summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-04-23 00:37:47 +0200
committerLennart Poettering <lennart@poettering.net>2015-04-23 00:37:47 +0200
commit0674bbea9ce0958512411962c2d1623d88dad0b4 (patch)
treebd76da8ef1f0aa751b1958cac6aeaf85bd1d5801
parente346512c684e9efae84c6442f7e6a5781564ecde (diff)
core: explicitly specify credentials for direct connections, too
So far we authenticate direct connections primarily at connection time, but let's also do this for each method individually, by attaching the creds we need for that right away.
-rw-r--r--src/core/dbus.c9
-rw-r--r--src/libsystemd/sd-bus/bus-socket.c2
2 files changed, 10 insertions, 1 deletions
diff --git a/src/core/dbus.c b/src/core/dbus.c
index 18754f606..02b998c6d 100644
--- a/src/core/dbus.c
+++ b/src/core/dbus.c
@@ -670,6 +670,15 @@ static int bus_on_connection(sd_event_source *s, int fd, uint32_t revents, void
return 0;
}
+ r = sd_bus_negotiate_creds(bus, 1,
+ SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|
+ SD_BUS_CREDS_EUID|SD_BUS_CREDS_EFFECTIVE_CAPS|
+ SD_BUS_CREDS_SELINUX_CONTEXT);
+ if (r < 0) {
+ log_warning_errno(r, "Failed to enable credentials for new connection: %m");
+ return 0;
+ }
+
r = sd_bus_start(bus);
if (r < 0) {
log_warning_errno(r, "Failed to start new connection bus: %m");
diff --git a/src/libsystemd/sd-bus/bus-socket.c b/src/libsystemd/sd-bus/bus-socket.c
index f97e15d5d..6a55f9bfb 100644
--- a/src/libsystemd/sd-bus/bus-socket.c
+++ b/src/libsystemd/sd-bus/bus-socket.c
@@ -916,7 +916,7 @@ static int bus_socket_make_message(sd_bus *bus, size_t size) {
bus->rbuffer, size,
bus->fds, bus->n_fds,
!bus->bus_client && bus->ucred_valid ? &bus->ucred : NULL,
- !bus->bus_client && bus->label[0] ? bus->label : NULL,
+ !bus->bus_client && !isempty(bus->label) ? bus->label : NULL,
&t);
if (r < 0) {
free(b);