chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
sd-bus: when augmenting creds, remember which ones were augmented
[elogind.git] / src / libelogind / sd-bus / bus-util.c
diff --git a/src/libelogind/sd-bus/bus-util.c b/src/libelogind/sd-bus/bus-util.c
index 5bd7885e49cfe8d5fe61fb7d2d719b22a31e7ca4..a84d3381cbe91652516830ac06e9127fac223ad7 100644 (file)
--- a/src/libelogind/sd-bus/bus-util.c
+++ b/src/libelogind/sd-bus/bus-util.c
@@ -206,6 +206,9 @@ static int check_good_user(sd_bus_message *m, uid_t good_user) {
         if (r < 0)
                 return r;
 
+        /* Don't trust augmented credentials for authorization */
+        assert_return((sd_bus_creds_get_augmented_mask(creds) & SD_BUS_CREDS_EUID) == 0, -EPERM);
+
         r = sd_bus_creds_get_euid(creds, &sender_uid);
         if (r < 0)
                 return r;
Unnamed repository; edit this file 'description' to name the repository.