bus: don't process Peer interface messages in the proxy

[elogind.git] / src / bus-proxyd / bus-proxyd.c

diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 3b6e3399bbbd4961e5a9d1a7f2205fb82992512d..27122a5d717de9c39f69a7863ced5678da4070b3 100644 (file)
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -123,7 +123,7 @@ static int parse_argv(int argc, char *argv[]) {
         return 1;
 }
 
-static int rename_service(sd_bus *b) {
+static int rename_service(sd_bus *a, sd_bus *b) {
         _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
         _cleanup_free_ char *p = NULL, *name = NULL;
         const char *comm;
@@ -132,6 +132,7 @@ static int rename_service(sd_bus *b) {
         pid_t pid;
         int r;
 
+        assert(a);
         assert(b);
 
         r = sd_bus_get_peer_creds(b, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_COMM, &creds);
@@ -182,6 +183,11 @@ static int rename_service(sd_bus *b) {
                         memset(arg_command_line_buffer + w, 0, m - w);
         }
 
+        log_debug("Running on behalf of PID %lu (%s), UID %lu (%s), %s",
+                  (unsigned long) pid, p,
+                  (unsigned long) uid, name,
+                  a->unique_name);
+                ;
         return 0;
 }
 
@@ -365,6 +371,8 @@ int main(int argc, char *argv[]) {
         int r, in_fd, out_fd;
         bool got_hello = false;
         bool is_unix;
+        struct ucred ucred = {};
+        _cleanup_free_ char *peersec = NULL;
 
         log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
         log_parse_environment();
@@ -382,7 +390,7 @@ int main(int argc, char *argv[]) {
                 in_fd = SD_LISTEN_FDS_START;
                 out_fd = SD_LISTEN_FDS_START;
         } else {
-                log_error("Illegal number of file descriptors passed\n");
+                log_error("Illegal number of file descriptors passed");
                 goto finish;
         }
 
@@ -390,6 +398,11 @@ int main(int argc, char *argv[]) {
                 sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
                 sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
 
+        if (is_unix) {
+                getpeercred(in_fd, &ucred);
+                getpeersec(in_fd, &peersec);
+        }
+
         r = sd_bus_new(&a);
         if (r < 0) {
                 log_error("Failed to allocate bus: %s", strerror(-r));
@@ -408,6 +421,20 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
+        if (ucred.pid > 0) {
+                a->fake_creds.pid = ucred.pid;
+                a->fake_creds.uid = ucred.uid;
+                a->fake_creds.gid = ucred.gid;
+                a->fake_creds_valid = true;
+        }
+
+        if (peersec) {
+                a->fake_label = peersec;
+                peersec = NULL;
+        }
+
+        a->manual_peer_interface = true;
+
         r = sd_bus_start(a);
         if (r < 0) {
                 log_error("Failed to start bus client: %s", strerror(-r));
@@ -450,18 +477,20 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
+        b->manual_peer_interface = true;
+
         r = sd_bus_start(b);
         if (r < 0) {
                 log_error("Failed to start bus client: %s", strerror(-r));
                 goto finish;
         }
 
-        r = rename_service(b);
+        r = rename_service(a, b);
         if (r < 0)
                 log_debug("Failed to rename process: %s", strerror(-r));
 
         if (a->is_kernel) {
-                _cleanup_free_ char *match;
+                _cleanup_free_ char *match = NULL;
                 const char *unique;
 
                 r = sd_bus_get_unique_name(a, &unique);