X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Flibsystemd%2Fsd-bus%2Fbus-creds.c;h=cd1c5e232ad07a35301d1302623605a658801761;hb=15411c0cb1192799b37ec8f25d6f30e8d7292fc6;hp=55d6fb6b439073c11503aa48b4892923b2b33f4d;hpb=34a5d5e52661212c7a145cbab45e70a6df7ba284;p=elogind.git

diff --git a/src/libsystemd/sd-bus/bus-creds.c b/src/libsystemd/sd-bus/bus-creds.c
index 55d6fb6b4..cd1c5e232 100644
--- a/src/libsystemd/sd-bus/bus-creds.c
+++ b/src/libsystemd/sd-bus/bus-creds.c
@@ -20,6 +20,7 @@
 ***/
 
 #include <stdlib.h>
+#include <linux/capability.h>
 
 #include "util.h"
 #include "capability.h"
@@ -28,7 +29,6 @@
 #include "audit.h"
 #include "bus-message.h"
 #include "bus-util.h"
-#include "time-util.h"
 #include "strv.h"
 #include "bus-creds.h"
 #include "bus-label.h"
@@ -51,6 +51,7 @@ void bus_creds_done(sd_bus_creds *c) {
         free(c->user_unit);
         free(c->slice);
         free(c->unescaped_description);
+        free(c->supplementary_gids);
 
         free(c->well_known_names); /* note that this is an strv, but
                                     * we only free the array, not the
@@ -100,7 +101,9 @@ _public_ sd_bus_creds *sd_bus_creds_unref(sd_bus_creds *c) {
                         free(c->unique_name);
                         free(c->cgroup_root);
                         free(c->description);
+
                         free(c->supplementary_gids);
+                        c->supplementary_gids = NULL;
 
                         strv_free(c->well_known_names);
                         c->well_known_names = NULL;
@@ -143,7 +146,7 @@ _public_ int sd_bus_creds_new_from_pid(sd_bus_creds **ret, pid_t pid, uint64_t m
         int r;
 
         assert_return(pid >= 0, -EINVAL);
-        assert_return(mask <= _SD_BUS_CREDS_ALL, -ENOTSUP);
+        assert_return(mask <= _SD_BUS_CREDS_ALL, -EOPNOTSUPP);
         assert_return(ret, -EINVAL);
 
         if (pid == 0)
@@ -219,7 +222,7 @@ _public_ int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid) {
         assert_return(c, -EINVAL);
         assert_return(gid, -EINVAL);
 
-        if (!(c->mask & SD_BUS_CREDS_UID))
+        if (!(c->mask & SD_BUS_CREDS_GID))
                 return -ENODATA;
 
         *gid = c->gid;
@@ -592,11 +595,11 @@ static int has_cap(sd_bus_creds *c, unsigned offset, int capability) {
         assert(capability >= 0);
         assert(c->capability);
 
-        sz = DIV_ROUND_UP(cap_last_cap(), 32U) * 4;
+        sz = DIV_ROUND_UP(cap_last_cap(), 32U);
         if ((unsigned)capability > cap_last_cap())
                 return 0;
 
-        return !!(c->capability[offset * sz + (capability / 8)] & (1 << (capability % 8)));
+        return !!(c->capability[offset * sz + CAP_TO_INDEX(capability)] & CAP_TO_MASK(capability));
 }
 
 _public_ int sd_bus_creds_has_effective_cap(sd_bus_creds *c, int capability) {
@@ -641,38 +644,42 @@ _public_ int sd_bus_creds_has_bounding_cap(sd_bus_creds *c, int capability) {
 
 static int parse_caps(sd_bus_creds *c, unsigned offset, const char *p) {
         size_t sz, max;
-        unsigned i;
+        unsigned i, j;
 
         assert(c);
         assert(p);
 
-        max = DIV_ROUND_UP(cap_last_cap(), 32U) * 4;
+        max = DIV_ROUND_UP(cap_last_cap(), 32U);
         p += strspn(p, WHITESPACE);
 
         sz = strlen(p);
-        if (sz % 2 != 0)
+        if (sz % 8 != 0)
                 return -EINVAL;
 
-        sz /= 2;
+        sz /= 8;
         if (sz > max)
                 return -EINVAL;
 
         if (!c->capability) {
-                c->capability = new0(uint8_t, max * 4);
+                c->capability = new0(uint32_t, max * 4);
                 if (!c->capability)
                         return -ENOMEM;
         }
 
         for (i = 0; i < sz; i ++) {
-                int x, y;
+                uint32_t v = 0;
 
-                x = unhexchar(p[i*2]);
-                y = unhexchar(p[i*2+1]);
+                for (j = 0; j < 8; ++j) {
+                        int t;
 
-                if (x < 0 || y < 0)
-                        return -EINVAL;
+                        t = unhexchar(*p++);
+                        if (t < 0)
+                                return -EINVAL;
+
+                        v = (v << 4) | t;
+                }
 
-                c->capability[offset * max + (sz - i - 1)] = (uint8_t) x << 4 | (uint8_t) y;
+                c->capability[offset * max + (sz - i - 1)] = v;
         }
 
         return 0;
@@ -934,7 +941,7 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
         if (missing & SD_BUS_CREDS_AUDIT_SESSION_ID) {
                 r = audit_session_from_pid(pid, &c->audit_session_id);
                 if (r < 0) {
-                        if (r != -ENOTSUP && r != -ENXIO && r != -ENOENT && r != -EPERM && r != -EACCES)
+                        if (r != -EOPNOTSUPP && r != -ENXIO && r != -ENOENT && r != -EPERM && r != -EACCES)
                                 return r;
                 } else
                         c->mask |= SD_BUS_CREDS_AUDIT_SESSION_ID;
@@ -943,7 +950,7 @@ int bus_creds_add_more(sd_bus_creds *c, uint64_t mask, pid_t pid, pid_t tid) {
         if (missing & SD_BUS_CREDS_AUDIT_LOGIN_UID) {
                 r = audit_loginuid_from_pid(pid, &c->audit_login_uid);
                 if (r < 0) {
-                        if (r != -ENOTSUP && r != -ENXIO && r != -ENOENT && r != -EPERM && r != -EACCES)
+                        if (r != -EOPNOTSUPP && r != -ENXIO && r != -ENOENT && r != -EPERM && r != -EACCES)
                                 return r;
                 } else
                         c->mask |= SD_BUS_CREDS_AUDIT_LOGIN_UID;