add _dbus_geteuid to fix EXTERNAL authentication in setuid applications

2008-01-14 John (J5) Palmieri <johnp@redhat.com> * Patch by Andrea Luzzardi <scox at sig11 dot org>: creates a _dbus_geteuid function to fix EXTERNAL authentication in setuid applications * dbus/dbus-sysdeps-unix.c (_dbus_geteuid): used to get the effective uid of the running program (_dbus_credentials_add_from_current_process): use geteuid instead of getuid (_dbus_append_user_from_current_process): use geteuid instead of getuid * dbus/dbus-sysdeps-util-unix.c (_dbus_change_to_daemon_user): use geteuid instead of getuid (_dbus_unix_user_is_at_console): use geteuid instead of getuid * dbus/dbus-sysdeps-win.c (_dbus_geteuid): add a windows equivilant that returns DBUS_UID_UNSET
author: John (J5) Palmieri <johnp@redhat.com> 2008-01-14 15:07:48 -0500
committer: John (J5) Palmieri <johnp@redhat.com> 2008-01-14 15:07:48 -0500
commit: ede4e4514698612e226763ea8b6ae8ce13f2173d (patch)
tree: d0764decc001fd10699b1c50feac8735491aa094
parent: 047ec880e9e228183237c661ec2e45a949785cb9 (diff)
5 files changed, 44 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 35e35a7c..8c30e102 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,23 @@
+2008-01-14  John (J5) Palmieri  <johnp@redhat.com>
+
+	* Patch by Andrea Luzzardi  <scox at sig11 dot org>: creates a
+	_dbus_geteuid function to fix EXTERNAL authentication in setuid
+	applications
+
+	*  dbus/dbus-sysdeps-unix.c (_dbus_geteuid): used to get the effective
+	uid of the running program
+	(_dbus_credentials_add_from_current_process): use geteuid instead of
+	getuid
+	(_dbus_append_user_from_current_process): use geteuid instead of
+	getuid
+
+	* dbus/dbus-sysdeps-util-unix.c (_dbus_change_to_daemon_user): use
+	geteuid instead of getuid
+	(_dbus_unix_user_is_at_console): use geteuid instead of getuid
+
+	* dbus/dbus-sysdeps-win.c (_dbus_geteuid): add a windows equivilant
+	that returns DBUS_UID_UNSET
+
 2007-12-18  Havoc Pennington  <hp@redhat.com>
 
 	* dbus/dbus-connection.c (_dbus_connection_block_pending_call):
diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
index 2ce7427b..c4866bbb 100644
--- a/dbus/dbus-sysdeps-unix.c
+++ b/dbus/dbus-sysdeps-unix.c
@@ -1643,7 +1643,7 @@ _dbus_credentials_add_from_current_process (DBusCredentials *credentials)
 
   if (!_dbus_credentials_add_unix_pid(credentials, _dbus_getpid()))
     return FALSE;
-  if (!_dbus_credentials_add_unix_uid(credentials, _dbus_getuid()))
+  if (!_dbus_credentials_add_unix_uid(credentials, _dbus_geteuid()))
     return FALSE;
 
   return TRUE;
@@ -1664,7 +1664,7 @@ dbus_bool_t
 _dbus_append_user_from_current_process (DBusString *str)
 {
   return _dbus_string_append_uint (str,
-                                   _dbus_getuid ());
+                                   _dbus_geteuid ());
 }
 
 /**
@@ -1686,6 +1686,15 @@ _dbus_getuid (void)
   return getuid ();
 }
 
+/** Gets our effective UID
+ * @returns process effective UID
+ */
+dbus_uid_t
+_dbus_geteuid (void)
+{
+  return geteuid ();
+}
+
 /**
  * The only reason this is separate from _dbus_getpid() is to allow it
  * on Windows for logging but not for other purposes.
diff --git a/dbus/dbus-sysdeps-unix.h b/dbus/dbus-sysdeps-unix.h
index 9123185b..0005cd87 100644
--- a/dbus/dbus-sysdeps-unix.h
+++ b/dbus/dbus-sysdeps-unix.h
@@ -121,6 +121,7 @@ dbus_bool_t _dbus_group_info_fill_gid (DBusGroupInfo    *info,
 void        _dbus_group_info_free     (DBusGroupInfo    *info);
 
 dbus_uid_t    _dbus_getuid (void);
+dbus_uid_t    _dbus_geteuid (void);
 dbus_gid_t    _dbus_getgid (void);
 
 dbus_bool_t _dbus_parse_uid (const DBusString  *uid_str,
diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c
index 49965d9a..9ff3fbc1 100644
--- a/dbus/dbus-sysdeps-util-unix.c
+++ b/dbus/dbus-sysdeps-util-unix.c
@@ -332,7 +332,7 @@ _dbus_change_to_daemon_user  (const char    *user,
     }
   
 #ifdef HAVE_LIBAUDIT
-  we_were_root = _dbus_getuid () == 0;
+  we_were_root = _dbus_geteuid () == 0;
   new_caps = NULL;
   /* have a tmp set of caps that we use to transition to the usr/grp dbus should
    * run as ... doesn't really help. But keeps people happy.
@@ -990,7 +990,7 @@ _dbus_unix_user_is_at_console (dbus_uid_t         uid,
 dbus_bool_t
 _dbus_unix_user_is_process_owner (dbus_uid_t uid)
 {
-  return uid == _dbus_getuid ();
+  return uid == _dbus_geteuid ();
 }
 
 /**
diff --git a/dbus/dbus-sysdeps-win.c b/dbus/dbus-sysdeps-win.c
index 3c6c31be..a67e502a 100644
--- a/dbus/dbus-sysdeps-win.c
+++ b/dbus/dbus-sysdeps-win.c
@@ -834,7 +834,16 @@ out1:
  * @returns process UID
  */
 dbus_uid_t
-_dbus_getuid(void)
+_dbus_getuid (void)
+{
+	return DBUS_UID_UNSET;
+}
+
+/** Gets our effective UID
+ * @returns process effective UID
+ */
+dbus_uid_t
+_dbus_geteuid (void)
 {
 	return DBUS_UID_UNSET;
 }
author	John (J5) Palmieri <johnp@redhat.com>	2008-01-14 15:07:48 -0500
committer	John (J5) Palmieri <johnp@redhat.com>	2008-01-14 15:07:48 -0500
commit	ede4e4514698612e226763ea8b6ae8ce13f2173d (patch)
tree	d0764decc001fd10699b1c50feac8735491aa094
parent	047ec880e9e228183237c661ec2e45a949785cb9 (diff)