Age | Commit message (Collapse) | Author |
|
GetConnectionCredentials method was added to dbus-1 specification
more than one year ago. This method should return "[...] as many
credentials as possible for the process connected to the server",
but at this moment only "UnixUserID", "LinuxSecurityLabel" and
"ProcessID" are defined by the specification. We should add support
for next credentials after extending dbus-1 spec.
|
|
This patch removes includes that are not used. The removals were found with
include-what-you-use which checks if any of the symbols from a header is
in use.
|
|
synthetic_reply_method_return_strv()
That way it matches more closely the nomenclature of our other
success reply calls.
|
|
|
|
Set proper kdbus_cmd_list object size, otherwise:
dbus-send --system --dest=org.freedesktop.DBus --type=method_call \
print-reply / org.freedesktop.DBus.ListQueuedOwners string:org.freedesktop.systemd1
Error org.freedesktop.DBus.Error.InvalidArgs: Invalid argument
|
|
|
|
|
|
While it's a lovely scenario, it's probably not really useful. Fix our
GetConnectionUnixUser() to return the actual 'euid' which we asked for,
not the possible uninitialized 'uid'.
|
|
Whenever a process performs an action on an object, the kernel uses the
EUID of the process to do permission checks and to apply on any newly
created objects. The UID of a process is only used if someone *ELSE* acts
on the process. That is, the UID of a process defines who owns the
process, the EUID defines what privileges are used by this process when
performing an action.
Process limits, on the other hand, are always applied to the real UID, not
the effective UID. This is, because a process has a user object linked,
which always corresponds to its UID. A process never has a user object
linked for its EUID. Thus, accounting (and limits) is always done on the
real UID.
This commit fixes all sd-bus users to use the EUID when performing
privilege checks and alike. Furthermore, it fixes unix-creds to be parsed
as EUID, not UID (as the kernel always takes the EUID on UDS). Anyone
using UID (eg., to do user-accounting) has to fall back to the EUID as UDS
does not transmit the UID.
|
|
Make sure to reload our xml policy configuration if requested via the bus.
|
|
Fix whitespace indentation.
|
|
This implements a shared policy cache with read-write locks. We no longer
parse the XML policy in each thread.
This will allow us to easily implement ReloadConfig().
|
|
Move synthesize_*() into synthesize.c and bus_proxy_process_driver() into
driver.c for better code separation.
|