diff options
author | Havoc Pennington <hp@redhat.com> | 2007-06-10 04:54:45 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2007-06-10 04:54:45 +0000 |
commit | a789b7b38cb4f4540a41444cbd64bf7ada2d60d2 (patch) | |
tree | db5164def7f5d19266bc4ebfb4ce740f269d79e2 /dbus/dbus-auth-script.c | |
parent | 7be5fd95cdccdca28937804f32ca8b1308887d09 (diff) |
2007-06-09 Havoc Pennington <hp@redhat.com>
* dbus/dbus-string.c (_dbus_string_pop_line): fix this not to
think an empty line is the end of the file.
Also, fix some whitespace.
* dbus/dbus-string-util.c: add more tests for
_dbus_string_pop_line() revealing that it thinks an empty line is
the end of the file, which broke dbus-auth-script.c so
it didn't really run the scripts
* dbus/dbus-auth.c: add ANONYMOUS mechanism
* dbus/dbus-auth-script.c (_dbus_auth_script_run): fix to detect
an empty/no-op auth script; add commands to check that we have or
don't have the expected credentials
Diffstat (limited to 'dbus/dbus-auth-script.c')
-rw-r--r-- | dbus/dbus-auth-script.c | 41 |
1 files changed, 35 insertions, 6 deletions
diff --git a/dbus/dbus-auth-script.c b/dbus/dbus-auth-script.c index 5aa17d4b..dd864ca5 100644 --- a/dbus/dbus-auth-script.c +++ b/dbus/dbus-auth-script.c @@ -218,10 +218,8 @@ auth_set_unix_credentials(DBusAuth *auth, credentials = _dbus_credentials_new (); if (credentials == NULL) - { - _dbus_warn ("no memory\n"); - return; - } + _dbus_assert_not_reached ("no memory"); + if (uid != DBUS_UID_UNSET) _dbus_credentials_add_unix_uid (credentials, uid); if (pid != DBUS_PID_UNSET) @@ -288,11 +286,14 @@ _dbus_auth_script_run (const DBusString *filename) state = DBUS_AUTH_STATE_NEED_DISCONNECT; line_no = 0; + next_iteration: while (_dbus_string_pop_line (&file, &line)) { line_no += 1; + /* _dbus_warn ("%s\n", _dbus_string_get_const_data (&line)); */ + _dbus_string_delete_leading_blanks (&line); if (auth != NULL) @@ -659,6 +660,30 @@ _dbus_auth_script_run (const DBusString *filename) } } else if (_dbus_string_starts_with_c_str (&line, + "EXPECT_HAVE_NO_CREDENTIALS")) + { + DBusCredentials *authorized_identity; + + authorized_identity = _dbus_auth_get_identity (auth); + if (!_dbus_credentials_are_empty (authorized_identity)) + { + _dbus_warn ("Expected anonymous login or failed login, but some credentials were authorized\n"); + goto out; + } + } + else if (_dbus_string_starts_with_c_str (&line, + "EXPECT_HAVE_SOME_CREDENTIALS")) + { + DBusCredentials *authorized_identity; + + authorized_identity = _dbus_auth_get_identity (auth); + if (_dbus_credentials_are_empty (authorized_identity)) + { + _dbus_warn ("Expected to have some credentials, but we don't\n"); + goto out; + } + } + else if (_dbus_string_starts_with_c_str (&line, "EXPECT")) { DBusString expected; @@ -708,8 +733,12 @@ _dbus_auth_script_run (const DBusString *filename) } } - if (auth != NULL && - state == DBUS_AUTH_STATE_AUTHENTICATED) + if (auth == NULL) + { + _dbus_warn ("Auth script is bogus, did not even have CLIENT or SERVER\n"); + goto out; + } + else if (state == DBUS_AUTH_STATE_AUTHENTICATED) { const DBusString *unused; |