From 4760eae9b1b3ebb94fc5590cf5ba1a268e3120be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 31 Oct 2018 13:07:26 +0100
Subject: [PATCH] sbus: allow access for sssd user
D-Bus allows access for root and euid by default, however when running
in non-root mode monitor continues to run as root but responsers as sssd
user. Therefore monitor euid != sssd user and the connection is terminated.
We must explicitly allow the connection for sssd user uid.
Resolves:
https://pagure.io/SSSD/sssd/issue/3871
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
src/sbus/server/sbus_server.c | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/src/sbus/server/sbus_server.c b/src/sbus/server/sbus_server.c
index 576cff616..5405dae56 100644
--- a/src/sbus/server/sbus_server.c
+++ b/src/sbus/server/sbus_server.c
@@ -400,6 +400,22 @@ sbus_server_filter_add(struct sbus_server *server,
return true;
}
+static dbus_bool_t
+sbus_server_check_connection_uid(DBusConnection *dbus_conn,
+ unsigned long uid,
+ void *data)
+{
+ struct sbus_server *sbus_server;
+
+ sbus_server = talloc_get_type(data, struct sbus_server);
+
+ if (uid == 0 || uid == sbus_server->uid) {
+ return true;
+ }
+
+ return false;
+}
+
static void
sbus_server_new_connection(DBusServer *dbus_server,
DBusConnection *dbus_conn,
@@ -415,6 +431,11 @@ sbus_server_new_connection(DBusServer *dbus_server,
DEBUG(SSSDBG_FUNC_DATA, "Adding connection %p.\n", dbus_conn);
+ /* Allow access from uid that is associated with this sbus server. */
+ dbus_connection_set_unix_user_function(dbus_conn,
+ sbus_server_check_connection_uid,
+ sbus_server, NULL);
+
/* First, add a message filter that will take care of routing messages
* between connections. */
bret = sbus_server_filter_add(sbus_server, dbus_conn);
--
2.19.1