summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/bus-proxyd/bus-proxyd.c12
-rw-r--r--src/libsystemd/sd-bus/bus-control.c7
-rw-r--r--src/libsystemd/sd-bus/bus-control.h2
3 files changed, 13 insertions, 8 deletions
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 2e34cc9394..42fb0da0ef 100644
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -45,6 +45,7 @@
#include "def.h"
#include "capability.h"
#include "bus-policy.h"
+#include "bus-control.h"
static char *arg_address = NULL;
static char *arg_command_line_buffer = NULL;
@@ -1002,7 +1003,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
}
if (granted) {
- /* Then check whether us, the recipient can recieve from the sender's name */
+ /* Then check whether us (the recipient) can recieve from the sender's name */
if (strv_isempty(sender_names)) {
if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member))
return 0;
@@ -1038,9 +1039,10 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
/* The message came from the legacy client, and is sent to kdbus. */
if (m->destination) {
- r = sd_bus_get_name_creds(to, m->destination,
- SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
- SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID, &destination_creds);
+ r = bus_get_name_creds_kdbus(to, m->destination,
+ SD_BUS_CREDS_WELL_KNOWN_NAMES|SD_BUS_CREDS_UNIQUE_NAME|
+ SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_PID,
+ true, &destination_creds);
if (r < 0)
return r;
@@ -1056,7 +1058,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
(void) sd_bus_creds_get_gid(destination_creds, &destination_gid);
}
- /* First check if we, the sender can send to this name */
+ /* First check if we (the sender) can send to this name */
if (strv_isempty(destination_names)) {
if (policy_check_send(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member))
granted = true;
diff --git a/src/libsystemd/sd-bus/bus-control.c b/src/libsystemd/sd-bus/bus-control.c
index a9a0c1ec19..6a9e9b296a 100644
--- a/src/libsystemd/sd-bus/bus-control.c
+++ b/src/libsystemd/sd-bus/bus-control.c
@@ -600,10 +600,11 @@ static int bus_populate_creds_from_items(
return 0;
}
-static int bus_get_name_creds_kdbus(
+int bus_get_name_creds_kdbus(
sd_bus *bus,
const char *name,
uint64_t mask,
+ bool allow_activator,
sd_bus_creds **creds) {
_cleanup_bus_creds_unref_ sd_bus_creds *c = NULL;
@@ -652,7 +653,7 @@ static int bus_get_name_creds_kdbus(
conn_info = (struct kdbus_info *) ((uint8_t *) bus->kdbus_buffer + cmd->offset);
/* Non-activated names are considered not available */
- if (conn_info->flags & KDBUS_HELLO_ACTIVATOR) {
+ if (!allow_activator && (conn_info->flags & KDBUS_HELLO_ACTIVATOR)) {
if (name[0] == ':')
r = -ENXIO;
else
@@ -875,7 +876,7 @@ _public_ int sd_bus_get_name_creds(
return -ENOTCONN;
if (bus->is_kernel)
- return bus_get_name_creds_kdbus(bus, name, mask, creds);
+ return bus_get_name_creds_kdbus(bus, name, mask, false, creds);
else
return bus_get_name_creds_dbus1(bus, name, mask, creds);
}
diff --git a/src/libsystemd/sd-bus/bus-control.h b/src/libsystemd/sd-bus/bus-control.h
index aa290edac7..5009ca8e61 100644
--- a/src/libsystemd/sd-bus/bus-control.h
+++ b/src/libsystemd/sd-bus/bus-control.h
@@ -29,3 +29,5 @@ int bus_remove_match_internal(sd_bus *bus, const char *match, uint64_t cookie);
int bus_add_match_internal_kernel(sd_bus *bus, struct bus_match_component *components, unsigned n_components, uint64_t cookie);
int bus_remove_match_internal_kernel(sd_bus *bus, uint64_t cookie);
+
+int bus_get_name_creds_kdbus(sd_bus *bus, const char *name, uint64_t mask, bool allow_activator, sd_bus_creds **creds);