if (r
== -ECONNRESET
|| r
== -ENOTCONN
)
771 return log_error_errno(r
, "Failed to process HELLO: %m");
775 r
= bus_proxy_process_driver(p
->destination_bus
, p
->local_bus
, m
, p
->policy
, &p
->local_creds
, p
->owned_names
);
776 if (r
== -ECONNRESET
|| r
== -ENOTCONN
)
779 return log_error_errno(r
, "Failed to process driver calls: %m");
785 r
= process_policy(p
->local_bus
, p
->destination_bus
, m
, p
->policy
, &p
->local_creds
, p
->owned_names
);
786 if (r
== -ECONNRESET
|| r
== -ENOTCONN
)
789 return log_error_errno(r
, "Failed to process policy: %m");
794 r
= sd_bus_send(p
->destination_bus
, m
, NULL
);
796 if (r
== -ECONNRESET
|| r
== -ENOTCONN
)
799 /* The name database changed since the policy check, hence let's check again */
803 /* see above why EPERM is ignored for replies */
804 if (r
== -EPERM
&& m
->reply_cookie
> 0)
807 synthetic_reply_method_errnof(m
, r
, "Failed to forward message we got from local: %m");
809 "Failed to forward message we got from local: uid=" UID_FMT
" gid=" GID_FMT
" message=%s destination=%s path=%s interface=%s member=%s: %m",
810 p
->local_creds
.uid
, p
->local_creds
.gid
, bus_message_type_to_string(m
->header
->type
),
811 strna(m
->destination
), strna(m
->path
), strna(m
->interface
), strna(m
->member
));
821 int proxy_run(Proxy
*p
) {
830 /* Read messages from bus, to pass them on to our client */
831 r
= proxy_process_destination_to_local(p
);
832 if (r
== -ECONNRESET
|| r
== -ENOTCONN
)
840 /* Read messages from our client, to pass them on to the bus */
841 r
= proxy_process_local_to_destination(p
);
842 if (r
== -ECONNRESET
|| r
== -ENOTCONN
)
851 if (r
== -ECONNRESET
|| r
== -ENOTCONN
)