WIP: qubes-gui-runner: get environment from systemd and pass it through to the session

ArrayBolt3 · ArrayBolt3 · commit 921f7537b1c2 · 2025-10-06T18:35:09.000-05:00
diff --git a/gui-agent/Makefile b/gui-agent/Makefile
@@ -20,12 +20,13 @@
 #
 
 CC ?= gcc
-CFLAGS += -I../include/ `pkg-config --cflags vchan` -g -Wall -Wextra -Werror -fPIC \
+CFLAGS += -I../include/ `pkg-config --cflags vchan` \
+	  `pkg-config --cflags dbus-1` -g -Wall -Wextra -Werror -fPIC \
 	  -Wmissing-prototypes -Wstrict-prototypes -Wold-style-declaration \
 	  -Wold-style-definition
 OBJS = vmside.o txrx-vchan.o error.o list.o encoding.o
-LIBS = -lX11 -lXdamage -lXcomposite -lXfixes `pkg-config --libs vchan` -lqubesdb \
-	   -lunistring
+LIBS = -lX11 -lXdamage -lXcomposite -lXfixes `pkg-config --libs vchan` \
+	   `pkg-config --libs dbus-1` -lqubesdb -lunistring
 
 
 all: qubes-gui qubes-gui-runuser
diff --git a/gui-agent/qubes-gui-runuser.c b/gui-agent/qubes-gui-runuser.c
@@ -32,13 +32,138 @@
 #include <pwd.h>
 #include <err.h>
 #include <qubesdb-client.h>
+#include <dbus/dbus-connection.h>
 
 #ifdef HAVE_PAM
 #include <security/pam_appl.h>
 #endif
 
 pid_t child_pid = 0;
 
+static char **get_systemd_env_from_dbus(void)
+{
+    DBusConnection *dbus_conn = NULL;
+    DBusError error_data = { 0 };
+    DBusMessage *env_request = NULL;
+    const char *systemd_manager_str = "org.freedesktop.systemd1.Manager";
+    const char *environment_str = "Environment";
+    dbus_bool_t ret = FALSE;
+    DBusMessage *env_reply = NULL;
+    int reply_type = 0;
+    DBusMessageIter reply_iter = { 0 };
+    DBusMessageIter reply_inner_iter = { 0 };
+    char *inner_iter_typesig = NULL;
+    DBusMessageIter reply_arr_iter = { 0 };
+    int arr_item_type = 0;
+    const char *env_val = NULL;
+    char **env_arr = NULL;
+    size_t env_arr_len = 0;
+
+    dbus_error_init(&error_data);
+    dbus_conn = dbus_bus_get(DBUS_BUS_SESSION, &error_data);
+    if (dbus_conn == NULL) {
+        warnx("Failed to initialize DBus, error name: '%s', error contents: '%s'\n",
+              error_data.name,
+              error_data.message);
+        goto dbus_cleanup;
+    }
+
+    /* dbus_bus_get sets up our process to be killed if the DBus connection
+     * closes. We don't want that, turn that off.
+     */
+    dbus_connection_set_on_disconnect(dbus_conn, FALSE);
+
+    env_request = dbus_message_new_method_call("org.freedesktop.systemd1",
+                                               "/org/freedesktop/systemd1",
+                                               "org.freedesktop.DBus.Properties",
+                                               "Get");
+    if (env_request == NULL) {
+        warnx("Failed to create DBus method call!\n");
+        goto dbus_cleanup;
+    }
+
+    ret = dbus_message_append_args(env_request,
+                                   DBUS_TYPE_STRING, &systemd_manager_str,
+                                   DBUS_TYPE_STRING, &environment_str,
+                                   DBUS_TYPE_INVALID);
+    if (ret == FALSE) {
+        warnx("Failed to append arguments to DBus method call!\n");
+        goto dbus_cleanup;
+    }
+
+    env_reply = dbus_connection_send_with_reply_and_block(dbus_conn,
+                                                          env_request,
+                                                          500,
+                                                          &error_data);
+    if (env_reply == NULL) {
+        warnx("Failed to request environment data from systemd, error name: '%s', error contents: '%s'\n",
+              error_data.name,
+              error_data.message);
+        goto dbus_cleanup;
+    }
+
+    reply_type = dbus_message_get_type(env_reply);
+    if (reply_type != DBUS_MESSAGE_TYPE_METHOD_RETURN) {
+        warnx("Did not get expected method reply from systemd!\n");
+        goto dbus_cleanup;
+    }
+
+    ret = dbus_message_iter_init(env_reply, &reply_iter);
+    if (ret == FALSE) {
+        warnx("systemd returned no environment variables!\n");
+        goto dbus_cleanup;
+    }
+
+    if (dbus_message_iter_get_arg_type(&reply_iter) != DBUS_TYPE_VARIANT) {
+        warnx("Did not get variant container from systemd!\n");
+        goto dbus_cleanup;
+    }
+    dbus_message_iter_recurse(&reply_iter, &reply_inner_iter);
+
+    inner_iter_typesig = dbus_message_iter_get_signature(&reply_inner_iter);
+    if (strcmp(inner_iter_typesig, "as") != 0) {
+        warnx("Variant container from systemd does not contain a string array!\n");
+        goto dbus_cleanup;
+    }
+    dbus_message_iter_recurse(&reply_inner_iter, &reply_arr_iter);
+
+    while ((current_type = dbus_message_iter_get_arg_type(&reply_arr_iter))
+                != DBUS_TYPE_INVALID) {
+        if (current_type != DBUS_TYPE_STRING) {
+            warnx("Non-string item found in string array!\n");
+            goto dbus_cleanup;
+        }
+        dbus_message_iter_get_basic(&reply_arr_iter, &env_val);
+        env_arr_len++;
+        env_arr = reallocarray(env_arr, env_arr_len, sizeof(char *));
+        if (env_arr == NULL)
+            errx("Failed to allocate memory for environment array: %s\n",
+                strerror(errno));
+        env_arr[env_arr_len - 1] = strdup(env_val);
+        if (env_arr[env_arr_len - 1] == NULL)
+            errx("Failed to allocate memory for environment item: %s\n",
+                strerror(errno));
+    }
+
+    env_arr_len++;
+    env_arr = reallocarray(env_arr, env_arr_len, sizeof(char *));
+    if (env_arr == NULL)
+        errx("Failed to allocate memory for environment array: %s\n",
+            strerror(errno));
+    env_arr[env_arr_len - 1] = NULL;
+
+dbus_cleanup:
+    if (dbus_conn != NULL)
+        dbus_connection_unref(dbus_conn);
+    if (env_request != NULL)
+        dbus_message_unref(env_request);
+    if (env_reply != NULL)
+        dbus_message_unref(env_reply);
+    if (inner_iter_typesig != NULL)
+        dbus_free(inner_iter_typesig);
+    return env_arr;
+}
+
 #ifdef HAVE_PAM
 static int pam_conv_callback(int num_msg, const struct pam_message **msg,
         struct pam_response **resp, void *appdata_ptr __attribute__((__unused__)))
@@ -79,6 +204,8 @@ static pid_t do_execute(char *user, char *path, char **argv)
     int retval=0, status;
     char **env;
     char env_buf[256];
+    char **systemd_env;
+    char **systemd_env_iter;
     pam_handle_t *pamh=NULL;
     pid_t pid;
 
@@ -111,6 +238,11 @@ static pid_t do_execute(char *user, char *path, char **argv)
     if (retval != PAM_SUCCESS)
         goto error;
 
+    /* TODO: This allocates a chunk of memory for strings, but we never free
+     * it. Should we?
+     */
+    systemd_env = get_systemd_env_from_dbus();
+
     /* provide env variables to PAM and the X session */
     retval = snprintf(env_buf, sizeof(env_buf), "HOME=%s", pw->pw_dir);
     if ((unsigned int)retval >= sizeof(env_buf))
@@ -203,6 +335,15 @@ static pid_t do_execute(char *user, char *path, char **argv)
         }
     }
 
+    if (systemd_env != NULL) {
+        for (systemd_env_iter = systemd_env; *systemd_env_iter != NULL;
+                    systemd_env_iter++) {
+            retval = pam_putenv(pamh, *systemd_env_iter);
+            if (retval != PAM_SUCCESS)
+                goto error;
+        }
+    }
+
     /* authenticate */
     retval = pam_authenticate(pamh, 0);
     if (retval != PAM_SUCCESS)
