• Simon McVittie's avatar
    _dbus_credentials_add_from_user: Only accept numeric uid for EXTERNAL · 356333e4
    Simon McVittie authored
    In the well-known system dbus-daemon, it's desirable to avoid looking
    up non-numeric authorization identities in the user database, because
    that could deadlock with NSS modules that directly or indirectly
    require the system bus. Add a flag for whether the username will be
    looked up in the userdb, and don't set that flag for EXTERNAL auth
    (which is what we use on the system bus, and on the session bus
    if not configured otherwise).
    DBUS_COOKIE_SHA1 authentication is documented in terms of the
    username (although in fact libdbus sends a numeric uid there too,
    and GDBus only accepts a numeric uid) so continue to use the userdb
    for that mechanism. DBUS_COOKIE_SHA1 needs to use the userdb on Unix
    anyway, otherwise it won't find the user's home directory.
    Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
    Reviewed-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
    Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588
dbus-auth.c 79.2 KB