summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-01-09 19:25:23 +0100
committerLennart Poettering <lennart@poettering.net>2015-01-09 19:25:23 +0100
commitf5886c92ace2fdd5b9d389eaf3883ac3034050fa (patch)
treea73d9fa9eef61ff729743bdda59624aa7e393c96
parenta2be9e047e6e0b243fe946f972d5d4d04db140e5 (diff)
bus-proxy: dbus-daemon implies that connections from UIDs that are identical to the bus owner should be allowed
Hence, copy this behaviour for bus-proxy too.
-rw-r--r--src/bus-proxyd/bus-proxyd.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 21cd4e29d2..6101a20ad8 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -1282,6 +1282,7 @@ int main(int argc, char *argv[]) {
_cleanup_free_ char *peersec = NULL;
Policy policy_buffer = {}, *policy = NULL;
_cleanup_set_free_free_ Set *owned_names = NULL;
+ uid_t original_uid;
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
log_parse_environment();
@@ -1303,6 +1304,8 @@ int main(int argc, char *argv[]) {
goto finish;
}
+ original_uid = getuid();
+
is_unix =
sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
@@ -1444,7 +1447,11 @@ int main(int argc, char *argv[]) {
policy = &policy_buffer;
/* policy_dump(policy); */
- if (!policy_check_hello(policy, ucred.uid, ucred.gid)) {
+ if (ucred.uid == original_uid)
+ log_debug("Permitting access, since bus owner matches bus client.");
+ else if (policy_check_hello(policy, ucred.uid, ucred.gid))
+ log_debug("Permitting access due to XML policy.");
+ else {
r = log_error_errno(EPERM, "Policy denied connection.");
goto finish;
}