static errno_t
sbus_server_bus_get_connection_unix_user(TALLOC_CTX *mem_ctx,
struct sbus_request *sbus_req,
struct sbus_server *server,
const char *name,
uint32_t *_uid)
{
struct sbus_connection *conn;
unsigned long uid;
dbus_bool_t dbret;
if (strcmp(name, DBUS_SERVICE_DBUS) == 0) {
*_uid = server->uid;
return EOK;
}
conn = sss_ptr_hash_lookup(server->names, name, struct sbus_connection);
if (conn == NULL) {
return ERR_SBUS_UNKNOWN_OWNER;
}
dbret = dbus_connection_get_unix_user(conn->connection, &uid);
if (!dbret) {
return EIO;
}
*_uid = (uint32_t)uid;
return EOK;
}
glong
ibus_connection_get_unix_user (IBusConnection *connection)
{
IBusConnectionPrivate *priv;
priv = IBUS_CONNECTION_GET_PRIVATE (connection);
gulong uid;
if (priv->connection && dbus_connection_get_unix_user (priv->connection, &uid))
return uid;
return -1;
}
static dbus_bool_t
bus_driver_handle_get_connection_unix_user (DBusConnection *connection,
BusTransaction *transaction,
DBusMessage *message,
DBusError *error)
{
const char *service;
DBusString str;
BusRegistry *registry;
BusService *serv;
DBusConnection *conn;
DBusMessage *reply;
unsigned long uid;
dbus_uint32_t uid32;
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
registry = bus_connection_get_registry (connection);
service = NULL;
reply = NULL;
if (! dbus_message_get_args (message, error,
DBUS_TYPE_STRING, &service,
DBUS_TYPE_INVALID))
goto failed;
_dbus_verbose ("asked for UID of connection %s\n", service);
_dbus_string_init_const (&str, service);
serv = bus_registry_lookup (registry, &str);
if (serv == NULL)
{
dbus_set_error (error,
DBUS_ERROR_NAME_HAS_NO_OWNER,
"Could not get UID of name '%s': no such name", service);
goto failed;
}
conn = bus_service_get_primary_owners_connection (serv);
reply = dbus_message_new_method_return (message);
if (reply == NULL)
goto oom;
if (!dbus_connection_get_unix_user (conn, &uid))
{
dbus_set_error (error,
DBUS_ERROR_FAILED,
"Could not determine UID for '%s'", service);
goto failed;
}
uid32 = uid;
if (! dbus_message_append_args (reply,
DBUS_TYPE_UINT32, &uid32,
DBUS_TYPE_INVALID))
goto oom;
if (! bus_transaction_send_from_driver (transaction, connection, reply))
goto oom;
dbus_message_unref (reply);
return TRUE;
oom:
BUS_SET_OOM (error);
failed:
_DBUS_ASSERT_ERROR_IS_SET (error);
if (reply)
dbus_message_unref (reply);
return FALSE;
}
/**
* session_from_dbus:
* @parent: parent,
* @message: D-Bus message.
*
* Create a new session, based on the specified D-Bus message.
*
* Return new Session, or NULL on error.
**/
Session *
session_from_dbus (const void *parent,
NihDBusMessage *message)
{
const char *sender;
DBusError dbus_error;
unsigned long unix_user;
unsigned long unix_process_id;
char root[PATH_MAX];
Session *session;
struct passwd *pwd;
nih_local char *conf_path = NULL;
nih_assert (message != NULL);
/* Handle explicit command-line request and alternative request
* method (primarily for test framework) to disable session support.
*/
if (disable_sessions || getenv ("UPSTART_NO_SESSIONS"))
return NULL;
session_init ();
/* Ask D-Bus nicely for the origin uid and/or pid of the caller;
* sadly we can't ask the bus daemon for the origin pid, so that
* one will just have to stay user-session only.
*/
dbus_error_init (&dbus_error);
sender = dbus_message_get_sender (message->message);
if (sender) {
unix_user = dbus_bus_get_unix_user (message->connection, sender,
&dbus_error);
if (unix_user == (unsigned long)-1) {
dbus_error_free (&dbus_error);
unix_user = 0;
}
unix_process_id = 0;
} else {
if (! dbus_connection_get_unix_user (message->connection,
&unix_user))
unix_process_id = 0;
if (! dbus_connection_get_unix_process_id (message->connection,
&unix_process_id))
unix_process_id = 0;
}
/* If we retrieved a process id, look up the root path for it;
* if it's just '/' don't worry so much about it.
*/
if (unix_process_id) {
nih_local char *symlink = NULL;
ssize_t len;
symlink = NIH_MUST (nih_sprintf (NULL, "/proc/%lu/root",
unix_process_id));
len = readlink (symlink, root, sizeof root);
if (len < 0)
return NULL;
root[len] = '\0';
if (! strcmp (root, "/")) {
unix_process_id = 0;
if (! unix_user)
return NULL;
}
} else if (! unix_user) {
/* No process id or user id found, return the NULL session */
return NULL;
}
if (unix_user) {
pwd = getpwuid (unix_user);
if (! pwd || ! pwd->pw_dir) {
nih_error ("%lu: %s: %s", unix_user,
_("Unable to lookup home directory"),
strerror (errno));
return NULL;
}
NIH_MUST (nih_strcat_sprintf (&conf_path, NULL, "%s/%s",
pwd->pw_dir, USERCONFDIR));
}
/* Now find in the existing Sessions list */
NIH_LIST_FOREACH_SAFE (sessions, iter) {
Session *session = (Session *)iter;
if (unix_process_id) {
if (! session->chroot)
continue;
/* ignore sessions relating to other chroots */
if (strcmp (session->chroot, root))
continue;
}
/* ignore sessions relating to other users */
if (unix_user != session->user)
continue;
/* Found a user with the same uid but different
* conf_dir to the existing session user. Either the
* original user has been deleted and a new user created
* with the same uid, or the original users home
* directory has changed since they first started
* running jobs. Whatever the reason, we (can only) honour
* the new value.
*
* Since multiple users with the same uid are considered
* to be "the same user", invalidate the old path,
* allowing the correct new path to be set below.
*
* Note that there may be a possibility of trouble if
* the scenario relates to a deleted user and that original
* user still has jobs running. However, if that were the
* case, those jobs would likely fail anyway since they
* would have no working directory due to the original
* users home directory being deleted/changed/made inaccessible.
*/
if (unix_user && conf_path && session->conf_path &&
strcmp (conf_path, session->conf_path)) {
nih_free (session->conf_path);
session->conf_path = NULL;
}
if (! session->conf_path)
session_create_conf_source (session);
return session;
}
BusClientPolicy*
bus_policy_create_client_policy (BusPolicy *policy,
DBusConnection *connection,
DBusError *error)
{
BusClientPolicy *client;
dbus_uid_t uid;
dbus_bool_t at_console;
_dbus_assert (dbus_connection_get_is_authenticated (connection));
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
client = bus_client_policy_new ();
if (client == NULL)
goto nomem;
if (!add_list_to_client (&policy->default_rules,
client))
goto nomem;
/* we avoid the overhead of looking up user's groups
* if we don't have any group rules anyway
*/
if (_dbus_hash_table_get_n_entries (policy->rules_by_gid) > 0)
{
unsigned long *groups;
int n_groups;
int i;
if (!bus_connection_get_groups (connection, &groups, &n_groups, error))
goto failed;
i = 0;
while (i < n_groups)
{
DBusList **list;
list = _dbus_hash_table_lookup_ulong (policy->rules_by_gid,
groups[i]);
if (list != NULL)
{
if (!add_list_to_client (list, client))
{
dbus_free (groups);
goto nomem;
}
}
++i;
}
dbus_free (groups);
}
if (!dbus_connection_get_unix_user (connection, &uid))
{
dbus_set_error (error, DBUS_ERROR_FAILED,
"No user ID known for connection, cannot determine security policy\n");
goto failed;
}
if (_dbus_hash_table_get_n_entries (policy->rules_by_uid) > 0)
{
DBusList **list;
list = _dbus_hash_table_lookup_ulong (policy->rules_by_uid,
uid);
if (list != NULL)
{
if (!add_list_to_client (list, client))
goto nomem;
}
}
/* Add console rules */
at_console = _dbus_is_console_user (uid, error);
if (at_console)
{
if (!add_list_to_client (&policy->at_console_true_rules, client))
goto nomem;
}
else if (dbus_error_is_set (error) == TRUE)
{
goto failed;
}
else if (!add_list_to_client (&policy->at_console_false_rules, client))
{
goto nomem;
}
if (!add_list_to_client (&policy->mandatory_rules,
client))
goto nomem;
bus_client_policy_optimize (client);
return client;
nomem:
BUS_SET_OOM (error);
failed:
_DBUS_ASSERT_ERROR_IS_SET (error);
if (client)
bus_client_policy_unref (client);
return NULL;
}
