diff options
| author | Lennart Poettering <lennart@poettering.net> | 2013-11-28 17:50:02 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2013-11-28 18:42:18 +0100 |
| commit | 5b12334d35eadf1f45cc3d631fd1a2e72ffaea0a (patch) | |
| tree | 55682fbecfeb705adfaf0f78fd76f5c8dc219b1b /src/libsystemd-bus/bus-util.c | |
| parent | 70f75a523b16ad495a7791d595ee3eececf75953 (diff) | |
bus: add new sd_bus_creds object to encapsulate process credentials
This way we can unify handling of credentials that are attached to
messages, or can be queried for bus name owners or connection peers.
This also adds the ability to extend incomplete credential information
with data from /proc,
Also, provide a convenience call that will automatically determine the
most appropriate credential object for an incoming message, by using the
the attached information if possible, the sending name information if
available and otherwise the peer's credentials.
Diffstat (limited to 'src/libsystemd-bus/bus-util.c')
| -rw-r--r-- | src/libsystemd-bus/bus-util.c | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/src/libsystemd-bus/bus-util.c b/src/libsystemd-bus/bus-util.c index 7a21975092..5069aaaaba 100644 --- a/src/libsystemd-bus/bus-util.c +++ b/src/libsystemd-bus/bus-util.c @@ -20,6 +20,7 @@ ***/ #include <sys/socket.h> +#include <sys/capability.h> #include "util.h" #include "strv.h" @@ -137,7 +138,7 @@ int bus_verify_polkit( bool *_challenge, sd_bus_error *e) { - const char *sender; + _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; uid_t uid; int r; @@ -145,11 +146,11 @@ int bus_verify_polkit( assert(m); assert(action); - sender = sd_bus_message_get_sender(m); - if (!sender) - return -EBADMSG; + r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_UID, &creds); + if (r < 0) + return r; - r = sd_bus_get_owner_uid(bus, sender, &uid); + r = sd_bus_creds_get_uid(creds, &uid); if (r < 0) return r; @@ -160,6 +161,11 @@ int bus_verify_polkit( else { _cleanup_bus_message_unref_ sd_bus_message *reply = NULL; int authorized = false, challenge = false; + const char *sender; + + sender = sd_bus_message_get_sender(m); + if (!sender) + return -EBADMSG; r = sd_bus_call_method( bus, @@ -271,8 +277,9 @@ int bus_verify_polkit_async( #ifdef ENABLE_POLKIT _cleanup_bus_message_unref_ sd_bus_message *pk = NULL; AsyncPolkitQuery *q; -#endif const char *sender; +#endif + _cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL; uid_t uid; int r; @@ -319,17 +326,21 @@ int bus_verify_polkit_async( } #endif - sender = sd_bus_message_get_sender(m); - if (!sender) - return -EBADMSG; + r = sd_bus_query_sender_creds(m, SD_BUS_CREDS_UID, &creds); + if (r < 0) + return r; - r = sd_bus_get_owner_uid(bus, sender, &uid); + r = sd_bus_creds_get_uid(creds, &uid); if (r < 0) return r; if (uid == 0) return 1; + #ifdef ENABLE_POLKIT + sender = sd_bus_message_get_sender(m); + if (!sender) + return -EBADMSG; r = hashmap_ensure_allocated(registry, trivial_hash_func, trivial_compare_func); if (r < 0) |