Commit 356333e4 authored by Simon McVittie's avatar Simon McVittie

_dbus_credentials_add_from_user: Only accept numeric uid for EXTERNAL

In the well-known system dbus-daemon, it's desirable to avoid looking
up non-numeric authorization identities in the user database, because
that could deadlock with NSS modules that directly or indirectly
require the system bus. Add a flag for whether the username will be
looked up in the userdb, and don't set that flag for EXTERNAL auth
(which is what we use on the system bus, and on the session bus
if not configured otherwise).

DBUS_COOKIE_SHA1 authentication is documented in terms of the
username (although in fact libdbus sends a numeric uid there too,
and GDBus only accepts a numeric uid) so continue to use the userdb
for that mechanism. DBUS_COOKIE_SHA1 needs to use the userdb on Unix
anyway, otherwise it won't find the user's home directory.
Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588
parent a2932ccc
......@@ -550,6 +550,7 @@ sha1_handle_first_client_response (DBusAuth *auth,
}
if (!_dbus_credentials_add_from_user (auth->desired_identity, data,
DBUS_CREDENTIALS_ADD_FLAGS_USER_DATABASE,
&error))
{
if (dbus_error_has_name (&error, DBUS_ERROR_NO_MEMORY))
......@@ -1120,6 +1121,7 @@ handle_server_data_external_mech (DBusAuth *auth,
if (!_dbus_credentials_add_from_user (auth->desired_identity,
&auth->identity,
DBUS_CREDENTIALS_ADD_FLAGS_NONE,
&error))
{
if (dbus_error_has_name (&error, DBUS_ERROR_NO_MEMORY))
......
......@@ -2066,6 +2066,7 @@ _dbus_concat_dir_and_file (DBusString *dir,
dbus_bool_t
_dbus_credentials_add_from_user (DBusCredentials *credentials,
const DBusString *username,
DBusCredentialsAddFlags flags,
DBusError *error)
{
if (!_dbus_credentials_add_windows_sid (credentials,
......
......@@ -240,8 +240,15 @@ dbus_bool_t _dbus_read_credentials_socket (DBusSocket client_fd,
dbus_bool_t _dbus_send_credentials_socket (DBusSocket server_fd,
DBusError *error);
typedef enum
{
DBUS_CREDENTIALS_ADD_FLAGS_USER_DATABASE = (1 << 0),
DBUS_CREDENTIALS_ADD_FLAGS_NONE = 0
} DBusCredentialsAddFlags;
dbus_bool_t _dbus_credentials_add_from_user (DBusCredentials *credentials,
const DBusString *username,
DBusCredentialsAddFlags flags,
DBusError *error);
dbus_bool_t _dbus_credentials_add_from_current_process (DBusCredentials *credentials);
......
......@@ -519,6 +519,7 @@ _dbus_homedir_from_uid (dbus_uid_t uid,
dbus_bool_t
_dbus_credentials_add_from_user (DBusCredentials *credentials,
const DBusString *username,
DBusCredentialsAddFlags flags,
DBusError *error)
{
DBusUserDatabase *db;
......@@ -536,6 +537,14 @@ _dbus_credentials_add_from_user (DBusCredentials *credentials,
return TRUE;
}
/* If we aren't allowed to look in NSS or /etc/passwd, fail now. */
if (!(flags & DBUS_CREDENTIALS_ADD_FLAGS_USER_DATABASE))
{
dbus_set_error (error, DBUS_ERROR_INVALID_ARGS,
"Expected a numeric Unix uid");
return FALSE;
}
if (!_dbus_user_database_lock_system ())
{
_DBUS_SET_OOM (error);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment