From 4760eae9b1b3ebb94fc5590cf5ba1a268e3120be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Wed, 31 Oct 2018 13:07:26 +0100 Subject: [PATCH] sbus: allow access for sssd user D-Bus allows access for root and euid by default, however when running in non-root mode monitor continues to run as root but responsers as sssd user. Therefore monitor euid != sssd user and the connection is terminated. We must explicitly allow the connection for sssd user uid. Resolves: https://pagure.io/SSSD/sssd/issue/3871 Reviewed-by: Jakub Hrozek --- src/sbus/server/sbus_server.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/sbus/server/sbus_server.c b/src/sbus/server/sbus_server.c index 576cff616..5405dae56 100644 --- a/src/sbus/server/sbus_server.c +++ b/src/sbus/server/sbus_server.c @@ -400,6 +400,22 @@ sbus_server_filter_add(struct sbus_server *server, return true; } +static dbus_bool_t +sbus_server_check_connection_uid(DBusConnection *dbus_conn, + unsigned long uid, + void *data) +{ + struct sbus_server *sbus_server; + + sbus_server = talloc_get_type(data, struct sbus_server); + + if (uid == 0 || uid == sbus_server->uid) { + return true; + } + + return false; +} + static void sbus_server_new_connection(DBusServer *dbus_server, DBusConnection *dbus_conn, @@ -415,6 +431,11 @@ sbus_server_new_connection(DBusServer *dbus_server, DEBUG(SSSDBG_FUNC_DATA, "Adding connection %p.\n", dbus_conn); + /* Allow access from uid that is associated with this sbus server. */ + dbus_connection_set_unix_user_function(dbus_conn, + sbus_server_check_connection_uid, + sbus_server, NULL); + /* First, add a message filter that will take care of routing messages * between connections. */ bret = sbus_server_filter_add(sbus_server, dbus_conn); -- 2.19.1