From af18bb650b6a305bb85fa434c7f72711c700479a Mon Sep 17 00:00:00 2001 From: Colin Walters Date: Wed, 21 Aug 2013 12:23:55 -0400 Subject: [PATCH 1/4] PolkitSystemBusName: Add public API to retrieve Unix user And change the duplicated code in the backend session monitors to use it. This just a code cleanup resulting from review after CVE-2013-4288. There's no security impact from this patch, it just removes duplicated code. --- src/polkit/polkitsystembusname.c | 56 ++++++++++++++++++++ src/polkit/polkitsystembusname.h | 4 ++ .../polkitbackendsessionmonitor-systemd.c | 20 +------- src/polkitbackend/polkitbackendsessionmonitor.c | 20 +------- 4 files changed, 62 insertions(+), 38 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 2a297c4..51e4a69 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -25,6 +25,7 @@ #include #include "polkitsystembusname.h" +#include "polkitunixuser.h" #include "polkitsubject.h" #include "polkitprivate.h" @@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, return ret; } +/** + * polkit_system_bus_name_get_user_sync: + * @system_bus_name: A #PolkitSystemBusName. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously gets a #PolkitUnixUser object for @system_bus_name; + * the calling thread is blocked until a reply is received. + * + * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. + **/ +PolkitUnixUser * +polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) +{ + GDBusConnection *connection; + PolkitUnixUser *ret; + GVariant *result; + guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(u)", &uid); + g_variant_unref (result); + + ret = (PolkitUnixUser*)polkit_unix_user_new (uid); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h index 1fc464f..38d31f7 100644 --- a/src/polkit/polkitsystembusname.h +++ b/src/polkit/polkitsystembusname.h @@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName GCancellable *cancellable, GError **error); +PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error); + G_END_DECLS #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 58593c3..0185310 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 9c331b6..4075d3f 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); } else if (POLKIT_IS_UNIX_SESSION (subject)) { -- 1.7.1