summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Herrmann <dh.herrmann@gmail.com>2015-01-18 13:07:21 +0100
committerDavid Herrmann <dh.herrmann@gmail.com>2015-01-18 13:07:21 +0100
commitd340f82032e4eb538e7b79087d95d5af1ae3dd91 (patch)
tree1d063037797085682a27df3a031bc12a2fa036ee
parentca56b0a68300b035c605bedc5b339128897debfc (diff)
bus-proxy: fix bus-uid tracking
We need to implicitly allow HELLO from users with the same uid as the bus. Fix the bus-uid tracking to use the original uid, not the uid after privilege-dropping.
-rw-r--r--src/bus-proxyd/bus-proxyd.c12
1 files changed, 8 insertions, 4 deletions
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 3cf35f4081..8cc4412034 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -62,6 +62,7 @@ static char **arg_configuration = NULL;
typedef struct {
int fd;
SharedPolicy *policy;
+ uid_t bus_uid;
} ClientContext;
static ClientContext *client_context_free(ClientContext *c) {
@@ -110,7 +111,7 @@ static void *run_client(void *userdata) {
if (r < 0)
goto exit;
- r = proxy_hello_policy(p, getuid());
+ r = proxy_hello_policy(p, c->bus_uid);
if (r < 0)
goto exit;
@@ -120,7 +121,7 @@ exit:
return NULL;
}
-static int loop_clients(int accept_fd) {
+static int loop_clients(int accept_fd, uid_t bus_uid) {
_cleanup_(shared_policy_freep) SharedPolicy *sp = NULL;
pthread_attr_t attr;
int r;
@@ -164,6 +165,7 @@ static int loop_clients(int accept_fd) {
c->fd = fd;
c->policy = sp;
+ c->bus_uid = bus_uid;
r = pthread_create(&tid, &attr, run_client, c);
if (r < 0) {
@@ -294,13 +296,15 @@ static int parse_argv(int argc, char *argv[]) {
int main(int argc, char *argv[]) {
const char *user = "systemd-bus-proxy";
int r, accept_fd;
- uid_t uid;
+ uid_t uid, bus_uid;
gid_t gid;
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
log_parse_environment();
log_open();
+ bus_uid = getuid();
+
if (geteuid() == 0) {
r = get_user_creds(&user, &uid, &gid, NULL, NULL);
if (r < 0) {
@@ -332,7 +336,7 @@ int main(int argc, char *argv[]) {
goto finish;
}
- r = loop_clients(accept_fd);
+ r = loop_clients(accept_fd, bus_uid);
finish:
sd_notify(false,