bus-policy: resolve [ug]id of POLICY_ITEM_{USER,GROUP}

Do the lookup during parsing already, and set i->uid, or i->gid to the
numerical values.

diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index 2c4708dd777c0d19d2cbfe6ee2b4a1a2dbe5ace4..ab16cda32bb52ebcca06e4c28752ecd82d777026 100644 (file)
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -525,8 +525,36 @@ static int file_load(Policy *p, const char *path) {
                                         return -EINVAL;
                                 }
 
+                                switch (i->class) {
+                                case POLICY_ITEM_USER:
+                                        if (!streq(name, "*")) {
+                                                const char *u = name;
+
+                                                r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
+                                                if (r < 0)
+                                                        log_error("Failed to resolve user %s: %s", name, strerror(-r));
+                                                else
+                                                        i->uid_valid = true;
+                                        }
+                                        break;
+                                case POLICY_ITEM_GROUP:
+                                        if (!streq(name, "*")) {
+                                                const char *g = name;
+
+                                                r = get_group_creds(&g, &i->gid);
+                                                if (r < 0)
+                                                        log_error("Failed to resolve group %s: %s", name, strerror(-r));
+                                                else
+                                                        i->gid_valid = true;
+                                        }
+                                        break;
+                                default:
+                                        break;
+                                }
+
                                 i->name = name;
                                 name = NULL;
+
                                 state = STATE_ALLOW_DENY;
                         } else {
                                 log_error("Unexpected token (14) in %s:%u.", path, line);