From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 28 Jun 2017 17:20:16 +0000 (+0200)
Subject: sd-bus: never augment creds when we are operating on remote connections (#6217)
X-Git-Tag: chiark/234.4-1+devuan1.1+iwj1~88
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=f3fcbcdd9eb8fc459526e1aa2b13cd4ef24d281e

sd-bus: never augment creds when we are operating on remote connections (#6217)

It's not always clear when something is a remote connection, hence only
flag the obvious cases as local.

Fixes: #6207
---

diff --git a/src/libelogind/sd-bus/bus-control.c b/src/libelogind/sd-bus/bus-control.c
index c6403d3ba..313a44b53 100644
--- a/src/libelogind/sd-bus/bus-control.c
+++ b/src/libelogind/sd-bus/bus-control.c
@@ -1042,6 +1042,11 @@ _public_ int sd_bus_get_name_creds(
         if (!bus->bus_client)
                 return -EINVAL;
 
+        /* Turn off augmenting if this isn't a local connection. If the connection is not local, then /proc is not
+         * going to match. */
+        if (!bus->is_local)
+                mask &= ~SD_BUS_CREDS_AUGMENT;
+
         if (streq(name, "org.freedesktop.DBus.Local"))
                 return -EINVAL;
 
@@ -1168,6 +1173,9 @@ _public_ int sd_bus_get_owner_creds(sd_bus *bus, uint64_t mask, sd_bus_creds **r
         if (!BUS_IS_OPEN(bus->state))
                 return -ENOTCONN;
 
+        if (!bus->is_local)
+                mask &= ~SD_BUS_CREDS_AUGMENT;
+
         if (bus->is_kernel)
                 return bus_get_owner_creds_kdbus(bus, mask, ret);
         else
diff --git a/src/libelogind/sd-bus/bus-internal.h b/src/libelogind/sd-bus/bus-internal.h
index 4c912f582..4818ae28b 100644
--- a/src/libelogind/sd-bus/bus-internal.h
+++ b/src/libelogind/sd-bus/bus-internal.h
@@ -212,6 +212,7 @@ struct sd_bus {
         bool exit_on_disconnect:1;
         bool exited:1;
         bool exit_triggered:1;
+        bool is_local:1;
 
         int use_memfd;
 
diff --git a/src/libelogind/sd-bus/sd-bus.c b/src/libelogind/sd-bus/sd-bus.c
index a4f20ca1e..5df358f5a 100644
--- a/src/libelogind/sd-bus/sd-bus.c
+++ b/src/libelogind/sd-bus/sd-bus.c
@@ -600,6 +600,8 @@ static int parse_unix_address(sd_bus *b, const char **p, char **guid) {
                 b->sockaddr_size = offsetof(struct sockaddr_un, sun_path) + 1 + l;
         }
 
+        b->is_local = true;
+
         return 0;
 }
 
@@ -667,6 +669,8 @@ static int parse_tcp_address(sd_bus *b, const char **p, char **guid) {
 
         freeaddrinfo(result);
 
+        b->is_local = false;
+
         return 0;
 }
 
@@ -749,6 +753,9 @@ static int parse_exec_address(sd_bus *b, const char **p, char **guid) {
 
         b->exec_path = path;
         b->exec_argv = argv;
+
+        b->is_local = false;
+
         return 0;
 
 fail:
@@ -792,6 +799,8 @@ static int parse_kernel_address(sd_bus *b, const char **p, char **guid) {
         b->kernel = path;
         path = NULL;
 
+        b->is_local = true;
+
         return 0;
 }
 
@@ -850,6 +859,7 @@ static int parse_container_unix_address(sd_bus *b, const char **p, char **guid)
         b->sockaddr.un.sun_family = AF_UNIX;
         strncpy(b->sockaddr.un.sun_path, "/var/run/dbus/system_bus_socket", sizeof(b->sockaddr.un.sun_path));
         b->sockaddr_size = SOCKADDR_UN_LEN(b->sockaddr.un);
+        b->is_local = false;
 
         return 0;
 }
@@ -910,6 +920,8 @@ static int parse_container_kernel_address(sd_bus *b, const char **p, char **guid
         if (r < 0)
                 return r;
 
+        b->is_local = false;
+
         return 0;
 }
 
@@ -1195,6 +1207,7 @@ _public_ int sd_bus_open(sd_bus **ret) {
         /* We don't know whether the bus is trusted or not, so better
          * be safe, and authenticate everything */
         b->trusted = false;
+        b->is_local = false;
         b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS;
         b->creds_mask |= SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_EFFECTIVE_CAPS;
 
@@ -1243,6 +1256,7 @@ _public_ int sd_bus_open_system(sd_bus **ret) {
         b->trusted = false;
         b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS;
         b->creds_mask |= SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_EFFECTIVE_CAPS;
+        b->is_local = true;
 
         r = sd_bus_start(b);
         if (r < 0)
@@ -1312,6 +1326,7 @@ _public_ int sd_bus_open_user(sd_bus **ret) {
         /* We don't do any per-method access control on the user
          * bus. */
         b->trusted = true;
+        b->is_local = true;
 
         r = sd_bus_start(b);
         if (r < 0)
@@ -1386,6 +1401,7 @@ _public_ int sd_bus_open_system_remote(sd_bus **ret, const char *host) {
         bus->bus_client = true;
         bus->trusted = false;
         bus->is_system = true;
+        bus->is_local = false;
 
         r = sd_bus_start(bus);
         if (r < 0)
@@ -1435,6 +1451,7 @@ _public_ int sd_bus_open_system_machine(sd_bus **ret, const char *machine) {
         bus->bus_client = true;
         bus->trusted = false;
         bus->is_system = true;
+        bus->is_local = false;
 
         r = sd_bus_start(bus);
         if (r < 0)