summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
e23f4bb)
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
if (!sd_bus_message_has_signature(m, "s"))
return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS, "Invalid parameters"));
if (!sd_bus_message_has_signature(m, "s"))
return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS, "Invalid parameters"));
- r = get_creds_by_message(a, m, SD_BUS_CREDS_UID, &creds, &error);
+ r = get_creds_by_message(a, m, SD_BUS_CREDS_EUID, &creds, &error);
if (r < 0)
return synthetic_reply_method_errno(m, r, &error);
if (r < 0)
return synthetic_reply_method_errno(m, r, &error);
if (r < 0)
return log_error_errno(r, "Failed to set FD negotiation: %m");
if (r < 0)
return log_error_errno(r, "Failed to set FD negotiation: %m");
- r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_GID|SD_BUS_CREDS_SELINUX_CONTEXT);
+ r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SELINUX_CONTEXT);
if (r < 0)
return log_error_errno(r, "Failed to set credential negotiation: %m");
if (r < 0)
return log_error_errno(r, "Failed to set credential negotiation: %m");
if (r < 0)
return log_error_errno(r, "Failed to set FD negotiation: %m");
if (r < 0)
return log_error_errno(r, "Failed to set FD negotiation: %m");
- r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_GID|SD_BUS_CREDS_SELINUX_CONTEXT);
+ r = sd_bus_negotiate_creds(b, true, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SELINUX_CONTEXT);
if (r < 0)
return log_error_errno(r, "Failed to set credential negotiation: %m");
if (r < 0)
return log_error_errno(r, "Failed to set credential negotiation: %m");
/* The message came from the kernel, and is sent to our legacy client. */
sd_bus_creds_get_well_known_names(&m->creds, &sender_names);
/* The message came from the kernel, and is sent to our legacy client. */
sd_bus_creds_get_well_known_names(&m->creds, &sender_names);
- (void) sd_bus_creds_get_uid(&m->creds, &sender_uid);
- (void) sd_bus_creds_get_gid(&m->creds, &sender_gid);
+ (void) sd_bus_creds_get_euid(&m->creds, &sender_uid);
+ (void) sd_bus_creds_get_egid(&m->creds, &sender_gid);
if (sender_uid == UID_INVALID || sender_gid == GID_INVALID) {
_cleanup_bus_creds_unref_ sd_bus_creds *sender_creds = NULL;
if (sender_uid == UID_INVALID || sender_gid == GID_INVALID) {
_cleanup_bus_creds_unref_ sd_bus_creds *sender_creds = NULL;
* case, query the creds of the peer
* instead. */
* case, query the creds of the peer
* instead. */
- r = bus_get_name_creds_kdbus(from, m->sender, SD_BUS_CREDS_UID|SD_BUS_CREDS_GID, true, &sender_creds);
+ r = bus_get_name_creds_kdbus(from, m->sender, SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID, true, &sender_creds);
if (r < 0)
return handle_policy_error(m, r);
if (r < 0)
return handle_policy_error(m, r);
- (void) sd_bus_creds_get_uid(sender_creds, &sender_uid);
- (void) sd_bus_creds_get_gid(sender_creds, &sender_gid);
+ (void) sd_bus_creds_get_euid(sender_creds, &sender_uid);
+ (void) sd_bus_creds_get_egid(sender_creds, &sender_gid);
}
/* First check whether the sender can send the message to our name */
}
/* First check whether the sender can send the message to our name */
if (m->destination) {
r = bus_get_name_creds_kdbus(to, m->destination,
SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
if (m->destination) {
r = bus_get_name_creds_kdbus(to, m->destination,
SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
- SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID,
+ SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_PID,
true, &destination_creds);
if (r < 0)
return handle_policy_error(m, r);
true, &destination_creds);
if (r < 0)
return handle_policy_error(m, r);
sd_bus_creds_get_well_known_names(destination_creds, &destination_names);
sd_bus_creds_get_well_known_names(destination_creds, &destination_names);
- (void) sd_bus_creds_get_uid(destination_creds, &destination_uid);
- (void) sd_bus_creds_get_gid(destination_creds, &destination_gid);
+ (void) sd_bus_creds_get_euid(destination_creds, &destination_uid);
+ (void) sd_bus_creds_get_egid(destination_creds, &destination_gid);
}
/* First check if we (the sender) can send to this name */
}
/* First check if we (the sender) can send to this name */
- r = sd_bus_get_owner_creds(b, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_COMM|SD_BUS_CREDS_AUGMENT, &creds);
+ r = sd_bus_get_owner_creds(b, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_COMM|SD_BUS_CREDS_AUGMENT, &creds);
- r = sd_bus_creds_get_uid(creds, &uid);
+ r = sd_bus_creds_get_euid(creds, &uid);
if (sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid) >= 0)
snprintf(login_uid_buf, sizeof(login_uid_buf), UID_FMT, login_uid);
if (sd_bus_creds_get_audit_login_uid(audit->creds, &login_uid) >= 0)
snprintf(login_uid_buf, sizeof(login_uid_buf), UID_FMT, login_uid);
- if (sd_bus_creds_get_uid(audit->creds, &uid) >= 0)
+ if (sd_bus_creds_get_euid(audit->creds, &uid) >= 0)
snprintf(uid_buf, sizeof(uid_buf), UID_FMT, uid);
snprintf(uid_buf, sizeof(uid_buf), UID_FMT, uid);
- if (sd_bus_creds_get_gid(audit->creds, &gid) >= 0)
+ if (sd_bus_creds_get_egid(audit->creds, &gid) >= 0)
snprintf(gid_buf, sizeof(gid_buf), GID_FMT, gid);
snprintf(msgbuf, msgbufsize,
snprintf(gid_buf, sizeof(gid_buf), GID_FMT, gid);
snprintf(msgbuf, msgbufsize,
r = sd_bus_query_sender_creds(
message,
r = sd_bus_query_sender_creds(
message,
- SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|
+ SD_BUS_CREDS_PID|SD_BUS_CREDS_EUID|SD_BUS_CREDS_EGID|
SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
SD_BUS_CREDS_SELINUX_CONTEXT|
SD_BUS_CREDS_AUGMENT /* get more bits from /proc */,
SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_AUDIT_LOGIN_UID|
SD_BUS_CREDS_SELINUX_CONTEXT|
SD_BUS_CREDS_AUGMENT /* get more bits from /proc */,
if ((mask & SD_BUS_CREDS_PID) ||
((mask & SD_BUS_CREDS_AUGMENT) &&
if ((mask & SD_BUS_CREDS_PID) ||
((mask & SD_BUS_CREDS_AUGMENT) &&
- (mask & (SD_BUS_CREDS_EUID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID|
+ (mask & (SD_BUS_CREDS_UID|SD_BUS_CREDS_SUID|SD_BUS_CREDS_FSUID|
SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID|
SD_BUS_CREDS_COMM|SD_BUS_CREDS_EXE|SD_BUS_CREDS_CMDLINE|
SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID|
SD_BUS_CREDS_GID|SD_BUS_CREDS_EGID|SD_BUS_CREDS_SGID|SD_BUS_CREDS_FSGID|
SD_BUS_CREDS_COMM|SD_BUS_CREDS_EXE|SD_BUS_CREDS_CMDLINE|
SD_BUS_CREDS_CGROUP|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_USER_UNIT|SD_BUS_CREDS_SLICE|SD_BUS_CREDS_SESSION|SD_BUS_CREDS_OWNER_UID|
reply = sd_bus_message_unref(reply);
}
reply = sd_bus_message_unref(reply);
}
- if (mask & SD_BUS_CREDS_UID) {
+ if (mask & SD_BUS_CREDS_EUID) {
uint32_t u;
r = sd_bus_call_method(
uint32_t u;
r = sd_bus_call_method(
- c->uid = u;
- c->mask |= SD_BUS_CREDS_UID;
+ c->euid = u;
+ c->mask |= SD_BUS_CREDS_EUID;
reply = sd_bus_message_unref(reply);
}
reply = sd_bus_message_unref(reply);
}
}
if (bus->ucred.uid != UID_INVALID) {
}
if (bus->ucred.uid != UID_INVALID) {
- c->uid = bus->ucred.uid;
- c->mask |= SD_BUS_CREDS_UID & mask;
+ c->euid = bus->ucred.uid;
+ c->mask |= SD_BUS_CREDS_EUID & mask;
}
if (bus->ucred.gid != GID_INVALID) {
}
if (bus->ucred.gid != GID_INVALID) {
- c->gid = bus->ucred.gid;
- c->mask |= SD_BUS_CREDS_GID & mask;
+ c->egid = bus->ucred.gid;
+ c->mask |= SD_BUS_CREDS_EGID & mask;
if (ucred) {
m->creds.pid = ucred->pid;
if (ucred) {
m->creds.pid = ucred->pid;
- m->creds.uid = ucred->uid;
- m->creds.gid = ucred->gid;
+ m->creds.euid = ucred->uid;
+ m->creds.egid = ucred->gid;
/* Due to namespace translations some data might be
* missing from this ucred record. */
if (m->creds.pid > 0)
m->creds.mask |= SD_BUS_CREDS_PID;
/* Due to namespace translations some data might be
* missing from this ucred record. */
if (m->creds.pid > 0)
m->creds.mask |= SD_BUS_CREDS_PID;
- if (m->creds.uid != UID_INVALID)
- m->creds.mask |= SD_BUS_CREDS_UID;
+ if (m->creds.euid != UID_INVALID)
+ m->creds.mask |= SD_BUS_CREDS_EUID;
- if (m->creds.gid != GID_INVALID)
- m->creds.mask |= SD_BUS_CREDS_GID;
+ if (m->creds.egid != GID_INVALID)
+ m->creds.mask |= SD_BUS_CREDS_EGID;
r = sd_bus_get_name_creds(
bus, *i,
(arg_augment_creds ? SD_BUS_CREDS_AUGMENT : 0) |
r = sd_bus_get_name_creds(
bus, *i,
(arg_augment_creds ? SD_BUS_CREDS_AUGMENT : 0) |
- SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_COMM|
+ SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID|SD_BUS_CREDS_COMM|
SD_BUS_CREDS_UNIQUE_NAME|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_SESSION|
SD_BUS_CREDS_DESCRIPTION, &creds);
if (r >= 0) {
SD_BUS_CREDS_UNIQUE_NAME|SD_BUS_CREDS_UNIT|SD_BUS_CREDS_SESSION|
SD_BUS_CREDS_DESCRIPTION, &creds);
if (r >= 0) {
} else
fputs(" - - ", stdout);
} else
fputs(" - - ", stdout);
- r = sd_bus_creds_get_uid(creds, &uid);
+ r = sd_bus_creds_get_euid(creds, &uid);
if (r >= 0) {
_cleanup_free_ char *u = NULL;
if (r >= 0) {
_cleanup_free_ char *u = NULL;
return sd_bus_error_setf(error, BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED, "Sleep verb not supported");
}
return sd_bus_error_setf(error, BUS_ERROR_SLEEP_VERB_NOT_SUPPORTED, "Sleep verb not supported");
}
- r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID, &creds);
+ r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
- r = sd_bus_creds_get_uid(creds, &uid);
+ r = sd_bus_creds_get_euid(creds, &uid);
return sd_bus_reply_method_return(message, "s", "na");
}
return sd_bus_reply_method_return(message, "s", "na");
}
- r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID, &creds);
+ r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
- r = sd_bus_creds_get_uid(creds, &uid);
+ r = sd_bus_creds_get_euid(creds, &uid);
if (r == 0)
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
if (r == 0)
return 1; /* No authorization for now, but the async polkit stuff will call us again when it has it */
- r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID, &creds);
+ r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID|SD_BUS_CREDS_PID, &creds);
- r = sd_bus_creds_get_uid(creds, &uid);
+ r = sd_bus_creds_get_euid(creds, &uid);
- r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID, &creds);
+ r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
- r = sd_bus_creds_get_uid(creds, &uid);
+ r = sd_bus_creds_get_euid(creds, &uid);
- r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_UID, &creds);
+ r = sd_bus_query_sender_creds(message, SD_BUS_CREDS_EUID, &creds);
- r = sd_bus_creds_get_uid(creds, &uid);
+ r = sd_bus_creds_get_euid(creds, &uid);