[ssu] Make sure to use user session bus for store credential requests

sailfishos · Nov 10, 2013 · 509179b · 509179b
1 parent 287355c
commit 509179b
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 2 deletions.
diff --git a/libssu/ssu.cpp b/libssu/ssu.cpp
@@ -614,7 +614,7 @@ void Ssu::updateStoreCredentials(){
                                                         "/StoreClient",
                                                         "com.jolla.jollastore",
                                                         "storeCredentials");
-  QDBusPendingReply<QString, QString> reply = QDBusConnection::sessionBus().asyncCall(message);
+  QDBusPendingReply<QString, QString> reply = SsuCoreConfig::userSessionBus().asyncCall(message);
   reply.waitForFinished();
   if (reply.isError()) {
     setError(QString("Store credentials not received. %1").arg(reply.error().message()));

diff --git a/libssu/ssucoreconfig.cpp b/libssu/ssucoreconfig.cpp
@@ -7,6 +7,9 @@
 
 #include <QFile>
 #include <QTextStream>
+#include <QDBusConnection>
+
+#include <getdef.h>
 
 #include "ssucoreconfig.h"
 #include "ssulog.h"
@@ -143,3 +146,22 @@ bool SsuCoreConfig::useSslVerify(){
   else
     return true;
 }
+
+QDBusConnection SsuCoreConfig::userSessionBus(){
+  int uid_min = getdef_num("UID_MIN", -1);
+
+  // For calls from valid UID we assume that they are properly logged in users.
+  // If they are not the call will fail, but it's their fault.
+  if (getuid() >= uid_min){
+    return QDBusConnection::sessionBus();
+  } else {
+    // DBus security policy will prevent this beeing used by callers other
+    // than root at the moment. Still do it generic in case DBus policy will
+    // be extended later, and just use the usual 'DBus: THOU SHALL NOT PASS!'
+    // @TODO the uid to be used should be determined using the logind API from
+    //       systemd package to support multiuser systems in the future
+    QString sessionBusAddress=QString("unix:path=/run/user/%1/dbus/user_bus_socket")
+      .arg(uid_min);
+    return QDBusConnection::connectToBus(sessionBusAddress, "userSessionBus");
+  }
+}
diff --git a/libssu/ssucoreconfig.h b/libssu/ssucoreconfig.h
@@ -9,7 +9,6 @@
 #define _SSUCORECONFIG_H
 
 #include <QObject>
-
 #include "ssusettings.h"
 #include "ssu.h"
 
@@ -23,6 +22,8 @@
 #define SSU_DEFAULT_CONFIGURATION "/usr/share/ssu/ssu-defaults.ini"
 #endif
 
+class QDBusConnection;
+
 class SsuCoreConfig: public SsuSettings {
     Q_OBJECT
 
@@ -100,6 +101,10 @@ class SsuCoreConfig: public SsuSettings {
      * @retval false SSL verification should be disabled
      */
     Q_INVOKABLE bool useSslVerify();
+    /**
+     * Return a DBus connection object connected to the session bus of the active user
+     */
+    static QDBusConnection userSessionBus();
 
 
   private: