core: route dbus_bus_get_unix_user() through NMDBusManager

Since dbus senders are faked for private connections, we can't just call dbus_bus_get_unix_user() on fake senders. They need to be checked against the NMDBusManager's list of private connections first.
2026-05-02 04:58:00 +02:00 · 2013-03-04 16:25:40 -06:00 · 2013-03-04 16:25:40 -06:00 · 18ddf20b38
commit 18ddf20b38
parent 80f8fce675
3 changed files with 48 additions and 8 deletions
--- a/src/nm-dbus-manager.c
+++ b/src/nm-dbus-manager.c
@ -351,6 +351,45 @@ nm_dbus_manager_get_caller_info_from_message (NMDBusManager *self,
 	return _get_caller_info (self, NULL, connection, message, out_sender, out_uid);
 }

+gboolean
+nm_dbus_manager_get_unix_user (NMDBusManager *self,
+                               const char *sender,
+                               gulong *out_uid)
+{
+	NMDBusManagerPrivate *priv = NM_DBUS_MANAGER_GET_PRIVATE (self);
+	GSList *iter;
+	DBusError error;
+
+	g_return_val_if_fail (sender != NULL, FALSE);
+	g_return_val_if_fail (out_uid != NULL, FALSE);
+
+	/* Check if it's a private connection sender, which we fake */
+	for (iter = priv->private_servers; iter; iter = g_slist_next (iter)) {
+		PrivateServer *s = iter->data;
+		GHashTableIter hiter;
+		const char *priv_sender;
+
+		g_hash_table_iter_init (&hiter, s->connections);
+		while (g_hash_table_iter_next (&hiter, NULL, (gpointer) &priv_sender)) {
+			if (g_strcmp0 (sender, priv_sender) == 0) {
+				*out_uid = 0;
+				return TRUE;
+			}
+		}
+	}
+
+	/* Otherwise, a bus connection */
+	dbus_error_init (&error);
+	*out_uid = dbus_bus_get_unix_user (priv->connection, sender, &error);
+	if (dbus_error_is_set (&error)) {
+		nm_log_warn (LOGD_CORE, "Failed to get unix user for dbus sender '%s': %s",
+		             sender, error.message);
+		return FALSE;
+	}
+
+	return TRUE;
+}
+
 /**************************************************************/

 #if HAVE_DBUS_GLIB_100
--- a/src/nm-dbus-manager.h
+++ b/src/nm-dbus-manager.h
@ -89,6 +89,10 @@ gboolean nm_dbus_manager_get_caller_info (NMDBusManager *self,
                                          char **out_sender,
                                          gulong *out_uid);

+gboolean nm_dbus_manager_get_unix_user (NMDBusManager *self,
+                                        const char *sender,
+                                        gulong *out_uid);
+
 gboolean nm_dbus_manager_get_caller_info_from_message (NMDBusManager *self,
                                                       DBusConnection *connection,
                                                       DBusMessage *message,
--- a/src/nm-manager.c
+++ b/src/nm-manager.c
@ -2766,8 +2766,7 @@ nm_manager_activate_connection (NMManager *manager,
 {
 	NMManagerPrivate *priv;
 	NMDevice *device = NULL;
-	gulong sender_uid = 0;
-	DBusError dbus_error;
+	gulong sender_uid = G_MAXULONG;
 	NMDeviceState state;
 	char *iface;
 	NMDevice *master_device = NULL;
@ -2783,17 +2782,15 @@ nm_manager_activate_connection (NMManager *manager,

 	/* Get the UID of the user that originated the request, if any */
 	if (dbus_sender) {
-		dbus_error_init (&dbus_error);
-		sender_uid = dbus_bus_get_unix_user (nm_dbus_manager_get_dbus_connection (priv->dbus_mgr),
-		                                     dbus_sender,
-		                                     &dbus_error);
-		if (dbus_error_is_set (&dbus_error)) {
+		if (!nm_dbus_manager_get_unix_user (priv->dbus_mgr, dbus_sender, &sender_uid)) {
 			g_set_error_literal (error,
 			                     NM_MANAGER_ERROR, NM_MANAGER_ERROR_PERMISSION_DENIED,
 			                     "Failed to get unix user for dbus sender");
-			dbus_error_free (&dbus_error);
 			return NULL;
 		}
+	} else {
+		/* No sender means an internal/automatic activation request */
+		sender_uid = 0;
 	}

 	/* VPN ? */