bus-proxy: properly check for bus name prefixes when enforcing policy

author Lennart Poettering <lennart@poettering.net>

Fri, 14 Nov 2014 19:06:01 +0000 (20:06 +0100)

committer Lennart Poettering <lennart@poettering.net>

Fri, 14 Nov 2014 19:06:01 +0000 (20:06 +0100)
author Lennart Poettering <lennart@poettering.net>
Fri, 14 Nov 2014 19:06:01 +0000 (20:06 +0100)
committer Lennart Poettering <lennart@poettering.net>
Fri, 14 Nov 2014 19:06:01 +0000 (20:06 +0100)
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c

index 625f5ddaeee6648bd207d2026772afa26b55ff5b..cb0726aa3ffb7e0de28d866049bb21f2b4886de6 100644 (file)
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -651,7 +651,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
          case POLICY_ITEM_OWN_PREFIX:
                  assert(filter->name);
  
-                if (streq(i->name, "*") || startswith(i->name, filter->name))
+                if (streq(i->name, "*") || service_name_startswith(i->name, filter->name))
                          return is_permissive(i);
                  break;
  
diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/sd-bus/bus-internal.c

index 0bea8cac498918b3e2f959ac07da4e8152c5558c..91b288cd255011dc3398679abb4afbdeaba622f7 100644 (file)
--- a/src/libsystemd/sd-bus/bus-internal.c
+++ b/src/libsystemd/sd-bus/bus-internal.c
@@ -166,6 +166,26 @@ bool service_name_is_valid(const char *p) {
          return true;
  }
  
+char* service_name_startswith(const char *a, const char *b) {
+        const char *p;
+
+        if (!service_name_is_valid(a) ||
+            !service_name_is_valid(b))
+                return NULL;
+
+        p = startswith(a, b);
+        if (!p)
+                return NULL;
+
+        if (*p == 0)
+                return (char*) p;
+
+        if (*p == '.')
+                return (char*) p + 1;
+
+        return NULL;
+}
+
  bool member_name_is_valid(const char *p) {
          const char *q;
  
diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h

index 07381485ecd61076f868d87821bd43f755889792..f6b0211c2cfe40decfb363c110c904915311ec6b 100644 (file)
--- a/src/libsystemd/sd-bus/bus-internal.h
+++ b/src/libsystemd/sd-bus/bus-internal.h
@@ -340,6 +340,7 @@ struct sd_bus {
  
  bool interface_name_is_valid(const char *p) _pure_;
  bool service_name_is_valid(const char *p) _pure_;
+char* service_name_startswith(const char *a, const char *b);
  bool member_name_is_valid(const char *p) _pure_;
  bool object_path_is_valid(const char *p) _pure_;
  char *object_path_startswith(const char *a, const char *b) _pure_;
author	Lennart Poettering <lennart@poettering.net>
	Fri, 14 Nov 2014 19:06:01 +0000 (20:06 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 14 Nov 2014 19:06:01 +0000 (20:06 +0100)
src/bus-proxyd/bus-policy.c		patch \| blob \| history
src/libsystemd/sd-bus/bus-internal.c		patch \| blob \| history
src/libsystemd/sd-bus/bus-internal.h		patch \| blob \| history