diff options
| author | Lennart Poettering <lennart@poettering.net> | 2009-08-07 00:25:08 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2009-10-17 00:28:29 +0200 |
| commit | dc3f32f00d7c3091d7d44fe1739a8c38ea3fb34f (patch) | |
| tree | f4f873446abf31e15f30550b817c71946453db15 | |
| parent | dc11af9d1b7f029e6a58fd3354438032877efce4 (diff) | |
check ConsoleKit database for detecting if user is on console
In addtion to Solaris style /dev/console permission checking and
pam_console style /var/run/console file existance checking add support
for checking console status via the ConsoleKit database.
This adds very basic support and will read the console database on every
single read. These needs optimization.
| -rw-r--r-- | configure.in | 62 | ||||
| -rw-r--r-- | dbus/dbus-sysdeps-util-unix.c | 150 | ||||
| -rw-r--r-- | dbus/dbus-userdb-util.c | 98 |
3 files changed, 210 insertions, 100 deletions
diff --git a/configure.in b/configure.in index 5a4ec23b..653a45f7 100644 --- a/configure.in +++ b/configure.in @@ -78,7 +78,9 @@ AC_ARG_ENABLE(libaudit,AS_HELP_STRING([--enable-libaudit],[build audit daemon su AC_ARG_ENABLE(dnotify, AS_HELP_STRING([--enable-dnotify],[build with dnotify support (linux only)]),enable_dnotify=$enableval,enable_dnotify=auto) AC_ARG_ENABLE(inotify, AS_HELP_STRING([--enable-inotify],[build with inotify support (linux only)]),enable_inotify=$enableval,enable_inotify=auto) AC_ARG_ENABLE(kqueue, AS_HELP_STRING([--enable-kqueue],[build with kqueue support]),enable_kqueue=$enableval,enable_kqueue=auto) +AC_ARG_ENABLE(console-auth-dir, AS_HELP_STRING([--enable-console-auth-dir],[enable console auth dir]),enable_console_auth_dir=$enableval,enable_console_auth_dir=auto) AC_ARG_ENABLE(console-owner-file, AS_HELP_STRING([--enable-console-owner-file],[enable console owner file]),enable_console_owner_file=$enableval,enable_console_owner_file=auto) +AC_ARG_ENABLE(consolekit-database, AS_HELP_STRING([--enable-consolekit-database],[enable ConsoleKit database]),enable_consolekit_database=$enableval,enable_consolekit_database=auto) AC_ARG_ENABLE(userdb-cache, AS_HELP_STRING([--enable-userdb-cache],[build with userdb-cache support]),enable_userdb_cache=$enableval,enable_userdb_cache=yes) AC_ARG_WITH(xml, AS_HELP_STRING([--with-xml=[libxml/expat]],[XML library to use])) @@ -89,6 +91,7 @@ AC_ARG_WITH(system-pid-file, AS_HELP_STRING([--with-system-pid-file=[pidfile]],[ AC_ARG_WITH(system-socket, AS_HELP_STRING([--with-system-socket=[filename]],[UNIX domain socket for systemwide daemon])) AC_ARG_WITH(console-auth-dir, AS_HELP_STRING([--with-console-auth-dir=[dirname]],[directory to check for console ownerhip])) AC_ARG_WITH(console-owner-file, AS_HELP_STRING([--with-console-owner-file=[filename]],[file whose owner determines current console owner])) +AC_ARG_WITH(consolekit-database, AS_HELP_STRING([--with-consolekit-database=[filename]],[ConsoleKit database file])) AC_ARG_WITH(dbus_user, AS_HELP_STRING([--with-dbus-user=<user>],[User for running the DBUS daemon (messagebus)])) AC_ARG_WITH(dbus_daemondir, AS_HELP_STRING([--with-dbus-daemondir=[dirname]],[Directory for installing the DBUS daemon])) @@ -834,6 +837,32 @@ fi AM_CONDITIONAL(HAVE_CONSOLE_OWNER_FILE, test x$have_console_owner_file = xyes) +dnl console auth dir +if test x$enable_console_auth_dir = xno ; then + have_console_auth_dir=no; +else + case $host_os in + linux*) + have_console_auth_dir=yes; + AC_DEFINE(HAVE_CONSOLE_AUTH_DIR,1,[Have console auth dir]) + ;; + *) + have_console_auth_dir=no;; + esac +fi + +AM_CONDITIONAL(HAVE_CONSOLE_AUTH_DIR, test x$have_console_auth_dir = xyes) + +dnl ConsoleKit database +if test x$enable_consolekit_database = xno ; then + have_consolekit_database=no; +else + have_consolekit_database=yes; + AC_DEFINE(HAVE_CONSOLEKIT_DATABASE,1,[Have ConsoleKit database]) +fi + +AM_CONDITIONAL(HAVE_CONSOLEKIT_DATABASE, test x$have_consolekit_database = xyes) + # libaudit detection if test x$enable_libaudit = xno ; then have_libaudit=no; @@ -1298,15 +1327,33 @@ fi AC_SUBST(DBUS_SYSTEM_PID_FILE) +#### ConsoleKit database file to check for console ownership +if test x$have_consolekit_database = xyes; then + if ! test -z "$with_consolekit_database"; then + DBUS_CONSOLEKIT_DATABASE=$with_consolekit_database + else + DBUS_CONSOLEKIT_DATABASE=/var/run/ConsoleKit/database + fi +else + DBUS_CONSOLEKIT_DATABASE= +fi + +AC_SUBST(DBUS_CONSOLEKIT_DATABASE) +AC_DEFINE_UNQUOTED(DBUS_CONSOLEKIT_DATABASE, "$DBUS_CONSOLEKIT_DATABASE", [ConsoleKit database to check for console ownership]) + #### Directory to check for console ownership -if ! test -z "$with_console_auth_dir"; then - DBUS_CONSOLE_AUTH_DIR=$with_console_auth_dir +if test x$have_console_auth_dir = xyes; then + if ! test -z "$with_console_auth_dir"; then + DBUS_CONSOLE_AUTH_DIR=$with_console_auth_dir + else + DBUS_CONSOLE_AUTH_DIR=/var/run/console/ + fi else - DBUS_CONSOLE_AUTH_DIR=/var/run/console/ + DBUS_CONSOLE_AUTH_DIR= fi AC_SUBST(DBUS_CONSOLE_AUTH_DIR) -AC_DEFINE_UNQUOTED(DBUS_CONSOLE_AUTH_DIR, "$DBUS_CONSOLE_AUTH_DIR", [Directory to check for console ownerhip]) +AC_DEFINE_UNQUOTED(DBUS_CONSOLE_AUTH_DIR, "$DBUS_CONSOLE_AUTH_DIR", [Directory to check for console ownership]) #### File to check for console ownership if test x$have_console_owner_file = xyes; then @@ -1508,9 +1555,12 @@ echo " System bus address: ${DBUS_SYSTEM_BUS_DEFAULT_ADDRESS} System bus PID file: ${DBUS_SYSTEM_PID_FILE} Session bus socket dir: ${DBUS_SESSION_SOCKET_DIR} + Have ConsoleKit db: ${have_consolekit_database} + ConsoleKit db: ${DBUS_CONSOLEKIT_DATABASE} + Have Console auth dir: ${have_console_auth_dir} Console auth dir: ${DBUS_CONSOLE_AUTH_DIR} - Console owner file: ${have_console_owner_file} - Console owner file path: ${DBUS_CONSOLE_OWNER_FILE} + Have Console owner file: ${have_console_owner_file} + Console owner file: ${DBUS_CONSOLE_OWNER_FILE} System bus user: ${DBUS_USER} Session bus services dir: ${EXPANDED_DATADIR}/dbus-1/services 'make check' socket dir: ${TEST_SOCKET_DIR} diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index 9fa27a1a..253ff822 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -1,11 +1,11 @@ /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ /* dbus-sysdeps-util-unix.c Would be in dbus-sysdeps-unix.c, but not used in libdbus - * + * * Copyright (C) 2002, 2003, 2004, 2005 Red Hat, Inc. * Copyright (C) 2003 CodeFactory AB * * Licensed under the Academic Free License version 2.1 - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -15,7 +15,7 @@ * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA @@ -111,13 +111,13 @@ _dbus_become_daemon (const DBusString *pidfile, * doesn't have /dev/null we may as well try * to continue anyhow */ - + dev_null_fd = open ("/dev/null", O_RDWR); if (dev_null_fd >= 0) { dup2 (dev_null_fd, 0); dup2 (dev_null_fd, 1); - + s = _dbus_getenv ("DBUS_DEBUG_OUTPUT"); if (s == NULL || *s == '\0') dup2 (dev_null_fd, 2); @@ -135,7 +135,7 @@ _dbus_become_daemon (const DBusString *pidfile, _dbus_verbose ("calling setsid()\n"); if (setsid () == -1) _dbus_assert_not_reached ("setsid() failed"); - + break; default: @@ -152,7 +152,7 @@ _dbus_become_daemon (const DBusString *pidfile, _exit (0); break; } - + return TRUE; } @@ -175,9 +175,9 @@ _dbus_write_pid_file (const DBusString *filename, FILE *f; cfilename = _dbus_string_get_const_data (filename); - + fd = open (cfilename, O_WRONLY|O_CREAT|O_EXCL|O_BINARY, 0644); - + if (fd < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), @@ -193,13 +193,13 @@ _dbus_write_pid_file (const DBusString *filename, _dbus_close (fd, NULL); return FALSE; } - + if (fprintf (f, "%lu\n", pid) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to write to \"%s\": %s", cfilename, _dbus_strerror (errno)); - + fclose (f); return FALSE; } @@ -211,7 +211,7 @@ _dbus_write_pid_file (const DBusString *filename, _dbus_strerror (errno)); return FALSE; } - + return TRUE; } @@ -255,13 +255,13 @@ _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile, int bytes; _dbus_verbose ("writing our pid to pipe %d\n", print_pid_pipe->fd_or_handle); - + if (!_dbus_string_init (&pid)) { _DBUS_SET_OOM (error); return FALSE; } - + if (!_dbus_string_append_int (&pid, pid_to_write) || !_dbus_string_append (&pid, "\n")) { @@ -269,7 +269,7 @@ _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile, _DBUS_SET_OOM (error); return FALSE; } - + bytes = _dbus_string_get_length (&pid); if (_dbus_pipe_write (print_pid_pipe, &pid, 0, bytes, error) != bytes) { @@ -282,7 +282,7 @@ _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile, _dbus_string_free (&pid); return FALSE; } - + _dbus_string_free (&pid); } else @@ -327,9 +327,9 @@ _dbus_change_to_daemon_user (const char *user, dbus_bool_t we_were_root; cap_t new_caps; #endif - + _dbus_string_init_const (&u, user); - + if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid)) { dbus_set_error (error, DBUS_ERROR_FAILED, @@ -337,20 +337,20 @@ _dbus_change_to_daemon_user (const char *user, user); return FALSE; } - + #ifdef HAVE_LIBAUDIT we_were_root = _dbus_geteuid () == 0; new_caps = NULL; /* have a tmp set of caps that we use to transition to the usr/grp dbus should * run as ... doesn't really help. But keeps people happy. */ - + if (we_were_root) { cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE }; cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID }; cap_t tmp_caps = cap_init(); - + if (!tmp_caps || !(new_caps = cap_init ())) { dbus_set_error (error, DBUS_ERROR_FAILED, @@ -368,7 +368,7 @@ _dbus_change_to_daemon_user (const char *user, cap_set_flag (new_caps, CAP_EFFECTIVE, 1, new_cap_list, CAP_SET); cap_set_flag (tmp_caps, CAP_PERMITTED, 3, tmp_cap_list, CAP_SET); cap_set_flag (tmp_caps, CAP_EFFECTIVE, 3, tmp_cap_list, CAP_SET); - + if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) { dbus_set_error (error, _dbus_error_from_errno (errno), @@ -377,7 +377,7 @@ _dbus_change_to_daemon_user (const char *user, cap_free (tmp_caps); goto fail; } - + if (cap_set_proc (tmp_caps) == -1) { dbus_set_error (error, DBUS_ERROR_FAILED, @@ -389,7 +389,7 @@ _dbus_change_to_daemon_user (const char *user, cap_free (tmp_caps); } #endif /* HAVE_LIBAUDIT */ - + /* setgroups() only works if we are a privileged process, * so we don't return error on failure; the only possible * failure is that we don't have perms to do it. @@ -400,7 +400,7 @@ _dbus_change_to_daemon_user (const char *user, if (setgroups (0, NULL) < 0) _dbus_warn ("Failed to drop supplementary groups: %s\n", _dbus_strerror (errno)); - + /* Set GID first, or the setuid may remove our permission * to change the GID */ @@ -411,7 +411,7 @@ _dbus_change_to_daemon_user (const char *user, _dbus_strerror (errno)); goto fail; } - + if (setuid (uid) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), @@ -419,7 +419,7 @@ _dbus_change_to_daemon_user (const char *user, _dbus_strerror (errno)); goto fail; } - + #ifdef HAVE_LIBAUDIT if (we_were_root) { @@ -432,7 +432,7 @@ _dbus_change_to_daemon_user (const char *user, } cap_free (new_caps); - /* should always work, if it did above */ + /* should always work, if it did above */ if (prctl (PR_SET_KEEPCAPS, 0, 0, 0, 0) == -1) { dbus_set_error (error, _dbus_error_from_errno (errno), @@ -458,7 +458,7 @@ _dbus_change_to_daemon_user (const char *user, return FALSE; } -void +void _dbus_init_system_log (void) { openlog ("dbus", LOG_PID, LOG_DAEMON); @@ -471,7 +471,7 @@ _dbus_init_system_log (void) * @param msg a printf-style format string * @param args arguments for the format string */ -void +void _dbus_log_info (const char *msg, va_list args) { vsyslog (LOG_DAEMON|LOG_NOTICE, msg, args); @@ -484,7 +484,7 @@ _dbus_log_info (const char *msg, va_list args) * @param msg a printf-style format string * @param args arguments for the format string */ -void +void _dbus_log_security (const char *msg, va_list args) { vsyslog (LOG_AUTH|LOG_NOTICE, msg, args); @@ -501,7 +501,7 @@ _dbus_set_signal_handler (int sig, { struct sigaction act; sigset_t empty_mask; - + sigemptyset (&empty_mask); act.sa_handler = handler; act.sa_mask = empty_mask; @@ -512,7 +512,7 @@ _dbus_set_signal_handler (int sig, /** * Removes a directory; Directory must be empty - * + * * @param filename directory filename * @param error initialized error object * @returns #TRUE on success @@ -522,7 +522,7 @@ _dbus_delete_directory (const DBusString *filename, DBusError *error) { const char *filename_c; - + _DBUS_ASSERT_ERROR_IS_CLEAR (error); filename_c = _dbus_string_get_const_data (filename); @@ -534,7 +534,7 @@ _dbus_delete_directory (const DBusString *filename, filename_c, _dbus_strerror (errno)); return FALSE; } - + return TRUE; } @@ -543,7 +543,7 @@ _dbus_delete_directory (const DBusString *filename, * @param file full path to the file * @returns #TRUE if file exists */ -dbus_bool_t +dbus_bool_t _dbus_file_exists (const char *file) { return (access (file, F_OK) == 0); @@ -555,11 +555,12 @@ _dbus_file_exists (const char *file) * @param error return location for errors * @returns #TRUE is the user is at the consolei and there are no errors */ -dbus_bool_t +dbus_bool_t _dbus_user_at_console (const char *username, DBusError *error) { +#ifdef HAVE_CONSOLE_AUTH_DIR DBusString f; dbus_bool_t result; @@ -589,6 +590,9 @@ _dbus_user_at_console (const char *username, _dbus_string_free (&f); return result; +#else + return FALSE; +#endif } @@ -624,7 +628,7 @@ _dbus_stat (const DBusString *filename, struct stat sb; _DBUS_ASSERT_ERROR_IS_CLEAR (error); - + filename_c = _dbus_string_get_const_data (filename); if (stat (filename_c, &sb) < 0) @@ -653,7 +657,7 @@ _dbus_stat (const DBusString *filename, struct DBusDirIter { DIR *d; /**< The DIR* from opendir() */ - + }; /** @@ -672,7 +676,7 @@ _dbus_directory_open (const DBusString *filename, const char *filename_c; _DBUS_ASSERT_ERROR_IS_CLEAR (error); - + filename_c = _dbus_string_get_const_data (filename); d = opendir (filename_c); @@ -700,7 +704,7 @@ _dbus_directory_open (const DBusString *filename, /* Calculate the required buffer size (in bytes) for directory * entries read from the given directory handle. Return -1 if this - * this cannot be done. + * this cannot be done. * * If you use autoconf, include fpathconf and dirfd in your * AC_CHECK_FUNCS list. Otherwise use some other method to detect @@ -761,7 +765,7 @@ _dbus_directory_get_next_file (DBusDirIter *iter, int err; _DBUS_ASSERT_ERROR_IS_CLEAR (error); - + if (!dirent_buf_size (iter->d, &buf_size)) { dbus_set_error (error, DBUS_ERROR_FAILED, @@ -827,12 +831,12 @@ fill_user_info_from_group (struct group *g, DBusError *error) { _dbus_assert (g->gr_name != NULL); - + info->gid = g->gr_gid; info->groupname = _dbus_strdup (g->gr_name); /* info->members = dbus_strdupv (g->gr_mem) */ - + if (info->groupname == NULL) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); @@ -857,12 +861,12 @@ fill_group_info (DBusGroupInfo *info, group_c_str = _dbus_string_get_const_data (groupname); else group_c_str = NULL; - + /* For now assuming that the getgrnam() and getgrgid() flavors * always correspond to the pwnam flavors, if not we have * to add more configure checks. */ - + #if defined (HAVE_POSIX_GETPWNAM_R) || defined (HAVE_NONPOSIX_GETPWNAM_R) { struct group *g; @@ -1045,7 +1049,7 @@ _dbus_unix_groups_from_uid (dbus_uid_t uid, * Should always fail on Windows (set the error to * #DBUS_ERROR_NOT_SUPPORTED). * - * @param uid UID of person to check + * @param uid UID of person to check * @param error return location for errors * @returns #TRUE if the UID is the same as the console user and there are no errors */ @@ -1101,7 +1105,7 @@ _dbus_string_get_dirname (const DBusString *filename, DBusString *dirname) { int sep; - + _dbus_assert (filename != dirname); _dbus_assert (filename != NULL); _dbus_assert (dirname != NULL); @@ -1110,26 +1114,26 @@ _dbus_string_get_dirname (const DBusString *filename, sep = _dbus_string_get_length (filename); if (sep == 0) return _dbus_string_append (dirname, "."); /* empty string passed in */ - + while (sep > 0 && _dbus_string_get_byte (filename, sep - 1) == '/') --sep; _dbus_assert (sep >= 0); - + if (sep == 0) return _dbus_string_append (dirname, "/"); - + /* Now find the previous separator */ _dbus_string_find_byte_backward (filename, sep, '/', &sep); if (sep < 0) return _dbus_string_append (dirname, "."); - + /* skip multiple separators */ while (sep > 0 && _dbus_string_get_byte (filename, sep - 1) == '/') --sep; _dbus_assert (sep >= 0); - + if (sep == 0 && _dbus_string_get_byte (filename, 0) == '/') return _dbus_string_append (dirname, "/"); @@ -1143,11 +1147,11 @@ static void string_squash_nonprintable (DBusString *str) { char *buf; - int i, len; - + int i, len; + buf = _dbus_string_get_data (str); len = _dbus_string_get_length (str); - + for (i = 0; i < len; i++) { unsigned char c = (unsigned char) buf[i]; @@ -1162,17 +1166,17 @@ string_squash_nonprintable (DBusString *str) * Get a printable string describing the command used to execute * the process with pid. This string should only be used for * informative purposes such as logging; it may not be trusted. - * + * * The command is guaranteed to be printable ASCII and no longer * than max_len. - * + * * @param pid Process id * @param str Append command to this string * @param max_len Maximum length of returned command * @param error return location for errors * @returns #FALSE on error */ -dbus_bool_t +dbus_bool_t _dbus_command_for_pid (unsigned long pid, DBusString *str, int max_len, @@ -1182,25 +1186,25 @@ _dbus_command_for_pid (unsigned long pid, DBusString path; DBusString cmdline; int fd; - - if (!_dbus_string_init (&path)) + + if (!_dbus_string_init (&path)) { _DBUS_SET_OOM (error); return FALSE; } - + if (!_dbus_string_init (&cmdline)) { _DBUS_SET_OOM (error); _dbus_string_free (&path); return FALSE; } - + if (!_dbus_string_append_printf (&path, "/proc/%ld/cmdline", pid)) goto oom; - + fd = open (_dbus_string_get_const_data (&path), O_RDONLY); - if (fd < 0) + if (fd < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), @@ -1209,26 +1213,26 @@ _dbus_command_for_pid (unsigned long pid, _dbus_strerror (errno)); goto fail; } - + if (!_dbus_read (fd, &cmdline, max_len)) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to read from \"%s\": %s", _dbus_string_get_const_data (&path), - _dbus_strerror (errno)); + _dbus_strerror (errno)); goto fail; } - + if (!_dbus_close (fd, error)) goto fail; - - string_squash_nonprintable (&cmdline); - + + string_squash_nonprintable (&cmdline); + if (!_dbus_string_copy (&cmdline, 0, str, _dbus_string_get_length (str))) goto oom; - - _dbus_string_free (&cmdline); + + _dbus_string_free (&cmdline); _dbus_string_free (&path); return TRUE; oom: diff --git a/dbus/dbus-userdb-util.c b/dbus/dbus-userdb-util.c index f75d1bc0..8361fcf3 100644 --- a/dbus/dbus-userdb-util.c +++ b/dbus/dbus-userdb-util.c @@ -1,10 +1,10 @@ /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ /* dbus-userdb-util.c Would be in dbus-userdb.c, but not used in libdbus - * + * * Copyright (C) 2003, 2004, 2005 Red Hat, Inc. * * Licensed under the Academic Free License version 2.1 - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -14,7 +14,7 @@ * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA @@ -25,7 +25,10 @@ #include "dbus-test.h" #include "dbus-internals.h" #include "dbus-protocol.h" +#include "dbus-desktop-file.h" #include <string.h> +#include <errno.h> +#include <stdlib.h> /** * @addtogroup DBusInternalsUtils @@ -35,7 +38,7 @@ /** * Checks to see if the UID sent in is the console user * - * @param uid UID of person to check + * @param uid UID of person to check * @param error return location for errors * @returns #TRUE if the UID is the same as the console user and there are no errors */ @@ -44,11 +47,48 @@ _dbus_is_console_user (dbus_uid_t uid, DBusError *error) { - DBusUserDatabase *db; - const DBusUserInfo *info; - dbus_bool_t result = FALSE; +#if defined(HAVE_CONSOLEKIT_DATABASE) + + DBusDesktopFile *f; + const char *section; + dbus_bool_t found = FALSE; + DBusString fn; + unsigned i = 0; + + _dbus_string_init_const(&fn, DBUS_CONSOLEKIT_DATABASE); + + f = _dbus_desktop_file_load(&fn, error); + if (!f) + return FALSE; + + while ((section = _dbus_desktop_file_get_section(f, i++))) + { + const char *val; + char *e = NULL; + unsigned long console_uid; + + if (strncmp(section, "Session ", 8)) + continue; + + if (!_dbus_desktop_file_get_raw(f, section, "uid", &val)) + continue; + + errno = 0; + console_uid = strtol(val, &e, 10); + if (errno != 0 || !e || *e != 0) + continue; + + if (console_uid == uid) + { + found = TRUE; + break; + } + } + + _dbus_desktop_file_free(f); + return found; -#ifdef HAVE_CONSOLE_OWNER_FILE +#elif defined(HAVE_CONSOLE_OWNER_FILE) DBusString f; DBusStat st; @@ -74,7 +114,13 @@ _dbus_is_console_user (dbus_uid_t uid, _dbus_string_free(&f); -#endif /* HAVE_CONSOLE_OWNER_FILE */ + return FALSE; + +#elif defined(HAVE_CONSOLE_AUTH_DIR) + + DBusUserDatabase *db; + const DBusUserInfo *info; + dbus_bool_t result = FALSE; _dbus_user_database_lock_system (); @@ -101,6 +147,9 @@ _dbus_is_console_user (dbus_uid_t uid, _dbus_user_database_unlock_system (); return result; +#else + return FALSE; +#endif } /** @@ -147,7 +196,7 @@ _dbus_get_group_id (const DBusString *groupname, } *gid = info->gid; - + _dbus_user_database_unlock_system (); return TRUE; } @@ -187,7 +236,7 @@ _dbus_get_user_id_and_primary_group (const DBusString *username, *uid_p = info->uid; if (gid_p) *gid_p = info->primary_gid; - + _dbus_user_database_unlock_system (); return TRUE; } @@ -200,7 +249,7 @@ _dbus_get_user_id_and_primary_group (const DBusString *username, * * @param db the database * @param gid the group ID or #DBUS_GID_UNSET - * @param groupname group name or #NULL + * @param groupname group name or #NULL * @param error error to fill in * @returns the entry in the database */ @@ -246,7 +295,7 @@ _dbus_user_database_lookup_group (DBusUserDatabase *db, else _dbus_verbose ("No cache for groupname \"%s\"\n", _dbus_string_get_const_data (groupname)); - + info = dbus_new0 (DBusGroupInfo, 1); if (info == NULL) { @@ -293,7 +342,7 @@ _dbus_user_database_lookup_group (DBusUserDatabase *db, dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); return NULL; } - + return info; } } @@ -301,7 +350,7 @@ _dbus_user_database_lookup_group (DBusUserDatabase *db, /** * Gets the user information for the given group name, - * returned group info should not be freed. + * returned group info should not be freed. * * @param db user database * @param groupname the group name @@ -321,7 +370,7 @@ _dbus_user_database_get_groupname (DBusUserDatabase *db, /** * Gets the user information for the given GID, - * returned group info should not be freed. + * returned group info should not be freed. * * @param db user database * @param gid the group ID @@ -343,7 +392,7 @@ _dbus_user_database_get_gid (DBusUserDatabase *db, /** * Gets all groups corresponding to the given UID. Returns #FALSE * if no memory, or user isn't known, but always initializes - * group_ids to a NULL array. + * group_ids to a NULL array. * * @param uid the UID * @param group_ids return location for array of group IDs @@ -377,7 +426,7 @@ _dbus_groups_from_uid (dbus_uid_t uid, } _dbus_assert (info->uid == uid); - + if (info->n_group_ids > 0) { *group_ids = dbus_new (dbus_gid_t, info->n_group_ids); @@ -402,7 +451,7 @@ _dbus_groups_from_uid (dbus_uid_t uid, /** * Unit test for dbus-userdb.c. - * + * * @returns #TRUE on success. */ dbus_bool_t @@ -413,12 +462,13 @@ _dbus_userdb_test (const char *test_data_dir) dbus_uid_t uid; unsigned long *group_ids; int n_group_ids, i; + DBusError error; if (!_dbus_username_from_current_process (&username)) _dbus_assert_not_reached ("didn't get username"); if (!_dbus_homedir_from_current_process (&homedir)) - _dbus_assert_not_reached ("didn't get homedir"); + _dbus_assert_not_reached ("didn't get homedir"); if (!_dbus_get_user_id (username, &uid)) _dbus_assert_not_reached ("didn't get uid"); @@ -434,7 +484,13 @@ _dbus_userdb_test (const char *test_data_dir) printf(" %ld", group_ids[i]); printf ("\n"); - + + dbus_error_init(&error); + printf ("Is Console user: %i\n", + _dbus_is_console_user(uid, &error)); + printf ("Invocation was OK: %s\n", error.message ? error.message : "yes"); + dbus_error_free(&error); + dbus_free (group_ids); return TRUE; |