diff options
Diffstat (limited to 'src/responder/ifp/ifpsrv_util.c')
-rw-r--r-- | src/responder/ifp/ifpsrv_util.c | 47 |
1 files changed, 46 insertions, 1 deletions
diff --git a/src/responder/ifp/ifpsrv_util.c b/src/responder/ifp/ifpsrv_util.c index e16d36279..2bce20186 100644 --- a/src/responder/ifp/ifpsrv_util.c +++ b/src/responder/ifp/ifpsrv_util.c @@ -29,6 +29,7 @@ errno_t ifp_req_create(struct sbus_request *dbus_req, struct ifp_req **_ifp_req) { struct ifp_req *ireq = NULL; + errno_t ret; if (ifp_ctx->sysbus == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Responder not connected to sysbus!\n"); @@ -43,8 +44,52 @@ errno_t ifp_req_create(struct sbus_request *dbus_req, ireq->ifp_ctx = ifp_ctx; ireq->dbus_req = dbus_req; + if (dbus_req->client == -1) { + /* We got a sysbus message but couldn't identify the + * caller? Bail out! */ + DEBUG(SSSDBG_CRIT_FAILURE, + "BUG: Received a message without a known caller!\n"); + ret = EACCES; + goto done; + } + + ret = check_allowed_uids(dbus_req->client, + ifp_ctx->rctx->allowed_uids_count, + ifp_ctx->rctx->allowed_uids); + if (ret == EACCES) { + DEBUG(SSSDBG_MINOR_FAILURE, + "User %"PRIi64" not in ACL\n", dbus_req->client); + goto done; + } else if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Cannot check if user %"PRIi64" is present in ACL\n", + dbus_req->client); + goto done; + } + *_ifp_req = ireq; - return EOK; + ret = EOK; +done: + if (ret != EOK) { + talloc_free(ireq); + } + return ret; +} + +int ifp_req_create_handle_failure(struct sbus_request *dbus_req, errno_t err) +{ + if (err == EACCES) { + return sbus_request_fail_and_finish(dbus_req, + sbus_error_new(dbus_req, + DBUS_ERROR_ACCESS_DENIED, + "User %"PRIi64" not in ACL\n", + dbus_req->client)); + } + + return sbus_request_fail_and_finish(dbus_req, + sbus_error_new(dbus_req, + DBUS_ERROR_FAILED, + "Cannot create IFP request\n")); } const char *ifp_path_strip_prefix(const char *path, const char *prefix) |