From: Luca Boccassi <bluca@debian.org>
Date: Mon, 20 Mar 2023 01:55:18 +0000 (+0000)
Subject: bus: return ProcessFD in GetConnectionCredentials()
X-Git-Tag: dbus-1.15.8~26^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7a4c47a929f1ae2b0e725f329488ea14c2e230db;p=thirdparty%2Fdbus.git

bus: return ProcessFD in GetConnectionCredentials()

Allows to track a process by pinning to a file descriptor,
which unlike a PID cannot be reused.

root@image:~# busctl call org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus GetConnectionCredentials "s" org.freedesktop.systemd1
a{sv} 3 "ProcessID" u 1 "UnixUserID" u 0 "ProcessFD" h 4

Signed-off-by: Luca Boccassi <bluca@debian.org>
---

diff --git a/bus/containers.c b/bus/containers.c
index 470177c09..816f3e1b2 100644
--- a/bus/containers.c
+++ b/bus/containers.c
@@ -1206,6 +1206,7 @@ bus_containers_handle_get_connection_instance (DBusConnection *caller,
     goto oom;
 
   if (!bus_driver_fill_connection_credentials (NULL, instance->creator,
+                                               caller,
                                                &arr_writer))
     {
       dbus_message_iter_abandon_container (&writer, &arr_writer);
@@ -1289,6 +1290,7 @@ bus_containers_handle_get_instance_info (DBusConnection *connection,
     goto oom;
 
   if (!bus_driver_fill_connection_credentials (NULL, instance->creator,
+                                               connection,
                                                &arr_writer))
     {
       dbus_message_iter_abandon_container (&writer, &arr_writer);
diff --git a/bus/driver.c b/bus/driver.c
index b1d34f683..7bc12f420 100644
--- a/bus/driver.c
+++ b/bus/driver.c
@@ -1970,7 +1970,8 @@ bus_driver_credentials_fill_unix_gids (DBusCredentials *credentials,
  */
 dbus_bool_t
 bus_driver_fill_connection_credentials (DBusCredentials *credentials,
-                                        DBusConnection  *conn,
+                                        DBusConnection  *peer_conn,
+                                        DBusConnection  *caller_conn,
                                         DBusMessageIter *asv_iter)
 {
   dbus_uid_t uid = DBUS_UID_UNSET;
@@ -1980,13 +1981,19 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
 #ifdef DBUS_ENABLE_CONTAINERS
   const char *path;
 #endif
+#ifdef HAVE_UNIX_FD_PASSING
+  int pid_fd = -1; /* owned by credentials */
+#endif
 
-  if (credentials == NULL && conn != NULL)
-    credentials = _dbus_connection_get_credentials (conn);
+  if (credentials == NULL && peer_conn != NULL)
+    credentials = _dbus_connection_get_credentials (peer_conn);
 
   if (credentials != NULL)
     {
       pid = _dbus_credentials_get_pid (credentials);
+#ifdef HAVE_UNIX_FD_PASSING
+      pid_fd = _dbus_credentials_get_pid_fd (credentials);
+#endif
       uid = _dbus_credentials_get_unix_uid (credentials);
       windows_sid = _dbus_credentials_get_windows_sid (credentials);
       linux_security_label =
@@ -2036,8 +2043,8 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
 
 #ifdef DBUS_ENABLE_CONTAINERS
   /* This has to come from the connection, not the credentials */
-  if (conn != NULL &&
-      bus_containers_connection_is_contained (conn, &path, NULL, NULL))
+  if (peer_conn != NULL &&
+      bus_containers_connection_is_contained (peer_conn, &path, NULL, NULL))
     {
       if (!_dbus_asv_add_object_path (asv_iter,
                                       DBUS_INTERFACE_CONTAINERS1 ".Instance",
@@ -2046,6 +2053,13 @@ bus_driver_fill_connection_credentials (DBusCredentials *credentials,
     }
 #endif
 
+#ifdef HAVE_UNIX_FD_PASSING
+  if (caller_conn != NULL && pid_fd >= 0 &&
+      dbus_connection_can_send_type (caller_conn, DBUS_TYPE_UNIX_FD) &&
+      !_dbus_asv_add_unix_fd (asv_iter, "ProcessFD", pid_fd))
+    return FALSE;
+#endif
+
   return TRUE;
 }
 
@@ -2094,7 +2108,7 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection,
   reply = _dbus_asv_new_method_return (message, &reply_iter, &array_iter);
 
   if (reply == NULL ||
-      !bus_driver_fill_connection_credentials (credentials, conn, &array_iter) ||
+      !bus_driver_fill_connection_credentials (credentials, conn, connection, &array_iter) ||
       !_dbus_asv_close (&reply_iter, &array_iter))
     goto oom;
 
diff --git a/bus/driver.h b/bus/driver.h
index 2c03a4aea..4365e0161 100644
--- a/bus/driver.h
+++ b/bus/driver.h
@@ -58,7 +58,8 @@ dbus_bool_t bus_driver_generate_introspect_string  (DBusString *xml,
                                                     dbus_bool_t canonical_path,
                                                     DBusMessage *message);
 dbus_bool_t bus_driver_fill_connection_credentials (DBusCredentials *credentials,
-                                                    DBusConnection  *conn,
+                                                    DBusConnection  *peer_conn,
+                                                    DBusConnection  *caller_conn,
                                                     DBusMessageIter *asv_iter);
 
 BusDriverFound bus_driver_get_conn_helper (DBusConnection  *connection,