From: Colin Walters Date: Wed, 3 Feb 2010 07:36:38 +0000 (+0100) Subject: Fix compilation in --disable-selinux case X-Git-Tag: dbus-1.3.1~120^2~24 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=15109202a98b0a117f54308d58de4f2034334f92;hp=19d48c3344fa0b43d960c2f0b8b5fbb2f9f8cb86;p=platform%2Fupstream%2Fdbus.git Fix compilation in --disable-selinux case _dbus_change_to_daemon_user moved into selinux.c for the --with-selinux (and audit) case because that's where all of the relevant libcap headers were being used. However in the --disable-selinux case this didn't compile and wasn't very clean. If we don't have libaudit, use the legacy direct setgid/setuid bits we had before in dbus-sysdeps-util-unix.c. --- diff --git a/bus/selinux.c b/bus/selinux.c index 614fa31..996cf1d 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -1019,7 +1019,8 @@ bus_selinux_shutdown (void) #endif /* HAVE_SELINUX */ } -#ifndef DBUS_WIN +/* The !HAVE_LIBAUDIT case lives in dbus-sysdeps-util-unix.c */ +#ifdef HAVE_LIBAUDIT /** * Changes the user and group the bus is running as. * @@ -1045,7 +1046,6 @@ _dbus_change_to_daemon_user (const char *user, return FALSE; } -#ifdef HAVE_LIBAUDIT /* If we were root */ if (_dbus_geteuid () == 0) { @@ -1086,40 +1086,7 @@ _dbus_change_to_daemon_user (const char *user, return FALSE; } } -#else - /* setgroups() only works if we are a privileged process, - * so we don't return error on failure; the only possible - * failure is that we don't have perms to do it. - * - * not sure this is right, maybe if setuid() - * is going to work then setgroups() should also work. - */ - if (setgroups (0, NULL) < 0) - _dbus_warn ("Failed to drop supplementary groups: %s\n", - _dbus_strerror (errno)); - - /* Set GID first, or the setuid may remove our permission - * to change the GID - */ - if (setgid (gid) < 0) - { - dbus_set_error (error, _dbus_error_from_errno (errno), - "Failed to set GID to %lu: %s", gid, - _dbus_strerror (errno)); - return FALSE; - } - - if (setuid (uid) < 0) - { - dbus_set_error (error, _dbus_error_from_errno (errno), - "Failed to set UID to %lu: %s", uid, - _dbus_strerror (errno)); - return FALSE; - } -#endif /* !HAVE_LIBAUDIT */ return TRUE; } - #endif - diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c index cf77f0a..e31d0f8 100644 --- a/dbus/dbus-sysdeps-util-unix.c +++ b/dbus/dbus-sysdeps-util-unix.c @@ -303,6 +303,68 @@ _dbus_verify_daemon_user (const char *user) return _dbus_get_user_id_and_primary_group (&u, NULL, NULL); } + +/* The HAVE_LIBAUDIT case lives in selinux.c */ +#ifndef HAVE_LIBAUDIT +/** + * Changes the user and group the bus is running as. + * + * @param user the user to become + * @param error return location for errors + * @returns #FALSE on failure + */ +dbus_bool_t +_dbus_change_to_daemon_user (const char *user, + DBusError *error) +{ + dbus_uid_t uid; + dbus_gid_t gid; + DBusString u; + + _dbus_string_init_const (&u, user); + + if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid)) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "User '%s' does not appear to exist?", + user); + return FALSE; + } + + /* setgroups() only works if we are a privileged process, + * so we don't return error on failure; the only possible + * failure is that we don't have perms to do it. + * + * not sure this is right, maybe if setuid() + * is going to work then setgroups() should also work. + */ + if (setgroups (0, NULL) < 0) + _dbus_warn ("Failed to drop supplementary groups: %s\n", + _dbus_strerror (errno)); + + /* Set GID first, or the setuid may remove our permission + * to change the GID + */ + if (setgid (gid) < 0) + { + dbus_set_error (error, _dbus_error_from_errno (errno), + "Failed to set GID to %lu: %s", gid, + _dbus_strerror (errno)); + return FALSE; + } + + if (setuid (uid) < 0) + { + dbus_set_error (error, _dbus_error_from_errno (errno), + "Failed to set UID to %lu: %s", uid, + _dbus_strerror (errno)); + return FALSE; + } + + return TRUE; +} +#endif /* !HAVE_LIBAUDIT */ + void _dbus_init_system_log (void) {