chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
8573b68
)
bus-proxyd: enforce policy for name ownership
author
Daniel Mack
<daniel@zonque.org>
Wed, 24 Sep 2014 15:24:20 +0000
(17:24 +0200)
committer
Daniel Mack
<daniel@zonque.org>
Tue, 11 Nov 2014 13:14:01 +0000
(14:14 +0100)
src/bus-proxyd/bus-proxyd.c
patch
|
blob
|
history
diff --git
a/src/bus-proxyd/bus-proxyd.c
b/src/bus-proxyd/bus-proxyd.c
index a6554aba3b8da00ab2fb70c02f595106b573ac8e..2f26f81a366ba3136e169d469ee55e9b504448bb 100644
(file)
--- a/
src/bus-proxyd/bus-proxyd.c
+++ b/
src/bus-proxyd/bus-proxyd.c
@@
-509,7
+509,7
@@
static int peer_is_privileged(sd_bus *bus, sd_bus_message *m) {
return false;
}
return false;
}
-static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) {
+static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m
, Policy *policy, const struct ucred *ucred
) {
int r;
assert(a);
int r;
assert(a);
@@
-859,6
+859,9
@@
static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) {
if (r < 0)
return synthetic_reply_method_errno(m, r, NULL);
if (r < 0)
return synthetic_reply_method_errno(m, r, NULL);
+ if (!policy_check_own(policy, ucred, name))
+ return synthetic_reply_method_errno(m, -EPERM, NULL);
+
if (!service_name_is_valid(name))
return synthetic_reply_method_errno(m, -EINVAL, NULL);
if ((flags & ~(BUS_NAME_ALLOW_REPLACEMENT|BUS_NAME_REPLACE_EXISTING|BUS_NAME_DO_NOT_QUEUE)) != 0)
if (!service_name_is_valid(name))
return synthetic_reply_method_errno(m, -EINVAL, NULL);
if ((flags & ~(BUS_NAME_ALLOW_REPLACEMENT|BUS_NAME_REPLACE_EXISTING|BUS_NAME_DO_NOT_QUEUE)) != 0)
@@
-1440,7
+1443,7
@@
int main(int argc, char *argv[]) {
goto finish;
}
goto finish;
}
- k = process_driver(a, b, m);
+ k = process_driver(a, b, m
, &policy, &ucred
);
if (k < 0) {
r = k;
log_error("Failed to process driver calls: %s", strerror(-r));
if (k < 0) {
r = k;
log_error("Failed to process driver calls: %s", strerror(-r));