diff options
author | Havoc Pennington <hp@redhat.com> | 2003-04-27 06:25:42 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2003-04-27 06:25:42 +0000 |
commit | e8d396efef695b9868b0112c4a6266c97678fa8a (patch) | |
tree | e6702685d70c2dd65c6b301de8904a672ef7b419 /bus/bus.c | |
parent | b3bd48edfc1aab0a9dc64bfa4c380d845d218e73 (diff) |
2003-04-27 Havoc Pennington <hp@pobox.com>
Unbreak my code...
* dbus/dbus-transport.c (_dbus_transport_get_dispatch_status):
report correct status if we finish processing authentication
inside this function.
* bus/activation.c (try_send_activation_failure): use
bus_transaction_send_error_reply
* bus/connection.c (bus_connection_get_groups): return an error
explaining the problem
* bus/bus.c (bus_context_check_security_policy): implement
restriction here that inactive connections can only send the
hello message. Also, allow bus driver to send anything to
any recipient.
* bus/connection.c (bus_connection_complete): create the
BusClientPolicy here instead of on-demand.
(bus_connection_get_policy): don't return an error
* dbus/dbus-message.c (dbus_message_new_error_reply): allow NULL
sender field in message being replied to
* bus/bus.c (bus_context_check_security_policy): fix silly typo
causing it to return FALSE always
* bus/policy.c (bus_client_policy_check_can_send): fix bug where
we checked sender rather than destination
Diffstat (limited to 'bus/bus.c')
-rw-r--r-- | bus/bus.c | 78 |
1 files changed, 60 insertions, 18 deletions
@@ -789,9 +789,12 @@ bus_context_allow_user (BusContext *context, BusClientPolicy* bus_context_create_client_policy (BusContext *context, - DBusConnection *connection) + DBusConnection *connection, + DBusError *error) { - return bus_policy_create_client_policy (context->policy, connection); + _DBUS_ASSERT_ERROR_IS_CLEAR (error); + return bus_policy_create_client_policy (context->policy, connection, + error); } int @@ -848,36 +851,75 @@ bus_context_check_security_policy (BusContext *context, BusClientPolicy *recipient_policy; /* NULL sender/receiver means the bus driver */ - + if (sender != NULL) { - _dbus_assert (dbus_connection_get_is_authenticated (sender)); - sender_policy = bus_connection_get_policy (sender, error); - if (sender_policy == NULL) + if (bus_connection_is_active (sender)) { - _DBUS_ASSERT_ERROR_IS_SET (error); - return FALSE; + sender_policy = bus_connection_get_policy (sender); + _dbus_assert (sender_policy != NULL); + } + else + { + /* Policy for inactive connections is that they can only send + * the hello message to the bus driver + */ + if (recipient == NULL && + dbus_message_has_name (message, DBUS_MESSAGE_HELLO)) + { + _dbus_verbose ("security check allowing %s message\n", + DBUS_MESSAGE_HELLO); + return TRUE; + } + else + { + _dbus_verbose ("security check disallowing non-%s message\n", + DBUS_MESSAGE_HELLO); + + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, + "Client tried to send a message other than %s without being registered", + DBUS_MESSAGE_HELLO); + + return FALSE; + } } - return FALSE; } else sender_policy = NULL; + _dbus_assert ((sender != NULL && sender_policy != NULL) || + (sender == NULL && sender_policy == NULL)); + if (recipient != NULL) { - _dbus_assert (dbus_connection_get_is_authenticated (recipient)); - recipient_policy = bus_connection_get_policy (recipient, error); - if (recipient_policy == NULL) + /* only the bus driver can send to an inactive recipient (as it + * owns no services, so other apps can't address it). Inactive + * recipients can receive any message. + */ + if (bus_connection_is_active (recipient)) { - _DBUS_ASSERT_ERROR_IS_SET (error); - return FALSE; + recipient_policy = bus_connection_get_policy (recipient); + _dbus_assert (recipient_policy != NULL); + } + else if (sender == NULL) + { + _dbus_verbose ("security check using NULL recipient policy for message from bus\n"); + recipient_policy = NULL; + } + else + { + _dbus_assert_not_reached ("a message was somehow sent to an inactive recipient from a source other than the message bus\n"); + recipient_policy = NULL; } - return FALSE; } else recipient_policy = NULL; - - if (sender && + + _dbus_assert ((recipient != NULL && recipient_policy != NULL) || + (recipient != NULL && sender == NULL && recipient_policy == NULL) || + (recipient == NULL && recipient_policy == NULL)); + + if (sender_policy && !bus_client_policy_check_can_send (sender_policy, context->registry, recipient, message)) @@ -893,7 +935,7 @@ bus_context_check_security_policy (BusContext *context, return FALSE; } - if (recipient && + if (recipient_policy && !bus_client_policy_check_can_receive (recipient_policy, context->registry, sender, message)) |