along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
+#include <sys/socket.h>
+
#include "sd-event.h"
#include "sd-bus.h"
if (r == SD_EVENT_FINISHED)
break;
- r = sd_event_run(e, exiting ? (uint64_t) -1 : 5 * USEC_PER_SEC /* DEFAULT_EXIT_USEC */);
+ r = sd_event_run(e, exiting ? (uint64_t) -1 : timeout);
if (r < 0)
return r;
#ifdef ENABLE_POLKIT
else {
_cleanup_bus_message_unref_ sd_bus_message *reply = NULL;
- bool authorized = false, challenge = false;
+ unsigned authorized = false, challenge = false;
r = sd_bus_call_method(
bus,
#ifdef ENABLE_POLKIT
q = hashmap_remove(*registry, m);
if (q) {
- bool authorized, challenge;
+ unsigned authorized, challenge;
/* This is the second invocation of this function, and
* there's already a response from polkit, let's
hashmap_free(registry);
#endif
}
+
+static int bus_check_peercred(sd_bus *c) {
+ int fd;
+ struct ucred ucred;
+ socklen_t l;
+
+ assert(c);
+
+ fd = sd_bus_get_fd(c);
+
+ assert(fd >= 0);
+
+ l = sizeof(struct ucred);
+ if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &ucred, &l) < 0) {
+ log_error("SO_PEERCRED failed: %m");
+ return -errno;
+ }
+
+ if (l != sizeof(struct ucred)) {
+ log_error("SO_PEERCRED returned wrong size.");
+ return -E2BIG;
+ }
+
+ if (ucred.uid != 0 && ucred.uid != geteuid())
+ return -EPERM;
+
+ return 1;
+}
+
+int bus_connect_system(sd_bus **_bus) {
+ sd_bus *bus = NULL;
+ int r;
+ bool private = true;
+
+ assert(_bus);
+
+ if (geteuid() == 0) {
+ /* If we are root, then let's talk directly to the
+ * system instance, instead of going via the bus */
+
+ r = sd_bus_new(&bus);
+ if (r < 0)
+ return r;
+
+ r = sd_bus_set_address(bus, "unix:path=/run/systemd/private");
+ if (r < 0)
+ return r;
+
+ r = sd_bus_start(bus);
+ if (r < 0)
+ return r;
+
+ } else {
+ r = sd_bus_open_system(&bus);
+ if (r < 0)
+ return r;
+
+ private = false;
+ }
+
+ if (private) {
+ r = bus_check_peercred(bus);
+ if (r < 0) {
+ sd_bus_unref(bus);
+
+ return -EACCES;
+ }
+ }
+
+ *_bus = bus;
+ return 0;
+}
~ianmdlvl / elogind.git / blobdiff