From 8a43a1842023edd3974a771a572bfe5403c5b31c Mon Sep 17 00:00:00 2001
From: Simon McVittie <smcv@collabora.com>
Date: Mon, 15 Jan 2018 19:45:39 +0000
Subject: [PATCH 08/11] bus: Try to get groups directly from credentials, not
 userdb

If we avoid consulting the userdb, then it's one less chance to
deadlock.

Signed-off-by: Simon McVittie <smcv@collabora.com>

---

Be more careful with types
---
 bus/connection.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/bus/connection.c b/bus/connection.c
index 91b1966e..7e2df9df 100644
--- a/bus/connection.c
+++ b/bus/connection.c
@@ -1032,11 +1032,43 @@ bus_connection_get_unix_groups  (DBusConnection   *connection,
                                  int              *n_groups,
                                  DBusError        *error)
 {
+  /* Assigning dbus_gid_t to unsigned long is lossless (in fact
+   * they are the same type) */
+  _DBUS_STATIC_ASSERT (sizeof (unsigned long) == sizeof (dbus_gid_t));
+
+  const dbus_gid_t *groups_borrowed = NULL;
+  DBusCredentials *credentials;
   unsigned long uid;
+  size_t n = 0;
 
   *groups = NULL;
   *n_groups = 0;
 
+  credentials = _dbus_connection_get_credentials (connection);
+
+  if (credentials != NULL &&
+      _dbus_credentials_get_unix_gids (credentials, &groups_borrowed, &n))
+    {
+      size_t i;
+
+      /* We got the group IDs from SO_PEERGROUPS or equivalent - no
+       * need to ask NSS */
+
+      *n_groups = n;
+      *groups = dbus_new (unsigned long, n);
+
+      if (groups == NULL)
+        {
+          BUS_SET_OOM (error);
+          return FALSE;
+        }
+
+      for (i = 0; i < n; i++)
+        (*groups)[i] = groups_borrowed[i];
+
+      return TRUE;
+    }
+
   if (dbus_connection_get_unix_user (connection, &uid))
     {
       if (!_dbus_unix_groups_from_uid (uid, groups, n_groups))
-- 
2.16.1