diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-11-24 21:41:40 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-11-25 14:28:34 +0100 |
commit | 705a415f684f8e9ee19983e5859de00bbb1477cb (patch) | |
tree | 5cbabb53de92d7ee21ada427c24a88d18073c9dc /src/systemd/sd-bus.h | |
parent | 1d58a1fe13cd725110be595c40cdc973d7e57d9e (diff) | |
download | systemd-705a415f684f8e9ee19983e5859de00bbb1477cb.tar.gz |
sd-bus: update to current kernel version, by splitting off the extended KDBUS_ITEM_PIDS structure from KDBUS_ITEM_CREDS
Also:
- adds support for euid, suid, fsuid, egid, sgid, fsgid fields.
- makes augmentation of creds with data from /proc explicitly
controllable to give apps better control over this, given that this is
racy.
- enables augmentation for kdbus connections (previously we only did it
for dbus1). This is useful since with recent kdbus versions it is
possible for clients to control the metadata they want to send.
- changes sd_bus_query_sender_privilege() to take the euid of the client
into consideration, if known
- when we don't have permissions to read augmentation data from /proc,
don't fail, just don't add the data in
Diffstat (limited to 'src/systemd/sd-bus.h')
-rw-r--r-- | src/systemd/sd-bus.h | 57 |
1 files changed, 35 insertions, 22 deletions
diff --git a/src/systemd/sd-bus.h b/src/systemd/sd-bus.h index 58a898080b..21d693b4bc 100644 --- a/src/systemd/sd-bus.h +++ b/src/systemd/sd-bus.h @@ -53,28 +53,35 @@ enum { SD_BUS_CREDS_PID_STARTTIME = 1ULL << 1, SD_BUS_CREDS_TID = 1ULL << 2, SD_BUS_CREDS_UID = 1ULL << 3, - SD_BUS_CREDS_GID = 1ULL << 4, - SD_BUS_CREDS_COMM = 1ULL << 5, - SD_BUS_CREDS_TID_COMM = 1ULL << 6, - SD_BUS_CREDS_EXE = 1ULL << 7, - SD_BUS_CREDS_CMDLINE = 1ULL << 8, - SD_BUS_CREDS_CGROUP = 1ULL << 9, - SD_BUS_CREDS_UNIT = 1ULL << 10, - SD_BUS_CREDS_USER_UNIT = 1ULL << 11, - SD_BUS_CREDS_SLICE = 1ULL << 12, - SD_BUS_CREDS_SESSION = 1ULL << 13, - SD_BUS_CREDS_OWNER_UID = 1ULL << 14, - SD_BUS_CREDS_EFFECTIVE_CAPS = 1ULL << 15, - SD_BUS_CREDS_PERMITTED_CAPS = 1ULL << 16, - SD_BUS_CREDS_INHERITABLE_CAPS = 1ULL << 17, - SD_BUS_CREDS_BOUNDING_CAPS = 1ULL << 18, - SD_BUS_CREDS_SELINUX_CONTEXT = 1ULL << 19, - SD_BUS_CREDS_AUDIT_SESSION_ID = 1ULL << 20, - SD_BUS_CREDS_AUDIT_LOGIN_UID = 1ULL << 21, - SD_BUS_CREDS_UNIQUE_NAME = 1ULL << 22, - SD_BUS_CREDS_WELL_KNOWN_NAMES = 1ULL << 23, - SD_BUS_CREDS_DESCRIPTION = 1ULL << 24, - _SD_BUS_CREDS_ALL = (1ULL << 25) -1, + SD_BUS_CREDS_EUID = 1ULL << 4, + SD_BUS_CREDS_SUID = 1ULL << 5, + SD_BUS_CREDS_FSUID = 1ULL << 6, + SD_BUS_CREDS_GID = 1ULL << 7, + SD_BUS_CREDS_EGID = 1ULL << 8, + SD_BUS_CREDS_SGID = 1ULL << 9, + SD_BUS_CREDS_FSGID = 1ULL << 10, + SD_BUS_CREDS_COMM = 1ULL << 11, + SD_BUS_CREDS_TID_COMM = 1ULL << 12, + SD_BUS_CREDS_EXE = 1ULL << 13, + SD_BUS_CREDS_CMDLINE = 1ULL << 14, + SD_BUS_CREDS_CGROUP = 1ULL << 15, + SD_BUS_CREDS_UNIT = 1ULL << 16, + SD_BUS_CREDS_USER_UNIT = 1ULL << 17, + SD_BUS_CREDS_SLICE = 1ULL << 18, + SD_BUS_CREDS_SESSION = 1ULL << 19, + SD_BUS_CREDS_OWNER_UID = 1ULL << 20, + SD_BUS_CREDS_EFFECTIVE_CAPS = 1ULL << 21, + SD_BUS_CREDS_PERMITTED_CAPS = 1ULL << 22, + SD_BUS_CREDS_INHERITABLE_CAPS = 1ULL << 23, + SD_BUS_CREDS_BOUNDING_CAPS = 1ULL << 24, + SD_BUS_CREDS_SELINUX_CONTEXT = 1ULL << 25, + SD_BUS_CREDS_AUDIT_SESSION_ID = 1ULL << 26, + SD_BUS_CREDS_AUDIT_LOGIN_UID = 1ULL << 27, + SD_BUS_CREDS_UNIQUE_NAME = 1ULL << 28, + SD_BUS_CREDS_WELL_KNOWN_NAMES = 1ULL << 29, + SD_BUS_CREDS_DESCRIPTION = 1ULL << 30, + SD_BUS_CREDS_AUGMENT = 1ULL << 63, /* special flag, if on sd-bus will augment creds struct, in a potentially race-full way. */ + _SD_BUS_CREDS_ALL = (1ULL << 31) -1, }; enum { @@ -305,7 +312,13 @@ int sd_bus_creds_get_pid(sd_bus_creds *c, pid_t *pid); int sd_bus_creds_get_pid_starttime(sd_bus_creds *c, uint64_t *usec); int sd_bus_creds_get_tid(sd_bus_creds *c, pid_t *tid); int sd_bus_creds_get_uid(sd_bus_creds *c, uid_t *uid); +int sd_bus_creds_get_euid(sd_bus_creds *c, uid_t *euid); +int sd_bus_creds_get_suid(sd_bus_creds *c, uid_t *suid); +int sd_bus_creds_get_fsuid(sd_bus_creds *c, uid_t *fsuid); int sd_bus_creds_get_gid(sd_bus_creds *c, gid_t *gid); +int sd_bus_creds_get_egid(sd_bus_creds *c, gid_t *egid); +int sd_bus_creds_get_sgid(sd_bus_creds *c, gid_t *sgid); +int sd_bus_creds_get_fsgid(sd_bus_creds *c, gid_t *fsgid); int sd_bus_creds_get_comm(sd_bus_creds *c, const char **comm); int sd_bus_creds_get_tid_comm(sd_bus_creds *c, const char **comm); int sd_bus_creds_get_exe(sd_bus_creds *c, const char **exe); |