Commit 52594df0 authored by Simon McVittie's avatar Simon McVittie

bus driver: Use DBusCredentials to fill credentials structure

Signed-off-by: Simon McVittie's avatarSimon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737
parent fbc2a447
...@@ -1179,7 +1179,8 @@ bus_containers_handle_get_connection_instance (DBusConnection *caller, ...@@ -1179,7 +1179,8 @@ bus_containers_handle_get_connection_instance (DBusConnection *caller,
&arr_writer)) &arr_writer))
goto oom; goto oom;
if (!bus_driver_fill_connection_credentials (instance->creator, &arr_writer)) if (!bus_driver_fill_connection_credentials (NULL, instance->creator,
&arr_writer))
{ {
dbus_message_iter_abandon_container (&writer, &arr_writer); dbus_message_iter_abandon_container (&writer, &arr_writer);
goto oom; goto oom;
...@@ -1261,7 +1262,8 @@ bus_containers_handle_get_instance_info (DBusConnection *connection, ...@@ -1261,7 +1262,8 @@ bus_containers_handle_get_instance_info (DBusConnection *connection,
&arr_writer)) &arr_writer))
goto oom; goto oom;
if (!bus_driver_fill_connection_credentials (instance->creator, &arr_writer)) if (!bus_driver_fill_connection_credentials (NULL, instance->creator,
&arr_writer))
{ {
dbus_message_iter_abandon_container (&writer, &arr_writer); dbus_message_iter_abandon_container (&writer, &arr_writer);
goto oom; goto oom;
......
...@@ -1908,82 +1908,66 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne ...@@ -1908,82 +1908,66 @@ bus_driver_handle_get_connection_selinux_security_context (DBusConnection *conne
* if @conn is #NULL) into the a{sv} @asv_iter. Return #FALSE on OOM. * if @conn is #NULL) into the a{sv} @asv_iter. Return #FALSE on OOM.
*/ */
dbus_bool_t dbus_bool_t
bus_driver_fill_connection_credentials (DBusConnection *conn, bus_driver_fill_connection_credentials (DBusCredentials *credentials,
DBusConnection *conn,
DBusMessageIter *asv_iter) DBusMessageIter *asv_iter)
{ {
unsigned long ulong_uid, ulong_pid; dbus_uid_t uid = DBUS_UID_UNSET;
char *s; dbus_pid_t pid = DBUS_PID_UNSET;
const char *windows_sid = NULL;
const char *linux_security_label = NULL;
const char *path; const char *path;
if (conn == NULL) if (credentials == NULL && conn != NULL)
{ credentials = _dbus_connection_get_credentials (conn);
ulong_pid = _dbus_getpid ();
ulong_uid = _dbus_getuid ();
}
else
{
if (!dbus_connection_get_unix_process_id (conn, &ulong_pid))
ulong_pid = DBUS_PID_UNSET;
if (!dbus_connection_get_unix_user (conn, &ulong_uid)) if (credentials != NULL)
ulong_uid = DBUS_UID_UNSET; {
pid = _dbus_credentials_get_pid (credentials);
uid = _dbus_credentials_get_unix_uid (credentials);
windows_sid = _dbus_credentials_get_windows_sid (credentials);
linux_security_label =
_dbus_credentials_get_linux_security_label (credentials);
} }
/* we can't represent > 32-bit pids; if your system needs them, please /* we can't represent > 32-bit pids; if your system needs them, please
* add ProcessID64 to the spec or something */ * add ProcessID64 to the spec or something */
if (ulong_pid <= _DBUS_UINT32_MAX && ulong_pid != DBUS_PID_UNSET && if (pid <= _DBUS_UINT32_MAX && pid != DBUS_PID_UNSET &&
!_dbus_asv_add_uint32 (asv_iter, "ProcessID", ulong_pid)) !_dbus_asv_add_uint32 (asv_iter, "ProcessID", pid))
return FALSE; return FALSE;
/* we can't represent > 32-bit uids; if your system needs them, please /* we can't represent > 32-bit uids; if your system needs them, please
* add UnixUserID64 to the spec or something */ * add UnixUserID64 to the spec or something */
if (ulong_uid <= _DBUS_UINT32_MAX && ulong_uid != DBUS_UID_UNSET && if (uid <= _DBUS_UINT32_MAX && uid != DBUS_UID_UNSET &&
!_dbus_asv_add_uint32 (asv_iter, "UnixUserID", ulong_uid)) !_dbus_asv_add_uint32 (asv_iter, "UnixUserID", uid))
return FALSE; return FALSE;
/* FIXME: Obtain the Windows user of the bus daemon itself */ if (windows_sid != NULL)
if (conn != NULL &&
dbus_connection_get_windows_user (conn, &s))
{ {
DBusString str; DBusString str;
dbus_bool_t result; dbus_bool_t result;
if (s == NULL) _dbus_string_init_const (&str, windows_sid);
return FALSE;
_dbus_string_init_const (&str, s);
result = _dbus_validate_utf8 (&str, 0, _dbus_string_get_length (&str)); result = _dbus_validate_utf8 (&str, 0, _dbus_string_get_length (&str));
_dbus_string_free (&str); _dbus_string_free (&str);
if (result) if (result)
{ {
if (!_dbus_asv_add_string (asv_iter, "WindowsSID", s)) if (!_dbus_asv_add_string (asv_iter, "WindowsSID", windows_sid))
{ return FALSE;
dbus_free (s);
return FALSE;
}
} }
dbus_free (s);
} }
/* FIXME: Obtain the security label for the bus daemon itself */ if (linux_security_label != NULL)
if (conn != NULL &&
_dbus_connection_get_linux_security_label (conn, &s))
{ {
if (s == NULL)
return FALSE;
/* use the GVariant bytestring convention for strings of unknown /* use the GVariant bytestring convention for strings of unknown
* encoding: include the \0 in the payload, for zero-copy reading */ * encoding: include the \0 in the payload, for zero-copy reading */
if (!_dbus_asv_add_byte_array (asv_iter, "LinuxSecurityLabel", if (!_dbus_asv_add_byte_array (asv_iter, "LinuxSecurityLabel",
s, strlen (s) + 1)) linux_security_label,
{ strlen (linux_security_label) + 1))
dbus_free (s); return FALSE;
return FALSE;
}
dbus_free (s);
} }
/* This has to come from the connection, not the credentials */
if (conn != NULL && if (conn != NULL &&
bus_containers_connection_is_contained (conn, &path, NULL, NULL)) bus_containers_connection_is_contained (conn, &path, NULL, NULL))
{ {
...@@ -2003,6 +1987,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, ...@@ -2003,6 +1987,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection,
DBusError *error) DBusError *error)
{ {
DBusConnection *conn; DBusConnection *conn;
DBusCredentials *credentials = NULL;
DBusMessage *reply; DBusMessage *reply;
DBusMessageIter reply_iter; DBusMessageIter reply_iter;
DBusMessageIter array_iter; DBusMessageIter array_iter;
...@@ -2020,6 +2005,11 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, ...@@ -2020,6 +2005,11 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection,
{ {
case BUS_DRIVER_FOUND_SELF: case BUS_DRIVER_FOUND_SELF:
conn = NULL; conn = NULL;
/* FIXME: Obtain the security label for the bus daemon itself,
* if we can (this doesn't include it, both for performance
* reasons and because LSMs don't guarantee that there is a way
* to get the same string that would have come from SO_PEERSEC) */
credentials = _dbus_credentials_new_from_current_process ();
break; break;
case BUS_DRIVER_FOUND_PEER: case BUS_DRIVER_FOUND_PEER:
...@@ -2035,7 +2025,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, ...@@ -2035,7 +2025,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection,
reply = _dbus_asv_new_method_return (message, &reply_iter, &array_iter); reply = _dbus_asv_new_method_return (message, &reply_iter, &array_iter);
if (reply == NULL || if (reply == NULL ||
!bus_driver_fill_connection_credentials (conn, &array_iter) || !bus_driver_fill_connection_credentials (credentials, conn, &array_iter) ||
!_dbus_asv_close (&reply_iter, &array_iter)) !_dbus_asv_close (&reply_iter, &array_iter))
goto oom; goto oom;
...@@ -2049,7 +2039,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, ...@@ -2049,7 +2039,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection,
} }
dbus_message_unref (reply); dbus_message_unref (reply);
_dbus_clear_credentials (&credentials);
return TRUE; return TRUE;
oom: oom:
...@@ -2064,6 +2054,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, ...@@ -2064,6 +2054,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection,
dbus_message_unref (reply); dbus_message_unref (reply);
} }
_dbus_clear_credentials (&credentials);
return FALSE; return FALSE;
} }
......
...@@ -55,7 +55,8 @@ dbus_bool_t bus_driver_send_service_owner_changed (const char *service_name ...@@ -55,7 +55,8 @@ dbus_bool_t bus_driver_send_service_owner_changed (const char *service_name
dbus_bool_t bus_driver_generate_introspect_string (DBusString *xml, dbus_bool_t bus_driver_generate_introspect_string (DBusString *xml,
dbus_bool_t canonical_path, dbus_bool_t canonical_path,
DBusMessage *message); DBusMessage *message);
dbus_bool_t bus_driver_fill_connection_credentials (DBusConnection *conn, dbus_bool_t bus_driver_fill_connection_credentials (DBusCredentials *credentials,
DBusConnection *conn,
DBusMessageIter *asv_iter); DBusMessageIter *asv_iter);
BusDriverFound bus_driver_get_conn_helper (DBusConnection *connection, BusDriverFound bus_driver_get_conn_helper (DBusConnection *connection,
......
...@@ -78,6 +78,7 @@ dbus_bool_t _dbus_credentials_get_unix_gids (DBusCredentials ...@@ -78,6 +78,7 @@ dbus_bool_t _dbus_credentials_get_unix_gids (DBusCredentials
size_t *n_gids); size_t *n_gids);
DBUS_PRIVATE_EXPORT DBUS_PRIVATE_EXPORT
const char* _dbus_credentials_get_windows_sid (DBusCredentials *credentials); const char* _dbus_credentials_get_windows_sid (DBusCredentials *credentials);
DBUS_PRIVATE_EXPORT
const char * _dbus_credentials_get_linux_security_label (DBusCredentials *credentials); const char * _dbus_credentials_get_linux_security_label (DBusCredentials *credentials);
void * _dbus_credentials_get_adt_audit_data (DBusCredentials *credentials); void * _dbus_credentials_get_adt_audit_data (DBusCredentials *credentials);
dbus_int32_t _dbus_credentials_get_adt_audit_data_size (DBusCredentials *credentials); dbus_int32_t _dbus_credentials_get_adt_audit_data_size (DBusCredentials *credentials);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment