diff options
-rw-r--r-- | src/bus-proxyd/bus-proxyd.c | 12 | ||||
-rw-r--r-- | src/libsystemd/sd-bus/bus-control.c | 7 | ||||
-rw-r--r-- | src/libsystemd/sd-bus/bus-control.h | 2 |
3 files changed, 13 insertions, 8 deletions
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c index 2e34cc9394..42fb0da0ef 100644 --- a/src/bus-proxyd/bus-proxyd.c +++ b/src/bus-proxyd/bus-proxyd.c @@ -45,6 +45,7 @@ #include "def.h" #include "capability.h" #include "bus-policy.h" +#include "bus-control.h" static char *arg_address = NULL; static char *arg_command_line_buffer = NULL; @@ -1002,7 +1003,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p } if (granted) { - /* Then check whether us, the recipient can recieve from the sender's name */ + /* Then check whether us (the recipient) can recieve from the sender's name */ if (strv_isempty(sender_names)) { if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member)) return 0; @@ -1038,9 +1039,10 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p /* The message came from the legacy client, and is sent to kdbus. */ if (m->destination) { - r = sd_bus_get_name_creds(to, m->destination, - SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME| - SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID, &destination_creds); + r = bus_get_name_creds_kdbus(to, m->destination, + SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME| + SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID, + true, &destination_creds); if (r < 0) return r; @@ -1056,7 +1058,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p (void) sd_bus_creds_get_gid(destination_creds, &destination_gid); } - /* First check if we, the sender can send to this name */ + /* First check if we (the sender) can send to this name */ if (strv_isempty(destination_names)) { if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member)) granted = true; diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c index a9a0c1ec19..6a9e9b296a 100644 --- a/src/libsystemd/sd-bus/bus-control.c +++ b/src/libsystemd/sd-bus/bus-control.c @@ -600,10 +600,11 @@ static int bus_populate_creds_from_items( return 0; } -static int bus_get_name_creds_kdbus( +int bus_get_name_creds_kdbus( sd_bus *bus, const char *name, uint64_t mask, + bool allow_activator, sd_bus_creds **creds) { _cleanup_bus_creds_unref_ sd_bus_creds *c = NULL; @@ -652,7 +653,7 @@ static int bus_get_name_creds_kdbus( conn_info = (struct kdbus_info *) ((uint8_t *) bus->kdbus_buffer + cmd->offset); /* Non-activated names are considered not available */ - if (conn_info->flags & KDBUS_HELLO_ACTIVATOR) { + if (!allow_activator && (conn_info->flags & KDBUS_HELLO_ACTIVATOR)) { if (name[0] == ':') r = -ENXIO; else @@ -875,7 +876,7 @@ _public_ int sd_bus_get_name_creds( return -ENOTCONN; if (bus->is_kernel) - return bus_get_name_creds_kdbus(bus, name, mask, creds); + return bus_get_name_creds_kdbus(bus, name, mask, false, creds); else return bus_get_name_creds_dbus1(bus, name, mask, creds); } diff --git a/src/libsystemd/sd-bus/bus-control.h b/src/libsystemd/sd-bus/bus-control.h index aa290edac7..5009ca8e61 100644 --- a/src/libsystemd/sd-bus/bus-control.h +++ b/src/libsystemd/sd-bus/bus-control.h @@ -29,3 +29,5 @@ int bus_remove_match_internal(sd_bus *bus, const char *match, uint64_t cookie); int bus_add_match_internal_kernel(sd_bus *bus, struct bus_match_component *components, unsigned n_components, uint64_t cookie); int bus_remove_match_internal_kernel(sd_bus *bus, uint64_t cookie); + +int bus_get_name_creds_kdbus(sd_bus *bus, const char *name, uint64_t mask, bool allow_activator, sd_bus_creds **creds); |