dbus: don't register if not active

Follow-up tweak to #894. Make the client smarter so we only register when we know we can. We could be more sophisticated here and e.g. introduce the concept of "read-only" clients in the daemon to only allow access to non-mutating methods, though let's delay that discussion at least until the daemon learns to auto-exit. Closes: #898 Closes: #900 Approved by: cgwalters
2017-07-27 13:13:43 -07:00 · 2017-07-27 13:13:43 -07:00 · d4effe8f47
commit d4effe8f47
parent 34b5a004a8
2 changed files with 29 additions and 6 deletions
--- a/src/app/rpmostree-dbus-helpers.c
+++ b/src/app/rpmostree-dbus-helpers.c
@ -25,6 +25,7 @@
 #include <sys/socket.h>
 #include "glib-unix.h"
 #include <signal.h>
+#include <systemd/sd-login.h>

 void
 rpmostree_cleanup_peer (GPid *peer_pid)
@ -161,11 +162,29 @@ rpmostree_load_sysroot (gchar *sysroot,
  if (sysroot_proxy == NULL)
    return FALSE;

-  /* this tells the daemon not to auto-exit as long as we are alive */
-  if (!rpmostree_sysroot_call_register_client_sync (sysroot_proxy,
-                                                    g_variant_builder_end (options_builder),
-                                                    cancellable, error))
-    return FALSE;
+  /* Try to register if we can; it doesn't matter much now since the daemon doesn't
+   * auto-exit, though that might change in the future. But only register if we're active or
+   * root; the daemon won't allow it otherwise. */
+  uid_t uid = getuid ();
+  gboolean should_register;
+  if (uid == 0)
+    should_register = TRUE;
+  else
+    {
+      g_autofree char *state = NULL;
+      if (sd_uid_get_state (uid, &state) >= 0)
+        should_register = (g_strcmp0 (state, "active") == 0);
+      else
+        should_register = FALSE;
+    }
+
+  if (should_register)
+    {
+      if (!rpmostree_sysroot_call_register_client_sync (sysroot_proxy,
+                                                        g_variant_builder_end (options_builder),
+                                                        cancellable, error))
+        return FALSE;
+    }

  *out_sysroot_proxy = g_steal_pointer (&sysroot_proxy);
  *out_peer_pid = peer_pid; peer_pid = 0;
--- a/tests/vmcheck/test-basic.sh
+++ b/tests/vmcheck/test-basic.sh
@ -50,8 +50,12 @@ if vm_cmd_as testuser rpm-ostree pkg-add foo &> err.txt; then
    assert_not_reached "Was able to install a package as non-root!"
 fi
 assert_file_has_content err.txt 'PkgChange not allowed for user'
-echo "ok layering requires root"
+echo "ok layering requires root or auth"

 # Assert that we can do status as non-root
 vm_cmd_as testuser rpm-ostree status
 echo "ok status doesn't require root"
+
+# Also check that we can do status as non-root non-active
+vm_cmd runuser -u bin rpm-ostree status
+echo "ok status doesn't require active PAM session"