diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-01-09 19:25:23 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-01-09 19:25:23 +0100 |
commit | f5886c92ace2fdd5b9d389eaf3883ac3034050fa (patch) | |
tree | a73d9fa9eef61ff729743bdda59624aa7e393c96 /src/bus-proxyd | |
parent | a2be9e047e6e0b243fe946f972d5d4d04db140e5 (diff) |
bus-proxy: dbus-daemon implies that connections from UIDs that are identical to the bus owner should be allowed
Hence, copy this behaviour for bus-proxy too.
Diffstat (limited to 'src/bus-proxyd')
-rw-r--r-- | src/bus-proxyd/bus-proxyd.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c index 21cd4e29d2..6101a20ad8 100644 --- a/src/bus-proxyd/bus-proxyd.c +++ b/src/bus-proxyd/bus-proxyd.c @@ -1282,6 +1282,7 @@ int main(int argc, char *argv[]) { _cleanup_free_ char *peersec = NULL; Policy policy_buffer = {}, *policy = NULL; _cleanup_set_free_free_ Set *owned_names = NULL; + uid_t original_uid; log_set_target(LOG_TARGET_JOURNAL_OR_KMSG); log_parse_environment(); @@ -1303,6 +1304,8 @@ int main(int argc, char *argv[]) { goto finish; } + original_uid = getuid(); + is_unix = sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 && sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0; @@ -1444,7 +1447,11 @@ int main(int argc, char *argv[]) { policy = &policy_buffer; /* policy_dump(policy); */ - if (!policy_check_hello(policy, ucred.uid, ucred.gid)) { + if (ucred.uid == original_uid) + log_debug("Permitting access, since bus owner matches bus client."); + else if (policy_check_hello(policy, ucred.uid, ucred.gid)) + log_debug("Permitting access due to XML policy."); + else { r = log_error_errno(EPERM, "Policy denied connection."); goto finish; } |