On 2/21/20 10:25 AM, Jakub Hrozek wrote:
On Thu, Feb 20, 2020 at 11:18:59AM +0100, Pavel Březina wrote:
> Hi devs,
>
> I'm thinking about ways to implement SSSD KCM notification that
> something has changed (i.e. user called kinit/kdestroy) [1]. The main
> use case is to notify Gnome Online Accounts (which is a daemon running
> under logged-in user) when something has changed and it is already a
> D-Bus service.
>
> The basic idea is that we would use D-Bus signals that would be emitted
> by SSSD KCM responder (sssd_kcm process). Signals are broadcasted
> messages that are delivered to client that chose to listen to them.
>
> The problem is that we
> 1) can't connect to specific user's session bus because KCM runs as
> root/sssd and connecting to other user's bus is not allowed
> 2) can't specify which user is allowed to get the signal
> 3) therefore we can't send the signal only to specific user
>
> So the solution is that KCM connects to system bus and sends
> org.sssd.kcm.Changed(uid) signal where uid is uid of the user which
> ccache has changed so the receiver can know which user is affected. This
> signal is broadcasted to everyone who listens to it.
>
> It is perfectly usable, however the question is whether we can broadcast
> this information (that user A run kinit/kdestroy/other modification of
> ccache) or it is a security leak that we must avoid and we should seek
> other solution.
IIRC with D-Bus you know who the peer is, can't you just filter out
messages to be send about the same user as the peer? Or is
gnome-online-accounts running as a different UID?
If you receive method, you know who send it. If you are emitting signals
it is broadcasted by message bus to whoever listens. We do not know who
receives it. But perhaps this can be implemented if we use sbus server
instead of system message bus.