diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-07 19:44:44 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-10-07 19:51:11 +0200 |
| commit | 75ac92d3bebade73fd50974e3d75443bad2be2e5 (patch) | |
| tree | 71458db9a605672606251183d32290735ef9323a | |
| parent | c976e2097fd8503b60fa96d81714fd28c05209aa (diff) | |
| download | sssd-75ac92d3bebade73fd50974e3d75443bad2be2e5.tar.gz sssd-75ac92d3bebade73fd50974e3d75443bad2be2e5.tar.xz sssd-75ac92d3bebade73fd50974e3d75443bad2be2e5.zip | |
SBUS: Allow connections from other UIDs
| -rw-r--r-- | src/monitor/monitor.c | 3 | ||||
| -rw-r--r-- | src/sbus/sssd_dbus.h | 4 | ||||
| -rw-r--r-- | src/sbus/sssd_dbus_connection.c | 20 |
3 files changed, 27 insertions, 0 deletions
diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index 5669f1677..b44f80f9f 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -2332,6 +2332,9 @@ static int monitor_service_init(struct sbus_connection *conn, void *data) mini->ctx = ctx; mini->conn = conn; + /* Allow access from the SSSD user */ + sbus_allow_uid(conn, &ctx->uid); + /* 10 seconds should be plenty */ tv = tevent_timeval_current_ofs(10, 0); diff --git a/src/sbus/sssd_dbus.h b/src/sbus/sssd_dbus.h index d01926368..5b128eaed 100644 --- a/src/sbus/sssd_dbus.h +++ b/src/sbus/sssd_dbus.h @@ -209,6 +209,10 @@ int sbus_conn_send(struct sbus_connection *conn, void sbus_conn_send_reply(struct sbus_connection *conn, DBusMessage *reply); +/* Set up D-BUS access control. If there is a SSSD user, we must allow + * him to connect. root is always allowed */ +void sbus_allow_uid(struct sbus_connection *conn, uid_t *uid); + /* * This structure is passed to all dbus method and property * handlers. It is a talloc context which will be valid until diff --git a/src/sbus/sssd_dbus_connection.c b/src/sbus/sssd_dbus_connection.c index 06256a85b..a0630fc0a 100644 --- a/src/sbus/sssd_dbus_connection.c +++ b/src/sbus/sssd_dbus_connection.c @@ -922,3 +922,23 @@ void sbus_conn_send_reply(struct sbus_connection *conn, DBusMessage *reply) { dbus_connection_send(conn->dbus.conn, reply, NULL); } + +dbus_bool_t is_uid_sssd_user(DBusConnection *connection, + unsigned long uid, + void *data) +{ + uid_t sssd_user = * (uid_t *) data; + + if (sssd_user == uid) { + return TRUE; + } + + return FALSE; +} + +void sbus_allow_uid(struct sbus_connection *conn, uid_t *uid) +{ + dbus_connection_set_unix_user_function(sbus_get_connection(conn), + is_uid_sssd_user, + uid, NULL); +} |