SBUS: Allow connections from other UIDs

Unless dbus_connection_set_unix_user_function() is used, D-Bus only allows connections from UID 0. This patch adds a custom checker function that allows either UID 0 or the pre-configured SSSD user ID. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2014-10-07 19:44:44 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2014-10-22 15:44:21 +0200
commit: aa871e019f00493dfa53b48f906132bf94eeae9f (patch)
tree: 4e3d060f9727e21349d07aa9b6c36f4e8ecef5d7 /src/sbus/sssd_dbus.h
parent: 5960687483a5d3d99093c9d6ab64e11c9bde7f7b (diff)
download: sssd-aa871e019f00493dfa53b48f906132bf94eeae9f.tar.gz
sssd-aa871e019f00493dfa53b48f906132bf94eeae9f.tar.xz
sssd-aa871e019f00493dfa53b48f906132bf94eeae9f.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/sbus/sssd_dbus.h b/src/sbus/sssd_dbus.h
index d01926368..5b128eaed 100644
--- a/src/sbus/sssd_dbus.h
+++ b/src/sbus/sssd_dbus.h
@@ -209,6 +209,10 @@ int sbus_conn_send(struct sbus_connection *conn,
 void sbus_conn_send_reply(struct sbus_connection *conn,
                           DBusMessage *reply);
 
+/* Set up D-BUS access control. If there is a SSSD user, we must allow
+ * him to connect. root is always allowed */
+void sbus_allow_uid(struct sbus_connection *conn, uid_t *uid);
+
 /*
  * This structure is passed to all dbus method and property
  * handlers. It is a talloc context which will be valid until
author	Jakub Hrozek <jhrozek@redhat.com>	2014-10-07 19:44:44 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2014-10-22 15:44:21 +0200
commit	aa871e019f00493dfa53b48f906132bf94eeae9f (patch)
tree	4e3d060f9727e21349d07aa9b6c36f4e8ecef5d7 /src/sbus/sssd_dbus.h
parent	5960687483a5d3d99093c9d6ab64e11c9bde7f7b (diff)
download	sssd-aa871e019f00493dfa53b48f906132bf94eeae9f.tar.gz sssd-aa871e019f00493dfa53b48f906132bf94eeae9f.tar.xz sssd-aa871e019f00493dfa53b48f906132bf94eeae9f.zip