summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-11-14 20:06:01 +0100
committerLennart Poettering <lennart@poettering.net>2014-11-14 20:06:01 +0100
commitf5d8989ce5fc4e6eb338ec7b1b2c6d6a74c44c63 (patch)
tree8e06a9e15c7e2a0c5977f4a7128031576d030663
parent49d4b1eecfefded66fd48a992633958da30035d7 (diff)
bus-proxy: properly check for bus name prefixes when enforcing policy
-rw-r--r--src/bus-proxyd/bus-policy.c2
-rw-r--r--src/libsystemd/sd-bus/bus-internal.c20
-rw-r--r--src/libsystemd/sd-bus/bus-internal.h1
3 files changed, 22 insertions, 1 deletions
diff --git a/src/bus-proxyd/bus-policy.c b/src/bus-proxyd/bus-policy.c
index 625f5ddaee..cb0726aa3f 100644
--- a/src/bus-proxyd/bus-policy.c
+++ b/src/bus-proxyd/bus-policy.c
@@ -651,7 +651,7 @@ static int check_policy_item(PolicyItem *i, const struct policy_check_filter *fi
case POLICY_ITEM_OWN_PREFIX:
assert(filter->name);
- if (streq(i->name, "*") || startswith(i->name, filter->name))
+ if (streq(i->name, "*") || service_name_startswith(i->name, filter->name))
return is_permissive(i);
break;
diff --git a/src/libsystemd/sd-bus/bus-internal.c b/src/libsystemd/sd-bus/bus-internal.c
index 0bea8cac49..91b288cd25 100644
--- a/src/libsystemd/sd-bus/bus-internal.c
+++ b/src/libsystemd/sd-bus/bus-internal.c
@@ -166,6 +166,26 @@ bool service_name_is_valid(const char *p) {
return true;
}
+char* service_name_startswith(const char *a, const char *b) {
+ const char *p;
+
+ if (!service_name_is_valid(a) ||
+ !service_name_is_valid(b))
+ return NULL;
+
+ p = startswith(a, b);
+ if (!p)
+ return NULL;
+
+ if (*p == 0)
+ return (char*) p;
+
+ if (*p == '.')
+ return (char*) p + 1;
+
+ return NULL;
+}
+
bool member_name_is_valid(const char *p) {
const char *q;
diff --git a/src/libsystemd/sd-bus/bus-internal.h b/src/libsystemd/sd-bus/bus-internal.h
index 07381485ec..f6b0211c2c 100644
--- a/src/libsystemd/sd-bus/bus-internal.h
+++ b/src/libsystemd/sd-bus/bus-internal.h
@@ -340,6 +340,7 @@ struct sd_bus {
bool interface_name_is_valid(const char *p) _pure_;
bool service_name_is_valid(const char *p) _pure_;
+char* service_name_startswith(const char *a, const char *b);
bool member_name_is_valid(const char *p) _pure_;
bool object_path_is_valid(const char *p) _pure_;
char *object_path_startswith(const char *a, const char *b) _pure_;