From: Colin Walters Date: Wed, 21 Aug 2013 12:23:55 -0400 Subject: [PATCH] 0.113: PolkitSystemBusName: Add public API to retrieve Unix user And change the duplicated code in the backend session monitors to use it. This just a code cleanup resulting from review after CVE-2013-4288. There's no security impact from this patch, it just removes duplicated code. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69538 Origin: upstream, 0.113, commit:904d8404d93dec45fce3b719eb1a626acc6b8a73 Imported from policykit-1_0.105-25.debian.tar.xz Signed-off-by: Michael Olbrich --- src/polkit/polkitsystembusname.c | 56 +++++++++++++++++++ src/polkit/polkitsystembusname.h | 4 ++ .../polkitbackendsessionmonitor-systemd.c | 20 +------ .../polkitbackendsessionmonitor.c | 20 +------ 4 files changed, 62 insertions(+), 38 deletions(-) diff --git a/src/polkit/polkitsystembusname.c b/src/polkit/polkitsystembusname.c index 2a297c4af475..51e4a694aa38 100644 --- a/src/polkit/polkitsystembusname.c +++ b/src/polkit/polkitsystembusname.c @@ -25,6 +25,7 @@ #include #include "polkitsystembusname.h" +#include "polkitunixuser.h" #include "polkitsubject.h" #include "polkitprivate.h" @@ -396,3 +397,58 @@ polkit_system_bus_name_get_process_sync (PolkitSystemBusName *system_bus_name, return ret; } +/** + * polkit_system_bus_name_get_user_sync: + * @system_bus_name: A #PolkitSystemBusName. + * @cancellable: (allow-none): A #GCancellable or %NULL. + * @error: (allow-none): Return location for error or %NULL. + * + * Synchronously gets a #PolkitUnixUser object for @system_bus_name; + * the calling thread is blocked until a reply is received. + * + * Returns: (allow-none) (transfer full): A #PolkitUnixUser object or %NULL if @error is set. + **/ +PolkitUnixUser * +polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error) +{ + GDBusConnection *connection; + PolkitUnixUser *ret; + GVariant *result; + guint32 uid; + + g_return_val_if_fail (POLKIT_IS_SYSTEM_BUS_NAME (system_bus_name), NULL); + g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL); + g_return_val_if_fail (error == NULL || *error == NULL, NULL); + + ret = NULL; + + connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, cancellable, error); + if (connection == NULL) + goto out; + + result = g_dbus_connection_call_sync (connection, + "org.freedesktop.DBus", /* name */ + "/org/freedesktop/DBus", /* object path */ + "org.freedesktop.DBus", /* interface name */ + "GetConnectionUnixUser", /* method */ + g_variant_new ("(s)", system_bus_name->name), + G_VARIANT_TYPE ("(u)"), + G_DBUS_CALL_FLAGS_NONE, + -1, + cancellable, + error); + if (result == NULL) + goto out; + + g_variant_get (result, "(u)", &uid); + g_variant_unref (result); + + ret = (PolkitUnixUser*)polkit_unix_user_new (uid); + + out: + if (connection != NULL) + g_object_unref (connection); + return ret; +} diff --git a/src/polkit/polkitsystembusname.h b/src/polkit/polkitsystembusname.h index 1fc464fc41ef..38d31f715d10 100644 --- a/src/polkit/polkitsystembusname.h +++ b/src/polkit/polkitsystembusname.h @@ -56,6 +56,10 @@ PolkitSubject *polkit_system_bus_name_get_process_sync (PolkitSystemBusName GCancellable *cancellable, GError **error); +PolkitUnixUser * polkit_system_bus_name_get_user_sync (PolkitSystemBusName *system_bus_name, + GCancellable *cancellable, + GError **error); + G_END_DECLS #endif /* __POLKIT_SYSTEM_BUS_NAME_H */ diff --git a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c index 58593c323508..018531051714 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor-systemd.c +++ b/src/polkitbackend/polkitbackendsessionmonitor-systemd.c @@ -277,25 +277,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject), NULL, error); } else if (POLKIT_IS_UNIX_SESSION (subject)) { diff --git a/src/polkitbackend/polkitbackendsessionmonitor.c b/src/polkitbackend/polkitbackendsessionmonitor.c index 9c331b64a0ec..4075d3ff06ad 100644 --- a/src/polkitbackend/polkitbackendsessionmonitor.c +++ b/src/polkitbackend/polkitbackendsessionmonitor.c @@ -306,25 +306,7 @@ polkit_backend_session_monitor_get_user_for_subject (PolkitBackendSessionMonitor } else if (POLKIT_IS_SYSTEM_BUS_NAME (subject)) { - GVariant *result; - - result = g_dbus_connection_call_sync (monitor->system_bus, - "org.freedesktop.DBus", - "/org/freedesktop/DBus", - "org.freedesktop.DBus", - "GetConnectionUnixUser", - g_variant_new ("(s)", polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (subject))), - G_VARIANT_TYPE ("(u)"), - G_DBUS_CALL_FLAGS_NONE, - -1, /* timeout_msec */ - NULL, /* GCancellable */ - error); - if (result == NULL) - goto out; - g_variant_get (result, "(u)", &uid); - g_variant_unref (result); - - ret = polkit_unix_user_new (uid); + ret = (PolkitIdentity*)polkit_system_bus_name_get_user_sync (POLKIT_SYSTEM_BUS_NAME (subject)); } else if (POLKIT_IS_UNIX_SESSION (subject)) {