diff options
| -rw-r--r-- | src/libelogind/sd-bus/bus-control.c | 8 | ||||
| -rw-r--r-- | src/libelogind/sd-bus/bus-internal.h | 1 | ||||
| -rw-r--r-- | src/libelogind/sd-bus/sd-bus.c | 17 |
3 files changed, 26 insertions, 0 deletions
diff --git a/src/libelogind/sd-bus/bus-control.c b/src/libelogind/sd-bus/bus-control.c index c6403d3ba..313a44b53 100644 --- a/src/libelogind/sd-bus/bus-control.c +++ b/src/libelogind/sd-bus/bus-control.c @@ -1042,6 +1042,11 @@ _public_ int sd_bus_get_name_creds( if (!bus->bus_client) return -EINVAL; + /* Turn off augmenting if this isn't a local connection. If the connection is not local, then /proc is not + * going to match. */ + if (!bus->is_local) + mask &= ~SD_BUS_CREDS_AUGMENT; + if (streq(name, "org.freedesktop.DBus.Local")) return -EINVAL; @@ -1168,6 +1173,9 @@ _public_ int sd_bus_get_owner_creds(sd_bus *bus, uint64_t mask, sd_bus_creds **r if (!BUS_IS_OPEN(bus->state)) return -ENOTCONN; + if (!bus->is_local) + mask &= ~SD_BUS_CREDS_AUGMENT; + if (bus->is_kernel) return bus_get_owner_creds_kdbus(bus, mask, ret); else diff --git a/src/libelogind/sd-bus/bus-internal.h b/src/libelogind/sd-bus/bus-internal.h index 4c912f582..4818ae28b 100644 --- a/src/libelogind/sd-bus/bus-internal.h +++ b/src/libelogind/sd-bus/bus-internal.h @@ -212,6 +212,7 @@ struct sd_bus { bool exit_on_disconnect:1; bool exited:1; bool exit_triggered:1; + bool is_local:1; int use_memfd; diff --git a/src/libelogind/sd-bus/sd-bus.c b/src/libelogind/sd-bus/sd-bus.c index a4f20ca1e..5df358f5a 100644 --- a/src/libelogind/sd-bus/sd-bus.c +++ b/src/libelogind/sd-bus/sd-bus.c @@ -600,6 +600,8 @@ static int parse_unix_address(sd_bus *b, const char **p, char **guid) { b->sockaddr_size = offsetof(struct sockaddr_un, sun_path) + 1 + l; } + b->is_local = true; + return 0; } @@ -667,6 +669,8 @@ static int parse_tcp_address(sd_bus *b, const char **p, char **guid) { freeaddrinfo(result); + b->is_local = false; + return 0; } @@ -749,6 +753,9 @@ static int parse_exec_address(sd_bus *b, const char **p, char **guid) { b->exec_path = path; b->exec_argv = argv; + + b->is_local = false; + return 0; fail: @@ -792,6 +799,8 @@ static int parse_kernel_address(sd_bus *b, const char **p, char **guid) { b->kernel = path; path = NULL; + b->is_local = true; + return 0; } @@ -850,6 +859,7 @@ static int parse_container_unix_address(sd_bus *b, const char **p, char **guid) b->sockaddr.un.sun_family = AF_UNIX; strncpy(b->sockaddr.un.sun_path, "/var/run/dbus/system_bus_socket", sizeof(b->sockaddr.un.sun_path)); b->sockaddr_size = SOCKADDR_UN_LEN(b->sockaddr.un); + b->is_local = false; return 0; } @@ -910,6 +920,8 @@ static int parse_container_kernel_address(sd_bus *b, const char **p, char **guid if (r < 0) return r; + b->is_local = false; + return 0; } @@ -1195,6 +1207,7 @@ _public_ int sd_bus_open(sd_bus **ret) { /* We don't know whether the bus is trusted or not, so better * be safe, and authenticate everything */ b->trusted = false; + b->is_local = false; b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS; b->creds_mask |= SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_EFFECTIVE_CAPS; @@ -1243,6 +1256,7 @@ _public_ int sd_bus_open_system(sd_bus **ret) { b->trusted = false; b->attach_flags |= KDBUS_ATTACH_CAPS | KDBUS_ATTACH_CREDS; b->creds_mask |= SD_BUS_CREDS_UID | SD_BUS_CREDS_EUID | SD_BUS_CREDS_EFFECTIVE_CAPS; + b->is_local = true; r = sd_bus_start(b); if (r < 0) @@ -1312,6 +1326,7 @@ _public_ int sd_bus_open_user(sd_bus **ret) { /* We don't do any per-method access control on the user * bus. */ b->trusted = true; + b->is_local = true; r = sd_bus_start(b); if (r < 0) @@ -1386,6 +1401,7 @@ _public_ int sd_bus_open_system_remote(sd_bus **ret, const char *host) { bus->bus_client = true; bus->trusted = false; bus->is_system = true; + bus->is_local = false; r = sd_bus_start(bus); if (r < 0) @@ -1435,6 +1451,7 @@ _public_ int sd_bus_open_system_machine(sd_bus **ret, const char *machine) { bus->bus_client = true; bus->trusted = false; bus->is_system = true; + bus->is_local = false; r = sd_bus_start(bus); if (r < 0) |