credentials_t::credentials_t(const QDBusMessage &message) : uid("nobody"), gid("nobody") { QString sender = message.service() ; uint32_t user_id = get_name_owner_from_dbus_sync(Maemo::Timed::bus(), sender) ; if (user_id == ~0u) log_warning("can't get user (uid) of the caller, already terminated?") ; else { passwd *info = getpwuid(user_id) ; if (info) { uid = info->pw_name ; gid = gidToName(info->pw_gid) ; } } }
credentials_t Aegis::credentials_from_dbus_connection(const QDBusMessage &message) { // We are doing this in a kinda insecure way. Two steps: // 1. Ask dbus daemon, what is the pid of the client. // --- race race race --- (please someone file a bug about it) --- race race race --- // 2. Ask aegis kernel extension, what are the credentials of given pid. QString sender = message.service() ; /* "returns "sender" on inbound messages and "service" on outbound messages which saves one QString object and confuses at least me ..." -- so true ! */ // 1. Ask DBus daemon, what is the PID of the 'sender': uint32_t owner_id = get_name_owner_from_dbus_sync(Maemo::Timed::bus(), sender) ; if (owner_id == ~0u) { log_warning("can't get owner (pid) of the caller, already terminated?") ; return credentials_t() ; } pid_t pid = owner_id ; // 2. Getting aegis credentials from the kernel, by pid creds_t aegis_creds = creds_gettask(pid) ; // Don't check result, as NULL is a valid set of aegis credentials credentials_t creds = Aegis::credentials_from_creds_t(aegis_creds) ; creds_free(aegis_creds) ; return creds ; }