bus: return ProcessFD in GetConnectionCredentials()

Allows to track a process by pinning to a file descriptor,
which unlike a PID cannot be reused.

root@image:~# busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus GetConnectionCredentials "s" org.freedesktop.systemd1
a{sv} 3 "ProcessID" u 1 "UnixUserID" u 0 "ProcessFD" h 4

Signed-off-by: Luca Boccassi <bluca@debian.org>

diff --git a/bus/containers.c b/bus/containers.c
index 470177c09bb36b9be04c6aa3198438ce7a305f43..816f3e1b254b5db49e04ba97caa115df6f3697f6 100644 (file)
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -1206,6 +1206,7 @@ bus_containers_handle_get_connection_instance (DBusConnection *caller,
     goto oom;
 
   if (!bus_driver_fill_connection_credentials (NULL, instance->creator,
+                                               caller,
                                                &arr_writer))
     {
       dbus_message_iter_abandon_container (&writer, &arr_writer);
@@ -1289,6 +1290,7 @@ bus_containers_handle_get_instance_info (DBusConnection *connection,
     goto oom;
 
   if (!bus_driver_fill_connection_credentials (NULL, instance->creator,
+                                               connection,
                                                &arr_writer))
     {
       dbus_message_iter_abandon_container (&writer, &arr_writer);

diff --git a/bus/driver.c b/bus/driver.c
index b1d34f68358c4d92cf247539b51e68ae9230b72a..7bc12f420b603be1d1e7bf41c0b407af4bccf524 100644 (file)
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -1970,7 +1970,8 @@ bus_driver_credentials_fill_unix_gids (DBusCredentials *credentials,
  */
 dbus_bool_t
 bus_driver_fill_connection_credentials (DBusCredentials *credentials,
-                                        DBusConnection  *conn,
+                                        DBusConnection  *peer_conn,
+                                        DBusConnection  *caller_conn,
                                         DBusMessageIter *asv_iter)
 {
   dbus_uid_t uid = DBUS_UID_UNSET;
@@ -1980,13 +1981,19 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
 #ifdef DBUS_ENABLE_CONTAINERS
   const char *path;
 #endif
+#ifdef HAVE_UNIX_FD_PASSING
+  int pid_fd = -1; /* owned by credentials */
+#endif
 
-  if (credentials == NULL && conn != NULL)
-    credentials = _dbus_connection_get_credentials (conn);
+  if (credentials == NULL && peer_conn != NULL)
+    credentials = _dbus_connection_get_credentials (peer_conn);
 
   if (credentials != NULL)
     {
       pid = _dbus_credentials_get_pid (credentials);
+#ifdef HAVE_UNIX_FD_PASSING
+      pid_fd = _dbus_credentials_get_pid_fd (credentials);
+#endif
       uid = _dbus_credentials_get_unix_uid (credentials);
       windows_sid = _dbus_credentials_get_windows_sid (credentials);
       linux_security_label =
@@ -2036,8 +2043,8 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
 
 #ifdef DBUS_ENABLE_CONTAINERS
   /* This has to come from the connection, not the credentials */
-  if (conn != NULL &&
-      bus_containers_connection_is_contained (conn, &path, NULL, NULL))
+  if (peer_conn != NULL &&
+      bus_containers_connection_is_contained (peer_conn, &path, NULL, NULL))
     {
       if (!_dbus_asv_add_object_path (asv_iter,
                                       DBUS_INTERFACE_CONTAINERS1 ".Instance",
@@ -2046,6 +2053,13 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
     }
 #endif
 
+#ifdef HAVE_UNIX_FD_PASSING
+  if (caller_conn != NULL && pid_fd >= 0 &&
+      dbus_connection_can_send_type (caller_conn, DBUS_TYPE_UNIX_FD) &&
+      !_dbus_asv_add_unix_fd (asv_iter, "ProcessFD", pid_fd))
+    return FALSE;
+#endif
+
   return TRUE;
 }
 
@@ -2094,7 +2108,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection,
   reply = _dbus_asv_new_method_return (message, &reply_iter, &array_iter);
 
   if (reply == NULL ||
-      !bus_driver_fill_connection_credentials (credentials, conn, &array_iter) ||
+      !bus_driver_fill_connection_credentials (credentials, conn, connection, &array_iter) ||
       !_dbus_asv_close (&reply_iter, &array_iter))
     goto oom;
 

diff --git a/bus/driver.h b/bus/driver.h
index 2c03a4aea090b2e47a7ef507b0fa4af5bb63c24e..4365e0161c1d8b14c8b851d2fae2a02f8f542ba6 100644 (file)
--- a/bus/driver.h
+++ b/bus/driver.h
@@ -58,7 +58,8 @@ dbus_bool_t bus_driver_generate_introspect_string  (DBusString *xml,
                                                     dbus_bool_t canonical_path,
                                                     DBusMessage *message);
 dbus_bool_t bus_driver_fill_connection_credentials (DBusCredentials *credentials,
-                                                    DBusConnection  *conn,
+                                                    DBusConnection  *peer_conn,
+                                                    DBusConnection  *caller_conn,
                                                     DBusMessageIter *asv_iter);
 
 BusDriverFound bus_driver_get_conn_helper (DBusConnection  *connection,