From 509179b7207090c7eadade586a9751993efce63d Mon Sep 17 00:00:00 2001
From: Bernd Wachter <bernd.wachter@jollamobile.com>
Date: Sun, 10 Nov 2013 23:50:18 +0200
Subject: [PATCH] [ssu] Make sure to use user session bus for store credential
 requests

---
 libssu/ssu.cpp           |  2 +-
 libssu/ssucoreconfig.cpp | 22 ++++++++++++++++++++++
 libssu/ssucoreconfig.h   |  7 ++++++-
 3 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/libssu/ssu.cpp b/libssu/ssu.cpp
index db5cf8b..399f185 100644
--- a/libssu/ssu.cpp
+++ b/libssu/ssu.cpp
@@ -614,7 +614,7 @@ void Ssu::updateStoreCredentials(){
                                                         "/StoreClient",
                                                         "com.jolla.jollastore",
                                                         "storeCredentials");
-  QDBusPendingReply<QString, QString> reply = QDBusConnection::sessionBus().asyncCall(message);
+  QDBusPendingReply<QString, QString> reply = SsuCoreConfig::userSessionBus().asyncCall(message);
   reply.waitForFinished();
   if (reply.isError()) {
     setError(QString("Store credentials not received. %1").arg(reply.error().message()));
diff --git a/libssu/ssucoreconfig.cpp b/libssu/ssucoreconfig.cpp
index bf260e9..ef84120 100644
--- a/libssu/ssucoreconfig.cpp
+++ b/libssu/ssucoreconfig.cpp
@@ -7,6 +7,9 @@
 
 #include <QFile>
 #include <QTextStream>
+#include <QDBusConnection>
+
+#include <getdef.h>
 
 #include "ssucoreconfig.h"
 #include "ssulog.h"
@@ -143,3 +146,22 @@ bool SsuCoreConfig::useSslVerify(){
   else
     return true;
 }
+
+QDBusConnection SsuCoreConfig::userSessionBus(){
+  int uid_min = getdef_num("UID_MIN", -1);
+
+  // For calls from valid UID we assume that they are properly logged in users.
+  // If they are not the call will fail, but it's their fault.
+  if (getuid() >= uid_min){
+    return QDBusConnection::sessionBus();
+  } else {
+    // DBus security policy will prevent this beeing used by callers other
+    // than root at the moment. Still do it generic in case DBus policy will
+    // be extended later, and just use the usual 'DBus: THOU SHALL NOT PASS!'
+    // @TODO the uid to be used should be determined using the logind API from
+    //       systemd package to support multiuser systems in the future
+    QString sessionBusAddress=QString("unix:path=/run/user/%1/dbus/user_bus_socket")
+      .arg(uid_min);
+    return QDBusConnection::connectToBus(sessionBusAddress, "userSessionBus");
+  }
+}
diff --git a/libssu/ssucoreconfig.h b/libssu/ssucoreconfig.h
index c10fb2d..22ea0c0 100644
--- a/libssu/ssucoreconfig.h
+++ b/libssu/ssucoreconfig.h
@@ -9,7 +9,6 @@
 #define _SSUCORECONFIG_H
 
 #include <QObject>
-
 #include "ssusettings.h"
 #include "ssu.h"
 
@@ -23,6 +22,8 @@
 #define SSU_DEFAULT_CONFIGURATION "/usr/share/ssu/ssu-defaults.ini"
 #endif
 
+class QDBusConnection;
+
 class SsuCoreConfig: public SsuSettings {
     Q_OBJECT
 
@@ -100,6 +101,10 @@ class SsuCoreConfig: public SsuSettings {
      * @retval false SSL verification should be disabled
      */
     Q_INVOKABLE bool useSslVerify();
+    /**
+     * Return a DBus connection object connected to the session bus of the active user
+     */
+    static QDBusConnection userSessionBus();
 
 
   private: