From 3b120787fc9924ddf35dd907d44fb84fdf918128 Mon Sep 17 00:00:00 2001 From: David Zeuthen Date: Mon, 29 Oct 2007 01:36:58 -0400 Subject: [PATCH] fix uid retrival when getting auths from all users --- polkit-dbus/polkit-read-auth-helper.c | 98 ++++++++++++++++++++++++++--------- polkit/polkit-authorization-db.c | 5 +- polkit/polkit-authorization.c | 6 ++- polkit/polkit-private.h | 7 --- 4 files changed, 82 insertions(+), 34 deletions(-) diff --git a/polkit-dbus/polkit-read-auth-helper.c b/polkit-dbus/polkit-read-auth-helper.c index 0694c3d..385c75d 100644 --- a/polkit-dbus/polkit-read-auth-helper.c +++ b/polkit-dbus/polkit-read-auth-helper.c @@ -117,7 +117,7 @@ out: } static polkit_bool_t -dump_auths_from_file (const char *path) +dump_auths_from_file (const char *path, uid_t uid) { int ret; int fd; @@ -129,6 +129,7 @@ dump_auths_from_file (const char *path) ssize_t num_bytes_to_write; ssize_t num_bytes_written; ssize_t num_bytes_remaining_to_write; + polkit_bool_t have_written_uid; ret = FALSE; @@ -150,22 +151,34 @@ dump_auths_from_file (const char *path) num_bytes_remaining_to_read = statbuf.st_size; + have_written_uid = FALSE; while (num_bytes_remaining_to_read > 0) { - if (num_bytes_remaining_to_read > (ssize_t) sizeof (buf)) - num_bytes_to_read = (ssize_t) sizeof (buf); - else - num_bytes_to_read = num_bytes_remaining_to_read; - - again: - num_bytes_read = read (fd, buf, num_bytes_to_read); - if (num_bytes_read == -1) { - if (errno == EAGAIN || errno == EINTR) { - goto again; - } else { - fprintf (stderr, "polkit-read-auth-helper: error reading file %s: %m\n", path); - close (fd); - goto out; + + /* start with writing the uid - this is necessary when dumping all authorizations via uid=1 */ + if (!have_written_uid) { + have_written_uid = TRUE; + snprintf (buf, sizeof (buf), "#uid=%d\n", uid); + num_bytes_read = strlen (buf); + } else { + + if (num_bytes_remaining_to_read > (ssize_t) sizeof (buf)) + num_bytes_to_read = (ssize_t) sizeof (buf); + else + num_bytes_to_read = num_bytes_remaining_to_read; + + again: + num_bytes_read = read (fd, buf, num_bytes_to_read); + if (num_bytes_read == -1) { + if (errno == EAGAIN || errno == EINTR) { + goto again; + } else { + fprintf (stderr, "polkit-read-auth-helper: error reading file %s: %m\n", path); + close (fd); + goto out; + } } + + num_bytes_remaining_to_read -= num_bytes_read; } /* write to stdout */ @@ -190,11 +203,6 @@ dump_auths_from_file (const char *path) num_bytes_remaining_to_write -= num_bytes_written; } - - - - - num_bytes_remaining_to_read -= num_bytes_read; } @@ -229,9 +237,14 @@ dump_auths_all (const char *root) } while ((d = readdir64(dir)) != NULL) { + unsigned int n, m; + uid_t uid; size_t name_len; + char *filename; + char username[PATH_MAX]; char path[PATH_MAX]; static const char suffix[] = ".auths"; + struct passwd *pw; if (d->d_type != DT_REG) continue; @@ -239,19 +252,54 @@ dump_auths_all (const char *root) if (d->d_name == NULL) continue; - name_len = strlen (d->d_name); + filename = d->d_name; + name_len = strlen (filename); if (name_len < sizeof (suffix)) continue; - if (strcmp ((d->d_name + name_len - sizeof (suffix) + 1), suffix) != 0) + if (strcmp ((filename + name_len - sizeof (suffix) + 1), suffix) != 0) continue; - if (snprintf (path, sizeof (path), "%s/%s", root, d->d_name) >= (int) sizeof (path)) { + /* find the user name.. */ + for (n = 0; n < name_len; n++) { + if (filename[n] == '-') + break; + } + if (filename[n] == '\0') { + fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (1)\n", filename); + continue; + } + n++; + m = n; + for ( ; n < name_len; n++) { + if (filename[n] == '.') + break; + } + + if (filename[n] == '\0') { + fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (2)\n", filename); + continue; + } + if (n - m > sizeof (username) - 1) { + fprintf (stderr, "polkit-read-auth-helper: file name '%s' is malformed (3)\n", filename); + continue; + } + strncpy (username, filename + m, n - m); + username[n - m] = '\0'; + + pw = getpwnam (username); + if (pw == NULL) { + fprintf (stderr, "polkit-read-auth-helper: cannot look up uid for username %s\n", username); + continue; + } + uid = pw->pw_uid; + + if (snprintf (path, sizeof (path), "%s/%s", root, filename) >= (int) sizeof (path)) { fprintf (stderr, "polkit-read-auth-helper: string was truncated (1)\n"); goto out; } - if (!dump_auths_from_file (path)) + if (!dump_auths_from_file (path, uid)) goto out; } @@ -280,7 +328,7 @@ dump_auths_for_uid (const char *root, uid_t uid) return FALSE; } - return dump_auths_from_file (path); + return dump_auths_from_file (path, uid); } diff --git a/polkit/polkit-authorization-db.c b/polkit/polkit-authorization-db.c index eab1da3..30a5970 100644 --- a/polkit/polkit-authorization-db.c +++ b/polkit/polkit-authorization-db.c @@ -328,8 +328,11 @@ _authdb_get_auths_for_uid (PolKitAuthorizationDB *authdb, line = standard_output + n; - if (strlen (line) >= 2 && line[0] != '#') { + if (strlen (line) >= 2 && strncmp (line, "#uid=", 5) == 0) { + uid = (uid_t) atoi (line + 5); + } + if (strlen (line) >= 2 && line[0] != '#') { auth = _polkit_authorization_new_for_uid (line, uid); if (auth != NULL) { diff --git a/polkit/polkit-authorization.c b/polkit/polkit-authorization.c index 1cd961d..733e1a0 100644 --- a/polkit/polkit-authorization.c +++ b/polkit/polkit-authorization.c @@ -92,6 +92,8 @@ _polkit_authorization_get_authfile_entry (PolKitAuthorization *auth) return auth->entry_in_auth_file; } +#ifdef POLKIT_AUTHDB_DEFAULT + PolKitAuthorization * _polkit_authorization_new_for_uid (const char *entry_in_auth_file, uid_t uid) { @@ -258,12 +260,14 @@ _polkit_authorization_new_for_uid (const char *entry_in_auth_file, uid_t uid) return auth; error: - g_warning ("Error parsing token %d in '%s'", n, entry_in_auth_file); + g_warning ("Error parsing token %d from line '%s'", n, entry_in_auth_file); polkit_authorization_unref (auth); g_strfreev (t); return NULL; } +#endif /* POLKIT_AUTHDB_DEFAULT */ + /** * polkit_authorization_ref: * @auth: the authorization object diff --git a/polkit/polkit-private.h b/polkit/polkit-private.h index 1186620..30e5eb4 100644 --- a/polkit/polkit-private.h +++ b/polkit/polkit-private.h @@ -40,15 +40,8 @@ const char *_polkit_authorization_get_authfile_entry (PolKitAuthorization *auth) PolKitAuthorizationConstraint *_polkit_authorization_constraint_new (const char *entry_in_auth_file); -PolKitAuthorizationDB *_polkit_authorization_db_new (void); -void _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb); - -PolKitAuthorization *_polkit_authorization_new_for_uid (const char *entry_in_auth_file, uid_t uid); - polkit_bool_t _polkit_authorization_db_auth_file_add (const char *root, polkit_bool_t transient, uid_t uid, char *str_to_add); -const char *_polkit_authorization_get_authfile_entry (PolKitAuthorization *auth); - PolKitAuthorizationDB *_polkit_authorization_db_new (void); void _polkit_authorization_db_invalidate_cache (PolKitAuthorizationDB *authdb); -- 2.7.4