[systemd-devel] RFC: Passing on initial client user in systemd-userdbd

[Dominik George]

Hi,

> The approach brings me a bit farther away from being able to implement it myself, but not too far I guess ;).

I've spent some time reading the userdb code now, and it actually
seems pretty easy to do.

Here's my rough plan:

 1. In src/userdb/userdbd-manager.c manager_startup(), set teh
    SO_PASSCRED socket option
 2. In src/shared/varlink.c, change the behaviour in two places:
     - In varlink_read, use recvmsg to read the SCM_CREDENTIALS
       message and, if we get one and its uid is valid, store the
       ucred in the varlink struct and set its ucred_acquired to truw
     - In varlink_write, always send an SCM_CREDENTIALS message —
       if ucred_acquired is true on the varlink object, send this
       ucred struct' if it is false, send an empty message to use
       our real credentials

Given that all userdbd services in systemd, including the multiplexer,
use the same code, this should be all there is to it to enable the
discussed behaviour in systemd, and downstream service implementations
could start using it.

If yhere is nothing fundamentally wrong with my assessment, I'll give
the implementation a shot.

-nik

 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 297 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20221128/c7a5a610/attachment.sig>