From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 9 Jan 2015 18:25:23 +0000 (+0100)
Subject: bus-proxy: dbus-daemon implies that connections from UIDs that are identical to the... 
X-Git-Tag: v219~587
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=f5886c92ace2fdd5b9d389eaf3883ac3034050fa;hp=a2be9e047e6e0b243fe946f972d5d4d04db140e5

bus-proxy: dbus-daemon implies that connections from UIDs that are identical to the bus owner should be allowed

Hence, copy this behaviour for bus-proxy too.
---

diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 21cd4e29d..6101a20ad 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -1282,6 +1282,7 @@ int main(int argc, char *argv[]) {
         _cleanup_free_ char *peersec = NULL;
         Policy policy_buffer = {}, *policy = NULL;
         _cleanup_set_free_free_ Set *owned_names = NULL;
+        uid_t original_uid;
 
         log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
         log_parse_environment();
@@ -1303,6 +1304,8 @@ int main(int argc, char *argv[]) {
                 goto finish;
         }
 
+        original_uid = getuid();
+
         is_unix =
                 sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
                 sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
@@ -1444,7 +1447,11 @@ int main(int argc, char *argv[]) {
                 policy = &policy_buffer;
                 /* policy_dump(policy); */
 
-                if (!policy_check_hello(policy, ucred.uid, ucred.gid)) {
+                if (ucred.uid == original_uid)
+                        log_debug("Permitting access, since bus owner matches bus client.");
+                else if (policy_check_hello(policy, ucred.uid, ucred.gid))
+                        log_debug("Permitting access due to XML policy.");
+                else {
                         r = log_error_errno(EPERM, "Policy denied connection.");
                         goto finish;
                 }