X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Flibsystemd%2Fsd-bus%2Fbus-util.c;fp=src%2Flibsystemd%2Fsd-bus%2Fbus-util.c;h=3bd6b8db9afe2d44a6a7f09acce0849b2edf31f5;hb=c529695e7a30b300fdaa61ace4a8a4ed0e94ad1c;hp=52d4ebe6112f919ce4572a0ae08bc4f47756f50a;hpb=2723b3b51d409340558e46e37e90525d4f880fe1;p=elogind.git diff --git a/src/libsystemd/sd-bus/bus-util.c b/src/libsystemd/sd-bus/bus-util.c index 52d4ebe61..3bd6b8db9 100644 --- a/src/libsystemd/sd-bus/bus-util.c +++ b/src/libsystemd/sd-bus/bus-util.c @@ -190,11 +190,33 @@ int bus_name_has_owner(sd_bus *c, const char *name, sd_bus_error *error) { return has_owner; } +static int check_good_user(sd_bus_message *m, uid_t good_user) { + _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; + uid_t sender_uid; + int r; + + assert(m); + + if (good_user == UID_INVALID) + return 0; + + r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_EUID, &creds); + if (r < 0) + return r; + + r = sd_bus_creds_get_euid(creds, &sender_uid); + if (r < 0) + return r; + + return sender_uid == good_user; +} + int bus_verify_polkit( sd_bus_message *call, int capability, const char *action, bool interactive, + uid_t good_user, bool *_challenge, sd_bus_error *e) { @@ -203,6 +225,10 @@ int bus_verify_polkit( assert(call); assert(action); + r = check_good_user(call, good_user); + if (r != 0) + return r; + r = sd_bus_query_sender_privilege(call, capability); if (r < 0) return r; @@ -330,6 +356,7 @@ int bus_verify_polkit_async( int capability, const char *action, bool interactive, + uid_t good_user, Hashmap **registry, sd_bus_error *error) { @@ -347,6 +374,10 @@ int bus_verify_polkit_async( assert(action); assert(registry); + r = check_good_user(call, good_user); + if (r != 0) + return r; + #ifdef ENABLE_POLKIT q = hashmap_get(*registry, call); if (q) {