diff options
| author | Lennart Poettering <lennart@poettering.net> | 2009-08-07 00:25:08 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2009-10-17 00:28:29 +0200 |
| commit | dc3f32f00d7c3091d7d44fe1739a8c38ea3fb34f (patch) | |
| tree | f4f873446abf31e15f30550b817c71946453db15 /dbus/dbus-sysdeps-util-unix.c | |
| parent | dc11af9d1b7f029e6a58fd3354438032877efce4 (diff) | |
check ConsoleKit database for detecting if user is on console
In addtion to Solaris style /dev/console permission checking and
pam_console style /var/run/console file existance checking add support
for checking console status via the ConsoleKit database.
This adds very basic support and will read the console database on every
single read. These needs optimization.
Diffstat (limited to 'dbus/dbus-sysdeps-util-unix.c')
| -rw-r--r-- | dbus/dbus-sysdeps-util-unix.c | 150 |
1 files changed, 77 insertions, 73 deletions
diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index 9fa27a1a..253ff822 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -1,11 +1,11 @@ /* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- */ /* dbus-sysdeps-util-unix.c Would be in dbus-sysdeps-unix.c, but not used in libdbus - * + * * Copyright (C) 2002, 2003, 2004, 2005 Red Hat, Inc. * Copyright (C) 2003 CodeFactory AB * * Licensed under the Academic Free License version 2.1 - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or @@ -15,7 +15,7 @@ * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA @@ -111,13 +111,13 @@ _dbus_become_daemon (const DBusString *pidfile, * doesn't have /dev/null we may as well try * to continue anyhow */ - + dev_null_fd = open ("/dev/null", O_RDWR); if (dev_null_fd >= 0) { dup2 (dev_null_fd, 0); dup2 (dev_null_fd, 1); - + s = _dbus_getenv ("DBUS_DEBUG_OUTPUT"); if (s == NULL || *s == '\0') dup2 (dev_null_fd, 2); @@ -135,7 +135,7 @@ _dbus_become_daemon (const DBusString *pidfile, _dbus_verbose ("calling setsid()\n"); if (setsid () == -1) _dbus_assert_not_reached ("setsid() failed"); - + break; default: @@ -152,7 +152,7 @@ _dbus_become_daemon (const DBusString *pidfile, _exit (0); break; } - + return TRUE; } @@ -175,9 +175,9 @@ _dbus_write_pid_file (const DBusString *filename, FILE *f; cfilename = _dbus_string_get_const_data (filename); - + fd = open (cfilename, O_WRONLY|O_CREAT|O_EXCL|O_BINARY, 0644); - + if (fd < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), @@ -193,13 +193,13 @@ _dbus_write_pid_file (const DBusString *filename, _dbus_close (fd, NULL); return FALSE; } - + if (fprintf (f, "%lu\n", pid) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to write to \"%s\": %s", cfilename, _dbus_strerror (errno)); - + fclose (f); return FALSE; } @@ -211,7 +211,7 @@ _dbus_write_pid_file (const DBusString *filename, _dbus_strerror (errno)); return FALSE; } - + return TRUE; } @@ -255,13 +255,13 @@ _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile, int bytes; _dbus_verbose ("writing our pid to pipe %d\n", print_pid_pipe->fd_or_handle); - + if (!_dbus_string_init (&pid)) { _DBUS_SET_OOM (error); return FALSE; } - + if (!_dbus_string_append_int (&pid, pid_to_write) || !_dbus_string_append (&pid, "\n")) { @@ -269,7 +269,7 @@ _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile, _DBUS_SET_OOM (error); return FALSE; } - + bytes = _dbus_string_get_length (&pid); if (_dbus_pipe_write (print_pid_pipe, &pid, 0, bytes, error) != bytes) { @@ -282,7 +282,7 @@ _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile, _dbus_string_free (&pid); return FALSE; } - + _dbus_string_free (&pid); } else @@ -327,9 +327,9 @@ _dbus_change_to_daemon_user (const char *user, dbus_bool_t we_were_root; cap_t new_caps; #endif - + _dbus_string_init_const (&u, user); - + if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid)) { dbus_set_error (error, DBUS_ERROR_FAILED, @@ -337,20 +337,20 @@ _dbus_change_to_daemon_user (const char *user, user); return FALSE; } - + #ifdef HAVE_LIBAUDIT we_were_root = _dbus_geteuid () == 0; new_caps = NULL; /* have a tmp set of caps that we use to transition to the usr/grp dbus should * run as ... doesn't really help. But keeps people happy. */ - + if (we_were_root) { cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE }; cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID }; cap_t tmp_caps = cap_init(); - + if (!tmp_caps || !(new_caps = cap_init ())) { dbus_set_error (error, DBUS_ERROR_FAILED, @@ -368,7 +368,7 @@ _dbus_change_to_daemon_user (const char *user, cap_set_flag (new_caps, CAP_EFFECTIVE, 1, new_cap_list, CAP_SET); cap_set_flag (tmp_caps, CAP_PERMITTED, 3, tmp_cap_list, CAP_SET); cap_set_flag (tmp_caps, CAP_EFFECTIVE, 3, tmp_cap_list, CAP_SET); - + if (prctl (PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) { dbus_set_error (error, _dbus_error_from_errno (errno), @@ -377,7 +377,7 @@ _dbus_change_to_daemon_user (const char *user, cap_free (tmp_caps); goto fail; } - + if (cap_set_proc (tmp_caps) == -1) { dbus_set_error (error, DBUS_ERROR_FAILED, @@ -389,7 +389,7 @@ _dbus_change_to_daemon_user (const char *user, cap_free (tmp_caps); } #endif /* HAVE_LIBAUDIT */ - + /* setgroups() only works if we are a privileged process, * so we don't return error on failure; the only possible * failure is that we don't have perms to do it. @@ -400,7 +400,7 @@ _dbus_change_to_daemon_user (const char *user, if (setgroups (0, NULL) < 0) _dbus_warn ("Failed to drop supplementary groups: %s\n", _dbus_strerror (errno)); - + /* Set GID first, or the setuid may remove our permission * to change the GID */ @@ -411,7 +411,7 @@ _dbus_change_to_daemon_user (const char *user, _dbus_strerror (errno)); goto fail; } - + if (setuid (uid) < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), @@ -419,7 +419,7 @@ _dbus_change_to_daemon_user (const char *user, _dbus_strerror (errno)); goto fail; } - + #ifdef HAVE_LIBAUDIT if (we_were_root) { @@ -432,7 +432,7 @@ _dbus_change_to_daemon_user (const char *user, } cap_free (new_caps); - /* should always work, if it did above */ + /* should always work, if it did above */ if (prctl (PR_SET_KEEPCAPS, 0, 0, 0, 0) == -1) { dbus_set_error (error, _dbus_error_from_errno (errno), @@ -458,7 +458,7 @@ _dbus_change_to_daemon_user (const char *user, return FALSE; } -void +void _dbus_init_system_log (void) { openlog ("dbus", LOG_PID, LOG_DAEMON); @@ -471,7 +471,7 @@ _dbus_init_system_log (void) * @param msg a printf-style format string * @param args arguments for the format string */ -void +void _dbus_log_info (const char *msg, va_list args) { vsyslog (LOG_DAEMON|LOG_NOTICE, msg, args); @@ -484,7 +484,7 @@ _dbus_log_info (const char *msg, va_list args) * @param msg a printf-style format string * @param args arguments for the format string */ -void +void _dbus_log_security (const char *msg, va_list args) { vsyslog (LOG_AUTH|LOG_NOTICE, msg, args); @@ -501,7 +501,7 @@ _dbus_set_signal_handler (int sig, { struct sigaction act; sigset_t empty_mask; - + sigemptyset (&empty_mask); act.sa_handler = handler; act.sa_mask = empty_mask; @@ -512,7 +512,7 @@ _dbus_set_signal_handler (int sig, /** * Removes a directory; Directory must be empty - * + * * @param filename directory filename * @param error initialized error object * @returns #TRUE on success @@ -522,7 +522,7 @@ _dbus_delete_directory (const DBusString *filename, DBusError *error) { const char *filename_c; - + _DBUS_ASSERT_ERROR_IS_CLEAR (error); filename_c = _dbus_string_get_const_data (filename); @@ -534,7 +534,7 @@ _dbus_delete_directory (const DBusString *filename, filename_c, _dbus_strerror (errno)); return FALSE; } - + return TRUE; } @@ -543,7 +543,7 @@ _dbus_delete_directory (const DBusString *filename, * @param file full path to the file * @returns #TRUE if file exists */ -dbus_bool_t +dbus_bool_t _dbus_file_exists (const char *file) { return (access (file, F_OK) == 0); @@ -555,11 +555,12 @@ _dbus_file_exists (const char *file) * @param error return location for errors * @returns #TRUE is the user is at the consolei and there are no errors */ -dbus_bool_t +dbus_bool_t _dbus_user_at_console (const char *username, DBusError *error) { +#ifdef HAVE_CONSOLE_AUTH_DIR DBusString f; dbus_bool_t result; @@ -589,6 +590,9 @@ _dbus_user_at_console (const char *username, _dbus_string_free (&f); return result; +#else + return FALSE; +#endif } @@ -624,7 +628,7 @@ _dbus_stat (const DBusString *filename, struct stat sb; _DBUS_ASSERT_ERROR_IS_CLEAR (error); - + filename_c = _dbus_string_get_const_data (filename); if (stat (filename_c, &sb) < 0) @@ -653,7 +657,7 @@ _dbus_stat (const DBusString *filename, struct DBusDirIter { DIR *d; /**< The DIR* from opendir() */ - + }; /** @@ -672,7 +676,7 @@ _dbus_directory_open (const DBusString *filename, const char *filename_c; _DBUS_ASSERT_ERROR_IS_CLEAR (error); - + filename_c = _dbus_string_get_const_data (filename); d = opendir (filename_c); @@ -700,7 +704,7 @@ _dbus_directory_open (const DBusString *filename, /* Calculate the required buffer size (in bytes) for directory * entries read from the given directory handle. Return -1 if this - * this cannot be done. + * this cannot be done. * * If you use autoconf, include fpathconf and dirfd in your * AC_CHECK_FUNCS list. Otherwise use some other method to detect @@ -761,7 +765,7 @@ _dbus_directory_get_next_file (DBusDirIter *iter, int err; _DBUS_ASSERT_ERROR_IS_CLEAR (error); - + if (!dirent_buf_size (iter->d, &buf_size)) { dbus_set_error (error, DBUS_ERROR_FAILED, @@ -827,12 +831,12 @@ fill_user_info_from_group (struct group *g, DBusError *error) { _dbus_assert (g->gr_name != NULL); - + info->gid = g->gr_gid; info->groupname = _dbus_strdup (g->gr_name); /* info->members = dbus_strdupv (g->gr_mem) */ - + if (info->groupname == NULL) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); @@ -857,12 +861,12 @@ fill_group_info (DBusGroupInfo *info, group_c_str = _dbus_string_get_const_data (groupname); else group_c_str = NULL; - + /* For now assuming that the getgrnam() and getgrgid() flavors * always correspond to the pwnam flavors, if not we have * to add more configure checks. */ - + #if defined (HAVE_POSIX_GETPWNAM_R) || defined (HAVE_NONPOSIX_GETPWNAM_R) { struct group *g; @@ -1045,7 +1049,7 @@ _dbus_unix_groups_from_uid (dbus_uid_t uid, * Should always fail on Windows (set the error to * #DBUS_ERROR_NOT_SUPPORTED). * - * @param uid UID of person to check + * @param uid UID of person to check * @param error return location for errors * @returns #TRUE if the UID is the same as the console user and there are no errors */ @@ -1101,7 +1105,7 @@ _dbus_string_get_dirname (const DBusString *filename, DBusString *dirname) { int sep; - + _dbus_assert (filename != dirname); _dbus_assert (filename != NULL); _dbus_assert (dirname != NULL); @@ -1110,26 +1114,26 @@ _dbus_string_get_dirname (const DBusString *filename, sep = _dbus_string_get_length (filename); if (sep == 0) return _dbus_string_append (dirname, "."); /* empty string passed in */ - + while (sep > 0 && _dbus_string_get_byte (filename, sep - 1) == '/') --sep; _dbus_assert (sep >= 0); - + if (sep == 0) return _dbus_string_append (dirname, "/"); - + /* Now find the previous separator */ _dbus_string_find_byte_backward (filename, sep, '/', &sep); if (sep < 0) return _dbus_string_append (dirname, "."); - + /* skip multiple separators */ while (sep > 0 && _dbus_string_get_byte (filename, sep - 1) == '/') --sep; _dbus_assert (sep >= 0); - + if (sep == 0 && _dbus_string_get_byte (filename, 0) == '/') return _dbus_string_append (dirname, "/"); @@ -1143,11 +1147,11 @@ static void string_squash_nonprintable (DBusString *str) { char *buf; - int i, len; - + int i, len; + buf = _dbus_string_get_data (str); len = _dbus_string_get_length (str); - + for (i = 0; i < len; i++) { unsigned char c = (unsigned char) buf[i]; @@ -1162,17 +1166,17 @@ string_squash_nonprintable (DBusString *str) * Get a printable string describing the command used to execute * the process with pid. This string should only be used for * informative purposes such as logging; it may not be trusted. - * + * * The command is guaranteed to be printable ASCII and no longer * than max_len. - * + * * @param pid Process id * @param str Append command to this string * @param max_len Maximum length of returned command * @param error return location for errors * @returns #FALSE on error */ -dbus_bool_t +dbus_bool_t _dbus_command_for_pid (unsigned long pid, DBusString *str, int max_len, @@ -1182,25 +1186,25 @@ _dbus_command_for_pid (unsigned long pid, DBusString path; DBusString cmdline; int fd; - - if (!_dbus_string_init (&path)) + + if (!_dbus_string_init (&path)) { _DBUS_SET_OOM (error); return FALSE; } - + if (!_dbus_string_init (&cmdline)) { _DBUS_SET_OOM (error); _dbus_string_free (&path); return FALSE; } - + if (!_dbus_string_append_printf (&path, "/proc/%ld/cmdline", pid)) goto oom; - + fd = open (_dbus_string_get_const_data (&path), O_RDONLY); - if (fd < 0) + if (fd < 0) { dbus_set_error (error, _dbus_error_from_errno (errno), @@ -1209,26 +1213,26 @@ _dbus_command_for_pid (unsigned long pid, _dbus_strerror (errno)); goto fail; } - + if (!_dbus_read (fd, &cmdline, max_len)) { dbus_set_error (error, _dbus_error_from_errno (errno), "Failed to read from \"%s\": %s", _dbus_string_get_const_data (&path), - _dbus_strerror (errno)); + _dbus_strerror (errno)); goto fail; } - + if (!_dbus_close (fd, error)) goto fail; - - string_squash_nonprintable (&cmdline); - + + string_squash_nonprintable (&cmdline); + if (!_dbus_string_copy (&cmdline, 0, str, _dbus_string_get_length (str))) goto oom; - - _dbus_string_free (&cmdline); + + _dbus_string_free (&cmdline); _dbus_string_free (&path); return TRUE; oom: |