[PATCH] fill_user_info: fake user info for 'root' if it can not be found
Krzysztof Konopko
krzysztof.konopko at gmail.com
Mon Feb 25 15:08:42 PST 2013
I'm working on an embedded system where we actually use information from
the /proc file system. In most cases all that is relevant to D-Bus are
numbers (UIDs and GIDs) and the rest is only for humans. This is valid at
least for the external authentication and probably doesn't apply to
policies where using numerical UIDs and GIDs would be really inconvenient
(although it's supported).
I was able to strip all *nix user authentication in D-Bus to use only
information from /proc (based on PID) and to bits which genuinely need full
user information. The reason for that is that the system has a requirement
to assign UIDs and GIDs dynamically without modifying /etc/passwd &
friends. The other reason is that the libc implementation we are
constrained to (certain version of uClibc) doesn't support alternative
methods of user authentication (e. g. NSS [1]) nor D-Bus supports PAM
authentication.
The patch is available on GitHub [2]. Although it has a number of project
specific changes I believe it could be synthesized into something more
generic if there's any interest in this approach.
[1] http://linux.die.net/man/5/nss
[2]
https://github.com/kkonopko/dbus/commit/7af563d558808fc91d181b5bf9fe24543a44df4c
Cheers,
Kris
2013/2/25 Tom Gundersen <teg at jklm.no>
> On Mon, Feb 25, 2013 at 8:08 PM, Simon McVittie
> <simon.mcvittie at collabora.co.uk> wrote:
> > On 25/02/13 18:58, Tom Gundersen wrote:
> >>> D-Bus is C89: no C++-style comments, please.
> >>
> >> Ok. If I resubmit should I also fix the comments ~10 lines above?
> >
> > Only if your patch changes that line anyway; but I'd also accept
> > separate patches that replace // comments with /* */ ones and do nothing
> > else (open a bug, priority=lowest).
>
> Ok.
>
> >> I wanted to use something like _dbus_info, but
> >> couldn't find it. Do you have a function for low-priority logging?
> >
> > _dbus_verbose(), I suppose (which doesn't usually do anything in
> > distributions' libdbus, but it's possible to do a debug build where it
> > actually matters).
> >
> > Because libdbus doesn't depend on something with a logging framework
> > (e.g. GLib), our only logging interface is to write to stderr (and
> > possibly abort(), if it's serious enough). If it's not important enough
> > to spam stderr, then it's not important enough to mention at all.
>
> That explains it. Thanks!
>
> Cheers,
>
> Tom
> _______________________________________________
> dbus mailing list
> dbus at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dbus
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/dbus/attachments/20130225/40116f76/attachment.html>
More information about the dbus
mailing list