return 1;
}
-static int rename_service(sd_bus *b) {
+static int rename_service(sd_bus *a, sd_bus *b) {
_cleanup_bus_creds_unref_ sd_bus_creds *creds = NULL;
_cleanup_free_ char *p = NULL, *name = NULL;
const char *comm;
pid_t pid;
int r;
+ assert(a);
assert(b);
r = sd_bus_get_peer_creds(b, SD_BUS_CREDS_UID|SD_BUS_CREDS_PID|SD_BUS_CREDS_CMDLINE|SD_BUS_CREDS_COMM, &creds);
memset(arg_command_line_buffer + w, 0, m - w);
}
+ log_debug("Running on behalf of PID %lu (%s), UID %lu (%s), %s",
+ (unsigned long) pid, p,
+ (unsigned long) uid, name,
+ a->unique_name);
+ ;
return 0;
}
return sd_bus_send(b, n, NULL);
}
+static int process_policy(sd_bus *a, sd_bus *b, sd_bus_message *m) {
+ _cleanup_bus_message_unref_ sd_bus_message *n = NULL;
+ int r;
+
+ assert(a);
+ assert(b);
+ assert(m);
+
+ if (!sd_bus_message_is_method_call(m, "org.freedesktop.DBus.Properties", "GetAll"))
+ return 0;
+
+ if (!streq_ptr(m->path, "/org/gnome/DisplayManager/Slave"))
+ return 0;
+
+ r = sd_bus_message_new_method_errorf(m, &n, SD_BUS_ERROR_ACCESS_DENIED, "gdm, you are stupid");
+ if (r < 0)
+ return r;
+
+ r = bus_message_append_sender(n, "org.freedesktop.DBus");
+ if (r < 0) {
+ log_error("Failed to append sender to gdm reply: %s", strerror(-r));
+ return r;
+ }
+
+ r = bus_seal_synthetic_message(b, n);
+ if (r < 0) {
+ log_error("Failed to seal gdm reply: %s", strerror(-r));
+ return r;
+ }
+
+ r = sd_bus_send(b, n, NULL);
+ if (r < 0) {
+ log_error("Failed to send gdm reply: %s", strerror(-r));
+ return r;
+ }
+
+ return 1;
+}
+
static int process_hello(sd_bus *a, sd_bus *b, sd_bus_message *m, bool *got_hello) {
_cleanup_bus_message_unref_ sd_bus_message *n = NULL;
bool is_hello;
int r, in_fd, out_fd;
bool got_hello = false;
bool is_unix;
+ struct ucred ucred = {};
+ _cleanup_free_ char *peersec = NULL;
log_set_target(LOG_TARGET_JOURNAL_OR_KMSG);
log_parse_environment();
in_fd = SD_LISTEN_FDS_START;
out_fd = SD_LISTEN_FDS_START;
} else {
- log_error("Illegal number of file descriptors passed\n");
+ log_error("Illegal number of file descriptors passed");
goto finish;
}
sd_is_socket(in_fd, AF_UNIX, 0, 0) > 0 &&
sd_is_socket(out_fd, AF_UNIX, 0, 0) > 0;
+ if (is_unix) {
+ getpeercred(in_fd, &ucred);
+ getpeersec(in_fd, &peersec);
+ }
+
r = sd_bus_new(&a);
if (r < 0) {
log_error("Failed to allocate bus: %s", strerror(-r));
goto finish;
}
+ if (ucred.pid > 0) {
+ a->fake_creds.pid = ucred.pid;
+ a->fake_creds.uid = ucred.uid;
+ a->fake_creds.gid = ucred.gid;
+ a->fake_creds_valid = true;
+ }
+
+ if (peersec) {
+ a->fake_label = peersec;
+ peersec = NULL;
+ }
+
+ a->manual_peer_interface = true;
+
r = sd_bus_start(a);
if (r < 0) {
log_error("Failed to start bus client: %s", strerror(-r));
goto finish;
}
+ b->manual_peer_interface = true;
+
r = sd_bus_start(b);
if (r < 0) {
log_error("Failed to start bus client: %s", strerror(-r));
goto finish;
}
- r = rename_service(b);
+ r = rename_service(a, b);
if (r < 0)
log_debug("Failed to rename process: %s", strerror(-r));
if (a->is_kernel) {
- _cleanup_free_ char *match;
+ _cleanup_free_ char *match = NULL;
const char *unique;
r = sd_bus_get_unique_name(a, &unique);
if (k > 0)
r = k;
else {
+ k = process_policy(a, b, m);
+ if (k < 0) {
+ r = k;
+ goto finish;
+ }
+
k = sd_bus_send(a, m, NULL);
if (k < 0) {
r = k;
~ianmdlvl / elogind.git / blobdiff