Fix compilation in --disable-selinux case

_dbus_change_to_daemon_user moved into selinux.c for the --with-selinux (and audit) case because that's where all of the relevant libcap headers were being used. However in the --disable-selinux case this didn't compile and wasn't very clean. If we don't have libaudit, use the legacy direct setgid/setuid bits we had before in dbus-sysdeps-util-unix.c.
2026-05-08 06:48:01 +02:00 · 2010-02-02 14:57:47 -05:00 · 2010-02-02 14:57:47 -05:00 · 3dac125d61
commit 3dac125d61
parent 90fe96b187
4 changed files with 68 additions and 34 deletions
--- a/bus/selinux.c
+++ b/bus/selinux.c
@ -1017,6 +1017,8 @@ bus_selinux_shutdown (void)
 #endif /* HAVE_SELINUX */
 }

+/* The !HAVE_LIBAUDIT case lives in dbus-sysdeps-util-unix.c */
+#ifdef HAVE_LIBAUDIT
 /**
 * Changes the user and group the bus is running as.
 *
@ -1042,7 +1044,6 @@ _dbus_change_to_daemon_user  (const char    *user,
      return FALSE;
    }

-#ifdef HAVE_LIBAUDIT
  /* If we were root */
  if (_dbus_geteuid () == 0)
    {
@ -1083,38 +1084,8 @@ _dbus_change_to_daemon_user  (const char    *user,
          return FALSE;
        }
    }
-#else
-  /* setgroups() only works if we are a privileged process,
-   * so we don't return error on failure; the only possible
-   * failure is that we don't have perms to do it.
-   *
-   * not sure this is right, maybe if setuid()
-   * is going to work then setgroups() should also work.
-   */
-  if (setgroups (0, NULL) < 0)
-    _dbus_warn ("Failed to drop supplementary groups: %s\n",
-                _dbus_strerror (errno));
-
-  /* Set GID first, or the setuid may remove our permission
-   * to change the GID
-   */
-  if (setgid (gid) < 0)
-    {
-      dbus_set_error (error, _dbus_error_from_errno (errno),
-                      "Failed to set GID to %lu: %s", gid,
-                      _dbus_strerror (errno));
-      return FALSE;
-    }
-
-  if (setuid (uid) < 0)
-    {
-      dbus_set_error (error, _dbus_error_from_errno (errno),
-                      "Failed to set UID to %lu: %s", uid,
-                      _dbus_strerror (errno));
-      return FALSE;
-    }
-#endif /* !HAVE_LIBAUDIT */

 return TRUE;
 }
+#endif

--- a/bus/selinux.h
+++ b/bus/selinux.h
@ -68,7 +68,5 @@ BusSELinuxID* bus_selinux_init_connection_id (DBusConnection *connection,


 void bus_selinux_audit_init(void);
-dbus_bool_t _dbus_change_to_daemon_user (const char *user,
-                                         DBusError  *error);

 #endif /* BUS_SELINUX_H */
--- a/dbus/dbus-sysdeps-util-unix.c
+++ b/dbus/dbus-sysdeps-util-unix.c
@ -303,6 +303,68 @@ _dbus_verify_daemon_user (const char *user)
  return _dbus_get_user_id_and_primary_group (&u, NULL, NULL);
 }

+
+/* The HAVE_LIBAUDIT case lives in selinux.c */
+#ifndef HAVE_LIBAUDIT
+/**
+ * Changes the user and group the bus is running as.
+ *
+ * @param user the user to become
+ * @param error return location for errors
+ * @returns #FALSE on failure
+ */
+dbus_bool_t
+_dbus_change_to_daemon_user  (const char    *user,
+                              DBusError     *error)
+{
+  dbus_uid_t uid;
+  dbus_gid_t gid;
+  DBusString u;
+
+  _dbus_string_init_const (&u, user);
+
+  if (!_dbus_get_user_id_and_primary_group (&u, &uid, &gid))
+    {
+      dbus_set_error (error, DBUS_ERROR_FAILED,
+                      "User '%s' does not appear to exist?",
+                      user);
+      return FALSE;
+    }
+
+  /* setgroups() only works if we are a privileged process,
+   * so we don't return error on failure; the only possible
+   * failure is that we don't have perms to do it.
+   *
+   * not sure this is right, maybe if setuid()
+   * is going to work then setgroups() should also work.
+   */
+  if (setgroups (0, NULL) < 0)
+    _dbus_warn ("Failed to drop supplementary groups: %s\n",
+                _dbus_strerror (errno));
+
+  /* Set GID first, or the setuid may remove our permission
+   * to change the GID
+   */
+  if (setgid (gid) < 0)
+    {
+      dbus_set_error (error, _dbus_error_from_errno (errno),
+                      "Failed to set GID to %lu: %s", gid,
+                      _dbus_strerror (errno));
+      return FALSE;
+    }
+
+  if (setuid (uid) < 0)
+    {
+      dbus_set_error (error, _dbus_error_from_errno (errno),
+                      "Failed to set UID to %lu: %s", uid,
+                      _dbus_strerror (errno));
+      return FALSE;
+    }
+
+  return TRUE;
+}
+#endif /* !HAVE_LIBAUDIT */
+
 void 
 _dbus_init_system_log (void)
 {
--- a/dbus/dbus-sysdeps.h
+++ b/dbus/dbus-sysdeps.h
@ -512,6 +512,9 @@ unsigned long _dbus_pid_for_log (void);
 */
 dbus_pid_t    _dbus_getpid (void);

+dbus_bool_t _dbus_change_to_daemon_user (const char *user,
+                                         DBusError  *error);
+
 void _dbus_flush_caches (void);

 /** @} */