chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bus: when the first char a server receives isn't the NUL byte immediately fail
[elogind.git]
/
src
/
libsystemd-bus
/
bus-socket.c
diff --git
a/src/libsystemd-bus/bus-socket.c
b/src/libsystemd-bus/bus-socket.c
index ce6af49b266a3c6fb9ef0d827e6a531d7e697010..82e683a9578724bd9acd2e5f459afb804ea01734 100644
(file)
--- a/
src/libsystemd-bus/bus-socket.c
+++ b/
src/libsystemd-bus/bus-socket.c
@@
-31,6
+31,7
@@
#include "missing.h"
#include "strv.h"
#include "utf8.h"
#include "missing.h"
#include "strv.h"
#include "utf8.h"
+#include "sd-daemon.h"
#include "sd-bus.h"
#include "bus-socket.h"
#include "sd-bus.h"
#include "bus-socket.h"
@@
-234,7
+235,7
@@
static int verify_external_token(sd_bus *b, const char *p, size_t l) {
* the owner of this bus wanted authentication he should have
* checked SO_PEERCRED before even creating the bus object. */
* the owner of this bus wanted authentication he should have
* checked SO_PEERCRED before even creating the bus object. */
- if (!b->ucred_valid)
+ if (!b->
anonymous_auth && !b->
ucred_valid)
return 0;
if (l <= 0)
return 0;
if (l <= 0)
@@
-257,7
+258,9
@@
static int verify_external_token(sd_bus *b, const char *p, size_t l) {
if (r < 0)
return 0;
if (r < 0)
return 0;
- if (u != b->ucred.uid)
+ /* We ignore the passed value if anonymous authentication is
+ * on anyway. */
+ if (!b->anonymous_auth && u != b->ucred.uid)
return 0;
return 1;
return 0;
return 1;
@@
-310,13
+313,16
@@
static int bus_socket_auth_verify_server(sd_bus *b) {
assert(b);
assert(b);
- if (b->rbuffer_size <
3
)
+ if (b->rbuffer_size <
1
)
return 0;
/* First char must be a NUL byte */
if (*(char*) b->rbuffer != 0)
return -EIO;
return 0;
/* First char must be a NUL byte */
if (*(char*) b->rbuffer != 0)
return -EIO;
+ if (b->rbuffer_size < 3)
+ return 0;
+
/* Begin with the first line */
if (b->auth_rbegin <= 0)
b->auth_rbegin = 1;
/* Begin with the first line */
if (b->auth_rbegin <= 0)
b->auth_rbegin = 1;
@@
-589,25
+595,17
@@
static int bus_socket_start_auth_client(sd_bus *b) {
}
static int bus_socket_start_auth(sd_bus *b) {
}
static int bus_socket_start_auth(sd_bus *b) {
- int domain = 0, r;
- socklen_t sl;
-
assert(b);
b->state = BUS_AUTHENTICATING;
b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
assert(b);
b->state = BUS_AUTHENTICATING;
b->auth_timeout = now(CLOCK_MONOTONIC) + BUS_DEFAULT_TIMEOUT;
- sl = sizeof(domain);
- r = getsockopt(b->input_fd, SOL_SOCKET, SO_DOMAIN, &domain, &sl);
- if (r < 0 || domain != AF_UNIX)
+ if (sd_is_socket(b->input_fd, AF_UNIX, 0, 0) <= 0)
b->negotiate_fds = false;
b->negotiate_fds = false;
- if (b->output_fd != b->input_fd) {
- r = getsockopt(b->output_fd, SOL_SOCKET, SO_DOMAIN, &domain, &sl);
- if (r < 0 || domain != AF_UNIX)
+ if (b->output_fd != b->input_fd)
+ if (sd_is_socket(b->output_fd, AF_UNIX, 0, 0) <= 0)
b->negotiate_fds = false;
b->negotiate_fds = false;
- }
-
if (b->is_server)
return bus_socket_read_auth(b);
if (b->is_server)
return bus_socket_read_auth(b);