From 145fb99b6e0351d92ffd2f85be77b426c89df59b Mon Sep 17 00:00:00 2001 From: Tim Dijkstra Date: Tue, 12 Dec 2006 21:24:07 +0000 Subject: [PATCH] commit.msg --- bus/bus.c | 22 ++------------- bus/bus.h | 3 --- bus/connection.c | 9 ++----- bus/policy.c | 5 ++-- bus/policy.h | 1 - dbus/dbus-userdb-util.c | 71 ++++++++++++++++++++++++++++++++----------------- dbus/dbus-userdb.c | 15 ++++++++++- dbus/dbus-userdb.h | 11 +++----- 8 files changed, 71 insertions(+), 66 deletions(-) diff --git a/bus/bus.c b/bus/bus.c index efbd023..562eb98 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -34,6 +34,7 @@ #include #include #include +#include struct BusContext { @@ -50,7 +51,6 @@ struct BusContext BusRegistry *registry; BusPolicy *policy; BusMatchmaker *matchmaker; - DBusUserDatabase *user_database; BusLimits limits; unsigned int fork : 1; }; @@ -596,13 +596,6 @@ bus_context_new (const DBusString *config_file, if (!dbus_server_allocate_data_slot (&server_data_slot)) _dbus_assert_not_reached ("second ref of server data slot failed"); - context->user_database = _dbus_user_database_new (); - if (context->user_database == NULL) - { - BUS_SET_OOM (error); - goto failed; - } - /* Note that we don't know whether the print_addr_fd is * one of the sockets we're using to listen on, or some * other random thing. But I think the answer is "don't do @@ -800,7 +793,7 @@ bus_context_reload_config (BusContext *context, dbus_bool_t ret; /* Flush the user database cache */ - _dbus_user_database_flush(context->user_database); + _dbus_user_database_flush_system (); ret = FALSE; _dbus_string_init_const (&config_file, context->config_file); @@ -951,10 +944,6 @@ bus_context_unref (BusContext *context) dbus_free (context->pidfile); } - - if (context->user_database != NULL) - _dbus_user_database_unref (context->user_database); - dbus_free (context); dbus_server_free_data_slot (&server_data_slot); @@ -1004,18 +993,11 @@ bus_context_get_loop (BusContext *context) return context->loop; } -DBusUserDatabase* -bus_context_get_user_database (BusContext *context) -{ - return context->user_database; -} - dbus_bool_t bus_context_allow_user (BusContext *context, unsigned long uid) { return bus_policy_allow_user (context->policy, - context->user_database, uid); } diff --git a/bus/bus.h b/bus/bus.h index 527bfdd..77d764d 100644 --- a/bus/bus.h +++ b/bus/bus.h @@ -29,7 +29,6 @@ #include #include #include -#include typedef struct BusActivation BusActivation; typedef struct BusConnections BusConnections; @@ -86,8 +85,6 @@ BusConnections* bus_context_get_connections (BusContext BusActivation* bus_context_get_activation (BusContext *context); BusMatchmaker* bus_context_get_matchmaker (BusContext *context); DBusLoop* bus_context_get_loop (BusContext *context); -DBusUserDatabase* bus_context_get_user_database (BusContext *context); - dbus_bool_t bus_context_allow_user (BusContext *context, unsigned long uid); BusPolicy* bus_context_get_policy (BusContext *context); diff --git a/bus/connection.c b/bus/connection.c index df888f4..d063afc 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -31,6 +31,7 @@ #include #include #include +#include static void bus_connection_remove_transactions (DBusConnection *connection); @@ -778,24 +779,18 @@ bus_connection_get_groups (DBusConnection *connection, { BusConnectionData *d; unsigned long uid; - DBusUserDatabase *user_database; d = BUS_CONNECTION_DATA (connection); _dbus_assert (d != NULL); - user_database = bus_context_get_user_database (d->connections->context); - *groups = NULL; *n_groups = 0; if (dbus_connection_get_unix_user (connection, &uid)) { - if (!_dbus_user_database_get_groups (user_database, - uid, groups, n_groups, - error)) + if (!_dbus_groups_from_uid (uid, groups, n_groups)) { - _DBUS_ASSERT_ERROR_IS_SET (error); _dbus_verbose ("Did not get any groups for UID %lu\n", uid); return FALSE; diff --git a/bus/policy.c b/bus/policy.c index c0244bd..7b4c5f2 100644 --- a/bus/policy.c +++ b/bus/policy.c @@ -28,6 +28,7 @@ #include #include #include +#include BusPolicyRule* bus_policy_rule_new (BusPolicyRuleType type, @@ -438,7 +439,6 @@ list_allows_user (dbus_bool_t def, dbus_bool_t bus_policy_allow_user (BusPolicy *policy, - DBusUserDatabase *user_database, unsigned long uid) { dbus_bool_t allowed; @@ -446,8 +446,7 @@ bus_policy_allow_user (BusPolicy *policy, int n_group_ids; /* On OOM or error we always reject the user */ - if (!_dbus_user_database_get_groups (user_database, - uid, &group_ids, &n_group_ids, NULL)) + if (!_dbus_groups_from_uid (uid, &group_ids, &n_group_ids)) { _dbus_verbose ("Did not get any groups for UID %lu\n", uid); diff --git a/bus/policy.h b/bus/policy.h index 94b48e6..0a944ff 100644 --- a/bus/policy.h +++ b/bus/policy.h @@ -113,7 +113,6 @@ BusClientPolicy* bus_policy_create_client_policy (BusPolicy *policy, DBusConnection *connection, DBusError *error); dbus_bool_t bus_policy_allow_user (BusPolicy *policy, - DBusUserDatabase *user_database, unsigned long uid); dbus_bool_t bus_policy_append_default_rule (BusPolicy *policy, BusPolicyRule *rule); diff --git a/dbus/dbus-userdb-util.c b/dbus/dbus-userdb-util.c index 81564ad..bd393a2 100644 --- a/dbus/dbus-userdb-util.c +++ b/dbus/dbus-userdb-util.c @@ -86,6 +86,8 @@ _dbus_is_console_user (dbus_uid_t uid, return FALSE; } + /* TPTD: this should be cache-safe, we've locked the DB and + _dbus_user_at_console doesn't pass it on. */ info = _dbus_user_database_lookup (db, uid, NULL, error); if (info == NULL) @@ -347,45 +349,49 @@ _dbus_user_database_get_gid (DBusUserDatabase *db, /** - * Gets all groups for a particular user. Returns #FALSE + * Gets all groups corresponding to the given UID. Returns #FALSE * if no memory, or user isn't known, but always initializes - * group_ids to a NULL array. Sets error to the reason - * for returning #FALSE. + * group_ids to a NULL array. * - * @param db the user database object - * @param uid the user ID + * @param uid the UID * @param group_ids return location for array of group IDs * @param n_group_ids return location for length of returned array - * @param error return location for error - * @returns #TRUE on success + * @returns #TRUE if the UID existed and we got some credentials */ dbus_bool_t -_dbus_user_database_get_groups (DBusUserDatabase *db, - dbus_uid_t uid, - dbus_gid_t **group_ids, - int *n_group_ids, - DBusError *error) +_dbus_groups_from_uid (dbus_uid_t uid, + dbus_gid_t **group_ids, + int *n_group_ids) { - DBusUserInfo *info; - - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - + DBusUserDatabase *db; + const DBusUserInfo *info; *group_ids = NULL; *n_group_ids = 0; - - info = _dbus_user_database_lookup (db, uid, NULL, error); - if (info == NULL) + + _dbus_user_database_lock_system (); + + db = _dbus_user_database_get_system (); + if (db == NULL) { - _DBUS_ASSERT_ERROR_IS_SET (error); + _dbus_user_database_unlock_system (); return FALSE; } + if (!_dbus_user_database_get_uid (db, uid, + &info, NULL)) + { + _dbus_user_database_unlock_system (); + return FALSE; + } + + _dbus_assert (info->uid == uid); + if (info->n_group_ids > 0) { *group_ids = dbus_new (dbus_gid_t, info->n_group_ids); if (*group_ids == NULL) { - dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); + _dbus_user_database_unlock_system (); return FALSE; } @@ -394,9 +400,9 @@ _dbus_user_database_get_groups (DBusUserDatabase *db, memcpy (*group_ids, info->group_ids, info->n_group_ids * sizeof (dbus_gid_t)); } + _dbus_user_database_unlock_system (); return TRUE; } - /** @} */ #ifdef DBUS_BUILD_TESTS @@ -412,6 +418,9 @@ _dbus_userdb_test (const char *test_data_dir) { const DBusString *username; const DBusString *homedir; + dbus_uid_t uid; + unsigned long *group_ids; + int n_group_ids, i; if (!_dbus_username_from_current_process (&username)) _dbus_assert_not_reached ("didn't get username"); @@ -419,10 +428,24 @@ _dbus_userdb_test (const char *test_data_dir) if (!_dbus_homedir_from_current_process (&homedir)) _dbus_assert_not_reached ("didn't get homedir"); - printf (" Current user: %s homedir: %s\n", + if (!_dbus_get_user_id (username, &uid)) + _dbus_assert_not_reached ("didn't get uid"); + + + if (!_dbus_groups_from_uid (uid, &group_ids, &n_group_ids)) + _dbus_assert_not_reached ("didn't get groups"); + + printf (" Current user: %s homedir: %s gids:", _dbus_string_get_const_data (username), _dbus_string_get_const_data (homedir)); - + + for (i=0; i