[patch] get pid of peer
David Zeuthen
david at fubar.dk
Thu Jul 15 10:40:51 PDT 2004
On Wed, 2004-07-14 at 21:53 -0400, Havoc Pennington wrote:
> On Tue, 2004-07-13 at 18:57, David Zeuthen wrote:
> > <policy image="/usr/libexec/gnome-vfs-daemon">
> > <!-- grant something here -->
> > </policy>
>
> SELinux may overlap with this, but I'm not sure in what ways.
>
Right. As I noted earlier this is pretty difficult to do on Linux
without SELinux. Sigh. It would be nice though; I assume you don't want
any crude hacks for solving this on non-SELinux systems? :-)
However, a new patch is applied.
> > - not all platforms easily support this; it kind of require passing
> > credentials on the socket for authentication.
>
> I would suggest:
> - add an error for PROCESS_ID_UNKNOWN rather than just using FAILED
> - if there's no sensible process ID on Windows, or maybe even if
> there is (and it's effectively a different semantic),
> should call it GetUnixProcessID()
Ok, I did both of these.
> > - I'm not sure at all I'm doing the right thing in the function
> > dbus-auth.c:handle_server_data_external_mech()
>
> I expect the code would be much clearer if
> authorized_identity/desired_identity where just dbus_uid_t rather than
> the struct. Since e.g. we don't want to read the gid here, we want to
> look up the gid based on the uid.
>
> I would say also we want to fill in the pid always when it's available,
> regardless of authentication method used.
>
We only set the pid now.
> In the test code, it wouldn't hurt to verify that the PID in fact has
> the right value, if there's some reasonable way to do so.
>
Uhmm, OK, I've added a lame test that checks if the returned value is
our own pid. Also, one @todo saying we could fork and test against the
parents pid. Btw, FWIW, I've tested this on my own, see [1].
> In connection_get_process_id(), maybe a better default initialization is
> DBUS_PID_UNSET or whatever it's called instead of INT_MAX. (Though I
> think PID_UNSET probably is the same as UINT_MAX)?
>
I've did this as well.
Cheers,
David
[1] : With the tiny python program in [2] and HAL and hal-device-manager
connected to the system bus we get the expected
[david at laptop david]$ ./test_get_pid.py
Connection :1.7: (owner, user, pid) = (:1.7, 500, 26165)
Connection :1.3: (owner, user, pid) = (:1.3, 0, 26049)
Connection :1.8: (owner, user, pid) = (:1.8, 500, 26166)
Connection org.freedesktop.Hal: (owner, user, pid) = (:1.3, 0, 26049)
[david at laptop david]$ ps aux|grep hald
root 26049 1.4 1.7 5856 3260 tty1 S+ 19:20 0:01 ./hald --daemon=no
[david at laptop david]$ ps aux|grep hal-device-manager
david 26165 3.4 8.0 27240 15416 pts/4 S+ 19:22 0:01 /usr/bin/python /usr/local/bin/hal-device-manager
[2] :
#!/usr/bin/python
import dbus
bus = dbus.Bus(dbus.Bus.TYPE_SYSTEM)
dbus_service = bus.get_service('org.freedesktop.DBus')
dbus_object = dbus_service.get_object('/org/freedesktop/DBus',
'org.freedesktop.DBus')
services = dbus_object.ListServices()
for i in services:
owner = dbus_object.GetServiceOwner(i)
user = dbus_object.GetConnectionUnixUser(i)
pid = dbus_object.GetConnectionUnixProcessID(i)
print "Connection %s: (owner, user, pid) = (%s, %s, %s)"%(i, owner, user, pid)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dbus-get-process-id-2.patch
Type: text/x-patch
Size: 17368 bytes
Desc: not available
Url : http://freedesktop.org/pipermail/dbus/attachments/20040715/a1a68d7f/dbus-get-process-id-2-0001.bin
More information about the dbus
mailing list