mirror of
https://github.com/systemd/systemd.git
synced 2024-11-02 19:21:53 +03:00
bus-proxyd: enforce policy for name ownership
This commit is contained in:
Daniel Mack
parent
8573b68fec
commit
f0a4c7391c
@ -509,7 +509,7 @@ static int peer_is_privileged(sd_bus *bus, sd_bus_message *m) {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) {
|
static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *policy, const struct ucred *ucred) {
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(a);
|
assert(a);
|
||||||
@ -859,6 +859,9 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m) {
|
|||||||
if (r < 0)
|
if (r < 0)
|
||||||
return synthetic_reply_method_errno(m, r, NULL);
|
return synthetic_reply_method_errno(m, r, NULL);
|
||||||
|
|
||||||
|
if (!policy_check_own(policy, ucred, name))
|
||||||
|
return synthetic_reply_method_errno(m, -EPERM, NULL);
|
||||||
|
|
||||||
if (!service_name_is_valid(name))
|
if (!service_name_is_valid(name))
|
||||||
return synthetic_reply_method_errno(m, -EINVAL, NULL);
|
return synthetic_reply_method_errno(m, -EINVAL, NULL);
|
||||||
if ((flags & ~(BUS_NAME_ALLOW_REPLACEMENT|BUS_NAME_REPLACE_EXISTING|BUS_NAME_DO_NOT_QUEUE)) != 0)
|
if ((flags & ~(BUS_NAME_ALLOW_REPLACEMENT|BUS_NAME_REPLACE_EXISTING|BUS_NAME_DO_NOT_QUEUE)) != 0)
|
||||||
@ -1440,7 +1443,7 @@ int main(int argc, char *argv[]) {
|
|||||||
goto finish;
|
goto finish;
|
||||||
}
|
}
|
||||||
|
|
||||||
k = process_driver(a, b, m);
|
k = process_driver(a, b, m, &policy, &ucred);
|
||||||
if (k < 0) {
|
if (k < 0) {
|
||||||
r = k;
|
r = k;
|
||||||
log_error("Failed to process driver calls: %s", strerror(-r));
|
log_error("Failed to process driver calls: %s", strerror(-r));
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user