diff options
author | Colin Walters <walters@verbum.org> | 2010-02-02 14:57:47 -0500 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2010-02-02 15:04:58 -0500 |
commit | 3dac125d61ebc4f614a1723580043e2f1c811f59 (patch) | |
tree | 4318cee650e9bebdba9e3f322f58680402033e79 /dbus | |
parent | 90fe96b1875350f86a4a773d4a0a22009950dd4d (diff) | |
download | dbus-3dac125d61ebc4f614a1723580043e2f1c811f59.tar.gz |
Fix compilation in --disable-selinux case
_dbus_change_to_daemon_user moved into selinux.c for the --with-selinux
(and audit) case because that's where all of the relevant libcap headers
were being used. However in the --disable-selinux case this didn't
compile and wasn't very clean.
If we don't have libaudit, use the legacy direct setgid/setuid bits
we had before in dbus-sysdeps-util-unix.c.
Diffstat (limited to 'dbus')
-rw-r--r-- | dbus/dbus-sysdeps-util-unix.c | 62 | ||||
-rw-r--r-- | dbus/dbus-sysdeps.h | 3 |
2 files changed, 65 insertions, 0 deletions
diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index 27cdbb01..74e8d88f 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -303,6 +303,68 @@ _dbus_verify_daemon_user (const char *user) return _dbus_get_user_id_and_primary_group (&u, NULL, NULL); } + +/* The HAVE_LIBAUDIT case lives in selinux.c */ +#ifndef HAVE_LIBAUDIT +/** + * Changes the user and group the bus is running as. + * + * @param user the user to become + * @param error return location for errors + * @returns #FALSE on failure + */ +dbus_bool_t +_dbus_change_to_daemon_user (const char *user, + DBusError *error) +{ + dbus_uid_t uid; + dbus_gid_t gid; + DBusString u; + + _dbus_string_init_const (&u, user); + + if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid)) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "User '%s' does not appear to exist?", + user); + return FALSE; + } + + /* setgroups() only works if we are a privileged process, + * so we don't return error on failure; the only possible + * failure is that we don't have perms to do it. + * + * not sure this is right, maybe if setuid() + * is going to work then setgroups() should also work. + */ + if (setgroups (0, NULL) < 0) + _dbus_warn ("Failed to drop supplementary groups: %s\n", + _dbus_strerror (errno)); + + /* Set GID first, or the setuid may remove our permission + * to change the GID + */ + if (setgid (gid) < 0) + { + dbus_set_error (error, _dbus_error_from_errno (errno), + "Failed to set GID to %lu: %s", gid, + _dbus_strerror (errno)); + return FALSE; + } + + if (setuid (uid) < 0) + { + dbus_set_error (error, _dbus_error_from_errno (errno), + "Failed to set UID to %lu: %s", uid, + _dbus_strerror (errno)); + return FALSE; + } + + return TRUE; +} +#endif /* !HAVE_LIBAUDIT */ + void _dbus_init_system_log (void) { diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h index b154f016..80f0ba26 100644 --- a/dbus/dbus-sysdeps.h +++ b/dbus/dbus-sysdeps.h @@ -512,6 +512,9 @@ unsigned long _dbus_pid_for_log (void); */ dbus_pid_t _dbus_getpid (void); +dbus_bool_t _dbus_change_to_daemon_user (const char *user, + DBusError *error); + void _dbus_flush_caches (void); /** @} */ |