From dad9c269fae442893400df3287e4194b633f75e0 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 12 Jan 2018 16:09:08 +0000 Subject: [PATCH 4/7] _dbus_credentials_add_from_user: Only accept numeric uid for EXTERNAL In the well-known system dbus-daemon, it's desirable to avoid looking up non-numeric authorization identities in the user database, because that could deadlock with NSS modules that directly or indirectly require the system bus. Add a flag for whether the username will be looked up in the userdb, and don't set that flag for EXTERNAL auth (which is what we use on the system bus, and on the session bus if not configured otherwise). DBUS_COOKIE_SHA1 authentication is documented in terms of the username (although in fact libdbus sends a numeric uid there too, and GDBus only accepts a numeric uid) so continue to use the userdb for that mechanism. DBUS_COOKIE_SHA1 needs to use the userdb on Unix anyway, otherwise it won't find the user's home directory. Signed-off-by: Simon McVittie Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104588 --- dbus/dbus-auth.c | 2 ++ dbus/dbus-sysdeps-win.c | 1 + dbus/dbus-sysdeps.h | 7 +++++++ dbus/dbus-userdb.c | 9 +++++++++ 4 files changed, 19 insertions(+) diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c index 06de633a..3182026c 100644 --- a/dbus/dbus-auth.c +++ b/dbus/dbus-auth.c @@ -550,6 +550,7 @@ sha1_handle_first_client_response (DBusAuth *auth, } if (!_dbus_credentials_add_from_user (auth->desired_identity, data, + DBUS_CREDENTIALS_ADD_FLAGS_USER_DATABASE, &error)) { if (dbus_error_has_name (&error, DBUS_ERROR_NO_MEMORY)) @@ -1120,6 +1121,7 @@ handle_server_data_external_mech (DBusAuth *auth, if (!_dbus_credentials_add_from_user (auth->desired_identity, &auth->identity, + DBUS_CREDENTIALS_ADD_FLAGS_NONE, &error)) { if (dbus_error_has_name (&error, DBUS_ERROR_NO_MEMORY)) diff --git a/dbus/dbus-sysdeps-win.c b/dbus/dbus-sysdeps-win.c index 4ad87edc..4e71d1cf 100644 --- a/dbus/dbus-sysdeps-win.c +++ b/dbus/dbus-sysdeps-win.c @@ -2066,6 +2066,7 @@ _dbus_concat_dir_and_file (DBusString *dir, dbus_bool_t _dbus_credentials_add_from_user (DBusCredentials *credentials, const DBusString *username, + DBusCredentialsAddFlags flags, DBusError *error) { if (!_dbus_credentials_add_windows_sid (credentials, diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h index 48d3e766..b9b0c440 100644 --- a/dbus/dbus-sysdeps.h +++ b/dbus/dbus-sysdeps.h @@ -240,8 +240,15 @@ dbus_bool_t _dbus_read_credentials_socket (DBusSocket client_fd, dbus_bool_t _dbus_send_credentials_socket (DBusSocket server_fd, DBusError *error); +typedef enum +{ + DBUS_CREDENTIALS_ADD_FLAGS_USER_DATABASE = (1 << 0), + DBUS_CREDENTIALS_ADD_FLAGS_NONE = 0 +} DBusCredentialsAddFlags; + dbus_bool_t _dbus_credentials_add_from_user (DBusCredentials *credentials, const DBusString *username, + DBusCredentialsAddFlags flags, DBusError *error); dbus_bool_t _dbus_credentials_add_from_current_process (DBusCredentials *credentials); diff --git a/dbus/dbus-userdb.c b/dbus/dbus-userdb.c index b96aef43..e765e794 100644 --- a/dbus/dbus-userdb.c +++ b/dbus/dbus-userdb.c @@ -526,6 +526,7 @@ _dbus_homedir_from_uid (dbus_uid_t uid, dbus_bool_t _dbus_credentials_add_from_user (DBusCredentials *credentials, const DBusString *username, + DBusCredentialsAddFlags flags, DBusError *error) { DBusUserDatabase *db; @@ -543,6 +544,14 @@ _dbus_credentials_add_from_user (DBusCredentials *credentials, return TRUE; } + /* If we aren't allowed to look in NSS or /etc/passwd, fail now. */ + if (!(flags & DBUS_CREDENTIALS_ADD_FLAGS_USER_DATABASE)) + { + dbus_set_error (error, DBUS_ERROR_INVALID_ARGS, + "Expected a numeric Unix uid"); + return FALSE; + } + if (!_dbus_user_database_lock_system ()) { _DBUS_SET_OOM (error); -- 2.15.1