From: Simon McVittie <smcv@collabora.com>
Date: Mon, 15 Jan 2018 19:45:39 +0000 (+0000)
Subject: bus: Try to get groups directly from credentials, not userdb
X-Git-Tag: dbus-1.13.4~56
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aaf690e8054070540e043e783f61919179701a65;p=thirdparty%2Fdbus.git

bus: Try to get groups directly from credentials, not userdb

If we avoid consulting the userdb, then it's one less chance to
deadlock.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103737
Reviewed-by: Philip Withnall <withnall@endlessm.com>
---

diff --git a/bus/connection.c b/bus/connection.c
index daef24bf1..421cbb890 100644
--- a/bus/connection.c
+++ b/bus/connection.c
@@ -1033,11 +1033,43 @@ bus_connection_get_unix_groups  (DBusConnection   *connection,
                                  int              *n_groups,
                                  DBusError        *error)
 {
+  /* Assigning dbus_gid_t to unsigned long is lossless (in fact
+   * they are the same type) */
+  _DBUS_STATIC_ASSERT (sizeof (unsigned long) == sizeof (dbus_gid_t));
+
+  const dbus_gid_t *groups_borrowed = NULL;
+  DBusCredentials *credentials;
   unsigned long uid;
+  size_t n = 0;
 
   *groups = NULL;
   *n_groups = 0;
 
+  credentials = _dbus_connection_get_credentials (connection);
+
+  if (credentials != NULL &&
+      _dbus_credentials_get_unix_gids (credentials, &groups_borrowed, &n))
+    {
+      size_t i;
+
+      /* We got the group IDs from SO_PEERGROUPS or equivalent - no
+       * need to ask NSS */
+
+      *n_groups = n;
+      *groups = dbus_new (unsigned long, n);
+
+      if (groups == NULL)
+        {
+          BUS_SET_OOM (error);
+          return FALSE;
+        }
+
+      for (i = 0; i < n; i++)
+        (*groups)[i] = groups_borrowed[i];
+
+      return TRUE;
+    }
+
   if (dbus_connection_get_unix_user (connection, &uid))
     {
       if (!_dbus_unix_groups_from_uid (uid, groups, n_groups))