chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
bus-proxy: dbus-daemon implies that connections from UIDs that are identical to the...
[elogind.git]
/
src
/
bus-proxyd
/
bus-proxyd.c
diff --git
a/src/bus-proxyd/bus-proxyd.c
b/src/bus-proxyd/bus-proxyd.c
index 21cd4e29d259f0dcec8fa4b4082749d9155bc58e..6101a20ad8c4e567f6f286152b1e310795d5b066 100644
(file)
--- a/
src/bus-proxyd/bus-proxyd.c
+++ b/
src/bus-proxyd/bus-proxyd.c
@@
-1282,6
+1282,7
@@
int main(int argc, char *argv[]) {
_cleanup_free_ char *peersec = NULL;
Policy policy_buffer = {}, *policy = NULL;
_cleanup_set_free_free_ Set *owned_names = NULL;
_cleanup_free_ char *peersec = NULL;
Policy policy_buffer = {}, *policy = NULL;
_cleanup_set_free_free_ Set *owned_names = NULL;
+ uid_t original_uid;
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
log_parse_environment();
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
log_parse_environment();
@@
-1303,6
+1304,8
@@
int main(int argc, char *argv[]) {
goto finish;
}
goto finish;
}
+ original_uid = getuid();
+
is_unix =
sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
is_unix =
sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
@@
-1444,7
+1447,11
@@
int main(int argc, char *argv[]) {
policy = &policy_buffer;
/* policy_dump(policy); */
policy = &policy_buffer;
/* policy_dump(policy); */
- if (!policy_check_hello(policy, ucred.uid, ucred.gid)) {
+ if (ucred.uid == original_uid)
+ log_debug("Permitting access, since bus owner matches bus client.");
+ else if (policy_check_hello(policy, ucred.uid, ucred.gid))
+ log_debug("Permitting access due to XML policy.");
+ else {
r = log_error_errno(EPERM, "Policy denied connection.");
goto finish;
}
r = log_error_errno(EPERM, "Policy denied connection.");
goto finish;
}